From owner-freebsd-ports-bugs@FreeBSD.ORG Tue Sep 7 21:20:02 2010 Return-Path: Delivered-To: freebsd-ports-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 880A510656D4 for ; Tue, 7 Sep 2010 21:20:02 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 64A468FC1C for ; Tue, 7 Sep 2010 21:20:02 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id o87LK2dW069088 for ; Tue, 7 Sep 2010 21:20:02 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.4/8.14.4/Submit) id o87LK2lE069087; Tue, 7 Sep 2010 21:20:02 GMT (envelope-from gnats) Resent-Date: Tue, 7 Sep 2010 21:20:02 GMT Resent-Message-Id: <201009072120.o87LK2lE069087@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-ports-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Thomas-Martin Seck Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id BEDEC10656BD for ; Tue, 7 Sep 2010 21:14:52 +0000 (UTC) (envelope-from tmseck@netcologne.de) Received: from smtp5.netcologne.de (smtp5.netcologne.de [194.8.194.25]) by mx1.freebsd.org (Postfix) with ESMTP id 522258FC1E for ; Tue, 7 Sep 2010 21:14:52 +0000 (UTC) Received: from wcfields.tmseck.homedns.org (xdsl-89-0-142-241.netcologne.de [89.0.142.241]) by smtp5.netcologne.de (Postfix) with SMTP id 7E26940C754 for ; Tue, 7 Sep 2010 23:14:51 +0200 (CEST) Received: (qmail 5629 invoked by uid 1001); 7 Sep 2010 21:14:52 -0000 Message-Id: <20100907211452.5628.qmail@wcfields.tmseck.homedns.org> Date: 7 Sep 2010 21:14:52 -0000 From: Thomas-Martin Seck To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Cc: ports-security@FreeBSD.org Subject: ports/150366: [Maintainer] [security] www/squid30: fix a denial of service vulnerability X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Thomas-Martin Seck List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 07 Sep 2010 21:20:02 -0000 >Number: 150366 >Category: ports >Synopsis: [Maintainer] [security] www/squid30: fix a denial of service vulnerability >Confidential: no >Severity: serious >Priority: high >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: maintainer-update >Submitter-Id: current-users >Arrival-Date: Tue Sep 07 21:20:01 UTC 2010 >Closed-Date: >Last-Modified: >Originator: Thomas-Martin Seck >Release: FreeBSD 8.1-RELEASE amd64 >Organization: a private site in Germany >Environment: FreeBSD ports collection as of September 7, 2010. >Description: Integrate vendor patches for various bugs. Fix a denial of service vulnerability as reported in Squid Advisory 2010:3. See ports/150364 (www/squid31 update request) for the proposed VuXML entry. Removed files: files/patch-lib-rfc1738.c >How-To-Repeat: >Fix: Apply this patch: Index: Makefile =================================================================== --- Makefile (.../www/squid30) (Revision 1875) +++ Makefile (.../local/squid30) (Revision 1875) @@ -61,7 +61,7 @@ PORTNAME= squid PORTVERSION= 3.0.${SQUID_STABLE_VER} -PORTREVISION= 2 +PORTREVISION= 3 CATEGORIES= www MASTER_SITES= ftp://ftp.squid-cache.org/pub/%SUBDIR%/ \ http://mirrors.ccs.neu.edu/Squid/ \ @@ -92,7 +92,9 @@ http://www1.jp.squid-cache.org/%SUBDIR%/ \ http://www2.tw.squid-cache.org/%SUBDIR%/ PATCH_SITE_SUBDIR= Versions/v3/3.0/changesets -PATCHFILES= +PATCHFILES= squid-3.0-9183.patch squid-3.0-9184.patch squid-3.0-9185.patch \ + squid-3.0-9186.patch squid-3.0-9187.patch squid-3.0-9188.patch \ + squid-3.0-9189.patch MAINTAINER= tmseck@web.de COMMENT= HTTP Caching Proxy Index: distinfo =================================================================== --- distinfo (.../www/squid30) (Revision 1875) +++ distinfo (.../local/squid30) (Revision 1875) @@ -1,3 +1,24 @@ MD5 (squid3.0/squid-3.0.STABLE25.tar.bz2) = 6a29be1e4900470aebe93654f9be03e0 SHA256 (squid3.0/squid-3.0.STABLE25.tar.bz2) = d1040a17f3c904372c180e1e6a432be798a26c3689831a329bd2a5ab38bbc05e SIZE (squid3.0/squid-3.0.STABLE25.tar.bz2) = 1758969 +MD5 (squid3.0/squid-3.0-9183.patch) = 118b37eb39487bc1bbf30b64998e07df +SHA256 (squid3.0/squid-3.0-9183.patch) = 61b6b2d7619705db83b5f66a57b64f7c00b9e02c7707c473f3f1f4ad8abf9b9f +SIZE (squid3.0/squid-3.0-9183.patch) = 1542 +MD5 (squid3.0/squid-3.0-9184.patch) = 0559191736bd31801bb22ad14bb60a2d +SHA256 (squid3.0/squid-3.0-9184.patch) = a32f91fa85a401039e173458bbb137a7e2d61e4e1ca465fa4857071b906712ca +SIZE (squid3.0/squid-3.0-9184.patch) = 2240 +MD5 (squid3.0/squid-3.0-9185.patch) = f707437a1c05f39effb29b6bf485e1b9 +SHA256 (squid3.0/squid-3.0-9185.patch) = f2fa4d2b0e1d7fbd3bdb85e980d83e0bf60a73c0b362dc148369843f6480ede7 +SIZE (squid3.0/squid-3.0-9185.patch) = 1680 +MD5 (squid3.0/squid-3.0-9186.patch) = 379333cc6542ab61a97015366253e4ad +SHA256 (squid3.0/squid-3.0-9186.patch) = 0d9917539a3fe6075292b5927c61324222cb09a11eeeffc99af5c169f65b31a5 +SIZE (squid3.0/squid-3.0-9186.patch) = 1646 +MD5 (squid3.0/squid-3.0-9187.patch) = 1b4681b2b60a81327ee6b5667d60f597 +SHA256 (squid3.0/squid-3.0-9187.patch) = e7c0c1b365413c786ed78fcc6b4113e0783458b4137d3d47d4cb707730ee388b +SIZE (squid3.0/squid-3.0-9187.patch) = 1338 +MD5 (squid3.0/squid-3.0-9188.patch) = 7897fef3efd6e646e288111d1fa52de3 +SHA256 (squid3.0/squid-3.0-9188.patch) = 4fc959e0bd570d4e8e19a0732181836b49086c98e78d1bc37f3fa739763ff753 +SIZE (squid3.0/squid-3.0-9188.patch) = 1455 +MD5 (squid3.0/squid-3.0-9189.patch) = de0e4236955b66aba92117130a175dc0 +SHA256 (squid3.0/squid-3.0-9189.patch) = a5abc0cda7016b00673e0f3bf91a5af2aeece09480bbaae90df34afb0e6fba04 +SIZE (squid3.0/squid-3.0-9189.patch) = 4192 Index: files/patch-lib-rfc1738.c =================================================================== --- files/patch-lib-rfc1738.c (.../www/squid30) (Revision 1875) +++ files/patch-lib-rfc1738.c (.../local/squid30) (Revision 1875) @@ -1,12 +0,0 @@ ---- lib/rfc1738.c.orig 2010-04-16 14:36:23.000000000 +0200 -+++ lib/rfc1738.c 2010-04-16 14:37:11.000000000 +0200 -@@ -203,8 +203,7 @@ rfc1738_unescape(char *s) - j++; /* Skip % */ - } else { - /* decode */ -- char v1, v2; -- int x; -+ int v1, v2, x; - v1 = fromhex(s[j + 1]); - if (v1 < 0) - continue; /* non-hex or \0 */ >Release-Note: >Audit-Trail: >Unformatted: