From owner-freebsd-ports-bugs@FreeBSD.ORG Tue Feb 1 16:00:34 2005 Return-Path: Delivered-To: freebsd-ports-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 657FD16A4DB for ; Tue, 1 Feb 2005 16:00:34 +0000 (GMT) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id DEE5243D46 for ; Tue, 1 Feb 2005 16:00:33 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.1/8.13.1) with ESMTP id j11G0Xxm086650 for ; Tue, 1 Feb 2005 16:00:33 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.13.1/8.13.1/Submit) id j11G0XqL086649; Tue, 1 Feb 2005 16:00:33 GMT (envelope-from gnats) Resent-Date: Tue, 1 Feb 2005 16:00:33 GMT Resent-Message-Id: <200502011600.j11G0XqL086649@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-ports-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Thomas-Martin Seck Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2184F16A4CF for ; Tue, 1 Feb 2005 15:53:25 +0000 (GMT) Received: from smtp1.netcologne.de (smtp1.netcologne.de [194.8.194.112]) by mx1.FreeBSD.org (Postfix) with ESMTP id 82C2543D54 for ; Tue, 1 Feb 2005 15:53:24 +0000 (GMT) (envelope-from tmseck@netcologne.de) Received: from laurel.tmseck.homedns.org (xdsl-213-196-243-141.netcologne.de [213.196.243.141]) by smtp1.netcologne.de (Postfix) with SMTP id 12FF7389A8 for ; Tue, 1 Feb 2005 16:53:20 +0100 (MET) Received: (qmail 3327 invoked by uid 1001); 1 Feb 2005 15:53:43 -0000 Message-Id: <20050201155343.3326.qmail@laurel.tmseck.homedns.org> Date: 1 Feb 2005 15:53:43 -0000 From: Thomas-Martin Seck To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 cc: security-team@FreeBSD.org Subject: ports/76967: [Maintainer/security] integrate vendor patch regarding oversized HTTP reply headers X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Thomas-Martin Seck List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 01 Feb 2005 16:00:34 -0000 >Number: 76967 >Category: ports >Synopsis: [Maintainer/security] integrate vendor patch regarding oversized HTTP reply headers >Confidential: no >Severity: critical >Priority: high >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: maintainer-update >Submitter-Id: current-users >Arrival-Date: Tue Feb 01 16:00:33 GMT 2005 >Closed-Date: >Last-Modified: >Originator: Thomas-Martin Seck >Release: FreeBSD 4.11-STABLE i386 >Organization: a private site in Germany >Environment: FreeBSD ports collection as of Feb 01, 2005. >Description: Integrate the following vendor patch as published on : - Address HTTP protocol mismatch related to oversized reply headers and enhance cache.log on reply header parsing failures (squid bug #1216) This bug is classified as security issue by the vendor, further details about the impact of the vulnerability are not known (to maintainer). Proposed VuXML data, entry date left to be filled in: squid -- correct handling of oversized HTTP reply headers squid 2.5.7_12

The squid patches page notes:

This patch addresses a HTTP protocol mismatch related to oversized reply headers. In addition it enhances the cache.log reporting on reply header parsing failures to make it easier to track down which sites are malfunctioning.

 http://www.squid-cache.org/bugs/show_bug.cgi?id=1216 http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-oversize_reply_headers.patch 2005-01-31 >How-To-Repeat: >Fix: Apply this patch: Index: distinfo =================================================================== --- distinfo (revision 376) +++ distinfo (revision 378) @@ -46,3 +46,5 @@ SIZE (squid2.5/squid-2.5.STABLE7-response_splitting.patch) = 10427 MD5 (squid2.5/squid-2.5.STABLE7-wccp_buffer_overflow.patch) = 01b1a4a23f170723d7e2bc3846e12c73 SIZE (squid2.5/squid-2.5.STABLE7-wccp_buffer_overflow.patch) = 505 +MD5 (squid2.5/squid-2.5.STABLE7-oversize_reply_headers.patch) = 729c626f76637546b5ded70da6e0ee20 +SIZE (squid2.5/squid-2.5.STABLE7-oversize_reply_headers.patch) = 3056 Index: Makefile =================================================================== --- Makefile (revision 376) +++ Makefile (revision 378) @@ -74,7 +74,7 @@ PORTNAME= squid PORTVERSION= 2.5.7 -PORTREVISION= 11 +PORTREVISION= 12 CATEGORIES= www MASTER_SITES= \ ftp://ftp.squid-cache.org/pub/%SUBDIR%/ \ @@ -109,7 +109,8 @@ squid-2.5.STABLE7-ftp_datachannel.patch \ squid-2.5.STABLE7-short_icons_urls.patch \ squid-2.5.STABLE7-response_splitting.patch \ - squid-2.5.STABLE7-wccp_buffer_overflow.patch + squid-2.5.STABLE7-wccp_buffer_overflow.patch \ + squid-2.5.STABLE7-oversize_reply_headers.patch PATCH_DIST_STRIP= -p1 MAINTAINER= tmseck@netcologne.de >Release-Note: >Audit-Trail: >Unformatted: