Date: 2 Feb 2010 18:33:47 -0000 From: Thomas-Martin Seck <tmseck@web.de> To: FreeBSD-gnats-submit@FreeBSD.org Cc: ports-security@FreeBSD.org Subject: ports/143495: [Maintainer] [Security] www/squid30: update to 3.0.STABLE23 Message-ID: <20100202183347.11337.qmail@wcfields.tmseck.homedns.org> Resent-Message-ID: <201002021840.o12Ie1QN083651@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 143495 >Category: ports >Synopsis: [Maintainer] [Security] www/squid30: update to 3.0.STABLE23 >Confidential: no >Severity: serious >Priority: high >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: maintainer-update >Submitter-Id: current-users >Arrival-Date: Tue Feb 02 18:40:00 UTC 2010 >Closed-Date: >Last-Modified: >Originator: Thomas-Martin Seck >Release: FreeBSD 8.0-RELEASE amd64 >Organization: a private site in Germany >Environment: FreeBSD ports collection as of February 2, 2010. >Description: The Squid project has released 3.0.STABLE23 to correctly address the issue reported in Squid advisory 2010:1. The patch I integrated into www/squid30 in ports/143452 turned out to be not sufficient to fix said vulnerability. For further info see the change history in <http://www.squid-cache.org/Versions/v3/3.0/changesets/SQUID_3_0_STABLE23.html>. Please update vid 296ecb59-0f6b-11df-8bab-0019996bc1f7 to note that versions below 3.0.23 are vulnerable. >How-To-Repeat: >Fix: Apply this patch: Index: Makefile =================================================================== --- Makefile (.../www/squid30) (Revision 1759) +++ Makefile (.../local/squid30) (Revision 1759) @@ -61,7 +61,6 @@ PORTNAME= squid PORTVERSION= 3.0.${SQUID_STABLE_VER} -PORTREVISION= 1 CATEGORIES= www MASTER_SITES= ftp://ftp.squid-cache.org/pub/%SUBDIR%/ \ ftp://mirrors.24-7-solutions.net/pub/squid/%SUBDIR%/ \ @@ -93,14 +92,14 @@ http://www1.jp.squid-cache.org/%SUBDIR%/ \ http://www1.tw.squid-cache.org/%SUBDIR%/ PATCH_SITE_SUBDIR= Versions/v3/3.0/changesets -PATCHFILES= squid-3.0-9151.patch +PATCHFILES= MAINTAINER= tmseck@web.de COMMENT= HTTP Caching Proxy LATEST_LINK= squid30 -SQUID_STABLE_VER= 21 +SQUID_STABLE_VER= 23 CONFLICTS= squid-2.[0-9].* squid-3.[^0].* cacheboy-[0-9]* lusca-head-[0-9]* GNU_CONFIGURE= yes Index: distinfo =================================================================== --- distinfo (.../www/squid30) (Revision 1759) +++ distinfo (.../local/squid30) (Revision 1759) @@ -1,6 +1,3 @@ -MD5 (squid3.0/squid-3.0.STABLE21.tar.bz2) = 279168fe1fe5b38bbf6eee12babbc4ad -SHA256 (squid3.0/squid-3.0.STABLE21.tar.bz2) = 07114935b7aed9df42524e84f6a634849d4bcafd513bf118881aa5cc58911f7b -SIZE (squid3.0/squid-3.0.STABLE21.tar.bz2) = 1802875 -MD5 (squid3.0/squid-3.0-9151.patch) = 1ba452e3f8d730848f77e3138a7ec805 -SHA256 (squid3.0/squid-3.0-9151.patch) = d402e853381d661be3b21260205f579d88373881a861ec6bd7944477632d1c5b -SIZE (squid3.0/squid-3.0-9151.patch) = 1281 +MD5 (squid3.0/squid-3.0.STABLE23.tar.bz2) = ec9b6abf18128147e8559967aed62e37 +SHA256 (squid3.0/squid-3.0.STABLE23.tar.bz2) = 3a2a2195fa66d31df412f8befa49a921f34e619332557281ce69e12ed9b01a59 +SIZE (squid3.0/squid-3.0.STABLE23.tar.bz2) = 1757984 >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20100202183347.11337.qmail>