Date: Sun, 25 Feb 2018 13:18:31 +0000 (UTC) From: "Danilo G. Baio" <dbaio@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-branches@freebsd.org Subject: svn commit: r462952 - in branches/2018Q1/www/squid: . files Message-ID: <201802251318.w1PDIVKC000396@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: dbaio Date: Sun Feb 25 13:18:31 2018 New Revision: 462952 URL: https://svnweb.freebsd.org/changeset/ports/462952 Log: MFH: r462146 r462744 Use BROKEN_SSL Approved by: portmgr (blanket) www/squid: Fixes security vulnerabilities Add patches to fix CVE's: CVE-2018-1000024 CVE-2018-1000027 PR: 226139 Submitted by: Yasuhiro KIMURA <yasu@utahime.org> Approved by: timp87@gmail.com (maintainer) Security: d5b6d151-1887-11e8-94f7-9c5c8e75236a Approved by: ports-secteam (riggs) Added: branches/2018Q1/www/squid/files/patch-src_client__side__request.cc - copied unchanged from r462744, head/www/squid/files/patch-src_client__side__request.cc branches/2018Q1/www/squid/files/patch-src_esi_CustomParser.cc - copied unchanged from r462744, head/www/squid/files/patch-src_esi_CustomParser.cc Modified: branches/2018Q1/www/squid/Makefile Directory Properties: branches/2018Q1/ (props changed) Modified: branches/2018Q1/www/squid/Makefile ============================================================================== --- branches/2018Q1/www/squid/Makefile Sun Feb 25 12:14:34 2018 (r462951) +++ branches/2018Q1/www/squid/Makefile Sun Feb 25 13:18:31 2018 (r462952) @@ -2,7 +2,7 @@ PORTNAME= squid PORTVERSION= 3.5.27 -PORTREVISION= 2 +PORTREVISION= 3 CATEGORIES= www ipv6 MASTER_SITES= http://www.squid-cache.org/Versions/v3/${PORTVERSION:R}/ \ http://www2.us.squid-cache.org/Versions/v3/${PORTVERSION:R}/ \ @@ -113,6 +113,7 @@ SSL_CONFIGURE_ON= --with-openssl=${OPENSSLBASE} \ LIBOPENSSL_CFLAGS=-I${OPENSSLINC} \ LIBOPENSSL_LIBS="-lcrypto -lssl" SSL_USES= ssl +SSL_VARS= BROKEN_SSL=openssl-devel SSL_CRTD_CONFIGURE_ENABLE= ssl-crtd SSL_CRTD_IMPLIES= SSL STACKTRACES_CONFIGURE_ENABLE= stacktraces @@ -303,10 +304,6 @@ post-install: (cd ${WRKSRC} && ${INSTALL_DATA} ${MYDOCS} ${STAGEDIR}${DOCSDIR}) .include <bsd.port.pre.mk> - -.if ${PORT_OPTIONS:MSSL} && ${SSL_DEFAULT:Mopenssl-devel} -BROKEN= Does not build with openssl-devel -.endif .if ${CHOSEN_COMPILER_TYPE} == clang CXXFLAGS+= -Wno-unknown-warning-option Copied: branches/2018Q1/www/squid/files/patch-src_client__side__request.cc (from r462744, head/www/squid/files/patch-src_client__side__request.cc) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ branches/2018Q1/www/squid/files/patch-src_client__side__request.cc Sun Feb 25 13:18:31 2018 (r462952, copy of r462744, head/www/squid/files/patch-src_client__side__request.cc) @@ -0,0 +1,23 @@ +http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2018_2.patch + +commit 8232b83d3fa47a1399f155cb829db829369fbae9 (refs/remotes/origin/v3.5) +Author: squidadm <squidadm@users.noreply.github.com> +Date: 2018-01-21 08:07:08 +1300 + + Fix indirect IP logging for transactions without a client connection (#129) (#136) + +--- src/client_side_request.cc.orig 2018-02-23 13:39:32 UTC ++++ src/client_side_request.cc +@@ -488,9 +488,9 @@ clientFollowXForwardedForCheck(allow_t answer, void *d + * Ensure that the access log shows the indirect client + * instead of the direct client. + */ +- ConnStateData *conn = http->getConn(); +- conn->log_addr = request->indirect_client_addr; +- http->al->cache.caddr = conn->log_addr; ++ http->al->cache.caddr = request->indirect_client_addr; ++ if (ConnStateData *conn = http->getConn()) ++ conn->log_addr = request->indirect_client_addr; + } + request->x_forwarded_for_iterator.clean(); + request->flags.done_follow_x_forwarded_for = true; Copied: branches/2018Q1/www/squid/files/patch-src_esi_CustomParser.cc (from r462744, head/www/squid/files/patch-src_esi_CustomParser.cc) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ branches/2018Q1/www/squid/files/patch-src_esi_CustomParser.cc Sun Feb 25 13:18:31 2018 (r462952, copy of r462744, head/www/squid/files/patch-src_esi_CustomParser.cc) @@ -0,0 +1,28 @@ +http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2018_1.patch + +commit eb2db98a676321b814fc4a51c4fb7928a8bb45d9 (refs/remotes/origin/v3.5) +Author: Amos Jeffries <yadij@users.noreply.github.com> +Date: 2018-01-19 13:54:14 +1300 + + ESI: make sure endofName never exceeds tagEnd (#130) + +--- src/esi/CustomParser.cc.orig 2018-02-23 13:37:52 UTC ++++ src/esi/CustomParser.cc +@@ -121,7 +121,7 @@ ESICustomParser::parse(char const *dataToParse, size_t + + char * endofName = strpbrk(const_cast<char *>(tag), w_space); + +- if (endofName > tagEnd) ++ if (!endofName || endofName > tagEnd) + endofName = const_cast<char *>(tagEnd); + + *endofName = '\0'; +@@ -214,7 +214,7 @@ ESICustomParser::parse(char const *dataToParse, size_t + + char * endofName = strpbrk(const_cast<char *>(tag), w_space); + +- if (endofName > tagEnd) ++ if (!endofName || endofName > tagEnd) + endofName = const_cast<char *>(tagEnd); + + *endofName = '\0';
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201802251318.w1PDIVKC000396>