Skip site navigation (1)Skip section navigation (2) 
Date:      7 Sep 2010 21:14:52 -0000
From:      Thomas-Martin Seck <tmseck@web.de>
To:        FreeBSD-gnats-submit@FreeBSD.org
Cc:        ports-security@FreeBSD.org
Subject:   ports/150366: [Maintainer] [security] www/squid30: fix a denial of service vulnerability
Message-ID:  <20100907211452.5628.qmail@wcfields.tmseck.homedns.org>
Resent-Message-ID: <201009072120.o87LK2lE069087@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 

>Number:         150366
>Category:       ports
>Synopsis:       [Maintainer] [security] www/squid30: fix a denial of service vulnerability
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          maintainer-update
>Submitter-Id:   current-users
>Arrival-Date:   Tue Sep 07 21:20:01 UTC 2010
>Closed-Date:
>Last-Modified:
>Originator:     Thomas-Martin Seck
>Release:        FreeBSD 8.1-RELEASE amd64
>Organization:
a private site in Germany
>Environment:
FreeBSD ports collection as of September 7, 2010.
	
>Description:
Integrate vendor patches for various bugs. Fix a denial of service
vulnerability as reported in Squid Advisory 2010:3.

See ports/150364 (www/squid31 update request) for the proposed VuXML entry.

Removed files:

files/patch-lib-rfc1738.c
	
>How-To-Repeat:
	
>Fix:
Apply this patch:

Index: Makefile
===================================================================
--- Makefile	(.../www/squid30)	(Revision 1875)
+++ Makefile	(.../local/squid30)	(Revision 1875)
@@ -61,7 +61,7 @@
 
 PORTNAME=	squid
 PORTVERSION=	3.0.${SQUID_STABLE_VER}
-PORTREVISION=	2
+PORTREVISION=	3
 CATEGORIES=	www
 MASTER_SITES=	ftp://ftp.squid-cache.org/pub/%SUBDIR%/ \
 		http://mirrors.ccs.neu.edu/Squid/ \
@@ -92,7 +92,9 @@
 		http://www1.jp.squid-cache.org/%SUBDIR%/ \
 		http://www2.tw.squid-cache.org/%SUBDIR%/
 PATCH_SITE_SUBDIR=	Versions/v3/3.0/changesets
-PATCHFILES=
+PATCHFILES=	squid-3.0-9183.patch squid-3.0-9184.patch squid-3.0-9185.patch \
+		squid-3.0-9186.patch squid-3.0-9187.patch squid-3.0-9188.patch \
+		squid-3.0-9189.patch
 
 MAINTAINER=	tmseck@web.de
 COMMENT=	HTTP Caching Proxy
Index: distinfo
===================================================================
--- distinfo	(.../www/squid30)	(Revision 1875)
+++ distinfo	(.../local/squid30)	(Revision 1875)
@@ -1,3 +1,24 @@
 MD5 (squid3.0/squid-3.0.STABLE25.tar.bz2) = 6a29be1e4900470aebe93654f9be03e0
 SHA256 (squid3.0/squid-3.0.STABLE25.tar.bz2) = d1040a17f3c904372c180e1e6a432be798a26c3689831a329bd2a5ab38bbc05e
 SIZE (squid3.0/squid-3.0.STABLE25.tar.bz2) = 1758969
+MD5 (squid3.0/squid-3.0-9183.patch) = 118b37eb39487bc1bbf30b64998e07df
+SHA256 (squid3.0/squid-3.0-9183.patch) = 61b6b2d7619705db83b5f66a57b64f7c00b9e02c7707c473f3f1f4ad8abf9b9f
+SIZE (squid3.0/squid-3.0-9183.patch) = 1542
+MD5 (squid3.0/squid-3.0-9184.patch) = 0559191736bd31801bb22ad14bb60a2d
+SHA256 (squid3.0/squid-3.0-9184.patch) = a32f91fa85a401039e173458bbb137a7e2d61e4e1ca465fa4857071b906712ca
+SIZE (squid3.0/squid-3.0-9184.patch) = 2240
+MD5 (squid3.0/squid-3.0-9185.patch) = f707437a1c05f39effb29b6bf485e1b9
+SHA256 (squid3.0/squid-3.0-9185.patch) = f2fa4d2b0e1d7fbd3bdb85e980d83e0bf60a73c0b362dc148369843f6480ede7
+SIZE (squid3.0/squid-3.0-9185.patch) = 1680
+MD5 (squid3.0/squid-3.0-9186.patch) = 379333cc6542ab61a97015366253e4ad
+SHA256 (squid3.0/squid-3.0-9186.patch) = 0d9917539a3fe6075292b5927c61324222cb09a11eeeffc99af5c169f65b31a5
+SIZE (squid3.0/squid-3.0-9186.patch) = 1646
+MD5 (squid3.0/squid-3.0-9187.patch) = 1b4681b2b60a81327ee6b5667d60f597
+SHA256 (squid3.0/squid-3.0-9187.patch) = e7c0c1b365413c786ed78fcc6b4113e0783458b4137d3d47d4cb707730ee388b
+SIZE (squid3.0/squid-3.0-9187.patch) = 1338
+MD5 (squid3.0/squid-3.0-9188.patch) = 7897fef3efd6e646e288111d1fa52de3
+SHA256 (squid3.0/squid-3.0-9188.patch) = 4fc959e0bd570d4e8e19a0732181836b49086c98e78d1bc37f3fa739763ff753
+SIZE (squid3.0/squid-3.0-9188.patch) = 1455
+MD5 (squid3.0/squid-3.0-9189.patch) = de0e4236955b66aba92117130a175dc0
+SHA256 (squid3.0/squid-3.0-9189.patch) = a5abc0cda7016b00673e0f3bf91a5af2aeece09480bbaae90df34afb0e6fba04
+SIZE (squid3.0/squid-3.0-9189.patch) = 4192
Index: files/patch-lib-rfc1738.c
===================================================================
--- files/patch-lib-rfc1738.c	(.../www/squid30)	(Revision 1875)
+++ files/patch-lib-rfc1738.c	(.../local/squid30)	(Revision 1875)
@@ -1,12 +0,0 @@
---- lib/rfc1738.c.orig	2010-04-16 14:36:23.000000000 +0200
-+++ lib/rfc1738.c	2010-04-16 14:37:11.000000000 +0200
-@@ -203,8 +203,7 @@ rfc1738_unescape(char *s)
-             j++;		/* Skip % */
-         } else {
-             /* decode */
--            char v1, v2;
--            int x;
-+            int v1, v2, x;
-             v1 = fromhex(s[j + 1]);
-             if (v1 < 0)
-                 continue;  /* non-hex or \0 */
	


>Release-Note:
>Audit-Trail:
>Unformatted:

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20100907211452.5628.qmail>