daftaupe/opt
1
0
Fork 0
forked from ports/opt
Code Pull Requests Activity

[notify] squid: two security fixes. Closes FS#1564

Browse Source 
See
- http://www.squid-cache.org/Advisories/SQUID-2018_1.txt
- http://www.squid-cache.org/Advisories/SQUID-2018_2.txt
This commit is contained in:
Juergen Daubert 2018-01-23 10:18:49 +01:00
parent 34194244d8
commit a37c1e095c
5 changed files with 63 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
squid/.md5sum
View File

@ -1,2 +1,4 @@
b969921543380b268b1604d2d5c10f70 SQUID-2018_1.patch
2d6ea612cb5035ff846ac7cee781649e SQUID-2018_2.patch
be8031c772fc51aaa1a9fb22ecac6585 squid
39ef8199675d48a314b540f92c00c545 squid-3.5.27.tar.xz

6
squid/.signature
View File

@ -1,6 +1,8 @@
untrusted comment: verify with /etc/ports/opt.pub
RWSE3ohX2g5d/dO+ySYEb8pcOpIuTrOscix67dvC5mH05ZF52FgVtycRJ+9/wH5iDPBn8F9/D+nsT8yLPKUG0ymTRj48bWkT/wo=
SHA256 (Pkgfile) = b535767e1d28e24ecd6d3fca210a005154441f650a88773d7c84311cdac61692
RWSE3ohX2g5d/XBSSGTiSDM0sTRcj8avSWpdJdT+0s9YWDFH9OHpk3WUcc6Sd0Y9QHxXN9HQ1qulKOGUUxth41DdOjVB6R4irwg=
SHA256 (Pkgfile) = 2435660c65d45ec2cbae6afe455dfa032de45625b494d7516fe4b4e388e556fc
SHA256 (.footprint) = 5c5505b0fed5776588a490a9ac02b1dd2ce859adcce704d8df54da39a9afc77d
SHA256 (squid-3.5.27.tar.xz) = 5ddb4367f2dc635921f9ca7a59d8b87edb0412fa203d1543393ac3c7f9fef0ec
SHA256 (SQUID-2018_1.patch) = b83fb203a7f42868603205419d9a28c64af8eaf7be92a6a7b9b95210cb4f6b2f
SHA256 (SQUID-2018_2.patch) = 676d3f3b5bc0ca09760aba6af3f8fb837dfc52b82f7765317be30b33e350fad2
SHA256 (squid) = d4ff0ac128250907e7cce4a01d6d92d9ca7dde7d59e1c72fe89de72fa5488ec4

8
squid/Pkgfile
View File

@ -1,16 +1,20 @@
# Description: A full-featured web proxy cache
# URL: http://www.squid-cache.org
# Maintainer: Juergen Daubert, jue at crux dot nu
# Depends on: db libcap libtool
name=squid
version=3.5.27
release=1
release=2
source=(http://www.squid-cache.org/Versions/v3/3.5/$name-$version.tar.xz
squid)
SQUID-2018_1.patch SQUID-2018_2.patch squid)
build () {
cd $name-$version
patch -p1 -i $SRC/SQUID-2018_1.patch
patch -p1 -i $SRC/SQUID-2018_2.patch
./configure --prefix=/usr \
--sysconfdir=/etc/squid \
--libexecdir=/usr/lib/squid \

28
squid/SQUID-2018_1.patch Normal file
View File

@ -0,0 +1,28 @@
commit eb2db98a676321b814fc4a51c4fb7928a8bb45d9 (refs/remotes/origin/v3.5)
Author: Amos Jeffries <yadij@users.noreply.github.com>
Date: 2018-01-19 13:54:14 +1300
ESI: make sure endofName never exceeds tagEnd (#130)
diff --git a/src/esi/CustomParser.cc b/src/esi/CustomParser.cc
index d86d2d3..db634d9 100644
--- a/src/esi/CustomParser.cc
+++ b/src/esi/CustomParser.cc
@@ -121,7 +121,7 @@ ESICustomParser::parse(char const *dataToParse, size_t const lengthOfData, bool
char * endofName = strpbrk(const_cast<char *>(tag), w_space);
- if (endofName > tagEnd)
+ if (!endofName || endofName > tagEnd)
endofName = const_cast<char *>(tagEnd);
*endofName = '\0';
@@ -214,7 +214,7 @@ ESICustomParser::parse(char const *dataToParse, size_t const lengthOfData, bool
char * endofName = strpbrk(const_cast<char *>(tag), w_space);
- if (endofName > tagEnd)
+ if (!endofName || endofName > tagEnd)
endofName = const_cast<char *>(tagEnd);
*endofName = '\0';

23
squid/SQUID-2018_2.patch Normal file
View File

@ -0,0 +1,23 @@
commit 8232b83d3fa47a1399f155cb829db829369fbae9 (refs/remotes/origin/v3.5)
Author: squidadm <squidadm@users.noreply.github.com>
Date: 2018-01-21 08:07:08 +1300
Fix indirect IP logging for transactions without a client connection (#129) (#136)
diff --git a/src/client_side_request.cc b/src/client_side_request.cc
index be124f3..203f89d 100644
--- a/src/client_side_request.cc
+++ b/src/client_side_request.cc
@@ -488,9 +488,9 @@ clientFollowXForwardedForCheck(allow_t answer, void *data)
* Ensure that the access log shows the indirect client
* instead of the direct client.
*/
- ConnStateData *conn = http->getConn();
- conn->log_addr = request->indirect_client_addr;
- http->al->cache.caddr = conn->log_addr;
+ http->al->cache.caddr = request->indirect_client_addr;
+ if (ConnStateData *conn = http->getConn())
+ conn->log_addr = request->indirect_client_addr;
}
request->x_forwarded_for_iterator.clean();
request->flags.done_follow_x_forwarded_for = true;