Date: 8 Dec 2004 18:08:05 -0000 From: Thomas-Martin Seck <tmseck@netcologne.de> To: FreeBSD-gnats-submit@FreeBSD.org Cc: security-team@FreeBSD.org Subject: ports/74859: [Maintainer] www/squid: integrate vendor patches Message-ID: <20041208180805.16235.qmail@laurel.tmseck.homedns.org> Resent-Message-ID: <200412081810.iB8IAUqe084752@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 74859 >Category: ports >Synopsis: [Maintainer] www/squid: integrate vendor patches >Confidential: no >Severity: non-critical >Priority: medium >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: maintainer-update >Submitter-Id: current-users >Arrival-Date: Wed Dec 08 18:10:30 GMT 2004 >Closed-Date: >Last-Modified: >Originator: Thomas-Martin Seck >Release: FreeBSD 4.10-STABLE i386 >Organization: a private site in Germany >Environment: FreeBSD ports collection as of December 8, 2004. >Description: Integrate the following vendor patches as published on http://www.squid-cache.org/Versions/v2/2.5/bugs/: - a malformed hostname can cause squid to return random data as error messages, possibly leaking internal information from former requests (squid bug #1143). (This is classified as a minor security issue by the squid developers, so I cc'ed security-team@. See below for a proposed VuXML entry.) - the "httpd_accel_port 0" directive does not work on its own (squid bug #1121) - fix crashes occuring when using cachemgr's "vm_objects" operation (squid bug #1149) VuXML information: <topic>squid -- possible information disclosure</topic> <affects> <package> <name>squid</name> <range><lt>2.5.7_4</lt></range> </package> </affects> <description> <body xmlns="http://www.w3.org/1999/xhtml"> <p>The squid-2.5 patches pages notes:</p> <blockquote cite="http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-dothost"> <p>In certain conditions Squid returns random data as error messages in response to malformed host name, possibly leaking random internal information which may come from other requests.</p> </blockquote> </body> </description> <references> <url>http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-dothost</url> </references> <dates> <discovery>2004-11-23</discovery> </dates> >How-To-Repeat: >Fix: Apply this patch: Index: distinfo =================================================================== --- distinfo (.../www/squid) (revision 306) +++ distinfo (.../local/squid) (revision 306) @@ -10,3 +10,9 @@ SIZE (squid2.5/squid-2.5.STABLE7-helper_shutdown.patch) = 11579 MD5 (squid2.5/squid-2.5.STABLE7-blank_response.patch) = b4d3265c55888f9b9ba3c5bc7d073822 SIZE (squid2.5/squid-2.5.STABLE7-blank_response.patch) = 723 +MD5 (squid2.5/squid-2.5.STABLE7-dothost.patch) = 81034e9092a06d9aa1e9ede26632ae03 +SIZE (squid2.5/squid-2.5.STABLE7-dothost.patch) = 2155 +MD5 (squid2.5/squid-2.5.STABLE7-httpd_accel_vport.patch) = 2366a84e29fad439c2a488b03f112779 +SIZE (squid2.5/squid-2.5.STABLE7-httpd_accel_vport.patch) = 843 +MD5 (squid2.5/squid-2.5.STABLE7-cachemgr_vmobjects.patch) = fdde57025dbfb8caf9154e24b4e1bf3e +SIZE (squid2.5/squid-2.5.STABLE7-cachemgr_vmobjects.patch) = 6238 Index: Makefile =================================================================== --- Makefile (.../www/squid) (revision 306) +++ Makefile (.../local/squid) (revision 306) @@ -74,7 +74,7 @@ PORTNAME= squid PORTVERSION= 2.5.7 -PORTREVISION= 3 +PORTREVISION= 4 CATEGORIES= www MASTER_SITES= \ ftp://ftp.squid-cache.org/pub/%SUBDIR%/ \ @@ -91,7 +91,10 @@ squid-2.5.STABLE7-LDAP_version_documentation.patch \ squid-2.5.STABLE7_req_resp_header.patch \ squid-2.5.STABLE7-helper_shutdown.patch \ - squid-2.5.STABLE7-blank_response.patch + squid-2.5.STABLE7-blank_response.patch \ + squid-2.5.STABLE7-dothost.patch \ + squid-2.5.STABLE7-httpd_accel_vport.patch \ + squid-2.5.STABLE7-cachemgr_vmobjects.patch PATCH_DIST_STRIP= -p1 MAINTAINER= tmseck@netcologne.de >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20041208180805.16235.qmail>