Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 4 Aug 2009 23:32:41 +0200 (CEST)
From:      Thomas-Martin Seck <tmseck@web.de>
To:        FreeBSD-gnats-submit@FreeBSD.org
Cc:        ports-security@FreeBSD.org
Subject:   ports/137437: [Maintainer] www/squid31: update to 3.1.0.13, fix vid e1156e90-7ad6-11de-b26a-0048543d60ce
Message-ID:  <200908042132.n74LWfZS092482@hardy.tmseck.homedns.org>
Resent-Message-ID: <200908042140.n74Le7Sk022475@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 

>Number:         137437
>Category:       ports
>Synopsis:       [Maintainer] www/squid31: update to 3.1.0.13, fix vid e1156e90-7ad6-11de-b26a-0048543d60ce
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          maintainer-update
>Submitter-Id:   current-users
>Arrival-Date:   Tue Aug 04 21:40:07 UTC 2009
>Closed-Date:
>Last-Modified:
>Originator:     Thomas-Martin Seck
>Release:        FreeBSD 7.2-RELEASE i386
>Organization:
a private site in Germany
>Environment:
FreeBSD ports collection as of August 4, 2009.


	
>Description:
Update to 3.1.0.13.

This update fixes the remote denial of service vulnerabilities
documented in vid e1156e90-7ad6-11de-b26a-0048543d60ce.

Update for vuln.xml is below. I corrected the minimum affected
version to >= 3.1.0.1 to make clear that every 3.1 version is
affected, not just the version we offered first via FreeBSD ports.
The issue was corrected upstream in 3.1.0.12.

--- vuln.xml.orig	2009-08-04 23:08:35.000000000 +0200
+++ vuln.xml	2009-08-04 23:09:39.000000000 +0200
@@ -146,7 +146,7 @@
       <package>
 	<name>squid</name>
 	<range><ge>3.0.1</ge><lt>3.0.17</lt></range>
-	<range><ge>3.1.0.8</ge></range>
+	<range><ge>3.1.0.1</ge><lt>3.1.0.12</range>
       </package>
     </affects>
     <description>
	
>How-To-Repeat:
	
>Fix:
Apply this patch:

Index: Makefile
===================================================================
--- Makefile	(.../www/squid31)	(revision 1653)
+++ Makefile	(.../local/squid31)	(revision 1653)
@@ -91,7 +91,7 @@
 
 LATEST_LINK=	squid31
 
-SQUID_BETA_VER=	8
+SQUID_BETA_VER=	13
 
 CONFLICTS=	squid-2.[0-9].* squid-3.[^1].* cacheboy-[0-9]*
 GNU_CONFIGURE=	yes
@@ -102,6 +102,7 @@
 SQUID_UID?=	squid
 SQUID_GID?=	squid
 
+MAN1=		squidclient.1
 MAN8=		cachemgr.cgi.8 squid.8 squid_radius_auth.8
 docs=		QUICKSTART README RELEASENOTES.html doc/debug-sections.txt
 PORTDOCS=	${docs:T}
@@ -163,7 +164,7 @@
 		ERR_CACHE_MGR_ACCESS_DENIED ERR_CANNOT_FORWARD \
 		ERR_CONNECT_FAIL ERR_DNS_FAIL ERR_ESI ERR_FORWARDING_DENIED \
 		ERR_FTP_DISABLED ERR_FTP_FAILURE ERR_FTP_FORBIDDEN \
-		ERR_FTP_NOT_FOUND ERR_FTP_PUT_CREATED \
+		ERR_FTP_LISTING ERR_FTP_NOT_FOUND ERR_FTP_PUT_CREATED \
 		ERR_FTP_PUT_ERROR ERR_FTP_PUT_MODIFIED ERR_FTP_UNAVAILABLE \
 		ERR_ICAP_FAILURE ERR_INVALID_REQ ERR_INVALID_RESP \
 		ERR_INVALID_URL ERR_LIFETIME_EXP ERR_NO_RELAY \
@@ -171,18 +172,21 @@
 		ERR_SECURE_CONNECT_FAIL ERR_SHUTTING_DOWN ERR_SOCKET_FAILURE \
 		ERR_TOO_BIG ERR_UNSUP_REQ ERR_UNSUP_HTTPVERSION \
 		ERR_URN_RESOLVE ERR_WRITE_ERROR ERR_ZERO_SIZE_OBJECT
-# XXX:
-# This is a workaround for the problem that this file does not exist
-# in the "old-style" error directories (errors/<Language>).
-error_files_new_only=	ERR_FTP_LISTING
 
-error_dirs_old=	Hebrew Hungarian Korean Lithuanian Polish Portuguese  \
-		Slovak Traditional_Chinese
-
-error_dirs_new=	ar az bg ca cs da de el en en-au en-gb en-nz en-us es et \
-		fa fi fr hy id it ja lv nl pt-br ro ru sr sv tr uk uz zh-cn \
+error_dirs=	ar az bg ca cs da de el en es et fa fi fr he hu hy id it \
+		ja ko lt lv ms nl pl pt pt-br ro ru sk sr sv th tr uk uz \
+		zh-cn zh-tw \
 		templates
 
+error_dir_links=	ar-ae ar-bh ar-dz ar-eg ar-iq ar-jo ar-kw ar-lb \
+			ar-ly ar-ma ar-om ar-qa ar-sa ar-sy ar-tn ar-ye \
+			az-az bg-bg cs-cz da-dk de-de el-gr en-au en-ca \
+			en-gb en-in en-nz en-sg en-tt en-uk en-us en-za \
+			es-ar es-pe es-es et-ee fi-fi fr-fr he-il hu-hu \
+			hy-am id-id it-it ja-jp ko-kr lt-lt lv-lv ms-my \
+			nl-nl pl-pl pt-pt ro-ro ru-ru sk-sk sr-sp sv-se \
+			th-th tr-tr uk-ua zh-hk zh-mo zh-sg
+
 libexec=	cachemgr.cgi digest_pw_auth diskd ip_user_check \
 		msnt_auth ncsa_auth ntlm_smb_lm_auth pam_auth smb_auth \
 		smb_auth.sh squid_db_auth squid_radius_auth squid_session \
@@ -217,7 +221,8 @@
 		--enable-removal-policies="lru heap" \
 		--disable-linux-netfilter \
 		--disable-linux-tproxy \
-		--disable-epoll
+		--disable-epoll \
+		--disable-translation
 
 .include <bsd.port.pre.mk>
 
@@ -257,10 +262,8 @@
 			--enable-ntlm-auth-helpers="smb_lm"
 .if !defined(NO_KERBEROS) && !defined(WITHOUT_KERBEROS)
 CONFIGURE_ARGS+=	--enable-negotiate-auth-helpers="squid_kerb_auth"
-# XXX:
-# these files moved from libexec to sbin : Bug or Feature?
-sbin+=	negotiate_kerb_auth negotiate_kerb_auth_test \
-	squid_kerb_auth squid_kerb_auth_test
+libexec+=	negotiate_kerb_auth negotiate_kerb_auth_test \
+		squid_kerb_auth squid_kerb_auth_test
 .endif
 
 # Storage schemes:
@@ -406,15 +409,12 @@
 PLIST_FILES=	${etc_files:S,^,etc/,} ${icon_files:S,^,etc/squid/icons/,} \
 		${libexec:S,^,libexec/squid/,} ${sbin:S,^,sbin/,}
 
-.for d in ${error_dirs_old}
+PLIST_FILES+=	etc/squid/errors/COPYRIGHT etc/squid/errors/TRANSLATORS
+.for d in ${error_dirs}
 PLIST_DIRS+=	etc/squid/errors/${d}
 PLIST_FILES+=	${error_files:S,^,etc/squid/errors/${d}/,}
 .endfor
-.for d in ${error_dirs_new}
-PLIST_DIRS+=	etc/squid/errors/${d}
-PLIST_FILES+=	${error_files:S,^,etc/squid/errors/${d}/,}
-PLIST_FILES+=	${error_files_new_only:S,^,etc/squid/errors/${d}/,}
-.endfor
+PLIST_FILES+=	${error_dir_links:S,^,etc/squid/errors/,}
 PLIST_DIRS+=	etc/squid/errors etc/squid squid/logs squid/cache squid
 
 post-patch:
Index: distinfo
===================================================================
--- distinfo	(.../www/squid31)	(revision 1653)
+++ distinfo	(.../local/squid31)	(revision 1653)
@@ -1,3 +1,3 @@
-MD5 (squid3.1/squid-3.1.0.8.tar.bz2) = 468fc9677a8771f9423ddb15fcd2e03d
-SHA256 (squid3.1/squid-3.1.0.8.tar.bz2) = 57964f7d5f9fe9cf37a4178807c169b714335ce132f7f53aee894a638a19d735
-SIZE (squid3.1/squid-3.1.0.8.tar.bz2) = 2345063
+MD5 (squid3.1/squid-3.1.0.13.tar.bz2) = a7e3f6c35853a8ad200ba448004417da
+SHA256 (squid3.1/squid-3.1.0.13.tar.bz2) = 25316da63796d2ef459bfa8c25f44a09e7a552e5d9517c4a98d320101e64a67e
+SIZE (squid3.1/squid-3.1.0.13.tar.bz2) = 2386678
	


>Release-Note:
>Audit-Trail:
>Unformatted:

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200908042132.n74LWfZS092482>