From owner-freebsd-ports-bugs@FreeBSD.ORG  Wed Mar 21 10:30:06 2007
Return-Path: <owner-freebsd-ports-bugs@FreeBSD.ORG>
X-Original-To: freebsd-ports-bugs@hub.freebsd.org
Delivered-To: freebsd-ports-bugs@hub.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 0421D16A46F
	for <freebsd-ports-bugs@hub.freebsd.org>;
	Wed, 21 Mar 2007 10:30:06 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org [69.147.83.40])
	by mx1.freebsd.org (Postfix) with ESMTP id D19C113C465
	for <freebsd-ports-bugs@hub.freebsd.org>;
	Wed, 21 Mar 2007 10:30:05 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1])
	by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id l2LAU5nI079713
	for <freebsd-ports-bugs@freefall.freebsd.org>;
	Wed, 21 Mar 2007 10:30:05 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.13.4/8.13.4/Submit) id l2LAU5Be079712;
	Wed, 21 Mar 2007 10:30:05 GMT (envelope-from gnats)
Resent-Date: Wed, 21 Mar 2007 10:30:05 GMT
Resent-Message-Id: <200703211030.l2LAU5Be079712@freefall.freebsd.org>
Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer)
Resent-To: freebsd-ports-bugs@FreeBSD.org
Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org,
	Thomas-Martin Seck <tmseck@netcologne.de>
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 3B93216A400
	for <FreeBSD-gnats-submit@freebsd.org>;
	Wed, 21 Mar 2007 10:23:16 +0000 (UTC)
	(envelope-from tmseck@netcologne.de)
Received: from smtp3.netcologne.de (smtp3.netcologne.de [194.8.194.66])
	by mx1.freebsd.org (Postfix) with ESMTP id C4FB813C4C4
	for <FreeBSD-gnats-submit@freebsd.org>;
	Wed, 21 Mar 2007 10:23:15 +0000 (UTC)
	(envelope-from tmseck@netcologne.de)
Received: from laurel.tmseck.homedns.org (xdsl-81-173-225-204.netcologne.de
	[81.173.225.204])
	by smtp3.netcologne.de (Postfix) with SMTP id 4BD0D6741C
	for <FreeBSD-gnats-submit@freebsd.org>;
	Wed, 21 Mar 2007 11:23:14 +0100 (CET)
Received: (qmail 590 invoked from network); 21 Mar 2007 10:22:44 -0000
Received: from unknown (HELO hardy.tmseck.homedns.org) (192.168.1.2)
	by 0 with SMTP; 21 Mar 2007 10:22:44 -0000
Received: from hardy.tmseck.homedns.org (localhost [127.0.0.1])
	by hardy.tmseck.homedns.org (8.13.8/8.13.8) with ESMTP id
	l2LANDFA002069; Wed, 21 Mar 2007 11:23:13 +0100 (CET)
	(envelope-from tmseck@netcologne.de)
Received: (from thomas@localhost)
	by hardy.tmseck.homedns.org (8.13.8/8.13.8/Submit) id l2LANBBG002068;
	Wed, 21 Mar 2007 11:23:11 +0100 (CET)
	(envelope-from tmseck@netcologne.de)
Message-Id: <200703211023.l2LANBBG002068@hardy.tmseck.homedns.org>
Date: Wed, 21 Mar 2007 11:23:11 +0100 (CET)
From: Thomas-Martin Seck <tmseck@netcologne.de>
To: FreeBSD-gnats-submit@FreeBSD.org
X-Send-Pr-Version: 3.113
Cc: 
Subject: ports/110610: [Maintainer] www/squid: update to 2.6.STABLE12
X-BeenThere: freebsd-ports-bugs@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: Thomas-Martin Seck <tmseck@netcologne.de>
List-Id: Ports bug reports <freebsd-ports-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports-bugs>, 
	<mailto:freebsd-ports-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ports-bugs>
List-Post: <mailto:freebsd-ports-bugs@freebsd.org>
List-Help: <mailto:freebsd-ports-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports-bugs>, 
	<mailto:freebsd-ports-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Mar 2007 10:30:06 -0000


>Number:         110610
>Category:       ports
>Synopsis:       [Maintainer] www/squid: update to 2.6.STABLE12
>Confidential:   no
>Severity:       non-critical
>Priority:       high
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          maintainer-update
>Submitter-Id:   current-users
>Arrival-Date:   Wed Mar 21 10:30:05 GMT 2007
>Closed-Date:
>Last-Modified:
>Originator:     Thomas-Martin Seck
>Release:        FreeBSD 6.2-STABLE i386
>Organization:
a private site in Germany
>Environment:
FreeBSD ports collection as of March 21, 2007.

	
>Description:

Update to 2.6.STABLE12.

This update fixes a denial of service vulnerability in the TRACE method.

Proposed VuXML entry, entry date left to be filled in:

  <vuln vid="b5affc11-d793-11db-9f0f-0048543d60ce">
    <topic>squid -- TRACE method handling denial of service</topic>
    <affects>
      <package>
         <name>squid</name>
	 <range><ge>2.6.1</ge>
	 <range><lt>2.6.12</lt>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
        <p>Squid advisory 2007:1 notes:</p>
        <blockquote cite="http://www.squid-cache.org/Advisories/SQUID-2007_1.txt">
	<p>Due to an internal error Squid-2.6 is vulnerable to a denial of service attack when processing the TRACE request method.</p>
	<p>Workarounds:</p>
	<p>To work around the problem deny access to using the TRACE method by inserting the following two lines before your first http_access rule</p>
	<p>acl TRACE method TRACE</p>
	<p>http_access deny TRACE</p>
      </body>
    </description>
    <references>
      <url>http://www.squid-cache.org/Advisories/SQUID-2007_1.txt</url>
    </references>
    <dates>
      <discovery>2007-03-20</discovery>
    </dates>
  </vuln>
	

	
>How-To-Repeat:
	
>Fix:
Apply this patch:

Index: Makefile
===================================================================
--- Makefile	(.../www/squid)	(revision 1139)
+++ Makefile	(.../local/squid)	(revision 1139)
@@ -75,7 +75,7 @@
 #     Enable experimental multicast notification of cachemisses.
 
 PORTNAME=	squid
-PORTVERSION=	2.6.11
+PORTVERSION=	2.6.12
 CATEGORIES=	www
 MASTER_SITES=	ftp://ftp.squid-cache.org/pub/%SUBDIR%/ \
 		ftp://ftp.vistech.net/pub/squid/%SUBDIR%/ \
@@ -87,7 +87,7 @@
 		ftp://ftp.ccs.neu.edu/pub/mirrors/squid.nlanr.net/pub/%SUBDIR%/ \
 		${MASTER_SITE_RINGSERVER:S,%SUBDIR%,net/www/squid/&,}
 MASTER_SITE_SUBDIR=	squid-2/STABLE
-DISTNAME=	squid-2.6.STABLE11
+DISTNAME=	squid-2.6.STABLE12
 DIST_SUBDIR=	squid2.6
 
 PATCH_SITES=	http://www.squid-cache.org/%SUBDIR%/ \
Index: distinfo
===================================================================
--- distinfo	(.../www/squid)	(revision 1139)
+++ distinfo	(.../local/squid)	(revision 1139)
@@ -1,3 +1,3 @@
-MD5 (squid2.6/squid-2.6.STABLE11.tar.bz2) = 30b38de0a0a7ffce4350f3ca638e9b2e
-SHA256 (squid2.6/squid-2.6.STABLE11.tar.bz2) = 98e7d72efff757e7bea4aa33fd3750e152db9cd1e92de07c3252b1a6fa541490
-SIZE (squid2.6/squid-2.6.STABLE11.tar.bz2) = 1263864
+MD5 (squid2.6/squid-2.6.STABLE12.tar.bz2) = a830ccc95cb39cdfa5e5b773add0bb0d
+SHA256 (squid2.6/squid-2.6.STABLE12.tar.bz2) = 7956fb449cc8ce7b3e01b6bc5dd1318810c11c0630ef7fa4989ae15dfabdb858
+SIZE (squid2.6/squid-2.6.STABLE12.tar.bz2) = 1263085
	


>Release-Note:
>Audit-Trail:
>Unformatted: