Date: Fri, 23 Feb 2018 13:20:44 -0800 From: Cy Schubert <Cy.Schubert@cschubert.com> To: "Danilo G. Baio" <dbaio@FreeBSD.org> Cc: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: Re: svn commit: r462744 - in head/www/squid: . files Message-ID: <201802232120.w1NLKiAG069420@slippy.cwsent.com> In-Reply-To: Message from "Danilo G. Baio" <dbaio@FreeBSD.org> of "Fri, 23 Feb 2018 20:35:13 %2B0000." <201802232035.w1NKZDdd053962@repo.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <201802232035.w1NKZDdd053962@repo.freebsd.org>, "Danilo G. Baio" wri tes: > Author: dbaio > Date: Fri Feb 23 20:35:13 2018 > New Revision: 462744 > URL: https://svnweb.freebsd.org/changeset/ports/462744 > > Log: > www/squid: Fixes security vulnerabilities > > Add patches to fix CVE's: > CVE-2018-1000024 > CVE-2018-1000027 > > PR: 226139 > Submitted by: Yasuhiro KIMURA <yasu@utahime.org> > Approved by: timp87@gmail.com (maintainer) > MFH: 2018Q1 > Security: d5b6d151-1887-11e8-94f7-9c5c8e75236a > > Added: > head/www/squid/files/patch-src_client__side__request.cc (contents, props > changed) > head/www/squid/files/patch-src_esi_CustomParser.cc (contents, props chang > ed) > Modified: > head/www/squid/Makefile > > Modified: head/www/squid/Makefile > ============================================================================= > = > --- head/www/squid/Makefile Fri Feb 23 20:23:26 2018 (r462743) > +++ head/www/squid/Makefile Fri Feb 23 20:35:13 2018 (r462744) > @@ -2,7 +2,7 @@ > > PORTNAME= squid > PORTVERSION= 3.5.27 > -PORTREVISION= 2 > +PORTREVISION= 3 > CATEGORIES= www ipv6 > MASTER_SITES= http://www.squid-cache.org/Versions/v3/${PORTVERSION:R} > / \ > http://www2.us.squid-cache.org/Versions/v3/${PORTVERSION:R}/ \ > > Added: head/www/squid/files/patch-src_client__side__request.cc > ============================================================================= > = > --- /dev/null 00:00:00 1970 (empty, because file is newly added) > +++ head/www/squid/files/patch-src_client__side__request.cc Fri Feb 23 20:3 > 5:13 2018 (r462744) > @@ -0,0 +1,23 @@ > +http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2018_2.patch > + > +commit 8232b83d3fa47a1399f155cb829db829369fbae9 (refs/remotes/origin/v3.5) > +Author: squidadm <squidadm@users.noreply.github.com> > +Date: 2018-01-21 08:07:08 +1300 > + > + Fix indirect IP logging for transactions without a client connection (#1 > 29) (#136) > + > +--- src/client_side_request.cc.orig 2018-02-23 13:39:32 UTC > ++++ src/client_side_request.cc > +@@ -488,9 +488,9 @@ clientFollowXForwardedForCheck(allow_t answer, void *d > + * Ensure that the access log shows the indirect client > + * instead of the direct client. > + */ > +- ConnStateData *conn = http->getConn(); > +- conn->log_addr = request->indirect_client_addr; > +- http->al->cache.caddr = conn->log_addr; > ++ http->al->cache.caddr = request->indirect_client_addr; > ++ if (ConnStateData *conn = http->getConn()) > ++ conn->log_addr = request->indirect_client_addr; > + } > + request->x_forwarded_for_iterator.clean(); > + request->flags.done_follow_x_forwarded_for = true; > > Added: head/www/squid/files/patch-src_esi_CustomParser.cc > ============================================================================= > = > --- /dev/null 00:00:00 1970 (empty, because file is newly added) > +++ head/www/squid/files/patch-src_esi_CustomParser.cc Fri Feb 23 20:3 > 5:13 2018 (r462744) > @@ -0,0 +1,28 @@ > +http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2018_1.patch > + > +commit eb2db98a676321b814fc4a51c4fb7928a8bb45d9 (refs/remotes/origin/v3.5) > +Author: Amos Jeffries <yadij@users.noreply.github.com> > +Date: 2018-01-19 13:54:14 +1300 > + > + ESI: make sure endofName never exceeds tagEnd (#130) > + > +--- src/esi/CustomParser.cc.orig 2018-02-23 13:37:52 UTC > ++++ src/esi/CustomParser.cc > +@@ -121,7 +121,7 @@ ESICustomParser::parse(char const *dataToParse, size_t > + > + char * endofName = strpbrk(const_cast<char *>(tag), w_space); > + > +- if (endofName > tagEnd) > ++ if (!endofName || endofName > tagEnd) > + endofName = const_cast<char *>(tagEnd); > + > + *endofName = '\0'; > +@@ -214,7 +214,7 @@ ESICustomParser::parse(char const *dataToParse, size_t > + > + char * endofName = strpbrk(const_cast<char *>(tag), w_space); > + > +- if (endofName > tagEnd) > ++ if (!endofName || endofName > tagEnd) > + endofName = const_cast<char *>(tagEnd); > + > + *endofName = '\0'; > Can you apply this to squid-devel too, please? -- Cheers, Cy Schubert <Cy.Schubert@cschubert.com> FreeBSD UNIX: <cy@FreeBSD.org> Web: http://www.FreeBSD.org The need of the many outweighs the greed of the few.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201802232120.w1NLKiAG069420>