Date: Fri, 23 Feb 2018 13:26:44 -0800 From: Cy Schubert <Cy.Schubert@cschubert.com> To: Cy Schubert <Cy.Schubert@cschubert.com> Cc: "Danilo G. Baio" <dbaio@FreeBSD.org>, ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: Re: svn commit: r462744 - in head/www/squid: . files Message-ID: <201802232126.w1NLQiYX077707@slippy.cwsent.com> In-Reply-To: Message from Cy Schubert <Cy.Schubert@cschubert.com> of "Fri, 23 Feb 2018 13:20:44 -0800."
next in thread | previous in thread | raw e-mail | index | archive | help
Cy Schubert writes: > In message <201802232035.w1NKZDdd053962@repo.freebsd.org>, "Danilo G. > Baio" wri > tes: > > Author: dbaio > > Date: Fri Feb 23 20:35:13 2018 > > New Revision: 462744 > > URL: https://svnweb.freebsd.org/changeset/ports/462744 > > > > Log: > > www/squid: Fixes security vulnerabilities > > > > Add patches to fix CVE's: > > CVE-2018-1000024 > > CVE-2018-1000027 > > > > PR: 226139 > > Submitted by: Yasuhiro KIMURA <yasu@utahime.org> > > Approved by: timp87@gmail.com (maintainer) > > MFH: 2018Q1 > > Security: d5b6d151-1887-11e8-94f7-9c5c8e75236a > > > > Added: > > head/www/squid/files/patch-src_client__side__request.cc (contents, prop > s > > changed) > > head/www/squid/files/patch-src_esi_CustomParser.cc (contents, props cha > ng > > ed) > > Modified: > > head/www/squid/Makefile > > > > Modified: head/www/squid/Makefile > > =========================================================================== > == > > = > > --- head/www/squid/Makefile Fri Feb 23 20:23:26 2018 (r462743) > > +++ head/www/squid/Makefile Fri Feb 23 20:35:13 2018 (r462744) > > @@ -2,7 +2,7 @@ > > > > PORTNAME= squid > > PORTVERSION= 3.5.27 > > -PORTREVISION= 2 > > +PORTREVISION= 3 > > CATEGORIES= www ipv6 > > MASTER_SITES= http://www.squid-cache.org/Versions/v3/${PORTVERSION:R} > > / \ > > http://www2.us.squid-cache.org/Versions/v3/${PORTVERSION:R}/ \ > > > > Added: head/www/squid/files/patch-src_client__side__request.cc > > =========================================================================== > == > > = > > --- /dev/null 00:00:00 1970 (empty, because file is newly added) > > +++ head/www/squid/files/patch-src_client__side__request.cc Fri Feb 23 20:3 > > 5:13 2018 (r462744) > > @@ -0,0 +1,23 @@ > > +http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2018_2.patch > > + > > +commit 8232b83d3fa47a1399f155cb829db829369fbae9 (refs/remotes/origin/v3.5) > > +Author: squidadm <squidadm@users.noreply.github.com> > > +Date: 2018-01-21 08:07:08 +1300 > > + > > + Fix indirect IP logging for transactions without a client connection ( > #1 > > 29) (#136) > > + > > +--- src/client_side_request.cc.orig 2018-02-23 13:39:32 UTC > > ++++ src/client_side_request.cc > > +@@ -488,9 +488,9 @@ clientFollowXForwardedForCheck(allow_t answer, void *d > > + * Ensure that the access log shows the indirect client > > + * instead of the direct client. > > + */ > > +- ConnStateData *conn = http->getConn(); > > +- conn->log_addr = request->indirect_client_addr; > > +- http->al->cache.caddr = conn->log_addr; > > ++ http->al->cache.caddr = request->indirect_client_addr; > > ++ if (ConnStateData *conn = http->getConn()) > > ++ conn->log_addr = request->indirect_client_addr; > > + } > > + request->x_forwarded_for_iterator.clean(); > > + request->flags.done_follow_x_forwarded_for = true; > > > > Added: head/www/squid/files/patch-src_esi_CustomParser.cc > > =========================================================================== > == > > = > > --- /dev/null 00:00:00 1970 (empty, because file is newly added) > > +++ head/www/squid/files/patch-src_esi_CustomParser.cc Fri Feb 23 20:3 > > 5:13 2018 (r462744) > > @@ -0,0 +1,28 @@ > > +http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2018_1.patch > > + > > +commit eb2db98a676321b814fc4a51c4fb7928a8bb45d9 (refs/remotes/origin/v3.5) > > +Author: Amos Jeffries <yadij@users.noreply.github.com> > > +Date: 2018-01-19 13:54:14 +1300 > > + > > + ESI: make sure endofName never exceeds tagEnd (#130) > > + > > +--- src/esi/CustomParser.cc.orig 2018-02-23 13:37:52 UTC > > ++++ src/esi/CustomParser.cc > > +@@ -121,7 +121,7 @@ ESICustomParser::parse(char const *dataToParse, size_t > > + > > + char * endofName = strpbrk(const_cast<char *>(tag), w_space); > > + > > +- if (endofName > tagEnd) > > ++ if (!endofName || endofName > tagEnd) > > + endofName = const_cast<char *>(tagEnd); > > + > > + *endofName = '\0'; > > +@@ -214,7 +214,7 @@ ESICustomParser::parse(char const *dataToParse, size_t > > + > > + char * endofName = strpbrk(const_cast<char *>(tag), w_space); > > + > > +- if (endofName > tagEnd) > > ++ if (!endofName || endofName > tagEnd) > > + endofName = const_cast<char *>(tagEnd); > > + > > + *endofName = '\0'; > > > > Can you apply this to squid-devel too, please? > > > -- > Cheers, > Cy Schubert <Cy.Schubert@cschubert.com> > FreeBSD UNIX: <cy@FreeBSD.org> Web: http://www.FreeBSD.org > > The need of the many outweighs the greed of the few. > > Never mind. My mistake. I didn't see your commit to squid-devel in r462698. Sorry. -- Cheers, Cy Schubert <Cy.Schubert@cschubert.com> FreeBSD UNIX: <cy@FreeBSD.org> Web: http://www.FreeBSD.org The need of the many outweighs the greed of the few.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201802232126.w1NLQiYX077707>