From owner-svn-ports-all@freebsd.org Fri Feb 23 21:26:48 2018 Return-Path: Delivered-To: svn-ports-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 22C66F21854; Fri, 23 Feb 2018 21:26:48 +0000 (UTC) (envelope-from cy.schubert@cschubert.com) Received: from smtp-out-no.shaw.ca (smtp-out-no.shaw.ca [64.59.134.9]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "Client", Issuer "CA" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 78E5E79B45; Fri, 23 Feb 2018 21:26:47 +0000 (UTC) (envelope-from cy.schubert@cschubert.com) Received: from spqr.komquats.com ([96.50.22.10]) by shaw.ca with ESMTPA id pKrcee5v9U5pnpKreeKiUM; Fri, 23 Feb 2018 14:26:46 -0700 X-Authority-Analysis: v=2.3 cv=Tai4SyYh c=1 sm=1 tr=0 a=jvE2nwUzI0ECrNeyr98KWA==:117 a=jvE2nwUzI0ECrNeyr98KWA==:17 a=kj9zAlcOel0A:10 a=Op4juWPpsa0A:10 a=6I5d2MoRAAAA:8 a=u4C43qGkAAAA:8 a=pGLkceISAAAA:8 a=00YenlzPAAAA:8 a=NEAV23lmAAAA:8 a=YxBL1-UpAAAA:8 a=k-4ldcIgQ7lrirLvi5oA:9 a=CjuIK1q_8ugA:10 a=vnn9QUmyBp4A:10 a=IjZwj45LgO3ly-622nXo:22 a=P8QV4QaAdoZ3FB6hlmCP:22 a=FA-OfGwn9n36E_TAEFIg:22 a=Ia-lj3WSrqcvXOmTRaiG:22 Received: from slippy.cwsent.com (slippy [10.1.1.91]) by spqr.komquats.com (Postfix) with ESMTPS id 94C8E8C8; Fri, 23 Feb 2018 13:26:44 -0800 (PST) Received: from slippy.cwsent.com (localhost [127.0.0.1]) by slippy.cwsent.com (8.15.2/8.15.2) with ESMTP id w1NLQii3077710; Fri, 23 Feb 2018 13:26:44 -0800 (PST) (envelope-from Cy.Schubert@cschubert.com) Received: from slippy (cy@localhost) by slippy.cwsent.com (8.15.2/8.15.2/Submit) with ESMTP id w1NLQiYX077707; Fri, 23 Feb 2018 13:26:44 -0800 (PST) (envelope-from Cy.Schubert@cschubert.com) Message-Id: <201802232126.w1NLQiYX077707@slippy.cwsent.com> X-Authentication-Warning: slippy.cwsent.com: cy owned process doing -bs X-Mailer: exmh version 2.8.0 04/21/2012 with nmh-1.7 Reply-to: Cy Schubert From: Cy Schubert X-os: FreeBSD X-Sender: cy@cwsent.com X-URL: http://www.cschubert.com/ To: Cy Schubert cc: "Danilo G. Baio" , ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: Re: svn commit: r462744 - in head/www/squid: . files In-Reply-To: Message from Cy Schubert of "Fri, 23 Feb 2018 13:20:44 -0800." Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Fri, 23 Feb 2018 13:26:44 -0800 X-CMAE-Envelope: MS4wfLQbYoxmPIbdOzr+/HPfaVCqICK6QWvs9eg1B3lnR5pZ8o57iNL4x5uk/Kcn/Mt4w6GcLic2N9/LXNi2xivKitduzako04VdE2oE2ZQxMdUyWcikxq/1 tE65qL0hSNO1bQ3pKm8fo1fEKtIBg2n3n56ymlBeuqmWTZPeRuBNRj/uaBIICD0b6ETIUjYr0rGLaPHj5/d3uOyvHdB8ZBsodX2pcXE63lSYSPSL4/F04zAn rkKfi9cv+4/hZI3csXfG8rkEXvaW/nhKxq4z8RttUGmpUL52qNcBpAzoiZrq6RkXTKQoRY6jWbgcRCevOVmvzQ== X-BeenThere: svn-ports-all@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: SVN commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 23 Feb 2018 21:26:48 -0000 Cy Schubert writes: > In message <201802232035.w1NKZDdd053962@repo.freebsd.org>, "Danilo G. > Baio" wri > tes: > > Author: dbaio > > Date: Fri Feb 23 20:35:13 2018 > > New Revision: 462744 > > URL: https://svnweb.freebsd.org/changeset/ports/462744 > > > > Log: > > www/squid: Fixes security vulnerabilities > > > > Add patches to fix CVE's: > > CVE-2018-1000024 > > CVE-2018-1000027 > > > > PR: 226139 > > Submitted by: Yasuhiro KIMURA > > Approved by: timp87@gmail.com (maintainer) > > MFH: 2018Q1 > > Security: d5b6d151-1887-11e8-94f7-9c5c8e75236a > > > > Added: > > head/www/squid/files/patch-src_client__side__request.cc (contents, prop > s > > changed) > > head/www/squid/files/patch-src_esi_CustomParser.cc (contents, props cha > ng > > ed) > > Modified: > > head/www/squid/Makefile > > > > Modified: head/www/squid/Makefile > > =========================================================================== > == > > = > > --- head/www/squid/Makefile Fri Feb 23 20:23:26 2018 (r462743) > > +++ head/www/squid/Makefile Fri Feb 23 20:35:13 2018 (r462744) > > @@ -2,7 +2,7 @@ > > > > PORTNAME= squid > > PORTVERSION= 3.5.27 > > -PORTREVISION= 2 > > +PORTREVISION= 3 > > CATEGORIES= www ipv6 > > MASTER_SITES= http://www.squid-cache.org/Versions/v3/${PORTVERSION:R} > > / \ > > http://www2.us.squid-cache.org/Versions/v3/${PORTVERSION:R}/ \ > > > > Added: head/www/squid/files/patch-src_client__side__request.cc > > =========================================================================== > == > > = > > --- /dev/null 00:00:00 1970 (empty, because file is newly added) > > +++ head/www/squid/files/patch-src_client__side__request.cc Fri Feb 23 20:3 > > 5:13 2018 (r462744) > > @@ -0,0 +1,23 @@ > > +http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2018_2.patch > > + > > +commit 8232b83d3fa47a1399f155cb829db829369fbae9 (refs/remotes/origin/v3.5) > > +Author: squidadm > > +Date: 2018-01-21 08:07:08 +1300 > > + > > + Fix indirect IP logging for transactions without a client connection ( > #1 > > 29) (#136) > > + > > +--- src/client_side_request.cc.orig 2018-02-23 13:39:32 UTC > > ++++ src/client_side_request.cc > > +@@ -488,9 +488,9 @@ clientFollowXForwardedForCheck(allow_t answer, void *d > > + * Ensure that the access log shows the indirect client > > + * instead of the direct client. > > + */ > > +- ConnStateData *conn = http->getConn(); > > +- conn->log_addr = request->indirect_client_addr; > > +- http->al->cache.caddr = conn->log_addr; > > ++ http->al->cache.caddr = request->indirect_client_addr; > > ++ if (ConnStateData *conn = http->getConn()) > > ++ conn->log_addr = request->indirect_client_addr; > > + } > > + request->x_forwarded_for_iterator.clean(); > > + request->flags.done_follow_x_forwarded_for = true; > > > > Added: head/www/squid/files/patch-src_esi_CustomParser.cc > > =========================================================================== > == > > = > > --- /dev/null 00:00:00 1970 (empty, because file is newly added) > > +++ head/www/squid/files/patch-src_esi_CustomParser.cc Fri Feb 23 20:3 > > 5:13 2018 (r462744) > > @@ -0,0 +1,28 @@ > > +http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2018_1.patch > > + > > +commit eb2db98a676321b814fc4a51c4fb7928a8bb45d9 (refs/remotes/origin/v3.5) > > +Author: Amos Jeffries > > +Date: 2018-01-19 13:54:14 +1300 > > + > > + ESI: make sure endofName never exceeds tagEnd (#130) > > + > > +--- src/esi/CustomParser.cc.orig 2018-02-23 13:37:52 UTC > > ++++ src/esi/CustomParser.cc > > +@@ -121,7 +121,7 @@ ESICustomParser::parse(char const *dataToParse, size_t > > + > > + char * endofName = strpbrk(const_cast(tag), w_space); > > + > > +- if (endofName > tagEnd) > > ++ if (!endofName || endofName > tagEnd) > > + endofName = const_cast(tagEnd); > > + > > + *endofName = '\0'; > > +@@ -214,7 +214,7 @@ ESICustomParser::parse(char const *dataToParse, size_t > > + > > + char * endofName = strpbrk(const_cast(tag), w_space); > > + > > +- if (endofName > tagEnd) > > ++ if (!endofName || endofName > tagEnd) > > + endofName = const_cast(tagEnd); > > + > > + *endofName = '\0'; > > > > Can you apply this to squid-devel too, please? > > > -- > Cheers, > Cy Schubert > FreeBSD UNIX: Web: http://www.FreeBSD.org > > The need of the many outweighs the greed of the few. > > Never mind. My mistake. I didn't see your commit to squid-devel in r462698. Sorry. -- Cheers, Cy Schubert FreeBSD UNIX: Web: http://www.FreeBSD.org The need of the many outweighs the greed of the few.