Date: 1 Feb 2010 20:54:11 -0000 From: Thomas-Martin Seck <tmseck@web.de> To: FreeBSD-gnats-submit@FreeBSD.org Cc: ports-security@FreeBSD.org Subject: ports/143452: [Maintainer] [Security] www/squid30, www/squid31: patch to address Squid Advisory 2010:1 Message-ID: <20100201205411.79928.qmail@wcfields.tmseck.homedns.org> Resent-Message-ID: <201002012100.o11L084N095764@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 143452
>Category: ports
>Synopsis: [Maintainer] [Security] www/squid30, www/squid31: patch to address Squid Advisory 2010:1
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: maintainer-update
>Submitter-Id: current-users
>Arrival-Date: Mon Feb 01 21:00:08 UTC 2010
>Closed-Date:
>Last-Modified:
>Originator: Thomas-Martin Seck
>Release: FreeBSD 8.0-RELEASE amd64
>Organization:
a private site in Germany
>Environment:
FreeBSD ports collection as of February 1, 2010.
>Description:
As noted in ports/143451, the new releases of Squid-3.0 and Squid-3.1
that are supposed to address Squid-2010:1 and other bugs do not build.
Include the vendor patches 9151 (Squid-3.0) and 9853 (Squid-3.1) in the
meantime, these seem to address this particular issue, like Changeset
12597 does for Squid-2.7.
Please update Vuln 296ecb59-0f6b-11df-8bab-0019996bc1f7 to reflect that
3.0.21_1 and 3.1.0.15_2 are (hopefully) not vulnerable.
>How-To-Repeat:
>Fix:
Update for www/squid30:
Index: Makefile
===================================================================
--- Makefile (.../www/squid30) (Revision 1749)
+++ Makefile (.../local/squid30) (Revision 1749)
@@ -61,6 +61,7 @@
PORTNAME= squid
PORTVERSION= 3.0.${SQUID_STABLE_VER}
+PORTREVISION= 1
CATEGORIES= www
MASTER_SITES= ftp://ftp.squid-cache.org/pub/%SUBDIR%/ \
ftp://mirrors.24-7-solutions.net/pub/squid/%SUBDIR%/ \
@@ -92,7 +93,7 @@
http://www1.jp.squid-cache.org/%SUBDIR%/ \
http://www1.tw.squid-cache.org/%SUBDIR%/
PATCH_SITE_SUBDIR= Versions/v3/3.0/changesets
-PATCHFILES=
+PATCHFILES= squid-3.0-9151.patch
MAINTAINER= tmseck@web.de
COMMENT= HTTP Caching Proxy
@@ -236,8 +237,7 @@
--enable-ntlm-auth-helpers="SMB"
# POLA: allow the old global make.conf(5) (pre src.conf(5)) defines, too:
.if defined(WITH_SQUID_KERB_AUTH) && !defined(NO_KERBEROS) && !defined(WITHOUT_KERBEROS)
-# XXX This currently only works with heimdal from the base system,
-# see files/patch-squid_kerb_auth:
+# XXX This currently only works with heimdal from the base system.
CONFIGURE_ARGS+= --enable-negotiate-auth-helpers="squid_kerb_auth"
libexec+= squid_kerb_auth
.endif
Index: distinfo
===================================================================
--- distinfo (.../www/squid30) (Revision 1749)
+++ distinfo (.../local/squid30) (Revision 1749)
@@ -1,3 +1,6 @@
MD5 (squid3.0/squid-3.0.STABLE21.tar.bz2) = 279168fe1fe5b38bbf6eee12babbc4ad
SHA256 (squid3.0/squid-3.0.STABLE21.tar.bz2) = 07114935b7aed9df42524e84f6a634849d4bcafd513bf118881aa5cc58911f7b
SIZE (squid3.0/squid-3.0.STABLE21.tar.bz2) = 1802875
+MD5 (squid3.0/squid-3.0-9151.patch) = 1ba452e3f8d730848f77e3138a7ec805
+SHA256 (squid3.0/squid-3.0-9151.patch) = d402e853381d661be3b21260205f579d88373881a861ec6bd7944477632d1c5b
+SIZE (squid3.0/squid-3.0-9151.patch) = 1281
Update for www/squid31:
Index: Makefile
===================================================================
--- Makefile (.../www/squid31) (Revision 1746)
+++ Makefile (.../local/squid31) (Revision 1746)
@@ -53,7 +53,7 @@
PORTNAME= squid
PORTVERSION= 3.1.0.${SQUID_BETA_VER}
-PORTREVISION= 1
+PORTREVISION= 2
CATEGORIES= www ipv6
MASTER_SITES= ftp://ftp.squid-cache.org/pub/%SUBDIR%/ \
ftp://mirrors.24-7-solutions.net/pub/squid/%SUBDIR%/ \
@@ -91,7 +91,8 @@
squid-3.1-9822.patch \
squid-3.1-9823.patch \
squid-3.1-9825.patch \
- squid-3.1-9826.patch
+ squid-3.1-9826.patch \
+ squid-3.1-9853.patch
MAINTAINER= tmseck@web.de
COMMENT= HTTP Caching Proxy (BETA Version)
Index: distinfo
===================================================================
--- distinfo (.../www/squid31) (Revision 1746)
+++ distinfo (.../local/squid31) (Revision 1746)
@@ -22,3 +22,6 @@
MD5 (squid3.1/squid-3.1-9826.patch) = 02a49a40917c50995a37d2d29c80591c
SHA256 (squid3.1/squid-3.1-9826.patch) = e4041f02c4233d664afbbd3bb472865dddb7d9187181acf9542bd650b6f8ffc0
SIZE (squid3.1/squid-3.1-9826.patch) = 3915
+MD5 (squid3.1/squid-3.1-9853.patch) = afa851481af4e7d173a0be9f0ff4e75d
+SHA256 (squid3.1/squid-3.1-9853.patch) = 7b0e1917346d1f3684015b9f939518d5e6db66edc85421512c564c4b1f990f78
+SIZE (squid3.1/squid-3.1-9853.patch) = 2915
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20100201205411.79928.qmail>