* [git.ipfire.org] IPFire 2.x development tree branch, next, updated. 7323724196db7b63d83bea9774e2b1356b1854aa
@ 2013-08-07 20:17 git
0 siblings, 0 replies; only message in thread
From: git @ 2013-08-07 20:17 UTC (permalink / raw)
To: ipfire-scm
[-- Attachment #1: Type: text/plain, Size: 7531 bytes --]
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".
The branch, next has been updated
via 7323724196db7b63d83bea9774e2b1356b1854aa (commit)
from 726a85b8c10d4b991c7944b19a1f4c54621c5079 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 7323724196db7b63d83bea9774e2b1356b1854aa
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Wed Aug 7 22:15:31 2013 +0200
squid: Fix two security issues.
* CVE-2013-4115
* CVE-2013-4123
http://www.squid-cache.org/Versions/v3/3.1/changesets/
-----------------------------------------------------------------------
Summary of changes:
config/rootfiles/core/{71 => 72}/filelists/squid | 0
lfs/squid | 3 +
src/patches/squid-3.1-10486.patch | 54 ++++++++++++++++++
src/patches/squid-3.1-10487.patch | 73 ++++++++++++++++++++++++
4 files changed, 130 insertions(+)
copy config/rootfiles/core/{71 => 72}/filelists/squid (100%)
create mode 100644 src/patches/squid-3.1-10486.patch
create mode 100644 src/patches/squid-3.1-10487.patch
Difference in files:
diff --git a/config/rootfiles/core/72/filelists/squid b/config/rootfiles/core/72/filelists/squid
new file mode 120000
index 0000000..2dc8372
--- /dev/null
+++ b/config/rootfiles/core/72/filelists/squid
@@ -0,0 +1 @@
+../../../common/squid
\ No newline at end of file
diff --git a/lfs/squid b/lfs/squid
index fde8606..81118c2 100644
--- a/lfs/squid
+++ b/lfs/squid
@@ -71,6 +71,9 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar xjf $(DIR_DL)/$(DL_FILE)
+ cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid-3.1-10486.patch
+ cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid-3.1-10487.patch
+
cd $(DIR_APP) && ./configure --prefix=/usr --disable-nls \
--datadir=/usr/lib/squid \
--mandir=/usr/share/man --libexecdir=/usr/lib/squid \
diff --git a/src/patches/squid-3.1-10486.patch b/src/patches/squid-3.1-10486.patch
new file mode 100644
index 0000000..6a0388e
--- /dev/null
+++ b/src/patches/squid-3.1-10486.patch
@@ -0,0 +1,54 @@
+------------------------------------------------------------
+revno: 10486
+revision-id: squid3(a)treenet.co.nz-20130222111325-zizr296kq3te4g7h
+parent: squid3(a)treenet.co.nz-20130109021503-hqg7ufldrudpzr9l
+fixes bug(s): http://bugs.squid-cache.org/show_bug.cgi?id=3790
+author: Reinhard Sojka <reinhard.sojka(a)parlament.gv.at>
+committer: Amos Jeffries <squid3(a)treenet.co.nz>
+branch nick: SQUID_3_1
+timestamp: Fri 2013-02-22 04:13:25 -0700
+message:
+ Bug 3790: cachemgr.cgi crash with authentication
+------------------------------------------------------------
+# Bazaar merge directive format 2 (Bazaar 0.90)
+# revision_id: squid3(a)treenet.co.nz-20130222111325-zizr296kq3te4g7h
+# target_branch: http://bzr.squid-cache.org/bzr/squid3/branches\
+# /SQUID_3_1
+# testament_sha1: 121adf68a9c3b2eca766cfb768256b6b57d9816b
+# timestamp: 2013-02-22 11:17:18 +0000
+# source_branch: http://bzr.squid-cache.org/bzr/squid3/branches\
+# /SQUID_3_1
+# base_revision_id: squid3(a)treenet.co.nz-20130109021503-\
+# hqg7ufldrudpzr9l
+#
+# Begin patch
+=== modified file 'tools/cachemgr.cc'
+--- tools/cachemgr.cc 2013-01-08 23:11:51 +0000
++++ tools/cachemgr.cc 2013-02-22 11:13:25 +0000
+@@ -1162,7 +1162,6 @@
+ {
+ static char buf[1024];
+ size_t stringLength = 0;
+- const char *str64;
+
+ if (!req->passwd)
+ return "";
+@@ -1171,15 +1170,12 @@
+ req->user_name ? req->user_name : "",
+ req->passwd);
+
+- str64 = base64_encode(buf);
+-
+- stringLength += snprintf(buf, sizeof(buf), "Authorization: Basic %s\r\n", str64);
++ stringLength += snprintf(buf, sizeof(buf), "Authorization: Basic %s\r\n", base64_encode(buf));
+
+ assert(stringLength < sizeof(buf));
+
+- snprintf(&buf[stringLength], sizeof(buf) - stringLength, "Proxy-Authorization: Basic %s\r\n", str64);
++ snprintf(&buf[stringLength], sizeof(buf) - stringLength, "Proxy-Authorization: Basic %s\r\n", base64_encode(buf));
+
+- xxfree(str64);
+ return buf;
+ }
+
+
diff --git a/src/patches/squid-3.1-10487.patch b/src/patches/squid-3.1-10487.patch
new file mode 100644
index 0000000..2ca4848
--- /dev/null
+++ b/src/patches/squid-3.1-10487.patch
@@ -0,0 +1,73 @@
+------------------------------------------------------------
+revno: 10487
+revision-id: squid3(a)treenet.co.nz-20130710124748-2n6111r04xsi71vx
+parent: squid3(a)treenet.co.nz-20130222111325-zizr296kq3te4g7h
+author: Nathan Hoad <nathan(a)getoffmalawn.com>
+committer: Amos Jeffries <squid3(a)treenet.co.nz>
+branch nick: SQUID_3_1
+timestamp: Wed 2013-07-10 06:47:48 -0600
+message:
+ Protect against buffer overrun in DNS query generation
+
+ see SQUID-2013:2.
+
+ This bug has been present as long as the internal DNS component however
+ most code reaching this point is passing through URL validation first.
+ With Squid-3.2 Host header verification using DNS directly we may have
+ problems.
+------------------------------------------------------------
+# Bazaar merge directive format 2 (Bazaar 0.90)
+# revision_id: squid3(a)treenet.co.nz-20130710124748-2n6111r04xsi71vx
+# target_branch: http://bzr.squid-cache.org/bzr/squid3/branches\
+# /SQUID_3_1
+# testament_sha1: b5be85c8876ce15ec8fa173845e61755b6942fe0
+# timestamp: 2013-07-10 12:48:57 +0000
+# source_branch: http://bzr.squid-cache.org/bzr/squid3/branches\
+# /SQUID_3_1
+# base_revision_id: squid3(a)treenet.co.nz-20130222111325-\
+# zizr296kq3te4g7h
+#
+# Begin patch
+=== modified file 'src/dns_internal.cc'
+--- src/dns_internal.cc 2011-10-11 02:12:56 +0000
++++ src/dns_internal.cc 2013-07-10 12:47:48 +0000
+@@ -1532,22 +1532,26 @@
+ void
+ idnsALookup(const char *name, IDNSCB * callback, void *data)
+ {
+- unsigned int i;
++ size_t nameLength = strlen(name);
++
++ // Prevent buffer overflow on q->name
++ if (nameLength > NS_MAXDNAME) {
++ debugs(23, DBG_IMPORTANT, "SECURITY ALERT: DNS name too long to perform lookup: '" << name << "'. see access.log for details.");
++ callback(data, NULL, 0, "Internal error");
++ return;
++ }
++
++ if (idnsCachedLookup(name, callback, data))
++ return;
++
++ idns_query *q = cbdataAlloc(idns_query);
++ q->id = idnsQueryID();
+ int nd = 0;
+- idns_query *q;
+-
+- if (idnsCachedLookup(name, callback, data))
+- return;
+-
+- q = cbdataAlloc(idns_query);
+-
+- q->id = idnsQueryID();
+-
+- for (i = 0; i < strlen(name); i++)
++ for (unsigned int i = 0; i < nameLength; ++i)
+ if (name[i] == '.')
+ nd++;
+
+- if (Config.onoff.res_defnames && npc > 0 && name[strlen(name)-1] != '.') {
++ if (Config.onoff.res_defnames && npc > 0 && name[nameLength-1] != '.') {
+ q->do_searchpath = 1;
+ } else {
+ q->do_searchpath = 0;
+
hooks/post-receive
--
IPFire 2.x development tree
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2013-08-07 20:17 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2013-08-07 20:17 [git.ipfire.org] IPFire 2.x development tree branch, next, updated. 7323724196db7b63d83bea9774e2b1356b1854aa git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox