www/squid: Fixes security vulnerabilities

Add patches to fix CVE's:
  CVE-2018-1000024
  CVE-2018-1000027

PR:		226139
Submitted by:	Yasuhiro KIMURA <yasu@utahime.org>
Approved by:	timp87@gmail.com (maintainer)
MFH:		2018Q1
Security:	d5b6d151-1887-11e8-94f7-9c5c8e75236a

3 files changed, 52 insertions, 1 deletions

diff --git a/www/squid/Makefile b/www/squid/Makefile
index 243a9244d213..aa2ef76336a1 100644
--- a/www/squid/Makefile
+++ b/www/squid/Makefile
@@ -2,7 +2,7 @@
 
 PORTNAME=	squid
 PORTVERSION=	3.5.27
-PORTREVISION=	2
+PORTREVISION=	3
 CATEGORIES=	www ipv6
 MASTER_SITES=	http://www.squid-cache.org/Versions/v3/${PORTVERSION:R}/ \
 		http://www2.us.squid-cache.org/Versions/v3/${PORTVERSION:R}/ \
diff --git a/www/squid/files/patch-src_client__side__request.cc b/www/squid/files/patch-src_client__side__request.cc
new file mode 100644
index 000000000000..83aa61dd4267
--- /dev/null
+++ b/www/squid/files/patch-src_client__side__request.cc
@@ -0,0 +1,23 @@
+http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2018_2.patch
+
+commit 8232b83d3fa47a1399f155cb829db829369fbae9 (refs/remotes/origin/v3.5)
+Author: squidadm <squidadm@users.noreply.github.com>
+Date:   2018-01-21 08:07:08 +1300
+
+    Fix indirect IP logging for transactions without a client connection (#129) (#136)
+
+--- src/client_side_request.cc.orig	2018-02-23 13:39:32 UTC
++++ src/client_side_request.cc
+@@ -488,9 +488,9 @@ clientFollowXForwardedForCheck(allow_t answer, void *d
+         * Ensure that the access log shows the indirect client
+         * instead of the direct client.
+         */
+-        ConnStateData *conn = http->getConn();
+-        conn->log_addr = request->indirect_client_addr;
+-        http->al->cache.caddr = conn->log_addr;
++        http->al->cache.caddr = request->indirect_client_addr;
++        if (ConnStateData *conn = http->getConn())
++            conn->log_addr = request->indirect_client_addr;
+     }
+     request->x_forwarded_for_iterator.clean();
+     request->flags.done_follow_x_forwarded_for = true;
diff --git a/www/squid/files/patch-src_esi_CustomParser.cc b/www/squid/files/patch-src_esi_CustomParser.cc
new file mode 100644
index 000000000000..8c9287c64ecd
--- /dev/null
+++ b/www/squid/files/patch-src_esi_CustomParser.cc
@@ -0,0 +1,28 @@
+http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2018_1.patch
+
+commit eb2db98a676321b814fc4a51c4fb7928a8bb45d9 (refs/remotes/origin/v3.5)
+Author: Amos Jeffries <yadij@users.noreply.github.com>
+Date:   2018-01-19 13:54:14 +1300
+
+    ESI: make sure endofName never exceeds tagEnd (#130)
+
+--- src/esi/CustomParser.cc.orig	2018-02-23 13:37:52 UTC
++++ src/esi/CustomParser.cc
+@@ -121,7 +121,7 @@ ESICustomParser::parse(char const *dataToParse, size_t
+ 
+             char * endofName = strpbrk(const_cast<char *>(tag), w_space);
+ 
+-            if (endofName > tagEnd)
++            if (!endofName || endofName > tagEnd)
+                 endofName = const_cast<char *>(tagEnd);
+ 
+             *endofName = '\0';
+@@ -214,7 +214,7 @@ ESICustomParser::parse(char const *dataToParse, size_t
+ 
+             char * endofName = strpbrk(const_cast<char *>(tag), w_space);
+ 
+-            if (endofName > tagEnd)
++            if (!endofName || endofName > tagEnd)
+                 endofName = const_cast<char *>(tagEnd);
+ 
+             *endofName = '\0';