diff options
24 files changed, 144 insertions, 516 deletions
diff --git a/www/squid/Makefile b/www/squid/Makefile index c01bb810d8ea..a168b219b975 100644 --- a/www/squid/Makefile +++ b/www/squid/Makefile @@ -29,7 +29,7 @@ PORTNAME= squid PORTVERSION= 2.5.5 -PORTREVISION= 11 +PORTREVISION= 12 CATEGORIES= www MASTER_SITES= \ ftp://ftp.squid-cache.org/pub/%SUBDIR%/ \ @@ -65,7 +65,8 @@ PATCHFILES= squid-2.5.STABLE5-ntlm_assert.patch \ squid-2.5.STABLE5-dns_localhost.patch \ squid-2.5.STABLE5-msnt_auth_doc.patch \ squid-2.5.STABLE5-CONNECT_log_size.patch \ - squid-2.5.STABLE5-proxy_abuse.patch + squid-2.5.STABLE5-proxy_abuse.patch \ + squid-2.5.STABLE5-ntlm_auth_overflow.patch PATCH_DIST_STRIP= -p1 MAINTAINER= tmseck@netcologne.de @@ -123,7 +124,7 @@ CONFIGURE_ARGS= --bindir=${PREFIX}/sbin --sysconfdir=${PREFIX}/etc/squid \ # Authentication methods and modules: -basic_auth= NCSA PAM YP MSNT winbind +basic_auth= NCSA PAM YP MSNT SMB winbind external_acl= ip_user unix_group wbinfo_group winbind_group MAN8+= pam_auth.8 squid_unix_group.8 .if defined(WITH_SQUID_LDAP_AUTH) diff --git a/www/squid/distinfo b/www/squid/distinfo index 98d0c1344ded..9f798808315e 100644 --- a/www/squid/distinfo +++ b/www/squid/distinfo @@ -48,3 +48,5 @@ MD5 (squid2.5/squid-2.5.STABLE5-CONNECT_log_size.patch) = 9bc3c39ca19ae2a4922d4a SIZE (squid2.5/squid-2.5.STABLE5-CONNECT_log_size.patch) = 2011 MD5 (squid2.5/squid-2.5.STABLE5-proxy_abuse.patch) = 8b169a288a0491a760f4d04c4f5eab21 SIZE (squid2.5/squid-2.5.STABLE5-proxy_abuse.patch) = 761 +MD5 (squid2.5/squid-2.5.STABLE5-ntlm_auth_overflow.patch) = 30c7c5e2ba03655dbde9d3e65409baed +SIZE (squid2.5/squid-2.5.STABLE5-ntlm_auth_overflow.patch) = 3198 diff --git a/www/squid/files/follow_xff-configure.patch b/www/squid/files/follow_xff-configure.patch index a0920813868d..0cf30da6c147 100644 --- a/www/squid/files/follow_xff-configure.patch +++ b/www/squid/files/follow_xff-configure.patch @@ -1,10 +1,23 @@ -!Patch configure directly to enable testing for the -!--enable-follow-x-forwarding-for configuration option -!instead of running configure.in through autoconf as in the -!original follow-XFF patchset from devel.squid-cache.org. +!Simulate the autotools bootstrap of the follow-x-forwarded-for patchset. +! !Beware that all line number informations in configure.log greater -!than 2972 are offset by -29 (correcting all line numbers would have +!than 2972 are offset by at least -29 (correcting all line numbers would have !bloated the patch by 92kB!) +--- include/autoconf.h.in.orig Sat Jan 18 02:46:11 2003 ++++ include/autoconf.h.in Thu Jun 24 13:19:07 2004 +@@ -291,6 +291,12 @@ + #define USE_IDENT 1 + + /* ++ * Compile in support for following X-Forwarded-For headers? ++ * Enabled by default. ++ */ ++#define FOLLOW_X_FORWARDED_FOR 1 ++ ++/* + * If your system has statvfs(), and if it actually works! + */ + #undef HAVE_STATVFS --- configure.orig Tue Mar 2 10:18:14 2004 +++ configure Tue Mar 2 10:18:56 2004 @@ -222,6 +222,12 @@ diff --git a/www/squid/files/patch-helpers-ntlm_auth-SMB-libntlmssp.c b/www/squid/files/patch-helpers-ntlm_auth-SMB-libntlmssp.c deleted file mode 100644 index 54eeeb6bcdeb..000000000000 --- a/www/squid/files/patch-helpers-ntlm_auth-SMB-libntlmssp.c +++ /dev/null @@ -1,78 +0,0 @@ -This patch fixes a buffer overflow vulnerability in the NTLM auth -helper which was reported by iDefense on the 07th June 2004. -Original advisory: -<http://www.idefense.com/application/poi/display?id=107&type=vulnerabilities&flashstatus=false> -CVE-ID: CAN-2004-0541 -Patch and correction obtained from: -<http://www.squid-cache.org/~wessels/patch/libntlmssp.c.patch> -<http://www.squid-cache.org/bugs/show_bug.cgi?id=998> - ---- helpers/ntlm_auth/SMB/libntlmssp.c.orig Fri Nov 30 10:50:06 2001 -+++ helpers/ntlm_auth/SMB/libntlmssp.c Fri Jun 18 13:17:35 2004 -@@ -161,7 +161,10 @@ make_challenge(char *domain, char *domai - #define min(A,B) (A<B?A:B) - - int ntlm_errno; --static char credentials[1024]; /* we can afford to waste */ -+#define MAX_USERNAME_LEN 255 -+#define MAX_DOMAIN_LEN 255 -+#define MAX_PASSWD_LEN 31 -+static char credentials[MAX_USERNAME_LEN+MAX_DOMAIN_LEN+2]; /* we can afford to waste */ - - - /* Fetches the user's credentials from the challenge. -@@ -197,7 +200,7 @@ char * - ntlm_check_auth(ntlm_authenticate * auth, int auth_length) - { - int rv; -- char pass[25] /*, encrypted_pass[40] */; -+ char pass[MAX_PASSWD_LEN+1]; - char *domain = credentials; - char *user; - lstring tmp; -@@ -215,6 +218,11 @@ ntlm_check_auth(ntlm_authenticate * auth - ntlm_errno = NTLM_LOGON_ERROR; - return NULL; - } -+ if (tmp.l > MAX_DOMAIN_LEN) { -+ debug("Domain string exceeds %d bytes, rejecting\n", MAX_DOMAIN_LEN); -+ ntlm_errno = NTLM_LOGON_ERROR; -+ return NULL; -+ } - memcpy(domain, tmp.str, tmp.l); - user = domain + tmp.l; - *user++ = '\0'; -@@ -226,20 +234,30 @@ ntlm_check_auth(ntlm_authenticate * auth - ntlm_errno = NTLM_LOGON_ERROR; - return NULL; - } -+ if (tmp.l > MAX_USERNAME_LEN) { -+ debug("Username string exceeds %d bytes, rejecting\n", MAX_USERNAME_LEN); -+ ntlm_errno = NTLM_LOGON_ERROR; -+ return NULL; -+ } - memcpy(user, tmp.str, tmp.l); - *(user + tmp.l) = '\0'; - - -- /* Authenticating against the NT response doesn't seem to work... */ -+ /* Authenticating against the NT response doesn't seem to work... */ - tmp = ntlm_fetch_string((char *) auth, auth_length, &auth->lmresponse); - if (tmp.str == NULL || tmp.l == 0) { - fprintf(stderr, "No auth at all. Returning no-auth\n"); - ntlm_errno = NTLM_LOGON_ERROR; - return NULL; - } -- -+ if (tmp.l > MAX_PASSWD_LEN) { -+ debug("Password string exceeds %d bytes, rejecting\n", MAX_PASSWD_LEN); -+ ntlm_errno = NTLM_LOGON_ERROR; -+ return NULL; -+ } -+ - memcpy(pass, tmp.str, tmp.l); -- pass[25] = '\0'; -+ pass[min(MAX_PASSWD_LEN,tmp.l)] = '\0'; - - #if 1 - debug ("Empty LM pass detection: user: '%s', ours:'%s', his: '%s'" diff --git a/www/squid25/Makefile b/www/squid25/Makefile index c01bb810d8ea..a168b219b975 100644 --- a/www/squid25/Makefile +++ b/www/squid25/Makefile @@ -29,7 +29,7 @@ PORTNAME= squid PORTVERSION= 2.5.5 -PORTREVISION= 11 +PORTREVISION= 12 CATEGORIES= www MASTER_SITES= \ ftp://ftp.squid-cache.org/pub/%SUBDIR%/ \ @@ -65,7 +65,8 @@ PATCHFILES= squid-2.5.STABLE5-ntlm_assert.patch \ squid-2.5.STABLE5-dns_localhost.patch \ squid-2.5.STABLE5-msnt_auth_doc.patch \ squid-2.5.STABLE5-CONNECT_log_size.patch \ - squid-2.5.STABLE5-proxy_abuse.patch + squid-2.5.STABLE5-proxy_abuse.patch \ + squid-2.5.STABLE5-ntlm_auth_overflow.patch PATCH_DIST_STRIP= -p1 MAINTAINER= tmseck@netcologne.de @@ -123,7 +124,7 @@ CONFIGURE_ARGS= --bindir=${PREFIX}/sbin --sysconfdir=${PREFIX}/etc/squid \ # Authentication methods and modules: -basic_auth= NCSA PAM YP MSNT winbind +basic_auth= NCSA PAM YP MSNT SMB winbind external_acl= ip_user unix_group wbinfo_group winbind_group MAN8+= pam_auth.8 squid_unix_group.8 .if defined(WITH_SQUID_LDAP_AUTH) diff --git a/www/squid25/distinfo b/www/squid25/distinfo index 98d0c1344ded..9f798808315e 100644 --- a/www/squid25/distinfo +++ b/www/squid25/distinfo @@ -48,3 +48,5 @@ MD5 (squid2.5/squid-2.5.STABLE5-CONNECT_log_size.patch) = 9bc3c39ca19ae2a4922d4a SIZE (squid2.5/squid-2.5.STABLE5-CONNECT_log_size.patch) = 2011 MD5 (squid2.5/squid-2.5.STABLE5-proxy_abuse.patch) = 8b169a288a0491a760f4d04c4f5eab21 SIZE (squid2.5/squid-2.5.STABLE5-proxy_abuse.patch) = 761 +MD5 (squid2.5/squid-2.5.STABLE5-ntlm_auth_overflow.patch) = 30c7c5e2ba03655dbde9d3e65409baed +SIZE (squid2.5/squid-2.5.STABLE5-ntlm_auth_overflow.patch) = 3198 diff --git a/www/squid25/files/follow_xff-configure.patch b/www/squid25/files/follow_xff-configure.patch index a0920813868d..0cf30da6c147 100644 --- a/www/squid25/files/follow_xff-configure.patch +++ b/www/squid25/files/follow_xff-configure.patch @@ -1,10 +1,23 @@ -!Patch configure directly to enable testing for the -!--enable-follow-x-forwarding-for configuration option -!instead of running configure.in through autoconf as in the -!original follow-XFF patchset from devel.squid-cache.org. +!Simulate the autotools bootstrap of the follow-x-forwarded-for patchset. +! !Beware that all line number informations in configure.log greater -!than 2972 are offset by -29 (correcting all line numbers would have +!than 2972 are offset by at least -29 (correcting all line numbers would have !bloated the patch by 92kB!) +--- include/autoconf.h.in.orig Sat Jan 18 02:46:11 2003 ++++ include/autoconf.h.in Thu Jun 24 13:19:07 2004 +@@ -291,6 +291,12 @@ + #define USE_IDENT 1 + + /* ++ * Compile in support for following X-Forwarded-For headers? ++ * Enabled by default. ++ */ ++#define FOLLOW_X_FORWARDED_FOR 1 ++ ++/* + * If your system has statvfs(), and if it actually works! + */ + #undef HAVE_STATVFS --- configure.orig Tue Mar 2 10:18:14 2004 +++ configure Tue Mar 2 10:18:56 2004 @@ -222,6 +222,12 @@ diff --git a/www/squid25/files/patch-helpers-ntlm_auth-SMB-libntlmssp.c b/www/squid25/files/patch-helpers-ntlm_auth-SMB-libntlmssp.c deleted file mode 100644 index 54eeeb6bcdeb..000000000000 --- a/www/squid25/files/patch-helpers-ntlm_auth-SMB-libntlmssp.c +++ /dev/null @@ -1,78 +0,0 @@ -This patch fixes a buffer overflow vulnerability in the NTLM auth -helper which was reported by iDefense on the 07th June 2004. -Original advisory: -<http://www.idefense.com/application/poi/display?id=107&type=vulnerabilities&flashstatus=false> -CVE-ID: CAN-2004-0541 -Patch and correction obtained from: -<http://www.squid-cache.org/~wessels/patch/libntlmssp.c.patch> -<http://www.squid-cache.org/bugs/show_bug.cgi?id=998> - ---- helpers/ntlm_auth/SMB/libntlmssp.c.orig Fri Nov 30 10:50:06 2001 -+++ helpers/ntlm_auth/SMB/libntlmssp.c Fri Jun 18 13:17:35 2004 -@@ -161,7 +161,10 @@ make_challenge(char *domain, char *domai - #define min(A,B) (A<B?A:B) - - int ntlm_errno; --static char credentials[1024]; /* we can afford to waste */ -+#define MAX_USERNAME_LEN 255 -+#define MAX_DOMAIN_LEN 255 -+#define MAX_PASSWD_LEN 31 -+static char credentials[MAX_USERNAME_LEN+MAX_DOMAIN_LEN+2]; /* we can afford to waste */ - - - /* Fetches the user's credentials from the challenge. -@@ -197,7 +200,7 @@ char * - ntlm_check_auth(ntlm_authenticate * auth, int auth_length) - { - int rv; -- char pass[25] /*, encrypted_pass[40] */; -+ char pass[MAX_PASSWD_LEN+1]; - char *domain = credentials; - char *user; - lstring tmp; -@@ -215,6 +218,11 @@ ntlm_check_auth(ntlm_authenticate * auth - ntlm_errno = NTLM_LOGON_ERROR; - return NULL; - } -+ if (tmp.l > MAX_DOMAIN_LEN) { -+ debug("Domain string exceeds %d bytes, rejecting\n", MAX_DOMAIN_LEN); -+ ntlm_errno = NTLM_LOGON_ERROR; -+ return NULL; -+ } - memcpy(domain, tmp.str, tmp.l); - user = domain + tmp.l; - *user++ = '\0'; -@@ -226,20 +234,30 @@ ntlm_check_auth(ntlm_authenticate * auth - ntlm_errno = NTLM_LOGON_ERROR; - return NULL; - } -+ if (tmp.l > MAX_USERNAME_LEN) { -+ debug("Username string exceeds %d bytes, rejecting\n", MAX_USERNAME_LEN); -+ ntlm_errno = NTLM_LOGON_ERROR; -+ return NULL; -+ } - memcpy(user, tmp.str, tmp.l); - *(user + tmp.l) = '\0'; - - -- /* Authenticating against the NT response doesn't seem to work... */ -+ /* Authenticating against the NT response doesn't seem to work... */ - tmp = ntlm_fetch_string((char *) auth, auth_length, &auth->lmresponse); - if (tmp.str == NULL || tmp.l == 0) { - fprintf(stderr, "No auth at all. Returning no-auth\n"); - ntlm_errno = NTLM_LOGON_ERROR; - return NULL; - } -- -+ if (tmp.l > MAX_PASSWD_LEN) { -+ debug("Password string exceeds %d bytes, rejecting\n", MAX_PASSWD_LEN); -+ ntlm_errno = NTLM_LOGON_ERROR; -+ return NULL; -+ } -+ - memcpy(pass, tmp.str, tmp.l); -- pass[25] = '\0'; -+ pass[min(MAX_PASSWD_LEN,tmp.l)] = '\0'; - - #if 1 - debug ("Empty LM pass detection: user: '%s', ours:'%s', his: '%s'" diff --git a/www/squid26/Makefile b/www/squid26/Makefile index c01bb810d8ea..a168b219b975 100644 --- a/www/squid26/Makefile +++ b/www/squid26/Makefile @@ -29,7 +29,7 @@ PORTNAME= squid PORTVERSION= 2.5.5 -PORTREVISION= 11 +PORTREVISION= 12 CATEGORIES= www MASTER_SITES= \ ftp://ftp.squid-cache.org/pub/%SUBDIR%/ \ @@ -65,7 +65,8 @@ PATCHFILES= squid-2.5.STABLE5-ntlm_assert.patch \ squid-2.5.STABLE5-dns_localhost.patch \ squid-2.5.STABLE5-msnt_auth_doc.patch \ squid-2.5.STABLE5-CONNECT_log_size.patch \ - squid-2.5.STABLE5-proxy_abuse.patch + squid-2.5.STABLE5-proxy_abuse.patch \ + squid-2.5.STABLE5-ntlm_auth_overflow.patch PATCH_DIST_STRIP= -p1 MAINTAINER= tmseck@netcologne.de @@ -123,7 +124,7 @@ CONFIGURE_ARGS= --bindir=${PREFIX}/sbin --sysconfdir=${PREFIX}/etc/squid \ # Authentication methods and modules: -basic_auth= NCSA PAM YP MSNT winbind +basic_auth= NCSA PAM YP MSNT SMB winbind external_acl= ip_user unix_group wbinfo_group winbind_group MAN8+= pam_auth.8 squid_unix_group.8 .if defined(WITH_SQUID_LDAP_AUTH) diff --git a/www/squid26/distinfo b/www/squid26/distinfo index 98d0c1344ded..9f798808315e 100644 --- a/www/squid26/distinfo +++ b/www/squid26/distinfo @@ -48,3 +48,5 @@ MD5 (squid2.5/squid-2.5.STABLE5-CONNECT_log_size.patch) = 9bc3c39ca19ae2a4922d4a SIZE (squid2.5/squid-2.5.STABLE5-CONNECT_log_size.patch) = 2011 MD5 (squid2.5/squid-2.5.STABLE5-proxy_abuse.patch) = 8b169a288a0491a760f4d04c4f5eab21 SIZE (squid2.5/squid-2.5.STABLE5-proxy_abuse.patch) = 761 +MD5 (squid2.5/squid-2.5.STABLE5-ntlm_auth_overflow.patch) = 30c7c5e2ba03655dbde9d3e65409baed +SIZE (squid2.5/squid-2.5.STABLE5-ntlm_auth_overflow.patch) = 3198 diff --git a/www/squid26/files/follow_xff-configure.patch b/www/squid26/files/follow_xff-configure.patch index a0920813868d..0cf30da6c147 100644 --- a/www/squid26/files/follow_xff-configure.patch +++ b/www/squid26/files/follow_xff-configure.patch @@ -1,10 +1,23 @@ -!Patch configure directly to enable testing for the -!--enable-follow-x-forwarding-for configuration option -!instead of running configure.in through autoconf as in the -!original follow-XFF patchset from devel.squid-cache.org. +!Simulate the autotools bootstrap of the follow-x-forwarded-for patchset. +! !Beware that all line number informations in configure.log greater -!than 2972 are offset by -29 (correcting all line numbers would have +!than 2972 are offset by at least -29 (correcting all line numbers would have !bloated the patch by 92kB!) +--- include/autoconf.h.in.orig Sat Jan 18 02:46:11 2003 ++++ include/autoconf.h.in Thu Jun 24 13:19:07 2004 +@@ -291,6 +291,12 @@ + #define USE_IDENT 1 + + /* ++ * Compile in support for following X-Forwarded-For headers? ++ * Enabled by default. ++ */ ++#define FOLLOW_X_FORWARDED_FOR 1 ++ ++/* + * If your system has statvfs(), and if it actually works! + */ + #undef HAVE_STATVFS --- configure.orig Tue Mar 2 10:18:14 2004 +++ configure Tue Mar 2 10:18:56 2004 @@ -222,6 +222,12 @@ diff --git a/www/squid26/files/patch-helpers-ntlm_auth-SMB-libntlmssp.c b/www/squid26/files/patch-helpers-ntlm_auth-SMB-libntlmssp.c deleted file mode 100644 index 54eeeb6bcdeb..000000000000 --- a/www/squid26/files/patch-helpers-ntlm_auth-SMB-libntlmssp.c +++ /dev/null @@ -1,78 +0,0 @@ -This patch fixes a buffer overflow vulnerability in the NTLM auth -helper which was reported by iDefense on the 07th June 2004. -Original advisory: -<http://www.idefense.com/application/poi/display?id=107&type=vulnerabilities&flashstatus=false> -CVE-ID: CAN-2004-0541 -Patch and correction obtained from: -<http://www.squid-cache.org/~wessels/patch/libntlmssp.c.patch> -<http://www.squid-cache.org/bugs/show_bug.cgi?id=998> - ---- helpers/ntlm_auth/SMB/libntlmssp.c.orig Fri Nov 30 10:50:06 2001 -+++ helpers/ntlm_auth/SMB/libntlmssp.c Fri Jun 18 13:17:35 2004 -@@ -161,7 +161,10 @@ make_challenge(char *domain, char *domai - #define min(A,B) (A<B?A:B) - - int ntlm_errno; --static char credentials[1024]; /* we can afford to waste */ -+#define MAX_USERNAME_LEN 255 -+#define MAX_DOMAIN_LEN 255 -+#define MAX_PASSWD_LEN 31 -+static char credentials[MAX_USERNAME_LEN+MAX_DOMAIN_LEN+2]; /* we can afford to waste */ - - - /* Fetches the user's credentials from the challenge. -@@ -197,7 +200,7 @@ char * - ntlm_check_auth(ntlm_authenticate * auth, int auth_length) - { - int rv; -- char pass[25] /*, encrypted_pass[40] */; -+ char pass[MAX_PASSWD_LEN+1]; - char *domain = credentials; - char *user; - lstring tmp; -@@ -215,6 +218,11 @@ ntlm_check_auth(ntlm_authenticate * auth - ntlm_errno = NTLM_LOGON_ERROR; - return NULL; - } -+ if (tmp.l > MAX_DOMAIN_LEN) { -+ debug("Domain string exceeds %d bytes, rejecting\n", MAX_DOMAIN_LEN); -+ ntlm_errno = NTLM_LOGON_ERROR; -+ return NULL; -+ } - memcpy(domain, tmp.str, tmp.l); - user = domain + tmp.l; - *user++ = '\0'; -@@ -226,20 +234,30 @@ ntlm_check_auth(ntlm_authenticate * auth - ntlm_errno = NTLM_LOGON_ERROR; - return NULL; - } -+ if (tmp.l > MAX_USERNAME_LEN) { -+ debug("Username string exceeds %d bytes, rejecting\n", MAX_USERNAME_LEN); -+ ntlm_errno = NTLM_LOGON_ERROR; -+ return NULL; -+ } - memcpy(user, tmp.str, tmp.l); - *(user + tmp.l) = '\0'; - - -- /* Authenticating against the NT response doesn't seem to work... */ -+ /* Authenticating against the NT response doesn't seem to work... */ - tmp = ntlm_fetch_string((char *) auth, auth_length, &auth->lmresponse); - if (tmp.str == NULL || tmp.l == 0) { - fprintf(stderr, "No auth at all. Returning no-auth\n"); - ntlm_errno = NTLM_LOGON_ERROR; - return NULL; - } -- -+ if (tmp.l > MAX_PASSWD_LEN) { -+ debug("Password string exceeds %d bytes, rejecting\n", MAX_PASSWD_LEN); -+ ntlm_errno = NTLM_LOGON_ERROR; -+ return NULL; -+ } -+ - memcpy(pass, tmp.str, tmp.l); -- pass[25] = '\0'; -+ pass[min(MAX_PASSWD_LEN,tmp.l)] = '\0'; - - #if 1 - debug ("Empty LM pass detection: user: '%s', ours:'%s', his: '%s'" diff --git a/www/squid27/Makefile b/www/squid27/Makefile index c01bb810d8ea..a168b219b975 100644 --- a/www/squid27/Makefile +++ b/www/squid27/Makefile @@ -29,7 +29,7 @@ PORTNAME= squid PORTVERSION= 2.5.5 -PORTREVISION= 11 +PORTREVISION= 12 CATEGORIES= www MASTER_SITES= \ ftp://ftp.squid-cache.org/pub/%SUBDIR%/ \ @@ -65,7 +65,8 @@ PATCHFILES= squid-2.5.STABLE5-ntlm_assert.patch \ squid-2.5.STABLE5-dns_localhost.patch \ squid-2.5.STABLE5-msnt_auth_doc.patch \ squid-2.5.STABLE5-CONNECT_log_size.patch \ - squid-2.5.STABLE5-proxy_abuse.patch + squid-2.5.STABLE5-proxy_abuse.patch \ + squid-2.5.STABLE5-ntlm_auth_overflow.patch PATCH_DIST_STRIP= -p1 MAINTAINER= tmseck@netcologne.de @@ -123,7 +124,7 @@ CONFIGURE_ARGS= --bindir=${PREFIX}/sbin --sysconfdir=${PREFIX}/etc/squid \ # Authentication methods and modules: -basic_auth= NCSA PAM YP MSNT winbind +basic_auth= NCSA PAM YP MSNT SMB winbind external_acl= ip_user unix_group wbinfo_group winbind_group MAN8+= pam_auth.8 squid_unix_group.8 .if defined(WITH_SQUID_LDAP_AUTH) diff --git a/www/squid27/distinfo b/www/squid27/distinfo index 98d0c1344ded..9f798808315e 100644 --- a/www/squid27/distinfo +++ b/www/squid27/distinfo @@ -48,3 +48,5 @@ MD5 (squid2.5/squid-2.5.STABLE5-CONNECT_log_size.patch) = 9bc3c39ca19ae2a4922d4a SIZE (squid2.5/squid-2.5.STABLE5-CONNECT_log_size.patch) = 2011 MD5 (squid2.5/squid-2.5.STABLE5-proxy_abuse.patch) = 8b169a288a0491a760f4d04c4f5eab21 SIZE (squid2.5/squid-2.5.STABLE5-proxy_abuse.patch) = 761 +MD5 (squid2.5/squid-2.5.STABLE5-ntlm_auth_overflow.patch) = 30c7c5e2ba03655dbde9d3e65409baed +SIZE (squid2.5/squid-2.5.STABLE5-ntlm_auth_overflow.patch) = 3198 diff --git a/www/squid27/files/follow_xff-configure.patch b/www/squid27/files/follow_xff-configure.patch index a0920813868d..0cf30da6c147 100644 --- a/www/squid27/files/follow_xff-configure.patch +++ b/www/squid27/files/follow_xff-configure.patch @@ -1,10 +1,23 @@ -!Patch configure directly to enable testing for the -!--enable-follow-x-forwarding-for configuration option -!instead of running configure.in through autoconf as in the -!original follow-XFF patchset from devel.squid-cache.org. +!Simulate the autotools bootstrap of the follow-x-forwarded-for patchset. +! !Beware that all line number informations in configure.log greater -!than 2972 are offset by -29 (correcting all line numbers would have +!than 2972 are offset by at least -29 (correcting all line numbers would have !bloated the patch by 92kB!) +--- include/autoconf.h.in.orig Sat Jan 18 02:46:11 2003 ++++ include/autoconf.h.in Thu Jun 24 13:19:07 2004 +@@ -291,6 +291,12 @@ + #define USE_IDENT 1 + + /* ++ * Compile in support for following X-Forwarded-For headers? ++ * Enabled by default. ++ */ ++#define FOLLOW_X_FORWARDED_FOR 1 ++ ++/* + * If your system has statvfs(), and if it actually works! + */ + #undef HAVE_STATVFS --- configure.orig Tue Mar 2 10:18:14 2004 +++ configure Tue Mar 2 10:18:56 2004 @@ -222,6 +222,12 @@ diff --git a/www/squid27/files/patch-helpers-ntlm_auth-SMB-libntlmssp.c b/www/squid27/files/patch-helpers-ntlm_auth-SMB-libntlmssp.c deleted file mode 100644 index 54eeeb6bcdeb..000000000000 --- a/www/squid27/files/patch-helpers-ntlm_auth-SMB-libntlmssp.c +++ /dev/null @@ -1,78 +0,0 @@ -This patch fixes a buffer overflow vulnerability in the NTLM auth -helper which was reported by iDefense on the 07th June 2004. -Original advisory: -<http://www.idefense.com/application/poi/display?id=107&type=vulnerabilities&flashstatus=false> -CVE-ID: CAN-2004-0541 -Patch and correction obtained from: -<http://www.squid-cache.org/~wessels/patch/libntlmssp.c.patch> -<http://www.squid-cache.org/bugs/show_bug.cgi?id=998> - ---- helpers/ntlm_auth/SMB/libntlmssp.c.orig Fri Nov 30 10:50:06 2001 -+++ helpers/ntlm_auth/SMB/libntlmssp.c Fri Jun 18 13:17:35 2004 -@@ -161,7 +161,10 @@ make_challenge(char *domain, char *domai - #define min(A,B) (A<B?A:B) - - int ntlm_errno; --static char credentials[1024]; /* we can afford to waste */ -+#define MAX_USERNAME_LEN 255 -+#define MAX_DOMAIN_LEN 255 -+#define MAX_PASSWD_LEN 31 -+static char credentials[MAX_USERNAME_LEN+MAX_DOMAIN_LEN+2]; /* we can afford to waste */ - - - /* Fetches the user's credentials from the challenge. -@@ -197,7 +200,7 @@ char * - ntlm_check_auth(ntlm_authenticate * auth, int auth_length) - { - int rv; -- char pass[25] /*, encrypted_pass[40] */; -+ char pass[MAX_PASSWD_LEN+1]; - char *domain = credentials; - char *user; - lstring tmp; -@@ -215,6 +218,11 @@ ntlm_check_auth(ntlm_authenticate * auth - ntlm_errno = NTLM_LOGON_ERROR; - return NULL; - } -+ if (tmp.l > MAX_DOMAIN_LEN) { -+ debug("Domain string exceeds %d bytes, rejecting\n", MAX_DOMAIN_LEN); -+ ntlm_errno = NTLM_LOGON_ERROR; -+ return NULL; -+ } - memcpy(domain, tmp.str, tmp.l); - user = domain + tmp.l; - *user++ = '\0'; -@@ -226,20 +234,30 @@ ntlm_check_auth(ntlm_authenticate * auth - ntlm_errno = NTLM_LOGON_ERROR; - return NULL; - } -+ if (tmp.l > MAX_USERNAME_LEN) { -+ debug("Username string exceeds %d bytes, rejecting\n", MAX_USERNAME_LEN); -+ ntlm_errno = NTLM_LOGON_ERROR; -+ return NULL; -+ } - memcpy(user, tmp.str, tmp.l); - *(user + tmp.l) = '\0'; - - -- /* Authenticating against the NT response doesn't seem to work... */ -+ /* Authenticating against the NT response doesn't seem to work... */ - tmp = ntlm_fetch_string((char *) auth, auth_length, &auth->lmresponse); - if (tmp.str == NULL || tmp.l == 0) { - fprintf(stderr, "No auth at all. Returning no-auth\n"); - ntlm_errno = NTLM_LOGON_ERROR; - return NULL; - } -- -+ if (tmp.l > MAX_PASSWD_LEN) { -+ debug("Password string exceeds %d bytes, rejecting\n", MAX_PASSWD_LEN); -+ ntlm_errno = NTLM_LOGON_ERROR; -+ return NULL; -+ } -+ - memcpy(pass, tmp.str, tmp.l); -- pass[25] = '\0'; -+ pass[min(MAX_PASSWD_LEN,tmp.l)] = '\0'; - - #if 1 - debug ("Empty LM pass detection: user: '%s', ours:'%s', his: '%s'" diff --git a/www/squid30/Makefile b/www/squid30/Makefile index c01bb810d8ea..a168b219b975 100644 --- a/www/squid30/Makefile +++ b/www/squid30/Makefile @@ -29,7 +29,7 @@ PORTNAME= squid PORTVERSION= 2.5.5 -PORTREVISION= 11 +PORTREVISION= 12 CATEGORIES= www MASTER_SITES= \ ftp://ftp.squid-cache.org/pub/%SUBDIR%/ \ @@ -65,7 +65,8 @@ PATCHFILES= squid-2.5.STABLE5-ntlm_assert.patch \ squid-2.5.STABLE5-dns_localhost.patch \ squid-2.5.STABLE5-msnt_auth_doc.patch \ squid-2.5.STABLE5-CONNECT_log_size.patch \ - squid-2.5.STABLE5-proxy_abuse.patch + squid-2.5.STABLE5-proxy_abuse.patch \ + squid-2.5.STABLE5-ntlm_auth_overflow.patch PATCH_DIST_STRIP= -p1 MAINTAINER= tmseck@netcologne.de @@ -123,7 +124,7 @@ CONFIGURE_ARGS= --bindir=${PREFIX}/sbin --sysconfdir=${PREFIX}/etc/squid \ # Authentication methods and modules: -basic_auth= NCSA PAM YP MSNT winbind +basic_auth= NCSA PAM YP MSNT SMB winbind external_acl= ip_user unix_group wbinfo_group winbind_group MAN8+= pam_auth.8 squid_unix_group.8 .if defined(WITH_SQUID_LDAP_AUTH) diff --git a/www/squid30/distinfo b/www/squid30/distinfo index 98d0c1344ded..9f798808315e 100644 --- a/www/squid30/distinfo +++ b/www/squid30/distinfo @@ -48,3 +48,5 @@ MD5 (squid2.5/squid-2.5.STABLE5-CONNECT_log_size.patch) = 9bc3c39ca19ae2a4922d4a SIZE (squid2.5/squid-2.5.STABLE5-CONNECT_log_size.patch) = 2011 MD5 (squid2.5/squid-2.5.STABLE5-proxy_abuse.patch) = 8b169a288a0491a760f4d04c4f5eab21 SIZE (squid2.5/squid-2.5.STABLE5-proxy_abuse.patch) = 761 +MD5 (squid2.5/squid-2.5.STABLE5-ntlm_auth_overflow.patch) = 30c7c5e2ba03655dbde9d3e65409baed +SIZE (squid2.5/squid-2.5.STABLE5-ntlm_auth_overflow.patch) = 3198 diff --git a/www/squid30/files/follow_xff-configure.patch b/www/squid30/files/follow_xff-configure.patch index a0920813868d..0cf30da6c147 100644 --- a/www/squid30/files/follow_xff-configure.patch +++ b/www/squid30/files/follow_xff-configure.patch @@ -1,10 +1,23 @@ -!Patch configure directly to enable testing for the -!--enable-follow-x-forwarding-for configuration option -!instead of running configure.in through autoconf as in the -!original follow-XFF patchset from devel.squid-cache.org. +!Simulate the autotools bootstrap of the follow-x-forwarded-for patchset. +! !Beware that all line number informations in configure.log greater -!than 2972 are offset by -29 (correcting all line numbers would have +!than 2972 are offset by at least -29 (correcting all line numbers would have !bloated the patch by 92kB!) +--- include/autoconf.h.in.orig Sat Jan 18 02:46:11 2003 ++++ include/autoconf.h.in Thu Jun 24 13:19:07 2004 +@@ -291,6 +291,12 @@ + #define USE_IDENT 1 + + /* ++ * Compile in support for following X-Forwarded-For headers? ++ * Enabled by default. ++ */ ++#define FOLLOW_X_FORWARDED_FOR 1 ++ ++/* + * If your system has statvfs(), and if it actually works! + */ + #undef HAVE_STATVFS --- configure.orig Tue Mar 2 10:18:14 2004 +++ configure Tue Mar 2 10:18:56 2004 @@ -222,6 +222,12 @@ diff --git a/www/squid30/files/patch-helpers-ntlm_auth-SMB-libntlmssp.c b/www/squid30/files/patch-helpers-ntlm_auth-SMB-libntlmssp.c deleted file mode 100644 index 54eeeb6bcdeb..000000000000 --- a/www/squid30/files/patch-helpers-ntlm_auth-SMB-libntlmssp.c +++ /dev/null @@ -1,78 +0,0 @@ -This patch fixes a buffer overflow vulnerability in the NTLM auth -helper which was reported by iDefense on the 07th June 2004. -Original advisory: -<http://www.idefense.com/application/poi/display?id=107&type=vulnerabilities&flashstatus=false> -CVE-ID: CAN-2004-0541 -Patch and correction obtained from: -<http://www.squid-cache.org/~wessels/patch/libntlmssp.c.patch> -<http://www.squid-cache.org/bugs/show_bug.cgi?id=998> - ---- helpers/ntlm_auth/SMB/libntlmssp.c.orig Fri Nov 30 10:50:06 2001 -+++ helpers/ntlm_auth/SMB/libntlmssp.c Fri Jun 18 13:17:35 2004 -@@ -161,7 +161,10 @@ make_challenge(char *domain, char *domai - #define min(A,B) (A<B?A:B) - - int ntlm_errno; --static char credentials[1024]; /* we can afford to waste */ -+#define MAX_USERNAME_LEN 255 -+#define MAX_DOMAIN_LEN 255 -+#define MAX_PASSWD_LEN 31 -+static char credentials[MAX_USERNAME_LEN+MAX_DOMAIN_LEN+2]; /* we can afford to waste */ - - - /* Fetches the user's credentials from the challenge. -@@ -197,7 +200,7 @@ char * - ntlm_check_auth(ntlm_authenticate * auth, int auth_length) - { - int rv; -- char pass[25] /*, encrypted_pass[40] */; -+ char pass[MAX_PASSWD_LEN+1]; - char *domain = credentials; - char *user; - lstring tmp; -@@ -215,6 +218,11 @@ ntlm_check_auth(ntlm_authenticate * auth - ntlm_errno = NTLM_LOGON_ERROR; - return NULL; - } -+ if (tmp.l > MAX_DOMAIN_LEN) { -+ debug("Domain string exceeds %d bytes, rejecting\n", MAX_DOMAIN_LEN); -+ ntlm_errno = NTLM_LOGON_ERROR; -+ return NULL; -+ } - memcpy(domain, tmp.str, tmp.l); - user = domain + tmp.l; - *user++ = '\0'; -@@ -226,20 +234,30 @@ ntlm_check_auth(ntlm_authenticate * auth - ntlm_errno = NTLM_LOGON_ERROR; - return NULL; - } -+ if (tmp.l > MAX_USERNAME_LEN) { -+ debug("Username string exceeds %d bytes, rejecting\n", MAX_USERNAME_LEN); -+ ntlm_errno = NTLM_LOGON_ERROR; -+ return NULL; -+ } - memcpy(user, tmp.str, tmp.l); - *(user + tmp.l) = '\0'; - - -- /* Authenticating against the NT response doesn't seem to work... */ -+ /* Authenticating against the NT response doesn't seem to work... */ - tmp = ntlm_fetch_string((char *) auth, auth_length, &auth->lmresponse); - if (tmp.str == NULL || tmp.l == 0) { - fprintf(stderr, "No auth at all. Returning no-auth\n"); - ntlm_errno = NTLM_LOGON_ERROR; - return NULL; - } -- -+ if (tmp.l > MAX_PASSWD_LEN) { -+ debug("Password string exceeds %d bytes, rejecting\n", MAX_PASSWD_LEN); -+ ntlm_errno = NTLM_LOGON_ERROR; -+ return NULL; -+ } -+ - memcpy(pass, tmp.str, tmp.l); -- pass[25] = '\0'; -+ pass[min(MAX_PASSWD_LEN,tmp.l)] = '\0'; - - #if 1 - debug ("Empty LM pass detection: user: '%s', ours:'%s', his: '%s'" diff --git a/www/squid31/Makefile b/www/squid31/Makefile index c01bb810d8ea..a168b219b975 100644 --- a/www/squid31/Makefile +++ b/www/squid31/Makefile @@ -29,7 +29,7 @@ PORTNAME= squid PORTVERSION= 2.5.5 -PORTREVISION= 11 +PORTREVISION= 12 CATEGORIES= www MASTER_SITES= \ ftp://ftp.squid-cache.org/pub/%SUBDIR%/ \ @@ -65,7 +65,8 @@ PATCHFILES= squid-2.5.STABLE5-ntlm_assert.patch \ squid-2.5.STABLE5-dns_localhost.patch \ squid-2.5.STABLE5-msnt_auth_doc.patch \ squid-2.5.STABLE5-CONNECT_log_size.patch \ - squid-2.5.STABLE5-proxy_abuse.patch + squid-2.5.STABLE5-proxy_abuse.patch \ + squid-2.5.STABLE5-ntlm_auth_overflow.patch PATCH_DIST_STRIP= -p1 MAINTAINER= tmseck@netcologne.de @@ -123,7 +124,7 @@ CONFIGURE_ARGS= --bindir=${PREFIX}/sbin --sysconfdir=${PREFIX}/etc/squid \ # Authentication methods and modules: -basic_auth= NCSA PAM YP MSNT winbind +basic_auth= NCSA PAM YP MSNT SMB winbind external_acl= ip_user unix_group wbinfo_group winbind_group MAN8+= pam_auth.8 squid_unix_group.8 .if defined(WITH_SQUID_LDAP_AUTH) diff --git a/www/squid31/distinfo b/www/squid31/distinfo index 98d0c1344ded..9f798808315e 100644 --- a/www/squid31/distinfo +++ b/www/squid31/distinfo @@ -48,3 +48,5 @@ MD5 (squid2.5/squid-2.5.STABLE5-CONNECT_log_size.patch) = 9bc3c39ca19ae2a4922d4a SIZE (squid2.5/squid-2.5.STABLE5-CONNECT_log_size.patch) = 2011 MD5 (squid2.5/squid-2.5.STABLE5-proxy_abuse.patch) = 8b169a288a0491a760f4d04c4f5eab21 SIZE (squid2.5/squid-2.5.STABLE5-proxy_abuse.patch) = 761 +MD5 (squid2.5/squid-2.5.STABLE5-ntlm_auth_overflow.patch) = 30c7c5e2ba03655dbde9d3e65409baed +SIZE (squid2.5/squid-2.5.STABLE5-ntlm_auth_overflow.patch) = 3198 diff --git a/www/squid31/files/follow_xff-configure.patch b/www/squid31/files/follow_xff-configure.patch index a0920813868d..0cf30da6c147 100644 --- a/www/squid31/files/follow_xff-configure.patch +++ b/www/squid31/files/follow_xff-configure.patch @@ -1,10 +1,23 @@ -!Patch configure directly to enable testing for the -!--enable-follow-x-forwarding-for configuration option -!instead of running configure.in through autoconf as in the -!original follow-XFF patchset from devel.squid-cache.org. +!Simulate the autotools bootstrap of the follow-x-forwarded-for patchset. +! !Beware that all line number informations in configure.log greater -!than 2972 are offset by -29 (correcting all line numbers would have +!than 2972 are offset by at least -29 (correcting all line numbers would have !bloated the patch by 92kB!) +--- include/autoconf.h.in.orig Sat Jan 18 02:46:11 2003 ++++ include/autoconf.h.in Thu Jun 24 13:19:07 2004 +@@ -291,6 +291,12 @@ + #define USE_IDENT 1 + + /* ++ * Compile in support for following X-Forwarded-For headers? ++ * Enabled by default. ++ */ ++#define FOLLOW_X_FORWARDED_FOR 1 ++ ++/* + * If your system has statvfs(), and if it actually works! + */ + #undef HAVE_STATVFS --- configure.orig Tue Mar 2 10:18:14 2004 +++ configure Tue Mar 2 10:18:56 2004 @@ -222,6 +222,12 @@ diff --git a/www/squid31/files/patch-helpers-ntlm_auth-SMB-libntlmssp.c b/www/squid31/files/patch-helpers-ntlm_auth-SMB-libntlmssp.c deleted file mode 100644 index 54eeeb6bcdeb..000000000000 --- a/www/squid31/files/patch-helpers-ntlm_auth-SMB-libntlmssp.c +++ /dev/null @@ -1,78 +0,0 @@ -This patch fixes a buffer overflow vulnerability in the NTLM auth -helper which was reported by iDefense on the 07th June 2004. -Original advisory: -<http://www.idefense.com/application/poi/display?id=107&type=vulnerabilities&flashstatus=false> -CVE-ID: CAN-2004-0541 -Patch and correction obtained from: -<http://www.squid-cache.org/~wessels/patch/libntlmssp.c.patch> -<http://www.squid-cache.org/bugs/show_bug.cgi?id=998> - ---- helpers/ntlm_auth/SMB/libntlmssp.c.orig Fri Nov 30 10:50:06 2001 -+++ helpers/ntlm_auth/SMB/libntlmssp.c Fri Jun 18 13:17:35 2004 -@@ -161,7 +161,10 @@ make_challenge(char *domain, char *domai - #define min(A,B) (A<B?A:B) - - int ntlm_errno; --static char credentials[1024]; /* we can afford to waste */ -+#define MAX_USERNAME_LEN 255 -+#define MAX_DOMAIN_LEN 255 -+#define MAX_PASSWD_LEN 31 -+static char credentials[MAX_USERNAME_LEN+MAX_DOMAIN_LEN+2]; /* we can afford to waste */ - - - /* Fetches the user's credentials from the challenge. -@@ -197,7 +200,7 @@ char * - ntlm_check_auth(ntlm_authenticate * auth, int auth_length) - { - int rv; -- char pass[25] /*, encrypted_pass[40] */; -+ char pass[MAX_PASSWD_LEN+1]; - char *domain = credentials; - char *user; - lstring tmp; -@@ -215,6 +218,11 @@ ntlm_check_auth(ntlm_authenticate * auth - ntlm_errno = NTLM_LOGON_ERROR; - return NULL; - } -+ if (tmp.l > MAX_DOMAIN_LEN) { -+ debug("Domain string exceeds %d bytes, rejecting\n", MAX_DOMAIN_LEN); -+ ntlm_errno = NTLM_LOGON_ERROR; -+ return NULL; -+ } - memcpy(domain, tmp.str, tmp.l); - user = domain + tmp.l; - *user++ = '\0'; -@@ -226,20 +234,30 @@ ntlm_check_auth(ntlm_authenticate * auth - ntlm_errno = NTLM_LOGON_ERROR; - return NULL; - } -+ if (tmp.l > MAX_USERNAME_LEN) { -+ debug("Username string exceeds %d bytes, rejecting\n", MAX_USERNAME_LEN); -+ ntlm_errno = NTLM_LOGON_ERROR; -+ return NULL; -+ } - memcpy(user, tmp.str, tmp.l); - *(user + tmp.l) = '\0'; - - -- /* Authenticating against the NT response doesn't seem to work... */ -+ /* Authenticating against the NT response doesn't seem to work... */ - tmp = ntlm_fetch_string((char *) auth, auth_length, &auth->lmresponse); - if (tmp.str == NULL || tmp.l == 0) { - fprintf(stderr, "No auth at all. Returning no-auth\n"); - ntlm_errno = NTLM_LOGON_ERROR; - return NULL; - } -- -+ if (tmp.l > MAX_PASSWD_LEN) { -+ debug("Password string exceeds %d bytes, rejecting\n", MAX_PASSWD_LEN); -+ ntlm_errno = NTLM_LOGON_ERROR; -+ return NULL; -+ } -+ - memcpy(pass, tmp.str, tmp.l); -- pass[25] = '\0'; -+ pass[min(MAX_PASSWD_LEN,tmp.l)] = '\0'; - - #if 1 - debug ("Empty LM pass detection: user: '%s', ours:'%s', his: '%s'" |