From f807c323207ef0c4d1bd03fdfba4c18919b88a1b Mon Sep 17 00:00:00 2001 From: delphij Date: Wed, 5 Dec 2007 00:27:21 +0000 Subject: Apply a slightly modified vendor patch against SQUID-2007_2. PR: ports/118433 Submitted by: maintainer Security: http://www.squid-cache.org/Advisories/SQUID-2007_2.txt Approved by: portmgr (pav) --- www/squid31/Makefile | 1 + www/squid31/files/patch-secfix-2007-2 | 143 ++++++++++++++++++++++++++++++++++ 2 files changed, 144 insertions(+) create mode 100644 www/squid31/files/patch-secfix-2007-2 (limited to 'www/squid31') diff --git a/www/squid31/Makefile b/www/squid31/Makefile index 046b8f7382aa..1499bed85c4b 100644 --- a/www/squid31/Makefile +++ b/www/squid31/Makefile @@ -63,6 +63,7 @@ PORTNAME= squid PORTVERSION= 3.0.r1.${PATCHSET_DATE} +PORTREVISION= 1 CATEGORIES= www MASTER_SITES= ftp://ftp.squid-cache.org/pub/%SUBDIR%/ \ ftp://mirrors.24-7-solutions.net/pub/squid/%SUBDIR%/ \ diff --git a/www/squid31/files/patch-secfix-2007-2 b/www/squid31/files/patch-secfix-2007-2 new file mode 100644 index 000000000000..8b190c3d249e --- /dev/null +++ b/www/squid31/files/patch-secfix-2007-2 @@ -0,0 +1,143 @@ +Patch for the remote denial of service vulnerability as documented in +Squid advisory 2007_2 (http://www.squid-cache.org/Advisories/SQUID-2007_2.txt): + +This is a slightly revised version of the original PatchSet 11211, with +one hunk removed and path informations stripped in order to make it +apply to otherwise unpatched 3.0.RC1 sources. + +Created: 2007-12-04 by Thomas-Martin Seck for the +FreeBSD port of Squid 3.0. + +--------------------- +PatchSet 11211 +Date: 2007/11/26 13:09:54 +Author: hno +Branch: HEAD +Tag: (none) +Log: +pack header entries on cache updates + +Members: + include/Array.h:1.24->1.25 + src/HttpHeader.cc:1.137->1.138 + src/HttpHeader.h:1.23->1.24 + src/HttpReply.cc:1.96->1.97 + +Index: squid3/include/Array.h +=================================================================== +RCS file: /cvsroot/squid/squid3/include/Array.h,v +retrieving revision 1.24 +retrieving revision 1.25 +diff -u -r1.24 -r1.25 +--- include/Array.h 21 Nov 2005 22:43:41 -0000 1.24 ++++ include/Array.h 26 Nov 2007 13:09:54 -0000 1.25 +@@ -1,5 +1,5 @@ + /* +- * $Id: Array.h,v 1.24 2005/11/21 22:43:41 wessels Exp $ ++ * $Id: Array.h,v 1.25 2007/11/26 13:09:54 hno Exp $ + * + * AUTHOR: Alex Rousskov + * +@@ -98,6 +98,7 @@ + E &back(); + E pop_back(); + E shift(); // aka pop_front ++ void prune(E); + void preAppend(int app_count); + bool empty() const; + size_t size() const; +@@ -243,6 +244,22 @@ + return items[size() - 1]; + } + ++template ++void ++Vector::prune(E item) ++{ ++ unsigned int n = 0; ++ for (unsigned int i = 0; i < count; i++) { ++ if (items[i] != item) { ++ if (i != n) ++ items[n] = items[i]; ++ n++; ++ } ++ } ++ ++ count = n; ++} ++ + /* if you are going to append a known and large number of items, call this first */ + template + void +Index: squid3/src/HttpHeader.cc +=================================================================== +RCS file: /cvsroot/squid/squid3/src/HttpHeader.cc,v +retrieving revision 1.137 +retrieving revision 1.138 +diff -u -r1.137 -r1.138 +--- src/HttpHeader.cc 26 Nov 2007 12:31:37 -0000 1.137 ++++ src/HttpHeader.cc 26 Nov 2007 13:09:55 -0000 1.138 +@@ -787,6 +787,15 @@ + } + + /* ++ * Compacts the header storage ++ */ ++void ++HttpHeader::compact() ++{ ++ entries.prune(NULL); ++} ++ ++/* + * Refreshes the header mask. Required after delAt() calls. + */ + void +Index: squid3/src/HttpHeader.h +=================================================================== +RCS file: /cvsroot/squid/squid3/src/HttpHeader.h,v +retrieving revision 1.23 +retrieving revision 1.24 +diff -u -r1.23 -r1.24 +--- src/HttpHeader.h 13 Aug 2007 17:20:51 -0000 1.23 ++++ src/HttpHeader.h 26 Nov 2007 13:09:55 -0000 1.24 +@@ -1,6 +1,6 @@ + + /* +- * $Id: HttpHeader.h,v 1.23 2007/08/13 17:20:51 hno Exp $ ++ * $Id: HttpHeader.h,v 1.24 2007/11/26 13:09:55 hno Exp $ + * + * + * SQUID Web Proxy Cache http://www.squid-cache.org/ +@@ -202,6 +202,7 @@ + void clean(); + void append(const HttpHeader * src); + void update (HttpHeader const *fresh, HttpHeaderMask const *denied_mask); ++ void compact(); + int reset(); + int parse(const char *header_start, const char *header_end); + void packInto(Packer * p) const; +Index: squid3/src/HttpReply.cc +=================================================================== +RCS file: /cvsroot/squid/squid3/src/HttpReply.cc,v +retrieving revision 1.96 +retrieving revision 1.97 +diff -u -r1.96 -r1.97 +--- src/HttpReply.cc 13 Aug 2007 17:20:51 -0000 1.96 ++++ src/HttpReply.cc 26 Nov 2007 13:09:55 -0000 1.97 +@@ -1,6 +1,6 @@ + + /* +- * $Id: HttpReply.cc,v 1.96 2007/08/13 17:20:51 hno Exp $ ++ * $Id: HttpReply.cc,v 1.97 2007/11/26 13:09:55 hno Exp $ + * + * DEBUG: section 58 HTTP Reply (Response) + * AUTHOR: Alex Rousskov +@@ -312,6 +312,7 @@ + header.update(&freshRep->header, + (const HttpHeaderMask *) &Denied304HeadersMask); + ++ header.compact(); + /* init cache */ + hdrCacheInit(); + } -- cgit