From f01c664640e23915d12fad7a8a8e31fc71f4e2a3 Mon Sep 17 00:00:00 2001 From: brad Date: Sun, 25 Sep 2005 17:03:32 +0000 Subject: [PATCH] upgrade to 2.5.STABLE11 Alex Masterov has reported a vulnerability in Squid, which potentially can be exploited by malicious people to cause a DoS. The vulnerability is caused due to an unspecified error in the "sslConnectTimeout()" function after handling malformed requests. This may be exploited to crash Squid. CAN-2005-2796 --- www/squid/Makefile | 4 +- www/squid/distinfo | 8 ++-- www/squid/patches/patch-configure_in | 8 ++-- www/squid/patches/patch-src_cf_data_pre | 10 ++-- www/squid/pkg/PLIST | 64 ++++++++++++++++++++++++- 5 files changed, 78 insertions(+), 16 deletions(-) diff --git a/www/squid/Makefile b/www/squid/Makefile index 080a383df25..35e54f335a7 100644 --- a/www/squid/Makefile +++ b/www/squid/Makefile @@ -1,8 +1,8 @@ -# $OpenBSD: Makefile,v 1.73 2005/05/25 02:27:13 brad Exp $ +# $OpenBSD: Makefile,v 1.74 2005/09/25 17:03:32 brad Exp $ COMMENT= "WWW and FTP proxy cache and accelerator" -DISTNAME= squid-2.5.STABLE10 +DISTNAME= squid-2.5.STABLE11 CATEGORIES= www MASTER_SITES= ${HOMEPAGE}Versions/v2/2.5/ DIST_SUBDIR= squid diff --git a/www/squid/distinfo b/www/squid/distinfo index 857c03e239c..90982d576f3 100644 --- a/www/squid/distinfo +++ b/www/squid/distinfo @@ -1,4 +1,4 @@ -MD5 (squid/squid-2.5.STABLE10.tar.gz) = b74d7a0be462e9e3435ab771316385af -RMD160 (squid/squid-2.5.STABLE10.tar.gz) = f33c343cb834075a1d6df7d0dd690721b62cfc22 -SHA1 (squid/squid-2.5.STABLE10.tar.gz) = 20682b8b5250592deb2a531df353f23e265456b5 -SIZE (squid/squid-2.5.STABLE10.tar.gz) = 1383522 +MD5 (squid/squid-2.5.STABLE11.tar.gz) = ab2b6f7bf930323b4ebfbcf7233f9af9 +RMD160 (squid/squid-2.5.STABLE11.tar.gz) = ca4e0ee0acf23c349e361ce1ff4bcb48528008ad +SHA1 (squid/squid-2.5.STABLE11.tar.gz) = c4509b6d1874b13c6e02d14a627f0dd55a4b1525 +SIZE (squid/squid-2.5.STABLE11.tar.gz) = 1392629 diff --git a/www/squid/patches/patch-configure_in b/www/squid/patches/patch-configure_in index ceb8bff2323..3cece0b5e45 100644 --- a/www/squid/patches/patch-configure_in +++ b/www/squid/patches/patch-configure_in @@ -1,7 +1,7 @@ -$OpenBSD: patch-configure_in,v 1.16 2005/05/25 02:27:13 brad Exp $ ---- configure.in.orig Mon May 16 18:41:14 2005 -+++ configure.in Wed May 18 18:10:12 2005 -@@ -1710,18 +1710,6 @@ dnl during compile. +$OpenBSD: patch-configure_in,v 1.17 2005/09/25 17:03:32 brad Exp $ +--- configure.in.orig Fri Sep 16 18:11:37 2005 ++++ configure.in Mon Sep 19 11:02:26 2005 +@@ -1733,18 +1733,6 @@ dnl during compile. ;; esac diff --git a/www/squid/patches/patch-src_cf_data_pre b/www/squid/patches/patch-src_cf_data_pre index 7c35c6085d3..5651e4574db 100644 --- a/www/squid/patches/patch-src_cf_data_pre +++ b/www/squid/patches/patch-src_cf_data_pre @@ -1,7 +1,7 @@ -$OpenBSD: patch-src_cf_data_pre,v 1.17 2005/05/25 02:27:13 brad Exp $ ---- src/cf.data.pre.orig Tue May 10 19:08:40 2005 -+++ src/cf.data.pre Wed May 18 18:10:13 2005 -@@ -2446,7 +2446,7 @@ DOC_END +$OpenBSD: patch-src_cf_data_pre,v 1.18 2005/09/25 17:03:32 brad Exp $ +--- src/cf.data.pre.orig Tue Sep 13 09:44:35 2005 ++++ src/cf.data.pre Mon Sep 19 11:01:59 2005 +@@ -2471,7 +2471,7 @@ DOC_END NAME: cache_effective_user TYPE: string @@ -10,7 +10,7 @@ $OpenBSD: patch-src_cf_data_pre,v 1.17 2005/05/25 02:27:13 brad Exp $ LOC: Config.effectiveUser DOC_START If you start Squid as root, it will change its effective/real -@@ -2461,7 +2461,7 @@ DOC_END +@@ -2486,7 +2486,7 @@ DOC_END NAME: cache_effective_group TYPE: string diff --git a/www/squid/pkg/PLIST b/www/squid/pkg/PLIST index 341af498028..66950245ddd 100644 --- a/www/squid/pkg/PLIST +++ b/www/squid/pkg/PLIST @@ -1,4 +1,4 @@ -@comment $OpenBSD: PLIST,v 1.22 2005/05/25 02:27:13 brad Exp $ +@comment $OpenBSD: PLIST,v 1.23 2005/09/25 17:03:33 brad Exp $ @newgroup _squid:515 @newuser _squid:515:_squid:daemon:Squid Account:/nonexistent:/sbin/nologin bin/RunAccel @@ -642,6 +642,68 @@ share/examples/squid/errors/German/ERR_WRITE_ERROR @sample share/squid/errors/German/ERR_WRITE_ERROR share/examples/squid/errors/German/ERR_ZERO_SIZE_OBJECT @sample share/squid/errors/German/ERR_ZERO_SIZE_OBJECT +share/examples/squid/errors/Greek/ +@sample share/squid/errors/Greek/ +share/examples/squid/errors/Greek/ERR_ACCESS_DENIED +@sample share/squid/errors/Greek/ERR_ACCESS_DENIED +share/examples/squid/errors/Greek/ERR_CACHE_ACCESS_DENIED +@sample share/squid/errors/Greek/ERR_CACHE_ACCESS_DENIED +share/examples/squid/errors/Greek/ERR_CACHE_MGR_ACCESS_DENIED +@sample share/squid/errors/Greek/ERR_CACHE_MGR_ACCESS_DENIED +share/examples/squid/errors/Greek/ERR_CANNOT_FORWARD +@sample share/squid/errors/Greek/ERR_CANNOT_FORWARD +share/examples/squid/errors/Greek/ERR_CONNECT_FAIL +@sample share/squid/errors/Greek/ERR_CONNECT_FAIL +share/examples/squid/errors/Greek/ERR_DNS_FAIL +@sample share/squid/errors/Greek/ERR_DNS_FAIL +share/examples/squid/errors/Greek/ERR_FORWARDING_DENIED +@sample share/squid/errors/Greek/ERR_FORWARDING_DENIED +share/examples/squid/errors/Greek/ERR_FTP_DISABLED +@sample share/squid/errors/Greek/ERR_FTP_DISABLED +share/examples/squid/errors/Greek/ERR_FTP_FAILURE +@sample share/squid/errors/Greek/ERR_FTP_FAILURE +share/examples/squid/errors/Greek/ERR_FTP_FORBIDDEN +@sample share/squid/errors/Greek/ERR_FTP_FORBIDDEN +share/examples/squid/errors/Greek/ERR_FTP_NOT_FOUND +@sample share/squid/errors/Greek/ERR_FTP_NOT_FOUND +share/examples/squid/errors/Greek/ERR_FTP_PUT_CREATED +@sample share/squid/errors/Greek/ERR_FTP_PUT_CREATED +share/examples/squid/errors/Greek/ERR_FTP_PUT_ERROR +@sample share/squid/errors/Greek/ERR_FTP_PUT_ERROR +share/examples/squid/errors/Greek/ERR_FTP_PUT_MODIFIED +@sample share/squid/errors/Greek/ERR_FTP_PUT_MODIFIED +share/examples/squid/errors/Greek/ERR_FTP_UNAVAILABLE +@sample share/squid/errors/Greek/ERR_FTP_UNAVAILABLE +share/examples/squid/errors/Greek/ERR_INVALID_REQ +@sample share/squid/errors/Greek/ERR_INVALID_REQ +share/examples/squid/errors/Greek/ERR_INVALID_RESP +@sample share/squid/errors/Greek/ERR_INVALID_RESP +share/examples/squid/errors/Greek/ERR_INVALID_URL +@sample share/squid/errors/Greek/ERR_INVALID_URL +share/examples/squid/errors/Greek/ERR_LIFETIME_EXP +@sample share/squid/errors/Greek/ERR_LIFETIME_EXP +share/examples/squid/errors/Greek/ERR_NO_RELAY +@sample share/squid/errors/Greek/ERR_NO_RELAY +share/examples/squid/errors/Greek/ERR_ONLY_IF_CACHED_MISS +@sample share/squid/errors/Greek/ERR_ONLY_IF_CACHED_MISS +share/examples/squid/errors/Greek/ERR_READ_ERROR +@sample share/squid/errors/Greek/ERR_READ_ERROR +share/examples/squid/errors/Greek/ERR_READ_TIMEOUT +@sample share/squid/errors/Greek/ERR_READ_TIMEOUT +share/examples/squid/errors/Greek/ERR_SHUTTING_DOWN +@sample share/squid/errors/Greek/ERR_SHUTTING_DOWN +share/examples/squid/errors/Greek/ERR_SOCKET_FAILURE +@sample share/squid/errors/Greek/ERR_SOCKET_FAILURE +share/examples/squid/errors/Greek/ERR_TOO_BIG +@sample share/squid/errors/Greek/ERR_TOO_BIG +share/examples/squid/errors/Greek/ERR_UNSUP_REQ +@sample share/squid/errors/Greek/ERR_UNSUP_REQ +share/examples/squid/errors/Greek/ERR_URN_RESOLVE +@sample share/squid/errors/Greek/ERR_URN_RESOLVE +share/examples/squid/errors/Greek/ERR_WRITE_ERROR +@sample share/squid/errors/Greek/ERR_WRITE_ERROR +share/examples/squid/errors/Greek/ERR_ZERO_SIZE_OBJECT +@sample share/squid/errors/Greek/ERR_ZERO_SIZE_OBJECT share/examples/squid/errors/Hebrew/ @sample share/squid/errors/Hebrew/ share/examples/squid/errors/Hebrew/ERR_ACCESS_DENIED