87637 – [Maintainer] [Security] www/squid: integrate vendor patches; fix an FTP parsing vulnerability

Bug 87637 - [Maintainer] [Security] www/squid: integrate vendor patches; fix an FTP parsing vulnerability

Summary: [Maintainer] [Security] www/squid: integrate vendor patches; fix an FTP parsi...

Status:	Closed FIXED

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	Any Any

Importance:	Normal Affects Only Me
Assignee:	Renato Botelho

URL:
Keywords:

Depends on:
Blocks:

Reported:	2005-10-18 20:20 UTC by Thomas-Martin Seck
Modified:	2005-10-19 13:21 UTC (History)
CC List:	1 user (show)

See Also:

Attachments
file.diff (2.96 KB, patch) 2005-10-18 20:20 UTC, Thomas-Martin Seck	no flags	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Thomas-Martin Seck 2005-10-18 20:20:15 UTC

Integrate the following vendor patches as published on
<http://www.squid-cache.org/Versions/v2/2.5/bugs/>:

- document that tcp_outgoing_xxx works badly in combination with
  server_persistent_connections (squid bug #454)
- add more tracing in test mode of squid_ldap_auth (squid bug #1395)
- fix breakage of accel_single_host when combined with
  server_persistent_connection (squid bug #1402)
- correctly implement the CACHE_HTTP_PORT configuration directive
  (squid bug #1403)
- fix the problem that CNAME addresses were remembered with a wrong TTL
  (squid bug #1404)
- fix incorrect handling of squid-internal-dynamic/netdb in conjunction with
  httpd_accel/transparent proxies (squid bug #1410)
- properly revalidate the cache on HEAD requests (squid bug #1411)
- correct handling of Set-Cookie headers on cache refreshes (squid bug #1419)
- fix a vulnerability in the FTP parsing code (squid bug #1426)

VuXML data for squid bug #1426 (please fill in <entry> date):

  <vuln vid="cf5d84d0-4007-11da-9e1e-c296ac722cb3">
    <topic>squid -- vulnerability in FTP parsing code</topic>
    <affects>
      <package>
	<name>squid</name>
	<range><lt>2.5.11_3</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The squid patches page notes:</p>
	<blockquote cite="http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE11-rfc1738_do_escape">
	  <p>In certain odd FTP server responses Squid may crash with
	     a segmentation fault in rfc1738_do_escape.</p>
	  <p>Workaround: deny access to the ftp protocol via the proxy</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>http://www.squid-cache.org/bugs/show_bug.cgi?id=1426</url>
      <url>http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE11-rfc1738_do_escape</url>
    </references>
    <dates>
      <discovery>2005-10-12</discovery>
      <entry>YYYY-MM-DD</entry>
    </dates>
  </vuln>

Fix: Apply this patch:

Comment 1 Renato Botelho freebsd_committer

2005-10-19 11:51:51 UTC

Responsible Changed
From-To: freebsd-ports-bugs->garga

I'll take it.

Comment 2 Renato Botelho freebsd_committer

2005-10-19 13:21:18 UTC

State Changed
From-To: open->closed

Committed. Thanks!