FreeBSD Bugzilla – Attachment 190918 Details for
Bug 226139
www/squid: Fixes security vulnerabilities (CVE-2018-1000024, CVE-2018-1000027)
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
squid-3.5.27_3.patch
squid-3.5.27_3.patch (text/plain), 3.77 KB, created by
Danilo G. Baio
on 2018-02-23 13:53:03 UTC
(
hide
)
Description:
squid-3.5.27_3.patch
Filename:
MIME Type:
Creator:
Danilo G. Baio
Created:
2018-02-23 13:53:03 UTC
Size:
3.77 KB
patch
obsolete
>Index: www/squid/Makefile >=================================================================== >--- www/squid/Makefile (revision 462621) >+++ www/squid/Makefile (working copy) >@@ -2,7 +2,7 @@ > > PORTNAME= squid > PORTVERSION= 3.5.27 >-PORTREVISION= 2 >+PORTREVISION= 3 > CATEGORIES= www ipv6 > MASTER_SITES= http://www.squid-cache.org/Versions/v3/${PORTVERSION:R}/ \ > http://www2.us.squid-cache.org/Versions/v3/${PORTVERSION:R}/ \ >Index: www/squid/files/patch-src_client__side__request.cc >=================================================================== >--- www/squid/files/patch-src_client__side__request.cc (nonexistent) >+++ www/squid/files/patch-src_client__side__request.cc (working copy) >@@ -0,0 +1,23 @@ >+http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2018_2.patch >+ >+commit 8232b83d3fa47a1399f155cb829db829369fbae9 (refs/remotes/origin/v3.5) >+Author: squidadm <squidadm@users.noreply.github.com> >+Date: 2018-01-21 08:07:08 +1300 >+ >+ Fix indirect IP logging for transactions without a client connection (#129) (#136) >+ >+--- src/client_side_request.cc.orig 2018-02-23 13:39:32 UTC >++++ src/client_side_request.cc >+@@ -488,9 +488,9 @@ clientFollowXForwardedForCheck(allow_t answer, void *d >+ * Ensure that the access log shows the indirect client >+ * instead of the direct client. >+ */ >+- ConnStateData *conn = http->getConn(); >+- conn->log_addr = request->indirect_client_addr; >+- http->al->cache.caddr = conn->log_addr; >++ http->al->cache.caddr = request->indirect_client_addr; >++ if (ConnStateData *conn = http->getConn()) >++ conn->log_addr = request->indirect_client_addr; >+ } >+ request->x_forwarded_for_iterator.clean(); >+ request->flags.done_follow_x_forwarded_for = true; > >Property changes on: www/squid/files/patch-src_client__side__request.cc >___________________________________________________________________ >Added: fbsd:nokeywords >## -0,0 +1 ## >+yes >\ No newline at end of property >Added: svn:eol-style >## -0,0 +1 ## >+native >\ No newline at end of property >Added: svn:mime-type >## -0,0 +1 ## >+text/plain >\ No newline at end of property >Index: www/squid/files/patch-src_esi_CustomParser.cc >=================================================================== >--- www/squid/files/patch-src_esi_CustomParser.cc (nonexistent) >+++ www/squid/files/patch-src_esi_CustomParser.cc (working copy) >@@ -0,0 +1,28 @@ >+http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2018_1.patch >+ >+commit eb2db98a676321b814fc4a51c4fb7928a8bb45d9 (refs/remotes/origin/v3.5) >+Author: Amos Jeffries <yadij@users.noreply.github.com> >+Date: 2018-01-19 13:54:14 +1300 >+ >+ ESI: make sure endofName never exceeds tagEnd (#130) >+ >+--- src/esi/CustomParser.cc.orig 2018-02-23 13:37:52 UTC >++++ src/esi/CustomParser.cc >+@@ -121,7 +121,7 @@ ESICustomParser::parse(char const *dataToParse, size_t >+ >+ char * endofName = strpbrk(const_cast<char *>(tag), w_space); >+ >+- if (endofName > tagEnd) >++ if (!endofName || endofName > tagEnd) >+ endofName = const_cast<char *>(tagEnd); >+ >+ *endofName = '\0'; >+@@ -214,7 +214,7 @@ ESICustomParser::parse(char const *dataToParse, size_t >+ >+ char * endofName = strpbrk(const_cast<char *>(tag), w_space); >+ >+- if (endofName > tagEnd) >++ if (!endofName || endofName > tagEnd) >+ endofName = const_cast<char *>(tagEnd); >+ >+ *endofName = '\0'; > >Property changes on: www/squid/files/patch-src_esi_CustomParser.cc >___________________________________________________________________ >Added: fbsd:nokeywords >## -0,0 +1 ## >+yes >\ No newline at end of property >Added: svn:eol-style >## -0,0 +1 ## >+native >\ No newline at end of property >Added: svn:mime-type >## -0,0 +1 ## >+text/plain >\ No newline at end of property
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=190918">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Flags:
timp87
:
maintainer-approval+
Actions:
View
|
Diff
Attachments on
bug 226139
:
190916
| 190918