Bug 76967

Summary: [Maintainer/security] www/squid: integrate vendor patch regarding oversized HTTP reply headers
Product: Ports & Packages Reporter: Thomas-Martin Seck <tmseck>
Component: Individual Port(s)Assignee: freebsd-ports-bugs (Nobody) <ports-bugs>
Status: Closed FIXED    
Severity: Affects Only Me CC: security-team
Priority: Normal    
Version: Latest   
Hardware: Any   
OS: Any   
Attachments:
Description Flags
file.diff none

Description Thomas-Martin Seck 2005-02-01 16:00:33 UTC
Integrate the following vendor patch as published on
<http://www.squid-cache.org/Versions/v2/2.5/bugs/>:

- Address HTTP protocol mismatch related to oversized reply headers and
  enhance cache.log on reply header parsing failures (squid bug #1216)

This bug is classified as security issue by the vendor, further details
about the impact of the vulnerability are not known (to maintainer).

Proposed VuXML data, entry date left to be filled in:

  <vuln vid="bfda39de-7467-11d9-9e1e-c296ac722cb3">
    <topic>squid -- correct handling of oversized HTTP reply headers</topic>
    <affects>
      <package>
	<name>squid</name>
	<range><lt>2.5.7_12</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The squid patches page notes:</p>
	<blockquote cite="http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-oversize_reply_headers.patch">
	  <p>This patch addresses a HTTP protocol mismatch related to oversized
	    reply headers. In addition it enhances the cache.log reporting on
	    reply header parsing failures to make it easier to track down which
	    sites are malfunctioning.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>http://www.squid-cache.org/bugs/show_bug.cgi?id=1216</url>
      <url>http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-oversize_reply_headers.patch</url>
    </references>
    <dates>
      <discovery>2005-01-31</discovery>
      <entry></entry>
    </dates>
  </vuln>

Fix: Apply this patch:
Comment 1 Thomas-Martin Seck 2005-02-04 17:20:52 UTC
Please integrate the following patches, too:

- correct the search request generated by the LDAP authentication helper
- fix a race within the NTLM authentication mechanism (squid bug #1127)
- fix handling of failed PUT/POST requests (squid bug #1224)
- fix problems with persistent server connections after failed PUT/POST
  requests (squid bug #1122)
- improve handling of forged WCCP packets (squid bug #1225)


Index: distinfo
===================================================================
--- distinfo	(revision 394)
+++ distinfo	(revision 395)
@@ -48,3 +48,13 @@
 SIZE (squid2.5/squid-2.5.STABLE7-wccp_buffer_overflow.patch) = 505
 MD5 (squid2.5/squid-2.5.STABLE7-oversize_reply_headers.patch) = 729c626f76637546b5ded70da6e0ee20
 SIZE (squid2.5/squid-2.5.STABLE7-oversize_reply_headers.patch) = 3056
+MD5 (squid2.5/squid-2.5.STABLE7-ldap_search.patch) = f2f39856ada003854e00b91ac258e07f
+SIZE (squid2.5/squid-2.5.STABLE7-ldap_search.patch) = 3719
+MD5 (squid2.5/squid-2.5.STABLE7-ntlm_segfault.patch) = 538a534a9a1acbbcb62cb64f618e325e
+SIZE (squid2.5/squid-2.5.STABLE7-ntlm_segfault.patch) = 2076
+MD5 (squid2.5/squid-2.5.STABLE7-post.patch) = ed73f46585b90319fc36e7f85130febc
+SIZE (squid2.5/squid-2.5.STABLE7-post.patch) = 3172
+MD5 (squid2.5/squid-2.5.STABLE7-server_post.patch) = 86733a0d6052dc65b913fe7bf6357e43
+SIZE (squid2.5/squid-2.5.STABLE7-server_post.patch) = 1424
+MD5 (squid2.5/squid-2.5.STABLE7-wccp_disturb.patch) = 658cc713f3928e8a9774cb6543547c49
+SIZE (squid2.5/squid-2.5.STABLE7-wccp_disturb.patch) = 5075
Index: Makefile
===================================================================
--- Makefile	(revision 394)
+++ Makefile	(revision 395)
@@ -110,7 +110,12 @@
 		squid-2.5.STABLE7-short_icons_urls.patch \
 		squid-2.5.STABLE7-response_splitting.patch \
 		squid-2.5.STABLE7-wccp_buffer_overflow.patch \
-		squid-2.5.STABLE7-oversize_reply_headers.patch
+		squid-2.5.STABLE7-oversize_reply_headers.patch \
+		squid-2.5.STABLE7-ldap_search.patch \
+		squid-2.5.STABLE7-ntlm_segfault.patch \
+		squid-2.5.STABLE7-post.patch \
+		squid-2.5.STABLE7-server_post.patch \
+		squid-2.5.STABLE7-wccp_disturb.patch
 PATCH_DIST_STRIP=	-p1
 
 MAINTAINER=	tmseck@netcologne.de
Comment 2 Jacques Vidrine freebsd_committer freebsd_triage 2005-02-08 15:00:42 UTC
State Changed
From-To: open->closed

Committed, thanks!