Bug 203186 - www/squid: security update 3.1.8 -> 3.1.9
Summary: www/squid: security update 3.1.8 -> 3.1.9
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Some People
Assignee: Jason Unovitch
URL:
Keywords: security
Depends on:
Blocks:
 
Reported: 2015-09-18 01:18 UTC by Jason Unovitch
Modified: 2016-02-18 02:20 UTC (History)
1 user (show)

See Also:
junovitch: maintainer-feedback+


Attachments
www/squid: security update 3.5.8 -> 3.5.9 (871 bytes, patch)
2015-09-20 02:46 UTC, Jason Unovitch
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Jason Unovitch freebsd_committer 2015-09-18 01:18:00 UTC
http://www.openwall.com/lists/oss-security/2015/09/18/1

Please note from the CVE Request,
(Formal release with advisory will be coming in a few days. 3.5.9
tarballs are available now, via FTP if the web mirrors ).

I'm not seeing this on the mirrors just yet.
Comment 1 Jason Unovitch freebsd_committer 2015-09-18 01:18:27 UTC
Take.
Comment 2 commit-hook freebsd_committer 2015-09-18 01:34:43 UTC
A commit references this bug:

Author: junovitch
Date: Fri Sep 18 01:34:32 UTC 2015
New revision: 397209
URL: https://svnweb.freebsd.org/changeset/ports/397209

Log:
  Document squid TLS/SSL parser denial of service vulnerability

  No CVE assigned yet

  PR:		203186

Changes:
  head/security/vuxml/vuln.xml
Comment 3 Jason Unovitch freebsd_committer 2015-09-20 02:46:06 UTC
Created attachment 161209 [details]
www/squid: security update 3.5.8 -> 3.5.9

Pavel, it looks like this did hit the mirrors.  I am doing QA on the attached patch now.
Comment 4 timp87 2015-09-20 02:57:25 UTC
(In reply to Jason Unovitch from comment #3)

Great! No remark from me.
Comment 5 commit-hook freebsd_committer 2015-09-21 01:51:54 UTC
A commit references this bug:

Author: junovitch
Date: Mon Sep 21 01:51:27 UTC 2015
New revision: 397476
URL: https://svnweb.freebsd.org/changeset/ports/397476

Log:
  www/squid: security update and build fix

  - security update 3.5.8 -> 3.5.9 [1]
  - Fix TP_IPF build on FreeBSD 9 [2]

  PR:		203186 [1]
  PR:		202950 [2]
  Approved by:	Pavel Timofeev <timp87@gmail.com> (maintainer) [1]
  Security:	d3a98c2d-5da1-11e5-9909-002590263bf5
  MFH:		2015Q3
  X-MFH-With:	r391555, r392222, r393602, r396106, r396185, r397215

Changes:
  head/www/squid/Makefile
  head/www/squid/distinfo
  head/www/squid/files/patch-src__ip__Intercept.cc
Comment 6 commit-hook freebsd_committer 2015-09-21 11:08:41 UTC
A commit references this bug:

Author: junovitch
Date: Mon Sep 21 11:08:27 UTC 2015
New revision: 397486
URL: https://svnweb.freebsd.org/changeset/ports/397486

Log:
  MFH r391555, r392222, r393602, r396106, r396185, r397215, r397476

  r391555
  www/squid: Support DragonFly SHM segments

  Out of the box, squid would not run on dragonfly due to its handling
  of SHM segments.  On DragonFly, SHM segments are always treated as files
  but on FreeBSD it depends on whether or not application is inside a jail.

  In any case, the case for DragonFly was no supported, so it has been
  added via patch.  This also requires the return of /var/run/squid
  directory which is where the SHM files are stored (defined by
  localstatedir and supported by RC script).  The RC script would define
  this directory if missing, but let's make sure it is always available.

  PR:		201405
  Submitted by:	marino
  Approved by:	maintainer (timp87/gmail)

  r392222
  www/squid: pkg-list fix

  - add missing pkg-plist entry (SSL_CRTD option)

  PR:                  201463
  Submitted by:        s3erios@gmail.com
  Approved by:         timp87@gmail.com (maintainer)

  r393602
  www/squid: update 3.5.6 -> 3.5.7

  - Fix build with ecap by clang
  - Get rid of useless and always empty /var/squid/logs
  - Rework patches to make portlint a bit happier

  PR:		202053
  Submitted by:	Pavel Timofeev <timp87@gmail.com> (maintainer)

  r396106
  www/squid: update 3.5.7 -> 3.5.8

  PR:		202826
  Submitted by:	Pavel Timofeev <timp87@gmail.com> (maintainer)
  Approved by:	feld (mentor)

  r396185
  Fix TP_IPF build.

  r397215
  Rather than produce a warning message that IPv6 is not supported
  under ipfilter 4 (FreeBSD 9) every tenth time, reduce the message
  to one in a million. This has the effect of displaying the message
  at or shortly after startup with a reminder every blue moon.

  PR:		202950

  r397476
  www/squid: security update and build fix

  - security update 3.5.8 -> 3.5.9 [1]
  - Fix TP_IPF build on FreeBSD 9 [2]

  PR:		203186 [1]
  PR:		202950 [2]
  Approved by:	Pavel Timofeev <timp87@gmail.com> (maintainer) [1]
  Security:	d3a98c2d-5da1-11e5-9909-002590263bf5
  Approved by:	portmgr (erwin)

Changes:
_U  branches/2015Q3/
  branches/2015Q3/www/squid/Makefile
  branches/2015Q3/www/squid/distinfo
  branches/2015Q3/www/squid/files/extra-patch-build-8-9
  branches/2015Q3/www/squid/files/patch-bug4190
  branches/2015Q3/www/squid/files/patch-compat_compat.h
  branches/2015Q3/www/squid/files/patch-compat_shm.cc
  branches/2015Q3/www/squid/files/patch-configure
  branches/2015Q3/www/squid/files/patch-configure_GSSAPI_NONE
  branches/2015Q3/www/squid/files/patch-configure_NIS
  branches/2015Q3/www/squid/files/patch-configure_crypt.h
  branches/2015Q3/www/squid/files/patch-src-cf.data.pre
  branches/2015Q3/www/squid/files/patch-src_DiskIO_Mmapped_MmappedFile.cc
  branches/2015Q3/www/squid/files/patch-src__ip__Intercept.cc
  branches/2015Q3/www/squid/files/patch-src_ipc_mem_Segment.cc
  branches/2015Q3/www/squid/files/patch-src_tools.cc
  branches/2015Q3/www/squid/pkg-plist
Comment 7 Jason Unovitch freebsd_committer 2015-09-21 11:20:08 UTC
Updates committed and MFH'd.  Also set maintainer-feedback+ based on comment 4.
Comment 8 commit-hook freebsd_committer 2016-02-18 02:20:35 UTC
A commit references this bug:

Author: junovitch
Date: Thu Feb 18 02:20:24 UTC 2016
New revision: 409083
URL: https://svnweb.freebsd.org/changeset/ports/409083

Log:
  Revise earlier Squid entry with official Squid SA as a reference

  PR:		203186
  Security:	https://vuxml.FreeBSD.org/freebsd/d3a98c2d-5da1-11e5-9909-002590263bf5.html

Changes:
  head/security/vuxml/vuln.xml