http://www.openwall.com/lists/oss-security/2015/09/18/1 Please note from the CVE Request, (Formal release with advisory will be coming in a few days. 3.5.9 tarballs are available now, via FTP if the web mirrors ). I'm not seeing this on the mirrors just yet.
Take.
A commit references this bug: Author: junovitch Date: Fri Sep 18 01:34:32 UTC 2015 New revision: 397209 URL: https://svnweb.freebsd.org/changeset/ports/397209 Log: Document squid TLS/SSL parser denial of service vulnerability No CVE assigned yet PR: 203186 Changes: head/security/vuxml/vuln.xml
Created attachment 161209 [details] www/squid: security update 3.5.8 -> 3.5.9 Pavel, it looks like this did hit the mirrors. I am doing QA on the attached patch now.
(In reply to Jason Unovitch from comment #3) Great! No remark from me.
A commit references this bug: Author: junovitch Date: Mon Sep 21 01:51:27 UTC 2015 New revision: 397476 URL: https://svnweb.freebsd.org/changeset/ports/397476 Log: www/squid: security update and build fix - security update 3.5.8 -> 3.5.9 [1] - Fix TP_IPF build on FreeBSD 9 [2] PR: 203186 [1] PR: 202950 [2] Approved by: Pavel Timofeev <timp87@gmail.com> (maintainer) [1] Security: d3a98c2d-5da1-11e5-9909-002590263bf5 MFH: 2015Q3 X-MFH-With: r391555, r392222, r393602, r396106, r396185, r397215 Changes: head/www/squid/Makefile head/www/squid/distinfo head/www/squid/files/patch-src__ip__Intercept.cc
A commit references this bug: Author: junovitch Date: Mon Sep 21 11:08:27 UTC 2015 New revision: 397486 URL: https://svnweb.freebsd.org/changeset/ports/397486 Log: MFH r391555, r392222, r393602, r396106, r396185, r397215, r397476 r391555 www/squid: Support DragonFly SHM segments Out of the box, squid would not run on dragonfly due to its handling of SHM segments. On DragonFly, SHM segments are always treated as files but on FreeBSD it depends on whether or not application is inside a jail. In any case, the case for DragonFly was no supported, so it has been added via patch. This also requires the return of /var/run/squid directory which is where the SHM files are stored (defined by localstatedir and supported by RC script). The RC script would define this directory if missing, but let's make sure it is always available. PR: 201405 Submitted by: marino Approved by: maintainer (timp87/gmail) r392222 www/squid: pkg-list fix - add missing pkg-plist entry (SSL_CRTD option) PR: 201463 Submitted by: s3erios@gmail.com Approved by: timp87@gmail.com (maintainer) r393602 www/squid: update 3.5.6 -> 3.5.7 - Fix build with ecap by clang - Get rid of useless and always empty /var/squid/logs - Rework patches to make portlint a bit happier PR: 202053 Submitted by: Pavel Timofeev <timp87@gmail.com> (maintainer) r396106 www/squid: update 3.5.7 -> 3.5.8 PR: 202826 Submitted by: Pavel Timofeev <timp87@gmail.com> (maintainer) Approved by: feld (mentor) r396185 Fix TP_IPF build. r397215 Rather than produce a warning message that IPv6 is not supported under ipfilter 4 (FreeBSD 9) every tenth time, reduce the message to one in a million. This has the effect of displaying the message at or shortly after startup with a reminder every blue moon. PR: 202950 r397476 www/squid: security update and build fix - security update 3.5.8 -> 3.5.9 [1] - Fix TP_IPF build on FreeBSD 9 [2] PR: 203186 [1] PR: 202950 [2] Approved by: Pavel Timofeev <timp87@gmail.com> (maintainer) [1] Security: d3a98c2d-5da1-11e5-9909-002590263bf5 Approved by: portmgr (erwin) Changes: _U branches/2015Q3/ branches/2015Q3/www/squid/Makefile branches/2015Q3/www/squid/distinfo branches/2015Q3/www/squid/files/extra-patch-build-8-9 branches/2015Q3/www/squid/files/patch-bug4190 branches/2015Q3/www/squid/files/patch-compat_compat.h branches/2015Q3/www/squid/files/patch-compat_shm.cc branches/2015Q3/www/squid/files/patch-configure branches/2015Q3/www/squid/files/patch-configure_GSSAPI_NONE branches/2015Q3/www/squid/files/patch-configure_NIS branches/2015Q3/www/squid/files/patch-configure_crypt.h branches/2015Q3/www/squid/files/patch-src-cf.data.pre branches/2015Q3/www/squid/files/patch-src_DiskIO_Mmapped_MmappedFile.cc branches/2015Q3/www/squid/files/patch-src__ip__Intercept.cc branches/2015Q3/www/squid/files/patch-src_ipc_mem_Segment.cc branches/2015Q3/www/squid/files/patch-src_tools.cc branches/2015Q3/www/squid/pkg-plist
Updates committed and MFH'd. Also set maintainer-feedback+ based on comment 4.
A commit references this bug: Author: junovitch Date: Thu Feb 18 02:20:24 UTC 2016 New revision: 409083 URL: https://svnweb.freebsd.org/changeset/ports/409083 Log: Revise earlier Squid entry with official Squid SA as a reference PR: 203186 Security: https://vuxml.FreeBSD.org/freebsd/d3a98c2d-5da1-11e5-9909-002590263bf5.html Changes: head/security/vuxml/vuln.xml