Bug 76967 - [Maintainer/security] www/squid: integrate vendor patch regarding oversized HTTP reply headers
Summary: [Maintainer/security] www/squid: integrate vendor patch regarding oversized H...
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Only Me
Assignee: freebsd-ports-bugs (Nobody)
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2005-02-01 16:00 UTC by Thomas-Martin Seck
Modified: 2005-02-08 15:12 UTC (History)
1 user (show)

See Also:


Attachments
file.diff (1.21 KB, patch)
2005-02-01 16:00 UTC, Thomas-Martin Seck
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Thomas-Martin Seck 2005-02-01 16:00:33 UTC
Integrate the following vendor patch as published on
<http://www.squid-cache.org/Versions/v2/2.5/bugs/>:

- Address HTTP protocol mismatch related to oversized reply headers and
  enhance cache.log on reply header parsing failures (squid bug #1216)

This bug is classified as security issue by the vendor, further details
about the impact of the vulnerability are not known (to maintainer).

Proposed VuXML data, entry date left to be filled in:

  <vuln vid="bfda39de-7467-11d9-9e1e-c296ac722cb3">
    <topic>squid -- correct handling of oversized HTTP reply headers</topic>
    <affects>
      <package>
	<name>squid</name>
	<range><lt>2.5.7_12</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The squid patches page notes:</p>
	<blockquote cite="http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-oversize_reply_headers.patch">
	  <p>This patch addresses a HTTP protocol mismatch related to oversized
	    reply headers. In addition it enhances the cache.log reporting on
	    reply header parsing failures to make it easier to track down which
	    sites are malfunctioning.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>http://www.squid-cache.org/bugs/show_bug.cgi?id=1216</url>
      <url>http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-oversize_reply_headers.patch</url>
    </references>
    <dates>
      <discovery>2005-01-31</discovery>
      <entry></entry>
    </dates>
  </vuln>

Fix: Apply this patch:
Comment 1 Thomas-Martin Seck 2005-02-04 17:20:52 UTC
Please integrate the following patches, too:

- correct the search request generated by the LDAP authentication helper
- fix a race within the NTLM authentication mechanism (squid bug #1127)
- fix handling of failed PUT/POST requests (squid bug #1224)
- fix problems with persistent server connections after failed PUT/POST
  requests (squid bug #1122)
- improve handling of forged WCCP packets (squid bug #1225)


Index: distinfo
===================================================================
--- distinfo	(revision 394)
+++ distinfo	(revision 395)
@@ -48,3 +48,13 @@
 SIZE (squid2.5/squid-2.5.STABLE7-wccp_buffer_overflow.patch) = 505
 MD5 (squid2.5/squid-2.5.STABLE7-oversize_reply_headers.patch) = 729c626f76637546b5ded70da6e0ee20
 SIZE (squid2.5/squid-2.5.STABLE7-oversize_reply_headers.patch) = 3056
+MD5 (squid2.5/squid-2.5.STABLE7-ldap_search.patch) = f2f39856ada003854e00b91ac258e07f
+SIZE (squid2.5/squid-2.5.STABLE7-ldap_search.patch) = 3719
+MD5 (squid2.5/squid-2.5.STABLE7-ntlm_segfault.patch) = 538a534a9a1acbbcb62cb64f618e325e
+SIZE (squid2.5/squid-2.5.STABLE7-ntlm_segfault.patch) = 2076
+MD5 (squid2.5/squid-2.5.STABLE7-post.patch) = ed73f46585b90319fc36e7f85130febc
+SIZE (squid2.5/squid-2.5.STABLE7-post.patch) = 3172
+MD5 (squid2.5/squid-2.5.STABLE7-server_post.patch) = 86733a0d6052dc65b913fe7bf6357e43
+SIZE (squid2.5/squid-2.5.STABLE7-server_post.patch) = 1424
+MD5 (squid2.5/squid-2.5.STABLE7-wccp_disturb.patch) = 658cc713f3928e8a9774cb6543547c49
+SIZE (squid2.5/squid-2.5.STABLE7-wccp_disturb.patch) = 5075
Index: Makefile
===================================================================
--- Makefile	(revision 394)
+++ Makefile	(revision 395)
@@ -110,7 +110,12 @@
 		squid-2.5.STABLE7-short_icons_urls.patch \
 		squid-2.5.STABLE7-response_splitting.patch \
 		squid-2.5.STABLE7-wccp_buffer_overflow.patch \
-		squid-2.5.STABLE7-oversize_reply_headers.patch
+		squid-2.5.STABLE7-oversize_reply_headers.patch \
+		squid-2.5.STABLE7-ldap_search.patch \
+		squid-2.5.STABLE7-ntlm_segfault.patch \
+		squid-2.5.STABLE7-post.patch \
+		squid-2.5.STABLE7-server_post.patch \
+		squid-2.5.STABLE7-wccp_disturb.patch
 PATCH_DIST_STRIP=	-p1
 
 MAINTAINER=	tmseck@netcologne.de
Comment 2 Jacques Vidrine freebsd_committer freebsd_triage 2005-02-08 15:00:42 UTC
State Changed
From-To: open->closed

Committed, thanks!