summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAvatar Timo Gurr <tgurr@exherbo.org> 2018-01-24 11:03:50 +0100
committerAvatar Timo Gurr <tgurr@exherbo.org> 2018-01-24 11:53:07 +0100
commit894c5586e6cd8995be0b5ac66ca41dfd661992f2 (patch)
treeaf6475e1a302324dd530fd0172ca8e22261d9399
parentb7079b757e64888c2e0bc991577788d6f14d986f (diff)
downloadnet-894c5586e6cd8995be0b5ac66ca41dfd661992f2.tar.gz
net-894c5586e6cd8995be0b5ac66ca41dfd661992f2.tar.xz
squid: revbump adding upstream security patches
Change-Id: Ia492204252f5aab3dae2b6194aec9494e4529dd8 Reviewed-on: https://galileo.mailstation.de/gerrit/11208 Reviewed-by: Jenkins <wk@mailstation.de> Reviewed-by: Timo Gurr <tgurr@exherbo.org>
-rw-r--r--metadata/repository_mask.conf6
-rw-r--r--packages/net-proxy/squid/files/squid-3.5.27-SQUID-2018_1.patch31
-rw-r--r--packages/net-proxy/squid/files/squid-3.5.27-SQUID-2018_2.patch26
-rw-r--r--packages/net-proxy/squid/squid-3.5.27-r1.exheres-0 (renamed from packages/net-proxy/squid/squid-3.5.27.exheres-0)5
-rw-r--r--packages/net-proxy/squid/squid.exlib6
5 files changed, 69 insertions, 5 deletions
diff --git a/metadata/repository_mask.conf b/metadata/repository_mask.conf
index cf2ec9c..3188cba 100644
--- a/metadata/repository_mask.conf
+++ b/metadata/repository_mask.conf
@@ -124,11 +124,11 @@ app-crypt/krb5[<1.15.2] [[
description = [ CVE-2017-11368, CVE-2017-11462 ]
]]
-net-proxy/squid[<3.5.23] [[
+net-proxy/squid[<3.5.27-r1] [[
author = [ Timo Gurr <tgurr@exherbo.org> ]
- date = [ 22 Dec 2016 ]
+ date = [ 24 Jan 2018 ]
token = security
- description = [ CVE-2016-10002, CVE-2016-10003 ]
+ description = [ SQUID-2018:1, SQUID-2018:2 ]
]]
net-misc/openvpn[<2.4.3] [[
diff --git a/packages/net-proxy/squid/files/squid-3.5.27-SQUID-2018_1.patch b/packages/net-proxy/squid/files/squid-3.5.27-SQUID-2018_1.patch
new file mode 100644
index 0000000..fef07f4
--- /dev/null
+++ b/packages/net-proxy/squid/files/squid-3.5.27-SQUID-2018_1.patch
@@ -0,0 +1,31 @@
+Source/Upstream: Yes, http://www.squid-cache.org/Advisories/SQUID-2018_1.txt
+Reason: Security
+
+commit eb2db98a676321b814fc4a51c4fb7928a8bb45d9 (refs/remotes/origin/v3.5)
+Author: Amos Jeffries <yadij@users.noreply.github.com>
+Date: 2018-01-19 13:54:14 +1300
+
+ ESI: make sure endofName never exceeds tagEnd (#130)
+
+diff --git a/src/esi/CustomParser.cc b/src/esi/CustomParser.cc
+index d86d2d3..db634d9 100644
+--- a/src/esi/CustomParser.cc
++++ b/src/esi/CustomParser.cc
+@@ -121,7 +121,7 @@ ESICustomParser::parse(char const *dataToParse, size_t const lengthOfData, bool
+
+ char * endofName = strpbrk(const_cast<char *>(tag), w_space);
+
+- if (endofName > tagEnd)
++ if (!endofName || endofName > tagEnd)
+ endofName = const_cast<char *>(tagEnd);
+
+ *endofName = '\0';
+@@ -214,7 +214,7 @@ ESICustomParser::parse(char const *dataToParse, size_t const lengthOfData, bool
+
+ char * endofName = strpbrk(const_cast<char *>(tag), w_space);
+
+- if (endofName > tagEnd)
++ if (!endofName || endofName > tagEnd)
+ endofName = const_cast<char *>(tagEnd);
+
+ *endofName = '\0';
diff --git a/packages/net-proxy/squid/files/squid-3.5.27-SQUID-2018_2.patch b/packages/net-proxy/squid/files/squid-3.5.27-SQUID-2018_2.patch
new file mode 100644
index 0000000..251a3d8
--- /dev/null
+++ b/packages/net-proxy/squid/files/squid-3.5.27-SQUID-2018_2.patch
@@ -0,0 +1,26 @@
+Source/Upstream: Yes, http://www.squid-cache.org/Advisories/SQUID-2018_2.txt
+Reason: Security
+
+commit 8232b83d3fa47a1399f155cb829db829369fbae9 (refs/remotes/origin/v3.5)
+Author: squidadm <squidadm@users.noreply.github.com>
+Date: 2018-01-21 08:07:08 +1300
+
+ Fix indirect IP logging for transactions without a client connection (#129) (#136)
+
+diff --git a/src/client_side_request.cc b/src/client_side_request.cc
+index be124f3..203f89d 100644
+--- a/src/client_side_request.cc
++++ b/src/client_side_request.cc
+@@ -488,9 +488,9 @@ clientFollowXForwardedForCheck(allow_t answer, void *data)
+ * Ensure that the access log shows the indirect client
+ * instead of the direct client.
+ */
+- ConnStateData *conn = http->getConn();
+- conn->log_addr = request->indirect_client_addr;
+- http->al->cache.caddr = conn->log_addr;
++ http->al->cache.caddr = request->indirect_client_addr;
++ if (ConnStateData *conn = http->getConn())
++ conn->log_addr = request->indirect_client_addr;
+ }
+ request->x_forwarded_for_iterator.clean();
+ request->flags.done_follow_x_forwarded_for = true;
diff --git a/packages/net-proxy/squid/squid-3.5.27.exheres-0 b/packages/net-proxy/squid/squid-3.5.27-r1.exheres-0
index 07723c5..39ae35a 100644
--- a/packages/net-proxy/squid/squid-3.5.27.exheres-0
+++ b/packages/net-proxy/squid/squid-3.5.27-r1.exheres-0
@@ -5,3 +5,8 @@ require squid
PLATFORMS="~amd64 ~x86"
+DEFAULT_SRC_PREPARE_PATCHES+=(
+ "${FILES}"/${PN}-3.5.27-SQUID-2018_1.patch
+ "${FILES}"/${PN}-3.5.27-SQUID-2018_2.patch
+)
+
diff --git a/packages/net-proxy/squid/squid.exlib b/packages/net-proxy/squid/squid.exlib
index 6705b85..c16fc91 100644
--- a/packages/net-proxy/squid/squid.exlib
+++ b/packages/net-proxy/squid/squid.exlib
@@ -82,6 +82,10 @@ DEFAULT_SRC_INSTALL_EXTRA_DOCS=(
SPONSORS
)
+DEFAULT_SRC_PREPARE_PATCHES=(
+ "${FILES}"/${PN}-$(ever range 1-2)-defaults.patch
+)
+
squid_src_prepare() {
# multiarch
edo sed -e "s:@EXHOST@:$(exhost --target):" \
@@ -95,8 +99,6 @@ squid_src_prepare() {
edo sed -e 's:_LTDL_SETUP:LTDL_INIT([installable]):' \
-i libltdl/configure.ac
- expatch "${WORKBASE}"/${PN}-$(ever range 1-2)-defaults.patch
-
autotools_src_prepare
}