OpenPKG CVS Repository http://cvs.openpkg.org/ ____________________________________________________________________________
Server: cvs.openpkg.org Name: Ralf S. Engelschall Root: /v/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-src Date: 10-Sep-2005 15:33:41 Branch: OPENPKG_2_4_SOLID Handle: 2005091014333701 Added files: (Branch: OPENPKG_2_4_SOLID) openpkg-src/squid squid.patch Modified files: (Branch: OPENPKG_2_4_SOLID) openpkg-src/squid squid.spec Log: apply security fixes (CAN-2005-2794, CAN-2005-2796) Summary: Revision Changes Path 1.2.10.1 +220 -0 openpkg-src/squid/squid.patch 1.79.2.2 +3 -1 openpkg-src/squid/squid.spec ____________________________________________________________________________ patch -p0 <<'@@ .' Index: openpkg-src/squid/squid.patch ============================================================================ $ cvs diff -u -r0 -r1.2.10.1 squid.patch --- /dev/null 2005-09-10 15:33:17 +0200 +++ squid.patch 2005-09-10 15:33:40 +0200 @@ -0,0 +1,220 @@ +Security Fix +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2794 +http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE10-STORE_PENDING + +Index: src/cache_manager.c +--- src/cache_manager.c.orig 2001-02-23 21:59:50 +0100 ++++ src/cache_manager.c 2005-09-10 15:26:48 +0200 +@@ -250,8 +250,7 @@ + /* retrieve object requested */ + a = cachemgrFindAction(mgr->action); + assert(a != NULL); +- if (a->flags.atomic) +- storeBuffer(entry); ++ storeBuffer(entry); + { + http_version_t version; + HttpReply *rep = entry->mem_obj->reply; +@@ -269,10 +268,9 @@ + httpReplySwapOut(rep, entry); + } + a->handler(entry); +- if (a->flags.atomic) { +- storeBufferFlush(entry); ++ storeBufferFlush(entry); ++ if (a->flags.atomic) + storeComplete(entry); +- } + cachemgrStateFree(mgr); + } + +Index: src/ftp.c +--- src/ftp.c.orig 2005-03-26 03:50:53 +0100 ++++ src/ftp.c 2005-09-10 15:27:48 +0200 +@@ -366,7 +366,6 @@ + char *dirup; + int i, j, k; + char *title; +- storeBuffer(e); + storeAppendPrintf(e, "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\" \"http://www.w3.org/TR/html4/loose.dtd\">\n"); + storeAppendPrintf(e, "<!-- HTML listing generated by Squid %s -->\n", + version_string); +@@ -420,7 +419,6 @@ + storeAppendPrintf(e, "<PRE>\n"); + dirup = ftpHtmlifyListEntry("<internal-dirup>", ftpState); + storeAppend(e, dirup, strlen(dirup)); +- storeBufferFlush(e); + ftpState->flags.html_header_sent = 1; + } + +@@ -428,7 +426,6 @@ + ftpListingFinish(FtpStateData * ftpState) + { + StoreEntry *e = ftpState->entry; +- storeBuffer(e); + storeAppendPrintf(e, "</PRE>\n"); + if (ftpState->flags.listformat_unknown && !ftpState->flags.tried_nlst) { + storeAppendPrintf(e, "<A HREF=\"./;type=d\">[As plain directory]</A>\n"); +@@ -443,7 +440,6 @@ + getMyHostname(), + full_appname_string); + storeAppendPrintf(e, "</ADDRESS></BODY></HTML>\n"); +- storeBufferFlush(e); + } + + static const char *Month[] = +@@ -851,7 +847,7 @@ + debug(9, 3) ("ftpParseListing: %d bytes to play with\n", (int) len); + line = memAllocate(MEM_4K_BUF); + end++; +- storeBuffer(e); ++ storeBuffer(e); /* released when done processing current data payload */ + s = sbuf; + s += strspn(s, crlf); + for (; s < end; s += strcspn(s, crlf), s += strspn(s, crlf)) { +@@ -869,7 +865,6 @@ + assert(t != NULL); + storeAppend(e, t, strlen(t)); + } +- storeBufferFlush(e); + assert(usable <= len); + if (usable < len) { + /* must copy partial line to beginning of buf */ +@@ -974,6 +969,7 @@ + storeAppend(entry, ftpState->data.buf, len); + ftpState->data.offset = 0; + } ++ storeBufferFlush(entry); + commSetSelect(fd, + COMM_SELECT_READ, + ftpDataRead, +@@ -2530,7 +2526,6 @@ + else + err->ftp.reply = xstrdup(""); + errorAppendEntry(ftpState->entry, err); +- storeBufferFlush(ftpState->entry); + ftpSendQuit(ftpState); + } + +@@ -2551,6 +2546,7 @@ + ftpState->flags.http_header_sent = 1; + assert(e->mem_obj->inmem_hi == 0); + EBIT_CLR(e->flags, ENTRY_FWD_HDR_WAIT); ++ storeBuffer(e); /* released when done processing current data payload */ + filename = (t = strRChr(urlpath, '/')) ? t + 1 : strBuf(urlpath); + if (ftpState->flags.isdir) { + mime_type = "text/html"; +@@ -2569,7 +2565,6 @@ + break; + } + } +- storeBuffer(e); + httpReplyReset(reply); + /* set standard stuff */ + if (ftpState->restarted_offset) { +@@ -2591,7 +2586,6 @@ + if (mime_enc) + httpHeaderPutStr(&reply->header, HDR_CONTENT_ENCODING, mime_enc); + httpReplySwapOut(reply, e); +- storeBufferFlush(e); + reply->hdr_sz = e->mem_obj->inmem_hi; + storeTimestampsSet(e); + if (ftpState->flags.authenticated) { +Index: src/gopher.c +--- src/gopher.c.orig 2005-01-12 07:04:01 +0100 ++++ src/gopher.c 2005-09-10 15:26:48 +0200 +@@ -732,29 +732,28 @@ + * OK. We successfully reach remote site. Start MIME typing + * stuff. Do it anyway even though request is not HTML type. + */ ++ storeBuffer(entry); + gopherMimeCreate(gopherState); + switch (gopherState->type_id) { + case GOPHER_DIRECTORY: + /* we got to convert it first */ +- storeBuffer(entry); + gopherState->conversion = HTML_DIR; + gopherState->HTML_header_added = 0; + break; + case GOPHER_INDEX: + /* we got to convert it first */ +- storeBuffer(entry); + gopherState->conversion = HTML_INDEX_RESULT; + gopherState->HTML_header_added = 0; + break; + case GOPHER_CSO: + /* we got to convert it first */ +- storeBuffer(entry); + gopherState->conversion = HTML_CSO_RESULT; + gopherState->cso_recno = 0; + gopherState->HTML_header_added = 0; + break; + default: + gopherState->conversion = NORMAL; ++ storeBufferFlush(entry); + } + /* Schedule read reply. */ + commSetSelect(fd, COMM_SELECT_READ, gopherReadReply, gopherState, 0); +Index: src/store.c +--- src/store.c.orig 2005-03-26 03:50:53 +0100 ++++ src/store.c 2005-09-10 15:26:48 +0200 +@@ -1232,9 +1232,11 @@ + void + storeBufferFlush(StoreEntry * e) + { +- EBIT_CLR(e->flags, DELAY_SENDING); +- InvokeHandlers(e); +- storeSwapOut(e); ++ if (EBIT_TEST(e->flags, DELAY_SENDING)) { ++ EBIT_CLR(e->flags, DELAY_SENDING); ++ InvokeHandlers(e); ++ storeSwapOut(e); ++ } + } + + squid_off_t +Index: src/whois.c +--- src/whois.c.orig 2001-04-14 02:03:24 +0200 ++++ src/whois.c 2005-09-10 15:26:48 +0200 +@@ -97,12 +97,19 @@ + debug(75, 3) ("whoisReadReply: FD %d read %d bytes\n", fd, len); + debug(75, 5) ("{%s}\n", buf); + if (len > 0) { +- if (0 == mem->inmem_hi) +- mem->reply->sline.status = HTTP_OK; ++ if (0 == mem->inmem_hi) { ++ http_reply *reply = mem->reply; ++ http_version_t version; ++ storeBuffer(entry); ++ httpBuildVersion(&version, 1, 0); ++ httpReplySetHeaders(reply, version, HTTP_OK, "Gatewaying", "text/plain", -1, -1, -2); ++ httpReplySwapOut(reply, entry); ++ } + fd_bytes(fd, len, FD_READ); + kb_incr(&statCounter.server.all.kbytes_in, len); + kb_incr(&statCounter.server.http.kbytes_in, len); + storeAppend(entry, buf, len); ++ storeBufferFlush(entry); + commSetSelect(fd, COMM_SELECT_READ, whoisReadReply, p, Config.Timeout.read); + } else if (len < 0) { + debug(50, 2) ("whoisReadReply: FD %d: read failure: %s.\n", + +--------------------------------------------------------------------------- + +Security Fix +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2796 +http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE10-sslConnectTimeout + +Index: src/ssl.c +--- src/ssl.c.orig 2005-04-18 02:54:30 +0200 ++++ src/ssl.c 2005-09-10 15:28:33 +0200 +@@ -106,6 +106,8 @@ + sslState->client.fd = -1; + if (sslState->server.fd == -1) + sslStateFree(sslState); ++ else if (!sslState->connected) ++ comm_close(sslState->server.fd); + } + + static void + @@ . patch -p0 <<'@@ .' Index: openpkg-src/squid/squid.spec ============================================================================ $ cvs diff -u -r1.79.2.1 -r1.79.2.2 squid.spec --- openpkg-src/squid/squid.spec 15 Jun 2005 19:06:23 -0000 1.79.2.1 +++ openpkg-src/squid/squid.spec 10 Sep 2005 13:33:38 -0000 1.79.2.2 @@ -38,7 +38,7 @@ Group: Web License: GPL Version: %{V_maj}.%{V_min}.%{V_rev} -Release: 2.4.0 +Release: 2.4.1 # package options %option with_fsl yes @@ -50,6 +50,7 @@ Source0: http://www.squid-cache.org/Versions/v%{V_maj}/%{V_maj}.%{V_min}/squid-%{V_maj}.%{V_min}.STABLE%{V_rev}.tar.gz Source1: rc.squid Source2: fsl.squid +Patch0: squid.patch # build information Prefix: %{l_prefix} @@ -85,6 +86,7 @@ %prep %setup -q -n squid-%{V_maj}.%{V_min}.STABLE%{V_rev} + %patch -p0 %if "%{with_ntlm}" == "yes" %{l_shtool} subst \ -e 's;/usr/bin/perl;%{l_prefix}/bin/perl;' \ @@ . ______________________________________________________________________ The OpenPKG Project www.openpkg.org CVS Repository Commit List openpkg-cvs@openpkg.org