OpenPKG CVS Repository
http://cvs.openpkg.org/
____________________________________________________________________________
Server: cvs.openpkg.org Name: Ralf S. Engelschall
Root: /v/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-src Date: 10-Sep-2005 15:33:41
Branch: OPENPKG_2_4_SOLID Handle: 2005091014333701
Added files: (Branch: OPENPKG_2_4_SOLID)
openpkg-src/squid squid.patch
Modified files: (Branch: OPENPKG_2_4_SOLID)
openpkg-src/squid squid.spec
Log:
apply security fixes (CAN-2005-2794, CAN-2005-2796)
Summary:
Revision Changes Path
1.2.10.1 +220 -0 openpkg-src/squid/squid.patch
1.79.2.2 +3 -1 openpkg-src/squid/squid.spec
____________________________________________________________________________
patch -p0 <<'@@ .'
Index: openpkg-src/squid/squid.patch
============================================================================
$ cvs diff -u -r0 -r1.2.10.1 squid.patch
--- /dev/null 2005-09-10 15:33:17 +0200
+++ squid.patch 2005-09-10 15:33:40 +0200
@@ -0,0 +1,220 @@
+Security Fix
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2794
+http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE10-STORE_PENDING
+
+Index: src/cache_manager.c
+--- src/cache_manager.c.orig 2001-02-23 21:59:50 +0100
++++ src/cache_manager.c 2005-09-10 15:26:48 +0200
+@@ -250,8 +250,7 @@
+ /* retrieve object requested */
+ a = cachemgrFindAction(mgr->action);
+ assert(a != NULL);
+- if (a->flags.atomic)
+- storeBuffer(entry);
++ storeBuffer(entry);
+ {
+ http_version_t version;
+ HttpReply *rep = entry->mem_obj->reply;
+@@ -269,10 +268,9 @@
+ httpReplySwapOut(rep, entry);
+ }
+ a->handler(entry);
+- if (a->flags.atomic) {
+- storeBufferFlush(entry);
++ storeBufferFlush(entry);
++ if (a->flags.atomic)
+ storeComplete(entry);
+- }
+ cachemgrStateFree(mgr);
+ }
+
+Index: src/ftp.c
+--- src/ftp.c.orig 2005-03-26 03:50:53 +0100
++++ src/ftp.c 2005-09-10 15:27:48 +0200
+@@ -366,7 +366,6 @@
+ char *dirup;
+ int i, j, k;
+ char *title;
+- storeBuffer(e);
+ storeAppendPrintf(e, "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01
Transitional//EN\" \"http://www.w3.org/TR/html4/loose.dtd\";>\n");
+ storeAppendPrintf(e, "<!-- HTML listing generated by Squid %s -->\n",
+ version_string);
+@@ -420,7 +419,6 @@
+ storeAppendPrintf(e, "<PRE>\n");
+ dirup = ftpHtmlifyListEntry("<internal-dirup>", ftpState);
+ storeAppend(e, dirup, strlen(dirup));
+- storeBufferFlush(e);
+ ftpState->flags.html_header_sent = 1;
+ }
+
+@@ -428,7 +426,6 @@
+ ftpListingFinish(FtpStateData * ftpState)
+ {
+ StoreEntry *e = ftpState->entry;
+- storeBuffer(e);
+ storeAppendPrintf(e, "</PRE>\n");
+ if (ftpState->flags.listformat_unknown && !ftpState->flags.tried_nlst) {
+ storeAppendPrintf(e, "<A HREF=\"./;type=d\">[As plain
directory]</A>\n");
+@@ -443,7 +440,6 @@
+ getMyHostname(),
+ full_appname_string);
+ storeAppendPrintf(e, "</ADDRESS></BODY></HTML>\n");
+- storeBufferFlush(e);
+ }
+
+ static const char *Month[] =
+@@ -851,7 +847,7 @@
+ debug(9, 3) ("ftpParseListing: %d bytes to play with\n", (int) len);
+ line = memAllocate(MEM_4K_BUF);
+ end++;
+- storeBuffer(e);
++ storeBuffer(e); /* released when done processing current data
payload */
+ s = sbuf;
+ s += strspn(s, crlf);
+ for (; s < end; s += strcspn(s, crlf), s += strspn(s, crlf)) {
+@@ -869,7 +865,6 @@
+ assert(t != NULL);
+ storeAppend(e, t, strlen(t));
+ }
+- storeBufferFlush(e);
+ assert(usable <= len);
+ if (usable < len) {
+ /* must copy partial line to beginning of buf */
+@@ -974,6 +969,7 @@
+ storeAppend(entry, ftpState->data.buf, len);
+ ftpState->data.offset = 0;
+ }
++ storeBufferFlush(entry);
+ commSetSelect(fd,
+ COMM_SELECT_READ,
+ ftpDataRead,
+@@ -2530,7 +2526,6 @@
+ else
+ err->ftp.reply = xstrdup("");
+ errorAppendEntry(ftpState->entry, err);
+- storeBufferFlush(ftpState->entry);
+ ftpSendQuit(ftpState);
+ }
+
+@@ -2551,6 +2546,7 @@
+ ftpState->flags.http_header_sent = 1;
+ assert(e->mem_obj->inmem_hi == 0);
+ EBIT_CLR(e->flags, ENTRY_FWD_HDR_WAIT);
++ storeBuffer(e); /* released when done processing current data
payload */
+ filename = (t = strRChr(urlpath, '/')) ? t + 1 : strBuf(urlpath);
+ if (ftpState->flags.isdir) {
+ mime_type = "text/html";
+@@ -2569,7 +2565,6 @@
+ break;
+ }
+ }
+- storeBuffer(e);
+ httpReplyReset(reply);
+ /* set standard stuff */
+ if (ftpState->restarted_offset) {
+@@ -2591,7 +2586,6 @@
+ if (mime_enc)
+ httpHeaderPutStr(&reply->header, HDR_CONTENT_ENCODING, mime_enc);
+ httpReplySwapOut(reply, e);
+- storeBufferFlush(e);
+ reply->hdr_sz = e->mem_obj->inmem_hi;
+ storeTimestampsSet(e);
+ if (ftpState->flags.authenticated) {
+Index: src/gopher.c
+--- src/gopher.c.orig 2005-01-12 07:04:01 +0100
++++ src/gopher.c 2005-09-10 15:26:48 +0200
+@@ -732,29 +732,28 @@
+ * OK. We successfully reach remote site. Start MIME typing
+ * stuff. Do it anyway even though request is not HTML type.
+ */
++ storeBuffer(entry);
+ gopherMimeCreate(gopherState);
+ switch (gopherState->type_id) {
+ case GOPHER_DIRECTORY:
+ /* we got to convert it first */
+- storeBuffer(entry);
+ gopherState->conversion = HTML_DIR;
+ gopherState->HTML_header_added = 0;
+ break;
+ case GOPHER_INDEX:
+ /* we got to convert it first */
+- storeBuffer(entry);
+ gopherState->conversion = HTML_INDEX_RESULT;
+ gopherState->HTML_header_added = 0;
+ break;
+ case GOPHER_CSO:
+ /* we got to convert it first */
+- storeBuffer(entry);
+ gopherState->conversion = HTML_CSO_RESULT;
+ gopherState->cso_recno = 0;
+ gopherState->HTML_header_added = 0;
+ break;
+ default:
+ gopherState->conversion = NORMAL;
++ storeBufferFlush(entry);
+ }
+ /* Schedule read reply. */
+ commSetSelect(fd, COMM_SELECT_READ, gopherReadReply, gopherState, 0);
+Index: src/store.c
+--- src/store.c.orig 2005-03-26 03:50:53 +0100
++++ src/store.c 2005-09-10 15:26:48 +0200
+@@ -1232,9 +1232,11 @@
+ void
+ storeBufferFlush(StoreEntry * e)
+ {
+- EBIT_CLR(e->flags, DELAY_SENDING);
+- InvokeHandlers(e);
+- storeSwapOut(e);
++ if (EBIT_TEST(e->flags, DELAY_SENDING)) {
++ EBIT_CLR(e->flags, DELAY_SENDING);
++ InvokeHandlers(e);
++ storeSwapOut(e);
++ }
+ }
+
+ squid_off_t
+Index: src/whois.c
+--- src/whois.c.orig 2001-04-14 02:03:24 +0200
++++ src/whois.c 2005-09-10 15:26:48 +0200
+@@ -97,12 +97,19 @@
+ debug(75, 3) ("whoisReadReply: FD %d read %d bytes\n", fd, len);
+ debug(75, 5) ("{%s}\n", buf);
+ if (len > 0) {
+- if (0 == mem->inmem_hi)
+- mem->reply->sline.status = HTTP_OK;
++ if (0 == mem->inmem_hi) {
++ http_reply *reply = mem->reply;
++ http_version_t version;
++ storeBuffer(entry);
++ httpBuildVersion(&version, 1, 0);
++ httpReplySetHeaders(reply, version, HTTP_OK, "Gatewaying",
"text/plain", -1, -1, -2);
++ httpReplySwapOut(reply, entry);
++ }
+ fd_bytes(fd, len, FD_READ);
+ kb_incr(&statCounter.server.all.kbytes_in, len);
+ kb_incr(&statCounter.server.http.kbytes_in, len);
+ storeAppend(entry, buf, len);
++ storeBufferFlush(entry);
+ commSetSelect(fd, COMM_SELECT_READ, whoisReadReply, p,
Config.Timeout.read);
+ } else if (len < 0) {
+ debug(50, 2) ("whoisReadReply: FD %d: read failure: %s.\n",
+
+---------------------------------------------------------------------------
+
+Security Fix
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2796
+http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE10-sslConnectTimeout
+
+Index: src/ssl.c
+--- src/ssl.c.orig 2005-04-18 02:54:30 +0200
++++ src/ssl.c 2005-09-10 15:28:33 +0200
+@@ -106,6 +106,8 @@
+ sslState->client.fd = -1;
+ if (sslState->server.fd == -1)
+ sslStateFree(sslState);
++ else if (!sslState->connected)
++ comm_close(sslState->server.fd);
+ }
+
+ static void
+
@@ .
patch -p0 <<'@@ .'
Index: openpkg-src/squid/squid.spec
============================================================================
$ cvs diff -u -r1.79.2.1 -r1.79.2.2 squid.spec
--- openpkg-src/squid/squid.spec 15 Jun 2005 19:06:23 -0000 1.79.2.1
+++ openpkg-src/squid/squid.spec 10 Sep 2005 13:33:38 -0000 1.79.2.2
@@ -38,7 +38,7 @@
Group: Web
License: GPL
Version: %{V_maj}.%{V_min}.%{V_rev}
-Release: 2.4.0
+Release: 2.4.1
# package options
%option with_fsl yes
@@ -50,6 +50,7 @@
Source0:
http://www.squid-cache.org/Versions/v%{V_maj}/%{V_maj}.%{V_min}/squid-%{V_maj}.%{V_min}.STABLE%{V_rev}.tar.gz
Source1: rc.squid
Source2: fsl.squid
+Patch0: squid.patch
# build information
Prefix: %{l_prefix}
@@ -85,6 +86,7 @@
%prep
%setup -q -n squid-%{V_maj}.%{V_min}.STABLE%{V_rev}
+ %patch -p0
%if "%{with_ntlm}" == "yes"
%{l_shtool} subst \
-e 's;/usr/bin/perl;%{l_prefix}/bin/perl;' \
@@ .
______________________________________________________________________
The OpenPKG Project www.openpkg.org
CVS Repository Commit List openpkg-cvs@openpkg.org
