ports/75403: [Maintainer] www/squid: change handling of empty ACL declarations
Thomas-Martin Seck
tmseck at netcologne.de
Wed Dec 22 17:50:30 UTC 2004
>Number: 75403
>Category: ports
>Synopsis: [Maintainer] www/squid: change handling of empty ACL declarations
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: maintainer-update
>Submitter-Id: current-users
>Arrival-Date: Wed Dec 22 17:50:29 GMT 2004
>Closed-Date:
>Last-Modified:
>Originator: Thomas-Martin Seck
>Release: FreeBSD 4.10-STABLE i386
>Organization:
a private site in Germany
>Environment:
FreeBSD ports collection as of December 22, 2004.
>Description:
Integrate a vendor patch to change the way empty ACL definitions
are handled to avoid accidental foot-shooting (squid bug #1166).
Further details are available via the squid patch page
<http://www.squid-cache.org/Versions/v2/2.5/bugs/>.
security-team@ CC'ed since the vendor classified the problem as a minor(?)
security issue, proposed VuXML information follows (real entry date needs
to be filled in):
<vuln vid="a30e5e44-5440-11d9-9e1e-c296ac722cb3">
<topic>squid -- confusing results results on empty acl declarations</topic>
<affects>
<package>
<name>squid</name>
<range><lt>2.5.7_5</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The squid-2.5 patches pages notes:</p>
<blockquote cite="http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-empty_acls">
<p>The meaning of the access controls becomes somewhat
confusing if any of the referenced acls is declared empty,
without an members.</p>
<p>[Administrators should] pay attention to warnings from "squid -k
parse" and do not use configurations where there are warnings about
access controls in production.</p>
</blockquote>
</body>
</description>
<references>
<url>http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-empty_acls</url>
</references>
<dates>
<discovery>2004-12-21</discovery>
<entry>YYYY-MM-DD</entry>
</dates>
</vuln>
>How-To-Repeat:
>Fix:
Apply this patch:
Index: distinfo
===================================================================
--- distinfo (.../www/squid) (revision 310)
+++ distinfo (.../local/squid) (revision 310)
@@ -16,3 +16,5 @@
SIZE (squid2.5/squid-2.5.STABLE7-httpd_accel_vport.patch) = 843
MD5 (squid2.5/squid-2.5.STABLE7-cachemgr_vmobjects.patch) = fdde57025dbfb8caf9154e24b4e1bf3e
SIZE (squid2.5/squid-2.5.STABLE7-cachemgr_vmobjects.patch) = 6238
+MD5 (squid2.5/squid-2.5.STABLE7-empty_acls.patch) = 28423e8ee2359ec2537581fe2a79ecd6
+SIZE (squid2.5/squid-2.5.STABLE7-empty_acls.patch) = 4015
Index: Makefile
===================================================================
--- Makefile (.../www/squid) (revision 310)
+++ Makefile (.../local/squid) (revision 310)
@@ -74,7 +74,7 @@
PORTNAME= squid
PORTVERSION= 2.5.7
-PORTREVISION= 4
+PORTREVISION= 5
CATEGORIES= www
MASTER_SITES= \
ftp://ftp.squid-cache.org/pub/%SUBDIR%/ \
@@ -94,7 +94,8 @@
squid-2.5.STABLE7-blank_response.patch \
squid-2.5.STABLE7-dothost.patch \
squid-2.5.STABLE7-httpd_accel_vport.patch \
- squid-2.5.STABLE7-cachemgr_vmobjects.patch
+ squid-2.5.STABLE7-cachemgr_vmobjects.patch \
+ squid-2.5.STABLE7-empty_acls.patch
PATCH_DIST_STRIP= -p1
MAINTAINER= tmseck at netcologne.de
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list