ports/85688: [Maintainer] [Security]
Thomas-Martin Seck
tmseck at netcologne.de
Sat Sep 3 10:30:11 UTC 2005
>Number: 85688
>Category: ports
>Synopsis: [Maintainer] [Security]
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: maintainer-update
>Submitter-Id: current-users
>Arrival-Date: Sat Sep 03 10:30:09 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator: Thomas-Martin Seck
>Release: FreeBSD 4.11-STABLE i386
>Organization:
a private site in Germany
>Environment:
FreeBSD ports collection as of Sept 3, 2005.
>Description:
Integrate vendor patches as published on
<http://www.squid-cache.org/Versions/v2/2.5/bugs/>.
See below for basic VuXML information concerning two possibly security related
issues.
- Fix somewhat messed up titles in FTP listings (squid bug #1220)
- FTP listings use "BASE HREF" much more than necessary (squid bug #1204)
- Cleanups for 64bit architectures (squid bug #1316)
- Allow wb_ntlm_auth to run more silent (squid bug #518)
- Add a new 'mail_program' configuration option
- Fix a possible denial of service condition regarding sslConnectTimeout
(squid bug #1355, Secunia Advisory SA16674)
- Avoid a possible assertion failure in StatHist.c (squid bug #1325)
- Fix issues regarding chroot'ed installations on 'squid -k reconfigure'
(squid bug #1331)
- Make URLs in error pages more consistent and less confusing (squid bug #1342)
- Fix compilation when _FORTIFY_SOURCE is defined (squid bug #1344)
- Fix handling of unexpected 250 replies from certain odd FTP servers
(squid bug #1348)
- Add Greek error pages (squid bug #1351)
- Fix a possible denial of service condition with regards to aborted requests
(squid bug #1368)
- Fix the -U option of squid_ldap_auth (squid bug #1370)
- Fix the output of the SNMP cacheClientTable for IP adresses that consist of
16 digits (squid bug #1375)
- Make the From: field of mails sent from squid configurable to avoid
mails getting lost due to spam filtering (squid bug #1380)
<vuln vid="4e210d72-1c5c-11da-92ce-0048543d60ce">
<topic>squid -- Denial Of Service Vulnerability in sslConnectTimeout</topic>
<affects>
<package>
<name>squid</name>
<range><lt>2.5.10_5</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The squid patches page notes:</p>
<blockquote cite="http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE10-sslConnectTimeout">
<p>After certain slightly odd requests Squid crashes with a segmentation fault in sslConnectTimeout.</p>
</blockquote>
</body>
</description>
<references>
<url>http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE10-sslConnectTimeout</url>
<url>http://www.squid-cache.org/bugs/show_bug.cgi?id=1355</url>
<url>http://secunia.com/advisories/16674/</url>
</references>
<dates>
<discovery>2005-07-21</discovery>
<entry>YYYY-MM-DD</entry>
</dates>
</vuln>
<vuln vid="0c0dc409-1c5e-11da-92ce-0048543d60ce">
<topic>squid -- Possible Denial Of Service Vulnerability in store.c</topic>
<affects>
<package>
<name>squid</name>
<range><lt>2.5.10_5</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The squid patches page notes:</p>
<blockquote cite="http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE10-STORE_PENDING">
<p>Squid crashes with the above assertion failure [assertion failed:
store.c:523: "e->store_status == STORE_PENDING"] in certain
conditions involving aborted requests.</p>
</blockquote>
</body>
</description>
<references>
<url>http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE10-STORE_PENDING</url>
<url>http://www.squid-cache.org/bugs/show_bug.cgi?id=1368</url>
</references>
<dates>
<discovery>2005-08-02</discovery>
<entry>YYYY-MM-DD</entry>
</dates>
</vuln>
>How-To-Repeat:
>Fix:
Apply this patch:
Index: distinfo
===================================================================
--- distinfo (.../www/squid) (revision 557)
+++ distinfo (.../local/squid) (revision 557)
@@ -16,3 +16,37 @@
SIZE (squid2.5/squid-2.5.STABLE10-cache_dir_change.patch) = 2843
MD5 (squid2.5/squid-2.5.STABLE10-snmp_getnext.patch) = 187e8312b9c3b1f80ce78eb6470f4d6d
SIZE (squid2.5/squid-2.5.STABLE10-snmp_getnext.patch) = 1012
+MD5 (squid2.5/squid-2.5.STABLE10-ftp_title-2.patch) = b94e9fdd7a26942debb794df61670f61
+SIZE (squid2.5/squid-2.5.STABLE10-ftp_title-2.patch) = 4240
+MD5 (squid2.5/squid-2.5.STABLE10-ftp_basehref.patch) = a12a2ef50275589c65238a2383dae4b9
+SIZE (squid2.5/squid-2.5.STABLE10-ftp_basehref.patch) = 8250
+MD5 (squid2.5/squid-2.5.STABLE10-wbinfo_groups.patch) = 6ae4e46ee7ba4c07fe159089d6ca43ad
+SIZE (squid2.5/squid-2.5.STABLE10-wbinfo_groups.patch) = 1245
+MD5 (squid2.5/squid-2.5.STABLE10-64bit_cleanup.patch) = 6577071c711c2b03b7540813d6fd9bcb
+SIZE (squid2.5/squid-2.5.STABLE10-64bit_cleanup.patch) = 21491
+MD5 (squid2.5/squid-2.5.STABLE10-wb_ntlm_auth_silent.patch) = 1872b550bb3346a7817ecfff4b3c1c12
+SIZE (squid2.5/squid-2.5.STABLE10-wb_ntlm_auth_silent.patch) = 2035
+MD5 (squid2.5/squid-2.5.STABLE10-mail_program.patch) = a8cf7b7fea4c2dc7930d5eda88866e00
+SIZE (squid2.5/squid-2.5.STABLE10-mail_program.patch) = 1922
+MD5 (squid2.5/squid-2.5.STABLE10-sslConnectTimeout.patch) = f8e0a52bcd4771809b414e60108394ae
+SIZE (squid2.5/squid-2.5.STABLE10-sslConnectTimeout.patch) = 426
+MD5 (squid2.5/squid-2.5.STABLE10-statHistAssert.patch) = 6c523256183b8b71935f92163ef2446d
+SIZE (squid2.5/squid-2.5.STABLE10-statHistAssert.patch) = 738
+MD5 (squid2.5/squid-2.5.STABLE10-chroot_dir.patch) = 0ed67d475016e10647112ca83988447f
+SIZE (squid2.5/squid-2.5.STABLE10-chroot_dir.patch) = 685
+MD5 (squid2.5/squid-2.5.STABLE10-errmsg.patch) = fa3e859b2850f30c5df8b6601bc32b72
+SIZE (squid2.5/squid-2.5.STABLE10-errmsg.patch) = 19050
+MD5 (squid2.5/squid-2.5.STABLE10-FORTIFY_SOURCE.patch) = a30ea35f5675532d3e6993df4e944766
+SIZE (squid2.5/squid-2.5.STABLE10-FORTIFY_SOURCE.patch) = 2397
+MD5 (squid2.5/squid-2.5.STABLE10-ftp_250.patch) = 36e143222b2e337927e6264243183808
+SIZE (squid2.5/squid-2.5.STABLE10-ftp_250.patch) = 2090
+MD5 (squid2.5/squid-2.5.STABLE10-Greek.patch) = 520132a389135f09512324ec54412a3c
+SIZE (squid2.5/squid-2.5.STABLE10-Greek.patch) = 37463
+MD5 (squid2.5/squid-2.5.STABLE10-STORE_PENDING.patch) = 859947945228575403ba387d1a12f154
+SIZE (squid2.5/squid-2.5.STABLE10-STORE_PENDING.patch) = 9169
+MD5 (squid2.5/squid-2.5.STABLE10-ldap_auth-U.patch) = 559d847418cb6e8bc0ac64ea83c6f1ce
+SIZE (squid2.5/squid-2.5.STABLE10-ldap_auth-U.patch) = 1380
+MD5 (squid2.5/squid-2.5.STABLE10-cacheClientTable.patch) = d3e76dbab6c22dcb18eeaf63d125e174
+SIZE (squid2.5/squid-2.5.STABLE10-cacheClientTable.patch) = 632
+MD5 (squid2.5/squid-2.5.STABLE10-mail_from.patch) = 8a944c1d3f3bac0d1dadcb7aace0ad68
+SIZE (squid2.5/squid-2.5.STABLE10-mail_from.patch) = 1863
Index: Makefile
===================================================================
--- Makefile (.../www/squid) (revision 557)
+++ Makefile (.../local/squid) (revision 557)
@@ -66,7 +66,7 @@
PORTNAME= squid
PORTVERSION= 2.5.10
-PORTREVISION= 4
+PORTREVISION= 5
CATEGORIES= www
MASTER_SITES= \
ftp://ftp.squid-cache.org/pub/%SUBDIR%/ \
@@ -86,7 +86,24 @@
squid-2.5.STABLE10-transparent-2.patch \
squid-2.5.STABLE10-redirect_flags.patch \
squid-2.5.STABLE10-cache_dir_change.patch \
- squid-2.5.STABLE10-snmp_getnext.patch
+ squid-2.5.STABLE10-snmp_getnext.patch \
+ squid-2.5.STABLE10-ftp_title-2.patch \
+ squid-2.5.STABLE10-ftp_basehref.patch \
+ squid-2.5.STABLE10-wbinfo_groups.patch \
+ squid-2.5.STABLE10-64bit_cleanup.patch \
+ squid-2.5.STABLE10-wb_ntlm_auth_silent.patch \
+ squid-2.5.STABLE10-mail_program.patch \
+ squid-2.5.STABLE10-sslConnectTimeout.patch \
+ squid-2.5.STABLE10-statHistAssert.patch \
+ squid-2.5.STABLE10-chroot_dir.patch \
+ squid-2.5.STABLE10-errmsg.patch \
+ squid-2.5.STABLE10-FORTIFY_SOURCE.patch \
+ squid-2.5.STABLE10-ftp_250.patch \
+ squid-2.5.STABLE10-Greek.patch \
+ squid-2.5.STABLE10-STORE_PENDING.patch \
+ squid-2.5.STABLE10-ldap_auth-U.patch \
+ squid-2.5.STABLE10-cacheClientTable.patch \
+ squid-2.5.STABLE10-mail_from.patch
PATCH_DIST_STRIP= -p1
MAINTAINER= tmseck at netcologne.de
@@ -327,7 +344,7 @@
SQUID_LANGUAGES?= \
Bulgarian Catalan Czech Danish Dutch English Estonian Finnish \
- French German Hebrew Hungarian Italian Japanese Korean Lithuanian \
+ French German Greek Hebrew Hungarian Italian Japanese Korean Lithuanian \
Polish Portuguese Romanian Russian-1251 Russian-koi8-r Serbian \
Simplify_Chinese Slovak Spanish Swedish Traditional_Chinese Turkish
SQUID_DEFAULT_LANG?= English
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list