ports/143452: [Maintainer] [Security] www/squid30, www/squid31: patch to address Squid Advisory 2010:1

Thomas-Martin Seck tmseck at web.de
Mon Feb 1 21:00:09 UTC 2010 

>Number:         143452
>Category:       ports
>Synopsis:       [Maintainer] [Security] www/squid30, www/squid31: patch to address Squid Advisory 2010:1
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          maintainer-update
>Submitter-Id:   current-users
>Arrival-Date:   Mon Feb 01 21:00:08 UTC 2010
>Closed-Date:
>Last-Modified:
>Originator:     Thomas-Martin Seck
>Release:        FreeBSD 8.0-RELEASE amd64
>Organization:
a private site in Germany
>Environment:
FreeBSD ports collection as of February 1, 2010.

	
>Description:

As noted in ports/143451, the new releases of Squid-3.0 and Squid-3.1
that are supposed to address Squid-2010:1 and other bugs do not build.

Include the vendor patches 9151 (Squid-3.0) and 9853 (Squid-3.1) in the
meantime, these seem to address this particular issue, like Changeset
12597 does for Squid-2.7.

Please update Vuln 296ecb59-0f6b-11df-8bab-0019996bc1f7 to reflect that
3.0.21_1 and 3.1.0.15_2 are (hopefully) not vulnerable.

	
>How-To-Repeat:
	
>Fix:
Update for www/squid30:

Index: Makefile
===================================================================
--- Makefile	(.../www/squid30)	(Revision 1749)
+++ Makefile	(.../local/squid30)	(Revision 1749)
@@ -61,6 +61,7 @@
 
 PORTNAME=	squid
 PORTVERSION=	3.0.${SQUID_STABLE_VER}
+PORTREVISION=	1
 CATEGORIES=	www
 MASTER_SITES=	ftp://ftp.squid-cache.org/pub/%SUBDIR%/ \
 		ftp://mirrors.24-7-solutions.net/pub/squid/%SUBDIR%/ \
@@ -92,7 +93,7 @@
 		http://www1.jp.squid-cache.org/%SUBDIR%/ \
 		http://www1.tw.squid-cache.org/%SUBDIR%/
 PATCH_SITE_SUBDIR=	Versions/v3/3.0/changesets
-PATCHFILES=
+PATCHFILES=	squid-3.0-9151.patch
 
 MAINTAINER=	tmseck at web.de
 COMMENT=	HTTP Caching Proxy
@@ -236,8 +237,7 @@
 			--enable-ntlm-auth-helpers="SMB"
 # POLA: allow the old global make.conf(5) (pre src.conf(5)) defines, too:
 .if defined(WITH_SQUID_KERB_AUTH) && !defined(NO_KERBEROS) && !defined(WITHOUT_KERBEROS)
-# XXX This currently only works with heimdal from the base system,
-#     see files/patch-squid_kerb_auth:
+# XXX This currently only works with heimdal from the base system.
 CONFIGURE_ARGS+=	--enable-negotiate-auth-helpers="squid_kerb_auth"
 libexec+=	squid_kerb_auth
 .endif
Index: distinfo
===================================================================
--- distinfo	(.../www/squid30)	(Revision 1749)
+++ distinfo	(.../local/squid30)	(Revision 1749)
@@ -1,3 +1,6 @@
 MD5 (squid3.0/squid-3.0.STABLE21.tar.bz2) = 279168fe1fe5b38bbf6eee12babbc4ad
 SHA256 (squid3.0/squid-3.0.STABLE21.tar.bz2) = 07114935b7aed9df42524e84f6a634849d4bcafd513bf118881aa5cc58911f7b
 SIZE (squid3.0/squid-3.0.STABLE21.tar.bz2) = 1802875
+MD5 (squid3.0/squid-3.0-9151.patch) = 1ba452e3f8d730848f77e3138a7ec805
+SHA256 (squid3.0/squid-3.0-9151.patch) = d402e853381d661be3b21260205f579d88373881a861ec6bd7944477632d1c5b
+SIZE (squid3.0/squid-3.0-9151.patch) = 1281

Update for www/squid31:

Index: Makefile
===================================================================
--- Makefile	(.../www/squid31)	(Revision 1746)
+++ Makefile	(.../local/squid31)	(Revision 1746)
@@ -53,7 +53,7 @@
 
 PORTNAME=	squid
 PORTVERSION=	3.1.0.${SQUID_BETA_VER}
-PORTREVISION=	1
+PORTREVISION=	2
 CATEGORIES=	www ipv6
 MASTER_SITES=	ftp://ftp.squid-cache.org/pub/%SUBDIR%/ \
 		ftp://mirrors.24-7-solutions.net/pub/squid/%SUBDIR%/ \
@@ -91,7 +91,8 @@
 		squid-3.1-9822.patch \
 		squid-3.1-9823.patch \
 		squid-3.1-9825.patch \
-		squid-3.1-9826.patch
+		squid-3.1-9826.patch \
+		squid-3.1-9853.patch
 
 MAINTAINER=	tmseck at web.de
 COMMENT=	HTTP Caching Proxy (BETA Version)
Index: distinfo
===================================================================
--- distinfo	(.../www/squid31)	(Revision 1746)
+++ distinfo	(.../local/squid31)	(Revision 1746)
@@ -22,3 +22,6 @@
 MD5 (squid3.1/squid-3.1-9826.patch) = 02a49a40917c50995a37d2d29c80591c
 SHA256 (squid3.1/squid-3.1-9826.patch) = e4041f02c4233d664afbbd3bb472865dddb7d9187181acf9542bd650b6f8ffc0
 SIZE (squid3.1/squid-3.1-9826.patch) = 3915
+MD5 (squid3.1/squid-3.1-9853.patch) = afa851481af4e7d173a0be9f0ff4e75d
+SHA256 (squid3.1/squid-3.1-9853.patch) = 7b0e1917346d1f3684015b9f939518d5e6db66edc85421512c564c4b1f990f78
+SIZE (squid3.1/squid-3.1-9853.patch) = 2915

	


>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-ports-bugs mailing list