ports/143495: [Maintainer] [Security] www/squid30: update to 3.0.STABLE23
Thomas-Martin Seck
tmseck at web.de
Tue Feb 2 18:40:01 UTC 2010
>Number: 143495
>Category: ports
>Synopsis: [Maintainer] [Security] www/squid30: update to 3.0.STABLE23
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: maintainer-update
>Submitter-Id: current-users
>Arrival-Date: Tue Feb 02 18:40:00 UTC 2010
>Closed-Date:
>Last-Modified:
>Originator: Thomas-Martin Seck
>Release: FreeBSD 8.0-RELEASE amd64
>Organization:
a private site in Germany
>Environment:
FreeBSD ports collection as of February 2, 2010.
>Description:
The Squid project has released 3.0.STABLE23 to correctly address the issue
reported in Squid advisory 2010:1. The patch I integrated into www/squid30 in
ports/143452 turned out to be not sufficient to fix said vulnerability.
For further info see the change history in
<http://www.squid-cache.org/Versions/v3/3.0/changesets/SQUID_3_0_STABLE23.html>.
Please update vid 296ecb59-0f6b-11df-8bab-0019996bc1f7 to note that
versions below 3.0.23 are vulnerable.
>How-To-Repeat:
>Fix:
Apply this patch:
Index: Makefile
===================================================================
--- Makefile (.../www/squid30) (Revision 1759)
+++ Makefile (.../local/squid30) (Revision 1759)
@@ -61,7 +61,6 @@
PORTNAME= squid
PORTVERSION= 3.0.${SQUID_STABLE_VER}
-PORTREVISION= 1
CATEGORIES= www
MASTER_SITES= ftp://ftp.squid-cache.org/pub/%SUBDIR%/ \
ftp://mirrors.24-7-solutions.net/pub/squid/%SUBDIR%/ \
@@ -93,14 +92,14 @@
http://www1.jp.squid-cache.org/%SUBDIR%/ \
http://www1.tw.squid-cache.org/%SUBDIR%/
PATCH_SITE_SUBDIR= Versions/v3/3.0/changesets
-PATCHFILES= squid-3.0-9151.patch
+PATCHFILES=
MAINTAINER= tmseck at web.de
COMMENT= HTTP Caching Proxy
LATEST_LINK= squid30
-SQUID_STABLE_VER= 21
+SQUID_STABLE_VER= 23
CONFLICTS= squid-2.[0-9].* squid-3.[^0].* cacheboy-[0-9]* lusca-head-[0-9]*
GNU_CONFIGURE= yes
Index: distinfo
===================================================================
--- distinfo (.../www/squid30) (Revision 1759)
+++ distinfo (.../local/squid30) (Revision 1759)
@@ -1,6 +1,3 @@
-MD5 (squid3.0/squid-3.0.STABLE21.tar.bz2) = 279168fe1fe5b38bbf6eee12babbc4ad
-SHA256 (squid3.0/squid-3.0.STABLE21.tar.bz2) = 07114935b7aed9df42524e84f6a634849d4bcafd513bf118881aa5cc58911f7b
-SIZE (squid3.0/squid-3.0.STABLE21.tar.bz2) = 1802875
-MD5 (squid3.0/squid-3.0-9151.patch) = 1ba452e3f8d730848f77e3138a7ec805
-SHA256 (squid3.0/squid-3.0-9151.patch) = d402e853381d661be3b21260205f579d88373881a861ec6bd7944477632d1c5b
-SIZE (squid3.0/squid-3.0-9151.patch) = 1281
+MD5 (squid3.0/squid-3.0.STABLE23.tar.bz2) = ec9b6abf18128147e8559967aed62e37
+SHA256 (squid3.0/squid-3.0.STABLE23.tar.bz2) = 3a2a2195fa66d31df412f8befa49a921f34e619332557281ce69e12ed9b01a59
+SIZE (squid3.0/squid-3.0.STABLE23.tar.bz2) = 1757984
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list