head 1.2; access; symbols pkgsrc-2013Q2:1.2.0.8 pkgsrc-2013Q2-base:1.2 pkgsrc-2012Q4:1.2.0.6 pkgsrc-2012Q4-base:1.2 pkgsrc-2011Q4:1.2.0.4 pkgsrc-2011Q4-base:1.2 pkgsrc-2011Q2:1.2.0.2 pkgsrc-2011Q2-base:1.2 pkgsrc-2010Q2:1.1.0.6 pkgsrc-2010Q2-base:1.1 pkgsrc-2010Q1:1.1.0.4 pkgsrc-2010Q1-base:1.1 pkgsrc-2009Q4:1.1.0.2; locks; strict; comment @# @; 1.2 date 2010.07.29.03.00.46; author taca; state dead; branches; next 1.1; 1.1 date 2010.02.02.14.43.57; author taca; state Exp; branches 1.1.2.1; next ; 1.1.2.1 date 2010.02.02.14.43.57; author tron; state dead; branches; next 1.1.2.2; 1.1.2.2 date 2010.02.02.17.29.58; author tron; state Exp; branches; next ; desc @@ 1.2 log @Update squid27 package to 2.7.9 (2.7.STABLE9). (CVE-2010-0308 is http://www.squid-cache.org/Advisories/SQUID-2010_1.txt.) Changes to squid-2.7.STABLE9 (15 March 2010) - 2.7.STABLE8 failed to compile with OpenSSL 0.9.8 on some systems - failure to detect certain system libraries on some systems resulting in compilation errors Changes to squid-2.7.STABLE8 (10 March 2010) - Bug #2458: reply_body_max_size incorrectly documented - Bug #2858: Segment violation in HTCP - Bug #2773: Segfault in RFC2069 Digest authantication - 64-bit filesize issue in squidclient if trying to post a file > 2GB - Improve %nn parser to better deal with certain odd %nn sequences - Segmentation fault if failed to open cache.log - Bug #2819: const correctness errors in dns_internal.c - Handle DNS header-only packets as invalid. (CVE-2010-0308) - Windows port: Updated mswin_ad_group native helper to version 2.1 - Cosmetic change to keep GCC happy - Bug #2678 - storeurl_rewrite does not play nicely with vary - Bug #2861 - only-if-cached request blocks if it collapsed into another request - Use libcap functions instead of raw kernel interface - No need to sync the store on -k rotate, but instead it needs to be done in reconfigure - const correctness in OpenSSL initialization - Rework the http digest auth parser @ text @$NetBSD: patch-an,v 1.1 2010/02/02 14:43:57 taca Exp $ This is fix for security problem: http://www.squid-cache.org/Advisories/SQUID-2010_1.txt Since the announced patch contains RCS style revision string, it never applied to clearly. http://www.squid-cache.org/Versions/v2/HEAD/changesets/12597.patch. --- lib/rfc1035.c.orig 2008-06-19 01:11:44.000000000 +0000 +++ lib/rfc1035.c @@@@ -286,7 +286,9 @@@@ rfc1035NameUnpack(const char *buf, size_ size_t len; assert(ns > 0); do { - assert((*off) < sz); + if ((*off) >= sz) { + return 1; + } c = *(buf + (*off)); if (c > 191) { /* blasted compression */ @ 1.1 log @Add security patch noted as http://www.squid-cache.org/Advisories/SQUID-2010_1.txt. Bump PKGREVISION. @ text @d1 1 a1 1 $NetBSD$ @ 1.1.2.1 log @file patch-an was added on branch pkgsrc-2009Q4 on 2010-02-02 17:29:58 +0000 @ text @d1 24 @ 1.1.2.2 log @Pullup ticket #2896 - requested by taca squid27: security patch Revisions pulled up: - www/squid27/Makefile 1.11 - www/squid27/distinfo 1.7 - www/squid27/patches/patch-an 1.1 --- Module Name: pkgsrc Committed By: taca Date: Tue Feb 2 14:43:57 UTC 2010 Modified Files: pkgsrc/www/squid27: Makefile distinfo Added Files: pkgsrc/www/squid27/patches: patch-an Log Message: Add security patch noted as http://www.squid-cache.org/Advisories/SQUID-2010_1.txt. Bump PKGREVISION. @ text @a0 24 $NetBSD: patch-an,v 1.1 2010/02/02 14:43:57 taca Exp $ This is fix for security problem: http://www.squid-cache.org/Advisories/SQUID-2010_1.txt Since the announced patch contains RCS style revision string, it never applied to clearly. http://www.squid-cache.org/Versions/v2/HEAD/changesets/12597.patch. --- lib/rfc1035.c.orig 2008-06-19 01:11:44.000000000 +0000 +++ lib/rfc1035.c @@@@ -286,7 +286,9 @@@@ rfc1035NameUnpack(const char *buf, size_ size_t len; assert(ns > 0); do { - assert((*off) < sz); + if ((*off) >= sz) { + return 1; + } c = *(buf + (*off)); if (c > 191) { /* blasted compression */ @