head	1.2;
access;
symbols
	pkgsrc-2013Q2:1.2.0.8
	pkgsrc-2013Q2-base:1.2
	pkgsrc-2012Q4:1.2.0.6
	pkgsrc-2012Q4-base:1.2
	pkgsrc-2011Q4:1.2.0.4
	pkgsrc-2011Q4-base:1.2
	pkgsrc-2011Q2:1.2.0.2
	pkgsrc-2011Q2-base:1.2
	pkgsrc-2010Q2:1.1.0.6
	pkgsrc-2010Q2-base:1.1
	pkgsrc-2010Q1:1.1.0.4
	pkgsrc-2010Q1-base:1.1
	pkgsrc-2009Q4:1.1.0.2;
locks; strict;
comment	@# @;


1.2
date	2010.07.29.03.00.46;	author taca;	state dead;
branches;
next	1.1;

1.1
date	2010.02.14.13.27.52;	author taca;	state Exp;
branches
	1.1.2.1;
next	;

1.1.2.1
date	2010.02.14.13.27.52;	author spz;	state dead;
branches;
next	1.1.2.2;

1.1.2.2
date	2010.02.15.07.04.03;	author spz;	state Exp;
branches;
next	;


desc
@@


1.2
log
@Update squid27 package to 2.7.9 (2.7.STABLE9).

(CVE-2010-0308 is http://www.squid-cache.org/Advisories/SQUID-2010_1.txt.)


Changes to squid-2.7.STABLE9 (15 March 2010)

	- 2.7.STABLE8 failed to compile with OpenSSL 0.9.8 on some systems
	- failure to detect certain system libraries on some systems
	  resulting in compilation errors

Changes to squid-2.7.STABLE8 (10 March 2010)

	- Bug #2458: reply_body_max_size incorrectly documented
	- Bug #2858: Segment violation in HTCP
	- Bug #2773: Segfault in RFC2069 Digest authantication
	- 64-bit filesize issue in squidclient if trying to post a file > 2GB
	- Improve %nn parser to better deal with certain odd %nn sequences
	- Segmentation fault if failed to open cache.log
	- Bug #2819: const correctness errors in dns_internal.c
	- Handle DNS header-only packets as invalid. (CVE-2010-0308)
	- Windows port: Updated mswin_ad_group native helper to version 2.1
	- Cosmetic change to keep GCC happy
	- Bug #2678 - storeurl_rewrite does not play nicely with vary
	- Bug #2861 - only-if-cached request blocks if it collapsed into
	  another request
	- Use libcap functions instead of raw kernel interface
	- No need to sync the store on -k rotate, but instead it needs to be
	  done in reconfigure
	- const correctness in OpenSSL initialization
	- Rework the http digest auth parser
@
text
@$NetBSD: patch-ao,v 1.1 2010/02/14 13:27:52 taca Exp $

This is fix for security problem:

http://www.squid-cache.org/Advisories/SQUID-2010_2.txt

Since the announced patch contains RCS style revision string, it never
applied to clearly.

http://www.squid-cache.org/Versions/v2/2.7/changesets/12600.patch.

--- src/htcp.c.orig	2008-05-04 23:23:13.000000000 +0000
+++ src/htcp.c
@@@@ -950,6 +950,11 @@@@ htcpHandleClr(htcpDataHeader * hdr, char
 	debug(31, 3) ("htcpHandleClr: htcpUnpackSpecifier failed\n");
 	return;
     }
+    if (!s->request) {
+	debug(31, 2) ("htcpHandleTstRequest: failed to parse request\n");
+	htcpFreeSpecifier(s);
+	return;
+    }
     if (!htcpAccessCheck(Config.accessList.htcp_clr, s, from)) {
 	debug(31, 2) ("htcpHandleClr: Access denied\n");
 	htcpFreeSpecifier(s);
@


1.1
log
@Add a security patch described security advisory SQUID-2010_2.txt,
http://www.squid-cache.org/Advisories/SQUID-2010_2.txt

Patch was the same content as official one.

http://www.squid-cache.org/Versions/v2/2.7/changesets/12600.patch.
@
text
@d1 1
a1 1
$NetBSD$
@


1.1.2.1
log
@file patch-ao was added on branch pkgsrc-2009Q4 on 2010-02-15 07:04:03 +0000
@
text
@d1 25
@


1.1.2.2
log
@Pullup ticket 3002 - requested by taca
security fix

Revisions pulled up:
- pkgsrc/www/squid27/Makefile		1.12
- pkgsrc/www/squid27/distinfo		1.8

Files added:
pkgsrc/www/squid27/patches/patch-ao

   -------------------------------------------------------------------------
   Module Name:    pkgsrc
   Committed By:   taca
   Date:           Sun Feb 14 13:27:52 UTC 2010

   Modified Files:
           pkgsrc/www/squid27: Makefile distinfo
   Added Files:
           pkgsrc/www/squid27/patches: patch-ao

   Log Message:
   Add a security patch described security advisory SQUID-2010_2.txt,
   http://www.squid-cache.org/Advisories/SQUID-2010_2.txt

   Patch was the same content as official one.

   http://www.squid-cache.org/Versions/v2/2.7/changesets/12600.patch.


   To generate a diff of this commit:
   cvs rdiff -u -r1.11 -r1.12 pkgsrc/www/squid27/Makefile
   cvs rdiff -u -r1.7 -r1.8 pkgsrc/www/squid27/distinfo
   cvs rdiff -u -r0 -r1.1 pkgsrc/www/squid27/patches/patch-ao
@
text
@a0 25
$NetBSD: patch-ao,v 1.1 2010/02/14 13:27:52 taca Exp $

This is fix for security problem:

http://www.squid-cache.org/Advisories/SQUID-2010_2.txt

Since the announced patch contains RCS style revision string, it never
applied to clearly.

http://www.squid-cache.org/Versions/v2/2.7/changesets/12600.patch.

--- src/htcp.c.orig	2008-05-04 23:23:13.000000000 +0000
+++ src/htcp.c
@@@@ -950,6 +950,11 @@@@ htcpHandleClr(htcpDataHeader * hdr, char
 	debug(31, 3) ("htcpHandleClr: htcpUnpackSpecifier failed\n");
 	return;
     }
+    if (!s->request) {
+	debug(31, 2) ("htcpHandleTstRequest: failed to parse request\n");
+	htcpFreeSpecifier(s);
+	return;
+    }
     if (!htcpAccessCheck(Config.accessList.htcp_clr, s, from)) {
 	debug(31, 2) ("htcpHandleClr: Access denied\n");
 	htcpFreeSpecifier(s);
@