main/squid: security fix for CVE-2014-3609

fixes #3384

2 files changed, 59 insertions, 1 deletions

diff --git a/main/squid/APKBUILD b/main/squid/APKBUILD
index f50b7f9986..a96b7bf7e6 100644
--- a/main/squid/APKBUILD
+++ b/main/squid/APKBUILD
@@ -2,7 +2,7 @@
 # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
 pkgname=squid
 pkgver=3.2.13
-pkgrel=1
+pkgrel=2
 pkgdesc="A full-featured Web proxy cache server."
 url="http://www.squid-cache.org"
 install="squid.pre-install squid.pre-upgrade"
@@ -23,6 +23,7 @@ source="http://www.squid-cache.org/Versions/v3/3.2/squid-$pkgver.tar.bz2
 	cf_gen-pthread.patch
 	bug-3679.patch
 	CVE-2014-0128.patch
+	CVE-2014-3609.patch
 	squid.initd
 	squid.confd
 	$pkgname.logrotate
@@ -111,6 +112,7 @@ md5sums="367e59c9c25da7ebbfbf7cbc36d2444e  squid-3.2.13.tar.bz2
 c60237de253c02937f272d3b189d7679  cf_gen-pthread.patch
 9e71076799d334faba6f4954594e7b4a  bug-3679.patch
 7a631b0300d090d89567df8090f5368e  CVE-2014-0128.patch
+001e68add93e0cea63861f93e698fd49  CVE-2014-3609.patch
 905e57c6d41414f54a75a5c0f9f7fac7  squid.initd
 2897c725c201be53d3c9a7db0101bdf0  squid.confd
 58823e0b86bc2dc71d270208b7b284b4  squid.logrotate"
diff --git a/main/squid/CVE-2014-3609.patch b/main/squid/CVE-2014-3609.patch
new file mode 100644
index 0000000000..b6b0fabba0
--- /dev/null
+++ b/main/squid/CVE-2014-3609.patch
@@ -0,0 +1,56 @@
+------------------------------------------------------------
+revno: 11828
+revision-id: squid3@treenet.co.nz-20140827143622-aj6y1q5khr7txsa7
+parent: squid3@treenet.co.nz-20130713132208-e91nzzf0usz2ytp6
+committer: Amos Jeffries <squid3@treenet.co.nz>
+branch nick: 3.2
+timestamp: Wed 2014-08-27 08:36:22 -0600
+message:
+  Ignore Range headers with unidentifiable byte-range values
+  
+  If squid is unable to determine the byte value for ranges, treat the
+  header as invalid.
+------------------------------------------------------------
+# Bazaar merge directive format 2 (Bazaar 0.90)
+# revision_id: squid3@treenet.co.nz-20140827143622-aj6y1q5khr7txsa7
+# target_branch: http://bzr.squid-cache.org/bzr/squid3/branches\
+#   /SQUID_3_2
+# testament_sha1: befb9d196a5292711a18d9503d5c50a60f1fa66a
+# timestamp: 2014-08-27 14:36:44 +0000
+# source_branch: http://bzr.squid-cache.org/bzr/squid3/branches\
+#   /SQUID_3_2
+# base_revision_id: squid3@treenet.co.nz-20130713132208-\
+#   e91nzzf0usz2ytp6
+# 
+# Begin patch
+=== modified file 'src/HttpHdrRange.cc'
+--- a/src/HttpHdrRange.cc	2012-07-28 05:38:50 +0000
++++ b/src/HttpHdrRange.cc	2014-08-27 14:36:22 +0000
+@@ -93,7 +93,7 @@
+ 
+     /* is it a suffix-byte-range-spec ? */
+     if (*field == '-') {
+-        if (!httpHeaderParseOffset(field + 1, &length))
++        if (!httpHeaderParseOffset(field + 1, &length) || !known_spec(length))
+             return false;
+     } else
+         /* must have a '-' somewhere in _this_ field */
+@@ -101,7 +101,7 @@
+             debugs(64, 2, "invalid (missing '-') range-spec near: '" << field << "'");
+             return false;
+         } else {
+-            if (!httpHeaderParseOffset(field, &offset))
++            if (!httpHeaderParseOffset(field, &offset) || !known_spec(offset))
+                 return false;
+ 
+             ++p;
+@@ -110,7 +110,7 @@
+             if (p - field < flen) {
+                 int64_t last_pos;
+ 
+-                if (!httpHeaderParseOffset(p, &last_pos))
++                if (!httpHeaderParseOffset(p, &last_pos) || !known_spec(last_pos))
+                     return false;
+ 
+                 // RFC 2616 s14.35.1 MUST: last-byte-pos >= first-byte-pos
+