diff options
author | Leonardo Arena <rnalrd@alpinelinux.org> | 2016-07-29 13:16:09 +0000 |
---|---|---|
committer | Leonardo Arena <rnalrd@alpinelinux.org> | 2016-07-29 13:17:30 +0000 |
commit | 45b50551b412535424ba22a25a31ad09f47919b0 (patch) | |
tree | 2fa42cdbc87b724ce18b3813ac8908ebfd5bb7ff | |
parent | 9759ef2c6cfe7e5159342765427243d789a132f6 (diff) | |
download | aports-45b50551b412535424ba22a25a31ad09f47919b0.tar.bz2 aports-45b50551b412535424ba22a25a31ad09f47919b0.tar.xz |
-rw-r--r-- | main/squid/APKBUILD | 10 | ||||
-rw-r--r-- | main/squid/SQUID-2016_8.patch | 75 | ||||
-rw-r--r-- | main/squid/SQUID-2016_9.patch | 145 |
3 files changed, 229 insertions, 1 deletions
diff --git a/main/squid/APKBUILD b/main/squid/APKBUILD index 6d387335e0..a749db7936 100644 --- a/main/squid/APKBUILD +++ b/main/squid/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=squid pkgver=3.4.14 -pkgrel=1 +pkgrel=2 pkgdesc="A full-featured Web proxy cache server." url="http://www.squid-cache.org" install="squid.pre-install squid.pre-upgrade" @@ -24,6 +24,8 @@ source="http://www.squid-cache.org/Versions/v3/${pkgver%.*}/squid-${pkgver}.tar. bug-3679.patch squid-3.4-13232.patch squid-3.4-13235.patch + SQUID-2016_8.patch + SQUID-2016_9.patch squid.initd squid.confd @@ -116,6 +118,8 @@ aaa90395f61377c5d0efc6c662cbd643 urlgroup.patch 9e71076799d334faba6f4954594e7b4a bug-3679.patch 1f06c536aeba85c48ef5de0b4e4e49f7 squid-3.4-13232.patch e8cb42ff4fece3d34fb18dd9c9de9624 squid-3.4-13235.patch +5a04690517dbade66ea41aae0db9f3aa SQUID-2016_8.patch +fa14289924dea81c3507879376456e66 SQUID-2016_9.patch 947b668332a205626c854d0aece0f3e0 squid.initd 73db59e6c1c242dbc748feeb116650e0 squid.confd 58823e0b86bc2dc71d270208b7b284b4 squid.logrotate" @@ -125,6 +129,8 @@ c08ffe0bba9b9964540bdc9bbfa2eca233dbb78a55a21537cb257d25070d8a21 urlgroup.patch 6b08cd129ea5fef019c78f1818c628e1070fe767e362da14844396b671f5a18d bug-3679.patch da44e0e017cc25deb3b221dd0fc7b535c30165cc4eab4752607ad210f60c36b3 squid-3.4-13232.patch 9039b6632ba91e2c4f8df8b34b4daa9a80692722b0a1ddf8b42dd3c6e31882c1 squid-3.4-13235.patch +50e0b16ee5f7e5683563c3234695f74d1b18e8fcdcce097dc8eb442fc6606e18 SQUID-2016_8.patch +9f86e103766a08bb15b06755b6a5b13e5821e89a1472cc0de29b11900c3e6fd0 SQUID-2016_9.patch 29eb267e6ebf9b409836b35ba37f263924f40c30cd0c24b91b1ddce380f2163b squid.initd 4012fc97d7ab653c8a73c4dac09751de80c847a90ee2483ddd41a04168cdeb2b squid.confd b6efdb3261c2e4b5074ef49160af8b96e65f934c7fd64b8954df48aa41cd9b67 squid.logrotate" @@ -134,6 +140,8 @@ c5a230fe1f4dda8a3ab064f07c2b93a6f6e3ebdf290cb45da262300d06ac28aa4470a80c8f14db5c b477397f205ba207502a42aae674c85cad85eec831158ea0834361d98ef09a0f103d7a847e101bdd0ece73bbdda9b545960edd5385042bd593733810977e292a bug-3679.patch 05bb99d33dae010c1cfca44dff5e2478d660f700efcf6ffd75de7d1d9c77c28bf9c1f20c0fdc529c0be6c989c35fe06e35bc87b623a67485d37c26b27327a3f0 squid-3.4-13232.patch 099df7c5cc803e03f3bd77ee20348834b82110a6f7a844512d90dbfb957f1b6da0168a5a31d00b18ab0ccce704a7f97655f1acc84440204b614dc2913d935da8 squid-3.4-13235.patch +a0ca97c1cb1b04b6e94af55dd67c11f084a07106ad8bb1687d52762b906d8a79247cfde9de4abf1c65da1b0aefacfaae9166ad9c5f6183f5b5dd1ec3ab4ae81b SQUID-2016_8.patch +af96a87ad673b38c974b8d9e49a235d65d4a480cae3859d1018bf5fec77c79dffbfa42454937eb309aef5a745a800edfc543ac3d5041d961a094af42a58f91b7 SQUID-2016_9.patch 3da7673cde48aac9d7f45b0c0208c2608dd66b3fa70f897b83cb3d0a4f9ba88f3e3706cbab65eb811e77a52643d8616350c84ab599d8e617212f934cb44ffc99 squid.initd 7292661de344e8a87d855c83afce49511685d2680effab3afab110e45144c0117935f3bf73ab893c9e6d43f7fb5ba013635e24f6da6daf0eeb895ef2e9b5baa9 squid.confd 89a703fa4f21b6c7c26e64a46fd52407e20f00c34146ade0bea0c4b63d050117c0f8e218f2256a1fbf6abb84f4ec9b0472c9a4092ff6e78f07c4f5a25d0892a5 squid.logrotate" diff --git a/main/squid/SQUID-2016_8.patch b/main/squid/SQUID-2016_8.patch new file mode 100644 index 0000000000..26a809c7d5 --- /dev/null +++ b/main/squid/SQUID-2016_8.patch @@ -0,0 +1,75 @@ +------------------------------------------------------------ +revno: 13236 +revision-id: squid3@treenet.co.nz-20160502034253-axee4hqa4wuhlpkg +parent: squid3@treenet.co.nz-20160420111514-4hpxglbn9k15l5sa +committer: Amos Jeffries <squid3@treenet.co.nz> +branch nick: 3.4 +timestamp: Mon 2016-05-02 15:42:53 +1200 +message: + Require exact match in Host header name lookup +------------------------------------------------------------ +# Bazaar merge directive format 2 (Bazaar 0.90) +# revision_id: squid3@treenet.co.nz-20160502034253-axee4hqa4wuhlpkg +# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.4 +# testament_sha1: c50f0048991f1b3e797b164cd0af166e3ea6763a +# timestamp: 2016-05-02 03:50:58 +0000 +# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.4 +# base_revision_id: squid3@treenet.co.nz-20160420111514-\ +# 4hpxglbn9k15l5sa +# +# Begin patch +=== modified file 'src/mime_header.cc' +--- a/src/mime_header.cc 2012-08-29 12:36:10 +0000 ++++ b/src/mime_header.cc 2016-05-02 03:42:53 +0000 +@@ -62,9 +62,6 @@ + if (strcmp(p, "\r\n\r\n") == 0 || strcmp(p, "\n\n") == 0) + return NULL; + +- while (xisspace(*p)) +- ++p; +- + if (strncasecmp(p, name, namelen)) + continue; + + +------------------------------------------------------------ +revno: 13239 +revision-id: squid3@treenet.co.nz-20160508124218-6vhq4icj0fwu5aof +parent: squid3@treenet.co.nz-20160506094614-zyjq1i8ym2gcvwbu +fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=4515 +committer: Amos Jeffries <squid3@treenet.co.nz> +branch nick: 3.4 +timestamp: Mon 2016-05-09 00:42:18 +1200 +message: + Bug 4515: regression after CVE-2016-4554 patch +------------------------------------------------------------ +# Bazaar merge directive format 2 (Bazaar 0.90) +# revision_id: squid3@treenet.co.nz-20160508124218-6vhq4icj0fwu5aof +# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.4 +# testament_sha1: 41116e273d27c1353b02457a2a719251c1a4551c +# timestamp: 2016-05-08 12:50:09 +0000 +# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.4 +# base_revision_id: squid3@treenet.co.nz-20160506094614-\ +# zyjq1i8ym2gcvwbu +# +# Begin patch +=== modified file 'src/mime_header.cc' +--- a/src/mime_header.cc 2016-05-02 03:42:53 +0000 ++++ b/src/mime_header.cc 2016-05-08 12:42:18 +0000 +@@ -58,10 +58,13 @@ + + debugs(25, 5, "mime_get_header: looking for '" << name << "'"); + +- for (p = mime; *p; p += strcspn(p, "\n\r")) { +- if (strcmp(p, "\r\n\r\n") == 0 || strcmp(p, "\n\n") == 0) ++ for (p = mime; *p; p += strcspn(p, "\n")) { ++ if (strcmp(p, "\n\r\n") == 0 || strcmp(p, "\n\n") == 0) + return NULL; + ++ if (*p == '\n') ++ ++p; ++ + if (strncasecmp(p, name, namelen)) + continue; + + diff --git a/main/squid/SQUID-2016_9.patch b/main/squid/SQUID-2016_9.patch new file mode 100644 index 0000000000..188cd8e58a --- /dev/null +++ b/main/squid/SQUID-2016_9.patch @@ -0,0 +1,145 @@ +------------------------------------------------------------ +revno: 13237 +revision-id: squid3@treenet.co.nz-20160506091244-3td2be9qbzsajxg8 +parent: squid3@treenet.co.nz-20160502034253-axee4hqa4wuhlpkg +fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=4455 +committer: Amos Jeffries <squid3@treenet.co.nz> +branch nick: 3.4 +timestamp: Fri 2016-05-06 21:12:44 +1200 +message: + Bug 4455: SegFault from ESIInclude::Start +------------------------------------------------------------ +# Bazaar merge directive format 2 (Bazaar 0.90) +# revision_id: squid3@treenet.co.nz-20160506091244-3td2be9qbzsajxg8 +# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.4 +# testament_sha1: b9714bc153e5fd6e8fe505a6c1d8a54c88e03a77 +# timestamp: 2016-05-06 09:48:43 +0000 +# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.4 +# base_revision_id: squid3@treenet.co.nz-20160502034253-\ +# axee4hqa4wuhlpkg +# +# Begin patch +=== modified file 'src/client_side_request.cc' +--- a/src/client_side_request.cc 2014-04-09 16:53:05 +0000 ++++ b/src/client_side_request.cc 2016-05-06 09:12:44 +0000 +@@ -163,13 +163,15 @@ + start_time = current_time; + setConn(aConn); + al = new AccessLogEntry; +- al->tcpClient = clientConnection = aConn->clientConnection; ++ if (aConn) { ++ al->tcpClient = clientConnection = aConn->clientConnection; + #if USE_SSL +- if (aConn->clientConnection != NULL && aConn->clientConnection->isOpen()) { +- if (SSL *ssl = fd_table[aConn->clientConnection->fd].ssl) +- al->cache.sslClientCert.reset(SSL_get_peer_certificate(ssl)); ++ if (aConn->clientConnection != NULL && aConn->clientConnection->isOpen()) { ++ if (SSL *ssl = fd_table[aConn->clientConnection->fd].ssl) ++ al->cache.sslClientCert.reset(SSL_get_peer_certificate(ssl)); ++ } ++#endif + } +-#endif + dlinkAdd(this, &active, &ClientActiveRequests); + #if USE_ADAPTATION + request_satisfaction_mode = false; + +------------------------------------------------------------ +revno: 13238 +revision-id: squid3@treenet.co.nz-20160506094614-zyjq1i8ym2gcvwbu +parent: squid3@treenet.co.nz-20160506091244-3td2be9qbzsajxg8 +committer: Amos Jeffries <squid3@treenet.co.nz> +branch nick: 3.4 +timestamp: Fri 2016-05-06 21:46:14 +1200 +message: + Fix SIGSEGV in ESIContext response handling + + HttpReply pointer was being unlocked without heving been locked. + Resulting in a double-free. Make it use RefCount instead of + manual locking to ensure locked/unlock is always symmetrical. +------------------------------------------------------------ +# Bazaar merge directive format 2 (Bazaar 0.90) +# revision_id: squid3@treenet.co.nz-20160506094614-zyjq1i8ym2gcvwbu +# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.4 +# testament_sha1: 4ff01cd3aaffb8c9b20b8595d2ee0ccfcf434b3f +# timestamp: 2016-05-06 09:48:45 +0000 +# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.4 +# base_revision_id: squid3@treenet.co.nz-20160506091244-\ +# 3td2be9qbzsajxg8 +# +# Begin patch +=== modified file 'src/esi/Context.h' +--- a/src/esi/Context.h 2013-06-27 15:58:46 +0000 ++++ b/src/esi/Context.h 2016-05-06 09:46:14 +0000 +@@ -36,6 +36,7 @@ + #include "esi/Element.h" + #include "clientStream.h" + #include "err_type.h" ++#include "HttpReply.h" + #include "http/StatusCode.h" + + class ESIVarState; +@@ -114,7 +115,7 @@ + err_type errorpage; /* if we error what page to use */ + Http::StatusCode errorstatus; /* if we error, what code to return */ + char *errormessage; /* error to pass to error page */ +- HttpReply *rep; /* buffered until we pass data downstream */ ++ HttpReply::Pointer rep; /* buffered until we pass data downstream */ + ESISegment::Pointer buffered; /* unprocessed data - for whatever reason */ + ESISegment::Pointer incoming; + /* processed data we are waiting to send, or for + +=== modified file 'src/esi/Esi.cc' +--- a/src/esi/Esi.cc 2016-04-20 11:15:14 +0000 ++++ b/src/esi/Esi.cc 2016-05-06 09:46:14 +0000 +@@ -598,7 +598,7 @@ + + #endif + +- if (!(rep || (outbound.getRaw() && ++ if (!(rep != NULL || (outbound.getRaw() && + outbound->len && (outbound_offset <= outbound->len)))) { + debugs(86, 5, "ESIContext::send: Nothing to send."); + return 0; +@@ -643,18 +643,18 @@ + flags.clientwantsdata = 0; + debugs(86, 5, "ESIContext::send: this=" << this << " Client no longer wants data "); + /* Deal with re-entrancy */ +- HttpReply *temprep = rep; ++ HttpReply::Pointer temprep = rep; + rep = NULL; /* freed downstream */ + +- if (temprep && varState) +- varState->buildVary (temprep); ++ if (temprep != NULL && varState) ++ varState->buildVary(temprep.getRaw()); + + { + StoreIOBuffer tempBuffer; + tempBuffer.length = len; + tempBuffer.offset = pos - len; + tempBuffer.data = next->readBuffer.data; +- clientStreamCallback (thisNode, http, temprep, tempBuffer); ++ clientStreamCallback (thisNode, http, temprep.getRaw(), tempBuffer); + } + + if (len == 0) +@@ -1284,7 +1284,7 @@ + ++parserState.stackdepth; + } + +- if (rep && !parserState.inited()) ++ if (rep != NULL && !parserState.inited()) + parserState.init(this); + + /* we have data */ +@@ -1423,7 +1423,7 @@ + { + debugs(86, 5, HERE << "Freeing for this=" << this); + +- HTTPMSGUNLOCK(rep); ++ rep = NULL; // refcounted + + finishChildren (); + + |