From 034cdecfa97d19069fbd8c757be0bca3b7096645 Mon Sep 17 00:00:00 2001 From: Leonardo Arena Date: Wed, 28 Feb 2018 13:16:53 +0000 Subject: main/squid: security upgrade to 3.5.27 CVE-2018-1000024, CVE-2018-1000027 Fixes #8554 --- main/squid/APKBUILD | 19 ++++++++++++------- main/squid/bug-3679.patch | 10 ++++------ 2 files changed, 16 insertions(+), 13 deletions(-) diff --git a/main/squid/APKBUILD b/main/squid/APKBUILD index 72181ae5fe..c9cf958ea4 100644 --- a/main/squid/APKBUILD +++ b/main/squid/APKBUILD @@ -2,7 +2,7 @@ # Contributor: Carlo Landmeter # Maintainer: Natanael Copa pkgname=squid -pkgver=3.5.23 +pkgver=3.5.27 pkgrel=0 pkgdesc="A full-featured Web proxy cache server." url="http://www.squid-cache.org" @@ -29,6 +29,11 @@ source="http://www.squid-cache.org/Versions/v3/${pkgver%.*}/squid-${pkgver}.tar. $pkgname.logrotate " +# secfixes: +# 3.5.27-r0: +# - CVE-2018-1000024 +# - CVE-2018-1000027 + _builddir="$srcdir"/$pkgname-$pkgver # secfixes: @@ -114,18 +119,18 @@ squid_kerb_auth() { install -d "$subpkgdir"/usr/lib/squid mv "$pkgdir"/usr/lib/squid/squid_kerb_auth "$subpkgdir"/usr/lib/squid/ } -md5sums="9b68f689e3d9578932b9c6a4041037c2 squid-3.5.23.tar.xz -9e71076799d334faba6f4954594e7b4a bug-3679.patch +md5sums="39ef8199675d48a314b540f92c00c545 squid-3.5.27.tar.xz +6b3a71eb03818feec3db1f81732cd46e bug-3679.patch 4e42690c129399c84cbe36ab0c538615 squid.initd 73db59e6c1c242dbc748feeb116650e0 squid.confd 58823e0b86bc2dc71d270208b7b284b4 squid.logrotate" -sha256sums="fa4c0c99f41e92fe1330bed3968d176c6f47ef2e3aea2f83977d5501afa40bdb squid-3.5.23.tar.xz -6b08cd129ea5fef019c78f1818c628e1070fe767e362da14844396b671f5a18d bug-3679.patch +sha256sums="5ddb4367f2dc635921f9ca7a59d8b87edb0412fa203d1543393ac3c7f9fef0ec squid-3.5.27.tar.xz +d6742a296602fe5583b999032ece12292301913ddad8d3a650a82ae6f0dd7bed bug-3679.patch fe33fa90b860437867bd2c1b083c0e77a6478f63e8998f093c0d466476df4a9b squid.initd 4012fc97d7ab653c8a73c4dac09751de80c847a90ee2483ddd41a04168cdeb2b squid.confd b6efdb3261c2e4b5074ef49160af8b96e65f934c7fd64b8954df48aa41cd9b67 squid.logrotate" -sha512sums="3f2b3df60fc0b2aab3d0d9e3489832d60d0aac8222f09ad2ff6afb95202b904f41f6530d713e7ce446c6f62b66f0cd792a6b12005d43c53fe68d2371f9caa880 squid-3.5.23.tar.xz -b477397f205ba207502a42aae674c85cad85eec831158ea0834361d98ef09a0f103d7a847e101bdd0ece73bbdda9b545960edd5385042bd593733810977e292a bug-3679.patch +sha512sums="4172a053c3b7ffe7a12dfb3febac96942d0fbbe7e98e3f797f22cd75b0a3a89cbbfe7260b5daad099e79d5e9303bb5dfbfee7499cb30a90590aa1bd242ff4817 squid-3.5.27.tar.xz +a403573bf3d3d600f7a1ff8639f0f48ac45963b028c7aa09e00f95173b7a9d46c42c21a609d987a18869d850a4be0537c3dc0d0f10398b67509b2a43ccf81776 bug-3679.patch 15d95f7d787be8c2e6619ef1661fd8aae8d2c1ede706748764644c7dc3d7c34515ef6e8b7543295fddc4e767bbd74a7cf8c42e77cf60b3d574ff11b3f6e336c9 squid.initd 7292661de344e8a87d855c83afce49511685d2680effab3afab110e45144c0117935f3bf73ab893c9e6d43f7fb5ba013635e24f6da6daf0eeb895ef2e9b5baa9 squid.confd 89a703fa4f21b6c7c26e64a46fd52407e20f00c34146ade0bea0c4b63d050117c0f8e218f2256a1fbf6abb84f4ec9b0472c9a4092ff6e78f07c4f5a25d0892a5 squid.logrotate" diff --git a/main/squid/bug-3679.patch b/main/squid/bug-3679.patch index b718093817..3f4d54de38 100644 --- a/main/squid/bug-3679.patch +++ b/main/squid/bug-3679.patch @@ -1,15 +1,13 @@ http://bugs.squid-cache.org/show_bug.cgi?id=3679 -diff --git a/src/external_acl.cc b/src/external_acl.cc -index b3821c5..d6c4338 100644 --- a/src/external_acl.cc +++ b/src/external_acl.cc -@@ -1152,7 +1152,7 @@ external_acl_entry_expired(external_acl * def, external_acl_entry * entry) - if (def->cache_size <= 0) +@@ -1243,7 +1243,7 @@ + if (def->cache_size <= 0 || entry->result == ACCESS_DUNNO) return 1; -- if (entry->date + (entry->result == 1 ? def->ttl : def->negative_ttl) < squid_curtime) -+ if (entry->date + (entry->result == 1 ? def->ttl : def->negative_ttl) <= squid_curtime) +- if (entry->date + (entry->result == ACCESS_ALLOWED ? def->ttl : def->negative_ttl) < squid_curtime) ++ if (entry->date + (entry->result == ACCESS_ALLOWED ? def->ttl : def->negative_ttl) <= squid_curtime) return 1; else return 0; -- cgit v1.2.3