From 9eecaa8c1812ea6b2341633a5475c179c4d58917 Mon Sep 17 00:00:00 2001 From: Natanael Copa Date: Wed, 1 Oct 2014 08:34:23 +0000 Subject: main/squid: security fix for CVE-2014-3609 fixes #3384 --- main/squid/APKBUILD | 4 ++- main/squid/CVE-2014-3609.patch | 56 ++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 59 insertions(+), 1 deletion(-) create mode 100644 main/squid/CVE-2014-3609.patch diff --git a/main/squid/APKBUILD b/main/squid/APKBUILD index f50b7f9986..a96b7bf7e6 100644 --- a/main/squid/APKBUILD +++ b/main/squid/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: Natanael Copa pkgname=squid pkgver=3.2.13 -pkgrel=1 +pkgrel=2 pkgdesc="A full-featured Web proxy cache server." url="http://www.squid-cache.org" install="squid.pre-install squid.pre-upgrade" @@ -23,6 +23,7 @@ source="http://www.squid-cache.org/Versions/v3/3.2/squid-$pkgver.tar.bz2 cf_gen-pthread.patch bug-3679.patch CVE-2014-0128.patch + CVE-2014-3609.patch squid.initd squid.confd $pkgname.logrotate @@ -111,6 +112,7 @@ md5sums="367e59c9c25da7ebbfbf7cbc36d2444e squid-3.2.13.tar.bz2 c60237de253c02937f272d3b189d7679 cf_gen-pthread.patch 9e71076799d334faba6f4954594e7b4a bug-3679.patch 7a631b0300d090d89567df8090f5368e CVE-2014-0128.patch +001e68add93e0cea63861f93e698fd49 CVE-2014-3609.patch 905e57c6d41414f54a75a5c0f9f7fac7 squid.initd 2897c725c201be53d3c9a7db0101bdf0 squid.confd 58823e0b86bc2dc71d270208b7b284b4 squid.logrotate" diff --git a/main/squid/CVE-2014-3609.patch b/main/squid/CVE-2014-3609.patch new file mode 100644 index 0000000000..b6b0fabba0 --- /dev/null +++ b/main/squid/CVE-2014-3609.patch @@ -0,0 +1,56 @@ +------------------------------------------------------------ +revno: 11828 +revision-id: squid3@treenet.co.nz-20140827143622-aj6y1q5khr7txsa7 +parent: squid3@treenet.co.nz-20130713132208-e91nzzf0usz2ytp6 +committer: Amos Jeffries +branch nick: 3.2 +timestamp: Wed 2014-08-27 08:36:22 -0600 +message: + Ignore Range headers with unidentifiable byte-range values + + If squid is unable to determine the byte value for ranges, treat the + header as invalid. +------------------------------------------------------------ +# Bazaar merge directive format 2 (Bazaar 0.90) +# revision_id: squid3@treenet.co.nz-20140827143622-aj6y1q5khr7txsa7 +# target_branch: http://bzr.squid-cache.org/bzr/squid3/branches\ +# /SQUID_3_2 +# testament_sha1: befb9d196a5292711a18d9503d5c50a60f1fa66a +# timestamp: 2014-08-27 14:36:44 +0000 +# source_branch: http://bzr.squid-cache.org/bzr/squid3/branches\ +# /SQUID_3_2 +# base_revision_id: squid3@treenet.co.nz-20130713132208-\ +# e91nzzf0usz2ytp6 +# +# Begin patch +=== modified file 'src/HttpHdrRange.cc' +--- a/src/HttpHdrRange.cc 2012-07-28 05:38:50 +0000 ++++ b/src/HttpHdrRange.cc 2014-08-27 14:36:22 +0000 +@@ -93,7 +93,7 @@ + + /* is it a suffix-byte-range-spec ? */ + if (*field == '-') { +- if (!httpHeaderParseOffset(field + 1, &length)) ++ if (!httpHeaderParseOffset(field + 1, &length) || !known_spec(length)) + return false; + } else + /* must have a '-' somewhere in _this_ field */ +@@ -101,7 +101,7 @@ + debugs(64, 2, "invalid (missing '-') range-spec near: '" << field << "'"); + return false; + } else { +- if (!httpHeaderParseOffset(field, &offset)) ++ if (!httpHeaderParseOffset(field, &offset) || !known_spec(offset)) + return false; + + ++p; +@@ -110,7 +110,7 @@ + if (p - field < flen) { + int64_t last_pos; + +- if (!httpHeaderParseOffset(p, &last_pos)) ++ if (!httpHeaderParseOffset(p, &last_pos) || !known_spec(last_pos)) + return false; + + // RFC 2616 s14.35.1 MUST: last-byte-pos >= first-byte-pos + -- cgit v1.2.3