From 71e4d694970f5ae4928015eec4264f58d76054c1 Mon Sep 17 00:00:00 2001 From: Natanael Copa Date: Wed, 14 May 2014 09:11:14 +0000 Subject: main/squid: security upgrade to 3.3.12 (CVE-2014-0128) fixes #2873 --- main/squid/APKBUILD | 16 ++-- main/squid/squid-3.2.0.16-loggable-urlgroup.patch | 111 ---------------------- main/squid/squid-3.3.9-loggable-urlgroup.patch | 111 ++++++++++++++++++++++ 3 files changed, 119 insertions(+), 119 deletions(-) delete mode 100644 main/squid/squid-3.2.0.16-loggable-urlgroup.patch create mode 100644 main/squid/squid-3.3.9-loggable-urlgroup.patch (limited to 'main/squid') diff --git a/main/squid/APKBUILD b/main/squid/APKBUILD index 0828063f1b..d7a4d6ad4f 100644 --- a/main/squid/APKBUILD +++ b/main/squid/APKBUILD @@ -1,7 +1,7 @@ # Contributor: Carlo Landmeter # Maintainer: Natanael Copa pkgname=squid -pkgver=3.3.6 +pkgver=3.3.12 pkgrel=0 pkgdesc="A full-featured Web proxy cache server." url="http://www.squid-cache.org" @@ -19,7 +19,7 @@ linguas="af ar az bg ca cs da de el es et fa fi fr he hu hy id it ja ko lt langdir="/usr/share/squid/errors" source="http://www.squid-cache.org/Versions/v3/3.3/squid-$pkgver.tar.bz2 - squid-3.2.0.16-loggable-urlgroup.patch + squid-3.3.9-loggable-urlgroup.patch cf_gen-pthread.patch bug-3679.patch squid.initd @@ -105,22 +105,22 @@ squid_kerb_auth() { mv "$pkgdir"/usr/lib/squid/squid_kerb_auth "$subpkgdir"/usr/lib/squid/ } -md5sums="8dff6c8e9f46722fc62131364f0eeac6 squid-3.3.6.tar.bz2 -16e3b38996d4c5858e1478f8eb650876 squid-3.2.0.16-loggable-urlgroup.patch +md5sums="08c22a6b85b1c3f85ad92152ed1bd385 squid-3.3.12.tar.bz2 +31b771f75d155f3d0bee76a246040894 squid-3.3.9-loggable-urlgroup.patch 473f8f6dabaec2bd73134d8288deea3d cf_gen-pthread.patch 9e71076799d334faba6f4954594e7b4a bug-3679.patch 905e57c6d41414f54a75a5c0f9f7fac7 squid.initd 2897c725c201be53d3c9a7db0101bdf0 squid.confd 58823e0b86bc2dc71d270208b7b284b4 squid.logrotate" -sha256sums="03a600d7fd251bce2f48cbd7924921d3cf173c11ddff4bf978819cb518ef4c64 squid-3.3.6.tar.bz2 -9963c0f0ef96522d8cbb3379f119635d2b4df0796589211d91f6705935a835d5 squid-3.2.0.16-loggable-urlgroup.patch +sha256sums="18781e700b950f58a1b669a8be4c60d5ca218131f6a2fc1263c2a453befa05a0 squid-3.3.12.tar.bz2 +0a4192ab1df22db309f35d4dcd80414bede84a591776ba7ef775e9e443663c1e squid-3.3.9-loggable-urlgroup.patch 3b05ebd2d4baeb0e01437de768c8fbe76ff446f126d107b73fad6bd0d1968f0c cf_gen-pthread.patch 6b08cd129ea5fef019c78f1818c628e1070fe767e362da14844396b671f5a18d bug-3679.patch 3e5786304f218aecd5c01fa4b81aa05092ee3c7652d914b01112222fb5b2796e squid.initd ec2a9f3308129354783c5088fb37148eda102fe9397fb7bbe90243d9223ee2e1 squid.confd b6efdb3261c2e4b5074ef49160af8b96e65f934c7fd64b8954df48aa41cd9b67 squid.logrotate" -sha512sums="0bc40bddfaea7abd7080b4ace6686f5eb35eb051cbb79e8eb2fcf1f608332429b870c6f80409ee4f780cabd5630142ccba517890c19162f354f370a4651885d6 squid-3.3.6.tar.bz2 -1ab18ed43225fcca95f6c2e1554524bfee805f4894d5342acbdcd9faa6dcad5f310ed4ea01c9131f9729197e27399649b62a95666cb4564e30d8b0904f0f1b75 squid-3.2.0.16-loggable-urlgroup.patch +sha512sums="ffbf8c13a7f124cd3bf6ec29b90c9f7f60228a928dafc406f912ae0437c1ea948b5ebe66d1524dddd294c1a47e0bccc1a05d8ce08d11c785fe2a99c704f42d95 squid-3.3.12.tar.bz2 +80360600275cb1b9c484c41c169dedc841c92fa519e9f146bb66fdb947b2dc897a72d49509180f88c4d9fb373457c9117838599ad41e272ecb2972738e905b7f squid-3.3.9-loggable-urlgroup.patch c5a230fe1f4dda8a3ab064f07c2b93a6f6e3ebdf290cb45da262300d06ac28aa4470a80c8f14db5c9ff4dcc478933d9882bef638a566fe8ad66aec1f96f80be3 cf_gen-pthread.patch b477397f205ba207502a42aae674c85cad85eec831158ea0834361d98ef09a0f103d7a847e101bdd0ece73bbdda9b545960edd5385042bd593733810977e292a bug-3679.patch d16178aef007bafa976b89def4371fdd05f26c5ab558f6619bf6f6ca915fc783d2314d7d8e96032abfaf7b3f8c8b746031f78a6be1f66245d9303ff3a9feb605 squid.initd diff --git a/main/squid/squid-3.2.0.16-loggable-urlgroup.patch b/main/squid/squid-3.2.0.16-loggable-urlgroup.patch deleted file mode 100644 index 41193ba85f..0000000000 --- a/main/squid/squid-3.2.0.16-loggable-urlgroup.patch +++ /dev/null @@ -1,111 +0,0 @@ -diff --git a/src/HttpRequest.cc b/src/HttpRequest.cc -index b464e65..0448078 100644 ---- a/src/HttpRequest.cc -+++ b/src/HttpRequest.cc -@@ -107,6 +107,7 @@ HttpRequest::init() - peer_login = NULL; // not allocated/deallocated by this class - peer_domain = NULL; // not allocated/deallocated by this class - vary_headers = NULL; -+ urlgroup = null_string; - myportname = null_string; - tag = null_string; - #if USE_AUTH -@@ -155,6 +156,7 @@ HttpRequest::clean() - range = NULL; - } - -+ urlgroup.clean(); - myportname.clean(); - - tag.clean(); -@@ -214,6 +216,7 @@ HttpRequest::clone() const - copy->vary_headers = vary_headers ? xstrdup(vary_headers) : NULL; - // XXX: what to do with copy->peer_domain? - -+ copy->urlgroup = urlgroup; - copy->myportname = myportname; - copy->tag = tag; - #if USE_AUTH -diff --git a/src/HttpRequest.h b/src/HttpRequest.h -index dc44fea..989624d 100644 ---- a/src/HttpRequest.h -+++ b/src/HttpRequest.h -@@ -187,6 +187,8 @@ public: - - char *peer_domain; /* Configured peer forceddomain */ - -+ String urlgroup; -+ - String myportname; // Internal tag name= value from port this requests arrived in. - - String tag; /* Internal tag for this request */ -diff --git a/src/client_side_request.cc b/src/client_side_request.cc -index 0c3113b..d1947e9 100644 ---- a/src/client_side_request.cc -+++ b/src/client_side_request.cc -@@ -1180,6 +1180,15 @@ ClientRequestContext::clientRedirectDone(char *result) - redirect_state = REDIRECT_DONE; - - if (result) { -+ if (result[0] == '!') { -+ char *t = strchr(result+1, '!'); -+ if (t != NULL) { -+ old_request->urlgroup.reset(NULL); -+ old_request->urlgroup.append(result + 1, t - result - 1); -+ result = t + 1; -+ } -+ } -+ - http_status status = (http_status) atoi(result); - - if (status == HTTP_MOVED_PERMANENTLY -@@ -1198,7 +1207,7 @@ ClientRequestContext::clientRedirectDone(char *result) - else - debugs(85, DBG_CRITICAL, "ERROR: URL-rewrite produces invalid 303 redirect Location: " << result); - } -- } else if (strcmp(result, http->uri)) { -+ } else if (result[0] != 0 && strcmp(result, http->uri)) { - // XXX: validate the URL properly *without* generating a whole new request object right here. - // XXX: the clone() should be done only AFTER we know the new URL is valid. - HttpRequest *new_request = old_request->clone(); -diff --git a/src/format/ByteCode.h b/src/format/ByteCode.h -index 8e345df..ddb0f8f 100644 ---- a/src/format/ByteCode.h -+++ b/src/format/ByteCode.h -@@ -65,6 +65,7 @@ typedef enum { - /*LFT_REQUEST_QUERY, */ - LFT_REQUEST_VERSION_OLD_2X, - LFT_REQUEST_VERSION, -+ LFT_REQUEST_URLGROUP, - - /* request header details pre-adaptation */ - LFT_REQUEST_HEADER, -diff --git a/src/format/Format.cc b/src/format/Format.cc -index 18348e8..2e65886 100644 ---- a/src/format/Format.cc -+++ b/src/format/Format.cc -@@ -907,6 +907,12 @@ Format::Format::assemble(MemBuf &mb, AccessLogEntry *al, int logSequenceNumber) - out = tmp; - break; - -+ case LFT_REQUEST_URLGROUP: -+ if (al->request) -+ out = al->request->urlgroup.termedBuf(); -+ quote = 1; -+ break; -+ - case LFT_SERVER_REQ_METHOD: - if (al->adapted_request) { - out = al->adapted_request->method.image(); -diff --git a/src/format/Token.cc b/src/format/Token.cc -index 6859e0a..8a8e5e7 100644 ---- a/src/format/Token.cc -+++ b/src/format/Token.cc -@@ -116,6 +116,7 @@ static TokenTableEntry TokenTable2C[] = { - {"rp", LFT_REQUEST_URLPATH_OLD_31}, - /* { "rq", LFT_REQUEST_QUERY }, * / / * the query-string, INCLUDING the leading ? */ - {"rv", LFT_REQUEST_VERSION}, -+ {"rG", LFT_REQUEST_URLGROUP}, - - {"vary_headers = vary_headers ? xstrdup(vary_headers) : NULL; + // XXX: what to do with copy->peer_domain? + ++ copy->urlgroup = urlgroup; + copy->tag = tag; + copy->extacl_log = extacl_log; + copy->extacl_message = extacl_message; +diff --git a/src/HttpRequest.h b/src/HttpRequest.h +index 8b89110..75ae8e6 100644 +--- a/src/HttpRequest.h ++++ b/src/HttpRequest.h +@@ -195,6 +195,8 @@ public: + + char *peer_domain; /* Configured peer forceddomain */ + ++ String urlgroup; ++ + String myportname; // Internal tag name= value from port this requests arrived in. + + String tag; /* Internal tag for this request */ +diff --git a/src/client_side_request.cc b/src/client_side_request.cc +index 1c467d9..00c5bbd 100644 +--- a/src/client_side_request.cc ++++ b/src/client_side_request.cc +@@ -1208,6 +1208,15 @@ ClientRequestContext::clientRedirectDone(char *result) + redirect_state = REDIRECT_DONE; + + if (result) { ++ if (result[0] == '!') { ++ char *t = strchr(result+1, '!'); ++ if (t != NULL) { ++ old_request->urlgroup.reset(NULL); ++ old_request->urlgroup.append(result + 1, t - result - 1); ++ result = t + 1; ++ } ++ } ++ + http_status status = (http_status) atoi(result); + + if (status == HTTP_MOVED_PERMANENTLY +@@ -1224,7 +1233,7 @@ ClientRequestContext::clientRedirectDone(char *result) + } else { + debugs(85, DBG_CRITICAL, "ERROR: URL-rewrite produces invalid " << status << " redirect Location: " << result); + } +- } else if (strcmp(result, http->uri)) { ++ } else if (result[0] != 0 && strcmp(result, http->uri)) { + // XXX: validate the URL properly *without* generating a whole new request object right here. + // XXX: the clone() should be done only AFTER we know the new URL is valid. + HttpRequest *new_request = old_request->clone(); +diff --git a/src/format/ByteCode.h b/src/format/ByteCode.h +index ef25149..557f35e 100644 +--- a/src/format/ByteCode.h ++++ b/src/format/ByteCode.h +@@ -65,6 +65,7 @@ typedef enum { + /*LFT_REQUEST_QUERY, */ + LFT_REQUEST_VERSION_OLD_2X, + LFT_REQUEST_VERSION, ++ LFT_REQUEST_URLGROUP, + + /* request header details pre-adaptation */ + LFT_REQUEST_HEADER, +diff --git a/src/format/Format.cc b/src/format/Format.cc +index 1717360..91ca16d 100644 +--- a/src/format/Format.cc ++++ b/src/format/Format.cc +@@ -923,6 +923,12 @@ Format::Format::assemble(MemBuf &mb, const AccessLogEntry::Pointer &al, int logS + out = tmp; + break; + ++ case LFT_REQUEST_URLGROUP: ++ if (al->request) ++ out = al->request->urlgroup.termedBuf(); ++ quote = 1; ++ break; ++ + case LFT_SERVER_REQ_METHOD: + if (al->adapted_request) { + out = al->adapted_request->method.image(); +diff --git a/src/format/Token.cc b/src/format/Token.cc +index 099dcbe..01fef74 100644 +--- a/src/format/Token.cc ++++ b/src/format/Token.cc +@@ -116,6 +116,7 @@ static TokenTableEntry TokenTable2C[] = { + {"rp", LFT_REQUEST_URLPATH_OLD_31}, + /* { "rq", LFT_REQUEST_QUERY }, * / / * the query-string, INCLUDING the leading ? */ + {"rv", LFT_REQUEST_VERSION}, ++ {"rG", LFT_REQUEST_URLGROUP}, + + {"