Apply a slightly modified vendor patch against SQUID-2007_2.

PR: ports/118433 Submitted by: maintainer Security: http://www.squid-cache.org/Advisories/SQUID-2007_2.txt Approved by: portmgr (pav)
svn path=/head/; revision=202906
2025-01-03 06:04:53 +00:00 · 2007-12-05 00:27:21 +00:00 · 2007-12-05 00:27:21 +00:00 · af4b2672cf · 2021-03-31 03:12:20 +00:00
commit af4b2672cf
parent 32287c1097
4 changed files with 288 additions and 0 deletions
--- a/www/squid30/Makefile
+++ b/www/squid30/Makefile
@ -63,6 +63,7 @@

 PORTNAME=	squid
 PORTVERSION=	3.0.r1.${PATCHSET_DATE}
+PORTREVISION=	1
 CATEGORIES=	www
 MASTER_SITES=	ftp://ftp.squid-cache.org/pub/%SUBDIR%/ \
 		ftp://mirrors.24-7-solutions.net/pub/squid/%SUBDIR%/ \
--- a/www/squid30/files/patch-secfix-2007-2
+++ b/www/squid30/files/patch-secfix-2007-2
@ -0,0 +1,143 @@
+Patch for the remote denial of service vulnerability as documented in
+Squid advisory 2007_2 (http://www.squid-cache.org/Advisories/SQUID-2007_2.txt):
+
+This is a slightly revised version of the original PatchSet 11211, with
+one hunk removed and path informations stripped in order to make it
+apply to otherwise unpatched 3.0.RC1 sources.
+
+Created: 2007-12-04 by Thomas-Martin Seck <tmseck@netcologne.de> for the
+FreeBSD port of Squid 3.0.
+
+---------------------
+PatchSet 11211 
+Date: 2007/11/26 13:09:54
+Author: hno
+Branch: HEAD
+Tag: (none) 
+Log:
+pack header entries on cache updates
+
+Members: 
+	include/Array.h:1.24->1.25 
+	src/HttpHeader.cc:1.137->1.138 
+	src/HttpHeader.h:1.23->1.24 
+	src/HttpReply.cc:1.96->1.97 
+
+Index: squid3/include/Array.h
+===================================================================
+RCS file: /cvsroot/squid/squid3/include/Array.h,v
+retrieving revision 1.24
+retrieving revision 1.25
+diff -u -r1.24 -r1.25
+--- include/Array.h	21 Nov 2005 22:43:41 -0000	1.24
+++ include/Array.h	26 Nov 2007 13:09:54 -0000	1.25
+@@ -1,5 +1,5 @@
+ /*
+- * $Id: Array.h,v 1.24 2005/11/21 22:43:41 wessels Exp $
+ * $Id: Array.h,v 1.25 2007/11/26 13:09:54 hno Exp $
+  *
+  * AUTHOR: Alex Rousskov
+  *
+@@ -98,6 +98,7 @@
+     E &back();
+     E pop_back();
+     E shift();         // aka pop_front
+    void prune(E);
+     void preAppend(int app_count);
+     bool empty() const;
+     size_t size() const;
+@@ -243,6 +244,22 @@
+     return items[size() - 1];
+ }
+ 
+template<class E>
+void
+Vector<E>::prune(E item)
+{
+    unsigned int n = 0;
+    for (unsigned int i = 0; i < count; i++) {
+	if (items[i] != item) {
+	    if (i != n)
+		items[n] = items[i];
+	    n++;
+	}
+    }
+
+    count = n;
+}
+
+ /* if you are going to append a known and large number of items, call this first */
+ template<class E>
+ void
+Index: squid3/src/HttpHeader.cc
+===================================================================
+RCS file: /cvsroot/squid/squid3/src/HttpHeader.cc,v
+retrieving revision 1.137
+retrieving revision 1.138
+diff -u -r1.137 -r1.138
+--- src/HttpHeader.cc	26 Nov 2007 12:31:37 -0000	1.137
+++ src/HttpHeader.cc	26 Nov 2007 13:09:55 -0000	1.138
+@@ -787,6 +787,15 @@
+ }
+ 
+ /*
+ * Compacts the header storage
+ */
+void
+HttpHeader::compact()
+{
+    entries.prune(NULL);
+}
+
+/*
+  * Refreshes the header mask. Required after delAt() calls.
+  */
+ void
+Index: squid3/src/HttpHeader.h
+===================================================================
+RCS file: /cvsroot/squid/squid3/src/HttpHeader.h,v
+retrieving revision 1.23
+retrieving revision 1.24
+diff -u -r1.23 -r1.24
+--- src/HttpHeader.h	13 Aug 2007 17:20:51 -0000	1.23
+++ src/HttpHeader.h	26 Nov 2007 13:09:55 -0000	1.24
+@@ -1,6 +1,6 @@
+ 
+ /*
+- * $Id: HttpHeader.h,v 1.23 2007/08/13 17:20:51 hno Exp $
+ * $Id: HttpHeader.h,v 1.24 2007/11/26 13:09:55 hno Exp $
+  *
+  *
+  * SQUID Web Proxy Cache          http://www.squid-cache.org/
+@@ -202,6 +202,7 @@
+     void clean();
+     void append(const HttpHeader * src);
+     void update (HttpHeader const *fresh, HttpHeaderMask const *denied_mask);
+    void compact();
+     int reset();
+     int parse(const char *header_start, const char *header_end);
+     void packInto(Packer * p) const;
+Index: squid3/src/HttpReply.cc
+===================================================================
+RCS file: /cvsroot/squid/squid3/src/HttpReply.cc,v
+retrieving revision 1.96
+retrieving revision 1.97
+diff -u -r1.96 -r1.97
+--- src/HttpReply.cc	13 Aug 2007 17:20:51 -0000	1.96
+++ src/HttpReply.cc	26 Nov 2007 13:09:55 -0000	1.97
+@@ -1,6 +1,6 @@
+ 
+ /*
+- * $Id: HttpReply.cc,v 1.96 2007/08/13 17:20:51 hno Exp $
+ * $Id: HttpReply.cc,v 1.97 2007/11/26 13:09:55 hno Exp $
+  *
+  * DEBUG: section 58    HTTP Reply (Response)
+  * AUTHOR: Alex Rousskov
+@@ -312,6 +312,7 @@
+     header.update(&freshRep->header,
+                   (const HttpHeaderMask *) &Denied304HeadersMask);
+ 
+    header.compact();
+     /* init cache */
+     hdrCacheInit();
+ }
--- a/www/squid31/Makefile
+++ b/www/squid31/Makefile
@ -63,6 +63,7 @@

 PORTNAME=	squid
 PORTVERSION=	3.0.r1.${PATCHSET_DATE}
+PORTREVISION=	1
 CATEGORIES=	www
 MASTER_SITES=	ftp://ftp.squid-cache.org/pub/%SUBDIR%/ \
 		ftp://mirrors.24-7-solutions.net/pub/squid/%SUBDIR%/ \
--- a/www/squid31/files/patch-secfix-2007-2
+++ b/www/squid31/files/patch-secfix-2007-2
@ -0,0 +1,143 @@
+Patch for the remote denial of service vulnerability as documented in
+Squid advisory 2007_2 (http://www.squid-cache.org/Advisories/SQUID-2007_2.txt):
+
+This is a slightly revised version of the original PatchSet 11211, with
+one hunk removed and path informations stripped in order to make it
+apply to otherwise unpatched 3.0.RC1 sources.
+
+Created: 2007-12-04 by Thomas-Martin Seck <tmseck@netcologne.de> for the
+FreeBSD port of Squid 3.0.
+
+---------------------
+PatchSet 11211 
+Date: 2007/11/26 13:09:54
+Author: hno
+Branch: HEAD
+Tag: (none) 
+Log:
+pack header entries on cache updates
+
+Members: 
+	include/Array.h:1.24->1.25 
+	src/HttpHeader.cc:1.137->1.138 
+	src/HttpHeader.h:1.23->1.24 
+	src/HttpReply.cc:1.96->1.97 
+
+Index: squid3/include/Array.h
+===================================================================
+RCS file: /cvsroot/squid/squid3/include/Array.h,v
+retrieving revision 1.24
+retrieving revision 1.25
+diff -u -r1.24 -r1.25
+--- include/Array.h	21 Nov 2005 22:43:41 -0000	1.24
+++ include/Array.h	26 Nov 2007 13:09:54 -0000	1.25
+@@ -1,5 +1,5 @@
+ /*
+- * $Id: Array.h,v 1.24 2005/11/21 22:43:41 wessels Exp $
+ * $Id: Array.h,v 1.25 2007/11/26 13:09:54 hno Exp $
+  *
+  * AUTHOR: Alex Rousskov
+  *
+@@ -98,6 +98,7 @@
+     E &back();
+     E pop_back();
+     E shift();         // aka pop_front
+    void prune(E);
+     void preAppend(int app_count);
+     bool empty() const;
+     size_t size() const;
+@@ -243,6 +244,22 @@
+     return items[size() - 1];
+ }
+ 
+template<class E>
+void
+Vector<E>::prune(E item)
+{
+    unsigned int n = 0;
+    for (unsigned int i = 0; i < count; i++) {
+	if (items[i] != item) {
+	    if (i != n)
+		items[n] = items[i];
+	    n++;
+	}
+    }
+
+    count = n;
+}
+
+ /* if you are going to append a known and large number of items, call this first */
+ template<class E>
+ void
+Index: squid3/src/HttpHeader.cc
+===================================================================
+RCS file: /cvsroot/squid/squid3/src/HttpHeader.cc,v
+retrieving revision 1.137
+retrieving revision 1.138
+diff -u -r1.137 -r1.138
+--- src/HttpHeader.cc	26 Nov 2007 12:31:37 -0000	1.137
+++ src/HttpHeader.cc	26 Nov 2007 13:09:55 -0000	1.138
+@@ -787,6 +787,15 @@
+ }
+ 
+ /*
+ * Compacts the header storage
+ */
+void
+HttpHeader::compact()
+{
+    entries.prune(NULL);
+}
+
+/*
+  * Refreshes the header mask. Required after delAt() calls.
+  */
+ void
+Index: squid3/src/HttpHeader.h
+===================================================================
+RCS file: /cvsroot/squid/squid3/src/HttpHeader.h,v
+retrieving revision 1.23
+retrieving revision 1.24
+diff -u -r1.23 -r1.24
+--- src/HttpHeader.h	13 Aug 2007 17:20:51 -0000	1.23
+++ src/HttpHeader.h	26 Nov 2007 13:09:55 -0000	1.24
+@@ -1,6 +1,6 @@
+ 
+ /*
+- * $Id: HttpHeader.h,v 1.23 2007/08/13 17:20:51 hno Exp $
+ * $Id: HttpHeader.h,v 1.24 2007/11/26 13:09:55 hno Exp $
+  *
+  *
+  * SQUID Web Proxy Cache          http://www.squid-cache.org/
+@@ -202,6 +202,7 @@
+     void clean();
+     void append(const HttpHeader * src);
+     void update (HttpHeader const *fresh, HttpHeaderMask const *denied_mask);
+    void compact();
+     int reset();
+     int parse(const char *header_start, const char *header_end);
+     void packInto(Packer * p) const;
+Index: squid3/src/HttpReply.cc
+===================================================================
+RCS file: /cvsroot/squid/squid3/src/HttpReply.cc,v
+retrieving revision 1.96
+retrieving revision 1.97
+diff -u -r1.96 -r1.97
+--- src/HttpReply.cc	13 Aug 2007 17:20:51 -0000	1.96
+++ src/HttpReply.cc	26 Nov 2007 13:09:55 -0000	1.97
+@@ -1,6 +1,6 @@
+ 
+ /*
+- * $Id: HttpReply.cc,v 1.96 2007/08/13 17:20:51 hno Exp $
+ * $Id: HttpReply.cc,v 1.97 2007/11/26 13:09:55 hno Exp $
+  *
+  * DEBUG: section 58    HTTP Reply (Response)
+  * AUTHOR: Alex Rousskov
+@@ -312,6 +312,7 @@
+     header.update(&freshRep->header,
+                   (const HttpHeaderMask *) &Denied304HeadersMask);
+ 
+    header.compact();
+     /* init cache */
+     hdrCacheInit();
+ }