rpms/squid/FC-4 squid-2.5.STABLE11-IMS-HEAD.patch, NONE, 1.1 squid-2.5.STABLE11-httpd_accel-internal.patch, NONE, 1.1 squid-2.5.STABLE11-redirect-CONNECT.patch, NONE, 1.1 squid-2.5.STABLE11-rfc1738_do_escape.patch, NONE, 1.1 squid-2.5.STABLE11-setcookie.patch, NONE, 1.1 squid.spec, 1.36, 1.37
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Thu Oct 20 08:44:32 UTC 2005
- Previous message (by thread): rpms/mod_perl/devel mod_perl.spec, 1.30, 1.31 mod_perl-2.0.0.tar.gz.asc, 1.1, NONE
- Next message (by thread): rpms/squid/FC-3 squid-2.5.STABLE11-IMS-HEAD.patch, NONE, 1.1 squid-2.5.STABLE11-httpd_accel-internal.patch, NONE, 1.1 squid-2.5.STABLE11-redirect-CONNECT.patch, NONE, 1.1 squid-2.5.STABLE11-rfc1738_do_escape.patch, NONE, 1.1 squid-2.5.STABLE11-setcookie.patch, NONE, 1.1 squid.spec, 1.35, 1.36
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: stransky
Update of /cvs/dist/rpms/squid/FC-4
In directory cvs.devel.redhat.com:/tmp/cvs-serv21678
Modified Files:
squid.spec
Added Files:
squid-2.5.STABLE11-IMS-HEAD.patch
squid-2.5.STABLE11-httpd_accel-internal.patch
squid-2.5.STABLE11-redirect-CONNECT.patch
squid-2.5.STABLE11-rfc1738_do_escape.patch
squid-2.5.STABLE11-setcookie.patch
Log Message:
fix for #171213 - CVE-2005-3258 Squid crash due to malformed FTP response, more fixes from upstream
squid-2.5.STABLE11-IMS-HEAD.patch:
http.c | 2 !!
1 files changed, 2 modifications(!)
--- NEW FILE squid-2.5.STABLE11-IMS-HEAD.patch ---
Index: squid/src/http.c
diff -c squid/src/http.c:1.384.2.33 squid/src/http.c:1.384.2.34
*** squid/src/http.c:1.384.2.33 Wed Sep 28 14:48:19 2005
--- squid/src/http.c Tue Oct 18 09:09:56 2005
***************
*** 841,847 ****
HttpHeaderPos pos = HttpHeaderInitPos;
httpHeaderInit(hdr_out, hoRequest);
/* append our IMS header */
! if (request->lastmod > -1 && request->method == METHOD_GET)
httpHeaderPutTime(hdr_out, HDR_IF_MODIFIED_SINCE, request->lastmod);
/* decide if we want to do Ranges ourselves
--- 841,847 ----
HttpHeaderPos pos = HttpHeaderInitPos;
httpHeaderInit(hdr_out, hoRequest);
/* append our IMS header */
! if (request->lastmod > -1)
httpHeaderPutTime(hdr_out, HDR_IF_MODIFIED_SINCE, request->lastmod);
/* decide if we want to do Ranges ourselves
squid-2.5.STABLE11-httpd_accel-internal.patch:
client_side.c | 6 !!!!!!
1 files changed, 6 modifications(!)
--- NEW FILE squid-2.5.STABLE11-httpd_accel-internal.patch ---
Index: squid/src/client_side.c
diff -c squid/src/client_side.c:1.561.2.86 squid/src/client_side.c:1.561.2.87
*** squid/src/client_side.c:1.561.2.86 Thu Sep 15 03:53:28 2005
--- squid/src/client_side.c Tue Oct 18 09:06:06 2005
***************
*** 2749,2755 ****
#endif
/* handle direct internal objects */
! if (!Config2.Accel.on && internalCheck(url)) {
/* prepend our name & port */
http->uri = xstrdup(internalLocalUri(NULL, url));
http->flags.accel = 1;
--- 2749,2755 ----
#endif
/* handle direct internal objects */
! if ((!Config2.Accel.on || Config.onoff.global_internal_static) && internalCheck(url)) {
/* prepend our name & port */
http->uri = xstrdup(internalLocalUri(NULL, url));
http->flags.accel = 1;
***************
*** 3145,3152 ****
request->flags.accelerated = http->flags.accel;
if (!http->flags.internal) {
if (internalCheck(strBuf(request->urlpath))) {
! if (internalHostnameIs(request->host) &&
! request->port == ntohs(Config.Sockaddr.http->s.sin_port)) {
http->flags.internal = 1;
} else if (Config.onoff.global_internal_static && internalStaticCheck(strBuf(request->urlpath))) {
xstrncpy(request->host, internalHostname(), SQUIDHOSTNAMELEN);
--- 3145,3152 ----
request->flags.accelerated = http->flags.accel;
if (!http->flags.internal) {
if (internalCheck(strBuf(request->urlpath))) {
! if (internalHostnameIs(request->host)) {
! request->port = ntohs(Config.Sockaddr.http->s.sin_port);
http->flags.internal = 1;
} else if (Config.onoff.global_internal_static && internalStaticCheck(strBuf(request->urlpath))) {
xstrncpy(request->host, internalHostname(), SQUIDHOSTNAMELEN);
squid-2.5.STABLE11-redirect-CONNECT.patch:
client_side.c | 5 !!!!!
1 files changed, 5 modifications(!)
--- NEW FILE squid-2.5.STABLE11-redirect-CONNECT.patch ---
Index: squid/src/client_side.c
diff -c squid/src/client_side.c:1.561.2.87 squid/src/client_side.c:1.561.2.88
*** squid/src/client_side.c:1.561.2.87 Tue Oct 18 09:06:06 2005
--- squid/src/client_side.c Tue Oct 18 09:14:12 2005
***************
*** 364,371 ****
} else {
debug(33, 1) ("clientRedirectDone: bad input: %s\n", result);
}
! }
! if (strcmp(result, http->uri))
new_request = urlParse(old_request->method, result);
}
if (new_request) {
--- 364,370 ----
} else {
debug(33, 1) ("clientRedirectDone: bad input: %s\n", result);
}
! } else if (strcmp(result, http->uri))
new_request = urlParse(old_request->method, result);
}
if (new_request) {
***************
*** 2450,2456 ****
debug(33, 4) ("clientProcessRequest: %s '%s'\n",
RequestMethodStr[r->method],
url);
! if (r->method == METHOD_CONNECT) {
http->log_type = LOG_TCP_MISS;
sslStart(http, &http->out.size, &http->al.http.code);
return;
--- 2449,2455 ----
debug(33, 4) ("clientProcessRequest: %s '%s'\n",
RequestMethodStr[r->method],
url);
! if (r->method == METHOD_CONNECT && !http->redirect.status) {
http->log_type = LOG_TCP_MISS;
sslStart(http, &http->out.size, &http->al.http.code);
return;
squid-2.5.STABLE11-rfc1738_do_escape.patch:
ftp.c | 24 +++-!!!!!!!!!!!!!!!!!!!!
1 files changed, 3 insertions(+), 1 deletion(-), 20 modifications(!)
--- NEW FILE squid-2.5.STABLE11-rfc1738_do_escape.patch ---
Index: squid/src/ftp.c
diff -c squid/src/ftp.c:1.316.2.32 squid/src/ftp.c:1.316.2.33
*** squid/src/ftp.c:1.316.2.32 Sat Sep 10 19:49:53 2005
--- squid/src/ftp.c Tue Oct 18 09:26:49 2005
***************
*** 438,444 ****
storeAppendPrintf(e, "</PRE>\n");
if (ftpState->flags.listformat_unknown && !ftpState->flags.tried_nlst) {
storeAppendPrintf(e, "<A HREF=\"%s/;type=d\">[As plain directory]</A>\n",
! ftpState->flags.dir_slash ? rfc1738_escape_part(ftpState->filepath) : ".");
} else if (ftpState->typecode == 'D') {
const char *path = ftpState->flags.dir_slash ? ftpState->filepath : ".";
storeAppendPrintf(e, "<A HREF=\"%s/\">[As extended directory]</A>\n", html_quote(path));
--- 438,444 ----
storeAppendPrintf(e, "</PRE>\n");
if (ftpState->flags.listformat_unknown && !ftpState->flags.tried_nlst) {
storeAppendPrintf(e, "<A HREF=\"%s/;type=d\">[As plain directory]</A>\n",
! ftpState->flags.dir_slash ? rfc1738_escape_part(ftpState->old_filepath) : ".");
} else if (ftpState->typecode == 'D') {
const char *path = ftpState->flags.dir_slash ? ftpState->filepath : ".";
storeAppendPrintf(e, "<A HREF=\"%s/\">[As extended directory]</A>\n", html_quote(path));
***************
*** 714,725 ****
"%2f/",
"Root Directory");
} else if (ftpState->flags.no_dotdot && !ftpState->flags.root_dir) {
/* Normal directory where last component is / or .. */
strcpy(href, "%2e%2e/");
strcpy(text, "Parent Directory");
! snprintf(link, 2048, "(<A HREF=\"%s\">%s</A>)",
! !ftpState->flags.dir_slash ? "../" : "./",
! "Back");
} else { /* NO_DOTDOT && ROOT_DIR */
/* "UNIX Root" directory */
strcpy(href, "/");
--- 714,736 ----
"%2f/",
"Root Directory");
} else if (ftpState->flags.no_dotdot && !ftpState->flags.root_dir) {
+ char *url;
/* Normal directory where last component is / or .. */
strcpy(href, "%2e%2e/");
strcpy(text, "Parent Directory");
! if (ftpState->flags.dir_slash) {
! url = xstrdup("./");
! } else {
! const char *title = strBuf(ftpState->title_url);
! int k = 6 + strcspn(&title[6], "/");
! char *t;
! url = xstrdup(title + k);
! t = url + strlen(url) - 2;
! while (t > url && *t != '/')
! *t-- = '\0';
! }
! snprintf(link, 2048, "(<A HREF=\"%s\">%s</A>)", url, "Back");
! safe_free(url);
} else { /* NO_DOTDOT && ROOT_DIR */
/* "UNIX Root" directory */
strcpy(href, "/");
***************
*** 1053,1058 ****
--- 1064,1071 ----
ftpState->flags.isdir = 1;
if (l == 1)
ftpState->flags.root_dir = 1;
+ } else {
+ ftpState->flags.dir_slash = 1;
}
}
***************
*** 1668,1678 ****
static void
ftpListDir(FtpStateData * ftpState)
{
! if (!ftpState->flags.isdir) {
debug(9, 3) ("Directory path did not end in /\n");
strCat(ftpState->title_url, "/");
ftpState->flags.isdir = 1;
- ftpState->flags.dir_slash = 1;
}
ftpSendPasv(ftpState);
}
--- 1681,1690 ----
static void
ftpListDir(FtpStateData * ftpState)
{
! if (ftpState->flags.dir_slash) {
debug(9, 3) ("Directory path did not end in /\n");
strCat(ftpState->title_url, "/");
ftpState->flags.isdir = 1;
}
ftpSendPasv(ftpState);
}
squid-2.5.STABLE11-setcookie.patch:
client_side.c | 1 +
1 files changed, 1 insertion(+)
--- NEW FILE squid-2.5.STABLE11-setcookie.patch ---
Index: squid/src/client_side.c
diff -c squid/src/client_side.c:1.561.2.88 squid/src/client_side.c:1.561.2.89
*** squid/src/client_side.c:1.561.2.88 Tue Oct 18 09:14:12 2005
--- squid/src/client_side.c Tue Oct 18 09:22:26 2005
***************
*** 2513,2518 ****
--- 2513,2519 ----
ErrorState *err = NULL;
debug(33, 4) ("clientProcessMiss: '%s %s'\n",
RequestMethodStr[r->method], url);
+ http->flags.hit = 0;
/*
* We might have a left-over StoreEntry from a failed cache hit
* or IMS request.
Index: squid.spec
===================================================================
RCS file: /cvs/dist/rpms/squid/FC-4/squid.spec,v
retrieving revision 1.36
retrieving revision 1.37
diff -u -r1.36 -r1.37
--- squid.spec 29 Sep 2005 12:41:50 -0000 1.36
+++ squid.spec 20 Oct 2005 08:44:28 -0000 1.37
@@ -5,7 +5,7 @@
Summary: The Squid proxy caching server.
Name: squid
Version: 2.5.STABLE11
-Release: 2.FC4
+Release: 3.FC4
Epoch: 7
License: GPL
Group: System Environment/Daemons
@@ -24,6 +24,11 @@
Patch103: squid-2.5.STABLE11.accel_single_host_pconn.patch
Patch104: squid-2.5.STABLE11-CACHE_HTTP_PORT.patch
Patch105: squid-2.5.STABLE11-CNAME.patch
+Patch106: squid-2.5.STABLE11-httpd_accel-internal.patch
+Patch107: squid-2.5.STABLE11-IMS-HEAD.patch
+Patch108: squid-2.5.STABLE11-redirect-CONNECT.patch
+Patch109: squid-2.5.STABLE11-setcookie.patch
+Patch110: squid-2.5.STABLE11-rfc1738_do_escape.patch
# Local patches
# Applying upstream patches first makes it less likely that local patches
@@ -62,6 +67,11 @@
%patch103 -p1
%patch104 -p1
%patch105 -p1
+%patch106 -p1
+%patch107 -p1
+%patch108 -p1
+%patch109 -p1
+%patch110 -p1
%patch201 -p1 -b .config
%patch202 -p1 -b .location
@@ -292,6 +302,10 @@
chgrp squid /var/cache/samba/winbindd_privileged > /dev/null 2>& 1 || true
%changelog
+* Thu Oct 20 2005 Martin Stransky <stransky at redhat.com> 7:2.5.STABLE11-3.FC4
+- fix for #171213 - CVE-2005-3258 Squid crash due to malformed FTP response
+- more fixes from upstream
+
* Thu Sep 29 2005 Martin Stransky <stransky at redhat.com> 7:2.5.STABLE11-2.FC4
- added patch for delay pools and some minor fixes
- Previous message (by thread): rpms/mod_perl/devel mod_perl.spec, 1.30, 1.31 mod_perl-2.0.0.tar.gz.asc, 1.1, NONE
- Next message (by thread): rpms/squid/FC-3 squid-2.5.STABLE11-IMS-HEAD.patch, NONE, 1.1 squid-2.5.STABLE11-httpd_accel-internal.patch, NONE, 1.1 squid-2.5.STABLE11-redirect-CONNECT.patch, NONE, 1.1 squid-2.5.STABLE11-rfc1738_do_escape.patch, NONE, 1.1 squid-2.5.STABLE11-setcookie.patch, NONE, 1.1 squid.spec, 1.35, 1.36
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-cvs-commits
mailing list