diff options
author | taca <taca> | 2010-07-29 03:00:46 +0000 |
---|---|---|
committer | taca <taca> | 2010-07-29 03:00:46 +0000 |
commit | 5827e686e74e56e14bb4c92912c3216e4275c709 (patch) | |
tree | cb4d699f48a46ccfc7eab59b0734062780c82691 /www/squid27 | |
parent | ad9a5444a40561fadbef9cb5d031fa30097ea2ac (diff) | |
download | pkgsrc-5827e686e74e56e14bb4c92912c3216e4275c709.tar.gz |
Update squid27 package to 2.7.9 (2.7.STABLE9).
(CVE-2010-0308 is http://www.squid-cache.org/Advisories/SQUID-2010_1.txt.)
Changes to squid-2.7.STABLE9 (15 March 2010)
- 2.7.STABLE8 failed to compile with OpenSSL 0.9.8 on some systems
- failure to detect certain system libraries on some systems
resulting in compilation errors
Changes to squid-2.7.STABLE8 (10 March 2010)
- Bug #2458: reply_body_max_size incorrectly documented
- Bug #2858: Segment violation in HTCP
- Bug #2773: Segfault in RFC2069 Digest authantication
- 64-bit filesize issue in squidclient if trying to post a file > 2GB
- Improve %nn parser to better deal with certain odd %nn sequences
- Segmentation fault if failed to open cache.log
- Bug #2819: const correctness errors in dns_internal.c
- Handle DNS header-only packets as invalid. (CVE-2010-0308)
- Windows port: Updated mswin_ad_group native helper to version 2.1
- Cosmetic change to keep GCC happy
- Bug #2678 - storeurl_rewrite does not play nicely with vary
- Bug #2861 - only-if-cached request blocks if it collapsed into
another request
- Use libcap functions instead of raw kernel interface
- No need to sync the store on -k rotate, but instead it needs to be
done in reconfigure
- const correctness in OpenSSL initialization
- Rework the http digest auth parser
Diffstat (limited to 'www/squid27')
-rw-r--r-- | www/squid27/Makefile | 5 | ||||
-rw-r--r-- | www/squid27/distinfo | 10 | ||||
-rw-r--r-- | www/squid27/patches/patch-an | 24 | ||||
-rw-r--r-- | www/squid27/patches/patch-ao | 25 |
4 files changed, 6 insertions, 58 deletions
diff --git a/www/squid27/Makefile b/www/squid27/Makefile index 4adc906058f..6ea1babdfce 100644 --- a/www/squid27/Makefile +++ b/www/squid27/Makefile @@ -1,8 +1,7 @@ -# $NetBSD: Makefile,v 1.13 2010/02/20 15:11:40 tron Exp $ +# $NetBSD: Makefile,v 1.14 2010/07/29 03:00:46 taca Exp $ -DISTNAME= squid-2.7.STABLE7 +DISTNAME= squid-2.7.STABLE9 PKGNAME= ${DISTNAME:S/STABLE//} -PKGREVISION= 3 CATEGORIES= www MASTER_SITES= ${SQUID_MASTER_SITES} \ http://www.squid-cache.org/Versions/v2/2.7/ diff --git a/www/squid27/distinfo b/www/squid27/distinfo index 2aec2932ee8..720ae13f7e3 100644 --- a/www/squid27/distinfo +++ b/www/squid27/distinfo @@ -1,8 +1,8 @@ -$NetBSD: distinfo,v 1.8 2010/02/14 13:27:52 taca Exp $ +$NetBSD: distinfo,v 1.9 2010/07/29 03:00:46 taca Exp $ -SHA1 (squid-2.7.STABLE7.tar.bz2) = 0729116f309093e4f141e000136cdec39290628a -RMD160 (squid-2.7.STABLE7.tar.bz2) = a13df321fb0831de963c77f6e33e3f374634d353 -Size (squid-2.7.STABLE7.tar.bz2) = 1341869 bytes +SHA1 (squid-2.7.STABLE9.tar.bz2) = bd389da9b74fd338e358f6b3f83bd3a1ed4d4f6f +RMD160 (squid-2.7.STABLE9.tar.bz2) = bfa7c3dc3ede68646603f3379de35f44d7d8e97d +Size (squid-2.7.STABLE9.tar.bz2) = 1351366 bytes SHA1 (patch-aa) = e6b112b463b1bc996490c99b91945361f0c2506a SHA1 (patch-ab) = 0d8e73eab50a54bd9c8662ee418c0640f30fdeea SHA1 (patch-ac) = 175bc741bb2adc6b5f3452c6a8d25e594e7c3acd @@ -15,5 +15,3 @@ SHA1 (patch-ai) = a227e6fc622f1bda3fa49406b4d588c1f1f78430 SHA1 (patch-aj) = c5c7cd10a63a5066eee63988775f71758ed5463e SHA1 (patch-ak) = 6863cac0fe9100f4b8c3c05cb321324a4abf0a4c SHA1 (patch-al) = a9e957a90dc6956e59668c297dd8566642baecff -SHA1 (patch-an) = 9170bdd57f5428e7b64b4db2e1ffdee3c032643e -SHA1 (patch-ao) = 5df91c372baf8d81fcb47a5e847c7ed77bed8d7a diff --git a/www/squid27/patches/patch-an b/www/squid27/patches/patch-an deleted file mode 100644 index 63ab9b6562a..00000000000 --- a/www/squid27/patches/patch-an +++ /dev/null @@ -1,24 +0,0 @@ -$NetBSD: patch-an,v 1.1 2010/02/02 14:43:57 taca Exp $ - -This is fix for security problem: - -http://www.squid-cache.org/Advisories/SQUID-2010_1.txt - -Since the announced patch contains RCS style revision string, it never -applied to clearly. - -http://www.squid-cache.org/Versions/v2/HEAD/changesets/12597.patch. - ---- lib/rfc1035.c.orig 2008-06-19 01:11:44.000000000 +0000 -+++ lib/rfc1035.c -@@ -286,7 +286,9 @@ rfc1035NameUnpack(const char *buf, size_ - size_t len; - assert(ns > 0); - do { -- assert((*off) < sz); -+ if ((*off) >= sz) { -+ return 1; -+ } - c = *(buf + (*off)); - if (c > 191) { - /* blasted compression */ diff --git a/www/squid27/patches/patch-ao b/www/squid27/patches/patch-ao deleted file mode 100644 index 59ef9174e90..00000000000 --- a/www/squid27/patches/patch-ao +++ /dev/null @@ -1,25 +0,0 @@ -$NetBSD: patch-ao,v 1.1 2010/02/14 13:27:52 taca Exp $ - -This is fix for security problem: - -http://www.squid-cache.org/Advisories/SQUID-2010_2.txt - -Since the announced patch contains RCS style revision string, it never -applied to clearly. - -http://www.squid-cache.org/Versions/v2/2.7/changesets/12600.patch. - ---- src/htcp.c.orig 2008-05-04 23:23:13.000000000 +0000 -+++ src/htcp.c -@@ -950,6 +950,11 @@ htcpHandleClr(htcpDataHeader * hdr, char - debug(31, 3) ("htcpHandleClr: htcpUnpackSpecifier failed\n"); - return; - } -+ if (!s->request) { -+ debug(31, 2) ("htcpHandleTstRequest: failed to parse request\n"); -+ htcpFreeSpecifier(s); -+ return; -+ } - if (!htcpAccessCheck(Config.accessList.htcp_clr, s, from)) { - debug(31, 2) ("htcpHandleClr: Access denied\n"); - htcpFreeSpecifier(s); |