6 files changed, 44 insertions, 5 deletions

diff --git a/www/squid27/Makefile b/www/squid27/Makefile
index 46c29191d73..810be551472 100644
--- a/www/squid27/Makefile
+++ b/www/squid27/Makefile
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.15 2010/12/16 13:47:19 sborrill Exp $
+# $NetBSD: Makefile,v 1.16 2011/11/28 15:26:26 drochner Exp $
 
 DISTNAME=	squid-2.7.STABLE9
-PKGREVISION=	1
+PKGREVISION=	2
 
 PKGNAME=	${DISTNAME:S/STABLE//}
 CATEGORIES=	www
diff --git a/www/squid27/distinfo b/www/squid27/distinfo
index 720ae13f7e3..9feb8aeff3e 100644
--- a/www/squid27/distinfo
+++ b/www/squid27/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.9 2010/07/29 03:00:46 taca Exp $
+$NetBSD: distinfo,v 1.10 2011/11/28 15:26:26 drochner Exp $
 
 SHA1 (squid-2.7.STABLE9.tar.bz2) = bd389da9b74fd338e358f6b3f83bd3a1ed4d4f6f
 RMD160 (squid-2.7.STABLE9.tar.bz2) = bfa7c3dc3ede68646603f3379de35f44d7d8e97d
@@ -15,3 +15,4 @@ SHA1 (patch-ai) = a227e6fc622f1bda3fa49406b4d588c1f1f78430
 SHA1 (patch-aj) = c5c7cd10a63a5066eee63988775f71758ed5463e
 SHA1 (patch-ak) = 6863cac0fe9100f4b8c3c05cb321324a4abf0a4c
 SHA1 (patch-al) = a9e957a90dc6956e59668c297dd8566642baecff
+SHA1 (patch-am) = c31f27816578a05a909c4e64a646919d35e04c42
diff --git a/www/squid27/patches/patch-am b/www/squid27/patches/patch-am
new file mode 100644
index 00000000000..0d530ca2aed
--- /dev/null
+++ b/www/squid27/patches/patch-am
@@ -0,0 +1,18 @@
+$NetBSD: patch-am,v 1.3 2011/11/28 15:26:26 drochner Exp $
+
+protect against CVE-2011-4122
+
+--- helpers/basic_auth/PAM/pam_auth.c.orig	2005-05-17 16:56:25.000000000 +0000
++++ helpers/basic_auth/PAM/pam_auth.c
+@@ -188,6 +188,11 @@ start:
+ 	exit(1);
+     }
+ 
++    if (strchr(service, '/')) {
++	    fprintf(stderr, "Illegal service '%s'\n", service);
++	    exit(1);
++    }
++
+     while (fgets(buf, BUFSIZE, stdin)) {
+ 	user = buf;
+ 	password = strchr(buf, '\n');
diff --git a/www/squid31/Makefile b/www/squid31/Makefile
index aad68d445ab..f8fe243673b 100644
--- a/www/squid31/Makefile
+++ b/www/squid31/Makefile
@@ -1,7 +1,8 @@
-# $NetBSD: Makefile,v 1.34 2011/10/22 17:54:25 tron Exp $
+# $NetBSD: Makefile,v 1.35 2011/11/28 15:26:25 drochner Exp $
 
 DISTNAME=	squid-3.1.16
 PKGNAME=	${DISTNAME}	# Necessary for "pkgsrc/www/squid/options.mk"
+PKGREVISION=	1
 CATEGORIES=	www
 MASTER_SITES=	http://www.squid-cache.org/Versions/v3/3.1/ \
 		${SQUID_MASTER_SITES}
diff --git a/www/squid31/distinfo b/www/squid31/distinfo
index ff21eb43040..25a94252360 100644
--- a/www/squid31/distinfo
+++ b/www/squid31/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.31 2011/10/22 17:54:25 tron Exp $
+$NetBSD: distinfo,v 1.32 2011/11/28 15:26:25 drochner Exp $
 
 SHA1 (squid-3.1.16.tar.bz2) = 4d272921155165331205b039cebee2643158b5eb
 RMD160 (squid-3.1.16.tar.bz2) = df730d0c60b0d16a11c7157c55f1c89b0c6f1f65
@@ -7,5 +7,6 @@ SHA1 (patch-ad) = 2e8c05f220374240e5681efdd46379851c6bb50e
 SHA1 (patch-ae) = 944c24b28cf11f7a876150f8f0e131af5f3e354d
 SHA1 (patch-aj) = 9f250b7f645b2ee77243a617c1a7faa5c7956339
 SHA1 (patch-al) = 6fec093f8969aed96cb8ffb115d96f9d21ac1f63
+SHA1 (patch-am) = d6d52948f883d983b114c68cffb392cb8295f847
 SHA1 (patch-src_base_TidyPointer.h) = d616bc21f7ab640622b7c34cf9da8222d2ddb5cf
 SHA1 (patch-src_ssl_gadgets.cc) = c631940ffd3fc7f44bc1586169eb4fe13a79ab35
diff --git a/www/squid31/patches/patch-am b/www/squid31/patches/patch-am
new file mode 100644
index 00000000000..ed2fa93860d
--- /dev/null
+++ b/www/squid31/patches/patch-am
@@ -0,0 +1,18 @@
+$NetBSD: patch-am,v 1.4 2011/11/28 15:26:26 drochner Exp $
+
+protect against CVE-2011-4122
+
+--- helpers/basic_auth/PAM/pam_auth.c.orig	2011-10-13 08:30:05.000000000 +0000
++++ helpers/basic_auth/PAM/pam_auth.c
+@@ -196,6 +196,11 @@ start:
+         exit(1);
+     }
+ 
++    if (strchr(service, '/')) {
++	fprintf(stderr, "Illegal service '%s'\n", service);
++	exit(1);
++    }
++
+     while (fgets(buf, BUFSIZE, stdin)) {
+         user = buf;
+         password_buf = strchr(buf, '\n');