Hello community, here is the log from the commit of package squidGuard checked in at Wed Jul 4 23:54:48 CEST 2007. -------- --- squidGuard/squidGuard.changes 2007-05-10 18:55:53.000000000 +0200 +++ /mounts/work_src_done/STABLE/squidGuard/squidGuard.changes 2007-07-04 20:52:53.210970000 +0200 @@ -1,0 +2,8 @@ +Wed Jul 4 20:51:16 CEST 2007 - kssingvo@suse.de + +- fixes from upstream: + * double slash bug fix extracted from Patch-20070513 tarball + * regexp bug fix extracted from Patch-20070520 tarball + * compiler bug fix extracted from Patch-20070520 tarball + +------------------------------------------------------------------- New: ---- squidGuard-1.2.1-compile.patch squidGuard-1.2.1-double_slash.patch squidGuard-1.2.1-regexp.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ squidGuard.spec ++++++ --- /var/tmp/diff_new_pack.t11639/_old 2007-07-04 23:54:14.000000000 +0200 +++ /var/tmp/diff_new_pack.t11639/_new 2007-07-04 23:54:14.000000000 +0200 @@ -12,11 +12,11 @@ Name: squidGuard BuildRequires: bison db-devel flex openldap2-devel -License: GNU General Public License (GPL) +License: GPL v2 or later Group: Productivity/Networking/Web/Proxy Autoreqprov: on Version: 1.2.1 -Release: 1 +Release: 15 URL: http://www.squidguard.org/ Provides: squidgrd Obsoletes: squidgrd @@ -27,6 +27,9 @@ Source1: README.SuSE Patch0: squidGuard-1.2.1-config.patch Patch1: squidGuard-1.2.0-dbopen.patch +Patch2: squidGuard-1.2.1-double_slash.patch +Patch3: squidGuard-1.2.1-regexp.patch +Patch4: squidGuard-1.2.1-compile.patch %description SquidGuard is a free (GPL), flexible and ultra-fast filter, redirector, @@ -89,6 +92,11 @@ %doc contrib doc samples test %changelog +* Wed Jul 04 2007 - kssingvo@suse.de +- fixes from upstream: + * double slash bug fix extracted from Patch-20070513 tarball + * regexp bug fix extracted from Patch-20070520 tarball + * compiler bug fix extracted from Patch-20070520 tarball * Thu May 10 2007 - kssingvo@suse.de - upgrade to version 1.2.1: * Fixed multiple slash bypass vulnerabilty. ++++++ squidGuard-1.2.1-compile.patch ++++++ --- squidGuard-1.2.1-patch-20070513/src/sgDiv.c 2007-05-13 19:25:40.000000000 +0200 +++ squidGuard-1.2.1-patch-20070520/src/sgDiv.c 2007-05-20 20:55:26.000000000 +0200 @@ -94,6 +94,8 @@ { char *p, *d = NULL, *a = NULL, *e = NULL, *o, *field; int i = 0; + int report_once = 1; + size_t strsz; char c; int ndx = 0; @@ -126,8 +128,7 @@ */ /* Fix for multiple slash vulnerability (bug1). */ /* Check if there are still two or more slashes in sequence which must not happen */ - int report_once = 1; - size_t strsz = strlen(p); + strsz = strlen(p); /* loop thru the string 'p' until the char '?' is hit or the "end" is hit */ while('?' != p[ndx] && '\0' != p[ndx]) ++++++ squidGuard-1.2.1-double_slash.patch ++++++ --- squidGuard-1.2.1/src/sgDiv.c 2007-04-15 14:48:19.000000000 +0200 +++ squidGuard-1.2.1-patch-20070513/src/sgDiv.c 2007-05-13 19:25:40.000000000 +0200 @@ -127,21 +127,28 @@ /* Fix for multiple slash vulnerability (bug1). */ /* Check if there are still two or more slashes in sequence which must not happen */ int report_once = 1; + size_t strsz = strlen(p); - /* loop thru the string 'p' until the char '?' is hit */ + /* loop thru the string 'p' until the char '?' is hit or the "end" is hit */ while('?' != p[ndx] && '\0' != p[ndx]) { - /* if this char and the next char are slashes, - then shift the rest of the string left one char */ - if('/' == p[ndx] && '/' == p[ndx+1]) - { - size_t sz = strlen(p+ndx+1); - strncpy(p+ndx,p+ndx+1, sz); - p[ndx+sz] = '\0'; - if(1 == report_once) { - sgLogError("Warning: Possible bypass attempt. Found multiple slashes where only one is expected: %s", s->orig); - report_once--; + /* in case this is a '://' skip over it, but try to not read past EOS */ + if(3 <= strsz-ndx) { + if(':' == p[ndx] && '/' == p[ndx+1] && '/' == p[ndx+2]) { + ndx+=3; /* 3 == strlen("://"); */ + } } + + /* if this char and the next char are slashes, + * then shift the rest of the string left one char */ + if('/' == p[ndx] && '/' == p[ndx+1]) { + size_t sz = strlen(p+ndx+1); + strncpy(p+ndx,p+ndx+1, sz); + p[ndx+sz] = '\0'; + if(1 == report_once) { + sgLogError("Warning: Possible bypass attempt. Found multiple slashes where only one is expected: %s", s->orig); + report_once--; + } } else { ++++++ squidGuard-1.2.1-regexp.patch ++++++ --- squidGuard-1.2.1/src/sg.y.in 2007-02-02 14:37:07.000000000 +0100 +++ squidGuard-1.2.1-patch-20070520/src/sg.y.in 2007-05-20 20:55:33.000000000 +0200 @@ -2347,7 +2347,7 @@ } } if(aclpass->dest->regExp != NULL && access){ - if((result = sgRegExpMatch(aclpass->dest->regExp,req->url)) != 0){ + if((result = sgRegExpMatch(aclpass->dest->regExp,req->strippedurl)) != 0){ if(aclpass->access){ access++; break; ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org