commit squidGuard for openSUSE:Factory

14 Oct 2010

Hello community,

here is the log from the commit of package squidGuard for openSUSE:Factory
checked in at Thu Oct 14 16:44:43 CEST 2010.



--------

--- squidGuard/squidGuard.changes	2010-07-14 11:44:01.000000000 +0200
+++ squidGuard/squidGuard.changes	2010-10-14 15:15:07.000000000 +0200
@@ -1,0 +2,11 @@
+Thu Oct 14 13:14:50 UTC 2010 - puzel@novell.com
+
+- fix squidGuard-CVE-2009-3826.patch patch 
+
+-------------------------------------------------------------------
+Thu Jul 29 12:42:25 UTC 2010 - puzel@novell.com
+
+- add squidGuard-CVE-2009-3700.patch,
+  squidGuard-CVE-2009-3826.patch (bnc#550930)
+
+-------------------------------------------------------------------

calling whatdependson for head-i586


New:
----
  squidGuard-CVE-2009-3700.patch
  squidGuard-CVE-2009-3826.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ squidGuard.spec ++++++
--- /var/tmp/diff_new_pack.fVY4i7/_old	2010-10-14 16:44:19.000000000 +0200
+++ /var/tmp/diff_new_pack.fVY4i7/_new	2010-10-14 16:44:19.000000000 +0200
@@ -26,7 +26,7 @@
 Name:           squidGuard
 Summary:        Filter plugin for squid
 Version:        1.4
-Release:        3
+Release:        10
 License:        GPLv2+
 Group:          Productivity/Networking/Web/Proxy
 Url:            http://www.squidguard.org/
@@ -39,6 +39,8 @@
 Patch2:         squidGuard-config.patch
 Patch3:         squidGuard-trailing_dot.patch
 Patch4:         squidGuard-unusual_url_end.patch
+Patch5:         squidGuard-CVE-2009-3700.patch
+Patch6:         squidGuard-CVE-2009-3826.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 PreReq:         http_proxy
 BuildRequires:  bison db-devel flex openldap2-devel
@@ -92,6 +94,8 @@
 %patch2 -p0
 %patch3 -p0
 %patch4 -p0
+%patch5 -p1
+%patch6 -p1
 find -type d | xargs chmod 755
 cp %{SOURCE1} .
 # patch the test configs


++++++ squidGuard-CVE-2009-3700.patch ++++++
Index: squidGuard-1.4/src/sgLog.c
===================================================================
--- squidGuard-1.4.orig/src/sgLog.c	2007-11-16 17:58:32.000000000 +0100
+++ squidGuard-1.4/src/sgLog.c	2010-07-29 13:47:50.000000000 +0200
@@ -2,7 +2,7 @@
   By accepting this notice, you agree to be bound by the following
   agreements:
   
-  This software product, squidGuard, is copyrighted (C) 1998-2007
+  This software product, squidGuard, is copyrighted (C) 1998-2009
   by Christine Kronberg, Shalla Secure Services. All rights reserved.
  
   This program is free software; you can redistribute it and/or modify it
@@ -55,8 +55,8 @@ void sgLog(log, format, va_alist)
   char msg[MAX_BUF];
   va_list ap;
   VA_START(ap, format);
-  if(vsprintf(msg, format, ap) > (MAX_BUF - 1)) 
-    fprintf(stderr,"overflow in vsprintf (sgLog): %s",strerror(errno));
+  if(vsnprintf(msg, MAX_BUF, format, ap) > (MAX_BUF - 1)) 
+    fprintf(stderr,"overflow in vsnprintf (sgLog): %s",strerror(errno));
   va_end(ap);
   date = niso(0);
   if(globalDebug || log == NULL) {
@@ -87,8 +87,8 @@ void sgLogError(format, va_alist)
   char msg[MAX_BUF];
   va_list ap;
   VA_START(ap, format);
-  if(vsprintf(msg, format, ap) > (MAX_BUF - 1)) 
-    sgLogFatalError("overflow in vsprintf (sgLogError): %s",strerror(errno));
+  if(vsnprintf(msg, MAX_BUF, format, ap) > (MAX_BUF - 1)) 
+    sgLog(globalErrorLog, "overflow in vsnprintf (sgLogError): %s",strerror(errno));
   va_end(ap);
   sgLog(globalErrorLog,"%s",msg);
 }
@@ -104,8 +104,8 @@ void sgLogFatalError(format, va_alist)
   char msg[MAX_BUF];
   va_list ap;
   VA_START(ap, format);
-  if(vsprintf(msg, format, ap) > (MAX_BUF - 1)) 
-    return;
+  if(vsnprintf(msg, MAX_BUF, format, ap) > (MAX_BUF - 1)) 
+    sgLog(globalErrorLog, "overflow in vsnprintf (sgLogError): %s",strerror(errno));
   va_end(ap);
   sgLog(globalErrorLog,"%s",msg);
   sgEmergency();
++++++ squidGuard-CVE-2009-3826.patch ++++++
Index: squidGuard-1.4/src/sg.h.in
===================================================================
--- squidGuard-1.4.orig/src/sg.h.in
+++ squidGuard-1.4/src/sg.h.in
@@ -73,7 +73,7 @@ int tolower();
 #define REQUEST_TYPE_REDIRECT   2
 #define REQUEST_TYPE_PASS       3
 
-#define MAX_BUF 4096
+#define MAX_BUF 12288
 
 #define DEFAULT_LOGFILE "squidGuard.log"
 #define WARNING_LOGFILE "squidGuard.log"
Index: squidGuard-1.4/src/sgDiv.c.in
===================================================================
--- squidGuard-1.4.orig/src/sgDiv.c.in
+++ squidGuard-1.4/src/sgDiv.c.in
@@ -745,7 +745,7 @@ char *sgParseRedirect(redirect, req, acl
       p++;
       break;
     case 'u': /* Requested URL */
-      strcat(buf, req->orig);
+      strncat(buf, req->orig, 2048);
       p++;
       break;
     default:

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++



Remember to have fun...

-- 
To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-commit+help@opensuse.org

    

commit squidGuard for openSUSE:Factory

root＠hilbert.suse.de