commit squid3 for openSUSE:11.3

2 Sep 2011

Hello community,

here is the log from the commit of package squid3 for openSUSE:11.3
checked in at Fri Sep 2 16:29:13 CEST 2011.



--------

--- old-versions/11.3/UPDATES/all/squid3/squid3.changes	2010-10-14 15:37:08.000000000 +0200
+++ 11.3/squid3/squid3.changes	2011-08-31 20:17:14.000000000 +0200
@@ -1,0 +2,8 @@
+Wed Aug 31 20:16:26 CEST 2011 - draht@suse.de
+
+- squid-3.0-bnc715171-CVE-2011-3205.patch fixes CVE-2011-3205,
+  a regression of CVE-2005-0094: error in parsing responses from
+  gopher servers, resulting in a buffer overflow that crashes
+  squid. [bnc#715171]
+
+-------------------------------------------------------------------

calling whatdependson for 11.3-i586


New:
----
  squid-3.0-bnc715171-CVE-2011-3205.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ squid3.spec ++++++
--- /var/tmp/diff_new_pack.KikFTl/_old	2011-09-02 16:28:49.000000000 +0200
+++ /var/tmp/diff_new_pack.KikFTl/_new	2011-09-02 16:28:49.000000000 +0200
@@ -1,7 +1,7 @@
 #
-# spec file for package squid3 (Version 3.0.STABLE25)
+# spec file for package squid3
 #
-# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -26,7 +26,7 @@
 Name:           squid3
 Summary:        Squid Version 3 WWW Proxy Server
 Version:        3.0.STABLE25
-Release:        2.<RELEASE1>
+Release:        2.<RELEASE3>
 License:        GPLv2+
 Url:            http://www.squid-cache.org/Versions/v3
 Group:          Productivity/Networking/Web/Proxy
@@ -79,6 +79,7 @@
 Patch103:       squid-beta-3.0-openldap.patch
 Patch104:       squid-beta-3.0-mem_node_64bit.patch
 Patch105:       squid-3.0-9189-bnc637287-CVE-2010-3072.patch
+Patch106:       squid-3.0-bnc715171-CVE-2011-3205.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 BuildRequires:  db-devel expat gcc-c++
 %if 0%{?sles_version} == 9
@@ -153,6 +154,7 @@
 %patch103 -p1
 %patch104 -p1
 %patch105 -p1
+%patch106
 #
 chmod a-x CREDITS
 

++++++ squid-3.0-bnc715171-CVE-2011-3205.patch ++++++
------------------------------------------------------------
revno: 9193
revision-id: squid3@treenet.co.nz-20110827134204-8h1hv8plh32x38w2
parent: squid3@treenet.co.nz-20110811162957-wo82ojcx4yi70cme
author: Henrik Nordstrom 
committer: Amos Jeffries 
branch nick: SQUID_3_0
timestamp: Sat 2011-08-27 07:42:04 -0600
message:
  Correct parsing of large Gopher indexes
------------------------------------------------------------
# Bazaar merge directive format 2 (Bazaar 0.90)
# revision_id: squid3@treenet.co.nz-20110827134204-8h1hv8plh32x38w2
# target_branch: http://www.squid-cache.org/bzr/squid3/branches\
#   /SQUID_3_0/
# testament_sha1: f03a19d631403576f2b1d714c2181043c6771146
# timestamp: 2011-08-27 13:45:22 +0000
# source_branch: http://bzr.squid-cache.org/bzr/squid3/branches\
#   /SQUID_3_0
# base_revision_id: squid3@treenet.co.nz-20110811162957-\
#   wo82ojcx4yi70cme
# 
# Begin patch
=== modified file 'src/gopher.cc'
--- src/gopher.cc	2009-09-24 09:43:50 +0000
+++ src/gopher.cc	2011-08-27 13:42:04 +0000
@@ -367,7 +367,6 @@
         return;
     }
 
-    inbuf[len] = '\0';
     String outbuf;
 
     if (!gopherState->HTML_header_added) {
@@ -383,75 +382,48 @@
         gopherState->HTML_pre = 1;
     }
 
-    while ((pos != NULL) && (pos < inbuf + len)) {
-
+    while (pos < inbuf + len) {
+        int llen;
+        int left = len - (pos - inbuf);
+        lpos = (char *)memchr(pos, '\n', left);
+        if (lpos) {
+            lpos++;             /* Next line is after \n */
+            llen = lpos - pos;
+        } else {
+            llen = left;
+        }
+        if (gopherState->len + llen >= TEMP_BUF_SIZE) {
+            debugs(10, 1, "GopherHTML: Buffer overflow. Lost some data on URL: " << entry->url()  );
+            llen = TEMP_BUF_SIZE - gopherState->len - 1;
+        }
+        if (!lpos) {
+            /* there is no complete line in inbuf */
+            /* copy it to temp buffer */
+            /* note: llen is adjusted above */
+            xmemcpy(gopherState->buf + gopherState->len, pos, llen);
+            gopherState->len += llen;
+            break;
+        }
+        if (!lpos) {
+            /* there is no complete line in inbuf */
+            /* copy it to temp buffer */
+            /* note: llen is adjusted above */
+            xmemcpy(gopherState->buf + gopherState->len, pos, llen);
+            gopherState->len += llen;
+            break;
+        }
         if (gopherState->len != 0) {
             /* there is something left from last tx. */
-            xstrncpy(line, gopherState->buf, gopherState->len + 1);
-
-            if (gopherState->len + len > TEMP_BUF_SIZE) {
-                debugs(10, 1, "GopherHTML: Buffer overflow. Lost some data on URL: " << entry->url()  );
-                len = TEMP_BUF_SIZE - gopherState->len;
-            }
-
-            lpos = (char *) memccpy(line + gopherState->len, inbuf, '\n', len);
-
-            if (lpos)
-                *lpos = '\0';
-            else {
-                /* there is no complete line in inbuf */
-                /* copy it to temp buffer */
-
-                if (gopherState->len + len > TEMP_BUF_SIZE) {
-                    debugs(10, 1, "GopherHTML: Buffer overflow. Lost some data on URL: " << entry->url()  );
-                    len = TEMP_BUF_SIZE - gopherState->len;
-                }
-
-                xmemcpy(gopherState->buf + gopherState->len, inbuf, len);
-                gopherState->len += len;
-                return;
-            }
-
-            /* skip one line */
-            pos = (char *) memchr(pos, '\n', len);
-
-            if (pos)
-                pos++;
-
-            /* we're done with the remain from last tx. */
+            xmemcpy(line, gopherState->buf, gopherState->len);
+            xmemcpy(line + gopherState->len, pos, llen);
+            llen += gopherState->len;
             gopherState->len = 0;
-
-            *(gopherState->buf) = '\0';
         } else {
-
-            lpos = (char *) memccpy(line, pos, '\n', len - (pos - inbuf));
-
-            if (lpos)
-                *lpos = '\0';
-            else {
-                /* there is no complete line in inbuf */
-                /* copy it to temp buffer */
-
-                if ((len - (pos - inbuf)) > TEMP_BUF_SIZE) {
-                    debugs(10, 1, "GopherHTML: Buffer overflow. Lost some data on URL: " << entry->url()  );
-                    len = TEMP_BUF_SIZE;
-                }
-
-                if (len > (pos - inbuf)) {
-                    xmemcpy(gopherState->buf, pos, len - (pos - inbuf));
-                    gopherState->len = len - (pos - inbuf);
-                }
-
-                break;
-            }
-
-            /* skip one line */
-            pos = (char *) memchr(pos, '\n', len);
-
-            if (pos)
-                pos++;
-
+            xmemcpy(line, pos, llen);
         }
+        line[llen + 1] = '\0';
+        /* move input to next line */
+        pos = lpos;
 
         /* at this point. We should have one line in buffer to process */
 


++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++



Remember to have fun...

-- 
To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-commit+help@opensuse.org

    

commit squid3 for openSUSE:11.3

root＠hilbert.suse.de