Hello community,
here is the log from the commit of package squid3 for openSUSE:11.3
checked in at Fri Sep 2 16:29:13 CEST 2011.
--------
--- old-versions/11.3/UPDATES/all/squid3/squid3.changes 2010-10-14 15:37:08.000000000 +0200
+++ 11.3/squid3/squid3.changes 2011-08-31 20:17:14.000000000 +0200
@@ -1,0 +2,8 @@
+Wed Aug 31 20:16:26 CEST 2011 - draht@suse.de
+
+- squid-3.0-bnc715171-CVE-2011-3205.patch fixes CVE-2011-3205,
+ a regression of CVE-2005-0094: error in parsing responses from
+ gopher servers, resulting in a buffer overflow that crashes
+ squid. [bnc#715171]
+
+-------------------------------------------------------------------
calling whatdependson for 11.3-i586
New:
----
squid-3.0-bnc715171-CVE-2011-3205.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ squid3.spec ++++++
--- /var/tmp/diff_new_pack.KikFTl/_old 2011-09-02 16:28:49.000000000 +0200
+++ /var/tmp/diff_new_pack.KikFTl/_new 2011-09-02 16:28:49.000000000 +0200
@@ -1,7 +1,7 @@
#
-# spec file for package squid3 (Version 3.0.STABLE25)
+# spec file for package squid3
#
-# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -26,7 +26,7 @@
Name: squid3
Summary: Squid Version 3 WWW Proxy Server
Version: 3.0.STABLE25
-Release: 2.<RELEASE1>
+Release: 2.<RELEASE3>
License: GPLv2+
Url: http://www.squid-cache.org/Versions/v3
Group: Productivity/Networking/Web/Proxy
@@ -79,6 +79,7 @@
Patch103: squid-beta-3.0-openldap.patch
Patch104: squid-beta-3.0-mem_node_64bit.patch
Patch105: squid-3.0-9189-bnc637287-CVE-2010-3072.patch
+Patch106: squid-3.0-bnc715171-CVE-2011-3205.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: db-devel expat gcc-c++
%if 0%{?sles_version} == 9
@@ -153,6 +154,7 @@
%patch103 -p1
%patch104 -p1
%patch105 -p1
+%patch106
#
chmod a-x CREDITS
++++++ squid-3.0-bnc715171-CVE-2011-3205.patch ++++++
------------------------------------------------------------
revno: 9193
revision-id: squid3@treenet.co.nz-20110827134204-8h1hv8plh32x38w2
parent: squid3@treenet.co.nz-20110811162957-wo82ojcx4yi70cme
author: Henrik Nordstrom
committer: Amos Jeffries
branch nick: SQUID_3_0
timestamp: Sat 2011-08-27 07:42:04 -0600
message:
Correct parsing of large Gopher indexes
------------------------------------------------------------
# Bazaar merge directive format 2 (Bazaar 0.90)
# revision_id: squid3@treenet.co.nz-20110827134204-8h1hv8plh32x38w2
# target_branch: http://www.squid-cache.org/bzr/squid3/branches\
# /SQUID_3_0/
# testament_sha1: f03a19d631403576f2b1d714c2181043c6771146
# timestamp: 2011-08-27 13:45:22 +0000
# source_branch: http://bzr.squid-cache.org/bzr/squid3/branches\
# /SQUID_3_0
# base_revision_id: squid3@treenet.co.nz-20110811162957-\
# wo82ojcx4yi70cme
#
# Begin patch
=== modified file 'src/gopher.cc'
--- src/gopher.cc 2009-09-24 09:43:50 +0000
+++ src/gopher.cc 2011-08-27 13:42:04 +0000
@@ -367,7 +367,6 @@
return;
}
- inbuf[len] = '\0';
String outbuf;
if (!gopherState->HTML_header_added) {
@@ -383,75 +382,48 @@
gopherState->HTML_pre = 1;
}
- while ((pos != NULL) && (pos < inbuf + len)) {
-
+ while (pos < inbuf + len) {
+ int llen;
+ int left = len - (pos - inbuf);
+ lpos = (char *)memchr(pos, '\n', left);
+ if (lpos) {
+ lpos++; /* Next line is after \n */
+ llen = lpos - pos;
+ } else {
+ llen = left;
+ }
+ if (gopherState->len + llen >= TEMP_BUF_SIZE) {
+ debugs(10, 1, "GopherHTML: Buffer overflow. Lost some data on URL: " << entry->url() );
+ llen = TEMP_BUF_SIZE - gopherState->len - 1;
+ }
+ if (!lpos) {
+ /* there is no complete line in inbuf */
+ /* copy it to temp buffer */
+ /* note: llen is adjusted above */
+ xmemcpy(gopherState->buf + gopherState->len, pos, llen);
+ gopherState->len += llen;
+ break;
+ }
+ if (!lpos) {
+ /* there is no complete line in inbuf */
+ /* copy it to temp buffer */
+ /* note: llen is adjusted above */
+ xmemcpy(gopherState->buf + gopherState->len, pos, llen);
+ gopherState->len += llen;
+ break;
+ }
if (gopherState->len != 0) {
/* there is something left from last tx. */
- xstrncpy(line, gopherState->buf, gopherState->len + 1);
-
- if (gopherState->len + len > TEMP_BUF_SIZE) {
- debugs(10, 1, "GopherHTML: Buffer overflow. Lost some data on URL: " << entry->url() );
- len = TEMP_BUF_SIZE - gopherState->len;
- }
-
- lpos = (char *) memccpy(line + gopherState->len, inbuf, '\n', len);
-
- if (lpos)
- *lpos = '\0';
- else {
- /* there is no complete line in inbuf */
- /* copy it to temp buffer */
-
- if (gopherState->len + len > TEMP_BUF_SIZE) {
- debugs(10, 1, "GopherHTML: Buffer overflow. Lost some data on URL: " << entry->url() );
- len = TEMP_BUF_SIZE - gopherState->len;
- }
-
- xmemcpy(gopherState->buf + gopherState->len, inbuf, len);
- gopherState->len += len;
- return;
- }
-
- /* skip one line */
- pos = (char *) memchr(pos, '\n', len);
-
- if (pos)
- pos++;
-
- /* we're done with the remain from last tx. */
+ xmemcpy(line, gopherState->buf, gopherState->len);
+ xmemcpy(line + gopherState->len, pos, llen);
+ llen += gopherState->len;
gopherState->len = 0;
-
- *(gopherState->buf) = '\0';
} else {
-
- lpos = (char *) memccpy(line, pos, '\n', len - (pos - inbuf));
-
- if (lpos)
- *lpos = '\0';
- else {
- /* there is no complete line in inbuf */
- /* copy it to temp buffer */
-
- if ((len - (pos - inbuf)) > TEMP_BUF_SIZE) {
- debugs(10, 1, "GopherHTML: Buffer overflow. Lost some data on URL: " << entry->url() );
- len = TEMP_BUF_SIZE;
- }
-
- if (len > (pos - inbuf)) {
- xmemcpy(gopherState->buf, pos, len - (pos - inbuf));
- gopherState->len = len - (pos - inbuf);
- }
-
- break;
- }
-
- /* skip one line */
- pos = (char *) memchr(pos, '\n', len);
-
- if (pos)
- pos++;
-
+ xmemcpy(line, pos, llen);
}
+ line[llen + 1] = '\0';
+ /* move input to next line */
+ pos = lpos;
/* at this point. We should have one line in buffer to process */
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Remember to have fun...
--
To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-commit+help@opensuse.org