Hello community,
here is the log from the commit of package squid3 for openSUSE:11.4
checked in at Fri Sep 2 16:30:17 CEST 2011.
--------
--- old-versions/11.4/UPDATES/all/squid3/squid3.changes 2011-05-16 22:27:27.000000000 +0200
+++ 11.4/squid3/squid3.changes 2011-08-31 20:10:46.000000000 +0200
@@ -1,0 +2,8 @@
+Wed Aug 31 20:09:53 CEST 2011 - draht@suse.de
+
+- squid-3.1.12-bnc715171-CVE-2011-3205.patch fixes CVE-2011-3205,
+ a regression of CVE-2005-0094: error in parsing responses from
+ gopher servers, resulting in a buffer overflow that crashes
+ squid. [bnc#715171]
+
+-------------------------------------------------------------------
calling whatdependson for 11.4-i586
New:
----
squid-3.1.12-bnc715171-CVE-2011-3205.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ squid3.spec ++++++
--- /var/tmp/diff_new_pack.bgcEEs/_old 2011-09-02 16:29:28.000000000 +0200
+++ /var/tmp/diff_new_pack.bgcEEs/_new 2011-09-02 16:29:28.000000000 +0200
@@ -23,7 +23,7 @@
Name: squid3
Summary: Squid Version 3 WWW Proxy Server
Version: 3.1.11
-Release: 4.<RELEASE5>
+Release: 4.<RELEASE7>
License: GPLv2+
Url: http://www.squid-cache.org/Versions/v3
Group: Productivity/Networking/Web/Proxy
@@ -57,6 +57,7 @@
#
Patch100: squid-3.1.4-config.patch
Patch101: squid-3.1.10-swapdir.patch
+Patch102: squid-3.1.12-bnc715171-CVE-2011-3205.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
# needed by bootstrap.sh
BuildRequires: ed
@@ -109,6 +110,7 @@
%if 0%{suse_version} > 1010
%patch101 -p1
%endif
+%patch102
perl -p -i -e 's|/usr/local/bin/perl|/usr/bin/perl|' `find -name "*.pl"`
chmod a-x CREDITS
++++++ squid-3.1.12-bnc715171-CVE-2011-3205.patch ++++++
------------------------------------------------------------
revno: 10363
revision-id: squid3@treenet.co.nz-20110827123251-pv05hzp2c3eqsfo7
parent: squid3@treenet.co.nz-20110827103801-7t58le1xf97991l0
author: Henrik Nordstrom
committer: Amos Jeffries
branch nick: SQUID_3_1
timestamp: Sat 2011-08-27 06:32:51 -0600
message:
Correct parsing of large Gopher indexes
------------------------------------------------------------
# Bazaar merge directive format 2 (Bazaar 0.90)
# revision_id: squid3@treenet.co.nz-20110827123251-pv05hzp2c3eqsfo7
# target_branch: http://bzr.squid-cache.org/bzr/squid3/branches\
# /SQUID_3_1/
# testament_sha1: 501b014e543aacb1eb458696e59e7122c408c3a6
# timestamp: 2011-08-27 12:53:09 +0000
# source_branch: http://bzr.squid-cache.org/bzr/squid3/branches\
# /SQUID_3_1
# base_revision_id: squid3@treenet.co.nz-20110827103801-\
# 7t58le1xf97991l0
#
# Begin patch
=== modified file 'src/gopher.cc'
--- src/gopher.cc 2010-08-18 01:38:05 +0000
+++ src/gopher.cc 2011-08-27 12:32:51 +0000
@@ -425,7 +425,6 @@
return;
}
- inbuf[len] = '\0';
String outbuf;
if (!gopherState->HTML_header_added) {
@@ -441,75 +440,48 @@
gopherState->HTML_pre = 1;
}
- while ((pos != NULL) && (pos < inbuf + len)) {
-
+ while (pos < inbuf + len) {
+ int llen;
+ int left = len - (pos - inbuf);
+ lpos = (char *)memchr(pos, '\n', left);
+ if (lpos) {
+ lpos++; /* Next line is after \n */
+ llen = lpos - pos;
+ } else {
+ llen = left;
+ }
+ if (gopherState->len + llen >= TEMP_BUF_SIZE) {
+ debugs(10, 1, "GopherHTML: Buffer overflow. Lost some data on URL: " << entry->url() );
+ llen = TEMP_BUF_SIZE - gopherState->len - 1;
+ }
+ if (!lpos) {
+ /* there is no complete line in inbuf */
+ /* copy it to temp buffer */
+ /* note: llen is adjusted above */
+ xmemcpy(gopherState->buf + gopherState->len, pos, llen);
+ gopherState->len += llen;
+ break;
+ }
+ if (!lpos) {
+ /* there is no complete line in inbuf */
+ /* copy it to temp buffer */
+ /* note: llen is adjusted above */
+ xmemcpy(gopherState->buf + gopherState->len, pos, llen);
+ gopherState->len += llen;
+ break;
+ }
if (gopherState->len != 0) {
/* there is something left from last tx. */
- xstrncpy(line, gopherState->buf, gopherState->len + 1);
-
- if (gopherState->len + len > TEMP_BUF_SIZE) {
- debugs(10, 1, "GopherHTML: Buffer overflow. Lost some data on URL: " << entry->url() );
- len = TEMP_BUF_SIZE - gopherState->len;
- }
-
- lpos = (char *) memccpy(line + gopherState->len, inbuf, '\n', len);
-
- if (lpos)
- *lpos = '\0';
- else {
- /* there is no complete line in inbuf */
- /* copy it to temp buffer */
-
- if (gopherState->len + len > TEMP_BUF_SIZE) {
- debugs(10, 1, "GopherHTML: Buffer overflow. Lost some data on URL: " << entry->url() );
- len = TEMP_BUF_SIZE - gopherState->len;
- }
-
- xmemcpy(gopherState->buf + gopherState->len, inbuf, len);
- gopherState->len += len;
- return;
- }
-
- /* skip one line */
- pos = (char *) memchr(pos, '\n', len);
-
- if (pos)
- pos++;
-
- /* we're done with the remain from last tx. */
+ xmemcpy(line, gopherState->buf, gopherState->len);
+ xmemcpy(line + gopherState->len, pos, llen);
+ llen += gopherState->len;
gopherState->len = 0;
-
- *(gopherState->buf) = '\0';
} else {
-
- lpos = (char *) memccpy(line, pos, '\n', len - (pos - inbuf));
-
- if (lpos)
- *lpos = '\0';
- else {
- /* there is no complete line in inbuf */
- /* copy it to temp buffer */
-
- if ((len - (pos - inbuf)) > TEMP_BUF_SIZE) {
- debugs(10, 1, "GopherHTML: Buffer overflow. Lost some data on URL: " << entry->url() );
- len = TEMP_BUF_SIZE;
- }
-
- if (len > (pos - inbuf)) {
- xmemcpy(gopherState->buf, pos, len - (pos - inbuf));
- gopherState->len = len - (pos - inbuf);
- }
-
- break;
- }
-
- /* skip one line */
- pos = (char *) memchr(pos, '\n', len);
-
- if (pos)
- pos++;
-
+ xmemcpy(line, pos, llen);
}
+ line[llen + 1] = '\0';
+ /* move input to next line */
+ pos = lpos;
/* at this point. We should have one line in buffer to process */
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Remember to have fun...
--
To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-commit+help@opensuse.org