summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorEray Aslan <eras@gentoo.org>2018-01-22 16:31:03 +0300
committerEray Aslan <eras@gentoo.org>2018-01-22 16:31:03 +0300
commit29756574c9577203cc2e7911c590c5876f16b6be (patch)
treeb455ed96f2c990851b36c47a75320d44873f81e6 /net-proxy
parentnet-proxy/squid: security bump (diff)
downloadgentoo-29756574c9577203cc2e7911c590c5876f16b6be.tar.gz
gentoo-29756574c9577203cc2e7911c590c5876f16b6be.tar.bz2
gentoo-29756574c9577203cc2e7911c590c5876f16b6be.zip
net-proxy/squid: add missing security patches
Package-Manager: Portage-2.3.20, Repoman-2.3.6
Diffstat (limited to 'net-proxy')
-rw-r--r--net-proxy/squid/files/squid-2018-1.patch28
-rw-r--r--net-proxy/squid/files/squid-2018-2.patch23
2 files changed, 51 insertions, 0 deletions
diff --git a/net-proxy/squid/files/squid-2018-1.patch b/net-proxy/squid/files/squid-2018-1.patch
new file mode 100644
index 00000000000..9392219a9ed
--- /dev/null
+++ b/net-proxy/squid/files/squid-2018-1.patch
@@ -0,0 +1,28 @@
+commit eb2db98a676321b814fc4a51c4fb7928a8bb45d9 (refs/remotes/origin/v3.5)
+Author: Amos Jeffries <yadij@users.noreply.github.com>
+Date: 2018-01-19 13:54:14 +1300
+
+ ESI: make sure endofName never exceeds tagEnd (#130)
+
+diff --git a/src/esi/CustomParser.cc b/src/esi/CustomParser.cc
+index d86d2d3..db634d9 100644
+--- a/src/esi/CustomParser.cc
++++ b/src/esi/CustomParser.cc
+@@ -121,7 +121,7 @@ ESICustomParser::parse(char const *dataToParse, size_t const lengthOfData, bool
+
+ char * endofName = strpbrk(const_cast<char *>(tag), w_space);
+
+- if (endofName > tagEnd)
++ if (!endofName || endofName > tagEnd)
+ endofName = const_cast<char *>(tagEnd);
+
+ *endofName = '\0';
+@@ -214,7 +214,7 @@ ESICustomParser::parse(char const *dataToParse, size_t const lengthOfData, bool
+
+ char * endofName = strpbrk(const_cast<char *>(tag), w_space);
+
+- if (endofName > tagEnd)
++ if (!endofName || endofName > tagEnd)
+ endofName = const_cast<char *>(tagEnd);
+
+ *endofName = '\0';
diff --git a/net-proxy/squid/files/squid-2018-2.patch b/net-proxy/squid/files/squid-2018-2.patch
new file mode 100644
index 00000000000..9ecd8a5b7cb
--- /dev/null
+++ b/net-proxy/squid/files/squid-2018-2.patch
@@ -0,0 +1,23 @@
+commit 8232b83d3fa47a1399f155cb829db829369fbae9 (refs/remotes/origin/v3.5)
+Author: squidadm <squidadm@users.noreply.github.com>
+Date: 2018-01-21 08:07:08 +1300
+
+ Fix indirect IP logging for transactions without a client connection (#129) (#136)
+
+diff --git a/src/client_side_request.cc b/src/client_side_request.cc
+index be124f3..203f89d 100644
+--- a/src/client_side_request.cc
++++ b/src/client_side_request.cc
+@@ -488,9 +488,9 @@ clientFollowXForwardedForCheck(allow_t answer, void *data)
+ * Ensure that the access log shows the indirect client
+ * instead of the direct client.
+ */
+- ConnStateData *conn = http->getConn();
+- conn->log_addr = request->indirect_client_addr;
+- http->al->cache.caddr = conn->log_addr;
++ http->al->cache.caddr = request->indirect_client_addr;
++ if (ConnStateData *conn = http->getConn())
++ conn->log_addr = request->indirect_client_addr;
+ }
+ request->x_forwarded_for_iterator.clean();
+ request->flags.done_follow_x_forwarded_for = true;