Hello community, here is the log from the commit of package squid3 for openSUSE:11.3 checked in at Fri Sep 2 16:29:13 CEST 2011.
-------- --- old-versions/11.3/UPDATES/all/squid3/squid3.changes 2010-10-14 15:37:08.000000000 +0200 +++ 11.3/squid3/squid3.changes 2011-08-31 20:17:14.000000000 +0200 @@ -1,0 +2,8 @@ +Wed Aug 31 20:16:26 CEST 2011 - [email protected] + +- squid-3.0-bnc715171-CVE-2011-3205.patch fixes CVE-2011-3205, + a regression of CVE-2005-0094: error in parsing responses from + gopher servers, resulting in a buffer overflow that crashes + squid. [bnc#715171] + +------------------------------------------------------------------- calling whatdependson for 11.3-i586 New: ---- squid-3.0-bnc715171-CVE-2011-3205.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ squid3.spec ++++++ --- /var/tmp/diff_new_pack.KikFTl/_old 2011-09-02 16:28:49.000000000 +0200 +++ /var/tmp/diff_new_pack.KikFTl/_new 2011-09-02 16:28:49.000000000 +0200 @@ -1,7 +1,7 @@ # -# spec file for package squid3 (Version 3.0.STABLE25) +# spec file for package squid3 # -# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -26,7 +26,7 @@ Name: squid3 Summary: Squid Version 3 WWW Proxy Server Version: 3.0.STABLE25 -Release: 2.<RELEASE1> +Release: 2.<RELEASE3> License: GPLv2+ Url: http://www.squid-cache.org/Versions/v3 Group: Productivity/Networking/Web/Proxy @@ -79,6 +79,7 @@ Patch103: squid-beta-3.0-openldap.patch Patch104: squid-beta-3.0-mem_node_64bit.patch Patch105: squid-3.0-9189-bnc637287-CVE-2010-3072.patch +Patch106: squid-3.0-bnc715171-CVE-2011-3205.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: db-devel expat gcc-c++ %if 0%{?sles_version} == 9 @@ -153,6 +154,7 @@ %patch103 -p1 %patch104 -p1 %patch105 -p1 +%patch106 # chmod a-x CREDITS ++++++ squid-3.0-bnc715171-CVE-2011-3205.patch ++++++ ------------------------------------------------------------ revno: 9193 revision-id: [email protected] parent: [email protected] author: Henrik Nordstrom <[email protected]> committer: Amos Jeffries <[email protected]> branch nick: SQUID_3_0 timestamp: Sat 2011-08-27 07:42:04 -0600 message: Correct parsing of large Gopher indexes ------------------------------------------------------------ # Bazaar merge directive format 2 (Bazaar 0.90) # revision_id: [email protected] # target_branch: http://www.squid-cache.org/bzr/squid3/branches\ # /SQUID_3_0/ # testament_sha1: f03a19d631403576f2b1d714c2181043c6771146 # timestamp: 2011-08-27 13:45:22 +0000 # source_branch: http://bzr.squid-cache.org/bzr/squid3/branches\ # /SQUID_3_0 # base_revision_id: [email protected]\ # wo82ojcx4yi70cme # # Begin patch === modified file 'src/gopher.cc' --- src/gopher.cc 2009-09-24 09:43:50 +0000 +++ src/gopher.cc 2011-08-27 13:42:04 +0000 @@ -367,7 +367,6 @@ return; } - inbuf[len] = '\0'; String outbuf; if (!gopherState->HTML_header_added) { @@ -383,75 +382,48 @@ gopherState->HTML_pre = 1; } - while ((pos != NULL) && (pos < inbuf + len)) { - + while (pos < inbuf + len) { + int llen; + int left = len - (pos - inbuf); + lpos = (char *)memchr(pos, '\n', left); + if (lpos) { + lpos++; /* Next line is after \n */ + llen = lpos - pos; + } else { + llen = left; + } + if (gopherState->len + llen >= TEMP_BUF_SIZE) { + debugs(10, 1, "GopherHTML: Buffer overflow. Lost some data on URL: " << entry->url() ); + llen = TEMP_BUF_SIZE - gopherState->len - 1; + } + if (!lpos) { + /* there is no complete line in inbuf */ + /* copy it to temp buffer */ + /* note: llen is adjusted above */ + xmemcpy(gopherState->buf + gopherState->len, pos, llen); + gopherState->len += llen; + break; + } + if (!lpos) { + /* there is no complete line in inbuf */ + /* copy it to temp buffer */ + /* note: llen is adjusted above */ + xmemcpy(gopherState->buf + gopherState->len, pos, llen); + gopherState->len += llen; + break; + } if (gopherState->len != 0) { /* there is something left from last tx. */ - xstrncpy(line, gopherState->buf, gopherState->len + 1); - - if (gopherState->len + len > TEMP_BUF_SIZE) { - debugs(10, 1, "GopherHTML: Buffer overflow. Lost some data on URL: " << entry->url() ); - len = TEMP_BUF_SIZE - gopherState->len; - } - - lpos = (char *) memccpy(line + gopherState->len, inbuf, '\n', len); - - if (lpos) - *lpos = '\0'; - else { - /* there is no complete line in inbuf */ - /* copy it to temp buffer */ - - if (gopherState->len + len > TEMP_BUF_SIZE) { - debugs(10, 1, "GopherHTML: Buffer overflow. Lost some data on URL: " << entry->url() ); - len = TEMP_BUF_SIZE - gopherState->len; - } - - xmemcpy(gopherState->buf + gopherState->len, inbuf, len); - gopherState->len += len; - return; - } - - /* skip one line */ - pos = (char *) memchr(pos, '\n', len); - - if (pos) - pos++; - - /* we're done with the remain from last tx. */ + xmemcpy(line, gopherState->buf, gopherState->len); + xmemcpy(line + gopherState->len, pos, llen); + llen += gopherState->len; gopherState->len = 0; - - *(gopherState->buf) = '\0'; } else { - - lpos = (char *) memccpy(line, pos, '\n', len - (pos - inbuf)); - - if (lpos) - *lpos = '\0'; - else { - /* there is no complete line in inbuf */ - /* copy it to temp buffer */ - - if ((len - (pos - inbuf)) > TEMP_BUF_SIZE) { - debugs(10, 1, "GopherHTML: Buffer overflow. Lost some data on URL: " << entry->url() ); - len = TEMP_BUF_SIZE; - } - - if (len > (pos - inbuf)) { - xmemcpy(gopherState->buf, pos, len - (pos - inbuf)); - gopherState->len = len - (pos - inbuf); - } - - break; - } - - /* skip one line */ - pos = (char *) memchr(pos, '\n', len); - - if (pos) - pos++; - + xmemcpy(line, pos, llen); } + line[llen + 1] = '\0'; + /* move input to next line */ + pos = lpos; /* at this point. We should have one line in buffer to process */ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
