Hello community, here is the log from the commit of package squid3 for openSUSE:11.4 checked in at Fri Sep 2 16:30:17 CEST 2011.
-------- --- old-versions/11.4/UPDATES/all/squid3/squid3.changes 2011-05-16 22:27:27.000000000 +0200 +++ 11.4/squid3/squid3.changes 2011-08-31 20:10:46.000000000 +0200 @@ -1,0 +2,8 @@ +Wed Aug 31 20:09:53 CEST 2011 - [email protected] + +- squid-3.1.12-bnc715171-CVE-2011-3205.patch fixes CVE-2011-3205, + a regression of CVE-2005-0094: error in parsing responses from + gopher servers, resulting in a buffer overflow that crashes + squid. [bnc#715171] + +------------------------------------------------------------------- calling whatdependson for 11.4-i586 New: ---- squid-3.1.12-bnc715171-CVE-2011-3205.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ squid3.spec ++++++ --- /var/tmp/diff_new_pack.bgcEEs/_old 2011-09-02 16:29:28.000000000 +0200 +++ /var/tmp/diff_new_pack.bgcEEs/_new 2011-09-02 16:29:28.000000000 +0200 @@ -23,7 +23,7 @@ Name: squid3 Summary: Squid Version 3 WWW Proxy Server Version: 3.1.11 -Release: 4.<RELEASE5> +Release: 4.<RELEASE7> License: GPLv2+ Url: http://www.squid-cache.org/Versions/v3 Group: Productivity/Networking/Web/Proxy @@ -57,6 +57,7 @@ # Patch100: squid-3.1.4-config.patch Patch101: squid-3.1.10-swapdir.patch +Patch102: squid-3.1.12-bnc715171-CVE-2011-3205.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build # needed by bootstrap.sh BuildRequires: ed @@ -109,6 +110,7 @@ %if 0%{suse_version} > 1010 %patch101 -p1 %endif +%patch102 perl -p -i -e 's|/usr/local/bin/perl|/usr/bin/perl|' `find -name "*.pl"` chmod a-x CREDITS ++++++ squid-3.1.12-bnc715171-CVE-2011-3205.patch ++++++ ------------------------------------------------------------ revno: 10363 revision-id: [email protected] parent: [email protected] author: Henrik Nordstrom <[email protected]> committer: Amos Jeffries <[email protected]> branch nick: SQUID_3_1 timestamp: Sat 2011-08-27 06:32:51 -0600 message: Correct parsing of large Gopher indexes ------------------------------------------------------------ # Bazaar merge directive format 2 (Bazaar 0.90) # revision_id: [email protected] # target_branch: http://bzr.squid-cache.org/bzr/squid3/branches\ # /SQUID_3_1/ # testament_sha1: 501b014e543aacb1eb458696e59e7122c408c3a6 # timestamp: 2011-08-27 12:53:09 +0000 # source_branch: http://bzr.squid-cache.org/bzr/squid3/branches\ # /SQUID_3_1 # base_revision_id: [email protected]\ # 7t58le1xf97991l0 # # Begin patch === modified file 'src/gopher.cc' --- src/gopher.cc 2010-08-18 01:38:05 +0000 +++ src/gopher.cc 2011-08-27 12:32:51 +0000 @@ -425,7 +425,6 @@ return; } - inbuf[len] = '\0'; String outbuf; if (!gopherState->HTML_header_added) { @@ -441,75 +440,48 @@ gopherState->HTML_pre = 1; } - while ((pos != NULL) && (pos < inbuf + len)) { - + while (pos < inbuf + len) { + int llen; + int left = len - (pos - inbuf); + lpos = (char *)memchr(pos, '\n', left); + if (lpos) { + lpos++; /* Next line is after \n */ + llen = lpos - pos; + } else { + llen = left; + } + if (gopherState->len + llen >= TEMP_BUF_SIZE) { + debugs(10, 1, "GopherHTML: Buffer overflow. Lost some data on URL: " << entry->url() ); + llen = TEMP_BUF_SIZE - gopherState->len - 1; + } + if (!lpos) { + /* there is no complete line in inbuf */ + /* copy it to temp buffer */ + /* note: llen is adjusted above */ + xmemcpy(gopherState->buf + gopherState->len, pos, llen); + gopherState->len += llen; + break; + } + if (!lpos) { + /* there is no complete line in inbuf */ + /* copy it to temp buffer */ + /* note: llen is adjusted above */ + xmemcpy(gopherState->buf + gopherState->len, pos, llen); + gopherState->len += llen; + break; + } if (gopherState->len != 0) { /* there is something left from last tx. */ - xstrncpy(line, gopherState->buf, gopherState->len + 1); - - if (gopherState->len + len > TEMP_BUF_SIZE) { - debugs(10, 1, "GopherHTML: Buffer overflow. Lost some data on URL: " << entry->url() ); - len = TEMP_BUF_SIZE - gopherState->len; - } - - lpos = (char *) memccpy(line + gopherState->len, inbuf, '\n', len); - - if (lpos) - *lpos = '\0'; - else { - /* there is no complete line in inbuf */ - /* copy it to temp buffer */ - - if (gopherState->len + len > TEMP_BUF_SIZE) { - debugs(10, 1, "GopherHTML: Buffer overflow. Lost some data on URL: " << entry->url() ); - len = TEMP_BUF_SIZE - gopherState->len; - } - - xmemcpy(gopherState->buf + gopherState->len, inbuf, len); - gopherState->len += len; - return; - } - - /* skip one line */ - pos = (char *) memchr(pos, '\n', len); - - if (pos) - pos++; - - /* we're done with the remain from last tx. */ + xmemcpy(line, gopherState->buf, gopherState->len); + xmemcpy(line + gopherState->len, pos, llen); + llen += gopherState->len; gopherState->len = 0; - - *(gopherState->buf) = '\0'; } else { - - lpos = (char *) memccpy(line, pos, '\n', len - (pos - inbuf)); - - if (lpos) - *lpos = '\0'; - else { - /* there is no complete line in inbuf */ - /* copy it to temp buffer */ - - if ((len - (pos - inbuf)) > TEMP_BUF_SIZE) { - debugs(10, 1, "GopherHTML: Buffer overflow. Lost some data on URL: " << entry->url() ); - len = TEMP_BUF_SIZE; - } - - if (len > (pos - inbuf)) { - xmemcpy(gopherState->buf, pos, len - (pos - inbuf)); - gopherState->len = len - (pos - inbuf); - } - - break; - } - - /* skip one line */ - pos = (char *) memchr(pos, '\n', len); - - if (pos) - pos++; - + xmemcpy(line, pos, llen); } + line[llen + 1] = '\0'; + /* move input to next line */ + pos = lpos; /* at this point. We should have one line in buffer to process */ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
