Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 225165 Details for
Bug 301828
<net-proxy/squid-3.1.6-r1 DoS (CVE-2010-{0308,0639})
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Updated -gentoo patch, with fix for broken hunk
squid-3.0.25-gentoo.patch (text/plain), 13.55 KB, created by
Brian De Wolf
on 2010-03-24 23:36:13 UTC
(
hide
)
Description:
Updated -gentoo patch, with fix for broken hunk
Filename:
MIME Type:
Creator:
Brian De Wolf
Created:
2010-03-24 23:36:13 UTC
Size:
13.55 KB
patch
obsolete
>diff -ur squid-3.0.STABLE25.orig/acinclude.m4 squid-3.0.STABLE25.gentoo.patch/acinclude.m4 >--- squid-3.0.STABLE25.orig/acinclude.m4 2010-03-13 21:45:40.000000000 -0800 >+++ squid-3.0.STABLE25.gentoo.patch/acinclude.m4 2010-03-24 13:17:43.000000000 -0800 >@@ -75,7 +75,7 @@ > AC_MSG_CHECKING([whether compiler accepts -fhuge-objects]) > AC_CACHE_VAL([ac_cv_test_checkforhugeobjects],[ > ac_cv_test_checkforhugeobjects=`echo "int main(int argc, char **argv) { int foo; }" > conftest.cc >-${CXX} -Werror -fhuge-objects -o conftest.bin conftest.cc 2>/dev/null >+${CXX} -fhuge-objects -o conftest.bin conftest.cc 2>/dev/null > res=$? > rm -f conftest.* > echo yes >Only in squid-3.0.STABLE25.gentoo.patch/: acinclude.m4.orig >diff -ur squid-3.0.STABLE25.orig/configure.in squid-3.0.STABLE25.gentoo.patch/configure.in >--- squid-3.0.STABLE25.orig/configure.in 2010-03-13 21:45:43.000000000 -0800 >+++ squid-3.0.STABLE25.gentoo.patch/configure.in 2010-03-24 13:17:43.000000000 -0800 >@@ -15,9 +15,9 @@ > PRESET_LDFLAGS="$LDFLAGS" > > dnl Set default LDFLAGS >-if test -z "$LDFLAGS"; then >- LDFLAGS="-g" >-fi >+dnl if test -z "$LDFLAGS"; then >+dnl LDFLAGS="-g" >+dnl fi > > dnl Check for GNU cc > AC_PROG_CC >@@ -177,13 +177,13 @@ > dnl TODO: check if the problem will be present in any other newer MinGW release. > case "$host_os" in > mingw|mingw32) >- SQUID_CFLAGS="-Werror -Wall -Wpointer-arith -Wwrite-strings -Wcomments" >+ SQUID_CFLAGS="-Wall -Wpointer-arith -Wwrite-strings" > ;; > *) >- SQUID_CFLAGS="-Werror -Wall -Wpointer-arith -Wwrite-strings -Wmissing-prototypes -Wmissing-declarations -Wcomments" >+ SQUID_CFLAGS="-Wall -Wpointer-arith -Wwrite-strings -Wmissing-prototypes -Wmissing-declarations" > ;; > esac >- SQUID_CXXFLAGS="-Werror -Wall -Wpointer-arith -Wwrite-strings -Wcomments" >+ SQUID_CXXFLAGS="-Wall -Wpointer-arith -Wwrite-strings" > else > SQUID_CFLAGS= > SQUID_CXXFLAGS= >diff -ur squid-3.0.STABLE25.orig/helpers/basic_auth/MSNT/confload.c squid-3.0.STABLE25.gentoo.patch/helpers/basic_auth/MSNT/confload.c >--- squid-3.0.STABLE25.orig/helpers/basic_auth/MSNT/confload.c 2010-03-13 21:45:39.000000000 -0800 >+++ squid-3.0.STABLE25.gentoo.patch/helpers/basic_auth/MSNT/confload.c 2010-03-24 13:17:43.000000000 -0800 >@@ -27,7 +27,7 @@ > > /* Path to configuration file */ > #ifndef SYSCONFDIR >-#define SYSCONFDIR "/usr/local/squid/etc" >+#define SYSCONFDIR "/etc/squid" > #endif > #define CONFIGFILE SYSCONFDIR "/msntauth.conf" > >diff -ur squid-3.0.STABLE25.orig/helpers/basic_auth/MSNT/msntauth.conf.default squid-3.0.STABLE25.gentoo.patch/helpers/basic_auth/MSNT/msntauth.conf.default >--- squid-3.0.STABLE25.orig/helpers/basic_auth/MSNT/msntauth.conf.default 2010-03-13 21:45:40.000000000 -0800 >+++ squid-3.0.STABLE25.gentoo.patch/helpers/basic_auth/MSNT/msntauth.conf.default 2010-03-24 13:17:43.000000000 -0800 >@@ -8,6 +8,6 @@ > server other_PDC other_BDC otherdomain > > # Denied and allowed users. Comment these if not needed. >-#denyusers /usr/local/squid/etc/msntauth.denyusers >-#allowusers /usr/local/squid/etc/msntauth.allowusers >+#denyusers /etc/squid/msntauth.denyusers >+#allowusers /etc/squid/msntauth.allowusers > >diff -ur squid-3.0.STABLE25.orig/helpers/basic_auth/SMB/Makefile.am squid-3.0.STABLE25.gentoo.patch/helpers/basic_auth/SMB/Makefile.am >--- squid-3.0.STABLE25.orig/helpers/basic_auth/SMB/Makefile.am 2010-03-13 21:45:41.000000000 -0800 >+++ squid-3.0.STABLE25.gentoo.patch/helpers/basic_auth/SMB/Makefile.am 2010-03-24 13:17:43.000000000 -0800 >@@ -14,7 +14,7 @@ > ## FIXME: autoconf should test for the samba path. > > SMB_AUTH_HELPER = smb_auth.sh >-SAMBAPREFIX=/usr/local/samba >+SAMBAPREFIX=/usr > SMB_AUTH_HELPER_PATH = $(libexecdir)/$(SMB_AUTH_HELPER) > > libexec_SCRIPTS = $(SMB_AUTH_HELPER) >diff -ur squid-3.0.STABLE25.orig/helpers/basic_auth/SMB/smb_auth.sh squid-3.0.STABLE25.gentoo.patch/helpers/basic_auth/SMB/smb_auth.sh >--- squid-3.0.STABLE25.orig/helpers/basic_auth/SMB/smb_auth.sh 2010-03-13 21:45:41.000000000 -0800 >+++ squid-3.0.STABLE25.gentoo.patch/helpers/basic_auth/SMB/smb_auth.sh 2010-03-24 13:17:43.000000000 -0800 >@@ -24,7 +24,7 @@ > read AUTHSHARE > read AUTHFILE > read SMBUSER >-read SMBPASS >+read -r SMBPASS > > # Find domain controller > echo "Domain name: $DOMAINNAME" >@@ -47,7 +47,7 @@ > addropt="" > fi > echo "Query address options: $addropt" >-dcip=`$SAMBAPREFIX/bin/nmblookup $addropt "$PASSTHROUGH#1c" | awk '/^[0-9.]+ / { print $1 ; exit }'` >+dcip=`$SAMBAPREFIX/bin/nmblookup $addropt "$PASSTHROUGH#1c" | awk '/^[0-9.]+\..+ / { print $1 ; exit }'` > echo "Domain controller IP address: $dcip" > [ -n "$dcip" ] || exit 1 > >diff -ur squid-3.0.STABLE25.orig/helpers/external_acl/session/squid_session.8 squid-3.0.STABLE25.gentoo.patch/helpers/external_acl/session/squid_session.8 >--- squid-3.0.STABLE25.orig/helpers/external_acl/session/squid_session.8 2010-03-13 21:45:39.000000000 -0800 >+++ squid-3.0.STABLE25.gentoo.patch/helpers/external_acl/session/squid_session.8 2010-03-24 13:17:43.000000000 -0800 >@@ -35,7 +35,7 @@ > .P > Configuration example using the default automatic mode > .IP >-external_acl_type session ttl=300 negative_ttl=0 children=1 concurrency=200 %LOGIN /usr/local/squid/libexec/squid_session >+external_acl_type session ttl=300 negative_ttl=0 children=1 concurrency=200 %LOGIN /usr/libexec/squid/squid_session > .IP > acl session external session > .IP >diff -ur squid-3.0.STABLE25.orig/helpers/external_acl/unix_group/squid_unix_group.8 squid-3.0.STABLE25.gentoo.patch/helpers/external_acl/unix_group/squid_unix_group.8 >--- squid-3.0.STABLE25.orig/helpers/external_acl/unix_group/squid_unix_group.8 2010-03-13 21:45:43.000000000 -0800 >+++ squid-3.0.STABLE25.gentoo.patch/helpers/external_acl/unix_group/squid_unix_group.8 2010-03-24 13:17:43.000000000 -0800 >@@ -27,7 +27,7 @@ > This squid.conf example defines two Squid acls. usergroup1 matches users in group1, and usergroup2 > matches users in group2 or group3 > .IP >-external_acl_type unix_group %LOGIN /usr/local/squid/libexec/squid_unix_group -p >+external_acl_type unix_group %LOGIN /usr/libexec/squid/squid_unix_group -p > .IP > acl usergroup1 external unix_group group1 > .IP >diff -ur squid-3.0.STABLE25.orig/helpers/negotiate_auth/squid_kerb_auth/do.sh squid-3.0.STABLE25.gentoo.patch/helpers/negotiate_auth/squid_kerb_auth/do.sh >--- squid-3.0.STABLE25.orig/helpers/negotiate_auth/squid_kerb_auth/do.sh 2010-03-13 21:45:40.000000000 -0800 >+++ squid-3.0.STABLE25.gentoo.patch/helpers/negotiate_auth/squid_kerb_auth/do.sh 2010-03-24 13:17:43.000000000 -0800 >@@ -7,7 +7,7 @@ > # > CC=gcc > #CFLAGS="-Wall -Wextra -Werror -Wcomment -Wpointer-arith -Wcast-align -Wwrite-strings -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -Wdeclaration-after-statement -Wshadow -O2" >-CFLAGS="-Wall -Werror -Wcomment -Wpointer-arith -Wcast-align -Wwrite-strings -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -Wshadow -O2" >+CFLAGS="-Wall -Wpointer-arith -Wcast-align -Wwrite-strings -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -Wshadow -O2" > if [ "$1" = "HEIMDAL" ]; then > DEFINE="-DHEIMDAL -D__LITTLE_ENDIAN__" > INCLUDE="-I/usr/include/heimdal -Ispnegohelp" >diff -ur squid-3.0.STABLE25.orig/lib/libTrie/acinclude.m4 squid-3.0.STABLE25.gentoo.patch/lib/libTrie/acinclude.m4 >--- squid-3.0.STABLE25.orig/lib/libTrie/acinclude.m4 2010-03-13 21:45:39.000000000 -0800 >+++ squid-3.0.STABLE25.gentoo.patch/lib/libTrie/acinclude.m4 2010-03-24 13:25:11.000000000 -0800 >@@ -11,7 +11,7 @@ > AC_MSG_CHECKING([whether compiler accepts -fhuge-objects]) > AC_CACHE_VAL([ac_cv_test_checkforhugeobjects],[ > ac_cv_test_checkforhugeobjects=`echo "int main(int argc, char **argv) { int foo; }" > conftest.cc >-${CXX} -Werror -fhuge-objects -o conftest.bin conftest.cc 2>/dev/null >+${CXX} -fhuge-objects -o conftest.bin conftest.cc 2>/dev/null > res=$? > rm -f conftest.* > echo yes >Only in squid-3.0.STABLE25.gentoo.patch/lib/libTrie: acinclude.m4.orig >diff -ur squid-3.0.STABLE25.orig/lib/libTrie/configure.in squid-3.0.STABLE25.gentoo.patch/lib/libTrie/configure.in >--- squid-3.0.STABLE25.orig/lib/libTrie/configure.in 2010-03-13 21:45:41.000000000 -0800 >+++ squid-3.0.STABLE25.gentoo.patch/lib/libTrie/configure.in 2010-03-24 13:17:43.000000000 -0800 >@@ -58,8 +58,8 @@ > > dnl set useful flags > if test "$GCC" = "yes"; then >- TRIE_CFLAGS="-Werror -Wall -Wpointer-arith -Wwrite-strings -Wmissing-prototypes -Wmissing-declarations -Wcomments" >- TRIE_CXXFLAGS="-Werror -Wall -Wpointer-arith -Wwrite-strings -Wcomments" >+ TRIE_CFLAGS="-Wall -Wpointer-arith -Wwrite-strings -Wmissing-prototypes -Wmissing-declarations" >+ TRIE_CXXFLAGS="-Wall -Wpointer-arith -Wwrite-strings" > else > TRIE_CFLAGS= > TRIE_CXXFLAGS= >diff -ur squid-3.0.STABLE25.orig/src/cf.data.pre squid-3.0.STABLE25.gentoo.patch/src/cf.data.pre >--- squid-3.0.STABLE25.orig/src/cf.data.pre 2010-03-13 21:45:43.000000000 -0800 >+++ squid-3.0.STABLE25.gentoo.patch/src/cf.data.pre 2010-03-24 13:17:43.000000000 -0800 >@@ -652,6 +652,8 @@ > acl Safe_ports port 488 # gss-http > acl Safe_ports port 591 # filemaker > acl Safe_ports port 777 # multiling http >+acl Safe_ports port 901 # SWAT >+acl purge method PURGE > acl CONNECT method CONNECT > NOCOMMENT_END > DOC_END >@@ -685,6 +687,9 @@ > # Only allow cachemgr access from localhost > http_access allow manager localhost > http_access deny manager >+# Only allow purge requests from localhost >+http_access allow purge localhost >+http_access deny purge > # Deny requests to unknown ports > http_access deny !Safe_ports > # Deny CONNECT to other than SSL ports >@@ -702,6 +707,9 @@ > # from where browsing should be allowed > http_access allow localnet > >+# Allow the localhost to have access by default >+http_access allow localhost >+ > # And finally deny all other access to this proxy > http_access deny all > NOCOMMENT_END >@@ -3296,11 +3304,11 @@ > > NAME: cache_mgr > TYPE: string >-DEFAULT: webmaster >+DEFAULT: root > LOC: Config.adminEmail > DOC_START > Email-address of local cache manager who will receive >- mail if the cache dies. The default is "webmaster." >+ mail if the cache dies. The default is "root". > DOC_END > > NAME: mail_from >@@ -5268,6 +5276,9 @@ > If you disable this, it will appear as > > X-Forwarded-For: unknown >+NOCOMMENT_START >+forwarded_for off >+NOCOMMENT_END > DOC_END > > NAME: cachemgr_passwd >Only in squid-3.0.STABLE25.gentoo.patch/src: cf.data.pre.orig >diff -ur squid-3.0.STABLE25.orig/src/debug.cc squid-3.0.STABLE25.gentoo.patch/src/debug.cc >--- squid-3.0.STABLE25.orig/src/debug.cc 2010-03-13 21:45:39.000000000 -0800 >+++ squid-3.0.STABLE25.gentoo.patch/src/debug.cc 2010-03-24 13:17:43.000000000 -0800 >@@ -465,7 +465,7 @@ > #if HAVE_SYSLOG && defined(LOG_LOCAL4) > > if (opt_syslog_enable) >- openlog(appname, LOG_PID | LOG_NDELAY | LOG_CONS, syslog_facility); >+ openlog(appname, LOG_PID | LOG_NDELAY, syslog_facility); > > #endif /* HAVE_SYSLOG */ > >diff -ur squid-3.0.STABLE25.orig/src/defines.h squid-3.0.STABLE25.gentoo.patch/src/defines.h >--- squid-3.0.STABLE25.orig/src/defines.h 2010-03-13 21:45:41.000000000 -0800 >+++ squid-3.0.STABLE25.gentoo.patch/src/defines.h 2010-03-24 13:17:43.000000000 -0800 >@@ -218,7 +218,7 @@ > > /* were to look for errors if config path fails */ > #ifndef DEFAULT_SQUID_ERROR_DIR >-#define DEFAULT_SQUID_ERROR_DIR "/usr/local/squid/etc/errors" >+#define DEFAULT_SQUID_ERROR_DIR "/usr/share/squid/errors/English" > #endif > > /* handy to determine the #elements in a static array */ >diff -ur squid-3.0.STABLE25.orig/src/main.cc squid-3.0.STABLE25.gentoo.patch/src/main.cc >--- squid-3.0.STABLE25.orig/src/main.cc 2010-03-13 21:45:43.000000000 -0800 >+++ squid-3.0.STABLE25.gentoo.patch/src/main.cc 2010-03-24 13:17:43.000000000 -0800 >@@ -1512,7 +1512,7 @@ > if (*(argv[0]) == '(') > return; > >- openlog(appname, LOG_PID | LOG_NDELAY | LOG_CONS, LOG_LOCAL4); >+ openlog(appname, LOG_PID | LOG_NDELAY, LOG_DAEMON); > > if ((pid = fork()) < 0) > syslog(LOG_ALERT, "fork failed: %s", xstrerror()); >@@ -1556,7 +1556,7 @@ > > if ((pid = fork()) == 0) { > /* child */ >- openlog(appname, LOG_PID | LOG_NDELAY | LOG_CONS, LOG_LOCAL4); >+ openlog(appname, LOG_PID | LOG_NDELAY, LOG_DAEMON); > prog = xstrdup(argv[0]); > argv[0] = xstrdup("(squid)"); > execvp(prog, argv); >@@ -1564,7 +1564,7 @@ > } > > /* parent */ >- openlog(appname, LOG_PID | LOG_NDELAY | LOG_CONS, LOG_LOCAL4); >+ openlog(appname, LOG_PID | LOG_NDELAY, LOG_DAEMON); > > syslog(LOG_NOTICE, "Squid Parent: child process %d started", pid); > >Only in squid-3.0.STABLE25.gentoo.patch/src: main.cc.orig >diff -ur squid-3.0.STABLE25.orig/src/Makefile.am squid-3.0.STABLE25.gentoo.patch/src/Makefile.am >--- squid-3.0.STABLE25.orig/src/Makefile.am 2010-03-13 21:45:41.000000000 -0800 >+++ squid-3.0.STABLE25.gentoo.patch/src/Makefile.am 2010-03-24 13:17:43.000000000 -0800 >@@ -995,12 +995,12 @@ > DEFAULT_CONFIG_FILE = $(sysconfdir)/squid.conf > DEFAULT_MIME_TABLE = $(sysconfdir)/mime.conf > DEFAULT_DNSSERVER = $(libexecdir)/`echo dnsserver | sed '$(transform);s/$$/$(EXEEXT)/'` >-DEFAULT_LOG_PREFIX = $(localstatedir)/logs >+DEFAULT_LOG_PREFIX = $(localstatedir)/log/squid > DEFAULT_CACHE_LOG = $(DEFAULT_LOG_PREFIX)/cache.log > DEFAULT_ACCESS_LOG = $(DEFAULT_LOG_PREFIX)/access.log > DEFAULT_STORE_LOG = $(DEFAULT_LOG_PREFIX)/store.log >-DEFAULT_PID_FILE = $(DEFAULT_LOG_PREFIX)/squid.pid >-DEFAULT_SWAP_DIR = $(localstatedir)/cache >+DEFAULT_PID_FILE = $(localstatedir)/run/squid.pid >+DEFAULT_SWAP_DIR = $(localstatedir)/cache/squid > DEFAULT_PINGER = $(libexecdir)/`echo pinger | sed '$(transform);s/$$/$(EXEEXT)/'` > DEFAULT_UNLINKD = $(libexecdir)/`echo unlinkd | sed '$(transform);s/$$/$(EXEEXT)/'` > DEFAULT_DISKD = $(libexecdir)/`echo diskd | sed '$(transform);s/$$/$(EXEEXT)/'`
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 301828
: 225165 |
225167
|
225169
|
225171