Correct the patch for the NTLM helper vulnerability according
to <http://www.squid-cache.org/bugs/show_bug.cgi?id=998> Apply some cleanups: + prefer PATCHDIR over FILEDIR when referring patches + remove unnecessary quotes + move all substitution tasks to the post-patch target + use "${FALSE}" instead of "exit 1" to generate error 1 from a shell Bump PORTREVISION PR: ports/68078 Submitted by: maintainer
This commit is contained in:
parent
32cf0f0136
commit
172c7ee0d0
Notes:
svn2git
2021-03-31 03:12:20 +00:00
svn path=/head/; revision=111717
12 changed files with 72 additions and 138 deletions
|
@ -29,7 +29,7 @@
|
||||||
|
|
||||||
PORTNAME= squid
|
PORTNAME= squid
|
||||||
PORTVERSION= 2.5.5
|
PORTVERSION= 2.5.5
|
||||||
PORTREVISION= 10
|
PORTREVISION= 11
|
||||||
CATEGORIES= www
|
CATEGORIES= www
|
||||||
MASTER_SITES= \
|
MASTER_SITES= \
|
||||||
ftp://ftp.squid-cache.org/pub/%SUBDIR%/ \
|
ftp://ftp.squid-cache.org/pub/%SUBDIR%/ \
|
||||||
|
@ -218,7 +218,7 @@ CONFIGURE_ARGS+= --enable-pf-transparent
|
||||||
.if ${OSVERSION} < 502106
|
.if ${OSVERSION} < 502106
|
||||||
pf_includedir= ${LOCALBASE}/include/pf
|
pf_includedir= ${LOCALBASE}/include/pf
|
||||||
BUILD_DEPENDS+= ${pf_includedir}/net/pfvar.h:${PORTSDIR}/security/pf
|
BUILD_DEPENDS+= ${pf_includedir}/net/pfvar.h:${PORTSDIR}/security/pf
|
||||||
CFLAGS+= "-I${pf_includedir}"
|
CFLAGS+= -I${pf_includedir}
|
||||||
EXTRA_PATCHES+= ${WRKDIR}/pf_from_ports.patch
|
EXTRA_PATCHES+= ${WRKDIR}/pf_from_ports.patch
|
||||||
.endif
|
.endif
|
||||||
.endif
|
.endif
|
||||||
|
@ -284,18 +284,16 @@ CONFIGURE_ENV+= CFLAGS="${CFLAGS}" \
|
||||||
|
|
||||||
pre-patch:
|
pre-patch:
|
||||||
# Check whether we need to create the extra patch that makes pf(4)
|
# Check whether we need to create the extra patch that makes pf(4)
|
||||||
# visible for squid's configure script:
|
# visible to squid's configure script:
|
||||||
.if defined(pf_includedir)
|
.if defined(pf_includedir)
|
||||||
@${SED} -e 's|%%PF_INCLUDEDIR%%|${pf_includedir}|g' \
|
@${SED} -e 's|%%PF_INCLUDEDIR%%|${pf_includedir}|g' \
|
||||||
-e 's|%%PF_AC_INCLUDEPATH%%|${pf_includedir:S,/,_,g}|g' \
|
-e 's|%%PF_AC_INCLUDEPATH%%|${pf_includedir:S,/,_,g}|g' \
|
||||||
${FILESDIR}/pf_from_ports.patch.in >${WRKDIR}/pf_from_ports.patch
|
${PATCHDIR}/pf_from_ports.patch.in >${WRKDIR}/pf_from_ports.patch
|
||||||
.endif
|
.endif
|
||||||
|
|
||||||
post-patch:
|
post-patch:
|
||||||
@${REINPLACE_CMD} -e 's|-lpthread|${PTHREAD_LIBS}|g' ${WRKSRC}/configure
|
@${REINPLACE_CMD} -e 's|-lpthread|${PTHREAD_LIBS}|g' ${WRKSRC}/configure
|
||||||
@${REINPLACE_CMD} -e 's|/etc|${PREFIX}/etc|g' ${WRKSRC}/doc/squid.8
|
@${REINPLACE_CMD} -e 's|/etc|${PREFIX}/etc|g' ${WRKSRC}/doc/squid.8
|
||||||
|
|
||||||
pre-configure:
|
|
||||||
@${REINPLACE_CMD} -e 's|%%SQUID_UID%%|${SQUID_UID}|g' \
|
@${REINPLACE_CMD} -e 's|%%SQUID_UID%%|${SQUID_UID}|g' \
|
||||||
-e 's|%%SQUID_GID%%|${SQUID_GID}|g' ${WRKSRC}/src/cf.data.pre
|
-e 's|%%SQUID_GID%%|${SQUID_GID}|g' ${WRKSRC}/src/cf.data.pre
|
||||||
|
|
||||||
|
@ -348,10 +346,10 @@ changeuser:
|
||||||
.if ${SQUID_UID:L} == nobody
|
.if ${SQUID_UID:L} == nobody
|
||||||
@${ECHO_CMD} "'nobody' is a system user, you do not need to execute"; \
|
@${ECHO_CMD} "'nobody' is a system user, you do not need to execute"; \
|
||||||
${ECHO_CMD} "this target!"
|
${ECHO_CMD} "this target!"
|
||||||
exit 1
|
${FALSE}
|
||||||
.endif
|
.endif
|
||||||
@if [ `${ID} -u` -ne 0 ]; \
|
@if [ `${ID} -u` -ne 0 ]; \
|
||||||
then ${ECHO_CMD} "Sorry, you must be root to use this target."; exit 1; fi; \
|
then ${ECHO_CMD} "Sorry, you must be root to use this target."; ${FALSE}; fi; \
|
||||||
current_uid=`id -u ${SQUID_UID}`; \
|
current_uid=`id -u ${SQUID_UID}`; \
|
||||||
current_gid=`pw groupshow ${SQUID_GID}|cut -f 3 -d :`; \
|
current_gid=`pw groupshow ${SQUID_GID}|cut -f 3 -d :`; \
|
||||||
${ECHO_CMD} "I will remove this user:"; \
|
${ECHO_CMD} "I will remove this user:"; \
|
||||||
|
|
|
@ -3,18 +3,12 @@ helper which was reported by iDefense on the 07th June 2004.
|
||||||
Original advisory:
|
Original advisory:
|
||||||
<http://www.idefense.com/application/poi/display?id=107&type=vulnerabilities&flashstatus=false>
|
<http://www.idefense.com/application/poi/display?id=107&type=vulnerabilities&flashstatus=false>
|
||||||
CVE-ID: CAN-2004-0541
|
CVE-ID: CAN-2004-0541
|
||||||
Patch obtained from:
|
Patch and correction obtained from:
|
||||||
<http://www.squid-cache.org/~wessels/patch/libntlmssp.c.patch>
|
<http://www.squid-cache.org/~wessels/patch/libntlmssp.c.patch>
|
||||||
The patch was slightly modified by me (tmseck@netcologne.de) to make
|
<http://www.squid-cache.org/bugs/show_bug.cgi?id=998>
|
||||||
it apply cleanly to the FreeBSD port.
|
|
||||||
|
|
||||||
Index: libntlmssp.c
|
--- helpers/ntlm_auth/SMB/libntlmssp.c.orig Fri Nov 30 10:50:06 2001
|
||||||
===================================================================
|
+++ helpers/ntlm_auth/SMB/libntlmssp.c Fri Jun 18 13:17:35 2004
|
||||||
RCS file: /server/cvs-server/squid/squid/helpers/ntlm_auth/SMB/libntlmssp.c,v
|
|
||||||
retrieving revision 1.7
|
|
||||||
diff -u -3 -p -u -r1.7 libntlmssp.c
|
|
||||||
--- helpers/ntlm_auth/SMB/libntlmssp.c 30 Nov 2001 09:50:28 -0000 1.7
|
|
||||||
+++ helpers/ntlm_auth/SMB/libntlmssp.c 20 May 2004 22:31:33 -0000
|
|
||||||
@@ -161,7 +161,10 @@ make_challenge(char *domain, char *domai
|
@@ -161,7 +161,10 @@ make_challenge(char *domain, char *domai
|
||||||
#define min(A,B) (A<B?A:B)
|
#define min(A,B) (A<B?A:B)
|
||||||
|
|
||||||
|
@ -36,7 +30,7 @@ diff -u -3 -p -u -r1.7 libntlmssp.c
|
||||||
char *domain = credentials;
|
char *domain = credentials;
|
||||||
char *user;
|
char *user;
|
||||||
lstring tmp;
|
lstring tmp;
|
||||||
@@ -215,8 +218,13 @@ ntlm_check_auth(ntlm_authenticate * auth
|
@@ -215,6 +218,11 @@ ntlm_check_auth(ntlm_authenticate * auth
|
||||||
ntlm_errno = NTLM_LOGON_ERROR;
|
ntlm_errno = NTLM_LOGON_ERROR;
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
@ -46,11 +40,8 @@ diff -u -3 -p -u -r1.7 libntlmssp.c
|
||||||
+ return NULL;
|
+ return NULL;
|
||||||
+ }
|
+ }
|
||||||
memcpy(domain, tmp.str, tmp.l);
|
memcpy(domain, tmp.str, tmp.l);
|
||||||
- user = domain + tmp.l;
|
user = domain + tmp.l;
|
||||||
+ user = domain + tmp.l + 1;
|
|
||||||
*user++ = '\0';
|
*user++ = '\0';
|
||||||
|
|
||||||
/* debug("fetching user name\n"); */
|
|
||||||
@@ -226,20 +234,30 @@ ntlm_check_auth(ntlm_authenticate * auth
|
@@ -226,20 +234,30 @@ ntlm_check_auth(ntlm_authenticate * auth
|
||||||
ntlm_errno = NTLM_LOGON_ERROR;
|
ntlm_errno = NTLM_LOGON_ERROR;
|
||||||
return NULL;
|
return NULL;
|
||||||
|
|
|
@ -29,7 +29,7 @@
|
||||||
|
|
||||||
PORTNAME= squid
|
PORTNAME= squid
|
||||||
PORTVERSION= 2.5.5
|
PORTVERSION= 2.5.5
|
||||||
PORTREVISION= 10
|
PORTREVISION= 11
|
||||||
CATEGORIES= www
|
CATEGORIES= www
|
||||||
MASTER_SITES= \
|
MASTER_SITES= \
|
||||||
ftp://ftp.squid-cache.org/pub/%SUBDIR%/ \
|
ftp://ftp.squid-cache.org/pub/%SUBDIR%/ \
|
||||||
|
@ -218,7 +218,7 @@ CONFIGURE_ARGS+= --enable-pf-transparent
|
||||||
.if ${OSVERSION} < 502106
|
.if ${OSVERSION} < 502106
|
||||||
pf_includedir= ${LOCALBASE}/include/pf
|
pf_includedir= ${LOCALBASE}/include/pf
|
||||||
BUILD_DEPENDS+= ${pf_includedir}/net/pfvar.h:${PORTSDIR}/security/pf
|
BUILD_DEPENDS+= ${pf_includedir}/net/pfvar.h:${PORTSDIR}/security/pf
|
||||||
CFLAGS+= "-I${pf_includedir}"
|
CFLAGS+= -I${pf_includedir}
|
||||||
EXTRA_PATCHES+= ${WRKDIR}/pf_from_ports.patch
|
EXTRA_PATCHES+= ${WRKDIR}/pf_from_ports.patch
|
||||||
.endif
|
.endif
|
||||||
.endif
|
.endif
|
||||||
|
@ -284,18 +284,16 @@ CONFIGURE_ENV+= CFLAGS="${CFLAGS}" \
|
||||||
|
|
||||||
pre-patch:
|
pre-patch:
|
||||||
# Check whether we need to create the extra patch that makes pf(4)
|
# Check whether we need to create the extra patch that makes pf(4)
|
||||||
# visible for squid's configure script:
|
# visible to squid's configure script:
|
||||||
.if defined(pf_includedir)
|
.if defined(pf_includedir)
|
||||||
@${SED} -e 's|%%PF_INCLUDEDIR%%|${pf_includedir}|g' \
|
@${SED} -e 's|%%PF_INCLUDEDIR%%|${pf_includedir}|g' \
|
||||||
-e 's|%%PF_AC_INCLUDEPATH%%|${pf_includedir:S,/,_,g}|g' \
|
-e 's|%%PF_AC_INCLUDEPATH%%|${pf_includedir:S,/,_,g}|g' \
|
||||||
${FILESDIR}/pf_from_ports.patch.in >${WRKDIR}/pf_from_ports.patch
|
${PATCHDIR}/pf_from_ports.patch.in >${WRKDIR}/pf_from_ports.patch
|
||||||
.endif
|
.endif
|
||||||
|
|
||||||
post-patch:
|
post-patch:
|
||||||
@${REINPLACE_CMD} -e 's|-lpthread|${PTHREAD_LIBS}|g' ${WRKSRC}/configure
|
@${REINPLACE_CMD} -e 's|-lpthread|${PTHREAD_LIBS}|g' ${WRKSRC}/configure
|
||||||
@${REINPLACE_CMD} -e 's|/etc|${PREFIX}/etc|g' ${WRKSRC}/doc/squid.8
|
@${REINPLACE_CMD} -e 's|/etc|${PREFIX}/etc|g' ${WRKSRC}/doc/squid.8
|
||||||
|
|
||||||
pre-configure:
|
|
||||||
@${REINPLACE_CMD} -e 's|%%SQUID_UID%%|${SQUID_UID}|g' \
|
@${REINPLACE_CMD} -e 's|%%SQUID_UID%%|${SQUID_UID}|g' \
|
||||||
-e 's|%%SQUID_GID%%|${SQUID_GID}|g' ${WRKSRC}/src/cf.data.pre
|
-e 's|%%SQUID_GID%%|${SQUID_GID}|g' ${WRKSRC}/src/cf.data.pre
|
||||||
|
|
||||||
|
@ -348,10 +346,10 @@ changeuser:
|
||||||
.if ${SQUID_UID:L} == nobody
|
.if ${SQUID_UID:L} == nobody
|
||||||
@${ECHO_CMD} "'nobody' is a system user, you do not need to execute"; \
|
@${ECHO_CMD} "'nobody' is a system user, you do not need to execute"; \
|
||||||
${ECHO_CMD} "this target!"
|
${ECHO_CMD} "this target!"
|
||||||
exit 1
|
${FALSE}
|
||||||
.endif
|
.endif
|
||||||
@if [ `${ID} -u` -ne 0 ]; \
|
@if [ `${ID} -u` -ne 0 ]; \
|
||||||
then ${ECHO_CMD} "Sorry, you must be root to use this target."; exit 1; fi; \
|
then ${ECHO_CMD} "Sorry, you must be root to use this target."; ${FALSE}; fi; \
|
||||||
current_uid=`id -u ${SQUID_UID}`; \
|
current_uid=`id -u ${SQUID_UID}`; \
|
||||||
current_gid=`pw groupshow ${SQUID_GID}|cut -f 3 -d :`; \
|
current_gid=`pw groupshow ${SQUID_GID}|cut -f 3 -d :`; \
|
||||||
${ECHO_CMD} "I will remove this user:"; \
|
${ECHO_CMD} "I will remove this user:"; \
|
||||||
|
|
|
@ -3,18 +3,12 @@ helper which was reported by iDefense on the 07th June 2004.
|
||||||
Original advisory:
|
Original advisory:
|
||||||
<http://www.idefense.com/application/poi/display?id=107&type=vulnerabilities&flashstatus=false>
|
<http://www.idefense.com/application/poi/display?id=107&type=vulnerabilities&flashstatus=false>
|
||||||
CVE-ID: CAN-2004-0541
|
CVE-ID: CAN-2004-0541
|
||||||
Patch obtained from:
|
Patch and correction obtained from:
|
||||||
<http://www.squid-cache.org/~wessels/patch/libntlmssp.c.patch>
|
<http://www.squid-cache.org/~wessels/patch/libntlmssp.c.patch>
|
||||||
The patch was slightly modified by me (tmseck@netcologne.de) to make
|
<http://www.squid-cache.org/bugs/show_bug.cgi?id=998>
|
||||||
it apply cleanly to the FreeBSD port.
|
|
||||||
|
|
||||||
Index: libntlmssp.c
|
--- helpers/ntlm_auth/SMB/libntlmssp.c.orig Fri Nov 30 10:50:06 2001
|
||||||
===================================================================
|
+++ helpers/ntlm_auth/SMB/libntlmssp.c Fri Jun 18 13:17:35 2004
|
||||||
RCS file: /server/cvs-server/squid/squid/helpers/ntlm_auth/SMB/libntlmssp.c,v
|
|
||||||
retrieving revision 1.7
|
|
||||||
diff -u -3 -p -u -r1.7 libntlmssp.c
|
|
||||||
--- helpers/ntlm_auth/SMB/libntlmssp.c 30 Nov 2001 09:50:28 -0000 1.7
|
|
||||||
+++ helpers/ntlm_auth/SMB/libntlmssp.c 20 May 2004 22:31:33 -0000
|
|
||||||
@@ -161,7 +161,10 @@ make_challenge(char *domain, char *domai
|
@@ -161,7 +161,10 @@ make_challenge(char *domain, char *domai
|
||||||
#define min(A,B) (A<B?A:B)
|
#define min(A,B) (A<B?A:B)
|
||||||
|
|
||||||
|
@ -36,7 +30,7 @@ diff -u -3 -p -u -r1.7 libntlmssp.c
|
||||||
char *domain = credentials;
|
char *domain = credentials;
|
||||||
char *user;
|
char *user;
|
||||||
lstring tmp;
|
lstring tmp;
|
||||||
@@ -215,8 +218,13 @@ ntlm_check_auth(ntlm_authenticate * auth
|
@@ -215,6 +218,11 @@ ntlm_check_auth(ntlm_authenticate * auth
|
||||||
ntlm_errno = NTLM_LOGON_ERROR;
|
ntlm_errno = NTLM_LOGON_ERROR;
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
@ -46,11 +40,8 @@ diff -u -3 -p -u -r1.7 libntlmssp.c
|
||||||
+ return NULL;
|
+ return NULL;
|
||||||
+ }
|
+ }
|
||||||
memcpy(domain, tmp.str, tmp.l);
|
memcpy(domain, tmp.str, tmp.l);
|
||||||
- user = domain + tmp.l;
|
user = domain + tmp.l;
|
||||||
+ user = domain + tmp.l + 1;
|
|
||||||
*user++ = '\0';
|
*user++ = '\0';
|
||||||
|
|
||||||
/* debug("fetching user name\n"); */
|
|
||||||
@@ -226,20 +234,30 @@ ntlm_check_auth(ntlm_authenticate * auth
|
@@ -226,20 +234,30 @@ ntlm_check_auth(ntlm_authenticate * auth
|
||||||
ntlm_errno = NTLM_LOGON_ERROR;
|
ntlm_errno = NTLM_LOGON_ERROR;
|
||||||
return NULL;
|
return NULL;
|
||||||
|
|
|
@ -29,7 +29,7 @@
|
||||||
|
|
||||||
PORTNAME= squid
|
PORTNAME= squid
|
||||||
PORTVERSION= 2.5.5
|
PORTVERSION= 2.5.5
|
||||||
PORTREVISION= 10
|
PORTREVISION= 11
|
||||||
CATEGORIES= www
|
CATEGORIES= www
|
||||||
MASTER_SITES= \
|
MASTER_SITES= \
|
||||||
ftp://ftp.squid-cache.org/pub/%SUBDIR%/ \
|
ftp://ftp.squid-cache.org/pub/%SUBDIR%/ \
|
||||||
|
@ -218,7 +218,7 @@ CONFIGURE_ARGS+= --enable-pf-transparent
|
||||||
.if ${OSVERSION} < 502106
|
.if ${OSVERSION} < 502106
|
||||||
pf_includedir= ${LOCALBASE}/include/pf
|
pf_includedir= ${LOCALBASE}/include/pf
|
||||||
BUILD_DEPENDS+= ${pf_includedir}/net/pfvar.h:${PORTSDIR}/security/pf
|
BUILD_DEPENDS+= ${pf_includedir}/net/pfvar.h:${PORTSDIR}/security/pf
|
||||||
CFLAGS+= "-I${pf_includedir}"
|
CFLAGS+= -I${pf_includedir}
|
||||||
EXTRA_PATCHES+= ${WRKDIR}/pf_from_ports.patch
|
EXTRA_PATCHES+= ${WRKDIR}/pf_from_ports.patch
|
||||||
.endif
|
.endif
|
||||||
.endif
|
.endif
|
||||||
|
@ -284,18 +284,16 @@ CONFIGURE_ENV+= CFLAGS="${CFLAGS}" \
|
||||||
|
|
||||||
pre-patch:
|
pre-patch:
|
||||||
# Check whether we need to create the extra patch that makes pf(4)
|
# Check whether we need to create the extra patch that makes pf(4)
|
||||||
# visible for squid's configure script:
|
# visible to squid's configure script:
|
||||||
.if defined(pf_includedir)
|
.if defined(pf_includedir)
|
||||||
@${SED} -e 's|%%PF_INCLUDEDIR%%|${pf_includedir}|g' \
|
@${SED} -e 's|%%PF_INCLUDEDIR%%|${pf_includedir}|g' \
|
||||||
-e 's|%%PF_AC_INCLUDEPATH%%|${pf_includedir:S,/,_,g}|g' \
|
-e 's|%%PF_AC_INCLUDEPATH%%|${pf_includedir:S,/,_,g}|g' \
|
||||||
${FILESDIR}/pf_from_ports.patch.in >${WRKDIR}/pf_from_ports.patch
|
${PATCHDIR}/pf_from_ports.patch.in >${WRKDIR}/pf_from_ports.patch
|
||||||
.endif
|
.endif
|
||||||
|
|
||||||
post-patch:
|
post-patch:
|
||||||
@${REINPLACE_CMD} -e 's|-lpthread|${PTHREAD_LIBS}|g' ${WRKSRC}/configure
|
@${REINPLACE_CMD} -e 's|-lpthread|${PTHREAD_LIBS}|g' ${WRKSRC}/configure
|
||||||
@${REINPLACE_CMD} -e 's|/etc|${PREFIX}/etc|g' ${WRKSRC}/doc/squid.8
|
@${REINPLACE_CMD} -e 's|/etc|${PREFIX}/etc|g' ${WRKSRC}/doc/squid.8
|
||||||
|
|
||||||
pre-configure:
|
|
||||||
@${REINPLACE_CMD} -e 's|%%SQUID_UID%%|${SQUID_UID}|g' \
|
@${REINPLACE_CMD} -e 's|%%SQUID_UID%%|${SQUID_UID}|g' \
|
||||||
-e 's|%%SQUID_GID%%|${SQUID_GID}|g' ${WRKSRC}/src/cf.data.pre
|
-e 's|%%SQUID_GID%%|${SQUID_GID}|g' ${WRKSRC}/src/cf.data.pre
|
||||||
|
|
||||||
|
@ -348,10 +346,10 @@ changeuser:
|
||||||
.if ${SQUID_UID:L} == nobody
|
.if ${SQUID_UID:L} == nobody
|
||||||
@${ECHO_CMD} "'nobody' is a system user, you do not need to execute"; \
|
@${ECHO_CMD} "'nobody' is a system user, you do not need to execute"; \
|
||||||
${ECHO_CMD} "this target!"
|
${ECHO_CMD} "this target!"
|
||||||
exit 1
|
${FALSE}
|
||||||
.endif
|
.endif
|
||||||
@if [ `${ID} -u` -ne 0 ]; \
|
@if [ `${ID} -u` -ne 0 ]; \
|
||||||
then ${ECHO_CMD} "Sorry, you must be root to use this target."; exit 1; fi; \
|
then ${ECHO_CMD} "Sorry, you must be root to use this target."; ${FALSE}; fi; \
|
||||||
current_uid=`id -u ${SQUID_UID}`; \
|
current_uid=`id -u ${SQUID_UID}`; \
|
||||||
current_gid=`pw groupshow ${SQUID_GID}|cut -f 3 -d :`; \
|
current_gid=`pw groupshow ${SQUID_GID}|cut -f 3 -d :`; \
|
||||||
${ECHO_CMD} "I will remove this user:"; \
|
${ECHO_CMD} "I will remove this user:"; \
|
||||||
|
|
|
@ -3,18 +3,12 @@ helper which was reported by iDefense on the 07th June 2004.
|
||||||
Original advisory:
|
Original advisory:
|
||||||
<http://www.idefense.com/application/poi/display?id=107&type=vulnerabilities&flashstatus=false>
|
<http://www.idefense.com/application/poi/display?id=107&type=vulnerabilities&flashstatus=false>
|
||||||
CVE-ID: CAN-2004-0541
|
CVE-ID: CAN-2004-0541
|
||||||
Patch obtained from:
|
Patch and correction obtained from:
|
||||||
<http://www.squid-cache.org/~wessels/patch/libntlmssp.c.patch>
|
<http://www.squid-cache.org/~wessels/patch/libntlmssp.c.patch>
|
||||||
The patch was slightly modified by me (tmseck@netcologne.de) to make
|
<http://www.squid-cache.org/bugs/show_bug.cgi?id=998>
|
||||||
it apply cleanly to the FreeBSD port.
|
|
||||||
|
|
||||||
Index: libntlmssp.c
|
--- helpers/ntlm_auth/SMB/libntlmssp.c.orig Fri Nov 30 10:50:06 2001
|
||||||
===================================================================
|
+++ helpers/ntlm_auth/SMB/libntlmssp.c Fri Jun 18 13:17:35 2004
|
||||||
RCS file: /server/cvs-server/squid/squid/helpers/ntlm_auth/SMB/libntlmssp.c,v
|
|
||||||
retrieving revision 1.7
|
|
||||||
diff -u -3 -p -u -r1.7 libntlmssp.c
|
|
||||||
--- helpers/ntlm_auth/SMB/libntlmssp.c 30 Nov 2001 09:50:28 -0000 1.7
|
|
||||||
+++ helpers/ntlm_auth/SMB/libntlmssp.c 20 May 2004 22:31:33 -0000
|
|
||||||
@@ -161,7 +161,10 @@ make_challenge(char *domain, char *domai
|
@@ -161,7 +161,10 @@ make_challenge(char *domain, char *domai
|
||||||
#define min(A,B) (A<B?A:B)
|
#define min(A,B) (A<B?A:B)
|
||||||
|
|
||||||
|
@ -36,7 +30,7 @@ diff -u -3 -p -u -r1.7 libntlmssp.c
|
||||||
char *domain = credentials;
|
char *domain = credentials;
|
||||||
char *user;
|
char *user;
|
||||||
lstring tmp;
|
lstring tmp;
|
||||||
@@ -215,8 +218,13 @@ ntlm_check_auth(ntlm_authenticate * auth
|
@@ -215,6 +218,11 @@ ntlm_check_auth(ntlm_authenticate * auth
|
||||||
ntlm_errno = NTLM_LOGON_ERROR;
|
ntlm_errno = NTLM_LOGON_ERROR;
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
@ -46,11 +40,8 @@ diff -u -3 -p -u -r1.7 libntlmssp.c
|
||||||
+ return NULL;
|
+ return NULL;
|
||||||
+ }
|
+ }
|
||||||
memcpy(domain, tmp.str, tmp.l);
|
memcpy(domain, tmp.str, tmp.l);
|
||||||
- user = domain + tmp.l;
|
user = domain + tmp.l;
|
||||||
+ user = domain + tmp.l + 1;
|
|
||||||
*user++ = '\0';
|
*user++ = '\0';
|
||||||
|
|
||||||
/* debug("fetching user name\n"); */
|
|
||||||
@@ -226,20 +234,30 @@ ntlm_check_auth(ntlm_authenticate * auth
|
@@ -226,20 +234,30 @@ ntlm_check_auth(ntlm_authenticate * auth
|
||||||
ntlm_errno = NTLM_LOGON_ERROR;
|
ntlm_errno = NTLM_LOGON_ERROR;
|
||||||
return NULL;
|
return NULL;
|
||||||
|
|
|
@ -29,7 +29,7 @@
|
||||||
|
|
||||||
PORTNAME= squid
|
PORTNAME= squid
|
||||||
PORTVERSION= 2.5.5
|
PORTVERSION= 2.5.5
|
||||||
PORTREVISION= 10
|
PORTREVISION= 11
|
||||||
CATEGORIES= www
|
CATEGORIES= www
|
||||||
MASTER_SITES= \
|
MASTER_SITES= \
|
||||||
ftp://ftp.squid-cache.org/pub/%SUBDIR%/ \
|
ftp://ftp.squid-cache.org/pub/%SUBDIR%/ \
|
||||||
|
@ -218,7 +218,7 @@ CONFIGURE_ARGS+= --enable-pf-transparent
|
||||||
.if ${OSVERSION} < 502106
|
.if ${OSVERSION} < 502106
|
||||||
pf_includedir= ${LOCALBASE}/include/pf
|
pf_includedir= ${LOCALBASE}/include/pf
|
||||||
BUILD_DEPENDS+= ${pf_includedir}/net/pfvar.h:${PORTSDIR}/security/pf
|
BUILD_DEPENDS+= ${pf_includedir}/net/pfvar.h:${PORTSDIR}/security/pf
|
||||||
CFLAGS+= "-I${pf_includedir}"
|
CFLAGS+= -I${pf_includedir}
|
||||||
EXTRA_PATCHES+= ${WRKDIR}/pf_from_ports.patch
|
EXTRA_PATCHES+= ${WRKDIR}/pf_from_ports.patch
|
||||||
.endif
|
.endif
|
||||||
.endif
|
.endif
|
||||||
|
@ -284,18 +284,16 @@ CONFIGURE_ENV+= CFLAGS="${CFLAGS}" \
|
||||||
|
|
||||||
pre-patch:
|
pre-patch:
|
||||||
# Check whether we need to create the extra patch that makes pf(4)
|
# Check whether we need to create the extra patch that makes pf(4)
|
||||||
# visible for squid's configure script:
|
# visible to squid's configure script:
|
||||||
.if defined(pf_includedir)
|
.if defined(pf_includedir)
|
||||||
@${SED} -e 's|%%PF_INCLUDEDIR%%|${pf_includedir}|g' \
|
@${SED} -e 's|%%PF_INCLUDEDIR%%|${pf_includedir}|g' \
|
||||||
-e 's|%%PF_AC_INCLUDEPATH%%|${pf_includedir:S,/,_,g}|g' \
|
-e 's|%%PF_AC_INCLUDEPATH%%|${pf_includedir:S,/,_,g}|g' \
|
||||||
${FILESDIR}/pf_from_ports.patch.in >${WRKDIR}/pf_from_ports.patch
|
${PATCHDIR}/pf_from_ports.patch.in >${WRKDIR}/pf_from_ports.patch
|
||||||
.endif
|
.endif
|
||||||
|
|
||||||
post-patch:
|
post-patch:
|
||||||
@${REINPLACE_CMD} -e 's|-lpthread|${PTHREAD_LIBS}|g' ${WRKSRC}/configure
|
@${REINPLACE_CMD} -e 's|-lpthread|${PTHREAD_LIBS}|g' ${WRKSRC}/configure
|
||||||
@${REINPLACE_CMD} -e 's|/etc|${PREFIX}/etc|g' ${WRKSRC}/doc/squid.8
|
@${REINPLACE_CMD} -e 's|/etc|${PREFIX}/etc|g' ${WRKSRC}/doc/squid.8
|
||||||
|
|
||||||
pre-configure:
|
|
||||||
@${REINPLACE_CMD} -e 's|%%SQUID_UID%%|${SQUID_UID}|g' \
|
@${REINPLACE_CMD} -e 's|%%SQUID_UID%%|${SQUID_UID}|g' \
|
||||||
-e 's|%%SQUID_GID%%|${SQUID_GID}|g' ${WRKSRC}/src/cf.data.pre
|
-e 's|%%SQUID_GID%%|${SQUID_GID}|g' ${WRKSRC}/src/cf.data.pre
|
||||||
|
|
||||||
|
@ -348,10 +346,10 @@ changeuser:
|
||||||
.if ${SQUID_UID:L} == nobody
|
.if ${SQUID_UID:L} == nobody
|
||||||
@${ECHO_CMD} "'nobody' is a system user, you do not need to execute"; \
|
@${ECHO_CMD} "'nobody' is a system user, you do not need to execute"; \
|
||||||
${ECHO_CMD} "this target!"
|
${ECHO_CMD} "this target!"
|
||||||
exit 1
|
${FALSE}
|
||||||
.endif
|
.endif
|
||||||
@if [ `${ID} -u` -ne 0 ]; \
|
@if [ `${ID} -u` -ne 0 ]; \
|
||||||
then ${ECHO_CMD} "Sorry, you must be root to use this target."; exit 1; fi; \
|
then ${ECHO_CMD} "Sorry, you must be root to use this target."; ${FALSE}; fi; \
|
||||||
current_uid=`id -u ${SQUID_UID}`; \
|
current_uid=`id -u ${SQUID_UID}`; \
|
||||||
current_gid=`pw groupshow ${SQUID_GID}|cut -f 3 -d :`; \
|
current_gid=`pw groupshow ${SQUID_GID}|cut -f 3 -d :`; \
|
||||||
${ECHO_CMD} "I will remove this user:"; \
|
${ECHO_CMD} "I will remove this user:"; \
|
||||||
|
|
|
@ -3,18 +3,12 @@ helper which was reported by iDefense on the 07th June 2004.
|
||||||
Original advisory:
|
Original advisory:
|
||||||
<http://www.idefense.com/application/poi/display?id=107&type=vulnerabilities&flashstatus=false>
|
<http://www.idefense.com/application/poi/display?id=107&type=vulnerabilities&flashstatus=false>
|
||||||
CVE-ID: CAN-2004-0541
|
CVE-ID: CAN-2004-0541
|
||||||
Patch obtained from:
|
Patch and correction obtained from:
|
||||||
<http://www.squid-cache.org/~wessels/patch/libntlmssp.c.patch>
|
<http://www.squid-cache.org/~wessels/patch/libntlmssp.c.patch>
|
||||||
The patch was slightly modified by me (tmseck@netcologne.de) to make
|
<http://www.squid-cache.org/bugs/show_bug.cgi?id=998>
|
||||||
it apply cleanly to the FreeBSD port.
|
|
||||||
|
|
||||||
Index: libntlmssp.c
|
--- helpers/ntlm_auth/SMB/libntlmssp.c.orig Fri Nov 30 10:50:06 2001
|
||||||
===================================================================
|
+++ helpers/ntlm_auth/SMB/libntlmssp.c Fri Jun 18 13:17:35 2004
|
||||||
RCS file: /server/cvs-server/squid/squid/helpers/ntlm_auth/SMB/libntlmssp.c,v
|
|
||||||
retrieving revision 1.7
|
|
||||||
diff -u -3 -p -u -r1.7 libntlmssp.c
|
|
||||||
--- helpers/ntlm_auth/SMB/libntlmssp.c 30 Nov 2001 09:50:28 -0000 1.7
|
|
||||||
+++ helpers/ntlm_auth/SMB/libntlmssp.c 20 May 2004 22:31:33 -0000
|
|
||||||
@@ -161,7 +161,10 @@ make_challenge(char *domain, char *domai
|
@@ -161,7 +161,10 @@ make_challenge(char *domain, char *domai
|
||||||
#define min(A,B) (A<B?A:B)
|
#define min(A,B) (A<B?A:B)
|
||||||
|
|
||||||
|
@ -36,7 +30,7 @@ diff -u -3 -p -u -r1.7 libntlmssp.c
|
||||||
char *domain = credentials;
|
char *domain = credentials;
|
||||||
char *user;
|
char *user;
|
||||||
lstring tmp;
|
lstring tmp;
|
||||||
@@ -215,8 +218,13 @@ ntlm_check_auth(ntlm_authenticate * auth
|
@@ -215,6 +218,11 @@ ntlm_check_auth(ntlm_authenticate * auth
|
||||||
ntlm_errno = NTLM_LOGON_ERROR;
|
ntlm_errno = NTLM_LOGON_ERROR;
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
@ -46,11 +40,8 @@ diff -u -3 -p -u -r1.7 libntlmssp.c
|
||||||
+ return NULL;
|
+ return NULL;
|
||||||
+ }
|
+ }
|
||||||
memcpy(domain, tmp.str, tmp.l);
|
memcpy(domain, tmp.str, tmp.l);
|
||||||
- user = domain + tmp.l;
|
user = domain + tmp.l;
|
||||||
+ user = domain + tmp.l + 1;
|
|
||||||
*user++ = '\0';
|
*user++ = '\0';
|
||||||
|
|
||||||
/* debug("fetching user name\n"); */
|
|
||||||
@@ -226,20 +234,30 @@ ntlm_check_auth(ntlm_authenticate * auth
|
@@ -226,20 +234,30 @@ ntlm_check_auth(ntlm_authenticate * auth
|
||||||
ntlm_errno = NTLM_LOGON_ERROR;
|
ntlm_errno = NTLM_LOGON_ERROR;
|
||||||
return NULL;
|
return NULL;
|
||||||
|
|
|
@ -29,7 +29,7 @@
|
||||||
|
|
||||||
PORTNAME= squid
|
PORTNAME= squid
|
||||||
PORTVERSION= 2.5.5
|
PORTVERSION= 2.5.5
|
||||||
PORTREVISION= 10
|
PORTREVISION= 11
|
||||||
CATEGORIES= www
|
CATEGORIES= www
|
||||||
MASTER_SITES= \
|
MASTER_SITES= \
|
||||||
ftp://ftp.squid-cache.org/pub/%SUBDIR%/ \
|
ftp://ftp.squid-cache.org/pub/%SUBDIR%/ \
|
||||||
|
@ -218,7 +218,7 @@ CONFIGURE_ARGS+= --enable-pf-transparent
|
||||||
.if ${OSVERSION} < 502106
|
.if ${OSVERSION} < 502106
|
||||||
pf_includedir= ${LOCALBASE}/include/pf
|
pf_includedir= ${LOCALBASE}/include/pf
|
||||||
BUILD_DEPENDS+= ${pf_includedir}/net/pfvar.h:${PORTSDIR}/security/pf
|
BUILD_DEPENDS+= ${pf_includedir}/net/pfvar.h:${PORTSDIR}/security/pf
|
||||||
CFLAGS+= "-I${pf_includedir}"
|
CFLAGS+= -I${pf_includedir}
|
||||||
EXTRA_PATCHES+= ${WRKDIR}/pf_from_ports.patch
|
EXTRA_PATCHES+= ${WRKDIR}/pf_from_ports.patch
|
||||||
.endif
|
.endif
|
||||||
.endif
|
.endif
|
||||||
|
@ -284,18 +284,16 @@ CONFIGURE_ENV+= CFLAGS="${CFLAGS}" \
|
||||||
|
|
||||||
pre-patch:
|
pre-patch:
|
||||||
# Check whether we need to create the extra patch that makes pf(4)
|
# Check whether we need to create the extra patch that makes pf(4)
|
||||||
# visible for squid's configure script:
|
# visible to squid's configure script:
|
||||||
.if defined(pf_includedir)
|
.if defined(pf_includedir)
|
||||||
@${SED} -e 's|%%PF_INCLUDEDIR%%|${pf_includedir}|g' \
|
@${SED} -e 's|%%PF_INCLUDEDIR%%|${pf_includedir}|g' \
|
||||||
-e 's|%%PF_AC_INCLUDEPATH%%|${pf_includedir:S,/,_,g}|g' \
|
-e 's|%%PF_AC_INCLUDEPATH%%|${pf_includedir:S,/,_,g}|g' \
|
||||||
${FILESDIR}/pf_from_ports.patch.in >${WRKDIR}/pf_from_ports.patch
|
${PATCHDIR}/pf_from_ports.patch.in >${WRKDIR}/pf_from_ports.patch
|
||||||
.endif
|
.endif
|
||||||
|
|
||||||
post-patch:
|
post-patch:
|
||||||
@${REINPLACE_CMD} -e 's|-lpthread|${PTHREAD_LIBS}|g' ${WRKSRC}/configure
|
@${REINPLACE_CMD} -e 's|-lpthread|${PTHREAD_LIBS}|g' ${WRKSRC}/configure
|
||||||
@${REINPLACE_CMD} -e 's|/etc|${PREFIX}/etc|g' ${WRKSRC}/doc/squid.8
|
@${REINPLACE_CMD} -e 's|/etc|${PREFIX}/etc|g' ${WRKSRC}/doc/squid.8
|
||||||
|
|
||||||
pre-configure:
|
|
||||||
@${REINPLACE_CMD} -e 's|%%SQUID_UID%%|${SQUID_UID}|g' \
|
@${REINPLACE_CMD} -e 's|%%SQUID_UID%%|${SQUID_UID}|g' \
|
||||||
-e 's|%%SQUID_GID%%|${SQUID_GID}|g' ${WRKSRC}/src/cf.data.pre
|
-e 's|%%SQUID_GID%%|${SQUID_GID}|g' ${WRKSRC}/src/cf.data.pre
|
||||||
|
|
||||||
|
@ -348,10 +346,10 @@ changeuser:
|
||||||
.if ${SQUID_UID:L} == nobody
|
.if ${SQUID_UID:L} == nobody
|
||||||
@${ECHO_CMD} "'nobody' is a system user, you do not need to execute"; \
|
@${ECHO_CMD} "'nobody' is a system user, you do not need to execute"; \
|
||||||
${ECHO_CMD} "this target!"
|
${ECHO_CMD} "this target!"
|
||||||
exit 1
|
${FALSE}
|
||||||
.endif
|
.endif
|
||||||
@if [ `${ID} -u` -ne 0 ]; \
|
@if [ `${ID} -u` -ne 0 ]; \
|
||||||
then ${ECHO_CMD} "Sorry, you must be root to use this target."; exit 1; fi; \
|
then ${ECHO_CMD} "Sorry, you must be root to use this target."; ${FALSE}; fi; \
|
||||||
current_uid=`id -u ${SQUID_UID}`; \
|
current_uid=`id -u ${SQUID_UID}`; \
|
||||||
current_gid=`pw groupshow ${SQUID_GID}|cut -f 3 -d :`; \
|
current_gid=`pw groupshow ${SQUID_GID}|cut -f 3 -d :`; \
|
||||||
${ECHO_CMD} "I will remove this user:"; \
|
${ECHO_CMD} "I will remove this user:"; \
|
||||||
|
|
|
@ -3,18 +3,12 @@ helper which was reported by iDefense on the 07th June 2004.
|
||||||
Original advisory:
|
Original advisory:
|
||||||
<http://www.idefense.com/application/poi/display?id=107&type=vulnerabilities&flashstatus=false>
|
<http://www.idefense.com/application/poi/display?id=107&type=vulnerabilities&flashstatus=false>
|
||||||
CVE-ID: CAN-2004-0541
|
CVE-ID: CAN-2004-0541
|
||||||
Patch obtained from:
|
Patch and correction obtained from:
|
||||||
<http://www.squid-cache.org/~wessels/patch/libntlmssp.c.patch>
|
<http://www.squid-cache.org/~wessels/patch/libntlmssp.c.patch>
|
||||||
The patch was slightly modified by me (tmseck@netcologne.de) to make
|
<http://www.squid-cache.org/bugs/show_bug.cgi?id=998>
|
||||||
it apply cleanly to the FreeBSD port.
|
|
||||||
|
|
||||||
Index: libntlmssp.c
|
--- helpers/ntlm_auth/SMB/libntlmssp.c.orig Fri Nov 30 10:50:06 2001
|
||||||
===================================================================
|
+++ helpers/ntlm_auth/SMB/libntlmssp.c Fri Jun 18 13:17:35 2004
|
||||||
RCS file: /server/cvs-server/squid/squid/helpers/ntlm_auth/SMB/libntlmssp.c,v
|
|
||||||
retrieving revision 1.7
|
|
||||||
diff -u -3 -p -u -r1.7 libntlmssp.c
|
|
||||||
--- helpers/ntlm_auth/SMB/libntlmssp.c 30 Nov 2001 09:50:28 -0000 1.7
|
|
||||||
+++ helpers/ntlm_auth/SMB/libntlmssp.c 20 May 2004 22:31:33 -0000
|
|
||||||
@@ -161,7 +161,10 @@ make_challenge(char *domain, char *domai
|
@@ -161,7 +161,10 @@ make_challenge(char *domain, char *domai
|
||||||
#define min(A,B) (A<B?A:B)
|
#define min(A,B) (A<B?A:B)
|
||||||
|
|
||||||
|
@ -36,7 +30,7 @@ diff -u -3 -p -u -r1.7 libntlmssp.c
|
||||||
char *domain = credentials;
|
char *domain = credentials;
|
||||||
char *user;
|
char *user;
|
||||||
lstring tmp;
|
lstring tmp;
|
||||||
@@ -215,8 +218,13 @@ ntlm_check_auth(ntlm_authenticate * auth
|
@@ -215,6 +218,11 @@ ntlm_check_auth(ntlm_authenticate * auth
|
||||||
ntlm_errno = NTLM_LOGON_ERROR;
|
ntlm_errno = NTLM_LOGON_ERROR;
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
@ -46,11 +40,8 @@ diff -u -3 -p -u -r1.7 libntlmssp.c
|
||||||
+ return NULL;
|
+ return NULL;
|
||||||
+ }
|
+ }
|
||||||
memcpy(domain, tmp.str, tmp.l);
|
memcpy(domain, tmp.str, tmp.l);
|
||||||
- user = domain + tmp.l;
|
user = domain + tmp.l;
|
||||||
+ user = domain + tmp.l + 1;
|
|
||||||
*user++ = '\0';
|
*user++ = '\0';
|
||||||
|
|
||||||
/* debug("fetching user name\n"); */
|
|
||||||
@@ -226,20 +234,30 @@ ntlm_check_auth(ntlm_authenticate * auth
|
@@ -226,20 +234,30 @@ ntlm_check_auth(ntlm_authenticate * auth
|
||||||
ntlm_errno = NTLM_LOGON_ERROR;
|
ntlm_errno = NTLM_LOGON_ERROR;
|
||||||
return NULL;
|
return NULL;
|
||||||
|
|
|
@ -29,7 +29,7 @@
|
||||||
|
|
||||||
PORTNAME= squid
|
PORTNAME= squid
|
||||||
PORTVERSION= 2.5.5
|
PORTVERSION= 2.5.5
|
||||||
PORTREVISION= 10
|
PORTREVISION= 11
|
||||||
CATEGORIES= www
|
CATEGORIES= www
|
||||||
MASTER_SITES= \
|
MASTER_SITES= \
|
||||||
ftp://ftp.squid-cache.org/pub/%SUBDIR%/ \
|
ftp://ftp.squid-cache.org/pub/%SUBDIR%/ \
|
||||||
|
@ -218,7 +218,7 @@ CONFIGURE_ARGS+= --enable-pf-transparent
|
||||||
.if ${OSVERSION} < 502106
|
.if ${OSVERSION} < 502106
|
||||||
pf_includedir= ${LOCALBASE}/include/pf
|
pf_includedir= ${LOCALBASE}/include/pf
|
||||||
BUILD_DEPENDS+= ${pf_includedir}/net/pfvar.h:${PORTSDIR}/security/pf
|
BUILD_DEPENDS+= ${pf_includedir}/net/pfvar.h:${PORTSDIR}/security/pf
|
||||||
CFLAGS+= "-I${pf_includedir}"
|
CFLAGS+= -I${pf_includedir}
|
||||||
EXTRA_PATCHES+= ${WRKDIR}/pf_from_ports.patch
|
EXTRA_PATCHES+= ${WRKDIR}/pf_from_ports.patch
|
||||||
.endif
|
.endif
|
||||||
.endif
|
.endif
|
||||||
|
@ -284,18 +284,16 @@ CONFIGURE_ENV+= CFLAGS="${CFLAGS}" \
|
||||||
|
|
||||||
pre-patch:
|
pre-patch:
|
||||||
# Check whether we need to create the extra patch that makes pf(4)
|
# Check whether we need to create the extra patch that makes pf(4)
|
||||||
# visible for squid's configure script:
|
# visible to squid's configure script:
|
||||||
.if defined(pf_includedir)
|
.if defined(pf_includedir)
|
||||||
@${SED} -e 's|%%PF_INCLUDEDIR%%|${pf_includedir}|g' \
|
@${SED} -e 's|%%PF_INCLUDEDIR%%|${pf_includedir}|g' \
|
||||||
-e 's|%%PF_AC_INCLUDEPATH%%|${pf_includedir:S,/,_,g}|g' \
|
-e 's|%%PF_AC_INCLUDEPATH%%|${pf_includedir:S,/,_,g}|g' \
|
||||||
${FILESDIR}/pf_from_ports.patch.in >${WRKDIR}/pf_from_ports.patch
|
${PATCHDIR}/pf_from_ports.patch.in >${WRKDIR}/pf_from_ports.patch
|
||||||
.endif
|
.endif
|
||||||
|
|
||||||
post-patch:
|
post-patch:
|
||||||
@${REINPLACE_CMD} -e 's|-lpthread|${PTHREAD_LIBS}|g' ${WRKSRC}/configure
|
@${REINPLACE_CMD} -e 's|-lpthread|${PTHREAD_LIBS}|g' ${WRKSRC}/configure
|
||||||
@${REINPLACE_CMD} -e 's|/etc|${PREFIX}/etc|g' ${WRKSRC}/doc/squid.8
|
@${REINPLACE_CMD} -e 's|/etc|${PREFIX}/etc|g' ${WRKSRC}/doc/squid.8
|
||||||
|
|
||||||
pre-configure:
|
|
||||||
@${REINPLACE_CMD} -e 's|%%SQUID_UID%%|${SQUID_UID}|g' \
|
@${REINPLACE_CMD} -e 's|%%SQUID_UID%%|${SQUID_UID}|g' \
|
||||||
-e 's|%%SQUID_GID%%|${SQUID_GID}|g' ${WRKSRC}/src/cf.data.pre
|
-e 's|%%SQUID_GID%%|${SQUID_GID}|g' ${WRKSRC}/src/cf.data.pre
|
||||||
|
|
||||||
|
@ -348,10 +346,10 @@ changeuser:
|
||||||
.if ${SQUID_UID:L} == nobody
|
.if ${SQUID_UID:L} == nobody
|
||||||
@${ECHO_CMD} "'nobody' is a system user, you do not need to execute"; \
|
@${ECHO_CMD} "'nobody' is a system user, you do not need to execute"; \
|
||||||
${ECHO_CMD} "this target!"
|
${ECHO_CMD} "this target!"
|
||||||
exit 1
|
${FALSE}
|
||||||
.endif
|
.endif
|
||||||
@if [ `${ID} -u` -ne 0 ]; \
|
@if [ `${ID} -u` -ne 0 ]; \
|
||||||
then ${ECHO_CMD} "Sorry, you must be root to use this target."; exit 1; fi; \
|
then ${ECHO_CMD} "Sorry, you must be root to use this target."; ${FALSE}; fi; \
|
||||||
current_uid=`id -u ${SQUID_UID}`; \
|
current_uid=`id -u ${SQUID_UID}`; \
|
||||||
current_gid=`pw groupshow ${SQUID_GID}|cut -f 3 -d :`; \
|
current_gid=`pw groupshow ${SQUID_GID}|cut -f 3 -d :`; \
|
||||||
${ECHO_CMD} "I will remove this user:"; \
|
${ECHO_CMD} "I will remove this user:"; \
|
||||||
|
|
|
@ -3,18 +3,12 @@ helper which was reported by iDefense on the 07th June 2004.
|
||||||
Original advisory:
|
Original advisory:
|
||||||
<http://www.idefense.com/application/poi/display?id=107&type=vulnerabilities&flashstatus=false>
|
<http://www.idefense.com/application/poi/display?id=107&type=vulnerabilities&flashstatus=false>
|
||||||
CVE-ID: CAN-2004-0541
|
CVE-ID: CAN-2004-0541
|
||||||
Patch obtained from:
|
Patch and correction obtained from:
|
||||||
<http://www.squid-cache.org/~wessels/patch/libntlmssp.c.patch>
|
<http://www.squid-cache.org/~wessels/patch/libntlmssp.c.patch>
|
||||||
The patch was slightly modified by me (tmseck@netcologne.de) to make
|
<http://www.squid-cache.org/bugs/show_bug.cgi?id=998>
|
||||||
it apply cleanly to the FreeBSD port.
|
|
||||||
|
|
||||||
Index: libntlmssp.c
|
--- helpers/ntlm_auth/SMB/libntlmssp.c.orig Fri Nov 30 10:50:06 2001
|
||||||
===================================================================
|
+++ helpers/ntlm_auth/SMB/libntlmssp.c Fri Jun 18 13:17:35 2004
|
||||||
RCS file: /server/cvs-server/squid/squid/helpers/ntlm_auth/SMB/libntlmssp.c,v
|
|
||||||
retrieving revision 1.7
|
|
||||||
diff -u -3 -p -u -r1.7 libntlmssp.c
|
|
||||||
--- helpers/ntlm_auth/SMB/libntlmssp.c 30 Nov 2001 09:50:28 -0000 1.7
|
|
||||||
+++ helpers/ntlm_auth/SMB/libntlmssp.c 20 May 2004 22:31:33 -0000
|
|
||||||
@@ -161,7 +161,10 @@ make_challenge(char *domain, char *domai
|
@@ -161,7 +161,10 @@ make_challenge(char *domain, char *domai
|
||||||
#define min(A,B) (A<B?A:B)
|
#define min(A,B) (A<B?A:B)
|
||||||
|
|
||||||
|
@ -36,7 +30,7 @@ diff -u -3 -p -u -r1.7 libntlmssp.c
|
||||||
char *domain = credentials;
|
char *domain = credentials;
|
||||||
char *user;
|
char *user;
|
||||||
lstring tmp;
|
lstring tmp;
|
||||||
@@ -215,8 +218,13 @@ ntlm_check_auth(ntlm_authenticate * auth
|
@@ -215,6 +218,11 @@ ntlm_check_auth(ntlm_authenticate * auth
|
||||||
ntlm_errno = NTLM_LOGON_ERROR;
|
ntlm_errno = NTLM_LOGON_ERROR;
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
@ -46,11 +40,8 @@ diff -u -3 -p -u -r1.7 libntlmssp.c
|
||||||
+ return NULL;
|
+ return NULL;
|
||||||
+ }
|
+ }
|
||||||
memcpy(domain, tmp.str, tmp.l);
|
memcpy(domain, tmp.str, tmp.l);
|
||||||
- user = domain + tmp.l;
|
user = domain + tmp.l;
|
||||||
+ user = domain + tmp.l + 1;
|
|
||||||
*user++ = '\0';
|
*user++ = '\0';
|
||||||
|
|
||||||
/* debug("fetching user name\n"); */
|
|
||||||
@@ -226,20 +234,30 @@ ntlm_check_auth(ntlm_authenticate * auth
|
@@ -226,20 +234,30 @@ ntlm_check_auth(ntlm_authenticate * auth
|
||||||
ntlm_errno = NTLM_LOGON_ERROR;
|
ntlm_errno = NTLM_LOGON_ERROR;
|
||||||
return NULL;
|
return NULL;
|
||||||
|
|
Loading…
Reference in a new issue