kpriv/pkgsrc
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Update "squid31" package to version 3.1.0.16. Changes since 3.1.0.15:

Browse source 
- Regression Fix: Make Squid abort on all config parse failures.
- Regression Bug 2811: SNMP client/peer table OID numbering
- Bug 2851: Connection pinning fails when using a peer
- Bug 2850: Mismatch in hier_code enum / hier_strings array
- Bug 2731: Add follow_x_forwarded_for support to ICAP
- Bug 2730: Regressions in follow_x_forwarded_for since Squid-2
- Bug 2706: Set timestamps during ICAP request satisfaction.
- Bug 2553: X-Forwarded-For with IPv6 address not handled correctly
- Fix: WCCPv1 not connecting to router correctly
- Remove obsolete RunCache/RunAccel scripts.
- Add client_ip_max_connections
- Add the http::>ha format code and make http::>h log original request
  headers
- ... and all bug fixes from 3.0 up to 3.0.STABLE22
- ... and many more minor build and display annoyances.

This update also contains the fix for the remote DoS vulnerability
reported in "Squid Proxy Cache Security Update Advisory SQUID-2010:1".
This commit is contained in:
tron 2010-02-02 13:57:49 +00:00
parent c1d103cf60
commit 94aba3f79b
4 changed files with 6 additions and 174 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
www/squid31/Makefile
View file

@ -1,6 +1,6 @@
# $NetBSD: Makefile,v 1.16 2009/12/06 15:49:25 tron Exp $
# $NetBSD: Makefile,v 1.17 2010/02/02 13:57:49 tron Exp $
DISTNAME= squid-3.1.0.15
DISTNAME= squid-3.1.0.16
PKGNAME= ${DISTNAME} # Necessary for "pkgsrc/www/squid/options.mk"
CATEGORIES= www
MASTER_SITES= http://www.squid-cache.org/Versions/v3/3.1/ \

10
www/squid31/distinfo
View file

@ -1,11 +1,9 @@
$NetBSD: distinfo,v 1.14 2009/12/06 15:49:25 tron Exp $
$NetBSD: distinfo,v 1.15 2010/02/02 13:57:49 tron Exp $
SHA1 (squid-3.1.0.15.tar.bz2) = 3d1f2a8490361e037a5eb4f312170a990fb2301f
RMD160 (squid-3.1.0.15.tar.bz2) = 44e6a215f67881f19d6a6ebc788e138ec9d31bd3
Size (squid-3.1.0.15.tar.bz2) = 2416255 bytes
SHA1 (squid-3.1.0.16.tar.bz2) = e3fe9bb9f2e4eadd6324cde691be11f0bd7a1e0a
RMD160 (squid-3.1.0.16.tar.bz2) = a63d03defa95fa9b50ea65ffecedf79bcc66f3f9
Size (squid-3.1.0.16.tar.bz2) = 2393374 bytes
SHA1 (patch-ad) = cb2591bebcbcf22f6cb1858f243b0c808d3db589
SHA1 (patch-ae) = 88fbc7fb1a47b1baf48f7cd0f0b66cbf51e3b24b
SHA1 (patch-ah) = e20f7b76d6d48041efbfe1a07dce756a818e6642
SHA1 (patch-aj) = 349b5d49dec49430cff2a170ad53d3a16f2a4c76
SHA1 (patch-al) = 6dd09cf75ed53a92616f4eed9f3e290232ff54a5
SHA1 (patch-am) = 9dcfc9431d4397b87a72e0205487d89f9fa67233

13
www/squid31/patches/patch-ah
View file

@ -1,13 +0,0 @@
$NetBSD: patch-ah,v 1.2 2009/06/07 08:36:36 tron Exp $
--- scripts/Makefile.in.orig 2009-05-23 13:31:22.000000000 +0100
+++ scripts/Makefile.in 2009-06-06 17:51:01.000000000 +0100
@@ -376,7 +376,7 @@
install-dvi: install-dvi-am
-install-exec-am: install-binSCRIPTS
+install-exec-am:
install-html: install-html-am

153
www/squid31/patches/patch-am
View file

@ -1,153 +0,0 @@
$NetBSD: patch-am,v 1.2 2009/06/07 08:36:36 tron Exp $
--- src/ip/IpAddress.cc.orig 2009-04-18 15:12:22.000000000 +0200
+++ src/ip/IpAddress.cc 2009-04-18 15:38:23.000000000 +0200
@@ -247,11 +247,7 @@
#if USE_IPV6
return IsAnyAddr() || IsNoAddr() ||
- ( m_SocketAddr.sin6_addr.s6_addr32[0] == htonl(0x00000000) &&
- m_SocketAddr.sin6_addr.s6_addr32[1] == htonl(0x00000000) &&
- m_SocketAddr.sin6_addr.s6_addr32[2] == htonl(0x0000FFFF)
- );
-
+ IN6_IS_ADDR_V4MAPPED( &m_SocketAddr.sin6_addr );
#else
return true; // enforce IPv4 in IPv4-only mode.
#endif
@@ -262,10 +258,7 @@
#if USE_IPV6
return IsAnyAddr() || IsNoAddr() ||
- !( m_SocketAddr.sin6_addr.s6_addr32[0] == htonl(0x00000000) &&
- m_SocketAddr.sin6_addr.s6_addr32[1] == htonl(0x00000000) &&
- m_SocketAddr.sin6_addr.s6_addr32[2] == htonl(0x0000FFFF)
- );
+ !IN6_IS_ADDR_V4MAPPED( &m_SocketAddr.sin6_addr );
#else
return false; // enforce IPv4 in IPv4-only mode.
#endif
@@ -274,11 +267,7 @@
bool IpAddress::IsAnyAddr() const
{
#if USE_IPV6
- return m_SocketAddr.sin6_addr.s6_addr32[0] == 0
- && m_SocketAddr.sin6_addr.s6_addr32[1] == 0
- && m_SocketAddr.sin6_addr.s6_addr32[2] == 0
- && m_SocketAddr.sin6_addr.s6_addr32[3] == 0
- ;
+ return IN6_IS_ADDR_UNSPECIFIED( &m_SocketAddr.sin6_addr );
#else
return (INADDR_ANY == m_SocketAddr.sin_addr.s_addr);
@@ -304,15 +293,20 @@
bool IpAddress::SetIPv4()
{
#if USE_IPV6
+ static const struct in6_addr v4_localhost =
+ {{{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0xff, 0xff, 0xff, 0xff, 0x7f, 0x00, 0x00, 0x01 }}};
+ static const struct in6_addr v4_any =
+ {{{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00 }}};
if ( IsLocalhost() ) {
- m_SocketAddr.sin6_addr.s6_addr32[2] = htonl(0xffff);
- m_SocketAddr.sin6_addr.s6_addr32[3] = htonl(0x7F000001);
+ m_SocketAddr.sin6_addr = v4_localhost;
return true;
}
if ( IsAnyAddr() ) {
- m_SocketAddr.sin6_addr.s6_addr32[2] = htonl(0xffff);
+ m_SocketAddr.sin6_addr = v4_any;
return true;
}
@@ -329,17 +323,13 @@
bool IpAddress::IsLocalhost() const
{
#if USE_IPV6
- return ( m_SocketAddr.sin6_addr.s6_addr32[0] == 0
- && m_SocketAddr.sin6_addr.s6_addr32[1] == 0
- && m_SocketAddr.sin6_addr.s6_addr32[2] == 0
- && m_SocketAddr.sin6_addr.s6_addr32[3] == htonl(0x1)
- )
+ static const struct in6_addr v4_localhost =
+ {{{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0xff, 0xff, 0xff, 0xff, 0x7f, 0x00, 0x00, 0x01 }}};
+
+ return IN6_IS_ADDR_LOOPBACK( &m_SocketAddr.sin6_addr )
||
- ( m_SocketAddr.sin6_addr.s6_addr32[0] == 0
- && m_SocketAddr.sin6_addr.s6_addr32[1] == 0
- && m_SocketAddr.sin6_addr.s6_addr32[2] == htonl(0xffff)
- && m_SocketAddr.sin6_addr.s6_addr32[3] == htonl(0x7F000001)
- );
+ IN6_ARE_ADDR_EQUAL( &m_SocketAddr.sin6_addr, &v4_localhost );
#else
return (htonl(0x7F000001) == m_SocketAddr.sin_addr.s_addr);
@@ -363,11 +353,11 @@
{
// IFF the address == 0xff..ff (all ones)
#if USE_IPV6
- return m_SocketAddr.sin6_addr.s6_addr32[0] == 0xFFFFFFFF
- && m_SocketAddr.sin6_addr.s6_addr32[1] == 0xFFFFFFFF
- && m_SocketAddr.sin6_addr.s6_addr32[2] == 0xFFFFFFFF
- && m_SocketAddr.sin6_addr.s6_addr32[3] == 0xFFFFFFFF
- ;
+ static const struct in6_addr v6_noaddr =
+ {{{ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }}};
+
+ return IN6_ARE_ADDR_EQUAL( &m_SocketAddr.sin6_addr, &v6_noaddr );
#else
return 0xFFFFFFFF == m_SocketAddr.sin_addr.s_addr;
@@ -440,7 +430,7 @@
if (show_type == AF_INET && IsIPv4()) {
#if USE_IPV6
- return GetReverseString4(buf, *(struct in_addr*)&m_SocketAddr.sin6_addr.s6_addr32[3] );
+ return GetReverseString4(buf, *(struct in_addr*)&m_SocketAddr.sin6_addr.s6_addr[12] );
} else if ( show_type == AF_INET6 && IsIPv6() ) {
return GetReverseString6(buf, m_SocketAddr.sin6_addr);
#else
@@ -1157,17 +1147,17 @@
} else if ( in.s_addr == 0xFFFFFFFF) {
/* NOADDR */
- out.s6_addr32[0] = 0xFFFFFFFF;
- out.s6_addr32[1] = 0xFFFFFFFF;
- out.s6_addr32[2] = 0xFFFFFFFF;
- out.s6_addr32[3] = 0xFFFFFFFF;
-
+ memset(&out, 255, sizeof(struct in6_addr));
} else {
/* general */
memset(&out, 0, sizeof(struct in6_addr));
- out.s6_addr32[2] = htonl(0xFFFF);
- out.s6_addr32[3] = in.s_addr;
+ out.s6_addr[10] = 0xFF;
+ out.s6_addr[11] = 0xFF;
+ out.s6_addr[12] = ((uint8_t *)&in.s_addr)[0];
+ out.s6_addr[13] = ((uint8_t *)&in.s_addr)[1];
+ out.s6_addr[14] = ((uint8_t *)&in.s_addr)[2];
+ out.s6_addr[15] = ((uint8_t *)&in.s_addr)[3];
}
}
@@ -1177,7 +1167,10 @@
/* general */
memset(&out, 0, sizeof(struct in_addr));
- out.s_addr = in.s6_addr32[3];
+ ((uint8_t *)&out.s_addr)[0] = in.s6_addr[12];
+ ((uint8_t *)&out.s_addr)[1] = in.s6_addr[13];
+ ((uint8_t *)&out.s_addr)[2] = in.s6_addr[14];
+ ((uint8_t *)&out.s_addr)[3] = in.s6_addr[15];
}
#endif