commit: 29756574c9577203cc2e7911c590c5876f16b6be Author: Eray Aslan <eras <AT> gentoo <DOT> org> AuthorDate: Mon Jan 22 13:31:03 2018 +0000 Commit: Eray Aslan <eras <AT> gentoo <DOT> org> CommitDate: Mon Jan 22 13:31:03 2018 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=29756574
net-proxy/squid: add missing security patches Package-Manager: Portage-2.3.20, Repoman-2.3.6 net-proxy/squid/files/squid-2018-1.patch | 28 ++++++++++++++++++++++++++++ net-proxy/squid/files/squid-2018-2.patch | 23 +++++++++++++++++++++++ 2 files changed, 51 insertions(+) diff --git a/net-proxy/squid/files/squid-2018-1.patch b/net-proxy/squid/files/squid-2018-1.patch new file mode 100644 index 00000000000..9392219a9ed --- /dev/null +++ b/net-proxy/squid/files/squid-2018-1.patch @@ -0,0 +1,28 @@ +commit eb2db98a676321b814fc4a51c4fb7928a8bb45d9 (refs/remotes/origin/v3.5) +Author: Amos Jeffries <[email protected]> +Date: 2018-01-19 13:54:14 +1300 + + ESI: make sure endofName never exceeds tagEnd (#130) + +diff --git a/src/esi/CustomParser.cc b/src/esi/CustomParser.cc +index d86d2d3..db634d9 100644 +--- a/src/esi/CustomParser.cc ++++ b/src/esi/CustomParser.cc +@@ -121,7 +121,7 @@ ESICustomParser::parse(char const *dataToParse, size_t const lengthOfData, bool + + char * endofName = strpbrk(const_cast<char *>(tag), w_space); + +- if (endofName > tagEnd) ++ if (!endofName || endofName > tagEnd) + endofName = const_cast<char *>(tagEnd); + + *endofName = '\0'; +@@ -214,7 +214,7 @@ ESICustomParser::parse(char const *dataToParse, size_t const lengthOfData, bool + + char * endofName = strpbrk(const_cast<char *>(tag), w_space); + +- if (endofName > tagEnd) ++ if (!endofName || endofName > tagEnd) + endofName = const_cast<char *>(tagEnd); + + *endofName = '\0'; diff --git a/net-proxy/squid/files/squid-2018-2.patch b/net-proxy/squid/files/squid-2018-2.patch new file mode 100644 index 00000000000..9ecd8a5b7cb --- /dev/null +++ b/net-proxy/squid/files/squid-2018-2.patch @@ -0,0 +1,23 @@ +commit 8232b83d3fa47a1399f155cb829db829369fbae9 (refs/remotes/origin/v3.5) +Author: squidadm <[email protected]> +Date: 2018-01-21 08:07:08 +1300 + + Fix indirect IP logging for transactions without a client connection (#129) (#136) + +diff --git a/src/client_side_request.cc b/src/client_side_request.cc +index be124f3..203f89d 100644 +--- a/src/client_side_request.cc ++++ b/src/client_side_request.cc +@@ -488,9 +488,9 @@ clientFollowXForwardedForCheck(allow_t answer, void *data) + * Ensure that the access log shows the indirect client + * instead of the direct client. + */ +- ConnStateData *conn = http->getConn(); +- conn->log_addr = request->indirect_client_addr; +- http->al->cache.caddr = conn->log_addr; ++ http->al->cache.caddr = request->indirect_client_addr; ++ if (ConnStateData *conn = http->getConn()) ++ conn->log_addr = request->indirect_client_addr; + } + request->x_forwarded_for_iterator.clean(); + request->flags.done_follow_x_forwarded_for = true;
