eras 15/02/04 16:10:18 Added: squid-13211_13210.patch squid-13735_13734.patch Log: Security bump (Portage version: 2.2.15/cvs/Linux x86_64, signed Manifest commit with key 0x77F1F175586A3B1F)
Revision Changes Path 1.1 net-proxy/squid/files/squid-13211_13210.patch file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-proxy/squid/files/squid-13211_13210.patch?rev=1.1&view=markup plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-proxy/squid/files/squid-13211_13210.patch?rev=1.1&content-type=text/plain Index: squid-13211_13210.patch =================================================================== === modified file 'src/auth/digest/UserRequest.cc' --- src/auth/digest/UserRequest.cc 2015-01-18 11:02:13 +0000 +++ src/auth/digest/UserRequest.cc 2015-01-19 16:42:41 +0000 @@ -152,10 +152,14 @@ } /* check for stale nonce */ - if (!authDigestNonceIsValid(digest_request->nonce, digest_request->nc)) { - debugs(29, 3, "user '" << auth_user->username() << "' validated OK but nonce stale"); - auth_user->credentials(Auth::Handshake); - digest_request->setDenyMessage("Stale nonce"); + /* check Auth::Pending to avoid loop */ + + if (!authDigestNonceIsValid(digest_request->nonce, digest_request->nc) && user()->credentials() != Auth::Pending) { + debugs(29, 3, auth_user->username() << "' validated OK but nonce stale: " << digest_request->nonceb64); + /* Pending prevent banner and makes a ldap control */ + auth_user->credentials(Auth::Pending); + nonce->flags.valid = false; + authDigestNoncePurge(nonce); return; } === modified file 'src/auth/digest/auth_digest.cc' --- src/auth/digest/auth_digest.cc 2014-03-05 02:48:25 +0000 +++ src/auth/digest/auth_digest.cc 2015-01-19 16:42:41 +0000 @@ -1038,12 +1038,7 @@ debugs(29, 2, "Username for the nonce does not equal the username for the request"); nonce = NULL; } - /* check for stale nonce */ - if (authDigestNonceIsStale(nonce)) { - debugs(29, 3, "The received nonce is stale from " << username); - digest_request->setDenyMessage("Stale nonce"); - nonce = NULL; - } + if (!nonce) { /* we couldn't find a matching nonce! */ debugs(29, 2, "Unexpected or invalid nonce received from " << username); 1.1 net-proxy/squid/files/squid-13735_13734.patch file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-proxy/squid/files/squid-13735_13734.patch?rev=1.1&view=markup plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-proxy/squid/files/squid-13735_13734.patch?rev=1.1&content-type=text/plain Index: squid-13735_13734.patch =================================================================== === modified file 'src/auth/digest/Config.cc' --- src/auth/digest/Config.cc 2015-01-13 09:13:49 +0000 +++ src/auth/digest/Config.cc 2015-01-20 10:36:06 +0000 @@ -1006,12 +1006,7 @@ debugs(29, 2, "Username for the nonce does not equal the username for the request"); nonce = NULL; } - /* check for stale nonce */ - if (authDigestNonceIsStale(nonce)) { - debugs(29, 3, "The received nonce is stale from " << username); - digest_request->setDenyMessage("Stale nonce"); - nonce = NULL; - } + if (!nonce) { /* we couldn't find a matching nonce! */ debugs(29, 2, "Unexpected or invalid nonce received from " << username); === modified file 'src/auth/digest/UserRequest.cc' --- src/auth/digest/UserRequest.cc 2015-01-18 04:24:51 +0000 +++ src/auth/digest/UserRequest.cc 2015-01-20 10:36:06 +0000 @@ -173,10 +173,14 @@ } /* check for stale nonce */ - if (!authDigestNonceIsValid(digest_request->nonce, digest_request->nc)) { - debugs(29, 3, "user '" << auth_user->username() << "' validated OK but nonce stale"); - auth_user->credentials(Auth::Handshake); - digest_request->setDenyMessage("Stale nonce"); + /* check Auth::Pending to avoid loop */ + + if (!authDigestNonceIsValid(digest_request->nonce, digest_request->nc) && user()->credentials() != Auth::Pending) { + debugs(29, 3, auth_user->username() << "' validated OK but nonce stale: " << digest_request->nonceb64); + /* Pending prevent banner and makes a ldap control */ + auth_user->credentials(Auth::Pending); + nonce->flags.valid = false; + authDigestNoncePurge(nonce); return; }
