net-proxy/squid: add missing security patches

Package-Manager: Portage-2.3.20, Repoman-2.3.6
author: Eray Aslan <eras@gentoo.org> 2018-01-22 16:31:03 +0300
committer: Eray Aslan <eras@gentoo.org> 2018-01-22 16:31:03 +0300
commit: 29756574c9577203cc2e7911c590c5876f16b6be (patch)
tree: b455ed96f2c990851b36c47a75320d44873f81e6 /net-proxy/squid
parent: net-proxy/squid: security bump (diff)
download: gentoo-29756574c9577203cc2e7911c590c5876f16b6be.tar.gz
gentoo-29756574c9577203cc2e7911c590c5876f16b6be.tar.bz2
gentoo-29756574c9577203cc2e7911c590c5876f16b6be.zip
2 files changed, 51 insertions, 0 deletions
diff --git a/net-proxy/squid/files/squid-2018-1.patch b/net-proxy/squid/files/squid-2018-1.patch
new file mode 100644
index 000000000000..9392219a9edc
--- /dev/null
+++ b/net-proxy/squid/files/squid-2018-1.patch
@@ -0,0 +1,28 @@
+commit eb2db98a676321b814fc4a51c4fb7928a8bb45d9 (refs/remotes/origin/v3.5)
+Author: Amos Jeffries <yadij@users.noreply.github.com>
+Date:   2018-01-19 13:54:14 +1300
+
+    ESI: make sure endofName never exceeds tagEnd (#130)
+
+diff --git a/src/esi/CustomParser.cc b/src/esi/CustomParser.cc
+index d86d2d3..db634d9 100644
+--- a/src/esi/CustomParser.cc
++++ b/src/esi/CustomParser.cc
+@@ -121,7 +121,7 @@ ESICustomParser::parse(char const *dataToParse, size_t const lengthOfData, bool
+ 
+             char * endofName = strpbrk(const_cast<char *>(tag), w_space);
+ 
+-            if (endofName > tagEnd)
++            if (!endofName || endofName > tagEnd)
+                 endofName = const_cast<char *>(tagEnd);
+ 
+             *endofName = '\0';
+@@ -214,7 +214,7 @@ ESICustomParser::parse(char const *dataToParse, size_t const lengthOfData, bool
+ 
+             char * endofName = strpbrk(const_cast<char *>(tag), w_space);
+ 
+-            if (endofName > tagEnd)
++            if (!endofName || endofName > tagEnd)
+                 endofName = const_cast<char *>(tagEnd);
+ 
+             *endofName = '\0';
diff --git a/net-proxy/squid/files/squid-2018-2.patch b/net-proxy/squid/files/squid-2018-2.patch
new file mode 100644
index 000000000000..9ecd8a5b7cb3
--- /dev/null
+++ b/net-proxy/squid/files/squid-2018-2.patch
@@ -0,0 +1,23 @@
+commit 8232b83d3fa47a1399f155cb829db829369fbae9 (refs/remotes/origin/v3.5)
+Author: squidadm <squidadm@users.noreply.github.com>
+Date:   2018-01-21 08:07:08 +1300
+
+    Fix indirect IP logging for transactions without a client connection (#129) (#136)
+
+diff --git a/src/client_side_request.cc b/src/client_side_request.cc
+index be124f3..203f89d 100644
+--- a/src/client_side_request.cc
++++ b/src/client_side_request.cc
+@@ -488,9 +488,9 @@ clientFollowXForwardedForCheck(allow_t answer, void *data)
+         * Ensure that the access log shows the indirect client
+         * instead of the direct client.
+         */
+-        ConnStateData *conn = http->getConn();
+-        conn->log_addr = request->indirect_client_addr;
+-        http->al->cache.caddr = conn->log_addr;
++        http->al->cache.caddr = request->indirect_client_addr;
++        if (ConnStateData *conn = http->getConn())
++            conn->log_addr = request->indirect_client_addr;
+     }
+     request->x_forwarded_for_iterator.clean();
+     request->flags.done_follow_x_forwarded_for = true;
author	Eray Aslan <eras@gentoo.org>	2018-01-22 16:31:03 +0300
committer	Eray Aslan <eras@gentoo.org>	2018-01-22 16:31:03 +0300
commit	29756574c9577203cc2e7911c590c5876f16b6be (patch)
tree	b455ed96f2c990851b36c47a75320d44873f81e6 /net-proxy/squid
parent	net-proxy/squid: security bump (diff)
download	gentoo-29756574c9577203cc2e7911c590c5876f16b6be.tar.gz gentoo-29756574c9577203cc2e7911c590c5876f16b6be.tar.bz2 gentoo-29756574c9577203cc2e7911c590c5876f16b6be.zip