ubuntu/+source/squid:ubuntu/warty-devel

Last commit made on 2005-12-20
Get this branch:
git clone -b ubuntu/warty-devel https://git.launchpad.net/ubuntu/+source/squid
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
ubuntu/warty-devel
Repository:
lp:ubuntu/+source/squid

Recent commits

845247c... by Martin Pitt on 2005-09-30

Import patches-unapplied version 2.5.5-6ubuntu0.11 to ubuntu/warty-security

Imported using git-ubuntu import.

Changelog parent: 6ee4ae76352c4b83aeff42f8ad1072c15fdf5b1c

New changelog entries:
  * SECURITY UPDATE: Fix remote DoS.
  * Add debian/patches/38-NTLM-scheme-assert.dpatch:
    - Fix crash when receiving specially crafted NTLM authentication requests.
    - http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE10-NTLM-scheme_assert
    - CAN-2005-2917
  * SECURITY UPDATE: Fix several DoS vulnerabilities.
  * Add debian/patches/36-ssl-connect-timeout.dpatch:
    - After certain slightly odd requests Squid crashes with a segmentation
      fault in sslConnectTimeout.
    - http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE10-sslConnectTimeout
    - CAN-2005-2796
  * Add debian/patches/37-store-pending-assert.dpatch:
    - Squid crashes with an assertion failure in certain conditions involving
      aborted requests.
    - http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE10-STORE_PENDING
    - CAN-2005-2794
  * SECURITY UPDATE: Fix DNS spoofing.
  * Added debian/patches/35-dns-query.dpatch:
    - Properly verify DNS query answers to defend against DNS spoof attacks.
  * References:
    - CAN-2005-1519
    - http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE9-dns_query
  * SECURITY UPDATE: Fix possible unsafe ACL configuration.
  * Added debian/patches/34-acl-error:
    - On configuration errors involving wrongly defined or missing acls the
      http_access results may be different than expected, possibly allowing more
      access than intended. This patch makes such configuration errors a fatal
      error, preventing the service from starting until the access control
      configuration errors have been corrected.
  * References:
    - CAN-2005-1345
    - http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE9-acl_error
  * SECURITY UPDATE: Fix remote Denial of Service.
  * Added debian/patches/33-putpost.dpatch: Protect from double free() when a
    PUT or POST connection is closed by the remote end.
  * References:
    CAN-2005-0718
    http://www1.uk.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-post
  * SECURITY UPDATE: Fix cookie information disclosure.
  * Added debian/patches/32-setcookie.dpatch (upstream patch, taken from
    Debian package): Fix race condition of Set-Cookie headers when using the
    old Netscape protocol.
  * References:
    CAN-2005-0626
    http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE9-setcookie
  * SECURITY UPDATE: fix remote Denial of Service
  * Added debian/patches/30-dns-assert.dpatch:
    - Do not abort with an assertion failure if a malicious DNS server
      responds with a malformed IP address.
    - References:
      CAN-2005-0446
      http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE8-dns_assert
  * Added debian/patches/31-empty-acls.dpatch:
    - The meaning of the access controls becomes somewhat confusing if any of
      the referenced ACLs is declared empty, without any members.
    - References:
      CAN-2005-0194
      http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-empty_acls
  * SECURITY UPDATE: fix several vulnerabilities
  * debian/patches/26-ldap-spaces.dpatch:
    - Ignore leading/trailing whitespace in login names when using LDAP
      authentication.
    - References:
      CAN-2005-0173
      http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-ldap_spaces
  * debian/patches/27-http-header-parsing.dpatch:
    - Reject malformed HTTP requests and responses that conflict with the HTTP
      specifications. This avoids cache pollution.
    - References:
      CAN-2005-0174
      http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-header_parsing
  * debian/patches/28-response-splitting.dpatch:
    - Strengthen Squid from HTTP response splitting cache pollution attack.
    - References:
      CAN-2005-0175
      http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-response_splitting
  * debian/patches/29-wcpp-buffer-overflow.dpatch:
    - Fix buffer overflow in src/wccp.c triggered by overly long WCCP packets.
    - References:
      CAN-2005-0211
      http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-wccp_buffer_overflow
  * SECURITY UPDATE: Fix several DoS vulnerabilities found by infamous41md.
    Fixes based on upstream supplied patches, but these changed lots of
    irrelevant stuff, so they were trimmed down.
  * debian/patches/22-gopher_html_parsing.dpatch:
    - Avoid buffer overflow if a malicious Gopher server sends a line bigger
      than 4096 characters.
    - References:
      CAN-2005-0094
      http://www.squid-cache.org/Advisories/SQUID-2005_1.txt
  * debian/patches/23-wccp-denial-of-service.dpatch:
    - Fix crash when receiving malformed WCCP packages with spoofed source
      addresses.
    - References:
      CAN-2005-0095
      http://www.squid-cache.org/Advisories/SQUID-2005_2.txt
  * debian/patches/24-fakeauth_auth-crash.dpatch:
    - Check for NULL return value of ntlmGetString() (which happens on
      malformed NTLM type 3 packages) before using the pointer.
    - References:
      http://secunia.com/advisories/13789
      CAN-2005-0097
  * debian/patches/debian/patches/25-fakeauth_auth-memleak.dpatch:
    - Free cleartext buffer after using it to fix memory leak.
    - References:
      CAN-2005-0096
      http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-fakeauth_auth
  * rebuilt debian/patches/21-asn-negative-length.dpatch with the Warty
    version of dpatch; the Hoary version messed it up
  * SECURITY UPDATE to fix several DoS vulnerabilities.
  * debian/patches/20-ntlm-fetch-string.dpatch:
    - The ntlm_fetch_string and ntlm_get_string functions, with NTLM
      authentication enabled, allowed remote attackers to cause a denial of
      service (application crash) via an NTLMSSP packet that causes a negative
      value to be passed to memcpy.
    - Patch taken from Debian package version 2.5.6-8, also at
      http://www.squid-cache.org/bugs/show_bug.cgi?id=1045
    - CAN-2004-0832
  * debian/patches/21-asn-negative-length.dpatch:
    - The asn_parse_header function (asn1.c) in the SNMP module allowed remote
      attackers to cause a denial of service (server restart with dropping
      all open connections) via certain SNMP packets with negative length
      fields that causes a memory allocation error.
    - Patch backported from stable release 2.5.7.
    - CAN-2004-0918

6ee4ae7... by Luigi Gangitano on 2004-06-18

Import patches-unapplied version 2.5.5-6 to ubuntu/warty

Imported using git-ubuntu import.