[gentoo-commits] gentoo-x86 commit in net-proxy/squid/files: squid-13211_13210.patch squid-13735_13734.patch - gentoo-commits

From:	"Eray Aslan (eras)" <eras@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] gentoo-x86 commit in net-proxy/squid/files: squid-13211_13210.patch squid-13735_13734.patch
Date:	Wed, 04 Feb 2015 16:10:22
Message-Id:	`20150204161018.E3984110BE@oystercatcher.gentoo.org`

1

eras        15/02/04 16:10:18

2

3

  Added:                squid-13211_13210.patch squid-13735_13734.patch

4

  Log:

5

  Security bump

6

7

  (Portage version: 2.2.15/cvs/Linux x86_64, signed Manifest commit with key 0x77F1F175586A3B1F)

8

9

Revision  Changes    Path

10

1.1                  net-proxy/squid/files/squid-13211_13210.patch

11

12

file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-proxy/squid/files/squid-13211_13210.patch?rev=1.1&view=markup

13

plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-proxy/squid/files/squid-13211_13210.patch?rev=1.1&content-type=text/plain

14

15

Index: squid-13211_13210.patch

16

===================================================================

17

=== modified file 'src/auth/digest/UserRequest.cc'

18

--- src/auth/digest/UserRequest.cc	2015-01-18 11:02:13 +0000

19

+++ src/auth/digest/UserRequest.cc	2015-01-19 16:42:41 +0000

20

@@ -152,10 +152,14 @@

21

}

22

23

     /* check for stale nonce */

24

-    if (!authDigestNonceIsValid(digest_request->nonce, digest_request->nc)) {

25

-        debugs(29, 3, "user '" << auth_user->username() << "' validated OK but nonce stale");

26

-        auth_user->credentials(Auth::Handshake);

27

-        digest_request->setDenyMessage("Stale nonce");

28

+    /* check Auth::Pending to avoid loop */

29

+

30

+    if (!authDigestNonceIsValid(digest_request->nonce, digest_request->nc) && user()->credentials() != Auth::Pending) {

31

+        debugs(29, 3, auth_user->username() << "' validated OK but nonce stale: " << digest_request->nonceb64);

32

+        /* Pending prevent banner and makes a ldap control */

33

+        auth_user->credentials(Auth::Pending);

34

+        nonce->flags.valid = false;

35

+        authDigestNoncePurge(nonce);

36

         return;

37

}

38

39

40

=== modified file 'src/auth/digest/auth_digest.cc'

41

--- src/auth/digest/auth_digest.cc	2014-03-05 02:48:25 +0000

42

+++ src/auth/digest/auth_digest.cc	2015-01-19 16:42:41 +0000

43

@@ -1038,12 +1038,7 @@

44

         debugs(29, 2, "Username for the nonce does not equal the username for the request");

45

         nonce = NULL;

46

}

47

-    /* check for stale nonce */

48

-    if (authDigestNonceIsStale(nonce)) {

49

-        debugs(29, 3, "The received nonce is stale from " << username);

50

-        digest_request->setDenyMessage("Stale nonce");

51

-        nonce = NULL;

52

-    }

53

+

54

     if (!nonce) {

55

         /* we couldn't find a matching nonce! */

56

         debugs(29, 2, "Unexpected or invalid nonce received from " << username);

1.1                  net-proxy/squid/files/squid-13735_13734.patch

62

63

file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-proxy/squid/files/squid-13735_13734.patch?rev=1.1&view=markup

64

plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-proxy/squid/files/squid-13735_13734.patch?rev=1.1&content-type=text/plain

65

66

Index: squid-13735_13734.patch

67

===================================================================

68

=== modified file 'src/auth/digest/Config.cc'

69

--- src/auth/digest/Config.cc	2015-01-13 09:13:49 +0000

70

+++ src/auth/digest/Config.cc	2015-01-20 10:36:06 +0000

71

@@ -1006,12 +1006,7 @@

72

         debugs(29, 2, "Username for the nonce does not equal the username for the request");

73

         nonce = NULL;

74

}

75

-    /* check for stale nonce */

76

-    if (authDigestNonceIsStale(nonce)) {

77

-        debugs(29, 3, "The received nonce is stale from " << username);

78

-        digest_request->setDenyMessage("Stale nonce");

79

-        nonce = NULL;

80

-    }

81

+

82

     if (!nonce) {

83

         /* we couldn't find a matching nonce! */

84

         debugs(29, 2, "Unexpected or invalid nonce received from " << username);

85

86

=== modified file 'src/auth/digest/UserRequest.cc'

87

--- src/auth/digest/UserRequest.cc	2015-01-18 04:24:51 +0000

88

+++ src/auth/digest/UserRequest.cc	2015-01-20 10:36:06 +0000

89

@@ -173,10 +173,14 @@

90

}

91

92

     /* check for stale nonce */

93

-    if (!authDigestNonceIsValid(digest_request->nonce, digest_request->nc)) {

94

-        debugs(29, 3, "user '" << auth_user->username() << "' validated OK but nonce stale");

95

-        auth_user->credentials(Auth::Handshake);

96

-        digest_request->setDenyMessage("Stale nonce");

97

+    /* check Auth::Pending to avoid loop */

98

+

99

+    if (!authDigestNonceIsValid(digest_request->nonce, digest_request->nc) && user()->credentials() != Auth::Pending) {

100

+        debugs(29, 3, auth_user->username() << "' validated OK but nonce stale: " << digest_request->nonceb64);

101

+        /* Pending prevent banner and makes a ldap control */

102

+        auth_user->credentials(Auth::Pending);

103

+        nonce->flags.valid = false;

104

+        authDigestNoncePurge(nonce);

105

         return;

106

}

1	eras 15/02/04 16:10:18
2
3	Added: squid-13211_13210.patch squid-13735_13734.patch
4	Log:
5	Security bump
6
7	(Portage version: 2.2.15/cvs/Linux x86_64, signed Manifest commit with key 0x77F1F175586A3B1F)
8
9	Revision Changes Path
10	1.1 net-proxy/squid/files/squid-13211_13210.patch
11
12	file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-proxy/squid/files/squid-13211_13210.patch?rev=1.1&view=markup
13	plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-proxy/squid/files/squid-13211_13210.patch?rev=1.1&content-type=text/plain
14
15	Index: squid-13211_13210.patch
16	===================================================================
17	=== modified file 'src/auth/digest/UserRequest.cc'
18	--- src/auth/digest/UserRequest.cc 2015-01-18 11:02:13 +0000
19	+++ src/auth/digest/UserRequest.cc 2015-01-19 16:42:41 +0000
20	@@ -152,10 +152,14 @@
21	}
22
23	/* check for stale nonce */
24	- if (!authDigestNonceIsValid(digest_request->nonce, digest_request->nc)) {
25	- debugs(29, 3, "user '" << auth_user->username() << "' validated OK but nonce stale");
26	- auth_user->credentials(Auth::Handshake);
27	- digest_request->setDenyMessage("Stale nonce");
28	+ /* check Auth::Pending to avoid loop */
29	+
30	+ if (!authDigestNonceIsValid(digest_request->nonce, digest_request->nc) && user()->credentials() != Auth::Pending) {
31	+ debugs(29, 3, auth_user->username() << "' validated OK but nonce stale: " << digest_request->nonceb64);
32	+ /* Pending prevent banner and makes a ldap control */
33	+ auth_user->credentials(Auth::Pending);
34	+ nonce->flags.valid = false;
35	+ authDigestNoncePurge(nonce);
36	return;
37	}
38
39
40	=== modified file 'src/auth/digest/auth_digest.cc'
41	--- src/auth/digest/auth_digest.cc 2014-03-05 02:48:25 +0000
42	+++ src/auth/digest/auth_digest.cc 2015-01-19 16:42:41 +0000
43	@@ -1038,12 +1038,7 @@
44	debugs(29, 2, "Username for the nonce does not equal the username for the request");
45	nonce = NULL;
46	}
47	- /* check for stale nonce */
48	- if (authDigestNonceIsStale(nonce)) {
49	- debugs(29, 3, "The received nonce is stale from " << username);
50	- digest_request->setDenyMessage("Stale nonce");
51	- nonce = NULL;
52	- }
53	+
54	if (!nonce) {
55	/* we couldn't find a matching nonce! */
56	debugs(29, 2, "Unexpected or invalid nonce received from " << username);
57
58
59
60
61	1.1 net-proxy/squid/files/squid-13735_13734.patch
62
63	file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-proxy/squid/files/squid-13735_13734.patch?rev=1.1&view=markup
64	plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-proxy/squid/files/squid-13735_13734.patch?rev=1.1&content-type=text/plain
65
66	Index: squid-13735_13734.patch
67	===================================================================
68	=== modified file 'src/auth/digest/Config.cc'
69	--- src/auth/digest/Config.cc 2015-01-13 09:13:49 +0000
70	+++ src/auth/digest/Config.cc 2015-01-20 10:36:06 +0000
71	@@ -1006,12 +1006,7 @@
72	debugs(29, 2, "Username for the nonce does not equal the username for the request");
73	nonce = NULL;
74	}
75	- /* check for stale nonce */
76	- if (authDigestNonceIsStale(nonce)) {
77	- debugs(29, 3, "The received nonce is stale from " << username);
78	- digest_request->setDenyMessage("Stale nonce");
79	- nonce = NULL;
80	- }
81	+
82	if (!nonce) {
83	/* we couldn't find a matching nonce! */
84	debugs(29, 2, "Unexpected or invalid nonce received from " << username);
85
86	=== modified file 'src/auth/digest/UserRequest.cc'
87	--- src/auth/digest/UserRequest.cc 2015-01-18 04:24:51 +0000
88	+++ src/auth/digest/UserRequest.cc 2015-01-20 10:36:06 +0000
89	@@ -173,10 +173,14 @@
90	}
91
92	/* check for stale nonce */
93	- if (!authDigestNonceIsValid(digest_request->nonce, digest_request->nc)) {
94	- debugs(29, 3, "user '" << auth_user->username() << "' validated OK but nonce stale");
95	- auth_user->credentials(Auth::Handshake);
96	- digest_request->setDenyMessage("Stale nonce");
97	+ /* check Auth::Pending to avoid loop */
98	+
99	+ if (!authDigestNonceIsValid(digest_request->nonce, digest_request->nc) && user()->credentials() != Auth::Pending) {
100	+ debugs(29, 3, auth_user->username() << "' validated OK but nonce stale: " << digest_request->nonceb64);
101	+ /* Pending prevent banner and makes a ldap control */
102	+ auth_user->credentials(Auth::Pending);
103	+ nonce->flags.valid = false;
104	+ authDigestNoncePurge(nonce);
105	return;
106	}

Gentoo Archives: gentoo-commits