1 |
eras 15/02/04 16:10:18 |
2 |
|
3 |
Added: squid-13211_13210.patch squid-13735_13734.patch |
4 |
Log: |
5 |
Security bump |
6 |
|
7 |
(Portage version: 2.2.15/cvs/Linux x86_64, signed Manifest commit with key 0x77F1F175586A3B1F) |
8 |
|
9 |
Revision Changes Path |
10 |
1.1 net-proxy/squid/files/squid-13211_13210.patch |
11 |
|
12 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-proxy/squid/files/squid-13211_13210.patch?rev=1.1&view=markup |
13 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-proxy/squid/files/squid-13211_13210.patch?rev=1.1&content-type=text/plain |
14 |
|
15 |
Index: squid-13211_13210.patch |
16 |
=================================================================== |
17 |
=== modified file 'src/auth/digest/UserRequest.cc' |
18 |
--- src/auth/digest/UserRequest.cc 2015-01-18 11:02:13 +0000 |
19 |
+++ src/auth/digest/UserRequest.cc 2015-01-19 16:42:41 +0000 |
20 |
@@ -152,10 +152,14 @@ |
21 |
} |
22 |
|
23 |
/* check for stale nonce */ |
24 |
- if (!authDigestNonceIsValid(digest_request->nonce, digest_request->nc)) { |
25 |
- debugs(29, 3, "user '" << auth_user->username() << "' validated OK but nonce stale"); |
26 |
- auth_user->credentials(Auth::Handshake); |
27 |
- digest_request->setDenyMessage("Stale nonce"); |
28 |
+ /* check Auth::Pending to avoid loop */ |
29 |
+ |
30 |
+ if (!authDigestNonceIsValid(digest_request->nonce, digest_request->nc) && user()->credentials() != Auth::Pending) { |
31 |
+ debugs(29, 3, auth_user->username() << "' validated OK but nonce stale: " << digest_request->nonceb64); |
32 |
+ /* Pending prevent banner and makes a ldap control */ |
33 |
+ auth_user->credentials(Auth::Pending); |
34 |
+ nonce->flags.valid = false; |
35 |
+ authDigestNoncePurge(nonce); |
36 |
return; |
37 |
} |
38 |
|
39 |
|
40 |
=== modified file 'src/auth/digest/auth_digest.cc' |
41 |
--- src/auth/digest/auth_digest.cc 2014-03-05 02:48:25 +0000 |
42 |
+++ src/auth/digest/auth_digest.cc 2015-01-19 16:42:41 +0000 |
43 |
@@ -1038,12 +1038,7 @@ |
44 |
debugs(29, 2, "Username for the nonce does not equal the username for the request"); |
45 |
nonce = NULL; |
46 |
} |
47 |
- /* check for stale nonce */ |
48 |
- if (authDigestNonceIsStale(nonce)) { |
49 |
- debugs(29, 3, "The received nonce is stale from " << username); |
50 |
- digest_request->setDenyMessage("Stale nonce"); |
51 |
- nonce = NULL; |
52 |
- } |
53 |
+ |
54 |
if (!nonce) { |
55 |
/* we couldn't find a matching nonce! */ |
56 |
debugs(29, 2, "Unexpected or invalid nonce received from " << username); |
57 |
|
58 |
|
59 |
|
60 |
|
61 |
1.1 net-proxy/squid/files/squid-13735_13734.patch |
62 |
|
63 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-proxy/squid/files/squid-13735_13734.patch?rev=1.1&view=markup |
64 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-proxy/squid/files/squid-13735_13734.patch?rev=1.1&content-type=text/plain |
65 |
|
66 |
Index: squid-13735_13734.patch |
67 |
=================================================================== |
68 |
=== modified file 'src/auth/digest/Config.cc' |
69 |
--- src/auth/digest/Config.cc 2015-01-13 09:13:49 +0000 |
70 |
+++ src/auth/digest/Config.cc 2015-01-20 10:36:06 +0000 |
71 |
@@ -1006,12 +1006,7 @@ |
72 |
debugs(29, 2, "Username for the nonce does not equal the username for the request"); |
73 |
nonce = NULL; |
74 |
} |
75 |
- /* check for stale nonce */ |
76 |
- if (authDigestNonceIsStale(nonce)) { |
77 |
- debugs(29, 3, "The received nonce is stale from " << username); |
78 |
- digest_request->setDenyMessage("Stale nonce"); |
79 |
- nonce = NULL; |
80 |
- } |
81 |
+ |
82 |
if (!nonce) { |
83 |
/* we couldn't find a matching nonce! */ |
84 |
debugs(29, 2, "Unexpected or invalid nonce received from " << username); |
85 |
|
86 |
=== modified file 'src/auth/digest/UserRequest.cc' |
87 |
--- src/auth/digest/UserRequest.cc 2015-01-18 04:24:51 +0000 |
88 |
+++ src/auth/digest/UserRequest.cc 2015-01-20 10:36:06 +0000 |
89 |
@@ -173,10 +173,14 @@ |
90 |
} |
91 |
|
92 |
/* check for stale nonce */ |
93 |
- if (!authDigestNonceIsValid(digest_request->nonce, digest_request->nc)) { |
94 |
- debugs(29, 3, "user '" << auth_user->username() << "' validated OK but nonce stale"); |
95 |
- auth_user->credentials(Auth::Handshake); |
96 |
- digest_request->setDenyMessage("Stale nonce"); |
97 |
+ /* check Auth::Pending to avoid loop */ |
98 |
+ |
99 |
+ if (!authDigestNonceIsValid(digest_request->nonce, digest_request->nc) && user()->credentials() != Auth::Pending) { |
100 |
+ debugs(29, 3, auth_user->username() << "' validated OK but nonce stale: " << digest_request->nonceb64); |
101 |
+ /* Pending prevent banner and makes a ldap control */ |
102 |
+ auth_user->credentials(Auth::Pending); |
103 |
+ nonce->flags.valid = false; |
104 |
+ authDigestNoncePurge(nonce); |
105 |
return; |
106 |
} |