From 37288f510a883ffa89ffb4a45519c7ce2a62e180 Mon Sep 17 00:00:00 2001 From: Alin Năstac Date: Tue, 17 Feb 2009 22:42:18 +0000 Subject: Fix buffer overflow, thanks to emerald (#259272). (Portage version: 2.1.6.4/cvs/Linux 2.6.25-gentoo-r6 x86_64) --- net-proxy/squidguard/ChangeLog | 9 ++- .../files/squidguard-1.4-vsnprintf.patch | 42 +++++++++++++ net-proxy/squidguard/squidguard-1.4-r1.ebuild | 70 ++++++++++++++++++++++ 3 files changed, 120 insertions(+), 1 deletion(-) create mode 100644 net-proxy/squidguard/files/squidguard-1.4-vsnprintf.patch create mode 100644 net-proxy/squidguard/squidguard-1.4-r1.ebuild (limited to 'net-proxy') diff --git a/net-proxy/squidguard/ChangeLog b/net-proxy/squidguard/ChangeLog index f78ea2c906cd..9e9b6faa85aa 100644 --- a/net-proxy/squidguard/ChangeLog +++ b/net-proxy/squidguard/ChangeLog @@ -1,6 +1,13 @@ # ChangeLog for net-proxy/squidguard # Copyright 2002-2009 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/net-proxy/squidguard/ChangeLog,v 1.29 2009/01/10 13:24:08 mrness Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-proxy/squidguard/ChangeLog,v 1.30 2009/02/17 22:42:17 mrness Exp $ + +*squidguard-1.4-r1 (17 Feb 2009) + + 17 Feb 2009; Alin Năstac + +files/squidguard-1.4-vsnprintf.patch, +squidguard-1.4-r1.ebuild: + Fix buffer overflow, thanks to emerald + (#259272). *squidguard-1.4 (10 Jan 2009) diff --git a/net-proxy/squidguard/files/squidguard-1.4-vsnprintf.patch b/net-proxy/squidguard/files/squidguard-1.4-vsnprintf.patch new file mode 100644 index 000000000000..971d136fc988 --- /dev/null +++ b/net-proxy/squidguard/files/squidguard-1.4-vsnprintf.patch @@ -0,0 +1,42 @@ +diff -Nru squidGuard-1.4.orig/configure.in squidGuard-1.4/configure.in +--- squidGuard-1.4.orig/configure.in 2009-02-17 22:35:28.000000000 +0000 ++++ squidGuard-1.4/configure.in 2009-02-17 22:36:27.000000000 +0000 +@@ -421,7 +421,7 @@ + AC_CHECK_FUNCS(regexec, , AC_MSG_ERROR([No regexec library function.])) + AC_CHECK_FUNCS(strdup, , AC_MSG_ERROR([No strdup library function.])) + AC_CHECK_FUNCS(strerror, , AC_MSG_ERROR([No strerror library function.])) +-AC_CHECK_FUNCS(vsprintf, , AC_MSG_ERROR([No vsprintf library function.])) ++AC_CHECK_FUNCS(vsnprintf, , AC_MSG_ERROR([No vsnprintf library function.])) + AC_CHECK_FUNCS(sigaction) + AC_CHECK_FUNCS(signal) + +diff -Nru squidGuard-1.4.orig/src/sgLog.c squidGuard-1.4/src/sgLog.c +--- squidGuard-1.4.orig/src/sgLog.c 2007-11-16 16:58:32.000000000 +0000 ++++ squidGuard-1.4/src/sgLog.c 2009-02-17 22:37:04.000000000 +0000 +@@ -55,7 +55,7 @@ + char msg[MAX_BUF]; + va_list ap; + VA_START(ap, format); +- if(vsprintf(msg, format, ap) > (MAX_BUF - 1)) ++ if(vsnprintf(msg, MAX_BUF, format, ap) > (MAX_BUF - 1)) + fprintf(stderr,"overflow in vsprintf (sgLog): %s",strerror(errno)); + va_end(ap); + date = niso(0); +@@ -87,7 +87,7 @@ + char msg[MAX_BUF]; + va_list ap; + VA_START(ap, format); +- if(vsprintf(msg, format, ap) > (MAX_BUF - 1)) ++ if(vsnprintf(msg, MAX_BUF, format, ap) > (MAX_BUF - 1)) + sgLogFatalError("overflow in vsprintf (sgLogError): %s",strerror(errno)); + va_end(ap); + sgLog(globalErrorLog,"%s",msg); +@@ -104,7 +104,7 @@ + char msg[MAX_BUF]; + va_list ap; + VA_START(ap, format); +- if(vsprintf(msg, format, ap) > (MAX_BUF - 1)) ++ if(vsnprintf(msg, MAX_BUF, format, ap) > (MAX_BUF - 1)) + return; + va_end(ap); + sgLog(globalErrorLog,"%s",msg); diff --git a/net-proxy/squidguard/squidguard-1.4-r1.ebuild b/net-proxy/squidguard/squidguard-1.4-r1.ebuild new file mode 100644 index 000000000000..54318c9a193f --- /dev/null +++ b/net-proxy/squidguard/squidguard-1.4-r1.ebuild @@ -0,0 +1,70 @@ +# Copyright 1999-2009 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-proxy/squidguard/squidguard-1.4-r1.ebuild,v 1.1 2009/02/17 22:42:17 mrness Exp $ + +WANT_AUTOMAKE=none + +inherit eutils autotools + +DESCRIPTION="Combined filter, redirector and access controller plugin for Squid." +HOMEPAGE="http://www.squidguard.org" +SRC_URI="http://www.squidguard.org/Downloads/squidGuard-${PV}.tar.gz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~amd64 ~ppc ~ppc64 ~x86" +IUSE="ldap" + +RDEPEND=">=sys-libs/db-2 + ldap? ( net-nds/openldap )" +DEPEND="${RDEPEND} + sys-devel/bison + sys-devel/flex" + +S="${WORKDIR}/squidGuard-${PV}" + +src_unpack() { + unpack ${A} + + cd "${S}" + epatch "${FILESDIR}/${P}-gentoo.patch" + epatch "${FILESDIR}/${P}-autoheader.patch" + epatch "${FILESDIR}/${P}-vsnprintf.patch" + eautoreconf +} + +src_compile() { + econf \ + $(use_with ldap) \ + --with-sg-config=/etc/squidGuard/squidGuard.conf \ + --with-sg-logdir=/var/log/squidGuard \ + || die "configure has failed" + + emake || die "make has failed" +} + +src_install() { + emake prefix="/usr" INSTDIR="${D}" install || die "emake install has failed" + + keepdir /var/log/squidGuard + fowners squid:squid /var/log/squidGuard + + insinto /etc/squidGuard/sample + doins "${FILESDIR}"/squidGuard.conf.* + insinto /etc/squidGuard/sample/db + doins "${FILESDIR}"/blockedsites + + dodoc ANNOUNCE CHANGELOG README + dohtml doc/*.html + docinto text + dodoc doc/*.txt +} + +pkg_postinst() { + einfo "To enable squidGuard, add the following lines to /etc/squid/squid.conf:" + einfo " url_rewrite_program /usr/bin/squidGuard" + einfo " url_rewrite_children 10" + einfo "" + einfo "Remember to edit /etc/squidGuard/squidGuard.conf first!" + einfo "Examples can be found in /etc/squidGuard/sample/" +} -- cgit v1.2.3-65-gdbad