diff -u -r -N squid-3.2.12/ChangeLog squid-3.2.13/ChangeLog
--- squid-3.2.12/ChangeLog 2013-07-11 17:25:44.000000000 +1200
+++ squid-3.2.13/ChangeLog 2013-07-14 01:22:32.000000000 +1200
@@ -1,4 +1,9 @@
+Changes to squid-3.2.13 (13 Jul 2013):
+
+ - Bug 3869: assertion failed: MemBuf.cc:272: size < capacity
+ - Improved handling of port values in Host: header validation
+
Changes to squid-3.2.12 (11 Jul 2013):
- Protect against buffer overrun in DNS query generation
diff -u -r -N squid-3.2.12/configure squid-3.2.13/configure
--- squid-3.2.12/configure 2013-07-11 17:27:14.000000000 +1200
+++ squid-3.2.13/configure 2013-07-14 01:23:28.000000000 +1200
@@ -1,7 +1,7 @@
#! /bin/sh
# From configure.ac Revision.
# Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.68 for Squid Web Proxy 3.2.12.
+# Generated by GNU Autoconf 2.68 for Squid Web Proxy 3.2.13.
#
# Report bugs to .
#
@@ -575,8 +575,8 @@
# Identity of this package.
PACKAGE_NAME='Squid Web Proxy'
PACKAGE_TARNAME='squid'
-PACKAGE_VERSION='3.2.12'
-PACKAGE_STRING='Squid Web Proxy 3.2.12'
+PACKAGE_VERSION='3.2.13'
+PACKAGE_STRING='Squid Web Proxy 3.2.13'
PACKAGE_BUGREPORT='http://bugs.squid-cache.org/'
PACKAGE_URL=''
@@ -1571,7 +1571,7 @@
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
-\`configure' configures Squid Web Proxy 3.2.12 to adapt to many kinds of systems.
+\`configure' configures Squid Web Proxy 3.2.13 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@@ -1641,7 +1641,7 @@
if test -n "$ac_init_help"; then
case $ac_init_help in
- short | recursive ) echo "Configuration of Squid Web Proxy 3.2.12:";;
+ short | recursive ) echo "Configuration of Squid Web Proxy 3.2.13:";;
esac
cat <<\_ACEOF
@@ -2019,7 +2019,7 @@
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
-Squid Web Proxy configure 3.2.12
+Squid Web Proxy configure 3.2.13
generated by GNU Autoconf 2.68
Copyright (C) 2010 Free Software Foundation, Inc.
@@ -3115,7 +3115,7 @@
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
-It was created by Squid Web Proxy $as_me 3.2.12, which was
+It was created by Squid Web Proxy $as_me 3.2.13, which was
generated by GNU Autoconf 2.68. Invocation command line was
$ $0 $@
@@ -3934,7 +3934,7 @@
# Define the identity of the package.
PACKAGE='squid'
- VERSION='3.2.12'
+ VERSION='3.2.13'
cat >>confdefs.h <<_ACEOF
@@ -30894,7 +30894,7 @@
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
-This file was extended by Squid Web Proxy $as_me 3.2.12, which was
+This file was extended by Squid Web Proxy $as_me 3.2.13, which was
generated by GNU Autoconf 2.68. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@@ -30960,7 +30960,7 @@
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
-Squid Web Proxy config.status 3.2.12
+Squid Web Proxy config.status 3.2.13
configured by $0, generated by GNU Autoconf 2.68,
with options \\"\$ac_cs_config\\"
diff -u -r -N squid-3.2.12/configure.ac squid-3.2.13/configure.ac
--- squid-3.2.12/configure.ac 2013-07-11 17:27:14.000000000 +1200
+++ squid-3.2.13/configure.ac 2013-07-14 01:23:28.000000000 +1200
@@ -1,4 +1,4 @@
-AC_INIT([Squid Web Proxy],[3.2.12],[http://bugs.squid-cache.org/],[squid])
+AC_INIT([Squid Web Proxy],[3.2.13],[http://bugs.squid-cache.org/],[squid])
AC_PREREQ(2.61)
AC_CONFIG_HEADERS([include/autoconf.h])
AC_CONFIG_AUX_DIR(cfgaux)
diff -u -r -N squid-3.2.12/helpers/basic_auth/DB/basic_db_auth.8 squid-3.2.13/helpers/basic_auth/DB/basic_db_auth.8
--- squid-3.2.12/helpers/basic_auth/DB/basic_db_auth.8 2013-07-11 17:49:32.000000000 +1200
+++ squid-3.2.13/helpers/basic_auth/DB/basic_db_auth.8 2013-07-14 01:48:34.000000000 +1200
@@ -124,7 +124,7 @@
.\" ========================================================================
.\"
.IX Title "BASIC_DB_AUTH 1"
-.TH BASIC_DB_AUTH 1 "2013-07-10" "perl v5.10.1" "User Contributed Perl Documentation"
+.TH BASIC_DB_AUTH 1 "2013-07-13" "perl v5.10.1" "User Contributed Perl Documentation"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff -u -r -N squid-3.2.12/helpers/external_acl/wbinfo_group/ext_wbinfo_group_acl.8 squid-3.2.13/helpers/external_acl/wbinfo_group/ext_wbinfo_group_acl.8
--- squid-3.2.12/helpers/external_acl/wbinfo_group/ext_wbinfo_group_acl.8 2013-07-11 17:49:34.000000000 +1200
+++ squid-3.2.13/helpers/external_acl/wbinfo_group/ext_wbinfo_group_acl.8 2013-07-14 01:48:36.000000000 +1200
@@ -124,7 +124,7 @@
.\" ========================================================================
.\"
.IX Title "EXT_WBINFO_GROUP_ACL.PL.IN 1"
-.TH EXT_WBINFO_GROUP_ACL.PL.IN 1 "2013-07-10" "perl v5.10.1" "User Contributed Perl Documentation"
+.TH EXT_WBINFO_GROUP_ACL.PL.IN 1 "2013-07-13" "perl v5.10.1" "User Contributed Perl Documentation"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff -u -r -N squid-3.2.12/include/version.h squid-3.2.13/include/version.h
--- squid-3.2.12/include/version.h 2013-07-11 17:27:14.000000000 +1200
+++ squid-3.2.13/include/version.h 2013-07-14 01:23:28.000000000 +1200
@@ -9,7 +9,7 @@
*/
#ifndef SQUID_RELEASE_TIME
-#define SQUID_RELEASE_TIME 1373520341
+#define SQUID_RELEASE_TIME 1373721750
#endif
#ifndef APP_SHORTNAME
diff -u -r -N squid-3.2.12/RELEASENOTES.html squid-3.2.13/RELEASENOTES.html
--- squid-3.2.12/RELEASENOTES.html 2013-07-11 17:49:40.000000000 +1200
+++ squid-3.2.13/RELEASENOTES.html 2013-07-14 01:48:45.000000000 +1200
@@ -2,10 +2,10 @@
- Squid 3.2.12 release notes
+ Squid 3.2.13 release notes
-Squid 3.2.12 release notes
+Squid 3.2.13 release notes
Squid Developers
@@ -72,7 +72,7 @@
-The Squid Team are pleased to announce the release of Squid-3.2.12.
+The Squid Team are pleased to announce the release of Squid-3.2.13.
This new release is available for download from
http://www.squid-cache.org/Versions/v3/3.2/ or the
mirrors.
diff -u -r -N squid-3.2.12/src/client_side_request.cc squid-3.2.13/src/client_side_request.cc
--- squid-3.2.12/src/client_side_request.cc 2013-07-11 17:25:44.000000000 +1200
+++ squid-3.2.13/src/client_side_request.cc 2013-07-14 01:22:32.000000000 +1200
@@ -641,8 +641,16 @@
uint16_t port = 0;
if (portStr) {
*portStr = '\0'; // strip the ':'
- if (*(++portStr) != '\0')
- port = xatoi(portStr);
+ if (*(++portStr) != '\0') {
+ char *end = NULL;
+ int64_t ret = strtoll(portStr, &end, 10);
+ if (end == portStr || *end != '\0' || ret < 1 || ret > 0xFFFF) {
+ // invalid port details. Replace the ':'
+ *(--portStr) = ':';
+ portStr = NULL;
+ } else
+ port = (ret & 0xFFFF);
+ }
}
debugs(85, 3, HERE << "validate host=" << host << ", port=" << port << ", portStr=" << (portStr?portStr:"NULL"));
diff -u -r -N squid-3.2.12/src/MemBuf.h squid-3.2.13/src/MemBuf.h
--- squid-3.2.12/src/MemBuf.h 2013-07-11 17:25:44.000000000 +1200
+++ squid-3.2.13/src/MemBuf.h 2013-07-14 01:22:32.000000000 +1200
@@ -66,7 +66,7 @@
/// these space-related methods assume no growth and allow 0-termination
char *space() { return buf + size; } // space to add data
- char *space(mb_size_t required) { if (size + required > capacity) grow(size + required); return buf + size; } // space to add data
+ char *space(mb_size_t required) { if (size + required >= capacity) grow(size + required +1); return buf + size; } // space to add data
mb_size_t spaceSize() const;