diff -u -r -N squid-3.2.12/ChangeLog squid-3.2.13/ChangeLog --- squid-3.2.12/ChangeLog 2013-07-11 17:25:44.000000000 +1200 +++ squid-3.2.13/ChangeLog 2013-07-14 01:22:32.000000000 +1200 @@ -1,4 +1,9 @@ +Changes to squid-3.2.13 (13 Jul 2013): + + - Bug 3869: assertion failed: MemBuf.cc:272: size < capacity + - Improved handling of port values in Host: header validation + Changes to squid-3.2.12 (11 Jul 2013): - Protect against buffer overrun in DNS query generation diff -u -r -N squid-3.2.12/configure squid-3.2.13/configure --- squid-3.2.12/configure 2013-07-11 17:27:14.000000000 +1200 +++ squid-3.2.13/configure 2013-07-14 01:23:28.000000000 +1200 @@ -1,7 +1,7 @@ #! /bin/sh # From configure.ac Revision. # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.68 for Squid Web Proxy 3.2.12. +# Generated by GNU Autoconf 2.68 for Squid Web Proxy 3.2.13. # # Report bugs to . # @@ -575,8 +575,8 @@ # Identity of this package. PACKAGE_NAME='Squid Web Proxy' PACKAGE_TARNAME='squid' -PACKAGE_VERSION='3.2.12' -PACKAGE_STRING='Squid Web Proxy 3.2.12' +PACKAGE_VERSION='3.2.13' +PACKAGE_STRING='Squid Web Proxy 3.2.13' PACKAGE_BUGREPORT='http://bugs.squid-cache.org/' PACKAGE_URL='' @@ -1571,7 +1571,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures Squid Web Proxy 3.2.12 to adapt to many kinds of systems. +\`configure' configures Squid Web Proxy 3.2.13 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1641,7 +1641,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of Squid Web Proxy 3.2.12:";; + short | recursive ) echo "Configuration of Squid Web Proxy 3.2.13:";; esac cat <<\_ACEOF @@ -2019,7 +2019,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -Squid Web Proxy configure 3.2.12 +Squid Web Proxy configure 3.2.13 generated by GNU Autoconf 2.68 Copyright (C) 2010 Free Software Foundation, Inc. @@ -3115,7 +3115,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by Squid Web Proxy $as_me 3.2.12, which was +It was created by Squid Web Proxy $as_me 3.2.13, which was generated by GNU Autoconf 2.68. Invocation command line was $ $0 $@ @@ -3934,7 +3934,7 @@ # Define the identity of the package. PACKAGE='squid' - VERSION='3.2.12' + VERSION='3.2.13' cat >>confdefs.h <<_ACEOF @@ -30894,7 +30894,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by Squid Web Proxy $as_me 3.2.12, which was +This file was extended by Squid Web Proxy $as_me 3.2.13, which was generated by GNU Autoconf 2.68. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -30960,7 +30960,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -Squid Web Proxy config.status 3.2.12 +Squid Web Proxy config.status 3.2.13 configured by $0, generated by GNU Autoconf 2.68, with options \\"\$ac_cs_config\\" diff -u -r -N squid-3.2.12/configure.ac squid-3.2.13/configure.ac --- squid-3.2.12/configure.ac 2013-07-11 17:27:14.000000000 +1200 +++ squid-3.2.13/configure.ac 2013-07-14 01:23:28.000000000 +1200 @@ -1,4 +1,4 @@ -AC_INIT([Squid Web Proxy],[3.2.12],[http://bugs.squid-cache.org/],[squid]) +AC_INIT([Squid Web Proxy],[3.2.13],[http://bugs.squid-cache.org/],[squid]) AC_PREREQ(2.61) AC_CONFIG_HEADERS([include/autoconf.h]) AC_CONFIG_AUX_DIR(cfgaux) diff -u -r -N squid-3.2.12/helpers/basic_auth/DB/basic_db_auth.8 squid-3.2.13/helpers/basic_auth/DB/basic_db_auth.8 --- squid-3.2.12/helpers/basic_auth/DB/basic_db_auth.8 2013-07-11 17:49:32.000000000 +1200 +++ squid-3.2.13/helpers/basic_auth/DB/basic_db_auth.8 2013-07-14 01:48:34.000000000 +1200 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BASIC_DB_AUTH 1" -.TH BASIC_DB_AUTH 1 "2013-07-10" "perl v5.10.1" "User Contributed Perl Documentation" +.TH BASIC_DB_AUTH 1 "2013-07-13" "perl v5.10.1" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff -u -r -N squid-3.2.12/helpers/external_acl/wbinfo_group/ext_wbinfo_group_acl.8 squid-3.2.13/helpers/external_acl/wbinfo_group/ext_wbinfo_group_acl.8 --- squid-3.2.12/helpers/external_acl/wbinfo_group/ext_wbinfo_group_acl.8 2013-07-11 17:49:34.000000000 +1200 +++ squid-3.2.13/helpers/external_acl/wbinfo_group/ext_wbinfo_group_acl.8 2013-07-14 01:48:36.000000000 +1200 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "EXT_WBINFO_GROUP_ACL.PL.IN 1" -.TH EXT_WBINFO_GROUP_ACL.PL.IN 1 "2013-07-10" "perl v5.10.1" "User Contributed Perl Documentation" +.TH EXT_WBINFO_GROUP_ACL.PL.IN 1 "2013-07-13" "perl v5.10.1" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff -u -r -N squid-3.2.12/include/version.h squid-3.2.13/include/version.h --- squid-3.2.12/include/version.h 2013-07-11 17:27:14.000000000 +1200 +++ squid-3.2.13/include/version.h 2013-07-14 01:23:28.000000000 +1200 @@ -9,7 +9,7 @@ */ #ifndef SQUID_RELEASE_TIME -#define SQUID_RELEASE_TIME 1373520341 +#define SQUID_RELEASE_TIME 1373721750 #endif #ifndef APP_SHORTNAME diff -u -r -N squid-3.2.12/RELEASENOTES.html squid-3.2.13/RELEASENOTES.html --- squid-3.2.12/RELEASENOTES.html 2013-07-11 17:49:40.000000000 +1200 +++ squid-3.2.13/RELEASENOTES.html 2013-07-14 01:48:45.000000000 +1200 @@ -2,10 +2,10 @@ - Squid 3.2.12 release notes + Squid 3.2.13 release notes -

Squid 3.2.12 release notes

+

Squid 3.2.13 release notes

Squid Developers


@@ -72,7 +72,7 @@

1. Notice

-

The Squid Team are pleased to announce the release of Squid-3.2.12.

+

The Squid Team are pleased to announce the release of Squid-3.2.13.

This new release is available for download from http://www.squid-cache.org/Versions/v3/3.2/ or the mirrors.

diff -u -r -N squid-3.2.12/src/client_side_request.cc squid-3.2.13/src/client_side_request.cc --- squid-3.2.12/src/client_side_request.cc 2013-07-11 17:25:44.000000000 +1200 +++ squid-3.2.13/src/client_side_request.cc 2013-07-14 01:22:32.000000000 +1200 @@ -641,8 +641,16 @@ uint16_t port = 0; if (portStr) { *portStr = '\0'; // strip the ':' - if (*(++portStr) != '\0') - port = xatoi(portStr); + if (*(++portStr) != '\0') { + char *end = NULL; + int64_t ret = strtoll(portStr, &end, 10); + if (end == portStr || *end != '\0' || ret < 1 || ret > 0xFFFF) { + // invalid port details. Replace the ':' + *(--portStr) = ':'; + portStr = NULL; + } else + port = (ret & 0xFFFF); + } } debugs(85, 3, HERE << "validate host=" << host << ", port=" << port << ", portStr=" << (portStr?portStr:"NULL")); diff -u -r -N squid-3.2.12/src/MemBuf.h squid-3.2.13/src/MemBuf.h --- squid-3.2.12/src/MemBuf.h 2013-07-11 17:25:44.000000000 +1200 +++ squid-3.2.13/src/MemBuf.h 2013-07-14 01:22:32.000000000 +1200 @@ -66,7 +66,7 @@ /// these space-related methods assume no growth and allow 0-termination char *space() { return buf + size; } // space to add data - char *space(mb_size_t required) { if (size + required > capacity) grow(size + required); return buf + size; } // space to add data + char *space(mb_size_t required) { if (size + required >= capacity) grow(size + required +1); return buf + size; } // space to add data mb_size_t spaceSize() const;