diff options
| author | Antoine Brodin <antoine@FreeBSD.org> | 2013-11-18 18:55:25 +0000 |
|---|---|---|
| committer | Antoine Brodin <antoine@FreeBSD.org> | 2013-11-18 18:55:25 +0000 |
| commit | 054573ff69281c7fbb9e11a0512262e413b9c2c0 (patch) | |
| tree | 3e5f34c4a856a726a3cdb95f7ad2974f24209af7 | |
| parent | 2624f4957ebf86d4a6924bdaf470cc56921ed432 (diff) | |
Notes
| -rw-r--r-- | MOVED | 1 | ||||
| -rw-r--r-- | security/Makefile | 1 | ||||
| -rw-r--r-- | security/squidclamav/Makefile | 39 | ||||
| -rw-r--r-- | security/squidclamav/distinfo | 2 | ||||
| -rw-r--r-- | security/squidclamav/files/patch-cve-2012-3501 | 71 | ||||
| -rw-r--r-- | security/squidclamav/files/patch-cve-2012-4667 | 124 | ||||
| -rw-r--r-- | security/squidclamav/files/pkg-message.in | 7 | ||||
| -rw-r--r-- | security/squidclamav/pkg-descr | 4 |
8 files changed, 1 insertions, 248 deletions
@@ -5241,3 +5241,4 @@ lang/tolua50||2013-11-18|Removed, lua50 is EOLed net/lua50-luasocket||2013-11-18|Removed, lua50 is EOLed devel/lua50-compat51||2013-11-18|Removed, lua50 is EOLed lang/lua50|lang/lua|2013-11-18|Removed, lua50 is EOLed +security/squidclamav|www/squidclamav|2013-11-18|Has expired: Obsolete and broken with clang, use www/squidclamav instead diff --git a/security/Makefile b/security/Makefile index 9c207d763c55..098ddabae6fb 100644 --- a/security/Makefile +++ b/security/Makefile @@ -935,7 +935,6 @@ SUBDIR += spybye SUBDIR += sqlmap SUBDIR += sqlninja - SUBDIR += squidclamav SUBDIR += srm SUBDIR += srp SUBDIR += ssdeep diff --git a/security/squidclamav/Makefile b/security/squidclamav/Makefile deleted file mode 100644 index da865b38a2c6..000000000000 --- a/security/squidclamav/Makefile +++ /dev/null @@ -1,39 +0,0 @@ -# Created by: Laurent LEVIER <llevier@argosnet.com> -# $FreeBSD$ - -PORTNAME= squidclamav -PORTVERSION= 5.7 -PORTREVISION= 2 -CATEGORIES= security -MASTER_SITES= SF - -MAINTAINER= llevier@argosnet.com -COMMENT= Squid interface to ClamAV - -DEPRECATED= Obsolete and broken with clang, use www/squidclamav instead -EXPIRATION_DATE=2013-12-02 - -LIB_DEPENDS= curl:${PORTSDIR}/ftp/curl - -USE_GMAKE= yes -GNU_CONFIGURE= yes -CPPFLAGS+= -I${LOCALBASE}/include -LDFLAGS+= -L${LOCALBASE}/lib -NO_LATEST_LINK= yes -SUB_FILES= pkg-message - -PLIST_FILES= bin/${PORTNAME} etc/${PORTNAME}.conf.dist -MAN1= ${PORTNAME}.1 - -NO_STAGE= yes -post-configure: - @${REINPLACE_CMD} -E 's|^(LDFLAGS = ).*|\1-L${LOCALBASE}/lib|' \ - ${WRKSRC}/Makefile - -do-install: - @${INSTALL_PROGRAM} ${WRKSRC}/src/${PORTNAME} ${PREFIX}/bin - @${INSTALL_DATA} ${WRKSRC}/etc/${PORTNAME}.conf ${PREFIX}/etc/${PORTNAME}.conf.dist - @${INSTALL_MAN} ${WRKSRC}/doc/${PORTNAME}.1 ${MANPREFIX}/man/man1/${PORTNAME}.1 - @${CAT} ${PKGMESSAGE} - -.include <bsd.port.mk> diff --git a/security/squidclamav/distinfo b/security/squidclamav/distinfo deleted file mode 100644 index 6eb20d9ea349..000000000000 --- a/security/squidclamav/distinfo +++ /dev/null @@ -1,2 +0,0 @@ -SHA256 (squidclamav-5.7.tar.gz) = 3ec14bcfd55822b9349bae63368142c6e134c020ef81a6c31a2f2a972b1b64fa -SIZE (squidclamav-5.7.tar.gz) = 443396 diff --git a/security/squidclamav/files/patch-cve-2012-3501 b/security/squidclamav/files/patch-cve-2012-3501 deleted file mode 100644 index 240d83961ff3..000000000000 --- a/security/squidclamav/files/patch-cve-2012-3501 +++ /dev/null @@ -1,71 +0,0 @@ -Fix CVE-2012-3501, DoS when external URL checker is used - -This fix was integrated into 6.7 and 5.8. - -Obtained-from: https://github.com/darold/squidclamav/commit/80f74451f628264d1d9a1f1c0bbcebc932ba5e00.diff - ---- src/squidclamav.c.orig 2010-12-11 15:20:46.000000000 +0300 -+++ src/squidclamav.c 2012-08-25 15:55:51.708586983 +0400 -@@ -62,6 +62,7 @@ - static char * escape_quote (char *s); - void timeit (struct timeval start, char *level); - int dconnect (void); -+char * replace(const char *s, const char *old, const char *new); - void replace_chr(char string[], char *from, char *to); - void free_global (); /* routine to free global pointer */ - void freeBuff (struct IN_BUFF); -@@ -474,11 +475,15 @@ - /* chaining with SquidGuard - before bridge mode or not*/ - if ((bridge_mode == 0) && (squidguard != NULL)) { - if (usepipe == 1) { -+ char *rbuff = NULL; -+ /* escaping escaped character to prevent unescaping by squidguard */ -+ rbuff = replace(rbuff, "%", "%25"); - if (debug > 0) - logit(log_file, "DEBUG Sending request to chained program: %s\n", squidguard); - fprintf(sgfpw,"%s\n",sbuff); - fflush(sgfpw); - xfree(escaped); -+ xfree(rbuff); - escaped = NULL; - /* the chained redirector must return empty line if ok or the redirection url */ - chain_ret = (char *)malloc(sizeof(char)*MAX_URL); -@@ -1114,3 +1119,38 @@ - } - - -+/** -+ * Searches all occurrences of old into s -+ * and replaces with new -+ */ -+char * -+replace(const char *s, const char *old, const char *new) -+{ -+ char *ret; -+ int i, count = 0; -+ size_t newlen = strlen(new); -+ size_t oldlen = strlen(old); -+ -+ for (i = 0; s[i] != '\0'; i++) { -+ if (strstr(&s[i], old) == &s[i]) { -+ count++; -+ i += oldlen - 1; -+ } -+ } -+ ret = malloc(i + 1 + count * (newlen - oldlen)); -+ if (ret != NULL) { -+ i = 0; -+ while (*s) { -+ if (strstr(s, old) == s) { -+ strcpy(&ret[i], new); -+ i += newlen; -+ s += oldlen; -+ } else { -+ ret[i++] = *s++; -+ } -+ } -+ ret[i] = '\0'; -+ } -+ -+ return ret; -+} diff --git a/security/squidclamav/files/patch-cve-2012-4667 b/security/squidclamav/files/patch-cve-2012-4667 deleted file mode 100644 index aa0bc6afc837..000000000000 --- a/security/squidclamav/files/patch-cve-2012-4667 +++ /dev/null @@ -1,124 +0,0 @@ -Fixes CVE-2012-4667, XSS in clwarn.cgi - -Integrated to 5.8 and 6.7. - -Obtained-from: https://github.com/darold/squidclamav/commit/5806d10a31183a0b0d18eccc3a3e04e536e2315b.diff - -diff --git a/cgi-bin/clwarn.cgi b/cgi-bin/clwarn.cgi -index 9333bef..a43eca7 100755 ---- cgi-bin/clwarn.cgi -+++ cgi-bin/clwarn.cgi -@@ -7,11 +7,11 @@ my $VERSION = '6.6'; - - my $cgi = new CGI; - --my $url = $cgi->param('url') || ''; --my $virus = $cgi->param('virus') || ''; --my $source = $cgi->param('source') || ''; -+my $url = CGI::escapeHTML($cgi->param('url')) || ''; -+my $virus = CGI::escapeHTML($cgi->param('virus')) || ''; -+my $source = CGI::escapeHTML($cgi->param('source')) || ''; - $source =~ s/\/-//; --my $user = $cgi->param('user') || ''; -+my $user = CGI::escapeHTML($cgi->param('user')) || ''; - - - my $TITLE_VIRUS = "SquidClamAv $VERSION: Virus detection"; -diff --git a/cgi-bin/clwarn.cgi.de_DE b/cgi-bin/clwarn.cgi.de_DE -index 700c3df..3f21180 100755 ---- cgi-bin/clwarn.cgi.de_DE -+++ cgi-bin/clwarn.cgi.de_DE -@@ -7,11 +7,11 @@ my $VERSION = '6.6'; - - my $cgi = new CGI; - --my $url = $cgi->param('url') || ''; --my $virus = $cgi->param('virus') || ''; --my $source = $cgi->param('source') || ''; -+my $url = CGI::escapeHTML($cgi->param('url')) || ''; -+my $virus = CGI::escapeHTML($cgi->param('virus')) || ''; -+my $source = CGI::escapeHTML($cgi->param('source')) || ''; - $source =~ s/\/-//; --my $user = $cgi->param('user') || ''; -+my $user = CGI::escapeHTML($cgi->param('user')) || ''; - - my $TITLE_VIRUS = "Virus Alarm"; - my $subtitle = 'enthlt folgenden Virus'; -diff --git a/cgi-bin/clwarn.cgi.en_EN b/cgi-bin/clwarn.cgi.en_EN -index d246e54..6e70e46 100755 ---- cgi-bin/clwarn.cgi.en_EN -+++ cgi-bin/clwarn.cgi.en_EN -@@ -7,11 +7,11 @@ my $VERSION = '6.6'; - - my $cgi = new CGI; - --my $url = $cgi->param('url') || ''; --my $virus = $cgi->param('virus') || ''; --my $source = $cgi->param('source') || ''; -+my $url = CGI::escapeHTML($cgi->param('url')) || ''; -+my $virus = CGI::escapeHTML($cgi->param('virus')) || ''; -+my $source = CGI::escapeHTML($cgi->param('source')) || ''; - $source =~ s/\/-//; --my $user = $cgi->param('user') || ''; -+my $user = CGI::escapeHTML($cgi->param('user')) || ''; - - my $TITLE_VIRUS = "SquidClamAv $VERSION: Virus detection"; - my $subtitle = 'contains the virus'; -diff --git a/cgi-bin/clwarn.cgi.fr_FR b/cgi-bin/clwarn.cgi.fr_FR -index c0b3896..323fa30 100755 ---- cgi-bin/clwarn.cgi.fr_FR -+++ cgi-bin/clwarn.cgi.fr_FR -@@ -7,11 +7,11 @@ my $VERSION = '6.6'; - - my $cgi = new CGI; - --my $url = $cgi->param('url') || ''; --my $virus = $cgi->param('virus') || ''; --my $source = $cgi->param('source') || ''; -+my $url = CGI::escapeHTML($cgi->param('url')) || ''; -+my $virus = CGI::escapeHTML($cgi->param('virus')) || ''; -+my $source = CGI::escapeHTML($cgi->param('source')) || ''; - $source =~ s/\/-//; --my $user = $cgi->param('user') || ''; -+my $user = CGI::escapeHTML($cgi->param('user')) || ''; - - my $TITLE_VIRUS = "SquidClamAv $VERSION: Virus detection"; - my $subtitle = 'contient le virus'; -diff --git a/cgi-bin/clwarn.cgi.pt_BR b/cgi-bin/clwarn.cgi.pt_BR -index 6bf12a0..1a6492a 100755 ---- cgi-bin/clwarn.cgi.pt_BR -+++ cgi-bin/clwarn.cgi.pt_BR -@@ -7,8 +7,11 @@ my $VERSION = '6.6'; - - my $cgi = new CGI; - --my $url = $cgi->param('url') || ''; --my $virus = $cgi->param('virus') || ''; -+my $url = CGI::escapeHTML($cgi->param('url')) || ''; -+my $virus = CGI::escapeHTML($cgi->param('virus')) || ''; -+my $source = CGI::escapeHTML($cgi->param('source')) || ''; -+$source =~ s/\/-//; -+my $user = CGI::escapeHTML($cgi->param('user')) || ''; - - my $TITLE_VIRUS = "SquidClamAv $VERSION: Foi detectado um vírus!"; - my $subtitle = 'está infectada pelo vírus'; -diff --git a/cgi-bin/clwarn.cgi.ru_RU b/cgi-bin/clwarn.cgi.ru_RU -index 21e4d94..1e82a0b 100755 ---- cgi-bin/clwarn.cgi.ru_RU -+++ cgi-bin/clwarn.cgi.ru_RU -@@ -7,11 +7,11 @@ my $VERSION = '6.6'; - - my $cgi = new CGI; - --my $url = $cgi->param('url') || ''; --my $virus = $cgi->param('virus') || ''; --my $source = $cgi->param('source') || ''; -+my $url = CGI::escapeHTML($cgi->param('url')) || ''; -+my $virus = CGI::escapeHTML($cgi->param('virus')) || ''; -+my $source = CGI::escapeHTML($cgi->param('source')) || ''; - $source =~ s/\/-//; --my $user = $cgi->param('user') || ''; -+my $user = CGI::escapeHTML($cgi->param('user')) || ''; - - my $TITLE_VIRUS = "SquidClamAv $VERSION: Обнаружен вирус!"; - my $subtitle = 'содержит вирус'; diff --git a/security/squidclamav/files/pkg-message.in b/security/squidclamav/files/pkg-message.in deleted file mode 100644 index d1d42ae21cdb..000000000000 --- a/security/squidclamav/files/pkg-message.in +++ /dev/null @@ -1,7 +0,0 @@ -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= - squidclamav has been installed -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= - -Read the follow site reference: - -http://sourceforge.net/projects/squidclamav/ diff --git a/security/squidclamav/pkg-descr b/security/squidclamav/pkg-descr deleted file mode 100644 index 5ac7b1f7fca8..000000000000 --- a/security/squidclamav/pkg-descr +++ /dev/null @@ -1,4 +0,0 @@ -SquidClamAV is an interface to perform antivirus checks on data -passing through Squid Proxy. - -WWW: http://sourceforge.net/projects/squidclamav/ |