On 16/08/11 20:37, Ralf Hildebrandt wrote:
> * Amos Jeffries:
>> On 15/08/11 23:52, Ralf Hildebrandt wrote:
>>> With today's BZR checkout (3.2-HEAD) I'm getting a lot of "SECURITY
>>> ALERT: Host: header forgery detected" with everyday requests:
>>>
>>> 2011/08/15 13:50:59.016| SECURITY ALERT: Host: header forgery detected from local=141.42.1.205:8080 remote=10.43.65.227:3266 FD 1312 flags=1 (amsprd0104.outlook.com:443 does not match amsprd0104.outlook.com)
>>
>> We now forcibly detect CVE-2009-0801 vulnerability abuse. A few cases
>> have been found missing from the detection. Please apply these two
>> patches in this order:
>>
>>
>> http://www.squid-cache.org/Versions/v3/3.HEAD/changesets/squid-3-11647.patch
>> http://www.squid-cache.org/Versions/v3/3.HEAD/changesets/squid-3-11649.patch
>
> I tried to apply them both but:
>
> # patch -p1< ../squid-3-11647.patch
> patching file ClientRequestContext.h
> Hunk #1 FAILED at 27.
> 1 out of 1 hunk FAILED -- saving rejects to file ClientRequestContext.h.rej
> patching file client_side_request.cc
> Hunk #1 FAILED at 546.
> Hunk #2 FAILED at 620.
> Hunk #3 FAILED at 638.
> 3 out of 3 hunks FAILED -- saving rejects to file client_side_request.cc.rej
>
Sorry, looks like you sync'd them in from 3.2 before applying.
FWIW the Firefox CONNECT case is fixed a few hours ago now too.
I've had confirmation that one works and just ported it back to 3.2
right now. Should be available to you soon.
Amos
-- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.14 Beta testers wanted for 3.2.0.10Received on Tue Aug 16 2011 - 11:04:03 MDT
This archive was generated by hypermail 2.2.0 : Tue Aug 16 2011 - 12:00:02 MDT