--- /dev/null
+------------------------------------------------------------
+revno: 10486
+revision-id: squid3@treenet.co.nz-20130222111325-zizr296kq3te4g7h
+parent: squid3@treenet.co.nz-20130109021503-hqg7ufldrudpzr9l
+fixes bug(s): http://bugs.squid-cache.org/show_bug.cgi?id=3790
+author: Reinhard Sojka <reinhard.sojka@parlament.gv.at>
+committer: Amos Jeffries <squid3@treenet.co.nz>
+branch nick: SQUID_3_1
+timestamp: Fri 2013-02-22 04:13:25 -0700
+message:
+ Bug 3790: cachemgr.cgi crash with authentication
+------------------------------------------------------------
+# Bazaar merge directive format 2 (Bazaar 0.90)
+# revision_id: squid3@treenet.co.nz-20130222111325-zizr296kq3te4g7h
+# target_branch: http://bzr.squid-cache.org/bzr/squid3/branches\
+# /SQUID_3_1
+# testament_sha1: 121adf68a9c3b2eca766cfb768256b6b57d9816b
+# timestamp: 2013-02-22 11:17:18 +0000
+# source_branch: http://bzr.squid-cache.org/bzr/squid3/branches\
+# /SQUID_3_1
+# base_revision_id: squid3@treenet.co.nz-20130109021503-\
+# hqg7ufldrudpzr9l
+#
+# Begin patch
+=== modified file 'tools/cachemgr.cc'
+--- tools/cachemgr.cc 2013-01-08 23:11:51 +0000
++++ tools/cachemgr.cc 2013-02-22 11:13:25 +0000
+@@ -1162,7 +1162,6 @@
+ {
+ static char buf[1024];
+ size_t stringLength = 0;
+- const char *str64;
+
+ if (!req->passwd)
+ return "";
+@@ -1171,15 +1170,12 @@
+ req->user_name ? req->user_name : "",
+ req->passwd);
+
+- str64 = base64_encode(buf);
+-
+- stringLength += snprintf(buf, sizeof(buf), "Authorization: Basic %s\r\n", str64);
++ stringLength += snprintf(buf, sizeof(buf), "Authorization: Basic %s\r\n", base64_encode(buf));
+
+ assert(stringLength < sizeof(buf));
+
+- snprintf(&buf[stringLength], sizeof(buf) - stringLength, "Proxy-Authorization: Basic %s\r\n", str64);
++ snprintf(&buf[stringLength], sizeof(buf) - stringLength, "Proxy-Authorization: Basic %s\r\n", base64_encode(buf));
+
+- xxfree(str64);
+ return buf;
+ }
+
+
--- /dev/null
+------------------------------------------------------------
+revno: 10487
+revision-id: squid3@treenet.co.nz-20130710124748-2n6111r04xsi71vx
+parent: squid3@treenet.co.nz-20130222111325-zizr296kq3te4g7h
+author: Nathan Hoad <nathan@getoffmalawn.com>
+committer: Amos Jeffries <squid3@treenet.co.nz>
+branch nick: SQUID_3_1
+timestamp: Wed 2013-07-10 06:47:48 -0600
+message:
+ Protect against buffer overrun in DNS query generation
+
+ see SQUID-2013:2.
+
+ This bug has been present as long as the internal DNS component however
+ most code reaching this point is passing through URL validation first.
+ With Squid-3.2 Host header verification using DNS directly we may have
+ problems.
+------------------------------------------------------------
+# Bazaar merge directive format 2 (Bazaar 0.90)
+# revision_id: squid3@treenet.co.nz-20130710124748-2n6111r04xsi71vx
+# target_branch: http://bzr.squid-cache.org/bzr/squid3/branches\
+# /SQUID_3_1
+# testament_sha1: b5be85c8876ce15ec8fa173845e61755b6942fe0
+# timestamp: 2013-07-10 12:48:57 +0000
+# source_branch: http://bzr.squid-cache.org/bzr/squid3/branches\
+# /SQUID_3_1
+# base_revision_id: squid3@treenet.co.nz-20130222111325-\
+# zizr296kq3te4g7h
+#
+# Begin patch
+=== modified file 'src/dns_internal.cc'
+--- src/dns_internal.cc 2011-10-11 02:12:56 +0000
++++ src/dns_internal.cc 2013-07-10 12:47:48 +0000
+@@ -1532,22 +1532,26 @@
+ void
+ idnsALookup(const char *name, IDNSCB * callback, void *data)
+ {
+- unsigned int i;
++ size_t nameLength = strlen(name);
++
++ // Prevent buffer overflow on q->name
++ if (nameLength > NS_MAXDNAME) {
++ debugs(23, DBG_IMPORTANT, "SECURITY ALERT: DNS name too long to perform lookup: '" << name << "'. see access.log for details.");
++ callback(data, NULL, 0, "Internal error");
++ return;
++ }
++
++ if (idnsCachedLookup(name, callback, data))
++ return;
++
++ idns_query *q = cbdataAlloc(idns_query);
++ q->id = idnsQueryID();
+ int nd = 0;
+- idns_query *q;
+-
+- if (idnsCachedLookup(name, callback, data))
+- return;
+-
+- q = cbdataAlloc(idns_query);
+-
+- q->id = idnsQueryID();
+-
+- for (i = 0; i < strlen(name); i++)
++ for (unsigned int i = 0; i < nameLength; ++i)
+ if (name[i] == '.')
+ nd++;
+
+- if (Config.onoff.res_defnames && npc > 0 && name[strlen(name)-1] != '.') {
++ if (Config.onoff.res_defnames && npc > 0 && name[nameLength-1] != '.') {
+ q->do_searchpath = 1;
+ } else {
+ q->do_searchpath = 0;
+