From 0579ec7683ed433d7b293d8f5cd4bca64db03e34 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lubo=C5=A1=20Uhliarik?= Date: Tue, 1 Mar 2016 16:07:13 +0100 Subject: [PATCH] new version 3.5.15 - Resolves: #1311585 - squid: Multiple Denial of Service issues in HTTP Response processing - Resolves: #1312267 - squid: SQUID-2016_2 advisory, multiple DoS issues --- sources | 4 ++-- squid-3.5-13981.patch | 46 ------------------------------------------- squid.spec | 12 +++++++---- 3 files changed, 10 insertions(+), 52 deletions(-) delete mode 100644 squid-3.5-13981.patch diff --git a/sources b/sources index cb52705..c0a63bf 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -7a22503cfc99e1f89cb309b5facfbbc3 squid-3.5.13.tar.xz -a76fa5fcfbaf5d99d420bf82556e62b8 squid-3.5.13.tar.xz.asc +997084b40aaed7d0fa9db11904638ea9 squid-3.5.15.tar.xz +eb10bd395bac307c8992e0966b0d0b58 squid-3.5.15.tar.xz.asc diff --git a/squid-3.5-13981.patch b/squid-3.5-13981.patch deleted file mode 100644 index 7c20a01..0000000 --- a/squid-3.5-13981.patch +++ /dev/null @@ -1,46 +0,0 @@ ------------------------------------------------------------- -revno: 13981 -revision-id: squid3@treenet.co.nz-20160213062427-jz0en4qyajeqpa7x -parent: squid3@treenet.co.nz-20160212045102-ivwab8s8p2gi32fv -fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=4437 -author: Christos Tsantilas -committer: Amos Jeffries -branch nick: 3.5 -timestamp: Sat 2016-02-13 19:24:27 +1300 -message: - Bug 4437: Fix Segfault on Certain SSL Handshake Errors - - Squid after an unsuccesfull try to connect to the remote server may make two - concurrent retries to connect to the remote SSL server, calling twice the - FwdState::retryOrBail() method, which may result to unexpected behaviour. - - Prevent this by just closing the connection to the remote SSL server inside - FwdState::connectedToPeer method on error and instead of calling the - FwdState::retryOrBail method, just allow comm_close handler to retry the - connection if required. - - This is a Measurement Factory project ------------------------------------------------------------- -# Bazaar merge directive format 2 (Bazaar 0.90) -# revision_id: squid3@treenet.co.nz-20160213062427-jz0en4qyajeqpa7x -# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# testament_sha1: f22a644062f4d8c8a13897b396197ea7b44b4231 -# timestamp: 2016-02-13 06:53:09 +0000 -# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# base_revision_id: squid3@treenet.co.nz-20160212045102-\ -# ivwab8s8p2gi32fv -# -# Begin patch -=== modified file 'src/FwdState.cc' ---- src/FwdState.cc 2016-01-31 05:39:09 +0000 -+++ src/FwdState.cc 2016-02-13 06:24:27 +0000 -@@ -719,7 +719,7 @@ - answer.error.clear(); // preserve error for errorSendComplete() - if (CachePeer *p = serverConnection()->getPeer()) - peerConnectFailed(p); -- retryOrBail(); -+ serverConnection()->close(); - return; - } - - diff --git a/squid.spec b/squid.spec index d89bca9..8ba16cc 100644 --- a/squid.spec +++ b/squid.spec @@ -1,8 +1,8 @@ %define __perl_requires %{SOURCE98} Name: squid -Version: 3.5.13 -Release: 3%{?dist} +Version: 3.5.15 +Release: 1%{?dist} Summary: The Squid proxy caching server Epoch: 7 # See CREDITS for breakdown of non GPLv2+ code @@ -32,7 +32,6 @@ Patch202: squid-3.1.0.9-location.patch Patch203: squid-3.0.STABLE1-perlpath.patch Patch204: squid-3.5.9-include-guards.patch Patch205: 0001-cppunit-config-no-longer-exists-use-pkg-config.patch -Patch206: squid-3.5-13981.patch Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) Requires: bash >= 2.0 @@ -93,7 +92,6 @@ lookup program (dnsserver), a program for retrieving FTP data %patch203 -p1 -b .perlpath %patch204 -p0 -b .include-guards %patch205 -p1 -b .cppunit-config -%patch206 -p0 -b .CVE-2016-2390 %build # cppunit-config patch changes configure.ac @@ -288,6 +286,12 @@ fi %changelog +* Tue Mar 01 2016 Luboš Uhliarik - 7:3.5.15-1 +- new version 3.5.15 +- Resolves: #1311585 - squid: Multiple Denial of Service issues in + HTTP Response processing +- Resolves: #1312267 - squid: SQUID-2016_2 advisory, multiple DoS issues + * Tue Mar 01 2016 Luboš Uhliarik - 7:3.5.13-3 - Resolves: #1308866 - CVE-2016-2390 squid: incorrect server error handling resulting in denial of service