new version 3.5.15

- Resolves: #1311585 - squid: Multiple Denial of Service issues in
  HTTP Response processing
- Resolves: #1312267 - squid: SQUID-2016_2 advisory, multiple DoS issues
This commit is contained in:
Luboš Uhliarik 2016-03-01 16:07:13 +01:00
parent 031f48e6bd
commit 0579ec7683
3 changed files with 10 additions and 52 deletions

View File

@ -1,2 +1,2 @@
7a22503cfc99e1f89cb309b5facfbbc3 squid-3.5.13.tar.xz
a76fa5fcfbaf5d99d420bf82556e62b8 squid-3.5.13.tar.xz.asc
997084b40aaed7d0fa9db11904638ea9 squid-3.5.15.tar.xz
eb10bd395bac307c8992e0966b0d0b58 squid-3.5.15.tar.xz.asc

View File

@ -1,46 +0,0 @@
------------------------------------------------------------
revno: 13981
revision-id: squid3@treenet.co.nz-20160213062427-jz0en4qyajeqpa7x
parent: squid3@treenet.co.nz-20160212045102-ivwab8s8p2gi32fv
fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=4437
author: Christos Tsantilas <chtsanti@users.sourceforge.net>
committer: Amos Jeffries <squid3@treenet.co.nz>
branch nick: 3.5
timestamp: Sat 2016-02-13 19:24:27 +1300
message:
Bug 4437: Fix Segfault on Certain SSL Handshake Errors
Squid after an unsuccesfull try to connect to the remote server may make two
concurrent retries to connect to the remote SSL server, calling twice the
FwdState::retryOrBail() method, which may result to unexpected behaviour.
Prevent this by just closing the connection to the remote SSL server inside
FwdState::connectedToPeer method on error and instead of calling the
FwdState::retryOrBail method, just allow comm_close handler to retry the
connection if required.
This is a Measurement Factory project
------------------------------------------------------------
# Bazaar merge directive format 2 (Bazaar 0.90)
# revision_id: squid3@treenet.co.nz-20160213062427-jz0en4qyajeqpa7x
# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# testament_sha1: f22a644062f4d8c8a13897b396197ea7b44b4231
# timestamp: 2016-02-13 06:53:09 +0000
# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# base_revision_id: squid3@treenet.co.nz-20160212045102-\
# ivwab8s8p2gi32fv
#
# Begin patch
=== modified file 'src/FwdState.cc'
--- src/FwdState.cc 2016-01-31 05:39:09 +0000
+++ src/FwdState.cc 2016-02-13 06:24:27 +0000
@@ -719,7 +719,7 @@
answer.error.clear(); // preserve error for errorSendComplete()
if (CachePeer *p = serverConnection()->getPeer())
peerConnectFailed(p);
- retryOrBail();
+ serverConnection()->close();
return;
}

View File

@ -1,8 +1,8 @@
%define __perl_requires %{SOURCE98}
Name: squid
Version: 3.5.13
Release: 3%{?dist}
Version: 3.5.15
Release: 1%{?dist}
Summary: The Squid proxy caching server
Epoch: 7
# See CREDITS for breakdown of non GPLv2+ code
@ -32,7 +32,6 @@ Patch202: squid-3.1.0.9-location.patch
Patch203: squid-3.0.STABLE1-perlpath.patch
Patch204: squid-3.5.9-include-guards.patch
Patch205: 0001-cppunit-config-no-longer-exists-use-pkg-config.patch
Patch206: squid-3.5-13981.patch
Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
Requires: bash >= 2.0
@ -93,7 +92,6 @@ lookup program (dnsserver), a program for retrieving FTP data
%patch203 -p1 -b .perlpath
%patch204 -p0 -b .include-guards
%patch205 -p1 -b .cppunit-config
%patch206 -p0 -b .CVE-2016-2390
%build
# cppunit-config patch changes configure.ac
@ -288,6 +286,12 @@ fi
%changelog
* Tue Mar 01 2016 Luboš Uhliarik <luhliari@redhat.com> - 7:3.5.15-1
- new version 3.5.15
- Resolves: #1311585 - squid: Multiple Denial of Service issues in
HTTP Response processing
- Resolves: #1312267 - squid: SQUID-2016_2 advisory, multiple DoS issues
* Tue Mar 01 2016 Luboš Uhliarik <luhliari@redhat.com> - 7:3.5.13-3
- Resolves: #1308866 - CVE-2016-2390 squid: incorrect server error
handling resulting in denial of service