import squid-4.11-1.module+el8.3.0+6769+637637ab
This commit is contained in:
parent
bf7f24e547
commit
14299772a1
2
.gitignore
vendored
2
.gitignore
vendored
@ -1 +1 @@
|
|||||||
SOURCES/squid-4.4.tar.xz
|
SOURCES/squid-4.11.tar.xz
|
||||||
|
@ -1 +1 @@
|
|||||||
0ab6b133f65866d825bf72cbbe8cef209768b2fa SOURCES/squid-4.4.tar.xz
|
053277bf5497163ffc9261b9807abda5959bb6fc SOURCES/squid-4.11.tar.xz
|
||||||
|
@ -1,95 +0,0 @@
|
|||||||
------------------------------------------------------------
|
|
||||||
revno: 14311
|
|
||||||
revision-id: squid3@treenet.co.nz-20150924130537-lqwzd1z99a3l9gt4
|
|
||||||
parent: squid3@treenet.co.nz-20150924032241-6cx3g6hwz9xfoybr
|
|
||||||
------------------------------------------------------------
|
|
||||||
revno: 14311
|
|
||||||
revision-id: squid3@treenet.co.nz-20150924130537-lqwzd1z99a3l9gt4
|
|
||||||
parent: squid3@treenet.co.nz-20150924032241-6cx3g6hwz9xfoybr
|
|
||||||
fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=4323
|
|
||||||
author: Francesco Chemolli <kinkie@squid-cache.org>
|
|
||||||
committer: Amos Jeffries <squid3@treenet.co.nz>
|
|
||||||
branch nick: trunk
|
|
||||||
timestamp: Thu 2015-09-24 06:05:37 -0700
|
|
||||||
message:
|
|
||||||
Bug 4323: Netfilter broken cross-includes with Linux 4.2
|
|
||||||
------------------------------------------------------------
|
|
||||||
# Bazaar merge directive format 2 (Bazaar 0.90)
|
|
||||||
# revision_id: squid3@treenet.co.nz-20150924130537-lqwzd1z99a3l9gt4
|
|
||||||
# target_branch: http://bzr.squid-cache.org/bzr/squid3/trunk/
|
|
||||||
# testament_sha1: c67cfca81040f3845d7c4caf2f40518511f14d0b
|
|
||||||
# timestamp: 2015-09-24 13:06:33 +0000
|
|
||||||
# source_branch: http://bzr.squid-cache.org/bzr/squid3/trunk
|
|
||||||
# base_revision_id: squid3@treenet.co.nz-20150924032241-\
|
|
||||||
# 6cx3g6hwz9xfoybr
|
|
||||||
#
|
|
||||||
# Begin patch
|
|
||||||
=== modified file 'compat/os/linux.h'
|
|
||||||
--- compat/os/linux.h 2015-01-13 07:25:36 +0000
|
|
||||||
+++ compat/os/linux.h 2015-09-24 13:05:37 +0000
|
|
||||||
@@ -30,6 +30,21 @@
|
|
||||||
#endif
|
|
||||||
|
|
||||||
/*
|
|
||||||
+ * Netfilter header madness. (see Bug 4323)
|
|
||||||
+ *
|
|
||||||
+ * Netfilter have a history of defining their own versions of network protocol
|
|
||||||
+ * primitives without sufficient protection against the POSIX defines which are
|
|
||||||
+ * aways present in Linux.
|
|
||||||
+ *
|
|
||||||
+ * netinet/in.h must be included before any other sys header in order to properly
|
|
||||||
+ * activate include guards in <linux/libc-compat.h> the kernel maintainers added
|
|
||||||
+ * to workaround it.
|
|
||||||
+ */
|
|
||||||
+#if HAVE_NETINET_IN_H
|
|
||||||
+#include <netinet/in.h>
|
|
||||||
+#endif
|
|
||||||
+
|
|
||||||
+/*
|
|
||||||
* sys/capability.h is only needed in Linux apparently.
|
|
||||||
*
|
|
||||||
* HACK: LIBCAP_BROKEN Ugly glue to get around linux header madness colliding with glibc
|
|
||||||
fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=4323
|
|
||||||
author: Francesco Chemolli <kinkie@squid-cache.org>
|
|
||||||
committer: Amos Jeffries <squid3@treenet.co.nz>
|
|
||||||
branch nick: trunk
|
|
||||||
timestamp: Thu 2015-09-24 06:05:37 -0700
|
|
||||||
message:
|
|
||||||
Bug 4323: Netfilter broken cross-includes with Linux 4.2
|
|
||||||
------------------------------------------------------------
|
|
||||||
# Bazaar merge directive format 2 (Bazaar 0.90)
|
|
||||||
# revision_id: squid3@treenet.co.nz-20150924130537-lqwzd1z99a3l9gt4
|
|
||||||
# target_branch: http://bzr.squid-cache.org/bzr/squid3/trunk/
|
|
||||||
# testament_sha1: c67cfca81040f3845d7c4caf2f40518511f14d0b
|
|
||||||
# timestamp: 2015-09-24 13:06:33 +0000
|
|
||||||
# source_branch: http://bzr.squid-cache.org/bzr/squid3/trunk
|
|
||||||
# base_revision_id: squid3@treenet.co.nz-20150924032241-\
|
|
||||||
# 6cx3g6hwz9xfoybr
|
|
||||||
#
|
|
||||||
# Begin patch
|
|
||||||
=== modified file 'compat/os/linux.h'
|
|
||||||
--- compat/os/linux.h 2015-01-13 07:25:36 +0000
|
|
||||||
+++ compat/os/linux.h 2015-09-24 13:05:37 +0000
|
|
||||||
@@ -30,6 +30,21 @@
|
|
||||||
#endif
|
|
||||||
|
|
||||||
/*
|
|
||||||
+ * Netfilter header madness. (see Bug 4323)
|
|
||||||
+ *
|
|
||||||
+ * Netfilter have a history of defining their own versions of network protocol
|
|
||||||
+ * primitives without sufficient protection against the POSIX defines which are
|
|
||||||
+ * aways present in Linux.
|
|
||||||
+ *
|
|
||||||
+ * netinet/in.h must be included before any other sys header in order to properly
|
|
||||||
+ * activate include guards in <linux/libc-compat.h> the kernel maintainers added
|
|
||||||
+ * to workaround it.
|
|
||||||
+ */
|
|
||||||
+#if HAVE_NETINET_IN_H
|
|
||||||
+#include <netinet/in.h>
|
|
||||||
+#endif
|
|
||||||
+
|
|
||||||
+/*
|
|
||||||
* sys/capability.h is only needed in Linux apparently.
|
|
||||||
*
|
|
||||||
* HACK: LIBCAP_BROKEN Ugly glue to get around linux header madness colliding with glibc
|
|
||||||
|
|
@ -1,5 +1,5 @@
|
|||||||
diff --git a/src/clients/FtpClient.cc b/src/clients/FtpClient.cc
|
diff --git a/src/clients/FtpClient.cc b/src/clients/FtpClient.cc
|
||||||
index 777210c..4c80511 100644
|
index b665bcf..d287e55 100644
|
||||||
--- a/src/clients/FtpClient.cc
|
--- a/src/clients/FtpClient.cc
|
||||||
+++ b/src/clients/FtpClient.cc
|
+++ b/src/clients/FtpClient.cc
|
||||||
@@ -778,7 +778,8 @@ Ftp::Client::connectDataChannel()
|
@@ -778,7 +778,8 @@ Ftp::Client::connectDataChannel()
|
||||||
@ -13,7 +13,7 @@ index 777210c..4c80511 100644
|
|||||||
|
|
||||||
/// creates a data channel Comm close callback
|
/// creates a data channel Comm close callback
|
||||||
diff --git a/src/clients/FtpClient.h b/src/clients/FtpClient.h
|
diff --git a/src/clients/FtpClient.h b/src/clients/FtpClient.h
|
||||||
index 465fdb7..75dbd3b 100644
|
index a76a5a0..218d696 100644
|
||||||
--- a/src/clients/FtpClient.h
|
--- a/src/clients/FtpClient.h
|
||||||
+++ b/src/clients/FtpClient.h
|
+++ b/src/clients/FtpClient.h
|
||||||
@@ -118,7 +118,7 @@ public:
|
@@ -118,7 +118,7 @@ public:
|
||||||
@ -26,7 +26,7 @@ index 465fdb7..75dbd3b 100644
|
|||||||
|
|
||||||
CtrlChannel ctrl; ///< FTP control channel state
|
CtrlChannel ctrl; ///< FTP control channel state
|
||||||
diff --git a/src/clients/FtpGateway.cc b/src/clients/FtpGateway.cc
|
diff --git a/src/clients/FtpGateway.cc b/src/clients/FtpGateway.cc
|
||||||
index a13cdda..b958b14 100644
|
index 411bce9..31d3e36 100644
|
||||||
--- a/src/clients/FtpGateway.cc
|
--- a/src/clients/FtpGateway.cc
|
||||||
+++ b/src/clients/FtpGateway.cc
|
+++ b/src/clients/FtpGateway.cc
|
||||||
@@ -87,6 +87,13 @@ struct GatewayFlags {
|
@@ -87,6 +87,13 @@ struct GatewayFlags {
|
||||||
@ -56,7 +56,7 @@ index a13cdda..b958b14 100644
|
|||||||
int checkAuth(const HttpHeader * req_hdr);
|
int checkAuth(const HttpHeader * req_hdr);
|
||||||
void checkUrlpath();
|
void checkUrlpath();
|
||||||
void buildTitleUrl();
|
void buildTitleUrl();
|
||||||
@@ -1792,6 +1803,7 @@ ftpOpenListenSocket(Ftp::Gateway * ftpState, int fallback)
|
@@ -1787,6 +1798,7 @@ ftpOpenListenSocket(Ftp::Gateway * ftpState, int fallback)
|
||||||
}
|
}
|
||||||
|
|
||||||
ftpState->listenForDataChannel(temp);
|
ftpState->listenForDataChannel(temp);
|
||||||
@ -64,7 +64,7 @@ index a13cdda..b958b14 100644
|
|||||||
}
|
}
|
||||||
|
|
||||||
static void
|
static void
|
||||||
@@ -1827,13 +1839,19 @@ ftpSendPORT(Ftp::Gateway * ftpState)
|
@@ -1822,13 +1834,19 @@ ftpSendPORT(Ftp::Gateway * ftpState)
|
||||||
// pull out the internal IP address bytes to send in PORT command...
|
// pull out the internal IP address bytes to send in PORT command...
|
||||||
// source them from the listen_conn->local
|
// source them from the listen_conn->local
|
||||||
|
|
||||||
@ -86,7 +86,7 @@ index a13cdda..b958b14 100644
|
|||||||
ftpState->writeCommand(cbuf);
|
ftpState->writeCommand(cbuf);
|
||||||
ftpState->state = Ftp::Client::SENT_PORT;
|
ftpState->state = Ftp::Client::SENT_PORT;
|
||||||
|
|
||||||
@@ -1886,14 +1904,27 @@ ftpSendEPRT(Ftp::Gateway * ftpState)
|
@@ -1881,14 +1899,27 @@ ftpSendEPRT(Ftp::Gateway * ftpState)
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -116,7 +116,7 @@ index a13cdda..b958b14 100644
|
|||||||
|
|
||||||
ftpState->writeCommand(cbuf);
|
ftpState->writeCommand(cbuf);
|
||||||
ftpState->state = Ftp::Client::SENT_EPRT;
|
ftpState->state = Ftp::Client::SENT_EPRT;
|
||||||
@@ -1912,7 +1943,7 @@ ftpReadEPRT(Ftp::Gateway * ftpState)
|
@@ -1907,7 +1938,7 @@ ftpReadEPRT(Ftp::Gateway * ftpState)
|
||||||
ftpSendPORT(ftpState);
|
ftpSendPORT(ftpState);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
@ -1,7 +1,8 @@
|
|||||||
diff -up squid-4.0.11/src/cf.data.pre.config squid-4.0.11/src/cf.data.pre
|
diff --git a/src/cf.data.pre b/src/cf.data.pre
|
||||||
--- squid-4.0.11/src/cf.data.pre.config 2016-06-09 22:32:57.000000000 +0200
|
index 26ef576..30d5509 100644
|
||||||
+++ squid-4.0.11/src/cf.data.pre 2016-07-11 21:08:35.090976840 +0200
|
--- a/src/cf.data.pre
|
||||||
@@ -4658,7 +4658,7 @@ DOC_END
|
+++ b/src/cf.data.pre
|
||||||
|
@@ -5006,7 +5006,7 @@ DOC_END
|
||||||
|
|
||||||
NAME: logfile_rotate
|
NAME: logfile_rotate
|
||||||
TYPE: int
|
TYPE: int
|
||||||
@ -10,7 +11,7 @@ diff -up squid-4.0.11/src/cf.data.pre.config squid-4.0.11/src/cf.data.pre
|
|||||||
LOC: Config.Log.rotateNumber
|
LOC: Config.Log.rotateNumber
|
||||||
DOC_START
|
DOC_START
|
||||||
Specifies the default number of logfile rotations to make when you
|
Specifies the default number of logfile rotations to make when you
|
||||||
@@ -6444,11 +6444,11 @@ COMMENT_END
|
@@ -6857,11 +6857,11 @@ COMMENT_END
|
||||||
|
|
||||||
NAME: cache_mgr
|
NAME: cache_mgr
|
||||||
TYPE: string
|
TYPE: string
|
41
SOURCES/squid-4.11-include-guards.patch
Normal file
41
SOURCES/squid-4.11-include-guards.patch
Normal file
@ -0,0 +1,41 @@
|
|||||||
|
diff --git a/compat/os/linux.h b/compat/os/linux.h
|
||||||
|
index 0ff05c6..d51389b 100644
|
||||||
|
--- a/compat/os/linux.h
|
||||||
|
+++ b/compat/os/linux.h
|
||||||
|
@@ -44,6 +44,36 @@
|
||||||
|
#include <netinet/in.h>
|
||||||
|
#endif
|
||||||
|
|
||||||
|
+/*
|
||||||
|
+ * Netfilter header madness. (see Bug 4323)
|
||||||
|
+ *
|
||||||
|
+ * Netfilter have a history of defining their own versions of network protocol
|
||||||
|
+ * primitives without sufficient protection against the POSIX defines which are
|
||||||
|
+ * aways present in Linux.
|
||||||
|
+ *
|
||||||
|
+ * netinet/in.h must be included before any other sys header in order to properly
|
||||||
|
+ * activate include guards in <linux/libc-compat.h> the kernel maintainers added
|
||||||
|
+ * to workaround it.
|
||||||
|
+ */
|
||||||
|
+#if HAVE_NETINET_IN_H
|
||||||
|
+#include <netinet/in.h>
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
+/*
|
||||||
|
+ * Netfilter header madness. (see Bug 4323)
|
||||||
|
+ *
|
||||||
|
+ * Netfilter have a history of defining their own versions of network protocol
|
||||||
|
+ * primitives without sufficient protection against the POSIX defines which are
|
||||||
|
+ * aways present in Linux.
|
||||||
|
+ *
|
||||||
|
+ * netinet/in.h must be included before any other sys header in order to properly
|
||||||
|
+ * activate include guards in <linux/libc-compat.h> the kernel maintainers added
|
||||||
|
+ * to workaround it.
|
||||||
|
+ */
|
||||||
|
+#if HAVE_NETINET_IN_H
|
||||||
|
+#include <netinet/in.h>
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
/*
|
||||||
|
* sys/capability.h is only needed in Linux apparently.
|
||||||
|
*
|
@ -1,7 +1,8 @@
|
|||||||
diff -up squid-3.1.0.9/QUICKSTART.location squid-3.1.0.9/QUICKSTART
|
diff --git a/QUICKSTART b/QUICKSTART
|
||||||
--- squid-3.1.0.9/QUICKSTART.location 2009-06-26 12:35:27.000000000 +0200
|
index e5299b4..a243437 100644
|
||||||
+++ squid-3.1.0.9/QUICKSTART 2009-07-17 14:03:10.000000000 +0200
|
--- a/QUICKSTART
|
||||||
@@ -10,10 +10,9 @@ After you retrieved, compiled and instal
|
+++ b/QUICKSTART
|
||||||
|
@@ -10,10 +10,9 @@ After you retrieved, compiled and installed the Squid software (see
|
||||||
INSTALL in the same directory), you have to configure the squid.conf
|
INSTALL in the same directory), you have to configure the squid.conf
|
||||||
file. This is the list of the values you *need* to change, because no
|
file. This is the list of the values you *need* to change, because no
|
||||||
sensible defaults could be defined. Do not touch the other variables
|
sensible defaults could be defined. Do not touch the other variables
|
||||||
@ -14,7 +15,7 @@ diff -up squid-3.1.0.9/QUICKSTART.location squid-3.1.0.9/QUICKSTART
|
|||||||
|
|
||||||
==============================================================================
|
==============================================================================
|
||||||
|
|
||||||
@@ -82,12 +81,12 @@ After editing squid.conf to your liking,
|
@@ -80,12 +79,12 @@ After editing squid.conf to your liking, run Squid from the command
|
||||||
line TWICE:
|
line TWICE:
|
||||||
|
|
||||||
To create any disk cache_dir configured:
|
To create any disk cache_dir configured:
|
@ -6,5 +6,5 @@ index 90ac6a4..8dbed90 100755
|
|||||||
-#!/usr/local/bin/perl -Tw
|
-#!/usr/local/bin/perl -Tw
|
||||||
+#!/usr/bin/perl -Tw
|
+#!/usr/bin/perl -Tw
|
||||||
#
|
#
|
||||||
# * Copyright (C) 1996-2018 The Squid Software Foundation and contributors
|
# * Copyright (C) 1996-2020 The Squid Software Foundation and contributors
|
||||||
# *
|
# *
|
39
SOURCES/squid-4.11-systemd.patch
Normal file
39
SOURCES/squid-4.11-systemd.patch
Normal file
@ -0,0 +1,39 @@
|
|||||||
|
diff --git a/configure b/configure
|
||||||
|
index 17b2ebf..9530f6b 100755
|
||||||
|
--- a/configure
|
||||||
|
+++ b/configure
|
||||||
|
@@ -33915,6 +33915,7 @@ done
|
||||||
|
fi
|
||||||
|
if test "x$SYSTEMD_LIBS" != "x" ; then
|
||||||
|
CXXFLAGS="$SYSTEMD_CFLAGS $CXXFLAGS"
|
||||||
|
+ LDFLAGS="$SYSTEMD_LIBS $LDFLAGS"
|
||||||
|
|
||||||
|
$as_echo "#define USE_SYSTEMD 1" >>confdefs.h
|
||||||
|
|
||||||
|
diff --git a/src/Debug.h b/src/Debug.h
|
||||||
|
index 6eecd01..ddd9e38 100644
|
||||||
|
--- a/src/Debug.h
|
||||||
|
+++ b/src/Debug.h
|
||||||
|
@@ -99,6 +99,10 @@ public:
|
||||||
|
|
||||||
|
/// configures the active debugging context to write syslog ALERT
|
||||||
|
static void ForceAlert();
|
||||||
|
+
|
||||||
|
+ /// prefixes each grouped debugs() line after the first one in the group
|
||||||
|
+ static std::ostream& Extra(std::ostream &os) { return os << "\n "; }
|
||||||
|
+
|
||||||
|
private:
|
||||||
|
static Context *Current; ///< deepest active context; nil outside debugs()
|
||||||
|
};
|
||||||
|
diff --git a/configure.ac b/configure.ac
|
||||||
|
index d3c5da8..806302c 100644
|
||||||
|
--- a/configure.ac
|
||||||
|
+++ b/configure.ac
|
||||||
|
@@ -2162,6 +2162,7 @@ if test "x$with_systemd" != "xno" -a "x$squid_host_os" = "xlinux"; then
|
||||||
|
fi
|
||||||
|
if test "x$SYSTEMD_LIBS" != "x" ; then
|
||||||
|
CXXFLAGS="$SYSTEMD_CFLAGS $CXXFLAGS"
|
||||||
|
+ LDFLAGS="$SYSTEMD_LIBS $LDFLAGS"
|
||||||
|
AC_DEFINE(USE_SYSTEMD,1,[systemd support is available])
|
||||||
|
else
|
||||||
|
with_systemd=no
|
25
SOURCES/squid-4.11.tar.xz.asc
Normal file
25
SOURCES/squid-4.11.tar.xz.asc
Normal file
@ -0,0 +1,25 @@
|
|||||||
|
File: squid-4.11.tar.xz
|
||||||
|
Date: Sun Apr 19 12:56:37 UTC 2020
|
||||||
|
Size: 2447700
|
||||||
|
MD5 : 10f34e852153a9996aa4614670e2bda1
|
||||||
|
SHA1: 053277bf5497163ffc9261b9807abda5959bb6fc
|
||||||
|
Key : CD6DBF8EF3B17D3E <squid3@treenet.co.nz>
|
||||||
|
B068 84ED B779 C89B 044E 64E3 CD6D BF8E F3B1 7D3E
|
||||||
|
keyring = http://www.squid-cache.org/pgp.asc
|
||||||
|
keyserver = pool.sks-keyservers.net
|
||||||
|
-----BEGIN PGP SIGNATURE-----
|
||||||
|
|
||||||
|
iQIzBAABCgAdFiEEsGiE7bd5yJsETmTjzW2/jvOxfT4FAl6cSpEACgkQzW2/jvOx
|
||||||
|
fT6YbA/6A+IbIbNBJUW45oj23Io9Tw/CzAcTeLHR+McKwV77qMbR+L+kQ+fUdM5F
|
||||||
|
rHAmd8bVVlyHc4WanVfWItEmzBzHA/ifTNvVpefSGGEbDb80RF66k7ACiZUokg1b
|
||||||
|
kkPwc/SjDhe2wvketIaBiVVd7pylrlCdVvazcF8gE9MWDOIlJND5mnHXidXvwkbJ
|
||||||
|
T2//8JZVEmcmN9pdFGNAUVckFm+AnwWXcRM1SQPYDGSVUtjVlqido8snLTA1mZwl
|
||||||
|
rIpjppujMV54OOWlj+Gqa3MZkpNzIaMCAfphzUFlsQY+/sRUYAOv1wmxw2WclxlK
|
||||||
|
WlWM+fw8OsYNDMwkOScKZZWceoAkq6UsUHzCAdJIdLqV/R6mZ9nfuZ6BHIr0+2dP
|
||||||
|
bDf9MU4KXbwEuXiRD/KPziUxxOZwSPivbm3wy9DqTTZfO9V+Iq6FVHX+ahxJ0XbM
|
||||||
|
JWRYA3GW+DRLjorfsWxU5r4UJsrnBfhItPUAfGPjPjEGZ/pn8r9G6MGenNGPLMKy
|
||||||
|
wP1rMlOhrZPwerzokzAvKx8G0WWkfN+IPv2JK3rDot6RiJIOuvnZZd4RIuVNTGbh
|
||||||
|
liO7M24JlWX3WD2wHBzxQag46+plb3VvrrVChwIQnZ2Qzpf50w0Bife/wtNBGpK0
|
||||||
|
k/Xi/nocO796YS8GZBnmhS1lEGEwp/YpJBFWmIjTWMUMEOcswVA=
|
||||||
|
=PKl0
|
||||||
|
-----END PGP SIGNATURE-----
|
@ -1,139 +0,0 @@
|
|||||||
commit 7f73e9c5d17664b882ed32590e6af310c247f320
|
|
||||||
Author: Amos Jeffries <yadij@users.noreply.github.com>
|
|
||||||
Date: 2019-06-19 05:58:36 +0000
|
|
||||||
|
|
||||||
Update HttpHeader::getAuth to SBuf (#416)
|
|
||||||
|
|
||||||
Replace the fixed-size buffer for decoding base64 tokens with an
|
|
||||||
SBuf to avoid decoder issues on large inputs.
|
|
||||||
|
|
||||||
Update callers to SBuf API operations for more efficient memory
|
|
||||||
management.
|
|
||||||
|
|
||||||
diff --git a/src/HttpHeader.cc b/src/HttpHeader.cc
|
|
||||||
index 1e2b650..284a057 100644
|
|
||||||
--- a/src/HttpHeader.cc
|
|
||||||
+++ b/src/HttpHeader.cc
|
|
||||||
@@ -1268,43 +1268,46 @@ HttpHeader::getContRange() const
|
|
||||||
return cr;
|
|
||||||
}
|
|
||||||
|
|
||||||
-const char *
|
|
||||||
-HttpHeader::getAuth(Http::HdrType id, const char *auth_scheme) const
|
|
||||||
+SBuf
|
|
||||||
+HttpHeader::getAuthToken(Http::HdrType id, const char *auth_scheme) const
|
|
||||||
{
|
|
||||||
const char *field;
|
|
||||||
int l;
|
|
||||||
assert(auth_scheme);
|
|
||||||
field = getStr(id);
|
|
||||||
|
|
||||||
+ static const SBuf nil;
|
|
||||||
if (!field) /* no authorization field */
|
|
||||||
- return NULL;
|
|
||||||
+ return nil;
|
|
||||||
|
|
||||||
l = strlen(auth_scheme);
|
|
||||||
|
|
||||||
if (!l || strncasecmp(field, auth_scheme, l)) /* wrong scheme */
|
|
||||||
- return NULL;
|
|
||||||
+ return nil;
|
|
||||||
|
|
||||||
field += l;
|
|
||||||
|
|
||||||
if (!xisspace(*field)) /* wrong scheme */
|
|
||||||
- return NULL;
|
|
||||||
+ return nil;
|
|
||||||
|
|
||||||
/* skip white space */
|
|
||||||
for (; field && xisspace(*field); ++field);
|
|
||||||
|
|
||||||
if (!*field) /* no authorization cookie */
|
|
||||||
- return NULL;
|
|
||||||
+ return nil;
|
|
||||||
|
|
||||||
- static char decodedAuthToken[8192];
|
|
||||||
+ const auto fieldLen = strlen(field);
|
|
||||||
+ SBuf result;
|
|
||||||
+ char *decodedAuthToken = result.rawAppendStart(BASE64_DECODE_LENGTH(fieldLen));
|
|
||||||
struct base64_decode_ctx ctx;
|
|
||||||
base64_decode_init(&ctx);
|
|
||||||
size_t decodedLen = 0;
|
|
||||||
- if (!base64_decode_update(&ctx, &decodedLen, reinterpret_cast<uint8_t*>(decodedAuthToken), strlen(field), field) ||
|
|
||||||
+ if (!base64_decode_update(&ctx, &decodedLen, reinterpret_cast<uint8_t*>(decodedAuthToken), fieldLen, field) ||
|
|
||||||
!base64_decode_final(&ctx)) {
|
|
||||||
- return NULL;
|
|
||||||
+ return nil;
|
|
||||||
}
|
|
||||||
- decodedAuthToken[decodedLen] = '\0';
|
|
||||||
- return decodedAuthToken;
|
|
||||||
+ result.rawAppendFinish(decodedAuthToken, decodedLen);
|
|
||||||
+ return result;
|
|
||||||
}
|
|
||||||
|
|
||||||
ETag
|
|
||||||
diff --git a/src/HttpHeader.h b/src/HttpHeader.h
|
|
||||||
index a26b127..3b262be 100644
|
|
||||||
--- a/src/HttpHeader.h
|
|
||||||
+++ b/src/HttpHeader.h
|
|
||||||
@@ -134,7 +134,7 @@ public:
|
|
||||||
HttpHdrRange *getRange() const;
|
|
||||||
HttpHdrSc *getSc() const;
|
|
||||||
HttpHdrContRange *getContRange() const;
|
|
||||||
- const char *getAuth(Http::HdrType id, const char *auth_scheme) const;
|
|
||||||
+ SBuf getAuthToken(Http::HdrType id, const char *auth_scheme) const;
|
|
||||||
ETag getETag(Http::HdrType id) const;
|
|
||||||
TimeOrTag getTimeOrTag(Http::HdrType id) const;
|
|
||||||
int hasListMember(Http::HdrType id, const char *member, const char separator) const;
|
|
||||||
diff --git a/src/cache_manager.cc b/src/cache_manager.cc
|
|
||||||
index da22f7a..2fae767 100644
|
|
||||||
--- a/src/cache_manager.cc
|
|
||||||
+++ b/src/cache_manager.cc
|
|
||||||
@@ -27,6 +27,7 @@
|
|
||||||
#include "mgr/FunAction.h"
|
|
||||||
#include "mgr/QueryParams.h"
|
|
||||||
#include "protos.h"
|
|
||||||
+#include "sbuf/StringConvert.h"
|
|
||||||
#include "SquidConfig.h"
|
|
||||||
#include "SquidTime.h"
|
|
||||||
#include "Store.h"
|
|
||||||
@@ -243,20 +244,20 @@ CacheManager::ParseHeaders(const HttpRequest * request, Mgr::ActionParams ¶m
|
|
||||||
// TODO: use the authentication system decode to retrieve these details properly.
|
|
||||||
|
|
||||||
/* base 64 _decoded_ user:passwd pair */
|
|
||||||
- const char *basic_cookie = request->header.getAuth(Http::HdrType::AUTHORIZATION, "Basic");
|
|
||||||
+ const auto basic_cookie(request->header.getAuthToken(Http::HdrType::AUTHORIZATION, "Basic"));
|
|
||||||
|
|
||||||
- if (!basic_cookie)
|
|
||||||
+ if (basic_cookie.isEmpty())
|
|
||||||
return;
|
|
||||||
|
|
||||||
- const char *passwd_del;
|
|
||||||
- if (!(passwd_del = strchr(basic_cookie, ':'))) {
|
|
||||||
+ const auto colonPos = basic_cookie.find(':');
|
|
||||||
+ if (colonPos == SBuf::npos) {
|
|
||||||
debugs(16, DBG_IMPORTANT, "CacheManager::ParseHeaders: unknown basic_cookie format '" << basic_cookie << "'");
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* found user:password pair, reset old values */
|
|
||||||
- params.userName.limitInit(basic_cookie, passwd_del - basic_cookie);
|
|
||||||
- params.password = passwd_del + 1;
|
|
||||||
+ params.userName = SBufToString(basic_cookie.substr(0, colonPos));
|
|
||||||
+ params.password = SBufToString(basic_cookie.substr(colonPos+1));
|
|
||||||
|
|
||||||
/* warning: this prints decoded password which maybe not be what you want to do @?@ @?@ */
|
|
||||||
debugs(16, 9, "CacheManager::ParseHeaders: got user: '" <<
|
|
||||||
diff --git a/src/clients/FtpGateway.cc b/src/clients/FtpGateway.cc
|
|
||||||
index b958b14..7ca5d24 100644
|
|
||||||
--- a/src/clients/FtpGateway.cc
|
|
||||||
+++ b/src/clients/FtpGateway.cc
|
|
||||||
@@ -1050,7 +1050,7 @@ Ftp::Gateway::checkAuth(const HttpHeader * req_hdr)
|
|
||||||
|
|
||||||
#if HAVE_AUTH_MODULE_BASIC
|
|
||||||
/* Check HTTP Authorization: headers (better than defaults, but less than URL) */
|
|
||||||
- const SBuf auth(req_hdr->getAuth(Http::HdrType::AUTHORIZATION, "Basic"));
|
|
||||||
+ const auto auth(req_hdr->getAuthToken(Http::HdrType::AUTHORIZATION, "Basic"));
|
|
||||||
if (!auth.isEmpty()) {
|
|
||||||
flags.authenticated = 1;
|
|
||||||
loginParser(auth, false);
|
|
@ -1,64 +0,0 @@
|
|||||||
diff --git a/tools/cachemgr.cc b/tools/cachemgr.cc
|
|
||||||
index 0c745c2..8a67eba 100644
|
|
||||||
--- a/tools/cachemgr.cc
|
|
||||||
+++ b/tools/cachemgr.cc
|
|
||||||
@@ -355,7 +355,7 @@ auth_html(const char *host, int port, const char *user_name)
|
|
||||||
|
|
||||||
printf("<TR><TH ALIGN=\"left\">Manager name:</TH><TD><INPUT NAME=\"user_name\" ");
|
|
||||||
|
|
||||||
- printf("size=\"30\" VALUE=\"%s\"></TD></TR>\n", user_name);
|
|
||||||
+ printf("size=\"30\" VALUE=\"%s\"></TD></TR>\n", rfc1738_escape(user_name));
|
|
||||||
|
|
||||||
printf("<TR><TH ALIGN=\"left\">Password:</TH><TD><INPUT TYPE=\"password\" NAME=\"passwd\" ");
|
|
||||||
|
|
||||||
@@ -419,7 +419,7 @@ menu_url(cachemgr_request * req, const char *action)
|
|
||||||
script_name,
|
|
||||||
req->hostname,
|
|
||||||
req->port,
|
|
||||||
- safe_str(req->user_name),
|
|
||||||
+ rfc1738_escape(safe_str(req->user_name)),
|
|
||||||
action,
|
|
||||||
safe_str(req->pub_auth));
|
|
||||||
return url;
|
|
||||||
@@ -1074,8 +1074,8 @@ make_pub_auth(cachemgr_request * req)
|
|
||||||
const int bufLen = snprintf(buf, sizeof(buf), "%s|%d|%s|%s",
|
|
||||||
req->hostname,
|
|
||||||
(int) now,
|
|
||||||
- req->user_name ? req->user_name : "",
|
|
||||||
- req->passwd);
|
|
||||||
+ rfc1738_escape(safe_str(req->user_name)),
|
|
||||||
+ rfc1738_escape(req->passwd));
|
|
||||||
debug("cmgr: pre-encoded for pub: %s\n", buf);
|
|
||||||
|
|
||||||
const int encodedLen = base64_encode_len(bufLen);
|
|
||||||
@@ -1094,8 +1094,6 @@ decode_pub_auth(cachemgr_request * req)
|
|
||||||
char *buf;
|
|
||||||
const char *host_name;
|
|
||||||
const char *time_str;
|
|
||||||
- const char *user_name;
|
|
||||||
- const char *passwd;
|
|
||||||
|
|
||||||
debug("cmgr: decoding pub: '%s'\n", safe_str(req->pub_auth));
|
|
||||||
safe_free(req->passwd);
|
|
||||||
@@ -1131,17 +1129,21 @@ decode_pub_auth(cachemgr_request * req)
|
|
||||||
|
|
||||||
debug("cmgr: decoded time: '%s' (now: %d)\n", time_str, (int) now);
|
|
||||||
|
|
||||||
+ char *user_name;
|
|
||||||
if ((user_name = strtok(NULL, "|")) == NULL) {
|
|
||||||
xfree(buf);
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
+ rfc1738_unescape(user_name);
|
|
||||||
|
|
||||||
debug("cmgr: decoded uname: '%s'\n", user_name);
|
|
||||||
|
|
||||||
+ char *passwd;
|
|
||||||
if ((passwd = strtok(NULL, "|")) == NULL) {
|
|
||||||
xfree(buf);
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
+ rfc1738_unescape(passwd);
|
|
||||||
|
|
||||||
debug("cmgr: decoded passwd: '%s'\n", passwd);
|
|
||||||
|
|
@ -1,12 +0,0 @@
|
|||||||
diff --git a/src/cache_cf.cc b/src/cache_cf.cc
|
|
||||||
index 9165ef99c..32a3df322 100644
|
|
||||||
--- a/src/cache_cf.cc
|
|
||||||
+++ b/src/cache_cf.cc
|
|
||||||
@@ -2081,6 +2081,7 @@ parse_peer(CachePeer ** head)
|
|
||||||
|
|
||||||
CachePeer *p = new CachePeer;
|
|
||||||
p->host = xstrdup(host_str);
|
|
||||||
+ Tolower(p->host);
|
|
||||||
p->name = xstrdup(host_str);
|
|
||||||
p->type = parseNeighborType(token);
|
|
||||||
|
|
@ -1,26 +0,0 @@
|
|||||||
diff --git a/src/http/url_rewriters/LFS/url_lfs_rewrite.8 b/src/http/url_rewriters/LFS/url_lfs_rewrite.8
|
|
||||||
index 3053180..1d295fb 100644
|
|
||||||
--- a/src/http/url_rewriters/LFS/url_lfs_rewrite.8
|
|
||||||
+++ b/src/http/url_rewriters/LFS/url_lfs_rewrite.8
|
|
||||||
@@ -135,7 +135,7 @@
|
|
||||||
.if n .ad l
|
|
||||||
.nh
|
|
||||||
.SH "NAME"
|
|
||||||
-url_lfs_rewrite
|
|
||||||
+\& url_lfs_rewrite \- a URL-rewriter based on local file existence
|
|
||||||
.SH "SYNOPSIS"
|
|
||||||
.IX Header "SYNOPSIS"
|
|
||||||
.Vb 1
|
|
||||||
diff --git a/src/http/url_rewriters/LFS/url_lfs_rewrite.pl.in b/src/http/url_rewriters/LFS/url_lfs_rewrite.pl.in
|
|
||||||
index a7168e0..da7055c 100755
|
|
||||||
--- a/src/http/url_rewriters/LFS/url_lfs_rewrite.pl.in
|
|
||||||
+++ b/src/http/url_rewriters/LFS/url_lfs_rewrite.pl.in
|
|
||||||
@@ -8,7 +8,7 @@ use Pod::Usage;
|
|
||||||
|
|
||||||
=head1 NAME
|
|
||||||
|
|
||||||
-B<url_lfs_rewrite>
|
|
||||||
+B<url_lfs_rewrite> - a URL-rewriter based on local file existence
|
|
||||||
|
|
||||||
=head1 SYNOPSIS
|
|
||||||
|
|
@ -1,25 +0,0 @@
|
|||||||
File: squid-4.4.tar.xz
|
|
||||||
Date: Sat Oct 27 21:20:24 UTC 2018
|
|
||||||
Size: 2436468
|
|
||||||
MD5 : 892504ca9700e1f139a53f84098613bd
|
|
||||||
SHA1: 0ab6b133f65866d825bf72cbbe8cef209768b2fa
|
|
||||||
Key : CD6DBF8EF3B17D3E <squid3@treenet.co.nz>
|
|
||||||
B068 84ED B779 C89B 044E 64E3 CD6D BF8E F3B1 7D3E
|
|
||||||
keyring = http://www.squid-cache.org/pgp.asc
|
|
||||||
keyserver = pool.sks-keyservers.net
|
|
||||||
-----BEGIN PGP SIGNATURE-----
|
|
||||||
|
|
||||||
iQIzBAABCgAdFiEEsGiE7bd5yJsETmTjzW2/jvOxfT4FAlvU1qAACgkQzW2/jvOx
|
|
||||||
fT5Y3Q//R3/ZtDHal9H9c4VUB1fEzkk22JfgXTzRRUdzNkN+XxDkVGmM9R0E0Opo
|
|
||||||
9E/lsE9PcLX1EBtBXbPfwLESzfMe4QJgqq1B4FocpJcdtfCQX6ADU4Qdfc+oo8Z1
|
|
||||||
J/xCf8XrU3yUgXn3pMnQ9DT+IuPYe+Jte7Awm148mC15GMC49NBAYAd793XZ+L2t
|
|
||||||
fVPCbVYA40AU3xVJkxlblh7O0E8UEQ7zQMxcXM2jJJ4jJOjqecOIoJt6lyPD59q3
|
|
||||||
UjD0EmcjTj54BpaU8r++kAc2TkLyBvFV1vWQuQRNG5IAMEOF3H8OfujCXl3lX9fD
|
|
||||||
Tvi9763f9LxdImLJttkzgTt20XAudlUmKOdpj6t1uF+7EmNJg/ChowyLsLzlLLST
|
|
||||||
1mGNdcUdP9VhX2aoTXN/ctn8BTQ/cNIx2VY8kKWsXB+ymFcCJRBW1cBAr3R+UzuX
|
|
||||||
KVlsDzlxP6Dp8EFvKN3sIbM/QtpstKgbTkxro7d9XBkeldsasd5uI2Yt5PSMIs+y
|
|
||||||
VtscqCnwDjxAIW6FNqB96J4hcOYECdWHDL3s46wEDnQaiR0IdBAN5QHn1imzM5e1
|
|
||||||
eHuwZimqBW6vE4rPnVpPIr1Gml5OlLl3te2jsbUVmBiOwDVlQLZJQGzI5UTazvnN
|
|
||||||
eR3QeTW+ggSAdVc6GEApELARfKPRxywLQTOlAhEPn0xayy4ByME=
|
|
||||||
=1eSQ
|
|
||||||
-----END PGP SIGNATURE-----
|
|
@ -4,14 +4,15 @@ Documentation=man:squid(8)
|
|||||||
After=network.target network-online.target nss-lookup.target
|
After=network.target network-online.target nss-lookup.target
|
||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
Type=forking
|
Type=notify
|
||||||
LimitNOFILE=16384
|
LimitNOFILE=16384
|
||||||
|
PIDFile=/run/squid.pid
|
||||||
EnvironmentFile=/etc/sysconfig/squid
|
EnvironmentFile=/etc/sysconfig/squid
|
||||||
ExecStartPre=/usr/libexec/squid/cache_swap.sh
|
ExecStartPre=/usr/libexec/squid/cache_swap.sh
|
||||||
ExecStart=/usr/sbin/squid $SQUID_OPTS -f $SQUID_CONF
|
ExecStart=/usr/sbin/squid --foreground $SQUID_OPTS -f ${SQUID_CONF}
|
||||||
ExecReload=/usr/sbin/squid $SQUID_OPTS -k reconfigure -f $SQUID_CONF
|
ExecReload=/usr/bin/kill -HUP $MAINPID
|
||||||
ExecStop=/usr/sbin/squid -k shutdown -f $SQUID_CONF
|
KillMode=mixed
|
||||||
TimeoutSec=0
|
NotifyAccess=all
|
||||||
|
|
||||||
[Install]
|
[Install]
|
||||||
WantedBy=multi-user.target
|
WantedBy=multi-user.target
|
||||||
|
@ -1,8 +1,8 @@
|
|||||||
%define __perl_requires %{SOURCE98}
|
%define __perl_requires %{SOURCE98}
|
||||||
|
|
||||||
Name: squid
|
Name: squid
|
||||||
Version: 4.4
|
Version: 4.11
|
||||||
Release: 8%{?dist}
|
Release: 1%{?dist}
|
||||||
Summary: The Squid proxy caching server
|
Summary: The Squid proxy caching server
|
||||||
Epoch: 7
|
Epoch: 7
|
||||||
# See CREDITS for breakdown of non GPLv2+ code
|
# See CREDITS for breakdown of non GPLv2+ code
|
||||||
@ -26,23 +26,17 @@ Source98: perl-requires-squid.sh
|
|||||||
# Local patches
|
# Local patches
|
||||||
# Applying upstream patches first makes it less likely that local patches
|
# Applying upstream patches first makes it less likely that local patches
|
||||||
# will break upstream ones.
|
# will break upstream ones.
|
||||||
Patch201: squid-4.0.11-config.patch
|
Patch201: squid-4.11-config.patch
|
||||||
Patch202: squid-3.1.0.9-location.patch
|
Patch202: squid-4.11-location.patch
|
||||||
Patch203: squid-3.0.STABLE1-perlpath.patch
|
Patch203: squid-4.11-perlpath.patch
|
||||||
Patch204: squid-3.5.9-include-guards.patch
|
Patch204: squid-4.11-include-guards.patch
|
||||||
Patch205: squid-4.0.21-large-acl.patch
|
Patch205: squid-4.11-large-acl.patch
|
||||||
# https://bugzilla.redhat.com/show_bug.cgi?id=980511
|
# https://bugzilla.redhat.com/show_bug.cgi?id=980511
|
||||||
Patch206: squid-4.4.0-active-ftp.patch
|
Patch206: squid-4.11-active-ftp.patch
|
||||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1612524
|
# https://github.com/squid-cache/squid/commit/c26cd1cb6a60ff196ef13c00e82576d3bfeb2e30
|
||||||
Patch207: squid-4.4.0-man-pages.patch
|
Patch207: squid-4.11-systemd.patch
|
||||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1691741
|
|
||||||
Patch208: squid-4.4.0-lower-cachepeer.patch
|
|
||||||
|
|
||||||
# Security fixes
|
# Security fixes
|
||||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1729436
|
|
||||||
Patch500: squid-4.4.0-CVE-2019-13345.patch
|
|
||||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1738485
|
|
||||||
Patch501: squid-4.4.0-CVE-2019-12527.patch
|
|
||||||
|
|
||||||
Requires: bash >= 2.0
|
Requires: bash >= 2.0
|
||||||
Requires(pre): shadow-utils
|
Requires(pre): shadow-utils
|
||||||
@ -72,6 +66,8 @@ BuildRequires: perl-generators
|
|||||||
# For test suite
|
# For test suite
|
||||||
BuildRequires: pkgconfig(cppunit)
|
BuildRequires: pkgconfig(cppunit)
|
||||||
BuildRequires: autoconf
|
BuildRequires: autoconf
|
||||||
|
# systemd notify
|
||||||
|
BuildRequires: systemd-devel
|
||||||
|
|
||||||
%description
|
%description
|
||||||
Squid is a high-performance proxy caching server for Web clients,
|
Squid is a high-performance proxy caching server for Web clients,
|
||||||
@ -96,14 +92,10 @@ lookup program (dnsserver), a program for retrieving FTP data
|
|||||||
%patch201 -p1 -b .config
|
%patch201 -p1 -b .config
|
||||||
%patch202 -p1 -b .location
|
%patch202 -p1 -b .location
|
||||||
%patch203 -p1 -b .perlpath
|
%patch203 -p1 -b .perlpath
|
||||||
%patch204 -p0 -b .include-guards
|
%patch204 -p1 -b .include-guards
|
||||||
%patch205 -p1 -b .large_acl
|
%patch205 -p1 -b .large_acl
|
||||||
%patch206 -p1 -b .active-ftp
|
%patch206 -p1 -b .active-ftp
|
||||||
%patch207 -p1 -b .man-pages
|
%patch207 -p1 -b .systemd
|
||||||
%patch208 -p1 -b .lower-cachepeer
|
|
||||||
|
|
||||||
%patch500 -p1 -b .CVE-2019-13345
|
|
||||||
%patch501 -p1 -b .CVE-2019-12527
|
|
||||||
|
|
||||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1679526
|
# https://bugzilla.redhat.com/show_bug.cgi?id=1679526
|
||||||
# Patch in the vendor documentation and used different location for documentation
|
# Patch in the vendor documentation and used different location for documentation
|
||||||
@ -320,6 +312,47 @@ fi
|
|||||||
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu May 07 2020 Lubos Uhliarik <luhliari@redhat.com> - 7:4.11-1
|
||||||
|
- new version 4.11
|
||||||
|
- libsystemd integration
|
||||||
|
- Resolves: #1829467 - squid:4 rebase
|
||||||
|
- Resolves: #1828378 - CVE-2019-12521 squid:4/squid: off-by-one error in
|
||||||
|
addStackElement allows for a heap buffer overflow and a crash
|
||||||
|
- Resolves: #1828377 - CVE-2019-12520 squid:4/squid: improper input validation
|
||||||
|
in request allows for proxy manipulation
|
||||||
|
- Resolves: #1828375 - CVE-2019-12524 squid:4/squid: improper access restriction
|
||||||
|
in url_regex may lead to security bypass
|
||||||
|
- Resolves: #1820664 - CVE-2019-18860 squid: mishandles HTML in the host
|
||||||
|
parameter to cachemgr.cgi which could result in squid behaving in unsecure way
|
||||||
|
- Resolves: #1802514 - CVE-2020-8449 squid:4/squid: Improper input validation
|
||||||
|
issues in HTTP Request processing
|
||||||
|
- Resolves: #1802513 - CVE-2020-8450 squid:4/squid: Buffer overflow in a Squid
|
||||||
|
acting as reverse-proxy
|
||||||
|
- Resolves: #1802512 - CVE-2019-12528 squid:4/squid: Information Disclosure
|
||||||
|
issue in FTP Gateway
|
||||||
|
- Resolves: #1771288 - CVE-2019-18678 squid:4/squid: HTTP Request Splitting
|
||||||
|
issue in HTTP message processing
|
||||||
|
- Resolves: #1771283 - CVE-2019-18679 squid:4/squid: Information Disclosure
|
||||||
|
issue in HTTP Digest Authentication
|
||||||
|
- Resolves: #1771280 - CVE-2019-18677 squid:4/squid: Cross-Site Request Forgery
|
||||||
|
issue in HTTP Request processing
|
||||||
|
- Resolves: #1771275 - CVE-2019-12523 squid:4/squid: Improper input validation
|
||||||
|
in URI processor
|
||||||
|
- Resolves: #1771272 - CVE-2019-18676 squid:4/squid: Buffer overflow in URI
|
||||||
|
processor
|
||||||
|
- Resolves: #1771264 - CVE-2019-12526 squid:4/squid: Heap overflow issue in URN
|
||||||
|
processing
|
||||||
|
- Resolves: #1738581 - CVE-2019-12529 squid: OOB read in Proxy-Authorization
|
||||||
|
header causes DoS
|
||||||
|
|
||||||
|
* Tue Apr 28 2020 Lubos Uhliarik <luhliari@redhat.com> - 7:4.4-9
|
||||||
|
- Resolves: #1738583 - CVE-2019-12525 squid:4/squid: parsing of header
|
||||||
|
Proxy-Authentication leads to memory corruption
|
||||||
|
- Resolves: #1828369 - CVE-2020-11945 squid: improper access restriction upon
|
||||||
|
Digest Authentication nonce replay could lead to remote code execution
|
||||||
|
- Resolves: #1828370 - CVE-2019-12519 squid: improper check for new member in
|
||||||
|
ESIExpression::Evaluate allows for stack buffer overflow
|
||||||
|
|
||||||
* Fri Aug 23 2019 Lubos Uhliarik <luhliari@redhat.com> - 7:4.4-8
|
* Fri Aug 23 2019 Lubos Uhliarik <luhliari@redhat.com> - 7:4.4-8
|
||||||
- Resolves: # 1738485 - CVE-2019-12527 squid:4/squid: heap-based buffer overflow
|
- Resolves: # 1738485 - CVE-2019-12527 squid:4/squid: heap-based buffer overflow
|
||||||
in HttpHeader::getAuth
|
in HttpHeader::getAuth
|
||||||
|
Loading…
Reference in New Issue
Block a user