diff --git a/squid-5.5-CVE-2021-46784.patch b/squid-5.5-CVE-2021-46784.patch
new file mode 100644
index 0000000..4e5e796
--- /dev/null
+++ b/squid-5.5-CVE-2021-46784.patch
@@ -0,0 +1,120 @@
+diff --git a/src/gopher.cc b/src/gopher.cc
+index 576a3f7..2645b6b 100644
+--- a/src/gopher.cc
++++ b/src/gopher.cc
+@@ -364,7 +364,6 @@ gopherToHTML(GopherStateData * gopherState, char *inbuf, int len)
+ char *lpos = NULL;
+ char *tline = NULL;
+ LOCAL_ARRAY(char, line, TEMP_BUF_SIZE);
+- LOCAL_ARRAY(char, tmpbuf, TEMP_BUF_SIZE);
+ char *name = NULL;
+ char *selector = NULL;
+ char *host = NULL;
+@@ -374,7 +373,6 @@ gopherToHTML(GopherStateData * gopherState, char *inbuf, int len)
+ char gtype;
+ StoreEntry *entry = NULL;
+
+- memset(tmpbuf, '\0', TEMP_BUF_SIZE);
+ memset(line, '\0', TEMP_BUF_SIZE);
+
+ entry = gopherState->entry;
+@@ -409,7 +407,7 @@ gopherToHTML(GopherStateData * gopherState, char *inbuf, int len)
+ return;
+ }
+
+- String outbuf;
++ SBuf outbuf;
+
+ if (!gopherState->HTML_header_added) {
+ if (gopherState->conversion == GopherStateData::HTML_CSO_RESULT)
+@@ -577,34 +575,34 @@ gopherToHTML(GopherStateData * gopherState, char *inbuf, int len)
+ break;
+ }
+
+- memset(tmpbuf, '\0', TEMP_BUF_SIZE);
+-
+ if ((gtype == GOPHER_TELNET) || (gtype == GOPHER_3270)) {
+ if (strlen(escaped_selector) != 0)
+- snprintf(tmpbuf, TEMP_BUF_SIZE, "![](\"%s\")
%s\n",
+- icon_url, escaped_selector, rfc1738_escape_part(host),
+- *port ? ":" : "", port, html_quote(name));
++ outbuf.appendf(" %s\n",
++ icon_url, escaped_selector, rfc1738_escape_part(host),
++ *port ? ":" : "", port, html_quote(name));
+ else
+- snprintf(tmpbuf, TEMP_BUF_SIZE, " %s\n",
+- icon_url, rfc1738_escape_part(host), *port ? ":" : "",
+- port, html_quote(name));
++ outbuf.appendf(" %s\n",
++ icon_url, rfc1738_escape_part(host), *port ? ":" : "",
++ port, html_quote(name));
+
+ } else if (gtype == GOPHER_INFO) {
+- snprintf(tmpbuf, TEMP_BUF_SIZE, "\t%s\n", html_quote(name));
++ outbuf.appendf("\t%s\n", html_quote(name));
+ } else {
+ if (strncmp(selector, "GET /", 5) == 0) {
+ /* WWW link */
+- snprintf(tmpbuf, TEMP_BUF_SIZE, " %s\n",
+- icon_url, host, rfc1738_escape_unescaped(selector + 5), html_quote(name));
++ outbuf.appendf(" %s\n",
++ icon_url, host, rfc1738_escape_unescaped(selector + 5), html_quote(name));
++ } else if (gtype == GOPHER_WWW) {
++ outbuf.appendf(" %s\n",
++ icon_url, rfc1738_escape_unescaped(selector), html_quote(name));
+ } else {
+ /* Standard link */
+- snprintf(tmpbuf, TEMP_BUF_SIZE, " %s\n",
+- icon_url, host, gtype, escaped_selector, html_quote(name));
++ outbuf.appendf(" %s\n",
++ icon_url, host, gtype, escaped_selector, html_quote(name));
+ }
+ }
+
+ safe_free(escaped_selector);
+- outbuf.append(tmpbuf);
+ } else {
+ memset(line, '\0', TEMP_BUF_SIZE);
+ continue;
+@@ -637,13 +635,12 @@ gopherToHTML(GopherStateData * gopherState, char *inbuf, int len)
+ break;
+
+ if (gopherState->cso_recno != recno) {
+- snprintf(tmpbuf, TEMP_BUF_SIZE, "
Record# %d
%s
\n", recno, html_quote(result));
++ outbuf.appendf("
Record# %d
%s
\n", recno, html_quote(result));
+ gopherState->cso_recno = recno;
+ } else {
+- snprintf(tmpbuf, TEMP_BUF_SIZE, "%s\n", html_quote(result));
++ outbuf.appendf("%s\n", html_quote(result));
+ }
+
+- outbuf.append(tmpbuf);
+ break;
+ } else {
+ int code;
+@@ -671,8 +668,7 @@ gopherToHTML(GopherStateData * gopherState, char *inbuf, int len)
+
+ case 502: { /* Too Many Matches */
+ /* Print the message the server returns */
+- snprintf(tmpbuf, TEMP_BUF_SIZE, "
%s
\n", html_quote(result));
+- outbuf.append(tmpbuf);
++ outbuf.appendf("
%s
\n", html_quote(result));
+ break;
+ }
+
+@@ -688,13 +684,12 @@ gopherToHTML(GopherStateData * gopherState, char *inbuf, int len)
+
+ } /* while loop */
+
+- if (outbuf.size() > 0) {
+- entry->append(outbuf.rawBuf(), outbuf.size());
++ if (outbuf.length() > 0) {
++ entry->append(outbuf.rawContent(), outbuf.length());
+ /* now let start sending stuff to client */
+ entry->flush();
+ }
+
+- outbuf.clean();
+ return;
+ }
+
diff --git a/squid.spec b/squid.spec
index 9eebc59..6a230c0 100644
--- a/squid.spec
+++ b/squid.spec
@@ -2,7 +2,7 @@
Name: squid
Version: 5.5
-Release: 1%{?dist}
+Release: 2%{?dist}
Summary: The Squid proxy caching server
Epoch: 7
# See CREDITS for breakdown of non GPLv2+ code
@@ -42,6 +42,10 @@ Patch207: squid-5.0.6-active-ftp.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=1988122
Patch208: squid-5.1-test-store-cppsuite.patch
+# Security patches
+# https://bugzilla.redhat.com/show_bug.cgi?id=2100721
+Patch501: squid-5.5-CVE-2021-46784.patch
+
# cache_swap.sh
Requires: bash gawk
# for httpd conf file - cachemgr script alias
@@ -115,6 +119,7 @@ lookup program (dnsserver), a program for retrieving FTP data
%patch207 -p1 -b .active-ftp
%patch208 -p1 -b .test-store-cpp
+%patch501 -p1 -b .CVE-2021-46784
# https://bugzilla.redhat.com/show_bug.cgi?id=1679526
# Patch in the vendor documentation and used different location for documentation
@@ -346,6 +351,10 @@ fi
%changelog
+* Mon Jul 11 2022 Luboš Uhliarik - 7:5.5-2
+- Resolves: #2100785 - CVE-2021-46784 squid: DoS when processing gopher server
+ responses
+
* Tue May 31 2022 Luboš Uhliarik - 7:5.5-1
- new version 5.5
- Resolves: #2075727 - The memory usage of the squid process keeps increasing