import squid-4.11-4.module+el8.4.0+9038+276d2d9f
This commit is contained in:
parent
11b0ae8e0d
commit
32f4bda808
27
SOURCES/squid-4.11-cache-mgr-auth-strdup.patch
Normal file
27
SOURCES/squid-4.11-cache-mgr-auth-strdup.patch
Normal file
@ -0,0 +1,27 @@
|
||||
diff --git a/tools/cachemgr.cc b/tools/cachemgr.cc
|
||||
index 36d8e38..50bb9b6 100644
|
||||
--- a/tools/cachemgr.cc
|
||||
+++ b/tools/cachemgr.cc
|
||||
@@ -1092,14 +1092,20 @@ make_pub_auth(cachemgr_request * req)
|
||||
if (!req->passwd || !strlen(req->passwd))
|
||||
return;
|
||||
|
||||
+ auto *rfc1738_username = xstrdup(rfc1738_escape(safe_str(req->user_name)));
|
||||
+ auto *rfc1738_passwd = xstrdup(rfc1738_escape(req->passwd));
|
||||
+
|
||||
/* host | time | user | passwd */
|
||||
const int bufLen = snprintf(buf, sizeof(buf), "%s|%d|%s|%s",
|
||||
req->hostname,
|
||||
(int) now,
|
||||
- rfc1738_escape(safe_str(req->user_name)),
|
||||
- rfc1738_escape(req->passwd));
|
||||
+ rfc1738_username,
|
||||
+ rfc1738_passwd);
|
||||
debug("cmgr: pre-encoded for pub: %s\n", buf);
|
||||
|
||||
+ safe_free(rfc1738_username);
|
||||
+ safe_free(rfc1738_passwd);
|
||||
+
|
||||
const int encodedLen = base64_encode_len(bufLen);
|
||||
req->pub_auth = (char *) xmalloc(encodedLen);
|
||||
struct base64_encode_ctx ctx;
|
@ -2,7 +2,7 @@
|
||||
|
||||
Name: squid
|
||||
Version: 4.11
|
||||
Release: 3%{?dist}
|
||||
Release: 4%{?dist}
|
||||
Summary: The Squid proxy caching server
|
||||
Epoch: 7
|
||||
# See CREDITS for breakdown of non GPLv2+ code
|
||||
@ -36,6 +36,8 @@ Patch206: squid-4.11-active-ftp.patch
|
||||
# https://github.com/squid-cache/squid/commit/c26cd1cb6a60ff196ef13c00e82576d3bfeb2e30
|
||||
Patch207: squid-4.11-systemd.patch
|
||||
Patch208: squid-4.11-convert-ipv4.patch
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1890606
|
||||
Patch209: squid-4.11-cache-mgr-auth-strdup.patch
|
||||
|
||||
# Security fixes
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1852554
|
||||
@ -109,6 +111,7 @@ lookup program (dnsserver), a program for retrieving FTP data
|
||||
%patch206 -p1 -b .active-ftp
|
||||
%patch207 -p1 -b .systemd
|
||||
%patch208 -p1 -R -b .convert-ipv4
|
||||
%patch209 -p1 -b .cachemgr-strdup
|
||||
|
||||
# Security patches
|
||||
%patch500 -p1 -b .cve-2020-14058
|
||||
@ -332,6 +335,10 @@ fi
|
||||
|
||||
|
||||
%changelog
|
||||
* Mon Oct 26 2020 Lubos Uhliarik <luhliari@redhat.com> - 7:4.11-4
|
||||
- Resolves: #1890606 - Fix for CVE 2019-13345 breaks authentication in
|
||||
cachemgr.cgi
|
||||
|
||||
* Wed Aug 26 2020 Lubos Uhliarik <luhliari@redhat.com> - 7:4.11-3
|
||||
- Resolves: #1871705 - CVE-2020-24606 squid: Improper Input Validation could
|
||||
result in a DoS
|
||||
|
Loading…
Reference in New Issue
Block a user