new version 6.10
Resolves: RHEL-45048 - squid: Out-of-bounds write error maylead to Denial of Service (CVE-2024-37894)
This commit is contained in:
Luboš Uhliarik
parent
9cd6942293
commit
49b118ea6d
4
sources
4
sources
@ -1,3 +1,3 @@
|
||||
SHA512 (squid-6.7.tar.xz) = 6221437056c600119fe9ff1ceeeaa9955cf9f21df481ad29a3515f8439a41b779d51f37b820b75641d0d4d6de54554f6f924dbd347834bf4a6ad6b5b317084a0
|
||||
SHA512 (squid-6.7.tar.xz.asc) = 4a1f9d123ce6b5a600d9d2dd3af95a7ce98bfe28ba42d1281ab1f3d7f220f8738a4320afb85eeba1bf9d31e722ffaccd2d89cbefcd11e6b6ea31fe237ccf9a8c
|
||||
SHA512 (squid-6.10.tar.xz) = c0b75c3d383b1cd234b30dd02e84e1c5655fc53f63b75704bf4bac9ee0b86ba27e4656116893aff8b95dea19ff1befabcbb9dab3875da52fcb65f1d30f0fe5a9
|
||||
SHA512 (squid-6.10.tar.xz.asc) = 5e9d053db90549760f7a675d9f4703ecde460906cb09dff489f9db5d0f7826fb30487c9b009cc4577f3f061f3c7b3a667418af298f55f882f696884dc536bf53
|
||||
SHA512 (pgp.asc) = b1e1dd5ead34711f064a12a324b2f156ad4835330d861eae4032926b8a6cd07c0eacc76f52518d47ed5a8ead4695f5abd02f2b4190af8e7833bd3ea31453569d
|
||||
|
||||
@ -1,123 +0,0 @@
|
||||
From 7080c9ea3c761f4ac67e3341bbc371383e4e739b Mon Sep 17 00:00:00 2001
|
||||
From: Amos Jeffries <amosjeffries@squid-cache.org>
|
||||
Date: Wed, 14 Feb 2024 03:07:20 +1300
|
||||
Subject: [PATCH 1/4] Fix undefined std::find
|
||||
|
||||
---
|
||||
src/helper/Reply.cc | 2 ++
|
||||
1 file changed, 2 insertions(+)
|
||||
|
||||
diff --git a/src/helper/Reply.cc b/src/helper/Reply.cc
|
||||
index 93cd5c84322..2e5e92aa2be 100644
|
||||
--- a/src/helper/Reply.cc
|
||||
+++ b/src/helper/Reply.cc
|
||||
@@ -17,6 +17,8 @@
|
||||
#include "rfc1738.h"
|
||||
#include "SquidString.h"
|
||||
|
||||
+#include <algorithm>
|
||||
+
|
||||
Helper::Reply::Reply() :
|
||||
result(Helper::Unknown)
|
||||
{
|
||||
|
||||
From 906884bf2565025cbc5b322c47425defa07f1f8e Mon Sep 17 00:00:00 2001
|
||||
From: Amos Jeffries <amosjeffries@squid-cache.org>
|
||||
Date: Wed, 14 Feb 2024 03:51:17 +1300
|
||||
Subject: [PATCH 2/4] Fix error: 'InstanceId<...>::InstanceId(const
|
||||
InstanceId<...> &)' is private within this context
|
||||
|
||||
---
|
||||
src/base/InstanceId.h | 5 +----
|
||||
1 file changed, 1 insertion(+), 4 deletions(-)
|
||||
|
||||
diff --git a/src/base/InstanceId.h b/src/base/InstanceId.h
|
||||
index a48be882cc4..c4dd4090b00 100644
|
||||
--- a/src/base/InstanceId.h
|
||||
+++ b/src/base/InstanceId.h
|
||||
@@ -49,6 +49,7 @@ class InstanceId
|
||||
typedef ValueType Value; ///< id storage type
|
||||
|
||||
InstanceId() {change();}
|
||||
+ InstanceId(const InstanceId &); ///< no copying; IDs are unique
|
||||
|
||||
operator Value() const { return value; }
|
||||
bool operator ==(const InstanceId &o) const { return value == o.value; }
|
||||
@@ -67,10 +68,6 @@ class InstanceId
|
||||
|
||||
public:
|
||||
Value value = Value(); ///< instance identifier
|
||||
-
|
||||
-private:
|
||||
- InstanceId(const InstanceId &); ///< not implemented; IDs are unique
|
||||
- InstanceId& operator=(const InstanceId &); ///< not implemented
|
||||
};
|
||||
|
||||
/// An InstanceIdDefinitions() helper. Avoid direct use.
|
||||
|
||||
From 2631e20bf8adc2102ba039baf86c1c64c158431f Mon Sep 17 00:00:00 2001
|
||||
From: Amos Jeffries <amosjeffries@squid-cache.org>
|
||||
Date: Wed, 14 Feb 2024 03:58:47 +1300
|
||||
Subject: [PATCH 3/4] =?UTF-8?q?Fix=20error:=20=E2=80=98void*=20calloc(size?=
|
||||
=?UTF-8?q?=5Ft,=20size=5Ft)=E2=80=99=20sizes?=
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
... specified with ‘sizeof’ in the earlier argument
|
||||
and not in the later argument [-Werror=calloc-transposed-args]
|
||||
---
|
||||
src/auth/basic/LDAP/basic_ldap_auth.cc | 2 +-
|
||||
src/auth/digest/eDirectory/edir_ldapext.cc | 2 +-
|
||||
2 files changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/src/auth/basic/LDAP/basic_ldap_auth.cc b/src/auth/basic/LDAP/basic_ldap_auth.cc
|
||||
index 4d9a78574cb..f79a5b88984 100644
|
||||
--- a/src/auth/basic/LDAP/basic_ldap_auth.cc
|
||||
+++ b/src/auth/basic/LDAP/basic_ldap_auth.cc
|
||||
@@ -795,7 +795,7 @@ readSecret(const char *filename)
|
||||
if ((e = strrchr(buf, '\r')))
|
||||
*e = 0;
|
||||
|
||||
- passwd = (char *) calloc(sizeof(char), strlen(buf) + 1);
|
||||
+ passwd = static_cast<char *>(calloc(strlen(buf) + 1, sizeof(char)));
|
||||
if (!passwd) {
|
||||
fprintf(stderr, PROGRAM_NAME " ERROR: can not allocate memory\n");
|
||||
exit(EXIT_FAILURE);
|
||||
diff --git a/src/auth/digest/eDirectory/edir_ldapext.cc b/src/auth/digest/eDirectory/edir_ldapext.cc
|
||||
index f34341c912c..13e7daca67b 100644
|
||||
--- a/src/auth/digest/eDirectory/edir_ldapext.cc
|
||||
+++ b/src/auth/digest/eDirectory/edir_ldapext.cc
|
||||
@@ -69,7 +69,7 @@
|
||||
|
||||
#define NMAS_LDAP_EXT_VERSION 1
|
||||
|
||||
-#define SMB_MALLOC_ARRAY(type, nelem) calloc(sizeof(type), nelem)
|
||||
+#define SMB_MALLOC_ARRAY(type, nelem) calloc(nelem, sizeof(type))
|
||||
#define DEBUG(level, args)
|
||||
|
||||
/**********************************************************************
|
||||
|
||||
From 535606d99e04f3479af07c471768af688ff790cb Mon Sep 17 00:00:00 2001
|
||||
From: Amos Jeffries <yadij@users.noreply.github.com>
|
||||
Date: Wed, 14 Feb 2024 05:52:05 +1300
|
||||
Subject: [PATCH 4/4] Update src/base/InstanceId.h
|
||||
|
||||
Co-authored-by: Alex Rousskov <rousskov@measurement-factory.com>
|
||||
---
|
||||
src/base/InstanceId.h | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/base/InstanceId.h b/src/base/InstanceId.h
|
||||
index c4dd4090b00..d3e2ebb2b2e 100644
|
||||
--- a/src/base/InstanceId.h
|
||||
+++ b/src/base/InstanceId.h
|
||||
@@ -49,7 +49,7 @@ class InstanceId
|
||||
typedef ValueType Value; ///< id storage type
|
||||
|
||||
InstanceId() {change();}
|
||||
- InstanceId(const InstanceId &); ///< no copying; IDs are unique
|
||||
+ InstanceId(InstanceId &&) = delete; // no copying/moving of any kind
|
||||
|
||||
operator Value() const { return value; }
|
||||
bool operator ==(const InstanceId &o) const { return value == o.value; }
|
||||
11
squid.spec
11
squid.spec
@ -1,8 +1,8 @@
|
||||
%define __perl_requires %{SOURCE98}
|
||||
|
||||
Name: squid
|
||||
Version: 6.7
|
||||
Release: 2%{?dist}
|
||||
Version: 6.10
|
||||
Release: 1%{?dist}
|
||||
Summary: The Squid proxy caching server
|
||||
Epoch: 7
|
||||
# See CREDITS for breakdown of non GPLv2+ code
|
||||
@ -38,8 +38,6 @@ Patch203: squid-6.1-perlpath.patch
|
||||
Patch204: squid-6.1-symlink-lang-err.patch
|
||||
# Upstream PR: https://github.com/squid-cache/squid/pull/1442
|
||||
Patch205: squid-6.1-crash-half-closed.patch
|
||||
# https://github.com/squid-cache/squid/pull/1673
|
||||
Patch206: squid-6.7-gcc-14.patch
|
||||
|
||||
# cache_swap.sh
|
||||
Requires: bash gawk
|
||||
@ -326,6 +324,11 @@ fi
|
||||
|
||||
|
||||
%changelog
|
||||
* Mon Jul 01 2024 Luboš Uhliarik <luhliari@redhat.com> - 7:6.10-1
|
||||
- new version 6.10
|
||||
- Resolves: RHEL-45048 - squid: Out-of-bounds write error may lead to Denial of
|
||||
Service (CVE-2024-37894)
|
||||
|
||||
* Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 7:6.7-2
|
||||
- Bump release for June 2024 mass rebuild
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user