new version 6.10

Resolves: RHEL-45048 - squid: Out-of-bounds write error maylead to Denial
of Service (CVE-2024-37894)
This commit is contained in:
Luboš Uhliarik 2024-07-01 12:13:11 +02:00
parent 9cd6942293
commit 49b118ea6d
3 changed files with 9 additions and 129 deletions

View File

@ -1,3 +1,3 @@
SHA512 (squid-6.7.tar.xz) = 6221437056c600119fe9ff1ceeeaa9955cf9f21df481ad29a3515f8439a41b779d51f37b820b75641d0d4d6de54554f6f924dbd347834bf4a6ad6b5b317084a0 SHA512 (squid-6.10.tar.xz) = c0b75c3d383b1cd234b30dd02e84e1c5655fc53f63b75704bf4bac9ee0b86ba27e4656116893aff8b95dea19ff1befabcbb9dab3875da52fcb65f1d30f0fe5a9
SHA512 (squid-6.7.tar.xz.asc) = 4a1f9d123ce6b5a600d9d2dd3af95a7ce98bfe28ba42d1281ab1f3d7f220f8738a4320afb85eeba1bf9d31e722ffaccd2d89cbefcd11e6b6ea31fe237ccf9a8c SHA512 (squid-6.10.tar.xz.asc) = 5e9d053db90549760f7a675d9f4703ecde460906cb09dff489f9db5d0f7826fb30487c9b009cc4577f3f061f3c7b3a667418af298f55f882f696884dc536bf53
SHA512 (pgp.asc) = b1e1dd5ead34711f064a12a324b2f156ad4835330d861eae4032926b8a6cd07c0eacc76f52518d47ed5a8ead4695f5abd02f2b4190af8e7833bd3ea31453569d SHA512 (pgp.asc) = b1e1dd5ead34711f064a12a324b2f156ad4835330d861eae4032926b8a6cd07c0eacc76f52518d47ed5a8ead4695f5abd02f2b4190af8e7833bd3ea31453569d

View File

@ -1,123 +0,0 @@
From 7080c9ea3c761f4ac67e3341bbc371383e4e739b Mon Sep 17 00:00:00 2001
From: Amos Jeffries <amosjeffries@squid-cache.org>
Date: Wed, 14 Feb 2024 03:07:20 +1300
Subject: [PATCH 1/4] Fix undefined std::find
---
src/helper/Reply.cc | 2 ++
1 file changed, 2 insertions(+)
diff --git a/src/helper/Reply.cc b/src/helper/Reply.cc
index 93cd5c84322..2e5e92aa2be 100644
--- a/src/helper/Reply.cc
+++ b/src/helper/Reply.cc
@@ -17,6 +17,8 @@
#include "rfc1738.h"
#include "SquidString.h"
+#include <algorithm>
+
Helper::Reply::Reply() :
result(Helper::Unknown)
{
From 906884bf2565025cbc5b322c47425defa07f1f8e Mon Sep 17 00:00:00 2001
From: Amos Jeffries <amosjeffries@squid-cache.org>
Date: Wed, 14 Feb 2024 03:51:17 +1300
Subject: [PATCH 2/4] Fix error: 'InstanceId<...>::InstanceId(const
InstanceId<...> &)' is private within this context
---
src/base/InstanceId.h | 5 +----
1 file changed, 1 insertion(+), 4 deletions(-)
diff --git a/src/base/InstanceId.h b/src/base/InstanceId.h
index a48be882cc4..c4dd4090b00 100644
--- a/src/base/InstanceId.h
+++ b/src/base/InstanceId.h
@@ -49,6 +49,7 @@ class InstanceId
typedef ValueType Value; ///< id storage type
InstanceId() {change();}
+ InstanceId(const InstanceId &); ///< no copying; IDs are unique
operator Value() const { return value; }
bool operator ==(const InstanceId &o) const { return value == o.value; }
@@ -67,10 +68,6 @@ class InstanceId
public:
Value value = Value(); ///< instance identifier
-
-private:
- InstanceId(const InstanceId &); ///< not implemented; IDs are unique
- InstanceId& operator=(const InstanceId &); ///< not implemented
};
/// An InstanceIdDefinitions() helper. Avoid direct use.
From 2631e20bf8adc2102ba039baf86c1c64c158431f Mon Sep 17 00:00:00 2001
From: Amos Jeffries <amosjeffries@squid-cache.org>
Date: Wed, 14 Feb 2024 03:58:47 +1300
Subject: [PATCH 3/4] =?UTF-8?q?Fix=20error:=20=E2=80=98void*=20calloc(size?=
=?UTF-8?q?=5Ft,=20size=5Ft)=E2=80=99=20sizes?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
... specified with sizeof in the earlier argument
and not in the later argument [-Werror=calloc-transposed-args]
---
src/auth/basic/LDAP/basic_ldap_auth.cc | 2 +-
src/auth/digest/eDirectory/edir_ldapext.cc | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/auth/basic/LDAP/basic_ldap_auth.cc b/src/auth/basic/LDAP/basic_ldap_auth.cc
index 4d9a78574cb..f79a5b88984 100644
--- a/src/auth/basic/LDAP/basic_ldap_auth.cc
+++ b/src/auth/basic/LDAP/basic_ldap_auth.cc
@@ -795,7 +795,7 @@ readSecret(const char *filename)
if ((e = strrchr(buf, '\r')))
*e = 0;
- passwd = (char *) calloc(sizeof(char), strlen(buf) + 1);
+ passwd = static_cast<char *>(calloc(strlen(buf) + 1, sizeof(char)));
if (!passwd) {
fprintf(stderr, PROGRAM_NAME " ERROR: can not allocate memory\n");
exit(EXIT_FAILURE);
diff --git a/src/auth/digest/eDirectory/edir_ldapext.cc b/src/auth/digest/eDirectory/edir_ldapext.cc
index f34341c912c..13e7daca67b 100644
--- a/src/auth/digest/eDirectory/edir_ldapext.cc
+++ b/src/auth/digest/eDirectory/edir_ldapext.cc
@@ -69,7 +69,7 @@
#define NMAS_LDAP_EXT_VERSION 1
-#define SMB_MALLOC_ARRAY(type, nelem) calloc(sizeof(type), nelem)
+#define SMB_MALLOC_ARRAY(type, nelem) calloc(nelem, sizeof(type))
#define DEBUG(level, args)
/**********************************************************************
From 535606d99e04f3479af07c471768af688ff790cb Mon Sep 17 00:00:00 2001
From: Amos Jeffries <yadij@users.noreply.github.com>
Date: Wed, 14 Feb 2024 05:52:05 +1300
Subject: [PATCH 4/4] Update src/base/InstanceId.h
Co-authored-by: Alex Rousskov <rousskov@measurement-factory.com>
---
src/base/InstanceId.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/base/InstanceId.h b/src/base/InstanceId.h
index c4dd4090b00..d3e2ebb2b2e 100644
--- a/src/base/InstanceId.h
+++ b/src/base/InstanceId.h
@@ -49,7 +49,7 @@ class InstanceId
typedef ValueType Value; ///< id storage type
InstanceId() {change();}
- InstanceId(const InstanceId &); ///< no copying; IDs are unique
+ InstanceId(InstanceId &&) = delete; // no copying/moving of any kind
operator Value() const { return value; }
bool operator ==(const InstanceId &o) const { return value == o.value; }

View File

@ -1,8 +1,8 @@
%define __perl_requires %{SOURCE98} %define __perl_requires %{SOURCE98}
Name: squid Name: squid
Version: 6.7 Version: 6.10
Release: 2%{?dist} Release: 1%{?dist}
Summary: The Squid proxy caching server Summary: The Squid proxy caching server
Epoch: 7 Epoch: 7
# See CREDITS for breakdown of non GPLv2+ code # See CREDITS for breakdown of non GPLv2+ code
@ -38,8 +38,6 @@ Patch203: squid-6.1-perlpath.patch
Patch204: squid-6.1-symlink-lang-err.patch Patch204: squid-6.1-symlink-lang-err.patch
# Upstream PR: https://github.com/squid-cache/squid/pull/1442 # Upstream PR: https://github.com/squid-cache/squid/pull/1442
Patch205: squid-6.1-crash-half-closed.patch Patch205: squid-6.1-crash-half-closed.patch
# https://github.com/squid-cache/squid/pull/1673
Patch206: squid-6.7-gcc-14.patch
# cache_swap.sh # cache_swap.sh
Requires: bash gawk Requires: bash gawk
@ -326,6 +324,11 @@ fi
%changelog %changelog
* Mon Jul 01 2024 Luboš Uhliarik <luhliari@redhat.com> - 7:6.10-1
- new version 6.10
- Resolves: RHEL-45048 - squid: Out-of-bounds write error may lead to Denial of
Service (CVE-2024-37894)
* Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 7:6.7-2 * Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 7:6.7-2
- Bump release for June 2024 mass rebuild - Bump release for June 2024 mass rebuild