new version 4.11
libsystemd integration Resolves: #1827564 - CVE-2020-11945 squid: improper access restriction upon Digest Authentication nonce replay could lead to remote code execution
This commit is contained in:
parent
c684998ac2
commit
929622f85f
4
sources
4
sources
@ -1,3 +1,3 @@
|
|||||||
SHA512 (squid-4.10.tar.xz) = 033891f84789fe23a23fabcfb6f51a5b044c16892600f94380b5f0bcbceaef67b95c7047154d940511146248ca9846a949f00a609c6ed27f9af8829325eb08e0
|
SHA512 (squid-4.11.tar.xz) = 02d4bb4d5860124347670615e69b1b92be7ea4fc0131e54091a06cb2e67bd73583d8e6cbe472473f0c59764611a49561d02ab9fe2bf0305ce4652d4ec7714f26
|
||||||
SHA512 (squid-4.10.tar.xz.asc) = 9a319a001275fcf1c3831bc59cbfd910a2d2d81e45fb0e47995ce723e99bc9bc69ad532871095944bb15709e175491dd70aaec25435b6e97ffd7a3a82fd900c7
|
SHA512 (squid-4.11.tar.xz.asc) = df90af48cf32b4bd8ad3803c363180048fadacd0b1dbee4b74bf7fe2ce9ef2a4fda1790ceb4a4e1ec7c1bf66b323e3975c05a7f6dcb697c445186f577cfb16e9
|
||||||
SHA512 (pgp.asc) = 09f7012030d68831dfc083d67ca63ee54ed851482ca8d0e9505b444ee3e7ddeed62369b53f2917c9b2e0e57cc0533fce46e8cafd2ebcd1c6cb186b516efd0ad2
|
SHA512 (pgp.asc) = 09f7012030d68831dfc083d67ca63ee54ed851482ca8d0e9505b444ee3e7ddeed62369b53f2917c9b2e0e57cc0533fce46e8cafd2ebcd1c6cb186b516efd0ad2
|
||||||
|
27
squid-4.11-systemd.patch
Normal file
27
squid-4.11-systemd.patch
Normal file
@ -0,0 +1,27 @@
|
|||||||
|
diff --git a/configure b/configure
|
||||||
|
index 17b2ebf..9530f6b 100755
|
||||||
|
--- a/configure
|
||||||
|
+++ b/configure
|
||||||
|
@@ -33915,6 +33915,7 @@ done
|
||||||
|
fi
|
||||||
|
if test "x$SYSTEMD_LIBS" != "x" ; then
|
||||||
|
CXXFLAGS="$SYSTEMD_CFLAGS $CXXFLAGS"
|
||||||
|
+ LDFLAGS="$SYSTEMD_LIBS $LDFLAGS"
|
||||||
|
|
||||||
|
$as_echo "#define USE_SYSTEMD 1" >>confdefs.h
|
||||||
|
|
||||||
|
diff --git a/src/Debug.h b/src/Debug.h
|
||||||
|
index 6eecd01..ddd9e38 100644
|
||||||
|
--- a/src/Debug.h
|
||||||
|
+++ b/src/Debug.h
|
||||||
|
@@ -99,6 +99,10 @@ public:
|
||||||
|
|
||||||
|
/// configures the active debugging context to write syslog ALERT
|
||||||
|
static void ForceAlert();
|
||||||
|
+
|
||||||
|
+ /// prefixes each grouped debugs() line after the first one in the group
|
||||||
|
+ static std::ostream& Extra(std::ostream &os) { return os << "\n "; }
|
||||||
|
+
|
||||||
|
private:
|
||||||
|
static Context *Current; ///< deepest active context; nil outside debugs()
|
||||||
|
};
|
@ -4,14 +4,15 @@ Documentation=man:squid(8)
|
|||||||
After=network.target network-online.target nss-lookup.target
|
After=network.target network-online.target nss-lookup.target
|
||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
Type=forking
|
Type=notify
|
||||||
LimitNOFILE=16384
|
LimitNOFILE=16384
|
||||||
PIDFile=/run/squid.pid
|
PIDFile=/run/squid.pid
|
||||||
EnvironmentFile=/etc/sysconfig/squid
|
EnvironmentFile=/etc/sysconfig/squid
|
||||||
ExecStartPre=/usr/libexec/squid/cache_swap.sh
|
ExecStartPre=/usr/libexec/squid/cache_swap.sh
|
||||||
ExecStart=/usr/sbin/squid $SQUID_OPTS -f ${SQUID_CONF}
|
ExecStart=/usr/sbin/squid --foreground $SQUID_OPTS -f ${SQUID_CONF}
|
||||||
ExecReload=/usr/bin/kill -HUP $MAINPID
|
ExecReload=/usr/bin/kill -HUP $MAINPID
|
||||||
KillMode=mixed
|
KillMode=mixed
|
||||||
|
NotifyAccess=all
|
||||||
|
|
||||||
[Install]
|
[Install]
|
||||||
WantedBy=multi-user.target
|
WantedBy=multi-user.target
|
||||||
|
14
squid.spec
14
squid.spec
@ -1,8 +1,8 @@
|
|||||||
%define __perl_requires %{SOURCE98}
|
%define __perl_requires %{SOURCE98}
|
||||||
|
|
||||||
Name: squid
|
Name: squid
|
||||||
Version: 4.10
|
Version: 4.11
|
||||||
Release: 4%{?dist}
|
Release: 1%{?dist}
|
||||||
Summary: The Squid proxy caching server
|
Summary: The Squid proxy caching server
|
||||||
Epoch: 7
|
Epoch: 7
|
||||||
# See CREDITS for breakdown of non GPLv2+ code
|
# See CREDITS for breakdown of non GPLv2+ code
|
||||||
@ -33,6 +33,7 @@ Patch202: squid-3.1.0.9-location.patch
|
|||||||
Patch203: squid-3.0.STABLE1-perlpath.patch
|
Patch203: squid-3.0.STABLE1-perlpath.patch
|
||||||
Patch204: squid-3.5.9-include-guards.patch
|
Patch204: squid-3.5.9-include-guards.patch
|
||||||
Patch205: squid-4.0.21-large-acl.patch
|
Patch205: squid-4.0.21-large-acl.patch
|
||||||
|
Patch206: squid-4.11-systemd.patch
|
||||||
|
|
||||||
# cache_swap.sh
|
# cache_swap.sh
|
||||||
Requires: bash gawk
|
Requires: bash gawk
|
||||||
@ -69,6 +70,8 @@ BuildRequires: gnupg2
|
|||||||
# for _tmpfilesdir and _unitdir macro
|
# for _tmpfilesdir and _unitdir macro
|
||||||
# see https://docs.fedoraproject.org/en-US/packaging-guidelines/Systemd/#_packaging
|
# see https://docs.fedoraproject.org/en-US/packaging-guidelines/Systemd/#_packaging
|
||||||
BuildRequires: systemd-rpm-macros
|
BuildRequires: systemd-rpm-macros
|
||||||
|
# systemd notify
|
||||||
|
BuildRequires: systemd-devel
|
||||||
|
|
||||||
|
|
||||||
# Old NetworkManager expects the dispatcher scripts in a different place
|
# Old NetworkManager expects the dispatcher scripts in a different place
|
||||||
@ -100,6 +103,7 @@ lookup program (dnsserver), a program for retrieving FTP data
|
|||||||
%patch203 -p1 -b .perlpath
|
%patch203 -p1 -b .perlpath
|
||||||
%patch204 -p0 -b .include-guards
|
%patch204 -p0 -b .include-guards
|
||||||
%patch205 -p1 -b .large_acl
|
%patch205 -p1 -b .large_acl
|
||||||
|
%patch206 -p1 -b .systemd
|
||||||
|
|
||||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1679526
|
# https://bugzilla.redhat.com/show_bug.cgi?id=1679526
|
||||||
# Patch in the vendor documentation and used different location for documentation
|
# Patch in the vendor documentation and used different location for documentation
|
||||||
@ -292,6 +296,12 @@ fi
|
|||||||
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu May 07 2020 Lubos Uhliarik <luhliari@redhat.com> - 7:4.11-1
|
||||||
|
- new version 4.11
|
||||||
|
- libsystemd integration
|
||||||
|
- Resolves: #1827564 - CVE-2020-11945 squid: improper access restriction upon
|
||||||
|
Digest Authentication nonce replay could lead to remote code execution
|
||||||
|
|
||||||
* Thu Mar 26 2020 Lubos Uhliarik <luhliari@redhat.com> - 7:4.10-4
|
* Thu Mar 26 2020 Lubos Uhliarik <luhliari@redhat.com> - 7:4.10-4
|
||||||
- Resolves: #1817208 - More cache_swap.sh optimizations
|
- Resolves: #1817208 - More cache_swap.sh optimizations
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user