diff --git a/.gitignore b/.gitignore index 6b8f17c..8afdad0 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,2 @@ SOURCES/pgp.asc -SOURCES/squid-5.2.tar.xz +SOURCES/squid-5.5.tar.xz diff --git a/.squid.metadata b/.squid.metadata index c73edd4..2b3e869 100644 --- a/.squid.metadata +++ b/.squid.metadata @@ -1,2 +1,2 @@ 8e3de63f3bef0c9c4edbcfe000c567119f687143 SOURCES/pgp.asc -0568a55c8bf20fbcbfadf126347f3e790945e5d2 SOURCES/squid-5.2.tar.xz +42302bd9b8feff851a41420334cb8eaeab2806ab SOURCES/squid-5.5.tar.xz diff --git a/SOURCES/squid-3.0.STABLE1-perlpath.patch b/SOURCES/squid-3.0.STABLE1-perlpath.patch index 9cb5e81..d927e43 100644 --- a/SOURCES/squid-3.0.STABLE1-perlpath.patch +++ b/SOURCES/squid-3.0.STABLE1-perlpath.patch @@ -6,5 +6,5 @@ index 4cb0480..4b89910 100755 -#!/usr/local/bin/perl -Tw +#!/usr/bin/perl -Tw # - # * Copyright (C) 1996-2021 The Squid Software Foundation and contributors + # * Copyright (C) 1996-2022 The Squid Software Foundation and contributors # * diff --git a/SOURCES/squid-5.0.5-symlink-lang-err.patch b/SOURCES/squid-5.0.5-symlink-lang-err.patch index 29b5e2c..45d6fe9 100644 --- a/SOURCES/squid-5.0.5-symlink-lang-err.patch +++ b/SOURCES/squid-5.0.5-symlink-lang-err.patch @@ -24,18 +24,6 @@ index 7670c88380c..f03c4cf71b4 100644 ro.lang \ - ru.lang + ru.lang -diff --git a/errors/TRANSLATORS b/errors/TRANSLATORS -index e29bf707678..6ee2df637ad 100644 ---- a/errors/TRANSLATORS -+++ b/errors/TRANSLATORS -@@ -21,6 +21,7 @@ and ideas to make Squid available as multi-langual software. - George Machitidze - Henrik Nordström - Ivan Masár -+ Javier Pacheco - John 'Profic' Ustiuzhanin - Leandro Cesar Nardini Frasson - liuyongbing diff --git a/errors/aliases b/errors/aliases index 36f17f4b80f..cf0116f297d 100644 --- a/errors/aliases diff --git a/SOURCES/squid-5.2.tar.xz.asc b/SOURCES/squid-5.2.tar.xz.asc deleted file mode 100644 index 288ce4d..0000000 --- a/SOURCES/squid-5.2.tar.xz.asc +++ /dev/null @@ -1,25 +0,0 @@ -File: squid-5.2.tar.xz -Date: Sun 03 Oct 2021 15:15:35 UTC -Size: 2553872 -MD5 : 102984f3ea382a1fa5bd917c2ee155ec -SHA1: 0568a55c8bf20fbcbfadf126347f3e790945e5d2 -Key : CD6DBF8EF3B17D3E - B068 84ED B779 C89B 044E 64E3 CD6D BF8E F3B1 7D3E - keyring = http://www.squid-cache.org/pgp.asc - keyserver = pool.sks-keyservers.net ------BEGIN PGP SIGNATURE----- - -iQIzBAABCgAdFiEEsGiE7bd5yJsETmTjzW2/jvOxfT4FAmFZySIACgkQzW2/jvOx -fT6sUBAArqj2/hn+a1okSuUWef2x0AtEKXy18aaYTJxF20yq3nNO1jLZYUY9dgpo -I0R32a8liygQPtfb+FFzQjkoIfpgEsmskndS0/jlOicY7ljw4MfHCLCtmc1xzPIs -UErI4SFR1H3aIa4yAmbQEhjuCWqBOzLt/UBzOupF89hofT57CZhVNoYgO2IWFu3+ -j2eZmq6nZbBBHBJG3II+FiFuPhTpuiMxdQ1WN84a+XklhIatOWVW8ALX/hBT12KC -Z9SxixgZQFpCQ9uNfpoCsMVrhWS9tJnUmnOiziWIEKgVHnPOh/uQLxxZvvSUc8Ag -aUAM2DcDx3QWw1RLx/kJPfpCt2tHEHGfGpd7U5LcTEfDYIyjfwnVF9L1kGuHaT+k -RW96vq9NFikSKmyEKRZ3EUZNqXJE3dd6pYpOO3GjHRr2fBn1D+UpV90vswTWBrzX -7gO8aPnnD8/uD6h6pFSBNpAAKpEBS9watDRBlTIEsivaTeZxzob7dk9ZiK8cjsRQ -jhVTvwQw9r5ong50y1pg5APD3wwipNUjHVMD45XQNbxZAGsZMPnvA0vDFECKJ6iG -CVwpOc48Fkl6frY0ByddCES4lWzgkkfYtPQGkPYxhOGhaqiRXO8kjk0/Dbw4AJW1 -BoHM9DydPohXuNQZIA19v7lcYvQShCmp3xbUoQ45AwZno4DpAAA= -=PQ84 ------END PGP SIGNATURE----- diff --git a/SOURCES/squid-5.2-CVE-2021-46784.patch b/SOURCES/squid-5.5-CVE-2021-46784.patch similarity index 87% rename from SOURCES/squid-5.2-CVE-2021-46784.patch rename to SOURCES/squid-5.5-CVE-2021-46784.patch index c2630d3..4e5e796 100644 --- a/SOURCES/squid-5.2-CVE-2021-46784.patch +++ b/SOURCES/squid-5.5-CVE-2021-46784.patch @@ -1,17 +1,8 @@ -From 780c4ea1b4c9d2fb41f6962aa6ed73ae57f74b2b Mon Sep 17 00:00:00 2001 -From: Joshua Rogers -Date: Mon, 18 Apr 2022 13:42:36 +0000 -Subject: [PATCH] Improve handling of Gopher responses (#1022) - ---- - src/gopher.cc | 45 ++++++++++++++++++++------------------------- - 1 file changed, 20 insertions(+), 25 deletions(-) - diff --git a/src/gopher.cc b/src/gopher.cc -index 169b0e18299..6187da18bcd 100644 +index 576a3f7..2645b6b 100644 --- a/src/gopher.cc +++ b/src/gopher.cc -@@ -371,7 +371,6 @@ gopherToHTML(GopherStateData * gopherState, char *inbuf, int len) +@@ -364,7 +364,6 @@ gopherToHTML(GopherStateData * gopherState, char *inbuf, int len) char *lpos = NULL; char *tline = NULL; LOCAL_ARRAY(char, line, TEMP_BUF_SIZE); @@ -19,7 +10,7 @@ index 169b0e18299..6187da18bcd 100644 char *name = NULL; char *selector = NULL; char *host = NULL; -@@ -381,7 +380,6 @@ gopherToHTML(GopherStateData * gopherState, char *inbuf, int len) +@@ -374,7 +373,6 @@ gopherToHTML(GopherStateData * gopherState, char *inbuf, int len) char gtype; StoreEntry *entry = NULL; @@ -27,7 +18,7 @@ index 169b0e18299..6187da18bcd 100644 memset(line, '\0', TEMP_BUF_SIZE); entry = gopherState->entry; -@@ -416,7 +414,7 @@ gopherToHTML(GopherStateData * gopherState, char *inbuf, int len) +@@ -409,7 +407,7 @@ gopherToHTML(GopherStateData * gopherState, char *inbuf, int len) return; } @@ -36,7 +27,7 @@ index 169b0e18299..6187da18bcd 100644 if (!gopherState->HTML_header_added) { if (gopherState->conversion == GopherStateData::HTML_CSO_RESULT) -@@ -583,34 +581,34 @@ gopherToHTML(GopherStateData * gopherState, char *inbuf, int len) +@@ -577,34 +575,34 @@ gopherToHTML(GopherStateData * gopherState, char *inbuf, int len) break; } @@ -85,7 +76,7 @@ index 169b0e18299..6187da18bcd 100644 } else { memset(line, '\0', TEMP_BUF_SIZE); continue; -@@ -643,13 +641,12 @@ gopherToHTML(GopherStateData * gopherState, char *inbuf, int len) +@@ -637,13 +635,12 @@ gopherToHTML(GopherStateData * gopherState, char *inbuf, int len) break; if (gopherState->cso_recno != recno) { @@ -101,7 +92,7 @@ index 169b0e18299..6187da18bcd 100644 break; } else { int code; -@@ -677,8 +674,7 @@ gopherToHTML(GopherStateData * gopherState, char *inbuf, int len) +@@ -671,8 +668,7 @@ gopherToHTML(GopherStateData * gopherState, char *inbuf, int len) case 502: { /* Too Many Matches */ /* Print the message the server returns */ @@ -111,7 +102,7 @@ index 169b0e18299..6187da18bcd 100644 break; } -@@ -694,13 +690,12 @@ gopherToHTML(GopherStateData * gopherState, char *inbuf, int len) +@@ -688,13 +684,12 @@ gopherToHTML(GopherStateData * gopherState, char *inbuf, int len) } /* while loop */ diff --git a/SOURCES/squid-5.2-CVE-2022-41318.patch b/SOURCES/squid-5.5-CVE-2022-41318.patch similarity index 100% rename from SOURCES/squid-5.2-CVE-2022-41318.patch rename to SOURCES/squid-5.5-CVE-2022-41318.patch diff --git a/SOURCES/squid-5.5.tar.xz.asc b/SOURCES/squid-5.5.tar.xz.asc new file mode 100644 index 0000000..c7080a6 --- /dev/null +++ b/SOURCES/squid-5.5.tar.xz.asc @@ -0,0 +1,25 @@ +File: squid-5.5.tar.xz +Date: Wed 13 Apr 2022 08:45:42 UTC +Size: 2565732 +MD5 : 83ccc2d86ca0966e3555a3b78f5afd14 +SHA1: 42302bd9b8feff851a41420334cb8eaeab2806ab +Key : CD6DBF8EF3B17D3E + B068 84ED B779 C89B 044E 64E3 CD6D BF8E F3B1 7D3E + keyring = http://www.squid-cache.org/pgp.asc + keyserver = pool.sks-keyservers.net +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCgAdFiEEsGiE7bd5yJsETmTjzW2/jvOxfT4FAmJWjb4ACgkQzW2/jvOx +fT7t0A/9GjAdINfSP4gQyUr+Uvakz9O6fA9Jo3F30VafYimrSGm+VdGWntTsrOaP +VcsCdG3/Dvrhnqtu9+hwfKKQ61lmmUC7KVycx3whEUepQbZu5kd05csD7nwQ+AFe +7eJr0IwbRI4XdUhNW4AB52i/+hpHs/YSrSokumx5NVhwAUvT81TToUNzUjfKuXyy +U+w6GQ9kJbVW1UgFYZGZdJwCmD5Z7fNdUllKZhLj4I5GZ+5Zz5+lJP3ZBC6qavde +34hbpHbt+/lqz337eNoxwlyPNKPDiGIUEY9T4cdzA0BiLggTmlukDFErlYuHgCMX +BmQ9elJtdRaCD2YD+U1H9J+2wqt9O01gdyFU1V3RnNLZphgWur9X808rujuE46+Q +sxyV6SjeBh6Xs/I7wA9utX0pbVD+nLvna6Be49M1yAghBwTjiYN9fGC3ufj4St3k +PCvkTkBUOop3m4aBCRtUVO6w4Y/YmF71qAHIiSLe1i6xoztEDTVI0CA+vfrwwu2G +rFP5wuKsaYfBjkhQw4Jv6X30vnnOVqlxITGXcOnPXrHoD5KuYXv/Xsobqf8XsFdl +3qyXUe8lSI5idCg+Ajj9m0IqGWA50iFBs28Ca7GDacl9KApGn4O7kPLQY+7nN5cz +Nv3k8lYPh4KvRI1b2hcuoe3K63rEzty0e2vqG9zqxkpxOt20E/U= +=9xr/ +-----END PGP SIGNATURE----- diff --git a/SPECS/squid.spec b/SPECS/squid.spec index 51e0185..34b3a2e 100644 --- a/SPECS/squid.spec +++ b/SPECS/squid.spec @@ -1,8 +1,8 @@ %define __perl_requires %{SOURCE98} Name: squid -Version: 5.2 -Release: 1%{?dist}.2 +Version: 5.5 +Release: 3%{?dist} Summary: The Squid proxy caching server Epoch: 7 # See CREDITS for breakdown of non GPLv2+ code @@ -42,11 +42,11 @@ Patch207: squid-5.0.6-active-ftp.patch # https://bugzilla.redhat.com/show_bug.cgi?id=1988122 Patch208: squid-5.1-test-store-cppsuite.patch -# Security issues +# Security patches # https://bugzilla.redhat.com/show_bug.cgi?id=2100721 -Patch501: squid-5.2-CVE-2021-46784.patch +Patch501: squid-5.5-CVE-2021-46784.patch # https://bugzilla.redhat.com/show_bug.cgi?id=2129771 -Patch502: squid-5.2-CVE-2022-41318.patch +Patch502: squid-5.5-CVE-2022-41318.patch # cache_swap.sh Requires: bash gawk @@ -354,14 +354,18 @@ fi %changelog -* Wed Sep 28 2022 Luboš Uhliarik - 7:5.2-1.2 -- Resolves: #2130251 - CVE-2022-41318 squid: buffer-over-read in SSPI and SMB +* Thu Sep 29 2022 Luboš Uhliarik - 7:5.5-3 +- Resolves: #2130252 - CVE-2022-41318 squid: buffer-over-read in SSPI and SMB authentication -* Tue Jun 28 2022 Luboš Uhliarik - 7:5.2-1.1 -- Resolves: #2100784 - CVE-2021-46784 squid: DoS when processing gopher server +* Mon Jul 11 2022 Luboš Uhliarik - 7:5.5-2 +- Resolves: #2100785 - CVE-2021-46784 squid: DoS when processing gopher server responses +* Tue May 31 2022 Luboš Uhliarik - 7:5.5-1 +- new version 5.5 +- Resolves: #2075727 - The memory usage of the squid process keeps increasing + * Thu Oct 07 2021 Luboš Uhliarik - 7:5.2-1 - new version 5.2 - Resolves: #1934560 - squid: out-of-bounds read in WCCP protocol