Import from CS git

SOURCES/squid-4.15-fatal-read-data-from-mem.patch

@@ -0,0 +1,48 @@
+From 6c29ec591b1c777fc9a66f810f0ce5bc5076bc40 Mon Sep 17 00:00:00 2001
+From: Alex Rousskov <rousskov@measurement-factory.com>
+Date: Tue, 14 Nov 2023 18:40:37 +0000
+Subject: [PATCH] Bug 5317: FATAL attempt to read data from memory (#1579)
+
+    FATAL: Squid has attempted to read data ... that is not present.
+
+Recent commit 122a6e3 attempted to deliver in-memory response body bytes
+to a Store-reading client that requested (at least) response headers.
+That optimization relied on the old canReadFromMemory() logic, but that
+logic results in false positives when the checked read offset falls into
+a gap between stored headers and the first body byte of a Content-Range.
+In that case, a false positive leads to a readFromMemory() call and a
+FATAL mem_hdr::copy() error.
+
+This workaround disables the above optimization without fixing
+canReadFromMemory(). We believe that a readFromMemory() call that comes
+right after response headers are delivered to the Store-reading client
+will not suffer from the same problem because the client will supply the
+read offset of the first body byte, eliminating the false positive.
+---
+ src/store_client.cc | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/src/store_client.cc b/src/store_client.cc
+index a5f2440..b09f78a 100644
+--- a/src/store_client.cc
++++ b/src/store_client.cc
+@@ -355,8 +355,9 @@ store_client::doCopy(StoreEntry *anEntry)
+             return; // failure
+     }
+ 
+-    // send any immediately available body bytes even if we also sendHttpHeaders
+-    if (canReadFromMemory()) {
++    // Send any immediately available body bytes unless we sendHttpHeaders.
++    // TODO: Send those body bytes when we sendHttpHeaders as well.
++    if (!sendHttpHeaders && canReadFromMemory()) {
+         readFromMemory();
+         noteNews(); // will sendHttpHeaders (if needed) as well
+         flags.store_copying = false;
+@@ -442,6 +443,7 @@ store_client::canReadFromMemory() const
+ {
+     const auto &mem = entry->mem();
+     const auto memReadOffset = nextHttpReadOffset();
++    // XXX: This (lo <= offset < end) logic does not support Content-Range gaps.
+     return mem.inmem_lo <= memReadOffset && memReadOffset < mem.endOffset() &&
+            parsingBuffer.first.spaceSize();
+ }

SPECS/squid.spec

@@ -2,7 +2,7 @@
 
 Name:     squid
 Version:  4.15
-Release:  10%{?dist}.5
+Release:  10%{?dist}.6
 Summary:  The Squid proxy caching server
 Epoch:    7
 # See CREDITS for breakdown of non GPLv2+ code
@@ -42,6 +42,8 @@ Patch209: squid-4.15-ftp-filename-extraction.patch
 Patch210: squid-4.15-halfclosed.patch
 # https://issues.redhat.com/browse/RHEL-66120
 Patch211: squid-4.15-dns-obey-ttl-set-to-zero.patch
+# https://issues.redhat.com/browse/RHEL-57030
+Patch212: squid-4.15-fatal-read-data-from-mem.patch
 
 # Security fixes
 # https://bugzilla.redhat.com/show_bug.cgi?id=1941506
@@ -155,6 +157,9 @@ lookup program (dnsserver), a program for retrieving FTP data
 %patch313 -p1 -b .ignore-wsp-chunk-sz
 %patch314 -p1 -b .CVE-2024-23638
 
+# patch305 follow-up
+%patch212 -p1 -b .fatal-read-data-from-mem
+
 # https://bugzilla.redhat.com/show_bug.cgi?id=1679526
 # Patch in the vendor documentation and used different location for documentation
 sed -i 's|@SYSCONFDIR@/squid.conf.documented|%{_pkgdocdir}/squid.conf.documented|' src/squid.8.in
@@ -370,6 +375,10 @@ fi
 
 
 %changelog
+* Wed Mar 26 2025 Luboš Uhliarik <luhliari@redhat.com> - 7:4.15-10.6
+- Resolves: RHEL-84420 - A squid child process causes a memory reference error
+  and the squid service terminates abnormally
+
 * Fri Nov 22 2024 Luboš Uhliarik <luhliari@redhat.com> - 7:4.15-10.5
 - Resolves: RHEL-66120 - squid caches DNS entries despite having TTL set to 0