import squid-4.11-4.module+el8.4.0+10676+a969168e.2
This commit is contained in:
parent
32f4bda808
commit
dacda54465
60
SOURCES/squid-4.11-CVE-2020-25097.patch
Normal file
60
SOURCES/squid-4.11-CVE-2020-25097.patch
Normal file
@ -0,0 +1,60 @@
|
||||
From dfd818595b54942cb1adc45f6aed95c9b706e3a8 Mon Sep 17 00:00:00 2001
|
||||
From: Amos Jeffries <yadij@users.noreply.github.com>
|
||||
Date: Fri, 4 Sep 2020 17:38:30 +1200
|
||||
Subject: [PATCH] Merge pull request from GHSA-jvf6-h9gj-pmj6
|
||||
|
||||
* Add slash prefix to path-rootless or path-noscheme URLs
|
||||
|
||||
* Update src/anyp/Uri.cc
|
||||
|
||||
Co-authored-by: Alex Rousskov <rousskov@measurement-factory.com>
|
||||
|
||||
* restore file trailer GH auto-removes
|
||||
|
||||
* Remove redundant path-empty check
|
||||
|
||||
* Removed stale comment left behind by b2ab59a
|
||||
|
||||
Many things imply a leading `/` in a URI. Their enumeration is likely to
|
||||
(and did) become stale, misleading the reader.
|
||||
|
||||
* fixup: Remind that the `src` iterator may be at its end
|
||||
|
||||
We are dereferencing `src` without comparing it to `\0`.
|
||||
To many readers that (incorrectly) implies that we are not done iterating yet.
|
||||
|
||||
Also fixed branch-added comment indentation.
|
||||
|
||||
Co-authored-by: Alex Rousskov <rousskov@measurement-factory.com>
|
||||
---
|
||||
src/anyp/Uri.cc | 10 +++-------
|
||||
1 file changed, 3 insertions(+), 7 deletions(-)
|
||||
|
||||
diff --git a/src/anyp/Uri.cc b/src/anyp/Uri.cc
|
||||
index b745c54..31f02d5 100644
|
||||
--- a/src/anyp/Uri.cc
|
||||
+++ b/src/anyp/Uri.cc
|
||||
@@ -293,8 +293,9 @@ AnyP::Uri::parse(const HttpRequestMethod& method, const SBuf &rawUrl)
|
||||
return false;
|
||||
*dst = '\0';
|
||||
|
||||
- // bug 3074: received 'path' starting with '?', '#', or '\0' implies '/'
|
||||
- if (*src == '?' || *src == '#' || *src == '\0') {
|
||||
+ // We are looking at path-abempty.
|
||||
+ if (*src != '/') {
|
||||
+ // path-empty, including the end of the `src` c-string cases
|
||||
urlpath[0] = '/';
|
||||
dst = &urlpath[1];
|
||||
} else {
|
||||
@@ -308,11 +309,6 @@ AnyP::Uri::parse(const HttpRequestMethod& method, const SBuf &rawUrl)
|
||||
/* We -could- be at the end of the buffer here */
|
||||
if (i > l)
|
||||
return false;
|
||||
- /* If the URL path is empty we set it to be "/" */
|
||||
- if (dst == urlpath) {
|
||||
- *dst = '/';
|
||||
- ++dst;
|
||||
- }
|
||||
*dst = '\0';
|
||||
|
||||
foundPort = scheme.defaultPort(); // may be reset later
|
@ -2,7 +2,7 @@
|
||||
|
||||
Name: squid
|
||||
Version: 4.11
|
||||
Release: 4%{?dist}
|
||||
Release: 4%{?dist}.2
|
||||
Summary: The Squid proxy caching server
|
||||
Epoch: 7
|
||||
# See CREDITS for breakdown of non GPLv2+ code
|
||||
@ -50,6 +50,8 @@ Patch502: squid-4.11-CVE-2020-24606.patch
|
||||
Patch503: squid-4.11-CVE-2020-15811.patch
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1871700
|
||||
Patch504: squid-4.11-CVE-2020-15810.patch
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1944260
|
||||
Patch505: squid-4.11-CVE-2020-25097.patch
|
||||
|
||||
|
||||
Requires: bash >= 2.0
|
||||
@ -119,6 +121,7 @@ lookup program (dnsserver), a program for retrieving FTP data
|
||||
%patch502 -p1 -b .cve-2020-24606
|
||||
%patch503 -p1 -b .CVE-2020-15811
|
||||
%patch504 -p1 -b .CVE-2020-15810
|
||||
%patch505 -p1 -b .CVE-2020-25097
|
||||
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1679526
|
||||
# Patch in the vendor documentation and used different location for documentation
|
||||
@ -335,6 +338,10 @@ fi
|
||||
|
||||
|
||||
%changelog
|
||||
* Wed Mar 31 2021 Lubos Uhliarik <luhliari@redhat.com> - 7:4.11-4.2
|
||||
- Resolves: #1944260 - CVE-2020-25097 squid:4/squid: improper input validation
|
||||
may allow a trusted client to perform HTTP Request Smuggling
|
||||
|
||||
* Mon Oct 26 2020 Lubos Uhliarik <luhliari@redhat.com> - 7:4.11-4
|
||||
- Resolves: #1890606 - Fix for CVE 2019-13345 breaks authentication in
|
||||
cachemgr.cgi
|
||||
|
Loading…
Reference in New Issue
Block a user