diff --git a/squid-4.15-CVE-2026-32748.patch b/squid-4.15-CVE-2026-32748.patch index 4d7a469..cd90a3e 100644 --- a/squid-4.15-CVE-2026-32748.patch +++ b/squid-4.15-CVE-2026-32748.patch @@ -1,4 +1,4 @@ -commit 0d9d86c3f2a79b2913edf2f5ed03ff3792c876ea +commit 5a9d42417ff63a20c5a7736323aef5117999d555 Author: Tomas Korbar Date: Tue Apr 7 16:22:05 2026 +0200 @@ -30,7 +30,7 @@ index a45455b..aa3ab57 100644 /// \ingroup ServerProtocolICPAPI PF icpHandleUdp; diff --git a/src/icp_v2.cc b/src/icp_v2.cc -index eb63899..c167a5d 100644 +index eb63899..4f6a8fd 100644 --- a/src/icp_v2.cc +++ b/src/icp_v2.cc @@ -394,7 +394,7 @@ icpCreateAndSend(icp_opcode opcode, int flags, char const *url, int reqnum, int @@ -83,7 +83,7 @@ index eb63899..c167a5d 100644 + return request; + } + -+ icpCreateAndSend(ICP_ERR, 0, url, reqnum, 0, fd, from, nullptr); ++ icpCreateAndSend(ICP_ERR, 0, url, reqnum, 0, fd, from); + return nullptr; } @@ -152,6 +152,23 @@ index 5dd6709..b48f7d8 100644 state->fd = fd; state->from = from; state->url = xstrdup(url); +diff --git a/src/store_key_md5.h b/src/store_key_md5.h +index dffaad7..3e9bd42 100644 +--- a/src/store_key_md5.h ++++ b/src/store_key_md5.h +@@ -12,11 +12,9 @@ + #define SQUID_STORE_KEY_MD5_H_ + + #include "hash.h" ++#include "http/forward.h" + #include "store/forward.h" + +-class HttpRequestMethod; +-class HttpRequest; +- + typedef enum { + ksDefault = 0, + ksRevalidation diff --git a/src/tests/stub_icp.cc b/src/tests/stub_icp.cc index 9c0f60f..4429ccb 100644 --- a/src/tests/stub_icp.cc diff --git a/squid.spec b/squid.spec index 67ab9e5..d650fc8 100644 --- a/squid.spec +++ b/squid.spec @@ -2,7 +2,7 @@ Name: squid Version: 4.15 -Release: 10%{?dist}.10 +Release: 10%{?dist}.11 Summary: The Squid proxy caching server Epoch: 7 # See CREDITS for breakdown of non GPLv2+ code @@ -384,6 +384,10 @@ fi %changelog +* Wed Apr 08 2026 Tomas Korbar - 7:4.15-10.11 +- Fix patch for CVE-2026-32748 +- Resolves: RHEL-160675 + * Tue Apr 07 2026 Tomas Korbar - 7:4.15-10.10 - Resolves: RHEL-160675 - squid:4/squid: Squid: Denial of Service via crafted ICP traffic (CVE-2026-32748)