Import from CS git
This commit is contained in:
parent
f8e5bed933
commit
fc71adfc98
2
.gitignore
vendored
2
.gitignore
vendored
@ -1 +1 @@
|
|||||||
SOURCES/squid-4.15.tar.xz
|
SOURCES/squid-4.15.tar.xz
|
||||||
|
31
SOURCES/squid-4.15-CVE-2024-23638.patch
Normal file
31
SOURCES/squid-4.15-CVE-2024-23638.patch
Normal file
@ -0,0 +1,31 @@
|
|||||||
|
commit 8fcff9c09824b18628f010d26a04247f6a6cbcb8
|
||||||
|
Author: Alex Rousskov <rousskov@measurement-factory.com>
|
||||||
|
Date: Sun Nov 12 09:33:20 2023 +0000
|
||||||
|
|
||||||
|
Do not update StoreEntry expiration after errorAppendEntry() (#1580)
|
||||||
|
|
||||||
|
errorAppendEntry() is responsible for setting entry expiration times,
|
||||||
|
which it does by calling StoreEntry::storeErrorResponse() that calls
|
||||||
|
StoreEntry::negativeCache().
|
||||||
|
|
||||||
|
This change was triggered by a vulnerability report by Joshua Rogers at
|
||||||
|
https://megamansec.github.io/Squid-Security-Audit/cache-uaf.html where
|
||||||
|
it was filed as "Use-After-Free in Cache Manager Errors". The reported
|
||||||
|
"use after free" vulnerability was unknowingly addressed by 2022 commit
|
||||||
|
1fa761a that removed excessively long "reentrant" store_client calls
|
||||||
|
responsible for the disappearance of the properly locked StoreEntry in
|
||||||
|
this (and probably other) contexts.
|
||||||
|
|
||||||
|
|
||||||
|
diff --git a/src/cache_manager.cc b/src/cache_manager.cc
|
||||||
|
index 8055ece..fdcc9cf 100644
|
||||||
|
--- a/src/cache_manager.cc
|
||||||
|
+++ b/src/cache_manager.cc
|
||||||
|
@@ -323,7 +323,6 @@ CacheManager::Start(const Comm::ConnectionPointer &client, HttpRequest * request
|
||||||
|
const auto err = new ErrorState(ERR_INVALID_URL, Http::scNotFound, request);
|
||||||
|
err->url = xstrdup(entry->url());
|
||||||
|
errorAppendEntry(entry, err);
|
||||||
|
- entry->expires = squid_curtime;
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
@ -2,7 +2,7 @@
|
|||||||
|
|
||||||
Name: squid
|
Name: squid
|
||||||
Version: 4.15
|
Version: 4.15
|
||||||
Release: 10%{?dist}.1
|
Release: 10%{?dist}.3
|
||||||
Summary: The Squid proxy caching server
|
Summary: The Squid proxy caching server
|
||||||
Epoch: 7
|
Epoch: 7
|
||||||
# See CREDITS for breakdown of non GPLv2+ code
|
# See CREDITS for breakdown of non GPLv2+ code
|
||||||
@ -72,7 +72,8 @@ Patch312: squid-4.15-CVE-2024-25111.patch
|
|||||||
# Regression caused by squid-4.15-CVE-2023-46846.patch
|
# Regression caused by squid-4.15-CVE-2023-46846.patch
|
||||||
# Upstream PR: https://github.com/squid-cache/squid/pull/1914
|
# Upstream PR: https://github.com/squid-cache/squid/pull/1914
|
||||||
Patch313: squid-4.15-ignore-wsp-after-chunk-size.patch
|
Patch313: squid-4.15-ignore-wsp-after-chunk-size.patch
|
||||||
|
# https://bugzilla.redhat.com/show_bug.cgi?id=2260051
|
||||||
|
Patch314: squid-4.15-CVE-2024-23638.patch
|
||||||
|
|
||||||
Requires: bash >= 2.0
|
Requires: bash >= 2.0
|
||||||
Requires(pre): shadow-utils
|
Requires(pre): shadow-utils
|
||||||
@ -89,8 +90,6 @@ BuildRequires: openssl-devel
|
|||||||
BuildRequires: krb5-devel
|
BuildRequires: krb5-devel
|
||||||
# time_quota requires DB
|
# time_quota requires DB
|
||||||
BuildRequires: libdb-devel
|
BuildRequires: libdb-devel
|
||||||
# ESI support requires Expat & libxml2
|
|
||||||
BuildRequires: expat-devel libxml2-devel
|
|
||||||
# TPROXY requires libcap, and also increases security somewhat
|
# TPROXY requires libcap, and also increases security somewhat
|
||||||
BuildRequires: libcap-devel
|
BuildRequires: libcap-devel
|
||||||
# eCAP support
|
# eCAP support
|
||||||
@ -151,6 +150,7 @@ lookup program (dnsserver), a program for retrieving FTP data
|
|||||||
%patch311 -p1 -b .CVE-2024-25617
|
%patch311 -p1 -b .CVE-2024-25617
|
||||||
%patch312 -p1 -b .CVE-2024-25111
|
%patch312 -p1 -b .CVE-2024-25111
|
||||||
%patch313 -p1 -b .ignore-wsp-chunk-sz
|
%patch313 -p1 -b .ignore-wsp-chunk-sz
|
||||||
|
%patch314 -p1 -b .CVE-2024-23638
|
||||||
|
|
||||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1679526
|
# https://bugzilla.redhat.com/show_bug.cgi?id=1679526
|
||||||
# Patch in the vendor documentation and used different location for documentation
|
# Patch in the vendor documentation and used different location for documentation
|
||||||
@ -195,7 +195,7 @@ autoconf
|
|||||||
--enable-storeio="aufs,diskd,ufs,rock" \
|
--enable-storeio="aufs,diskd,ufs,rock" \
|
||||||
--enable-diskio \
|
--enable-diskio \
|
||||||
--enable-wccpv2 \
|
--enable-wccpv2 \
|
||||||
--enable-esi \
|
--disable-esi \
|
||||||
--enable-ecap \
|
--enable-ecap \
|
||||||
--with-aio \
|
--with-aio \
|
||||||
--with-default-user="squid" \
|
--with-default-user="squid" \
|
||||||
@ -367,6 +367,15 @@ fi
|
|||||||
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Wed Nov 13 2024 Luboš Uhliarik <luhliari@redhat.com> - 7:4.15-10.3
|
||||||
|
- Resolves: RHEL-22593 - CVE-2024-23638 squid:4/squid: vulnerable to
|
||||||
|
a Denial of Service attack against Cache Manager error responses
|
||||||
|
|
||||||
|
* Thu Nov 07 2024 Luboš Uhliarik <luhliari@redhat.com> - 7:4.15-10.2
|
||||||
|
- Disable ESI support
|
||||||
|
- Resolves: RHEL-65075 - CVE-2024-45802 squid:4/squid: Denial of Service
|
||||||
|
processing ESI response content
|
||||||
|
|
||||||
* Mon Oct 14 2024 Luboš Uhliarik <luhliari@redhat.com> - 7:4.15-10.1
|
* Mon Oct 14 2024 Luboš Uhliarik <luhliari@redhat.com> - 7:4.15-10.1
|
||||||
- Resolves: RHEL-56024 - (Regression) Transfer-encoding:chunked data is not sent
|
- Resolves: RHEL-56024 - (Regression) Transfer-encoding:chunked data is not sent
|
||||||
to the client in its complementary
|
to the client in its complementary
|
||||||
|
Loading…
Reference in New Issue
Block a user