Compare commits
2 Commits
c10-beta
...
c8-stream-
| Author | SHA1 | Date | |
|---|---|---|---|
| d7b01e3ac3 | |||
| c6d920713f |
61
SOURCES/squid-4.15-dns-obey-ttl-set-to-zero.patch
Normal file
61
SOURCES/squid-4.15-dns-obey-ttl-set-to-zero.patch
Normal file
@ -0,0 +1,61 @@
|
||||
diff --git a/src/ipcache.cc b/src/ipcache.cc
|
||||
index ea32021..6012f1f 100644
|
||||
--- a/src/ipcache.cc
|
||||
+++ b/src/ipcache.cc
|
||||
@@ -103,6 +103,7 @@ public:
|
||||
} flags;
|
||||
|
||||
int age() const; ///< time passed since request_time or -1 if unknown
|
||||
+ void updateTtl(const unsigned int rrTtl);
|
||||
};
|
||||
|
||||
/// \ingroup IPCacheInternal
|
||||
@@ -338,7 +339,6 @@ ipcacheParse(ipcache_entry *i, const rfc1035_rr * answers, int nr, const char *e
|
||||
int k;
|
||||
int j = 0;
|
||||
int na = 0;
|
||||
- int ttl = 0;
|
||||
const char *name = (const char *)i->hash.key;
|
||||
int cname_found = 0;
|
||||
|
||||
@@ -436,8 +436,8 @@ ipcacheParse(ipcache_entry *i, const rfc1035_rr * answers, int nr, const char *e
|
||||
debugs(14, 3, name << " #" << j << " " << i->addrs.in_addrs[j] );
|
||||
++j;
|
||||
}
|
||||
- if (ttl == 0 || (int) answers[k].ttl < ttl)
|
||||
- ttl = answers[k].ttl;
|
||||
+
|
||||
+ i->updateTtl(answers[k].ttl);
|
||||
}
|
||||
|
||||
assert(j == na);
|
||||
@@ -447,17 +447,21 @@ ipcacheParse(ipcache_entry *i, const rfc1035_rr * answers, int nr, const char *e
|
||||
else
|
||||
i->addrs.count = 255;
|
||||
|
||||
- if (ttl > Config.positiveDnsTtl)
|
||||
- ttl = Config.positiveDnsTtl;
|
||||
-
|
||||
- if (ttl < Config.negativeDnsTtl)
|
||||
- ttl = Config.negativeDnsTtl;
|
||||
-
|
||||
- i->expires = squid_curtime + ttl;
|
||||
-
|
||||
i->flags.negcached = false;
|
||||
}
|
||||
|
||||
+void
|
||||
+ipcache_entry::updateTtl(const unsigned int rrTtl)
|
||||
+{
|
||||
+ const time_t ttl = std::min(std::max(
|
||||
+ Config.negativeDnsTtl, // smallest value allowed
|
||||
+ static_cast<time_t>(rrTtl)),
|
||||
+ Config.positiveDnsTtl); // largest value allowed
|
||||
+ const time_t rrExpires = squid_curtime + ttl;
|
||||
+ if (rrExpires < expires)
|
||||
+ expires = rrExpires;
|
||||
+}
|
||||
+
|
||||
/// \ingroup IPCacheInternal
|
||||
static void
|
||||
ipcacheHandleReply(void *data, const rfc1035_rr * answers, int na, const char *error_message)
|
||||
48
SOURCES/squid-4.15-fatal-read-data-from-mem.patch
Normal file
48
SOURCES/squid-4.15-fatal-read-data-from-mem.patch
Normal file
@ -0,0 +1,48 @@
|
||||
From 6c29ec591b1c777fc9a66f810f0ce5bc5076bc40 Mon Sep 17 00:00:00 2001
|
||||
From: Alex Rousskov <rousskov@measurement-factory.com>
|
||||
Date: Tue, 14 Nov 2023 18:40:37 +0000
|
||||
Subject: [PATCH] Bug 5317: FATAL attempt to read data from memory (#1579)
|
||||
|
||||
FATAL: Squid has attempted to read data ... that is not present.
|
||||
|
||||
Recent commit 122a6e3 attempted to deliver in-memory response body bytes
|
||||
to a Store-reading client that requested (at least) response headers.
|
||||
That optimization relied on the old canReadFromMemory() logic, but that
|
||||
logic results in false positives when the checked read offset falls into
|
||||
a gap between stored headers and the first body byte of a Content-Range.
|
||||
In that case, a false positive leads to a readFromMemory() call and a
|
||||
FATAL mem_hdr::copy() error.
|
||||
|
||||
This workaround disables the above optimization without fixing
|
||||
canReadFromMemory(). We believe that a readFromMemory() call that comes
|
||||
right after response headers are delivered to the Store-reading client
|
||||
will not suffer from the same problem because the client will supply the
|
||||
read offset of the first body byte, eliminating the false positive.
|
||||
---
|
||||
src/store_client.cc | 6 ++++--
|
||||
1 file changed, 4 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/src/store_client.cc b/src/store_client.cc
|
||||
index a5f2440..b09f78a 100644
|
||||
--- a/src/store_client.cc
|
||||
+++ b/src/store_client.cc
|
||||
@@ -355,8 +355,9 @@ store_client::doCopy(StoreEntry *anEntry)
|
||||
return; // failure
|
||||
}
|
||||
|
||||
- // send any immediately available body bytes even if we also sendHttpHeaders
|
||||
- if (canReadFromMemory()) {
|
||||
+ // Send any immediately available body bytes unless we sendHttpHeaders.
|
||||
+ // TODO: Send those body bytes when we sendHttpHeaders as well.
|
||||
+ if (!sendHttpHeaders && canReadFromMemory()) {
|
||||
readFromMemory();
|
||||
noteNews(); // will sendHttpHeaders (if needed) as well
|
||||
flags.store_copying = false;
|
||||
@@ -442,6 +443,7 @@ store_client::canReadFromMemory() const
|
||||
{
|
||||
const auto &mem = entry->mem();
|
||||
const auto memReadOffset = nextHttpReadOffset();
|
||||
+ // XXX: This (lo <= offset < end) logic does not support Content-Range gaps.
|
||||
return mem.inmem_lo <= memReadOffset && memReadOffset < mem.endOffset() &&
|
||||
parsingBuffer.first.spaceSize();
|
||||
}
|
||||
@ -2,7 +2,7 @@
|
||||
|
||||
Name: squid
|
||||
Version: 4.15
|
||||
Release: 10%{?dist}.3
|
||||
Release: 10%{?dist}.6
|
||||
Summary: The Squid proxy caching server
|
||||
Epoch: 7
|
||||
# See CREDITS for breakdown of non GPLv2+ code
|
||||
@ -40,6 +40,10 @@ Patch208: squid-4.11-convert-ipv4.patch
|
||||
Patch209: squid-4.15-ftp-filename-extraction.patch
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=2076717
|
||||
Patch210: squid-4.15-halfclosed.patch
|
||||
# https://issues.redhat.com/browse/RHEL-66120
|
||||
Patch211: squid-4.15-dns-obey-ttl-set-to-zero.patch
|
||||
# https://issues.redhat.com/browse/RHEL-57030
|
||||
Patch212: squid-4.15-fatal-read-data-from-mem.patch
|
||||
|
||||
# Security fixes
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1941506
|
||||
@ -106,7 +110,7 @@ BuildRequires: systemd-devel
|
||||
|
||||
%description
|
||||
Squid is a high-performance proxy caching server for Web clients,
|
||||
supporting FTP, gopher, and HTTP data objects. Unlike traditional
|
||||
supporting FTP and HTTP data objects. Unlike traditional
|
||||
caching software, Squid handles all requests in a single,
|
||||
non-blocking, I/O-driven process. Squid keeps meta data and especially
|
||||
hot objects cached in RAM, caches DNS lookups, supports non-blocking
|
||||
@ -134,6 +138,7 @@ lookup program (dnsserver), a program for retrieving FTP data
|
||||
%patch208 -p1 -b .convert-ipv4
|
||||
%patch209 -p1 -b .ftp-fn-extraction
|
||||
%patch210 -p1 -b .halfclosed
|
||||
%patch211 -p1 -b .dns-obey-ttl-set-to-zero
|
||||
|
||||
# Security patches
|
||||
%patch300 -p1 -b .CVE-2021-28116
|
||||
@ -152,6 +157,9 @@ lookup program (dnsserver), a program for retrieving FTP data
|
||||
%patch313 -p1 -b .ignore-wsp-chunk-sz
|
||||
%patch314 -p1 -b .CVE-2024-23638
|
||||
|
||||
# patch305 follow-up
|
||||
%patch212 -p1 -b .fatal-read-data-from-mem
|
||||
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1679526
|
||||
# Patch in the vendor documentation and used different location for documentation
|
||||
sed -i 's|@SYSCONFDIR@/squid.conf.documented|%{_pkgdocdir}/squid.conf.documented|' src/squid.8.in
|
||||
@ -367,6 +375,16 @@ fi
|
||||
|
||||
|
||||
%changelog
|
||||
* Wed Mar 26 2025 Luboš Uhliarik <luhliari@redhat.com> - 7:4.15-10.6
|
||||
- Resolves: RHEL-84420 - A squid child process causes a memory reference error
|
||||
and the squid service terminates abnormally
|
||||
|
||||
* Fri Nov 22 2024 Luboš Uhliarik <luhliari@redhat.com> - 7:4.15-10.5
|
||||
- Resolves: RHEL-66120 - squid caches DNS entries despite having TTL set to 0
|
||||
|
||||
* Mon Nov 18 2024 Luboš Uhliarik <luhliari@redhat.com> - 7:4.15-10.4
|
||||
- Resolves: RHEL-67870 - Remove gopher mention from spec file
|
||||
|
||||
* Wed Nov 13 2024 Luboš Uhliarik <luhliari@redhat.com> - 7:4.15-10.3
|
||||
- Resolves: RHEL-22593 - CVE-2024-23638 squid:4/squid: vulnerable to
|
||||
a Denial of Service attack against Cache Manager error responses
|
||||
|
||||
Loading…
Reference in New Issue
Block a user