rpm/squid
SHA256
1
0
Fork 0
forked from pool/squid
Code Pull Requests Activity

Accepting request 1177317 from server:proxy

Browse Source 
- update to 6.9
  - Regression Bug 5349: basic_nis_auth build error: unterminated #ifndef
  - Bug 5069: Keep listening after getsockname() error
  - Bug 5360: FwdState::noteDestinationsEnd() assertion "err"
  - Reduce stale errno usage
  - Plug memory leak in handling cache manager requests
  - Fix error: template-id not allowed for constructor in C++20
  - Improve release packaging automation
- header_fixups.patch: upstreamed, removed
- 9be86d8db5e8f40829374d26334d0bb5272c1afd.patch: upstreamed, removed
- CVE-2024-33427.patch: fixes possible buffer overread leading to
  denial of service (bsc#1225417, CVE-2024-33427)

OBS-URL: https://build.opensuse.org/request/show/1177317
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/squid?expand=0&rev=121
This commit is contained in:
Ana Guerrero 2024-05-28 15:30:23 +00:00 committed by Git OBS Bridge
commit 3f696fa535
9 changed files with 53 additions and 68 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
9be86d8db5e8f40829374d26334d0bb5272c1afd.patch
View File

@ -1,29 +0,0 @@
commit 9be86d8db5e8f40829374d26334d0bb5272c1afd
Author: Alex Rousskov <rousskov@measurement-factory.com>
Date: Fri Mar 1 22:20:20 2024 +0000
Bug 5069: Keep listening after getsockname() error (#1713)
ERROR: Stopped accepting connections:
error: getsockname() failed to locate local-IP on ...
In many cases, these failures are intermittent client-triggered errors
(e.g., client shut down the accepted socket); Squid will successfully
accept other connections and, hence, should keep listening for them.
diff --git a/src/comm/TcpAcceptor.cc b/src/comm/TcpAcceptor.cc
index dcc52fbaa..aa082df4b 100644
--- a/src/comm/TcpAcceptor.cc
+++ b/src/comm/TcpAcceptor.cc
@@ -381,7 +381,10 @@ Comm::TcpAcceptor::acceptInto(Comm::ConnectionPointer &details)
if (getsockname(sock, gai->ai_addr, &gai->ai_addrlen) != 0) {
int xerrno = errno;
Ip::Address::FreeAddr(gai);
- throw TextException(ToSBuf("getsockname() failed to locate local-IP on ", details, ": ", xstrerr(xerrno)), Here());
+ debugs(50, DBG_IMPORTANT, "ERROR: Closing accepted TCP connection after failing to obtain its local IP address" <<
+ Debug::Extra << "accepted connection: " << details <<
+ Debug::Extra << "getsockname(2) error: " << xstrerr(xerrno));
+ return false;
}
details->local = *gai;
Ip::Address::FreeAddr(gai);

13
CVE-2024-33427.patch Normal file
View File

@ -0,0 +1,13 @@
Index: squid-6.9/src/ConfigParser.cc
===================================================================
--- squid-6.9.orig/src/ConfigParser.cc
+++ squid-6.9/src/ConfigParser.cc
@@ -181,7 +181,7 @@ ConfigParser::UnQuote(const char *token,
*d = '\0';
// We are expecting a separator after quoted string, space or one of "()#"
- if (*(s + 1) != '\0' && !strchr(w_space "()#", *(s + 1)) && !errorStr) {
+ if (!errorStr && *(s + 1) != '\0' && !strchr(w_space "()#", *(s + 1))) {
errorStr = "Expecting space after the end of quoted token";
errorPos = token;
}

14
header_fixups.patch
View File

@ -1,14 +0,0 @@
Index: squid-6.8/src/auth/basic/NIS/nis_support.h
===================================================================
--- squid-6.8.orig/src/auth/basic/NIS/nis_support.h
+++ squid-6.8/src/auth/basic/NIS/nis_support.h
@@ -8,9 +8,6 @@
#ifndef SQUID_SRC_AUTH_BASIC_NIS_NIS_SUPPORT_H
#define SQUID_SRC_AUTH_BASIC_NIS_NIS_SUPPORT_H
-#ifndef SQUID_SRC_AUTH_BASIC_NIS_NIS_SUPPORT_H
-#define SQUID_SRC_AUTH_BASIC_NIS_NIS_SUPPORT_H
-
extern char * get_nis_password(char *user, char *nisdomain, char *nismap);
#endif /* SQUID_SRC_AUTH_BASIC_NIS_NIS_SUPPORT_H */

3
squid-6.8.tar.xz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:11cc5650b51809d99483ccfae24744a2e51cd16199f5ff0c917e84fce695870f
size 2547796

17
squid-6.8.tar.xz.asc
View File

@ -1,17 +0,0 @@
File: squid-6.8.tar.xz
Date: Mon Mar 4 06:17:24 AM UTC 2024
Size: 2547796
MD5 : d84b0d0ee2b9c1bdb782cb5117a72913
SHA1: f9092ab57ec1f49720a02589a452e3498c183867
Key : 29B4B1F7CE03D1B1DED22F3028F85029FEF6E865 <kinkie@squid-cache.org>
29B4 B1F7 CE03 D1B1 DED2 2F30 28F8 5029 FEF6 E865
sub cv25519 2021-05-15 [E]
keyring = http://www.squid-cache.org/pgp.asc
keyserver = pool.sks-keyservers.net
-----BEGIN PGP SIGNATURE-----
iHUEABYIAB0WIQQptLH3zgPRsd7SLzAo+FAp/vboZQUCZeVnkQAKCRAo+FAp/vbo
Zc5eAP96D2jk2kcOdMEo1GVpDXwEjZkavTPmYC6k9oKNwDjJ+QD+LH4um4EPsglW
NedPryEIN/FCWwB5NLriVPwtVe0r7Aw=
=/X4C
-----END PGP SIGNATURE-----

3
squid-6.9.tar.xz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:1ad72d46e1cb556e9561214f0fb181adb87c7c47927ef69bc8acd68a03f61882
size 2557992

17
squid-6.9.tar.xz.asc Normal file
View File

@ -0,0 +1,17 @@
File: squid-6.9.tar.xz
Date: Mon Apr 8 06:31:46 AM UTC 2024
Size: 2557992
MD5 : 4888e9dc75c0daa0ed526b34c055cb67
SHA1: 5e73b30116ce7111589cc2b1c9bfe3c17efa2e75
Key : 29B4B1F7CE03D1B1DED22F3028F85029FEF6E865 <kinkie@squid-cache.org>
29B4 B1F7 CE03 D1B1 DED2 2F30 28F8 5029 FEF6 E865
sub cv25519 2021-05-15 [E]
keyring = http://www.squid-cache.org/pgp.asc
keyserver = pool.sks-keyservers.net
-----BEGIN PGP SIGNATURE-----
iHUEABYIAB0WIQQptLH3zgPRsd7SLzAo+FAp/vboZQUCZhOPagAKCRAo+FAp/vbo
ZcUMAP431ZvxTspTtnGMKRksGqYPkQn8t9e3LF21KIKKMgfSQAEA7lUbYqXSX4Av
0kdzaQZt83DNc/doQYeEU+S7Xtz1BA8=
=rcZg
-----END PGP SIGNATURE-----

17
squid.changes
View File

@ -1,3 +1,20 @@
-------------------------------------------------------------------
Tue May 28 08:39:49 UTC 2024 - Adam Majer <adam.majer@suse.de>
- update to 6.9
- Regression Bug 5349: basic_nis_auth build error: unterminated #ifndef
- Bug 5069: Keep listening after getsockname() error
- Bug 5360: FwdState::noteDestinationsEnd() assertion "err"
- Reduce stale errno usage
- Plug memory leak in handling cache manager requests
- Fix error: template-id not allowed for constructor in C++20
- Improve release packaging automation
- header_fixups.patch: upstreamed, removed
- 9be86d8db5e8f40829374d26334d0bb5272c1afd.patch: upstreamed, removed
- CVE-2024-33427.patch: fixes possible buffer overread leading to
denial of service (bsc#1225417, CVE-2024-33427)
------------------------------------------------------------------- -------------------------------------------------------------------
Wed Mar 6 12:02:14 UTC 2024 - Adam Majer <adam.majer@suse.de> Wed Mar 6 12:02:14 UTC 2024 - Adam Majer <adam.majer@suse.de>

8
squid.spec
View File

@ -24,7 +24,7 @@
%define squidhelperdir %{_sbindir} %define squidhelperdir %{_sbindir}
%endif %endif
Name: squid Name: squid
Version: 6.8 Version: 6.9
Release: 0 Release: 0
Summary: Caching and forwarding HTTP web proxy Summary: Caching and forwarding HTTP web proxy
License: GPL-2.0-or-later License: GPL-2.0-or-later
@ -51,8 +51,7 @@ Source17: tmpfilesdir.squid.conf
Patch1: missing_installs.patch Patch1: missing_installs.patch
Patch2: old_nettle_compat.patch Patch2: old_nettle_compat.patch
Patch3: harden_squid.service.patch Patch3: harden_squid.service.patch
Patch4: header_fixups.patch Patch4: CVE-2024-33427.patch
Patch5: 9be86d8db5e8f40829374d26334d0bb5272c1afd.patch
BuildRequires: cppunit-devel BuildRequires: cppunit-devel
BuildRequires: expat BuildRequires: expat
BuildRequires: fdupes BuildRequires: fdupes
@ -109,8 +108,7 @@ accelerator.
%setup -q %setup -q
cp %{SOURCE10} . cp %{SOURCE10} .
%patch -P 3 -p1 %patch -P 3 -p1
%patch -P4 -p1 %patch -P 4 -p1
%patch -P5 -p1
# upstream patches after RELEASE # upstream patches after RELEASE
perl -p -i -e 's|%{_prefix}/local/bin/perl|%{_bindir}/perl|' `find -name "*.pl"` perl -p -i -e 's|%{_prefix}/local/bin/perl|%{_bindir}/perl|' `find -name "*.pl"`