SHA256
1
0
forked from pool/squid

Accepting request 1155563 from server:proxy

- update to 6.8
  - Fix marking of problematic cached IP addresses (#1691)
  - Bug 5344: mgr:config segfaults without logformat (#1680)
  - Fix infinite recursion when parsing HTTP chunks (#1553)
    (bsc#1216715, CVE-2024-25111)
- changes in 6.7
  - Bug 5337: workaround for crash on startup if -a option is used
  - Bug 5274: Successful tunnels logged as TCP_TUNNEL/500
  - Fix crash when NTLM and Negotiate helpers are queried with no HTTP request
  - Fix SslBump memory leak when mimicking certificates with Authority Key Identifier
  - Fix memory leak on SslBump certificates with Authority Key Identifier extension
  - Fix a possible integer overflow in FTP Gateway
  - Extend cache_log_message to Bug 5187 and job invalidation BUGs
  - Remove incorrect beta version warning
- squid.keyring: updated
- header_fixups.patch: added
- 9be86d8db5e8f40829374d26334d0bb5272c1afd.patch: don't throw on
  client errors

 - Fix handling of expanding HTTP header values (bsc#1219960, CVE-2024-25617)

OBS-URL: https://build.opensuse.org/request/show/1155563
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/squid?expand=0&rev=120
This commit is contained in:
Dominique Leuenberger 2024-03-06 22:06:03 +00:00 committed by Git OBS Bridge
commit f5630c87ae
9 changed files with 93 additions and 30 deletions

View File

@ -0,0 +1,29 @@
commit 9be86d8db5e8f40829374d26334d0bb5272c1afd
Author: Alex Rousskov <rousskov@measurement-factory.com>
Date: Fri Mar 1 22:20:20 2024 +0000
Bug 5069: Keep listening after getsockname() error (#1713)
ERROR: Stopped accepting connections:
error: getsockname() failed to locate local-IP on ...
In many cases, these failures are intermittent client-triggered errors
(e.g., client shut down the accepted socket); Squid will successfully
accept other connections and, hence, should keep listening for them.
diff --git a/src/comm/TcpAcceptor.cc b/src/comm/TcpAcceptor.cc
index dcc52fbaa..aa082df4b 100644
--- a/src/comm/TcpAcceptor.cc
+++ b/src/comm/TcpAcceptor.cc
@@ -381,7 +381,10 @@ Comm::TcpAcceptor::acceptInto(Comm::ConnectionPointer &details)
if (getsockname(sock, gai->ai_addr, &gai->ai_addrlen) != 0) {
int xerrno = errno;
Ip::Address::FreeAddr(gai);
- throw TextException(ToSBuf("getsockname() failed to locate local-IP on ", details, ": ", xstrerr(xerrno)), Here());
+ debugs(50, DBG_IMPORTANT, "ERROR: Closing accepted TCP connection after failing to obtain its local IP address" <<
+ Debug::Extra << "accepted connection: " << details <<
+ Debug::Extra << "getsockname(2) error: " << xstrerr(xerrno));
+ return false;
}
details->local = *gai;
Ip::Address::FreeAddr(gai);

14
header_fixups.patch Normal file
View File

@ -0,0 +1,14 @@
Index: squid-6.8/src/auth/basic/NIS/nis_support.h
===================================================================
--- squid-6.8.orig/src/auth/basic/NIS/nis_support.h
+++ squid-6.8/src/auth/basic/NIS/nis_support.h
@@ -8,9 +8,6 @@
#ifndef SQUID_SRC_AUTH_BASIC_NIS_NIS_SUPPORT_H
#define SQUID_SRC_AUTH_BASIC_NIS_NIS_SUPPORT_H
-#ifndef SQUID_SRC_AUTH_BASIC_NIS_NIS_SUPPORT_H
-#define SQUID_SRC_AUTH_BASIC_NIS_NIS_SUPPORT_H
-
extern char * get_nis_password(char *user, char *nisdomain, char *nismap);
#endif /* SQUID_SRC_AUTH_BASIC_NIS_NIS_SUPPORT_H */

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:55bd7f9f4898153161ea1228998acb551bf840832b9e5b90fc8ecd2942420318
size 2554824

View File

@ -1,25 +0,0 @@
File: squid-6.6.tar.xz
Date: Thu 07 Dec 2023 04:03:46 UTC
Size: 2554824
MD5 : 5a41134ee1b7e75f62088acdec92d2ca
SHA1: f05e06a9dd3bf7501d2844e43d9ae1bd00e9edcc
Key : CD6DBF8EF3B17D3E <squid3@treenet.co.nz>
B068 84ED B779 C89B 044E 64E3 CD6D BF8E F3B1 7D3E
keyring = http://www.squid-cache.org/pgp.asc
keyserver = pool.sks-keyservers.net
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEsGiE7bd5yJsETmTjzW2/jvOxfT4FAmVxRCsACgkQzW2/jvOx
fT5VtQ/+M+mhaGYCp9YBi1GG9vyQwkkIyngL3vPpz7UxZHAR+mzk29zwlgdDgwWA
Zasaomg8S1Clq2dhNr7oo6RuZ7mKlhEeHba2WvL+1/VcBsPnazUwzYQiW7k9KxYe
n1At62duit+YnswTNnj6HJRKKK0nKlPmJycL1AThh9Tj6oHTsWBCItnSZ5eUjGX0
aKiMrkrHtq3qheWkVZPCJEFDs88ECDrJD7s9cpAhun+/0v+4ECE65uJ2bZHK4f/E
TH5OIf8vltEB8sA/SSanMM/C+gZObET3TssrgHz92j0svMOlALLtitb0aHly21JV
fEKB200Ngac2y6rq3xDNiznmMn+SeCNUsiDcdauCrsUHNW9S9FhOxeWXy/Z7JK4A
mqVnnqvN9GFvv2EEC8J9lj+cwGOdaSW6L2aPVkub8Ij5O+e2Tg+uBm4ZC8vcACYz
+1oo8YyvcfO9EmNRE0vpFTWH9Ux5ptgdvsIxv41QN40RUYN7FBbOgey59mP3uq2Q
0g/b8lr1PnrwB74OrVGcXLwREFLXtkRC9vcdNjvdchCg60KlBNWEPSGJA2adS8HJ
4AGyVpU8GCpV3q74rJxIG6FUffL85CfT+1HRmQhzYiGJDzy1AaUJmcelyS4e6cjn
urAWH3mlAaPzj87OuaeZYGAZMWh/5iAarU+VHkZn6vI2Mvl9yMA=
=oyMI
-----END PGP SIGNATURE-----

3
squid-6.8.tar.xz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:11cc5650b51809d99483ccfae24744a2e51cd16199f5ff0c917e84fce695870f
size 2547796

17
squid-6.8.tar.xz.asc Normal file
View File

@ -0,0 +1,17 @@
File: squid-6.8.tar.xz
Date: Mon Mar 4 06:17:24 AM UTC 2024
Size: 2547796
MD5 : d84b0d0ee2b9c1bdb782cb5117a72913
SHA1: f9092ab57ec1f49720a02589a452e3498c183867
Key : 29B4B1F7CE03D1B1DED22F3028F85029FEF6E865 <kinkie@squid-cache.org>
29B4 B1F7 CE03 D1B1 DED2 2F30 28F8 5029 FEF6 E865
sub cv25519 2021-05-15 [E]
keyring = http://www.squid-cache.org/pgp.asc
keyserver = pool.sks-keyservers.net
-----BEGIN PGP SIGNATURE-----
iHUEABYIAB0WIQQptLH3zgPRsd7SLzAo+FAp/vboZQUCZeVnkQAKCRAo+FAp/vbo
Zc5eAP96D2jk2kcOdMEo1GVpDXwEjZkavTPmYC6k9oKNwDjJ+QD+LH4um4EPsglW
NedPryEIN/FCWwB5NLriVPwtVe0r7Aw=
=/X4C
-----END PGP SIGNATURE-----

View File

@ -1,3 +1,27 @@
-------------------------------------------------------------------
Wed Mar 6 12:02:14 UTC 2024 - Adam Majer <adam.majer@suse.de>
- update to 6.8
- Fix marking of problematic cached IP addresses (#1691)
- Bug 5344: mgr:config segfaults without logformat (#1680)
- Fix infinite recursion when parsing HTTP chunks (#1553)
(bsc#1216715, CVE-2024-25111)
- changes in 6.7
- Bug 5337: workaround for crash on startup if -a option is used
- Bug 5274: Successful tunnels logged as TCP_TUNNEL/500
- Fix crash when NTLM and Negotiate helpers are queried with no HTTP request
- Fix SslBump memory leak when mimicking certificates with Authority Key Identifier
- Fix memory leak on SslBump certificates with Authority Key Identifier extension
- Fix a possible integer overflow in FTP Gateway
- Extend cache_log_message to Bug 5187 and job invalidation BUGs
- Remove incorrect beta version warning
- squid.keyring: updated
- header_fixups.patch: added
- 9be86d8db5e8f40829374d26334d0bb5272c1afd.patch: don't throw on
client errors
------------------------------------------------------------------- -------------------------------------------------------------------
Mon Feb 26 13:37:08 UTC 2024 - Dominique Leuenberger <dimstar@opensuse.org> Mon Feb 26 13:37:08 UTC 2024 - Dominique Leuenberger <dimstar@opensuse.org>
@ -21,7 +45,7 @@ Thu Dec 28 22:12:14 UTC 2023 - Sean Lewis <seanlew@opensuse.org>
- changes in 6.5: - changes in 6.5:
- Bug 5309: frequent "lowestOffset () <= target_offset" assertion - Bug 5309: frequent "lowestOffset () <= target_offset" assertion
- Bug 4977: Remove mem_hdr::freeDataUpto() assertion - Bug 4977: Remove mem_hdr::freeDataUpto() assertion
- Fix handling of expanding HTTP header values - Fix handling of expanding HTTP header values (bsc#1219960, CVE-2024-25617)
- Fix RFC 1123 date parsing (bsc#1217813, CVE-2023-49285) - Fix RFC 1123 date parsing (bsc#1217813, CVE-2023-49285)
- Gracefully shutdown when helper process startup fails (bsc#1217815, CVE-2023-49286) - Gracefully shutdown when helper process startup fails (bsc#1217815, CVE-2023-49286)

Binary file not shown.

View File

@ -24,7 +24,7 @@
%define squidhelperdir %{_sbindir} %define squidhelperdir %{_sbindir}
%endif %endif
Name: squid Name: squid
Version: 6.6 Version: 6.8
Release: 0 Release: 0
Summary: Caching and forwarding HTTP web proxy Summary: Caching and forwarding HTTP web proxy
License: GPL-2.0-or-later License: GPL-2.0-or-later
@ -51,6 +51,8 @@ Source17: tmpfilesdir.squid.conf
Patch1: missing_installs.patch Patch1: missing_installs.patch
Patch2: old_nettle_compat.patch Patch2: old_nettle_compat.patch
Patch3: harden_squid.service.patch Patch3: harden_squid.service.patch
Patch4: header_fixups.patch
Patch5: 9be86d8db5e8f40829374d26334d0bb5272c1afd.patch
BuildRequires: cppunit-devel BuildRequires: cppunit-devel
BuildRequires: expat BuildRequires: expat
BuildRequires: fdupes BuildRequires: fdupes
@ -107,6 +109,8 @@ accelerator.
%setup -q %setup -q
cp %{SOURCE10} . cp %{SOURCE10} .
%patch -P 3 -p1 %patch -P 3 -p1
%patch -P4 -p1
%patch -P5 -p1
# upstream patches after RELEASE # upstream patches after RELEASE
perl -p -i -e 's|%{_prefix}/local/bin/perl|%{_bindir}/perl|' `find -name "*.pl"` perl -p -i -e 's|%{_prefix}/local/bin/perl|%{_bindir}/perl|' `find -name "*.pl"`