From 72c3581ea5ba5bf6c6aa799ba22e64665b336cd6 Mon Sep 17 00:00:00 2001 From: Lubos Uhliarik Date: Wed, 31 Mar 2021 20:31:04 +0200 Subject: [PATCH 1/3] new version 4.14 Resolves: #1939927 - CVE-2020-25097 squid: improper input validation may allow a trusted client to perform HTTP Request Smuggling --- sources | 4 ++-- squid.spec | 9 +++++++-- 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/sources b/sources index b026e38..44e9f71 100644 --- a/sources +++ b/sources @@ -1,3 +1,3 @@ -SHA512 (squid-4.13.tar.xz) = 06807f82ed01e12afe2dd843aa0a94f69c351765b1889c4c5c3da1cf2ecb06ac3a4be6a24a62f04397299c8fc0df5397f76f64df5422ff78b37a9382d5fdf7fc -SHA512 (squid-4.13.tar.xz.asc) = be1265376927dcb3c96ea0c8c1b0f1d6bd7e3deb0fdd38ff80030c31f53f77345a8b8564c6b8cc79d7449aa361d4bdf1ba10d02f5f08af245ee35b484977b93a +SHA512 (squid-4.14.tar.xz) = 3509caea9e10ea54547eeb769a21f0ca4d37e39a063953821fc51d588b22facfa183d0a48be9ab15831ee646e031079b515c75162515b8a4e7c708df2d41958b +SHA512 (squid-4.14.tar.xz.asc) = a556e5f20e25e598375e3a6d8a300a1e35b29c89b8125f31d3fb16f1f59f538548f7f2e7424f06fc957e330cca8f16e0efe534a4772699454cd1778a82d4647d SHA512 (pgp.asc) = 09f7012030d68831dfc083d67ca63ee54ed851482ca8d0e9505b444ee3e7ddeed62369b53f2917c9b2e0e57cc0533fce46e8cafd2ebcd1c6cb186b516efd0ad2 diff --git a/squid.spec b/squid.spec index 140ad3f..1e48fd8 100644 --- a/squid.spec +++ b/squid.spec @@ -1,8 +1,8 @@ %define __perl_requires %{SOURCE98} Name: squid -Version: 4.13 -Release: 3%{?dist} +Version: 4.14 +Release: 1%{?dist} Summary: The Squid proxy caching server Epoch: 7 # See CREDITS for breakdown of non GPLv2+ code @@ -300,6 +300,11 @@ fi %changelog +* Wed Mar 31 2021 Lubos Uhliarik - 7:4.14-1 +- new version 4.14 +- Resolves: #1939927 - CVE-2020-25097 squid: improper input validation may allow + a trusted client to perform HTTP Request Smuggling + * Wed Jan 27 2021 Fedora Release Engineering - 7:4.13-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild From 815e336e3888ac3459828dda089a8e352e422003 Mon Sep 17 00:00:00 2001 From: Lubos Uhliarik Date: Wed, 31 Mar 2021 20:41:52 +0200 Subject: [PATCH 2/3] - fix perlpath patch --- squid-3.0.STABLE1-perlpath.patch | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/squid-3.0.STABLE1-perlpath.patch b/squid-3.0.STABLE1-perlpath.patch index 087469d..9cb5e81 100644 --- a/squid-3.0.STABLE1-perlpath.patch +++ b/squid-3.0.STABLE1-perlpath.patch @@ -6,5 +6,5 @@ index 4cb0480..4b89910 100755 -#!/usr/local/bin/perl -Tw +#!/usr/bin/perl -Tw # - # * Copyright (C) 1996-2020 The Squid Software Foundation and contributors + # * Copyright (C) 1996-2021 The Squid Software Foundation and contributors # * From 0914664092434d6cd6f830d0e61491b40bc1d8ee Mon Sep 17 00:00:00 2001 From: Lubos Uhliarik Date: Mon, 17 May 2021 16:40:56 +0200 Subject: [PATCH 3/3] new version 5.0.6 --- sources | 4 +- squid-5.0.5-build-errors.patch | 116 --------------------------------- squid.spec | 13 ++-- 3 files changed, 9 insertions(+), 124 deletions(-) delete mode 100644 squid-5.0.5-build-errors.patch diff --git a/sources b/sources index cf080d9..95161c1 100644 --- a/sources +++ b/sources @@ -1,3 +1,3 @@ -SHA512 (squid-5.0.5.tar.xz) = e0f816296d9d32fc97b98249dde077b321651dac70c212fe8eb9566003ce04f13a83665e387531e06bffbab1ec21277e3e0549a16caee426b6a749e18bf77991 -SHA512 (squid-5.0.5.tar.xz.asc) = ca1b170bef9cca5afe1108e8a439282f3a19bea48d2dba42847acd1cf039d38ccc8c714e27fc9e49fe9e3027963f64e9ab19e6a358e6e038c78f85cc77657a3b +SHA512 (squid-5.0.6.tar.xz) = 97300844145ea5488a88a531fc0fbbf3c96051169eb20f8b95ba9a4c37f73edfbbedb69ee446e81f45b663e5c7c9a82e2978239c2613da7e5da2365fdaeceb6e +SHA512 (squid-5.0.6.tar.xz.asc) = 5caafb63926356813a0409f3c6a303c70e938f71cdd4cbc8bbbbbbb4a858b1aa91d59edcca4b63e1452ca95c18da46963c43b9e8f63f2e459342e447a02f2107 SHA512 (pgp.asc) = 09f7012030d68831dfc083d67ca63ee54ed851482ca8d0e9505b444ee3e7ddeed62369b53f2917c9b2e0e57cc0533fce46e8cafd2ebcd1c6cb186b516efd0ad2 diff --git a/squid-5.0.5-build-errors.patch b/squid-5.0.5-build-errors.patch deleted file mode 100644 index 4293d67..0000000 --- a/squid-5.0.5-build-errors.patch +++ /dev/null @@ -1,116 +0,0 @@ -diff --git a/src/Makefile.am b/src/Makefile.am -index 81403a7..5e2a493 100644 ---- a/src/Makefile.am -+++ b/src/Makefile.am -@@ -2477,6 +2477,7 @@ tests_testHttpRequest_LDADD = \ - $(SSLLIB) \ - $(KRB5LIBS) \ - $(LIBCPPUNIT_LIBS) \ -+ $(SYSTEMD_LIBS) \ - $(COMPAT_LIB) \ - $(XTRA_LIBS) - tests_testHttpRequest_LDFLAGS = $(LIBADD_DL) -@@ -2781,6 +2782,7 @@ tests_testCacheManager_LDADD = \ - $(SSLLIB) \ - $(KRB5LIBS) \ - $(LIBCPPUNIT_LIBS) \ -+ $(SYSTEMD_LIBS) \ - $(COMPAT_LIB) \ - $(XTRA_LIBS) - tests_testCacheManager_LDFLAGS = $(LIBADD_DL) -@@ -3101,6 +3103,7 @@ tests_testEvent_LDADD = \ - $(SSLLIB) \ - $(KRB5LIBS) \ - $(LIBCPPUNIT_LIBS) \ -+ $(SYSTEMD_LIBS) \ - $(COMPAT_LIB) \ - $(XTRA_LIBS) - tests_testEvent_LDFLAGS = $(LIBADD_DL) -@@ -3339,6 +3342,7 @@ tests_testEventLoop_LDADD = \ - $(SSLLIB) \ - $(KRB5LIBS) \ - $(LIBCPPUNIT_LIBS) \ -+ $(SYSTEMD_LIBS) \ - $(COMPAT_LIB) \ - $(XTRA_LIBS) - tests_testEventLoop_LDFLAGS = $(LIBADD_DL) -diff --git a/src/Makefile.in b/src/Makefile.in -index fda6de6..4e047cc 100644 ---- a/src/Makefile.in -+++ b/src/Makefile.in -@@ -4581,6 +4581,7 @@ tests_test_http_range_LDADD = \ - $(SSLLIB) \ - $(KRB5LIBS) \ - $(LIBCPPUNIT_LIBS) \ -+ $(SYSTEMD_LIBS) \ - $(COMPAT_LIB) \ - $(XTRA_LIBS) - -@@ -4972,6 +4973,7 @@ tests_testHttpRequest_LDADD = \ - $(SSLLIB) \ - $(KRB5LIBS) \ - $(LIBCPPUNIT_LIBS) \ -+ $(SYSTEMD_LIBS) \ - $(COMPAT_LIB) \ - $(XTRA_LIBS) - -@@ -5274,6 +5276,7 @@ tests_testCacheManager_LDADD = \ - $(SSLLIB) \ - $(KRB5LIBS) \ - $(LIBCPPUNIT_LIBS) \ -+ $(SYSTEMD_LIBS) \ - $(COMPAT_LIB) \ - $(XTRA_LIBS) - -@@ -5593,6 +5596,7 @@ tests_testEvent_LDADD = \ - $(SSLLIB) \ - $(KRB5LIBS) \ - $(LIBCPPUNIT_LIBS) \ -+ $(SYSTEMD_LIBS) \ - $(COMPAT_LIB) \ - $(XTRA_LIBS) - -@@ -5832,6 +5836,7 @@ tests_testEventLoop_LDADD = \ - $(SSLLIB) \ - $(KRB5LIBS) \ - $(LIBCPPUNIT_LIBS) \ -+ $(SYSTEMD_LIBS) \ - $(COMPAT_LIB) \ - $(XTRA_LIBS) - -diff --git a/src/proxyp/Parser.cc b/src/proxyp/Parser.cc -index 328d207..2f358a7 100644 ---- a/src/proxyp/Parser.cc -+++ b/src/proxyp/Parser.cc -@@ -15,6 +15,7 @@ - #include "sbuf/Stream.h" - - #include -+#include - - #if HAVE_SYS_SOCKET_H - #include -diff --git a/src/security/ServerOptions.cc b/src/security/ServerOptions.cc -index e114ed8..22bce84 100644 ---- a/src/security/ServerOptions.cc -+++ b/src/security/ServerOptions.cc -@@ -18,6 +18,7 @@ - #if USE_OPENSSL - #include "compat/openssl.h" - #include "ssl/support.h" -+#include - - #if HAVE_OPENSSL_ERR_H - #include -diff --git a/src/acl/ConnMark.cc b/src/acl/ConnMark.cc -index 1fdae0c..213cf39 100644 ---- a/src/acl/ConnMark.cc -+++ b/src/acl/ConnMark.cc -@@ -15,6 +15,7 @@ - #include "Debug.h" - #include "http/Stream.h" - #include "sbuf/Stream.h" -+#include - - bool - Acl::ConnMark::empty() const diff --git a/squid.spec b/squid.spec index 261681b..0d69483 100644 --- a/squid.spec +++ b/squid.spec @@ -1,8 +1,8 @@ %define __perl_requires %{SOURCE98} Name: squid -Version: 5.0.5 -Release: 4%{?dist} +Version: 5.0.6 +Release: 1%{?dist} Summary: The Squid proxy caching server Epoch: 7 # See CREDITS for breakdown of non GPLv2+ code @@ -32,10 +32,9 @@ Patch201: squid-4.0.11-config.patch Patch202: squid-3.1.0.9-location.patch Patch203: squid-3.0.STABLE1-perlpath.patch Patch204: squid-3.5.9-include-guards.patch -Patch205: squid-5.0.5-build-errors.patch # revert this upstream patch - https://bugzilla.redhat.com/show_bug.cgi?id=1936422 # workaround for #1934919 -Patch206: squid-5.0.5-symlink-lang-err.patch +Patch205: squid-5.0.5-symlink-lang-err.patch # cache_swap.sh Requires: bash gawk @@ -105,8 +104,7 @@ lookup program (dnsserver), a program for retrieving FTP data %patch202 -p1 -b .location %patch203 -p1 -b .perlpath %patch204 -p0 -b .include-guards -%patch205 -p1 -b .build-errors -%patch206 -p1 -R -b .symlink-lang-err +%patch205 -p1 -R -b .symlink-lang-err # https://bugzilla.redhat.com/show_bug.cgi?id=1679526 # Patch in the vendor documentation and used different location for documentation @@ -341,6 +339,9 @@ fi %changelog +* Mon May 17 2021 Lubos Uhliarik - 7:5.0.6-1 +- new version 5.0.6 + * Fri Apr 23 2021 Lubos Uhliarik - 7:5.0.5-4 - Related: #1934919 - squid update attempts fail with file conflicts