import squid-4.15-6.module+el8.8.0+20569+26050b0f.1

9 months ago · f2d71e3271
parent 7d62db37fb
commit f2d71e3271
3 changed files with 1319 additions and 2 deletions
--- a/SOURCES/squid-4.15-CVE-2023-46846.patch
+++ b/SOURCES/squid-4.15-CVE-2023-46846.patch
--- a/SOURCES/squid-4.15-CVE-2023-46847.patch
+++ b/SOURCES/squid-4.15-CVE-2023-46847.patch
@ -0,0 +1,23 @@
+diff --git a/src/auth/digest/Config.cc b/src/auth/digest/Config.cc
+index 6a9736f..0a883fa 100644
+--- a/src/auth/digest/Config.cc
+++ b/src/auth/digest/Config.cc
+@@ -847,11 +847,15 @@ Auth::Digest::Config::decode(char const *proxy_auth, const char *aRequestRealm)
+             break;
+ 
+         case DIGEST_NC:
+-            if (value.size() != 8) {
+            if (value.size() == 8) {
+                // for historical reasons, the nc value MUST be exactly 8 bytes
+                static_assert(sizeof(digest_request->nc) == 8 + 1, "bad nc buffer size");
+                xstrncpy(digest_request->nc, value.rawBuf(), value.size() + 1);
+                debugs(29, 9, "Found noncecount '" << digest_request->nc << "'");
+            } else {
+                 debugs(29, 9, "Invalid nc '" << value << "' in '" << temp << "'");
+                digest_request->nc[0] = 0;
+             }
+-            xstrncpy(digest_request->nc, value.rawBuf(), value.size() + 1);
+-            debugs(29, 9, "Found noncecount '" << digest_request->nc << "'");
+             break;
+ 
+         case DIGEST_CNONCE:
--- a/SPECS/squid.spec
+++ b/SPECS/squid.spec
@ -2,7 +2,7 @@

 Name:     squid
 Version:  4.15
-Release:  6%{?dist}
+Release:  6%{?dist}.1
 Summary:  The Squid proxy caching server
 Epoch:    7
 # See CREDITS for breakdown of non GPLv2+ code
@ -46,6 +46,11 @@ Patch300: squid-4.15-CVE-2021-28116.patch
 Patch301: squid-4.15-CVE-2021-46784.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=2129771
 Patch302: squid-4.15-CVE-2022-41318.patch
+# https://bugzilla.redhat.com/show_bug.cgi?id=2245910
+# +backported: https://github.com/squid-cache/squid/commit/417da4006cf5c97d44e74431b816fc58fec9e270
+Patch303: squid-4.15-CVE-2023-46846.patch
+# https://bugzilla.redhat.com/show_bug.cgi?id=2245916
+Patch304: squid-4.15-CVE-2023-46847.patch

 Requires: bash >= 2.0
 Requires(pre): shadow-utils
@ -112,6 +117,8 @@ lookup program (dnsserver), a program for retrieving FTP data
 %patch300 -p1 -b .CVE-2021-28116
 %patch301 -p1 -b .CVE-2021-46784
 %patch302 -p1 -b .CVE-2022-41318
+%patch303 -p1 -b .CVE-2023-46846
+%patch304 -p1 -b .CVE-2023-46847

 # https://bugzilla.redhat.com/show_bug.cgi?id=1679526
 # Patch in the vendor documentation and used different location for documentation
@ -328,9 +335,15 @@ fi


 %changelog
-* Tue Dec 12 2023 MSVSphere Packaging Team <packager@msvsphere-os.ru> - 7:4.15-6
+* Tue Dec 12 2023 MSVSphere Packaging Team <packager@msvsphere-os.ru> - 7:4.15-6.1
 - Rebuilt for MSVSphere 8.8

+* Mon Oct 30 2023 Luboš Uhliarik <luhliari@redhat.com> - 7:4.15-6.1
+- Resolves: RHEL-14799 - squid: squid: Denial of Service in HTTP Digest
+  Authentication
+- Resolves: RHEL-14775 - squid: squid: Request/Response smuggling in HTTP/1.1
+  and ICAP
+
 * Thu Dec 08 2022 Tomas Korbar <tkorbar@redhat.com> - 4.15-6
 - Resolves: #2072988 - [RFE] Add the "IP_BIND_ADDRESS_NO_PORT"
  flag to sockets created for outgoing connections in the squid source code.