squid 3.5.27: latest patch from upstream (2018_1))
Commit Message
First patch after a long time, for details see:
http://www.squid-cache.org/Versions/v3/3.5/changesets/
Best,
Matthias
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
---
lfs/squid | 5 ++--
src/patches/squid/SQUID-2018_1.patch | 28 ++++++++++++++++++++++
.../squid-3.5.27-fix-max-file-descriptors.patch | 0
3 files changed, 31 insertions(+), 2 deletions(-)
create mode 100644 src/patches/squid/SQUID-2018_1.patch
rename src/patches/{ => squid}/squid-3.5.27-fix-max-file-descriptors.patch (100%)
Comments
Do we even use ESI?
On Sat, 2018-01-20 at 18:50 +0100, Matthias Fischer wrote:
> First patch after a long time, for details see:
> http://www.squid-cache.org/Versions/v3/3.5/changesets/
>
> Best,
> Matthias
>
> Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
> ---
> lfs/squid | 5 ++--
> src/patches/squid/SQUID-2018_1.patch | 28 ++++++++++++++++++++++
> .../squid-3.5.27-fix-max-file-descriptors.patch | 0
> 3 files changed, 31 insertions(+), 2 deletions(-)
> create mode 100644 src/patches/squid/SQUID-2018_1.patch
> rename src/patches/{ => squid}/squid-3.5.27-fix-max-file-descriptors.patch (100%)
>
> diff --git a/lfs/squid b/lfs/squid
> index 08583d0b9..ae4d7ea44 100644
> --- a/lfs/squid
> +++ b/lfs/squid
> @@ -1,7 +1,7 @@
> ###############################################################################
> # #
> # IPFire.org - A linux based firewall #
> -# Copyright (C) 2007-2017 IPFire Team <info@ipfire.org> #
> +# Copyright (C) 2007-2018 IPFire Team <info@ipfire.org> #
> # #
> # This program is free software: you can redistribute it and/or modify #
> # it under the terms of the GNU General Public License as published by #
> @@ -70,7 +70,8 @@ $(subst %,%_MD5,$(objects)) :
> $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
> @$(PREBUILD)
> @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar xaf $(DIR_DL)/$(DL_FILE)
> - cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid-3.5.27-fix-max-file-descriptors.patch
> + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/squid/SQUID-2018_1.patch
> + cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5.27-fix-max-file-descriptors.patch
>
> cd $(DIR_APP) && autoreconf -vfi
> cd $(DIR_APP)/libltdl && autoreconf -vfi
> diff --git a/src/patches/squid/SQUID-2018_1.patch b/src/patches/squid/SQUID-2018_1.patch
> new file mode 100644
> index 000000000..9392219a9
> --- /dev/null
> +++ b/src/patches/squid/SQUID-2018_1.patch
> @@ -0,0 +1,28 @@
> +commit eb2db98a676321b814fc4a51c4fb7928a8bb45d9 (refs/remotes/origin/v3.5)
> +Author: Amos Jeffries <yadij@users.noreply.github.com>
> +Date: 2018-01-19 13:54:14 +1300
> +
> + ESI: make sure endofName never exceeds tagEnd (#130)
> +
> +diff --git a/src/esi/CustomParser.cc b/src/esi/CustomParser.cc
> +index d86d2d3..db634d9 100644
> +--- a/src/esi/CustomParser.cc
> ++++ b/src/esi/CustomParser.cc
> +@@ -121,7 +121,7 @@ ESICustomParser::parse(char const *dataToParse, size_t const lengthOfData, bool
> +
> + char * endofName = strpbrk(const_cast<char *>(tag), w_space);
> +
> +- if (endofName > tagEnd)
> ++ if (!endofName || endofName > tagEnd)
> + endofName = const_cast<char *>(tagEnd);
> +
> + *endofName = '\0';
> +@@ -214,7 +214,7 @@ ESICustomParser::parse(char const *dataToParse, size_t const lengthOfData, bool
> +
> + char * endofName = strpbrk(const_cast<char *>(tag), w_space);
> +
> +- if (endofName > tagEnd)
> ++ if (!endofName || endofName > tagEnd)
> + endofName = const_cast<char *>(tagEnd);
> +
> + *endofName = '\0';
> diff --git a/src/patches/squid-3.5.27-fix-max-file-descriptors.patch b/src/patches/squid/squid-3.5.27-fix-max-file-descriptors.patch
> similarity index 100%
> rename from src/patches/squid-3.5.27-fix-max-file-descriptors.patch
> rename to src/patches/squid/squid-3.5.27-fix-max-file-descriptors.patch
Hi,
On 21.01.2018 20:06, Michael Tremer wrote:
> Do we even use ESI?
Sorry, I'm not sure, I added this to be complete.
If not, you can safely ignore this one, no problem for me.
Best,
Matthias
> On Sat, 2018-01-20 at 18:50 +0100, Matthias Fischer wrote:
>> First patch after a long time, for details see:
>> http://www.squid-cache.org/Versions/v3/3.5/changesets/
>>
>> Best,
>> Matthias
>>
>> Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
>> ---
>> lfs/squid | 5 ++--
>> src/patches/squid/SQUID-2018_1.patch | 28 ++++++++++++++++++++++
>> .../squid-3.5.27-fix-max-file-descriptors.patch | 0
>> 3 files changed, 31 insertions(+), 2 deletions(-)
>> create mode 100644 src/patches/squid/SQUID-2018_1.patch
>> rename src/patches/{ => squid}/squid-3.5.27-fix-max-file-descriptors.patch (100%)
>>
>> diff --git a/lfs/squid b/lfs/squid
>> index 08583d0b9..ae4d7ea44 100644
>> --- a/lfs/squid
>> +++ b/lfs/squid
>> @@ -1,7 +1,7 @@
>> ###############################################################################
>> # #
>> # IPFire.org - A linux based firewall #
>> -# Copyright (C) 2007-2017 IPFire Team <info@ipfire.org> #
>> +# Copyright (C) 2007-2018 IPFire Team <info@ipfire.org> #
>> # #
>> # This program is free software: you can redistribute it and/or modify #
>> # it under the terms of the GNU General Public License as published by #
>> @@ -70,7 +70,8 @@ $(subst %,%_MD5,$(objects)) :
>> $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
>> @$(PREBUILD)
>> @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar xaf $(DIR_DL)/$(DL_FILE)
>> - cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid-3.5.27-fix-max-file-descriptors.patch
>> + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/squid/SQUID-2018_1.patch
>> + cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5.27-fix-max-file-descriptors.patch
>>
>> cd $(DIR_APP) && autoreconf -vfi
>> cd $(DIR_APP)/libltdl && autoreconf -vfi
>> diff --git a/src/patches/squid/SQUID-2018_1.patch b/src/patches/squid/SQUID-2018_1.patch
>> new file mode 100644
>> index 000000000..9392219a9
>> --- /dev/null
>> +++ b/src/patches/squid/SQUID-2018_1.patch
>> @@ -0,0 +1,28 @@
>> +commit eb2db98a676321b814fc4a51c4fb7928a8bb45d9 (refs/remotes/origin/v3.5)
>> +Author: Amos Jeffries <yadij@users.noreply.github.com>
>> +Date: 2018-01-19 13:54:14 +1300
>> +
>> + ESI: make sure endofName never exceeds tagEnd (#130)
>> +
>> +diff --git a/src/esi/CustomParser.cc b/src/esi/CustomParser.cc
>> +index d86d2d3..db634d9 100644
>> +--- a/src/esi/CustomParser.cc
>> ++++ b/src/esi/CustomParser.cc
>> +@@ -121,7 +121,7 @@ ESICustomParser::parse(char const *dataToParse, size_t const lengthOfData, bool
>> +
>> + char * endofName = strpbrk(const_cast<char *>(tag), w_space);
>> +
>> +- if (endofName > tagEnd)
>> ++ if (!endofName || endofName > tagEnd)
>> + endofName = const_cast<char *>(tagEnd);
>> +
>> + *endofName = '\0';
>> +@@ -214,7 +214,7 @@ ESICustomParser::parse(char const *dataToParse, size_t const lengthOfData, bool
>> +
>> + char * endofName = strpbrk(const_cast<char *>(tag), w_space);
>> +
>> +- if (endofName > tagEnd)
>> ++ if (!endofName || endofName > tagEnd)
>> + endofName = const_cast<char *>(tagEnd);
>> +
>> + *endofName = '\0';
>> diff --git a/src/patches/squid-3.5.27-fix-max-file-descriptors.patch b/src/patches/squid/squid-3.5.27-fix-max-file-descriptors.patch
>> similarity index 100%
>> rename from src/patches/squid-3.5.27-fix-max-file-descriptors.patch
>> rename to src/patches/squid/squid-3.5.27-fix-max-file-descriptors.patch
>
Hi,
On 21.01.2018 20:06, Michael Tremer wrote:
> Do we even use ESI?
Still don't know if we are affected by this. In the meantime I got two
more detailed annoncements concerning this.
This is the one I sent in for 3.5.27:
***SNIP***
Why in gods name do they use their own XML parser?
On Mon, 2018-01-22 at 11:21 +0100, Matthias Fischer wrote:
> Hi,
>
> On 21.01.2018 20:06, Michael Tremer wrote:
> > Do we even use ESI?
>
> Still don't know if we are affected by this. In the meantime I got two
> more detailed annoncements concerning this.
>
> This is the one I sent in for 3.5.27:
>
> ***SNIP***
> __________________________________________________________________
>
> Squid Proxy Cache Security Update Advisory SQUID-2018:1
> __________________________________________________________________
>
> Advisory ID: SQUID-2018:1
> Date: Jan 19, 2018
> Summary: Denial of Service issue
> in ESI Response processing.
> Affected versions: Squid 3.x -> 3.5.27
> Squid 4.x -> 4.0.22
> Fixed in version: Squid 4.0.23
> __________________________________________________________________
>
> http://www.squid-cache.org/Advisories/SQUID-2018_1.txt
> __________________________________________________________________
>
> Problem Description:
>
> Due to incorrect pointer handling Squid is vulnerable to denial
> of service attack when processing ESI responses.
>
> _________________________________________________________________
>
> Severity:
>
> This problem allows a remote server delivering certain ESI
> response syntax to trigger a denial of service for all clients
> accessing the Squid service.
>
> This problem is limited to the Squid custom ESI parser.
> Squid built to use libxml2 or libexpat XML parsers do not have
> this problem.
> ***SNAP***
>
> The next one - also for 3.5.27 - came today, 'Devel' is running:
>
> ***SNIP***
> __________________________________________________________________
>
> Squid Proxy Cache Security Update Advisory SQUID-2018:2
> __________________________________________________________________
>
> Advisory ID: SQUID-2018:2
> Date: Jan 19, 2018
> Summary: Denial of Service issue
> in HTTP Message processing.
> Affected versions: Squid 3.x -> 3.5.27
> Squid 4.x -> 4.0.22
> Fixed in version: Squid 4.0.23
> __________________________________________________________________
>
> http://www.squid-cache.org/Advisories/SQUID-2018_2.txt
> __________________________________________________________________
>
> Problem Description:
>
> Due to incorrect pointer handling Squid is vulnerable to denial
> of service attack when processing ESI responses or downloading
> intermediate CA certificates.
>
> __________________________________________________________________
>
> Severity:
>
> This problem allows a remote client delivering certain HTTP
> requests in conjunction with certain trusted server responses to
> trigger a denial of service for all clients accessing the Squid
> service.
> ...
> ***SNAP***
>
> Besides, they are "planning to remove the Custom XML parser used for ESI
> processing from the next Squid version" and have therefore launched a
> survey (RFC). No statement as to when this will happen.
>
> Best,
> Matthias
>
> > On Sat, 2018-01-20 at 18:50 +0100, Matthias Fischer wrote:
> > > First patch after a long time, for details see:
> > > http://www.squid-cache.org/Versions/v3/3.5/changesets/
> > >
> > > Best,
> > > Matthias
> > >
> > > Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
> > > ---
> > > lfs/squid | 5 ++--
> > > src/patches/squid/SQUID-2018_1.patch | 28
> > > ++++++++++++++++++++++
> > > .../squid-3.5.27-fix-max-file-descriptors.patch | 0
> > > 3 files changed, 31 insertions(+), 2 deletions(-)
> > > create mode 100644 src/patches/squid/SQUID-2018_1.patch
> > > rename src/patches/{ => squid}/squid-3.5.27-fix-max-file-
> > > descriptors.patch (100%)
> > >
> > > diff --git a/lfs/squid b/lfs/squid
> > > index 08583d0b9..ae4d7ea44 100644
> > > --- a/lfs/squid
> > > +++ b/lfs/squid
> > > @@ -1,7 +1,7 @@
> > > #########################################################################
> > > ######
> > > #
> > > #
> > > # IPFire.org - A linux based
> > > firewall #
> > > -# Copyright (C) 2007-2017 IPFire Team <info@ipfire.org>
> > > #
> > > +# Copyright (C) 2007-2018 IPFire Team <info@ipfire.org>
> > > #
> > > #
> > > #
> > > # This program is free software: you can redistribute it and/or
> > > modify #
> > > # it under the terms of the GNU General Public License as published
> > > by #
> > > @@ -70,7 +70,8 @@ $(subst %,%_MD5,$(objects)) :
> > > $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
> > > @$(PREBUILD)
> > > @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar xaf
> > > $(DIR_DL)/$(DL_FILE)
> > > - cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid-
> > > 3.5.27-fix-max-file-descriptors.patch
> > > + cd $(DIR_APP) && patch -Np1 -i
> > > $(DIR_SRC)/src/patches/squid/SQUID-2018_1.patch
> > > + cd $(DIR_APP) && patch -Np0 -i
> > > $(DIR_SRC)/src/patches/squid/squid-3.5.27-fix-max-file-descriptors.patch
> > >
> > > cd $(DIR_APP) && autoreconf -vfi
> > > cd $(DIR_APP)/libltdl && autoreconf -vfi
> > > diff --git a/src/patches/squid/SQUID-2018_1.patch
> > > b/src/patches/squid/SQUID-2018_1.patch
> > > new file mode 100644
> > > index 000000000..9392219a9
> > > --- /dev/null
> > > +++ b/src/patches/squid/SQUID-2018_1.patch
> > > @@ -0,0 +1,28 @@
> > > +commit eb2db98a676321b814fc4a51c4fb7928a8bb45d9
> > > (refs/remotes/origin/v3.5)
> > > +Author: Amos Jeffries <yadij@users.noreply.github.com>
> > > +Date: 2018-01-19 13:54:14 +1300
> > > +
> > > + ESI: make sure endofName never exceeds tagEnd (#130)
> > > +
> > > +diff --git a/src/esi/CustomParser.cc b/src/esi/CustomParser.cc
> > > +index d86d2d3..db634d9 100644
> > > +--- a/src/esi/CustomParser.cc
> > > ++++ b/src/esi/CustomParser.cc
> > > +@@ -121,7 +121,7 @@ ESICustomParser::parse(char const *dataToParse,
> > > size_t const lengthOfData, bool
> > > +
> > > + char * endofName = strpbrk(const_cast<char *>(tag),
> > > w_space);
> > > +
> > > +- if (endofName > tagEnd)
> > > ++ if (!endofName || endofName > tagEnd)
> > > + endofName = const_cast<char *>(tagEnd);
> > > +
> > > + *endofName = '\0';
> > > +@@ -214,7 +214,7 @@ ESICustomParser::parse(char const *dataToParse,
> > > size_t const lengthOfData, bool
> > > +
> > > + char * endofName = strpbrk(const_cast<char *>(tag),
> > > w_space);
> > > +
> > > +- if (endofName > tagEnd)
> > > ++ if (!endofName || endofName > tagEnd)
> > > + endofName = const_cast<char *>(tagEnd);
> > > +
> > > + *endofName = '\0';
> > > diff --git a/src/patches/squid-3.5.27-fix-max-file-descriptors.patch
> > > b/src/patches/squid/squid-3.5.27-fix-max-file-descriptors.patch
> > > similarity index 100%
> > > rename from src/patches/squid-3.5.27-fix-max-file-descriptors.patch
> > > rename to src/patches/squid/squid-3.5.27-fix-max-file-descriptors.patch
>
>
@@ -1,7 +1,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2017 IPFire Team <info@ipfire.org> #
+# Copyright (C) 2007-2018 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -70,7 +70,8 @@ $(subst %,%_MD5,$(objects)) :
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar xaf $(DIR_DL)/$(DL_FILE)
- cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid-3.5.27-fix-max-file-descriptors.patch
+ cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/squid/SQUID-2018_1.patch
+ cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5.27-fix-max-file-descriptors.patch
cd $(DIR_APP) && autoreconf -vfi
cd $(DIR_APP)/libltdl && autoreconf -vfi
new file mode 100644
@@ -0,0 +1,28 @@
+commit eb2db98a676321b814fc4a51c4fb7928a8bb45d9 (refs/remotes/origin/v3.5)
+Author: Amos Jeffries <yadij@users.noreply.github.com>
+Date: 2018-01-19 13:54:14 +1300
+
+ ESI: make sure endofName never exceeds tagEnd (#130)
+
+diff --git a/src/esi/CustomParser.cc b/src/esi/CustomParser.cc
+index d86d2d3..db634d9 100644
+--- a/src/esi/CustomParser.cc
++++ b/src/esi/CustomParser.cc
+@@ -121,7 +121,7 @@ ESICustomParser::parse(char const *dataToParse, size_t const lengthOfData, bool
+
+ char * endofName = strpbrk(const_cast<char *>(tag), w_space);
+
+- if (endofName > tagEnd)
++ if (!endofName || endofName > tagEnd)
+ endofName = const_cast<char *>(tagEnd);
+
+ *endofName = '\0';
+@@ -214,7 +214,7 @@ ESICustomParser::parse(char const *dataToParse, size_t const lengthOfData, bool
+
+ char * endofName = strpbrk(const_cast<char *>(tag), w_space);
+
+- if (endofName > tagEnd)
++ if (!endofName || endofName > tagEnd)
+ endofName = const_cast<char *>(tagEnd);
+
+ *endofName = '\0';
similarity index 100%
rename from src/patches/squid-3.5.27-fix-max-file-descriptors.patch
rename to src/patches/squid/squid-3.5.27-fix-max-file-descriptors.patch