[oe-commits] [meta-openembedded] 17/19: squid: CVE-2016-10003
git at git.openembedded.org
git at git.openembedded.org
Fri Nov 17 01:52:18 UTC 2017
This is an automated email from the git hooks/post-receive script.
armin_kuster pushed a commit to branch akuster/morty-next
in repository meta-openembedded.
commit 6d03884d6260f25e5359645ca589ae2e403991ff
Author: Thiruvadi Rajaraman <trajaraman at mvista.com>
AuthorDate: Wed May 31 13:53:15 2017 +0530
squid: CVE-2016-10003
Source: http://www.squid-cache.org/
MR: 70144
Type: Security Fix
Disposition: Backport from http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2016_10_a.patch
ChangeID: f713fe5b0b38ba5402a9c0947289ee9a0ea5bcbe
Description:
Do not share private responses with collapsed client(s).
This excessive sharing problem with collapsed forwarding code has
several layers. In most cases, the core CF code does not share
uncachable or private response with collapsed clients because of the
refreshCheckHTTP() check. However, some responses might not be subject
to that (or equivalent) check. More importantly, collapsed revalidation
code does not check its responses at all and, hence, easily shares
private responses.
This short-term fix incorrectly assumes that an entry may become private
(KEY_PRIVATE) only when it cannot be shared among multiple clients
(e.g., because of a Cache-Control:private response header). However,
there are a few other cases when an entry becomes private. One of them
is a DISK_NO_SPACE_LEFT error inside storeSwapOutFileClosed() where
StoreEntry::releaseRequest() sets KEY_PRIVATE for a sharable entry [that
may still be perfectly preserved in the memory cache]. Consequently, the
short-term fix reduces CF effectiveness. The extent of this reduction is
probably environment-dependent.
Author: Eduard Bagdasaryan <eduard.bagdasaryan at measurement-factory.com>
Signed-off-by: Thiruvadi Rajaraman <trajaraman at mvista.com>
Reviewed-by: Armin Kuster <akuster at mvista.com>
Signed-off-by: Armin Kuster <akuster at mvista.com>
Signed-off-by: Armin Kuster <akuster808 at gmail.com>
---
.../squid/files/CVE-2016-10003.patch | 33 ++++++++++++++++++++++
.../recipes-daemons/squid/squid_3.5.20.bb | 1 +
2 files changed, 34 insertions(+)
diff --git a/meta-networking/recipes-daemons/squid/files/CVE-2016-10003.patch b/meta-networking/recipes-daemons/squid/files/CVE-2016-10003.patch
new file mode 100644
index 0000000..cf94e75
--- /dev/null
+++ b/meta-networking/recipes-daemons/squid/files/CVE-2016-10003.patch
@@ -0,0 +1,33 @@
+author: Eduard Bagdasaryan <eduard.bagdasaryan at measurement-factory.com>
+committer: Amos Jeffries <squid3 at treenet.co.nz>
+branch nick: trunk
+timestamp: Fri 2016-12-16 15:43:39 +1300
+message:
+
+ Do not share private responses with collapsed client(s).
+
+Upstream-status: Backport
+Signed-off-by: Thiruvadi Rajaraman <trajaraman at mvista.com>
+
+Index: squid-3.5.20/src/client_side_reply.cc
+===================================================================
+--- squid-3.5.20.orig/src/client_side_reply.cc 2016-07-01 17:07:50.000000000 +0530
++++ squid-3.5.20/src/client_side_reply.cc 2017-05-31 13:15:46.541291519 +0530
+@@ -473,6 +482,17 @@
+ return;
+ }
+
++
++ // The previously identified hit suddenly became unsharable!
++ // This is common for collapsed forwarding slaves but might also
++ // happen to regular hits because we are called asynchronously.
++ if (EBIT_TEST(e->flags, KEY_PRIVATE)) {
++ debugs(88, 3, "unsharable " << *e << ". MISS");
++ http->logType = LOG_TCP_MISS;
++ processMiss();
++ return;
++ }
++
+ if (result.length == 0) {
+ debugs(88, 5, "store IO buffer has no content. MISS");
+ /* the store couldn't get enough data from the file for us to id the
diff --git a/meta-networking/recipes-daemons/squid/squid_3.5.20.bb b/meta-networking/recipes-daemons/squid/squid_3.5.20.bb
index fc7f768..4b806a9 100644
--- a/meta-networking/recipes-daemons/squid/squid_3.5.20.bb
+++ b/meta-networking/recipes-daemons/squid/squid_3.5.20.bb
@@ -21,6 +21,7 @@ SRC_URI = "http://www.squid-cache.org/Versions/v${MAJ_VER}/${MIN_VER}/${BPN}-${P
file://volatiles.03_squid \
file://set_sysroot_patch.patch \
file://squid-don-t-do-squid-conf-tests-at-build-time.patch \
+ file://CVE-2016-10003.patch \
"
LIC_FILES_CHKSUM = "file://COPYING;md5=c492e2d6d32ec5c1aad0e0609a141ce9 \
--
To stop receiving notification emails like this one, please contact
the administrator of this repository.
More information about the Openembedded-commits
mailing list