aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDmitriy Kovalkov <Dmitriy.Kovalkov@virtualfort.ru>2021-10-31 02:43:29 +0300
committerDmitriy Kovalkov <Dmitriy.Kovalkov@virtualfort.ru>2021-10-31 02:43:29 +0300
commitc3411e25b00598e1e37e602cfe82c784a0352362 (patch)
tree6095b5ceee5319dcb7f532d79ed31bbd14b4107c
parent9a2717089a11922a6aceda432ed4fca5de8204e5 (diff)
downloadaports-c3411e25b00598e1e37e602cfe82c784a0352362.tar.gz
aports-c3411e25b00598e1e37e602cfe82c784a0352362.tar.bz2
aports-c3411e25b00598e1e37e602cfe82c784a0352362.tar.xz
main/squid: patch CVE-2021-41611
-rw-r--r--main/squid/APKBUILD6
-rw-r--r--main/squid/CVE-2021-41611.patch25
2 files changed, 30 insertions, 1 deletions
diff --git a/main/squid/APKBUILD b/main/squid/APKBUILD
index 9ba693df4d..592c40ad0b 100644
--- a/main/squid/APKBUILD
+++ b/main/squid/APKBUILD
@@ -2,7 +2,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=squid
pkgver=5.0.6
-pkgrel=1
+pkgrel=2
pkgdesc="A full-featured Web proxy cache server."
url="http://www.squid-cache.org"
install="squid.pre-install squid.pre-upgrade"
@@ -19,6 +19,7 @@ linguas="af ar az bg ca cs da de el es et fa fi fr he hu hy id it ja ka ko lt
langdir="/usr/share/squid/errors"
source="http://www.squid-cache.org/Versions/v${pkgver%%.*}/squid-$pkgver.tar.xz
CVE-2021-28116.patch
+ CVE-2021-41611.patch
$pkgname.initd
$pkgname.confd
@@ -28,6 +29,8 @@ pkgusers="squid"
pkggroups="squid"
# secfixes:
+# 5.0.6-r2:
+# - CVE-2021-41611
# 5.0.6-r1:
# - CVE-2021-28116
# 5.0.6-r0:
@@ -126,6 +129,7 @@ squid_kerb_auth() {
sha512sums="
97300844145ea5488a88a531fc0fbbf3c96051169eb20f8b95ba9a4c37f73edfbbedb69ee446e81f45b663e5c7c9a82e2978239c2613da7e5da2365fdaeceb6e squid-5.0.6.tar.xz
60440e80e62609584bb5c0eba314fa5e5d68add39fd4d4e3899f3a268552f2dfd31da616b5b1820a1c7096382b82fbc01dc9dc92107feed6cd4b0df40c3c43bd CVE-2021-28116.patch
+651d700e45c12910ce9a03894ad8c3549a8ffce55b6ee24da9425b4272f6433e69ade113b1a57e77a692982aae54bcec4b6865c9f0e68cf76cd0388356c9d008 CVE-2021-41611.patch
8320820c02c824ed96065e0b66cabdd80b11c23e911880a42f5bd7e3f6e7a5c1c6def910a1843cca810c62a7dc8ccdb9ae82c0cf52bf08259c3b50058232132d squid.initd
7292661de344e8a87d855c83afce49511685d2680effab3afab110e45144c0117935f3bf73ab893c9e6d43f7fb5ba013635e24f6da6daf0eeb895ef2e9b5baa9 squid.confd
89a703fa4f21b6c7c26e64a46fd52407e20f00c34146ade0bea0c4b63d050117c0f8e218f2256a1fbf6abb84f4ec9b0472c9a4092ff6e78f07c4f5a25d0892a5 squid.logrotate
diff --git a/main/squid/CVE-2021-41611.patch b/main/squid/CVE-2021-41611.patch
new file mode 100644
index 0000000000..f96d4f74ef
--- /dev/null
+++ b/main/squid/CVE-2021-41611.patch
@@ -0,0 +1,25 @@
+commit 533b4359f16cf9ed15a6d709a57a4b06e4222cfe
+Author: Alex Rousskov <rousskov@measurement-factory.com>
+Date: 2021-09-24 20:10:37 +0000
+
+ TLS: Fix X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY handling (#898)
+
+diff --git a/src/security/PeerConnector.cc b/src/security/PeerConnector.cc
+index 58db7b057..c601fffb2 100644
+--- a/src/security/PeerConnector.cc
++++ b/src/security/PeerConnector.cc
+@@ -653,11 +653,11 @@ Security::PeerConnector::handleMissingCertificates(const Security::IoResult &ioR
+ Must(callerHandlesMissingCertificates);
+ callerHandlesMissingCertificates = false;
+
+- if (!computeMissingCertificateUrls(sconn))
+- return handleNegotiationResult(ioResult);
+-
+ suspendNegotiation(ioResult);
+
++ if (!computeMissingCertificateUrls(sconn))
++ return resumeNegotiation();
++
+ assert(!urlsOfMissingCerts.empty());
+ startCertDownloading(urlsOfMissingCerts.front());
+ urlsOfMissingCerts.pop();