diff options
| author | Dmitriy Kovalkov <Dmitriy.Kovalkov@virtualfort.ru> | 2021-10-31 02:43:29 +0300 |
|---|---|---|
| committer | Dmitriy Kovalkov <Dmitriy.Kovalkov@virtualfort.ru> | 2021-10-31 02:43:29 +0300 |
| commit | c3411e25b00598e1e37e602cfe82c784a0352362 (patch) | |
| tree | 6095b5ceee5319dcb7f532d79ed31bbd14b4107c | |
| parent | 9a2717089a11922a6aceda432ed4fca5de8204e5 (diff) | |
| download | aports-c3411e25b00598e1e37e602cfe82c784a0352362.tar.gz aports-c3411e25b00598e1e37e602cfe82c784a0352362.tar.bz2 aports-c3411e25b00598e1e37e602cfe82c784a0352362.tar.xz | |
main/squid: patch CVE-2021-41611
| -rw-r--r-- | main/squid/APKBUILD | 6 | ||||
| -rw-r--r-- | main/squid/CVE-2021-41611.patch | 25 |
2 files changed, 30 insertions, 1 deletions
diff --git a/main/squid/APKBUILD b/main/squid/APKBUILD index 9ba693df4d..592c40ad0b 100644 --- a/main/squid/APKBUILD +++ b/main/squid/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=squid pkgver=5.0.6 -pkgrel=1 +pkgrel=2 pkgdesc="A full-featured Web proxy cache server." url="http://www.squid-cache.org" install="squid.pre-install squid.pre-upgrade" @@ -19,6 +19,7 @@ linguas="af ar az bg ca cs da de el es et fa fi fr he hu hy id it ja ka ko lt langdir="/usr/share/squid/errors" source="http://www.squid-cache.org/Versions/v${pkgver%%.*}/squid-$pkgver.tar.xz CVE-2021-28116.patch + CVE-2021-41611.patch $pkgname.initd $pkgname.confd @@ -28,6 +29,8 @@ pkgusers="squid" pkggroups="squid" # secfixes: +# 5.0.6-r2: +# - CVE-2021-41611 # 5.0.6-r1: # - CVE-2021-28116 # 5.0.6-r0: @@ -126,6 +129,7 @@ squid_kerb_auth() { sha512sums=" 97300844145ea5488a88a531fc0fbbf3c96051169eb20f8b95ba9a4c37f73edfbbedb69ee446e81f45b663e5c7c9a82e2978239c2613da7e5da2365fdaeceb6e squid-5.0.6.tar.xz 60440e80e62609584bb5c0eba314fa5e5d68add39fd4d4e3899f3a268552f2dfd31da616b5b1820a1c7096382b82fbc01dc9dc92107feed6cd4b0df40c3c43bd CVE-2021-28116.patch +651d700e45c12910ce9a03894ad8c3549a8ffce55b6ee24da9425b4272f6433e69ade113b1a57e77a692982aae54bcec4b6865c9f0e68cf76cd0388356c9d008 CVE-2021-41611.patch 8320820c02c824ed96065e0b66cabdd80b11c23e911880a42f5bd7e3f6e7a5c1c6def910a1843cca810c62a7dc8ccdb9ae82c0cf52bf08259c3b50058232132d squid.initd 7292661de344e8a87d855c83afce49511685d2680effab3afab110e45144c0117935f3bf73ab893c9e6d43f7fb5ba013635e24f6da6daf0eeb895ef2e9b5baa9 squid.confd 89a703fa4f21b6c7c26e64a46fd52407e20f00c34146ade0bea0c4b63d050117c0f8e218f2256a1fbf6abb84f4ec9b0472c9a4092ff6e78f07c4f5a25d0892a5 squid.logrotate diff --git a/main/squid/CVE-2021-41611.patch b/main/squid/CVE-2021-41611.patch new file mode 100644 index 0000000000..f96d4f74ef --- /dev/null +++ b/main/squid/CVE-2021-41611.patch @@ -0,0 +1,25 @@ +commit 533b4359f16cf9ed15a6d709a57a4b06e4222cfe +Author: Alex Rousskov <rousskov@measurement-factory.com> +Date: 2021-09-24 20:10:37 +0000 + + TLS: Fix X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY handling (#898) + +diff --git a/src/security/PeerConnector.cc b/src/security/PeerConnector.cc +index 58db7b057..c601fffb2 100644 +--- a/src/security/PeerConnector.cc ++++ b/src/security/PeerConnector.cc +@@ -653,11 +653,11 @@ Security::PeerConnector::handleMissingCertificates(const Security::IoResult &ioR + Must(callerHandlesMissingCertificates); + callerHandlesMissingCertificates = false; + +- if (!computeMissingCertificateUrls(sconn)) +- return handleNegotiationResult(ioResult); +- + suspendNegotiation(ioResult); + ++ if (!computeMissingCertificateUrls(sconn)) ++ return resumeNegotiation(); ++ + assert(!urlsOfMissingCerts.empty()); + startCertDownloading(urlsOfMissingCerts.front()); + urlsOfMissingCerts.pop(); |