CaROS/meta-openembedded
3
1
Fork 0
mirror of git://git.openembedded.org/meta-openembedded synced 2026-01-01 13:58:06 +00:00
Code Issues Packages Projects Releases Wiki Activity

squid: backport Debian patch for CVE-2023-46728 and CVE-2023-46846

Browse Source 
import patches from ubuntu to fix
 CVE-2023-46728
 CVE-2023-46846

Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/squid/tree/debian/patches?h=ubuntu/focal-security&id=9ccd217ca9428c9a6597e9310a99552026b245fa
Upstream commit
6ea12e8fb5
&
417da4006c
&
05f6af2f4c]

Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
This commit is contained in:
Vijay Anusuri 2024-01-31 08:04:59 +05:30 committed by Armin Kuster
parent 45ea2ed759
commit 724f1e1a28
4 changed files with 1934 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

608
meta-networking/recipes-daemons/squid/files/CVE-2023-46728.patch Normal file
View File

@ -0,0 +1,608 @@
Partial backport of:
From 6ea12e8fb590ac6959e9356a81aa3370576568c3 Mon Sep 17 00:00:00 2001
From: Alex Rousskov <rousskov@measurement-factory.com>
Date: Tue, 26 Jul 2022 15:05:54 +0000
Subject: [PATCH] Remove support for Gopher protocol (#1092)
Gopher code quality remains too low for production use in most
environments. The code is a persistent source of vulnerabilities and
fixing it requires significant effort. We should not be spending scarce
Project resources on improving that code, especially given the lack of
strong demand for Gopher support.
With this change, Gopher requests will be handled like any other request
with an unknown (to Squid) protocol. For example, HTTP requests with
Gopher URI scheme result in ERR_UNSUP_REQ.
Default Squid configuration still considers TCP port 70 "safe". The
corresponding Safe_ports ACL rule has not been removed for consistency
sake: We consider WAIS port safe even though Squid refuses to forward
WAIS requests:
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/squid/tree/debian/patches/CVE-2023-46728.patch?h=ubuntu/focal-security&id=9ccd217ca9428c9a6597e9310a99552026b245fa
Upstream commit https://github.com/squid-cache/squid/commit/6ea12e8fb590ac6959e9356a81aa3370576568c3]
CVE: CVE-2023-46728
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
---
doc/Programming-Guide/Groups.dox | 5 -
doc/debug-sections.txt | 1 -
doc/manuals/de.po | 2 +-
doc/manuals/en.po | 2 +-
doc/manuals/en_AU.po | 2 +-
doc/manuals/es.po | 2 +-
doc/manuals/fr.po | 2 +-
doc/manuals/it.po | 2 +-
errors/af.po | 6 +-
errors/az.po | 6 +-
errors/bg.po | 6 +-
errors/ca.po | 6 +-
errors/cs.po | 6 +-
errors/da.po | 6 +-
errors/de.po | 6 +-
errors/el.po | 4 +-
errors/en.po | 6 +-
errors/errorpage.css | 2 +-
errors/es-mx.po | 3 +-
errors/es.po | 4 +-
errors/et.po | 6 +-
errors/fi.po | 7 +-
errors/fr.po | 6 +-
errors/he.po | 6 +-
errors/hu.po | 6 +-
errors/hy.po | 6 +-
errors/it.po | 4 +-
errors/ja.po | 6 +-
errors/ko.po | 6 +-
errors/lt.po | 6 +-
errors/lv.po | 6 +-
errors/nl.po | 6 +-
errors/pl.po | 6 +-
errors/pt-br.po | 6 +-
errors/pt.po | 6 +-
errors/ro.po | 4 +-
errors/ru.po | 6 +-
errors/sk.po | 6 +-
errors/sl.po | 6 +-
errors/sr-latn.po | 4 +-
errors/sv.po | 6 +-
errors/templates/ERR_UNSUP_REQ | 2 +-
errors/tr.po | 6 +-
errors/uk.po | 6 +-
errors/vi.po | 4 +-
errors/zh-hans.po | 6 +-
errors/zh-hant.po | 7 +-
src/FwdState.cc | 5 -
src/HttpRequest.cc | 6 -
src/IoStats.h | 2 +-
src/Makefile.am | 8 -
src/adaptation/ecap/Host.cc | 1 -
src/adaptation/ecap/MessageRep.cc | 2 -
src/anyp/ProtocolType.h | 1 -
src/anyp/Uri.cc | 1 -
src/anyp/UriScheme.cc | 3 -
src/cf.data.pre | 5 +-
src/client_side_request.cc | 4 -
src/error/forward.h | 2 +-
src/gopher.cc | 993 -----------------------
src/gopher.h | 29 -
src/http/Message.h | 1 -
src/mgr/IoAction.cc | 3 -
src/mgr/IoAction.h | 2 -
src/squid.8.in | 2 +-
src/stat.cc | 19 -
src/tests/Stub.am | 1 -
src/tests/stub_gopher.cc | 17 -
test-suite/squidconf/regressions-3.4.0.1 | 1 -
69 files changed, 88 insertions(+), 1251 deletions(-)
delete mode 100644 src/gopher.cc
delete mode 100644 src/gopher.h
delete mode 100644 src/tests/stub_gopher.cc
--- a/src/FwdState.cc
+++ b/src/FwdState.cc
@@ -28,7 +28,6 @@
#include "fde.h"
#include "FwdState.h"
#include "globals.h"
-#include "gopher.h"
#include "hier_code.h"
#include "http.h"
#include "http/Stream.h"
@@ -1004,10 +1003,6 @@ FwdState::dispatch()
httpStart(this);
break;
- case AnyP::PROTO_GOPHER:
- gopherStart(this);
- break;
-
case AnyP::PROTO_FTP:
if (request->flags.ftpNative)
Ftp::StartRelay(this);
--- a/src/HttpRequest.cc
+++ b/src/HttpRequest.cc
@@ -18,7 +18,6 @@
#include "Downloader.h"
#include "err_detail_type.h"
#include "globals.h"
-#include "gopher.h"
#include "http.h"
#include "http/one/RequestParser.h"
#include "http/Stream.h"
@@ -556,11 +555,6 @@ HttpRequest::maybeCacheable()
return false;
break;
- case AnyP::PROTO_GOPHER:
- if (!gopherCachable(this))
- return false;
- break;
-
case AnyP::PROTO_CACHE_OBJECT:
return false;
--- a/src/IoStats.h
+++ b/src/IoStats.h
@@ -22,7 +22,7 @@ public:
int writes;
int write_hist[histSize];
}
- Http, Ftp, Gopher;
+ Http, Ftp;
};
#endif /* SQUID_IOSTATS_H_ */
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -306,8 +306,6 @@ squid_SOURCES = \
FwdState.h \
Generic.h \
globals.h \
- gopher.h \
- gopher.cc \
helper.cc \
helper.h \
hier_code.h \
@@ -1259,8 +1257,6 @@ tests_testCacheManager_SOURCES = \
fqdncache.cc \
FwdState.cc \
FwdState.h \
- gopher.h \
- gopher.cc \
hier_code.h \
helper.cc \
$(HTCPSOURCE) \
@@ -1678,8 +1674,6 @@ tests_testEvent_SOURCES = \
fqdncache.cc \
FwdState.cc \
FwdState.h \
- gopher.h \
- gopher.cc \
helper.cc \
hier_code.h \
$(HTCPSOURCE) \
@@ -1914,8 +1908,6 @@ tests_testEventLoop_SOURCES = \
fqdncache.cc \
FwdState.cc \
FwdState.h \
- gopher.h \
- gopher.cc \
helper.cc \
hier_code.h \
$(HTCPSOURCE) \
@@ -2145,8 +2137,6 @@ tests_test_http_range_SOURCES = \
fqdncache.cc \
FwdState.cc \
FwdState.h \
- gopher.h \
- gopher.cc \
helper.cc \
hier_code.h \
$(HTCPSOURCE) \
@@ -2461,8 +2451,6 @@ tests_testHttpRequest_SOURCES = \
fqdncache.cc \
FwdState.cc \
FwdState.h \
- gopher.h \
- gopher.cc \
helper.cc \
hier_code.h \
$(HTCPSOURCE) \
@@ -3307,8 +3295,6 @@ tests_testURL_SOURCES = \
fqdncache.cc \
FwdState.cc \
FwdState.h \
- gopher.h \
- gopher.cc \
helper.cc \
hier_code.h \
$(HTCPSOURCE) \
--- a/src/adaptation/ecap/Host.cc
+++ b/src/adaptation/ecap/Host.cc
@@ -49,7 +49,6 @@ Adaptation::Ecap::Host::Host()
libecap::protocolHttp.assignHostId(AnyP::PROTO_HTTP);
libecap::protocolHttps.assignHostId(AnyP::PROTO_HTTPS);
libecap::protocolFtp.assignHostId(AnyP::PROTO_FTP);
- libecap::protocolGopher.assignHostId(AnyP::PROTO_GOPHER);
libecap::protocolWais.assignHostId(AnyP::PROTO_WAIS);
libecap::protocolUrn.assignHostId(AnyP::PROTO_URN);
libecap::protocolWhois.assignHostId(AnyP::PROTO_WHOIS);
--- a/src/adaptation/ecap/MessageRep.cc
+++ b/src/adaptation/ecap/MessageRep.cc
@@ -140,8 +140,6 @@ Adaptation::Ecap::FirstLineRep::protocol
return libecap::protocolHttps;
case AnyP::PROTO_FTP:
return libecap::protocolFtp;
- case AnyP::PROTO_GOPHER:
- return libecap::protocolGopher;
case AnyP::PROTO_WAIS:
return libecap::protocolWais;
case AnyP::PROTO_WHOIS:
--- a/src/anyp/ProtocolType.h
+++ b/src/anyp/ProtocolType.h
@@ -27,7 +27,6 @@ typedef enum {
PROTO_HTTPS,
PROTO_COAP,
PROTO_COAPS,
- PROTO_GOPHER,
PROTO_WAIS,
PROTO_CACHE_OBJECT,
PROTO_ICP,
--- a/src/anyp/Uri.cc
+++ b/src/anyp/Uri.cc
@@ -852,8 +852,6 @@ urlCheckRequest(const HttpRequest * r)
if (r->method == Http::METHOD_PUT)
rc = 1;
- case AnyP::PROTO_GOPHER:
-
case AnyP::PROTO_WAIS:
case AnyP::PROTO_WHOIS:
--- a/src/anyp/UriScheme.cc
+++ b/src/anyp/UriScheme.cc
@@ -87,9 +87,6 @@ AnyP::UriScheme::defaultPort() const
// Assuming IANA policy of allocating same port for base and TLS protocol versions will occur.
return 5683;
- case AnyP::PROTO_GOPHER:
- return 70;
-
case AnyP::PROTO_WAIS:
return 210;
--- a/src/client_side_request.cc
+++ b/src/client_side_request.cc
@@ -33,7 +33,6 @@
#include "fd.h"
#include "fde.h"
#include "format/Token.h"
-#include "gopher.h"
#include "helper.h"
#include "helper/Reply.h"
#include "http.h"
@@ -965,9 +964,6 @@ clientHierarchical(ClientHttpRequest * h
if (request->url.getScheme() == AnyP::PROTO_HTTP)
return method.respMaybeCacheable();
- if (request->url.getScheme() == AnyP::PROTO_GOPHER)
- return gopherCachable(request);
-
if (request->url.getScheme() == AnyP::PROTO_CACHE_OBJECT)
return 0;
--- a/src/err_type.h
+++ b/src/err_type.h
@@ -65,7 +65,7 @@ typedef enum {
ERR_GATEWAY_FAILURE,
/* Special Cases */
- ERR_DIR_LISTING, /* Display of remote directory (FTP, Gopher) */
+ ERR_DIR_LISTING, /* Display of remote directory (FTP) */
ERR_SQUID_SIGNATURE, /* not really an error */
ERR_SHUTTING_DOWN,
ERR_PROTOCOL_UNKNOWN,
--- a/src/HttpMsg.h
+++ b/src/HttpMsg.h
@@ -38,7 +38,6 @@ public:
srcFtp = 1 << (16 + 1), ///< ftp_port or FTP server
srcIcap = 1 << (16 + 2), ///< traditional ICAP service without encryption
srcEcap = 1 << (16 + 3), ///< eCAP service that uses insecure libraries/daemons
- srcGopher = 1 << (16 + 14), ///< Gopher server
srcWhois = 1 << (16 + 15), ///< Whois server
srcUnsafe = 0xFFFF0000, ///< Unsafe sources mask
srcSafe = 0x0000FFFF ///< Safe sources mask
--- a/src/mgr/IoAction.cc
+++ b/src/mgr/IoAction.cc
@@ -35,9 +35,6 @@ Mgr::IoActionData::operator += (const Io
ftp_reads += stats.ftp_reads;
for (int i = 0; i < IoStats::histSize; ++i)
ftp_read_hist[i] += stats.ftp_read_hist[i];
- gopher_reads += stats.gopher_reads;
- for (int i = 0; i < IoStats::histSize; ++i)
- gopher_read_hist[i] += stats.gopher_read_hist[i];
return *this;
}
--- a/src/mgr/IoAction.h
+++ b/src/mgr/IoAction.h
@@ -27,10 +27,8 @@ public:
public:
double http_reads;
double ftp_reads;
- double gopher_reads;
double http_read_hist[IoStats::histSize];
double ftp_read_hist[IoStats::histSize];
- double gopher_read_hist[IoStats::histSize];
};
/// implement aggregated 'io' action
--- a/src/stat.cc
+++ b/src/stat.cc
@@ -206,12 +206,6 @@ GetIoStats(Mgr::IoActionData& stats)
for (i = 0; i < IoStats::histSize; ++i) {
stats.ftp_read_hist[i] = IOStats.Ftp.read_hist[i];
}
-
- stats.gopher_reads = IOStats.Gopher.reads;
-
- for (i = 0; i < IoStats::histSize; ++i) {
- stats.gopher_read_hist[i] = IOStats.Gopher.read_hist[i];
- }
}
void
@@ -245,19 +239,6 @@ DumpIoStats(Mgr::IoActionData& stats, St
}
storeAppendPrintf(sentry, "\n");
- storeAppendPrintf(sentry, "Gopher I/O\n");
- storeAppendPrintf(sentry, "number of reads: %.0f\n", stats.gopher_reads);
- storeAppendPrintf(sentry, "Read Histogram:\n");
-
- for (i = 0; i < IoStats::histSize; ++i) {
- storeAppendPrintf(sentry, "%5d-%5d: %9.0f %2.0f%%\n",
- i ? (1 << (i - 1)) + 1 : 1,
- 1 << i,
- stats.gopher_read_hist[i],
- Math::doublePercent(stats.gopher_read_hist[i], stats.gopher_reads));
- }
-
- storeAppendPrintf(sentry, "\n");
}
static const char *
--- a/src/Makefile.in
+++ b/src/Makefile.in
@@ -263,7 +263,7 @@ am__squid_SOURCES_DIST = AclRegs.cc Auth
ExternalACL.h ExternalACLEntry.cc ExternalACLEntry.h \
FadingCounter.h FadingCounter.cc fatal.h fatal.cc fd.h fd.cc \
fde.cc fde.h FileMap.h filemap.cc fqdncache.h fqdncache.cc \
- FwdState.cc FwdState.h Generic.h globals.h gopher.h gopher.cc \
+ FwdState.cc FwdState.h Generic.h globals.h \
helper.cc helper.h hier_code.h HierarchyLogEntry.h htcp.cc \
htcp.h http.cc http.h HttpHeaderFieldStat.h HttpHdrCc.h \
HttpHdrCc.cc HttpHdrCc.cci HttpHdrRange.cc HttpHdrSc.cc \
@@ -352,7 +352,7 @@ am_squid_OBJECTS = $(am__objects_1) Acce
EventLoop.$(OBJEXT) external_acl.$(OBJEXT) \
ExternalACLEntry.$(OBJEXT) FadingCounter.$(OBJEXT) \
fatal.$(OBJEXT) fd.$(OBJEXT) fde.$(OBJEXT) filemap.$(OBJEXT) \
- fqdncache.$(OBJEXT) FwdState.$(OBJEXT) gopher.$(OBJEXT) \
+ fqdncache.$(OBJEXT) FwdState.$(OBJEXT) \
helper.$(OBJEXT) $(am__objects_5) http.$(OBJEXT) \
HttpHdrCc.$(OBJEXT) HttpHdrRange.$(OBJEXT) HttpHdrSc.$(OBJEXT) \
HttpHdrScTarget.$(OBJEXT) HttpHdrContRange.$(OBJEXT) \
@@ -539,7 +539,7 @@ am__tests_testCacheManager_SOURCES_DIST
tests/stub_ETag.cc event.cc external_acl.cc \
ExternalACLEntry.cc fatal.h tests/stub_fatal.cc fd.h fd.cc \
fde.cc FileMap.h filemap.cc fqdncache.h fqdncache.cc \
- FwdState.cc FwdState.h gopher.h gopher.cc hier_code.h \
+ FwdState.cc FwdState.h hier_code.h \
helper.cc htcp.cc htcp.h http.cc HttpBody.h HttpBody.cc \
HttpHeader.h HttpHeader.cc HttpHeaderFieldInfo.h \
HttpHeaderTools.h HttpHeaderTools.cc HttpHeaderFieldStat.h \
@@ -594,7 +594,7 @@ am_tests_testCacheManager_OBJECTS = Acce
event.$(OBJEXT) external_acl.$(OBJEXT) \
ExternalACLEntry.$(OBJEXT) tests/stub_fatal.$(OBJEXT) \
fd.$(OBJEXT) fde.$(OBJEXT) filemap.$(OBJEXT) \
- fqdncache.$(OBJEXT) FwdState.$(OBJEXT) gopher.$(OBJEXT) \
+ fqdncache.$(OBJEXT) FwdState.$(OBJEXT) \
helper.$(OBJEXT) $(am__objects_5) http.$(OBJEXT) \
HttpBody.$(OBJEXT) HttpHeader.$(OBJEXT) \
HttpHeaderTools.$(OBJEXT) HttpHdrCc.$(OBJEXT) \
@@ -838,7 +838,7 @@ am__tests_testEvent_SOURCES_DIST = Acces
EventLoop.h EventLoop.cc external_acl.cc ExternalACLEntry.cc \
FadingCounter.cc fatal.h tests/stub_fatal.cc fd.h fd.cc fde.cc \
FileMap.h filemap.cc fqdncache.h fqdncache.cc FwdState.cc \
- FwdState.h gopher.h gopher.cc helper.cc hier_code.h htcp.cc \
+ FwdState.h helper.cc hier_code.h htcp.cc \
htcp.h http.cc HttpBody.h HttpBody.cc \
tests/stub_HttpControlMsg.cc HttpHeader.h HttpHeader.cc \
HttpHeaderFieldInfo.h HttpHeaderTools.h HttpHeaderTools.cc \
@@ -891,7 +891,7 @@ am_tests_testEvent_OBJECTS = AccessLogEn
external_acl.$(OBJEXT) ExternalACLEntry.$(OBJEXT) \
FadingCounter.$(OBJEXT) tests/stub_fatal.$(OBJEXT) \
fd.$(OBJEXT) fde.$(OBJEXT) filemap.$(OBJEXT) \
- fqdncache.$(OBJEXT) FwdState.$(OBJEXT) gopher.$(OBJEXT) \
+ fqdncache.$(OBJEXT) FwdState.$(OBJEXT) \
helper.$(OBJEXT) $(am__objects_5) http.$(OBJEXT) \
HttpBody.$(OBJEXT) tests/stub_HttpControlMsg.$(OBJEXT) \
HttpHeader.$(OBJEXT) HttpHeaderTools.$(OBJEXT) \
@@ -975,8 +975,8 @@ am__tests_testEventLoop_SOURCES_DIST = A
tests/stub_ETag.cc EventLoop.h EventLoop.cc event.cc \
external_acl.cc ExternalACLEntry.cc FadingCounter.cc fatal.h \
tests/stub_fatal.cc fd.h fd.cc fde.cc FileMap.h filemap.cc \
- fqdncache.h fqdncache.cc FwdState.cc FwdState.h gopher.h \
- gopher.cc helper.cc hier_code.h htcp.cc htcp.h http.cc \
+ fqdncache.h fqdncache.cc FwdState.cc FwdState.h \
+ helper.cc hier_code.h htcp.cc htcp.h http.cc \
HttpBody.h HttpBody.cc tests/stub_HttpControlMsg.cc \
HttpHeader.h HttpHeader.cc HttpHeaderFieldInfo.h \
HttpHeaderTools.h HttpHeaderTools.cc HttpHeaderFieldStat.h \
@@ -1029,7 +1029,7 @@ am_tests_testEventLoop_OBJECTS = AccessL
external_acl.$(OBJEXT) ExternalACLEntry.$(OBJEXT) \
FadingCounter.$(OBJEXT) tests/stub_fatal.$(OBJEXT) \
fd.$(OBJEXT) fde.$(OBJEXT) filemap.$(OBJEXT) \
- fqdncache.$(OBJEXT) FwdState.$(OBJEXT) gopher.$(OBJEXT) \
+ fqdncache.$(OBJEXT) FwdState.$(OBJEXT) \
helper.$(OBJEXT) $(am__objects_5) http.$(OBJEXT) \
HttpBody.$(OBJEXT) tests/stub_HttpControlMsg.$(OBJEXT) \
HttpHeader.$(OBJEXT) HttpHeaderTools.$(OBJEXT) \
@@ -1187,7 +1187,7 @@ am__tests_testHttpRequest_SOURCES_DIST =
fs_io.cc dlink.h dlink.cc dns_internal.cc errorpage.cc \
tests/stub_ETag.cc external_acl.cc ExternalACLEntry.cc fatal.h \
tests/stub_fatal.cc fd.h fd.cc fde.cc fqdncache.h fqdncache.cc \
- FwdState.cc FwdState.h gopher.h gopher.cc helper.cc \
+ FwdState.cc FwdState.h helper.cc \
hier_code.h htcp.cc htcp.h http.cc HttpBody.h HttpBody.cc \
tests/stub_HttpControlMsg.cc HttpHeader.h HttpHeader.cc \
HttpHeaderFieldInfo.h HttpHeaderTools.h HttpHeaderTools.cc \
@@ -1243,7 +1243,7 @@ am_tests_testHttpRequest_OBJECTS = Acces
$(am__objects_4) errorpage.$(OBJEXT) tests/stub_ETag.$(OBJEXT) \
external_acl.$(OBJEXT) ExternalACLEntry.$(OBJEXT) \
tests/stub_fatal.$(OBJEXT) fd.$(OBJEXT) fde.$(OBJEXT) \
- fqdncache.$(OBJEXT) FwdState.$(OBJEXT) gopher.$(OBJEXT) \
+ fqdncache.$(OBJEXT) FwdState.$(OBJEXT) \
helper.$(OBJEXT) $(am__objects_5) http.$(OBJEXT) \
HttpBody.$(OBJEXT) tests/stub_HttpControlMsg.$(OBJEXT) \
HttpHeader.$(OBJEXT) HttpHeaderTools.$(OBJEXT) \
@@ -1670,8 +1670,8 @@ am__tests_testURL_SOURCES_DIST = AccessL
fs_io.cc dlink.h dlink.cc dns_internal.cc errorpage.cc ETag.cc \
event.cc external_acl.cc ExternalACLEntry.cc fatal.h \
tests/stub_fatal.cc fd.h fd.cc fde.cc FileMap.h filemap.cc \
- fqdncache.h fqdncache.cc FwdState.cc FwdState.h gopher.h \
- gopher.cc helper.cc hier_code.h htcp.cc htcp.h http.cc \
+ fqdncache.h fqdncache.cc FwdState.cc FwdState.h \
+ helper.cc hier_code.h htcp.cc htcp.h http.cc \
HttpBody.h HttpBody.cc tests/stub_HttpControlMsg.cc \
HttpHeaderFieldStat.h HttpHdrCc.h HttpHdrCc.cc HttpHdrCc.cci \
HttpHdrContRange.cc HttpHdrRange.cc HttpHdrSc.cc \
@@ -1725,7 +1725,7 @@ am_tests_testURL_OBJECTS = AccessLogEntr
event.$(OBJEXT) external_acl.$(OBJEXT) \
ExternalACLEntry.$(OBJEXT) tests/stub_fatal.$(OBJEXT) \
fd.$(OBJEXT) fde.$(OBJEXT) filemap.$(OBJEXT) \
- fqdncache.$(OBJEXT) FwdState.$(OBJEXT) gopher.$(OBJEXT) \
+ fqdncache.$(OBJEXT) FwdState.$(OBJEXT) \
helper.$(OBJEXT) $(am__objects_5) http.$(OBJEXT) \
HttpBody.$(OBJEXT) tests/stub_HttpControlMsg.$(OBJEXT) \
HttpHdrCc.$(OBJEXT) HttpHdrContRange.$(OBJEXT) \
@@ -1925,8 +1925,8 @@ am__tests_test_http_range_SOURCES_DIST =
dns_internal.cc errorpage.cc tests/stub_ETag.cc event.cc \
FadingCounter.cc fatal.h tests/stub_libauth.cc \
tests/stub_fatal.cc fd.h fd.cc fde.cc FileMap.h filemap.cc \
- fqdncache.h fqdncache.cc FwdState.cc FwdState.h gopher.h \
- gopher.cc helper.cc hier_code.h htcp.cc htcp.h http.cc \
+ fqdncache.h fqdncache.cc FwdState.cc FwdState.h \
+ helper.cc hier_code.h htcp.cc htcp.h http.cc \
HttpBody.h HttpBody.cc tests/stub_HttpControlMsg.cc \
HttpHeaderFieldStat.h HttpHdrCc.h HttpHdrCc.cc HttpHdrCc.cci \
HttpHdrContRange.cc HttpHdrRange.cc HttpHdrSc.cc \
@@ -1979,7 +1979,7 @@ am_tests_test_http_range_OBJECTS = Acces
FadingCounter.$(OBJEXT) tests/stub_libauth.$(OBJEXT) \
tests/stub_fatal.$(OBJEXT) fd.$(OBJEXT) fde.$(OBJEXT) \
filemap.$(OBJEXT) fqdncache.$(OBJEXT) FwdState.$(OBJEXT) \
- gopher.$(OBJEXT) helper.$(OBJEXT) $(am__objects_5) \
+ helper.$(OBJEXT) $(am__objects_5) \
http.$(OBJEXT) HttpBody.$(OBJEXT) \
tests/stub_HttpControlMsg.$(OBJEXT) HttpHdrCc.$(OBJEXT) \
HttpHdrContRange.$(OBJEXT) HttpHdrRange.$(OBJEXT) \
@@ -2131,7 +2131,7 @@ am__depfiles_remade = ./$(DEPDIR)/Access
./$(DEPDIR)/external_acl.Po ./$(DEPDIR)/fatal.Po \
./$(DEPDIR)/fd.Po ./$(DEPDIR)/fde.Po ./$(DEPDIR)/filemap.Po \
./$(DEPDIR)/fqdncache.Po ./$(DEPDIR)/fs_io.Po \
- ./$(DEPDIR)/globals.Po ./$(DEPDIR)/gopher.Po \
+ ./$(DEPDIR)/globals.Po \
./$(DEPDIR)/helper.Po ./$(DEPDIR)/hier_code.Po \
./$(DEPDIR)/htcp.Po ./$(DEPDIR)/http.Po \
./$(DEPDIR)/icp_opcode.Po ./$(DEPDIR)/icp_v2.Po \
@@ -3043,7 +3043,7 @@ squid_SOURCES = $(ACL_REGISTRATION_SOURC
ExternalACL.h ExternalACLEntry.cc ExternalACLEntry.h \
FadingCounter.h FadingCounter.cc fatal.h fatal.cc fd.h fd.cc \
fde.cc fde.h FileMap.h filemap.cc fqdncache.h fqdncache.cc \
- FwdState.cc FwdState.h Generic.h globals.h gopher.h gopher.cc \
+ FwdState.cc FwdState.h Generic.h globals.h \
helper.cc helper.h hier_code.h HierarchyLogEntry.h \
$(HTCPSOURCE) http.cc http.h HttpHeaderFieldStat.h HttpHdrCc.h \
HttpHdrCc.cc HttpHdrCc.cci HttpHdrRange.cc HttpHdrSc.cc \
@@ -3708,8 +3708,6 @@ tests_testCacheManager_SOURCES = \
fqdncache.cc \
FwdState.cc \
FwdState.h \
- gopher.h \
- gopher.cc \
hier_code.h \
helper.cc \
$(HTCPSOURCE) \
@@ -4134,8 +4132,6 @@ tests_testEvent_SOURCES = \
fqdncache.cc \
FwdState.cc \
FwdState.h \
- gopher.h \
- gopher.cc \
helper.cc \
hier_code.h \
$(HTCPSOURCE) \
@@ -4371,8 +4367,6 @@ tests_testEventLoop_SOURCES = \
fqdncache.cc \
FwdState.cc \
FwdState.h \
- gopher.h \
- gopher.cc \
helper.cc \
hier_code.h \
$(HTCPSOURCE) \
@@ -4604,8 +4598,6 @@ tests_test_http_range_SOURCES = \
fqdncache.cc \
FwdState.cc \
FwdState.h \
- gopher.h \
- gopher.cc \
helper.cc \
hier_code.h \
$(HTCPSOURCE) \
@@ -4924,8 +4916,6 @@ tests_testHttpRequest_SOURCES = \
fqdncache.cc \
FwdState.cc \
FwdState.h \
- gopher.h \
- gopher.cc \
helper.cc \
hier_code.h \
$(HTCPSOURCE) \
@@ -5777,8 +5767,6 @@ tests_testURL_SOURCES = \
fqdncache.cc \
FwdState.cc \
FwdState.h \
- gopher.h \
- gopher.cc \
helper.cc \
hier_code.h \
$(HTCPSOURCE) \
@@ -6823,7 +6811,6 @@ distclean-compile:
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/fqdncache.Po@am__quote@ # am--include-marker
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/fs_io.Po@am__quote@ # am--include-marker
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/globals.Po@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gopher.Po@am__quote@ # am--include-marker
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/helper.Po@am__quote@ # am--include-marker
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/hier_code.Po@am__quote@ # am--include-marker
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/htcp.Po@am__quote@ # am--include-marker
@@ -7804,7 +7791,6 @@ distclean: distclean-recursive
-rm -f ./$(DEPDIR)/fqdncache.Po
-rm -f ./$(DEPDIR)/fs_io.Po
-rm -f ./$(DEPDIR)/globals.Po
- -rm -f ./$(DEPDIR)/gopher.Po
-rm -f ./$(DEPDIR)/helper.Po
-rm -f ./$(DEPDIR)/hier_code.Po
-rm -f ./$(DEPDIR)/htcp.Po
@@ -8129,7 +8115,6 @@ maintainer-clean: maintainer-clean-recur
-rm -f ./$(DEPDIR)/fqdncache.Po
-rm -f ./$(DEPDIR)/fs_io.Po
-rm -f ./$(DEPDIR)/globals.Po
- -rm -f ./$(DEPDIR)/gopher.Po
-rm -f ./$(DEPDIR)/helper.Po
-rm -f ./$(DEPDIR)/hier_code.Po
-rm -f ./$(DEPDIR)/htcp.Po

1154
meta-networking/recipes-daemons/squid/files/CVE-2023-46846-pre1.patch Normal file
View File

File diff suppressed because it is too large Load Diff

169
meta-networking/recipes-daemons/squid/files/CVE-2023-46846.patch Normal file
View File

@ -0,0 +1,169 @@
From 05f6af2f4c85cc99323cfff6149c3d74af661b6d Mon Sep 17 00:00:00 2001
From: Amos Jeffries <yadij@users.noreply.github.com>
Date: Fri, 13 Oct 2023 08:44:16 +0000
Subject: [PATCH] RFC 9112: Improve HTTP chunked encoding compliance (#1498)
Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/squid/tree/debian/patches/CVE-2023-46846.patch?h=ubuntu/focal-security&id=9ccd217ca9428c9a6597e9310a99552026b245fa
Upstream commit https://github.com/squid-cache/squid/commit/05f6af2f4c85cc99323cfff6149c3d74af661b6d]
CVE: CVE-2023-46846
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
---
src/http/one/Parser.cc | 8 +-------
src/http/one/Parser.h | 4 +---
src/http/one/TeChunkedParser.cc | 23 ++++++++++++++++++-----
src/parser/Tokenizer.cc | 12 ++++++++++++
src/parser/Tokenizer.h | 7 +++++++
5 files changed, 39 insertions(+), 15 deletions(-)
--- a/src/http/one/Parser.cc
+++ b/src/http/one/Parser.cc
@@ -65,16 +65,10 @@ Http::One::Parser::DelimiterCharacters()
void
Http::One::Parser::skipLineTerminator(Tokenizer &tok) const
{
- if (tok.skip(Http1::CrLf()))
- return;
-
if (Config.onoff.relaxed_header_parser && tok.skipOne(CharacterSet::LF))
return;
- if (tok.atEnd() || (tok.remaining().length() == 1 && tok.remaining().at(0) == '\r'))
- throw InsufficientInput();
-
- throw TexcHere("garbage instead of CRLF line terminator");
+ tok.skipRequired("line-terminating CRLF", Http1::CrLf());
}
/// all characters except the LF line terminator
--- a/src/http/one/Parser.h
+++ b/src/http/one/Parser.h
@@ -120,9 +120,7 @@ protected:
* detect and skip the CRLF or (if tolerant) LF line terminator
* consume from the tokenizer.
*
- * \throws exception on bad or InsuffientInput.
- * \retval true only if line terminator found.
- * \retval false incomplete or missing line terminator, need more data.
+ * \throws exception on bad or InsufficientInput
*/
void skipLineTerminator(Tokenizer &) const;
--- a/src/http/one/TeChunkedParser.cc
+++ b/src/http/one/TeChunkedParser.cc
@@ -91,6 +91,11 @@ Http::One::TeChunkedParser::parseChunkSi
{
Must(theChunkSize <= 0); // Should(), really
+ static const SBuf bannedHexPrefixLower("0x");
+ static const SBuf bannedHexPrefixUpper("0X");
+ if (tok.skip(bannedHexPrefixLower) || tok.skip(bannedHexPrefixUpper))
+ throw TextException("chunk starts with 0x", Here());
+
int64_t size = -1;
if (tok.int64(size, 16, false) && !tok.atEnd()) {
if (size < 0)
@@ -121,7 +126,7 @@ Http::One::TeChunkedParser::parseChunkMe
// bad or insufficient input, like in the code below. TODO: Expand up.
try {
parseChunkExtensions(tok); // a possibly empty chunk-ext list
- skipLineTerminator(tok);
+ tok.skipRequired("CRLF after [chunk-ext]", Http1::CrLf());
buf_ = tok.remaining();
parsingStage_ = theChunkSize ? Http1::HTTP_PARSE_CHUNK : Http1::HTTP_PARSE_MIME;
return true;
@@ -132,12 +137,14 @@ Http::One::TeChunkedParser::parseChunkMe
// other exceptions bubble up to kill message parsing
}
-/// Parses the chunk-ext list (RFC 7230 section 4.1.1 and its Errata #4667):
+/// Parses the chunk-ext list (RFC 9112 section 7.1.1:
/// chunk-ext = *( BWS ";" BWS chunk-ext-name [ BWS "=" BWS chunk-ext-val ] )
void
-Http::One::TeChunkedParser::parseChunkExtensions(Tokenizer &tok)
+Http::One::TeChunkedParser::parseChunkExtensions(Tokenizer &callerTok)
{
do {
+ auto tok = callerTok;
+
ParseBws(tok); // Bug 4492: IBM_HTTP_Server sends SP after chunk-size
if (!tok.skip(';'))
@@ -145,6 +152,7 @@ Http::One::TeChunkedParser::parseChunkEx
parseOneChunkExtension(tok);
buf_ = tok.remaining(); // got one extension
+ callerTok = tok;
} while (true);
}
@@ -158,11 +166,14 @@ Http::One::ChunkExtensionValueParser::Ig
/// Parses a single chunk-ext list element:
/// chunk-ext = *( BWS ";" BWS chunk-ext-name [ BWS "=" BWS chunk-ext-val ] )
void
-Http::One::TeChunkedParser::parseOneChunkExtension(Tokenizer &tok)
+Http::One::TeChunkedParser::parseOneChunkExtension(Tokenizer &callerTok)
{
+ auto tok = callerTok;
+
ParseBws(tok); // Bug 4492: ICAP servers send SP before chunk-ext-name
const auto extName = tok.prefix("chunk-ext-name", CharacterSet::TCHAR);
+ callerTok = tok; // in case we determine that this is a valueless chunk-ext
ParseBws(tok);
@@ -176,6 +187,8 @@ Http::One::TeChunkedParser::parseOneChun
customExtensionValueParser->parse(tok, extName);
else
ChunkExtensionValueParser::Ignore(tok, extName);
+
+ callerTok = tok;
}
bool
@@ -209,7 +222,7 @@ Http::One::TeChunkedParser::parseChunkEn
Must(theLeftBodySize == 0); // Should(), really
try {
- skipLineTerminator(tok);
+ tok.skipRequired("chunk CRLF", Http1::CrLf());
buf_ = tok.remaining(); // parse checkpoint
theChunkSize = 0; // done with the current chunk
parsingStage_ = Http1::HTTP_PARSE_CHUNK_SZ;
--- a/src/parser/Tokenizer.cc
+++ b/src/parser/Tokenizer.cc
@@ -147,6 +147,18 @@ Parser::Tokenizer::skipAll(const Charact
return success(prefixLen);
}
+void
+Parser::Tokenizer::skipRequired(const char *description, const SBuf &tokenToSkip)
+{
+ if (skip(tokenToSkip) || tokenToSkip.isEmpty())
+ return;
+
+ if (tokenToSkip.startsWith(buf_))
+ throw InsufficientInput();
+
+ throw TextException(ToSBuf("cannot skip ", description), Here());
+}
+
bool
Parser::Tokenizer::skipOne(const CharacterSet &chars)
{
--- a/src/parser/Tokenizer.h
+++ b/src/parser/Tokenizer.h
@@ -115,6 +115,13 @@ public:
*/
SBuf::size_type skipAll(const CharacterSet &discardables);
+ /** skips a given character sequence (string);
+ * does nothing if the sequence is empty
+ *
+ * \throws exception on mismatching prefix or InsufficientInput
+ */
+ void skipRequired(const char *description, const SBuf &tokenToSkip);
+
/** Removes a single trailing character from the set.
*
* \return whether a character was removed

3
meta-networking/recipes-daemons/squid/squid_4.9.bb
View File

@ -25,6 +25,9 @@ SRC_URI = "http://www.squid-cache.org/Versions/v${MAJ_VER}/${BPN}-${PV}.tar.bz2
file://0001-tools.cc-fixed-unused-result-warning.patch \
file://0001-splay.cc-fix-bind-is-not-a-member-of-std.patch \
file://CVE-2023-46847.patch \
file://CVE-2023-46728.patch \
file://CVE-2023-46846-pre1.patch \
file://CVE-2023-46846.patch \
"
SRC_URI_remove_toolchain-clang = "file://0001-configure-Check-for-Wno-error-format-truncation-comp.patch"