squid: Add security patches

for CVE-2022-41317 and CVE-2022-41318.
2022-09-24 07:33:46 +09:00 · 2022-09-24 07:33:46 +09:00 · 7bb87f7fde
parent b0df57811d
commit 7bb87f7fde
3 changed files with 58 additions and 1 deletions
--- a/packages/squid/SQUID-2022_1.patch
+++ b/packages/squid/SQUID-2022_1.patch
@ -0,0 +1,19 @@
+commit 55151c545a8e0bd2cb69036da5794c9cb21018b2
+Author: Amos Jeffries <yadij@users.noreply.github.com>
+Date:   2022-08-17 23:32:43 +0000
+
+    Fix typo in manager ACL (#1113)
+
+diff --git a/src/cf.data.pre b/src/cf.data.pre
+index a0bdb2f83..118256437 100644
+--- a/src/cf.data.pre
+++ b/src/cf.data.pre
+@@ -1036,7 +1036,7 @@ DEFAULT: ssl::certUntrusted ssl_error X509_V_ERR_INVALID_CA X509_V_ERR_SELF_SIGN
+ DEFAULT: ssl::certSelfSigned ssl_error X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT
+ ENDIF
+ DEFAULT: all src all
+-DEFAULT: manager url_regex -i ^cache_object:// +i ^https?://[^/]+/squid-internal-mgr/
+DEFAULT: manager url_regex -i ^cache_object:// +i ^[^:]+://[^/]+/squid-internal-mgr/
+ DEFAULT: localhost src 127.0.0.1/32 ::1
+ DEFAULT: to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1/128 ::/128
+ DEFAULT: CONNECT method CONNECT
--- a/packages/squid/SQUID-2022_2.patch
+++ b/packages/squid/SQUID-2022_2.patch
@ -0,0 +1,38 @@
+commit 8eca72c14f94e8591b0d40bd6210ec68d1e54c46
+Author: Amos Jeffries <yadij@users.noreply.github.com>
+Date:   2022-08-09 23:34:54 +0000
+
+    Bug 3193 pt2: NTLM decoder truncating strings (#1114)
+    
+    The initial bug fix overlooked large 'offset' causing integer
+    wrap to extract a too-short length string.
+    
+    Improve debugs and checks sequence to clarify cases and ensure
+    that all are handled correctly.
+
+diff --git a/lib/ntlmauth/ntlmauth.cc b/lib/ntlmauth/ntlmauth.cc
+index b3df6b18e..dac8a7ecb 100644
+--- a/lib/ntlmauth/ntlmauth.cc
+++ b/lib/ntlmauth/ntlmauth.cc
+@@ -108,10 +108,19 @@ ntlm_fetch_string(const ntlmhdr *packet, const int32_t packet_size, const strhdr
+     int32_t o = le32toh(str->offset);
+     // debug("ntlm_fetch_string(plength=%d,l=%d,o=%d)\n",packet_size,l,o);
+ 
+-    if (l < 0 || l > NTLM_MAX_FIELD_LENGTH || o + l > packet_size || o == 0) {
+-        debug("ntlm_fetch_string: insane data (pkt-sz: %d, fetch len: %d, offset: %d)\n", packet_size,l,o);
+    if (l < 0 || l > NTLM_MAX_FIELD_LENGTH) {
+        debug("ntlm_fetch_string: insane string length (pkt-sz: %d, fetch len: %d, offset: %d)\n", packet_size,l,o);
+         return rv;
+     }
+    else if (o <= 0 || o > packet_size) {
+        debug("ntlm_fetch_string: insane string offset (pkt-sz: %d, fetch len: %d, offset: %d)\n", packet_size,l,o);
+        return rv;
+    }
+    else if (l > packet_size - o) {
+        debug("ntlm_fetch_string: truncated string data (pkt-sz: %d, fetch len: %d, offset: %d)\n", packet_size,l,o);
+        return rv;
+    }
+
+     rv.str = (char *)packet + o;
+     rv.l = 0;
+     if ((flags & NTLM_NEGOTIATE_ASCII) == 0) {
--- a/packages/squid/build.sh
+++ b/packages/squid/build.sh
@ -3,7 +3,7 @@ TERMUX_PKG_DESCRIPTION="Full-featured Web proxy cache server"
 TERMUX_PKG_LICENSE="GPL-2.0"
 TERMUX_PKG_MAINTAINER="@termux"
 TERMUX_PKG_VERSION=4.17
-TERMUX_PKG_REVISION=1
+TERMUX_PKG_REVISION=2
 TERMUX_PKG_SRCURL=http://squid.mirror.globo.tech/archive/4/squid-$TERMUX_PKG_VERSION.tar.xz
 TERMUX_PKG_SHA256=cb928ac08c7c86b151b1c8f827abe1a84d83181a2a86e0d512286163e1e31418
 TERMUX_PKG_DEPENDS="libc++, libcrypt, libxml2, libltdl, libgnutls, resolv-conf"