From 62ba66243aa15f23bd43fa0fc64aa5cee1fb625dad4e93f7a1054af5c9f0da1a Mon Sep 17 00:00:00 2001 From: Adam Majer Date: Thu, 2 Nov 2023 08:45:54 +0000 Subject: [PATCH] - update to 6.4: * security fixes: + Request/Response smuggling in HTTP/1.1 and ICAP (bsc#1216500, CVE-2023-46846) + Multiple issues in HTTP response caching (bsc#1216496, CVE-2023-5824) + Denial of Service in HTTP Digest Authentication (bsc#1216495, CVE-2023-46847) + Denial of Service in FTP (bsc#1216498, CVE-2023-46848) + Fix validation of certificates (bsc#1216803, CVE-2023-46724) * Bug 5294: ERR_CANNOT_FORWARD returned instead of ERR_DNS_FAIL * Bug 4981: Work around in-call job invalidation bugs * basic_smb_lm_auth: fix 'no previous declaration' warnings * CacheManager: require /squid-internal-mgr/ URL path prefix * ESI: Fix build [-Wsingle-bit-bitfield-constant-conversion] * documentation changes OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=281 --- squid-6.3.tar.xz | 3 --- squid-6.3.tar.xz.asc | 25 ------------------------- squid-6.4.tar.xz | 3 +++ squid-6.4.tar.xz.asc | 25 +++++++++++++++++++++++++ squid.changes | 17 +++++++++++++++++ squid.spec | 12 ++++++++---- 6 files changed, 53 insertions(+), 32 deletions(-) delete mode 100644 squid-6.3.tar.xz delete mode 100644 squid-6.3.tar.xz.asc create mode 100644 squid-6.4.tar.xz create mode 100644 squid-6.4.tar.xz.asc diff --git a/squid-6.3.tar.xz b/squid-6.3.tar.xz deleted file mode 100644 index 33579bd..0000000 --- a/squid-6.3.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:74a0f5586a7a5d89573d502708d5e1d66ddf0430cf4802cc7261b765653248fa -size 2547264 diff --git a/squid-6.3.tar.xz.asc b/squid-6.3.tar.xz.asc deleted file mode 100644 index 9eb2b26..0000000 --- a/squid-6.3.tar.xz.asc +++ /dev/null @@ -1,25 +0,0 @@ -File: squid-6.3.tar.xz -Date: Sun 03 Sep 2023 15:42:32 UTC -Size: 2547264 -MD5 : 2512b5d27856e6f91a97719784506893 -SHA1: 7bd74034015c6a4d345a4d277a431908bed2ec4a -Key : CD6DBF8EF3B17D3E - B068 84ED B779 C89B 044E 64E3 CD6D BF8E F3B1 7D3E - keyring = http://www.squid-cache.org/pgp.asc - keyserver = pool.sks-keyservers.net ------BEGIN PGP SIGNATURE----- - -iQIzBAABCgAdFiEEsGiE7bd5yJsETmTjzW2/jvOxfT4FAmT0qW8ACgkQzW2/jvOx -fT56xRAAjfNBcwBJzAMjXoGBPypHb6NmNDamFblgS11EBXrUFqTK/GyYCxYbXwxJ -MEt4xnxJKehEelInd03gw7o9z+402gdlGFzCwtuNb5BmYTvIGgudNIC/LzpTiuaG -mPgIsSaRSsIrzVpgrz5MzWGj2lwUi+wg+x1hwB0GYVzxHDXTikNrvBgSbK47Z4cR -Fc/4iGhNJ3iGnML0LSStbXAsHuXx8LmI0tD9koy688eVSL9AUymoJVrkU3iBFIGY -MKVr9icrtwvqhT7doFdiKw4AfGL5ex/RxjY/sbu4OtDlsx6oQPKNNSjZt+vG92lT -yZGKQGBtdQV8O0J7REeaHIt8TiKlNvmw1J+65pMpx7DYo7Dd0YZh9DHSJrG/zDWE -CT7WxKNV0Mt8k3bnhHpMqeV2t/AHdUzRULymUI46JrtBaNzb+mduwagCV6/EGENU -kwJ+bvVg3H+30HmUIfNCuvlfFrLaCROKkmA5VQ5fNBQPLibJEZMi32haIn7Mftue -gw9MkxmX6kUi/1FhS9Kbe3qEOVrJnoaFDmfXn+iIeMpNTBNKGQOWUGPBZdsfRKLr -ISKMfxOjCHn072X2Abtbod1DSKgTc/XK4Wvc6LQfp8fDy4Kzzu4BZJmM4N6xgj2F -GO31kwuQhQFEFGUh6CXOiFeivlAaWBu3/rjh/SMREuir6IJ/K6o= -=/lJx ------END PGP SIGNATURE----- diff --git a/squid-6.4.tar.xz b/squid-6.4.tar.xz new file mode 100644 index 0000000..d24ad0d --- /dev/null +++ b/squid-6.4.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:5ebbced99b3df21bfcf4d1ec39455dff775a5ff6b9215d9f0339958771a88589 +size 2553476 diff --git a/squid-6.4.tar.xz.asc b/squid-6.4.tar.xz.asc new file mode 100644 index 0000000..f16a346 --- /dev/null +++ b/squid-6.4.tar.xz.asc @@ -0,0 +1,25 @@ +File: squid-6.4.tar.xz +Date: Sat 21 Oct 2023 12:51:05 UTC +Size: 2553476 +MD5 : 8031857fd54fad4a7b4f4db4d44aa761 +SHA1: 23733fc08ed7a76d7e19877a4e04c105222b6cec +Key : CD6DBF8EF3B17D3E + B068 84ED B779 C89B 044E 64E3 CD6D BF8E F3B1 7D3E + keyring = http://www.squid-cache.org/pgp.asc + keyserver = pool.sks-keyservers.net +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCgAdFiEEsGiE7bd5yJsETmTjzW2/jvOxfT4FAmUzyUEACgkQzW2/jvOx +fT4IBw/9GrNFjQTgyNSlcDGhRwI1DQzANOId9Aj51TNbwBTs/CPnfISwOBq2Y6IH +wOfQaRxl0T4f5Mkj4xAimPKYz4qDe+JjQNN/IzX0O9ngMX4f4gHpuWqelHKU+732 +QZjqMunf2nLnWtpENsEPL0REYISy/nu0w8cZm3vUfiqwvc32/cDdPIYFCWbIdg/H +7dpOhNgvgNYGrUSfBBkUeH1B2XCf8hkBhidMRAh/vyg4RQSKAs5F0Mx8gW6lLS06 +3dfHXuTP4AsF4MZh1YFe385oFl0uO1liaaXB41+TT8k0s0CrEnJKNabT9FQ/EUhG +K2cV/9oEBU2Z72RujwVapwdbDPbAwlhbnM/34sYAAVo1/Zil1Ucu1irb9WMuaffB +H2GZiu0naiAbILJkAjz5/n2jXxvgiOM3So3vQQm8BaH13KLlPiVkonoICxBZD2rN +Z134qMo/VHT05GOFZR/eZ8UBAVkdRWx16kGe/BaflDwQdGToYNnJSisc2rKH+jxY +KMNpe7vtE8VkyBqh/qmZA0XLH4uY1ve/tduDdwRRZeYRfrd+wi7ejwzUhDvjQSie +3W6rBsW1gfVXYOKvz+lss3AvHjlyTQ1TW3dkm4VHnIRWfNi55vCmQaJ8ye4UUpcg +G0JS4nepLyyH/4rXBbxylFMPMSa1XhMOtPmpnvL4XDp3wXxSYbE= +=aGhF +-----END PGP SIGNATURE----- diff --git a/squid.changes b/squid.changes index 40c8648..3326eff 100644 --- a/squid.changes +++ b/squid.changes @@ -1,3 +1,20 @@ +------------------------------------------------------------------- +Wed Oct 25 14:32:33 UTC 2023 - Adam Majer + +- update to 6.4: + * security fixes: + + Request/Response smuggling in HTTP/1.1 and ICAP (bsc#1216500, CVE-2023-46846) + + Multiple issues in HTTP response caching (bsc#1216496, CVE-2023-5824) + + Denial of Service in HTTP Digest Authentication (bsc#1216495, CVE-2023-46847) + + Denial of Service in FTP (bsc#1216498, CVE-2023-46848) + + Fix validation of certificates (bsc#1216803, CVE-2023-46724) + * Bug 5294: ERR_CANNOT_FORWARD returned instead of ERR_DNS_FAIL + * Bug 4981: Work around in-call job invalidation bugs + * basic_smb_lm_auth: fix 'no previous declaration' warnings + * CacheManager: require /squid-internal-mgr/ URL path prefix + * ESI: Fix build [-Wsingle-bit-bitfield-constant-conversion] + * documentation changes + ------------------------------------------------------------------- Tue Sep 19 16:20:19 UTC 2023 - Adam Majer diff --git a/squid.spec b/squid.spec index cf266aa..6d63240 100644 --- a/squid.spec +++ b/squid.spec @@ -24,14 +24,17 @@ %define squidhelperdir %{_sbindir} %endif Name: squid -Version: 6.3 +Version: 6.4 Release: 0 Summary: Caching and forwarding HTTP web proxy License: GPL-2.0-or-later Group: Productivity/Networking/Web/Proxy URL: http://www.squid-cache.org -Source0: http://www.squid-cache.org/Versions/v6/squid-%{version}.tar.xz -Source1: http://www.squid-cache.org/Versions/v6/squid-%{version}.tar.xz.asc +### commented because of mirror issues... +#Source0: http://www.squid-cache.org/Versions/v6/squid-%{version}.tar.xz +#Source1: http://www.squid-cache.org/Versions/v6/squid-%{version}.tar.xz.asc +Source0: squid-%{version}.tar.xz +Source1: squid-%{version}.tar.xz.asc Source5: pam.squid Source6: unsquid.pl Source7: %{name}.logrotate @@ -40,7 +43,8 @@ Source10: README.kerberos Source11: %{name}.service Source12: %{name}-user.conf # http://lists.squid-cache.org/pipermail/squid-announce/2016-October/000064.html -Source13: http://www.squid-cache.org/pgp.asc#/squid.keyring +#Source13: http://www.squid-cache.org/pgp.asc#/squid.keyring +Source13: squid.keyring Source15: cache_dir.sed Source16: initialize_cache_if_needed.sh Source17: tmpfilesdir.squid.conf