- Update to squid 4.11:

* Fix incorrect buffer handling that can result in cache
    poisoning, remote execution, and denial of service attacks when
    processing ESI responses
    (CVE-2019-12519, CVE-2019-12521, bsc#1169659)
  * Fixes possible information disclosure when translating
    FTP server listings into HTTP responses.
    (CVE-2019-12528, bsc#1162689)
  * Fixes possible denial of service caused by incorrect buffer
    management ext_lm_group_acl when processing NTLM Authentication
    credentials. (CVE-2020-8517, bsc#1162691)
  * Fixes a potential remote execution vulnerability when using
    HTTP Digest Authentication (CVE-2020-11945, bsc#1170313)
  * Fixes problem when reconfigure killed Coordinator in
    SMP+ufs configurations (#556)

OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=210

squid-4.10.tar.xz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:98f0100afd8a42ea5f6b81eb98b0e4b36d7a54beab1c73d2f1705ab49b025f1f
-size 2445848

squid-4.10.tar.xz.asc

@@ -1,25 +0,0 @@
-File: squid-4.10.tar.xz
-Date: Mon Jan 20 04:10:45 UTC 2020
-Size: 2445848
-MD5 : af7ac6e70f9bd03ae4fcec0c9b99c38a
-SHA1: b8b267771550bb8c7f2b2968b305118090e7217a
-Key : CD6DBF8EF3B17D3E <squid3@treenet.co.nz>
-            B068 84ED B779 C89B 044E  64E3 CD6D BF8E F3B1 7D3E
-      keyring = http://www.squid-cache.org/pgp.asc
-      keyserver = pool.sks-keyservers.net
------BEGIN PGP SIGNATURE-----
-
-iQIzBAABCgAdFiEEsGiE7bd5yJsETmTjzW2/jvOxfT4FAl4lKFMACgkQzW2/jvOx
-fT4aUBAAhR5YcsaTdBaFMOTNM0WUp3USNxjhrQtq+rwkQLqwh3hl2idKZY6fmqAJ
-cv/m9915T7Nd2H7ROl3vxs0ToP1R5EsEbyvcz/tKPoBrXFDDH9JsgkvbF0A4oxW1
-S8PtRlwXPbllHp/yaEZk9NL0PZCrUeW79s4M2hXSPOsC0/RogUUMN/Saa8VX3ZVe
-ZuSZoy+Ew3ZeQ3Y/mqblTN6xRn9zLq+GfqXOjTQQBfAiGprjsPQE4rOame6P9meh
-aGOGDABx7YoRsSskiAZY8cfIsunZdHoORi1WXvcu3hAB0zCZjrO0vptSig7sVCFD
-pdjLCrxopj/jIpAcVLPhl7AHjirAeTxDraQhgie+PT3M+tVm950HJZRt/idzCiNX
-XJj4Tw2gZ+tCKPLUoPvILID8grQQ+HKUA1a8ASeUxUD+sOcwdolUhbzlIl9lMDwY
-hxle9J1QH/04MAhMEnfGZH+ekR5PV+XG4iLWQnPcMSKymtDxiYpgJ9GTDBww0phk
-P1Tg33kSkHLAecEvcFlkZwrsw57qULFQKo2ZUE7Udm9xwBruwPunc+1XJ/PCs6mc
-3RfT5b1rf/fgWhvuwm5vuBkbL1H74gX8u84G984st5zj33t9aagByUXIkxjsLQww
-pFHXYm1PbphFsRIAcAGfkEluSz1X9yOwXyy12uuE7Bc/Ox7zIXk=
-=vpEO
------END PGP SIGNATURE-----

squid-4.11.tar.xz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:4ed947612410263f57ad0e39bfd087e60fb714f028d7d3b0e469943efd34287d
+size 2447700

squid-4.11.tar.xz.asc

@@ -0,0 +1,25 @@
+File: squid-4.11.tar.xz
+Date: Sun Apr 19 12:56:37 UTC 2020
+Size: 2447700
+MD5 : 10f34e852153a9996aa4614670e2bda1
+SHA1: 053277bf5497163ffc9261b9807abda5959bb6fc
+Key : CD6DBF8EF3B17D3E <squid3@treenet.co.nz>
+            B068 84ED B779 C89B 044E  64E3 CD6D BF8E F3B1 7D3E
+      keyring = http://www.squid-cache.org/pgp.asc
+      keyserver = pool.sks-keyservers.net
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEEsGiE7bd5yJsETmTjzW2/jvOxfT4FAl6cSpEACgkQzW2/jvOx
+fT6YbA/6A+IbIbNBJUW45oj23Io9Tw/CzAcTeLHR+McKwV77qMbR+L+kQ+fUdM5F
+rHAmd8bVVlyHc4WanVfWItEmzBzHA/ifTNvVpefSGGEbDb80RF66k7ACiZUokg1b
+kkPwc/SjDhe2wvketIaBiVVd7pylrlCdVvazcF8gE9MWDOIlJND5mnHXidXvwkbJ
+T2//8JZVEmcmN9pdFGNAUVckFm+AnwWXcRM1SQPYDGSVUtjVlqido8snLTA1mZwl
+rIpjppujMV54OOWlj+Gqa3MZkpNzIaMCAfphzUFlsQY+/sRUYAOv1wmxw2WclxlK
+WlWM+fw8OsYNDMwkOScKZZWceoAkq6UsUHzCAdJIdLqV/R6mZ9nfuZ6BHIr0+2dP
+bDf9MU4KXbwEuXiRD/KPziUxxOZwSPivbm3wy9DqTTZfO9V+Iq6FVHX+ahxJ0XbM
+JWRYA3GW+DRLjorfsWxU5r4UJsrnBfhItPUAfGPjPjEGZ/pn8r9G6MGenNGPLMKy
+wP1rMlOhrZPwerzokzAvKx8G0WWkfN+IPv2JK3rDot6RiJIOuvnZZd4RIuVNTGbh
+liO7M24JlWX3WD2wHBzxQag46+plb3VvrrVChwIQnZ2Qzpf50w0Bife/wtNBGpK0
+k/Xi/nocO796YS8GZBnmhS1lEGEwp/YpJBFWmIjTWMUMEOcswVA=
+=PKl0
+-----END PGP SIGNATURE-----

squid.changes

@@ -1,3 +1,22 @@
+-------------------------------------------------------------------
+Thu Apr 23 13:02:37 UTC 2020 - Adam Majer <adam.majer@suse.de>
+
+- Update to squid 4.11:
+  * Fix incorrect buffer handling that can result in cache
+    poisoning, remote execution, and denial of service attacks when
+    processing ESI responses
+    (CVE-2019-12519, CVE-2019-12521, bsc#1169659)
+  * Fixes possible information disclosure when translating
+    FTP server listings into HTTP responses.
+    (CVE-2019-12528, bsc#1162689)
+  * Fixes possible denial of service caused by incorrect buffer
+    management ext_lm_group_acl when processing NTLM Authentication
+    credentials. (CVE-2020-8517, bsc#1162691)
+  * Fixes a potential remote execution vulnerability when using
+    HTTP Digest Authentication (CVE-2020-11945, bsc#1170313)
+  * Fixes problem when reconfigure killed Coordinator in
+    SMP+ufs configurations (#556)
+
 -------------------------------------------------------------------
 Mon Apr 20 10:24:46 UTC 2020 - Thorsten Kukuk <kukuk@suse.com>
 

squid.spec

@@ -19,7 +19,7 @@
 %define         squidlibdir %{_libdir}/squid
 %define         squidconfdir %{_sysconfdir}/squid
 Name:           squid
-Version:        4.10
+Version:        4.11
 Release:        0
 Summary:        Caching and forwarding HTTP web proxy
 License:        GPL-2.0-or-later