Accepting request 715745 from server:proxy
- Update to squid 4.8: + Ignore ECONNABORTED in accept(2) + RFC 7230 forbids generation of userinfo subcomponent of https URL + cachemgr.cgi: unallocated memory access resulting in a potential denial of service. (bsc#1141442, CVE-2019-12854) + terminating c-strings beyond BASE64_DECODE_LENGTH + Replace uudecode with libnettle base64 decoder fixing a denial of service vulnerability (bsc#1141329, CVE-2019-12529) + fix to_localhost does not include :: + Fix GCC-9 build issues + Fix Digest auth parameter parsing preventing a potential denial of service (bsc#1141332, CVE-2019-12525) + Update HttpHeader::getAuth to SBuf which prevents a potential heap overflowing allowing a possible remote code execution attack when processing HTTP Authentication credentials (bsc#1141330, CVE-2019-12527) + Add the NO_TLSv1_3 option to available tls-options values + Fix handling of tiny invalid responses + Fix Memory leak when http_reply_access uses external_acl + Fix Multiple XSS issues in cachemgr.cgi (bsc#1140738, CVE-2019-13345) - use unbundled version of libnettle - disable LTO as a workaround to tests failing OBS-URL: https://build.opensuse.org/request/show/715745 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/squid?expand=0&rev=72
This commit is contained in:
commit
a8a96222c4
@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:a29cf65f77ab70a8b1cf47e6fe1d2975ec9d04d2446d54669a5afd2aee5e354e
|
||||
size 2440884
|
@ -1,25 +0,0 @@
|
||||
File: squid-4.7.tar.xz
|
||||
Date: Tue May 7 07:29:53 UTC 2019
|
||||
Size: 2440884
|
||||
MD5 : ec7be696032b962eac9ba5726940a3aa
|
||||
SHA1: 018ec694e5d11124ceae86d391ea157994ac6624
|
||||
Key : CD6DBF8EF3B17D3E <squid3@treenet.co.nz>
|
||||
B068 84ED B779 C89B 044E 64E3 CD6D BF8E F3B1 7D3E
|
||||
keyring = http://www.squid-cache.org/pgp.asc
|
||||
keyserver = pool.sks-keyservers.net
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iQIzBAABCgAdFiEEsGiE7bd5yJsETmTjzW2/jvOxfT4FAlzRM/oACgkQzW2/jvOx
|
||||
fT5q0hAAvmwR3eKNjp5XG2s1DTYixIo1fO2YUnWsq7vlTGoBuYqXA0UGZAW5F9Up
|
||||
i2BxbnJkbR0Qm4I7F3XqdUuQH12DKRJvrbAuN57ch5yNNu3PgKlGUsk6gSfhrJcp
|
||||
U0S9/n9rj6cezwsypaZbN1SMET2q0kv7S6NMKyB5dqOsa88QhyyJIdAlB2GMCpGt
|
||||
0chyK61I6ksJjtLXm2OaZxrxuLGgXz4eoi3vs2aftUT8dGhS4OAaO9l6nkQ2M+PG
|
||||
/eoh9l3btGPfKgobnr9gyrNexUXDzvNZmdl2wbp+lw3xyIrynFlrtS6u7Cv3UC6o
|
||||
G3RxjoJd1+VJS3Rgt4HVUl7oEuvVVsizCV0YpWcLBfQb6hI6GNfzDaT9AQs5ck3a
|
||||
2RvedpYTrsEizu/kHZqH04uDcXgxsxhIPVZSFY2rZ63hXX4RX2oVm+PxfX6nBmUt
|
||||
euxusYLIk0wh7BKq81WvwjcvQW0nXKCDV/qvb6Xpk31wGoERrCtTalHFAizI8aiS
|
||||
QEf+K+PRL4uxo4FD5MUbVZuhMITPdru7Mp4cqrcxCxmgHGBbYSaWVL/Rg3kIca7Y
|
||||
UBtqbDD5CcfbpEcq8hJKUQAVH8sihNIV6PN9tqGV60tQFmUdKY/bOdkH/NliKxcz
|
||||
V/NX3CUMeXs4MtLW87ebv4OYG2yMYuaju6RL/8cOSIlTd7Qu+wU=
|
||||
=btfi
|
||||
-----END PGP SIGNATURE-----
|
3
squid-4.8.tar.xz
Normal file
3
squid-4.8.tar.xz
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:78cdb324d93341d36d09d5f791060f6e8aaa5ff3179f7c949cd910d023a86210
|
||||
size 2440888
|
25
squid-4.8.tar.xz.asc
Normal file
25
squid-4.8.tar.xz.asc
Normal file
@ -0,0 +1,25 @@
|
||||
File: squid-4.8.tar.xz
|
||||
Date: Tue Jul 9 19:30:13 UTC 2019
|
||||
Size: 2440888
|
||||
MD5 : 08e018f2d8db4911ee90591284fa1ca5
|
||||
SHA1: 4ff1390eee3ec20cefa5565cbb56e1a89a12bfc1
|
||||
Key : CD6DBF8EF3B17D3E <squid3@treenet.co.nz>
|
||||
B068 84ED B779 C89B 044E 64E3 CD6D BF8E F3B1 7D3E
|
||||
keyring = http://www.squid-cache.org/pgp.asc
|
||||
keyserver = pool.sks-keyservers.net
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iQIzBAABCgAdFiEEsGiE7bd5yJsETmTjzW2/jvOxfT4FAl0k60wACgkQzW2/jvOx
|
||||
fT7tAg/7BB9XyX4Sxi6sdyAwSPJ7vu3sd8ENE2mYdnLlozd3n57g2EDJoDWNGMOV
|
||||
eym6Xe5TCDyadXKDVHni4LrFm80RgILMRvkkY9RIIRBTac+SEpDPZq/XL5xzxL1K
|
||||
mRxJ2Mg9dC/1Cja4xAT/NihinJ2g/vqPY/fC+35kHd1q+U3DeQlmRhMN+IoP6kOk
|
||||
ZFYfl2DkHRZFRVF/yjxy2f2ktSuZOoUcnnAI2IWzgZS5iNR4F5ozNXKNUaAhcROy
|
||||
Md6/VCnoLvYDVlXgJUBUsn0Qt/Kgl/3h/CUdGVUnG2Lt5+Gh3LZBlCNZ/P/6lBSD
|
||||
9/hXLPkY4OTKrxkf0LdwNrGH9XZX5FoKAUDvF+qUvEqwFJdgzklyXSAoEQRfFtK2
|
||||
KRAjuxR1h/JquiA7lfYchmHaS13FktkpGMAJWrQZFjRRnDcVqjEotGkcpgaIjVfG
|
||||
/Bw9LLjRf4glYvgd8+wDZBpBGU2mLXOu0/0IfU3gN4nRXnxvum0xPRPRQhmZWzjk
|
||||
svpUA1W4r7Uy1zog96Gry0NNh5bik+MU7OI/0uJPxSk4DhRFg+HcQ0GHb3eF0yBY
|
||||
nTv8Ks3CMMsoa9tCzFfqmxKQMHBA0feBSzjOgN5nqibr7BRp9NiJPtj3sOS6oCDK
|
||||
jBSV1ArI6nyaU26hfelNp375CPHObAFLlBA31+saV55hyr2Ydx4=
|
||||
=ee2E
|
||||
-----END PGP SIGNATURE-----
|
@ -1,3 +1,30 @@
|
||||
-------------------------------------------------------------------
|
||||
Mon Jul 15 14:58:13 UTC 2019 - Adam Majer <adam.majer@suse.de>
|
||||
|
||||
- Update to squid 4.8:
|
||||
+ Ignore ECONNABORTED in accept(2)
|
||||
+ RFC 7230 forbids generation of userinfo subcomponent of https URL
|
||||
+ cachemgr.cgi: unallocated memory access resulting in a potential
|
||||
denial of service. (bsc#1141442, CVE-2019-12854)
|
||||
+ terminating c-strings beyond BASE64_DECODE_LENGTH
|
||||
+ Replace uudecode with libnettle base64 decoder fixing a denial
|
||||
of service vulnerability (bsc#1141329, CVE-2019-12529)
|
||||
+ fix to_localhost does not include ::
|
||||
+ Fix GCC-9 build issues
|
||||
+ Fix Digest auth parameter parsing preventing a potential
|
||||
denial of service (bsc#1141332, CVE-2019-12525)
|
||||
+ Update HttpHeader::getAuth to SBuf which prevents a potential
|
||||
heap overflowing allowing a possible remote code execution
|
||||
attack when processing HTTP Authentication credentials
|
||||
(bsc#1141330, CVE-2019-12527)
|
||||
+ Add the NO_TLSv1_3 option to available tls-options values
|
||||
+ Fix handling of tiny invalid responses
|
||||
+ Fix Memory leak when http_reply_access uses external_acl
|
||||
+ Fix Multiple XSS issues in cachemgr.cgi
|
||||
(bsc#1140738, CVE-2019-13345)
|
||||
- use unbundled version of libnettle
|
||||
- disable LTO as a workaround to tests failing
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed May 8 10:41:22 UTC 2019 - Adam Majer <adam.majer@suse.de>
|
||||
|
||||
|
@ -19,7 +19,7 @@
|
||||
%define squidlibdir %{_libdir}/squid
|
||||
%define squidconfdir %{_sysconfdir}/squid
|
||||
Name: squid
|
||||
Version: 4.7
|
||||
Version: 4.8
|
||||
Release: 0
|
||||
Summary: Caching and forwarding HTTP web proxy
|
||||
License: GPL-2.0-or-later
|
||||
@ -60,6 +60,7 @@ BuildRequires: pkgconfig(kdb)
|
||||
BuildRequires: pkgconfig(krb5)
|
||||
BuildRequires: pkgconfig(libsasl2)
|
||||
BuildRequires: pkgconfig(libxml-2.0)
|
||||
BuildRequires: pkgconfig(nettle)
|
||||
Requires: logrotate
|
||||
Requires(pre): permissions
|
||||
Requires(pre): shadow
|
||||
@ -89,6 +90,7 @@ perl -p -i -e 's|%{_prefix}/local/bin/perl|%{_bindir}/perl|' `find -name "*.pl"`
|
||||
%patch1 -p1
|
||||
|
||||
%build
|
||||
%define _lto_cflags %{nil}
|
||||
autoreconf -fi
|
||||
cd libltdl; autoreconf -fi; cd ..
|
||||
export CFLAGS="%{optflags} -fPIE -fPIC -DOPENSSL_LOAD_CONF"
|
||||
|
Loading…
Reference in New Issue
Block a user