Accepting request 715745 from server:proxy
- Update to squid 4.8: + Ignore ECONNABORTED in accept(2) + RFC 7230 forbids generation of userinfo subcomponent of https URL + cachemgr.cgi: unallocated memory access resulting in a potential denial of service. (bsc#1141442, CVE-2019-12854) + terminating c-strings beyond BASE64_DECODE_LENGTH + Replace uudecode with libnettle base64 decoder fixing a denial of service vulnerability (bsc#1141329, CVE-2019-12529) + fix to_localhost does not include :: + Fix GCC-9 build issues + Fix Digest auth parameter parsing preventing a potential denial of service (bsc#1141332, CVE-2019-12525) + Update HttpHeader::getAuth to SBuf which prevents a potential heap overflowing allowing a possible remote code execution attack when processing HTTP Authentication credentials (bsc#1141330, CVE-2019-12527) + Add the NO_TLSv1_3 option to available tls-options values + Fix handling of tiny invalid responses + Fix Memory leak when http_reply_access uses external_acl + Fix Multiple XSS issues in cachemgr.cgi (bsc#1140738, CVE-2019-13345) - use unbundled version of libnettle - disable LTO as a workaround to tests failing OBS-URL: https://build.opensuse.org/request/show/715745 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/squid?expand=0&rev=72
This commit is contained in:
commit
a8a96222c4
@ -1,3 +0,0 @@
|
|||||||
version https://git-lfs.github.com/spec/v1
|
|
||||||
oid sha256:a29cf65f77ab70a8b1cf47e6fe1d2975ec9d04d2446d54669a5afd2aee5e354e
|
|
||||||
size 2440884
|
|
@ -1,25 +0,0 @@
|
|||||||
File: squid-4.7.tar.xz
|
|
||||||
Date: Tue May 7 07:29:53 UTC 2019
|
|
||||||
Size: 2440884
|
|
||||||
MD5 : ec7be696032b962eac9ba5726940a3aa
|
|
||||||
SHA1: 018ec694e5d11124ceae86d391ea157994ac6624
|
|
||||||
Key : CD6DBF8EF3B17D3E <squid3@treenet.co.nz>
|
|
||||||
B068 84ED B779 C89B 044E 64E3 CD6D BF8E F3B1 7D3E
|
|
||||||
keyring = http://www.squid-cache.org/pgp.asc
|
|
||||||
keyserver = pool.sks-keyservers.net
|
|
||||||
-----BEGIN PGP SIGNATURE-----
|
|
||||||
|
|
||||||
iQIzBAABCgAdFiEEsGiE7bd5yJsETmTjzW2/jvOxfT4FAlzRM/oACgkQzW2/jvOx
|
|
||||||
fT5q0hAAvmwR3eKNjp5XG2s1DTYixIo1fO2YUnWsq7vlTGoBuYqXA0UGZAW5F9Up
|
|
||||||
i2BxbnJkbR0Qm4I7F3XqdUuQH12DKRJvrbAuN57ch5yNNu3PgKlGUsk6gSfhrJcp
|
|
||||||
U0S9/n9rj6cezwsypaZbN1SMET2q0kv7S6NMKyB5dqOsa88QhyyJIdAlB2GMCpGt
|
|
||||||
0chyK61I6ksJjtLXm2OaZxrxuLGgXz4eoi3vs2aftUT8dGhS4OAaO9l6nkQ2M+PG
|
|
||||||
/eoh9l3btGPfKgobnr9gyrNexUXDzvNZmdl2wbp+lw3xyIrynFlrtS6u7Cv3UC6o
|
|
||||||
G3RxjoJd1+VJS3Rgt4HVUl7oEuvVVsizCV0YpWcLBfQb6hI6GNfzDaT9AQs5ck3a
|
|
||||||
2RvedpYTrsEizu/kHZqH04uDcXgxsxhIPVZSFY2rZ63hXX4RX2oVm+PxfX6nBmUt
|
|
||||||
euxusYLIk0wh7BKq81WvwjcvQW0nXKCDV/qvb6Xpk31wGoERrCtTalHFAizI8aiS
|
|
||||||
QEf+K+PRL4uxo4FD5MUbVZuhMITPdru7Mp4cqrcxCxmgHGBbYSaWVL/Rg3kIca7Y
|
|
||||||
UBtqbDD5CcfbpEcq8hJKUQAVH8sihNIV6PN9tqGV60tQFmUdKY/bOdkH/NliKxcz
|
|
||||||
V/NX3CUMeXs4MtLW87ebv4OYG2yMYuaju6RL/8cOSIlTd7Qu+wU=
|
|
||||||
=btfi
|
|
||||||
-----END PGP SIGNATURE-----
|
|
3
squid-4.8.tar.xz
Normal file
3
squid-4.8.tar.xz
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
version https://git-lfs.github.com/spec/v1
|
||||||
|
oid sha256:78cdb324d93341d36d09d5f791060f6e8aaa5ff3179f7c949cd910d023a86210
|
||||||
|
size 2440888
|
25
squid-4.8.tar.xz.asc
Normal file
25
squid-4.8.tar.xz.asc
Normal file
@ -0,0 +1,25 @@
|
|||||||
|
File: squid-4.8.tar.xz
|
||||||
|
Date: Tue Jul 9 19:30:13 UTC 2019
|
||||||
|
Size: 2440888
|
||||||
|
MD5 : 08e018f2d8db4911ee90591284fa1ca5
|
||||||
|
SHA1: 4ff1390eee3ec20cefa5565cbb56e1a89a12bfc1
|
||||||
|
Key : CD6DBF8EF3B17D3E <squid3@treenet.co.nz>
|
||||||
|
B068 84ED B779 C89B 044E 64E3 CD6D BF8E F3B1 7D3E
|
||||||
|
keyring = http://www.squid-cache.org/pgp.asc
|
||||||
|
keyserver = pool.sks-keyservers.net
|
||||||
|
-----BEGIN PGP SIGNATURE-----
|
||||||
|
|
||||||
|
iQIzBAABCgAdFiEEsGiE7bd5yJsETmTjzW2/jvOxfT4FAl0k60wACgkQzW2/jvOx
|
||||||
|
fT7tAg/7BB9XyX4Sxi6sdyAwSPJ7vu3sd8ENE2mYdnLlozd3n57g2EDJoDWNGMOV
|
||||||
|
eym6Xe5TCDyadXKDVHni4LrFm80RgILMRvkkY9RIIRBTac+SEpDPZq/XL5xzxL1K
|
||||||
|
mRxJ2Mg9dC/1Cja4xAT/NihinJ2g/vqPY/fC+35kHd1q+U3DeQlmRhMN+IoP6kOk
|
||||||
|
ZFYfl2DkHRZFRVF/yjxy2f2ktSuZOoUcnnAI2IWzgZS5iNR4F5ozNXKNUaAhcROy
|
||||||
|
Md6/VCnoLvYDVlXgJUBUsn0Qt/Kgl/3h/CUdGVUnG2Lt5+Gh3LZBlCNZ/P/6lBSD
|
||||||
|
9/hXLPkY4OTKrxkf0LdwNrGH9XZX5FoKAUDvF+qUvEqwFJdgzklyXSAoEQRfFtK2
|
||||||
|
KRAjuxR1h/JquiA7lfYchmHaS13FktkpGMAJWrQZFjRRnDcVqjEotGkcpgaIjVfG
|
||||||
|
/Bw9LLjRf4glYvgd8+wDZBpBGU2mLXOu0/0IfU3gN4nRXnxvum0xPRPRQhmZWzjk
|
||||||
|
svpUA1W4r7Uy1zog96Gry0NNh5bik+MU7OI/0uJPxSk4DhRFg+HcQ0GHb3eF0yBY
|
||||||
|
nTv8Ks3CMMsoa9tCzFfqmxKQMHBA0feBSzjOgN5nqibr7BRp9NiJPtj3sOS6oCDK
|
||||||
|
jBSV1ArI6nyaU26hfelNp375CPHObAFLlBA31+saV55hyr2Ydx4=
|
||||||
|
=ee2E
|
||||||
|
-----END PGP SIGNATURE-----
|
@ -1,3 +1,30 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Mon Jul 15 14:58:13 UTC 2019 - Adam Majer <adam.majer@suse.de>
|
||||||
|
|
||||||
|
- Update to squid 4.8:
|
||||||
|
+ Ignore ECONNABORTED in accept(2)
|
||||||
|
+ RFC 7230 forbids generation of userinfo subcomponent of https URL
|
||||||
|
+ cachemgr.cgi: unallocated memory access resulting in a potential
|
||||||
|
denial of service. (bsc#1141442, CVE-2019-12854)
|
||||||
|
+ terminating c-strings beyond BASE64_DECODE_LENGTH
|
||||||
|
+ Replace uudecode with libnettle base64 decoder fixing a denial
|
||||||
|
of service vulnerability (bsc#1141329, CVE-2019-12529)
|
||||||
|
+ fix to_localhost does not include ::
|
||||||
|
+ Fix GCC-9 build issues
|
||||||
|
+ Fix Digest auth parameter parsing preventing a potential
|
||||||
|
denial of service (bsc#1141332, CVE-2019-12525)
|
||||||
|
+ Update HttpHeader::getAuth to SBuf which prevents a potential
|
||||||
|
heap overflowing allowing a possible remote code execution
|
||||||
|
attack when processing HTTP Authentication credentials
|
||||||
|
(bsc#1141330, CVE-2019-12527)
|
||||||
|
+ Add the NO_TLSv1_3 option to available tls-options values
|
||||||
|
+ Fix handling of tiny invalid responses
|
||||||
|
+ Fix Memory leak when http_reply_access uses external_acl
|
||||||
|
+ Fix Multiple XSS issues in cachemgr.cgi
|
||||||
|
(bsc#1140738, CVE-2019-13345)
|
||||||
|
- use unbundled version of libnettle
|
||||||
|
- disable LTO as a workaround to tests failing
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Wed May 8 10:41:22 UTC 2019 - Adam Majer <adam.majer@suse.de>
|
Wed May 8 10:41:22 UTC 2019 - Adam Majer <adam.majer@suse.de>
|
||||||
|
|
||||||
|
@ -19,7 +19,7 @@
|
|||||||
%define squidlibdir %{_libdir}/squid
|
%define squidlibdir %{_libdir}/squid
|
||||||
%define squidconfdir %{_sysconfdir}/squid
|
%define squidconfdir %{_sysconfdir}/squid
|
||||||
Name: squid
|
Name: squid
|
||||||
Version: 4.7
|
Version: 4.8
|
||||||
Release: 0
|
Release: 0
|
||||||
Summary: Caching and forwarding HTTP web proxy
|
Summary: Caching and forwarding HTTP web proxy
|
||||||
License: GPL-2.0-or-later
|
License: GPL-2.0-or-later
|
||||||
@ -60,6 +60,7 @@ BuildRequires: pkgconfig(kdb)
|
|||||||
BuildRequires: pkgconfig(krb5)
|
BuildRequires: pkgconfig(krb5)
|
||||||
BuildRequires: pkgconfig(libsasl2)
|
BuildRequires: pkgconfig(libsasl2)
|
||||||
BuildRequires: pkgconfig(libxml-2.0)
|
BuildRequires: pkgconfig(libxml-2.0)
|
||||||
|
BuildRequires: pkgconfig(nettle)
|
||||||
Requires: logrotate
|
Requires: logrotate
|
||||||
Requires(pre): permissions
|
Requires(pre): permissions
|
||||||
Requires(pre): shadow
|
Requires(pre): shadow
|
||||||
@ -89,6 +90,7 @@ perl -p -i -e 's|%{_prefix}/local/bin/perl|%{_bindir}/perl|' `find -name "*.pl"`
|
|||||||
%patch1 -p1
|
%patch1 -p1
|
||||||
|
|
||||||
%build
|
%build
|
||||||
|
%define _lto_cflags %{nil}
|
||||||
autoreconf -fi
|
autoreconf -fi
|
||||||
cd libltdl; autoreconf -fi; cd ..
|
cd libltdl; autoreconf -fi; cd ..
|
||||||
export CFLAGS="%{optflags} -fPIE -fPIC -DOPENSSL_LOAD_CONF"
|
export CFLAGS="%{optflags} -fPIE -fPIC -DOPENSSL_LOAD_CONF"
|
||||||
|
Loading…
Reference in New Issue
Block a user