- Update to squid 4.9:
* fixes multiple Cross-Site Scripting issues in cachemgr.cgi (CVE-2019-13345, bsc#1140738) * fixes heap overflow in URN processing (CVE-2019-12526, bsc#1156326) * fixes multiple issues in URI processing (CVE-2019-12523, CVE-2019-18676, bsc#1156329) * fixes Cross-Site Request Forgery in HTTP Request processing (CVE-2019-18677, bsc#1156328) * fixes HTTP Request Splitting in HTTP message processing (CVE-2019-18678, bsc#1156323) * fixes information disclosure in HTTP Digest Authentication (CVE-2019-18679, bsc#1156324) * lower cache_peer hostname - this showed up as DNS failures if peer name was configured with any upper case characters * TLS: Multiple SSL-Bump fixes * TLS: Fix expiration of self-signed generated certs to be 3 years * TLS: Fix on_unsupported_protocol tunnel action * Fix several rock cache_dir corruption issues - fix_configuration_error.patch: upstreamed - old_nettle_compat.patch: refreshed OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=200
This commit is contained in:
parent
5bf83e3a20
commit
b862c898ec
@ -1,32 +0,0 @@
|
|||||||
Fix warnings that result in build failures with -Wreturn-type errors
|
|
||||||
|
|
||||||
error: no return statement in function returning non-void
|
|
||||||
warning: 'conv' defined but not used
|
|
||||||
|
|
||||||
202 | static struct pam_conv conv = { &password_conversation, 0 };
|
|
||||||
| ^~~~
|
|
||||||
cc1plus: some warnings being treated as errors
|
|
||||||
|
|
||||||
|
|
||||||
Index: squid-4.8/acinclude/pam.m4
|
|
||||||
===================================================================
|
|
||||||
--- squid-4.8.orig/acinclude/pam.m4
|
|
||||||
+++ squid-4.8/acinclude/pam.m4
|
|
||||||
@@ -21,7 +21,7 @@ AC_DEFUN([CHECK_STRUCT_PAM_CONV], [
|
|
||||||
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
|
|
||||||
#include <security/pam_appl.h>
|
|
||||||
static int
|
|
||||||
-password_conversation(int num_msg, const struct pam_message **msg, struct pam_response **resp, void *appdata_ptr) {}
|
|
||||||
+password_conversation(int num_msg, const struct pam_message **msg, struct pam_response **resp, void *appdata_ptr) { return 0; }
|
|
||||||
static struct pam_conv conv = { &password_conversation, 0 };
|
|
||||||
]])], [
|
|
||||||
squid_cv_pam_conv_signature=linux
|
|
||||||
@@ -29,7 +29,7 @@ static struct pam_conv conv = { &passwor
|
|
||||||
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
|
|
||||||
#include <security/pam_appl.h>
|
|
||||||
static int
|
|
||||||
-password_conversation(int num_msg, struct pam_message **msg, struct pam_response **resp, void *appdata_ptr) {}
|
|
||||||
+password_conversation(int num_msg, struct pam_message **msg, struct pam_response **resp, void *appdata_ptr) { return 0; }
|
|
||||||
static struct pam_conv conv = { &password_conversation, 0 };
|
|
||||||
]])], [
|
|
||||||
squid_cv_pam_conv_signature=solaris
|
|
@ -15,11 +15,11 @@ Date: Fri Feb 7 09:11:20 2014 +0100
|
|||||||
Base64 and base16 decoding: Use *dst_length as output only.
|
Base64 and base16 decoding: Use *dst_length as output only.
|
||||||
|
|
||||||
|
|
||||||
Index: squid-4.8/src/HttpHeader.cc
|
Index: squid-4.9/src/HttpHeader.cc
|
||||||
===================================================================
|
===================================================================
|
||||||
--- squid-4.8.orig/src/HttpHeader.cc
|
--- squid-4.9.orig/src/HttpHeader.cc
|
||||||
+++ squid-4.8/src/HttpHeader.cc
|
+++ squid-4.9/src/HttpHeader.cc
|
||||||
@@ -1301,8 +1301,8 @@ HttpHeader::getAuthToken(Http::HdrType i
|
@@ -1298,8 +1298,8 @@ HttpHeader::getAuthToken(Http::HdrType i
|
||||||
char *decodedAuthToken = result.rawAppendStart(BASE64_DECODE_LENGTH(fieldLen));
|
char *decodedAuthToken = result.rawAppendStart(BASE64_DECODE_LENGTH(fieldLen));
|
||||||
struct base64_decode_ctx ctx;
|
struct base64_decode_ctx ctx;
|
||||||
base64_decode_init(&ctx);
|
base64_decode_init(&ctx);
|
||||||
@ -30,10 +30,10 @@ Index: squid-4.8/src/HttpHeader.cc
|
|||||||
!base64_decode_final(&ctx)) {
|
!base64_decode_final(&ctx)) {
|
||||||
return nil;
|
return nil;
|
||||||
}
|
}
|
||||||
Index: squid-4.8/src/auth/basic/Config.cc
|
Index: squid-4.9/src/auth/basic/Config.cc
|
||||||
===================================================================
|
===================================================================
|
||||||
--- squid-4.8.orig/src/auth/basic/Config.cc
|
--- squid-4.9.orig/src/auth/basic/Config.cc
|
||||||
+++ squid-4.8/src/auth/basic/Config.cc
|
+++ squid-4.9/src/auth/basic/Config.cc
|
||||||
@@ -176,8 +176,8 @@ Auth::Basic::Config::decodeCleartext(con
|
@@ -176,8 +176,8 @@ Auth::Basic::Config::decodeCleartext(con
|
||||||
struct base64_decode_ctx ctx;
|
struct base64_decode_ctx ctx;
|
||||||
base64_decode_init(&ctx);
|
base64_decode_init(&ctx);
|
||||||
@ -45,10 +45,10 @@ Index: squid-4.8/src/auth/basic/Config.cc
|
|||||||
cleartext[dstLen] = '\0';
|
cleartext[dstLen] = '\0';
|
||||||
|
|
||||||
/*
|
/*
|
||||||
Index: squid-4.8/src/auth/negotiate/SSPI/negotiate_sspi_auth.cc
|
Index: squid-4.9/src/auth/negotiate/SSPI/negotiate_sspi_auth.cc
|
||||||
===================================================================
|
===================================================================
|
||||||
--- squid-4.8.orig/src/auth/negotiate/SSPI/negotiate_sspi_auth.cc
|
--- squid-4.9.orig/src/auth/negotiate/SSPI/negotiate_sspi_auth.cc
|
||||||
+++ squid-4.8/src/auth/negotiate/SSPI/negotiate_sspi_auth.cc
|
+++ squid-4.9/src/auth/negotiate/SSPI/negotiate_sspi_auth.cc
|
||||||
@@ -131,6 +131,7 @@ token_decode(size_t *decodedLen, uint8_t
|
@@ -131,6 +131,7 @@ token_decode(size_t *decodedLen, uint8_t
|
||||||
{
|
{
|
||||||
struct base64_decode_ctx ctx;
|
struct base64_decode_ctx ctx;
|
||||||
@ -57,10 +57,10 @@ Index: squid-4.8/src/auth/negotiate/SSPI/negotiate_sspi_auth.cc
|
|||||||
if (!base64_decode_update(&ctx, decodedLen, decoded, strlen(buf), reinterpret_cast<const uint8_t*>(buf)) ||
|
if (!base64_decode_update(&ctx, decodedLen, decoded, strlen(buf), reinterpret_cast<const uint8_t*>(buf)) ||
|
||||||
!base64_decode_final(&ctx)) {
|
!base64_decode_final(&ctx)) {
|
||||||
SEND("BH base64 decode failed");
|
SEND("BH base64 decode failed");
|
||||||
Index: squid-4.8/src/auth/negotiate/kerberos/negotiate_kerberos_auth.cc
|
Index: squid-4.9/src/auth/negotiate/kerberos/negotiate_kerberos_auth.cc
|
||||||
===================================================================
|
===================================================================
|
||||||
--- squid-4.8.orig/src/auth/negotiate/kerberos/negotiate_kerberos_auth.cc
|
--- squid-4.9.orig/src/auth/negotiate/kerberos/negotiate_kerberos_auth.cc
|
||||||
+++ squid-4.8/src/auth/negotiate/kerberos/negotiate_kerberos_auth.cc
|
+++ squid-4.9/src/auth/negotiate/kerberos/negotiate_kerberos_auth.cc
|
||||||
@@ -681,8 +681,8 @@ main(int argc, char *const argv[])
|
@@ -681,8 +681,8 @@ main(int argc, char *const argv[])
|
||||||
|
|
||||||
struct base64_decode_ctx ctx;
|
struct base64_decode_ctx ctx;
|
||||||
@ -83,10 +83,10 @@ Index: squid-4.8/src/auth/negotiate/kerberos/negotiate_kerberos_auth.cc
|
|||||||
token[blen] = '\0';
|
token[blen] = '\0';
|
||||||
|
|
||||||
if (check_gss_err(major_status, minor_status, "gss_accept_sec_context()", log, 1))
|
if (check_gss_err(major_status, minor_status, "gss_accept_sec_context()", log, 1))
|
||||||
Index: squid-4.8/src/auth/negotiate/wrapper/negotiate_wrapper.cc
|
Index: squid-4.9/src/auth/negotiate/wrapper/negotiate_wrapper.cc
|
||||||
===================================================================
|
===================================================================
|
||||||
--- squid-4.8.orig/src/auth/negotiate/wrapper/negotiate_wrapper.cc
|
--- squid-4.9.orig/src/auth/negotiate/wrapper/negotiate_wrapper.cc
|
||||||
+++ squid-4.8/src/auth/negotiate/wrapper/negotiate_wrapper.cc
|
+++ squid-4.9/src/auth/negotiate/wrapper/negotiate_wrapper.cc
|
||||||
@@ -192,8 +192,8 @@ processingLoop(FILE *FDKIN, FILE *FDKOUT
|
@@ -192,8 +192,8 @@ processingLoop(FILE *FDKIN, FILE *FDKOUT
|
||||||
|
|
||||||
struct base64_decode_ctx ctx;
|
struct base64_decode_ctx ctx;
|
||||||
@ -98,10 +98,10 @@ Index: squid-4.8/src/auth/negotiate/wrapper/negotiate_wrapper.cc
|
|||||||
!base64_decode_final(&ctx)) {
|
!base64_decode_final(&ctx)) {
|
||||||
if (debug_enabled)
|
if (debug_enabled)
|
||||||
fprintf(stderr, "%s| %s: Invalid base64 token [%s]\n", LogTime(), PROGRAM, buf+3);
|
fprintf(stderr, "%s| %s: Invalid base64 token [%s]\n", LogTime(), PROGRAM, buf+3);
|
||||||
Index: squid-4.8/src/auth/ntlm/SMB_LM/ntlm_smb_lm_auth.cc
|
Index: squid-4.9/src/auth/ntlm/SMB_LM/ntlm_smb_lm_auth.cc
|
||||||
===================================================================
|
===================================================================
|
||||||
--- squid-4.8.orig/src/auth/ntlm/SMB_LM/ntlm_smb_lm_auth.cc
|
--- squid-4.9.orig/src/auth/ntlm/SMB_LM/ntlm_smb_lm_auth.cc
|
||||||
+++ squid-4.8/src/auth/ntlm/SMB_LM/ntlm_smb_lm_auth.cc
|
+++ squid-4.9/src/auth/ntlm/SMB_LM/ntlm_smb_lm_auth.cc
|
||||||
@@ -203,8 +203,8 @@ make_challenge(char *domain, char *domai
|
@@ -203,8 +203,8 @@ make_challenge(char *domain, char *domai
|
||||||
|
|
||||||
struct base64_encode_ctx ctx;
|
struct base64_encode_ctx ctx;
|
||||||
@ -125,10 +125,10 @@ Index: squid-4.8/src/auth/ntlm/SMB_LM/ntlm_smb_lm_auth.cc
|
|||||||
!base64_decode_final(&ctx)) {
|
!base64_decode_final(&ctx)) {
|
||||||
SEND("NA Packet format error, couldn't base64-decode");
|
SEND("NA Packet format error, couldn't base64-decode");
|
||||||
return;
|
return;
|
||||||
Index: squid-4.8/src/auth/ntlm/SSPI/ntlm_sspi_auth.cc
|
Index: squid-4.9/src/auth/ntlm/SSPI/ntlm_sspi_auth.cc
|
||||||
===================================================================
|
===================================================================
|
||||||
--- squid-4.8.orig/src/auth/ntlm/SSPI/ntlm_sspi_auth.cc
|
--- squid-4.9.orig/src/auth/ntlm/SSPI/ntlm_sspi_auth.cc
|
||||||
+++ squid-4.8/src/auth/ntlm/SSPI/ntlm_sspi_auth.cc
|
+++ squid-4.9/src/auth/ntlm/SSPI/ntlm_sspi_auth.cc
|
||||||
@@ -418,6 +418,7 @@ token_decode(size_t *decodedLen, uint8_t
|
@@ -418,6 +418,7 @@ token_decode(size_t *decodedLen, uint8_t
|
||||||
{
|
{
|
||||||
struct base64_decode_ctx ctx;
|
struct base64_decode_ctx ctx;
|
||||||
@ -137,10 +137,10 @@ Index: squid-4.8/src/auth/ntlm/SSPI/ntlm_sspi_auth.cc
|
|||||||
if (!base64_decode_update(&ctx, decodedLen, decoded, strlen(buf), reinterpret_cast<const uint8_t*>(buf)) ||
|
if (!base64_decode_update(&ctx, decodedLen, decoded, strlen(buf), reinterpret_cast<const uint8_t*>(buf)) ||
|
||||||
!base64_decode_final(&ctx)) {
|
!base64_decode_final(&ctx)) {
|
||||||
SEND_BH("message=\"base64 decode failed\"");
|
SEND_BH("message=\"base64 decode failed\"");
|
||||||
Index: squid-4.8/src/auth/ntlm/fake/ntlm_fake_auth.cc
|
Index: squid-4.9/src/auth/ntlm/fake/ntlm_fake_auth.cc
|
||||||
===================================================================
|
===================================================================
|
||||||
--- squid-4.8.orig/src/auth/ntlm/fake/ntlm_fake_auth.cc
|
--- squid-4.9.orig/src/auth/ntlm/fake/ntlm_fake_auth.cc
|
||||||
+++ squid-4.8/src/auth/ntlm/fake/ntlm_fake_auth.cc
|
+++ squid-4.9/src/auth/ntlm/fake/ntlm_fake_auth.cc
|
||||||
@@ -153,9 +153,9 @@ main(int argc, char *argv[])
|
@@ -153,9 +153,9 @@ main(int argc, char *argv[])
|
||||||
ntlmhdr *packet;
|
ntlmhdr *packet;
|
||||||
struct base64_decode_ctx ctx;
|
struct base64_decode_ctx ctx;
|
||||||
@ -164,11 +164,11 @@ Index: squid-4.8/src/auth/ntlm/fake/ntlm_fake_auth.cc
|
|||||||
if (NTLM_packet_debug_enabled) {
|
if (NTLM_packet_debug_enabled) {
|
||||||
printf("TT %.*s\n", (int)blen, data);
|
printf("TT %.*s\n", (int)blen, data);
|
||||||
debug("sending 'TT' to squid with data:\n");
|
debug("sending 'TT' to squid with data:\n");
|
||||||
Index: squid-4.8/tools/cachemgr.cc
|
Index: squid-4.9/tools/cachemgr.cc
|
||||||
===================================================================
|
===================================================================
|
||||||
--- squid-4.8.orig/tools/cachemgr.cc
|
--- squid-4.9.orig/tools/cachemgr.cc
|
||||||
+++ squid-4.8/tools/cachemgr.cc
|
+++ squid-4.9/tools/cachemgr.cc
|
||||||
@@ -1082,8 +1082,8 @@ make_pub_auth(cachemgr_request * req)
|
@@ -1104,8 +1104,8 @@ make_pub_auth(cachemgr_request * req)
|
||||||
req->pub_auth = (char *) xmalloc(encodedLen);
|
req->pub_auth = (char *) xmalloc(encodedLen);
|
||||||
struct base64_encode_ctx ctx;
|
struct base64_encode_ctx ctx;
|
||||||
base64_encode_init(&ctx);
|
base64_encode_init(&ctx);
|
||||||
@ -179,7 +179,7 @@ Index: squid-4.8/tools/cachemgr.cc
|
|||||||
req->pub_auth[blen] = '\0';
|
req->pub_auth[blen] = '\0';
|
||||||
debug("cmgr: encoded: '%s'\n", req->pub_auth);
|
debug("cmgr: encoded: '%s'\n", req->pub_auth);
|
||||||
}
|
}
|
||||||
@@ -1103,8 +1103,8 @@ decode_pub_auth(cachemgr_request * req)
|
@@ -1125,8 +1125,8 @@ decode_pub_auth(cachemgr_request * req)
|
||||||
char *buf = static_cast<char*>(xmalloc(BASE64_DECODE_LENGTH(strlen(req->pub_auth))+1));
|
char *buf = static_cast<char*>(xmalloc(BASE64_DECODE_LENGTH(strlen(req->pub_auth))+1));
|
||||||
struct base64_decode_ctx ctx;
|
struct base64_decode_ctx ctx;
|
||||||
base64_decode_init(&ctx);
|
base64_decode_init(&ctx);
|
||||||
@ -190,7 +190,7 @@ Index: squid-4.8/tools/cachemgr.cc
|
|||||||
!base64_decode_final(&ctx)) {
|
!base64_decode_final(&ctx)) {
|
||||||
debug("cmgr: base64 decode failure. Incomplete auth token string.\n");
|
debug("cmgr: base64 decode failure. Incomplete auth token string.\n");
|
||||||
xfree(buf);
|
xfree(buf);
|
||||||
@@ -1197,8 +1197,8 @@ make_auth_header(const cachemgr_request
|
@@ -1219,8 +1219,8 @@ make_auth_header(const cachemgr_request
|
||||||
char *str64 = static_cast<char *>(xmalloc(encodedLen));
|
char *str64 = static_cast<char *>(xmalloc(encodedLen));
|
||||||
struct base64_encode_ctx ctx;
|
struct base64_encode_ctx ctx;
|
||||||
base64_encode_init(&ctx);
|
base64_encode_init(&ctx);
|
||||||
@ -201,16 +201,16 @@ Index: squid-4.8/tools/cachemgr.cc
|
|||||||
str64[blen] = '\0';
|
str64[blen] = '\0';
|
||||||
|
|
||||||
stringLength += snprintf(buf, sizeof(buf), "Authorization: Basic %.*s\r\n", (int)blen, str64);
|
stringLength += snprintf(buf, sizeof(buf), "Authorization: Basic %.*s\r\n", (int)blen, str64);
|
||||||
Index: squid-4.8/include/base64.h
|
Index: squid-4.9/include/base64.h
|
||||||
===================================================================
|
===================================================================
|
||||||
--- squid-4.8.orig/include/base64.h
|
--- squid-4.9.orig/include/base64.h
|
||||||
+++ squid-4.8/include/base64.h
|
+++ squid-4.9/include/base64.h
|
||||||
@@ -9,11 +9,11 @@
|
@@ -9,11 +9,11 @@
|
||||||
#ifndef _SQUID_BASE64_H
|
#ifndef _SQUID_BASE64_H
|
||||||
#define _SQUID_BASE64_H
|
#define _SQUID_BASE64_H
|
||||||
|
|
||||||
-#if HAVE_NETTLE_BASE64_H && HAVE_NETTLE34_BASE64
|
-#if HAVE_NETTLE_BASE64_H && HAVE_NETTLE34_BASE64
|
||||||
+#if HAVE_NETTLE_BASE64_H
|
+#if HAVE_NETTLE_BASE64_H
|
||||||
#include <nettle/base64.h>
|
#include <nettle/base64.h>
|
||||||
|
|
||||||
#else /* Base64 functions copied from Nettle 3.4 under GPLv2, with adjustments */
|
#else /* Base64 functions copied from Nettle 3.4 under GPLv2, with adjustments */
|
||||||
@ -219,10 +219,10 @@ Index: squid-4.8/include/base64.h
|
|||||||
/* base64.h
|
/* base64.h
|
||||||
|
|
||||||
Base-64 encoding and decoding.
|
Base-64 encoding and decoding.
|
||||||
Index: squid-4.8/lib/base64.c
|
Index: squid-4.9/lib/base64.c
|
||||||
===================================================================
|
===================================================================
|
||||||
--- squid-4.8.orig/lib/base64.c
|
--- squid-4.9.orig/lib/base64.c
|
||||||
+++ squid-4.8/lib/base64.c
|
+++ squid-4.9/lib/base64.c
|
||||||
@@ -13,7 +13,7 @@
|
@@ -13,7 +13,7 @@
|
||||||
#include "squid.h"
|
#include "squid.h"
|
||||||
#include "base64.h"
|
#include "base64.h"
|
||||||
@ -232,10 +232,10 @@ Index: squid-4.8/lib/base64.c
|
|||||||
|
|
||||||
/* base64-encode.c
|
/* base64-encode.c
|
||||||
|
|
||||||
Index: squid-4.8/src/format/Format.cc
|
Index: squid-4.9/src/format/Format.cc
|
||||||
===================================================================
|
===================================================================
|
||||||
--- squid-4.8.orig/src/format/Format.cc
|
--- squid-4.9.orig/src/format/Format.cc
|
||||||
+++ squid-4.8/src/format/Format.cc
|
+++ squid-4.9/src/format/Format.cc
|
||||||
@@ -557,8 +557,8 @@ Format::Format::assemble(MemBuf &mb, con
|
@@ -557,8 +557,8 @@ Format::Format::assemble(MemBuf &mb, con
|
||||||
|
|
||||||
struct base64_encode_ctx ctx;
|
struct base64_encode_ctx ctx;
|
||||||
@ -247,25 +247,10 @@ Index: squid-4.8/src/format/Format.cc
|
|||||||
|
|
||||||
sb.rawAppendFinish(buf, encLength);
|
sb.rawAppendFinish(buf, encLength);
|
||||||
out = sb.c_str();
|
out = sb.c_str();
|
||||||
Index: squid-4.8/src/auth/digest/Config.cc
|
Index: squid-4.9/src/auth/negotiate/kerberos/negotiate_kerberos_auth_test.cc
|
||||||
===================================================================
|
===================================================================
|
||||||
--- squid-4.8.orig/src/auth/digest/Config.cc
|
--- squid-4.9.orig/src/auth/negotiate/kerberos/negotiate_kerberos_auth_test.cc
|
||||||
+++ squid-4.8/src/auth/digest/Config.cc
|
+++ squid-4.9/src/auth/negotiate/kerberos/negotiate_kerberos_auth_test.cc
|
||||||
@@ -111,8 +111,8 @@ authDigestNonceEncode(digest_nonce_h * n
|
|
||||||
nonce->key = xcalloc(base64_encode_len(sizeof(digest_nonce_data)), 1);
|
|
||||||
struct base64_encode_ctx ctx;
|
|
||||||
base64_encode_init(&ctx);
|
|
||||||
- size_t blen = base64_encode_update(&ctx, reinterpret_cast<char*>(nonce->key), sizeof(digest_nonce_data), reinterpret_cast<const uint8_t*>(&(nonce->noncedata)));
|
|
||||||
- blen += base64_encode_final(&ctx, reinterpret_cast<char*>(nonce->key)+blen);
|
|
||||||
+ size_t blen = base64_encode_update(&ctx, (uint8_t*)nonce->key, sizeof(digest_nonce_data), (uint8_t*)&(nonce->noncedata));
|
|
||||||
+ blen += base64_encode_final(&ctx, ((uint8_t*)(nonce->key))+blen);
|
|
||||||
}
|
|
||||||
|
|
||||||
digest_nonce_h *
|
|
||||||
Index: squid-4.8/src/auth/negotiate/kerberos/negotiate_kerberos_auth_test.cc
|
|
||||||
===================================================================
|
|
||||||
--- squid-4.8.orig/src/auth/negotiate/kerberos/negotiate_kerberos_auth_test.cc
|
|
||||||
+++ squid-4.8/src/auth/negotiate/kerberos/negotiate_kerberos_auth_test.cc
|
|
||||||
@@ -203,8 +203,8 @@ squid_kerb_proxy_auth(char *proxy)
|
@@ -203,8 +203,8 @@ squid_kerb_proxy_auth(char *proxy)
|
||||||
token = (char *) xcalloc(base64_encode_len(output_token.length), 1);
|
token = (char *) xcalloc(base64_encode_len(output_token.length), 1);
|
||||||
struct base64_encode_ctx ctx;
|
struct base64_encode_ctx ctx;
|
||||||
@ -277,10 +262,10 @@ Index: squid-4.8/src/auth/negotiate/kerberos/negotiate_kerberos_auth_test.cc
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
Index: squid-4.8/src/auth/negotiate/kerberos/negotiate_kerberos_pac.cc
|
Index: squid-4.9/src/auth/negotiate/kerberos/negotiate_kerberos_pac.cc
|
||||||
===================================================================
|
===================================================================
|
||||||
--- squid-4.8.orig/src/auth/negotiate/kerberos/negotiate_kerberos_pac.cc
|
--- squid-4.9.orig/src/auth/negotiate/kerberos/negotiate_kerberos_pac.cc
|
||||||
+++ squid-4.8/src/auth/negotiate/kerberos/negotiate_kerberos_pac.cc
|
+++ squid-4.9/src/auth/negotiate/kerberos/negotiate_kerberos_pac.cc
|
||||||
@@ -245,8 +245,8 @@ getdomaingids(char *ad_groups, uint32_t
|
@@ -245,8 +245,8 @@ getdomaingids(char *ad_groups, uint32_t
|
||||||
base64_encode_init(&ctx);
|
base64_encode_init(&ctx);
|
||||||
const uint32_t expectedSz = base64_encode_len(length+4) +1 /* terminator */;
|
const uint32_t expectedSz = base64_encode_len(length+4) +1 /* terminator */;
|
||||||
@ -303,10 +288,10 @@ Index: squid-4.8/src/auth/negotiate/kerberos/negotiate_kerberos_pac.cc
|
|||||||
b64buf[expectedSz-1] = '\0';
|
b64buf[expectedSz-1] = '\0';
|
||||||
if (!pstrcat(ad_groups, reinterpret_cast<char*>(b64buf))) {
|
if (!pstrcat(ad_groups, reinterpret_cast<char*>(b64buf))) {
|
||||||
debug((char *) "%s| %s: WARN: Too many groups ! size > %d : %s\n",
|
debug((char *) "%s| %s: WARN: Too many groups ! size > %d : %s\n",
|
||||||
Index: squid-4.8/src/adaptation/icap/ModXact.cc
|
Index: squid-4.9/src/adaptation/icap/ModXact.cc
|
||||||
===================================================================
|
===================================================================
|
||||||
--- squid-4.8.orig/src/adaptation/icap/ModXact.cc
|
--- squid-4.9.orig/src/adaptation/icap/ModXact.cc
|
||||||
+++ squid-4.8/src/adaptation/icap/ModXact.cc
|
+++ squid-4.9/src/adaptation/icap/ModXact.cc
|
||||||
@@ -1369,10 +1369,10 @@ void Adaptation::Icap::ModXact::makeRequ
|
@@ -1369,10 +1369,10 @@ void Adaptation::Icap::ModXact::makeRequ
|
||||||
struct base64_encode_ctx ctx;
|
struct base64_encode_ctx ctx;
|
||||||
base64_encode_init(&ctx);
|
base64_encode_init(&ctx);
|
||||||
@ -333,10 +318,10 @@ Index: squid-4.8/src/adaptation/icap/ModXact.cc
|
|||||||
buf.appendf("%s: %.*s\r\n", TheConfig.client_username_header, (int)resultLen, base64buf);
|
buf.appendf("%s: %.*s\r\n", TheConfig.client_username_header, (int)resultLen, base64buf);
|
||||||
} else
|
} else
|
||||||
buf.appendf("%s: %s\r\n", TheConfig.client_username_header, value);
|
buf.appendf("%s: %s\r\n", TheConfig.client_username_header, value);
|
||||||
Index: squid-4.8/src/http.cc
|
Index: squid-4.9/src/http.cc
|
||||||
===================================================================
|
===================================================================
|
||||||
--- squid-4.8.orig/src/http.cc
|
--- squid-4.9.orig/src/http.cc
|
||||||
+++ squid-4.8/src/http.cc
|
+++ squid-4.9/src/http.cc
|
||||||
@@ -1697,9 +1697,9 @@ httpFixupAuthentication(HttpRequest * re
|
@@ -1697,9 +1697,9 @@ httpFixupAuthentication(HttpRequest * re
|
||||||
username = request->auth_user_request->username();
|
username = request->auth_user_request->username();
|
||||||
#endif
|
#endif
|
||||||
@ -387,10 +372,10 @@ Index: squid-4.8/src/http.cc
|
|||||||
result[blen] = '\0';
|
result[blen] = '\0';
|
||||||
if (blen)
|
if (blen)
|
||||||
httpHeaderPutStrf(hdr_out, Http::HdrType::AUTHORIZATION, "Basic %.*s", (int)blen, result);
|
httpHeaderPutStrf(hdr_out, Http::HdrType::AUTHORIZATION, "Basic %.*s", (int)blen, result);
|
||||||
Index: squid-4.8/src/peer_proxy_negotiate_auth.cc
|
Index: squid-4.9/src/peer_proxy_negotiate_auth.cc
|
||||||
===================================================================
|
===================================================================
|
||||||
--- squid-4.8.orig/src/peer_proxy_negotiate_auth.cc
|
--- squid-4.9.orig/src/peer_proxy_negotiate_auth.cc
|
||||||
+++ squid-4.8/src/peer_proxy_negotiate_auth.cc
|
+++ squid-4.9/src/peer_proxy_negotiate_auth.cc
|
||||||
@@ -562,8 +562,8 @@ char *peer_proxy_negotiate_auth(char *pr
|
@@ -562,8 +562,8 @@ char *peer_proxy_negotiate_auth(char *pr
|
||||||
static char b64buf[8192]; // XXX: 8KB only because base64_encode_bin() used to.
|
static char b64buf[8192]; // XXX: 8KB only because base64_encode_bin() used to.
|
||||||
struct base64_encode_ctx ctx;
|
struct base64_encode_ctx ctx;
|
||||||
@ -402,10 +387,10 @@ Index: squid-4.8/src/peer_proxy_negotiate_auth.cc
|
|||||||
b64buf[blen] = '\0';
|
b64buf[blen] = '\0';
|
||||||
|
|
||||||
token = reinterpret_cast<char*>(b64buf);
|
token = reinterpret_cast<char*>(b64buf);
|
||||||
Index: squid-4.8/tools/squidclient/gssapi_support.cc
|
Index: squid-4.9/tools/squidclient/gssapi_support.cc
|
||||||
===================================================================
|
===================================================================
|
||||||
--- squid-4.8.orig/tools/squidclient/gssapi_support.cc
|
--- squid-4.9.orig/tools/squidclient/gssapi_support.cc
|
||||||
+++ squid-4.8/tools/squidclient/gssapi_support.cc
|
+++ squid-4.9/tools/squidclient/gssapi_support.cc
|
||||||
@@ -134,8 +134,8 @@ GSSAPI_token(const char *server)
|
@@ -134,8 +134,8 @@ GSSAPI_token(const char *server)
|
||||||
token = new char[base64_encode_len(output_token.length)];
|
token = new char[base64_encode_len(output_token.length)];
|
||||||
struct base64_encode_ctx ctx;
|
struct base64_encode_ctx ctx;
|
||||||
@ -417,10 +402,10 @@ Index: squid-4.8/tools/squidclient/gssapi_support.cc
|
|||||||
token[blen] = '\0';
|
token[blen] = '\0';
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
Index: squid-4.8/tools/squidclient/squidclient.cc
|
Index: squid-4.9/tools/squidclient/squidclient.cc
|
||||||
===================================================================
|
===================================================================
|
||||||
--- squid-4.8.orig/tools/squidclient/squidclient.cc
|
--- squid-4.9.orig/tools/squidclient/squidclient.cc
|
||||||
+++ squid-4.8/tools/squidclient/squidclient.cc
|
+++ squid-4.9/tools/squidclient/squidclient.cc
|
||||||
@@ -212,10 +212,10 @@ Authorization::commit(std::ostream &os)
|
@@ -212,10 +212,10 @@ Authorization::commit(std::ostream &os)
|
||||||
const auto buf = new char[bcapacity];
|
const auto buf = new char[bcapacity];
|
||||||
|
|
||||||
|
@ -1,3 +0,0 @@
|
|||||||
version https://git-lfs.github.com/spec/v1
|
|
||||||
oid sha256:78cdb324d93341d36d09d5f791060f6e8aaa5ff3179f7c949cd910d023a86210
|
|
||||||
size 2440888
|
|
@ -1,25 +0,0 @@
|
|||||||
File: squid-4.8.tar.xz
|
|
||||||
Date: Tue Jul 9 19:30:13 UTC 2019
|
|
||||||
Size: 2440888
|
|
||||||
MD5 : 08e018f2d8db4911ee90591284fa1ca5
|
|
||||||
SHA1: 4ff1390eee3ec20cefa5565cbb56e1a89a12bfc1
|
|
||||||
Key : CD6DBF8EF3B17D3E <squid3@treenet.co.nz>
|
|
||||||
B068 84ED B779 C89B 044E 64E3 CD6D BF8E F3B1 7D3E
|
|
||||||
keyring = http://www.squid-cache.org/pgp.asc
|
|
||||||
keyserver = pool.sks-keyservers.net
|
|
||||||
-----BEGIN PGP SIGNATURE-----
|
|
||||||
|
|
||||||
iQIzBAABCgAdFiEEsGiE7bd5yJsETmTjzW2/jvOxfT4FAl0k60wACgkQzW2/jvOx
|
|
||||||
fT7tAg/7BB9XyX4Sxi6sdyAwSPJ7vu3sd8ENE2mYdnLlozd3n57g2EDJoDWNGMOV
|
|
||||||
eym6Xe5TCDyadXKDVHni4LrFm80RgILMRvkkY9RIIRBTac+SEpDPZq/XL5xzxL1K
|
|
||||||
mRxJ2Mg9dC/1Cja4xAT/NihinJ2g/vqPY/fC+35kHd1q+U3DeQlmRhMN+IoP6kOk
|
|
||||||
ZFYfl2DkHRZFRVF/yjxy2f2ktSuZOoUcnnAI2IWzgZS5iNR4F5ozNXKNUaAhcROy
|
|
||||||
Md6/VCnoLvYDVlXgJUBUsn0Qt/Kgl/3h/CUdGVUnG2Lt5+Gh3LZBlCNZ/P/6lBSD
|
|
||||||
9/hXLPkY4OTKrxkf0LdwNrGH9XZX5FoKAUDvF+qUvEqwFJdgzklyXSAoEQRfFtK2
|
|
||||||
KRAjuxR1h/JquiA7lfYchmHaS13FktkpGMAJWrQZFjRRnDcVqjEotGkcpgaIjVfG
|
|
||||||
/Bw9LLjRf4glYvgd8+wDZBpBGU2mLXOu0/0IfU3gN4nRXnxvum0xPRPRQhmZWzjk
|
|
||||||
svpUA1W4r7Uy1zog96Gry0NNh5bik+MU7OI/0uJPxSk4DhRFg+HcQ0GHb3eF0yBY
|
|
||||||
nTv8Ks3CMMsoa9tCzFfqmxKQMHBA0feBSzjOgN5nqibr7BRp9NiJPtj3sOS6oCDK
|
|
||||||
jBSV1ArI6nyaU26hfelNp375CPHObAFLlBA31+saV55hyr2Ydx4=
|
|
||||||
=ee2E
|
|
||||||
-----END PGP SIGNATURE-----
|
|
3
squid-4.9.tar.xz
Normal file
3
squid-4.9.tar.xz
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
version https://git-lfs.github.com/spec/v1
|
||||||
|
oid sha256:1cb1838c6683b0568a3a4050f4ea2fc1eaa5cbba6bdf7d57f7258c7cd7b41fa1
|
||||||
|
size 2444664
|
25
squid-4.9.tar.xz.asc
Normal file
25
squid-4.9.tar.xz.asc
Normal file
@ -0,0 +1,25 @@
|
|||||||
|
File: squid-4.9.tar.xz
|
||||||
|
Date: Wed Nov 6 04:57:57 UTC 2019
|
||||||
|
Size: 2444664
|
||||||
|
MD5 : 5c2e335dd1e8ced9dda6e0e11894b344
|
||||||
|
SHA1: 43c90a1a2eb4d1613f1bfc603ad08e8a835be319
|
||||||
|
Key : CD6DBF8EF3B17D3E <squid3@treenet.co.nz>
|
||||||
|
B068 84ED B779 C89B 044E 64E3 CD6D BF8E F3B1 7D3E
|
||||||
|
keyring = http://www.squid-cache.org/pgp.asc
|
||||||
|
keyserver = pool.sks-keyservers.net
|
||||||
|
-----BEGIN PGP SIGNATURE-----
|
||||||
|
|
||||||
|
iQIzBAABCgAdFiEEsGiE7bd5yJsETmTjzW2/jvOxfT4FAl3CUt8ACgkQzW2/jvOx
|
||||||
|
fT4Wnw/+Osf9VTnDFj5g/eXgb6vhzDaSLVfPNKLI6mF46a6twTvlMcM1+sX+b2Of
|
||||||
|
KXznDkUHvhIHijXGVbscSWx6Rn2tuPGDRRtDucqK98bYUo7mhEpdGtkVE7t8U3iz
|
||||||
|
wIKm7Hbr8qar4nJDLoZiZSCswI+UTcYncUuAqZ0O8LGIK0m6aYYDSS4bRq04yiS2
|
||||||
|
1JD0UEWW35X35hoVuhGlRRgvLzKn8F4KFeDde0gg+cqvkM0LR2+xkUqz6DcyE34m
|
||||||
|
8uK6hlABu32Zj+9oRBvNNcDOr2bfNYsbS4tAy635thFTyGUF7jjrOEXhl2SYrDY5
|
||||||
|
gVRzXHq/WBQ5rjTdmwvfn3wcwA1BQK/Oru6OaTFGaSrRlmJJM3JUFQWSsYWm8ARV
|
||||||
|
BJEGy8iQ9R41Yom2Ct8SOhwg7f3fBlFnK+BB8En+8s+fEa8z5rVmmjh1Es8qm6Tj
|
||||||
|
C/xGTZ23C4lUveKznDhc8MR2M4jjsH77Y7K/PvJUjZ/yYNpwsOwhv7fs51v70S5Q
|
||||||
|
4wC+ykpsmwckmOajrkOnupUN9Un2FzfyOctTt6PQkmwlq++09Jwxwg36O+KLDX08
|
||||||
|
f48F/qCCJ4bubuhFjM/A+cwVev0nAp0haSV0jpbemAHwzog21O51l70B8qUe18jp
|
||||||
|
XKYpbp3zCJ5cNmrAummsEVaj2ZCsH5ZHxTUIwvJDIS5b0OFn/lo=
|
||||||
|
=LNc9
|
||||||
|
-----END PGP SIGNATURE-----
|
@ -1,3 +1,29 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Fri Nov 8 15:24:15 UTC 2019 - Adam Majer <adam.majer@suse.de>
|
||||||
|
|
||||||
|
- Update to squid 4.9:
|
||||||
|
* fixes multiple Cross-Site Scripting issues in cachemgr.cgi
|
||||||
|
(CVE-2019-13345, bsc#1140738)
|
||||||
|
* fixes heap overflow in URN processing
|
||||||
|
(CVE-2019-12526, bsc#1156326)
|
||||||
|
* fixes multiple issues in URI processing
|
||||||
|
(CVE-2019-12523, CVE-2019-18676, bsc#1156329)
|
||||||
|
* fixes Cross-Site Request Forgery in HTTP Request processing
|
||||||
|
(CVE-2019-18677, bsc#1156328)
|
||||||
|
* fixes HTTP Request Splitting in HTTP message processing
|
||||||
|
(CVE-2019-18678, bsc#1156323)
|
||||||
|
* fixes information disclosure in HTTP Digest Authentication
|
||||||
|
(CVE-2019-18679, bsc#1156324)
|
||||||
|
* lower cache_peer hostname - this showed up as DNS failures
|
||||||
|
if peer name was configured with any upper case characters
|
||||||
|
* TLS: Multiple SSL-Bump fixes
|
||||||
|
* TLS: Fix expiration of self-signed generated certs to be 3 years
|
||||||
|
* TLS: Fix on_unsupported_protocol tunnel action
|
||||||
|
* Fix several rock cache_dir corruption issues
|
||||||
|
|
||||||
|
- fix_configuration_error.patch: upstreamed
|
||||||
|
- old_nettle_compat.patch: refreshed
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Tue Aug 6 13:05:58 UTC 2019 - Adam Majer <adam.majer@suse.de>
|
Tue Aug 6 13:05:58 UTC 2019 - Adam Majer <adam.majer@suse.de>
|
||||||
|
|
||||||
|
@ -19,7 +19,7 @@
|
|||||||
%define squidlibdir %{_libdir}/squid
|
%define squidlibdir %{_libdir}/squid
|
||||||
%define squidconfdir %{_sysconfdir}/squid
|
%define squidconfdir %{_sysconfdir}/squid
|
||||||
Name: squid
|
Name: squid
|
||||||
Version: 4.8
|
Version: 4.9
|
||||||
Release: 0
|
Release: 0
|
||||||
Summary: Caching and forwarding HTTP web proxy
|
Summary: Caching and forwarding HTTP web proxy
|
||||||
License: GPL-2.0-or-later
|
License: GPL-2.0-or-later
|
||||||
@ -40,7 +40,6 @@ Source16: initialize_cache_if_needed.sh
|
|||||||
Source17: tmpfilesdir.squid.conf
|
Source17: tmpfilesdir.squid.conf
|
||||||
Patch1: missing_installs.patch
|
Patch1: missing_installs.patch
|
||||||
Patch2: old_nettle_compat.patch
|
Patch2: old_nettle_compat.patch
|
||||||
Patch3: fix_configuration_error.patch
|
|
||||||
BuildRequires: cppunit-devel
|
BuildRequires: cppunit-devel
|
||||||
BuildRequires: db-devel
|
BuildRequires: db-devel
|
||||||
BuildRequires: ed
|
BuildRequires: ed
|
||||||
@ -93,7 +92,6 @@ perl -p -i -e 's|%{_prefix}/local/bin/perl|%{_bindir}/perl|' `find -name "*.pl"`
|
|||||||
%if %{suse_version} < 1500
|
%if %{suse_version} < 1500
|
||||||
%patch2 -p1
|
%patch2 -p1
|
||||||
%endif
|
%endif
|
||||||
%patch3 -p1
|
|
||||||
|
|
||||||
%build
|
%build
|
||||||
%define _lto_cflags %{nil}
|
%define _lto_cflags %{nil}
|
||||||
|
Loading…
Reference in New Issue
Block a user