Accepting request 1122203 from server:proxy

- update to 6.4:
  * security fixes:
    + Request/Response smuggling in HTTP/1.1 and ICAP (bsc#1216500, CVE-2023-46846)
    + Multiple issues in HTTP response caching (bsc#1216496, CVE-2023-5824)
    + Denial of Service in HTTP Digest Authentication (bsc#1216495, CVE-2023-46847)
    + Denial of Service in FTP (bsc#1216498, CVE-2023-46848)
    + Fix validation of certificates (bsc#1216803, CVE-2023-46724)
  * Bug 5294: ERR_CANNOT_FORWARD returned instead of ERR_DNS_FAIL
  * Bug 4981: Work around in-call job invalidation bugs
  * basic_smb_lm_auth: fix 'no previous declaration' warnings
  * CacheManager: require /squid-internal-mgr/ URL path prefix
  * ESI: Fix build [-Wsingle-bit-bitfield-constant-conversion]
  * documentation changes

OBS-URL: https://build.opensuse.org/request/show/1122203
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/squid?expand=0&rev=116
This commit is contained in:
Ana Guerrero 2023-11-02 19:22:22 +00:00 committed by Git OBS Bridge
commit f4934e733f
6 changed files with 53 additions and 32 deletions

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:74a0f5586a7a5d89573d502708d5e1d66ddf0430cf4802cc7261b765653248fa
size 2547264

View File

@ -1,25 +0,0 @@
File: squid-6.3.tar.xz
Date: Sun 03 Sep 2023 15:42:32 UTC
Size: 2547264
MD5 : 2512b5d27856e6f91a97719784506893
SHA1: 7bd74034015c6a4d345a4d277a431908bed2ec4a
Key : CD6DBF8EF3B17D3E <squid3@treenet.co.nz>
B068 84ED B779 C89B 044E 64E3 CD6D BF8E F3B1 7D3E
keyring = http://www.squid-cache.org/pgp.asc
keyserver = pool.sks-keyservers.net
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEsGiE7bd5yJsETmTjzW2/jvOxfT4FAmT0qW8ACgkQzW2/jvOx
fT56xRAAjfNBcwBJzAMjXoGBPypHb6NmNDamFblgS11EBXrUFqTK/GyYCxYbXwxJ
MEt4xnxJKehEelInd03gw7o9z+402gdlGFzCwtuNb5BmYTvIGgudNIC/LzpTiuaG
mPgIsSaRSsIrzVpgrz5MzWGj2lwUi+wg+x1hwB0GYVzxHDXTikNrvBgSbK47Z4cR
Fc/4iGhNJ3iGnML0LSStbXAsHuXx8LmI0tD9koy688eVSL9AUymoJVrkU3iBFIGY
MKVr9icrtwvqhT7doFdiKw4AfGL5ex/RxjY/sbu4OtDlsx6oQPKNNSjZt+vG92lT
yZGKQGBtdQV8O0J7REeaHIt8TiKlNvmw1J+65pMpx7DYo7Dd0YZh9DHSJrG/zDWE
CT7WxKNV0Mt8k3bnhHpMqeV2t/AHdUzRULymUI46JrtBaNzb+mduwagCV6/EGENU
kwJ+bvVg3H+30HmUIfNCuvlfFrLaCROKkmA5VQ5fNBQPLibJEZMi32haIn7Mftue
gw9MkxmX6kUi/1FhS9Kbe3qEOVrJnoaFDmfXn+iIeMpNTBNKGQOWUGPBZdsfRKLr
ISKMfxOjCHn072X2Abtbod1DSKgTc/XK4Wvc6LQfp8fDy4Kzzu4BZJmM4N6xgj2F
GO31kwuQhQFEFGUh6CXOiFeivlAaWBu3/rjh/SMREuir6IJ/K6o=
=/lJx
-----END PGP SIGNATURE-----

3
squid-6.4.tar.xz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:5ebbced99b3df21bfcf4d1ec39455dff775a5ff6b9215d9f0339958771a88589
size 2553476

25
squid-6.4.tar.xz.asc Normal file
View File

@ -0,0 +1,25 @@
File: squid-6.4.tar.xz
Date: Sat 21 Oct 2023 12:51:05 UTC
Size: 2553476
MD5 : 8031857fd54fad4a7b4f4db4d44aa761
SHA1: 23733fc08ed7a76d7e19877a4e04c105222b6cec
Key : CD6DBF8EF3B17D3E <squid3@treenet.co.nz>
B068 84ED B779 C89B 044E 64E3 CD6D BF8E F3B1 7D3E
keyring = http://www.squid-cache.org/pgp.asc
keyserver = pool.sks-keyservers.net
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEsGiE7bd5yJsETmTjzW2/jvOxfT4FAmUzyUEACgkQzW2/jvOx
fT4IBw/9GrNFjQTgyNSlcDGhRwI1DQzANOId9Aj51TNbwBTs/CPnfISwOBq2Y6IH
wOfQaRxl0T4f5Mkj4xAimPKYz4qDe+JjQNN/IzX0O9ngMX4f4gHpuWqelHKU+732
QZjqMunf2nLnWtpENsEPL0REYISy/nu0w8cZm3vUfiqwvc32/cDdPIYFCWbIdg/H
7dpOhNgvgNYGrUSfBBkUeH1B2XCf8hkBhidMRAh/vyg4RQSKAs5F0Mx8gW6lLS06
3dfHXuTP4AsF4MZh1YFe385oFl0uO1liaaXB41+TT8k0s0CrEnJKNabT9FQ/EUhG
K2cV/9oEBU2Z72RujwVapwdbDPbAwlhbnM/34sYAAVo1/Zil1Ucu1irb9WMuaffB
H2GZiu0naiAbILJkAjz5/n2jXxvgiOM3So3vQQm8BaH13KLlPiVkonoICxBZD2rN
Z134qMo/VHT05GOFZR/eZ8UBAVkdRWx16kGe/BaflDwQdGToYNnJSisc2rKH+jxY
KMNpe7vtE8VkyBqh/qmZA0XLH4uY1ve/tduDdwRRZeYRfrd+wi7ejwzUhDvjQSie
3W6rBsW1gfVXYOKvz+lss3AvHjlyTQ1TW3dkm4VHnIRWfNi55vCmQaJ8ye4UUpcg
G0JS4nepLyyH/4rXBbxylFMPMSa1XhMOtPmpnvL4XDp3wXxSYbE=
=aGhF
-----END PGP SIGNATURE-----

View File

@ -1,3 +1,20 @@
-------------------------------------------------------------------
Wed Oct 25 14:32:33 UTC 2023 - Adam Majer <adam.majer@suse.de>
- update to 6.4:
* security fixes:
+ Request/Response smuggling in HTTP/1.1 and ICAP (bsc#1216500, CVE-2023-46846)
+ Multiple issues in HTTP response caching (bsc#1216496, CVE-2023-5824)
+ Denial of Service in HTTP Digest Authentication (bsc#1216495, CVE-2023-46847)
+ Denial of Service in FTP (bsc#1216498, CVE-2023-46848)
+ Fix validation of certificates (bsc#1216803, CVE-2023-46724)
* Bug 5294: ERR_CANNOT_FORWARD returned instead of ERR_DNS_FAIL
* Bug 4981: Work around in-call job invalidation bugs
* basic_smb_lm_auth: fix 'no previous declaration' warnings
* CacheManager: require /squid-internal-mgr/ URL path prefix
* ESI: Fix build [-Wsingle-bit-bitfield-constant-conversion]
* documentation changes
-------------------------------------------------------------------
Tue Sep 19 16:20:19 UTC 2023 - Adam Majer <adam.majer@suse.de>

View File

@ -24,14 +24,17 @@
%define squidhelperdir %{_sbindir}
%endif
Name: squid
Version: 6.3
Version: 6.4
Release: 0
Summary: Caching and forwarding HTTP web proxy
License: GPL-2.0-or-later
Group: Productivity/Networking/Web/Proxy
URL: http://www.squid-cache.org
Source0: http://www.squid-cache.org/Versions/v6/squid-%{version}.tar.xz
Source1: http://www.squid-cache.org/Versions/v6/squid-%{version}.tar.xz.asc
### commented because of mirror issues...
#Source0: http://www.squid-cache.org/Versions/v6/squid-%{version}.tar.xz
#Source1: http://www.squid-cache.org/Versions/v6/squid-%{version}.tar.xz.asc
Source0: squid-%{version}.tar.xz
Source1: squid-%{version}.tar.xz.asc
Source5: pam.squid
Source6: unsquid.pl
Source7: %{name}.logrotate
@ -40,7 +43,8 @@ Source10: README.kerberos
Source11: %{name}.service
Source12: %{name}-user.conf
# http://lists.squid-cache.org/pipermail/squid-announce/2016-October/000064.html
Source13: http://www.squid-cache.org/pgp.asc#/squid.keyring
#Source13: http://www.squid-cache.org/pgp.asc#/squid.keyring
Source13: squid.keyring
Source15: cache_dir.sed
Source16: initialize_cache_if_needed.sh
Source17: tmpfilesdir.squid.conf