Commit Graph

293 Commits

Author SHA256 Message Date
Ana Guerrero
be00812e5d Accepting request 1229399 from server:proxy
- Update to 6.12
  - Fix validation of Digest auth header parameters
- changes since squid-6.11:
  - Fix Kerberos detection when cross-compiling
  - Improve robustness of DNS code on reconfigure
  - Prevent slow memory leak in TCP DNS queries
  - Improve errors emitted when invalid ACLs are parsed

- Disble ESI. The code is removed upstream in 7.x (bsc#1232485, CVE-2024-45802)

OBS-URL: https://build.opensuse.org/request/show/1229399
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/squid?expand=0&rev=123
2024-12-09 20:12:58 +00:00
50777186fb - Update to 6.12
- Fix validation of Digest auth header parameters
- changes since squid-6.11:
  - Fix Kerberos detection when cross-compiling
  - Improve robustness of DNS code on reconfigure
  - Prevent slow memory leak in TCP DNS queries
  - Improve errors emitted when invalid ACLs are parsed

- Disble ESI. The code is removed upstream in 7.x (bsc#1232485, CVE-2024-45802)

OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=301
2024-12-09 13:10:14 +00:00
Ana Guerrero
5521453c13 Accepting request 1183540 from server:proxy
- update to 6.10
  - ESI: Disable by default (#1728)
  - Bug 5378: type mismatch in libTrie (#1830) (bsc#1227086, CVE-2024-37894)
  - testCacheManager: use cppunit exception tests (#1811)
  - testRandomUuid: use cppunit exception tests (#1814)
  - Docs: REQUIRED in ident_regex, proxy_auth_regex, ext_user_regex (#1818)
  - Fix build with clang v18 [-Wvla-cxx-extension] (#1813) (#1817)

OBS-URL: https://build.opensuse.org/request/show/1183540
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/squid?expand=0&rev=122
2024-06-27 14:04:49 +00:00
a546da3270 - update to 6.10
- ESI: Disable by default (#1728)
  - Bug 5378: type mismatch in libTrie (#1830) (bsc#1227086, CVE-2024-37894)
  - testCacheManager: use cppunit exception tests (#1811)
  - testRandomUuid: use cppunit exception tests (#1814)
  - Docs: REQUIRED in ident_regex, proxy_auth_regex, ext_user_regex (#1818)
  - Fix build with clang v18 [-Wvla-cxx-extension] (#1813) (#1817)

OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=299
2024-06-27 07:06:46 +00:00
Ana Guerrero
3f696fa535 Accepting request 1177317 from server:proxy
- update to 6.9
  - Regression Bug 5349: basic_nis_auth build error: unterminated #ifndef
  - Bug 5069: Keep listening after getsockname() error
  - Bug 5360: FwdState::noteDestinationsEnd() assertion "err"
  - Reduce stale errno usage
  - Plug memory leak in handling cache manager requests
  - Fix error: template-id not allowed for constructor in C++20
  - Improve release packaging automation
- header_fixups.patch: upstreamed, removed
- 9be86d8db5e8f40829374d26334d0bb5272c1afd.patch: upstreamed, removed
- CVE-2024-33427.patch: fixes possible buffer overread leading to
  denial of service (bsc#1225417, CVE-2024-33427)

OBS-URL: https://build.opensuse.org/request/show/1177317
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/squid?expand=0&rev=121
2024-05-28 15:30:23 +00:00
eb70b5ef0f - CVE-2024-33427.patch: fixes possible buffer overread leading to
denial of service (bsc#1225417, CVE-2024-33427)

OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=297
2024-05-28 08:55:47 +00:00
83753ab199 - update to 6.9
- Regression Bug 5349: basic_nis_auth build error: unterminated #ifndef
  - Bug 5069: Keep listening after getsockname() error
  - Bug 5360: FwdState::noteDestinationsEnd() assertion "err"
  - Reduce stale errno usage
  - Plug memory leak in handling cache manager requests
  - Fix error: template-id not allowed for constructor in C++20
  - Improve release packaging automation
- header_fixups.patch: upstreamed, removed
- 9be86d8db5e8f40829374d26334d0bb5272c1afd.patch: upstreamed, removed

OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=296
2024-05-28 08:50:04 +00:00
Dominique Leuenberger
f5630c87ae Accepting request 1155563 from server:proxy
- update to 6.8
  - Fix marking of problematic cached IP addresses (#1691)
  - Bug 5344: mgr:config segfaults without logformat (#1680)
  - Fix infinite recursion when parsing HTTP chunks (#1553)
    (bsc#1216715, CVE-2024-25111)
- changes in 6.7
  - Bug 5337: workaround for crash on startup if -a option is used
  - Bug 5274: Successful tunnels logged as TCP_TUNNEL/500
  - Fix crash when NTLM and Negotiate helpers are queried with no HTTP request
  - Fix SslBump memory leak when mimicking certificates with Authority Key Identifier
  - Fix memory leak on SslBump certificates with Authority Key Identifier extension
  - Fix a possible integer overflow in FTP Gateway
  - Extend cache_log_message to Bug 5187 and job invalidation BUGs
  - Remove incorrect beta version warning
- squid.keyring: updated
- header_fixups.patch: added
- 9be86d8db5e8f40829374d26334d0bb5272c1afd.patch: don't throw on
  client errors

 - Fix handling of expanding HTTP header values (bsc#1219960, CVE-2024-25617)

OBS-URL: https://build.opensuse.org/request/show/1155563
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/squid?expand=0&rev=120
2024-03-06 22:06:03 +00:00
23219f8b97 - 9be86d8db5e8f40829374d26334d0bb5272c1afd.patch: don't throw on
client errors

OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=294
2024-03-06 13:17:43 +00:00
17b414d940 - Fix handling of expanding HTTP header values (bsc#1219960, CVE-2024-25617)
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=293
2024-03-06 13:03:42 +00:00
8ef00f7fd9 - header_fixups.patch: added
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=292
2024-03-06 12:48:17 +00:00
6cedc775e2 - update to 6.8
- Fix marking of problematic cached IP addresses (#1691)
  - Bug 5344: mgr:config segfaults without logformat (#1680)
  - Fix infinite recursion when parsing HTTP chunks (#1553)
    (bsc#1216715, CVE-2024-25111)
- changes in 6.7
  - Bug 5337: workaround for crash on startup if -a option is used
  - Bug 5274: Successful tunnels logged as TCP_TUNNEL/500
  - Fix crash when NTLM and Negotiate helpers are queried with no HTTP request
  - Fix SslBump memory leak when mimicking certificates with Authority Key Identifier
  - Fix memory leak on SslBump certificates with Authority Key Identifier extension
  - Fix a possible integer overflow in FTP Gateway
  - Extend cache_log_message to Bug 5187 and job invalidation BUGs
  - Remove incorrect beta version warning

OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=291
2024-03-06 12:28:13 +00:00
Ana Guerrero
b9466b8dea Accepting request 1151607 from server:proxy
OBS-URL: https://build.opensuse.org/request/show/1151607
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/squid?expand=0&rev=119
2024-02-26 19:02:40 +00:00
Martin Pluskal
f3ee015a17 Accepting request 1151577 from home:dimstar:rpm4.20:s
Prepare for RPM 4.20

OBS-URL: https://build.opensuse.org/request/show/1151577
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=289
2024-02-26 13:40:54 +00:00
Ana Guerrero
3e94cee43c Accepting request 1142310 from server:proxy
changes only changes, CVEs, bugs, etc.

OBS-URL: https://build.opensuse.org/request/show/1142310
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/squid?expand=0&rev=118
2024-01-29 21:33:26 +00:00
1b2dbe0e67 add missing CVEs
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=287
2024-01-29 13:38:27 +00:00
335a196703 add bugzilla entry
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=286
2024-01-29 11:23:56 +00:00
Dominique Leuenberger
271189ebfc Accepting request 1135832 from server:proxy
OBS-URL: https://build.opensuse.org/request/show/1135832
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/squid?expand=0&rev=117
2024-01-03 11:26:37 +00:00
Martin Pluskal
af1d180b1f Accepting request 1135796 from home:dirkmueller:Factory
drop old, not referenced assets

OBS-URL: https://build.opensuse.org/request/show/1135796
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=284
2023-12-31 07:22:40 +00:00
Martin Pluskal
311bd1e5b3 Accepting request 1135553 from home:seanlew:branches:server:proxy
Updated squid to 6.6

OBS-URL: https://build.opensuse.org/request/show/1135553
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=283
2023-12-29 09:02:20 +00:00
Ana Guerrero
f4934e733f Accepting request 1122203 from server:proxy
- update to 6.4:
  * security fixes:
    + Request/Response smuggling in HTTP/1.1 and ICAP (bsc#1216500, CVE-2023-46846)
    + Multiple issues in HTTP response caching (bsc#1216496, CVE-2023-5824)
    + Denial of Service in HTTP Digest Authentication (bsc#1216495, CVE-2023-46847)
    + Denial of Service in FTP (bsc#1216498, CVE-2023-46848)
    + Fix validation of certificates (bsc#1216803, CVE-2023-46724)
  * Bug 5294: ERR_CANNOT_FORWARD returned instead of ERR_DNS_FAIL
  * Bug 4981: Work around in-call job invalidation bugs
  * basic_smb_lm_auth: fix 'no previous declaration' warnings
  * CacheManager: require /squid-internal-mgr/ URL path prefix
  * ESI: Fix build [-Wsingle-bit-bitfield-constant-conversion]
  * documentation changes

OBS-URL: https://build.opensuse.org/request/show/1122203
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/squid?expand=0&rev=116
2023-11-02 19:22:22 +00:00
62ba66243a - update to 6.4:
* security fixes:
    + Request/Response smuggling in HTTP/1.1 and ICAP (bsc#1216500, CVE-2023-46846)
    + Multiple issues in HTTP response caching (bsc#1216496, CVE-2023-5824)
    + Denial of Service in HTTP Digest Authentication (bsc#1216495, CVE-2023-46847)
    + Denial of Service in FTP (bsc#1216498, CVE-2023-46848)
    + Fix validation of certificates (bsc#1216803, CVE-2023-46724)
  * Bug 5294: ERR_CANNOT_FORWARD returned instead of ERR_DNS_FAIL
  * Bug 4981: Work around in-call job invalidation bugs
  * basic_smb_lm_auth: fix 'no previous declaration' warnings
  * CacheManager: require /squid-internal-mgr/ URL path prefix
  * ESI: Fix build [-Wsingle-bit-bitfield-constant-conversion]
  * documentation changes

OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=281
2023-11-02 08:45:54 +00:00
Dominique Leuenberger
06806c2bd9 Accepting request 1112346 from server:proxy
- update to 6.3:
  - Bug 5294: ERR_CANNOT_FORWARD returned instead of ERR_DNS_FAIL
  - Bug 4981: Work around in-call job invalidation bugs
  - basic_smb_lm_auth: fix 'no previous declaration' warnings
  - CacheManager: require /squid-internal-mgr/ URL path prefix
  - ESI: Fix build [-Wsingle-bit-bitfield-constant-conversion]

OBS-URL: https://build.opensuse.org/request/show/1112346
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/squid?expand=0&rev=115
2023-09-20 11:30:36 +00:00
452d72b5c9 - update to 6.3:
- Bug 5294: ERR_CANNOT_FORWARD returned instead of ERR_DNS_FAIL
  - Bug 4981: Work around in-call job invalidation bugs
  - basic_smb_lm_auth: fix 'no previous declaration' warnings
  - CacheManager: require /squid-internal-mgr/ URL path prefix
  - ESI: Fix build [-Wsingle-bit-bitfield-constant-conversion]

OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=279
2023-09-19 16:22:38 +00:00
Dominique Leuenberger
33fd7e9371 Accepting request 1103106 from server:proxy
OBS-URL: https://build.opensuse.org/request/show/1103106
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/squid?expand=0&rev=114
2023-08-09 15:26:17 +00:00
fcd32b7814 Accepting request 1103093 from home:polslinux:branches:server:proxy
- update to 6.2:
  * Major UI changes:
    - Remove 8K limit for single access.log line
    - Add tls_key_log to report TLS communication secrets
  * Minor UI changes:
    - Add %transport::>connection_id logformat code
    - Add paranoid_hit_validation directive
    - Report SMP store queues state (mgr:store_queues)
    - Addcache_log_message directive
  * Developer Interest changes:
    - Replaced X-Cache and X-Cache-Lookup headers with Cache-Status
    - Reject HTTP/1.0 requests with unusual framing
    - codespell check added to source maintenance enforcement
    - Streamlined ./configure handling of optional libraries
    - Add –progress option to test-builds.sh
    - Remove layer-00-bootstrap from test script
    - Convert LRU map into a CLP map
    - Remove legacy context-based debugging in favor of CodeContext
  * Removed features:
    - Remove unused cache_diff binary
    - Remove obsolete membanger test
    - Remove deprecated leakfinder (–enable-leakfinder)

OBS-URL: https://build.opensuse.org/request/show/1103093
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=277
2023-08-09 09:34:23 +00:00
Dominique Leuenberger
9ce8aee8b8 Accepting request 1085760 from server:proxy
- update to 5.9:
  * Improve reply_body_max_size matching accuracy
  * fix gcc13 warning

OBS-URL: https://build.opensuse.org/request/show/1085760
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/squid?expand=0&rev=113
2023-05-10 14:17:59 +00:00
3be8318923 - update to 5.9:
* Improve reply_body_max_size matching accuracy
  * fix gcc13 warning

OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=275
2023-05-09 14:34:55 +00:00
Dominique Leuenberger
2dda8e08c9 Accepting request 1084087 from server:proxy
- partial revert of earlier "fix PIDFile"
  - move pidfile back to /run/squid.pid and not in the directory
    owned by squid. The purpose of /run/squid/ is to facilitate
    SMP worker's IPC and not for the PID file. The PID file can
    live just fine in /run since it's written by root. (bsc#1210960)

OBS-URL: https://build.opensuse.org/request/show/1084087
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/squid?expand=0&rev=112
2023-05-03 10:56:54 +00:00
07fb1be74a - partial revert of earlier "fix PIDFile"
- move pidfile back to /run/squid.pid and not in the directory
    owned by squid. The purpose of /run/squid/ is to facilitate
    SMP worker's IPC and not for the PID file. The PID file can
    live just fine in /run since it's written by root. (bsc#1210960)

OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=273
2023-05-02 15:18:21 +00:00
Dominique Leuenberger
9497358eb1 Accepting request 1079395 from server:proxy
OBS-URL: https://build.opensuse.org/request/show/1079395
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/squid?expand=0&rev=111
2023-04-14 11:14:09 +00:00
Martin Pluskal
9f9d69b591 Accepting request 1079299 from home:dirkmueller:Factory
- update to 5.8:
  * Bug 5162: mgr:index URL do not produce MGR_INDEX template
  * Bug 5241: Block all non-localhost requests by default
  * Bug 5241: Block to-localhost, to-link-local requests by
    default
  * ext_kerberos_ldap_group_acl: Support -b with -D
  * Fix ACL type typo in req_header, rep_header key-changing
    ERRORs
  * ... and several compile fixes
  * ... and some code cleanup and polishing

OBS-URL: https://build.opensuse.org/request/show/1079299
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=271
2023-04-14 07:58:30 +00:00
Dominique Leuenberger
c76636d04d Accepting request 1073989 from server:proxy
OBS-URL: https://build.opensuse.org/request/show/1073989
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/squid?expand=0&rev=110
2023-03-24 14:21:18 +00:00
8ec6e276c4 Accepting request 1073988 from home:marxin:branches:server:proxy
- Enable LTO again as it survives tests now.

OBS-URL: https://build.opensuse.org/request/show/1073988
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=269
2023-03-23 14:58:09 +00:00
Dominique Leuenberger
374407c07e Accepting request 1060834 from server:proxy
OBS-URL: https://build.opensuse.org/request/show/1060834
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/squid?expand=0&rev=109
2023-01-25 16:44:05 +00:00
85015dd9ad Accepting request 1060819 from home:kukuk:branches:server:proxy
- Disable NIS auth module (NIS is deprecated and get's currently
  removed)

OBS-URL: https://build.opensuse.org/request/show/1060819
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=267
2023-01-25 10:29:53 +00:00
Dominique Leuenberger
6cca7078d5 Accepting request 1055875 from server:proxy
OBS-URL: https://build.opensuse.org/request/show/1055875
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/squid?expand=0&rev=108
2023-01-04 16:53:50 +00:00
Martin Pluskal
04b3f78d48 Accepting request 1046445 from home:schubi2:pam_usr_etc
- Migration of PAM settings to /usr/lib/pam.d.

OBS-URL: https://build.opensuse.org/request/show/1046445
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=265
2023-01-04 14:36:50 +00:00
Dominique Leuenberger
2835498b26 Accepting request 1006088 from server:proxy
- Migration to /usr/etc: Saving user changed configuration files
  in /etc and restoring them while an RPM update.

and CVE references,
  - Regression Fix: Typo in manager ACL (bsc#1203677, CVE-2022-41317)
    (bsc#1203680, CVE-2022-41318)

OBS-URL: https://build.opensuse.org/request/show/1006088
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/squid?expand=0&rev=107
2022-09-26 16:48:40 +00:00
0c32424ab7 Accepting request 1003832 from home:schubi2:logrotate
- Migration to /usr/etc: Saving user changed configuration files
  in /etc and restoring them while an RPM update.

OBS-URL: https://build.opensuse.org/request/show/1003832
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=263
2022-09-26 10:29:20 +00:00
7c543ee7fd Add CVE references
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=262
2022-09-26 10:23:09 +00:00
Dominique Leuenberger
384314cf9f Accepting request 1003011 from server:proxy
OBS-URL: https://build.opensuse.org/request/show/1003011
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/squid?expand=0&rev=106
2022-09-12 17:09:05 +00:00
221d387569 Accepting request 1002491 from home:dirkmueller:Factory
- update to 5.7:
  - Regression Fix: Typo in manager ACL
  - Bug 5186: noteDestinationsEnd check failed: transportWait
  - Bug 5160: Test suite fails with -flto=auto
  - Bug 3193 pt2: NTLM decoder truncating strings
  - Bug 5133: OpenSSL 3.0 support
  - ext_session_acl: fix TDB key lookup
  - forward_max_tries: Do not count discarded connections
  - ... and many compile and debugging fixes

OBS-URL: https://build.opensuse.org/request/show/1002491
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=260
2022-09-12 15:32:36 +00:00
Dominique Leuenberger
e089dbe488 Accepting request 999925 from server:proxy
OBS-URL: https://build.opensuse.org/request/show/999925
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/squid?expand=0&rev=105
2022-08-30 12:49:06 +00:00
e83ebc1600 Accepting request 999891 from home:computersalat:devel:proxy
fix PIDFile

OBS-URL: https://build.opensuse.org/request/show/999891
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=258
2022-08-29 11:10:51 +00:00
Dominique Leuenberger
7ab08601a3 Accepting request 985925 from server:proxy
OBS-URL: https://build.opensuse.org/request/show/985925
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/squid?expand=0&rev=104
2022-06-30 11:18:25 +00:00
Lars Vogdt
3d5852fb75 Accepting request 985780 from home:schubi2
- Moved logrotate files from user specific directory /etc/logrotate.d
  to vendor specific directory /usr/etc/logrotate.d.

OBS-URL: https://build.opensuse.org/request/show/985780
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=256
2022-06-29 17:56:59 +00:00
Dominique Leuenberger
828dd3c8c8 Accepting request 984871 from server:proxy
- Update to 5.6:
  * Improve handling of Gopher responses (bsc#1200907, CVE-2021-46784)
- Changes in 5.5:
  * fixes regression Bug 5192: esi_parser default is incorrect
  * Bug 5177: clientca certificates sent to https_port clients
  * Bug 5090: Must(!request->pinnedConnection()) violation
  * Kid restart leads to persistent queue overflows, delays/timeouts

OBS-URL: https://build.opensuse.org/request/show/984871
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/squid?expand=0&rev=103
2022-06-25 08:24:14 +00:00
3db5ecbad9 - Update to 5.6:
* Improve handling of Gopher responses (bsc#1200907, CVE-2021-46784)
- Changes in 5.5:
  * fixes regression Bug 5192: esi_parser default is incorrect
  * Bug 5177: clientca certificates sent to https_port clients
  * Bug 5090: Must(!request->pinnedConnection()) violation
  * Kid restart leads to persistent queue overflows, delays/timeouts

OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=254
2022-06-24 09:29:25 +00:00
Dominique Leuenberger
24f7dcfe4b Accepting request 966241 from server:proxy
- Do not try to set special permissions for basic_pam_auth (bsc#1197649)

OBS-URL: https://build.opensuse.org/request/show/966241
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/squid?expand=0&rev=102
2022-04-01 19:35:36 +00:00