Dominique Leuenberger
38338573ad
Accepting request 936249 from server:proxy
...
OBS-URL: https://build.opensuse.org/request/show/936249
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/squid?expand=0&rev=95
2021-12-07 23:00:02 +00:00
Martin Pluskal
1ba7c0f00b
Accepting request 933486 from home:jsegitz:branches:systemdhardening:server:proxy
...
Automatic systemd hardening effort by the security team. This has not been tested. For details please see https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
OBS-URL: https://build.opensuse.org/request/show/933486
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=242
2021-12-07 12:01:22 +00:00
Dominique Leuenberger
b367df9e33
Accepting request 923558 from server:proxy
...
- transition to squid 5.x. This is a major release and for changes
and how to transition from 4.x, see the release notes,
http://www.squid-cache.org/Versions/v5/RELEASENOTES.html
- update to 5.2
* fixes issues with WCCP protocol that may lead to information
disclosure (bsc#1189403, CVE-2021-28116)
- drop unused BR: db-devel, ed, opensp-devel, pkgconfig(kdb)
- new BR: pkgconfig(tdb)
OBS-URL: https://build.opensuse.org/request/show/923558
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/squid?expand=0&rev=94
2021-10-07 22:05:48 +00:00
7540de6b79
Fix Source URLs
...
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=241
2021-10-06 17:10:48 +00:00
Martin Pluskal
91cd7d9ece
Accepting request 923273 from home:adamm:branches:server:proxy
...
- transition to squid 5.x. This is a major release and for changes
and how to transition from 4.x, see the release notes,
http://www.squid-cache.org/Versions/v5/RELEASENOTES.html
- update to 5.2
* fixes issues with WCCP protocol that may lead to information
disclosure (bsc#1189403, CVE-2021-28116)
- drop unused BR: db-devel, ed, opensp-devel, pkgconfig(kdb)
- new BR: pkgconfig(tdb)
OBS-URL: https://build.opensuse.org/request/show/923273
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=240
2021-10-06 08:28:26 +00:00
Dominique Leuenberger
c66d86bb71
Accepting request 909881 from server:proxy
...
OBS-URL: https://build.opensuse.org/request/show/909881
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/squid?expand=0&rev=93
2021-08-03 20:48:45 +00:00
Martin Pluskal
f4a3ff6528
Accepting request 909588 from home:dirkmueller:Factory
...
- update to 4.16:
- Regression Fix: --with-valgrind-debug build broken since 4.15
- Bug 5129 pt1: remove Lock use from HttpRequestMethod
- Bug 5128: Translation: Fix '% i' typo in es/ERR_FORWARDING_DENIED
- Bug 4528: ICAP transactions quit on async DNS lookups
OBS-URL: https://build.opensuse.org/request/show/909588
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=239
2021-08-03 07:22:15 +00:00
Dominique Leuenberger
b62fb0f8f4
Accepting request 895417 from server:proxy
...
Automatic submission by obs-autosubmit
OBS-URL: https://build.opensuse.org/request/show/895417
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/squid?expand=0&rev=92
2021-06-01 08:36:47 +00:00
9d9e9e1d0b
Add missing bug reference
...
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=237
2021-05-18 18:11:24 +00:00
Dominique Leuenberger
6804707c59
Accepting request 893984 from server:proxy
...
Adding bug and CVE references only
OBS-URL: https://build.opensuse.org/request/show/893984
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/squid?expand=0&rev=91
2021-05-18 16:26:46 +00:00
3761d61a9d
- fix building with SLE12
...
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=235
2021-05-18 12:44:03 +00:00
abcd5831a0
- Bug 5106: Broken cache manager URL parsing (bsc#1185918, CVE-2021-28652)
...
(bsc#1185921, CVE-2021-28651)
(bsc#1185919, CVE-2021-28662)
- Handle more Range requests (bsc#1185916, CVE-2021-31806)
- Handle more partial responses (bsc#1185923)
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=234
2021-05-18 08:58:40 +00:00
Dominique Leuenberger
0cfadfd43c
Accepting request 892494 from server:proxy
...
OBS-URL: https://build.opensuse.org/request/show/892494
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/squid?expand=0&rev=90
2021-05-12 17:32:42 +00:00
Martin Pluskal
b8860150b2
Accepting request 892304 from home:dirkmueller:Factory
...
- update to 4.15:
- Bug 5112: Excessively loud chunked reply parsing error reporting
- Bug 5106: Broken cache manager URL parsing
- Bug 5104: Memory leak in RFC 2169 response parsing
- Bug 3556: "FD ... is not an open socket" for accept() problems
- Profiling: CPU timing implemented for MAC non-x86
- Fix HttpHeaderStats definition to include hoErrorDetail
- Fix Squid-to-client write_timeout triggers client_lifetime timeout
- Limit HeaderLookupTable_t::lookup() to BadHdr and specific IDs
- Handle more Range requests
- Handle more partial responses
- Stop processing a response if the Store entry is gone
- ... and some portability fixes
- ... and some documentation updates
OBS-URL: https://build.opensuse.org/request/show/892304
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=232
2021-05-12 12:31:04 +00:00
Dominique Leuenberger
3bf85069ce
Accepting request 870771 from server:proxy
...
OBS-URL: https://build.opensuse.org/request/show/870771
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/squid?expand=0&rev=89
2021-02-10 20:31:00 +00:00
Martin Pluskal
0e6d2ed89f
Accepting request 870712 from home:dirkmueller:branches:server:proxy
...
- update to 4.14:
- Regression Fix: support for non-lowercase Transfer-Encoding value
- Regression Fix: cachemgr.cgi wrong 403 response to authenticated menu URIs
- Bug 5076: WCCP Security Info incorrect
- Bug 5073: Compile error: index was not declared in this scope
- Bug 5065: url_rewrite_program documentation update
- Bug 3074 pt2: improved handling of URI paths implicit '/'
- Fix transactions exceeding client_lifetime logged as _ABORTED
OBS-URL: https://build.opensuse.org/request/show/870712
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=230
2021-02-10 06:37:01 +00:00
Dominique Leuenberger
035ce7c4e7
Accepting request 846311 from server:proxy
...
- re-add older SLES12 requirements so we can use one devel project
for all codestreams
- fix previous change to reinstante permissions macros, because the wrong path
has been used (bsc#1171569).
- use libexecdir instead of libdir to conform to recent changes in Factory
(bsc#1171164).
OBS-URL: https://build.opensuse.org/request/show/846311
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/squid?expand=0&rev=88
2020-11-05 20:56:20 +00:00
8d1748fdfd
Accepting request 846223 from home:adamm:branches:server:proxy
...
- re-add older SLES12 requirements so we can use one devel project
for all codestreams
- fix previous change to reinstante permissions macros, because the wrong path
has been used (bsc#1171569).
- use libexecdir instead of libdir to conform to recent changes in Factory
(bsc#1171164).
OBS-URL: https://build.opensuse.org/request/show/846223
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=228
2020-11-05 16:30:46 +00:00
Dominique Leuenberger
04ac4278eb
Accepting request 840300 from server:proxy
...
- Reinstate permissions macros for pinger binary, because the permissions
package is also responsible for setting up the cap_net_raw capability,
currently a fresh squid install doesn't get a capability bit at all
(bsc#1171569).
OBS-URL: https://build.opensuse.org/request/show/840300
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/squid?expand=0&rev=87
2020-10-09 22:29:08 +00:00
9446ddfb48
Unescape macros
...
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=226
2020-10-08 14:14:03 +00:00
f80a1dd80c
Accepting request 840239 from home:mgerstner:branches:server:proxy
...
- Reinstate permissions macros for pinger binary, because the permissions
package is also responsible for setting up the cap_net_raw capability,
currently a fresh squid install doesn't get a capability bit at all
(bsc#1171569).
OBS-URL: https://build.opensuse.org/request/show/840239
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=225
2020-10-08 14:13:00 +00:00
Dominique Leuenberger
c9bc4ae547
Accepting request 831407 from server:proxy
...
Automatic submission by obs-autosubmit
OBS-URL: https://build.opensuse.org/request/show/831407
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/squid?expand=0&rev=86
2020-09-02 23:13:55 +00:00
b0e79047c9
Added CVE number only
...
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=223
2020-08-26 08:32:58 +00:00
Dominique Leuenberger
31a6238417
Accepting request 828922 from server:proxy
...
- squid 4.13:
* Enforce token characters for field-name (#700 )
* Fix livelocking in peerDigestHandleReply (#698 ) (bsc#1175671)
* Improve Transfer-Encoding handling (#702 )
(bsc#1175665, CVE-2020-15811)
* Forbid obs-fold and bare CR whitespace in framing header fields (#701 )
* Source Format Enforcement
* Enforce token characters for field-name (#700 )
(bsc#1175664, CVE-2020-15810)
* Do not stall while debugging a scan of an empty store_table (#699 )
* Fix livelocking in peerDigestHandleReply (#698 )
* Honor on_unsupported_protocol for intercepted https_port (#689 )
* Bug #5051 : Some collapsed revalidation responses never expire (#683 )
* SslBump: Support parsing GREASEd (and future) TLS handshakes (#663 )
OBS-URL: https://build.opensuse.org/request/show/828922
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/squid?expand=0&rev=85
2020-08-25 07:33:38 +00:00
9f88e6bab0
- squid 4.13:
...
* Enforce token characters for field-name (#700 )
* Fix livelocking in peerDigestHandleReply (#698 ) (bsc#1175671)
* Improve Transfer-Encoding handling (#702 )
(bsc#1175665, CVE-2020-15811)
* Forbid obs-fold and bare CR whitespace in framing header fields (#701 )
* Source Format Enforcement
* Enforce token characters for field-name (#700 )
(bsc#1175664, CVE-2020-15810)
* Do not stall while debugging a scan of an empty store_table (#699 )
* Fix livelocking in peerDigestHandleReply (#698 )
* Honor on_unsupported_protocol for intercepted https_port (#689 )
* Bug #5051 : Some collapsed revalidation responses never expire (#683 )
* SslBump: Support parsing GREASEd (and future) TLS handshakes (#663 )
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=221
2020-08-24 11:53:55 +00:00
Dominique Leuenberger
e3b6e0221f
Accepting request 825214 from server:proxy
...
OBS-URL: https://build.opensuse.org/request/show/825214
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/squid?expand=0&rev=84
2020-08-10 13:01:05 +00:00
Martin Pluskal
f6f553d246
Accepting request 822709 from home:adamm:branches:server:proxy
...
- Change pinger and basic_pam_auth helper to use standard permissions.
pinger uses cap_net_raw=ep instead (bsc#1171569)
- Move squid helpers under /usr/lib{,64}/squid for Tumbleweed and SLE16
Please adjust your config paths accordingly
OBS-URL: https://build.opensuse.org/request/show/822709
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=219
2020-08-10 06:02:07 +00:00
Dominique Leuenberger
8645cb2c21
Accepting request 817633 from server:proxy
...
Only add missing CVE and bugnumber
* HTTP: validate Content-Length value prefix (CVE-2020-15049, bsc#1173455)
OBS-URL: https://build.opensuse.org/request/show/817633
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/squid?expand=0&rev=83
2020-06-29 19:17:13 +00:00
f54ff4bf28
Add missing CVE number
...
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=217
2020-06-29 08:00:27 +00:00
cf1ad20812
* HTTP: validate Content-Length value prefix (CVE-CVE-2020-15049, bsc#1173455)
...
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=216
2020-06-29 07:59:39 +00:00
Dominique Leuenberger
4afdd113d1
Accepting request 816822 from server:proxy
...
Add bug references only
* Fixes a potential Denial of Service when processing TLS certificates
during HTTPS or SSL-Bump connections (CVE-2020-14059, bsc#1173304)
OBS-URL: https://build.opensuse.org/request/show/816822
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/squid?expand=0&rev=82
2020-06-24 13:50:24 +00:00
cccd5fcd50
* Fixes a potential Denial of Service when processing TLS certificates
...
during HTTPS or SSL-Bump connections (CVE-2020-14059, bsc#1173304)
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=214
2020-06-24 11:46:29 +00:00
Dominique Leuenberger
3b3d2c2e9a
Accepting request 816284 from server:proxy
...
OBS-URL: https://build.opensuse.org/request/show/816284
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/squid?expand=0&rev=81
2020-06-22 15:46:11 +00:00
Martin Pluskal
90caa15be3
Accepting request 816219 from home:AndreasStieger:branches:server:proxy
...
squid 4.12
OBS-URL: https://build.opensuse.org/request/show/816219
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=212
2020-06-22 08:43:44 +00:00
Dominique Leuenberger
a8c49f5f4f
Accepting request 796564 from server:proxy
...
- Update to squid 4.11:
* Fix incorrect buffer handling that can result in cache
poisoning, remote execution, and denial of service attacks when
processing ESI responses
(CVE-2019-12519, CVE-2019-12521, bsc#1169659)
* Fixes possible information disclosure when translating
FTP server listings into HTTP responses.
(CVE-2019-12528, bsc#1162689)
* Fixes possible denial of service caused by incorrect buffer
management ext_lm_group_acl when processing NTLM Authentication
credentials. (CVE-2020-8517, bsc#1162691)
* Fixes a potential remote execution vulnerability when using
HTTP Digest Authentication (CVE-2020-11945, bsc#1170313)
* Fixes problem when reconfigure killed Coordinator in
SMP+ufs configurations (#556 )
OBS-URL: https://build.opensuse.org/request/show/796564
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/squid?expand=0&rev=80
2020-04-23 16:40:20 +00:00
8b38ddcc65
- Update to squid 4.11:
...
* Fix incorrect buffer handling that can result in cache
poisoning, remote execution, and denial of service attacks when
processing ESI responses
(CVE-2019-12519, CVE-2019-12521, bsc#1169659)
* Fixes possible information disclosure when translating
FTP server listings into HTTP responses.
(CVE-2019-12528, bsc#1162689)
* Fixes possible denial of service caused by incorrect buffer
management ext_lm_group_acl when processing NTLM Authentication
credentials. (CVE-2020-8517, bsc#1162691)
* Fixes a potential remote execution vulnerability when using
HTTP Digest Authentication (CVE-2020-11945, bsc#1170313)
* Fixes problem when reconfigure killed Coordinator in
SMP+ufs configurations (#556 )
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=210
2020-04-23 13:47:01 +00:00
Dominique Leuenberger
9f839c09d5
Accepting request 795800 from server:proxy
...
OBS-URL: https://build.opensuse.org/request/show/795800
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/squid?expand=0&rev=79
2020-04-21 11:11:43 +00:00
1a19c2cdda
Accepting request 795761 from home:kukuk:branches:server:proxy
...
- Make logrotate recommended, it's not strictly required and
doesn't make any sense in containers
OBS-URL: https://build.opensuse.org/request/show/795761
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=208
2020-04-20 11:30:46 +00:00
Dominique Leuenberger
1a693817c3
Accepting request 792007 from server:proxy
...
Automatic submission by obs-autosubmit
OBS-URL: https://build.opensuse.org/request/show/792007
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/squid?expand=0&rev=78
2020-04-08 17:57:10 +00:00
7c91a28b19
Add missing CVE number to upstream release
...
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=206
2020-03-31 14:28:53 +00:00
Dominique Leuenberger
e641f7a8bc
Accepting request 776229 from server:proxy
...
OBS-URL: https://build.opensuse.org/request/show/776229
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/squid?expand=0&rev=77
2020-02-19 11:43:04 +00:00
Martin Pluskal
53be975248
Accepting request 776203 from home:kukuk:container
...
- Use sysusers instead of shadow to create squid user and groups
- Don't hard require systemd
OBS-URL: https://build.opensuse.org/request/show/776203
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=204
2020-02-19 08:58:35 +00:00
Dominique Leuenberger
9b1651858a
Accepting request 770216 from server:proxy
...
- Update to squid 4.10:
* fixes a security issue allowing a remote client ability to cause
use a buffer overflow when squid is acting as reverse-proxy.
(CVE-2020-8449, CVE-2020-8450, bsc#1162687)
* fixes a security issue allowing for information disclosure in
FTP gateway (CVE-2019-12528, bsc#1162689)
* fixes a security issue in ext_lm_group_acl when processing
NTLM Authentication credentials. (CVE-2020-8517, bsc#1162691)
* improve cache handling with chunked responses
OBS-URL: https://build.opensuse.org/request/show/770216
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/squid?expand=0&rev=76
2020-02-05 18:44:27 +00:00
4575171bf0
- Update to squid 4.10:
...
* fixes a security issue allowing a remote client ability to cause
use a buffer overflow when squid is acting as reverse-proxy.
(CVE-2020-8449, CVE-2020-8450, bsc#1162687)
* fixes a security issue allowing for information disclosure in
FTP gateway (CVE-2019-12528, bsc#1162689)
* fixes a security issue in ext_lm_group_acl when processing
NTLM Authentication credentials. (CVE-2020-8517, bsc#1162691)
* improve cache handling with chunked responses
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=202
2020-02-05 10:09:46 +00:00
Dominique Leuenberger
5dc6931f93
Accepting request 746661 from server:proxy
...
- Update to squid 4.9:
* fixes multiple Cross-Site Scripting issues in cachemgr.cgi
(CVE-2019-13345, bsc#1140738)
* fixes heap overflow in URN processing
(CVE-2019-12526, bsc#1156326)
* fixes multiple issues in URI processing
(CVE-2019-12523, CVE-2019-18676, bsc#1156329)
* fixes Cross-Site Request Forgery in HTTP Request processing
(CVE-2019-18677, bsc#1156328)
* fixes HTTP Request Splitting in HTTP message processing
(CVE-2019-18678, bsc#1156323)
* fixes information disclosure in HTTP Digest Authentication
(CVE-2019-18679, bsc#1156324)
* lower cache_peer hostname - this showed up as DNS failures
if peer name was configured with any upper case characters
* TLS: Multiple SSL-Bump fixes
* TLS: Fix expiration of self-signed generated certs to be 3 years
* TLS: Fix on_unsupported_protocol tunnel action
* Fix several rock cache_dir corruption issues
- fix_configuration_error.patch: upstreamed
- old_nettle_compat.patch: refreshed
OBS-URL: https://build.opensuse.org/request/show/746661
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/squid?expand=0&rev=75
2019-11-09 22:40:27 +00:00
b862c898ec
- Update to squid 4.9:
...
* fixes multiple Cross-Site Scripting issues in cachemgr.cgi
(CVE-2019-13345, bsc#1140738)
* fixes heap overflow in URN processing
(CVE-2019-12526, bsc#1156326)
* fixes multiple issues in URI processing
(CVE-2019-12523, CVE-2019-18676, bsc#1156329)
* fixes Cross-Site Request Forgery in HTTP Request processing
(CVE-2019-18677, bsc#1156328)
* fixes HTTP Request Splitting in HTTP message processing
(CVE-2019-18678, bsc#1156323)
* fixes information disclosure in HTTP Digest Authentication
(CVE-2019-18679, bsc#1156324)
* lower cache_peer hostname - this showed up as DNS failures
if peer name was configured with any upper case characters
* TLS: Multiple SSL-Bump fixes
* TLS: Fix expiration of self-signed generated certs to be 3 years
* TLS: Fix on_unsupported_protocol tunnel action
* Fix several rock cache_dir corruption issues
- fix_configuration_error.patch: upstreamed
- old_nettle_compat.patch: refreshed
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=200
2019-11-08 16:23:28 +00:00
Dominique Leuenberger
ad1d02283e
Accepting request 721533 from server:proxy
...
- fix_configuration_error.patch: Fix compilation with -Wreturn-type
- old_nettle_compat.patch: Update to actually use older version
OBS-URL: https://build.opensuse.org/request/show/721533
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/squid?expand=0&rev=74
2019-08-08 12:23:33 +00:00
5bf83e3a20
Fix compilation with old nettle
...
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=198
2019-08-07 08:32:10 +00:00
cfbd7154aa
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=197
2019-08-06 13:31:27 +00:00
51b5f199a0
- fix_configuration_error.patch: Fix compilation with -Wreturn-type
...
- old_nettle_compat.patch: Update to actually use older version
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=196
2019-08-06 13:19:25 +00:00