pool/squid
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
235 Commits 2 Branches 0 Tags 2 MiB
7fcf28aa05
Commit Graph

128 Commits

Author SHA256 Message Date
Martin Pluskal
2540ef9507 Accepting request 952643 from home:polslinux:branches:server:proxy 
- Update to 5.4:
  * Bug 5190: Preserve configured order of intermediate CA certificate chain
  * Bug 5188: Fix reconfiguration leaking tls-cert=... memory
  * Bug 5187: Properly track (and mark) truncated store entries
  * Bug 5134: assertion failed: Transients.cc:221: "old == e"
  * Bug 5132: Close the tunnel if to-server conn closes after client

OBS-URL: https://build.opensuse.org/request/show/952643
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=245
 2022-02-08 13:46:41 +00:00
Martin Pluskal
c791b32bc9 - Adjust harden_squid.service.patch to resolve boo#1193938 
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=244
 2021-12-22 14:26:08 +00:00
Martin Pluskal
da562559a5 Accepting request 939558 from home:dirkmueller:Factory 
- update to 5.3:
  * Bug 5169: StoreMap.cc:517 "!s.reading()" assertion
  * Bug 5158: AnyP::Uri::host() mishandles [escaped] IPv6 addresses
  * Bug 5060: Parallel builds are not reliable
  * Documentation updates for logformat directive

OBS-URL: https://build.opensuse.org/request/show/939558
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=243
 2021-12-21 14:30:33 +00:00
Martin Pluskal
1ba7c0f00b Accepting request 933486 from home:jsegitz:branches:systemdhardening:server:proxy 
Automatic systemd hardening effort by the security team. This has not been tested. For details please see https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort

OBS-URL: https://build.opensuse.org/request/show/933486
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=242
 2021-12-07 12:01:22 +00:00
Martin Pluskal
91cd7d9ece Accepting request 923273 from home:adamm:branches:server:proxy 
- transition to squid 5.x. This is a major release and for changes
  and how to transition from 4.x, see the release notes,
  http://www.squid-cache.org/Versions/v5/RELEASENOTES.html
- update to 5.2
  * fixes issues with WCCP protocol that may lead to information
    disclosure (bsc#1189403, CVE-2021-28116)
- drop unused BR: db-devel, ed, opensp-devel, pkgconfig(kdb)
- new BR: pkgconfig(tdb)

OBS-URL: https://build.opensuse.org/request/show/923273
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=240
 2021-10-06 08:28:26 +00:00
Martin Pluskal
f4a3ff6528 Accepting request 909588 from home:dirkmueller:Factory 
- update to 4.16:
  - Regression Fix: --with-valgrind-debug build broken since 4.15
  - Bug 5129 pt1: remove Lock use from HttpRequestMethod
  - Bug 5128: Translation: Fix '% i' typo in es/ERR_FORWARDING_DENIED
  - Bug 4528: ICAP transactions quit on async DNS lookups

OBS-URL: https://build.opensuse.org/request/show/909588
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=239
 2021-08-03 07:22:15 +00:00
Adam Majer
9d9e9e1d0b Add missing bug reference 
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=237
 2021-05-18 18:11:24 +00:00
Adam Majer
3761d61a9d - fix building with SLE12 
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=235
 2021-05-18 12:44:03 +00:00
Adam Majer
abcd5831a0 - Bug 5106: Broken cache manager URL parsing (bsc#1185918, CVE-2021-28652) 
(bsc#1185921, CVE-2021-28651)
    (bsc#1185919, CVE-2021-28662)
  - Handle more Range requests (bsc#1185916, CVE-2021-31806)
  - Handle more partial responses (bsc#1185923)

OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=234
 2021-05-18 08:58:40 +00:00
Martin Pluskal
b8860150b2 Accepting request 892304 from home:dirkmueller:Factory 
- update to 4.15:
  - Bug 5112: Excessively loud chunked reply parsing error reporting
  - Bug 5106: Broken cache manager URL parsing
  - Bug 5104: Memory leak in RFC 2169 response parsing
  - Bug 3556: "FD ... is not an open socket" for accept() problems
  - Profiling: CPU timing implemented for MAC non-x86
  - Fix HttpHeaderStats definition to include hoErrorDetail
  - Fix Squid-to-client write_timeout triggers client_lifetime timeout
  - Limit HeaderLookupTable_t::lookup() to BadHdr and specific IDs
  - Handle more Range requests
  - Handle more partial responses
  - Stop processing a response if the Store entry is gone
  - ... and some portability fixes
  - ... and some documentation updates

OBS-URL: https://build.opensuse.org/request/show/892304
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=232
 2021-05-12 12:31:04 +00:00
Martin Pluskal
0e6d2ed89f Accepting request 870712 from home:dirkmueller:branches:server:proxy 
- update to 4.14:
  - Regression Fix: support for non-lowercase Transfer-Encoding value
  - Regression Fix: cachemgr.cgi wrong 403 response to authenticated menu URIs
  - Bug 5076: WCCP Security Info incorrect
  - Bug 5073: Compile error: index was not declared in this scope
  - Bug 5065: url_rewrite_program documentation update
  - Bug 3074 pt2: improved handling of URI paths implicit '/'
  - Fix transactions exceeding client_lifetime logged as _ABORTED

OBS-URL: https://build.opensuse.org/request/show/870712
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=230
 2021-02-10 06:37:01 +00:00
Adam Majer
8d1748fdfd Accepting request 846223 from home:adamm:branches:server:proxy 
- re-add older SLES12 requirements so we can use one devel project
  for all codestreams

- fix previous change to reinstante permissions macros, because the wrong path
  has been used (bsc#1171569).
- use libexecdir instead of libdir to conform to recent changes in Factory
  (bsc#1171164).

OBS-URL: https://build.opensuse.org/request/show/846223
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=228
 2020-11-05 16:30:46 +00:00
Adam Majer
f80a1dd80c Accepting request 840239 from home:mgerstner:branches:server:proxy 
- Reinstate permissions macros for pinger binary, because the permissions
  package is also responsible for setting up the cap_net_raw capability,
  currently a fresh squid install doesn't get a capability bit at all
  (bsc#1171569).

OBS-URL: https://build.opensuse.org/request/show/840239
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=225
 2020-10-08 14:13:00 +00:00
Adam Majer
b0e79047c9 Added CVE number only 
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=223
 2020-08-26 08:32:58 +00:00
Adam Majer
9f88e6bab0 - squid 4.13: 
* Enforce token characters for field-name (#700)
  * Fix livelocking in peerDigestHandleReply (#698) (bsc#1175671)
  * Improve Transfer-Encoding handling (#702)
    (bsc#1175665, CVE-2020-15811)
  * Forbid obs-fold and bare CR whitespace in framing header fields (#701)
  * Source Format Enforcement
  * Enforce token characters for field-name (#700)
    (bsc#1175664, CVE-2020-15810)
  * Do not stall while debugging a scan of an empty store_table (#699)
  * Fix livelocking in peerDigestHandleReply (#698)
  * Honor on_unsupported_protocol for intercepted https_port (#689)
  * Bug #5051: Some collapsed revalidation responses never expire (#683)
  * SslBump: Support parsing GREASEd (and future) TLS handshakes (#663)

OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=221
 2020-08-24 11:53:55 +00:00
Martin Pluskal
f6f553d246 Accepting request 822709 from home:adamm:branches:server:proxy 
- Change pinger and basic_pam_auth helper to use standard permissions.
  pinger uses cap_net_raw=ep instead (bsc#1171569)
- Move squid helpers under /usr/lib{,64}/squid for Tumbleweed and SLE16
  Please adjust your config paths accordingly

OBS-URL: https://build.opensuse.org/request/show/822709
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=219
 2020-08-10 06:02:07 +00:00
Adam Majer
f54ff4bf28 Add missing CVE number 
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=217
 2020-06-29 08:00:27 +00:00
Adam Majer
cf1ad20812 * HTTP: validate Content-Length value prefix (CVE-CVE-2020-15049, bsc#1173455) 
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=216
 2020-06-29 07:59:39 +00:00
Adam Majer
cccd5fcd50 * Fixes a potential Denial of Service when processing TLS certificates 
during HTTPS or SSL-Bump connections (CVE-2020-14059, bsc#1173304)

OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=214
 2020-06-24 11:46:29 +00:00
Martin Pluskal
90caa15be3 Accepting request 816219 from home:AndreasStieger:branches:server:proxy 
squid 4.12

OBS-URL: https://build.opensuse.org/request/show/816219
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=212
 2020-06-22 08:43:44 +00:00
Adam Majer
8b38ddcc65 - Update to squid 4.11: 
* Fix incorrect buffer handling that can result in cache
    poisoning, remote execution, and denial of service attacks when
    processing ESI responses
    (CVE-2019-12519, CVE-2019-12521, bsc#1169659)
  * Fixes possible information disclosure when translating
    FTP server listings into HTTP responses.
    (CVE-2019-12528, bsc#1162689)
  * Fixes possible denial of service caused by incorrect buffer
    management ext_lm_group_acl when processing NTLM Authentication
    credentials. (CVE-2020-8517, bsc#1162691)
  * Fixes a potential remote execution vulnerability when using
    HTTP Digest Authentication (CVE-2020-11945, bsc#1170313)
  * Fixes problem when reconfigure killed Coordinator in
    SMP+ufs configurations (#556)

OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=210
 2020-04-23 13:47:01 +00:00
Adam Majer
1a19c2cdda Accepting request 795761 from home:kukuk:branches:server:proxy 
- Make logrotate recommended, it's not strictly required and 
  doesn't make any sense in containers

OBS-URL: https://build.opensuse.org/request/show/795761
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=208
 2020-04-20 11:30:46 +00:00
Adam Majer
7c91a28b19 Add missing CVE number to upstream release 
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=206
 2020-03-31 14:28:53 +00:00
Martin Pluskal
53be975248 Accepting request 776203 from home:kukuk:container 
- Use sysusers instead of shadow to create squid user and groups
- Don't hard require systemd

OBS-URL: https://build.opensuse.org/request/show/776203
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=204
 2020-02-19 08:58:35 +00:00
Adam Majer
4575171bf0 - Update to squid 4.10: 
* fixes a security issue allowing a remote client ability to cause
    use a buffer overflow when squid is acting as reverse-proxy.
    (CVE-2020-8449, CVE-2020-8450, bsc#1162687)
  * fixes a security issue allowing for information disclosure in
    FTP gateway (CVE-2019-12528, bsc#1162689)
  * fixes a security issue in ext_lm_group_acl when processing
    NTLM Authentication credentials. (CVE-2020-8517, bsc#1162691)
  * improve cache handling with chunked responses

OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=202
 2020-02-05 10:09:46 +00:00
Adam Majer
b862c898ec - Update to squid 4.9: 
* fixes multiple Cross-Site Scripting issues in cachemgr.cgi
    (CVE-2019-13345, bsc#1140738)
  * fixes heap overflow in URN processing
    (CVE-2019-12526, bsc#1156326)
  * fixes multiple issues in URI processing
    (CVE-2019-12523, CVE-2019-18676, bsc#1156329)
  * fixes Cross-Site Request Forgery in HTTP Request processing
    (CVE-2019-18677, bsc#1156328)
  * fixes HTTP Request Splitting in HTTP message processing
    (CVE-2019-18678, bsc#1156323)
  * fixes information disclosure in HTTP Digest Authentication
    (CVE-2019-18679, bsc#1156324)
  * lower cache_peer hostname - this showed up as DNS failures
    if peer name was configured with any upper case characters
  * TLS: Multiple SSL-Bump fixes
  * TLS: Fix expiration of self-signed generated certs to be 3 years
  * TLS: Fix on_unsupported_protocol tunnel action
  * Fix several rock cache_dir corruption issues
- fix_configuration_error.patch: upstreamed
- old_nettle_compat.patch: refreshed

OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=200
 2019-11-08 16:23:28 +00:00
Adam Majer
51b5f199a0 - fix_configuration_error.patch: Fix compilation with -Wreturn-type 
- old_nettle_compat.patch: Update to actually use older version

OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=196
 2019-08-06 13:19:25 +00:00
Adam Majer
cccd13179c - - old_nettle_compat.patch: Fix compatibility with nettle in SLE-12 
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=193
 2019-07-18 14:14:00 +00:00
Adam Majer
1b4a15b127 - use unbundled version of libnettle 
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=191
 2019-07-16 15:33:12 +00:00
Adam Majer
49783ccec7 - disable LTO to as a workaround to tests failing 
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=189
 2019-07-16 07:57:43 +00:00
Adam Majer
1f7d2548ca - Update to squid 4.8: 
+ Ignore ECONNABORTED in accept(2)
  + RFC 7230 forbids generation of userinfo subcomponent of https URL
  + cachemgr.cgi: unallocated memory access resulting in a potential
    denial of service. (bsc#1141442, CVE-2019-12854)
  + terminating c-strings beyond BASE64_DECODE_LENGTH
  + Replace uudecode with libnettle base64 decoder fixing a denial
    of service vulnerability (bsc#1141329, CVE-2019-12529)
  + fix to_localhost does not include ::
  + Fix GCC-9 build issues
  + Fix Digest auth parameter parsing preventing a potential
    denial of service (bsc#1141332, CVE-2019-12525)
  + Update HttpHeader::getAuth to SBuf which prevents a potential
    heap overflowing allowing a possible remote code execution
    attack when processing HTTP Authentication credentials
    (bsc#1141330, CVE-2019-12527)
  + Add the NO_TLSv1_3 option to available tls-options values
  + Fix handling of tiny invalid responses
  + Fix Memory leak when http_reply_access uses external_acl
  + Fix Multiple XSS issues in cachemgr.cgi
    (bsc#1140738, CVE-2019-13345)

OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=188
 2019-07-15 15:22:32 +00:00
Adam Majer
777c5c3d20 Few more missing bug numbers from 3.x line 
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=186
 2019-05-14 11:29:55 +00:00
Adam Majer
f7bbf15a1d - Update to squid 4.7: (jsc#SLE-5648) 
+ Fix stack-based buffer-overflow when parsing SNMP messages
  + Fixed squidclient authentication
  + Add support for buffer-size= to UDP logging
  + Trust intermediate CAs from trusted stores
  + Bug #4928: Cannot convert non-IPv4 to IPv4
  + Bug #4796: comm.cc !isOpen(conn->fd) assertion when rotating logs
  + Bug #4823: assertion failed: "lowestOffset () <= target_offset"
    (bsc#1133089)
  + Bug #4942: --with-filedescriptors does not do anything

OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=184
 2019-05-08 10:45:58 +00:00
Adam Majer
d65c3be188 - Syncronize bug and CVE references between 3.x and 4.x squid changelog 
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=183
 2019-02-26 16:24:46 +00:00
Martin Pluskal
41a28e8b22 Accepting request 678364 from home:seanlew:branches:server:proxy 
Update squid to 4.6

OBS-URL: https://build.opensuse.org/request/show/678364
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=181
 2019-02-25 07:58:31 +00:00
Adam Majer
0dc8c8b0d5 - Revert whitespace deletions of .changes as it makes diffs a pain. 
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=179
 2019-02-18 10:04:44 +00:00
Martin Pluskal
8ed27ce66b Accepting request 676612 from home:jengelh:branches:server:proxy 
- Do not hide errors from useradd. Make scriptlets
  plain sh compatible.

OBS-URL: https://build.opensuse.org/request/show/676612
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=178
 2019-02-18 07:45:40 +00:00
Martin Pluskal
f3e0551c1d Accepting request 662363 from home:seanlew:branches:server:proxy 
Updat squid

OBS-URL: https://build.opensuse.org/request/show/662363
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=175
 2019-01-02 08:30:55 +00:00
Adam Majer
a2705b2937 - Fix permissions of installed file to tmpfilesdir 
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=173
 2018-11-09 13:15:01 +00:00
Adam Majer
172a09005a Accepting request 645255 from home:adamm:branches:server:proxy 
- New upstream stable version 4.4:
  + Fix memory leak when parsing SNMP packet (bsc#1113669)
  + Fixed display of error page by quoting certificate fields
    before displaying them (bsc#1113668)
  + Malformed %>ru URIs for CONNECT requests

OBS-URL: https://build.opensuse.org/request/show/645255
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=171
 2018-10-29 14:48:28 +00:00
Martin Pluskal
b13fb97e7d Accepting request 643973 from home:adamm:branches:server:proxy 
- Create runtime directories needed when SMP mode is enabled.
  (bsc#1112695, bsc#1112066)
- Make changelog entries format consistent

OBS-URL: https://build.opensuse.org/request/show/643973
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=169
 2018-10-23 13:55:38 +00:00
Martin Pluskal
5f431c6df6 Accepting request 639902 from home:pluskalm:branches:server:proxy 
- Enable tests

OBS-URL: https://build.opensuse.org/request/show/639902
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=167
 2018-10-04 08:40:01 +00:00
Martin Pluskal
71b88f256b - Correct changelog 
* Bug 4885: Excessive memory usage when running out of descriptors
	* Bug 4877: Add missing text about external_acl_type %DATA changes
	* Bug 4875 pt1: GCC-8 compile errors with -O3 optimization
	* Bug 4716: Blank lines in cachemgr.conf are not skipped
	* Bug 4691: balance_on_multiple_ip config option docs
	* basic_pop3_auth: fix startup errors
	* langpack: Add missing dialect aliases
	* Fix range_offset_limit debugging
	* Fix icc build errors
	* Update systemd dependencies in squid.service

OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=166
 2018-10-04 07:37:10 +00:00
Ondřej Súkup
c2c03bd33a Accepting request 639660 from home:seanlew:branches:server:proxy 
Updated squid to 4.3

OBS-URL: https://build.opensuse.org/request/show/639660
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=165
 2018-10-03 08:12:03 +00:00
Martin Pluskal
c8ee9aaee4 Accepting request 628925 from home:adamm:branches:server:proxy 
- New upstream stable version 4.2:
  + fix HTTPMSGLOCK missing pointer safety
  + gcc-8 fixes
  + fix milliseconds logformats prepend 0s instead of spaces
  + fix %>ru logging of huge URLs

OBS-URL: https://build.opensuse.org/request/show/628925
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=163
 2018-08-13 12:44:10 +00:00
Martin Pluskal
4552ea2332 Accepting request 621175 from home:adamm:branches:server:proxy 
- New upstream stable version 4.1:
  + Fix --with-netfilter-conntrack error message
  + Supply ALE for force_request_body_continuation ACL

OBS-URL: https://build.opensuse.org/request/show/621175
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=161
 2018-07-09 07:44:50 +00:00
Martin Pluskal
d53179c2b0 Accepting request 617514 from home:adamm:branches:server:proxy 
- New upstream version 4.0.25:
  + Fixed regression: querying private entries for HTCP/ICP
  + Fixed regression: deny_info %R macro not being expanded
  + Fixed regression: proxy_auth ACL -i/+i flags not working
  + Fixed regression: filter chain certificates for validity
    when loading
  + Fixed regression: Transient reader locking broken in 4.0.24
  + Fixed NegotiateSsl crash on aborting transaction
  + Fixed IPC shared memory leaks when disker queue overflows
  + Update negotiate_kerberos_auth helper protocol to v3.4
  + Fixed: purge tool does not obey --sysconfdir= build option
  + Add timestamps to (most) FATAL messages
- a3f6783.patch: upstreamed, obsolete.

OBS-URL: https://build.opensuse.org/request/show/617514
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=159
 2018-06-19 07:13:53 +00:00
Martin Pluskal
987a0ab896 Accepting request 614571 from home:adamm:branches:server:proxy 
- a3f6783.patch: Fixes certificate handling with intermediates
  chains

OBS-URL: https://build.opensuse.org/request/show/614571
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=157
 2018-06-06 13:59:50 +00:00
Adam Majer
93c15019b4 - Fix package configure 
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=155
 2018-05-15 08:19:04 +00:00
Adam Majer
bbb5cead36 fix changelog version 
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=154
 2018-05-11 11:09:01 +00:00