Commit Graph

187 Commits

Author SHA256 Message Date
Dominique Leuenberger
9b1651858a Accepting request 770216 from server:proxy
- Update to squid 4.10:
  * fixes a security issue allowing a remote client ability to cause
    use a buffer overflow when squid is acting as reverse-proxy.
    (CVE-2020-8449, CVE-2020-8450, bsc#1162687)
  * fixes a security issue allowing for information disclosure in
    FTP gateway (CVE-2019-12528, bsc#1162689)
  * fixes a security issue in ext_lm_group_acl when processing
    NTLM Authentication credentials. (CVE-2020-8517, bsc#1162691)
  * improve cache handling with chunked responses

OBS-URL: https://build.opensuse.org/request/show/770216
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/squid?expand=0&rev=76
2020-02-05 18:44:27 +00:00
4575171bf0 - Update to squid 4.10:
* fixes a security issue allowing a remote client ability to cause
    use a buffer overflow when squid is acting as reverse-proxy.
    (CVE-2020-8449, CVE-2020-8450, bsc#1162687)
  * fixes a security issue allowing for information disclosure in
    FTP gateway (CVE-2019-12528, bsc#1162689)
  * fixes a security issue in ext_lm_group_acl when processing
    NTLM Authentication credentials. (CVE-2020-8517, bsc#1162691)
  * improve cache handling with chunked responses

OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=202
2020-02-05 10:09:46 +00:00
Dominique Leuenberger
5dc6931f93 Accepting request 746661 from server:proxy
- Update to squid 4.9:
  * fixes multiple Cross-Site Scripting issues in cachemgr.cgi
    (CVE-2019-13345, bsc#1140738)
  * fixes heap overflow in URN processing
    (CVE-2019-12526, bsc#1156326)
  * fixes multiple issues in URI processing
    (CVE-2019-12523, CVE-2019-18676, bsc#1156329)
  * fixes Cross-Site Request Forgery in HTTP Request processing
    (CVE-2019-18677, bsc#1156328)
  * fixes HTTP Request Splitting in HTTP message processing
    (CVE-2019-18678, bsc#1156323)
  * fixes information disclosure in HTTP Digest Authentication
    (CVE-2019-18679, bsc#1156324)
  * lower cache_peer hostname - this showed up as DNS failures
    if peer name was configured with any upper case characters
  * TLS: Multiple SSL-Bump fixes
  * TLS: Fix expiration of self-signed generated certs to be 3 years
  * TLS: Fix on_unsupported_protocol tunnel action
  * Fix several rock cache_dir corruption issues
- fix_configuration_error.patch: upstreamed
- old_nettle_compat.patch: refreshed

OBS-URL: https://build.opensuse.org/request/show/746661
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/squid?expand=0&rev=75
2019-11-09 22:40:27 +00:00
b862c898ec - Update to squid 4.9:
* fixes multiple Cross-Site Scripting issues in cachemgr.cgi
    (CVE-2019-13345, bsc#1140738)
  * fixes heap overflow in URN processing
    (CVE-2019-12526, bsc#1156326)
  * fixes multiple issues in URI processing
    (CVE-2019-12523, CVE-2019-18676, bsc#1156329)
  * fixes Cross-Site Request Forgery in HTTP Request processing
    (CVE-2019-18677, bsc#1156328)
  * fixes HTTP Request Splitting in HTTP message processing
    (CVE-2019-18678, bsc#1156323)
  * fixes information disclosure in HTTP Digest Authentication
    (CVE-2019-18679, bsc#1156324)
  * lower cache_peer hostname - this showed up as DNS failures
    if peer name was configured with any upper case characters
  * TLS: Multiple SSL-Bump fixes
  * TLS: Fix expiration of self-signed generated certs to be 3 years
  * TLS: Fix on_unsupported_protocol tunnel action
  * Fix several rock cache_dir corruption issues
- fix_configuration_error.patch: upstreamed
- old_nettle_compat.patch: refreshed

OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=200
2019-11-08 16:23:28 +00:00
Dominique Leuenberger
ad1d02283e Accepting request 721533 from server:proxy
- fix_configuration_error.patch: Fix compilation with -Wreturn-type
- old_nettle_compat.patch: Update to actually use older version

OBS-URL: https://build.opensuse.org/request/show/721533
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/squid?expand=0&rev=74
2019-08-08 12:23:33 +00:00
5bf83e3a20 Fix compilation with old nettle
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=198
2019-08-07 08:32:10 +00:00
cfbd7154aa OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=197 2019-08-06 13:31:27 +00:00
51b5f199a0 - fix_configuration_error.patch: Fix compilation with -Wreturn-type
- old_nettle_compat.patch: Update to actually use older version

OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=196
2019-08-06 13:19:25 +00:00
Dominique Leuenberger
a7a57d9637 Accepting request 718583 from server:proxy
Automatic submission by obs-autosubmit

OBS-URL: https://build.opensuse.org/request/show/718583
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/squid?expand=0&rev=73
2019-07-26 10:42:20 +00:00
e1d5654187 Fix patch for current patch
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=194
2019-07-18 14:27:06 +00:00
cccd13179c - - old_nettle_compat.patch: Fix compatibility with nettle in SLE-12
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=193
2019-07-18 14:14:00 +00:00
Dominique Leuenberger
a8a96222c4 Accepting request 715745 from server:proxy
- Update to squid 4.8:
  + Ignore ECONNABORTED in accept(2)
  + RFC 7230 forbids generation of userinfo subcomponent of https URL
  + cachemgr.cgi: unallocated memory access resulting in a potential
    denial of service. (bsc#1141442, CVE-2019-12854)
  + terminating c-strings beyond BASE64_DECODE_LENGTH
  + Replace uudecode with libnettle base64 decoder fixing a denial
    of service vulnerability (bsc#1141329, CVE-2019-12529)
  + fix to_localhost does not include ::
  + Fix GCC-9 build issues
  + Fix Digest auth parameter parsing preventing a potential
    denial of service (bsc#1141332, CVE-2019-12525)
  + Update HttpHeader::getAuth to SBuf which prevents a potential
    heap overflowing allowing a possible remote code execution
    attack when processing HTTP Authentication credentials
    (bsc#1141330, CVE-2019-12527)
  + Add the NO_TLSv1_3 option to available tls-options values
  + Fix handling of tiny invalid responses
  + Fix Memory leak when http_reply_access uses external_acl
  + Fix Multiple XSS issues in cachemgr.cgi
    (bsc#1140738, CVE-2019-13345)
- use unbundled version of libnettle
- disable LTO as a workaround to tests failing

OBS-URL: https://build.opensuse.org/request/show/715745
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/squid?expand=0&rev=72
2019-07-18 13:20:23 +00:00
1b4a15b127 - use unbundled version of libnettle
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=191
2019-07-16 15:33:12 +00:00
fef008683e OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=190 2019-07-16 07:58:08 +00:00
49783ccec7 - disable LTO to as a workaround to tests failing
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=189
2019-07-16 07:57:43 +00:00
1f7d2548ca - Update to squid 4.8:
+ Ignore ECONNABORTED in accept(2)
  + RFC 7230 forbids generation of userinfo subcomponent of https URL
  + cachemgr.cgi: unallocated memory access resulting in a potential
    denial of service. (bsc#1141442, CVE-2019-12854)
  + terminating c-strings beyond BASE64_DECODE_LENGTH
  + Replace uudecode with libnettle base64 decoder fixing a denial
    of service vulnerability (bsc#1141329, CVE-2019-12529)
  + fix to_localhost does not include ::
  + Fix GCC-9 build issues
  + Fix Digest auth parameter parsing preventing a potential
    denial of service (bsc#1141332, CVE-2019-12525)
  + Update HttpHeader::getAuth to SBuf which prevents a potential
    heap overflowing allowing a possible remote code execution
    attack when processing HTTP Authentication credentials
    (bsc#1141330, CVE-2019-12527)
  + Add the NO_TLSv1_3 option to available tls-options values
  + Fix handling of tiny invalid responses
  + Fix Memory leak when http_reply_access uses external_acl
  + Fix Multiple XSS issues in cachemgr.cgi
    (bsc#1140738, CVE-2019-13345)

OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=188
2019-07-15 15:22:32 +00:00
Dominique Leuenberger
0b6b75ecb3 Accepting request 702817 from server:proxy
Adding few more bug numbers that were missing
from the squid 3.x changelog

OBS-URL: https://build.opensuse.org/request/show/702817
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/squid?expand=0&rev=71
2019-05-15 10:33:54 +00:00
777c5c3d20 Few more missing bug numbers from 3.x line
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=186
2019-05-14 11:29:55 +00:00
Dominique Leuenberger
a7bfb7108b Accepting request 701549 from server:proxy
- Update to squid 4.7: (jsc#SLE-5648)
  + Fix stack-based buffer-overflow when parsing SNMP messages
  + Fixed squidclient authentication
  + Add support for buffer-size= to UDP logging
  + Trust intermediate CAs from trusted stores
  + Bug #4928: Cannot convert non-IPv4 to IPv4
  + Bug #4796: comm.cc !isOpen(conn->fd) assertion when rotating logs
  + Bug #4823: assertion failed: "lowestOffset () <= target_offset"
    (bsc#1133089)
  + Bug #4942: --with-filedescriptors does not do anything

- Syncronize bug and CVE references between 3.x and 4.x squid changelog
  versions. These bugs were fixed here either without properly referencing
  them during the fix or 4.x branch was never affected by them.
  (bsc#1090089, CVE-2018-1172, bsc#979008, CVE-2016-4556,
   bsc#938715, CVE-2015-5400, bsc#949942, CVE-2014-9749,
   bsc#1016169, CVE-2016-10003, bsc#1016168, CVE-2016-10002,
   bsc#979011, CVE-2016-4555, bsc#979010, CVE-2016-4554,
   bsc#979009, CVE-2016-4553, bsc#976556, CVE-2016-4054,
   bsc#976553, CVE-2016-4051, bsc#973783, CVE-2016-3948,
   bsc#973782, CVE-2016-3947, bsc#968395, CVE-2016-2572,
   bsc#968394, CVE-2016-2571, bsc#968393, CVE-2016-2570,
   bsc#968392, CVE-2016-2569, bsc#967011, CVE-2016-2390,
   bsc#959290, CVE-2016-4052, CVE-2016-4053)

  + Fix memory leak when parsing SNMP packet
    (bsc#1113669, CVE-2018-19132)
    before displaying them (bsc#1113668, CVE-2018-19131)

OBS-URL: https://build.opensuse.org/request/show/701549
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/squid?expand=0&rev=70
2019-05-08 13:17:46 +00:00
f7bbf15a1d - Update to squid 4.7: (jsc#SLE-5648)
+ Fix stack-based buffer-overflow when parsing SNMP messages
  + Fixed squidclient authentication
  + Add support for buffer-size= to UDP logging
  + Trust intermediate CAs from trusted stores
  + Bug #4928: Cannot convert non-IPv4 to IPv4
  + Bug #4796: comm.cc !isOpen(conn->fd) assertion when rotating logs
  + Bug #4823: assertion failed: "lowestOffset () <= target_offset"
    (bsc#1133089)
  + Bug #4942: --with-filedescriptors does not do anything

OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=184
2019-05-08 10:45:58 +00:00
d65c3be188 - Syncronize bug and CVE references between 3.x and 4.x squid changelog
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=183
2019-02-26 16:24:46 +00:00
Stephan Kulow
4bc6b0168e Accepting request 678651 from server:proxy
OBS-URL: https://build.opensuse.org/request/show/678651
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/squid?expand=0&rev=69
2019-02-25 16:57:01 +00:00
Martin Pluskal
41a28e8b22 Accepting request 678364 from home:seanlew:branches:server:proxy
Update squid to 4.6

OBS-URL: https://build.opensuse.org/request/show/678364
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=181
2019-02-25 07:58:31 +00:00
Yuchen Lin
142b1d34e9 Accepting request 677001 from server:proxy
- Revert whitespace deletions of .changes as it makes diffs a pain.

- Do not hide errors from useradd. Make scriptlets
  plain sh compatible.

OBS-URL: https://build.opensuse.org/request/show/677001
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/squid?expand=0&rev=68
2019-02-19 11:00:50 +00:00
0dc8c8b0d5 - Revert whitespace deletions of .changes as it makes diffs a pain.
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=179
2019-02-18 10:04:44 +00:00
Martin Pluskal
8ed27ce66b Accepting request 676612 from home:jengelh:branches:server:proxy
- Do not hide errors from useradd. Make scriptlets
  plain sh compatible.

OBS-URL: https://build.opensuse.org/request/show/676612
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=178
2019-02-18 07:45:40 +00:00
Dominique Leuenberger
5f3fd69e41 Accepting request 662383 from server:proxy
- Update to squid 4.5: 
  + Squid crashes when ICAPS and a sslcrtvalidator used together (#328)
  + ssl_bump prevents from accessing some web contents (#304) 
  + Docs: improved lexgrog compatibility (#340)
  + Redesign forward_max_tries count TCP connection attempts
  + Fix client_connection_mark ACL handling of clientless transactions
  + Fix netdb exchange with a TLS cache peer
  + Update netdb when tunneling requests
  + Use pkg-config for detecting libxml2
  + Misc doc updates
  + Misc code compile fixes

OBS-URL: https://build.opensuse.org/request/show/662383
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/squid?expand=0&rev=67
2019-01-03 17:08:06 +00:00
Martin Pluskal
b292dfd12d OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=176 2019-01-02 08:44:24 +00:00
Martin Pluskal
f3e0551c1d Accepting request 662363 from home:seanlew:branches:server:proxy
Updat squid

OBS-URL: https://build.opensuse.org/request/show/662363
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=175
2019-01-02 08:30:55 +00:00
Dominique Leuenberger
2386973e81 Accepting request 653729 from server:proxy
Automatic submission by obs-autosubmit

OBS-URL: https://build.opensuse.org/request/show/653729
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/squid?expand=0&rev=66
2018-12-04 19:57:39 +00:00
a2705b2937 - Fix permissions of installed file to tmpfilesdir
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=173
2018-11-09 13:15:01 +00:00
Dominique Leuenberger
8da3d2bbef Accepting request 645296 from server:proxy
OBS-URL: https://build.opensuse.org/request/show/645296
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/squid?expand=0&rev=65
2018-10-31 12:14:28 +00:00
172a09005a Accepting request 645255 from home:adamm:branches:server:proxy
- New upstream stable version 4.4:
  + Fix memory leak when parsing SNMP packet (bsc#1113669)
  + Fixed display of error page by quoting certificate fields
    before displaying them (bsc#1113668)
  + Malformed %>ru URIs for CONNECT requests

OBS-URL: https://build.opensuse.org/request/show/645255
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=171
2018-10-29 14:48:28 +00:00
Dominique Leuenberger
c2bb72d901 Accepting request 643975 from server:proxy
OBS-URL: https://build.opensuse.org/request/show/643975
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/squid?expand=0&rev=64
2018-10-23 18:42:13 +00:00
Martin Pluskal
b13fb97e7d Accepting request 643973 from home:adamm:branches:server:proxy
- Create runtime directories needed when SMP mode is enabled.
  (bsc#1112695, bsc#1112066)
- Make changelog entries format consistent

OBS-URL: https://build.opensuse.org/request/show/643973
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=169
2018-10-23 13:55:38 +00:00
Dominique Leuenberger
9e74ac36eb Accepting request 639903 from server:proxy
OBS-URL: https://build.opensuse.org/request/show/639903
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/squid?expand=0&rev=63
2018-10-04 17:02:24 +00:00
Martin Pluskal
5f431c6df6 Accepting request 639902 from home:pluskalm:branches:server:proxy
- Enable tests

OBS-URL: https://build.opensuse.org/request/show/639902
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=167
2018-10-04 08:40:01 +00:00
Martin Pluskal
71b88f256b - Correct changelog
* Bug 4885: Excessive memory usage when running out of descriptors
	* Bug 4877: Add missing text about external_acl_type %DATA changes
	* Bug 4875 pt1: GCC-8 compile errors with -O3 optimization
	* Bug 4716: Blank lines in cachemgr.conf are not skipped
	* Bug 4691: balance_on_multiple_ip config option docs
	* basic_pop3_auth: fix startup errors
	* langpack: Add missing dialect aliases
	* Fix range_offset_limit debugging
	* Fix icc build errors
	* Update systemd dependencies in squid.service

OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=166
2018-10-04 07:37:10 +00:00
c2c03bd33a Accepting request 639660 from home:seanlew:branches:server:proxy
Updated squid to 4.3

OBS-URL: https://build.opensuse.org/request/show/639660
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=165
2018-10-03 08:12:03 +00:00
Dominique Leuenberger
bf6256c979 Accepting request 628977 from server:proxy
OBS-URL: https://build.opensuse.org/request/show/628977
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/squid?expand=0&rev=62
2018-08-15 08:36:34 +00:00
Martin Pluskal
c8ee9aaee4 Accepting request 628925 from home:adamm:branches:server:proxy
- New upstream stable version 4.2:
  + fix HTTPMSGLOCK missing pointer safety
  + gcc-8 fixes
  + fix milliseconds logformats prepend 0s instead of spaces
  + fix %>ru logging of huge URLs

OBS-URL: https://build.opensuse.org/request/show/628925
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=163
2018-08-13 12:44:10 +00:00
Dominique Leuenberger
c3b1f14fe8 Accepting request 621672 from server:proxy
OBS-URL: https://build.opensuse.org/request/show/621672
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/squid?expand=0&rev=61
2018-07-09 11:30:52 +00:00
Martin Pluskal
4552ea2332 Accepting request 621175 from home:adamm:branches:server:proxy
- New upstream stable version 4.1:
  + Fix --with-netfilter-conntrack error message
  + Supply ALE for force_request_body_continuation ACL

OBS-URL: https://build.opensuse.org/request/show/621175
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=161
2018-07-09 07:44:50 +00:00
Yuchen Lin
5f7a4469f4 Accepting request 617654 from server:proxy
OBS-URL: https://build.opensuse.org/request/show/617654
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/squid?expand=0&rev=60
2018-06-20 13:31:31 +00:00
Martin Pluskal
d53179c2b0 Accepting request 617514 from home:adamm:branches:server:proxy
- New upstream version 4.0.25:
  + Fixed regression: querying private entries for HTCP/ICP
  + Fixed regression: deny_info %R macro not being expanded
  + Fixed regression: proxy_auth ACL -i/+i flags not working
  + Fixed regression: filter chain certificates for validity
    when loading
  + Fixed regression: Transient reader locking broken in 4.0.24
  + Fixed NegotiateSsl crash on aborting transaction
  + Fixed IPC shared memory leaks when disker queue overflows
  + Update negotiate_kerberos_auth helper protocol to v3.4
  + Fixed: purge tool does not obey --sysconfdir= build option
  + Add timestamps to (most) FATAL messages
- a3f6783.patch: upstreamed, obsolete.

OBS-URL: https://build.opensuse.org/request/show/617514
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=159
2018-06-19 07:13:53 +00:00
Dominique Leuenberger
516c6588b1 Accepting request 614573 from server:proxy
OBS-URL: https://build.opensuse.org/request/show/614573
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/squid?expand=0&rev=59
2018-06-08 21:16:44 +00:00
Martin Pluskal
987a0ab896 Accepting request 614571 from home:adamm:branches:server:proxy
- a3f6783.patch: Fixes certificate handling with intermediates
  chains

OBS-URL: https://build.opensuse.org/request/show/614571
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=157
2018-06-06 13:59:50 +00:00
Dominique Leuenberger
47b9dac142 Accepting request 607436 from server:proxy
- Fix package configure, allowing it to build in factory
- correct version in changelog

OBS-URL: https://build.opensuse.org/request/show/607436
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/squid?expand=0&rev=58
2018-05-16 09:41:52 +00:00
93c15019b4 - Fix package configure
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=155
2018-05-15 08:19:04 +00:00
bbb5cead36 fix changelog version
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=154
2018-05-11 11:09:01 +00:00