Adam Majer
50777186fb
- Fix validation of Digest auth header parameters - changes since squid-6.11: - Fix Kerberos detection when cross-compiling - Improve robustness of DNS code on reconfigure - Prevent slow memory leak in TCP DNS queries - Improve errors emitted when invalid ACLs are parsed - Disble ESI. The code is removed upstream in 7.x (bsc#1232485, CVE-2024-45802) OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=301
24 lines
777 B
Diff
24 lines
777 B
Diff
Index: squid-6.2/tools/systemd/squid.service
|
|
===================================================================
|
|
--- squid-6.2.orig/tools/systemd/squid.service
|
|
+++ squid-6.2/tools/systemd/squid.service
|
|
@@ -11,6 +11,18 @@ Documentation=man:squid(8)
|
|
After=network.target network-online.target nss-lookup.target
|
|
|
|
[Service]
|
|
+# added automatically, for details please see
|
|
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
|
|
+ProtectSystem=full
|
|
+PrivateDevices=true
|
|
+ProtectHostname=true
|
|
+ProtectClock=true
|
|
+ProtectKernelTunables=true
|
|
+ProtectKernelModules=true
|
|
+ProtectKernelLogs=true
|
|
+ProtectControlGroups=true
|
|
+RestrictRealtime=true
|
|
+# end of automatic additions
|
|
Type=notify
|
|
PIDFile=/var/run/squid.pid
|
|
ExecStartPre=/usr/sbin/squid --foreground -z
|