From 1f7d2548ca94e3fba7656faac73d01996428c4eaa8f9b02dcd199b7f6c4af5b0 Mon Sep 17 00:00:00 2001
From: Adam Majer <amajer@suse.com>
Date: Mon, 15 Jul 2019 15:22:32 +0000
Subject: [PATCH] - Update to squid 4.8:   + Ignore ECONNABORTED in accept(2)  
 + RFC 7230 forbids generation of userinfo subcomponent of https URL   +
 cachemgr.cgi: unallocated memory access resulting in a potential     denial
 of service. (bsc#1141442, CVE-2019-12854)   + terminating c-strings beyond
 BASE64_DECODE_LENGTH   + Replace uudecode with libnettle base64 decoder
 fixing a denial     of service vulnerability (bsc#1141329, CVE-2019-12529)  
 + fix to_localhost does not include ::   + Fix GCC-9 build issues   + Fix
 Digest auth parameter parsing preventing a potential     denial of service
 (bsc#1141332, CVE-2019-12525)   + Update HttpHeader::getAuth to SBuf which
 prevents a potential     heap overflowing allowing a possible remote code
 execution     attack when processing HTTP Authentication credentials    
 (bsc#1141330, CVE-2019-12527)   + Add the NO_TLSv1_3 option to available
 tls-options values   + Fix handling of tiny invalid responses   + Fix Memory
 leak when http_reply_access uses external_acl   + Fix Multiple XSS issues in
 cachemgr.cgi     (bsc#1140738, CVE-2019-13345)

OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=188
---
 squid-4.7.tar.xz     |  3 ---
 squid-4.7.tar.xz.asc | 25 -------------------------
 squid-4.8.tar.xz     |  3 +++
 squid-4.8.tar.xz.asc | 25 +++++++++++++++++++++++++
 squid.changes        | 25 +++++++++++++++++++++++++
 squid.spec           |  2 +-
 6 files changed, 54 insertions(+), 29 deletions(-)
 delete mode 100644 squid-4.7.tar.xz
 delete mode 100644 squid-4.7.tar.xz.asc
 create mode 100644 squid-4.8.tar.xz
 create mode 100644 squid-4.8.tar.xz.asc

diff --git a/squid-4.7.tar.xz b/squid-4.7.tar.xz
deleted file mode 100644
index cba5bac..0000000
--- a/squid-4.7.tar.xz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:a29cf65f77ab70a8b1cf47e6fe1d2975ec9d04d2446d54669a5afd2aee5e354e
-size 2440884
diff --git a/squid-4.7.tar.xz.asc b/squid-4.7.tar.xz.asc
deleted file mode 100644
index a4eda62..0000000
--- a/squid-4.7.tar.xz.asc
+++ /dev/null
@@ -1,25 +0,0 @@
-File: squid-4.7.tar.xz
-Date: Tue May  7 07:29:53 UTC 2019
-Size: 2440884
-MD5 : ec7be696032b962eac9ba5726940a3aa
-SHA1: 018ec694e5d11124ceae86d391ea157994ac6624
-Key : CD6DBF8EF3B17D3E <squid3@treenet.co.nz>
-            B068 84ED B779 C89B 044E  64E3 CD6D BF8E F3B1 7D3E
-      keyring = http://www.squid-cache.org/pgp.asc
-      keyserver = pool.sks-keyservers.net
------BEGIN PGP SIGNATURE-----
-
-iQIzBAABCgAdFiEEsGiE7bd5yJsETmTjzW2/jvOxfT4FAlzRM/oACgkQzW2/jvOx
-fT5q0hAAvmwR3eKNjp5XG2s1DTYixIo1fO2YUnWsq7vlTGoBuYqXA0UGZAW5F9Up
-i2BxbnJkbR0Qm4I7F3XqdUuQH12DKRJvrbAuN57ch5yNNu3PgKlGUsk6gSfhrJcp
-U0S9/n9rj6cezwsypaZbN1SMET2q0kv7S6NMKyB5dqOsa88QhyyJIdAlB2GMCpGt
-0chyK61I6ksJjtLXm2OaZxrxuLGgXz4eoi3vs2aftUT8dGhS4OAaO9l6nkQ2M+PG
-/eoh9l3btGPfKgobnr9gyrNexUXDzvNZmdl2wbp+lw3xyIrynFlrtS6u7Cv3UC6o
-G3RxjoJd1+VJS3Rgt4HVUl7oEuvVVsizCV0YpWcLBfQb6hI6GNfzDaT9AQs5ck3a
-2RvedpYTrsEizu/kHZqH04uDcXgxsxhIPVZSFY2rZ63hXX4RX2oVm+PxfX6nBmUt
-euxusYLIk0wh7BKq81WvwjcvQW0nXKCDV/qvb6Xpk31wGoERrCtTalHFAizI8aiS
-QEf+K+PRL4uxo4FD5MUbVZuhMITPdru7Mp4cqrcxCxmgHGBbYSaWVL/Rg3kIca7Y
-UBtqbDD5CcfbpEcq8hJKUQAVH8sihNIV6PN9tqGV60tQFmUdKY/bOdkH/NliKxcz
-V/NX3CUMeXs4MtLW87ebv4OYG2yMYuaju6RL/8cOSIlTd7Qu+wU=
-=btfi
------END PGP SIGNATURE-----
diff --git a/squid-4.8.tar.xz b/squid-4.8.tar.xz
new file mode 100644
index 0000000..ebbd7a2
--- /dev/null
+++ b/squid-4.8.tar.xz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:78cdb324d93341d36d09d5f791060f6e8aaa5ff3179f7c949cd910d023a86210
+size 2440888
diff --git a/squid-4.8.tar.xz.asc b/squid-4.8.tar.xz.asc
new file mode 100644
index 0000000..cd638da
--- /dev/null
+++ b/squid-4.8.tar.xz.asc
@@ -0,0 +1,25 @@
+File: squid-4.8.tar.xz
+Date: Tue Jul  9 19:30:13 UTC 2019
+Size: 2440888
+MD5 : 08e018f2d8db4911ee90591284fa1ca5
+SHA1: 4ff1390eee3ec20cefa5565cbb56e1a89a12bfc1
+Key : CD6DBF8EF3B17D3E <squid3@treenet.co.nz>
+            B068 84ED B779 C89B 044E  64E3 CD6D BF8E F3B1 7D3E
+      keyring = http://www.squid-cache.org/pgp.asc
+      keyserver = pool.sks-keyservers.net
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEEsGiE7bd5yJsETmTjzW2/jvOxfT4FAl0k60wACgkQzW2/jvOx
+fT7tAg/7BB9XyX4Sxi6sdyAwSPJ7vu3sd8ENE2mYdnLlozd3n57g2EDJoDWNGMOV
+eym6Xe5TCDyadXKDVHni4LrFm80RgILMRvkkY9RIIRBTac+SEpDPZq/XL5xzxL1K
+mRxJ2Mg9dC/1Cja4xAT/NihinJ2g/vqPY/fC+35kHd1q+U3DeQlmRhMN+IoP6kOk
+ZFYfl2DkHRZFRVF/yjxy2f2ktSuZOoUcnnAI2IWzgZS5iNR4F5ozNXKNUaAhcROy
+Md6/VCnoLvYDVlXgJUBUsn0Qt/Kgl/3h/CUdGVUnG2Lt5+Gh3LZBlCNZ/P/6lBSD
+9/hXLPkY4OTKrxkf0LdwNrGH9XZX5FoKAUDvF+qUvEqwFJdgzklyXSAoEQRfFtK2
+KRAjuxR1h/JquiA7lfYchmHaS13FktkpGMAJWrQZFjRRnDcVqjEotGkcpgaIjVfG
+/Bw9LLjRf4glYvgd8+wDZBpBGU2mLXOu0/0IfU3gN4nRXnxvum0xPRPRQhmZWzjk
+svpUA1W4r7Uy1zog96Gry0NNh5bik+MU7OI/0uJPxSk4DhRFg+HcQ0GHb3eF0yBY
+nTv8Ks3CMMsoa9tCzFfqmxKQMHBA0feBSzjOgN5nqibr7BRp9NiJPtj3sOS6oCDK
+jBSV1ArI6nyaU26hfelNp375CPHObAFLlBA31+saV55hyr2Ydx4=
+=ee2E
+-----END PGP SIGNATURE-----
diff --git a/squid.changes b/squid.changes
index 01a5f73..f54ac86 100644
--- a/squid.changes
+++ b/squid.changes
@@ -1,3 +1,28 @@
+-------------------------------------------------------------------
+Mon Jul 15 14:58:13 UTC 2019 - Adam Majer <adam.majer@suse.de>
+
+- Update to squid 4.8:
+  + Ignore ECONNABORTED in accept(2)
+  + RFC 7230 forbids generation of userinfo subcomponent of https URL
+  + cachemgr.cgi: unallocated memory access resulting in a potential
+    denial of service. (bsc#1141442, CVE-2019-12854)
+  + terminating c-strings beyond BASE64_DECODE_LENGTH
+  + Replace uudecode with libnettle base64 decoder fixing a denial
+    of service vulnerability (bsc#1141329, CVE-2019-12529)
+  + fix to_localhost does not include ::
+  + Fix GCC-9 build issues
+  + Fix Digest auth parameter parsing preventing a potential
+    denial of service (bsc#1141332, CVE-2019-12525)
+  + Update HttpHeader::getAuth to SBuf which prevents a potential
+    heap overflowing allowing a possible remote code execution
+    attack when processing HTTP Authentication credentials
+    (bsc#1141330, CVE-2019-12527)
+  + Add the NO_TLSv1_3 option to available tls-options values
+  + Fix handling of tiny invalid responses
+  + Fix Memory leak when http_reply_access uses external_acl
+  + Fix Multiple XSS issues in cachemgr.cgi
+    (bsc#1140738, CVE-2019-13345)
+
 -------------------------------------------------------------------
 Wed May  8 10:41:22 UTC 2019 - Adam Majer <adam.majer@suse.de>
 
diff --git a/squid.spec b/squid.spec
index b5f446a..f0e2164 100644
--- a/squid.spec
+++ b/squid.spec
@@ -19,7 +19,7 @@
 %define         squidlibdir %{_libdir}/squid
 %define         squidconfdir %{_sysconfdir}/squid
 Name:           squid
-Version:        4.7
+Version:        4.8
 Release:        0
 Summary:        Caching and forwarding HTTP web proxy
 License:        GPL-2.0-or-later