Accepting request 770216 from server:proxy

- Update to squid 4.10: * fixes a security issue allowing a remote client ability to cause use a buffer overflow when squid is acting as reverse-proxy. (CVE-2020-8449, CVE-2020-8450, bsc#1162687) * fixes a security issue allowing for information disclosure in FTP gateway (CVE-2019-12528, bsc#1162689) * fixes a security issue in ext_lm_group_acl when processing NTLM Authentication credentials. (CVE-2020-8517, bsc#1162691) * improve cache handling with chunked responses OBS-URL: https://build.opensuse.org/request/show/770216 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/squid?expand=0&rev=76
2020-02-05 18:44:27 +00:00 · 2020-02-05 18:44:27 +00:00 · 9b1651858a
commit 9b1651858a
parent 5dc6931f93 4575171bf0
6 changed files with 43 additions and 30 deletions
--- a/squid-4.10.tar.xz
+++ b/squid-4.10.tar.xz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:98f0100afd8a42ea5f6b81eb98b0e4b36d7a54beab1c73d2f1705ab49b025f1f
+size 2445848
--- a/squid-4.10.tar.xz.asc
+++ b/squid-4.10.tar.xz.asc
@ -0,0 +1,25 @@
+File: squid-4.10.tar.xz
+Date: Mon Jan 20 04:10:45 UTC 2020
+Size: 2445848
+MD5 : af7ac6e70f9bd03ae4fcec0c9b99c38a
+SHA1: b8b267771550bb8c7f2b2968b305118090e7217a
+Key : CD6DBF8EF3B17D3E <squid3@treenet.co.nz>
+            B068 84ED B779 C89B 044E  64E3 CD6D BF8E F3B1 7D3E
+      keyring = http://www.squid-cache.org/pgp.asc
+      keyserver = pool.sks-keyservers.net
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEEsGiE7bd5yJsETmTjzW2/jvOxfT4FAl4lKFMACgkQzW2/jvOx
+fT4aUBAAhR5YcsaTdBaFMOTNM0WUp3USNxjhrQtq+rwkQLqwh3hl2idKZY6fmqAJ
+cv/m9915T7Nd2H7ROl3vxs0ToP1R5EsEbyvcz/tKPoBrXFDDH9JsgkvbF0A4oxW1
+S8PtRlwXPbllHp/yaEZk9NL0PZCrUeW79s4M2hXSPOsC0/RogUUMN/Saa8VX3ZVe
+ZuSZoy+Ew3ZeQ3Y/mqblTN6xRn9zLq+GfqXOjTQQBfAiGprjsPQE4rOame6P9meh
+aGOGDABx7YoRsSskiAZY8cfIsunZdHoORi1WXvcu3hAB0zCZjrO0vptSig7sVCFD
+pdjLCrxopj/jIpAcVLPhl7AHjirAeTxDraQhgie+PT3M+tVm950HJZRt/idzCiNX
+XJj4Tw2gZ+tCKPLUoPvILID8grQQ+HKUA1a8ASeUxUD+sOcwdolUhbzlIl9lMDwY
+hxle9J1QH/04MAhMEnfGZH+ekR5PV+XG4iLWQnPcMSKymtDxiYpgJ9GTDBww0phk
+P1Tg33kSkHLAecEvcFlkZwrsw57qULFQKo2ZUE7Udm9xwBruwPunc+1XJ/PCs6mc
+3RfT5b1rf/fgWhvuwm5vuBkbL1H74gX8u84G984st5zj33t9aagByUXIkxjsLQww
+pFHXYm1PbphFsRIAcAGfkEluSz1X9yOwXyy12uuE7Bc/Ox7zIXk=
+=vpEO
+-----END PGP SIGNATURE-----
--- a/squid-4.9.tar.xz
+++ b/squid-4.9.tar.xz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:1cb1838c6683b0568a3a4050f4ea2fc1eaa5cbba6bdf7d57f7258c7cd7b41fa1
-size 2444664
--- a/squid-4.9.tar.xz.asc
+++ b/squid-4.9.tar.xz.asc
@ -1,25 +0,0 @@
-File: squid-4.9.tar.xz
-Date: Wed Nov  6 04:57:57 UTC 2019
-Size: 2444664
-MD5 : 5c2e335dd1e8ced9dda6e0e11894b344
-SHA1: 43c90a1a2eb4d1613f1bfc603ad08e8a835be319
-Key : CD6DBF8EF3B17D3E <squid3@treenet.co.nz>
-            B068 84ED B779 C89B 044E  64E3 CD6D BF8E F3B1 7D3E
-      keyring = http://www.squid-cache.org/pgp.asc
-      keyserver = pool.sks-keyservers.net
-----BEGIN PGP SIGNATURE-----
-
-iQIzBAABCgAdFiEEsGiE7bd5yJsETmTjzW2/jvOxfT4FAl3CUt8ACgkQzW2/jvOx
-fT4Wnw/+Osf9VTnDFj5g/eXgb6vhzDaSLVfPNKLI6mF46a6twTvlMcM1+sX+b2Of
-KXznDkUHvhIHijXGVbscSWx6Rn2tuPGDRRtDucqK98bYUo7mhEpdGtkVE7t8U3iz
-wIKm7Hbr8qar4nJDLoZiZSCswI+UTcYncUuAqZ0O8LGIK0m6aYYDSS4bRq04yiS2
-1JD0UEWW35X35hoVuhGlRRgvLzKn8F4KFeDde0gg+cqvkM0LR2+xkUqz6DcyE34m
-8uK6hlABu32Zj+9oRBvNNcDOr2bfNYsbS4tAy635thFTyGUF7jjrOEXhl2SYrDY5
-gVRzXHq/WBQ5rjTdmwvfn3wcwA1BQK/Oru6OaTFGaSrRlmJJM3JUFQWSsYWm8ARV
-BJEGy8iQ9R41Yom2Ct8SOhwg7f3fBlFnK+BB8En+8s+fEa8z5rVmmjh1Es8qm6Tj
-C/xGTZ23C4lUveKznDhc8MR2M4jjsH77Y7K/PvJUjZ/yYNpwsOwhv7fs51v70S5Q
-4wC+ykpsmwckmOajrkOnupUN9Un2FzfyOctTt6PQkmwlq++09Jwxwg36O+KLDX08
-f48F/qCCJ4bubuhFjM/A+cwVev0nAp0haSV0jpbemAHwzog21O51l70B8qUe18jp
-XKYpbp3zCJ5cNmrAummsEVaj2ZCsH5ZHxTUIwvJDIS5b0OFn/lo=
-=LNc9
-----END PGP SIGNATURE-----
--- a/squid.changes
+++ b/squid.changes
@ -1,3 +1,16 @@
+-------------------------------------------------------------------
+Wed Feb  5 09:57:59 UTC 2020 - Adam Majer <adam.majer@suse.de>
+
+- Update to squid 4.10:
+  * fixes a security issue allowing a remote client ability to cause
+    use a buffer overflow when squid is acting as reverse-proxy.
+    (CVE-2020-8449, CVE-2020-8450, bsc#1162687)
+  * fixes a security issue allowing for information disclosure in
+    FTP gateway (CVE-2019-12528, bsc#1162689)
+  * fixes a security issue in ext_lm_group_acl when processing
+    NTLM Authentication credentials. (CVE-2020-8517, bsc#1162691)
+  * improve cache handling with chunked responses
+
 -------------------------------------------------------------------
 Fri Nov  8 15:24:15 UTC 2019 - Adam Majer <adam.majer@suse.de>

--- a/squid.spec
+++ b/squid.spec
@ -1,7 +1,7 @@
 #
 # spec file for package squid
 #
-# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2020 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -19,7 +19,7 @@
 %define         squidlibdir %{_libdir}/squid
 %define         squidconfdir %{_sysconfdir}/squid
 Name:           squid
-Version:        4.9
+Version:        4.10
 Release:        0
 Summary:        Caching and forwarding HTTP web proxy
 License:        GPL-2.0-or-later