Accepting request 701549 from server:proxy

- Update to squid 4.7: (jsc#SLE-5648) + Fix stack-based buffer-overflow when parsing SNMP messages + Fixed squidclient authentication + Add support for buffer-size= to UDP logging + Trust intermediate CAs from trusted stores + Bug #4928: Cannot convert non-IPv4 to IPv4 + Bug #4796: comm.cc !isOpen(conn->fd) assertion when rotating logs + Bug #4823: assertion failed: "lowestOffset () <= target_offset" (bsc#1133089) + Bug #4942: --with-filedescriptors does not do anything - Syncronize bug and CVE references between 3.x and 4.x squid changelog versions. These bugs were fixed here either without properly referencing them during the fix or 4.x branch was never affected by them. (bsc#1090089, CVE-2018-1172, bsc#979008, CVE-2016-4556, bsc#938715, CVE-2015-5400, bsc#949942, CVE-2014-9749, bsc#1016169, CVE-2016-10003, bsc#1016168, CVE-2016-10002, bsc#979011, CVE-2016-4555, bsc#979010, CVE-2016-4554, bsc#979009, CVE-2016-4553, bsc#976556, CVE-2016-4054, bsc#976553, CVE-2016-4051, bsc#973783, CVE-2016-3948, bsc#973782, CVE-2016-3947, bsc#968395, CVE-2016-2572, bsc#968394, CVE-2016-2571, bsc#968393, CVE-2016-2570, bsc#968392, CVE-2016-2569, bsc#967011, CVE-2016-2390, bsc#959290, CVE-2016-4052, CVE-2016-4053) + Fix memory leak when parsing SNMP packet (bsc#1113669, CVE-2018-19132) before displaying them (bsc#1113668, CVE-2018-19131) OBS-URL: https://build.opensuse.org/request/show/701549 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/squid?expand=0&rev=70
2019-05-08 13:17:46 +00:00 · 2019-05-08 13:17:46 +00:00 · a7bfb7108b
commit a7bfb7108b
parent 4bc6b0168e f7bbf15a1d
6 changed files with 63 additions and 31 deletions
--- a/squid-4.6.tar.xz
+++ b/squid-4.6.tar.xz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:015bade5d3a4905142c4c605df5c4216471e3d8338079955e0e44b0ae0303d41
-size 2439792
--- a/squid-4.6.tar.xz.asc
+++ b/squid-4.6.tar.xz.asc
@ -1,25 +0,0 @@
-File: squid-4.6.tar.xz
-Date: Tue Feb 19 03:25:07 UTC 2019
-Size: 2439792
-MD5 : e25e7cc37754ad14d8aa368c0c210e54
-SHA1: 0396fe8077049000407d13aca8efdd9228e69d98
-Key : CD6DBF8EF3B17D3E <squid3@treenet.co.nz>
-            B068 84ED B779 C89B 044E  64E3 CD6D BF8E F3B1 7D3E
-      keyring = http://www.squid-cache.org/pgp.asc
-      keyserver = pool.sks-keyservers.net
-----BEGIN PGP SIGNATURE-----
-
-iQIzBAABCgAdFiEEsGiE7bd5yJsETmTjzW2/jvOxfT4FAlxrdx0ACgkQzW2/jvOx
-fT741Q//dEG1uEEGuU7qKAmimpw6JtMauSMkGCD5wrwBEQo4z0Y4DYsY7mlT4F0I
-0VOHjuB0HVx7xE3x8vV5j38KqpokhywFtd2JJHjmTCSNt4KIMBVf9U9PbUlHbg5y
-iBw0aQlXknB9cYkI9vbK9MwDVBhv1U25dUqJ/+f8XwTR1rpLmC4ShvtaEK++uMOB
-Df8EszHxGZseyKay/JGNUT2SwWdl7j2zjhRK9WueJGyJ85m76ptkpwJ1BuOz2dJ6
-XJVFuoJl8cb4Pm0xQEVobZ3MdMzqZUEgAmT6rWm9znmNuVQUw0pr7sMowOQyC5bm
-x7ltSr10ZmT+0Fhu0OnXTN2wzz09L8CHTHacFBzNDzxqfh7s+Rlv+KIgEoJKR68O
-4BjSNYPf4U34D7fVsk6pE7pJFwbE3gkwU6oU6tdpG9d8pSzR5yX7JVXdI+FZM6mb
-NyQ0p1wcNN87Zk7R/Yve0CneZVNUzXvuXMM7IfmN81v30iakDL0GOEDqENLIxvxX
-dPRqd2wy00sdvX+ZIWfqKFGvgA0PFYs/GQN0tl8S66XgmIHnbFObGZ3iPiNAknhm
-a2cSero+GEOH/R3wp03ogDnX6uGRS83tIMWNZwaE9vGS8GA256dpZ9JY7s3LIdws
-VyRWqTiN2ZFrl7XRU/wpkr9T4YwRG8swQxe46w46RjGZc046w4w=
-=F/If
-----END PGP SIGNATURE-----
--- a/squid-4.7.tar.xz
+++ b/squid-4.7.tar.xz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:a29cf65f77ab70a8b1cf47e6fe1d2975ec9d04d2446d54669a5afd2aee5e354e
+size 2440884
--- a/squid-4.7.tar.xz.asc
+++ b/squid-4.7.tar.xz.asc
@ -0,0 +1,25 @@
+File: squid-4.7.tar.xz
+Date: Tue May  7 07:29:53 UTC 2019
+Size: 2440884
+MD5 : ec7be696032b962eac9ba5726940a3aa
+SHA1: 018ec694e5d11124ceae86d391ea157994ac6624
+Key : CD6DBF8EF3B17D3E <squid3@treenet.co.nz>
+            B068 84ED B779 C89B 044E  64E3 CD6D BF8E F3B1 7D3E
+      keyring = http://www.squid-cache.org/pgp.asc
+      keyserver = pool.sks-keyservers.net
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEEsGiE7bd5yJsETmTjzW2/jvOxfT4FAlzRM/oACgkQzW2/jvOx
+fT5q0hAAvmwR3eKNjp5XG2s1DTYixIo1fO2YUnWsq7vlTGoBuYqXA0UGZAW5F9Up
+i2BxbnJkbR0Qm4I7F3XqdUuQH12DKRJvrbAuN57ch5yNNu3PgKlGUsk6gSfhrJcp
+U0S9/n9rj6cezwsypaZbN1SMET2q0kv7S6NMKyB5dqOsa88QhyyJIdAlB2GMCpGt
+0chyK61I6ksJjtLXm2OaZxrxuLGgXz4eoi3vs2aftUT8dGhS4OAaO9l6nkQ2M+PG
+/eoh9l3btGPfKgobnr9gyrNexUXDzvNZmdl2wbp+lw3xyIrynFlrtS6u7Cv3UC6o
+G3RxjoJd1+VJS3Rgt4HVUl7oEuvVVsizCV0YpWcLBfQb6hI6GNfzDaT9AQs5ck3a
+2RvedpYTrsEizu/kHZqH04uDcXgxsxhIPVZSFY2rZ63hXX4RX2oVm+PxfX6nBmUt
+euxusYLIk0wh7BKq81WvwjcvQW0nXKCDV/qvb6Xpk31wGoERrCtTalHFAizI8aiS
+QEf+K+PRL4uxo4FD5MUbVZuhMITPdru7Mp4cqrcxCxmgHGBbYSaWVL/Rg3kIca7Y
+UBtqbDD5CcfbpEcq8hJKUQAVH8sihNIV6PN9tqGV60tQFmUdKY/bOdkH/NliKxcz
+V/NX3CUMeXs4MtLW87ebv4OYG2yMYuaju6RL/8cOSIlTd7Qu+wU=
+=btfi
+-----END PGP SIGNATURE-----
--- a/squid.changes
+++ b/squid.changes
@ -1,3 +1,34 @@
+-------------------------------------------------------------------
+Wed May  8 10:41:22 UTC 2019 - Adam Majer <adam.majer@suse.de>
+
+- Update to squid 4.7: (jsc#SLE-5648)
+  + Fix stack-based buffer-overflow when parsing SNMP messages
+  + Fixed squidclient authentication
+  + Add support for buffer-size= to UDP logging
+  + Trust intermediate CAs from trusted stores
+  + Bug #4928: Cannot convert non-IPv4 to IPv4
+  + Bug #4796: comm.cc !isOpen(conn->fd) assertion when rotating logs
+  + Bug #4823: assertion failed: "lowestOffset () <= target_offset"
+    (bsc#1133089)
+  + Bug #4942: --with-filedescriptors does not do anything
+
+-------------------------------------------------------------------
+Tue Feb 26 15:53:50 UTC 2019 - adam.majer@suse.de
+
+- Syncronize bug and CVE references between 3.x and 4.x squid changelog
+  versions. These bugs were fixed here either without properly referencing
+  them during the fix or 4.x branch was never affected by them.
+  (bsc#1090089, CVE-2018-1172, bsc#979008, CVE-2016-4556,
+   bsc#938715, CVE-2015-5400, bsc#949942, CVE-2014-9749,
+   bsc#1016169, CVE-2016-10003, bsc#1016168, CVE-2016-10002,
+   bsc#979011, CVE-2016-4555, bsc#979010, CVE-2016-4554,
+   bsc#979009, CVE-2016-4553, bsc#976556, CVE-2016-4054,
+   bsc#976553, CVE-2016-4051, bsc#973783, CVE-2016-3948,
+   bsc#973782, CVE-2016-3947, bsc#968395, CVE-2016-2572,
+   bsc#968394, CVE-2016-2571, bsc#968393, CVE-2016-2570,
+   bsc#968392, CVE-2016-2569, bsc#967011, CVE-2016-2390,
+   bsc#959290, CVE-2016-4052, CVE-2016-4053)
+
 -------------------------------------------------------------------
 Sat Feb 23 06:37:31 UTC 2019 - seanlew@opensuse.org

@ -51,9 +82,10 @@ Fri Nov  9 13:13:37 UTC 2018 - adam.majer@suse.de
 Mon Oct 29 10:26:08 UTC 2018 - adam.majer@suse.de

 - New upstream stable version 4.4:
-  + Fix memory leak when parsing SNMP packet (bsc#1113669)
+  + Fix memory leak when parsing SNMP packet
+    (bsc#1113669, CVE-2018-19132)
  + Fixed display of error page by quoting certificate fields
-    before displaying them (bsc#1113668)
+    before displaying them (bsc#1113668, CVE-2018-19131)
  + Malformed %>ru URIs for CONNECT requests

 -------------------------------------------------------------------
--- a/squid.spec
+++ b/squid.spec
@ -19,7 +19,7 @@
 %define         squidlibdir %{_libdir}/squid
 %define         squidconfdir %{_sysconfdir}/squid
 Name:           squid
-Version:        4.6
+Version:        4.7
 Release:        0
 Summary:        Caching and forwarding HTTP web proxy
 License:        GPL-2.0-or-later