From d65c3be188de480303e47de988eaad941c36599e14f58369bd5641a4dc3f10ea Mon Sep 17 00:00:00 2001 From: Adam Majer Date: Tue, 26 Feb 2019 16:24:46 +0000 Subject: [PATCH 1/2] - Syncronize bug and CVE references between 3.x and 4.x squid changelog OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=183 --- squid.changes | 22 ++++++++++++++++++++-- 1 file changed, 20 insertions(+), 2 deletions(-) diff --git a/squid.changes b/squid.changes index da9ad22..bf83d73 100644 --- a/squid.changes +++ b/squid.changes @@ -1,3 +1,20 @@ +------------------------------------------------------------------- +Tue Feb 26 15:53:50 UTC 2019 - adam.majer@suse.de + +- Syncronize bug and CVE references between 3.x and 4.x squid changelog + versions. These bugs were fixed here either without properly referencing + them during the fix or 4.x branch was never affected by them. + (bsc#1090089, CVE-2018-1172, bsc#979008, CVE-2016-4556, + bsc#938715, CVE-2015-5400, bsc#949942, CVE-2014-9749, + bsc#1016169, CVE-2016-10003, bsc#1016168, CVE-2016-10002, + bsc#979011, CVE-2016-4555, bsc#979010, CVE-2016-4554, + bsc#979009, CVE-2016-4553, bsc#976556, CVE-2016-4054, + bsc#976553, CVE-2016-4051, bsc#973783, CVE-2016-3948, + bsc#973782, CVE-2016-3947, bsc#968395, CVE-2016-2572, + bsc#968394, CVE-2016-2571, bsc#968393, CVE-2016-2570, + bsc#968392, CVE-2016-2569, bsc#967011, CVE-2016-2390, + bsc#959290, CVE-2016-4052, CVE-2016-4053) + ------------------------------------------------------------------- Sat Feb 23 06:37:31 UTC 2019 - seanlew@opensuse.org @@ -51,9 +68,10 @@ Fri Nov 9 13:13:37 UTC 2018 - adam.majer@suse.de Mon Oct 29 10:26:08 UTC 2018 - adam.majer@suse.de - New upstream stable version 4.4: - + Fix memory leak when parsing SNMP packet (bsc#1113669) + + Fix memory leak when parsing SNMP packet + (bsc#1113669, CVE-2018-19132) + Fixed display of error page by quoting certificate fields - before displaying them (bsc#1113668) + before displaying them (bsc#1113668, CVE-2018-19131) + Malformed %>ru URIs for CONNECT requests ------------------------------------------------------------------- From f7bbf15a1d6871229193b8c3d1333807b524a30c99cd45b00ad7dfb2877c031f Mon Sep 17 00:00:00 2001 From: Adam Majer Date: Wed, 8 May 2019 10:45:58 +0000 Subject: [PATCH 2/2] - Update to squid 4.7: (jsc#SLE-5648) + Fix stack-based buffer-overflow when parsing SNMP messages + Fixed squidclient authentication + Add support for buffer-size= to UDP logging + Trust intermediate CAs from trusted stores + Bug #4928: Cannot convert non-IPv4 to IPv4 + Bug #4796: comm.cc !isOpen(conn->fd) assertion when rotating logs + Bug #4823: assertion failed: "lowestOffset () <= target_offset" (bsc#1133089) + Bug #4942: --with-filedescriptors does not do anything OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=184 --- squid-4.6.tar.xz | 3 --- squid-4.6.tar.xz.asc | 25 ------------------------- squid-4.7.tar.xz | 3 +++ squid-4.7.tar.xz.asc | 25 +++++++++++++++++++++++++ squid.changes | 14 ++++++++++++++ squid.spec | 2 +- 6 files changed, 43 insertions(+), 29 deletions(-) delete mode 100644 squid-4.6.tar.xz delete mode 100644 squid-4.6.tar.xz.asc create mode 100644 squid-4.7.tar.xz create mode 100644 squid-4.7.tar.xz.asc diff --git a/squid-4.6.tar.xz b/squid-4.6.tar.xz deleted file mode 100644 index c9c9157..0000000 --- a/squid-4.6.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:015bade5d3a4905142c4c605df5c4216471e3d8338079955e0e44b0ae0303d41 -size 2439792 diff --git a/squid-4.6.tar.xz.asc b/squid-4.6.tar.xz.asc deleted file mode 100644 index 87cd3a3..0000000 --- a/squid-4.6.tar.xz.asc +++ /dev/null @@ -1,25 +0,0 @@ -File: squid-4.6.tar.xz -Date: Tue Feb 19 03:25:07 UTC 2019 -Size: 2439792 -MD5 : e25e7cc37754ad14d8aa368c0c210e54 -SHA1: 0396fe8077049000407d13aca8efdd9228e69d98 -Key : CD6DBF8EF3B17D3E - B068 84ED B779 C89B 044E 64E3 CD6D BF8E F3B1 7D3E - keyring = http://www.squid-cache.org/pgp.asc - keyserver = pool.sks-keyservers.net ------BEGIN PGP SIGNATURE----- - -iQIzBAABCgAdFiEEsGiE7bd5yJsETmTjzW2/jvOxfT4FAlxrdx0ACgkQzW2/jvOx -fT741Q//dEG1uEEGuU7qKAmimpw6JtMauSMkGCD5wrwBEQo4z0Y4DYsY7mlT4F0I -0VOHjuB0HVx7xE3x8vV5j38KqpokhywFtd2JJHjmTCSNt4KIMBVf9U9PbUlHbg5y -iBw0aQlXknB9cYkI9vbK9MwDVBhv1U25dUqJ/+f8XwTR1rpLmC4ShvtaEK++uMOB -Df8EszHxGZseyKay/JGNUT2SwWdl7j2zjhRK9WueJGyJ85m76ptkpwJ1BuOz2dJ6 -XJVFuoJl8cb4Pm0xQEVobZ3MdMzqZUEgAmT6rWm9znmNuVQUw0pr7sMowOQyC5bm -x7ltSr10ZmT+0Fhu0OnXTN2wzz09L8CHTHacFBzNDzxqfh7s+Rlv+KIgEoJKR68O -4BjSNYPf4U34D7fVsk6pE7pJFwbE3gkwU6oU6tdpG9d8pSzR5yX7JVXdI+FZM6mb -NyQ0p1wcNN87Zk7R/Yve0CneZVNUzXvuXMM7IfmN81v30iakDL0GOEDqENLIxvxX -dPRqd2wy00sdvX+ZIWfqKFGvgA0PFYs/GQN0tl8S66XgmIHnbFObGZ3iPiNAknhm -a2cSero+GEOH/R3wp03ogDnX6uGRS83tIMWNZwaE9vGS8GA256dpZ9JY7s3LIdws -VyRWqTiN2ZFrl7XRU/wpkr9T4YwRG8swQxe46w46RjGZc046w4w= -=F/If ------END PGP SIGNATURE----- diff --git a/squid-4.7.tar.xz b/squid-4.7.tar.xz new file mode 100644 index 0000000..cba5bac --- /dev/null +++ b/squid-4.7.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:a29cf65f77ab70a8b1cf47e6fe1d2975ec9d04d2446d54669a5afd2aee5e354e +size 2440884 diff --git a/squid-4.7.tar.xz.asc b/squid-4.7.tar.xz.asc new file mode 100644 index 0000000..a4eda62 --- /dev/null +++ b/squid-4.7.tar.xz.asc @@ -0,0 +1,25 @@ +File: squid-4.7.tar.xz +Date: Tue May 7 07:29:53 UTC 2019 +Size: 2440884 +MD5 : ec7be696032b962eac9ba5726940a3aa +SHA1: 018ec694e5d11124ceae86d391ea157994ac6624 +Key : CD6DBF8EF3B17D3E + B068 84ED B779 C89B 044E 64E3 CD6D BF8E F3B1 7D3E + keyring = http://www.squid-cache.org/pgp.asc + keyserver = pool.sks-keyservers.net +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCgAdFiEEsGiE7bd5yJsETmTjzW2/jvOxfT4FAlzRM/oACgkQzW2/jvOx +fT5q0hAAvmwR3eKNjp5XG2s1DTYixIo1fO2YUnWsq7vlTGoBuYqXA0UGZAW5F9Up +i2BxbnJkbR0Qm4I7F3XqdUuQH12DKRJvrbAuN57ch5yNNu3PgKlGUsk6gSfhrJcp +U0S9/n9rj6cezwsypaZbN1SMET2q0kv7S6NMKyB5dqOsa88QhyyJIdAlB2GMCpGt +0chyK61I6ksJjtLXm2OaZxrxuLGgXz4eoi3vs2aftUT8dGhS4OAaO9l6nkQ2M+PG +/eoh9l3btGPfKgobnr9gyrNexUXDzvNZmdl2wbp+lw3xyIrynFlrtS6u7Cv3UC6o +G3RxjoJd1+VJS3Rgt4HVUl7oEuvVVsizCV0YpWcLBfQb6hI6GNfzDaT9AQs5ck3a +2RvedpYTrsEizu/kHZqH04uDcXgxsxhIPVZSFY2rZ63hXX4RX2oVm+PxfX6nBmUt +euxusYLIk0wh7BKq81WvwjcvQW0nXKCDV/qvb6Xpk31wGoERrCtTalHFAizI8aiS +QEf+K+PRL4uxo4FD5MUbVZuhMITPdru7Mp4cqrcxCxmgHGBbYSaWVL/Rg3kIca7Y +UBtqbDD5CcfbpEcq8hJKUQAVH8sihNIV6PN9tqGV60tQFmUdKY/bOdkH/NliKxcz +V/NX3CUMeXs4MtLW87ebv4OYG2yMYuaju6RL/8cOSIlTd7Qu+wU= +=btfi +-----END PGP SIGNATURE----- diff --git a/squid.changes b/squid.changes index bf83d73..95a0d0e 100644 --- a/squid.changes +++ b/squid.changes @@ -1,3 +1,17 @@ +------------------------------------------------------------------- +Wed May 8 10:41:22 UTC 2019 - Adam Majer + +- Update to squid 4.7: (jsc#SLE-5648) + + Fix stack-based buffer-overflow when parsing SNMP messages + + Fixed squidclient authentication + + Add support for buffer-size= to UDP logging + + Trust intermediate CAs from trusted stores + + Bug #4928: Cannot convert non-IPv4 to IPv4 + + Bug #4796: comm.cc !isOpen(conn->fd) assertion when rotating logs + + Bug #4823: assertion failed: "lowestOffset () <= target_offset" + (bsc#1133089) + + Bug #4942: --with-filedescriptors does not do anything + ------------------------------------------------------------------- Tue Feb 26 15:53:50 UTC 2019 - adam.majer@suse.de diff --git a/squid.spec b/squid.spec index afc22cb..b5f446a 100644 --- a/squid.spec +++ b/squid.spec @@ -19,7 +19,7 @@ %define squidlibdir %{_libdir}/squid %define squidconfdir %{_sysconfdir}/squid Name: squid -Version: 4.6 +Version: 4.7 Release: 0 Summary: Caching and forwarding HTTP web proxy License: GPL-2.0-or-later