- Update to squid 4.11:
* Fix incorrect buffer handling that can result in cache
poisoning, remote execution, and denial of service attacks when
processing ESI responses
(CVE-2019-12519, CVE-2019-12521, bsc#1169659)
* Fixes possible information disclosure when translating
FTP server listings into HTTP responses.
(CVE-2019-12528, bsc#1162689)
* Fixes possible denial of service caused by incorrect buffer
management ext_lm_group_acl when processing NTLM Authentication
credentials. (CVE-2020-8517, bsc#1162691)
* Fixes a potential remote execution vulnerability when using
HTTP Digest Authentication (CVE-2020-11945, bsc#1170313)
* Fixes problem when reconfigure killed Coordinator in
SMP+ufs configurations (#556)
OBS-URL: https://build.opensuse.org/request/show/796564
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/squid?expand=0&rev=80
* Fix incorrect buffer handling that can result in cache
poisoning, remote execution, and denial of service attacks when
processing ESI responses
(CVE-2019-12519, CVE-2019-12521, bsc#1169659)
* Fixes possible information disclosure when translating
FTP server listings into HTTP responses.
(CVE-2019-12528, bsc#1162689)
* Fixes possible denial of service caused by incorrect buffer
management ext_lm_group_acl when processing NTLM Authentication
credentials. (CVE-2020-8517, bsc#1162691)
* Fixes a potential remote execution vulnerability when using
HTTP Digest Authentication (CVE-2020-11945, bsc#1170313)
* Fixes problem when reconfigure killed Coordinator in
SMP+ufs configurations (#556)
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=210
- Update to squid 4.10:
* fixes a security issue allowing a remote client ability to cause
use a buffer overflow when squid is acting as reverse-proxy.
(CVE-2020-8449, CVE-2020-8450, bsc#1162687)
* fixes a security issue allowing for information disclosure in
FTP gateway (CVE-2019-12528, bsc#1162689)
* fixes a security issue in ext_lm_group_acl when processing
NTLM Authentication credentials. (CVE-2020-8517, bsc#1162691)
* improve cache handling with chunked responses
OBS-URL: https://build.opensuse.org/request/show/770216
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/squid?expand=0&rev=76
* fixes a security issue allowing a remote client ability to cause
use a buffer overflow when squid is acting as reverse-proxy.
(CVE-2020-8449, CVE-2020-8450, bsc#1162687)
* fixes a security issue allowing for information disclosure in
FTP gateway (CVE-2019-12528, bsc#1162689)
* fixes a security issue in ext_lm_group_acl when processing
NTLM Authentication credentials. (CVE-2020-8517, bsc#1162691)
* improve cache handling with chunked responses
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=202
* fixes multiple Cross-Site Scripting issues in cachemgr.cgi
(CVE-2019-13345, bsc#1140738)
* fixes heap overflow in URN processing
(CVE-2019-12526, bsc#1156326)
* fixes multiple issues in URI processing
(CVE-2019-12523, CVE-2019-18676, bsc#1156329)
* fixes Cross-Site Request Forgery in HTTP Request processing
(CVE-2019-18677, bsc#1156328)
* fixes HTTP Request Splitting in HTTP message processing
(CVE-2019-18678, bsc#1156323)
* fixes information disclosure in HTTP Digest Authentication
(CVE-2019-18679, bsc#1156324)
* lower cache_peer hostname - this showed up as DNS failures
if peer name was configured with any upper case characters
* TLS: Multiple SSL-Bump fixes
* TLS: Fix expiration of self-signed generated certs to be 3 years
* TLS: Fix on_unsupported_protocol tunnel action
* Fix several rock cache_dir corruption issues
- fix_configuration_error.patch: upstreamed
- old_nettle_compat.patch: refreshed
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=200
- Update to squid 4.8:
+ Ignore ECONNABORTED in accept(2)
+ RFC 7230 forbids generation of userinfo subcomponent of https URL
+ cachemgr.cgi: unallocated memory access resulting in a potential
denial of service. (bsc#1141442, CVE-2019-12854)
+ terminating c-strings beyond BASE64_DECODE_LENGTH
+ Replace uudecode with libnettle base64 decoder fixing a denial
of service vulnerability (bsc#1141329, CVE-2019-12529)
+ fix to_localhost does not include ::
+ Fix GCC-9 build issues
+ Fix Digest auth parameter parsing preventing a potential
denial of service (bsc#1141332, CVE-2019-12525)
+ Update HttpHeader::getAuth to SBuf which prevents a potential
heap overflowing allowing a possible remote code execution
attack when processing HTTP Authentication credentials
(bsc#1141330, CVE-2019-12527)
+ Add the NO_TLSv1_3 option to available tls-options values
+ Fix handling of tiny invalid responses
+ Fix Memory leak when http_reply_access uses external_acl
+ Fix Multiple XSS issues in cachemgr.cgi
(bsc#1140738, CVE-2019-13345)
- use unbundled version of libnettle
- disable LTO as a workaround to tests failing
OBS-URL: https://build.opensuse.org/request/show/715745
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/squid?expand=0&rev=72
+ Ignore ECONNABORTED in accept(2)
+ RFC 7230 forbids generation of userinfo subcomponent of https URL
+ cachemgr.cgi: unallocated memory access resulting in a potential
denial of service. (bsc#1141442, CVE-2019-12854)
+ terminating c-strings beyond BASE64_DECODE_LENGTH
+ Replace uudecode with libnettle base64 decoder fixing a denial
of service vulnerability (bsc#1141329, CVE-2019-12529)
+ fix to_localhost does not include ::
+ Fix GCC-9 build issues
+ Fix Digest auth parameter parsing preventing a potential
denial of service (bsc#1141332, CVE-2019-12525)
+ Update HttpHeader::getAuth to SBuf which prevents a potential
heap overflowing allowing a possible remote code execution
attack when processing HTTP Authentication credentials
(bsc#1141330, CVE-2019-12527)
+ Add the NO_TLSv1_3 option to available tls-options values
+ Fix handling of tiny invalid responses
+ Fix Memory leak when http_reply_access uses external_acl
+ Fix Multiple XSS issues in cachemgr.cgi
(bsc#1140738, CVE-2019-13345)
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=188
