- move pidfile back to /run/squid.pid and not in the directory
owned by squid. The purpose of /run/squid/ is to facilitate
SMP worker's IPC and not for the PID file. The PID file can
live just fine in /run since it's written by root. (bsc#1210960)
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=273
- update to 5.8:
* Bug 5162: mgr:index URL do not produce MGR_INDEX template
* Bug 5241: Block all non-localhost requests by default
* Bug 5241: Block to-localhost, to-link-local requests by
default
* ext_kerberos_ldap_group_acl: Support -b with -D
* Fix ACL type typo in req_header, rep_header key-changing
ERRORs
* ... and several compile fixes
* ... and some code cleanup and polishing
OBS-URL: https://build.opensuse.org/request/show/1079299
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=271
- update to 4.15:
- Bug 5112: Excessively loud chunked reply parsing error reporting
- Bug 5106: Broken cache manager URL parsing
- Bug 5104: Memory leak in RFC 2169 response parsing
- Bug 3556: "FD ... is not an open socket" for accept() problems
- Profiling: CPU timing implemented for MAC non-x86
- Fix HttpHeaderStats definition to include hoErrorDetail
- Fix Squid-to-client write_timeout triggers client_lifetime timeout
- Limit HeaderLookupTable_t::lookup() to BadHdr and specific IDs
- Handle more Range requests
- Handle more partial responses
- Stop processing a response if the Store entry is gone
- ... and some portability fixes
- ... and some documentation updates
OBS-URL: https://build.opensuse.org/request/show/892304
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=232
- update to 4.14:
- Regression Fix: support for non-lowercase Transfer-Encoding value
- Regression Fix: cachemgr.cgi wrong 403 response to authenticated menu URIs
- Bug 5076: WCCP Security Info incorrect
- Bug 5073: Compile error: index was not declared in this scope
- Bug 5065: url_rewrite_program documentation update
- Bug 3074 pt2: improved handling of URI paths implicit '/'
- Fix transactions exceeding client_lifetime logged as _ABORTED
OBS-URL: https://build.opensuse.org/request/show/870712
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=230
* Fix incorrect buffer handling that can result in cache
poisoning, remote execution, and denial of service attacks when
processing ESI responses
(CVE-2019-12519, CVE-2019-12521, bsc#1169659)
* Fixes possible information disclosure when translating
FTP server listings into HTTP responses.
(CVE-2019-12528, bsc#1162689)
* Fixes possible denial of service caused by incorrect buffer
management ext_lm_group_acl when processing NTLM Authentication
credentials. (CVE-2020-8517, bsc#1162691)
* Fixes a potential remote execution vulnerability when using
HTTP Digest Authentication (CVE-2020-11945, bsc#1170313)
* Fixes problem when reconfigure killed Coordinator in
SMP+ufs configurations (#556)
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=210
* fixes a security issue allowing a remote client ability to cause
use a buffer overflow when squid is acting as reverse-proxy.
(CVE-2020-8449, CVE-2020-8450, bsc#1162687)
* fixes a security issue allowing for information disclosure in
FTP gateway (CVE-2019-12528, bsc#1162689)
* fixes a security issue in ext_lm_group_acl when processing
NTLM Authentication credentials. (CVE-2020-8517, bsc#1162691)
* improve cache handling with chunked responses
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=202
* fixes multiple Cross-Site Scripting issues in cachemgr.cgi
(CVE-2019-13345, bsc#1140738)
* fixes heap overflow in URN processing
(CVE-2019-12526, bsc#1156326)
* fixes multiple issues in URI processing
(CVE-2019-12523, CVE-2019-18676, bsc#1156329)
* fixes Cross-Site Request Forgery in HTTP Request processing
(CVE-2019-18677, bsc#1156328)
* fixes HTTP Request Splitting in HTTP message processing
(CVE-2019-18678, bsc#1156323)
* fixes information disclosure in HTTP Digest Authentication
(CVE-2019-18679, bsc#1156324)
* lower cache_peer hostname - this showed up as DNS failures
if peer name was configured with any upper case characters
* TLS: Multiple SSL-Bump fixes
* TLS: Fix expiration of self-signed generated certs to be 3 years
* TLS: Fix on_unsupported_protocol tunnel action
* Fix several rock cache_dir corruption issues
- fix_configuration_error.patch: upstreamed
- old_nettle_compat.patch: refreshed
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=200
+ Ignore ECONNABORTED in accept(2)
+ RFC 7230 forbids generation of userinfo subcomponent of https URL
+ cachemgr.cgi: unallocated memory access resulting in a potential
denial of service. (bsc#1141442, CVE-2019-12854)
+ terminating c-strings beyond BASE64_DECODE_LENGTH
+ Replace uudecode with libnettle base64 decoder fixing a denial
of service vulnerability (bsc#1141329, CVE-2019-12529)
+ fix to_localhost does not include ::
+ Fix GCC-9 build issues
+ Fix Digest auth parameter parsing preventing a potential
denial of service (bsc#1141332, CVE-2019-12525)
+ Update HttpHeader::getAuth to SBuf which prevents a potential
heap overflowing allowing a possible remote code execution
attack when processing HTTP Authentication credentials
(bsc#1141330, CVE-2019-12527)
+ Add the NO_TLSv1_3 option to available tls-options values
+ Fix handling of tiny invalid responses
+ Fix Memory leak when http_reply_access uses external_acl
+ Fix Multiple XSS issues in cachemgr.cgi
(bsc#1140738, CVE-2019-13345)
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=188