rpm/squid
SHA256
1
0
Fork 0
forked from pool/squid
Code Pull Requests Activity
185 Commits 1 Branch 0 Tags 1.9 MiB
5dc6931f93
Commit Graph

185 Commits

This Branch
This Branch
All Branches
Author SHA256 Message Date
Dominique Leuenberger
5dc6931f93 Accepting request 746661 from server:proxy 
- Update to squid 4.9:
  * fixes multiple Cross-Site Scripting issues in cachemgr.cgi
    (CVE-2019-13345, bsc#1140738)
  * fixes heap overflow in URN processing
    (CVE-2019-12526, bsc#1156326)
  * fixes multiple issues in URI processing
    (CVE-2019-12523, CVE-2019-18676, bsc#1156329)
  * fixes Cross-Site Request Forgery in HTTP Request processing
    (CVE-2019-18677, bsc#1156328)
  * fixes HTTP Request Splitting in HTTP message processing
    (CVE-2019-18678, bsc#1156323)
  * fixes information disclosure in HTTP Digest Authentication
    (CVE-2019-18679, bsc#1156324)
  * lower cache_peer hostname - this showed up as DNS failures
    if peer name was configured with any upper case characters
  * TLS: Multiple SSL-Bump fixes
  * TLS: Fix expiration of self-signed generated certs to be 3 years
  * TLS: Fix on_unsupported_protocol tunnel action
  * Fix several rock cache_dir corruption issues
- fix_configuration_error.patch: upstreamed
- old_nettle_compat.patch: refreshed

OBS-URL: https://build.opensuse.org/request/show/746661
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/squid?expand=0&rev=75
 2019-11-09 22:40:27 +00:00
Adam Majer
b862c898ec - Update to squid 4.9: 
* fixes multiple Cross-Site Scripting issues in cachemgr.cgi
    (CVE-2019-13345, bsc#1140738)
  * fixes heap overflow in URN processing
    (CVE-2019-12526, bsc#1156326)
  * fixes multiple issues in URI processing
    (CVE-2019-12523, CVE-2019-18676, bsc#1156329)
  * fixes Cross-Site Request Forgery in HTTP Request processing
    (CVE-2019-18677, bsc#1156328)
  * fixes HTTP Request Splitting in HTTP message processing
    (CVE-2019-18678, bsc#1156323)
  * fixes information disclosure in HTTP Digest Authentication
    (CVE-2019-18679, bsc#1156324)
  * lower cache_peer hostname - this showed up as DNS failures
    if peer name was configured with any upper case characters
  * TLS: Multiple SSL-Bump fixes
  * TLS: Fix expiration of self-signed generated certs to be 3 years
  * TLS: Fix on_unsupported_protocol tunnel action
  * Fix several rock cache_dir corruption issues
- fix_configuration_error.patch: upstreamed
- old_nettle_compat.patch: refreshed

OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=200
 2019-11-08 16:23:28 +00:00
Dominique Leuenberger
ad1d02283e Accepting request 721533 from server:proxy 
- fix_configuration_error.patch: Fix compilation with -Wreturn-type
- old_nettle_compat.patch: Update to actually use older version

OBS-URL: https://build.opensuse.org/request/show/721533
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/squid?expand=0&rev=74
 2019-08-08 12:23:33 +00:00
Adam Majer
5bf83e3a20 Fix compilation with old nettle 
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=198
 2019-08-07 08:32:10 +00:00
Adam Majer
cfbd7154aa OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=197 2019-08-06 13:31:27 +00:00
Adam Majer
51b5f199a0 - fix_configuration_error.patch: Fix compilation with -Wreturn-type 
- old_nettle_compat.patch: Update to actually use older version

OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=196
 2019-08-06 13:19:25 +00:00
Dominique Leuenberger
a7a57d9637 Accepting request 718583 from server:proxy 
Automatic submission by obs-autosubmit

OBS-URL: https://build.opensuse.org/request/show/718583
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/squid?expand=0&rev=73
 2019-07-26 10:42:20 +00:00
Adam Majer
e1d5654187 Fix patch for current patch 
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=194
 2019-07-18 14:27:06 +00:00
Adam Majer
cccd13179c - - old_nettle_compat.patch: Fix compatibility with nettle in SLE-12 
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=193
 2019-07-18 14:14:00 +00:00
Dominique Leuenberger
a8a96222c4 Accepting request 715745 from server:proxy 
- Update to squid 4.8:
  + Ignore ECONNABORTED in accept(2)
  + RFC 7230 forbids generation of userinfo subcomponent of https URL
  + cachemgr.cgi: unallocated memory access resulting in a potential
    denial of service. (bsc#1141442, CVE-2019-12854)
  + terminating c-strings beyond BASE64_DECODE_LENGTH
  + Replace uudecode with libnettle base64 decoder fixing a denial
    of service vulnerability (bsc#1141329, CVE-2019-12529)
  + fix to_localhost does not include ::
  + Fix GCC-9 build issues
  + Fix Digest auth parameter parsing preventing a potential
    denial of service (bsc#1141332, CVE-2019-12525)
  + Update HttpHeader::getAuth to SBuf which prevents a potential
    heap overflowing allowing a possible remote code execution
    attack when processing HTTP Authentication credentials
    (bsc#1141330, CVE-2019-12527)
  + Add the NO_TLSv1_3 option to available tls-options values
  + Fix handling of tiny invalid responses
  + Fix Memory leak when http_reply_access uses external_acl
  + Fix Multiple XSS issues in cachemgr.cgi
    (bsc#1140738, CVE-2019-13345)
- use unbundled version of libnettle
- disable LTO as a workaround to tests failing

OBS-URL: https://build.opensuse.org/request/show/715745
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/squid?expand=0&rev=72
 2019-07-18 13:20:23 +00:00
Adam Majer
1b4a15b127 - use unbundled version of libnettle 
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=191
 2019-07-16 15:33:12 +00:00
Adam Majer
fef008683e OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=190 2019-07-16 07:58:08 +00:00
Adam Majer
49783ccec7 - disable LTO to as a workaround to tests failing 
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=189
 2019-07-16 07:57:43 +00:00
Adam Majer
1f7d2548ca - Update to squid 4.8: 
+ Ignore ECONNABORTED in accept(2)
  + RFC 7230 forbids generation of userinfo subcomponent of https URL
  + cachemgr.cgi: unallocated memory access resulting in a potential
    denial of service. (bsc#1141442, CVE-2019-12854)
  + terminating c-strings beyond BASE64_DECODE_LENGTH
  + Replace uudecode with libnettle base64 decoder fixing a denial
    of service vulnerability (bsc#1141329, CVE-2019-12529)
  + fix to_localhost does not include ::
  + Fix GCC-9 build issues
  + Fix Digest auth parameter parsing preventing a potential
    denial of service (bsc#1141332, CVE-2019-12525)
  + Update HttpHeader::getAuth to SBuf which prevents a potential
    heap overflowing allowing a possible remote code execution
    attack when processing HTTP Authentication credentials
    (bsc#1141330, CVE-2019-12527)
  + Add the NO_TLSv1_3 option to available tls-options values
  + Fix handling of tiny invalid responses
  + Fix Memory leak when http_reply_access uses external_acl
  + Fix Multiple XSS issues in cachemgr.cgi
    (bsc#1140738, CVE-2019-13345)

OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=188
 2019-07-15 15:22:32 +00:00
Dominique Leuenberger
0b6b75ecb3 Accepting request 702817 from server:proxy 
Adding few more bug numbers that were missing
from the squid 3.x changelog

OBS-URL: https://build.opensuse.org/request/show/702817
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/squid?expand=0&rev=71
 2019-05-15 10:33:54 +00:00
Adam Majer
777c5c3d20 Few more missing bug numbers from 3.x line 
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=186
 2019-05-14 11:29:55 +00:00
Dominique Leuenberger
a7bfb7108b Accepting request 701549 from server:proxy 
- Update to squid 4.7: (jsc#SLE-5648)
  + Fix stack-based buffer-overflow when parsing SNMP messages
  + Fixed squidclient authentication
  + Add support for buffer-size= to UDP logging
  + Trust intermediate CAs from trusted stores
  + Bug #4928: Cannot convert non-IPv4 to IPv4
  + Bug #4796: comm.cc !isOpen(conn->fd) assertion when rotating logs
  + Bug #4823: assertion failed: "lowestOffset () <= target_offset"
    (bsc#1133089)
  + Bug #4942: --with-filedescriptors does not do anything

- Syncronize bug and CVE references between 3.x and 4.x squid changelog
  versions. These bugs were fixed here either without properly referencing
  them during the fix or 4.x branch was never affected by them.
  (bsc#1090089, CVE-2018-1172, bsc#979008, CVE-2016-4556,
   bsc#938715, CVE-2015-5400, bsc#949942, CVE-2014-9749,
   bsc#1016169, CVE-2016-10003, bsc#1016168, CVE-2016-10002,
   bsc#979011, CVE-2016-4555, bsc#979010, CVE-2016-4554,
   bsc#979009, CVE-2016-4553, bsc#976556, CVE-2016-4054,
   bsc#976553, CVE-2016-4051, bsc#973783, CVE-2016-3948,
   bsc#973782, CVE-2016-3947, bsc#968395, CVE-2016-2572,
   bsc#968394, CVE-2016-2571, bsc#968393, CVE-2016-2570,
   bsc#968392, CVE-2016-2569, bsc#967011, CVE-2016-2390,
   bsc#959290, CVE-2016-4052, CVE-2016-4053)

  + Fix memory leak when parsing SNMP packet
    (bsc#1113669, CVE-2018-19132)
    before displaying them (bsc#1113668, CVE-2018-19131)

OBS-URL: https://build.opensuse.org/request/show/701549
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/squid?expand=0&rev=70
 2019-05-08 13:17:46 +00:00
Adam Majer
f7bbf15a1d - Update to squid 4.7: (jsc#SLE-5648) 
+ Fix stack-based buffer-overflow when parsing SNMP messages
  + Fixed squidclient authentication
  + Add support for buffer-size= to UDP logging
  + Trust intermediate CAs from trusted stores
  + Bug #4928: Cannot convert non-IPv4 to IPv4
  + Bug #4796: comm.cc !isOpen(conn->fd) assertion when rotating logs
  + Bug #4823: assertion failed: "lowestOffset () <= target_offset"
    (bsc#1133089)
  + Bug #4942: --with-filedescriptors does not do anything

OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=184
 2019-05-08 10:45:58 +00:00
Adam Majer
d65c3be188 - Syncronize bug and CVE references between 3.x and 4.x squid changelog 
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=183
 2019-02-26 16:24:46 +00:00
Stephan Kulow
4bc6b0168e Accepting request 678651 from server:proxy 
OBS-URL: https://build.opensuse.org/request/show/678651
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/squid?expand=0&rev=69
 2019-02-25 16:57:01 +00:00
Martin Pluskal
41a28e8b22 Accepting request 678364 from home:seanlew:branches:server:proxy 
Update squid to 4.6

OBS-URL: https://build.opensuse.org/request/show/678364
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=181
 2019-02-25 07:58:31 +00:00
Yuchen Lin
142b1d34e9 Accepting request 677001 from server:proxy 
- Revert whitespace deletions of .changes as it makes diffs a pain.

- Do not hide errors from useradd. Make scriptlets
  plain sh compatible.

OBS-URL: https://build.opensuse.org/request/show/677001
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/squid?expand=0&rev=68
 2019-02-19 11:00:50 +00:00
Adam Majer
0dc8c8b0d5 - Revert whitespace deletions of .changes as it makes diffs a pain. 
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=179
 2019-02-18 10:04:44 +00:00
Martin Pluskal
8ed27ce66b Accepting request 676612 from home:jengelh:branches:server:proxy 
- Do not hide errors from useradd. Make scriptlets
  plain sh compatible.

OBS-URL: https://build.opensuse.org/request/show/676612
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=178
 2019-02-18 07:45:40 +00:00
Dominique Leuenberger
5f3fd69e41 Accepting request 662383 from server:proxy 
- Update to squid 4.5: 
  + Squid crashes when ICAPS and a sslcrtvalidator used together (#328)
  + ssl_bump prevents from accessing some web contents (#304) 
  + Docs: improved lexgrog compatibility (#340)
  + Redesign forward_max_tries count TCP connection attempts
  + Fix client_connection_mark ACL handling of clientless transactions
  + Fix netdb exchange with a TLS cache peer
  + Update netdb when tunneling requests
  + Use pkg-config for detecting libxml2
  + Misc doc updates
  + Misc code compile fixes

OBS-URL: https://build.opensuse.org/request/show/662383
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/squid?expand=0&rev=67
 2019-01-03 17:08:06 +00:00
Martin Pluskal
b292dfd12d OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=176 2019-01-02 08:44:24 +00:00
Martin Pluskal
f3e0551c1d Accepting request 662363 from home:seanlew:branches:server:proxy 
Updat squid

OBS-URL: https://build.opensuse.org/request/show/662363
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=175
 2019-01-02 08:30:55 +00:00
Dominique Leuenberger
2386973e81 Accepting request 653729 from server:proxy 
Automatic submission by obs-autosubmit

OBS-URL: https://build.opensuse.org/request/show/653729
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/squid?expand=0&rev=66
 2018-12-04 19:57:39 +00:00
Adam Majer
a2705b2937 - Fix permissions of installed file to tmpfilesdir 
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=173
 2018-11-09 13:15:01 +00:00
Dominique Leuenberger
8da3d2bbef Accepting request 645296 from server:proxy 
OBS-URL: https://build.opensuse.org/request/show/645296
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/squid?expand=0&rev=65
 2018-10-31 12:14:28 +00:00
Adam Majer
172a09005a Accepting request 645255 from home:adamm:branches:server:proxy 
- New upstream stable version 4.4:
  + Fix memory leak when parsing SNMP packet (bsc#1113669)
  + Fixed display of error page by quoting certificate fields
    before displaying them (bsc#1113668)
  + Malformed %>ru URIs for CONNECT requests

OBS-URL: https://build.opensuse.org/request/show/645255
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=171
 2018-10-29 14:48:28 +00:00
Dominique Leuenberger
c2bb72d901 Accepting request 643975 from server:proxy 
OBS-URL: https://build.opensuse.org/request/show/643975
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/squid?expand=0&rev=64
 2018-10-23 18:42:13 +00:00
Martin Pluskal
b13fb97e7d Accepting request 643973 from home:adamm:branches:server:proxy 
- Create runtime directories needed when SMP mode is enabled.
  (bsc#1112695, bsc#1112066)
- Make changelog entries format consistent

OBS-URL: https://build.opensuse.org/request/show/643973
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=169
 2018-10-23 13:55:38 +00:00
Dominique Leuenberger
9e74ac36eb Accepting request 639903 from server:proxy 
OBS-URL: https://build.opensuse.org/request/show/639903
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/squid?expand=0&rev=63
 2018-10-04 17:02:24 +00:00
Martin Pluskal
5f431c6df6 Accepting request 639902 from home:pluskalm:branches:server:proxy 
- Enable tests

OBS-URL: https://build.opensuse.org/request/show/639902
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=167
 2018-10-04 08:40:01 +00:00
Martin Pluskal
71b88f256b - Correct changelog 
* Bug 4885: Excessive memory usage when running out of descriptors
	* Bug 4877: Add missing text about external_acl_type %DATA changes
	* Bug 4875 pt1: GCC-8 compile errors with -O3 optimization
	* Bug 4716: Blank lines in cachemgr.conf are not skipped
	* Bug 4691: balance_on_multiple_ip config option docs
	* basic_pop3_auth: fix startup errors
	* langpack: Add missing dialect aliases
	* Fix range_offset_limit debugging
	* Fix icc build errors
	* Update systemd dependencies in squid.service

OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=166
 2018-10-04 07:37:10 +00:00
Ondřej Súkup
c2c03bd33a Accepting request 639660 from home:seanlew:branches:server:proxy 
Updated squid to 4.3

OBS-URL: https://build.opensuse.org/request/show/639660
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=165
 2018-10-03 08:12:03 +00:00
Dominique Leuenberger
bf6256c979 Accepting request 628977 from server:proxy 
OBS-URL: https://build.opensuse.org/request/show/628977
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/squid?expand=0&rev=62
 2018-08-15 08:36:34 +00:00
Martin Pluskal
c8ee9aaee4 Accepting request 628925 from home:adamm:branches:server:proxy 
- New upstream stable version 4.2:
  + fix HTTPMSGLOCK missing pointer safety
  + gcc-8 fixes
  + fix milliseconds logformats prepend 0s instead of spaces
  + fix %>ru logging of huge URLs

OBS-URL: https://build.opensuse.org/request/show/628925
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=163
 2018-08-13 12:44:10 +00:00
Dominique Leuenberger
c3b1f14fe8 Accepting request 621672 from server:proxy 
OBS-URL: https://build.opensuse.org/request/show/621672
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/squid?expand=0&rev=61
 2018-07-09 11:30:52 +00:00
Martin Pluskal
4552ea2332 Accepting request 621175 from home:adamm:branches:server:proxy 
- New upstream stable version 4.1:
  + Fix --with-netfilter-conntrack error message
  + Supply ALE for force_request_body_continuation ACL

OBS-URL: https://build.opensuse.org/request/show/621175
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=161
 2018-07-09 07:44:50 +00:00
Yuchen Lin
5f7a4469f4 Accepting request 617654 from server:proxy 
OBS-URL: https://build.opensuse.org/request/show/617654
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/squid?expand=0&rev=60
 2018-06-20 13:31:31 +00:00
Martin Pluskal
d53179c2b0 Accepting request 617514 from home:adamm:branches:server:proxy 
- New upstream version 4.0.25:
  + Fixed regression: querying private entries for HTCP/ICP
  + Fixed regression: deny_info %R macro not being expanded
  + Fixed regression: proxy_auth ACL -i/+i flags not working
  + Fixed regression: filter chain certificates for validity
    when loading
  + Fixed regression: Transient reader locking broken in 4.0.24
  + Fixed NegotiateSsl crash on aborting transaction
  + Fixed IPC shared memory leaks when disker queue overflows
  + Update negotiate_kerberos_auth helper protocol to v3.4
  + Fixed: purge tool does not obey --sysconfdir= build option
  + Add timestamps to (most) FATAL messages
- a3f6783.patch: upstreamed, obsolete.

OBS-URL: https://build.opensuse.org/request/show/617514
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=159
 2018-06-19 07:13:53 +00:00
Dominique Leuenberger
516c6588b1 Accepting request 614573 from server:proxy 
OBS-URL: https://build.opensuse.org/request/show/614573
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/squid?expand=0&rev=59
 2018-06-08 21:16:44 +00:00
Martin Pluskal
987a0ab896 Accepting request 614571 from home:adamm:branches:server:proxy 
- a3f6783.patch: Fixes certificate handling with intermediates
  chains

OBS-URL: https://build.opensuse.org/request/show/614571
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=157
 2018-06-06 13:59:50 +00:00
Dominique Leuenberger
47b9dac142 Accepting request 607436 from server:proxy 
- Fix package configure, allowing it to build in factory
- correct version in changelog

OBS-URL: https://build.opensuse.org/request/show/607436
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/squid?expand=0&rev=58
 2018-05-16 09:41:52 +00:00
Adam Majer
93c15019b4 - Fix package configure 
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=155
 2018-05-15 08:19:04 +00:00
Adam Majer
bbb5cead36 fix changelog version 
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=154
 2018-05-11 11:09:01 +00:00
Dominique Leuenberger
dd3acf6d91 Accepting request 592192 from server:proxy 
OBS-URL: https://build.opensuse.org/request/show/592192
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/squid?expand=0&rev=57
 2018-03-30 10:07:45 +00:00
Ondřej Súkup
987a0f16ab Accepting request 591872 from home:adamm:branches:server:proxy 
- New upstream version 4.2.24
  + Bug 4505: SMP caches sometimes do not purge entries
  + TPROXY: Fix clientside_mark and client port logging
  + Native FTP: Fix "Cannot assign requested address" with TPROXY
  + SSL-Bump: Fix authentication with types other than Basic
  + ... and some documentation fixes
- install license correctly (bsc#1082318) and transition to SPDXv3

OBS-URL: https://build.opensuse.org/request/show/591872
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=152
 2018-03-29 08:40:02 +00:00