rpm/squid
SHA256
1
0
Fork 0
forked from pool/squid
Code Pull Requests Activity
172 Commits 1 Branch 0 Tags 1.9 MiB
eb70b5ef0f
Commit Graph

172 Commits

This Branch
This Branch
All Branches
Author SHA256 Message Date
Adam Majer
eb70b5ef0f - CVE-2024-33427.patch: fixes possible buffer overread leading to 
denial of service (bsc#1225417, CVE-2024-33427)

OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=297
 2024-05-28 08:55:47 +00:00
Adam Majer
83753ab199 - update to 6.9 
- Regression Bug 5349: basic_nis_auth build error: unterminated #ifndef
  - Bug 5069: Keep listening after getsockname() error
  - Bug 5360: FwdState::noteDestinationsEnd() assertion "err"
  - Reduce stale errno usage
  - Plug memory leak in handling cache manager requests
  - Fix error: template-id not allowed for constructor in C++20
  - Improve release packaging automation
- header_fixups.patch: upstreamed, removed
- 9be86d8db5e8f40829374d26334d0bb5272c1afd.patch: upstreamed, removed

OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=296
 2024-05-28 08:50:04 +00:00
Adam Majer
23219f8b97 - 9be86d8db5e8f40829374d26334d0bb5272c1afd.patch: don't throw on 
client errors

OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=294
 2024-03-06 13:17:43 +00:00
Adam Majer
17b414d940 - Fix handling of expanding HTTP header values (bsc#1219960, CVE-2024-25617) 
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=293
 2024-03-06 13:03:42 +00:00
Adam Majer
8ef00f7fd9 - header_fixups.patch: added 
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=292
 2024-03-06 12:48:17 +00:00
Adam Majer
6cedc775e2 - update to 6.8 
- Fix marking of problematic cached IP addresses (#1691)
  - Bug 5344: mgr:config segfaults without logformat (#1680)
  - Fix infinite recursion when parsing HTTP chunks (#1553)
    (bsc#1216715, CVE-2024-25111)
- changes in 6.7
  - Bug 5337: workaround for crash on startup if -a option is used
  - Bug 5274: Successful tunnels logged as TCP_TUNNEL/500
  - Fix crash when NTLM and Negotiate helpers are queried with no HTTP request
  - Fix SslBump memory leak when mimicking certificates with Authority Key Identifier
  - Fix memory leak on SslBump certificates with Authority Key Identifier extension
  - Fix a possible integer overflow in FTP Gateway
  - Extend cache_log_message to Bug 5187 and job invalidation BUGs
  - Remove incorrect beta version warning

OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=291
 2024-03-06 12:28:13 +00:00
Martin Pluskal
f3ee015a17 Accepting request 1151577 from home:dimstar:rpm4.20:s 
Prepare for RPM 4.20

OBS-URL: https://build.opensuse.org/request/show/1151577
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=289
 2024-02-26 13:40:54 +00:00
Adam Majer
1b2dbe0e67 add missing CVEs 
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=287
 2024-01-29 13:38:27 +00:00
Adam Majer
335a196703 add bugzilla entry 
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=286
 2024-01-29 11:23:56 +00:00
Martin Pluskal
af1d180b1f Accepting request 1135796 from home:dirkmueller:Factory 
drop old, not referenced assets

OBS-URL: https://build.opensuse.org/request/show/1135796
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=284
 2023-12-31 07:22:40 +00:00
Martin Pluskal
311bd1e5b3 Accepting request 1135553 from home:seanlew:branches:server:proxy 
Updated squid to 6.6

OBS-URL: https://build.opensuse.org/request/show/1135553
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=283
 2023-12-29 09:02:20 +00:00
Adam Majer
62ba66243a - update to 6.4: 
* security fixes:
    + Request/Response smuggling in HTTP/1.1 and ICAP (bsc#1216500, CVE-2023-46846)
    + Multiple issues in HTTP response caching (bsc#1216496, CVE-2023-5824)
    + Denial of Service in HTTP Digest Authentication (bsc#1216495, CVE-2023-46847)
    + Denial of Service in FTP (bsc#1216498, CVE-2023-46848)
    + Fix validation of certificates (bsc#1216803, CVE-2023-46724)
  * Bug 5294: ERR_CANNOT_FORWARD returned instead of ERR_DNS_FAIL
  * Bug 4981: Work around in-call job invalidation bugs
  * basic_smb_lm_auth: fix 'no previous declaration' warnings
  * CacheManager: require /squid-internal-mgr/ URL path prefix
  * ESI: Fix build [-Wsingle-bit-bitfield-constant-conversion]
  * documentation changes

OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=281
 2023-11-02 08:45:54 +00:00
Adam Majer
452d72b5c9 - update to 6.3: 
- Bug 5294: ERR_CANNOT_FORWARD returned instead of ERR_DNS_FAIL
  - Bug 4981: Work around in-call job invalidation bugs
  - basic_smb_lm_auth: fix 'no previous declaration' warnings
  - CacheManager: require /squid-internal-mgr/ URL path prefix
  - ESI: Fix build [-Wsingle-bit-bitfield-constant-conversion]

OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=279
 2023-09-19 16:22:38 +00:00
Adam Majer
fcd32b7814 Accepting request 1103093 from home:polslinux:branches:server:proxy 
- update to 6.2:
  * Major UI changes:
    - Remove 8K limit for single access.log line
    - Add tls_key_log to report TLS communication secrets
  * Minor UI changes:
    - Add %transport::>connection_id logformat code
    - Add paranoid_hit_validation directive
    - Report SMP store queues state (mgr:store_queues)
    - Addcache_log_message directive
  * Developer Interest changes:
    - Replaced X-Cache and X-Cache-Lookup headers with Cache-Status
    - Reject HTTP/1.0 requests with unusual framing
    - codespell check added to source maintenance enforcement
    - Streamlined ./configure handling of optional libraries
    - Add –progress option to test-builds.sh
    - Remove layer-00-bootstrap from test script
    - Convert LRU map into a CLP map
    - Remove legacy context-based debugging in favor of CodeContext
  * Removed features:
    - Remove unused cache_diff binary
    - Remove obsolete membanger test
    - Remove deprecated leakfinder (–enable-leakfinder)

OBS-URL: https://build.opensuse.org/request/show/1103093
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=277
 2023-08-09 09:34:23 +00:00
Adam Majer
3be8318923 - update to 5.9: 
* Improve reply_body_max_size matching accuracy
  * fix gcc13 warning

OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=275
 2023-05-09 14:34:55 +00:00
Adam Majer
07fb1be74a - partial revert of earlier "fix PIDFile" 
- move pidfile back to /run/squid.pid and not in the directory
    owned by squid. The purpose of /run/squid/ is to facilitate
    SMP worker's IPC and not for the PID file. The PID file can
    live just fine in /run since it's written by root. (bsc#1210960)

OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=273
 2023-05-02 15:18:21 +00:00
Martin Pluskal
9f9d69b591 Accepting request 1079299 from home:dirkmueller:Factory 
- update to 5.8:
  * Bug 5162: mgr:index URL do not produce MGR_INDEX template
  * Bug 5241: Block all non-localhost requests by default
  * Bug 5241: Block to-localhost, to-link-local requests by
    default
  * ext_kerberos_ldap_group_acl: Support -b with -D
  * Fix ACL type typo in req_header, rep_header key-changing
    ERRORs
  * ... and several compile fixes
  * ... and some code cleanup and polishing

OBS-URL: https://build.opensuse.org/request/show/1079299
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=271
 2023-04-14 07:58:30 +00:00
Adam Majer
8ec6e276c4 Accepting request 1073988 from home:marxin:branches:server:proxy 
- Enable LTO again as it survives tests now.

OBS-URL: https://build.opensuse.org/request/show/1073988
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=269
 2023-03-23 14:58:09 +00:00
Adam Majer
85015dd9ad Accepting request 1060819 from home:kukuk:branches:server:proxy 
- Disable NIS auth module (NIS is deprecated and get's currently
  removed)

OBS-URL: https://build.opensuse.org/request/show/1060819
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=267
 2023-01-25 10:29:53 +00:00
Martin Pluskal
04b3f78d48 Accepting request 1046445 from home:schubi2:pam_usr_etc 
- Migration of PAM settings to /usr/lib/pam.d.

OBS-URL: https://build.opensuse.org/request/show/1046445
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=265
 2023-01-04 14:36:50 +00:00
Adam Majer
0c32424ab7 Accepting request 1003832 from home:schubi2:logrotate 
- Migration to /usr/etc: Saving user changed configuration files
  in /etc and restoring them while an RPM update.

OBS-URL: https://build.opensuse.org/request/show/1003832
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=263
 2022-09-26 10:29:20 +00:00
Adam Majer
7c543ee7fd Add CVE references 
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=262
 2022-09-26 10:23:09 +00:00
Adam Majer
221d387569 Accepting request 1002491 from home:dirkmueller:Factory 
- update to 5.7:
  - Regression Fix: Typo in manager ACL
  - Bug 5186: noteDestinationsEnd check failed: transportWait
  - Bug 5160: Test suite fails with -flto=auto
  - Bug 3193 pt2: NTLM decoder truncating strings
  - Bug 5133: OpenSSL 3.0 support
  - ext_session_acl: fix TDB key lookup
  - forward_max_tries: Do not count discarded connections
  - ... and many compile and debugging fixes

OBS-URL: https://build.opensuse.org/request/show/1002491
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=260
 2022-09-12 15:32:36 +00:00
Adam Majer
e83ebc1600 Accepting request 999891 from home:computersalat:devel:proxy 
fix PIDFile

OBS-URL: https://build.opensuse.org/request/show/999891
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=258
 2022-08-29 11:10:51 +00:00
Lars Vogdt
3d5852fb75 Accepting request 985780 from home:schubi2 
- Moved logrotate files from user specific directory /etc/logrotate.d
  to vendor specific directory /usr/etc/logrotate.d.

OBS-URL: https://build.opensuse.org/request/show/985780
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=256
 2022-06-29 17:56:59 +00:00
Adam Majer
3db5ecbad9 - Update to 5.6: 
* Improve handling of Gopher responses (bsc#1200907, CVE-2021-46784)
- Changes in 5.5:
  * fixes regression Bug 5192: esi_parser default is incorrect
  * Bug 5177: clientca certificates sent to https_port clients
  * Bug 5090: Must(!request->pinnedConnection()) violation
  * Kid restart leads to persistent queue overflows, delays/timeouts

OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=254
 2022-06-24 09:29:25 +00:00
Adam Majer
12b4ed7ebc - Do not try to set special permissions for basic_pam_auth (bsc#1197649) 
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=252
 2022-03-31 14:26:52 +00:00
Adam Majer
eae485a694 with directories in pretrans section (bsc#1197333) 
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=250
 2022-03-29 12:32:38 +00:00
Adam Majer
7a4d40ca76 - Fix upgrade path from squid 4.x where we replaced some symlinks 
with directories (bsc#1197333)
- old_nettle_compat.patch: refresh patch

OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=249
 2022-03-29 12:30:01 +00:00
Adam Majer
3a4ba9cfbe Add CVE reference only 
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=247
 2022-03-08 11:45:31 +00:00
Martin Pluskal
487cb8560d Accepting request 957749 from home:AndreasStieger:branches:server:proxy 
squid 5.4.1

OBS-URL: https://build.opensuse.org/request/show/957749
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=246
 2022-03-01 08:14:36 +00:00
Martin Pluskal
2540ef9507 Accepting request 952643 from home:polslinux:branches:server:proxy 
- Update to 5.4:
  * Bug 5190: Preserve configured order of intermediate CA certificate chain
  * Bug 5188: Fix reconfiguration leaking tls-cert=... memory
  * Bug 5187: Properly track (and mark) truncated store entries
  * Bug 5134: assertion failed: Transients.cc:221: "old == e"
  * Bug 5132: Close the tunnel if to-server conn closes after client

OBS-URL: https://build.opensuse.org/request/show/952643
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=245
 2022-02-08 13:46:41 +00:00
Martin Pluskal
c791b32bc9 - Adjust harden_squid.service.patch to resolve boo#1193938 
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=244
 2021-12-22 14:26:08 +00:00
Martin Pluskal
da562559a5 Accepting request 939558 from home:dirkmueller:Factory 
- update to 5.3:
  * Bug 5169: StoreMap.cc:517 "!s.reading()" assertion
  * Bug 5158: AnyP::Uri::host() mishandles [escaped] IPv6 addresses
  * Bug 5060: Parallel builds are not reliable
  * Documentation updates for logformat directive

OBS-URL: https://build.opensuse.org/request/show/939558
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=243
 2021-12-21 14:30:33 +00:00
Martin Pluskal
1ba7c0f00b Accepting request 933486 from home:jsegitz:branches:systemdhardening:server:proxy 
Automatic systemd hardening effort by the security team. This has not been tested. For details please see https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort

OBS-URL: https://build.opensuse.org/request/show/933486
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=242
 2021-12-07 12:01:22 +00:00
Adam Majer
7540de6b79 Fix Source URLs 
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=241
 2021-10-06 17:10:48 +00:00
Martin Pluskal
91cd7d9ece Accepting request 923273 from home:adamm:branches:server:proxy 
- transition to squid 5.x. This is a major release and for changes
  and how to transition from 4.x, see the release notes,
  http://www.squid-cache.org/Versions/v5/RELEASENOTES.html
- update to 5.2
  * fixes issues with WCCP protocol that may lead to information
    disclosure (bsc#1189403, CVE-2021-28116)
- drop unused BR: db-devel, ed, opensp-devel, pkgconfig(kdb)
- new BR: pkgconfig(tdb)

OBS-URL: https://build.opensuse.org/request/show/923273
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=240
 2021-10-06 08:28:26 +00:00
Martin Pluskal
f4a3ff6528 Accepting request 909588 from home:dirkmueller:Factory 
- update to 4.16:
  - Regression Fix: --with-valgrind-debug build broken since 4.15
  - Bug 5129 pt1: remove Lock use from HttpRequestMethod
  - Bug 5128: Translation: Fix '% i' typo in es/ERR_FORWARDING_DENIED
  - Bug 4528: ICAP transactions quit on async DNS lookups

OBS-URL: https://build.opensuse.org/request/show/909588
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=239
 2021-08-03 07:22:15 +00:00
Adam Majer
9d9e9e1d0b Add missing bug reference 
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=237
 2021-05-18 18:11:24 +00:00
Adam Majer
3761d61a9d - fix building with SLE12 
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=235
 2021-05-18 12:44:03 +00:00
Adam Majer
abcd5831a0 - Bug 5106: Broken cache manager URL parsing (bsc#1185918, CVE-2021-28652) 
(bsc#1185921, CVE-2021-28651)
    (bsc#1185919, CVE-2021-28662)
  - Handle more Range requests (bsc#1185916, CVE-2021-31806)
  - Handle more partial responses (bsc#1185923)

OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=234
 2021-05-18 08:58:40 +00:00
Martin Pluskal
b8860150b2 Accepting request 892304 from home:dirkmueller:Factory 
- update to 4.15:
  - Bug 5112: Excessively loud chunked reply parsing error reporting
  - Bug 5106: Broken cache manager URL parsing
  - Bug 5104: Memory leak in RFC 2169 response parsing
  - Bug 3556: "FD ... is not an open socket" for accept() problems
  - Profiling: CPU timing implemented for MAC non-x86
  - Fix HttpHeaderStats definition to include hoErrorDetail
  - Fix Squid-to-client write_timeout triggers client_lifetime timeout
  - Limit HeaderLookupTable_t::lookup() to BadHdr and specific IDs
  - Handle more Range requests
  - Handle more partial responses
  - Stop processing a response if the Store entry is gone
  - ... and some portability fixes
  - ... and some documentation updates

OBS-URL: https://build.opensuse.org/request/show/892304
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=232
 2021-05-12 12:31:04 +00:00
Martin Pluskal
0e6d2ed89f Accepting request 870712 from home:dirkmueller:branches:server:proxy 
- update to 4.14:
  - Regression Fix: support for non-lowercase Transfer-Encoding value
  - Regression Fix: cachemgr.cgi wrong 403 response to authenticated menu URIs
  - Bug 5076: WCCP Security Info incorrect
  - Bug 5073: Compile error: index was not declared in this scope
  - Bug 5065: url_rewrite_program documentation update
  - Bug 3074 pt2: improved handling of URI paths implicit '/'
  - Fix transactions exceeding client_lifetime logged as _ABORTED

OBS-URL: https://build.opensuse.org/request/show/870712
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=230
 2021-02-10 06:37:01 +00:00
Adam Majer
8d1748fdfd Accepting request 846223 from home:adamm:branches:server:proxy 
- re-add older SLES12 requirements so we can use one devel project
  for all codestreams

- fix previous change to reinstante permissions macros, because the wrong path
  has been used (bsc#1171569).
- use libexecdir instead of libdir to conform to recent changes in Factory
  (bsc#1171164).

OBS-URL: https://build.opensuse.org/request/show/846223
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=228
 2020-11-05 16:30:46 +00:00
Adam Majer
9446ddfb48 Unescape macros 
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=226
 2020-10-08 14:14:03 +00:00
Adam Majer
f80a1dd80c Accepting request 840239 from home:mgerstner:branches:server:proxy 
- Reinstate permissions macros for pinger binary, because the permissions
  package is also responsible for setting up the cap_net_raw capability,
  currently a fresh squid install doesn't get a capability bit at all
  (bsc#1171569).

OBS-URL: https://build.opensuse.org/request/show/840239
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=225
 2020-10-08 14:13:00 +00:00
Adam Majer
b0e79047c9 Added CVE number only 
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=223
 2020-08-26 08:32:58 +00:00
Adam Majer
9f88e6bab0 - squid 4.13: 
* Enforce token characters for field-name (#700)
  * Fix livelocking in peerDigestHandleReply (#698) (bsc#1175671)
  * Improve Transfer-Encoding handling (#702)
    (bsc#1175665, CVE-2020-15811)
  * Forbid obs-fold and bare CR whitespace in framing header fields (#701)
  * Source Format Enforcement
  * Enforce token characters for field-name (#700)
    (bsc#1175664, CVE-2020-15810)
  * Do not stall while debugging a scan of an empty store_table (#699)
  * Fix livelocking in peerDigestHandleReply (#698)
  * Honor on_unsupported_protocol for intercepted https_port (#689)
  * Bug #5051: Some collapsed revalidation responses never expire (#683)
  * SslBump: Support parsing GREASEd (and future) TLS handshakes (#663)

OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=221
 2020-08-24 11:53:55 +00:00
Martin Pluskal
f6f553d246 Accepting request 822709 from home:adamm:branches:server:proxy 
- Change pinger and basic_pam_auth helper to use standard permissions.
  pinger uses cap_net_raw=ep instead (bsc#1171569)
- Move squid helpers under /usr/lib{,64}/squid for Tumbleweed and SLE16
  Please adjust your config paths accordingly

OBS-URL: https://build.opensuse.org/request/show/822709
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=219
 2020-08-10 06:02:07 +00:00
Adam Majer
f54ff4bf28 Add missing CVE number 
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=217
 2020-06-29 08:00:27 +00:00