SHA256
1
0
forked from pool/squid
Commit Graph

102 Commits

Author SHA256 Message Date
Martin Pluskal
90caa15be3 Accepting request 816219 from home:AndreasStieger:branches:server:proxy
squid 4.12

OBS-URL: https://build.opensuse.org/request/show/816219
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=212
2020-06-22 08:43:44 +00:00
8b38ddcc65 - Update to squid 4.11:
* Fix incorrect buffer handling that can result in cache
    poisoning, remote execution, and denial of service attacks when
    processing ESI responses
    (CVE-2019-12519, CVE-2019-12521, bsc#1169659)
  * Fixes possible information disclosure when translating
    FTP server listings into HTTP responses.
    (CVE-2019-12528, bsc#1162689)
  * Fixes possible denial of service caused by incorrect buffer
    management ext_lm_group_acl when processing NTLM Authentication
    credentials. (CVE-2020-8517, bsc#1162691)
  * Fixes a potential remote execution vulnerability when using
    HTTP Digest Authentication (CVE-2020-11945, bsc#1170313)
  * Fixes problem when reconfigure killed Coordinator in
    SMP+ufs configurations (#556)

OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=210
2020-04-23 13:47:01 +00:00
1a19c2cdda Accepting request 795761 from home:kukuk:branches:server:proxy
- Make logrotate recommended, it's not strictly required and 
  doesn't make any sense in containers

OBS-URL: https://build.opensuse.org/request/show/795761
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=208
2020-04-20 11:30:46 +00:00
Martin Pluskal
53be975248 Accepting request 776203 from home:kukuk:container
- Use sysusers instead of shadow to create squid user and groups
- Don't hard require systemd

OBS-URL: https://build.opensuse.org/request/show/776203
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=204
2020-02-19 08:58:35 +00:00
4575171bf0 - Update to squid 4.10:
* fixes a security issue allowing a remote client ability to cause
    use a buffer overflow when squid is acting as reverse-proxy.
    (CVE-2020-8449, CVE-2020-8450, bsc#1162687)
  * fixes a security issue allowing for information disclosure in
    FTP gateway (CVE-2019-12528, bsc#1162689)
  * fixes a security issue in ext_lm_group_acl when processing
    NTLM Authentication credentials. (CVE-2020-8517, bsc#1162691)
  * improve cache handling with chunked responses

OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=202
2020-02-05 10:09:46 +00:00
b862c898ec - Update to squid 4.9:
* fixes multiple Cross-Site Scripting issues in cachemgr.cgi
    (CVE-2019-13345, bsc#1140738)
  * fixes heap overflow in URN processing
    (CVE-2019-12526, bsc#1156326)
  * fixes multiple issues in URI processing
    (CVE-2019-12523, CVE-2019-18676, bsc#1156329)
  * fixes Cross-Site Request Forgery in HTTP Request processing
    (CVE-2019-18677, bsc#1156328)
  * fixes HTTP Request Splitting in HTTP message processing
    (CVE-2019-18678, bsc#1156323)
  * fixes information disclosure in HTTP Digest Authentication
    (CVE-2019-18679, bsc#1156324)
  * lower cache_peer hostname - this showed up as DNS failures
    if peer name was configured with any upper case characters
  * TLS: Multiple SSL-Bump fixes
  * TLS: Fix expiration of self-signed generated certs to be 3 years
  * TLS: Fix on_unsupported_protocol tunnel action
  * Fix several rock cache_dir corruption issues
- fix_configuration_error.patch: upstreamed
- old_nettle_compat.patch: refreshed

OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=200
2019-11-08 16:23:28 +00:00
51b5f199a0 - fix_configuration_error.patch: Fix compilation with -Wreturn-type
- old_nettle_compat.patch: Update to actually use older version

OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=196
2019-08-06 13:19:25 +00:00
cccd13179c - - old_nettle_compat.patch: Fix compatibility with nettle in SLE-12
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=193
2019-07-18 14:14:00 +00:00
1b4a15b127 - use unbundled version of libnettle
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=191
2019-07-16 15:33:12 +00:00
fef008683e OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=190 2019-07-16 07:58:08 +00:00
49783ccec7 - disable LTO to as a workaround to tests failing
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=189
2019-07-16 07:57:43 +00:00
1f7d2548ca - Update to squid 4.8:
+ Ignore ECONNABORTED in accept(2)
  + RFC 7230 forbids generation of userinfo subcomponent of https URL
  + cachemgr.cgi: unallocated memory access resulting in a potential
    denial of service. (bsc#1141442, CVE-2019-12854)
  + terminating c-strings beyond BASE64_DECODE_LENGTH
  + Replace uudecode with libnettle base64 decoder fixing a denial
    of service vulnerability (bsc#1141329, CVE-2019-12529)
  + fix to_localhost does not include ::
  + Fix GCC-9 build issues
  + Fix Digest auth parameter parsing preventing a potential
    denial of service (bsc#1141332, CVE-2019-12525)
  + Update HttpHeader::getAuth to SBuf which prevents a potential
    heap overflowing allowing a possible remote code execution
    attack when processing HTTP Authentication credentials
    (bsc#1141330, CVE-2019-12527)
  + Add the NO_TLSv1_3 option to available tls-options values
  + Fix handling of tiny invalid responses
  + Fix Memory leak when http_reply_access uses external_acl
  + Fix Multiple XSS issues in cachemgr.cgi
    (bsc#1140738, CVE-2019-13345)

OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=188
2019-07-15 15:22:32 +00:00
f7bbf15a1d - Update to squid 4.7: (jsc#SLE-5648)
+ Fix stack-based buffer-overflow when parsing SNMP messages
  + Fixed squidclient authentication
  + Add support for buffer-size= to UDP logging
  + Trust intermediate CAs from trusted stores
  + Bug #4928: Cannot convert non-IPv4 to IPv4
  + Bug #4796: comm.cc !isOpen(conn->fd) assertion when rotating logs
  + Bug #4823: assertion failed: "lowestOffset () <= target_offset"
    (bsc#1133089)
  + Bug #4942: --with-filedescriptors does not do anything

OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=184
2019-05-08 10:45:58 +00:00
Martin Pluskal
41a28e8b22 Accepting request 678364 from home:seanlew:branches:server:proxy
Update squid to 4.6

OBS-URL: https://build.opensuse.org/request/show/678364
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=181
2019-02-25 07:58:31 +00:00
Martin Pluskal
8ed27ce66b Accepting request 676612 from home:jengelh:branches:server:proxy
- Do not hide errors from useradd. Make scriptlets
  plain sh compatible.

OBS-URL: https://build.opensuse.org/request/show/676612
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=178
2019-02-18 07:45:40 +00:00
Martin Pluskal
f3e0551c1d Accepting request 662363 from home:seanlew:branches:server:proxy
Updat squid

OBS-URL: https://build.opensuse.org/request/show/662363
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=175
2019-01-02 08:30:55 +00:00
a2705b2937 - Fix permissions of installed file to tmpfilesdir
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=173
2018-11-09 13:15:01 +00:00
172a09005a Accepting request 645255 from home:adamm:branches:server:proxy
- New upstream stable version 4.4:
  + Fix memory leak when parsing SNMP packet (bsc#1113669)
  + Fixed display of error page by quoting certificate fields
    before displaying them (bsc#1113668)
  + Malformed %>ru URIs for CONNECT requests

OBS-URL: https://build.opensuse.org/request/show/645255
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=171
2018-10-29 14:48:28 +00:00
Martin Pluskal
b13fb97e7d Accepting request 643973 from home:adamm:branches:server:proxy
- Create runtime directories needed when SMP mode is enabled.
  (bsc#1112695, bsc#1112066)
- Make changelog entries format consistent

OBS-URL: https://build.opensuse.org/request/show/643973
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=169
2018-10-23 13:55:38 +00:00
Martin Pluskal
5f431c6df6 Accepting request 639902 from home:pluskalm:branches:server:proxy
- Enable tests

OBS-URL: https://build.opensuse.org/request/show/639902
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=167
2018-10-04 08:40:01 +00:00
Martin Pluskal
71b88f256b - Correct changelog
* Bug 4885: Excessive memory usage when running out of descriptors
	* Bug 4877: Add missing text about external_acl_type %DATA changes
	* Bug 4875 pt1: GCC-8 compile errors with -O3 optimization
	* Bug 4716: Blank lines in cachemgr.conf are not skipped
	* Bug 4691: balance_on_multiple_ip config option docs
	* basic_pop3_auth: fix startup errors
	* langpack: Add missing dialect aliases
	* Fix range_offset_limit debugging
	* Fix icc build errors
	* Update systemd dependencies in squid.service

OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=166
2018-10-04 07:37:10 +00:00
c2c03bd33a Accepting request 639660 from home:seanlew:branches:server:proxy
Updated squid to 4.3

OBS-URL: https://build.opensuse.org/request/show/639660
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=165
2018-10-03 08:12:03 +00:00
Martin Pluskal
c8ee9aaee4 Accepting request 628925 from home:adamm:branches:server:proxy
- New upstream stable version 4.2:
  + fix HTTPMSGLOCK missing pointer safety
  + gcc-8 fixes
  + fix milliseconds logformats prepend 0s instead of spaces
  + fix %>ru logging of huge URLs

OBS-URL: https://build.opensuse.org/request/show/628925
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=163
2018-08-13 12:44:10 +00:00
Martin Pluskal
4552ea2332 Accepting request 621175 from home:adamm:branches:server:proxy
- New upstream stable version 4.1:
  + Fix --with-netfilter-conntrack error message
  + Supply ALE for force_request_body_continuation ACL

OBS-URL: https://build.opensuse.org/request/show/621175
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=161
2018-07-09 07:44:50 +00:00
Martin Pluskal
d53179c2b0 Accepting request 617514 from home:adamm:branches:server:proxy
- New upstream version 4.0.25:
  + Fixed regression: querying private entries for HTCP/ICP
  + Fixed regression: deny_info %R macro not being expanded
  + Fixed regression: proxy_auth ACL -i/+i flags not working
  + Fixed regression: filter chain certificates for validity
    when loading
  + Fixed regression: Transient reader locking broken in 4.0.24
  + Fixed NegotiateSsl crash on aborting transaction
  + Fixed IPC shared memory leaks when disker queue overflows
  + Update negotiate_kerberos_auth helper protocol to v3.4
  + Fixed: purge tool does not obey --sysconfdir= build option
  + Add timestamps to (most) FATAL messages
- a3f6783.patch: upstreamed, obsolete.

OBS-URL: https://build.opensuse.org/request/show/617514
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=159
2018-06-19 07:13:53 +00:00
Martin Pluskal
987a0ab896 Accepting request 614571 from home:adamm:branches:server:proxy
- a3f6783.patch: Fixes certificate handling with intermediates
  chains

OBS-URL: https://build.opensuse.org/request/show/614571
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=157
2018-06-06 13:59:50 +00:00
93c15019b4 - Fix package configure
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=155
2018-05-15 08:19:04 +00:00
987a0f16ab Accepting request 591872 from home:adamm:branches:server:proxy
- New upstream version 4.2.24
  + Bug 4505: SMP caches sometimes do not purge entries
  + TPROXY: Fix clientside_mark and client port logging
  + Native FTP: Fix "Cannot assign requested address" with TPROXY
  + SSL-Bump: Fix authentication with types other than Basic
  + ... and some documentation fixes
- install license correctly (bsc#1082318) and transition to SPDXv3

OBS-URL: https://build.opensuse.org/request/show/591872
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=152
2018-03-29 08:40:02 +00:00
Martin Pluskal
901a4dfe17 Accepting request 578251 from home:adamm:branches:server:proxy
- Spec file cleanup:
  + Drop unused fillup template - it's not used by systemd script
  + Drop %pretrans section which is only used to upgrade from
    version 3.4 of squid - no supported codestream has that version.
  + Drop explicit BR: on systemd-rpm-macros
- Update squid.service systemd file
  + Don't need to use squid to manage squid anymore
  + Drop references to default config file, since it's default
- Drop reference to nonexistent EnvironmentFile in the service file

OBS-URL: https://build.opensuse.org/request/show/578251
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=150
2018-02-20 07:30:53 +00:00
1fb71188d2 - Change default error pages symlink from German to English.
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=148
2018-01-29 10:37:51 +00:00
f585458732 Accepting request 568548 from home:adamm:branches:server:proxy
- Update Squid to 4.0.23
  * fixes DoS caused by incorrect pointer handling when processing
  ESI responses. This affects the default custom esi_parser
  (libxml2 and expat esi_parsers are unaffected)
  (bnc#1077003)
  * fixes DoS caused by incorrect pointer handing whien processing
  ESI responses or downloading intermediate CA certificates
  (bnc#1077006)
  * fixes "User names not sent to url_rewrite_program"
  * fixes %<Hs, %<pt, %<tt, %<bs calculation bugs for error responses

OBS-URL: https://build.opensuse.org/request/show/568548
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=145
2018-01-24 07:50:38 +00:00
ecb9797e2d Fix typo
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=143
2018-01-09 17:52:36 +00:00
Martin Pluskal
30a7a6fb20 - Update download url
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=142
2018-01-09 17:04:34 +00:00
Martin Pluskal
5dbc38c7fd Accepting request 562903 from home:adamm:branches:server:proxy
- Update Squid to 4.0.22 (fate#324583, bnc#1073089)
  * re-enable building with default openssl-devel
  * Helper changes since 3.5.27:
    + basic_msnt_multi_domain_auth removed - basic_smb_lm_auth
      helper performs the same functionality
    + cert_valid.pl testing helper renamed to
      security_fake_certverify
    + ssl_crtd renamed to security_file_certgen
  For complete set of release notes and changes since squid 3.5 see
  http://www.squid-cache.org/Versions/v4/squid-4.0.22-RELEASENOTES.html
- Updated squid.keyring using current keyring file from upstream
- missing_installs.patch: install manpages for installed helpers

OBS-URL: https://build.opensuse.org/request/show/562903
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=141
2018-01-09 16:52:12 +00:00
Martin Pluskal
d1c05d1ddf Accepting request 548073 from home:adamm:branches:server:proxy
- Explicitly BuildRequire libopenssl-1_0_0-devel until
  OpenSSL 1.1.x support can be ported.

OBS-URL: https://build.opensuse.org/request/show/548073
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=139
2017-12-04 14:13:40 +00:00
Martin Pluskal
74171e7f4f Accepting request 544758 from home:RBrownSUSE:branches:server:proxy
Replace references to /var/adm/fillup-templates with new %_fillupdir macro (boo#1069468)

OBS-URL: https://build.opensuse.org/request/show/544758
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=137
2017-11-23 15:10:32 +00:00
Dominique Leuenberger
4329bf672a Accepting request 532824 from home:dimstar:Factory
Fix build on TW

OBS-URL: https://build.opensuse.org/request/show/532824
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=135
2017-10-09 16:27:17 +00:00
Martin Pluskal
361fcf9691 Accepting request 528048 from home:adamm:branches:server:proxy
- Add missing build dependency on libnsl-devel for Factory.
  libnsl was split from glibc
- Update Squid to 3.5.27
  * bug fix release - for complete list of changes see
    http://www.squid-cache.org/Versions/v3/3.5/changesets/

OBS-URL: https://build.opensuse.org/request/show/528048
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=133
2017-09-21 15:51:36 +00:00
Martin Pluskal
f5a50006fc Accepting request 513027 from home:brassh:branches:server:proxy
add compile option for acl_time_quota helper which is part of upstream squid since 2011, see:
http://squid-dev.squid-cache.narkive.com/cq809wBb/patch-for-external-acl-time-quota-to-limit-squid-access-parental-control

OBS-URL: https://build.opensuse.org/request/show/513027
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=131
2017-07-29 16:49:58 +00:00
2822ff9e0f Accepting request 508415 from home:jengelh:branches:server:proxy
- Update description from webpage.

OBS-URL: https://build.opensuse.org/request/show/508415
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=129
2017-07-06 14:06:50 +00:00
Martin Pluskal
acbbe22233 - Packaging cleanup
- Dropped:
  * squid-brokenad.patch
  * squid-config.patch
  * squid.init squid.init.rh
  * squid-old-kerberos.patch
- Update description and url

OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=126
2017-06-19 08:28:16 +00:00
Martin Pluskal
3357c26b36 OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=125 2017-06-16 19:25:29 +00:00
Martin Pluskal
5ed84a3d8e OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=124 2017-06-16 12:39:53 +00:00
Martin Pluskal
27b8737da6 OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=123 2017-06-16 11:30:20 +00:00
Martin Pluskal
88c8efcddf - Update description
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=122
2017-06-16 07:07:26 +00:00
Martin Pluskal
333fdcae69 Accepting request 503631 from server:proxy:Test
1

OBS-URL: https://build.opensuse.org/request/show/503631
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=121
2017-06-14 09:44:29 +00:00
Martin Pluskal
5c0620bda3 Accepting request 487025 from server:proxy:Test
1

OBS-URL: https://build.opensuse.org/request/show/487025
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=119
2017-04-10 11:26:28 +00:00
Martin Pluskal
a86b838f19 Accepting request 482004 from server:proxy:Test
- initialize_cache_if_needed.sh, squid_dir.sed: Initialize cache
  directory on startup if it is missing. Move scripts out of
  systemd service file and into individual files. (bnc#1030421)

OBS-URL: https://build.opensuse.org/request/show/482004
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=117
2017-03-22 15:16:54 +00:00
Martin Pluskal
266d569041 Accepting request 453447 from server:proxy:Test
1

OBS-URL: https://build.opensuse.org/request/show/453447
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=115
2017-01-30 14:42:50 +00:00
Martin Pluskal
ebbd812ffb Accepting request 452993 from server:proxy:Test
1

OBS-URL: https://build.opensuse.org/request/show/452993
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=113
2017-01-27 16:57:51 +00:00