openSUSE Build Service

Overview Repositories Revisions Requests Users Attributes Meta

Revisions of squid

Dominique Leuenberger (dimstar_suse) accepted request 816822 from

Adam Majer (adamm) over 4 years ago (revision 82)

Add bug references only  

* Fixes a potential Denial of Service when processing TLS certificates
    during HTTPS or SSL-Bump connections (CVE-2020-14059, bsc#1173304)

Dominique Leuenberger (dimstar_suse) accepted request 816284 from

Martin Pluskal (pluskalm) over 4 years ago (revision 81)

Dominique Leuenberger (dimstar_suse) accepted request 796564 from

Adam Majer (adamm) over 4 years ago (revision 80)

- Update to squid 4.11:
  * Fix incorrect buffer handling that can result in cache
    poisoning, remote execution, and denial of service attacks when
    processing ESI responses
    (CVE-2019-12519, CVE-2019-12521, bsc#1169659)
  * Fixes possible information disclosure when translating
    FTP server listings into HTTP responses.
    (CVE-2019-12528, bsc#1162689)
  * Fixes possible denial of service caused by incorrect buffer
    management ext_lm_group_acl when processing NTLM Authentication
    credentials. (CVE-2020-8517, bsc#1162691)
  * Fixes a potential remote execution vulnerability when using
    HTTP Digest Authentication (CVE-2020-11945, bsc#1170313)
  * Fixes problem when reconfigure killed Coordinator in
    SMP+ufs configurations (#556)

Dominique Leuenberger (dimstar_suse) accepted request 795800 from

Adam Majer (adamm) over 4 years ago (revision 79)

Dominique Leuenberger (dimstar_suse) accepted request 792007 from

Factory Maintainer (factory-maintainer) over 4 years ago (revision 78)

Automatic submission by obs-autosubmit

Dominique Leuenberger (dimstar_suse) accepted request 776229 from

Martin Pluskal (pluskalm) over 4 years ago (revision 77)

Dominique Leuenberger (dimstar_suse) accepted request 770216 from

Adam Majer (adamm) almost 5 years ago (revision 76)

- Update to squid 4.10:
  * fixes a security issue allowing a remote client ability to cause
    use a buffer overflow when squid is acting as reverse-proxy.
    (CVE-2020-8449, CVE-2020-8450, bsc#1162687)
  * fixes a security issue allowing for information disclosure in
    FTP gateway (CVE-2019-12528, bsc#1162689)
  * fixes a security issue in ext_lm_group_acl when processing
    NTLM Authentication credentials. (CVE-2020-8517, bsc#1162691)
  * improve cache handling with chunked responses

Dominique Leuenberger (dimstar_suse) accepted request 746661 from

Adam Majer (adamm) about 5 years ago (revision 75)

- Update to squid 4.9:
  * fixes multiple Cross-Site Scripting issues in cachemgr.cgi
    (CVE-2019-13345, bsc#1140738)
  * fixes heap overflow in URN processing
    (CVE-2019-12526, bsc#1156326)
  * fixes multiple issues in URI processing
    (CVE-2019-12523, CVE-2019-18676, bsc#1156329)
  * fixes Cross-Site Request Forgery in HTTP Request processing
    (CVE-2019-18677, bsc#1156328)
  * fixes HTTP Request Splitting in HTTP message processing
    (CVE-2019-18678, bsc#1156323)
  * fixes information disclosure in HTTP Digest Authentication
    (CVE-2019-18679, bsc#1156324)
  * lower cache_peer hostname - this showed up as DNS failures
    if peer name was configured with any upper case characters
  * TLS: Multiple SSL-Bump fixes
  * TLS: Fix expiration of self-signed generated certs to be 3 years
  * TLS: Fix on_unsupported_protocol tunnel action
  * Fix several rock cache_dir corruption issues
- fix_configuration_error.patch: upstreamed
- old_nettle_compat.patch: refreshed

Dominique Leuenberger (dimstar_suse) accepted request 721533 from

Adam Majer (adamm) over 5 years ago (revision 74)

- fix_configuration_error.patch: Fix compilation with -Wreturn-type
- old_nettle_compat.patch: Update to actually use older version

Dominique Leuenberger (dimstar_suse) accepted request 718583 from

Factory Maintainer (factory-maintainer) over 5 years ago (revision 73)

Automatic submission by obs-autosubmit

Dominique Leuenberger (dimstar_suse) accepted request 715745 from

Adam Majer (adamm) over 5 years ago (revision 72)

- Update to squid 4.8:
  + Ignore ECONNABORTED in accept(2)
  + RFC 7230 forbids generation of userinfo subcomponent of https URL
  + cachemgr.cgi: unallocated memory access resulting in a potential
    denial of service. (bsc#1141442, CVE-2019-12854)
  + terminating c-strings beyond BASE64_DECODE_LENGTH
  + Replace uudecode with libnettle base64 decoder fixing a denial
    of service vulnerability (bsc#1141329, CVE-2019-12529)
  + fix to_localhost does not include ::
  + Fix GCC-9 build issues
  + Fix Digest auth parameter parsing preventing a potential
    denial of service (bsc#1141332, CVE-2019-12525)
  + Update HttpHeader::getAuth to SBuf which prevents a potential
    heap overflowing allowing a possible remote code execution
    attack when processing HTTP Authentication credentials
    (bsc#1141330, CVE-2019-12527)
  + Add the NO_TLSv1_3 option to available tls-options values
  + Fix handling of tiny invalid responses
  + Fix Memory leak when http_reply_access uses external_acl
  + Fix Multiple XSS issues in cachemgr.cgi
    (bsc#1140738, CVE-2019-13345)
- use unbundled version of libnettle
- disable LTO as a workaround to tests failing

Dominique Leuenberger (dimstar_suse) accepted request 702817 from

Adam Majer (adamm) over 5 years ago (revision 71)

Adding few more bug numbers that were missing
from the squid 3.x changelog

Dominique Leuenberger (dimstar_suse) accepted request 701549 from

Adam Majer (adamm) over 5 years ago (revision 70)

- Update to squid 4.7: (jsc#SLE-5648)
  + Fix stack-based buffer-overflow when parsing SNMP messages
  + Fixed squidclient authentication
  + Add support for buffer-size= to UDP logging
  + Trust intermediate CAs from trusted stores
  + Bug #4928: Cannot convert non-IPv4 to IPv4
  + Bug #4796: comm.cc !isOpen(conn->fd) assertion when rotating logs
  + Bug #4823: assertion failed: "lowestOffset () <= target_offset"
    (bsc#1133089)
  + Bug #4942: --with-filedescriptors does not do anything

- Syncronize bug and CVE references between 3.x and 4.x squid changelog
  versions. These bugs were fixed here either without properly referencing
  them during the fix or 4.x branch was never affected by them.
  (bsc#1090089, CVE-2018-1172, bsc#979008, CVE-2016-4556,
   bsc#938715, CVE-2015-5400, bsc#949942, CVE-2014-9749,
   bsc#1016169, CVE-2016-10003, bsc#1016168, CVE-2016-10002,
   bsc#979011, CVE-2016-4555, bsc#979010, CVE-2016-4554,
   bsc#979009, CVE-2016-4553, bsc#976556, CVE-2016-4054,
   bsc#976553, CVE-2016-4051, bsc#973783, CVE-2016-3948,
   bsc#973782, CVE-2016-3947, bsc#968395, CVE-2016-2572,
   bsc#968394, CVE-2016-2571, bsc#968393, CVE-2016-2570,
   bsc#968392, CVE-2016-2569, bsc#967011, CVE-2016-2390,
   bsc#959290, CVE-2016-4052, CVE-2016-4053)

  + Fix memory leak when parsing SNMP packet
    (bsc#1113669, CVE-2018-19132)
    before displaying them (bsc#1113668, CVE-2018-19131)

Stephan Kulow (coolo) accepted request 678651 from

Martin Pluskal (pluskalm) over 5 years ago (revision 69)

Yuchen Lin (maxlin_factory) accepted request 677001 from

Adam Majer (adamm) over 5 years ago (revision 68)

- Revert whitespace deletions of .changes as it makes diffs a pain.

- Do not hide errors from useradd. Make scriptlets
  plain sh compatible.

Dominique Leuenberger (dimstar_suse) accepted request 662383 from

Martin Pluskal (pluskalm) almost 6 years ago (revision 67)

- Update to squid 4.5: 
  + Squid crashes when ICAPS and a sslcrtvalidator used together (#328)
  + ssl_bump prevents from accessing some web contents (#304) 
  + Docs: improved lexgrog compatibility (#340)
  + Redesign forward_max_tries count TCP connection attempts
  + Fix client_connection_mark ACL handling of clientless transactions
  + Fix netdb exchange with a TLS cache peer
  + Update netdb when tunneling requests
  + Use pkg-config for detecting libxml2
  + Misc doc updates
  + Misc code compile fixes

Dominique Leuenberger (dimstar_suse) accepted request 653729 from

Factory Maintainer (factory-maintainer) almost 6 years ago (revision 66)