Revisions of squid

Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 816822 from Adam Majer's avatar Adam Majer (adamm) (revision 82)
Add bug references only  

* Fixes a potential Denial of Service when processing TLS certificates
    during HTTPS or SSL-Bump connections (CVE-2020-14059, bsc#1173304)
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 796564 from Adam Majer's avatar Adam Majer (adamm) (revision 80)
- Update to squid 4.11:
  * Fix incorrect buffer handling that can result in cache
    poisoning, remote execution, and denial of service attacks when
    processing ESI responses
    (CVE-2019-12519, CVE-2019-12521, bsc#1169659)
  * Fixes possible information disclosure when translating
    FTP server listings into HTTP responses.
    (CVE-2019-12528, bsc#1162689)
  * Fixes possible denial of service caused by incorrect buffer
    management ext_lm_group_acl when processing NTLM Authentication
    credentials. (CVE-2020-8517, bsc#1162691)
  * Fixes a potential remote execution vulnerability when using
    HTTP Digest Authentication (CVE-2020-11945, bsc#1170313)
  * Fixes problem when reconfigure killed Coordinator in
    SMP+ufs configurations (#556)
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 792007 from Factory Maintainer's avatar Factory Maintainer (factory-maintainer) (revision 78)
Automatic submission by obs-autosubmit
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 770216 from Adam Majer's avatar Adam Majer (adamm) (revision 76)
- Update to squid 4.10:
  * fixes a security issue allowing a remote client ability to cause
    use a buffer overflow when squid is acting as reverse-proxy.
    (CVE-2020-8449, CVE-2020-8450, bsc#1162687)
  * fixes a security issue allowing for information disclosure in
    FTP gateway (CVE-2019-12528, bsc#1162689)
  * fixes a security issue in ext_lm_group_acl when processing
    NTLM Authentication credentials. (CVE-2020-8517, bsc#1162691)
  * improve cache handling with chunked responses
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 746661 from Adam Majer's avatar Adam Majer (adamm) (revision 75)
- Update to squid 4.9:
  * fixes multiple Cross-Site Scripting issues in cachemgr.cgi
    (CVE-2019-13345, bsc#1140738)
  * fixes heap overflow in URN processing
    (CVE-2019-12526, bsc#1156326)
  * fixes multiple issues in URI processing
    (CVE-2019-12523, CVE-2019-18676, bsc#1156329)
  * fixes Cross-Site Request Forgery in HTTP Request processing
    (CVE-2019-18677, bsc#1156328)
  * fixes HTTP Request Splitting in HTTP message processing
    (CVE-2019-18678, bsc#1156323)
  * fixes information disclosure in HTTP Digest Authentication
    (CVE-2019-18679, bsc#1156324)
  * lower cache_peer hostname - this showed up as DNS failures
    if peer name was configured with any upper case characters
  * TLS: Multiple SSL-Bump fixes
  * TLS: Fix expiration of self-signed generated certs to be 3 years
  * TLS: Fix on_unsupported_protocol tunnel action
  * Fix several rock cache_dir corruption issues
- fix_configuration_error.patch: upstreamed
- old_nettle_compat.patch: refreshed
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 721533 from Adam Majer's avatar Adam Majer (adamm) (revision 74)
- fix_configuration_error.patch: Fix compilation with -Wreturn-type
- old_nettle_compat.patch: Update to actually use older version
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 718583 from Factory Maintainer's avatar Factory Maintainer (factory-maintainer) (revision 73)
Automatic submission by obs-autosubmit
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 715745 from Adam Majer's avatar Adam Majer (adamm) (revision 72)
- Update to squid 4.8:
  + Ignore ECONNABORTED in accept(2)
  + RFC 7230 forbids generation of userinfo subcomponent of https URL
  + cachemgr.cgi: unallocated memory access resulting in a potential
    denial of service. (bsc#1141442, CVE-2019-12854)
  + terminating c-strings beyond BASE64_DECODE_LENGTH
  + Replace uudecode with libnettle base64 decoder fixing a denial
    of service vulnerability (bsc#1141329, CVE-2019-12529)
  + fix to_localhost does not include ::
  + Fix GCC-9 build issues
  + Fix Digest auth parameter parsing preventing a potential
    denial of service (bsc#1141332, CVE-2019-12525)
  + Update HttpHeader::getAuth to SBuf which prevents a potential
    heap overflowing allowing a possible remote code execution
    attack when processing HTTP Authentication credentials
    (bsc#1141330, CVE-2019-12527)
  + Add the NO_TLSv1_3 option to available tls-options values
  + Fix handling of tiny invalid responses
  + Fix Memory leak when http_reply_access uses external_acl
  + Fix Multiple XSS issues in cachemgr.cgi
    (bsc#1140738, CVE-2019-13345)
- use unbundled version of libnettle
- disable LTO as a workaround to tests failing
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 702817 from Adam Majer's avatar Adam Majer (adamm) (revision 71)
Adding few more bug numbers that were missing
from the squid 3.x changelog
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 701549 from Adam Majer's avatar Adam Majer (adamm) (revision 70)
- Update to squid 4.7: (jsc#SLE-5648)
  + Fix stack-based buffer-overflow when parsing SNMP messages
  + Fixed squidclient authentication
  + Add support for buffer-size= to UDP logging
  + Trust intermediate CAs from trusted stores
  + Bug #4928: Cannot convert non-IPv4 to IPv4
  + Bug #4796: comm.cc !isOpen(conn->fd) assertion when rotating logs
  + Bug #4823: assertion failed: "lowestOffset () <= target_offset"
    (bsc#1133089)
  + Bug #4942: --with-filedescriptors does not do anything

- Syncronize bug and CVE references between 3.x and 4.x squid changelog
  versions. These bugs were fixed here either without properly referencing
  them during the fix or 4.x branch was never affected by them.
  (bsc#1090089, CVE-2018-1172, bsc#979008, CVE-2016-4556,
   bsc#938715, CVE-2015-5400, bsc#949942, CVE-2014-9749,
   bsc#1016169, CVE-2016-10003, bsc#1016168, CVE-2016-10002,
   bsc#979011, CVE-2016-4555, bsc#979010, CVE-2016-4554,
   bsc#979009, CVE-2016-4553, bsc#976556, CVE-2016-4054,
   bsc#976553, CVE-2016-4051, bsc#973783, CVE-2016-3948,
   bsc#973782, CVE-2016-3947, bsc#968395, CVE-2016-2572,
   bsc#968394, CVE-2016-2571, bsc#968393, CVE-2016-2570,
   bsc#968392, CVE-2016-2569, bsc#967011, CVE-2016-2390,
   bsc#959290, CVE-2016-4052, CVE-2016-4053)

  + Fix memory leak when parsing SNMP packet
    (bsc#1113669, CVE-2018-19132)
    before displaying them (bsc#1113668, CVE-2018-19131)
Yuchen Lin's avatar Yuchen Lin (maxlin_factory) accepted request 677001 from Adam Majer's avatar Adam Majer (adamm) (revision 68)
- Revert whitespace deletions of .changes as it makes diffs a pain.

- Do not hide errors from useradd. Make scriptlets
  plain sh compatible.
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 662383 from Martin Pluskal's avatar Martin Pluskal (pluskalm) (revision 67)
- Update to squid 4.5: 
  + Squid crashes when ICAPS and a sslcrtvalidator used together (#328)
  + ssl_bump prevents from accessing some web contents (#304) 
  + Docs: improved lexgrog compatibility (#340)
  + Redesign forward_max_tries count TCP connection attempts
  + Fix client_connection_mark ACL handling of clientless transactions
  + Fix netdb exchange with a TLS cache peer
  + Update netdb when tunneling requests
  + Use pkg-config for detecting libxml2
  + Misc doc updates
  + Misc code compile fixes
 
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 653729 from Factory Maintainer's avatar Factory Maintainer (factory-maintainer) (revision 66)
Automatic submission by obs-autosubmit
Displaying revisions 41 - 60 of 122
openSUSE Build Service is sponsored by