Overview Repositories Revisions Requests Users Attributes Meta

Revisions of squid

Adam Majer's avatar Adam Majer (adamm) committed (revision 200) 
- Update to squid 4.9:
  * fixes multiple Cross-Site Scripting issues in cachemgr.cgi
    (CVE-2019-13345, bsc#1140738)
  * fixes heap overflow in URN processing
    (CVE-2019-12526, bsc#1156326)
  * fixes multiple issues in URI processing
    (CVE-2019-12523, CVE-2019-18676, bsc#1156329)
  * fixes Cross-Site Request Forgery in HTTP Request processing
    (CVE-2019-18677, bsc#1156328)
  * fixes HTTP Request Splitting in HTTP message processing
    (CVE-2019-18678, bsc#1156323)
  * fixes information disclosure in HTTP Digest Authentication
    (CVE-2019-18679, bsc#1156324)
  * lower cache_peer hostname - this showed up as DNS failures
    if peer name was configured with any upper case characters
  * TLS: Multiple SSL-Bump fixes
  * TLS: Fix expiration of self-signed generated certs to be 3 years
  * TLS: Fix on_unsupported_protocol tunnel action
  * Fix several rock cache_dir corruption issues
- fix_configuration_error.patch: upstreamed
- old_nettle_compat.patch: refreshed
buildservice-autocommit accepted request 721533 from Adam Majer's avatar Adam Majer (adamm) (revision 199) 
baserev update by copy to link target
Adam Majer's avatar Adam Majer (adamm) committed (revision 198) 
Fix compilation with old nettle
Adam Majer's avatar Adam Majer (adamm) committed (revision 197)
Adam Majer's avatar Adam Majer (adamm) committed (revision 196) 
- fix_configuration_error.patch: Fix compilation with -Wreturn-type
- old_nettle_compat.patch: Update to actually use older version
buildservice-autocommit accepted request 718583 from Factory Maintainer's avatar Factory Maintainer (factory-maintainer) (revision 195) 
baserev update by copy to link target
Adam Majer's avatar Adam Majer (adamm) committed (revision 194) 
Fix patch for current patch
Adam Majer's avatar Adam Majer (adamm) committed (revision 193) 
- - old_nettle_compat.patch: Fix compatibility with nettle in SLE-12
buildservice-autocommit accepted request 715745 from Adam Majer's avatar Adam Majer (adamm) (revision 192) 
baserev update by copy to link target
Adam Majer's avatar Adam Majer (adamm) committed (revision 191) 
- use unbundled version of libnettle
Adam Majer's avatar Adam Majer (adamm) committed (revision 190)
Adam Majer's avatar Adam Majer (adamm) committed (revision 189) 
- disable LTO to as a workaround to tests failing
Adam Majer's avatar Adam Majer (adamm) committed (revision 188) 
- Update to squid 4.8:
  + Ignore ECONNABORTED in accept(2)
  + RFC 7230 forbids generation of userinfo subcomponent of https URL
  + cachemgr.cgi: unallocated memory access resulting in a potential
    denial of service. (bsc#1141442, CVE-2019-12854)
  + terminating c-strings beyond BASE64_DECODE_LENGTH
  + Replace uudecode with libnettle base64 decoder fixing a denial
    of service vulnerability (bsc#1141329, CVE-2019-12529)
  + fix to_localhost does not include ::
  + Fix GCC-9 build issues
  + Fix Digest auth parameter parsing preventing a potential
    denial of service (bsc#1141332, CVE-2019-12525)
  + Update HttpHeader::getAuth to SBuf which prevents a potential
    heap overflowing allowing a possible remote code execution
    attack when processing HTTP Authentication credentials
    (bsc#1141330, CVE-2019-12527)
  + Add the NO_TLSv1_3 option to available tls-options values
  + Fix handling of tiny invalid responses
  + Fix Memory leak when http_reply_access uses external_acl
  + Fix Multiple XSS issues in cachemgr.cgi
    (bsc#1140738, CVE-2019-13345)
buildservice-autocommit accepted request 702817 from Adam Majer's avatar Adam Majer (adamm) (revision 187) 
baserev update by copy to link target
Adam Majer's avatar Adam Majer (adamm) committed (revision 186) 
Few more missing bug numbers from 3.x line
buildservice-autocommit accepted request 701549 from Adam Majer's avatar Adam Majer (adamm) (revision 185) 
baserev update by copy to link target
Adam Majer's avatar Adam Majer (adamm) committed (revision 184) 
- Update to squid 4.7: (jsc#SLE-5648)
  + Fix stack-based buffer-overflow when parsing SNMP messages
  + Fixed squidclient authentication
  + Add support for buffer-size= to UDP logging
  + Trust intermediate CAs from trusted stores
  + Bug #4928: Cannot convert non-IPv4 to IPv4
  + Bug #4796: comm.cc !isOpen(conn->fd) assertion when rotating logs
  + Bug #4823: assertion failed: "lowestOffset () <= target_offset"
    (bsc#1133089)
  + Bug #4942: --with-filedescriptors does not do anything
Adam Majer's avatar Adam Majer (adamm) committed (revision 183) 
- Syncronize bug and CVE references between 3.x and 4.x squid changelog
buildservice-autocommit accepted request 678651 from Martin Pluskal's avatar Martin Pluskal (pluskalm) (revision 182) 
baserev update by copy to link target
Martin Pluskal's avatar Martin Pluskal (pluskalm) accepted request 678364 from Sean Lewis's avatar Sean Lewis (seanlew) (revision 181) 
Update squid to 4.6
Displaying revisions 101 - 120 of 300
openSUSE Build Service is sponsored by
Places