Revisions of squid
Marcus Rueckert (darix)
committed
(revision 4)
security fixes
- update to 6.8
- Fix marking of problematic cached IP addresses (#1691)
- Bug 5344: mgr:config segfaults without logformat (#1680)
- Fix infinite recursion when parsing HTTP chunks (#1553)
(bsc#1216715, CVE-2024-25111)
- changes in 6.7
- Bug 5337: workaround for crash on startup if -a option is used
- Bug 5274: Successful tunnels logged as TCP_TUNNEL/500
- Fix crash when NTLM and Negotiate helpers are queried with no HTTP request
- Fix SslBump memory leak when mimicking certificates with Authority Key Identifier
- Fix memory leak on SslBump certificates with Authority Key Identifier extension
- Fix a possible integer overflow in FTP Gateway
- Extend cache_log_message to Bug 5187 and job invalidation BUGs
- Remove incorrect beta version warning
- squid.keyring: updated
- header_fixups.patch: added
- 9be86d8db5e8f40829374d26334d0bb5272c1afd.patch: don't throw on
client errors
- Use %patch -P N instead of deprecated %patchN.
- Fix handling of expanding HTTP header values (bsc#1219960, CVE-2024-25617)
Ruediger Oertel (oertel)
committed
(revision 3)
security fixes and missing security references in older versions
- update to 6.6:
- bug 5328: Fix ESI build with libxml2 v2.12.0
- Bug 5319: QOS Netfilter MARK preservation is always disabled
- Bug 5318: peer_digest.cc:399: "fetch->pd && receivedData.data"
- Bug 5317: FATAL attempt to read data from memory
- Bug 5154: Do not open IPv6 sockets when IPv6 is disabled
- FTP: Ignore credenials with a NUL-prefixed username
- log_db_daemon: Fix DSN construction
- Limit the number of allowed X-Forwarded-For hops (bsc#1217654, CVE-2023-50269)
- Do not update StoreEntry expiration after errorAppendEntry()
- improve handling of response sending errors (bsc#1219131, CVE-2024-23638)
- changes in 6.5:
- Bug 5309: frequent "lowestOffset () <= target_offset" assertion
- Bug 4977: Remove mem_hdr::freeDataUpto() assertion
- Fix handling of expanding HTTP header values
- Fix RFC 1123 date parsing (bsc#1217813, CVE-2023-49285)
- Gracefully shutdown when helper process startup fails (bsc#1217815, CVE-2023-49286)
+ One-Byte Buffer OverRead in HTTP Request Header Parsing (bsc#1217274)
- update to 6.2 (bsc#1217825, CVE-2023-49288, bsc#1216497):
Daniel Mach (dmach)
committed
(revision 2)
jsc#PED-6565
- update to 6.4:
* security fixes:
+ Request/Response smuggling in HTTP/1.1 and ICAP (bsc#1216500, CVE-2023-46846)
+ Multiple issues in HTTP response caching (bsc#1216496, CVE-2023-5824)
+ Denial of Service in HTTP Digest Authentication (bsc#1216495, CVE-2023-46847)
+ Denial of Service in FTP (bsc#1216498, CVE-2023-46848)
+ Fix validation of certificates (bsc#1216803, CVE-2023-46724)
* Bug 5294: ERR_CANNOT_FORWARD returned instead of ERR_DNS_FAIL
* Bug 4981: Work around in-call job invalidation bugs
* basic_smb_lm_auth: fix 'no previous declaration' warnings
* CacheManager: require /squid-internal-mgr/ URL path prefix
* ESI: Fix build [-Wsingle-bit-bitfield-constant-conversion]
* documentation changes
- update to 6.3:
- Bug 5294: ERR_CANNOT_FORWARD returned instead of ERR_DNS_FAIL
- Bug 4981: Work around in-call job invalidation bugs
- basic_smb_lm_auth: fix 'no previous declaration' warnings
- CacheManager: require /squid-internal-mgr/ URL path prefix
- ESI: Fix build [-Wsingle-bit-bitfield-constant-conversion]
- update to 6.2:
* Major UI changes:
- Remove 8K limit for single access.log line
- Add tls_key_log to report TLS communication secrets
* Minor UI changes:
- Add %transport::>connection_id logformat code
- Add paranoid_hit_validation directive
- Report SMP store queues state (mgr:store_queues)
- Addcache_log_message directive
Displaying all 4 revisions
