SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for squid-6.8-6.1.i586.rpm :

* Wed Mar 06 2024 Adam Majer - update to 6.8 - Fix marking of problematic cached IP addresses (#1691) - Bug 5344: mgr:config segfaults without logformat (#1680) - Fix infinite recursion when parsing HTTP chunks (#1553) (bsc#1216715, CVE-2024-25111)- changes in 6.7 - Bug 5337: workaround for crash on startup if -a option is used - Bug 5274: Successful tunnels logged as TCP_TUNNEL/500 - Fix crash when NTLM and Negotiate helpers are queried with no HTTP request - Fix SslBump memory leak when mimicking certificates with Authority Key Identifier - Fix memory leak on SslBump certificates with Authority Key Identifier extension - Fix a possible integer overflow in FTP Gateway - Extend cache_log_message to Bug 5187 and job invalidation BUGs - Remove incorrect beta version warning- squid.keyring: updated- header_fixups.patch: added- 9be86d8db5e8f40829374d26334d0bb5272c1afd.patch: don\'t throw on client errors
* Mon Feb 26 2024 Dominique Leuenberger - Use %patch -P N instead of deprecated %patchN.
* Thu Dec 28 2023 Sean Lewis - update to 6.6: - bug 5328: Fix ESI build with libxml2 v2.12.0 - Bug 5319: QOS Netfilter MARK preservation is always disabled - Bug 5318: peer_digest.cc:399: \"fetch->pd && receivedData.data\" - Bug 5317: FATAL attempt to read data from memory - Bug 5154: Do not open IPv6 sockets when IPv6 is disabled - FTP: Ignore credenials with a NUL-prefixed username - log_db_daemon: Fix DSN construction - Limit the number of allowed X-Forwarded-For hops (bsc#1217654, CVE-2023-50269) - Do not update StoreEntry expiration after errorAppendEntry() - improve handling of response sending errors (bsc#1219131, CVE-2024-23638)- changes in 6.5: - Bug 5309: frequent \"lowestOffset () <= target_offset\" assertion - Bug 4977: Remove mem_hdr::freeDataUpto() assertion - Fix handling of expanding HTTP header values (bsc#1219960, CVE-2024-25617) - Fix RFC 1123 date parsing (bsc#1217813, CVE-2023-49285) - Gracefully shutdown when helper process startup fails (bsc#1217815, CVE-2023-49286)
* Wed Oct 25 2023 Adam Majer - update to 6.4:
* security fixes: + Request/Response smuggling in HTTP/1.1 and ICAP (bsc#1216500, CVE-2023-46846) + Multiple issues in HTTP response caching (bsc#1216496, CVE-2023-5824) + Denial of Service in HTTP Digest Authentication (bsc#1216495, CVE-2023-46847) + Denial of Service in FTP (bsc#1216498, CVE-2023-46848) + Fix validation of certificates (bsc#1216803, CVE-2023-46724) + One-Byte Buffer OverRead in HTTP Request Header Parsing (bsc#1217274)
* Bug 5294: ERR_CANNOT_FORWARD returned instead of ERR_DNS_FAIL
* Bug 4981: Work around in-call job invalidation bugs
* basic_smb_lm_auth: fix \'no previous declaration\' warnings
* CacheManager: require /squid-internal-mgr/ URL path prefix
* ESI: Fix build [-Wsingle-bit-bitfield-constant-conversion]
* documentation changes
* Tue Sep 19 2023 Adam Majer - update to 6.3: - Bug 5294: ERR_CANNOT_FORWARD returned instead of ERR_DNS_FAIL - Bug 4981: Work around in-call job invalidation bugs - basic_smb_lm_auth: fix \'no previous declaration\' warnings - CacheManager: require /squid-internal-mgr/ URL path prefix - ESI: Fix build [-Wsingle-bit-bitfield-constant-conversion]
* Wed Aug 09 2023 Paolo Stivanin - update to 6.2 (bsc#1217825, CVE-2023-49288, bsc#1216497):
* Major UI changes: - Remove 8K limit for single access.log line - Add tls_key_log to report TLS communication secrets
* Minor UI changes: - Add %transport::>connection_id logformat code - Add paranoid_hit_validation directive - Report SMP store queues state (mgr:store_queues) - Addcache_log_message directive
* Developer Interest changes: - Replaced X-Cache and X-Cache-Lookup headers with Cache-Status - Reject HTTP/1.0 requests with unusual framing - codespell check added to source maintenance enforcement - Streamlined ./configure handling of optional libraries - Add –progress option to test-builds.sh - Remove layer-00-bootstrap from test script - Convert LRU map into a CLP map - Remove legacy context-based debugging in favor of CodeContext
* Removed features: - Remove unused cache_diff binary - Remove obsolete membanger test - Remove deprecated leakfinder (–enable-leakfinder)
* Tue May 09 2023 Adam Majer - update to 5.9:
* Improve reply_body_max_size matching accuracy
* fix gcc13 warning
* Tue May 02 2023 Adam Majer - partial revert of earlier \"fix PIDFile\" - move pidfile back to /run/squid.pid and not in the directory owned by squid. The purpose of /run/squid/ is to facilitate SMP worker\'s IPC and not for the PID file. The PID file can live just fine in /run since it\'s written by root. (bsc#1210960)
* Fri Mar 31 2023 Dirk Müller - update to 5.8:
* Bug 5162: mgr:index URL do not produce MGR_INDEX template
* Bug 5241: Block all non-localhost requests by default
* Bug 5241: Block to-localhost, to-link-local requests by default
* ext_kerberos_ldap_group_acl: Support -b with -D
* Fix ACL type typo in req_header, rep_header key-changing ERRORs
* ... and several compile fixes
* ... and some code cleanup and polishing
* Thu Mar 23 2023 Martin Liška - Enable LTO again as it survives tests now.
* Wed Jan 25 2023 Thorsten Kukuk - Disable NIS auth module (NIS is deprecated and get\'s currently removed)
* Tue Jan 03 2023 Stefan Schubert - Migration of PAM settings to /usr/lib/pam.d.
* Thu Sep 15 2022 Stefan Schubert - Migration to /usr/etc: Saving user changed configuration files in /etc and restoring them while an RPM update.
* Sun Sep 11 2022 Dirk Müller - update to 5.7: - Regression Fix: Typo in manager ACL (bsc#1203677, CVE-2022-41317) - Bug 5186: noteDestinationsEnd check failed: transportWait - Bug 5160: Test suite fails with -flto=auto - Bug 3193 pt2: NTLM decoder truncating strings (bsc#1203680, CVE-2022-41318) - Bug 5133: OpenSSL 3.0 support - ext_session_acl: fix TDB key lookup - forward_max_tries: Do not count discarded connections - ... and many compile and debugging fixes
* Mon Aug 29 2022 chrisAATTcomputersalat.de- fix PIDFile
* NOT needed in service file (squid.service: Can\'t open PID file /run/squid.pid)
* placed to tmpfilesdir
* Wed Jun 29 2022 Stefan Schubert - Moved logrotate files from user specific directory /etc/logrotate.d to vendor specific directory /usr/etc/logrotate.d.
* Fri Jun 24 2022 Adam Majer - Update to 5.6:
* Improve handling of Gopher responses (bsc#1200907, CVE-2021-46784)- Changes in 5.5:
* fixes regression Bug 5192: esi_parser default is incorrect
* Bug 5177: clientca certificates sent to https_port clients
* Bug 5090: Must(!request->pinnedConnection()) violation
* Kid restart leads to persistent queue overflows, delays/timeouts
* Thu Mar 31 2022 Adam Majer - Do not try to set special permissions for basic_pam_auth (bsc#1197649)
* Tue Mar 29 2022 Adam Majer - Fix upgrade path from squid 4.x where we replaced some symlinks with directories in pretrans section (bsc#1197333)- old_nettle_compat.patch: refresh patch
* Sat Feb 26 2022 Andreas Stieger - Update to 5.4.1:
* Bug 5055: FATAL FwdState::noteDestinationsEnd exception: opening
* code clean-ups and developer visible changes
* Tue Feb 08 2022 Paolo Stivanin - Update to 5.4:
* Bug 5190: Preserve configured order of intermediate CA certificate chain
* Bug 5188: Fix reconfiguration leaking tls-cert=... memory
* Bug 5187: Properly track (and mark) truncated store entries
* Bug 5134: assertion failed: Transients.cc:221: \"old == e\"
* Bug 5132: Close the tunnel if to-server conn closes after client
* Wed Dec 22 2021 Martin Pluskal - Adjust harden_squid.service.patch to resolve boo#1193938
* Sat Dec 11 2021 Dirk Müller - update to 5.3:
* Bug 5169: StoreMap.cc:517 \"!s.reading()\" assertion
* Bug 5158: AnyP::Uri::host() mishandles [escaped] IPv6 addresses
* Bug 5060: Parallel builds are not reliable
* Documentation updates for logformat directive
* Tue Nov 23 2021 Johannes Segitz - Added hardening to systemd service(s) (bsc#1181400). Added patch(es):
* harden_squid.service.patch Modified:
* squid.service
* Mon Oct 04 2021 Adam Majer - transition to squid 5.x. This is a major release and for changes and how to transition from 4.x, see the release notes, http://www.squid-cache.org/Versions/v5/RELEASENOTES.html- update to 5.2
* fixes issues with WCCP protocol that may lead to information disclosure (bsc#1189403, CVE-2021-28116)- drop unused BR: db-devel, ed, opensp-devel, pkgconfig(kdb)- new BR: pkgconfig(tdb)
* Sun Aug 01 2021 Dirk Müller - update to 4.16: - Regression Fix: --with-valgrind-debug build broken since 4.15 - Bug 5129 pt1: remove Lock use from HttpRequestMethod - Bug 5128: Translation: Fix \'% i\' typo in es/ERR_FORWARDING_DENIED - Bug 4528: ICAP transactions quit on async DNS lookups
* Tue May 18 2021 Adam Majer - fix building with SLE12
* Tue May 11 2021 Dirk Müller - update to 4.15: - Bug 5112: Excessively loud chunked reply parsing error reporting - Bug 5106: Broken cache manager URL parsing (bsc#1185918, CVE-2021-28652) - Bug 5104: Memory leak in RFC 2169 response parsing (bsc#1185921, CVE-2021-28651) - Bug 3556: \"FD ... is not an open socket\" for accept() problems - Profiling: CPU timing implemented for MAC non-x86 - Fix HttpHeaderStats definition to include hoErrorDetail - Fix Squid-to-client write_timeout triggers client_lifetime timeout - Limit HeaderLookupTable_t::lookup() to BadHdr and specific IDs (bsc#1185919, CVE-2021-28662) - Handle more Range requests (bsc#1185916, CVE-2021-31806) - Handle more partial responses (bsc#1185923, bsc#1186654, CVE-2021-33620) - Stop processing a response if the Store entry is gone - ... and some portability fixes - ... and some documentation updates
* Tue Feb 09 2021 Dirk Müller - update to 4.14: - fixes HTTP Request Smuggling vulnerability (bsc#1183436, CVE-2020-25097) - Regression Fix: support for non-lowercase Transfer-Encoding value - Regression Fix: cachemgr.cgi wrong 403 response to authenticated menu URIs - Bug 5076: WCCP Security Info incorrect - Bug 5073: Compile error: index was not declared in this scope - Bug 5065: url_rewrite_program documentation update - Bug 3074 pt2: improved handling of URI paths implicit \'/\' - Fix transactions exceeding client_lifetime logged as _ABORTED
* Mon Nov 02 2020 Adam Majer - re-add older SLES12 requirements so we can use one devel project for all codestreams
* Fri Oct 30 2020 Matthias Gerstner - fix previous change to reinstante permissions macros, because the wrong path has been used (bsc#1171569).- use libexecdir instead of libdir to conform to recent changes in Factory (bsc#1171164).
* Thu Oct 08 2020 Matthias Gerstner - Reinstate permissions macros for pinger binary, because the permissions package is also responsible for setting up the cap_net_raw capability, currently a fresh squid install doesn\'t get a capability bit at all (bsc#1171569).
* Mon Aug 24 2020 Adam Majer - squid 4.13:
* Enforce token characters for field-name (#700)
* Fix livelocking in peerDigestHandleReply (#698) (bsc#1175671, CVE-2020-24606)
* Improve Transfer-Encoding handling (#702) (bsc#1175665, CVE-2020-15811)
* Forbid obs-fold and bare CR whitespace in framing header fields (#701)
* Source Format Enforcement
* Enforce token characters for field-name (#700) (bsc#1175664, CVE-2020-15810)
* Do not stall while debugging a scan of an empty store_table (#699)
* Fix livelocking in peerDigestHandleReply (#698)
* Honor on_unsupported_protocol for intercepted https_port (#689)
* Bug #5051: Some collapsed revalidation responses never expire (#683)
* SslBump: Support parsing GREASEd (and future) TLS handshakes (#663)
* Fri Jul 24 2020 Adam Majer - Change pinger and basic_pam_auth helper to use standard permissions. pinger uses cap_net_raw=ep instead (bsc#1171569)- Move squid helpers under /usr/lib{,64}/squid for Tumbleweed and SLE16 Please adjust your config paths accordingly
* Sun Jun 21 2020 Andreas Stieger - squid 4.12:
* Fixes a potential Denial of Service when processing TLS certificates during HTTPS or SSL-Bump connections (CVE-2020-14059, bsc#1173304)
* Regression Fix: Revert to slow search for new SMP shm pages
* Fix Negative responses are never cached
* HTTP: validate Content-Length value prefix (CVE-2020-15049, bsc#1173455)
* HTTP: add flexible RFC 3986 URI encoder
* Fix stall if transaction overwrites a recently active cache entry
* Thu Apr 23 2020 Adam Majer - Update to squid 4.11:
* Fix incorrect buffer handling that can result in cache poisoning, remote execution, and denial of service attacks when processing ESI responses (CVE-2019-12519, CVE-2019-12521, bsc#1169659)
* Fixes possible information disclosure when translating FTP server listings into HTTP responses. (CVE-2019-12528, bsc#1162689)
* Fixes possible denial of service caused by incorrect buffer management ext_lm_group_acl when processing NTLM Authentication credentials. (CVE-2020-8517, bsc#1162691)
* Fixes a potential remote execution vulnerability when using HTTP Digest Authentication (CVE-2020-11945, bsc#1170313)
* Fixes problem when reconfigure killed Coordinator in SMP+ufs configurations (#556)
* Mon Apr 20 2020 Thorsten Kukuk - Make logrotate recommended, it\'s not strictly required and doesn\'t make any sense in containers
* Tue Feb 18 2020 kukukAATTsuse.de- Use sysusers instead of shadow to create squid user and groups- Don\'t hard require systemd
* Wed Feb 05 2020 Adam Majer - Update to squid 4.10:
* fixes a security issue allowing a remote client ability to cause use a buffer overflow when squid is acting as reverse-proxy. (CVE-2020-8449, CVE-2020-8450, bsc#1162687)
* fixes a security issue allowing for information disclosure in FTP gateway (CVE-2019-12528, bsc#1162689)
* fixes a security issue in ext_lm_group_acl when processing NTLM Authentication credentials. (CVE-2020-8517, bsc#1162691)
* improve cache handling with chunked responses
  
ICM