| Message ID | 20200823124258.3114-1-matthias.fischer@ipfire.org |
|---|---|
| State | Accepted |
| Commit | 9fa6a8d81dd4f3011d4bc325b965bd213fa21ebf |
| Headers |
Return-Path: <development-bounces@lists.ipfire.org> Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail01.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4BZFKS12Xfz3x16 for <patchwork@web04.haj.ipfire.org>; Sun, 23 Aug 2020 12:43:08 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail02.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4BZFKQ6n2fzk9; Sun, 23 Aug 2020 12:43:06 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4BZFKQ5Ldqz2yK5; Sun, 23 Aug 2020 12:43:06 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail01.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4BZFKP65y3z2xkV for <development@lists.ipfire.org>; Sun, 23 Aug 2020 12:43:05 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (Client did not present a certificate) by mail01.ipfire.org (Postfix) with ESMTPSA id 4BZFKP0q6bzk9 for <development@lists.ipfire.org>; Sun, 23 Aug 2020 12:43:05 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1598186585; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc; bh=K9SJ11B0+6hssJW6tYT4HbNwxSFP+gbaExaXmSGsUaA=; b=ZX0zgCvdU2bcANgF3VCJhw9WtHslYjueXc0qXt6wnIOiN4pkUBn/Ca8V3o0iDIV7Kc0rJU 43Wezc9nPH+RLZCw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1598186585; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc; bh=K9SJ11B0+6hssJW6tYT4HbNwxSFP+gbaExaXmSGsUaA=; b=mrtfCo/YHldGLATXKSLrKbkGgfgSxkONwdA/V9dfyp0jUZT2b+vMLJsQEo9Qg0lDVun8RE 6uA+CwJ0sH6iYf0cb2MiITrUqBqcI+P53RmUsGHnfmBjq48IQYIhs7Jw7gW9fL1cIDKBLI vVXQ80PxLnh85apmxcfwIGzYrg8Ta8CbiVnv9u/Q6dG6uBkMFumdq3n8ZCryUm+ZVMlI5G iVBO/tySnUtJluZOfTNOkWoRSrEMUwDC3ziQBki8N0Ek+5NCdhXIBOQn47kh9cjsCMwX26 SBYNtFSbIxf8vL7Aqco+tYTjhk53uRGJcxQSsgTTKTQhmQFLi34wQOGL/0yXMg== From: Matthias Fischer <matthias.fischer@ipfire.org> To: development@lists.ipfire.org Subject: [PATCH] squid: Update to 4.13 Date: Sun, 23 Aug 2020 14:42:58 +0200 Message-Id: <20200823124258.3114-1-matthias.fischer@ipfire.org> Authentication-Results: mail01.ipfire.org; auth=pass smtp.mailfrom=matthias.fischer@ipfire.org X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk <development.lists.ipfire.org> List-Unsubscribe: <https://lists.ipfire.org/mailman/options/development>, <mailto:development-request@lists.ipfire.org?subject=unsubscribe> List-Archive: <http://lists.ipfire.org/pipermail/development/> List-Post: <mailto:development@lists.ipfire.org> List-Help: <mailto:development-request@lists.ipfire.org?subject=help> List-Subscribe: <https://lists.ipfire.org/mailman/listinfo/development>, <mailto:development-request@lists.ipfire.org?subject=subscribe> Errors-To: development-bounces@lists.ipfire.org Sender: "Development" <development-bounces@lists.ipfire.org> |
| Series |
squid: Update to 4.13
|
|
Commit Message
Matthias Fischer
Aug. 23, 2020, 12:42 p.m. UTC
For details see:
http://www.squid-cache.org/Versions/v4/changesets/
and
http://lists.squid-cache.org/pipermail/squid-users/2020-August/022566.html
Fixes (excerpt):
"* SQUID-2020:8 HTTP(S) Request Splitting
(CVE-2020-15811)
This problem is serious because it allows any client, including
browser scripts, to bypass local security and poison the browser
cache and any downstream caches with content from an arbitrary
source.
* SQUID-2020:9 Denial of Service processing Cache Digest Response
(CVE pending allocation)
This problem allows a trusted peer to deliver to perform Denial
of Service by consuming all available CPU cycles on the machine
running Squid when handling a crafted Cache Digest response
message.
* SQUID-2020:10 HTTP(S) Request Smuggling
(CVE-2020-15810)
This problem is serious because it allows any client, including
browser scripts, to bypass local security and poison the proxy
cache and any downstream caches with content from an arbitrary
source.
* Bug 5051: Some collapsed revalidation responses never expire
* SSL-Bump: Support parsing GREASEd (and future) TLS handshakes
* Honor on_unsupported_protocol for intercepted https_port"
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
---
lfs/squid | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
Comments
Thank you for working on this so quickly. -Michael > On 23 Aug 2020, at 13:42, Matthias Fischer <matthias.fischer@ipfire.org> wrote: > > For details see: > http://www.squid-cache.org/Versions/v4/changesets/ > > and > > http://lists.squid-cache.org/pipermail/squid-users/2020-August/022566.html > > Fixes (excerpt): > > "* SQUID-2020:8 HTTP(S) Request Splitting > (CVE-2020-15811) > > This problem is serious because it allows any client, including > browser scripts, to bypass local security and poison the browser > cache and any downstream caches with content from an arbitrary > source. > > * SQUID-2020:9 Denial of Service processing Cache Digest Response > (CVE pending allocation) > > This problem allows a trusted peer to deliver to perform Denial > of Service by consuming all available CPU cycles on the machine > running Squid when handling a crafted Cache Digest response > message. > > * SQUID-2020:10 HTTP(S) Request Smuggling > (CVE-2020-15810) > > This problem is serious because it allows any client, including > browser scripts, to bypass local security and poison the proxy > cache and any downstream caches with content from an arbitrary > source. > > * Bug 5051: Some collapsed revalidation responses never expire > > * SSL-Bump: Support parsing GREASEd (and future) TLS handshakes > > * Honor on_unsupported_protocol for intercepted https_port" > > Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> > --- > lfs/squid | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/lfs/squid b/lfs/squid > index ebd25e42e..3a53315d7 100644 > --- a/lfs/squid > +++ b/lfs/squid > @@ -24,7 +24,7 @@ > > include Config > > -VER = 4.12 > +VER = 4.13 > > THISAPP = squid-$(VER) > DL_FILE = $(THISAPP).tar.xz > @@ -46,7 +46,7 @@ objects = $(DL_FILE) > > $(DL_FILE) = $(DL_FROM)/$(DL_FILE) > > -$(DL_FILE)_MD5 = ad7a4a8a0031cae3435717a759173829 > +$(DL_FILE)_MD5 = 492e54afc15821141ff1d1d9903854d6 > > install : $(TARGET) > > -- > 2.18.0 >
diff --git a/lfs/squid b/lfs/squid index ebd25e42e..3a53315d7 100644 --- a/lfs/squid +++ b/lfs/squid @@ -24,7 +24,7 @@ include Config -VER = 4.12 +VER = 4.13 THISAPP = squid-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -46,7 +46,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_MD5 = ad7a4a8a0031cae3435717a759173829 +$(DL_FILE)_MD5 = 492e54afc15821141ff1d1d9903854d6 install : $(TARGET)