Next | Query returned 17 messages, browsing 1 to 10 | Previous

History of commit frequency

CVS Commit History:


   2020-08-31 20:13:29 by Thomas Klausner | Files touched by this commit (3631) | Package updated
Log message:
*: bump PKGREVISION for perl-5.32.
   2020-08-23 11:51:35 by Takahiro Kambe | Files touched by this commit (3) | Package updated
Log message:
www/squid4: update to 4.13

Update squid4 to 4.13 (Squid 4.13).

Here is release announce:

The Squid HTTP Proxy team is very pleased to announce the availability
of the Squid-4.13 release!

This release is a security release resolving several issues found in
the prior Squid releases.

The major changes to be aware of:

 * SQUID-2020:8 HTTP(S) Request Splitting
   (CVE-2020-15811)

This problem is serious because it allows any client, including
browser scripts, to bypass local security and poison the browser
cache and any downstream caches with content from an arbitrary
source.

See the advisory for patches:
 <https://github.com/squid-cache/squid/security/advisories/GHSA-c7p8-xqhm-49wv>

 * SQUID-2020:9 Denial of Service processing Cache Digest Response
   (CVE pending allocation)

This problem allows a trusted peer to deliver to perform Denial
of Service by consuming all available CPU cycles on the machine
running Squid when handling a crafted Cache Digest response
message.

This attack is limited to Squid using cache_peer with cache
digests feature.

See the advisory for patches:
 <https://github.com/squid-cache/squid/security/advisories/GHSA-vvj7-xjgq-g2jg>

 * SQUID-2020:10 HTTP(S) Request Smuggling
   (CVE-2020-15810)

This problem is serious because it allows any client, including
browser scripts, to bypass local security and poison the proxy
cache and any downstream caches with content from an arbitrary
source.

See the advisory for patches:
 <https://github.com/squid-cache/squid/security/advisories/GHSA-3365-q9qx-f98m>

 * Bug 5051: Some collapsed revalidation responses never expire

This bug appears as a 4xx or 5xx status response becoming the only
response delivered by Squid to a URL when Collapsed Forwarding
feature is used.

It primarily affects Squid which are caching the 4xx/5xx status
object since Bug 5030 fix in Squid-4.11. But may have been
occurring for short times on any proxy with Collapsed Forwarding.

 * SSL-Bump: Support parsing GREASEd (and future) TLS handshakes

Chrome Browser intentionally sends random garbage values in the
TLS handshake to force TLS implementations to cope with future TLS
extensions cleanly. The changes in Squid-4.12 to disable TLS/1.3
caused our parser to be extra strict and reject this TLS garbage.

This release adds explicit support for Chrome, or any other TLS
agent performing these "GREASE" behaviours.

 * Honor on_unsupported_protocol for intercepted https_port

This behaviour was one of the intended use-cases for unsupported
protocol handling, but somehow was not enabled earlier.

Squid should now be able to perform the on_unsupported_protocol
selected action for any traffic handled by SSL-Bump.

  All users of Squid are urged to upgrade as soon as possible.

See the ChangeLog for the full list of changes in this and earlier
releases.

Please refer to the release notes at
http://www.squid-cache.org/Versions/v4/ … NOTES.html
when you are ready to make the switch to Squid-4
   2020-07-09 22:57:11 by Juraj Lutter | Files touched by this commit (5)
Log message:
squid4: Fix build and SSL handshake on Chromium-based browsers

Changes:
- Fix an error where strings.h was not properly included
- Add SMF support on apropriate platforms
- Backport https://github.com/squid-cache/squid/pull/663:
  SslBump: Support parsing GREASEd (and future) TLS handshakes
   2020-06-21 18:05:56 by Takahiro Kambe | Files touched by this commit (1)
Log message:
www/squid4: rename two PKG_OPTIONS

Rename two PKG_OPTIONS.

	ecap	->	squid-ecap
	esi	->	squid-esi

Suggested by wiz@ via private mail.
   2020-06-19 15:44:28 by Takahiro Kambe | Files touched by this commit (5) | Package updated
Log message:
www/squid4: update to 4.12

Update squid4 to 4.12 (Squid 4.12).  This release includes fix for
CVE-2020-14058:   <http://www.squid-cache.org/Advisories/SQUID-2020_6.txt>.

Changes to squid-4.12 (05 Jun 2020):

	- Regression Fix: Revert to slow search for new SMP shm pages
	- Bug 5045: ext_edirectory_userip_acl is missing include files
	- Bug 5041: Missing Debug::Extra breaks build on hosts with systemd
	- Bug 5030: Negative responses are never cached
	- HTTP: validate Content-Length value prefix
	- HTTP: add flexible RFC 3986 URI encoder
	- SslBump: disable OpenSSL TLSv1.3 support for older TLS traffic
	- Tests: Support passing a custom config.cache to test builds
	- Fix IPFilter IPv6 detection, especially on NetBSD
	- Fix stall if transaction overwrites a recently active cache entry
	- ... and some compile fixes
   2020-05-22 12:56:49 by Adam Ciarcinski | Files touched by this commit (624)
Log message:
revbump after updating security/nettle
   2020-04-27 06:00:10 by Roland Illig | Files touched by this commit (1)
Log message:
www/squid4: fix build for strict SUBST and configure checks
   2020-04-23 15:52:24 by Makoto Fujiwara | Files touched by this commit (3) | Package updated
Log message:
(www/squid4) Updated to 4.10 (and clear pkglint one point in patch)

Changes to squid-4.11 (18 Apr 2020):

        - Bug 5036: capital 'L's in logs when daemon queue overflows
        - Bug 5022: Reconfigure kills Coordinator in SMP+ufs configurations
        - Bug 5016: systemd thinks Squid is ready before Squid listens
        - kerberos_ldap_group: fix encryption type for cross realm check
        - HTTP: Ignore malformed Host header in intercept and reverse proxy mode
        - Fix Digest authentication nonce handling
        - Supply ALE to request_header_add/reply_header_add
        - ... and some documentation updates
        - ... and some compile fixes
   2020-04-09 18:27:15 by Stephen Borrill | Files touched by this commit (3)
Log message:
Generate correct #defines for the IPFilter IPv6 detection with no trailing
underscores
   2020-04-09 11:45:20 by Stephen Borrill | Files touched by this commit (5) | Package updated
Log message:
Fix IPFilter transparent proxy support by:
- including correct headers in configure tests
- using correct autoconf value output by configure

Bump PKGREVISION

Next | Query returned 17 messages, browsing 1 to 10 | Previous