[PATCH] squid: Update to 6.6

[PATCH] squid: Update to 6.6

[Matthias Fischer]

[-- Attachment #1: Type: text/plain, Size: 889 bytes --]

For details see:
https://github.com/squid-cache/squid/commits/v6

Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
---
 lfs/squid | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lfs/squid b/lfs/squid
index d92341794..c0f465c16 100644
--- a/lfs/squid
+++ b/lfs/squid
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 6.5
+VER        = 6.6
 
 THISAPP    = squid-$(VER)
 DL_FILE    = $(THISAPP).tar.xz
@@ -46,7 +46,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_BLAKE2 = 91ed91f9b0f56f440a7f15a63bbc3e19537b60bc8b31b5bf7e16884367d0da060c5490e1721dbd7c5fce7f4a4e958fb3554d6bdc5b55f568598f907722b651de
+$(DL_FILE)_BLAKE2 = 7c3c96f5cd5f819f6f020fb3e63ee8d9bb26b7fb4ff4405d7963a643c6766344e6492505bc1b33f3040ad800b3d7a3ad6a4b067b031ac4d178ddcac04c6e74dc
 
 install : $(TARGET)
 
-- 
2.34.1

Re: [PATCH] squid: Update to 6.6

[Adolf Belka]

[-- Attachment #1: Type: text/plain, Size: 1047 bytes --]

Reviewed-by: Adolf Belka <adolf.belka(a)ipfire.org>

On 09/12/2023 08:56, Matthias Fischer wrote:
> For details see:
> https://github.com/squid-cache/squid/commits/v6
>
> Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
> ---
>   lfs/squid | 4 ++--
>   1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/lfs/squid b/lfs/squid
> index d92341794..c0f465c16 100644
> --- a/lfs/squid
> +++ b/lfs/squid
> @@ -24,7 +24,7 @@
>   
>   include Config
>   
> -VER        = 6.5
> +VER        = 6.6
>   
>   THISAPP    = squid-$(VER)
>   DL_FILE    = $(THISAPP).tar.xz
> @@ -46,7 +46,7 @@ objects = $(DL_FILE)
>   
>   $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
>   
> -$(DL_FILE)_BLAKE2 = 91ed91f9b0f56f440a7f15a63bbc3e19537b60bc8b31b5bf7e16884367d0da060c5490e1721dbd7c5fce7f4a4e958fb3554d6bdc5b55f568598f907722b651de
> +$(DL_FILE)_BLAKE2 = 7c3c96f5cd5f819f6f020fb3e63ee8d9bb26b7fb4ff4405d7963a643c6766344e6492505bc1b33f3040ad800b3d7a3ad6a4b067b031ac4d178ddcac04c6e74dc
>   
>   install : $(TARGET)
>   

Re: [PATCH] squid: Update to 6.6

[Michael Tremer]

[-- Attachment #1: Type: text/plain, Size: 1376 bytes --]

Thank you for the patch and review.

Is there any urgency here to include this in the update that is currently in testing? Considering that latest history of vulnerabilities in squid, I am happy to ship any fixes as soon as possible.

-Michael

> On 9 Dec 2023, at 22:05, Adolf Belka <adolf.belka(a)ipfire.org> wrote:
> 
> Reviewed-by: Adolf Belka <adolf.belka(a)ipfire.org>
> 
> On 09/12/2023 08:56, Matthias Fischer wrote:
>> For details see:
>> https://github.com/squid-cache/squid/commits/v6
>> 
>> Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
>> ---
>>  lfs/squid | 4 ++--
>>  1 file changed, 2 insertions(+), 2 deletions(-)
>> 
>> diff --git a/lfs/squid b/lfs/squid
>> index d92341794..c0f465c16 100644
>> --- a/lfs/squid
>> +++ b/lfs/squid
>> @@ -24,7 +24,7 @@
>>    include Config
>>  -VER        = 6.5
>> +VER        = 6.6
>>    THISAPP    = squid-$(VER)
>>  DL_FILE    = $(THISAPP).tar.xz
>> @@ -46,7 +46,7 @@ objects = $(DL_FILE)
>>    $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
>>  -$(DL_FILE)_BLAKE2 = 91ed91f9b0f56f440a7f15a63bbc3e19537b60bc8b31b5bf7e16884367d0da060c5490e1721dbd7c5fce7f4a4e958fb3554d6bdc5b55f568598f907722b651de
>> +$(DL_FILE)_BLAKE2 = 7c3c96f5cd5f819f6f020fb3e63ee8d9bb26b7fb4ff4405d7963a643c6766344e6492505bc1b33f3040ad800b3d7a3ad6a4b067b031ac4d178ddcac04c6e74dc
>>    install : $(TARGET)
>>  

Re: [PATCH] squid: Update to 6.6

[Matthias Fischer]

[-- Attachment #1: Type: text/plain, Size: 2132 bytes --]

Hi,

I would recommend updating squid as soon as possible because of
CVE-2023-50269.

=> https://nvd.nist.gov/vuln/detail/CVE-2023-50269

"...Due to an Uncontrolled Recursion bug in versions 2.6 through
2.7.STABLE9, versions 3.1 through 5.9, and versions 6.0.1 through 6.5,
Squid may be vulnerable to a Denial of Service attack against HTTP
Request parsing. This problem allows a remote client to perform Denial
of Service attack by sending a large X-Forwarded-For header when the
follow_x_forwarded_for feature is configured. This bug is fixed by Squid
version 6.6..."

As far as I can see, we don't use this feature, but... ;-)

Jm2c,
Matthias

On 11.12.2023 20:41, Michael Tremer wrote:
> Thank you for the patch and review.
> 
> Is there any urgency here to include this in the update that is currently in testing? Considering that latest history of vulnerabilities in squid, I am happy to ship any fixes as soon as possible.
> 
> -Michael
> 
>> On 9 Dec 2023, at 22:05, Adolf Belka <adolf.belka(a)ipfire.org> wrote:
>> 
>> Reviewed-by: Adolf Belka <adolf.belka(a)ipfire.org>
>> 
>> On 09/12/2023 08:56, Matthias Fischer wrote:
>>> For details see:
>>> https://github.com/squid-cache/squid/commits/v6
>>> 
>>> Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
>>> ---
>>>  lfs/squid | 4 ++--
>>>  1 file changed, 2 insertions(+), 2 deletions(-)
>>> 
>>> diff --git a/lfs/squid b/lfs/squid
>>> index d92341794..c0f465c16 100644
>>> --- a/lfs/squid
>>> +++ b/lfs/squid
>>> @@ -24,7 +24,7 @@
>>>    include Config
>>>  -VER        = 6.5
>>> +VER        = 6.6
>>>    THISAPP    = squid-$(VER)
>>>  DL_FILE    = $(THISAPP).tar.xz
>>> @@ -46,7 +46,7 @@ objects = $(DL_FILE)
>>>    $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
>>>  -$(DL_FILE)_BLAKE2 = 91ed91f9b0f56f440a7f15a63bbc3e19537b60bc8b31b5bf7e16884367d0da060c5490e1721dbd7c5fce7f4a4e958fb3554d6bdc5b55f568598f907722b651de
>>> +$(DL_FILE)_BLAKE2 = 7c3c96f5cd5f819f6f020fb3e63ee8d9bb26b7fb4ff4405d7963a643c6766344e6492505bc1b33f3040ad800b3d7a3ad6a4b067b031ac4d178ddcac04c6e74dc
>>>    install : $(TARGET)
>>>  
> 

Re: [PATCH] squid: Update to 6.6

[Michael Tremer]

[-- Attachment #1: Type: text/plain, Size: 2388 bytes --]

Right, rather be safe than sorry.

I applied this patch to master.

Thanks!

-Michael

> On 19 Dec 2023, at 18:20, Matthias Fischer <matthias.fischer(a)ipfire.org> wrote:
> 
> Hi,
> 
> I would recommend updating squid as soon as possible because of
> CVE-2023-50269.
> 
> => https://nvd.nist.gov/vuln/detail/CVE-2023-50269
> 
> "...Due to an Uncontrolled Recursion bug in versions 2.6 through
> 2.7.STABLE9, versions 3.1 through 5.9, and versions 6.0.1 through 6.5,
> Squid may be vulnerable to a Denial of Service attack against HTTP
> Request parsing. This problem allows a remote client to perform Denial
> of Service attack by sending a large X-Forwarded-For header when the
> follow_x_forwarded_for feature is configured. This bug is fixed by Squid
> version 6.6..."
> 
> As far as I can see, we don't use this feature, but... ;-)
> 
> Jm2c,
> Matthias
> 
> On 11.12.2023 20:41, Michael Tremer wrote:
>> Thank you for the patch and review.
>> 
>> Is there any urgency here to include this in the update that is currently in testing? Considering that latest history of vulnerabilities in squid, I am happy to ship any fixes as soon as possible.
>> 
>> -Michael
>> 
>>> On 9 Dec 2023, at 22:05, Adolf Belka <adolf.belka(a)ipfire.org> wrote:
>>> 
>>> Reviewed-by: Adolf Belka <adolf.belka(a)ipfire.org>
>>> 
>>> On 09/12/2023 08:56, Matthias Fischer wrote:
>>>> For details see:
>>>> https://github.com/squid-cache/squid/commits/v6
>>>> 
>>>> Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
>>>> ---
>>>> lfs/squid | 4 ++--
>>>> 1 file changed, 2 insertions(+), 2 deletions(-)
>>>> 
>>>> diff --git a/lfs/squid b/lfs/squid
>>>> index d92341794..c0f465c16 100644
>>>> --- a/lfs/squid
>>>> +++ b/lfs/squid
>>>> @@ -24,7 +24,7 @@
>>>>   include Config
>>>> -VER        = 6.5
>>>> +VER        = 6.6
>>>>   THISAPP    = squid-$(VER)
>>>> DL_FILE    = $(THISAPP).tar.xz
>>>> @@ -46,7 +46,7 @@ objects = $(DL_FILE)
>>>>   $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
>>>> -$(DL_FILE)_BLAKE2 = 91ed91f9b0f56f440a7f15a63bbc3e19537b60bc8b31b5bf7e16884367d0da060c5490e1721dbd7c5fce7f4a4e958fb3554d6bdc5b55f568598f907722b651de
>>>> +$(DL_FILE)_BLAKE2 = 7c3c96f5cd5f819f6f020fb3e63ee8d9bb26b7fb4ff4405d7963a643c6766344e6492505bc1b33f3040ad800b3d7a3ad6a4b067b031ac4d178ddcac04c6e74dc
>>>>   install : $(TARGET)
>>>> 
>> 
>