Changelog:
[security] Update allowed OpenSSL versions as named is potentially vulnerable to CVE-2015-3193.
[maint] H.ROOT-SERVERS.NET is 198.97.190.53 and 2001:500:1::53. [RT #40556]
[security] Insufficient testing when parsing a message allowed records with an incorrect class to be be accepted, triggering a REQUIRE failure when those records were subsequently cached. (CVE-2015-8000) [RT #40987]
[security] Address fetch context reference count handling error on socket error. (CVE-2015-8461) [RT#40945]
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org --- lfs/bind | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/lfs/bind b/lfs/bind index 6480798..b0d5185 100644 --- a/lfs/bind +++ b/lfs/bind @@ -25,7 +25,7 @@
include Config
-VER = 9.10.3 +VER = 9.10.3-P2
THISAPP = bind-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -43,7 +43,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = d8cbf04a62a139a841d4bf878087a555 +$(DL_FILE)_MD5 = 672dd3c2796b12ac8440f55bcaecfa82
install : $(TARGET)
Squiddoesn't use RAM only for caching, if you set cachesize for disk usage =0 andmemory cachesize >0 in GUI. Now if you set "cache_size"=0 and "cache_mem">0,caching won't be disabled completely ("cache deny all"). If you want todisable caching completely you must set "cache_size"=0 and "cache_mem"=0. Besides this "maximum_object_size_in_memory" will be set to 512KB.
Originally reported by qiller in Bugtracker form over one year. I just created the diff an tested this on my IP-Fire.
Especially for the announced 64 Bit version of IP-Fire, where Squid can handel more RAM, this may be useful.
Reported-by: qiller Signed-off-by: Kim Wölfel xaver4all@gmx.de --- html/cgi-bin/proxy.cgi | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/html/cgi-bin/proxy.cgi b/html/cgi-bin/proxy.cgi index 6c4e2b0..164ca63 100644 --- a/html/cgi-bin/proxy.cgi +++ b/html/cgi-bin/proxy.cgi @@ -3173,7 +3173,7 @@ END } }
- if ($proxysettings{'CACHE_SIZE'} > 0) + if (($proxysettings{'CACHE_SIZE'} > 0) || ($proxysettings{'CACHE_MEM'} > 0)) { print FILE "\n";
@@ -3270,7 +3270,12 @@ cache_dir aufs /var/log/cache $proxysettings{'CACHE_SIZE'} $proxysettings{'L1_DI END ; } else { - print FILE "cache deny all\n\n"; + if ($proxysettings{'CACHE_MEM'} > 0) + { + print FILE "maximum_object_size_in_memory 512 KB\n\n"; + } else { + print FILE "cache deny all\n\n"; + } }
print FILE <<END
Merged.
On Sun, 2015-12-27 at 00:20 +0100, Matthias Fischer wrote:
Changelog:
[security] Update allowed OpenSSL versions as named is potentially vulnerable to CVE-2015-3193.
[maint] H.ROOT-SERVERS.NET is 198.97.190.53 and 2001:500:1::53. [RT #40556]
[security] Insufficient testing when parsing a message allowed records with an incorrect class to be be accepted, triggering a REQUIRE failure when those records were subsequently cached. (CVE-2015-8000) [RT #40987]
[security] Address fetch context reference count handling error on socket error. (CVE-2015-8461) [RT#40945]
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org
lfs/bind | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/lfs/bind b/lfs/bind index 6480798..b0d5185 100644 --- a/lfs/bind +++ b/lfs/bind @@ -25,7 +25,7 @@ include Config -VER = 9.10.3 +VER = 9.10.3-P2 THISAPP = bind-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -43,7 +43,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_MD5 = d8cbf04a62a139a841d4bf878087a555 +$(DL_FILE)_MD5 = 672dd3c2796b12ac8440f55bcaecfa82 install : $(TARGET)
-
Matthias Fischer -
Michael Tremer -
Xaver4all