This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".
The branch, next has been updated via 6f60b0d2719f930254e12914a73ff55df4f8224d (commit) via 9fa6a8d81dd4f3011d4bc325b965bd213fa21ebf (commit) from 0e457b13eaf61b2830919e3745df3956e2042640 (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit 6f60b0d2719f930254e12914a73ff55df4f8224d Author: Michael Tremer michael.tremer@ipfire.org Date: Mon Aug 24 09:48:36 2020 +0000
core149: Restart squid
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 9fa6a8d81dd4f3011d4bc325b965bd213fa21ebf Author: Matthias Fischer matthias.fischer@ipfire.org Date: Sun Aug 23 14:42:58 2020 +0200
squid: Update to 4.13
For details see: http://www.squid-cache.org/Versions/v4/changesets/
and
http://lists.squid-cache.org/pipermail/squid-users/2020-August/022566.html
Fixes (excerpt):
"* SQUID-2020:8 HTTP(S) Request Splitting (CVE-2020-15811)
This problem is serious because it allows any client, including browser scripts, to bypass local security and poison the browser cache and any downstream caches with content from an arbitrary source.
* SQUID-2020:9 Denial of Service processing Cache Digest Response (CVE pending allocation)
This problem allows a trusted peer to deliver to perform Denial of Service by consuming all available CPU cycles on the machine running Squid when handling a crafted Cache Digest response message.
* SQUID-2020:10 HTTP(S) Request Smuggling (CVE-2020-15810)
This problem is serious because it allows any client, including browser scripts, to bypass local security and poison the proxy cache and any downstream caches with content from an arbitrary source.
* Bug 5051: Some collapsed revalidation responses never expire
* SSL-Bump: Support parsing GREASEd (and future) TLS handshakes
* Honor on_unsupported_protocol for intercepted https_port"
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
-----------------------------------------------------------------------
Summary of changes: config/rootfiles/core/149/update.sh | 1 + lfs/squid | 4 ++-- 2 files changed, 3 insertions(+), 2 deletions(-)
Difference in files: diff --git a/config/rootfiles/core/149/update.sh b/config/rootfiles/core/149/update.sh index d30f748f5..923d4254c 100644 --- a/config/rootfiles/core/149/update.sh +++ b/config/rootfiles/core/149/update.sh @@ -51,6 +51,7 @@ ldconfig # Start services /etc/init.d/apache restart /etc/init.d/unbound restart +/etc/init.d/squid restart
# Update crontab sed -i /var/spool/cron/root.orig \ diff --git a/lfs/squid b/lfs/squid index ebd25e42e..3a53315d7 100644 --- a/lfs/squid +++ b/lfs/squid @@ -24,7 +24,7 @@
include Config
-VER = 4.12 +VER = 4.13
THISAPP = squid-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -46,7 +46,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = ad7a4a8a0031cae3435717a759173829 +$(DL_FILE)_MD5 = 492e54afc15821141ff1d1d9903854d6
install : $(TARGET)
hooks/post-receive -- IPFire 2.x development tree