[git.ipfire.org] IPFire 2.x development tree branch, next, updated. 6f60b0d2719f930254e12914a73ff55df4f8224d

[Michael Tremer <git@ipfire.org>]

[-- Attachment #1: Type: text/plain, Size: 3775 bytes --]

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".

The branch, next has been updated
       via  6f60b0d2719f930254e12914a73ff55df4f8224d (commit)
       via  9fa6a8d81dd4f3011d4bc325b965bd213fa21ebf (commit)
      from  0e457b13eaf61b2830919e3745df3956e2042640 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 6f60b0d2719f930254e12914a73ff55df4f8224d
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date:   Mon Aug 24 09:48:36 2020 +0000

    core149: Restart squid
    
    Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>

commit 9fa6a8d81dd4f3011d4bc325b965bd213fa21ebf
Author: Matthias Fischer <matthias.fischer(a)ipfire.org>
Date:   Sun Aug 23 14:42:58 2020 +0200

    squid: Update to 4.13
    
    For details see:
    http://www.squid-cache.org/Versions/v4/changesets/
    
    and
    
    http://lists.squid-cache.org/pipermail/squid-users/2020-August/022566.html
    
    Fixes (excerpt):
    
    "* SQUID-2020:8 HTTP(S) Request Splitting
       (CVE-2020-15811)
    
    This problem is serious because it allows any client, including
    browser scripts, to bypass local security and poison the browser
    cache and any downstream caches with content from an arbitrary
    source.
    
    * SQUID-2020:9 Denial of Service processing Cache Digest Response
       (CVE pending allocation)
    
    This problem allows a trusted peer to deliver to perform Denial
    of Service by consuming all available CPU cycles on the machine
    running Squid when handling a crafted Cache Digest response
    message.
    
    * SQUID-2020:10 HTTP(S) Request Smuggling
       (CVE-2020-15810)
    
    This problem is serious because it allows any client, including
    browser scripts, to bypass local security and poison the proxy
    cache and any downstream caches with content from an arbitrary
    source.
    
    * Bug 5051: Some collapsed revalidation responses never expire
    
    * SSL-Bump: Support parsing GREASEd (and future) TLS handshakes
    
    * Honor on_unsupported_protocol for intercepted https_port"
    
    Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
    Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>

-----------------------------------------------------------------------

Summary of changes:
 config/rootfiles/core/149/update.sh | 1 +
 lfs/squid                           | 4 ++--
 2 files changed, 3 insertions(+), 2 deletions(-)

Difference in files:
diff --git a/config/rootfiles/core/149/update.sh b/config/rootfiles/core/149/update.sh
index d30f748f5..923d4254c 100644
--- a/config/rootfiles/core/149/update.sh
+++ b/config/rootfiles/core/149/update.sh
@@ -51,6 +51,7 @@ ldconfig
 # Start services
 /etc/init.d/apache restart
 /etc/init.d/unbound restart
+/etc/init.d/squid restart
 
 # Update crontab
 sed -i /var/spool/cron/root.orig \
diff --git a/lfs/squid b/lfs/squid
index ebd25e42e..3a53315d7 100644
--- a/lfs/squid
+++ b/lfs/squid
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 4.12
+VER        = 4.13
 
 THISAPP    = squid-$(VER)
 DL_FILE    = $(THISAPP).tar.xz
@@ -46,7 +46,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_MD5 = ad7a4a8a0031cae3435717a759173829
+$(DL_FILE)_MD5 = 492e54afc15821141ff1d1d9903854d6
 
 install : $(TARGET)
 


hooks/post-receive
--
IPFire 2.x development tree