Message ID | 20231226203423.1243592-1-fontaine.fabrice@gmail.com |
---|---|
State | Accepted |
Headers | show |
Series | [1/1] package/squid: security bump to version 6.6 | expand |
Fabrice, All, On 2023-12-26 21:34 +0100, Fabrice Fontaine spake thusly: > - Drop patch (already in version) > - Fix CVE-2023-50269: This problem allows a remote client to perform > Denial of Service attack by sending a large X-Forwarded-For header > when the follow_x_forwarded_for feature is configured. > > https://github.com/squid-cache/squid/security/advisories/GHSA-wgq4-4cfg-c4x3 > https://github.com/squid-cache/squid/blob/SQUID_6_6/ChangeLog > > Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Applied to master, thanks. Regards, Yann E. MORIN. > --- > ...-ESI-build-with-libxml2-v2.12.0-1600.patch | 32 ------------------- > package/squid/squid.hash | 8 ++--- > package/squid/squid.mk | 2 +- > 3 files changed, 5 insertions(+), 37 deletions(-) > delete mode 100644 package/squid/0001-Bug-5328-Fix-ESI-build-with-libxml2-v2.12.0-1600.patch > > diff --git a/package/squid/0001-Bug-5328-Fix-ESI-build-with-libxml2-v2.12.0-1600.patch b/package/squid/0001-Bug-5328-Fix-ESI-build-with-libxml2-v2.12.0-1600.patch > deleted file mode 100644 > index fcbdcc1749..0000000000 > --- a/package/squid/0001-Bug-5328-Fix-ESI-build-with-libxml2-v2.12.0-1600.patch > +++ /dev/null > @@ -1,32 +0,0 @@ > -From c9b3edc1396925aa7eca3d3cc6c798806286a974 Mon Sep 17 00:00:00 2001 > -From: bkuhls <bkuhls@users.noreply.github.com> > -Date: Sun, 26 Nov 2023 15:09:21 +0000 > -Subject: [PATCH] Bug 5328: Fix ESI build with libxml2 v2.12.0 (#1600) > - > - Libxml2Parser.cc:147:40: error: invalid conversion from > - 'const xmlError*' to 'xmlErrorPtr' {aka 'xmlError*'} [-fpermissive] > - > -libxml2 recently made xmlGetLastError() return a constant object. > - > -Upstream: https://github.com/squid-cache/squid/commit/c9b3edc1396925aa7eca3d3cc6c798806286a974 > -Signed-off-by: Bernd Kuhls <bernd@kuhls.net> > ---- > - src/esi/Libxml2Parser.cc | 2 +- > - 1 file changed, 1 insertion(+), 1 deletion(-) > - > -diff --git a/src/esi/Libxml2Parser.cc b/src/esi/Libxml2Parser.cc > -index f03752885..236a37433 100644 > ---- a/src/esi/Libxml2Parser.cc > -+++ b/src/esi/Libxml2Parser.cc > -@@ -144,7 +144,7 @@ ESILibxml2Parser::lineNumber() const > - char const * > - ESILibxml2Parser::errorString() const > - { > -- xmlErrorPtr error = xmlGetLastError(); > -+ const auto error = xmlGetLastError(); > - > - if (error == nullptr) > - return nullptr; > --- > -2.43.0 > - > diff --git a/package/squid/squid.hash b/package/squid/squid.hash > index a163bd9ad3..4a8ea5d550 100644 > --- a/package/squid/squid.hash > +++ b/package/squid/squid.hash > @@ -1,6 +1,6 @@ > -# From http://www.squid-cache.org/Versions/v6/squid-6.5.tar.xz.asc > -md5 da2797d899cf538fab7f504fdf3c18bf squid-6.5.tar.xz > -sha1 07a08394625948750264778c82e19cf24ea7cb1f squid-6.5.tar.xz > +# From http://www.squid-cache.org/Versions/v6/squid-6.6.tar.xz.asc > +md5 5a41134ee1b7e75f62088acdec92d2ca squid-6.6.tar.xz > +sha1 f05e06a9dd3bf7501d2844e43d9ae1bd00e9edcc squid-6.6.tar.xz > # Locally calculated > -sha256 5070f8a3ae6666870c8fc716326befb0a1abe8b5ff3a6f3932cbc5543d7c8549 squid-6.5.tar.xz > +sha256 55bd7f9f4898153161ea1228998acb551bf840832b9e5b90fc8ecd2942420318 squid-6.6.tar.xz > sha256 8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643 COPYING > diff --git a/package/squid/squid.mk b/package/squid/squid.mk > index c1477b1adf..3a9edac71e 100644 > --- a/package/squid/squid.mk > +++ b/package/squid/squid.mk > @@ -4,7 +4,7 @@ > # > ################################################################################ > > -SQUID_VERSION = 6.5 > +SQUID_VERSION = 6.6 > SQUID_SOURCE = squid-$(SQUID_VERSION).tar.xz > SQUID_SITE = http://www.squid-cache.org/Versions/v6 > SQUID_LICENSE = GPL-2.0+ > -- > 2.43.0 > > _______________________________________________ > buildroot mailing list > buildroot@buildroot.org > https://lists.buildroot.org/mailman/listinfo/buildroot
>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice@gmail.com> writes: > - Drop patch (already in version) > - Fix CVE-2023-50269: This problem allows a remote client to perform > Denial of Service attack by sending a large X-Forwarded-For header > when the follow_x_forwarded_for feature is configured. > https://github.com/squid-cache/squid/security/advisories/GHSA-wgq4-4cfg-c4x3 > https://github.com/squid-cache/squid/blob/SQUID_6_6/ChangeLog > Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Committed to 2023.02.x and 2023.11.x, thanks.
diff --git a/package/squid/0001-Bug-5328-Fix-ESI-build-with-libxml2-v2.12.0-1600.patch b/package/squid/0001-Bug-5328-Fix-ESI-build-with-libxml2-v2.12.0-1600.patch deleted file mode 100644 index fcbdcc1749..0000000000 --- a/package/squid/0001-Bug-5328-Fix-ESI-build-with-libxml2-v2.12.0-1600.patch +++ /dev/null @@ -1,32 +0,0 @@ -From c9b3edc1396925aa7eca3d3cc6c798806286a974 Mon Sep 17 00:00:00 2001 -From: bkuhls <bkuhls@users.noreply.github.com> -Date: Sun, 26 Nov 2023 15:09:21 +0000 -Subject: [PATCH] Bug 5328: Fix ESI build with libxml2 v2.12.0 (#1600) - - Libxml2Parser.cc:147:40: error: invalid conversion from - 'const xmlError*' to 'xmlErrorPtr' {aka 'xmlError*'} [-fpermissive] - -libxml2 recently made xmlGetLastError() return a constant object. - -Upstream: https://github.com/squid-cache/squid/commit/c9b3edc1396925aa7eca3d3cc6c798806286a974 -Signed-off-by: Bernd Kuhls <bernd@kuhls.net> ---- - src/esi/Libxml2Parser.cc | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/esi/Libxml2Parser.cc b/src/esi/Libxml2Parser.cc -index f03752885..236a37433 100644 ---- a/src/esi/Libxml2Parser.cc -+++ b/src/esi/Libxml2Parser.cc -@@ -144,7 +144,7 @@ ESILibxml2Parser::lineNumber() const - char const * - ESILibxml2Parser::errorString() const - { -- xmlErrorPtr error = xmlGetLastError(); -+ const auto error = xmlGetLastError(); - - if (error == nullptr) - return nullptr; --- -2.43.0 - diff --git a/package/squid/squid.hash b/package/squid/squid.hash index a163bd9ad3..4a8ea5d550 100644 --- a/package/squid/squid.hash +++ b/package/squid/squid.hash @@ -1,6 +1,6 @@ -# From http://www.squid-cache.org/Versions/v6/squid-6.5.tar.xz.asc -md5 da2797d899cf538fab7f504fdf3c18bf squid-6.5.tar.xz -sha1 07a08394625948750264778c82e19cf24ea7cb1f squid-6.5.tar.xz +# From http://www.squid-cache.org/Versions/v6/squid-6.6.tar.xz.asc +md5 5a41134ee1b7e75f62088acdec92d2ca squid-6.6.tar.xz +sha1 f05e06a9dd3bf7501d2844e43d9ae1bd00e9edcc squid-6.6.tar.xz # Locally calculated -sha256 5070f8a3ae6666870c8fc716326befb0a1abe8b5ff3a6f3932cbc5543d7c8549 squid-6.5.tar.xz +sha256 55bd7f9f4898153161ea1228998acb551bf840832b9e5b90fc8ecd2942420318 squid-6.6.tar.xz sha256 8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643 COPYING diff --git a/package/squid/squid.mk b/package/squid/squid.mk index c1477b1adf..3a9edac71e 100644 --- a/package/squid/squid.mk +++ b/package/squid/squid.mk @@ -4,7 +4,7 @@ # ################################################################################ -SQUID_VERSION = 6.5 +SQUID_VERSION = 6.6 SQUID_SOURCE = squid-$(SQUID_VERSION).tar.xz SQUID_SITE = http://www.squid-cache.org/Versions/v6 SQUID_LICENSE = GPL-2.0+
- Drop patch (already in version) - Fix CVE-2023-50269: This problem allows a remote client to perform Denial of Service attack by sending a large X-Forwarded-For header when the follow_x_forwarded_for feature is configured. https://github.com/squid-cache/squid/security/advisories/GHSA-wgq4-4cfg-c4x3 https://github.com/squid-cache/squid/blob/SQUID_6_6/ChangeLog Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> --- ...-ESI-build-with-libxml2-v2.12.0-1600.patch | 32 ------------------- package/squid/squid.hash | 8 ++--- package/squid/squid.mk | 2 +- 3 files changed, 5 insertions(+), 37 deletions(-) delete mode 100644 package/squid/0001-Bug-5328-Fix-ESI-build-with-libxml2-v2.12.0-1600.patch