* [Buildroot] [PATCH 1/2] squid: bump version to 3.5.27
@ 2018-01-22 15:13 Peter Korsgaard
2018-01-22 15:13 ` [Buildroot] [PATCH 2/2] squid: add upstream post-3.5.27 security patches Peter Korsgaard
0 siblings, 1 reply; 4+ messages in thread
From: Peter Korsgaard @ 2018-01-22 15:13 UTC (permalink / raw)
To: buildroot
And add a hash for the license files.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
package/squid/squid.hash | 8 +++++---
package/squid/squid.mk | 2 +-
2 files changed, 6 insertions(+), 4 deletions(-)
diff --git a/package/squid/squid.hash b/package/squid/squid.hash
index 91ba9e6fc4..8787cb25ef 100644
--- a/package/squid/squid.hash
+++ b/package/squid/squid.hash
@@ -1,3 +1,5 @@
-# From http://www.squid-cache.org/Versions/v3/3.5/squid-3.5.26.tar.xz.asc
-md5 510e2c84773879c00d0e7ced997864d9 squid-3.5.26.tar.xz
-sha1 51a664217957b35de8b7fae180b9f93a759a4204 squid-3.5.26.tar.xz
+# From http://www.squid-cache.org/Versions/v3/3.5/squid-3.5.27.tar.xz.asc
+md5 39ef8199675d48a314b540f92c00c545 squid-3.5.27.tar.xz
+sha1 1e69c96d13cd49844da3bcf33a0b428fbe7b6f77 squid-3.5.27.tar.xz
+# Locally calculated
+sha256 58f5d05257af1fb964fde20e134d660fac9afa86b6fd8c70d63ead63068378fa COPYING
diff --git a/package/squid/squid.mk b/package/squid/squid.mk
index d334d14c88..8ade55ee37 100644
--- a/package/squid/squid.mk
+++ b/package/squid/squid.mk
@@ -5,7 +5,7 @@
################################################################################
SQUID_VERSION_MAJOR = 3.5
-SQUID_VERSION = $(SQUID_VERSION_MAJOR).26
+SQUID_VERSION = $(SQUID_VERSION_MAJOR).27
SQUID_SOURCE = squid-$(SQUID_VERSION).tar.xz
SQUID_SITE = http://www.squid-cache.org/Versions/v3/$(SQUID_VERSION_MAJOR)
SQUID_LICENSE = GPL-2.0+
--
2.11.0
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [Buildroot] [PATCH 2/2] squid: add upstream post-3.5.27 security patches
2018-01-22 15:13 [Buildroot] [PATCH 1/2] squid: bump version to 3.5.27 Peter Korsgaard
@ 2018-01-22 15:13 ` Peter Korsgaard
2018-01-22 16:08 ` Baruch Siach
0 siblings, 1 reply; 4+ messages in thread
From: Peter Korsgaard @ 2018-01-22 15:13 UTC (permalink / raw)
To: buildroot
Fixes the following security issues:
SQUID-2018:1 Due to incorrect pointer handling Squid is vulnerable to denial
of service attack when processing ESI responses.
http://www.squid-cache.org/Advisories/SQUID-2018_1.txt
SQUID-2018:2 Due to incorrect pointer handling Squid is vulnerable to
denial of service attack when processing ESI responses or downloading
intermediate CA certificates.
http://www.squid-cache.org/Advisories/SQUID-2018_2.txt
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
package/squid/squid.hash | 2 ++
package/squid/squid.mk | 3 +++
2 files changed, 5 insertions(+)
diff --git a/package/squid/squid.hash b/package/squid/squid.hash
index 8787cb25ef..89955eb4ad 100644
--- a/package/squid/squid.hash
+++ b/package/squid/squid.hash
@@ -3,3 +3,5 @@ md5 39ef8199675d48a314b540f92c00c545 squid-3.5.27.tar.xz
sha1 1e69c96d13cd49844da3bcf33a0b428fbe7b6f77 squid-3.5.27.tar.xz
# Locally calculated
sha256 58f5d05257af1fb964fde20e134d660fac9afa86b6fd8c70d63ead63068378fa COPYING
+sha256 a85bac80f9bf0b389a0b0fe24630eda59a4fbaf6a1b398ba2f57d5799662fb6e eb2db98a676321b814fc4a51c4fb7928a8bb45d9.patch
+sha256 78a44073ebd68c9c8c05bb590690ba57b5eaf6ee0465a06fcad82dba65612f60 8232b83d3fa47a1399f155cb829db829369fbae9.patch
diff --git a/package/squid/squid.mk b/package/squid/squid.mk
index 8ade55ee37..b088766470 100644
--- a/package/squid/squid.mk
+++ b/package/squid/squid.mk
@@ -12,6 +12,9 @@ SQUID_LICENSE = GPL-2.0+
SQUID_LICENSE_FILES = COPYING
# For 0001-assume-get-certificate-ok.patch
SQUID_AUTORECONF = YES
+SQUID_PATCH = \
+ https://github.com/squid-cache/squid/commit/eb2db98a676321b814fc4a51c4fb7928a8bb45d9.patch \
+ https://github.com/squid-cache/squid/commit/8232b83d3fa47a1399f155cb829db829369fbae9.patch
SQUID_DEPENDENCIES = libcap host-libcap host-pkgconf \
$(if $(BR2_PACKAGE_LIBNETFILTER_CONNTRACK),libnetfilter_conntrack)
SQUID_CONF_ENV = \
--
2.11.0
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [Buildroot] [PATCH 2/2] squid: add upstream post-3.5.27 security patches
2018-01-22 15:13 ` [Buildroot] [PATCH 2/2] squid: add upstream post-3.5.27 security patches Peter Korsgaard
@ 2018-01-22 16:08 ` Baruch Siach
2018-01-22 16:57 ` Peter Korsgaard
0 siblings, 1 reply; 4+ messages in thread
From: Baruch Siach @ 2018-01-22 16:08 UTC (permalink / raw)
To: buildroot
Hi Peter,
On Mon, Jan 22, 2018 at 04:13:39PM +0100, Peter Korsgaard wrote:
> --- a/package/squid/squid.mk
> +++ b/package/squid/squid.mk
> @@ -12,6 +12,9 @@ SQUID_LICENSE = GPL-2.0+
> SQUID_LICENSE_FILES = COPYING
> # For 0001-assume-get-certificate-ok.patch
> SQUID_AUTORECONF = YES
> +SQUID_PATCH = \
> + https://github.com/squid-cache/squid/commit/eb2db98a676321b814fc4a51c4fb7928a8bb45d9.patch \
> + https://github.com/squid-cache/squid/commit/8232b83d3fa47a1399f155cb829db829369fbae9.patch
Didn't we stop fetching patches from github because they might break the hash
in the future? See for example commit bbbe00ea35dd2133 (trinity: don't
download patches from Github).
> SQUID_DEPENDENCIES = libcap host-libcap host-pkgconf \
> $(if $(BR2_PACKAGE_LIBNETFILTER_CONNTRACK),libnetfilter_conntrack)
> SQUID_CONF_ENV = \
baruch
--
http://baruch.siach.name/blog/ ~. .~ Tk Open Systems
=}------------------------------------------------ooO--U--Ooo------------{=
- baruch at tkos.co.il - tel: +972.2.679.5364, http://www.tkos.co.il -
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Buildroot] [PATCH 2/2] squid: add upstream post-3.5.27 security patches
2018-01-22 16:08 ` Baruch Siach
@ 2018-01-22 16:57 ` Peter Korsgaard
0 siblings, 0 replies; 4+ messages in thread
From: Peter Korsgaard @ 2018-01-22 16:57 UTC (permalink / raw)
To: buildroot
>>>>> "Baruch" == Baruch Siach <baruch@tkos.co.il> writes:
> Hi Peter,
> On Mon, Jan 22, 2018 at 04:13:39PM +0100, Peter Korsgaard wrote:
>> --- a/package/squid/squid.mk
>> +++ b/package/squid/squid.mk
>> @@ -12,6 +12,9 @@ SQUID_LICENSE = GPL-2.0+
>> SQUID_LICENSE_FILES = COPYING
>> # For 0001-assume-get-certificate-ok.patch
>> SQUID_AUTORECONF = YES
>> +SQUID_PATCH = \
>> + https://github.com/squid-cache/squid/commit/eb2db98a676321b814fc4a51c4fb7928a8bb45d9.patch \
>> + https://github.com/squid-cache/squid/commit/8232b83d3fa47a1399f155cb829db829369fbae9.patch
> Didn't we stop fetching patches from github because they might break the hash
> in the future? See for example commit bbbe00ea35dd2133 (trinity: don't
> download patches from Github).
Hmm, correct - I'll include them in package/squid and resend, thanks!
--
Bye, Peter Korsgaard
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2018-01-22 16:57 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-01-22 15:13 [Buildroot] [PATCH 1/2] squid: bump version to 3.5.27 Peter Korsgaard
2018-01-22 15:13 ` [Buildroot] [PATCH 2/2] squid: add upstream post-3.5.27 security patches Peter Korsgaard
2018-01-22 16:08 ` Baruch Siach
2018-01-22 16:57 ` Peter Korsgaard
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.