Hello community, here is the log from the commit of package squid for openSUSE:Factory checked in at 2018-01-24 15:32:17 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/squid (Old) and /work/SRC/openSUSE:Factory/.squid.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "squid" Wed Jan 24 15:32:17 2018 rev:54 rq:568822 version:4.0.23 Changes: -------- --- /work/SRC/openSUSE:Factory/squid/squid.changes 2018-01-10 23:36:55.811062521 +0100 +++ /work/SRC/openSUSE:Factory/.squid.new/squid.changes 2018-01-24 15:32:23.333074049 +0100 @@ -1,0 +2,14 @@ +Mon Jan 22 12:48:24 UTC 2018 - [email protected] + +- Update Squid to 4.0.23 + * fixes DoS caused by incorrect pointer handling when processing + ESI responses. This affects the default custom esi_parser + (libxml2 and expat esi_parsers are unaffected) + (bnc#1077003) + * fixes DoS caused by incorrect pointer handing whien processing + ESI responses or downloading intermediate CA certificates + (bnc#1077006) + * fixes "User names not sent to url_rewrite_program" + * fixes %<Hs, %<pt, %<tt, %<bs calculation bugs for error responses + +------------------------------------------------------------------- Old: ---- squid-4.0.22.tar.xz squid-4.0.22.tar.xz.asc New: ---- squid-4.0.23.tar.xz squid-4.0.23.tar.xz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ squid.spec ++++++ --- /var/tmp/diff_new_pack.hzprWq/_old 2018-01-24 15:32:24.413023542 +0100 +++ /var/tmp/diff_new_pack.hzprWq/_new 2018-01-24 15:32:24.421023168 +0100 @@ -23,12 +23,12 @@ %define _fillupdir %{_localstatedir}/adm/fillup-templates %endif Name: squid -Version: 4.0.22 +Version: 4.0.23 Release: 0 Summary: Caching and forwarding HTTP web proxy License: GPL-2.0+ Group: Productivity/Networking/Web/Proxy -URL: http://www.squid-cache.org +Url: http://www.squid-cache.org Source0: http://www.squid-cache.org/Versions/v4/squid-%{version}.tar.xz Source1: http://www.squid-cache.org/Versions/v4/squid-%{version}.tar.xz.asc Source4: squid.sysconfig ++++++ squid-4.0.22.tar.xz -> squid-4.0.23.tar.xz ++++++ ++++ 47274 lines of diff (skipped) ++++++ squid-4.0.22.tar.xz.asc -> squid-4.0.23.tar.xz.asc ++++++ --- /work/SRC/openSUSE:Factory/squid/squid-4.0.22.tar.xz.asc 2018-01-10 23:36:55.795063271 +0100 +++ /work/SRC/openSUSE:Factory/.squid.new/squid-4.0.23.tar.xz.asc 2018-01-24 15:32:23.209079848 +0100 @@ -1,25 +1,25 @@ -File: squid-4.0.22.tar.xz -Date: Thu Dec 7 18:03:01 UTC 2017 -Size: 2411692 -MD5 : c09dab527ac8ea86833286597d2d633d -SHA1: b3e1cfe1cc1074506a46652946efe175eb69bf8a +File: squid-4.0.23.tar.xz +Date: Fri Jan 19 13:39:51 UTC 2018 +Size: 2415132 +MD5 : 04eb448f1dc31b4b2d73fee6a91c240c +SHA1: 0bd4248b412e88087ba37686bc27b08480995a9d Key : CD6DBF8EF3B17D3E <[email protected]> B068 84ED B779 C89B 044E 64E3 CD6D BF8E F3B1 7D3E keyring = http://www.squid-cache.org/pgp.asc keyserver = pool.sks-keyservers.net -----BEGIN PGP SIGNATURE----- -iQIzBAABCgAdFiEEsGiE7bd5yJsETmTjzW2/jvOxfT4FAlopgl8ACgkQzW2/jvOx -fT55dw/+JlwxV8qTWxITUZ/8IFB5TO6T2Rzy8g4hFulTDoPN8/z4RZz/FNeQT/44 -/csodC7kja1ZxVlzNz07gaIoPz8Ft4ITQRL3kUMJ3+azYSevXlaiTtAy2O3oo2PC -oGw8X5M8USZ578BwaEIsnG/FHJY8qogr6WfX2lPfT9fgnYzXl+hRLqc4oD/605pY -k+D3C6j4cuTjoo30qD867BY/0sf6AdFYnfsLtc/cT4K4B/VHB2pDDk+cDXyjLzT2 -8AZkvG8XHwLFlXO7lHssHGM7uqxM2Sj+w9QJNJrFEh2tfdRAS6eXn3aSy6WeRHty -vOWXFc9U9D+PWPcHV3vE3FpLOBBkfhJnCiSMnz4GabjkXqjpD/7P1MQsTM2sKS4M -g/CpNdfhUshgxeNCmY0tJFu6cl/LFi7qbLBPNXQk0NDKZciiijARh9fFSsvvUHTA -g63LOZw+AyldeO5NMEalDaDsWViKd99CDXX93Y5qWxxuM4WhbStzUBUOXVl9CZ6m -P0B/uC+1IR56NETveklSRth7JrrlG7GkbV8uTkHJzTEHw3t+jAGFi80zV+V/gaAH -mMaXuv74UYosp2Zjdr5Ee5QLlo61kAWjKro9pd2uOyCUyGjijCcuyKa6zaNs1klp -9ehX0hnN1nX9blp/5Qx/fYLcds8vSr9QIpG6GEx5gJ5PCryckys= -=omrg +iQIzBAABCgAdFiEEsGiE7bd5yJsETmTjzW2/jvOxfT4FAlph9S8ACgkQzW2/jvOx +fT4Acg/+JmF+1Y+pwI/cFwFJNbgY3+9Lo2jWtV929Faip/h7MoRdm4eGUB6DW4ts +3xn0prfIlOHSzg+GO7wda+/AWUe2V2VY3UKfd7HrxJ9PIr9RCUYOTFucIvW+7Jpd +MqxHhohURQKKUfOHHPzenGPoZdnI+pyf6sK7xL11rnDNyPd7P8MqZc6QCa4WrfI9 +Z9fmTwuXH7r4kP4uPhqi1pEa5awM1UEJPPF+ovl5s8JcfsYPtN/c6FKAZf0wzz+s +SxuJIx/6JB4wIepOVMNEMObOzfhLqM96w3CAFGaDLi1w4dVfBqMknVEikArlbEKV +zvtkKevYsnkbmOYbFdsyqyr4+8VnzAor+RBauXc3H5DT5yUFryBLXzQxIc7EgBOn +b69pr3VhLctjtsHpdWRGFzxRh//EDNEYSHspoOqURivUTtR1U/qIV/pJ5P38hBfr +udXy7gFTrrny3nA3fGvK7Lr+yDW72V2z2oMqR0TKPKAJkrmDAyX11svdEBBNJjpt +yzQUWHoWvlzZ8YJlBbTh1gGjXT1SEhSVQBbYcgZJb7fy/WVJg2TS5uf965Xckvig +uFGdHnjkWeJHLFZUciHabxwdXroIj/rRymR+vRb/sqmuVroT4pMaS1sx96SUHfyD +OoGK/KeCHeP9xYywlAFb/mzd+bRkL9O2+sb0yjLtgSEMB9A5HQs= +=z1t9 -----END PGP SIGNATURE-----
