cpet/openbsd-ports
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
127,728 Commits 1 Branch 0 Tags
Commit Graph

306 Commits

Author SHA1 Message Date
sthen
af3b8874ad http://www.squid-cache.org/Advisories/SQUID-2018_1.txt 
Due to incorrect pointer handling Squid is vulnerable to denial
 of service attack when processing ESI responses.

 This problem allows a remote server delivering certain ESI
 response syntax to trigger a denial of service for all clients
 accessing the Squid service.

http://www.squid-cache.org/Advisories/SQUID-2018_2.txt

 Due to incorrect pointer handling Squid is vulnerable to denial
 of service attack when processing ESI responses or downloading
 intermediate CA certificates.

 This problem allows a remote client delivering certain HTTP
 requests in conjunction with certain trusted server responses to
 trigger a denial of service for all clients accessing the Squid
 service.
 2018-01-23 15:00:02 +00:00
rpe
9a8b5ccd06 Change the shebang line from /bin/sh to /bin/ksh in all ports rc.d 
daemon scripts and bump subpackages that contain the *.rc scripts.

discussed with and OK aja@
OK tb
 2018-01-11 19:27:01 +00:00
naddy
11e3dd67b3 switch COMPILER from the old, confusing shortcuts to the more explicit format 2017-11-16 23:20:37 +00:00
sthen
30eaa4b102 sync WANTLIB and bump, gc a few gettext MODULES while there 2017-09-22 21:30:32 +00:00
sthen
dc8dda12df update to squid-3.5.27 2017-08-22 22:40:57 +00:00
sthen
5e964ab0df bump LIBCXX/LIBECXX/COMPILER_LIBCXX ports. 2017-07-26 22:45:14 +00:00
espie
8ac47fd9c6 use COMPILER_LIBCXX where applicable 2017-07-16 19:18:47 +00:00
sthen
3379847204 update to squid-3.5.26 2017-06-03 21:04:49 +00:00
espie
cc5bc426ed switch everything to new COMPILER idiom, even stuff that won't build with clang 
yet, but at least that part is done.
 2017-05-31 08:08:15 +00:00
sthen
0cec2e8b5c use WANT_CXX 2017-05-21 17:27:22 +00:00
schwarze
93309b5dd4 Unimportant whitespace differences only, drop USE_GROFF. 
While here, fix a number of quite serious escaping errors in
four manual pages that caused loss of important information.
I will also send those upstream.

OK sthen@
 2017-05-11 16:29:55 +00:00
sthen
abec0e3c77 update to squid-3.5.25 2017-04-04 21:09:30 +00:00
ajacoutot
a4751d331b Missed bump. 2017-02-18 17:33:51 +00:00
ajacoutot
1722249aa0 idn -> idn2 after gnutls WANTLIB change. 2017-02-18 17:32:37 +00:00
sthen
1bd5c493ce update to squid-3.5.24 2017-01-29 20:43:31 +00:00
sthen
d2f20ed67b update to squid-3.5.23 
<http://www.squid-cache.org/Advisories/SQUID-2016_10.txt>
Incorrect HTTP Request header comparison results in Collapsed
Forwarding feature mistakenly identifying some private responses as
being suitable for delivery to multiple clients.

<http://www.squid-cache.org/Advisories/SQUID-2016_11.txt>
Incorrect processing of responses to If-None-Modified HTTP conditional
requests leads to client-specific Cookie data being leaked to other
clients. Attack requests can easily be crafted by a client to probe a
cache for this information.
 2016-12-18 22:36:52 +00:00
sthen
bc924e53fc update to squid-3.5.22 2016-10-11 13:47:44 +00:00
sthen
b8e4361f30 update to squid-3.5.21 2016-09-13 19:27:11 +00:00
sthen
cad1945c38 update to squid-3.5.20, various fixes including some asserts 2016-07-04 12:13:40 +00:00
sthen
d7bb82ebb8 Switch squid to ports gcc, it's already used on powerpc, fixes some problems 
on arm (found by Steven Chamberlain), so it seems like it may be a safer
approach (and the next major version requires newer c++ anyway).  Based on
a diff from Steven Chamberlain.
 2016-06-11 18:10:00 +00:00
sthen
5448cb79e8 fix no_ldap builds 2016-05-12 16:15:58 +00:00
sthen
2012b0ace2 update to squid-3.5.19 (compared to 3.5.18, fixes a problem with interception 
proxies)
 2016-05-09 13:52:45 +00:00
sthen
df3b722c65 update to squid-3.5.18 2016-05-07 14:06:41 +00:00
sthen
38a830c8b0 add upstream patches to Squid (there should be an upstream release 
soon, but the patches make sense for now) -

1) Cache Poisoning issue in HTTP Request handling
http://www.squid-cache.org/Advisories/SQUID-2016_7.txt

2) Header Smuggling issue in HTTP Request processing
http://www.squid-cache.org/Advisories/SQUID-2016_8.txt

3) Multiple Denial of Service issues in ESI Response processing.
http://www.squid-cache.org/Advisories/SQUID-2016_9.txt
 2016-05-06 19:44:11 +00:00
sthen
685c415639 update to squid-3.5.17, fixing some buffer overflows and possible 
disclosure of stack contents. when available, reports will be at
http://www.squid-cache.org/Advisories/SQUID-2016_5.txt
http://www.squid-cache.org/Advisories/SQUID-2016_6.txt
 2016-04-20 16:36:50 +00:00
sthen
b8de09f036 update to squid-3.5.16, various fixes including a buffer overflow in pinger 
with icmp6.
 2016-04-02 10:44:18 +00:00
naddy
ce859edcb4 garbage collect CONFIGURE_SHARED 2016-03-11 20:28:21 +00:00
sthen
f8011b5675 update to squid 3.5.15, dos fix 2016-02-25 00:47:20 +00:00
sthen
370a9fb9c0 Security update to squid-3.5.14, ok jasper@ rpointel@ 
http://www.squid-cache.org/Advisories/SQUID-2016_1.txt

"Due to incorrectly handling server errors Squid is vulnerable to a
denial of service attack when connecting to TLS or SSL servers."
 2016-02-16 13:21:07 +00:00
sthen
eeede057c8 update to squid-3.5.13, a couple of fixes, mostly TLS-intercept-related 2016-01-10 20:09:58 +00:00
sthen
aa7f6d8dac update to squid-3.5.12 2015-11-30 10:26:16 +00:00
sthen
2a41ed34cd fix autoconf check which used SSLv3_method; results in assert failure in 
some ssl interception modes
 2015-11-04 15:39:55 +00:00
sthen
c9e2ff2014 update to squid-3.5.11 2015-11-02 17:21:55 +00:00
sthen
f712f64382 update to squid-3.5.10 2015-10-09 00:28:56 +00:00
sthen
83f88baaa6 bump REVISION to ensure the pkg version number in -current is above 
-stable, especially now that dirs have been reorganised.
 2015-09-30 08:56:27 +00:00
sthen
0f44ba58ad Update to squid-3.5.9, fixes problems with TLS/SSL parsing in configurations 
using SSL-Bump.

- int overflow with extension parsing: char << 8 into a short
http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-13915.patch

- {Client,Server}Hello parsing; when checking for TLS extensions, don't
check for bytes following compression_method in the _whole_ message, only
in the *Hello part ("does not account for the fact that the message may
contain more than just ServerHello").
http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-13915.patch
 2015-09-18 11:17:04 +00:00
sthen
f5d8cc22e3 drop accidentally-added .orig patch file. ports ignore these anyway so no bump. 2015-09-10 13:02:40 +00:00
sthen
6c2a6e4b95 Currently Squid 3.5 is considered stable. Rather than moving snapshot/* 
to stable/*, just drop back to a single version of squid in ports.
 2015-09-10 13:00:10 +00:00
sthen
cda9ae88c4 update to squid-3.5.8 and reenable -ntlm subpackage while there. 
(I have no way to test ntlmauth but it builds ok, reports welcome).
 2015-09-04 21:39:31 +00:00
sthen
1ae5691acb update to squid-3.5.8 and reenable -ntlm subpackage while there. 
(I have no way to test ntlmauth but it builds ok, reports welcome).
 2015-09-04 21:38:46 +00:00
sthen
8fb57d1a40 fix squid-3.5 build with OPENSSL_NO_SSL3, with help from jsing and 
the src/ssl/support.cc part is borrwed from jca's diff to squid-3.4
 2015-08-28 21:43:50 +00:00
jca
7056367d18 Additional fixes for SSLv3 removal. ok sthen@ (maintainer) 2015-08-28 11:45:39 +00:00
ajacoutot
b6c53696b5 /var/run content is already removed by /etc/rc, so no need to handle that in 
the package. If a /var/run/foo directory must exist for proper start of a
software, then the rc.d script should take care of it.
 2015-08-25 07:30:29 +00:00
sthen
19d3101693 add a secondary MASTER_SITES 2015-08-24 10:44:26 +00:00
sthen
1cb2abdb65 update to squid-3.5.7 2015-08-11 21:54:55 +00:00
sthen
0cf34d4698 SECURITY update to squid-3.4.14 
- Do not blindly forward cache peer CONNECT responses (CVE-2015-5400)
 2015-08-11 20:47:47 +00:00
sthen
682738c92b guard SSLv3_client_method with OPENSSL_NO_SSL3 2015-07-18 21:00:13 +00:00
sthen
809418b1bc update to squid 3.5.6 2015-07-06 13:43:06 +00:00
sthen
655c23489d update to squid-3.5.5 2015-06-11 14:57:30 +00:00
sthen
73094487fc don't pick up openpam if installed; dpb junking problem reported by aja. 
no bump needed, it is used to decide whether or not to build a helper app
that isn't packaged anyway.
 2015-06-06 23:08:22 +00:00