diff options
| author | taca <taca@pkgsrc.org> | 2016-04-02 09:07:40 +0000 |
|---|---|---|
| committer | taca <taca@pkgsrc.org> | 2016-04-02 09:07:40 +0000 |
| commit | 70a9a730c011aed0ea38da9b1734756bafceb20b (patch) | |
| tree | c0e25adbdc36c4b55b45f816f4162d8463ea4ae8 /www/squid3 | |
| parent | 7f6687169e584a9ed81ffcd3f423a9ef6c93a4a3 (diff) | |
| download | pkgsrc-70a9a730c011aed0ea38da9b1734756bafceb20b.tar.gz | |
Update squid3 pacakge to 3.5.16, fixing several security problems.
Please refer release note for other changes:
http://www.squid-cache.org/Versions/v3/3.5/RELEASENOTES.html
* SQUID-2016:4 - Denial of Service issue in HTTP Response processing
http://www.squid-cache.org/Advisories/SQUID-2016_4.txt
aka. CVE-2016-3948
This is another of the bugs left unfixed by the SQUID-2016:2 patches.
The visible symptom is assertions about:
"String.cc:*: 'len_ + len <65536'"
There is an attack in the wild for this one, but not as widely as for
the previous issues.
* SQUID-2016:3 - Buffer overrun issue in pinger ICMPv6 processing.
http://www.squid-cache.org/Advisories/SQUID-2016_3.txt
aka. CVE-2016-3947
This bug shows up as pinger crashing with Icmp6::Recv errors. This may
affect Squid HTTP routing decisions. In some configurations, sub-optimal
routing decisions may result in serious service degradation or even
transaction failures.
All previous Squid-3 releases are affected by both these issues. See the
advisory for further details. Upgrade or patching should be considered a
high priority.
* pinger: drop capabilities on Linux
On Linux, it is now possible to install pinger helper with only
CAP_NET_RAW permissions raised instead of full setuid-root:
(setcap cap_net_raw+ep /path/to/pinger &&
chmod u-s /path/to/pinger) || :
Other operating systems without libcap capabilities features are not
affected by this change.
* Bug #4447: FwdState.cc:447 "serverConnection() == conn" assertion
This rather cripling bug appears after the CVE-2016-2569 patch. It
turned out to be a race condition closing connections and has now been
fully fixed.
Diffstat (limited to 'www/squid3')
| -rw-r--r-- | www/squid3/Makefile | 5 | ||||
| -rw-r--r-- | www/squid3/distinfo | 10 |
2 files changed, 7 insertions, 8 deletions
diff --git a/www/squid3/Makefile b/www/squid3/Makefile index 4c8744f7d6e..f9f508a4493 100644 --- a/www/squid3/Makefile +++ b/www/squid3/Makefile @@ -1,7 +1,6 @@ -# $NetBSD: Makefile,v 1.62 2016/03/05 11:29:40 jperkin Exp $ +# $NetBSD: Makefile,v 1.63 2016/04/02 09:07:40 taca Exp $ -DISTNAME= squid-3.5.15 -PKGREVISION= 1 +DISTNAME= squid-3.5.16 CATEGORIES= www MASTER_SITES= http://www.squid-cache.org/Versions/v3/${PKGVERSION_NOREV:R}/ \ ftp://ftp.squid-cache.org/pub/squid/ \ diff --git a/www/squid3/distinfo b/www/squid3/distinfo index fa3c66e731b..710d11b270a 100644 --- a/www/squid3/distinfo +++ b/www/squid3/distinfo @@ -1,9 +1,9 @@ -$NetBSD: distinfo,v 1.47 2016/02/24 06:38:57 taca Exp $ +$NetBSD: distinfo,v 1.48 2016/04/02 09:07:40 taca Exp $ -SHA1 (squid-3.5.15.tar.xz) = 054fb18a3b0b8228be28e61bf58cfb621c266155 -RMD160 (squid-3.5.15.tar.xz) = 27730de4768f33cb288d4f34456fe1b3264475c7 -SHA512 (squid-3.5.15.tar.xz) = b5a6b4bc94d007f475419123b7ff4cdf7d47a024b859d2f7de0952115285114f06fd389fc6f463c21a1ce7d41e06227972bd802bafd2704cf0814afdee893dde -Size (squid-3.5.15.tar.xz) = 2315628 bytes +SHA1 (squid-3.5.16.tar.xz) = 8268ace3de2971222e4e5b05b0d3caa6475280d4 +RMD160 (squid-3.5.16.tar.xz) = 0ad226fd739b5cf13eef0cec6f9b988a68f92aad +SHA512 (squid-3.5.16.tar.xz) = 117cf70dd87aff0c0db209648c43a8c2f056c87331133948a799715748a28133df32cf6982251a8c1366c960bbda2bd2d33287df0df7c642632723c6dbedc8cf +Size (squid-3.5.16.tar.xz) = 2317320 bytes SHA1 (patch-compat_compat.h) = d6cd93fa7a6d0faad3bf1aca8ae4fa5c984fe288 SHA1 (patch-compat_debug.cc) = 95fc0aa6901834175b9bbf1ddb51eeb7d9ddc8c7 SHA1 (patch-compat_debug.h) = a828871704b1578b520d412393c3d398099a5fdc |