Buildroot Archive on lore.kernel.org
 help / color / mirror / Atom feed
* [Buildroot] [PATCH 1/1] package/squid: security bump to version 5.6
@ 2022-08-26 21:22 Fabrice Fontaine
  2022-08-27  7:59 ` Yann E. MORIN
  2022-09-17 15:40 ` Peter Korsgaard
  0 siblings, 2 replies; 3+ messages in thread
From: Fabrice Fontaine @ 2022-08-26 21:22 UTC (permalink / raw)
  To: buildroot; +Cc: Fabrice Fontaine

Fix CVE-2021-46784: In Squid 3.x through 3.5.28, 4.x through 4.17, and
5.x before 5.6, due to improper buffer management, a Denial of Service
can occur when processing long Gopher server responses.

https://github.com/squid-cache/squid/security/advisories/GHSA-f5cp-6rh3-284w

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
---
 package/squid/squid.hash | 8 ++++----
 package/squid/squid.mk   | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/package/squid/squid.hash b/package/squid/squid.hash
index e18ed8961e..22c6db8c70 100644
--- a/package/squid/squid.hash
+++ b/package/squid/squid.hash
@@ -1,6 +1,6 @@
-# From http://www.squid-cache.org/Versions/v5/squid-5.3.tar.xz.asc
-md5  9249f30169ab6600e53b4f9b8129b3b0  squid-5.3.tar.xz
-sha1  d3a8310c725616fa7565d60f3bf8fdf5fa20b15a  squid-5.3.tar.xz
+# From http://www.squid-cache.org/Versions/v5/squid-5.6.tar.xz.asc
+md5  2f2201a18a0a727ab589d951ebe4f815  squid-5.6.tar.xz
+sha1  a01f47b3e9ff06245c894773de30bfd88ab14f65  squid-5.6.tar.xz
 # Locally calculated
-sha256  45178588df1311ded41ebadd632840c4d93a8d7f5f60e38e74acf2f1ae2f1715  squid-5.3.tar.xz
+sha256  38d27338a347597ce0e93d0c3be6e5f66b6750417c474ca87ee0d61bb6d148db  squid-5.6.tar.xz
 sha256  8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643  COPYING
diff --git a/package/squid/squid.mk b/package/squid/squid.mk
index 3847fb49dc..86a0c714c6 100644
--- a/package/squid/squid.mk
+++ b/package/squid/squid.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-SQUID_VERSION = 5.3
+SQUID_VERSION = 5.6
 SQUID_SOURCE = squid-$(SQUID_VERSION).tar.xz
 SQUID_SITE = http://www.squid-cache.org/Versions/v5
 SQUID_LICENSE = GPL-2.0+
-- 
2.35.1

_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply related	[flat|nested] 3+ messages in thread
* Re: [Buildroot] [PATCH 1/1] package/squid: security bump to version 5.6
  2022-08-26 21:22 [Buildroot] [PATCH 1/1] package/squid: security bump to version 5.6 Fabrice Fontaine
@ 2022-08-27  7:59 ` Yann E. MORIN
  2022-09-17 15:40 ` Peter Korsgaard
  1 sibling, 0 replies; 3+ messages in thread
From: Yann E. MORIN @ 2022-08-27  7:59 UTC (permalink / raw)
  To: Fabrice Fontaine; +Cc: buildroot

Fabrice, All,

On 2022-08-26 23:22 +0200, Fabrice Fontaine spake thusly:
> Fix CVE-2021-46784: In Squid 3.x through 3.5.28, 4.x through 4.17, and
> 5.x before 5.6, due to improper buffer management, a Denial of Service
> can occur when processing long Gopher server responses.
> 
> https://github.com/squid-cache/squid/security/advisories/GHSA-f5cp-6rh3-284w
> 
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>

Applied to master, thanks.

Regards,
Yann E. MORIN.

> ---
>  package/squid/squid.hash | 8 ++++----
>  package/squid/squid.mk   | 2 +-
>  2 files changed, 5 insertions(+), 5 deletions(-)
> 
> diff --git a/package/squid/squid.hash b/package/squid/squid.hash
> index e18ed8961e..22c6db8c70 100644
> --- a/package/squid/squid.hash
> +++ b/package/squid/squid.hash
> @@ -1,6 +1,6 @@
> -# From http://www.squid-cache.org/Versions/v5/squid-5.3.tar.xz.asc
> -md5  9249f30169ab6600e53b4f9b8129b3b0  squid-5.3.tar.xz
> -sha1  d3a8310c725616fa7565d60f3bf8fdf5fa20b15a  squid-5.3.tar.xz
> +# From http://www.squid-cache.org/Versions/v5/squid-5.6.tar.xz.asc
> +md5  2f2201a18a0a727ab589d951ebe4f815  squid-5.6.tar.xz
> +sha1  a01f47b3e9ff06245c894773de30bfd88ab14f65  squid-5.6.tar.xz
>  # Locally calculated
> -sha256  45178588df1311ded41ebadd632840c4d93a8d7f5f60e38e74acf2f1ae2f1715  squid-5.3.tar.xz
> +sha256  38d27338a347597ce0e93d0c3be6e5f66b6750417c474ca87ee0d61bb6d148db  squid-5.6.tar.xz
>  sha256  8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643  COPYING
> diff --git a/package/squid/squid.mk b/package/squid/squid.mk
> index 3847fb49dc..86a0c714c6 100644
> --- a/package/squid/squid.mk
> +++ b/package/squid/squid.mk
> @@ -4,7 +4,7 @@
>  #
>  ################################################################################
>  
> -SQUID_VERSION = 5.3
> +SQUID_VERSION = 5.6
>  SQUID_SOURCE = squid-$(SQUID_VERSION).tar.xz
>  SQUID_SITE = http://www.squid-cache.org/Versions/v5
>  SQUID_LICENSE = GPL-2.0+
> -- 
> 2.35.1
> 
> _______________________________________________
> buildroot mailing list
> buildroot@buildroot.org
> https://lists.buildroot.org/mailman/listinfo/buildroot

-- 
.-----------------.--------------------.------------------.--------------------.
|  Yann E. MORIN  | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software  Designer | \ / CAMPAIGN     |  ___               |
| +33 561 099 427 `------------.-------:  X  AGAINST      |  \e/  There is no  |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL    |   v   conspiracy.  |
'------------------------------^-------^------------------^--------------------'
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: [Buildroot] [PATCH 1/1] package/squid: security bump to version 5.6
  2022-08-26 21:22 [Buildroot] [PATCH 1/1] package/squid: security bump to version 5.6 Fabrice Fontaine
  2022-08-27  7:59 ` Yann E. MORIN
@ 2022-09-17 15:40 ` Peter Korsgaard
  1 sibling, 0 replies; 3+ messages in thread
From: Peter Korsgaard @ 2022-09-17 15:40 UTC (permalink / raw)
  To: Fabrice Fontaine; +Cc: buildroot

>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice@gmail.com> writes:

 > Fix CVE-2021-46784: In Squid 3.x through 3.5.28, 4.x through 4.17, and
 > 5.x before 5.6, due to improper buffer management, a Denial of Service
 > can occur when processing long Gopher server responses.

 > https://github.com/squid-cache/squid/security/advisories/GHSA-f5cp-6rh3-284w

 > Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>

Committed to 2022.05.x and 2022.02.x, thanks.

-- 
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2022-09-17 15:40 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2022-08-26 21:22 [Buildroot] [PATCH 1/1] package/squid: security bump to version 5.6 Fabrice Fontaine
2022-08-27  7:59 ` Yann E. MORIN
2022-09-17 15:40 ` Peter Korsgaard

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox