Summary: | www/squid: Update to 4.10 | ||||||
---|---|---|---|---|---|---|---|
Product: | Ports & Packages | Reporter: | Pavel Timofeev <timp87> | ||||
Component: | Individual Port(s) | Assignee: | Kurt Jaeger <pi> | ||||
Status: | Closed FIXED | ||||||
Severity: | Affects Many People | CC: | m.muenz, pi, ports-secteam, timp87 | ||||
Priority: | Normal | Keywords: | needs-qa | ||||
Version: | Latest | Flags: | koobs:
maintainer-feedback?
(timp87) koobs: merge-quarterly? |
||||
Hardware: | Any | ||||||
OS: | Any | ||||||
Bug Depends on: | 245433 | ||||||
Bug Blocks: | |||||||
Attachments: |
|
Also there were several security issues fixed in this release: http://www.squid-cache.org/Advisories/SQUID-2020_1.txt http://www.squid-cache.org/Advisories/SQUID-2020_2.txt http://www.squid-cache.org/Advisories/SQUID-2020_3.txt (In reply to timp87 from comment #1) Thanks to Raúl Muñoz to pointing to them TODO: vuxml entries A commit references this bug: Author: pi Date: Tue Feb 11 19:46:52 UTC 2020 New revision: 525889 URL: https://svnweb.freebsd.org/changeset/ports/525889 Log: www/squid: upgrade 4.9 -> 4.10 PR: 244026 Submitted by: timp87@gmail.com (maintainer) Relnotes: http://lists.squid-cache.org/pipermail/squid-announce/2020-February/000107.html Security: http://www.squid-cache.org/Advisories/SQUID-2020_1.txt http://www.squid-cache.org/Advisories/SQUID-2020_2.txt http://www.squid-cache.org/Advisories/SQUID-2020_3.txt Changes: head/www/squid/Makefile head/www/squid/distinfo head/www/squid/files/patch-src_security_ServerOptions.h I think this issue can be closed now? It still needs vuxml entries. Any volunteers 8-} ? I take it .. will link the PR later. Is www/squid3 also affected by the security vulnerability? Is there a separate patch for this (3.x) branch? Have upstream already merged changes to that branch? (In reply to Kurt Jaeger from comment #6) VuXML in bug 245433 (now a dependent of this issue) (In reply to Kubilay Kocak from comment #8) www/squid3 is also affected but upstream only provide patches, no real releases (as described in vendor SA's above). Maybe squid3 port maintainer can add them? www/squid3 is abandoned by upstream almost 2 years ago. I'd rather prefer removing www/squid3 from the ports tree vuxml done |
Created attachment 211538 [details] port patch - Update squid to 4.10 - Remove patch-src_security_ServerOptions.h as upstream changed