Bug 248856
| Summary: | www/squid: Update to 4.13 | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Product: | Ports & Packages | Reporter: | Pavel Timofeev <timp87> | ||||||
| Component: | Individual Port(s) | Assignee: | Kurt Jaeger <pi> | ||||||
| Status: | Closed FIXED | ||||||||
| Severity: | Affects Only Me | CC: | diizzy, ml, ozkan.kirik, pi, sa.inbox, timp87 | ||||||
| Priority: | --- | Keywords: | buildisok | ||||||
| Version: | Latest | Flags: | pi:
maintainer-feedback+
pi: merge-quarterly+ |
||||||
| Hardware: | Any | ||||||||
| OS: | Any | ||||||||
| URL: | http://www.squid-cache.org/Versions/v4/squid-4.13-RELEASENOTES.html | ||||||||
| Attachments: |
|
||||||||
Build info is available at https://gitlab.com/swills/freebsd-ports/pipelines/181049158 Please update MIRROR_SITES, many of the listed ones doesn't work. http://www2.us.squid-cache.org/Versions/v4/ --> http://mirrors.vcea.wsu.edu/squid-cache/ftp/ Dead: http://www1.at.squid-cache.org http://www.eu.squid-cache.org Official mirror list: http://www1.jp.squid-cache.org/Download/mirrors.html You may want to consider putting a few mirrors in front of main site for offloading and use it only as a last resort. MIRROR_SITES should of course be MASTER_SITES Sorry for the typo! ^Triage: If there is a changelog or release notes URL available for this version, please add it to the URL field Created attachment 217500 [details]
port patch new
- update it to 4.13
- remove upstreamed patch
- update MASTER_SITES
A commit references this bug: Author: pi Date: Mon Aug 31 15:07:04 UTC 2020 New revision: 547191 URL: https://svnweb.freebsd.org/changeset/ports/547191 Log: www/squid: update 4.12 -> 4.13 - https://lists.freebsd.org/pipermail/freebsd-ports/2020-August/119290.html mentions security issues, but no CVEs PR: 248856 Submitted by: Pavel Timofeev <timp87@gmail.com> (maintainer) MFH: 2020Q3 Relnotes: http://www.squid-cache.org/Versions/v4/changesets/ Security: probably Changes: head/www/squid/Makefile head/www/squid/distinfo head/www/squid/files/patch-src_security_Handshake.cc CVE-2020-15810 and CVE-2020-15811 A commit references this bug: Author: pi Date: Wed Sep 2 04:33:57 UTC 2020 New revision: 547323 URL: https://svnweb.freebsd.org/changeset/ports/547323 Log: MFH: r547191 www/squid: update 4.12 -> 4.13 - https://lists.freebsd.org/pipermail/freebsd-ports/2020-August/119290.html mentions security issues, but no CVEs PR: 248856 Submitted by: Pavel Timofeev <timp87@gmail.com> (maintainer) Relnotes: http://www.squid-cache.org/Versions/v4/changesets/ Security: probably Approved by: portmgr (joneum) Changes: _U branches/2020Q3/ branches/2020Q3/www/squid/Makefile branches/2020Q3/www/squid/distinfo branches/2020Q3/www/squid/files/patch-src_security_Handshake.cc TODO: needs vuxml entry I guess we can close this now? (In reply to daniel.engberg.lists from comment #10) It still needs the vuxml entry, I guess. (In reply to Kurt Jaeger from comment #11) Meanwhile the port was upgraded to 4.14 which was also deemed vulnerable; 4.15 is out to fix that. (In reply to ml from comment #12) see https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=256358 for update to 4.15 (In reply to Pavel Timofeev from comment #13) Then again, Squid it's now at 4.17 (which closes vulnerabilities in 4.15 which is in ports). BTW, Squid 4 is not the main branch anymore, as 5 is out of beta (and 5.0.6 from ports is also affected by CVEs). +1 www/squid upgrade to 5.3 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=260927 Closing this, next time make sure to add vuxml entries |
Created attachment 217461 [details] port patch - update it to 4.13 - remove upstreamed patch