Bug 207454 - www/squid: update to 3.5.15
Summary: www/squid: update to 3.5.15
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: amd64 Any
: --- Affects Some People
Assignee: Jason Unovitch
URL:
Keywords: easy, patch, patch-ready, security
Depends on:
Blocks:
 
Reported: 2016-02-24 06:14 UTC by Pavel Timofeev
Modified: 2016-02-28 00:51 UTC (History)
2 users (show)

See Also:
junovitch: merge-quarterly+

Attachments
port patch (1002 bytes, patch)
2016-02-24 06:14 UTC, Pavel Timofeev 		timp87: maintainer-approval+
Details | Diff
poudriere log (858.97 KB, text/x-log)
2016-02-24 07:17 UTC, Pavel Timofeev 		no flags Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Pavel Timofeev 2016-02-24 06:14:34 UTC 
Created attachment 167349 [details]
port patch

Hello!
Update our www/squid to 3.5.15.
I'll provide Q&A a bit later.
Comment 1 Pavel Timofeev 2016-02-24 07:17:50 UTC 
Created attachment 167355 [details]
poudriere log
Comment 2 commit-hook freebsd_committer freebsd_triage 2016-02-24 11:46:43 UTC 
A commit references this bug:

Author: junovitch
Date: Wed Feb 24 11:46:10 UTC 2016
New revision: 409460
URL: https://svnweb.freebsd.org/changeset/ports/409460

Log:
  Document squid remote DoS in HTTP response processing

  PR:		207454
  Reported by:	Pavel Timofeev <timp87@gmail.com>
  Security:	https://vuxml.FreeBSD.org/freebsd/660ebbf5-daeb-11e5-b2bd-002590263bf5.html

Changes:
  head/security/vuxml/vuln.xml
Comment 3 Jason Unovitch freebsd_committer freebsd_triage 2016-02-24 11:54:41 UTC 
I'm mostly AFK for a bit but I did the VuXML for this PR... Fix the tags and add CCs.
Comment 4 commit-hook freebsd_committer freebsd_triage 2016-02-25 01:09:48 UTC 
A commit references this bug:

Author: junovitch
Date: Thu Feb 25 01:09:22 UTC 2016
New revision: 409487
URL: https://svnweb.freebsd.org/changeset/ports/409487

Log:
  www/squid: update 3.5.14 -> 3.5.15

  Changes:
  * Bug 3870 assertion failed: String.cc: 'len_ + len <65536' in ESI::CustomParser
  * Fix multiple assertion on String overflows
  * Fix unit test errors on MacOS
  * Better handling of huge response headers. Fewer incorrect "Bug #3279" messages
  * Log noise reduction for eCAP

  PR:		207454
  Submitted by:	Pavel Timofeev <timp87@gmail.com> (maintainer)
  Security:	https://vuxml.FreeBSD.org/freebsd/660ebbf5-daeb-11e5-b2bd-002590263bf5.html
  X-MFH-With:	r406625, r409148

Changes:
  head/www/squid/Makefile
  head/www/squid/distinfo
Comment 5 commit-hook freebsd_committer freebsd_triage 2016-02-25 03:09:00 UTC 
A commit references this bug:

Author: junovitch
Date: Thu Feb 25 03:08:09 UTC 2016
New revision: 409491
URL: https://svnweb.freebsd.org/changeset/ports/409491

Log:
  MFH: r406625, r409148, r409487

  www/squid: update 3.5.12 -> 3.5.15

  PR:             206127
  PR:             207294
  PR:             207454
  Submitted by:   Pavel Timofeev <timp87@gmail.com> (maintainer)
  Approved by:	ports-secteam (miwi)
  Security:       CVE-2016-2390
  Security:       https://vuxml.FreeBSD.org/freebsd/56562efb-d5e4-11e5-b2bd-002590263bf5.html
  Security:       https://vuxml.FreeBSD.org/freebsd/660ebbf5-daeb-11e5-b2bd-002590263bf5.html

Changes:
_U  branches/2016Q1/
  branches/2016Q1/www/squid/Makefile
  branches/2016Q1/www/squid/distinfo
Comment 6 commit-hook freebsd_committer freebsd_triage 2016-02-28 00:51:10 UTC 
A commit references this bug:

Author: junovitch
Date: Sun Feb 28 00:50:12 UTC 2016
New revision: 409709
URL: https://svnweb.freebsd.org/changeset/ports/409709

Log:
  Revise Squid entry with CVE assignment and SQUID-2016:2 advisory reference

  PR:		207454
  Reported by:	Pavel Timofeev <timp87@gmail.com>
  Security:	CVE-2016-2569
  Security:	CVE-2016-2570
  Security:	CVE-2016-2571
  Security:	https://vuxml.FreeBSD.org/freebsd/660ebbf5-daeb-11e5-b2bd-002590263bf5.html

Changes:
  head/security/vuxml/vuln.xml