Bug 248856 - www/squid: Update to 4.13
Summary: www/squid: Update to 4.13
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Kurt Jaeger
URL: http://www.squid-cache.org/Versions/v...
Keywords: buildisok
Depends on:
Blocks:
 
Reported: 2020-08-23 18:42 UTC by Pavel Timofeev
Modified: 2022-08-08 23:11 UTC (History)
6 users (show)

See Also:
pi: maintainer-feedback+
pi: merge-quarterly+

Attachments
port patch (7.75 KB, patch)
2020-08-23 18:42 UTC, Pavel Timofeev 		timp87: maintainer-approval+
Details | Diff
port patch new (8.86 KB, patch)
2020-08-24 19:15 UTC, Pavel Timofeev 		timp87: maintainer-approval+
Details | Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Pavel Timofeev 2020-08-23 18:42:15 UTC 
Created attachment 217461 [details]
port patch

- update it to 4.13
- remove upstreamed patch
Comment 1 Automation User 2020-08-23 19:17:42 UTC 
Build info is available at https://gitlab.com/swills/freebsd-ports/pipelines/181049158
Comment 2 Daniel Engberg freebsd_committer freebsd_triage 2020-08-23 21:15:04 UTC 
Please update MIRROR_SITES, many of the listed ones doesn't work.

http://www2.us.squid-cache.org/Versions/v4/ --> http://mirrors.vcea.wsu.edu/squid-cache/ftp/

Dead: 
http://www1.at.squid-cache.org
http://www.eu.squid-cache.org

Official mirror list:
http://www1.jp.squid-cache.org/Download/mirrors.html

You may want to consider putting a few mirrors in front of main site for offloading and use it only as a last resort.
Comment 3 Daniel Engberg freebsd_committer freebsd_triage 2020-08-23 21:16:11 UTC 
MIRROR_SITES should of course be MASTER_SITES
Sorry for the typo!
Comment 4 Kubilay Kocak freebsd_committer freebsd_triage 2020-08-24 03:24:33 UTC 
^Triage: If there is a changelog or release notes URL available for this version, please add it to the URL field
Comment 5 Pavel Timofeev 2020-08-24 19:15:44 UTC 
Created attachment 217500 [details]
port patch new

- update it to 4.13
- remove upstreamed patch
- update MASTER_SITES
Comment 6 commit-hook freebsd_committer freebsd_triage 2020-08-31 15:07:55 UTC 
A commit references this bug:

Author: pi
Date: Mon Aug 31 15:07:04 UTC 2020
New revision: 547191
URL: https://svnweb.freebsd.org/changeset/ports/547191

Log:
  www/squid: update 4.12 -> 4.13

  - https://lists.freebsd.org/pipermail/freebsd-ports/2020-August/119290.html
    mentions security issues, but no CVEs

  PR:		248856
  Submitted by:	Pavel Timofeev <timp87@gmail.com> (maintainer)
  MFH:		2020Q3
  Relnotes:	http://www.squid-cache.org/Versions/v4/changesets/
  Security:	probably

Changes:
  head/www/squid/Makefile
  head/www/squid/distinfo
  head/www/squid/files/patch-src_security_Handshake.cc
Comment 7 Kurt Jaeger freebsd_committer freebsd_triage 2020-08-31 16:17:40 UTC 
CVE-2020-15810 and CVE-2020-15811
Comment 8 commit-hook freebsd_committer freebsd_triage 2020-09-02 04:34:15 UTC 
A commit references this bug:

Author: pi
Date: Wed Sep  2 04:33:57 UTC 2020
New revision: 547323
URL: https://svnweb.freebsd.org/changeset/ports/547323

Log:
  MFH: r547191

  www/squid: update 4.12 -> 4.13

  - https://lists.freebsd.org/pipermail/freebsd-ports/2020-August/119290.html
    mentions security issues, but no CVEs

  PR:		248856
  Submitted by:	Pavel Timofeev <timp87@gmail.com> (maintainer)
  Relnotes:	http://www.squid-cache.org/Versions/v4/changesets/
  Security:	probably
  Approved by:	portmgr (joneum)

Changes:
_U  branches/2020Q3/
  branches/2020Q3/www/squid/Makefile
  branches/2020Q3/www/squid/distinfo
  branches/2020Q3/www/squid/files/patch-src_security_Handshake.cc
Comment 9 Kurt Jaeger freebsd_committer freebsd_triage 2020-09-02 05:56:44 UTC 
TODO: needs vuxml entry
Comment 10 Daniel Engberg freebsd_committer freebsd_triage 2021-03-18 14:20:39 UTC 
I guess we can close this now?
Comment 11 Kurt Jaeger freebsd_committer freebsd_triage 2021-03-18 14:34:24 UTC 
(In reply to daniel.engberg.lists from comment #10)
It still needs the vuxml entry, I guess.
Comment 12 ml 2021-05-31 14:50:18 UTC 
(In reply to Kurt Jaeger from comment #11)

Meanwhile the port was upgraded to 4.14 which was also deemed vulnerable; 4.15 is out to fix that.
Comment 13 Pavel Timofeev 2021-06-01 22:16:29 UTC 
(In reply to ml from comment #12)
see https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=256358 for update to 4.15
Comment 14 ml 2021-12-02 13:43:53 UTC 
(In reply to Pavel Timofeev from comment #13)

Then again, Squid it's now at 4.17 (which closes vulnerabilities in 4.15 which is in ports).
BTW, Squid 4 is not the main branch anymore, as 5 is out of beta (and 5.0.6 from ports is also affected by CVEs).
Comment 15 Ozkan KIRIK 2021-12-12 13:01:14 UTC 
+1
Comment 16 Pavel Timofeev 2022-01-04 17:15:55 UTC 
www/squid upgrade to 5.3 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=260927
Comment 17 Daniel Engberg freebsd_committer freebsd_triage 2022-08-08 23:11:16 UTC 
Closing this, next time make sure to add vuxml entries