Bug 248856 - www/squid: Update to 4.13
Summary: www/squid: Update to 4.13
Status: Open
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Kurt Jaeger
URL: http://www.squid-cache.org/Versions/v...
Keywords: buildisok
Depends on:
Blocks:
 
Reported: 2020-08-23 18:42 UTC by Pavel Timofeev
Modified: 2021-06-01 22:16 UTC (History)
3 users (show)

See Also:
pi: maintainer-feedback+
pi: merge-quarterly+

Attachments
port patch (7.75 KB, patch)
2020-08-23 18:42 UTC, Pavel Timofeev 		timp87: maintainer-approval+
Details | Diff
port patch new (8.86 KB, patch)
2020-08-24 19:15 UTC, Pavel Timofeev 		timp87: maintainer-approval+
Details | Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Pavel Timofeev 2020-08-23 18:42:15 UTC 
Created attachment 217461 [details]
port patch

- update it to 4.13
- remove upstreamed patch
Comment 1 Automation User 2020-08-23 19:17:42 UTC 
Build info is available at https://gitlab.com/swills/freebsd-ports/pipelines/181049158
Comment 2 Daniel Engberg 2020-08-23 21:15:04 UTC 
Please update MIRROR_SITES, many of the listed ones doesn't work.

http://www2.us.squid-cache.org/Versions/v4/ --> http://mirrors.vcea.wsu.edu/squid-cache/ftp/

Dead: 
http://www1.at.squid-cache.org
http://www.eu.squid-cache.org

Official mirror list:
http://www1.jp.squid-cache.org/Download/mirrors.html

You may want to consider putting a few mirrors in front of main site for offloading and use it only as a last resort.
Comment 3 Daniel Engberg 2020-08-23 21:16:11 UTC 
MIRROR_SITES should of course be MASTER_SITES
Sorry for the typo!
Comment 4 Kubilay Kocak freebsd_committer freebsd_triage 2020-08-24 03:24:33 UTC 
^Triage: If there is a changelog or release notes URL available for this version, please add it to the URL field
Comment 5 Pavel Timofeev 2020-08-24 19:15:44 UTC 
Created attachment 217500 [details]
port patch new

- update it to 4.13
- remove upstreamed patch
- update MASTER_SITES
Comment 6 commit-hook freebsd_committer 2020-08-31 15:07:55 UTC 
A commit references this bug:

Author: pi
Date: Mon Aug 31 15:07:04 UTC 2020
New revision: 547191
URL: https://svnweb.freebsd.org/changeset/ports/547191

Log:
  www/squid: update 4.12 -> 4.13

  - https://lists.freebsd.org/pipermail/freebsd-ports/2020-August/119290.html
    mentions security issues, but no CVEs

  PR:		248856
  Submitted by:	Pavel Timofeev <timp87@gmail.com> (maintainer)
  MFH:		2020Q3
  Relnotes:	http://www.squid-cache.org/Versions/v4/changesets/
  Security:	probably

Changes:
  head/www/squid/Makefile
  head/www/squid/distinfo
  head/www/squid/files/patch-src_security_Handshake.cc
Comment 7 Kurt Jaeger freebsd_committer 2020-08-31 16:17:40 UTC 
CVE-2020-15810 and CVE-2020-15811
Comment 8 commit-hook freebsd_committer 2020-09-02 04:34:15 UTC 
A commit references this bug:

Author: pi
Date: Wed Sep  2 04:33:57 UTC 2020
New revision: 547323
URL: https://svnweb.freebsd.org/changeset/ports/547323

Log:
  MFH: r547191

  www/squid: update 4.12 -> 4.13

  - https://lists.freebsd.org/pipermail/freebsd-ports/2020-August/119290.html
    mentions security issues, but no CVEs

  PR:		248856
  Submitted by:	Pavel Timofeev <timp87@gmail.com> (maintainer)
  Relnotes:	http://www.squid-cache.org/Versions/v4/changesets/
  Security:	probably
  Approved by:	portmgr (joneum)

Changes:
_U  branches/2020Q3/
  branches/2020Q3/www/squid/Makefile
  branches/2020Q3/www/squid/distinfo
  branches/2020Q3/www/squid/files/patch-src_security_Handshake.cc
Comment 9 Kurt Jaeger freebsd_committer 2020-09-02 05:56:44 UTC 
TODO: needs vuxml entry
Comment 10 Daniel Engberg 2021-03-18 14:20:39 UTC 
I guess we can close this now?
Comment 11 Kurt Jaeger freebsd_committer 2021-03-18 14:34:24 UTC 
(In reply to daniel.engberg.lists from comment #10)
It still needs the vuxml entry, I guess.
Comment 12 ml 2021-05-31 14:50:18 UTC 
(In reply to Kurt Jaeger from comment #11)

Meanwhile the port was upgraded to 4.14 which was also deemed vulnerable; 4.15 is out to fix that.
Comment 13 Pavel Timofeev 2021-06-01 22:16:29 UTC 
(In reply to ml from comment #12)
see https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=256358 for update to 4.15