| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| 0001-Default-configuration-file-for-debian.patch | Default configuration file for debian | Luigi Gangitano <luigi@debian.org> | no | 2016-10-29 | ||
| 0002-Change-default-file-locations-for-debian.patch | Change default file locations for debian | Luigi Gangitano <luigi@debian.org> | no | 2016-10-29 | ||
| 0003-installed-binary-for-debian-ci.patch | Use installed squid binary for Debian CI testing =================================================================== |
Amos Jeffries <amosjeffries@squid-cache.org> | no | 2018-07-21 | ||
| 0005-Use-RuntimeDirectory-to-create-run-squid.patch | Use RuntimeDirectory to create /run/squid Instead of installing the /run/squid directory, which goes against Debian Policy, we instruct systemd to automatically create it for us when the service is started. |
Sergio Durigan Junior <sergiodj@debian.org> | no | 2020-05-11 | ||
| 0006-SQUID-2020_11.patch | commit 50e0ba1b03ec39720e981a641bb0d4e73aaa7b94 Merge pull request from GHSA-jvf6-h9gj-pmj6 * Add slash prefix to path-rootless or path-noscheme URLs * Update src/anyp/Uri.cc Co-authored-by: Alex Rousskov <rousskov@measurement-factory.com> * restore file trailer GH auto-removes * Remove redundant path-empty check * Removed stale comment left behind by b2ab59a Many things imply a leading `/` in a URI. Their enumeration is likely to (and did) become stale, misleading the reader. * fixup: Remind that the `src` iterator may be at its end We are dereferencing `src` without comparing it to `\0`. To many readers that (incorrectly) implies that we are not done iterating yet. Also fixed branch-added comment indentation. Co-authored-by: Alex Rousskov <rousskov@measurement-factory.com> diff --git a/src/anyp/Uri.cc b/src/anyp/Uri.cc index e4909ff1d..80131e17d 100644 |
Amos Jeffries <yadij@users.noreply.github.com> | no | 2020-09-04 | ||
| 0007-CVE-2021-28651.patch | Fix CVE-2021-28651. Due to a buffer-management bug, it allows a denial of service in URN processing. When resolving a request with the urn: scheme, the parser leaks a small amount of memory. |
Amos Jeffries <yadij@users.noreply.github.com> | not-needed | debian upstream | upstream, http://www.squid-cache.org/Versions/v4/changesets/squid-4-a975fd5aedc866629214aaaccb38376855351899.patch | 2021-05-27 |
| 0008-CVE-2021-28662-squid-4-b1c37c9e7b30d0efb5e5ccf8200f2a646b9c36f8.patch | commit b1c37c9e7b30d0efb5e5ccf8200f2a646b9c36f8 Limit HeaderLookupTable_t::lookup() to BadHdr and specific IDs diff --git a/src/http/RegisteredHeaders.cc b/src/http/RegisteredHeaders.cc index 6b420638e..348a1bb82 100644 |
Alex Rousskov <rousskov@measurement-factory.com> | no | 2021-03-16 | ||
| 0009-CVE-2021-28652-squid-4-0003e3518dc95e4b5ab46b5140af79b22253048e.patch | commit 0003e3518dc95e4b5ab46b5140af79b22253048e Bug 5106: Broken cache manager URL parsing (#788) Use already parsed request-target URL in cache manager and update CacheManager to Tokanizer based URL parse Removing use of sscan() and regex string processing which have proven to be problematic on many levels. Most particularly with regards to tolerance of normally harmless garbage syntax in URLs received. Support for generic URI schemes is added possibly resolving some issues reported with ftp:// URL and manager access via ftp_port sockets. Truly generic support for /squid-internal-mgr/ path prefix is added, fixing some user confusion about its use on cache_object: scheme URLs. TODO: support for single-name parameters and URL #fragments are left to future updates. As is refactoring the QueryParams data storage to avoid SBuf data copying. diff --git a/src/CacheManager.h b/src/CacheManager.h index 78a69f799..74705c58a 100644 |
Amos Jeffries <yadij@users.noreply.github.com> | no | 2021-04-30 | ||
| 0010-CVE-2021-31806-CVE-2021-31807-CVE-2021-31808-squid-4-e7cf864f938f24eea8af0692c04d16790983c823.patch | commit e7cf864f938f24eea8af0692c04d16790983c823 Handle more Range requests (#790) Also removed some effectively unused code. diff --git a/src/HttpHdrRange.cc b/src/HttpHdrRange.cc index 92b6660d1..7da29765c 100644 |
Alex Rousskov <rousskov@measurement-factory.com> | no | 2021-03-31 | ||
| 0011-squid-4-1e05a85bd28c22c9ca5d3ac9f5e86d6269ec0a8c.patch | commit 1e05a85bd28c22c9ca5d3ac9f5e86d6269ec0a8c (HEAD -> refs/heads/v4, refs/remotes/origin/v4) Handle more partial responses (#791) diff --git a/src/HttpHdrContRange.cc b/src/HttpHdrContRange.cc index b0e011fec..be07b4a3d 100644 |
Alex Rousskov <rousskov@measurement-factory.com> | no | 2021-04-02 | ||
| 0012-squid-4-780c4ea1b4c9d2fb41f6962aa6ed73ae57f74b2b.patch | commit 780c4ea1b4c9d2fb41f6962aa6ed73ae57f74b2b (refs/remotes/origin/v4, refs/remotes/github/v4, refs/heads/v4) Improve handling of Gopher responses (#1022) diff --git a/src/gopher.cc b/src/gopher.cc index 169b0e182..6187da18b 100644 |
Joshua Rogers <MegaManSec@users.noreply.github.com> | no | 2022-04-18 | ||
| 0013-squid-4-b003a0da7865caa25b5d1e70c79329b32409b02a.patch | commit b003a0da7865caa25b5d1e70c79329b32409b02a (HEAD -> refs/heads/v4, refs/remotes/origin/v4) WCCP: Validate packets better (#899) Update WCCP to support exception based error handling for parsing and processing we are moving Squid to for protocol handling. Update the main WCCPv2 parsing checks to throw meaningful exceptions when detected. diff --git a/src/wccp2.cc b/src/wccp2.cc index ee592449c..6ef469e91 100644 |
Amos Jeffries <yadij@users.noreply.github.com> | no | 2021-09-24 | ||
| 0014-SQUID-2022_1.patch | commit 2c5d2de9bdcd25d1127987f8f76c986ab5bfb6da Fix typo in manager ACL (#1113) diff --git a/src/cf.data.pre b/src/cf.data.pre index 4aef432ca..f15d56b13 100644 |
Amos Jeffries <yadij@users.noreply.github.com> | no | 2022-08-17 | ||
| 0015-SQUID-2022_2.patch | commit 4031c6c2b004190fdffbc19dab7cd0305a2025b7 (refs/remotes/origin/v4, refs/remotes/github/v4, refs/heads/v4) Bug 3193 pt2: NTLM decoder truncating strings (#1114) The initial bug fix overlooked large 'offset' causing integer wrap to extract a too-short length string. Improve debugs and checks sequence to clarify cases and ensure that all are handled correctly. diff --git a/lib/ntlmauth/ntlmauth.cc b/lib/ntlmauth/ntlmauth.cc index 5d9637290..f00fd51f8 100644 |
Amos Jeffries <yadij@users.noreply.github.com> | no | 2022-08-09 |