squid-migration-script-7:3.5.20-17.el7_9.10>  HLk|f*i $ƨza0lϩ1ťL1V4H3DWm"<^(&u,(>NҞ%G!qO[^PtQ Ea1g 2-蟜ϬE:\!Ã]=&F׻\JIu tKMIq}pi⌹JR ^|8n $Phs%.zD}_ )AgmUOfb.&s[8v}wh{b;?2-<Źoo8,x(ǨY ֱXf %y9VCiA&AK964ɚC*>闅qXGPdIcv9?d , 0 Y> j      04l(8X9xX:J<XGHIXY\]^bdefltuvwxyCsquid-migration-script3.5.2017.el7_9.10Migration script for squid caching proxyThe squid-migration-script contains scripts for squid configuration migration and script which prepares squid for downgrade operation.fx86-01.bsys.centos.org+CentOSGPLv2+ and (LGPLv2+ and MIT and BSD and Public Domain)CentOS BuildSystem System Environment/Daemonshttp://www.squid-cache.orglinuxx86_64+ffaf70756eaa8ebc20200c9f77ec6c7acec60661058e499abb26110ceca070235rootrootsquid-3.5.20-17.el7_9.10.src.rpmsquid-migration-scriptsquid-migration-script(x86-64)@    /usr/bin/pythonrpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)3.0.4-14.6.0-14.0-15.2-14.11.3e@eB=c47@b@`dd@_@_H_$^^}]9\ @Y*@Y*@X:@XӸXӸX@X@X @Xx@XRWv@WWt@W9W9W@WPW@W_W_WXWXW0{W(W!@W!@VCV@V@VVqVBUȒ@UU@UU@Ua@Ua@Ua@Tk@S&SRRRURTRkR@RRQ@QQvwQq1QHS@Q=@Q;$@Q9Q@Q"@P @P@P{@P5@P}L@PnP>@P OyOWMOLO/O))@ObO@OON'@NN@N@N@N@NNx@N[@NX@NLN6@N6@MMӴM?M3@MS@MRM%LLΫLLq@L@L@Ls@Lnn@L>@LLS@K;@Ki@KEKEKK!@KZKf@K}+KwKn@Kie@Kf@KHoK y@K y@JSJ@Jv@J@JJG@JJ@J@J@Jx"Jt.@JmJlE@JKOJHJ@Jp@IIcI@I@I2II~@IsIKIKIH!@H!@H@HH@HkmH:@H4H$@>.>%M@==ki=G@=6=)~=[@=@<< - 7:3.5.20-17.10Stepan Broz - 7:3.5.20-17.9Luboš Uhliarik - 7:3.5.20-17.8Luboš Uhliarik - 7:3.5.20-17.7Lubos Uhliarik - 7:3.5.20-17.6Lubos Uhliarik - 7:3.5.20-17.5Lubos Uhliarik - 7:3.5.20-17.4Lubos Uhliarik - 7:3.5.20-17.2Lubos Uhliarik - 7:3.5.20-17Lubos Uhliarik - 7:3.5.20-16Lubos Uhliarik - 7:3.5.20-15Luboš Uhliarik - 7:3.5.20-13Luboš Uhliarik - 7:3.5.20-12Luboš Uhliarik - 7:3.5.20-11Luboš Uhliarik - 7:3.5.20-10Luboš Uhliarik - 7:3.5.20-9Luboš Uhliarik - 7:3.5.20-8Luboš Uhliarik - 7:3.5.20-7Luboš Uhliarik - 7:3.5.20-6Luboš Uhliarik - 7:3.5.20-5Luboš Uhliarik - 7:3.5.20-4Luboš Uhliarik - 7:3.5.20-3Luboš Uhliarik - 7:3.5.20-2Luboš Uhliarik - 7:3.5.20-1Luboš Uhliarik - 7:3.5.10-9Luboš Uhliarik - 7:3.5.10-8Luboš Uhliarik - 7:3.5.10-7Luboš Uhliarik - 7:3.5.10-6Luboš Uhliarik - 7:3.5.10-5Luboš Uhliarik - 7:3.5.10-4Luboš Uhliarik - 7:3.5.10-3Luboš Uhliarik - 7:3.5.10-2Luboš Uhliarik - 7:3.5.10-1Luboš Uhliarik - 7:3.3.8-31Luboš Uhliarik - 7:3.3.8-30Luboš Uhliarik - 7:3.3.8-29Luboš Uhliarik - 7:3.3.8-28Luboš Uhliarik - 7:3.3.8-27Luboš Uhliarik - 7:3.3.8-26Luboš Uhliarik - 7:3.3.8-25Luboš Uhliarik - 7:3.3.8-24Luboš Uhliarik - 7:3.3.8-23Luboš Uhliarik - 7:3.3.8-22Luboš Uhliarik - 7:3.3.8-21Luboš Uhliarik - 7:3.3.8-20Luboš Uhliarik - 7:3.3.8-19Luboš Uhliarik - 7:3.3.8-18Luboš Uhliarik - 7:3.3.8-17Luboš Uhliarik - 7:3.3.8-16Luboš Uhliarik - 7:3.3.8-15Luboš Uhliarik - 7:3.3.8-14Luboš Uhliarik - 7:3.3.8-13Michal Luscon - 7:3.3.8-12Pavel Šimerda - 7:3.3.8-11Pavel Šimerda ' - 7:3.3.8-10Pavel Šimerda - 7:3.3.8-9Pavel Šimerda - 7:3.3.8-8Daniel Mach - 7:3.3.8-7Pavel Šimerda - 7:3.3.8-6Daniel Mach - 7:3.3.8-5Pavel Šimerda - 7:3.3.8-4Pavel Šimerda - 7:3.3.8-3Michal Luscon - 7:3.3.8-2Michal Luscon - 7:3.3.8-1Michal Luscon - 7:3.2.11-1Michal Luscon - 7:3.2.9-3Michal Luscon - 7:3.2.9-2Michal Luscon - 7:3.2.9-1Michal Luscon - 7:3.2.8-3Michal Luscon - 7:3.2.8-2Michal Luscon - 7:3.2.8-1Michal Luscon - 7:3.2.7-1Michal Luscon - 7:3.2.5-2Michal Luscon - 7:3.2.5-1Michal Luscon - 7:3.2.3-3Michal Luscon - 7:3.2.3-2Tomas Hozza - 7:3.2.3-1Tomas Hozza - 7:3.2.2-1Tomas Hozza - 7:3.2.1-2Michal Luscon - 7:3.2.1-1Fedora Release Engineering - 7:3.2.0.16-3Henrik Nordstrom - 7:3.2.0.16-2Henrik Nordstrom - 7:3.2.0.16-1Fedora Release Engineering - 7:3.2.0.15-2Henrik Nordstrom - 7:3.2.0.15-1Henrik Nordstrom - 7:3.2.0.14-7Henrik Nordstrom - 7:3.2.0.14-6Jiri Skala - 7:3.2.0.14-5Jiri Skala - 7:3.2.0.14-4Henrik Nordstrom - 3.2.0.14-3Jiri Skala - 7:3.2.0.14-2Jiri Skala - 7:3.2.0.14-1Jiri Skala - 7:3.2.0.13-5Jiri Skala - 7:3.2.0.13-4Jiri Skala - 7:3.2.0.13-3Jiri Skala - 7:3.2.0.13-2Jiri Skala - 7:3.2.0.13-1Jiri Skala - 7:3.2.0.12-1Henrik Nordstrom - 7:3.2.0.11-3Henrik Nordstrom - 7:3.2.0.10-3Jiri Skala - 7:3.2.0.10-2Jiri Skala - 7:3.2.0.10-1Jiri Skala - 7:3.2.0.9-2Jiri Skala - 7:3.2.0.9-1Jiri Skala - 7:3.1.12-3Jiri Skala - 7:3.1.12-2Jiri Skala - 7:3.1.12-1Jiri Skala - 7:3.1.11-1Fedora Release Engineering - 7:3.1.10-2Jiri Skala - 7:3.1.10-1Jiri Skala - 7:3.1.9-5Jiri Skala - 7:3.1.9-4Henrik Nordstrom - 7:3.1.9-3Henrik Nordstrom 7:3.1.9-2Jiri Skala - 7:3.1.8-2Henrik Nordstrom - 7:3.1.8-1Henrik Nordstrom - 7:3.1.7-1Henrik Nordstrom - 7:3.1.6-1Henrik Nordstrom - 7:3.1.5-2Henrik Nordstrom - 7:3.1.4-2Henrik Nordstrom - 7:3.1.4-1Henrik Nordstrom - 7:3.1.3-2Henrik Nordstrom - 7:3.1.3-1Henrik Nordstrom - 7:3.1.1-4Jiri Skala Henrik Nordstrom - 7:3.1.1-2Henrik Nordstrom - 7:3.1.0.18-1Henrik Nordstrom - 7:3.1.0.17-3Henrik Nordstrom - 7:3.1.0.17-2Henrik Nordstrom - 7:3.1.0.16-7Henrik Nordstrom - 7:3.1.0.16-6Henrik Nordstrom - 7:3.1.0.16-5Jiri Skala - 7:3.1.0.16-4Henrik Nordstrom 7:3.1.0.16-3Henrik Nordstrom - 7:3.1.0.15-3Henrik Nordstrom - 7:3.1.0.15-2Jiri Skala 7:3.1.0.14-2Henrik Nordstrom - 7:3.1.0.14-1Henrik Nordstrom - 7:3.1.0.13-7Henrik Nordstrom - 7:3.1.0.13-6Tomas Mraz - 7:3.1.0.13-5Jiri Skala - 7:3.1.0.13-4Henrik Nordstrom - 7:3.1.0.13-3Henrik Nordstrom - 7:3.1.0.13-2Henrik Nordstrom - 7:3.1.0.13-1Henrik Nordstrom - 3.0.STABLE18-3Tomas Mraz - 7:3.0.STABLE18-2Henrik Nordstrom - 7:3.0.STABLE18-1Henrik Nordstrom - 7:3.0.STABLE17-3Henrik Nordstrom - 7:3.0.STABLE17-2Fedora Release Engineering - 7:3.0.STABLE16-3Jiri Skala 7:3.0.STABLE16-2Henrik Nordstrom - 7:3.0.STABLE16-1Henrik Nordstrom - 7:3.0.STABLE15-2Henrik Nordstrom - 7:3.0.STABLE15-1Jiri Skala - 7:3.0.STABLE14-3Henrik Nordstrom - 7:3.0.STABLE14-2Henrik Nordstrom - 7:3.0.STABLE14-1Henrik Nordstrom - 7:3.0.STABLE13-2Fedora Release Engineering - 7:3.0.STABLE13-2Jonathan Steffan - 7:3.0.STABLE13-1Henrik Nordstrom - 7:3.0.STABLE12-1Tomas Mraz - 7:3.0.STABLE10-4Henrik Nordstrom - 7:3.0.STABLE10-3Henrik Nordstrom - 7:3.0.STABLE10-2Henrik Nordstrom - 7:3.0.STABLE10-1Henrik Nordstrom - 7:3.0.STABLE9-2Henrik Nordstrom - 7:3.0.STABLE9-1Henrik Nordstrom - 7:3.0.STABLE7-4Jiri Skala - 7:3.0.STABLE7-3Jiri Skala - 7:3.0.STABLE7-2Jiri Skala - 7:3.0.STABLE7-1Martin Nagy - 7:3.0.STABLE6-2Martin Nagy - 7:3.0.STABLE6-1Martin Nagy - 7:3.0.STABLE5-2Martin Nagy - 7:3.0.STABLE5-1Martin Nagy - 7:3.0.STABLE4-1Martin Nagy - 7:3.0.STABLE2-2Martin Nagy - 7:3.0.STABLE2-1Martin Nagy - 7:3.0.STABLE1-3Martin Nagy - 7:3.0.STABLE1-2Martin Nagy - 7:3.0.STABLE1-1Martin Bacovsky - 2.6.STABLE17-1Martin Bacovsky - 7:2.6.STABLE16-3Martin Bacovsky - 7:2.6.STABLE16-2Martin Bacovsky - 7:2.6.STABLE16-1Fedora Release Engineering - 7:2.6.STABLE14-2Martin Bacovsky - 7:2.6.STABLE14-1Martin Bacovsky - 7:2.6.STABLE12-1Martin Bacovsky - 7:2.6.STABLE9-2Martin Bacovsky - 7:2.6.STABLE9-1Martin Stransky - 7:2.6.STABLE7-1Martin Stransky - 7:2.6.STABLE6-1Martin Stransky - 7:2.6.STABLE5-1Martin Stransky - 7:2.6.STABLE4-4Martin Stransky - 7:2.6.STABLE4-3Martin Stransky - 7:2.6.STABLE4-2Martin Stransky - 7:2.6.STABLE4-1Martin Stransky - 7:2.6.STABLE3-2Martin Stransky - 7:2.6.STABLE3-1Karsten Hopp 7:2.6.STABLE2-3Martin Stransky - 7:2.6.STABLE2-2Martin Stransky - 7:2.6.STABLE2-1Martin Stransky - 7:2.6.STABLE1-3Martin Stransky - 7:2.6.STABLE1-2Martin Stransky - 7:2.6.STABLE1-1Jesse Keating - 7:2.5.STABLE14-2.1Martin Stransky - 7:2.5.STABLE14-2Martin Stransky - 7:2.5.STABLE14-1Martin Stransky - 7:2.5.STABLE13-5Martin Stransky - 7:2.5.STABLE13-4Martin Stransky - 7:2.5.STABLE13-3Martin Stransky - 7:2.5.STABLE13-2Martin Stransky - 7:2.5.STABLE13-1Jesse Keating - 7:2.5.STABLE12-5.1Martin Stransky - 7:2.5.STABLE12-5Jesse Keating - 7:2.5.STABLE12-4.1Martin Stransky 7:2.5.STABLE12-4Martin Stransky 7:2.5.STABLE12-3Jesse Keating Martin Stransky 7:2.5.STABLE12-2Martin Stransky 7:2.5.STABLE12-1Martin Stransky 7:2.5.STABLE11-6Martin Stransky 7:2.5.STABLE11-5Martin Stransky 7:2.5.STABLE11-4Tomas Mraz 7:2.5.STABLE11-3Martin Stransky 7:2.5.STABLE11-2Martin Stransky 7:2.5.STABLE11-1Martin Stransky 7:2.5.STABLE10-4Martin Stransky 7:2.5.STABLE10-3Martin Stransky 7:2.5.STABLE10-2Martin Stransky 7:2.5.STABLE10-1Jay Fenlason 7:2.5.STABLE9-7Jay Fenlason 7:2.5.STABLE9-6Jay Fenlason 7:2.5.STABLE9-5Jay Fenlason 7:2.5.STABLE9-4Jay Fenlason 7:2.5.STABLE9-2Jay Fenlason 7:2.5.STABLE8-2Jay Fenlason 7:2.5.STABLE7-4Jay Fenlason 7:2.5.STABLE7-3Jay Fenlason 7:2.5.STABLE7-2Jay Fenlason 7:2.5.STABLE7-1Jay Fenlason 7:2.5.STABLE6-3Jay Fenlason 7:2.5.STABLE6-2Jay Fenlason 7:2.5.STABLE6-1Jay Fenlason 7:2.5STABLE5-5Elliot Lee Jay Fenlason 7:2.5.STABLE5-2Jay Fenlason 7:2.5.STABLE5-1Elliot Lee Tim Waugh Jay Fenlason 7:2.5.STABLE4-3Elliot Lee Jay Fenlason Jay Fenlason 7:2.5.STABLE4-1Jay Fenlason 7:2.5.STABLE3-0Elliot Lee Tim Powers Bill Nottingham 7:2.5.STABLE1-1Tim Powers 7:2.4.STABLE7-5Nalin Dahyabhai 2.4.STABLE7-4Karsten Hopp Bill Nottingham 2.4.STABLE7-2Bill Nottingham Bill Nottingham Tim Powers Tim Powers Bill Nottingham Bill Nottingham Tim Powers Tim Powers Florian La Roche Bill Nottingham Bill Nottingham Bill Nottingham Bill Nottingham Bill Nottingham Bill Nottingham Nalin Dahyabhai Bill Nottingham Nalin Dahyabhai Trond Eivind Glomsrød Bill Nottingham Bill Nottingham Bill Nottingham Bill Nottingham Bill Nottingham Bill Nottingham Bill Nottingham Bill Nottingham Nalin Dahyabhai Bill Nottingham Prospector Bill Nottingham Bill Nottingham Bill Nottingham Bill Nottingham Bill Nottingham Bill Nottingham Bill Nottingham Bill Nottingham Florian La Roche Bill Nottingham Bill Nottingham Bill Nottingham Bill Nottingham Cristian Gafton Bill Nottingham Bill Nottingham Bernhard Rosenkraenzer Bill Nottingham Bill Nottingham Cristian Gafton Bill Nottingham Bill Nottingham Bill Nottingham Bill Nottingham Bill Nottingham Bill Nottingham Dale Lovelace Bill Nottingham Bill Nottingham Bill Nottingham Bill Nottingham Bill Nottingham Bill Nottingham Bill Nottingham Bill Nottingham Bill Nottingham Bill Nottingham Bill Nottingham Cristian Gafton Bill Nottingham Bill Nottingham Bill Nottingham Bill Nottingham Cristian Gafton Cristian Gafton Cristian Gafton Cristian Gafton Cristian Gafton Cristian Gafton Cristian Gafton Cristian Gafton - Resolves: RHEL-16779 - squid: NULL pointer dereference in the gopher protocol code -- Remove support for Gopher protocol (CVE-2023-46728) - Resolves: RHEL-18176 - squid: Buffer over-read in the HTTP Message processing feature (CVE-2023-49285) - Resolves: RHEL-18171 - squid: Incorrect Check of Function Return Value In Helper Process management (CVE-2023-49286) - Resolves: RHEL-16758 - squid: Denial of Service in SSL Certificate validation (CVE-2023-46724) - Resolves: RHEL-19557 - squid: denial of service in HTTP request parsing (CVE-2023-50269) - Resolves: RHEL-26082 - squid: denial of service in HTTP header parser (CVE-2024-25617)- Resolves: RHEL-14789 - squid: Denial of Service in HTTP Digest Authentication (CVE-2023-46847)- Resolves: #2130254 - CVE-2022-41318 squid: buffer-over-read in SSPI and SMB authentication- Resolves: #2100778 - CVE-2021-46784 squid: DoS when processing gopher server responses- Resolves: #1944256 - CVE-2020-25097 squid: improper input validation may allow a trusted client to perform HTTP Request Smuggling- Resolves: #1890581 - Fix for CVE 2019-13345 breaks authentication in cachemgr.cgi- Resolves: #1872349 - CVE-2020-24606 squid: Improper Input Validation could result in a DoS - Resolves: #1872327 - CVE-2020-15810 squid: HTTP Request Smuggling could result in cache poisoning - Resolves: #1872342 - CVE-2020-15811 squid: HTTP Request Splitting could result in cache poisoning- Resolves: #1802516 - CVE-2020-8449 squid: Improper input validation issues in HTTP Request processing - Resolves: #1802515 - CVE-2020-8450 squid: Buffer overflow in a Squid acting as reverse-proxy - Resolves: #1853129 - CVE-2020-15049 squid: request smuggling and poisoning attack against the HTTP cache - Resolves: #1802517 - CVE-2019-12528 squid: Information Disclosure issue in FTP Gateway- Resolves: #1828361 - CVE-2020-11945 squid: improper access restriction upon Digest Authentication nonce replay could lead to remote code execution - Resolves: #1828362 - CVE-2019-12519 squid: improper check for new member in ESIExpression::Evaluate allows for stack buffer overflow [rhel- Resolves: #1738582 - CVE-2019-12525 squid: parsing of header Proxy-Authentication leads to memory corruption- Resolves: #1690551 - Squid cache_peer DNS lookup failed when not all lower case - Resolves: #1680022 - squid can't display download/upload packet size for HTTPS sites - Resolves: #1717430 - Excessive memory usage when running out of descriptors - Resolves: #1676420 - Cache siblings return wrongly cached gateway timeouts - Resolves: #1729435 - CVE-2019-13345 squid: XSS via user_name or auth parameter in cachemgr.cgi - Resolves: #1582301 - CVE-2018-1000024 CVE-2018-1000027 squid: various flaws- Resolves: #1620546 - migration of upstream squid- Resolves: #1471140 - Missing detailed configuration file- Resolves: #1452200 - Include kerberos_ldap_group helper in squid- Resolves: #1445219 - [RFE] Add rock cache directive to squid- Resolves: #1290404 - wrong names of components in man page, section SEE ALSO- Resolves: #1414853 - typo error(s) in man page(s)- Related: #1347096 - squid: ERROR: No running copy- Resolves: #1347096 - squid: ERROR: No running copy- Resolves: #1404817 - SIGSEV in TunnelStateData::handleConnectResponse() during squid reconfigure and restart- Resolves: #1412736 - CVE-2016-10002 squid: Information disclosure in HTTP request processing- Resolves: #1404894 - icap support has been disabled on squid 3.5.20-2.el7- Resolves: #1378025 - host_verify_strict only accepts lowercase arguments- Resolves: #1273942 - Rebase squid to latest mature 3.5 version (3.5.20)- Related: #1349775 - Provide migration tools needed due to rebase to squid 3.5 as a separate sub-package- Related: #1349775 - Provide migration tools needed due to rebase to squid 3.5 as a separate sub-package- Related: #1349775 - Provide migration tools needed due to rebase to squid 3.5 as a separate sub-package- Related: #1349775 - Provide migration tools needed due to rebase to squid 3.5 as a separate sub-package- Related: #1349775 - Provide migration tools needed due to rebase to squid 3.5 as a separate sub-package- Resolves: #1349775 - Provide migration tools needed due to rebase to squid 3.5 as a separate sub-package- Resolves: #1330186 - digest doesn't properly work with squid 3.3 on CentOS 7- Resolves: #1336387 - Squid send wrong respond for GET-request following Range-GET request- Resolves: #1273942 - Rebase squid to latest mature 3.5 version (3.5.10) - Resolves: #1322770 - CVE-2016-2569 CVE-2016-2570 CVE-2016-2571 CVE-2016-2572 CVE-2016-3948 squid: various flaws - Resolves: #1254016 - IPv4 fallback is not working when connecting to a dualstack host with non-functional IPv6 - Resolves: #1254018 - should BuildRequire: g++ - Resolves: #1262456 - Squid delays on FQDNs that don't contains AAAA record - Resolves: #1336940 - Disable squid systemd unit start/stop timeouts - Resolves: #1344197 - /usr/lib/firewalld/services/squid.xml conflicts between attempted installs of squid-7:3.3.8-31.el7.x86_64 and firewalld-0.4.2-1.el7.noarch - Resolves: #1299972 - squid file descriptor limit hardcoded to 16384 via compile option in spec file- Resolves: #1283078 - max_filedescriptors in squid.conf is ignored- Related: #1334509 - CVE-2016-4553 squid: Cache poisoning issue in HTTP Request handling - Related: #1334492 - CVE-2016-4554 CVE-2016-4555 CVE-2016-4556 squid: various flaws- Related: #1330577 - CVE-2016-4052 CVE-2016-4053 CVE-2016-4054 squid: multiple issues in ESI processing- Related: #1330577 - CVE-2016-4052 CVE-2016-4053 CVE-2016-4054 squid: multiple issues in ESI processing- Resolves: #1330577 - CVE-2016-4051 squid: buffer overflow in cachemgr.cgi- Related: #1186768 - removing patch, because of missing tests and incorrent patch- Related: #1102842 - squid rpm package misses /var/run/squid needed for smp mode. Squid needs write access to /var/run/squid.- Related: #1102842 - squid rpm package misses /var/run/squid needed for smp mode. Creation of /var/run/squid was also needed to be in SPEC file.- Related: #1102842 - squid rpm package misses /var/run/squid needed for smp mode. Creation of this directory was moved to tmpfiles.d conf file.- Related: #1102842 - squid rpm package misses /var/run/squid needed for smp mode. Creation of this directory was moved to service file.- Resolves: #1263338 - squid with digest auth on big endian systems start looping- Resolves: #1186768 - security issue: Nonce replay vulnerability in Digest authentication- Resolves: #1225640 - squid crashes by segfault when it reboots- Resolves: #1102842 - squid rpm package misses /var/run/squid needed for smp mode- Resolves: #1233265 - CVE-2015-3455 squid: incorrect X509 server certificate validation- Resolves: #1080042 - Supply a firewalld service file with squid- Resolves: #1161600 - Squid does not serve cached responses with Vary headers- Resolves: #1198778 - Filedescriptor leaks on snmp- Resolves: #1204375 - squid sends incorrect ssl chain breaking newer gnutls using applications- Resolves: #1134934 - CVE-2014-3609 assertion failure in header processing- Resolves: #1074873 - CVE-2014-0128 squid: denial of service when using SSL-Bump- Resolves: #1072973 - don't depend on libdb4- revert: Resolves: #1038160 - avoid running squid's own supervisor process- Resolves: #1063248 - missing helpers- Mass rebuild 2014-01-24- Resolves: #980511 - squid doesn't work with active FTP- Mass rebuild 2013-12-27- Resolves: #1038160 - avoid running squid's own supervisor process- Resolves: #1028588 - fix build on aarch64- Fixed: source code url- Update to latest upstream version 3.3.8 - Fixed: active ftp crashing - Fix basic auth and log daemon DB helper builds. - Use xz compressed tarball, fix source URLs. - Fix bogus dates in %changelog.- Update to latest upstream version 3.2.11- Option '-k' is not stated in squidclient man - Remove pid from service file(#913262)- Enable full RELRO (-Wl,-z,relro -Wl,-z,now)- Update to latest upstream version 3.2.9 - Fixed: CVE-2013-1839 - Removed: makefile-patch (+make check)- Resolved: /usr move - squid service file- Resolved: #896127 - basic_ncsa_auth does not work- Update to latest upstream version 3.2.8 - Fixed rawhide build issues (-make check)- Update to latest upstream version 3.2.7- CVE-2013-0189: Incomplete fix for the CVE-2012-5643- Update to latest upstream version 3.2.5- Resolved: #71483 - httpd 2.4 requires new configuration directives- Resolved: #854356 - squid.service use PIDFile - Resolved: #859393 - Improve cache_swap script - Resolved: #791129 - disk space warning - Resolved: #862252 - reload on VPN or network up/down - Resolved: #867531 - run test suite during build - Resolved: #832684 - missing after dependency nss-lookup.target - Removed obsolete configure options- Update to latest upstream version 3.2.3- Update to latest upstream version 3.2.2- Introduced new systemd-rpm macros in squid spec file. (#850326)- Update to latest upstream 3.2.1- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild- Enable SSL CRTD for ssl bump- Upstream 3.2.0.16 bugfix release- Rebuilt for c++ ABI breakage- Upstream 3.2.0.15 bugfix release- update with upstreamed patch versions- upstream gcc-4.7 patch - fix for bug #772483 running out of memory, mem_node growing out of bounds- fixes FTBFS due to gcc-4.7- fixes #772481 - Low number of open files for squid process - fixes FTBFS due to gcc4.7- rebuild for gcc-4.7.0- fixes #768586 - Please enable eCAP support again- update to latest upstream 3.2.0.14- fixes #751679 - host_strict_verify setting inverted in squid.conf- fixes #750550 - Squid might depend on named- added upstream fix for #747125- fixes #747103 - squid does not start if /var/spool/squid is empty - fixes #747110 - squid does not start adding "memory_pools off"- update to latest upstream 3.2.0.13- update to latest upstream 3.2.0.12- update to latest upstream 3.2.0.11- Fix for SQUID-2011:3 Gopher vulnerability- rebuild for rpm- update to latest upsteam 3.2.0.10- rebuild for libcap- upgrade to squid-3.2 - fixes #720445 - Provide native systemd unit file - SysV initscript moved to subpackage - temproary disabled eCap- enabled eCAP support- applied corrections of unused patch (Ismail Dönmez)- Update to 3.1.12 upstream release- Update to 3.1.11 upstream release - fixes issue with unused variale after mass rebuild (gcc-4.6)- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild- Update to 3.1.10 upstream release- rebuild for libxml2- fixes #647967 - build with -fPIE option back and dropped proper libltdl usage- Bug #647967 - License clarification & spec-file cleanup- Upstream 3.1.9 bugfix release- fixes #584161 - squid userid not added to wbpriv group- Bug #630445: SQUID-2010:3 Denial of service issue- Upstream 3.1.7 bugfix release- Upstream 3.1.6 bugfix release - Build with system libtool-ltdl- Upstream 3.1.5 bugfix release - Upstream patch for Bug #614665: Squid crashes with ident auth - Upstream patches for various memory leaks- Correct case-insensitiveness in HTTP list header parsing- Upstream 3.1.4 bugfix release, issues relating to IPv6, TPROXY, Memory management, follow_x_forwarded_for, and stability fixes- Fully fix #548903 - "comm_open: socket failure: (97) Address family not supported by protocol" if IPv6 disabled - Various IPv6 related issues fixed, making tcp_outgoing_address behave as expected and no commResetFD warnings when using tproxy setups.- Update to 3.1.3 Upstream bugfix release, fixing WCCPv1- Bug #583489: Adjust logrotate script to changes in logrotate package.- fixes #548903 - "comm_open: socket failure: (97) Address family not supported by protocol" if IPv6 disabled- Update to 3.1.1 Squid bug #2827 crash with assertion failed: FilledChecklist.cc:90: "conn() != NULL" under high load.- Upgrade to 3.1.0.18 fixing Digest authentication and improved HTTP/1.1 support- Bug 569120, fails to open unbound ipv4 listening sockets- Upgrade to 3.1.0.17- Workaround for Fedora-13 build failure- Patch for Squid security advisory SQUID-2010:2, denial of service issue in HTCP processing (CVE-2010-0639)- Rebuild 3.1.0.16 with corrected upstream release.- spec file modified to be fedora packaging guidline compliant - little shifting lines in init script header due to rpmlint complaint - fixes assertion during start up- Upgrade to 3.1.0.16 for DNS related DoS fix (Squid-2010:1)- fixed #551302 PROXY needs libcap. Also increases security a little. - merged relevant upstream bugfixes waiting for next 3.1 release- Update to 3.1.0.15 with a number of bugfixes and a workaround for ICEcast/SHOUTcast streams.- fixed #532930 Syntactic error in /etc/init.d/squid - fixed #528453 cannot initialize cache_dir with user specified config file- Update to 3.1.0.14- Include upstream patches fixing important operational issues - Enable ESI support now that it does not conflict with normal operation- Rotate store.log if enabled- Use password-auth common PAM configuration instead of system-auth- fixed #521596 - wrong return code of init script- Enable squid_kerb_auth- Cleaned up packaging to ease future maintenance- Upgrade to next upstream release 3.1.0.13 with many new features * IPv6 support * NTLM-passthru * Kerberos/Negotiate authentication scheme support * Localized error pages based on browser language preferences * Follow X-Forwarded-For capability * and more..- Bug #520445 silence logrotate when Squid is not running- rebuilt with new openssl- Update to 3.0.STABLE18- Squid Bug #2728: regression: assertion failed: http.cc:705: "!eof"- Bug #514014, update to 3.0.STABLE17 fixing the denial of service issues mentioned in Squid security advisory SQUID-2009_2.- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild- fixed patch parameter of bXXX patches- Upgrade to 3.0.STABLE16- Bug #453304 - Squid requires restart after Network Manager connection setup- Upgrade to 3.0.STABLE15- fixed ambiguous condition in the init script (exit 4)- Squid bug #2635: assertion failed: HttpHeader.cc:1196: "Headers[id].type == ftInt64"- Upgrade to 3.0.STABLE14- backported logfile.cc syslog parameters patch from 3.1 (b9443.patch) - GCC-4.4 workaround in src/wccp2.cc- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild- upgrade to latest upstream- upgrade to latest upstream- rebuild with new openssl- actually include the upstream bugfixes in the build- upstream bugfixes for cache corruption and access.log response size errors- upgrade to latest upstream- disable coss support, not officially supported in 3.0- update to latest upstream- change logrotate to move instead of copytruncate- fix #465052 - FTBFS squid-3.0.STABLE7-1.fc10- used ncsa_auth.8 from man-pages. there will be this file removed due to conflict - fix #458593 noisy initscript - fix #463129 init script tests wrong conf file - fix #450352 - build.patch patches only generated files- update to latest upstream - fix #453214- fix bad allocation- upgrade to latest upstream - fix bad allocation- fix configure detection of netfilter kernel headers (#435499), patch by aoliva@redhat.com - add support for negotiate authentication (#445337)- upgrade to latest upstream- upgrade to latest upstream- add %{optflags} to make - remove warnings about unused return values- upgrade to latest upstream 3.0.STABLE2 - check config file before starting (#428998) - whitespace unification of init script - some minor path changes in the QUICKSTART file - configure with the --with-filedescriptors=16384 option- change the cache_effective_group default back to none- rebuild for 4.3- upgrade to latest upstream 3.0.STABLE1- upgrade to latest upstream 2.6.STABLE17- arp-acl was enabled- our fd_config patch was replaced by upstream's version - Source1 (FAQ.sgml) points to local source (upstream's moved to wiki)- upgrade to latest upstream 2.6.STABLE16- Rebuild for selinux ppc32 issue.- update to latest upstream 2.6.STABLE14 - resolves: #247064: Initscript Review- update to latest upstream 2.6.STABLE12 - Resolves: #233913: squid: unowned directory- Resolves: #226431: Merge Review: squid- update to the latest upstream- update to the latest upstream- update to the latest upstream- update to the latest upstream- added fix for #205568 - marked cachemgr.conf as world readable- added fix for #183869 - squid can abort when getting status - added upstream fixes: * Bug #1796: Assertion error HttpHeader.c:914: "str" * Bug #1779: Delay pools fairness, correction to first patch * Bug #1802: Crash on exit in certain conditions where cache.log is not writeable * Bug #1779: Delay pools fairness when multiple connections compete for bandwidth * Clarify the select/poll/kqueue/epoll configure --enable/disable options - reworked fd patch for STABLE4- upstream fixes: * Accept 00:00-24:00 as a valid time specification (upstream BZ #1794) * aioDone() could be called twice * Squid reconfiguration (upstream BZ #1800)- new upstream - fixes from upstream bugzilla, items #1782,#1780,#1785,#1719,#1784,#1776- added upstream patches for ACL- the latest stable upstream- added some requirements for pre/post install scripts- added patch for #198253 - squid: don't chgrp another pkg's files/directory- the latest stable upstream - reworked fd config patch- the latest CVS upstream snapshot- the latest CVS snapshot- new upstream + the latest CVS snapshot from 2006/07/18 - updated fd config patch - enabled epoll - fixed release format (#197405) - enabled WCCPv2 support (#198642)- rebuild- fix for squid BZ#1511 - assertion failed: HttpReply.c:105: "rep"- update to new upstream- fixed libbind patch (#193298)- added extra group check (#190544)- improved pre script (#187217) - added group switch- removed "--with-large-files" on 64bit arches- update to new upstream- bump again for double-long bug on ppc(64)- new upstream patches- rebuilt for new gcc4.1 snapshot and glibc changes- added follow-xff patch (#176055) - samba path fix (#176659)- fd-config.patch clean-up - SMB_BadFetch patch from upstream- rebuilt- rewriten patch squid-2.5.STABLE10-64bit.patch, it works with "--with-large-files" option now - fix for #72896 - squid does not support > 1024 file descriptors, new "--enable-fd-config" option for it.- update to STABLE12 - setenv patch- fix for delay pool from upstream- fix for #171213 - CVE-2005-3258 Squid crash due to malformed FTP response - more fixes from upstream- enabled support for large files (#167503)- use include instead of pam_stack in pam config- added patch for delay pools and some minor fixes- update to STABLE11- Three upstream patches for #167414 - Spanish and Greek messages - patch for -D_FORTIFY_SOURCE=2- removed "--enable-truncate" option (#165948) - added "--enable-cache-digests" option (#102134) - added "--enable-ident-lookups" option (#161640) - some clean up (#165949)- pam_auth and ncsa_auth have setuid (#162660)- new upstream version - enabled fakeauth utility (#154020) - enabled digest authentication scheme (#155882) - all error pages marked as config (#127836) - patch for 64bit statvfs interface (#153274) - added httpd config file for cachemgr.cgi (#112725)- Upgrade the upstream -dns_query patch from -4 to -5- More upstream patches, including a fix for bz#157456 CAN-2005-1519 DNS lookups unreliable on untrusted networks- more upstream patches, including a fix for CVE-1999-0710 cachemgr malicious use- More upstream patches, including the fixed 2GB patch. - include the -libbind patch, which prevents squid from using the optional -lbind library, even if it's installed.- New upstream version, with 14 upstream patches.- new upstream version with 4 upstream patches. - Reorganize spec file to apply upstream patches first- Include two more upstream patches for security vulns: bz#146783 Correct handling of oversized reply headers bz#146778 CAN-2005-0211 Buffer overflow in WCCP recvfrom() call- Include more upstream patches, including two for security holes.- Add a triggerin on samba-common to make /var/cache/samba/winbindd_privileged accessable so that ntlm_auth will work. It needs to be in this rpm, because the Samba RPM can't assume the squid user exists. Note that this will only work if the Samba RPM is recent enough to create that directory at install time instead of at winbindd startup time. That should be samba-common-3.0.0-15 or later. This fixes bugzilla #103726 - Clean up extra whitespace in this spec file. - Add additional upstream patches. (Now 18 upstream patches). - patch #112 closes CAN-2005-0096 and CAN-2005-0097, remote DOS security holes. - patch #113 closes CAN-2005-0094, a remote buffer-overflow DOS security hole. - patch #114 closes CAN-2005-0095, a remote DOS security hole. - Remove the -nonbl (replaced by #104) and -close (replaced by #111) patches, since they're now fixed by upstream patches.- new upstream version, with 3 upstream patches. Updated the -build and -config patches - Include patch from Ulrich Drepper to more intelligently close all file descriptors.- include patch from Ulrich Drepper to stop problems with O_NONBLOCK. This closes #136049- Include fix for CAN-2004-0918- New upstream version, with 32 upstream patches. This closes #133970, #133931, #131728, #128143, #126726 - Change the permissions on /etc/squid/squid.conf to 640. This closes bugzilla #125007- Merge current upstream patches. - Fix the -pipe patch to have the correct name of the winbind pipe.- rebuilt- Include the first 10 upstream patches - Add a patch for the correct location of the winbindd pipe. This closes bugzilla #107561 - Remove the change to ssl_support.c from squid-2.5.STABLE3-build patch This closes #117851 - Include /etc/pam.d/squid . This closes #113404 - Include a patch to close #111254 (assignment in assert) - Change squid.init to put output messages in /var/log/squid/squid.out This closes #104697 - Only useradd the squid user if it doesn't already exist, and error out if the useradd fails. This closes #118718.- New upstream version, obsoletes many patches. - Fix --datadir passed to configure. Configure automatically adds /squid so we shouldn't. - Remove the problematic triggerpostun trigger, since is's broken, and FC2 never shipped with that old version. - add %{?_smp_mflags} to make line.- rebuilt- Use ':' instead of '.' as separator for chown.- Clean up the spec file to work on 64-bit platforms (use %{_libdir} instead of /usr/lib, etc) - Make the release number in the changelog section agree with reality. - use -fPIE rather than -fpie. s390 fails with just -fpie- rebuilt- Incorporate many upstream patches - Include many spec file changes from D.Johnson - New upstream version. - Fix the Source: line in this spec file to point to the correct URL. - redo the -location patch to work with the new upstream version.- Spec file change to enable the nul storage module. bugzilla #74654 - Upgrade to 2.5STABLE3 with current official patches. - Added --enable-auth="basic,ntlm": closes bugzilla #90145 - Added --with-winbind-auth-challenge: closes bugzilla #78691 - Added --enable-useragent-log and --enable-referer-log, closes - bugzilla #91884- rebuilt- rebuilt- update to 2.5.STABLE1- remove unpackaged files from the buildroot- rebuild- don't raise an error if the config file is incomplete set defaults instead (#69322, #70065)- don't strip binaries- update to 2.4.STABLE7 - fix restart (#53761)- add various upstream bugfix patches- automated rebuild- automated rebuild- 2.4.STABLE6 - turn off carp- 2.4.STABLE3 + patches - turn off HTCP at request of maintainers - leave SNMP enabled in the build, but disabled in the default config- rebuild against new libssl- automated rebuild- require linuxdoc-tools instead of sgml-tools- update to 2.4.STABLE2- add patch to fix FTP crash- fix uninstall (#50411)- add some buildprereqs (#49705)- update FAQ- own /etc/squid, /usr/lib/squid- rebuild in new environment - s/Copyright:/License:/- update to 2.4.STABLE1 + patches - enable some more configure options (#24981) - oops, ship /etc/sysconfig/squid- rebuild in new environment- improve i18n - make the initscript use the standard OK/FAILED- change i18n mechanism- fix path references in QUICKSTART (#15114) - fix initscript translations (#24086) - fix shutdown logic (#24234), patch from - add /etc/sysconfig/squid for daemon options & shutdown timeouts - three more bugfixes from the Squid people - update FAQ.sgml - build and ship auth modules (#23611)- initscripts translations- add patch to use mkstemp (greg@wirex.com)- rebuild because of broken fileutils- fix the acl matching cases (only need the second patch)- add two patches to fix domain ACLs - add 2 bugfix patches from the squid people- clean up init script; fix condrestart - update to STABLE4, more bugfixes - update FAQ- fix syntax error in init script - finish adding condrestart support- move initscript back- automatic rebuild- prereq /etc/init.d - add bugfix patch - update FAQ- fix init script- don't prereq new initscripts- initscript munging- rebuild for exciting FHS stuff- fix init script again (#11699) - add --enable-delay-pools (#11695) - update to STABLE3 - update FAQ- fix init script (#11087)- three more bugfix patches from the squid people - buildprereq jade, sgmltools- make %pre more portable- bugfix patches - fix dependency on /usr/local/bin/perl- 2.3.STABLE2- Yet More Bugfix Patches- add more bugfix patches - --enable-heap-replacement- rebuild to fix dependencies- grab some bugfix patches- 2.3.STABLE1 (whee, another serial number)- Fix compliance with ftp RFCs (http://www.wu-ftpd.org/broken-clients.html) - Work around a bug in some versions of autoconf - BuildPrereq sgml-tools - we're using sgml2html- add a couple of bugfix patches- update to 2.2.STABLE5. - update FAQ, fix URLs.- transform restart in reload and add restart to the init script- add squid user as user 23.- initscript munging - fix conflict between logrotate & squid -k (#4562)- put cachemgr.cgi back in /usr/lib/squid- add webdav bugfix patch (#4027)- fix path to config in squid.init (confuses linuxconf)- 2.2.STABLE4- logrotate changes - errors from find when /var/spool/squid or - /var/log/squid didn't exist- 2.2.STABLE3- update to 2.2.STABLE.2- update to 2.2.STABLE1- don't need to run groupdel on remove - fix useradd- fix effective_user (bug #2124)- strip binaries- duh. adduser does require a user name. - add a serial number- add an adduser in %pre, too- oog. chkconfig must be in %preun, not %postun- switch to using group squid - turn off icmp (insecure) - update to 2.2.DEVEL3 - build FAQ docs from source- logrotate changes- auto rebuild in the new build environment (release 4)- update to 2.2.PRE2- cache & log dirs shouldn't be world readable - remove preun script (leave logs & cache @ uninstall)- fix initscript to get cache_dir correct- update to 2.1.PATCH2 - merge in some changes from RHCN version- strip binaries - version 1.1.22- don't make packages conflict with each other...- added a proxy auth patch from Alex deVries - fixed initscripts- rebuilt for Manhattan- upgraded to 1.1.21/1.NOVM.21- updated the init script to use reconfigure option to restart squid instead of shutdown/restart (both safer and quicker)- upgraded to 1.1.20 - added the NOVM package and tryied to reduce the mess in the spec file- first build against glibc - patched out the use of setresuid(), which is available only on kernels 2.1.44 and later7:3.5.20-17.el7_9.107:3.5.20-17.el7_9.10squid-migrate-conf.py/usr/bin/-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=genericcpioxz2x86_64-redhat-linux-gnuPython script, ASCII text executableR?p7zXZ !#,, ] b2u y-iSqm[(rո5aNk foԿ86'WPkR 4L NxJl='&6bB`⏍MRJ&2T5*$mL /[M1++7[Bq)kmJyf7aVgƚY٬>j^^S݁ᴕJv+){"18eh+&je)xG?] $_VeE:qw;@.elrtwBvKz'Eg-z2A~+ ~J <{}NCNk60Ss '7ꮱrї4p\'r7^0'Dj%uå'AHYW, %)frzE.T5`+AbSD4hb7DsRŸM>pu wJ*8g=[&+ǵGcN(s|Č /g1t:wLˀX} |`bCst_,%H2,t%Z[fۏN6vKO;[;CQpf2okԱ#M_ߞ5MAQi~u-SBFC/,/jgc7*2d0d"$'Ot{! Fk.R7{֝FclKQ9"]V}l=M!o4 :lfE="y ˛D"~qM#\VҺ%=>d-|-Z\9#g Ey !y/xrF-3agԕBwWF\8{9.\ k* QJrֻxyzP`ic3pMkپCn䍇K%n!LS3߳,m`7f 8+Phd!`y*~ бv10F nb'l y'莱qskXUO=C̮*;\ ʣ+y) jYHiH/r6(1QcKXn G]^ʾ/à !<_1NJ@(R W#ԅ"0}0w0t-dm&qo~ƎNݳz,`>dO}-]9ü_I?[|@-D)sX(*aM7t/᭝o"?&ȾI +J}KDڴMw &Aq5]0!zװmЧHٴi%Yho!PN@@16tLorτ4ź+=QdI%3joY hEj5]suӘtǩQ8=M:i' lC#`Sr4vkQ&6vɽv3t~2ɨ¦3z3Ͼ7.hOhlʼneB͠"-s$AMPTꭖ$qvH!.KX3lx2j&'[Gd3 ;K+G#jjtV Z^׵ łZ.㧁pJ>r])Jhzt8O3 .\SC"@m[e|'{(\d e_(0$BbtB132 2/1%16)T*"gTT0O,5Ph=.lyY7V䕘;-4]"uz&(X yUį8Wqx@-Nc<@p;LYxVb`$9 _='`^jv F%Jl ҉5X{AfO#`c6Ql\ĉ'-nX+8Ub4LS,*>$fFGy50MNvŸflG3Srage>duVR'ajlshQ~ՕG4؏ntn"GD_GYi3 7 Yk,r0ihV· Lur%r410~g,Yg9:=Opk7Wμ@a sIdvQ$h4Vڽ2XE\k*ͧ](7t)ylOaI4?}܀};IHg'\E>ܘmďKIzNrxϪ-,l;X˗W3 .뾄j\dKVuؤNLɂpqLrsjorBIR!/,2tv?LkM`j`Ϋ>w?@%&$9P4q* ԭK"U >Q=eW0*#I4)-. jg!av.f@ YOf'fU+ jش!'~[QYZAmBIhsw5c3ԇ=1[@W` v,_6E\vwjd'Yڨ^aKCus{7\&rkh #6.o\nLe*[;|20ZZ\-%!Z <4%ojYTg1ɶ YZ