buildroot/package/squid, branch 2016.08

squid: bump version to 3.5.20

2016-07-05T15:21:06+00:00

Signed-off-by: Vicente Olivert Riera Signed-off-by: Thomas Petazzoni

squid: bump to version 3.5.19

2016-05-10T13:46:14+00:00

Fixes regression introduced in 3.5.18 (via CVE-2016-4554 patch/fix). Signed-off-by: Gustavo Zacarias Signed-off-by: Thomas Petazzoni

squid: security bump to version 3.5.18

2016-05-08T13:32:19+00:00

Fixes: CVE-2016-4553 - Cache Poisoning issue in HTTP Request handling CVE-2016-4554 - Header Smuggling issue in HTTP Request processing CVE-2016-4555 - Multiple Denial of Service issues in ESI Response processing (client_side_request.cc) CVE-2016-4556 - Multiple Denial of Service issues in ESI Response processing (Esi.cc) Signed-off-by: Gustavo Zacarias Signed-off-by: Thomas Petazzoni

squid: security bump to version 3.5.17

2016-04-20T18:45:11+00:00

Fixes: SQUID-2016:5 (CVE-2016-4051) - Buffer overflow in cachemgr.cgi SQUID-2016:6 (CVE-2016-4052) - Multiple issues in ESI processing. CVE-2016-4053 & CVE-2016-4054 which are part of SQUID-2016:6. Switch to xz-compressed tarball as well. Signed-off-by: Gustavo Zacarias Signed-off-by: Peter Korsgaard

squid: bump version to 3.5.16

2016-04-05T20:20:56+00:00

Signed-off-by: Vicente Olivert Riera Signed-off-by: Peter Korsgaard

libcap, cdrkit, dvdrw-tools, fastd, squid: remove headers >= 3.0 dependency

2016-03-16T22:20:46+00:00

Now that the libcap package has a patch that makes it build with kernel headers < 3.0 (which was needed for the host variant of libcap), there is no longer a need to have a dependency on headers >= 3.0 for the target variant of libcap. All reverse dependencies of libcap are handled in this commit, except lxc, which will be handled in a separate commit since it needs some special solution. The build of all those packages has been tested with a toolchain that uses kernel headers 2.6.32, which is the oldest that our default glibc version accepts to use. Signed-off-by: Thomas Petazzoni Signed-off-by: Peter Korsgaard

squid: security bump to version 3.5.15

2016-02-29T22:06:10+00:00

Fixes: SQUID-2016:2 - Multiple Denial of Service issues in HTTP Response processing. Signed-off-by: Gustavo Zacarias Signed-off-by: Thomas Petazzoni

squid: security bump to version 3.5.14

2016-02-16T20:33:56+00:00

Fixes: SQUID-2016:1 - Remote Denial of service issue in SSL/TLS processing. CVE-2016-2390 assigned. Signed-off-by: Gustavo Zacarias Signed-off-by: Thomas Petazzoni

squid: rework atomic handling

2016-02-06T10:16:00+00:00

squid can use the __sync built-ins when available, but uses an AC_TRY_RUN autoconf tests to check their availability, which isn't compatible with cross-compilation. Due to this, squid.mk is already hinting the configure script about this by passing squid_cv_gnu_atomics=yes/no depending on the availability of atomic operations. So far, squid.mk was assuming that BR2_ARCH_HAS_ATOMICS && BR2_ARCH_IS_64 was needed, since 8 bytes __sync built-ins are used. However, this was a bit too restrictive, since certain 32 bits architectures (ARM, x86) do provide 8 bytes __sync built-ins. So, instead of using BR2_ARCH_HAS_ATOMICS, we now rely on BR2_TOOLCHAIN_HAS_SYNC_4 and BR2_TOOLCHAIN_HAS_SYNC_8, since both 4 bytes and 8 bytes __sync built-ins are tested by the autoconf test. Signed-off-by: Thomas Petazzoni Acked-by: "Yann E. MORIN"

squid: bump to version 3.5.13

2016-01-08T17:45:46+00:00

Switch to bz2 tarball since there doesn't seem to be an xz release this time around. Signed-off-by: Gustavo Zacarias Signed-off-by: Peter Korsgaard