[squid-users] Need squid latest version 4.13 RPM packaged files for centos7 and x86_64 architecture

Rafał Stanilewicz rst at fomar.com.pl
Tue Aug 25 01:14:35 UTC 2020 

>> If for some reason many think that these RPM’s can pop up from /dev/null
I believe they are wrong.

Actually, many people do build Squid by themselves successfully, and are
willing to share the builds.

Myself, I have slightly older version than the OP requested, so I cannot
help, but I see there is some build available at
https://cbs.centos.org/koji/buildinfo?buildID=26092 (I cannot tell anything
about quality of the build, of course).

Rafal


PS. I wish there was some central repo with binary builds of squid for
multiple linux distros, verified by community and available for everyone.
But now THIS requires some CPU, RAM, food and paying the bills, so we
cannot have it easily.

On Tue, 25 Aug 2020 at 00:45, Eliezer Croitor <ngtech1ltd at gmail.com> wrote:

> Trying to understand something in the list.
>
>
>
> Anyone interested funding the build of these RPM’s?
>
> To power up some CPU, RAM etc requires food and other bills..
>
> If for some reason many think that these RPM’s can pop up from /dev/null I
> believe they are wrong.
>
>
>
> Let Me Know.
>
>
>
> Eliezer
>
>
>
> ----
>
> Eliezer Croitoru
>
> Tech Support
>
> Mobile: +972-5-28704261
>
> Email: ngtech1ltd at gmail.com
>
>
>
> *From:* squid-users <squid-users-bounces at lists.squid-cache.org> *On
> Behalf Of *rahul.negi at orange.com
> *Sent:* Monday, August 24, 2020 12:26 PM
> *To:* Arsalan Hussain <arsalan at preston.edu.pk>
> *Cc:* squid-users at lists.squid-cache.org; VARSHNEY Praveen TGI/OLN <
> praveen.varshney at orange.com>
> *Subject:* Re: [squid-users] Need squid latest version 4.13 RPM packaged
> files for centos7 and x86_64 architecture
>
>
>
> Hi Arsalan,
>
>
>
> I hope to get your response soon including RPM files. Appreciate your help
> here!
>
>
>
> Thanks and Regards,
>
> Rahul Negi
>
> *From:* Arsalan Hussain [mailto:arsalan at preston.edu.pk
> <arsalan at preston.edu.pk>]
> *Sent:* Monday, August 24, 2020 12:29
> *To:* NEGI Rahul TGI/OLN
> *Cc:* squid-users at lists.squid-cache.org; Antony Stone; Amos Jeffries
> *Subject:* Re: [squid-users] Need squid latest version 4.13 RPM packaged
> files for centos7 and x86_64 architecture
>
>
>
> Dear Mr. Negi
>
>
>
> Reference to email received from Squid forum regarding Squid-4.13 release
> package by Mr. Amos Jeffries.
>
>
>
> See below information. I am planning to upgrade my server by trying it soon
>
>
>
> COPIED
>
> ........
>
> On Sun, Aug 23, 2020 at 1:35 PM Amos Jeffries <squid3 at treenet.co.nz>
> wrote:
>
> The Squid HTTP Proxy team is very pleased to announce the availability
> of the Squid-4.13 release!
>
>
> This release is a security release resolving several issues found in
> the prior Squid releases.
>
>
> The major changes to be aware of:
>
>  * SQUID-2020:8 HTTP(S) Request Splitting
>    (CVE-2020-15811)
>
> This problem is serious because it allows any client, including
> browser scripts, to bypass local security and poison the browser
> cache and any downstream caches with content from an arbitrary
> source.
>
> See the advisory for patches:
>  <
> https://github.com/squid-cache/squid/security/advisories/GHSA-c7p8-xqhm-49wv
> >
>
>
>  * SQUID-2020:9 Denial of Service processing Cache Digest Response
>    (CVE pending allocation)
>
> This problem allows a trusted peer to deliver to perform Denial
> of Service by consuming all available CPU cycles on the machine
> running Squid when handling a crafted Cache Digest response
> message.
>
> This attack is limited to Squid using cache_peer with cache
> digests feature.
>
> See the advisory for patches:
>  <
> https://github.com/squid-cache/squid/security/advisories/GHSA-vvj7-xjgq-g2jg
> >
>
>
>  * SQUID-2020:10 HTTP(S) Request Smuggling
>    (CVE-2020-15810)
>
> This problem is serious because it allows any client, including
> browser scripts, to bypass local security and poison the proxy
> cache and any downstream caches with content from an arbitrary
> source.
>
>
> See the advisory for patches:
>  <
> https://github.com/squid-cache/squid/security/advisories/GHSA-3365-q9qx-f98m
> >
>
>
>  * Bug 5051: Some collapsed revalidation responses never expire
>
> This bug appears as a 4xx or 5xx status response becoming the only
> response delivered by Squid to a URL when Collapsed Forwarding
> feature is used.
>
> It primarily affects Squid which are caching the 4xx/5xx status
> object since Bug 5030 fix in Squid-4.11. But may have been
> occurring for short times on any proxy with Collapsed Forwarding.
>
>
>
>  * SSL-Bump: Support parsing GREASEd (and future) TLS handshakes
>
> Chrome Browser intentionally sends random garbage values in the
> TLS handshake to force TLS implementations to cope with future TLS
> extensions cleanly. The changes in Squid-4.12 to disable TLS/1.3
> caused our parser to be extra strict and reject this TLS garbage.
>
> This release adds explicit support for Chrome, or any other TLS
> agent performing these "GREASE" behaviours.
>
>
>  * Honor on_unsupported_protocol for intercepted https_port
>
> This behaviour was one of the intended use-cases for unsupported
> protocol handling, but somehow was not enabled earlier.
>
> Squid should now be able to perform the on_unsupported_protocol
> selected action for any traffic handled by SSL-Bump.
>
>
>   All users of Squid are urged to upgrade as soon as possible.
>
>
> See the ChangeLog for the full list of changes in this and earlier
> releases.
>
> Please refer to the release notes at
> http://www.squid-cache.org/Versions/v4/RELEASENOTES.html
> when you are ready to make the switch to Squid-4
>
> This new release can be downloaded from our HTTP or FTP servers
>
>   http://www.squid-cache.org/Versions/v4/
>   ftp://ftp.squid-cache.org/pub/squid/
>   ftp://ftp.squid-cache.org/pub/archive/4/
>
> or the mirrors. For a list of mirror sites see
>
>   http://www.squid-cache.org/Download/http-mirrors.html
>   http://www.squid-cache.org/Download/mirrors.html
>
> If you encounter any issues with this release please file a bug report.
>   http://bugs.squid-cache.org/
>
>
> Amos Jeffries
> _______________________________________________
> squid-announce mailing list
> squid-announce at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-announce
>
>
>
>
> On Mon, Aug 24, 2020 at 9:07 AM <rahul.negi at orange.com> wrote:
>
> Hi Team,
>
> Can anyone please share squid latest stable version 4.13 RPM packaged
>  files for CentOS7  distribution and x86_64 architecture.
>
>
>
> *Thanks and Regards,*
>
> *Rahul Negi*
>
>
>
> _________________________________________________________________________________________________________________________
>
>
>
> Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
>
> pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
>
> a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
>
> Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.
>
>
>
> This message and its attachments may contain confidential or privileged information that may be protected by law;
>
> they should not be distributed, used or copied without authorisation.
>
> If you have received this email in error, please notify the sender and delete this message and its attachments.
>
> As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
>
> Thank you.
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>
>
>
> --
>
> With Regards,
>
>
> *Arsalan Hussain*
> *Assistant Director, Networks & Information System*
>
> *PRESTON UNIVERSITY*
>
>
> *Complaining is finding faults, wisdom is finding solutions*
>
> _________________________________________________________________________________________________________________________
>
>
>
> Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
>
> pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
>
> a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
>
> Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.
>
>
>
> This message and its attachments may contain confidential or privileged information that may be protected by law;
>
> they should not be distributed, used or copied without authorisation.
>
> If you have received this email in error, please notify the sender and delete this message and its attachments.
>
> As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
>
> Thank you.
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>


-- 
Zanim wydrukujesz, pomyśl o środowisku.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20200825/2f5004a9/attachment-0001.htm>

More information about the squid-users mailing list