Apply security fixes from Squid 6 to frontier-squid-5.9-2
Squid 6.6 contains fixes for several security vulnerabilities. Unfortunately, it also has a bug related to collapsed forwarding, so it is not usable for frontier-squid. To quickly address the vulnerabilities, the security fixes from Squid 6 are backported to frontier-squid-5.9-2. The fixes are for:
- https://megamansec.github.io/Squid-Security-Audit/digest-overflow.html
- https://github.com/squid-cache/squid/security/advisories/GHSA-j83v-w3p4-5cqh
- https://megamansec.github.io/Squid-Security-Audit/ssl-bufferunderread.html
- https://megamansec.github.io/Squid-Security-Audit/ftp-assert.html
- https://megamansec.github.io/Squid-Security-Audit/datetime-overflow.html
- https://megamansec.github.io/Squid-Security-Audit/xff-stackoverflow.html
Two vulnerabilities are addressed by disabling Gopher and TRACE requests in the squid.conf.proto
file:
Edited by Carl Vuosalo