src/errorpage.cc | 5 1 + 4 - 0 !
1 file changed, 1 insertion(+), 4 deletions(-)

 [patch] bug 5162: mgr:index url do not produce mgr_index template
 (#1191)

Satisfy mgr:index requests using

* a 200 OK response with a body derived from the MGR_INDEX template (if
  that template file was found during (re)configuration) or
* a 404 (Not Found) error response (otherwise).

Broken in 2019 commit 7e6eabb, when Squid started replying using a 200
OK response with a hard-coded "mgr_index" text as a body, ignoring any
configured MGR_INDEX template.

src/acl/external/kerberos_ldap_group/support_ldap.cc | 6 5 + 1 - 0 !
1 file changed, 5 insertions(+), 1 deletion(-)

 [patch] ext_kerberos_ldap_group_acl: support -b with -d (#1207)

When both '-b' (i.e. bind DN) and '-D' (i.e. Kerberos domain) options
are specified, '-b' is ignored completely. This breaks the helper when a
search subtree has to be limited (e.g., when using FreeIPA).

Fix it to take '-b' into account if it was specified with '-D'.

src/cf.data.pre | 7 5 + 2 - 0 !
1 file changed, 5 insertions(+), 2 deletions(-)

 default configuration file for debian

src/Common.am | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 change default file locations for debian

test-suite/Makefile.am | 2 1 + 1 - 0 !
test-suite/Makefile.in | 2 1 + 1 - 0 !
2 files changed, 2 insertions(+), 2 deletions(-)

 use installed squid binary for debian ci testing

tools/systemd/squid.service | 5 4 + 1 - 0 !
1 file changed, 4 insertions(+), 1 deletion(-)

 use runtimedirectory to create /run/squid

Instead of installing the /run/squid directory, which goes against
Debian Policy, we instruct systemd to automatically create it for us
when the service is started.

src/anyp/Uri.cc | 6 6 + 0 - 0 !
1 file changed, 6 insertions(+)

 cve-2023-46724

Bug-Debian: https://bugs.debian.org/1055252

src/http/one/Parser.cc | 8 1 + 7 - 0 !
src/http/one/Parser.h | 4 1 + 3 - 0 !
src/http/one/TeChunkedParser.cc | 23 18 + 5 - 0 !
src/parser/Tokenizer.cc | 12 12 + 0 - 0 !
src/parser/Tokenizer.h | 7 7 + 0 - 0 !
5 files changed, 39 insertions(+), 15 deletions(-)

 cve-2023-46846

Bug-Debian: https://bugs.debian.org/1054537

src/auth/digest/Config.cc | 10 7 + 3 - 0 !
1 file changed, 7 insertions(+), 3 deletions(-)

 cve-2023-46847

Bug-Debian: https://bugs.debian.org/1055250

src/acl/external/eDirectory_userip/ext_edirectory_userip_acl.cc | 2 1 + 1 - 0 !
src/anyp/Uri.cc | 2 1 + 1 - 0 !
2 files changed, 2 insertions(+), 2 deletions(-)

 cve-2023-46848

Bug-Debian: https://bugs.debian.org/1055251

lib/rfc1123.c | 6 6 + 0 - 0 !
1 file changed, 6 insertions(+)

 cve-2023-49285

src/ipc.cc | 33 27 + 6 - 0 !
1 file changed, 27 insertions(+), 6 deletions(-)

 cve-2023-49286

src/ClientRequestContext.h | 4 4 + 0 - 0 !
src/client_side_request.cc | 17 15 + 2 - 0 !
2 files changed, 19 insertions(+), 2 deletions(-)

 cve-2023-50269

Bug-Debian: https://bugs.debian.org/1058721

src/cache_manager.cc | 1 0 + 1 - 0 !
1 file changed, 1 deletion(-)

 cve-2024-23638

src/SquidMath.h | 175 171 + 4 - 0 !
src/http.cc | 110 80 + 30 - 0 !
src/http.h | 15 5 + 10 - 0 !
3 files changed, 256 insertions(+), 44 deletions(-)

 cve-2024-25111

src/SquidString.h | 11 10 + 1 - 0 !
src/cache_cf.cc | 12 12 + 0 - 0 !
src/cf.data.pre | 26 16 + 10 - 0 !
src/http.cc | 5 3 + 2 - 0 !
4 files changed, 41 insertions(+), 13 deletions(-)

 cve-2024-25617

lib/libTrie/TrieNode.cc | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 [patch] bug 5378: type mismatch in libtrie (#1830)

TrieNode::add() incorrectly computed an offset of an internal data
structure, resulting in out-of-bounds memory accesses that could cause
corruption or crashes.

This bug was discovered and detailed by Joshua Rogers at
https://megamansec.github.io/Squid-Security-Audit/esi-underflow.html
where it was filed as "Buffer Underflow in ESI".

src/HttpReply.cc | 34 34 + 0 - 0 !
src/HttpReply.h | 7 7 + 0 - 0 !
src/MemObject.cc | 12 9 + 3 - 0 !
src/MemObject.h | 9 9 + 0 - 0 !
src/MemStore.cc | 75 37 + 38 - 0 !
src/MemStore.h | 2 1 + 1 - 0 !
src/StoreClient.h | 123 113 + 10 - 0 !
src/StoreIOBuffer.h | 3 3 + 0 - 0 !
src/acl/Asn.cc | 172 60 + 112 - 0 !
src/base/Assure.cc | 24 24 + 0 - 0 !
src/base/Assure.h | 52 52 + 0 - 0 !
src/base/Makefile.am | 2 2 + 0 - 0 !
src/base/TextException.h | 18 8 + 10 - 0 !
src/clientStream.cc | 3 1 + 2 - 0 !
src/client_side_reply.cc | 317 130 + 187 - 0 !
src/client_side_reply.h | 40 27 + 13 - 0 !
src/client_side_request.h | 1 0 + 1 - 0 !
src/enums.h | 1 0 + 1 - 0 !
src/icmp/net_db.cc | 144 39 + 105 - 0 !
src/peer_digest.cc | 101 26 + 75 - 0 !
src/stmem.cc | 2 0 + 2 - 0 !
src/store.cc | 11 11 + 0 - 0 !
src/store/Makefile.am | 2 2 + 0 - 0 !
src/store/ParsingBuffer.cc | 198 198 + 0 - 0 !
src/store/ParsingBuffer.h | 128 128 + 0 - 0 !
src/store/forward.h | 1 1 + 0 - 0 !
src/store_client.cc | 537 380 + 157 - 0 !
src/store_swapin.cc | 2 1 + 1 - 0 !
src/tests/stub_HttpReply.cc | 1 1 + 0 - 0 !
src/tests/stub_store_client.cc | 5 4 + 1 - 0 !
src/urn.cc | 91 32 + 59 - 0 !
31 files changed, 1340 insertions(+), 778 deletions(-)

 [patch] bug 5318: peer_digest.cc:399: "fetch->pd &&
 receivedData.data" (#1584)