RPM will be available in a couple tests. The RPM includes all the ssl-bump helpers needed. You will might want to take a look at: http://wiki.squid-cache.org/Features/DynamicSslCert Which gives you almost anything. the only differnce is that the needed file is at lib64/squid or something Else. There is a need to disable SELINUX to let squid run fine. http://www1.ngtech.co.il/rpm/centos/6/x86_64/ will be updated in the next hours. Eliezer On 07/11/2013 09:48 AM, Amos Jeffries wrote: > The Squid HTTP Proxy team is very pleased to announce the availability > of the Squid-3.3.7 release! > > > This release is a security bug fix release resolving a vulnerability > issue found in the prior Squid releases. > > > The major changes to be aware of: > > * Buffer Overflow vulnerability fixed > > The security vulnerability SQUID-2013:2 is fixed by this release. > > This vulnerability was identified from active 0-day attacks affecting > Squid-3.2 and later versions. Upgrade or patching of existing proxy > installations is highly recommended. > > The underlying bug is preent in all Squid 2.0 and later but only > exposed in 3.2 series. Patches are provided in the Advisory for all > 3.x versions as a preventative measure for older versions. > > > * Multiple SSL build issues resolved > > A better fix for bug 3759 which also incorporates a fix for bug 3297 > and several other unreported bugs has been added. These bugs are > present with OpenSSL 1.0.0* versions on some Fedora, RHEL, CentOS > and operating system distributions derived from them. > > They are visible as compile errors mentioning "const _STACK *", > "const SSL_METHOD" and/or "sk_OPENSSL_PSTRING_value" when building > against an affected OpenSSL library. > > Other compile errors may still exist. Please contribute to the > existing bugzilla entries or report any new issues identified in this > version. > > > > See the ChangeLog for the full list of changes in this and earlier > releases. > > > All users are urged to upgrade to this release as soon as possible. > > > Please remember to run "squid -k parse" when testing upgrade to a new > version of Squid. It will audit your configuration files and report > any identifiable issues the new release will have in your installation > before you "press go". We are still removing the infamous "Bungled > Config" halting points and adding checks, so if something is not > identified please report it. > > > > Please refer to the release notes at > http://www.squid-cache.org/Versions/v3/3.3/RELEASENOTES.html > when you are ready to make the switch to Squid-3.3 > > Upgrade tip: > "squid -k parse" is starting to display even more > useful hints about squid.conf changes. > > This new release can be downloaded from our HTTP or FTP servers > > http://www.squid-cache.org/Versions/v3/3.3/ > ftp://ftp.squid-cache.org/pub/squid/ > ftp://ftp.squid-cache.org/pub/archive/3.3/ > > or the mirrors. For a list of mirror sites see > > http://www.squid-cache.org/Download/http-mirrors.html > http://www.squid-cache.org/Download/mirrors.html > > If you encounter any issues with this release please file a bug report. > http://bugs.squid-cache.org/ > > > Amos Jeffries >
