summaryrefslogtreecommitdiff
path: root/www/squid27
AgeCommit message (Collapse)AuthorFilesLines
2011-11-28Don't allow '/' characters to be passed to pam_start() by thedrochner3-3/+22
PAM helper program. OpenPAM didn't check this, so it could be tricked into reading arbitrary config files, allowing privilege escalation. Standard squid installations don't install the PAM helper SUID, but depending on local needs, an administrator might choose to do so. approved by pkg maintainer bump PKGREV
2010-12-16mib.txt is always installed even when snmp option is disabled.sborrill2-3/+5
2010-07-29Update squid27 package to 2.7.9 (2.7.STABLE9).taca4-58/+6
(CVE-2010-0308 is http://www.squid-cache.org/Advisories/SQUID-2010_1.txt.) Changes to squid-2.7.STABLE9 (15 March 2010) - 2.7.STABLE8 failed to compile with OpenSSL 0.9.8 on some systems - failure to detect certain system libraries on some systems resulting in compilation errors Changes to squid-2.7.STABLE8 (10 March 2010) - Bug #2458: reply_body_max_size incorrectly documented - Bug #2858: Segment violation in HTCP - Bug #2773: Segfault in RFC2069 Digest authantication - 64-bit filesize issue in squidclient if trying to post a file > 2GB - Improve %nn parser to better deal with certain odd %nn sequences - Segmentation fault if failed to open cache.log - Bug #2819: const correctness errors in dns_internal.c - Handle DNS header-only packets as invalid. (CVE-2010-0308) - Windows port: Updated mswin_ad_group native helper to version 2.1 - Cosmetic change to keep GCC happy - Bug #2678 - storeurl_rewrite does not play nicely with vary - Bug #2861 - only-if-cached request blocks if it collapsed into another request - Use libcap functions instead of raw kernel interface - No need to sync the store on -k rotate, but instead it needs to be done in reconfigure - const correctness in OpenSSL initialization - Rework the http digest auth parser
2010-02-20Don't use the "install-pinger" target to change the permissions oftron1-2/+1
"libexec/pinger", simply use "SPECIAL_PERMS". Now all three "squid" packages support user destination dir installation.
2010-02-14Add a security patch described security advisory SQUID-2010_2.txt,taca3-3/+29
http://www.squid-cache.org/Advisories/SQUID-2010_2.txt Patch was the same content as official one. http://www.squid-cache.org/Versions/v2/2.7/changesets/12600.patch.
2010-02-02Add security patch noted astaca3-3/+28
http://www.squid-cache.org/Advisories/SQUID-2010_1.txt. Bump PKGREVISION.
2009-11-02Add MESSAGE to warn about "max_filedescriptors parameter" of squid27.taca2-1/+12
It might be accidently small on NetBSD. Bump PKGREVISION.
2009-09-18Update squid27 package to 2.7.7 (2.7.STABLE7).taca10-83/+49
pkgsrc changes: add LICENSE. Changes to squid-2.7.STABLE7 (17 September 2009) - Bug #2661 - Solaris /dev/poll support broken with EINVAL - Clarify external_acl_type %{Header} documentation slightly - Bug #2482: Remove mem_obj->old_entry in async code to avoid deep ctx errors - GCC-4.x cleanups - Bug #2605: Don't call setsid() on helper childs when running in daemon mode - Windows port: Fix PSAPI.DLL usage, is always available on Windows NT and later - Windows port: Added support for Windows 7, Windows Server 2008 R2 and later - Bug #2602: increase MAX_URL to 8192 - The debug mode option '-d' was not documented in LDAP helpers usage message - Windows port: Added a note about installation on Windows Vista and later - Bug #2642: Remove duplicate peerMonitorInit() on reconfigure - Bug #2515: Final chunk parsing errors on FreeBSD6+ - Bug #2647: Reprioritise override-* and stale-while-revalidate - Windows port: Fix improper access permissions to registry and DNS parsing from registry - Windows port: Fix getservbyname() usage abuse. - Bug #2672: cacheMemMaxSize 32-bit overflow during snmpwalk - Bug #2691: store_url memory leak - Accept PUT/POST requests without an entity-body - Plug request_t + HttpStateData memory leak on PUT/POST requests with early response - Bug #2710: squid_kerb_auth non-terminated string - Bug #2369: squid traffic counter 32-bit overflow - Bug #2080: wbinfo_group.pl - false positive under certain conditions - Bug #2739: DNS resolver option ndots can't be parsed from resolv.conf - Windows port: fix mswin_negotiate_auth.exe crash when executing a LocalCall authentication with verbose deBug #enabled - Add 0.0.0.0 as an to_localhost address - Windows port: Update mswin_check_ad_group to version 2.0 - Windows port: There is no "-P" command line option into mswin_check_ad_group helper. - Correct Valgrind mempool protection - Bug #2451: Correct length handling on 304 responses - Bug #2541: Hang in 100% CPU loop while extacting header details using a delimiter other than comma (external_acl_type, access_log_format, external_refresh_check) - Bug #2768 - squid_ldap_group -K argument parsing error
2009-09-13Add CVE-2009-2855 DoS fix from squid's repositry.taca3-3/+41
Bump PKGREVISION.
2009-07-01Add SQUID_MASTER_SITES as first MASTER_SITES.taca1-2/+3
2009-06-30Delete unused PLIST.common_end now.taca1-1/+0
2009-06-14Convert @exec/@unexec to @pkgdir or drop it.joerg1-5/+1
2009-03-08Add share/squid to INSTALLATION_DIRS, so it gets created explicitly withapb1-1/+2
mode 755 instead of implicitly with whatever mode is implied by the umask. Bump PKGREVISION for squid27 and squid30 packages.
2009-02-05Update www/squid27 package to 2.7.6(2.7.STABLE6).taca4-53/+131
Changes to squid-2.7.STABLE6 (4 February 2009) - Bug #2494: Fix tproxy url in configure - Correct latency measurements - Correct upgrade_http0.9 example - Correct parsing of invalid http version numbers - Crossreference authenticate_ip_shortcircuit_access and authenticate_ip_shortcircuit_ttl - Add in some better documentation for override-expire.
2009-01-01Remove pointless manual assignment of "WRKSRC".tron1-3/+1
2008-10-24Bump squid's PKGREVISION to reflect fix of transparent proxy package options.taca1-1/+2
2008-10-20Update squid27 package to 2.7.5.taca2-6/+6
Changes to squid-2.7.STABLE5 (17 October 2008) - Bug #2439: configuration file contains non-ASCII characters - Bug #2441: Shut down store url rewrite helpers on squid -k reconfigure - foreground rebuild should do all of the rebuilding before Squid accepts requests. - Bug #2464: assertion failed: sc->new_callback == NULL at store_client.c:190 - Bug #2394: add upgrade_http0.9 option making it possible to disable upgrade of HTTP/0.9 responses - Bug #2426: Increase negotiate auth token buffer size - Bug #2468: Limit stale-if-error to 500-504 responses - Bug #2477: swap.state permission issues if crashing during "squid -k reconfigure" - Bug #2430: Old headers still returned after a cache validation if the request triggering the cache validation was itself a If-Modified-Since request. - Bug #2481: Don't set expires: now in generated error responses - Windows port: Fix build error using latest MinGW runtime.
2008-09-25Fix installation error with DESTDIR enabled.taca2-6/+8
2008-09-12Importing squid-2.7.4 (2.7.STABLE4) package as www/squid27.taca17-0/+437
This is current stable release of Squid. pkgsrc change: * Drop support for pkgsrc original log_mime_hdrs_list. If someone want to use it, please feedback it to upstream. Changes from squid 2.6. * Experimental support for HTTP/1.1, mainly targeted at reverse proxy installations. Not yet HTTP/1.1 compliant hoewever. * A number of performance improvements; including request/reply parser, eliminating various redundant data copies and some completely rewritten sections. * Support for WAIS has been removed. * "act-as-origin" option for http_port - Squid can now emulate an origin server when acting as an accelerator. * "min-size" option for cache_dir - the minimum object size to store in a cache directory. Previously objects of any size up to a "max-size" maximum size would be considered as candidated for storing in a store_dir; this option allows the administrator to tune various stores for small and large objects rather than trying to tune it for both. * Support for Solaris /dev/poll for network IO - more efficient than poll() or select() and backwards compatible to Solaris 7. This must be manually enabled during configure by specifying "--enable-devpoll". * Support for FreeBSD accept filters. Use "accept_filter httpready" in squid.conf to enable this. * A semi-modular logging framework has been introduced, which both allows for more efficient non-blocking logging with the supplied logging daemon, but also allows for third-party modules to intercept the squid logs and process them. An example "UDP" logging helper, thanks to the Wikimedia Foundation, is included. * Support for rewriting URLs into canonical forms when storing and retrieving objects. A common practice seen in Content Delivery Networks is to serve the same content from a variety of different URLs or hosts; this makes efficient caching difficult. The store URL rewriting framework allows the administrator to rewrite a variety of URLs into one canonical form, so matching content from a variety of sources can be stored and retrieved as if they came from the same source, whilst still fetching the content from the original destination. See the "storeurl_rewrite_program" option for more information, and http://wiki.squid-cache.org/Features/StoreURLRewrite for some examples. * Object revalidation can now occur in the background. Cache validation can now occur in the background without requiring an active client to drive it. Stale content being revalidated can be served in situ whilst the object is being refreshed. See the "max_stale" and "refresh_pattern" options for more information. * introduce a new option, "zero_buffers", which controls whether Squid will zero the memory used for buffers and other data structures before use. This may or may not improve performance on specific workloads. * Cache authentication based on source IP address. This reduces the pressure on external authenticators which may not be able to keep up under high load - NTLM/winbind is a good example of this. See the "authenticate_ip_shortcircuit_access" and "authenticate_ip_shortcircuit_ttl" options for more information. * Support for configuration file includes has been added. "include" can now be used to include a configuration file or a glob of configuration files in a directory. * The default rules to not cache dynamic content from cgi-bin and query URLs have been altered. Previously, the "cache" ACL was used to mark requests as non-cachable - this is enforced even on dynamic content which returns cachability information. This has changed in Squid-2.7 to use the default refresh pattern. Dynamic content is now cached if it is marked as cachable. You should remove the default configuration lines with QUERY (acl, and cache) and replace them with the correct refresh_pattern entries. * Accelerator mode support cleaned up to behave more consistent when combining multiple accelerator mode options * Zero Penalty Hit support, allowing cache misses to be marked by custom TOS/priority values, useful when using packet shaping/prioritization outside Squid and needing to separate cache hits from misses.