Age | Commit message (Collapse) | Author | Files | Lines |
|
PAM helper program. OpenPAM didn't check this, so it could be
tricked into reading arbitrary config files, allowing privilege
escalation.
Standard squid installations don't install the PAM helper SUID, but
depending on local needs, an administrator might choose to do so.
approved by pkg maintainer
bump PKGREV
|
|
|
|
(CVE-2010-0308 is http://www.squid-cache.org/Advisories/SQUID-2010_1.txt.)
Changes to squid-2.7.STABLE9 (15 March 2010)
- 2.7.STABLE8 failed to compile with OpenSSL 0.9.8 on some systems
- failure to detect certain system libraries on some systems
resulting in compilation errors
Changes to squid-2.7.STABLE8 (10 March 2010)
- Bug #2458: reply_body_max_size incorrectly documented
- Bug #2858: Segment violation in HTCP
- Bug #2773: Segfault in RFC2069 Digest authantication
- 64-bit filesize issue in squidclient if trying to post a file > 2GB
- Improve %nn parser to better deal with certain odd %nn sequences
- Segmentation fault if failed to open cache.log
- Bug #2819: const correctness errors in dns_internal.c
- Handle DNS header-only packets as invalid. (CVE-2010-0308)
- Windows port: Updated mswin_ad_group native helper to version 2.1
- Cosmetic change to keep GCC happy
- Bug #2678 - storeurl_rewrite does not play nicely with vary
- Bug #2861 - only-if-cached request blocks if it collapsed into
another request
- Use libcap functions instead of raw kernel interface
- No need to sync the store on -k rotate, but instead it needs to be
done in reconfigure
- const correctness in OpenSSL initialization
- Rework the http digest auth parser
|
|
"libexec/pinger", simply use "SPECIAL_PERMS".
Now all three "squid" packages support user destination dir installation.
|
|
http://www.squid-cache.org/Advisories/SQUID-2010_2.txt
Patch was the same content as official one.
http://www.squid-cache.org/Versions/v2/2.7/changesets/12600.patch.
|
|
http://www.squid-cache.org/Advisories/SQUID-2010_1.txt.
Bump PKGREVISION.
|
|
It might be accidently small on NetBSD.
Bump PKGREVISION.
|
|
pkgsrc changes: add LICENSE.
Changes to squid-2.7.STABLE7 (17 September 2009)
- Bug #2661 - Solaris /dev/poll support broken with EINVAL
- Clarify external_acl_type %{Header} documentation slightly
- Bug #2482: Remove mem_obj->old_entry in async code to avoid deep ctx
errors
- GCC-4.x cleanups
- Bug #2605: Don't call setsid() on helper childs when running in
daemon mode
- Windows port: Fix PSAPI.DLL usage, is always available on Windows NT
and later
- Windows port: Added support for Windows 7, Windows Server 2008 R2
and later
- Bug #2602: increase MAX_URL to 8192
- The debug mode option '-d' was not documented in LDAP helpers usage
message
- Windows port: Added a note about installation on Windows Vista and
later
- Bug #2642: Remove duplicate peerMonitorInit() on reconfigure
- Bug #2515: Final chunk parsing errors on FreeBSD6+
- Bug #2647: Reprioritise override-* and stale-while-revalidate
- Windows port: Fix improper access permissions to registry and DNS
parsing from registry
- Windows port: Fix getservbyname() usage abuse.
- Bug #2672: cacheMemMaxSize 32-bit overflow during snmpwalk
- Bug #2691: store_url memory leak
- Accept PUT/POST requests without an entity-body
- Plug request_t + HttpStateData memory leak on PUT/POST requests with
early response
- Bug #2710: squid_kerb_auth non-terminated string
- Bug #2369: squid traffic counter 32-bit overflow
- Bug #2080: wbinfo_group.pl - false positive under certain conditions
- Bug #2739: DNS resolver option ndots can't be parsed from
resolv.conf
- Windows port: fix mswin_negotiate_auth.exe crash when executing a
LocalCall authentication with verbose deBug #enabled
- Add 0.0.0.0 as an to_localhost address
- Windows port: Update mswin_check_ad_group to version 2.0
- Windows port: There is no "-P" command line option into
mswin_check_ad_group helper.
- Correct Valgrind mempool protection
- Bug #2451: Correct length handling on 304 responses
- Bug #2541: Hang in 100% CPU loop while extacting header details
using a delimiter other than comma (external_acl_type,
access_log_format, external_refresh_check)
- Bug #2768 - squid_ldap_group -K argument parsing error
|
|
Bump PKGREVISION.
|
|
|
|
|
|
|
|
mode 755 instead of implicitly with whatever mode is implied by the
umask.
Bump PKGREVISION for squid27 and squid30 packages.
|
|
Changes to squid-2.7.STABLE6 (4 February 2009)
- Bug #2494: Fix tproxy url in configure
- Correct latency measurements
- Correct upgrade_http0.9 example
- Correct parsing of invalid http version numbers
- Crossreference authenticate_ip_shortcircuit_access and
authenticate_ip_shortcircuit_ttl
- Add in some better documentation for override-expire.
|
|
|
|
|
|
Changes to squid-2.7.STABLE5 (17 October 2008)
- Bug #2439: configuration file contains non-ASCII characters
- Bug #2441: Shut down store url rewrite helpers on squid -k
reconfigure
- foreground rebuild should do all of the rebuilding before Squid
accepts requests.
- Bug #2464: assertion failed: sc->new_callback == NULL at
store_client.c:190
- Bug #2394: add upgrade_http0.9 option making it possible to disable
upgrade of HTTP/0.9 responses
- Bug #2426: Increase negotiate auth token buffer size
- Bug #2468: Limit stale-if-error to 500-504 responses
- Bug #2477: swap.state permission issues if crashing during "squid -k
reconfigure"
- Bug #2430: Old headers still returned after a cache validation if
the request triggering the cache validation was itself a
If-Modified-Since request.
- Bug #2481: Don't set expires: now in generated error responses
- Windows port: Fix build error using latest MinGW runtime.
|
|
|
|
This is current stable release of Squid.
pkgsrc change:
* Drop support for pkgsrc original log_mime_hdrs_list. If someone
want to use it, please feedback it to upstream.
Changes from squid 2.6.
* Experimental support for HTTP/1.1, mainly targeted at reverse proxy
installations. Not yet HTTP/1.1 compliant hoewever.
* A number of performance improvements; including request/reply parser,
eliminating various redundant data copies and some completely rewritten
sections.
* Support for WAIS has been removed.
* "act-as-origin" option for http_port - Squid can now emulate an origin
server when acting as an accelerator.
* "min-size" option for cache_dir - the minimum object size to store in a
cache directory. Previously objects of any size up to a "max-size" maximum
size would be considered as candidated for storing in a store_dir; this
option allows the administrator to tune various stores for small and large
objects rather than trying to tune it for both.
* Support for Solaris /dev/poll for network IO - more efficient than poll()
or select() and backwards compatible to Solaris 7. This must be manually
enabled during configure by specifying "--enable-devpoll".
* Support for FreeBSD accept filters. Use "accept_filter httpready" in
squid.conf to enable this.
* A semi-modular logging framework has been introduced, which both allows
for more efficient non-blocking logging with the supplied logging daemon,
but also allows for third-party modules to intercept the squid logs and
process them. An example "UDP" logging helper, thanks to the Wikimedia
Foundation, is included.
* Support for rewriting URLs into canonical forms when storing and
retrieving objects. A common practice seen in Content Delivery Networks is
to serve the same content from a variety of different URLs or hosts; this
makes efficient caching difficult. The store URL rewriting framework
allows the administrator to rewrite a variety of URLs into one canonical
form, so matching content from a variety of sources can be stored and
retrieved as if they came from the same source, whilst still fetching the
content from the original destination. See the "storeurl_rewrite_program"
option for more information, and
http://wiki.squid-cache.org/Features/StoreURLRewrite for some examples.
* Object revalidation can now occur in the background. Cache validation can
now occur in the background without requiring an active client to drive
it. Stale content being revalidated can be served in situ whilst the
object is being refreshed. See the "max_stale" and "refresh_pattern"
options for more information.
* introduce a new option, "zero_buffers", which controls whether Squid will
zero the memory used for buffers and other data structures before
use. This may or may not improve performance on specific workloads.
* Cache authentication based on source IP address. This reduces the pressure
on external authenticators which may not be able to keep up under high
load - NTLM/winbind is a good example of this. See the
"authenticate_ip_shortcircuit_access" and
"authenticate_ip_shortcircuit_ttl" options for more information.
* Support for configuration file includes has been added. "include" can now
be used to include a configuration file or a glob of configuration files
in a directory.
* The default rules to not cache dynamic content from cgi-bin and query URLs
have been altered. Previously, the "cache" ACL was used to mark requests
as non-cachable - this is enforced even on dynamic content which returns
cachability information. This has changed in Squid-2.7 to use the default
refresh pattern. Dynamic content is now cached if it is marked as
cachable. You should remove the default configuration lines with QUERY
(acl, and cache) and replace them with the correct refresh_pattern
entries.
* Accelerator mode support cleaned up to behave more consistent when
combining multiple accelerator mode options
* Zero Penalty Hit support, allowing cache misses to be marked by custom
TOS/priority values, useful when using packet shaping/prioritization
outside Squid and needing to separate cache hits from misses.
|