| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
|
|
:-)
Fixes openssl dependancy problem on platforms which do not have a
suitable (read: secure) openssl in the base system.
Some whitespace cleanup.
|
|
fixes build on (at least) Darwin 6.2.
|
|
- Apply disabled official patch since the patch's content has corrected.
* Impossible to define acls with spaces in them
- Remove "@unexec ${RMDIR} %D/etc/squid ..." line from PLIST since
there is already removing directory line which use more generic
PKG_SYSCONFDIR variable.
|
|
|
|
Apply official patches:
* Small typo in dnsserver error message on DNS overload
* Filter out unproxyable authentication schemes
* cachemgr login & password revealed in HTTP server log files
* make uninstall removes squid.conf
* Segmentation fault if a external_acl helper exits prematurely
* Squid rejects GET/HEAD with request entities claimint error 411
* external_acl.c compilation failure
* memory leak of acl structures on "squid -k reconfigure"
* Occasional corruption of objects when using aufs
* Cachemgr "Total accounted:" memory statistics always report "-1"
* WCCP hash assignment can sometimes be missed by the router
* external_acl helper problem with spaces
* --enable-async-io or --with-storeio=aufs fails to automatically enable --with-pthreads
* "make addlang" fails
* Specifying LDAP servers last on the command line does not work
* Referer log not closed on shutdown
* Many files missing from the contrib directory
But the most recent patch isn't included since it content seems to be
broken.
* Impossible to define acls with spaces in them
|
|
to OPTIONAL_FILES in Makefile.
This fix a problem when setting SQUID_CONFIGURE_ARGS in /etc/mk.conf
without --enable-external-acl-helpers=unix_group.
Noted by private mail from Tomasz Luchowski <tomasz at luchowski.com>.
|
|
|
|
It cause error on Solaris. (Why NetBSD's make was OK?)
|
|
http://www.squid-cache.org/Versions/v2/2.5/bugs/.
Now try to install more authentication modules, but those modules
should be handled by proper frame work (Curretly, SASL modules
aren't handled).
Changes to squid-2.5 ():
- Major rewrite of proxy authentication to support other schemes
than basic. First in the line is NTLM support but others can
easily be added (minimal digest is present). See Programmers Guide.
(Robert Collins & Francesco Chemolli)
- Reworked how request bodies are passed down to the protocols.
Now all client side processing is inside client_side.c, and
the pass and pump modules is no longer used.
- Optimized searching in proxy_auth and ident ACL types. Squid should
now handle large access lists a lot more efficiently.
(Francesco Chemolli)
- Fixed forwarding/peer loop detection code (Brian Degenhardt) -
now a peer is ignored if it turns out to be us, rather than
committing suicide
- Changed the internal URL code to obey appendDomain for internal
objects if it needs appending. This fixes weirdnesses where
a machine can think it is "foo.bar.com", and "foo" is requested.
(Brian Degenhardt)
- Added the use of Automake to create the Makefile.in's in the squid
source tree. This will allow libtool in the future, and immediately
allows better dependency tracking - with or without gcc - as well
as the dist-all and distcheck targets for developers which respectively
build a tar.gz and a tar.bz2 distribution, and check that what will be
distributed builds.
- Added TOS and source address selection based on ACLs,
written by Roger Venning. This allows administrators to set
the TOS precedence bits and/or the source IP from a set of
available IPs based upon some ACLs, generally to map different
users to different outgoing links and traffic profiles.
- Added 'max-conn' option to 'cache_peer'
- Added SSL gatewaying support, allowing Squid to act as a SSL server
in accelerator setups.
- SASL authentication helper by Ian Castle
- msntauth updated to v2.0.3
- no_cache now applies to cache hits as well as cache misses
- the Gopher client in Squid has been significantly improved
- Squid now sanity checks FTP data connections to ensure the
connection is from the requested server. Can be disabled if
needed by turning off the ftp_sanitycheck option.
- external acl support. A mechanism where flexible ACL checks
can be driven by external helpers. See the external_acl_type
and acl external directives.
- Countless other small things and fixes
- HTML pages generated by Squid or CacheMgr as well as the
ERR documents now contain a doctype declaration so that
browsers know which HTML specification the document uses.
In addition to that they have a new look (background-color, font)
and are valid according to the HTML standards at www.w3.org.
(Clemens Löser)
- Login and password send to Basic auth helpers is now URL escaped
to allow for spaces and other "odd" characters in logins and
passwords
- Proxy Authentication is no longer blindly forwarded to peer
caches if not used locally. If forwarding of proxy authentication
is desired then it must now be configured with the login=PASS
cache_peer option.
- Responses with Vary: in the header are now cached by squid.
(Henrik Nordstrom).
- Removed unused 'siteselect_timeout' directive.
|
|
|
|
* s/echo/@ECHO@/ for portability.
ok'd by seb.
|
|
|
|
script handling and using @RCD_SCRIPTS_SHELL@.
as discussed with jlam.
|
|
|
|
* use bsd.pkg.install.mk for rc script and config file installation.
Checked by Stoned Elipot <seb@netbsd.org>.
|
|
|
|
makes these packages build correctly on Darwin where perl>=5.8.0 is
required.
|
|
2.4STABLE6:
- Squid now drops any requests using transfer-encoding.
Squid is a HTTP/1.0 proxy and as such do not support
the use of transfer-encoding.
- The MSNT auth helper has been updated to v2.0.3+fixes for
buffer overflow security issues found in this helper.
- A security issue in how Squid forwards proxy authentication
credentials has been fixed
- Minor changes to support Apple MAC OS X and some other platforms
more easily.
- The client -T option has been implemented
- HTCP related bugfixes in "squid -k reconfigure"
- Several bugfixes and cleanup of the Gopher client, both
to correct some security issues and to make Squid properly
render certain Gopher menus.
- FTP data channels are now sanity checked to match the address of
the requested FTP server. This to prevent theft or injection of
data. See the new ftp_sanitycheck directive if this is not desired.
- Security fixes in how Squid parses FTP directory listings into HTML
|
|
Remove `-p' from mkdir arguments, it is already part of ${MKDIR}.
While here substitute a couple of ${PREFIX} by `%D' in
`@exec ${MKDIR} ...' lines and add a couple of missing `%D' in such lines too!
|
|
|
|
PR pkg/15775 by Kimmo Suominen.
|
|
This fixes squid's potential security problem.
Changes to Squid-2.4.STABLE6 (March 19, 2002):
- The patch for 2.4.STABLE5 was insufficnetly tested and
introduced a bug that causes frequent assertions when
handling DNS PTR answers.
Changes to Squid-2.4.STABLE5 (March 15, 2002):
- Fixed an array bounds bug in lib/rfc1035.c. This bug
could allow a malicious DNS server to send bogus replies
and corrupt the heap memory.
|
|
|
|
noted by Mipam in private e-mail.
|
|
already checked in configure script, but it is need to define/undef in
a generated header file.
Bump to squid 2.4.4nb1.
|
|
Check setproctitle in the configure script and remove the define
in patch-ba.
|
|
2.4STABLE3:
- htcp_port 0 now properly disables htcp
- Fixed problem with certain non-anonymous ftp:// style URL's
- SNMP bugfixes including several memory leaks
|
|
same from all 3 master sites. Updating distinfo
|
|
- replace a hack adding fd_mask definition in autoconf.h with re-writing
configure script. It cause to run configure twice and result "no fd_mask".
- Incorporate three official patches from
http://www.squid-cache.org/Versions/v2/2.4/bugs/.
o SNMP memory leaks
synopsis
The SNMP implementation in Squid had several memory leaks
possibly causing an denial of service.
workaround
Disable the SNMP port if enabled by using "snmp_port 0" in
squid.conf. Or if you only use SNMP for MRTG data
collection running on the same host then use
"snmp_incoming_address 127.0.0.1" to limit reachability
of the SNMP port to only localhost or some other trusted
network.
o Coredump on certain ftp:// style URL's
synopsis
If certain constructed ftp:// style URL's are received then
squid crashes, causing a denial of service and maybe even
remote execution of code.
workaround
Deny forwarding of non-anonymous FTP URLs by inserting
the following rules at the top of squid.conf, prior to
any http_access allow lines.
acl non_anonymous_ftp url_regex -i ftp://[^/@]*@
http_access deny non_anonymous_ftp
o "htcp_port 0" fails to disable the HTCP port
synopsis
"htcp_port 0" fails to completely disable the HTCP port as
documented in squid.conf, instead HTCP will be listening on
a random port number.
|
|
config file doesn't fail.
|
|
from "Ciarcinski, Adam \(ISS Brussels\)" <ACiarcinski@iss.net>.
From ChangeLog:
Changes to Squid-2.4.STABLE3 (Nov 28, 2001):
- Fixed bug #255: core dump on SSL/CONNECT if access denied by
miss_access
- Fixed bug #246: corrupt on-disk meta information preventing
rebuilds of lost swap.state files
- Fixed bug #243: squid_ldap_auth now supports spaces in passwords
- Fixed a coredump when creating FTP directories
- Fixed a compile time problem with statHistDump prototype mistmatch,
reported by some compilers
- Fixed a potential coredump situation on snmpwalk in certain
configurations
- Fixed bug #229: filedescriptor leakage in the "aufs" cache_dir
store implementation
- Serbian error message translations
I added following changes, too.
o honor PKG_SYSCONFDIR keep SQUID_SYSCONFDIR effective.
o Add --disable-internal-dns. This made external dnsserver
available. External dnsserver could be disabled with configuration
file.
o Enable optimization with "-O".
o Fix a problem to access nat device when transparent proxy enabled.
This fix will be contained in squid 2.5 release.
o setproctitle() hack for external dnsserver from daemonnews's article.
|
|
installed into "etc/squid" (and are not moved arround after installation).
The message of the install script matches the actual layout again and is
adapted to changes to "SQUID_SYSCONFDIR".
|
|
|
|
noted by Hubert Feyrer in private e-mail.
|
|
get "ufs" storage type build again because we will otherwise break lots
of existing configurations. Problem pointed out by Simon Burge via e-mail.
|
|
PR pkg/14476.
|
|
|
|
- Expanded configure's GCC opimization disabling check to
include GCC 2.95.3
- avoid negative served_date in storeTimestampsSet().
- Made 'diskd' pathnames more configurable
- Make sure squid parent dies if child is killed with
KILL signal
- Changed diskd offset args to off_t instead of int
- Fixed bugs #102, #101, #205: various problems with useragent
log files
- Fixed bug #116: Large Age: values still cause problems
- Fixed bug #119: Floating point exception in
storeDirUpdateSwapSize()
- Fixed bug #114: usernames not logged with
authenticate_ip_ttl_is_strict
- Fixed bug #115: squid eating up ressources (eventAdd args)
- Fixed bug #125: garbage HTCP requests cause assertion
- Fixed bug #134: 'virtual port' support ignores
httpd_accel_port, causes a loop in httpd_accel mode
- Fixed bug #135: assertion failed: logfile.c:135: "lf->offset
<= lf->bufsz"
- Fixed bug #137: Ranges on misses are over-done
- Fixed bug #160: referer_log doesn't seem to work
- Fixed bug #162: some memory leaks (SNMP, delay_pools,
comm_dns_incoming histogram)
- Fixed bug #165: "Store Mem Buffer" leaks badly
- Fixed bug #172: Ident Based ACLs fail when applied to
cache_peer_access
- Fixed bug #177: LinuxPPC 2000 segfault bug due to varargs abuse
- Fixed bug #182: 'config' cachemgr option dumps core with
null storage
- Fixed bug #185: storeDiskdDirParseQ[12]() use wrong number
of args in debug/printf
- Fixed bug #187: bugs in lib/base64.c
- Fixed bug #184: storeDiskdShmGet() assertion; changed
diskd to use bitmap instead of linked list
- Fixed bug #194: Compilation fails on index() on some
non-BSD plaforms
- Fixed bug #197: refreshIsCachable() incorrectly checks
entry->mem_obj->reply
- Fixed bug #215: NULL pointer access for proxy requests
in accel-only mode
|
|
PR pkg/13971 by David Sainty.
|
|
|
|
"RunCache" again.
|
|
- We don't want to wait forever until "squid" terminates. Wait at most
20 seconds after a shutdown command use "kill" afterwards.
- Don't use "RunCache" to start "squid", it is not necessary and only
causes trouble.
- Bring the "rotate" command which got lost in last update.
Bump package version number to 2.4.1nb2.
|
|
squid installations. These directories should be created by the
administrator after selecting the proper directory.
|
|
include his improved "rc.d" script.
- Use the same directory structure as in the Apache package. The
configuration files are now in "${PREFIX}/etc/squid" and won't be
removed during deinstallation.
- Remove unnecessary configuration variables "SQUID_HTTP_PORT" and
"SQUID_ICP_PORT". These values can perfectly be adjusted by editing
the configuration file and supporting all these variables would make
the package too complex.
- Bump the version number to 2.4.1nb1.
|
|
|
|
|
|
o add $NetBSD$ RCS tag to patch-ab
o regen distinfo
|
|
|
