| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
variables into CONFIGURE_ENV if the new tools framework already takes
care of adding them automatically.
|
|
Apply 9 official fixes including security improvement in DNS lookup.
I still disable transparent_port.patch because it needs a missing header
file of IP Filter. NetBSD current and 3.0_BETA already fixed this problem
but still netbsd-2/2-0 branches. I will apply it after netbsd-2/2-0
branches fix this problem. (And this fix needs to update squid package
to 2.5.STABLE10 which is RC3 now.)
* 2005-05-10 23:11 (Cosmetic)
Extended documentation of the always_direct directive
* 2005-05-10 22:33 (Medium)
assertion failed: store_client.c:343:
"storeSwapOutObjectBytesOnDisk(mem) > sc->copy_offset"
* 2005-05-11 19:19 (Security issue)
DNS lookups unreliable on untrusted networks
* 2005-05-09 01:51 (Minor)
Allow dstdomain and dstdom_regex to match IP based hosts
* 2005-05-08 14:01 (Cosmetic) Minor arp ACL improvements
* 2005-05-04 18:09 (Minor)
SNMP Agent updates to support SNMP Version 2 and bulk requests
* 2005-05-01 10:58 (Cosmetic) Cosmetic change to DISKD statistics
* 2005-04-30 12:58 (Medium)
Poor hot object cache hit ratio and sporadic assertion
failed: store_swapin.c: e->mem_status == NOT_IN_MEMORY
* 2005-04-25 16:36 (Cosmetic) Minor aufs improvements
|
|
And always is defined as share/examples/rc.d
which was the default before.
This rc.d scripts are not automatically added to PLISTs now also.
So add to each corresponding PLIST as required.
This was discussed on tech-pkg in late January and late April.
Todo: remove the RCD_SCRIPTS_EXAMPLEDIR uses in MESSAGES and elsewhere
and remove the RCD_SCRIPTS_EXAMPLEDIR itself.
|
|
IP Filter 4.1 and later. (It has no problem on IP Filter 3.x, but it is
difficult apply it conditionally with IP Filter's version.)
This apparently fix PR pkg/30085. But note, Squid's transparent proxy
with IP Filter dosen't work. It is worked without IP Filter's NAT process.
So, web acceess through squid may fail for HTTP 1.0 client which dosen't
send Host header.
Bump PKGREVISION (squid-2.5.9nb10).
|
|
- Fix bad PID directory of squid binary introduced by previous pkgsrc.
- Update DIST_SUBDIR through DIST_STAMP since some of patch files
are updated.
- Fix error in doc/Makefile with nbmake.
- Newer patch (aufs improvement) aren't included now.
Bump PKGREVISION.
|
|
o 2005-04-23 01:38 (Minor Security)
Fix for CVE-1999-0710: cachemgr malicouse use
o 2005-04-22 20:48 (Cosmetic) PID file check fails when chrooting
o 2005-04-24 16:35 (Minor)
Make the use of the %m error page to return auth info messages
o 2005-04-22 20:21 (Minor)
Unrecognized cache-control directives are silently dropped
pkgsrc change.
- remove aufs from store I/O backend until it controlled by options.mk
frame work.
- remove patch-cd; it is covered by squid-2.5.STABLE9-transparent_port.patch.
Bump PKGREVISION.
|
|
o 2005-04-21 10:31 (Cosmetic)
Correctly read DOS/Windows formatted config files with CRLF as
line terminator
o 2005-04-20 21:55 (Minor) Unable to run "squid -k" when hostname cannot
be determined
o 2005-04-20 21:55 (Minor) fix transparent proxying when squid listens
on NATed non-80 port
o 2005-04-21 10:46 (Cosmetic) Missing newlines in debug statements
o 2005-04-20 21:36 (Cosmetic) Error template substitution for
authenitcated user name
Because of update of squid-2.5.STABLE9-2GB.patch, DIST_SUBDIR updated again.
|
|
- squid-2.5.STABLE9-LDAP_SUN_SDK.patch
- squid-2.5.STABLE9-2GB.patch
Bump PKGREVISION.
|
|
* Add one more offcial patch:
- 2005-04-05 23:05 (Cosmetic) should syslog to daemon facility not local4
* One patch updated, so update DIST_SUBDIR through DIST_STAMP change.
* Add aufs to --enable-storeio configuration.
TODO: use <bsd.options.mk> frame work and allow to use
--enable-pf-transparent which is mutual exclusive parameter
with --enable-ipf-transparent.
|
|
|
|
use different sub directory and bump package revision.
|
|
|
|
* 2005-04-04 00:19 (Medium)
Fails to process requests for files larger than 2GB in size
Since the name of the patch file is the same as before, DIST_SUBDIR has
been udpated via DIST_STAMP.
Bump PKGREVISION.
|
|
Add these official patches:
* 2005-03-30 22:51 (Cosmetic)
external acls requiring authentication does not request new
credentials on access denials like proxy_auth does.
* 2005-03-29 09:52 (Cosmetic)
New cachemgr pending_objects and client_objects actions
* 2005-03-26 23:53 (Minor) rename() related cleanup
* 2005-03-30 22:51 (Medium)
Fails to process requests for files larger than 2GB in size
* 2005-03-19 23:57 (Cosmetic)
aufs warning about open event filedescriptors on shutdown
* 2005-03-19 01:35 (Minor) --disable-hostname-checks not working
* 2005-03-19 01:11 (Cosmetic) LDAP helpers fails to compile with SUN LDAP SDK
* 2005-03-21 20:44 (Minor)
CONNECT requests truncated if client side disconnects first
assertion failed: comm.c:430: "ntohs(address->sin_port) != 0"
* 2005-03-19 00:25 (Minor)
Basic authentication fails with very long logins or password
* 2005-03-29 08:45 (Minor) Several minor aufs issues
* 2005-03-09 15:46 (Cosmetic)
Extend relaxed_header_parser to work around "excess data from"
errors from many major web servers.
* 2005-03-09 15:46 (Cosmetic)
Duplicate content-length headers logged as conflicting with
relaxed_header_parser off
* 2005-03-09 15:46 (Cosmetic)
Defer digest fetch if the peer is not allowed to be used
* 2005-03-10 23:38 (Minor) Incorrect use of ctype functions
* 2005-03-15 04:27 (Minor) compile warnings due to pid_t not being an int
* 2005-03-09 15:46 (Minor)
bzero is a non-standard function not available on all platforms
* 2005-03-09 15:46 (Cosmetic)
Check several squid.conf directives for int overflows
* 2005-03-09 15:46 (Cosmetic) Clarify delay_access function
* 2005-03-09 15:46 (Minor)
reload_into_ims fails to revalidate negatively cached entries
* 2005-03-09 15:46 (Minor) Handle odd date formats
|
|
* 2005-03-04 22:48 (Cosmetic Security)
Unexpected access control results on configuration errors
* 2005-03-04 11:55 (Minor)
Links in FTP listings without / fails due to missing BASE HREF
* 2005-03-04 11:55 (Minor)
Fails to parse the EPLF FTP directory format
* 2005-03-03 02:26 (Minor Security)
Race condition related to Set-Cookie header
|
|
There is no runtime change from 2.5.8nb3.
- Fix for a wrong configure warning on Solaris 9 x86 when enabling ARP
ACl support: The effective host type is i386-pc-solaris2.9.
- Documentation update for squid 2.5.STALBE9.
|
|
* 2005-02-23 00:11 (Medium) Should not automatically retry request on 403
and other server errors
* 2005-02-21 17:02 (Minor) fqdn lookups with spaces may confuse redirectors
* 2005-02-21 03:38 (Cosmetic) Display FTP URLs in decoded format to allow for
sane display of national characters etc
* 2005-02-21 02:58 (Minor) Peer related memory leaks on "squid -k reconfigure"
* 2005-02-21 01:38 (Cosmetic) Doesn't work specifying the AR variable to
configure
|
|
|
|
Add new two patches:
* 2005-02-20 19:11 (Cosmetic) GCC4 warnings
* 2005-02-20 10:47 (Minor) Relax header parsing slightly again to work
around broken web servers
Reflect update of one patch:
* 2005-02-20 11:03 (Cosmetic) Cross-platform format fixes
Update DIST_SUBDIR.
|
|
Apply four official fixes.
* 2005-02-15 02:14 (Cosmetic) FTP URL cleanups
* 2005-02-15 01:07 (Cosmetic) Allow high characters in generated FTP and
Gopher directory listings
* 2005-02-15 00:03 (Cosmetic) Cross-platform format fixes
* 2005-02-13 05:58 (Major) Assertion failure on certain odd DNS responses
Fixes PR pkg/29412 from Mike M. Volokhov.
|
|
Most of these changes are already included in previous squid-2.5.7nb12.
But last one is really new one.
Changes to squid-2.5.STABLE8 (11 Feb 2005)
- [Minor] 100% CPU usage on half-closed PUT/POST requests (Bug #354,
#1096)
- [Cosmetic] Document -v (protocol version) option to LDAP helpers
- [Minor] The new req_header and resp_header acls segfaults
immediately on parse of squid.conf (Bug #961)
- [Minor] Failure to shut down busy helpers on -k rotate/reconfigure
(Bug #1118)
- [Minor] Don't use O_NONBLOCK on disk files. (Bug #1102)
- [Minor] Squid fails to close TCP connection after blank HTTP
response (Bug #1116)
- [Minor security] Random error messages in response to malformed
host name (Bug #1143)
- [Minor] PURGE should not be able to delete internal objects
(Bug #1112)
- [Minor] httpd_accel_port 0 (virtual) not working correctly (Bug
#1121)
- [Minor] cachemgr vm_objects segfault (Bug #1149)
- [Minor security] Confusing results on empty acl declarations (Bug
#1166)
- [Minor] Don't close all "other" filedescriptors on startup (Bug
#1177)
- [Minor] fakeauth_auth memory leak and NULL pointer access (Bug
#1183)
- [Security] buffer overflow bug in gopherToHTML() (Bug #1189)
- [Medium security] Denial of service with forged WCCP messages
(Bug #1190)
- [Minor] DNS related memory leak on certain malformed DNS responses
(Bug #1197)
- [Minor] Internal DNS sometimes truncates host names in reverse
(PTR) lookups (Bug #1136)
- [Minor Security] Add sanity checks on LDAP user names (Bug #1187)
- [Security] Harden Squid agains HTTP request smuggling attacks
- [Minor] Icon URLs fails in non-anonymous FTP directory listings is
short_icon_urls is on (Bug #1203)
- [Security] Harden Squid agains HTTP response splitting attacks
(Bug #1200)
- [Medium security] Buffer overflow in WCCP recvfrom() call
(Bug #1217)
- [Security] Properly handle oversized reply headers (Bug #1216)
- [Minor] LDAP helpers search fixed to properly ask for no attributes
- [Minor] A sporadic segmentation fault when using ntlm authentication
fixed (Bug #1127)
- [Major] Segmentation fault on failed PUT/POST requests (Bug #1224)
- [Medium] Persistent connection mismatch on failed PUT/POST request
(Bug #1122)
- [Minor] WCCP easily disturbed by forged packets (Bug #1225)
- [Minor] Password management in ftp:// gatewaying improved (Bug #1226)
- [Major] HTTP reply data corruption in certain situations involving
reply headers split over multiple packets (Bug #1233)
|
|
Adding several official patches which fix security and critical problem.
o 2005-02-06 00:57 (Cosmetic)
Improve password handling in FTP gatewaying of ftp://user@host URLs
o 2005-02-04 11:41 (Minor) WCCP easily disturbed by forged packets
o 2005-02-04 00:33 (Medium)
Persistent connection trouble on failed PUT/POST requests
o 2005-02-04 00:12 (Major) Segmentation fault on failed PUT/POST request
o 2005-02-03 23:27 (Minor)
Sporadic segmentation fault when using ntlm authentication
o 2005-02-03 23:17 (Minor)
LDAP helpers sends slightly malformed search requests
o 2005-01-31 22:50 (Security issue)
Correct handling of oversized reply headers
|
|
Noted by salo@ first and PR pkg/29181 later.
|
|
squid-2.5.STABLE7-response_splitting.patch was updated, so update distinfo
and DIST_SUBDIR. It seems that a patch to one more file was added.
* 2005-01-31 01:50 (Security issue)
Strengthen Squid from HTTP response splitting cache pollution attack
|
|
* 2005-01-28 23:16 (Security issue) Buffer overflow in WCCP recvfrom() call
Bump PKG_REVISION and now squid-2.5.7nb10.
|
|
security fix.
o 2005-01-21 12:10 (Minor)
Disable Path-MTU discovery on intercepted requests
o 2005-01-21 12:43 (Security issue)
Strengthen Squid from HTTP response splitting cache pollution attack
Bump package revision.
|
|
o 2005-01-21 12:43 (Security issue)
Strengthen Squid from HTTP response splitting cache pollution attack
o 2005-01-21 12:10 (Minor)
Icons fails to load on non-anonymous FTP when using
short_icons_url directive
o 2005-01-21 12:10 (Minor)
FTP data connection fails on some FTP servers when requesting
directory without a trailing slash
One patch has problem to apply and hold to apply
o 2005-01-21 12:10 (Minor) Disable Path-MTU discovery on intercepted requests
Bump package revision.
|
|
o 2005-01-17 04:29 (Minor Secuity issue) Sanity check usernames in squid_ldap_auth
o 2005-01-17 02:52 (Minor) FQDN names truncated on compressed DNS responses
o 2005-01-17 02:52 (Minor) Internal DNS memory leak on malformed responses
Bump package revision; squid-2.5.7nb7.
|
|
|
|
Now squid's user and group are handled by bsd.pkg.install.mk properly.
Thanks much to Volker Wiegand at t-online dot de noted this problem
by private mail.
Bump PKGREVISION.
|
|
o 2005-01-12 17:21 (Security issue) Denial of service with forged WCCP messages
o 2005-01-12 17:19 (Security issue) buffer overflow bug in gopherToHTML()
o 2005-01-08 03:13 (Medium) fakeauth_auth memory leak and NULL pointer access
Bump package revision.
|
|
were changed their size.
|
|
|
|
* 2004-12-28 12:55 (Minor) Don't close "other" filedescriptors on startup
* 2004-12-27 18:54 (Minor Security) Confusing results on empty acl declarations
Bump package revision.
|
|
under share/examples/rc.d. The variable name already was named
RCD_SCRIPTS_EXAMPLEDIR.
This is from ideas from Greg Woods and others.
Also bumped PKGREVISION for all packages using RCD_SCRIPTS mechanism
(as requested by wiz).
|
|
* Apply official three patches.
- 2004-12-08 01:03 (Minor) cachemgr vm_objects segfault
- 2004-12-08 00:47 (Minor) httpd_accel_port 0 (virtual) not working correctly
- 2004-12-07 23:45 (Cosmetic / Minor Security issue) Random error messages
in response to malformed host name
* use VARBASE for data directory.
* better handling data directory and user and group for squid with
bsd.pkg.install.mk.
|
|
* 2004-11-07 23:37 (Minor) Squid fails to close TCP connection after
blank HTTP response
* 2004-11-06 21:42 (Minor) 100% CPU on startup on new/experimental Linux
kernels due to O_NONBLOCK
* 2004-11-06 15:28 (Minor) Failure to shut down busy helpers on -k
rotate/reconfigure
* 2004-10-20 23:23 (Minor) The new req_header and resp_header acls segfaults
immediately on parse of squid.conf
* 2004-10-19 10:09 (Cosmetic) Document -v (protocol version) option to LDAP
helpers
* 2004-10-14 22:48 (Minor) 100% CPU usage on half-closed PUT/POST requests
Bump package revision.
|
|
This includes security problem with SNMP support which enabled by default.
<http://www.idefense.com/application/poi/display?id=152&type=vulnerabilities>
* pkgsrc changes:
- Don't use PKGNAME within DIST_SUBDIR. Instead, date based DIST_STAMP.
This change prevent extra DIST_SUBDIR change asked by kim@.
- Remove setproctitle(3) hack for dnsserver helper program since use of
dnsserver itself is problematic with huge size of squid process.
* Changes to squid-2.5.STABLE7 (11 Oct 2004)
- [Medium] No objects cached in ufs cache_dir type in some
configurations. Issue introduced in 2.5.STABLE6 by the patch for
Bug #676. (Bug #1011)
- [Minor] LDAP helpers update to correct LDAP connection management
and add support for literal password compare instead of binding
- [Minor] A large number of queued DNS lookups for the same domain
(Bug #852)
- [Cosmetic] request_header_max_size configuration partly ignored
(Bug #899)
- [Minor] Partial hit results in TCP_HIT, not TCP_MISS. (Bug #1001)
- Bug #1012: [Cosmetic] HEAD requests may return stale information
(Bug #1012)
- [Cosmetic] Warn if cache_dir ufs can not create files. (Bug #918)
- [Minor] case insensitive authentication (Bug #431)
- [Cosmetic] Add delay pools information to active_requests. (Bug
#882)
- [Minor] Apparent memory leak in client_db (Bug #833)
- [Minor] NTLM authentication truncated causing failures. (Bug
#1016)
- [Cosmetic] Grammatical corrections in squid.conf.default
- [Cosmetic] Unknown %X errorpage codes incorrectly quoted. (Bug
#1030)
- [Medium] Segfaults and other strange crashes when using heap
policies. (Bug #1009)
- [Minor] Supplementary group memberships not set (Bug #1021)
- [Cosmetic] ERR_TOO_BIG Portugese translation
- [Minor] external_acl does not handle newlines (Bug #1038)
- [Major] NTLM authentication denial of service when using msnt_auth
or fake_auth (Bug #1045)
- [Medium] Memory leaks when using NTLM authentication without
challenge reuse. (Bug #994)
- [Minor] Temporary NTLM memory leak with challenge reuse enabled
(Bug #910)
- [Minor] assertion failed: "n_ufs_dirs <=
Config.cacheSwap.n_configured". (Bug #1053)
- [Minor] Segfault in authenticateDigestHandleReply. (Bug #1031)
- [Minor] acl time fails to parse multiple time specifications
(Bug #1060)
- [Minor] cachemgr config dumps mixed up Range and Request-Range
headers in http_header_access & replace directives. (Bug #1056)
- [Minor] Content-Disposition added as a well known header (Bug #961)
- [Cosmetic] Don't warn about arp acls not being supported on FreeBSD
(Bug #1074)
- [Cosmetic] Limit internal send/receive buffer sizes (Bug #1075)
- [Medium] New acl types to match arbitrary HTTP headers. In addition
the http_header_access & replace directivess now support arbitrary
headers and not only the well known ones. (Bug #961)
- [Cosmetic] ncsa_auth now accepts Window formatted password files
(Bug #1078)
- [Cosmetic] Support the --program-prefix/suffix options or other
configure program name transforms (Bug #1019)
- [Minor] Fix race condition in CONNECT and also handle aborts of
CONNECT requests in a more graceful manner. (Bug #859)
- [Minor] New balance_on_multiple_ip directive to work around certain
broken load balancers and optimized ipcache on reload requests
(Bug #1058)
- [Medium] New reply_header_max_size directive (Bug #874)
- [Minor] Suspected instability on aborted PUT/POST requests (Bug #1089)
- [Security] SNMP Denial of Service fix (CAN-2004-0918)
|
|
changed.
-+ debug(49, 1) ("clientdbGC: Removed %d entries\n", cleanup_removed);
++ debug(49, 2) ("clientdbGC: Removed %d entries\n", cleanup_removed);
|
|
- Add 9 official patches.
Bump package revision, squid-2.5.6nb3.
* 2004-09-30 09:28 (Minor) CARP ignores cache_peer_domain/cache_peer_access
* 2004-09-27 18:23 (Minor) balance_on_multiple_ip squid.conf directive
* 2004-09-27 18:10 (Minor) Race window and poor responsiveness to aborted
CONNECT requests
* 2004-09-25 21:42 (Cosmetic) Support the --program-prefix and other program
name transforms
* 2004-09-25 21:08 (Cosmetic) Document the caseinsensitive basic auth option
* 2004-09-25 20:57 (Cosmetic) ncsa_auth is sensitive on line ending format
* 2004-09-25 12:00 (Medium) Add support for arbitrary headers acess controls
* 2004-09-26 21:22 (Minor) Limit internal send/receive buffers
* 2004-09-25 09:55 (Cosmetic) arp acls is supported on FreeBSD these days..
|
|
in the process. (More information on tech-pkg.)
Bump PKGREVISION and BUILDLINK_DEPENDS of all packages using libtool and
installing .la files.
Bump PKGREVISION (only) of all packages depending directly on the above
via a buildlink3 include.
|
|
* 2004-09-01 13:59 (Minor)
Squid does not recognise Content-Disposition header
* 2004-09-01 13:09 (Cosmetic)
cachemge config dumps mixed up Range and Request-Range headers
* 2004-09-01 12:25 (Minor)
acl time fails to parse multiple time specifications correctly
* 2004-08-28 22:46 (Minor)
Segfault in CvtBin / authenticateDigestHandleReply
* 2004-08-25 21:11 (Minor)
assertion failed: comm.c:430: "n_ufs_dirs <= Config.cacheSwap.n_configured"
* 2004-08-25 20:30 (Minor)
Temporary NTLM memory leak with challenge reuse enabled
* 2004-08-25 20:30 (Medium)
Memory leaks when using NTLM authentication without challenge reuse
Bump PKGREVISION.
|
|
Squid 2.5.STABLE5 to 2.5.STABLE6:
* Several "Assertion error" bugs fixed
* Several "Segmentation fault" bugs fixes
* Corrects a security issue in the old ntlm_auth NTLM helper used in transparent NTLM authentication to a NT domain without using samba.
* Processing of Vary: * and Vary on error messages corrected
* a large number of minor and cosmetic bugfixes. See the list of squid-2.5.STABLE5 patches and the ChangeLog file for details.
2.5.STABLE56 official patches:
* 2004-08-20 08:18 (Major) NTLM authentication denial of service
* 2004-08-14 21:07 (Minor) external_acl does not handle newlines
* 2004-08-09 14:03 (Minor) Supplementary group memberships not set
* 2004-08-05 20:33 (Medium) Segfaults and other strange crashes when using heap policies
* 2004-08-06 11:05 (Cosmetic) Unknown %X errorpage codes incorrectly quoted
* 2004-08-17 12:22 (Cosmetic) Grammatical corrections in squid.conf.default
* 2004-07-27 21:52 (Minor) NTLM authentication truncated
* 2004-07-17 22:43 (Minor) Memory leak in client_db
* 2004-07-17 20:11 (Cosmetic) Add delay pools information to active_requests
* 2004-07-17 19:57 (Minor) case insensitive authentication
* 2004-07-17 19:48 (Cosmetic) Warn if cache_dir ufs can not create files
* 2004-07-17 16:33 (Cosmetic) HEAD requests may return stale information
* 2004-07-17 16:33 (Minor) Partial hit results in TCP_HIT, not TCP_MISS
* 2004-07-17 16:33 (Cosmetic) request_header_max_size configuration option doesn't work correctly
* 2004-07-29 13:29 (Minor) A large number of queued DNS lookups for the same domain
* 2004-08-10 09:40 (Minor) LDAP helpers update
* 2004-07-14 16:29 (Medium) storeCreate: no valid swapdirs for this object
|
|
(Current squid package dosen't build sasl_auth module.)
|
|
support making sasl_auth module. (I think it is better to create
separate packages for those authentication modules.)
Bump package revision.
|
|
pkgsrc change:
o set DIST_SUBR to ${PKGNAME}.
Changes:
o 2004-06-07 21:25 (Cosmetic) Negative size in access.log on long
running CONNECT requests
o 2004-06-08 11:01 (Major) Segmentation fault after
"Likely proxy abuse detected"
o 2004-06-18 17:39 (Security issue) Overflow bug in Squid's ntlm_auth helper.
Note: currently below patch isn't applied since it is broken and I'm
not sure how it shold be corrected. I wish it would fixed
before tagging pkgsrc-2004Q2.
o 2004-06-08 11:42 (Minor) sasl_auth doesn't compile with SALS2
|
|
checksum change.
|
|
|
|
|
|
Bug #753: va_copy required
Bug #995: segfault on long URLs (bug in previous patch to Bug #753)
And reduce offset from pkgsrc's patches.
Bump package revision.
|
