Changelog:
- Update to CVS as of 2007-06-23, i.e. include all applicable PatchSets up
to PatchSet 10865.
- Due to popular demand introduce squid_pidfile as rc(8) tunable; it
defaults to ${PREFIX}/squid/logs/squid.pid. Document the need to tweak
this variable in squid.conf.default if the administrator chooses to change
this default in Squid's configuration.
- install a new basic auth helper "DB" that is used to get user/password
information via a SQL database accessible with Perl's DBI; install the
example SQL script to create such a database in ${EXAMPLESDIR}
- Apply some cleanups in Makefile:
* prefer PatchSet over ChangeSet consistently
* improve handling of debugging options
* note that Squid-3's kqueue(2) is still considered experimental by the
Squid developers (but keep it enabled by default)
PR: 113997
Submitted by: Thomas-Martin Seck <tmseck@netcologne.de> (maintainer)
- replace sunsite.auc.dk which is no longer serving Squid distfiles
(cf fenner's distfile survey) and replace it with ftp.belnet.be.
The Squid mirror list seems to have vanished (temporarily) during
their website redesign spree but it used to be listed there as
an official Belgian mirror.
- remove files/extra-patch-changeset_11375 which was added in
2.6.12_1, the fix is present in 2.6.STABLE13.
- simplify the SQUID_KQUEUE parsing; Squid-2 will automatically enable
kqueue(2) support and the new OPTIONS parser does no longer require
.ifndef WITHOUT_* constructs
- remove IGNORE for the combination of SQUID_SSL and SQUID_ICAP
- (try to) adapt the ICAP-core patch to the changes in the Squid code base
- add a +ICAP identifier to the internal Squid version string to help the
Squid developers in identifying patched up Squid versions (some
reported bugs were not really Squid but rather ICAP bugs it seems)
Submitted by: Thomas-Martin Seck (maintainer)
PR: ports/112751
The patchset is a slightly modified version of the Squid patchset 11375.
Notes:
Since this patch conflicts with the ICAP patchset and only affects
non-default configurations that have been compiled using the
WITH_SQUID_SSL configuration option, apply the patch only when this
option is enabled. Set IGNORE when both WITH_SQUID_SSL and
WITH_SQUID_ICAP are defined.
PR: 112054
Submitted by: Thomas-Martin Seck <tmseck@netcologne.de> (maintainer)
- Update the ICAP client patchset to not remove a specific function call;
this should fix timeout issues reported on the squid-dev list
PR: 110471
Submitted by: Thomas-Martin Seck <tmseck@netcologne.de> (maintainer)
- consistently use "Squid" when referring to the software's name
- define COMMENT a bit less chatty
- replace the progeny.com mirror with the one hosted by Vistech
- fix a wrong path in pkg-message.in (thanks to "Tuc at the Beach House")
- pass ${squid_flags} when stopping or reconfiguring Squid (ports/100510)
PR: ports/105023
Submitted by: Thomas-Martin Seck <tmseck@netcologne.de> (maintainer)
Sponsored by: FreeBSD Bug-a-thon #2
<http://www.squid-cache.org/Versions/v2/2.5/bugs/>
to correct a problem with logging that could occur in certain cases
(Squid bug #1605)
- add some of the WWW mirrors found on
<http://www.squid-cache.org/Mirrors/http-mirrors.html> as additional
PATCH_SITES
(thanks to Robert Backhaus for the initial submission)
- make the rc.d script print "Stopping squid." in the hand rolled stop command
when shutting down, just like default rc.subr stop routine would do
PR: ports/100056
Submitted by: maintainer
- accept 7-CURRENT's WITHOUT_NIS switch as a synonym for NO_NIS
- add a missing "/" in files/pkg-message.in
- update the ICAP core patchset to the latest CVS (2006-05-21)
- update the custom logfile patchset to the latest CVS (2006-05-21)
PR: ports/97607
Submitted by: maintainer
- simplify definition of the SQUIDHOSTNAMELEN constant (squid bug #1434)
- correct display of mime icons when visible_hostname contains only the plain
hostname without a domain (squid bug #1532)
- plug a memory leak in the HTCP client code (squid bug #1553)
- plug a memory leak in the ident processing code (squid bug #1557)
- Bump PORTREVISION
[1] http://www.squid-cache.org/Versions/v2/2.5/bugs/
PR: 97356
Submitted by: Thomas-Martin Seck <tmseck@netcologne.de> (maintainer)
- Implement a new option WITH_SQUID_SASL_AUTH, off by default
- Update the ICAP core patchset to the latest CVS
- Extensive portlintification and cleanups
PR: ports/94642
Submitted by: Thomas-Martin Seck <tmseck@netcologne.de> (maintainer)
to that of Apache LogFormat and CustomLog configuration directives.
This also allows for output in multiple formats to different log files.
See http://devel.squid-cache.org/customlog/ for more information.
PR: ports/92522
Submitted by: Matthew Will <mwill@spingen.com>
Approved by: maintainer
<http://www.squid-cache.org/Versions/v2/2.5/bugs/>:
- Fix wbinfo_group.pl to correctly work with the wbinfo command
from samba-3.0.21 (squid bug #1472)
- Fix a crash when accessing async IO function counters via the
cachemgr CGI in cases where squid was compiled for aufs support
but not actually using it (squid bug #1464)
While at it, remove an unneeded patch from the ICAP core patchset.
PR: ports/91831
Submitted by: maintainer
- Fix rc(8) preamble in the squid run script
- Use the .sh suffix only for the old style script
- Do not refer to "rcNG" in pkg-install anymore, rcNG is the default
rc style by now
- Bump PORTREVISION (to mark this change and because the package content
changes)
PR: ports/90858
Submitted by: Thomas-Martin Seck <tmseck@netcologne.de>
--enable-ntlm-fail-open was specified as an additional configuration
option (squid bug #1022).
The port does not enable this option by default; document it, while at it.
- Add SHA256 checksum for the squid tarball
- Integrate ICAP client support based upon the icap project's CVS repository,
turned off by default.
To activate it, build the port with WITH_SQUID_ICAP defined or rerun
'make config'.
- Bump PORTREVISION
PR: ports/90688
Submitted by: maintainer
<http://www.squid-cache.org/Versions/v2/2.5/bugs/>:
- document that tcp_outgoing_xxx works badly in combination with
server_persistent_connections (squid bug #454)
- add more tracing in test mode of squid_ldap_auth (squid bug #1395)
- fix breakage of accel_single_host when combined with
server_persistent_connection (squid bug #1402)
- correctly implement the CACHE_HTTP_PORT configuration directive
(squid bug #1403)
- fix the problem that CNAME addresses were remembered with a wrong TTL
(squid bug #1404)
- fix incorrect handling of squid-internal-dynamic/netdb in conjunction with
httpd_accel/transparent proxies (squid bug #1410)
- properly revalidate the cache on HEAD requests (squid bug #1411)
- correct handling of Set-Cookie headers on cache refreshes (squid bug #1419)
- fix a vulnerability in the FTP parsing code (squid bug #1426)
PR: ports/87637
Submitted by: maintainer
- LDAP helpers do not work with TLS (-Z option)
(squid bug #1389)
- Incorrect store dir selection debug message on objects >2G
(squid bug #1343)
- Enums cannot be assumed to be signed ints
(squid bug #1343)
- Allow leaving core dumps on Linux
(squid bug #1335)
- Do not let clients bypass delay pools by faking a cache hit
(squid bug #500)
- Fix problems regarding CONNECT requests when squid is configured with
"pipeline_prefetch on"
- Fix a possible DOS condition which may be triggered by certain NTLM
authentication requests
(squid bug #1391)
- Remove patching relevant to recently removed pf from ports option
PR: ports/86179
Submitted by: Thomas-Martin Seck <tmseck@netcologne.de> (maintainer)
- FTP listings use "BASE HREF" much more than necessary (squid bug #1204)
- Cleanups for 64bit architectures (squid bug #1316)
- Allow wb_ntlm_auth to run more silent (squid bug #518)
- Add a new 'mail_program' configuration option
- Fix a possible denial of service condition regarding sslConnectTimeout
(squid bug #1355, Secunia Advisory SA16674)
- Avoid a possible assertion failure in StatHist.c (squid bug #1325)
- Fix issues regarding chroot'ed installations on 'squid -k reconfigure'
(squid bug #1331)
- Make URLs in error pages more consistent and less confusing (squid bug #1342)
- Fix compilation when _FORTIFY_SOURCE is defined (squid bug #1344)
- Fix handling of unexpected 250 replies from certain odd FTP servers
(squid bug #1348)
- Add Greek error pages (squid bug #1351)
- Fix a possible denial of service condition with regards to aborted requests
(squid bug #1368)
- Fix the -U option of squid_ldap_auth (squid bug #1370)
- Fix the output of the SNMP cacheClientTable for IP adresses that consist of
16 digits (squid bug #1375)
- Make the From: field of mails sent from squid configurable to avoid
mails getting lost due to spam filtering (squid bug #1380)
PR: ports/85688
Submitted by: maintainer
<http://www.squid-cache.org/Versions/v2/2.5/bugs/>:
+ double content-length often harmless (squid bug #1305)
+ update spanish error pages
+ squid internal icons were served with slightly incorrect headers
(squid bug #1275)
+ squid -k fails in combination with chroot (squid bug #1307)
+ core dump with --enable-ipf-transparent if access to NAT device is denied
(squid bug #1313)
+ http_accel_single_host incompatible with redirection (squid bug #1314)
+ squid -k reconfigure caused data corruption when a cache_dir type had been
changed (squid bug #1308)
+ SNMP getnext failed if the given OID was outside the squid MIB (squid bug
#1317)
PR: ports/82703
Submitted by: Thomas-Martin Seck <tmseck@netcologne.de> (maintainer)
- remove local patch that is now incorporated into the corresponding
vendor patch (with slightly different wording)
PR: ports/80367
Submitted by: maintainer
squid bugs #1283, 1287 and 1288 (assertion failed in store_client.c:343).
(already committed)
- Bump portrevision as a datapoint for this bugfix.
PR: 80163
Submitted by: Thomas-Martin Seck <tmseck@netcologne.de> (maintainer)
<http://www.squid-cache.org/Versions/v2/2.5/bugs/>:
- Correct several minor aufs issues (squid bug #671)
- Basic authentification fails when login+password totalled to more than
64 characters (squid bug #1171)
- Fix an assertion that could occur when traffic other than HTTPS was
tunneled through squid via the CONNECT method (squid bug #1269)
- Make the --disable-hostname-check configuration option actually work
(squid bug #1270)
- Fix aufs warning about open filedescriptors when the cache was shut down
(squid bug #671)
- Allow squid to process requests for files larger than 2GB in size
(squid bug #437)
Introduce a new OPTION "WITH_SQUID_LARGEFILE", default to off to match
squid's default behaviour.
Rebuild squid with -DWITH_SQUID_LARGEFILE or run 'make config' and
select this new option.
- Add two new cachemgr actions: "pending_objects" and "client_objects"
- Make external acls that require authentication request new credentials
after access had been denied (squid bug #1278)
- Make squid use "daemon" instead of "local4" as syslog facility (squid bug
#1227)
PR: 80028
Submitted by: Thomas-Martin Seck <tmseck@netcologne.de> (maintainer)
<http://www.squid-cache.org/Versions/v2/2.5/bugs/>:
+ Handle odd data formats (squid bug #321)
+ reload_into_ims fails to revalidate negatively cached entries
(squid bug #1159)
+ Clarify delay_access function (squid bug #1245)
+ Check several squid.conf directives for int overflows (squid bug #1247)
+ Use memset(3) instead of bzero(3) (squid bug #1256)
+ Fix compile warnings due to pid_t not being an int (squid bug #1257)
+ Fix incorrect use of ctype functions (squid bug #1259)
+ Defer digest fetch if the peer is not allowed to be used (squid bug #1262)
+ Extend relaxed_header_parser to work around "excess data from" errors from
many major web servers (squid bug #1265)
- Enable IPFilter based transparent proxying on all FreeBSD versions where
IPFilter headers are part of the base system (i.e. RELENG_4 < 4.7-RELEASE,
RELENG_5 and 6-CURRENT). Create a new OPTION WITH_SQUID_IPFILTER for this
purpose. Thanks to sem@ for keeping track of this issue!
PR: ports/78780
Submitted by: Thomas-Martin Seck <tmseck@netcologne.de> (maintainer)
- correct a race condition related to the Set-Cookie header
- correct the FTP parser with regards to the EPLF format
(squid bug #1252)
- correct FTP listing output when the URL was requested without a trailing
slash (squid bug #1253)
- make ACL configuration errors fatal (squid bug #1255)
PR: ports/78446
Submitted by: Thomas-Martin Seck <tmseck@netcologne.de> (maintainer)
- fix some cross-platform build format warnings
- allow high characters in generated FTP and Gopher directory listings
(squid bug #1220)
- cleanup generation of FTP URLs
- relax the newly introduced strict HTTP parser slightly to work around some
more malformed HTTP responses (squid bug #1242)
PR: ports/77779
Submitted by: Thomas-Martin Seck <tmseck@netcologne.de> (maintainer)
- Integrate a vendor patch from:
http://www.squid-cache.org/Versions/v2/2.5/bugs/
it fixes a major problem regarding the handling of invalid DNS responses
PR: ports/77423
Submitted by: maintainer