1
0
mirror of https://git.FreeBSD.org/ports.git synced 2024-12-11 02:50:24 +00:00
Commit Graph

216 Commits

Author SHA1 Message Date
Martin Wilke
77ef929fa4 - Update to 2.6STABLE4
- integrate most of the vendor patches available from
        <http://www.squid-cache.org/Versions/v2/2.6/changesets/> up to
        changeset 11066
- replace the FTP mirror at progeny.com (which seems to be gone and is
        no longer listed on <http://www.squid-cache.org/Mirrors/ftp-mirrors.html>)
        with the one hosted by Vistech
- remove a redundant / from PATCH_SITE_SUBDIR
- update the ICAP patchsets to current ICAP CVS
- add an extra patch that adds a decription of how to remap the threading
        library to the documentation of the aufs file system in squid.conf when
        Squid is built with aufs support on FreeBSD >= 5.1
- make the rc script pass ${squid_flags} in the shutdown and reconfigure
        case (ports/100510)
- fix a path description in pkg-message (pointed out by
"Tuc at the Beach House")
- use "Squid" in the pseudo-user's description, too

PR:		ports/105022
Submitted by:	Thomas-Martin Seck <tmseck@netcologne.de> (maintainer)
Sponsored by:   FreeBSD Bug-a-thon #2
2006-11-04 23:18:03 +00:00
Martin Wilke
5359eb1f58 - update to 2.6.STABLE3
- update the ICAP core patchset to CVS as of 2006-08-13 and correct
  the name of the CVS branch used in creating the diff
- remove a superfluous hunk from the ICAP bootstrap patchset

PR:		ports/102274
Submitted by:	Thomas-Martin Seck <tmseck(at)netcologne.de>
Approved by:	krion (mentor)
2006-08-22 07:56:56 +00:00
Andrew Pantyukhin
b12accf719 - Update to 2.6.STABLE2.
- Include most of the post-STABLE2 changes/bugfixes published at
  <http://www.squid-cache.org/Versions/v2/2.6/changesets/>.
- Remove the local fix for the problem that ipfw(4) support was not
  working because the problem was fixed upstream.
- Remove the SQUID_IPFW option again, ipfw(4) should now work out
  of the box as in earlier Squid versions.
- Add ICAP support.

PR:		ports/101422
Submitted by:	Thomas-Martin Seck <tmseck@netcologne.de> (maintainer)
2006-08-06 21:57:57 +00:00
Andrew Pantyukhin
f6d8d65eef - Add an OPTION to enable transparent proxying with IPFW
- Include official patchset #10799
- Minor fixes

Submitted by:	Thomas-Martin Seck <tmseck@netcologne.de> (maintainer)
2006-07-10 19:57:12 +00:00
Sergey Matveychuk
eb1c8d1da5 The squid developers have just released 2.6.STABLE1 as the new
stable Squid release. Because of the large amount changes introduced
in 2.6, we keep 2.5 as www/squid and make www/squid26.

New OPTIONS:
- WITH_/WITHOUT_SQUID_KQUEUE: use kqueue(2) support (defaults to yes)
- WITH_/WITHOUT_SQUID_WCCPV2: enable WCCPv2 support (defaults to no)
- WITH_/WITHOUT_SQUID_REFERER_LOG: enable referer-header logging (default no)
- make WITH_DEBUG a synonym for WITH_SQUID_STACKTRACES

Removed OPTIONS:
- WITH_SQUID_CUSTOM_LOG: the code is now part of mainline squid and can
  be configured via squid.conf
- WITH_/WITHOUT_SQUID_UNDERSCORES: no longer configurable
- WITH_/WITHOUT_SQUID_CHECK_HOSTNAME: no longer configurable
- WITH_/WITHOUT_SQUID_RCNG: the start script is now rc.d only

Changed default:

- CARP support is enabled by default in squid 2.6 and needs to be
  explicitly disabled defining WITHOUT_SQUID_CARP

Port infrastructural changes:
- no longer check for invalid user/group id; this problem should no longer
  be an issue (if it ever was one, but you never know) and remove the
  'changeuser:' target
- use files/squid.in instead of files/squid.sh.in as template
- remove ancient information about Harvest from pkg-descr, tighten COMMENT
- add some HTTP mirror sites taken from
  <http://www.squid-cache.org/Mirrors/http-mirrors.html> as additional
  PATCH_SITES (thanks to Robert Backhaus for the initial submission)
- ICAP support is not yet available, the squid-devel CVS is not synchronized
  with mainline squid as I write this so mark WITH_SQUID_ICAP as IGNORE for
  now. I'll add the necessary patches ASAP.
- spell "squid" as "Squid" when referring to the project as this seems to be
  the spelling the Squid project prefers
- some cosmetic changes in macro definitions

PR:		ports/99750
Submitted by:	Thomas-Martin Seck <tmseck_at_netcologne.de> (squid maintainer)
2006-07-09 15:20:10 +00:00
Jean Milanez Melo
4fcbdb49da - Update the list of MASTER_SITES.
- Update the icap-core patchset to CVS as of 2006-05-25.

PR:		ports/98279
Submitted by:	Thomas-Martin Seck <tmseck@netcologne.de> (maintainer)
Approved by:	mnag (mentor)
2006-06-05 22:00:46 +00:00
Sergey Matveychuk
2b17f205b0 - Integrate a vendor patch published on
<http://www.squid-cache.org/Versions/v2/2.5/bugs/> to fix an "assertion
  failed: HttpReply.c:105: rep" error (squid bug #1606).

- Update the customlog patchset accordingly.

- Bump PORTREVISION.

PR:		ports/97066
Submitted by:	maintainer
2006-06-04 19:55:31 +00:00
Renato Botelho
0ee692d937 - Update to 2.5.STABLE14
- accept 7-CURRENT's WITHOUT_NIS switch as a synonym for NO_NIS
- add a missing "/" in files/pkg-message.in
- update the ICAP core patchset to the latest CVS (2006-05-21)
- update the custom logfile patchset to the latest CVS (2006-05-21)

PR:		ports/97607
Submitted by:	maintainer
2006-05-22 16:11:43 +00:00
Emanuel Haupt
b663d9f740 - Introduce four vendor patches [1] which:
- simplify definition of the SQUIDHOSTNAMELEN constant (squid bug #1434)
 - correct display of mime icons when visible_hostname contains only the plain
   hostname  without a domain (squid bug #1532)
 - plug a memory leak in the HTCP client code (squid bug #1553)
 - plug a memory leak in the ident processing code (squid bug #1557)

- Bump PORTREVISION

[1] http://www.squid-cache.org/Versions/v2/2.5/bugs/

PR:		97356
Submitted by:	Thomas-Martin Seck <tmseck@netcologne.de> (maintainer)
2006-05-16 21:33:59 +00:00
Pav Lucistnik
f5d5cd4bb4 - Fix WITH_SQUID_CUSTOM_LOG patch to work with 2.5.13
PR:		ports/94665
Submitted by:	Thomas-Martin Seck <tmseck@netcologne.de> (maintainer)
2006-03-19 00:20:09 +00:00
Pav Lucistnik
4a5a7a317c - Update to 2.5.STABLE13
- Implement a new option WITH_SQUID_SASL_AUTH, off by default
- Update the ICAP core patchset to the latest CVS
- Extensive portlintification and cleanups

PR:		ports/94642
Submitted by:	Thomas-Martin Seck <tmseck@netcologne.de> (maintainer)
2006-03-18 17:11:13 +00:00
Sergey Matveychuk
e8de9cc8fd Implemented custom log format patch, providing similar functionality
to that of Apache LogFormat and CustomLog configuration directives.
This also allows for output in multiple formats to different log files.

See http://devel.squid-cache.org/customlog/ for more information.

PR:		ports/92522
Submitted by:	Matthew Will <mwill@spingen.com>
Approved by:	maintainer
2006-02-04 11:45:40 +00:00
Sergey Matveychuk
7f1969a357 Integrate two vendor patches being published on
<http://www.squid-cache.org/Versions/v2/2.5/bugs/>:

- Fix wbinfo_group.pl to correctly work with the wbinfo command
  from samba-3.0.21 (squid bug #1472)

- Fix a crash when accessing async IO function counters via the
  cachemgr CGI in cases where squid was compiled for aufs support
  but not actually using it (squid bug #1464)

While at it, remove an unneeded patch from the ICAP core patchset.

PR:		ports/91831
Submitted by:	maintainer
2006-01-15 15:44:36 +00:00
Jean-Yves Lefort
52b6e16149 Rename the rc script back to squid.sh, since some versions of
/etc/rc.d/localpkg only run scripts ending in .sh

PR:		ports/91387
Submitted by:	Tsurutani Naoki <turutani@scphys.kyoto-u.ac.jp>, maintainer
2006-01-09 13:37:54 +00:00
Edwin Groothuis
b3f2631a43 [Maintainer] www/squid: rc(8) related fixups
- Fix rc(8) preamble in the squid run script
	- Use the .sh suffix only for the old style script
	- Do not refer to "rcNG" in pkg-install anymore, rcNG is the default
	  rc style by now
	- Bump PORTREVISION (to mark this change and because the package content
	  changes)

PR:		ports/90858
Submitted by:	Thomas-Martin Seck <tmseck@netcologne.de>
2005-12-25 23:38:48 +00:00
Renato Botelho
878295ccf1 - Integrate vendor patch to fix a problem with the SMB helper when
--enable-ntlm-fail-open was specified as an additional configuration
  option (squid bug #1022).
  The port does not enable this option by default; document it, while at it.
- Add SHA256 checksum for the squid tarball
- Integrate ICAP client support based upon the icap project's CVS repository,
  turned off by default.
  To activate it, build the port with WITH_SQUID_ICAP defined or rerun
  'make config'.
- Bump PORTREVISION

PR:		ports/90688
Submitted by:	maintainer
2005-12-20 16:01:15 +00:00
Kirill Ponomarev
f903bed87f Update to 2.5.STABLE12
PR:		ports/88327
Submitted by:	maintainer
2005-11-01 14:05:59 +00:00
Renato Botelho
29dca01b77 Integrate the following vendor patches as published on
<http://www.squid-cache.org/Versions/v2/2.5/bugs/>:

- document that tcp_outgoing_xxx works badly in combination with
  server_persistent_connections (squid bug #454)
- add more tracing in test mode of squid_ldap_auth (squid bug #1395)
- fix breakage of accel_single_host when combined with
  server_persistent_connection (squid bug #1402)
- correctly implement the CACHE_HTTP_PORT configuration directive
  (squid bug #1403)
- fix the problem that CNAME addresses were remembered with a wrong TTL
  (squid bug #1404)
- fix incorrect handling of squid-internal-dynamic/netdb in conjunction with
  httpd_accel/transparent proxies (squid bug #1410)
- properly revalidate the cache on HEAD requests (squid bug #1411)
- correct handling of Set-Cookie headers on cache refreshes (squid bug #1419)
- fix a vulnerability in the FTP parsing code (squid bug #1426)

PR:		ports/87637
Submitted by:	maintainer
2005-10-19 12:21:11 +00:00
Marcus Alves Grando
c5799da9be Fix smb_auth helper
PR:		86850
Pointed by:	Dean M. Phillips <dmphilli@gmail.com>
Submitted by:	Thomas-Martin Seck <tmseck@netcologne.de> (maintainer)
2005-10-06 18:47:55 +00:00
Renato Botelho
8d51ef89de Integrate a patch from
<http://www.squid-cache.org/Versions/v2/2.5/bugs/>:
- fix delay pools behaviour which was broken by the patch for squid bug #500,
  introduced in squid-2.5.10_6 (squid bug #1405)

PR:		ports/86669
Submitted by:	maintainer
2005-09-28 12:55:56 +00:00
Renato Botelho
c6e5ee8cbf - Update to 2.5-STABLE11
- Adapt the follow-XFF patches to the changes to squid's sources

PR:		ports/86472
Submitted by:	maintainer
2005-09-22 17:28:33 +00:00
Pav Lucistnik
f8834e53d2 Update the NTLM-scheme patch to version 2. The first version of the patch is
broken (cf <http://www.squid-cache.org/bugs/show_bug.cgi?id=1391>).

PR:		ports/86215
Submitted by:	Thomas-Martin Seck <tmseck@netcologne.de> (maintainer)
2005-09-16 17:39:01 +00:00
Pav Lucistnik
43e58bb9bc - Integrate the following vendor patches:
- LDAP helpers do not work with TLS (-Z option)
    (squid bug #1389)
  - Incorrect store dir selection debug message on objects >2G
    (squid bug #1343)
  - Enums cannot be assumed to be signed ints
    (squid bug #1343)
  - Allow leaving core dumps on Linux
    (squid bug #1335)
  - Do not let clients bypass delay pools by faking a cache hit
    (squid bug #500)
  - Fix problems regarding CONNECT requests when squid is configured with
    "pipeline_prefetch on"
  - Fix a possible DOS condition which may be triggered by certain NTLM
    authentication requests
    (squid bug #1391)
- Remove patching relevant to recently removed pf from ports option

PR:		ports/86179
Submitted by:	Thomas-Martin Seck <tmseck@netcologne.de> (maintainer)
2005-09-15 20:10:59 +00:00
Pav Lucistnik
3ba03fca82 - Remove dependencies on security/pf, it was removed. pf is in base since
502106

Pointy hat to:	pav
2005-09-14 23:27:00 +00:00
Sergey Matveychuk
b082667271 - Fix somewhat messed up titles in FTP listings (squid bug #1220)
- FTP listings use "BASE HREF" much more than necessary (squid bug #1204)
- Cleanups for 64bit architectures (squid bug #1316)
- Allow wb_ntlm_auth to run more silent (squid bug #518)
- Add a new 'mail_program' configuration option
- Fix a possible denial of service condition regarding sslConnectTimeout
  (squid bug #1355, Secunia Advisory SA16674)
- Avoid a possible assertion failure in StatHist.c (squid bug #1325)
- Fix issues regarding chroot'ed installations on 'squid -k reconfigure'
  (squid bug #1331)
- Make URLs in error pages more consistent and less confusing (squid bug #1342)
- Fix compilation when _FORTIFY_SOURCE is defined (squid bug #1344)
- Fix handling of unexpected 250 replies from certain odd FTP servers
  (squid bug #1348)
- Add Greek error pages (squid bug #1351)
- Fix a possible denial of service condition with regards to aborted requests
  (squid bug #1368)
- Fix the -U option of squid_ldap_auth (squid bug #1370)
- Fix the output of the SNMP cacheClientTable for IP adresses that consist of
  16 digits (squid bug #1375)
- Make the From: field of mails sent from squid configurable to avoid
  mails getting lost due to spam filtering (squid bug #1380)

PR:		ports/85688
Submitted by:	maintainer
2005-09-04 07:57:55 +00:00
Florent Thoumie
aa4c9add34 - Update transparent patch.
PR:		ports/82838
Submitted by:	maintainer
2005-06-30 19:25:09 +00:00
Jean-Yves Lefort
9c2eddd2c6 Update the chroot vendor patch to version 2, cf
http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE10-chroot

PR:		ports/82739
Submitted by:	maintainer
2005-06-29 20:41:27 +00:00
Michael Johnson
342997ec98 - Integrate the following vendor patches as published on
<http://www.squid-cache.org/Versions/v2/2.5/bugs/>:

  + double content-length often harmless (squid bug #1305)
  + update spanish error pages
  + squid internal icons were served with slightly incorrect headers
    (squid bug #1275)
  + squid -k fails in combination with chroot (squid bug #1307)
  + core dump with --enable-ipf-transparent if access to NAT device is denied
    (squid bug #1313)
  + http_accel_single_host incompatible with redirection (squid bug #1314)
  + squid -k reconfigure caused data corruption when a cache_dir type had been
    changed (squid bug #1308)
  + SNMP getnext failed if the given OID was outside the squid MIB (squid bug
    #1317)

PR:		ports/82703
Submitted by:	Thomas-Martin Seck <tmseck@netcologne.de> (maintainer)
2005-06-28 02:38:39 +00:00
Jean-Yves Lefort
0561518b0c - Read cachemgr.conf rather than cachemgr.conf.default
- Add a missing %SUBDIR% in MASTER_SITES

PR:		ports/81319
Submitted by:	maintainer
2005-05-22 13:49:22 +00:00
Pav Lucistnik
33ad773d04 - Update Squid to 2.5.STABLE10
PR:		ports/81213
Submitted by:	Thomas-Martin Seck <tmseck@netcologne.de> (maintainer)
2005-05-19 14:17:01 +00:00
Volker Stolz
9cec7c9ea0 - update distinfo for the updated syslog patch
- remove local patch that is now incorporated into the corresponding
  vendor patch (with slightly different wording)

PR:		ports/80367
Submitted by:	maintainer
2005-04-27 07:31:36 +00:00
Yen-Ming Lee
6410f43979 - Update distinfo for the 2GB patch, this includes a fix for
squid bugs #1283, 1287 and 1288 (assertion failed in store_client.c:343).
  (already committed)

- Bump portrevision as a datapoint for this bugfix.

PR:		80163
Submitted by:	Thomas-Martin Seck <tmseck@netcologne.de> (maintainer)
2005-04-21 08:57:57 +00:00
Yen-Ming Lee
ce7cb9f97a - according web page, the patch file is rerolled at 2005-04-20 14:59 again
http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE9-2GB

Noticed by:	kris
2005-04-20 23:53:27 +00:00
Yen-Ming Lee
12dbf6e9c8 - the patch is repacked at 2005-04-18 00:57, after maintainer submit PR 80028
- diff is listed below:

--- /tmp/squid-2.5.STABLE9-2GB.patch	Mon Apr  4 17:09:16 2005
+++ /usr/ports/distfiles/squid2.5/squid-2.5.STABLE9-2GB.patch	Mon Apr 18 08:57:57 2005
@@ -3000,7 +3000,7 @@
       }
       /* there are some things we cannot do yet */
 Index: squid/src/protos.h
-diff -c squid/src/protos.h:1.420.2.28 squid/src/protos.h:1.420.2.32
+diff -c squid/src/protos.h:1.420.2.28 squid/src/protos.h:1.420.2.30
 *** squid/src/protos.h:1.420.2.28	Fri Mar 18 17:01:52 2005
 --- squid/src/protos.h	Sat Mar 26 10:36:01 2005
 ***************
@@ -3455,9 +3455,9 @@
 +
   #endif /* SQUID_H */
 Index: squid/src/ssl.c
-diff -c squid/src/ssl.c:1.118.2.9 squid/src/ssl.c:1.118.2.10
+diff -c squid/src/ssl.c:1.118.2.9 squid/src/ssl.c:1.118.2.11
 *** squid/src/ssl.c:1.118.2.9	Mon Mar 21 12:39:29 2005
---- squid/src/ssl.c	Fri Mar 25 19:50:53 2005
+--- squid/src/ssl.c	Sun Apr 17 18:54:30 2005
 ***************
 *** 46,52 ****
   	int len;
@@ -3482,7 +3482,7 @@
   	kb_incr(&statCounter.server.all.kbytes_out, len);
   	kb_incr(&statCounter.server.other.kbytes_out, len);
 + 	/* increment total object size */
-+ 	if (sslState->size_ptr)
++ 	if (sslState->size_ptr && sslState->client.fd != -1)
 + #if SIZEOF_SQUID_OFF_T <= 4
 + 	    if (*sslState->size_ptr < 0x7FFF0000)
 + #endif

Noticed by:	many people ...
2005-04-18 07:09:02 +00:00
Yen-Ming Lee
4e9c0a92b4 Integrate the following vendor patches as published on
<http://www.squid-cache.org/Versions/v2/2.5/bugs/>:

- Correct several minor aufs issues (squid bug #671)
- Basic authentification fails when login+password totalled to more than
  64 characters (squid bug #1171)
- Fix an assertion that could occur when traffic other than HTTPS was
  tunneled through squid via the CONNECT method (squid bug #1269)
- Make the --disable-hostname-check configuration option actually work
  (squid bug #1270)
- Fix aufs warning about open filedescriptors when the cache was shut down
  (squid bug #671)
- Allow squid to process requests for files larger than 2GB in size
  (squid bug #437)

  Introduce a new OPTION "WITH_SQUID_LARGEFILE", default to off to match
  squid's default behaviour.
  Rebuild squid with -DWITH_SQUID_LARGEFILE or run 'make config' and
  select this new option.

- Add two new cachemgr actions: "pending_objects" and "client_objects"
- Make external acls that require authentication request new credentials
  after access had been denied (squid bug #1278)
- Make squid use "daemon" instead of "local4" as syslog facility (squid bug
  #1227)

PR:		80028
Submitted by:	Thomas-Martin Seck <tmseck@netcologne.de> (maintainer)
2005-04-18 01:05:35 +00:00
Michael Johnson
a668257234 - Chase checksum of the updated pid_t patch
PR:		ports/78897
Submitted by:	maintainer
2005-03-15 22:50:50 +00:00
Michael Johnson
386223668b - Integrate the following vendor patches as published on
<http://www.squid-cache.org/Versions/v2/2.5/bugs/>:
  + Handle odd data formats (squid bug #321)
  + reload_into_ims fails to revalidate negatively cached entries
    (squid bug #1159)
  + Clarify delay_access function (squid bug #1245)
  + Check several squid.conf directives for int overflows (squid bug #1247)
  + Use memset(3) instead of bzero(3) (squid bug #1256)
  + Fix compile warnings due to pid_t not being an int (squid bug #1257)
  + Fix incorrect use of ctype functions (squid bug #1259)
  + Defer digest fetch if the peer is not allowed to be used (squid bug #1262)
  + Extend relaxed_header_parser to work around "excess data from" errors from
    many major web servers (squid bug #1265)

- Enable IPFilter based transparent proxying on all FreeBSD versions where
  IPFilter headers are part of the base system (i.e. RELENG_4 < 4.7-RELEASE,
  RELENG_5 and 6-CURRENT). Create a new OPTION WITH_SQUID_IPFILTER for this
  purpose. Thanks to sem@ for keeping track of this issue!

PR:		ports/78780
Submitted by:	Thomas-Martin Seck <tmseck@netcologne.de> (maintainer)
2005-03-13 19:32:53 +00:00
Pav Lucistnik
b7d8eb0728 Integrate the following vendor patches as published on
- correct a race condition related to the Set-Cookie header
- correct the FTP parser with regards to the EPLF format
  (squid bug #1252)
- correct FTP listing output when the URL was requested without a trailing
  slash (squid bug #1253)
- make ACL configuration errors fatal (squid bug #1255)

PR:		ports/78446
Submitted by:	Thomas-Martin Seck <tmseck@netcologne.de> (maintainer)
2005-03-08 23:27:46 +00:00
Pav Lucistnik
d31edd36f0 - Update to 2.5.STABLE9
PR:		ports/78079
Submitted by:	Thomas-Martin Seck <tmseck@netcologne.de> (maintainer)
2005-02-26 15:56:49 +00:00
Pav Lucistnik
30a5c8b165 * Vendor patches:
- fix some cross-platform build format warnings
- allow high characters in generated FTP and Gopher directory listings
  (squid bug #1220)
  - cleanup generation of FTP URLs
  - relax the newly introduced strict HTTP parser slightly to work around some
    more malformed HTTP responses (squid bug #1242)

PR:		ports/77779
Submitted by:	Thomas-Martin Seck <tmseck@netcologne.de> (maintainer)
2005-02-20 17:45:36 +00:00
Sergey Matveychuk
d87f4f9b49 - Update to 2.5-STABLE8
- Integrate a vendor patch from:
  http://www.squid-cache.org/Versions/v2/2.5/bugs/
  it fixes a major problem regarding the handling of invalid DNS responses

PR:		ports/77423
Submitted by:	maintainer
2005-02-13 17:21:02 +00:00
Pav Lucistnik
0cd2e54538 - Update header_parsing.patch
PR:		ports/77360
Submitted by:	Thomas-Martin Seck <tmseck@netcologne.de> (maintainer)
2005-02-10 23:15:08 +00:00
Jacques Vidrine
97fe67d617 Integrate the following vendor patch as published on
<http://www.squid-cache.org/Versions/v2/2.5/bugs/>:

 - Address HTTP protocol mismatch related to oversized reply headers and
   enhance cache.log on reply header parsing failures (squid bug #1216)
 - correct the search request generated by the LDAP authentication helper
 - fix a race within the NTLM authentication mechanism (squid bug #1127)
 - fix handling of failed PUT/POST requests (squid bug #1224)
 - fix problems with persistent server connections after failed PUT/POST
   requests (squid bug #1122)
 - improve handling of forged WCCP packets (squid bug #1225)

PR:		ports/76967
Submitted by:	Thomas-Martin Seck <tmseck@netcologne.de> (maintainer)
Security:	http://vuxml.freebsd.org/bfda39de-7467-11d9-9e1e-c296ac722cb3.html
2005-02-08 15:11:56 +00:00
Sergey Matveychuk
fd5003dd66 - Fix fetching.
* The response_splitting patch has been updated
    to correct a problem with cache digests.

PR:		ports/76889
Submitted by:	maintainer
2005-02-01 14:11:22 +00:00
Sergey Matveychuk
264e6d34e2 - Integrate a vendor patch against a buffer overflow in the WCCP handling,
see <http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-wccp_buffer_overflow>
  and <http://www.squid-cache.org/Advisories/SQUID-2005_3.txt>.

PR:		ports/76827
Submitted by:	maintainer
2005-01-29 21:49:20 +00:00
Kirill Ponomarev
3d4d28a80e Sync follow-XFF with the latest vendor patch.
PR:		ports/76801
Submitted by:	maintainer
2005-01-29 10:42:13 +00:00
Sergey Matveychuk
906ad4d94f - Integrate vendor patches as published on
<http://www.squid-cache.org/Versions/v2/2.5/bugs/>:
  + Reject malformed HTTP requests and responses that conflict with the HTTP
    specifications
    This issue is qualified as a security issue by the vendor.
  + PURGE is allowed to delete internal objects (squid bug #1112)
  + Disable Path-MTU discovery on intercepted requests (squid bug #1154)

  (VuXML vid=b4d94fa0-6e38-11d9-9e1e-c296ac722cb3)

- Clean up and correct package list generation. Now installed files
  and directories are visible via PLIST_FILES and PLIST_DIRS.
- Don't claim that squid related files or directories are still present
  after deinstallation when in fact they are not.
- Add "-g" to CFLAGS when WITH_SQUID_STACKTRACES is defined to make this
  option actually useful.

PR:		ports/76628
Submitted by:	maintainer
2005-01-26 17:56:25 +00:00
Edwin Groothuis
55e802ecd8 [Maintainer/security] www/squid: protect against HTTP resonse split
attack and other patches

    Integrate vendor patches as published on
    <http://www.squid-cache.org/Versions/v2/2.5/bugs/>:

    - FTP data connection fails on some FTP servers when requesting
      a directory without a trailing slash (squid bug #1194)

    - Icons fail to load on non-anonymous FTP when using the
      short_icons_url configuration directive (squid bug #1203)

    - Strengthen squid against HTTP response splitting cache pollution
      attacks (squid bug #1200), classified as security issue by
      the vendor

    Proposed VuXML information, entry date left to be filled in:

    (Note: I added only a publically accessible link to the Sanctum,
    Inc.  whitepaper, the squid bug tracker contains a deep link
    to the PDF itself; if we are allowed to publish it, it could
    instead be used as reference because Sanctum, Inc. wants you
    to register with them before you get access to their whitepapers.)

PR:		ports/76550
Submitted by:	Thomas-Martin Seck <tmseck@netcologne.de>
2005-01-22 09:31:33 +00:00
Edwin Groothuis
7d318011dd [Maintainer/Security] www/squid: integrate vendor patches
Integrate vendor patches as published on
	<http://www.squid-cache.org/Versions/v2/2.5/bugs/>:

	- Sanity check usernames in squid_ldap_auth (squid bug #1187),
	  classified as minor security issue by the vendor, see below for VuXML
	  information
	- FQDN names truncated on compressed DNS responses (squid bug #1136)
	- Internal DNS memory leak on malformed responses (squid bug #1197)

PR:		ports/76364
Submitted by:	Thomas-Martin Seck <tmseck@netcologne.de>
2005-01-19 10:58:40 +00:00
Simon L. B. Nielsen
8b446059f5 - Integrate vendor patches as published on
<http://www.squid-cache.org/Versions/v2/2.5/bugs/> for the following
  issues:
  + Prevent a possible denial of service attack via WCCP messages (squid bug
    #1190), classified as security issue by the vendor
  + Fix a buffer overflow in the Gopher to HTML conversion routine (squid bug
    #1189), classified as security issue by the vendor
  + Fix a null pointer access and plug memory leaks in the fake_auth NTLM
    helper (squid bug #1183) (this helper app is not installed by default by
    the port)
  + Stop closing open filedescriptors beyond stdin, stdout and stderr on
    startup (squid bug #1177)

- Unbreak the port on NO_NIS systems (thanks to "Alexander <freebsd AT
  nagilum.de>" for reporting this)

- Document the two security issues in VuXML.

PR:		ports/76173
Submitted by:	Thomas-Martin Seck <tmseck@netcologne.de> (maintainer)
Approved by:	erwin (mentor)
2005-01-12 22:37:29 +00:00