/squid3, Post-Harvest_cached WWW proxy cache and accelerator
3.5.24nb1, Package name:
squid-3.5.24nb1, Maintainer: pkgsrc-users
Squid is a fully-featured HTTP/1.0 proxy with partial HTTP/1.1 support
The 3.1 series brings many new features and upgrades to the basic
networking protocols. A short list of the major new features is:
* Connection Pinning (for NTLM Auth Passthrough)
* Native IPv6
* Quality of Service (QoS) Flow support
* Native Memory Cache
* SSL Bump (for HTTPS Filtering and Adaptation)
* TProxy v4.1+ support
* eCAP Adaptation Module support
* Error Page Localization
* Follow X-Forwarded-For support
* X-Forwarded-For options extended (truncate, delete, transparent)
* Peer-Name ACL
* Reply headers to external ACL.
* ICAP and eCAP Logging
* ICAP Service Sets and Chains
* ICY (SHOUTcast) streaming protocol support
* HTTP/1.1 support on connections to web servers and peers.
(with plans to make this full support within the 3.1 series)
Required to run:
] Required to build:
] Package options
: inet6, snmp, squid-backend-diskd, squid-carp, squid-ipf, squid-pam-helper, squid-unlinkd, ssl
Master sites: (Expand) SHA1:
Version history: (Expand)
- (2017-02-10) Updated to version: squid-3.5.24nb1
- (2017-01-30) Updated to version: squid-3.5.24
- (2016-12-18) Updated to version: squid-3.5.23
- (2016-10-12) Updated to version: squid-3.5.22
- (2016-09-14) Updated to version: squid-3.5.21
- (2016-07-09) Updated to version: squid-3.5.20nb1
CVS history: (Expand)
| 2017-03-18 22:26:31 by Adam Ciarcinski | Files touched by this commit (2) |
Let 'purge' find correct config file by default.
| 2017-02-10 09:41:25 by Stephen Borrill | Files touched by this commit (3) |
Enable build of ssl_crtd if ssl option selected. This is required for dynamic
certificate generation when using SSL Bump.
http://wiki.squid-cache.org/ConfigExamp … mpExplicit
| 2017-01-30 15:17:33 by Adam Ciarcinski | Files touched by this commit (2) | |
* SSLv2 records force SslBump bumping despite a matching step2 peek rule.
* Mitigate DoS attacks that use client-initiated SSL/TLS renegotiation.
* Detect HTTP header ACL issue
* Fix some spelling mistakes
* Update External ACL helpers error handling and caching
* Fix "Source and destination overlap in memcpy" Valgrind errors
* Reduce crashes due to unexpected ClientHttpRequest termination.
* Bug 3940 pt2: Make 'cache deny' do what is documented
| 2017-01-19 19:52:30 by Alistair G. Crooks | Files touched by this commit (352) |
Convert all occurrences (353 by my count) of
MASTER_SITES= site1 \
style continuation lines to be simple repeated
lines. As previewed on tech-pkg. With thanks to rillig for fixing pkglint
| 2016-12-18 04:18:57 by Takahiro Kambe | Files touched by this commit (3) | |
Update squid to 3.5.23, including security fixes.
Changes to squid-3.5.23 (16 Dec 2016):
- Bug 4627: fix generate-host-certificates and dynamic_cert_mem_cache_size docs
- Bug 4620: NetBSD build error with --enable-ipf-transparent
- Bug 4567: Strange IPv6 shown in access.log
- Bug 4406: SIGSEV in TunnelStateData::handleConnectResponse() during \
reconfigure and restart
- Bug 4174 partial: fix Write.cc:41 "!ccb->active()" assertion.
- Bug 4169: HIT marked as MISS when If-None-Match does not match
- Bug 4007: Hang on DNS query with dead-end CNAME
- Bug 4004 partial: Fix segfault via Ftp::Client::readControlReply
- Bug 3940 partial: hostHeaderVerify failures MISS when they should be HIT
- Bug 3533: Cache still valid after HTTP/1.1 303 See Other
- Bug 3379: Combination of If-Match and a Cache Hit result in TCP Connection Failure
- Bug 3290: authenticate_ttl not working for digest authentication
- Bug 2258: bypassing cache but not destroying cache entry
- HTTP/1.1: make Vary:* objects cacheable
- HTTP/1.1: Add registered codes entry for new 103 (Early Hints) status code
- Support IPv6 NAT with PF for NetBSD and FreeBSD
- TLS: Make key= before cert= an error instead of quietly hiding the issue
- ... and some debug updates
- ... and some build fixes
- ... and several documentation updates
| 2016-10-16 17:58:15 by Takahiro Kambe | Files touched by this commit (2) |
Fix build problem with squid-ipf PKG_OPTIONS.
| 2016-10-10 11:01:40 by Adam Ciarcinski | Files touched by this commit (4) |
* HTTP: MUST ignore a [revalidation] response with an older Date header.
* Optimized/simplified buffering: Appending nothing is always possible.
* Hide OpenSSL tricks from Valgrind far-reaching initialization errors.
* Avoid segfaults when debugging section 4 at level 9.
* Bug 4302 pt2: IPFilter v5 transparent interception
* Bug 4594: build failure with clang 3.9
* Bug 4471: revalidation doesn't work when expired cached object lacks Last-Modified.
* Bug 2833: Collapse internal revalidation requests (SMP-unaware caches)
* Bug 3819: "fd >= 0" assertion in file_write() during reconfiguration
* Do not leak url_rewrite_extras and store_id_extras on reconfigure/shutdown.
* Do reset $HOME if needed after r13435. Minimize putenv() memory leaks.
* Bug 4228: ./configure bug/typo in r14394.
* Fix potential ICAP null pointer dereference after rev.14082
* Fix logged request size (%http::>st) and other size-related %codes.
| 2016-09-11 19:41:18 by Takahiro Kambe | Files touched by this commit (2) | |
Update squid to 3.5.21.
Changes to squid-3.5.21 (08 Sep 2016):
- Bug 4563: duplicate code in httpMakeVaryMark
- Bug 4542: authentication credentials IP TTL updated incorrectly
- Bug 4534: assertion failure in xcalloc when using many cache_dir
- Bug 4428: mal-formed Cache-Control:stale-if-error header
- Bug 3025: Proxy-Authenticate problem using ICAP server
- Fix segfault via Ftp::Client::readControlReply()
- Fix SSL-Bump failure results in SEGFAULT
- HTTP/1.1: MUST always revalidate Cache-Control:no-cache responses
- HTTP/1.1: do not allow Proxy-Connection to override Connection header
- SSL: CN wildcard must only match a single domain component [fragment]