Path to this page:
./
www/squid3,
Post-Harvest_cached WWW proxy cache and accelerator
Branch: pkgsrc-2014Q3,
Version: 3.4.8,
Package name: squid-3.4.8,
Maintainer: pkgsrc-usersSquid is a fully-featured HTTP/1.0 proxy with partial HTTP/1.1 support
The 3.1 series brings many new features and upgrades to the basic
networking protocols. A short list of the major new features is:
* Connection Pinning (for NTLM Auth Passthrough)
* Native IPv6
* Quality of Service (QoS) Flow support
* Native Memory Cache
* SSL Bump (for HTTPS Filtering and Adaptation)
* TProxy v4.1+ support
* eCAP Adaptation Module support
* Error Page Localization
* Follow X-Forwarded-For support
* X-Forwarded-For options extended (truncate, delete, transparent)
* Peer-Name ACL
* Reply headers to external ACL.
* ICAP and eCAP Logging
* ICAP Service Sets and Chains
* ICY (SHOUTcast) streaming protocol support
* HTTP/1.1 support on connections to web servers and peers.
(with plans to make this full support within the 3.1 series)
Required to run:[
lang/perl5]
Package options: inet6, snmp, squid-backend-diskd, squid-carp, squid-ipf, squid-pam-helper, squid-unlinkd, ssl
Master sites: (Expand)
SHA1: e2e20414252f315b2912ae32ac084ea07a48133f
RMD160: 9258efc30f6d9f61ac622d300ecb611cbf1c7346
Filesize: 2109.281 KB
Version history: (Expand)
- (2014-10-05) Updated to version: squid-3.4.8
- (2014-10-01) Package added to pkgsrc.se, version squid-3.4.7nb1 (created)
CVS history: (Expand)
2014-10-02 11:59:22 by Matthias Scheler | Files touched by this commit (2) | |
Log message:
Pullup ticket #4512 - requested by taca
www/squid3: security update
Revisions pulled up:
- www/squid3/Makefile 1.37
- www/squid3/distinfo 1.24
---
Module Name: pkgsrc
Committed By: taca
Date: Thu Oct 2 07:33:47 UTC 2014
Modified Files:
pkgsrc/www/squid3: Makefile distinfo
Log message:
Update squid to 3.4.8, a security release resolving several vulnerability
issues found in the prior Squid releases.
The major changes to be aware of:
* CVE-2014-6270 : SQUID-2014:3 Buffer overflow in SNMP processing
http://www.squid-cache.org/Advisories/SQUID-2014_3.txt
This vulnerability allows any client who is allowed to send SNMP
packets to the proxy to perform a denial of service attack on Squid.
The issue came to light as the result of active 0-day attacks. Since
publication several other attack sightings have been reported.
* CVE-2014-7141 and CVE-2014-7142 : SQUID-2014:4
http://www.squid-cache.org/Advisories/SQUID-2014_4.txt
These vulnerabilities allow a remote attack server to trigger DoS or
information leakage by sending various malformed ICMP and ICMPv6
packets to the Squid pinger helper.
The worst-case DoS scenario is a rarity, a more common impact will be
general service degradation for high-performance systems relying on
the pinger for realtime network measurement.
All users of Squid are urged to upgrade to this release as soon as
possible.
See the ChangeLog for the full list of changes in this and earlier
releases.
Please refer to the release notes at
http://www.squid-cache.org/Versions/v3/3.4/RELEASENOTES.html
when you are ready to make the switch to Squid-3.4
Upgrade tip:
"squid -k parse" is starting to display even more
useful hints about squid.conf changes.
|