Navigation:
Browse pkgsrc
(this page) 2003-09-12 05:22:33 by Takahiro Kambe | Files touched by this commit (1) |  |
Log message: Hmm, squid-2.5.STABLE3-http_reply_access_denied.patch seems to updated. |
| 2003-09-11 17:48:25 by Takahiro Kambe | Files touched by this commit (2) |
Log message: Update squid package to 2.5.3nb5. Apply some official patches. external_acl_type concurrency= renamed to children= synopsis To lessen confusion in later upgrades to Squid-3 the external_acl_type concurrency= option has been renamed to children= to match Squid-3 usage. This is done because concurrency= has a completely different meaning in squid-3. Squid-2.5 still accepts the old syntax to keep compatibility within the Squid-2.5 release, but it is recommended to start using the new syntax unless you need to be able to easily downgrade to a earlier Squid-2.5 release. severity Cosmetic date 2003-09-02 07:02 versions Squid-2.5.STABLE3 and earlier platforms All workaround Make sure to read the Squid-3 releasenotes very carefully when upgrading. Assertion error or segmentation fault if using proxy_auth in delay_access synopsis If proxy_auth acl type is used in delay_access then Squid may abort with an assertion error or segmentation fault. Notice: This patch may change some error conditions to be logged with TCP_DENIED rather than TCP_MISS. severity Medium date 2003-09-01 20:01 bugzilla #638, #756 versions Squid-2.5 platforms All workaround Don't use proxy_auth acl types in delay_access Segmentation fault if proxy_auth with ntlm used in http_reply_access synopsis In configurations where authentication is enforced in http_access and then reused in http_reply_access to further control access levels Squid may segfault if the ntlm authentication scheme is used. severity Medium date 2003-09-01 20:01 bugzilla #763 versions Squid-2.5 platforms All workaround Don't use proxy_type acls in http_reply_access or disable the use of the ntlm authentication scheme (disabled by default) code 407 instead of 403 for authenticated traffic-shaped user synopsis delay_access can disturb Squids logics on when to request a new login from the user. Most notably if delay_access ends up in a proxy_auth acl then any access denials will require a new login but the opposite may also happen. severity Medium date 2003-08-31 09:31 bugzilla #742 versions Squid-2.5 and earlier platforms All workaround make sure delay_access always ends up in the same class of ACL as http_access does on the same request. Form POSTing troubles with NTLM authentication or other error responses synopsis Large POST/PUT requests may fail with a "Connection reset" \ error in the browser in situations where Squid immediately responds with an error page. This is most notable when using NTLM authentication but may also occur in a few other situations severity Medium date 2003-08-28 22:28 bugzilla #267, #757 versions Squid-2.5 and earlier platforms All workaround Allow POST/PUT without requiring authentication if you are using NTLM authentication. No explicit error message when ncsa_auth (squid user) can't access passwd file synopsis ncsa_auth just exists if it can not read the supplied password file, instead of reporting an error. severity Minor date 2003-08-20 12:20 bugzilla #733 versions Squid-2.5 and earlier platforms All workaround If ncsa_auth exits for no apparent reason, verify that the given ncsa password file is readable by the cache_effective_user. forwarded_for off has no effect synopsis The patch for Bug #92 (squid-2.5.STABLE3-mem_cfd.patch) broke the forwarded_for directive. severity Minor date 2003-08-18 17:18 bugzilla #750 versions Squid-2.5.STABLE3 snapshots 2003-08-07 to 2003-08-18 platforms All workaround Use anonymization via http_header_access to delete the X-Forwarded-For header from forwarded requests. This is probably preferred in any case. |
| 2003-08-18 19:00:25 by Takahiro Kambe | Files touched by this commit (2) |
Log message: Broken squid-2.5.STABLE3-coss-improvements-2.patch was fixed. Bump package revision. |
| 2003-08-18 18:03:04 by Takahiro Kambe | Files touched by this commit (3) |
Log message: Update squid package to squid-2.5.3nb3. - fix startup script as PR pkg/22502 by Steven M. Bellovin - includes newer official squid patches except squid-2.5.STABLE3-coss-improvements-2.patch (which is broken). o 2003-07-22 15:22 (Cosmetic) statCounter.syscalls.disk counters treated inconsistently o 2003-07-25 17:25 (Minor) Improvements to the (experimental) COSS storage scheme. o 2003-07-28 09:28 (Minor) Blank username logging fix o 2003-07-29 22:29 (Minor) More improvements to the (experimental) COSS storage scheme. o 2003-08-06 13:06 (Medium) assertion failed: http.c:869: "-1 == cfd || FD_SOCKET == \ fd_table[cfd].type" o 2003-08-06 14:06 (Medium) assertion failed: client_side.c:1478: "size > 0" when using aufs o 2003-08-06 14:06 (Minor) aufs calculates the number of threads and queue limits wrongly o 2003-08-10 07:10 (Cosmetic) Compile error in auth/digest_auth.c o 2003-08-10 19:10 (Minor) Username not logged into ACCESS.LOG in case of /407 o 2003-08-13 00:13 (Minor) ICP dynamic timeout algorithm ignores multicast |
| 2003-07-21 08:20:18 by Takahiro Kambe | Files touched by this commit (2) | |
Log message:
Update squid package to 2.5.3nb2.
- (Minor) round-robin cache_dir selection incorrectly compares max-size
- (Major) cbdata.c:186: "c->valid" assertion due to peer digest not \
found
- (Major) Crash after ftpTimeout: timeout in SENT_PASV state
- (Minor) Requests denied by http_reply_access are not logged with TCP_DENIED
- (Minor) ie_refresh does not signal no-cache to peer caches
- (Medium) Client Socket Buffer leak on reply_body_max_size
- (Medium) Forward Host headers in place
- (Medium) Memory leak in deny_info TCP_RESET
- (Cosmetic) ERR_TOO_BIG Spanish translation
- (Cosmetic) minimum_retry_timeout unused
- (Minor) SNMP update of cachePeerPingsSent and cachePeerPingsAcked
- (Cosmetic) store_check_cachable_stats slghtly misleading
- (Minor) /etc/hosts and lines with comments after the host name
- (Minor) sbrk as fallback method for high_memory_warning
- (Minor) header_access fails when using peers
- (Cosmetic) neighbor_type_domain documentation update
- (Minor) issue warning if CARP load factor values decrease in the cache_peer list
- (Cosmetic) Compile time warnings when using GCC-3.3
- (Minor) aufs Files queued for open counter mismatch
- (Minor) external_acl does not wait for ident lookups to complete
- (Minor) icmpRecv: recv: (11) Resource temporarily unavailable
- (Cosmetic) Incorrect RFC reference regarding URL syntax
- (Cosmetic) quote '%' character in logs
- (Cosmetic) check open("/dev/null") return value for errors.
- (Cosmetic) "cache_dir diskd" documentation update
Not all of the pathces are new but updated one.
|
| 2003-07-18 00:57:07 by grant beattie | Files touched by this commit (1065) |
Log message: s/netbsd.org/NetBSD.org/ |
| 2003-07-06 16:08:44 by Takahiro Kambe | Files touched by this commit (2) |
Log message:
Update squid package to 2.5.3nb1.
Compile time warnings when using GCC-3.3
synopsis GCC-3.3 gets slightly confused by the Squid code and gives a
few mostly false warnings regarding type-punning.
severity Cosmetic
versions Squid-2.5 and earlier
platforms All
patch squid-2.5.STABLE3-gcc-3_3.patch
workaround Ignore the warnings
aufs Files queued for open counter mismatch
synopsis Under certain conditions the "Files queued for open counter"
could grow larger than intended. If this grows too large then
Squid may think it runs out of filedescriptors even if there is
plenty of filedescriptors free, but we do not expect this to
become a real problem in any installations.
severity Minor
versions Squid-2.5 and earlier
platforms All using aufs
patch squid-2.5.STABLE3-aufs-openingfds.patch
external_acl does not wait for ident lookups to complete
synopsis extrenal_acl_type %IDENT does not wait for ident lookups to
complete.
severity Minor
bugzilla #683
versions Squid-2.5
platforms All
patch squid-2.5.STABLE3-external_acl_ident.patch
workaround use an ident acl before your external acl to trigger the ident
lookup
Compilation error in src/HttpHeaderTools.c on certain platforms
synopsis The Squid-2.5.STABLE2 patch for digest authentication used a
C99 feature (dynamic array initializers) which may not be
available in all C compilers
severity Minor
bugzilla #660
versions Squid-2.5.STABLE3
platforms Several platforms not using GCC or a C99 compliant C compiler
patch squid-2.5.STABLE3-HttpHeaderTools.patch
workaround Use GCC
Segmentation fault if more than one custom deny_info message defined
synopsis The Squid-2.5.STABLE2 patch for deny_info TCP_RESET was not
entirely correct and causes segmentation fault on startup if
more than one custom deny_info error message is defined
severity Minor
bugzilla #662
versions Squid-2.5.STABLE3
platforms All
patch squid-2.5.STABLE3-deny_info.patch
workaround Disable the use deny_info in your squid.conf.
|
| 2003-05-25 16:58:17 by Takahiro Kambe | Files touched by this commit (3) | |
Log message:
update squid pacakge to 2.5.3 (squid-2.5.STABLE3).
Changes to squid-2.5.STABLE3 (25 May 2003):
- Bug #573: Occational false negatives in external acl lookups
- Bug #577: assertion failed: cbdata.c:224: "c->y == c" when
external_acl helpers crashes
- Bug #590: Squid may hang or behave oddly on shutdown while
requests is being processed.
- Bug #590: external acl lookups does not deal well with queue
overload
- cache_effective_user documentation update
- cache_peer documentation update for htcp and carp
- Bug #600: The example header_access paranoid setting is
missing WWW-Authenticate
- Bug #605: Segmentation fault in idnsGrokReply() on certain
platforms
- Fixes to build properly on AIX 5
- Bug #574: wb_group updated to version 1.1 to make group names
case insensitive and correct a segfault issue in the helper
- SNMP mib updates to make cacheNumObjCount,
cacheCurrentUnlinkRequests, cacheCurrentSwapSize and cacheClients
correctly report as gauges (was reporting as counters).
- Woraround for --enable-ssl Kerberos issue on RedHat 9
- Bug #579: Close and repopen log files on "squid -k reconfigure"
- Bug #598: squid_ldap_auth could segfault if LDAP server is
unavailable
- Bug #609,#612: msntauth helper fixes in dealing with large
or non-existing allow/deny user files.
- Bug #620: acl ident REQUIRED matches even if the ident lookup fails
- Bug #432: reply_body_max_size fails with ident or proxy_auth acls
and also fails to block large objects where the content-length
is not known
- Bug #606: Basic auth looping and gets stuck at high CPU usage when
multiple proxy_auth ACLs combined in one line and login fails.
- squid_ldap_auth updated with support for TLS and SSL
- Bug #623: segfault if using negated external acls in certain
configurations involving other acls later on the same http_access
line.
- Bug #622: wb_group helper update to version 1.2 to ass support for
Domain-Qualified groups refering to groups in a specific domain
- Bug #596: logic error in poll() error management
- Bug #597: logic errors in error management
- Bug #591: segmentation fault in authentication on "squid -k debug"
- Bug #587: smb_auth fails on complex logins involving domain names
or other odd characters
- Bug #558, #587: smb_auth.pl fails on complex logins involving
domain names or other odd characters
- Bug #643: external_acl fails with ttl=0 due to a change introduced
by the patch for Bug #553 in 2.5.STABLE2.
- Bug #630: minor issues in digest authantication causing random
authentication failures and incompability with many mainstream
browser digest implementations due to browser qop bugs. To deal
with those broken browser nonce_stricness now defaults to off,
and two new digest options have been added (check_nonce_count
and post_workaround) to allow workarounds to other quite bad
browser bugs if needed.
- Bug #644: digest authentication fails on requests with one
or more comma in the requested URL
- Bug #648: deny_info TCP_RESET not working. The fix for this also
adds the ability to send redirects.
|
| 2003-05-24 14:31:34 by Takahiro Kambe | Files touched by this commit (3) | |
Log message:
Update squid package to 2.5.2nb4.
- Don't left share/doc/squid directory on deinstall.
- Apply recent 12 official patches.
- (Minor) deny_info TCP_RESET does not work
- (Minor) Digest authentication fails on URLs with comma
- (Minor) digest nonce count workarounds for broken browsers
- (Minor) external_acl hangs if defined with ttl=0
- (Minor) smb_auth.pl (multi-domain-NTLM) fails on domain qualified logins
- (Minor) smb_auth fails on complex logins (involving domain names or odd
characters)
- (Minor) ACL regression error introduced by earlier 2.5.STABLE2 patch
- (Cosmetic) segmentation fault in authentication if debugging enabled
- (Cosmetic) Unreachable code due to siged/unsigned errors
- (Minor) logic error in comm_select.
- (Minor) wb_group update to 1.2 to add support for domain qualified goups
- (Minor) Segmentation fault when using negated external acls
|
| 2003-05-09 07:07:13 by Takahiro Kambe | Files touched by this commit (2) | |
Log message: Update squid package to 2.5.2nb3. Apply newer offcial patches (total 19). Here is short summary of those newly added patch files. See http://www.squid-cache.org/Versions/v2/2.5/bugs/ in detail. o squid_ldap_auth update to support TLS, SSL and increased security for bind password o Basic auth looping when multiple proxy_auth ACLs combined in one line. o reply_body_max_size fails with ident or proxy_auth acls o acl ident REQUIRED matches even if the ident lookup fails o msntauth helper crashes related to the alow/deny file operation o LDAP basic authentication crash if server is unreachable o "squid -k reconfigure" does not close logs to activate new settings o --enable-ssl fails on RedHat 9 o SNMP MIB used Counter32 for certain values which are gauges o Upgrade of wb_group to 1.1 o AIX 5 issues |
New packages: