Navigation:
Browse pkgsrc
(this page)| 2021-01-25 12:34:51 by Nia Alarie | Files touched by this commit (1) |
Log message: squid4: needs atomic64 |
| 2020-08-31 20:13:29 by Thomas Klausner | Files touched by this commit (3631) |
Log message: *: bump PKGREVISION for perl-5.32. |
2020-08-23 11:51:35 by Takahiro Kambe | Files touched by this commit (3) |  |
Log message: www/squid4: update to 4.13 Update squid4 to 4.13 (Squid 4.13). Here is release announce: The Squid HTTP Proxy team is very pleased to announce the availability of the Squid-4.13 release! This release is a security release resolving several issues found in the prior Squid releases. The major changes to be aware of: * SQUID-2020:8 HTTP(S) Request Splitting (CVE-2020-15811) This problem is serious because it allows any client, including browser scripts, to bypass local security and poison the browser cache and any downstream caches with content from an arbitrary source. See the advisory for patches: <https://github.com/squid-cache/squid/security/advisories/GHSA-c7p8-xqhm-49wv> * SQUID-2020:9 Denial of Service processing Cache Digest Response (CVE pending allocation) This problem allows a trusted peer to deliver to perform Denial of Service by consuming all available CPU cycles on the machine running Squid when handling a crafted Cache Digest response message. This attack is limited to Squid using cache_peer with cache digests feature. See the advisory for patches: <https://github.com/squid-cache/squid/security/advisories/GHSA-vvj7-xjgq-g2jg> * SQUID-2020:10 HTTP(S) Request Smuggling (CVE-2020-15810) This problem is serious because it allows any client, including browser scripts, to bypass local security and poison the proxy cache and any downstream caches with content from an arbitrary source. See the advisory for patches: <https://github.com/squid-cache/squid/security/advisories/GHSA-3365-q9qx-f98m> * Bug 5051: Some collapsed revalidation responses never expire This bug appears as a 4xx or 5xx status response becoming the only response delivered by Squid to a URL when Collapsed Forwarding feature is used. It primarily affects Squid which are caching the 4xx/5xx status object since Bug 5030 fix in Squid-4.11. But may have been occurring for short times on any proxy with Collapsed Forwarding. * SSL-Bump: Support parsing GREASEd (and future) TLS handshakes Chrome Browser intentionally sends random garbage values in the TLS handshake to force TLS implementations to cope with future TLS extensions cleanly. The changes in Squid-4.12 to disable TLS/1.3 caused our parser to be extra strict and reject this TLS garbage. This release adds explicit support for Chrome, or any other TLS agent performing these "GREASE" behaviours. * Honor on_unsupported_protocol for intercepted https_port This behaviour was one of the intended use-cases for unsupported protocol handling, but somehow was not enabled earlier. Squid should now be able to perform the on_unsupported_protocol selected action for any traffic handled by SSL-Bump. All users of Squid are urged to upgrade as soon as possible. See the ChangeLog for the full list of changes in this and earlier releases. Please refer to the release notes at http://www.squid-cache.org/Versions/v4/RELEASENOTES.html when you are ready to make the switch to Squid-4 |
| 2020-07-09 22:57:11 by Juraj Lutter | Files touched by this commit (5) |
Log message: squid4: Fix build and SSL handshake on Chromium-based browsers Changes: - Fix an error where strings.h was not properly included - Add SMF support on apropriate platforms - Backport https://github.com/squid-cache/squid/pull/663: SslBump: Support parsing GREASEd (and future) TLS handshakes |
| 2020-06-21 18:05:56 by Takahiro Kambe | Files touched by this commit (1) |
Log message: www/squid4: rename two PKG_OPTIONS Rename two PKG_OPTIONS. ecap -> squid-ecap esi -> squid-esi Suggested by wiz@ via private mail. |
| 2020-06-19 15:44:28 by Takahiro Kambe | Files touched by this commit (5) | |
Log message: www/squid4: update to 4.12 Update squid4 to 4.12 (Squid 4.12). This release includes fix for CVE-2020-14058: <http://www.squid-cache.org/Advisories/SQUID-2020_6.txt>. Changes to squid-4.12 (05 Jun 2020): - Regression Fix: Revert to slow search for new SMP shm pages - Bug 5045: ext_edirectory_userip_acl is missing include files - Bug 5041: Missing Debug::Extra breaks build on hosts with systemd - Bug 5030: Negative responses are never cached - HTTP: validate Content-Length value prefix - HTTP: add flexible RFC 3986 URI encoder - SslBump: disable OpenSSL TLSv1.3 support for older TLS traffic - Tests: Support passing a custom config.cache to test builds - Fix IPFilter IPv6 detection, especially on NetBSD - Fix stall if transaction overwrites a recently active cache entry - ... and some compile fixes |
| 2020-05-22 12:56:49 by Adam Ciarcinski | Files touched by this commit (624) |
Log message: revbump after updating security/nettle |
| 2020-04-27 06:00:10 by Roland Illig | Files touched by this commit (1) |
Log message: www/squid4: fix build for strict SUBST and configure checks |
| 2020-04-23 15:52:24 by Makoto Fujiwara | Files touched by this commit (3) | |
Log message:
(www/squid4) Updated to 4.10 (and clear pkglint one point in patch)
Changes to squid-4.11 (18 Apr 2020):
- Bug 5036: capital 'L's in logs when daemon queue overflows
- Bug 5022: Reconfigure kills Coordinator in SMP+ufs configurations
- Bug 5016: systemd thinks Squid is ready before Squid listens
- kerberos_ldap_group: fix encryption type for cross realm check
- HTTP: Ignore malformed Host header in intercept and reverse proxy mode
- Fix Digest authentication nonce handling
- Supply ALE to request_header_add/reply_header_add
- ... and some documentation updates
- ... and some compile fixes
|
| 2020-04-09 18:27:15 by Stephen Borrill | Files touched by this commit (3) |
Log message: Generate correct #defines for the IPFilter IPv6 detection with no trailing underscores |
New packages: