Subject: CVS commit: pkgsrc/www/squid
From: Takahiro Kambe
Date: 2003-09-11 17:48:25
Message id: 20030911154826.654C1B004@cvs.netbsd.org

Log Message:
Update squid package to 2.5.3nb5.  Apply some official patches.

external_acl_type concurrency= renamed to children=

   synopsis To lessen confusion in later upgrades to Squid-3 the
	    external_acl_type concurrency= option has been renamed to
	    children= to match Squid-3 usage. This is done because
	    concurrency= has a completely different meaning in
	    squid-3. Squid-2.5 still accepts the old syntax to keep
	    compatibility within the Squid-2.5 release, but it is recommended
	    to start using the new syntax unless you need to be able to
	    easily downgrade to a earlier Squid-2.5 release.

   severity Cosmetic

   date	    2003-09-02 07:02

   versions Squid-2.5.STABLE3 and earlier

  platforms All

 workaround Make sure to read the Squid-3 releasenotes very carefully when
	    upgrading.

Assertion error or segmentation fault if using proxy_auth in delay_access

   synopsis If proxy_auth acl type is used in delay_access then Squid may
	    abort with an assertion error or segmentation fault. Notice: This
	    patch may change some error conditions to be logged with
	    TCP_DENIED rather than TCP_MISS.

   severity Medium

   date	    2003-09-01 20:01

   bugzilla #638, #756

   versions Squid-2.5

  platforms All

 workaround Don't use proxy_auth acl types in delay_access

Segmentation fault if proxy_auth with ntlm used in http_reply_access

   synopsis In configurations where authentication is enforced in http_access
	    and then reused in http_reply_access to further control access
	    levels Squid may segfault if the ntlm authentication scheme is
	    used.

   severity Medium

   date	    2003-09-01 20:01

   bugzilla #763

   versions Squid-2.5

  platforms All

 workaround Don't use proxy_type acls in http_reply_access or disable the use
	    of the ntlm authentication scheme (disabled by default)

code 407 instead of 403 for authenticated traffic-shaped user

   synopsis delay_access can disturb Squids logics on when to request a new
	    login from the user. Most notably if delay_access ends up in a
	    proxy_auth acl then any access denials will require a new login
	    but the opposite may also happen.

   severity Medium

   date	    2003-08-31 09:31

   bugzilla #742

   versions Squid-2.5 and earlier

   platforms All

  workaround make sure delay_access always ends up in the same class of ACL as
	     http_access does on the same request.

Form POSTing troubles with NTLM authentication or other error responses

   synopsis Large POST/PUT requests may fail with a "Connection reset" \ 
error
	    in the browser in situations where Squid immediately responds
	    with an error page. This is most notable when using NTLM
	    authentication but may also occur in a few other situations

   severity Medium

   date	    2003-08-28 22:28

   bugzilla #267, #757

   versions Squid-2.5 and earlier

  platforms All

 workaround Allow POST/PUT without requiring authentication if you are using
	    NTLM authentication.

No explicit error message when ncsa_auth (squid user) can't access passwd file

   synopsis ncsa_auth just exists if it can not read the supplied password
	    file, instead of reporting an error.

   severity Minor

   date	    2003-08-20 12:20

   bugzilla #733

   versions Squid-2.5 and earlier

  platforms All

 workaround If ncsa_auth exits for no apparent reason, verify that the given
	    ncsa password file is readable by the cache_effective_user.

forwarded_for off has no effect

   synopsis The patch for Bug #92 (squid-2.5.STABLE3-mem_cfd.patch) broke the
	    forwarded_for directive.

   severity Minor

   date	    2003-08-18 17:18

   bugzilla #750

   versions Squid-2.5.STABLE3 snapshots 2003-08-07 to 2003-08-18

  platforms All

 workaround Use anonymization via http_header_access to delete the
	    X-Forwarded-For header from forwarded requests. This is probably
	    preferred in any case.

Files:
RevisionActionfile
1.91modifypkgsrc/www/squid/Makefile
1.37modifypkgsrc/www/squid/distinfo