./www/squid4, Post-Harvest_cached WWW proxy cache and accelerator

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 4.10, Package name: squid-4.10, Maintainer: pkgsrc-users

Squid is a fully-featured HTTP/1.0 proxy with partial HTTP/1.1 support
The 4 series brings many new features and upgrades to the basic
networking protocols. A short list of the major new features is:

Squid 4 represents a new feature release above 3.5.

The most important of these new features are:

* Configurable helper queue size
* Helper concurrency channels changes
* SSL support removal
* Helper Binary Changes
* Secure ICAP
* Improved SMP support
* Improved process management
* Initial GnuTLS support
* ESI Custom Parser removal


Required to run:
[lang/perl5] [security/openssl] [devel/libltdl]

Required to build:
[pkgtools/cwrappers]

Package options: esi, inet6, openssl, snmp, squid-backend-aufs, squid-backend-diskd, squid-backend-ufs, squid-ipf, squid-pam-helper, squid-unlinkd

Master sites: (Expand)

SHA1: b8b267771550bb8c7f2b2968b305118090e7217a
RMD160: 33b4f2fb2a428fb37379541eabb1c892fa29ae44
Filesize: 2388.523 KB

Version history: (Expand)


CVS history: (Expand)


   2020-02-04 04:03:49 by Takahiro Kambe | Files touched by this commit (7) | Package updated
Log message:
www/squid4: update to 4.10

pkgsrc changes: clean up PKG_OPTIONS and enable several backends default.

Quote from release announce:

This release is a security release resolving several issues found in
the prior Squid releases.

The major changes to be aware of:

 * SQUID-2020:1 Improper Input Validation issues in HTTP Request
   processing
   (CVE-2020-8449, CVE-2020-8450)

This issue allows attackers to perform denial of service on the
proxy and all clients using it.

This issue potentially allows attackers to bypass security access
controls in systems between client and proxy.

This issue potentially allows remote code execution under the
proxy low-privilege level. While restricted, it does have access
to a wide range of information about the network structure and
other clients using the proxy.

This issue is limited to Squid acting as a reverse-proxy. Some
effects also require allow_direct permissions.

See the advisory for updated patches:
 <http://www.squid-cache.org/Advisories/SQUID-2020_1.txt>

Please note that NTLM is a deprecated authentication mechanism.
All users of this tool are advised to plan migration to
Negotiate/Kerberos authentication.

 * SQUID-2020:2 Information Disclosure issue in FTP Gateway.
   (CVE-2019-12528)

Certain FTP server responses can result in Squid revealing
random amounts of memory content from heap.

When Squid mempools feature is enabled the leak is limited to
lines in FTP directory listings, possibly from other clients.

When mempools is disabled the information may be anything from
the heap area including information from other processes on the
machine.

See the advisory for more details:
 <http://www.squid-cache.org/Advisories/SQUID-2020_2.txt>

 * SQUID-2020:3 Buffer Overflow issue in ext_lm_group_acl helper.
   (CVE-2020-8517)

This problem is limited to installations using the ext_lm_group_acl
binary (previously shipped as mswin_check_lm_group).

Due to incorrect input validation the NTLM authentication
credentials parser in ext_lm_group_acl may write to memory
outside the credentials buffer.

On systems with memory access protections this can result in
the the helper process being terminated unexpectedly. Resulting
in Squid process also terminating and a denial of service for
all clients using the proxy.

See the advisory for more details:
 <http://www.squid-cache.org/Advisories/SQUID-2020_3.txt>

 * Bug 5008: SIGBUS in PagePool::level() with custom rock slot size

This shows up as SMP Squids crashing on arm64 with a SIGBUS error. The
issues was incorrect memory alignment with certain cache sizes. This
Squid release now forces alignment of the critical rock page details.

 * Bug 4735: Truncated chunked responses cached as whole

This bug shows up as clients getting the cached truncated response
objects until the cache object expires or is force removed.

In absence of partial-object caching this Squid release treats
incomplete responses as non-cacheable and prevents the chunked encoding
terminator chunk being delivered to the active client(s).

 * Fix server_cert_fingerprint on cert validator-reported errors

This bug shows up as a server_cert_fingerprint ACL mismatch when
sslproxy_cert_error directive was applied to validation errors reported
by the certificate validator, because the ACL could not find the server
certificate.

  All users of Squid are urged to upgrade as soon as possible.
   2020-01-23 15:49:09 by Jonathan Perkin | Files touched by this commit (1)
Log message:
squid4: Remove -Werror, violates at least -Wwrite-strings.
   2020-01-23 15:47:56 by Jonathan Perkin | Files touched by this commit (1)
Log message:
squid4: Don't unconditionally enable the ldap helper.

There is a package option for it, use it so that openldap is correctly
pulled in when enabled.
   2020-01-18 22:51:16 by Jonathan Perkin | Files touched by this commit (1836)
Log message:
*: Recursive revision bump for openssl 1.1.1.
   2020-01-10 22:22:22 by Joerg Sonnenberger | Files touched by this commit (3)
Log message:
Fix kqueue fallout on NetBSD current.
   2020-01-04 11:57:18 by Takahiro Kambe | Files touched by this commit (16)
Log message:
www/squid4: Add squid4 package version 4.9

Add squid4 package version 4.9 based on wip/squid4 package.

Squid is a fully-featured HTTP/1.0 proxy with partial HTTP/1.1 support
The 4 series brings many new features and upgrades to the basic
networking protocols. A short list of the major new features is:

Squid 4 represents a new feature release above 3.5.

The most important of these new features are:

* Configurable helper queue size
* Helper concurrency channels changes
* SSL support removal
* Helper Binary Changes
* Secure ICAP
* Improved SMP support
* Improved process management
* Initial GnuTLS support
* ESI Custom Parser removal