The NetBSD Project

CVS log for pkgsrc/www/squid3/Attic/Makefile

[BACK] Up to [cvs.NetBSD.org] / pkgsrc / www / squid3

Request diff between arbitrary revisions


Keyword substitution: kv
Default branch: MAIN


Revision 1.88
Fri Apr 24 12:21:23 2020 UTC (4 years, 7 months ago) by nia
Branches: MAIN
CVS tags: HEAD
FILE REMOVED
Changes since revision 1.87: +1 -1 lines
www: Remove squid3 - legacy squid package, broken with OpenSSL 1.1

Revision 1.87: download - view: text, markup, annotated - select for diffs
Fri Apr 24 12:14:01 2020 UTC (4 years, 7 months ago) by nia
Branches: MAIN
Diff to: previous 1.86: preferred, colored
Changes since revision 1.86: +3 -1 lines
www: Mark packages that fail with OpenSSL 1.1 BROKEN

Revision 1.86: download - view: text, markup, annotated - select for diffs
Sat Jan 18 21:51:12 2020 UTC (4 years, 10 months ago) by jperkin
Branches: MAIN
CVS tags: pkgsrc-2020Q1-base, pkgsrc-2020Q1
Diff to: previous 1.85: preferred, colored
Changes since revision 1.85: +2 -2 lines
*: Recursive revision bump for openssl 1.1.1.

Revision 1.85: download - view: text, markup, annotated - select for diffs
Mon Nov 4 22:10:15 2019 UTC (5 years, 1 month ago) by rillig
Branches: MAIN
CVS tags: pkgsrc-2019Q4-base, pkgsrc-2019Q4
Diff to: previous 1.84: preferred, colored
Changes since revision 1.84: +8 -8 lines
www: align variable assignments

pkglint -Wall -F --only aligned --only indent -r

Manually excluded phraseanet since pkglint got the indentation wrong.

Revision 1.84: download - view: text, markup, annotated - select for diffs
Sun Aug 11 13:25:08 2019 UTC (5 years, 4 months ago) by wiz
Branches: MAIN
CVS tags: pkgsrc-2019Q3-base, pkgsrc-2019Q3
Diff to: previous 1.83: preferred, colored
Changes since revision 1.83: +2 -2 lines
Bump PKGREVISIONs for perl 5.30.0

Revision 1.81.2.1: download - view: text, markup, annotated - select for diffs
Sat Aug 25 16:19:00 2018 UTC (6 years, 3 months ago) by bsiegert
Branches: pkgsrc-2018Q2
Diff to: previous 1.81: preferred, colored; next MAIN 1.82: preferred, colored
Changes since revision 1.81: +2 -8 lines
Pullup ticket #5817 - requested by taca
www/squid3: security fix

Revisions pulled up:
- www/squid3/Makefile                                           1.82
- www/squid3/distinfo                                           1.64

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Sat Aug 11 01:22:02 UTC 2018

   Modified Files:
   	pkgsrc/www/squid3: Makefile distinfo

   Log Message:
   www/squid3: update to 3.5.29

   Changes to squid-3.5.28 (15 Jul 2018):

   	- SQUID-2018:1: crash processing SSL-Bumped traffic containing ESI
   	- SQUID-2018:2: crash handling responses to internally generated requests
   	- SQUID-2018:3 / CVE-2018-1172: crash in ESI Response processing
   	- Bug 4861: HTTPMSGLOCK missing pointer safety
   	- Bug 4829: IPC shared memory leaks when disker queue overflows
   	- Bug 4767: SMP breaks IPv6 SNMP and cache manager queries
   	- Bug 2821: Ignore Content-Range in non-206 responses
   	- HTCP: Ignore HTCP packets with invalid URI
   	- SSL-Bump: fix authentication with schemes other than Basic
   	- TPROXY: Fix clientside_mark and client port logging
   	- Fix "Cannot assign requested address" for to-origin TPROXY FTP data
   	- Fix --with-netfilter-conntrack error message
   	- Validate mime icon URL before allocating store entries
   	- ... and many documentation changes

Revision 1.83: download - view: text, markup, annotated - select for diffs
Wed Aug 22 09:47:58 2018 UTC (6 years, 3 months ago) by wiz
Branches: MAIN
CVS tags: pkgsrc-2019Q2-base, pkgsrc-2019Q2, pkgsrc-2019Q1-base, pkgsrc-2019Q1, pkgsrc-2018Q4-base, pkgsrc-2018Q4, pkgsrc-2018Q3-base, pkgsrc-2018Q3
Diff to: previous 1.82: preferred, colored
Changes since revision 1.82: +2 -1 lines
Recursive bump for perl5-5.28.0

Revision 1.82: download - view: text, markup, annotated - select for diffs
Sat Aug 11 01:22:02 2018 UTC (6 years, 4 months ago) by taca
Branches: MAIN
Diff to: previous 1.81: preferred, colored
Changes since revision 1.81: +2 -8 lines
www/squid3: update to 3.5.29

Changes to squid-3.5.28 (15 Jul 2018):

	- SQUID-2018:1: crash processing SSL-Bumped traffic containing ESI
	- SQUID-2018:2: crash handling responses to internally generated requests
	- SQUID-2018:3 / CVE-2018-1172: crash in ESI Response processing
	- Bug 4861: HTTPMSGLOCK missing pointer safety
	- Bug 4829: IPC shared memory leaks when disker queue overflows
	- Bug 4767: SMP breaks IPv6 SNMP and cache manager queries
	- Bug 2821: Ignore Content-Range in non-206 responses
	- HTCP: Ignore HTCP packets with invalid URI
	- SSL-Bump: fix authentication with schemes other than Basic
	- TPROXY: Fix clientside_mark and client port logging
	- Fix "Cannot assign requested address" for to-origin TPROXY FTP data
	- Fix --with-netfilter-conntrack error message
	- Validate mime icon URL before allocating store entries
	- ... and many documentation changes

Revision 1.80.2.1: download - view: text, markup, annotated - select for diffs
Sun May 6 11:58:34 2018 UTC (6 years, 7 months ago) by spz
Branches: pkgsrc-2018Q1
Diff to: previous 1.80: preferred, colored; next MAIN 1.81: preferred, colored
Changes since revision 1.80: +4 -3 lines
Pullup ticket #5752 - requested by taca
www/squid3: security patch

Revisions pulled up:
- www/squid3/Makefile                                           1.81
- www/squid3/distinfo                                           1.63

-------------------------------------------------------------------
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Mon Apr 30 08:57:49 UTC 2018

   Modified Files:
   	pkgsrc/www/squid3: Makefile distinfo

   Log Message:
   www/squid3: Add official security patch SQUID-2018_3

   Add security patch for SQUID-2018_3.

   Bump PKGREVISION.

   http://www.squid-cache.org/Advisories/SQUID-2018_3.txt

   __________________________________________________________________

   Problem Description:

    Due to incorrect pointer handling Squid is vulnerable to denial
    of service attack when processing ESI responses.

   __________________________________________________________________

   Severity:

    This problem allows a remote server delivering ESI responses
    to trigger a denial of service for all clients accessing the
    Squid service.

    This problem is limited to Squid operating as reverse proxy.


   To generate a diff of this commit:
   cvs rdiff -u -r1.80 -r1.81 pkgsrc/www/squid3/Makefile
   cvs rdiff -u -r1.62 -r1.63 pkgsrc/www/squid3/distinfo

Revision 1.81: download - view: text, markup, annotated - select for diffs
Mon Apr 30 08:57:49 2018 UTC (6 years, 7 months ago) by taca
Branches: MAIN
CVS tags: pkgsrc-2018Q2-base
Branch point for: pkgsrc-2018Q2
Diff to: previous 1.80: preferred, colored
Changes since revision 1.80: +4 -3 lines
www/squid3: Add official security patch SQUID-2018_3

Add security patch for SQUID-2018_3.

Bump PKGREVISION.

http://www.squid-cache.org/Advisories/SQUID-2018_3.txt

__________________________________________________________________

Problem Description:

 Due to incorrect pointer handling Squid is vulnerable to denial
 of service attack when processing ESI responses.

__________________________________________________________________

Severity:

 This problem allows a remote server delivering ESI responses
 to trigger a denial of service for all clients accessing the
 Squid service.

 This problem is limited to Squid operating as reverse proxy.

Revision 1.78.6.1: download - view: text, markup, annotated - select for diffs
Mon Feb 5 09:38:18 2018 UTC (6 years, 10 months ago) by spz
Branches: pkgsrc-2017Q4
Diff to: previous 1.78: preferred, colored; next MAIN 1.79: preferred, colored
Changes since revision 1.78: +6 -2 lines
Pullup ticket #5700 - requested by taca
www/squid3: security update

Revisions pulled up:
- www/squid3/Makefile                                           1.79-1.80
- www/squid3/distinfo                                           1.62

-------------------------------------------------------------------
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Tue Jan 23 02:28:49 UTC 2018

   Modified Files:
   	pkgsrc/www/squid3: Makefile distinfo

   Log Message:
   www/squid3: Add security patches

   Add two official security patches.

   o Denial of service attack when processing ESI responses
   o Denial of service attack when processing ESI responses or downloading
     intermediate CA certificates

   	http://www.squid-cache.org/Advisories/SQUID-2018_1.txt
   	http://www.squid-cache.org/Advisories/SQUID-2018_2.txt

   Bump PKGREVISION.


   To generate a diff of this commit:
   cvs rdiff -u -r1.78 -r1.79 pkgsrc/www/squid3/Makefile
   cvs rdiff -u -r1.61 -r1.62 pkgsrc/www/squid3/distinfo

-------------------------------------------------------------------
   Module Name:	pkgsrc
   Committed By:	veego
   Date:		Thu Jan 25 16:54:28 UTC 2018

   Modified Files:
   	pkgsrc/www/squid3: Makefile

   Log Message:
   Add missing PATCH_SITES for the new patch files in the last commit.


   To generate a diff of this commit:
   cvs rdiff -u -r1.79 -r1.80 pkgsrc/www/squid3/Makefile

Revision 1.80: download - view: text, markup, annotated - select for diffs
Thu Jan 25 16:54:28 2018 UTC (6 years, 10 months ago) by veego
Branches: MAIN
CVS tags: pkgsrc-2018Q1-base
Branch point for: pkgsrc-2018Q1
Diff to: previous 1.79: preferred, colored
Changes since revision 1.79: +2 -1 lines
Add missing PATCH_SITES for the new patch files in the last commit.

Revision 1.79: download - view: text, markup, annotated - select for diffs
Tue Jan 23 02:28:49 2018 UTC (6 years, 10 months ago) by taca
Branches: MAIN
Diff to: previous 1.78: preferred, colored
Changes since revision 1.78: +5 -2 lines
www/squid3: Add security patches

Add two official security patches.

o Denial of service attack when processing ESI responses
o Denial of service attack when processing ESI responses or downloading
  intermediate CA certificates

	http://www.squid-cache.org/Advisories/SQUID-2018_1.txt
	http://www.squid-cache.org/Advisories/SQUID-2018_2.txt

Bump PKGREVISION.

Revision 1.78: download - view: text, markup, annotated - select for diffs
Tue Sep 5 08:09:08 2017 UTC (7 years, 3 months ago) by dholland
Branches: MAIN
CVS tags: pkgsrc-2017Q4-base, pkgsrc-2017Q3-base, pkgsrc-2017Q3
Branch point for: pkgsrc-2017Q4
Diff to: previous 1.77: preferred, colored
Changes since revision 1.77: +2 -1 lines
PR 52514 Angel Adames: squid-ipf doesn't work on FreeBSD, so don't enable
it by default. Bump PKGREVISION (to 1) as a precaution.

Revision 1.77: download - view: text, markup, annotated - select for diffs
Mon Aug 21 09:19:12 2017 UTC (7 years, 3 months ago) by adam
Branches: MAIN
Diff to: previous 1.76: preferred, colored
Changes since revision 1.76: +2 -2 lines
Squid 3.5.27:
Fix build on FreeBSD after rev.14180
Bug 4464: Reduce "!Comm::MonitorsRead(serverConnection->fd)" assertions.
Fix mgr query handoff from the original recipient to Coordinator.
Fix message packing error handling in mgr and snmp SMP Forwarders.
basic_ncsa_auth: fix hash listing wrap in man(8) page
Bug 4687: Wrong names of components in man page, section SEE ALSO
Bug 4112: ssl_engine does not accept cryptodev
Bug 4671 pt3: various GCC 7 compile errors
Replace new/delete operators using modern C++ rules.
Bug 4671 pt2: GCC 7: raise FTP Gateway CTRL channel buffer to 16KB
SourceFormat Enforcement
Bug 2833 pt3: Do not respond with HTTP/304 to unconditional requests
Bug 2833 pt2: Collapse internal revalidation requests (SMP-unaware caches), again.

Revision 1.76: download - view: text, markup, annotated - select for diffs
Fri Jun 2 08:21:51 2017 UTC (7 years, 6 months ago) by adam
Branches: MAIN
CVS tags: pkgsrc-2017Q2-base, pkgsrc-2017Q2
Diff to: previous 1.75: preferred, colored
Changes since revision 1.75: +2 -2 lines
Changes 3.5.26:
* Bug 4653: %st lies about tunneled traffic volumes
* Revert r14161
* Bug 4682: ignoring http_access deny when client-first bumping mode is used
* Fix xstrndup() documentation, callers. Disclosed implementation bugs.
* Docs: Improve formatting of several manual pages
* Bug 4711: SubjectAlternativeNames is missing in some generated certificates
* Bug 4653: %st lies about tunneled traffic volumes
* Add OpenSSL library details to -v output
* Bug 3772: message from FTP server gets mangled
* Bug 3102: FTP directory listing drops fist character of file names
* Bug 4589: ssl_crtd: returning zero on failure
* Bug 4695: squidpurge: GCC 7 build errors
* Bug 4682: Fix ssl_bump "bump" action documentation

Revision 1.75: download - view: text, markup, annotated - select for diffs
Mon Apr 3 08:10:47 2017 UTC (7 years, 8 months ago) by adam
Branches: MAIN
Diff to: previous 1.74: preferred, colored
Changes since revision 1.74: +2 -3 lines
Changes 3.5.25:
* Bug 4688: various typo error(s) in man page(s)
* libtrie: Fix 'make check' when run before 'make all'
* Docs: update refresh_pattern description regarding 'max' option
* Fix variable shadowing after rev.14149
* Bug 4508: Host forgery stalls intercepted being-spliced connections.
* Native FTP relay: NAT and TPROXY interception fixes
* ext_kerberos_ldap_group_acl: fix unused value warnings
* Check that -k argument is provided before trying to use it.
* Fix missing CRLF on FTP timeout ABORT commands
* Fix crash when configuring with invalid delay_parameters restore value.
* Fix regression in CONNECT authentication after rev.14142
* Bump SSL client on [more] errors encountered before ssl_bump evaluation

Revision 1.74: download - view: text, markup, annotated - select for diffs
Sat Mar 18 21:26:31 2017 UTC (7 years, 8 months ago) by adam
Branches: MAIN
CVS tags: pkgsrc-2017Q1-base, pkgsrc-2017Q1
Diff to: previous 1.73: preferred, colored
Changes since revision 1.73: +4 -3 lines
Let 'purge' find correct config file by default.

Revision 1.73: download - view: text, markup, annotated - select for diffs
Fri Feb 10 08:41:25 2017 UTC (7 years, 10 months ago) by sborrill
Branches: MAIN
Diff to: previous 1.72: preferred, colored
Changes since revision 1.72: +2 -1 lines
Enable build of ssl_crtd if ssl option selected. This is required for dynamic
certificate generation when using SSL Bump.
http://wiki.squid-cache.org/ConfigExamples/Intercept/SslBumpExplicit

Revision 1.72: download - view: text, markup, annotated - select for diffs
Mon Jan 30 14:17:33 2017 UTC (7 years, 10 months ago) by adam
Branches: MAIN
Diff to: previous 1.71: preferred, colored
Changes since revision 1.71: +2 -2 lines
Changes 3.5.24:
* SSLv2 records force SslBump bumping despite a matching step2 peek rule.
* Mitigate DoS attacks that use client-initiated SSL/TLS renegotiation.
* Detect HTTP header ACL issue
* Fix some spelling mistakes
* Update External ACL helpers error handling and caching
* Fix "Source and destination overlap in memcpy" Valgrind errors
* Reduce crashes due to unexpected ClientHttpRequest termination.
* Bug 3940 pt2: Make 'cache deny' do what is documented

Revision 1.71: download - view: text, markup, annotated - select for diffs
Thu Jan 19 18:52:29 2017 UTC (7 years, 10 months ago) by agc
Branches: MAIN
Diff to: previous 1.70: preferred, colored
Changes since revision 1.70: +4 -4 lines
Convert all occurrences (353 by my count) of

	MASTER_SITES= 	site1 \
			site2

style continuation lines to be simple repeated

	MASTER_SITES+= site1
	MASTER_SITES+= site2

lines. As previewed on tech-pkg. With thanks to rillig for fixing pkglint
accordingly.

Revision 1.70: download - view: text, markup, annotated - select for diffs
Sun Dec 18 03:18:57 2016 UTC (7 years, 11 months ago) by taca
Branches: MAIN
CVS tags: pkgsrc-2016Q4-base, pkgsrc-2016Q4
Diff to: previous 1.69: preferred, colored
Changes since revision 1.69: +2 -2 lines
Update squid to 3.5.23, including security fixes.

Changes to squid-3.5.23 (16 Dec 2016):

	- Bug 4627: fix generate-host-certificates and dynamic_cert_mem_cache_size docs
	- Bug 4620: NetBSD build error with --enable-ipf-transparent
	- Bug 4567: Strange IPv6 shown in access.log
	- Bug 4406: SIGSEV in TunnelStateData::handleConnectResponse() during reconfigure and restart
	- Bug 4174 partial: fix Write.cc:41 "!ccb->active()" assertion.
	- Bug 4169: HIT marked as MISS when If-None-Match does not match
	- Bug 4007: Hang on DNS query with dead-end CNAME
	- Bug 4004 partial: Fix segfault via Ftp::Client::readControlReply
	- Bug 3940 partial: hostHeaderVerify failures MISS when they should be HIT
	- Bug 3533: Cache still valid after HTTP/1.1 303 See Other
	- Bug 3379: Combination of If-Match and a Cache Hit result in TCP Connection Failure
	- Bug 3290: authenticate_ttl not working for digest authentication
	- Bug 2258: bypassing cache but not destroying cache entry
	- HTTP/1.1: make Vary:* objects cacheable
	- HTTP/1.1: Add registered codes entry for new 103 (Early Hints) status code
	- Support IPv6 NAT with PF for NetBSD and FreeBSD
	- TLS: Make key= before cert= an error instead of quietly hiding the issue
	- ... and some debug updates
	- ... and some build fixes
	- ... and several documentation updates

Revision 1.69: download - view: text, markup, annotated - select for diffs
Mon Oct 10 09:01:39 2016 UTC (8 years, 2 months ago) by adam
Branches: MAIN
Diff to: previous 1.68: preferred, colored
Changes since revision 1.68: +2 -2 lines
Changes 3.5.22:
* HTTP: MUST ignore a [revalidation] response with an older Date header.
* Optimized/simplified buffering: Appending nothing is always possible.
* Hide OpenSSL tricks from Valgrind far-reaching initialization errors.
* Avoid segfaults when debugging section 4 at level 9.
* Bug 4302 pt2: IPFilter v5 transparent interception
* Bug 4594: build failure with clang 3.9
* Bug 4471: revalidation doesn't work when expired cached object lacks Last-Modified.
* Bug 2833: Collapse internal revalidation requests (SMP-unaware caches)
* Bug 3819: "fd >= 0" assertion in file_write() during reconfiguration
* Do not leak url_rewrite_extras and store_id_extras on reconfigure/shutdown.
* Do reset $HOME if needed after r13435. Minimize putenv() memory leaks.
* Bug 4228: ./configure bug/typo in r14394.
* Fix potential ICAP null pointer dereference after rev.14082
* Fix logged request size (%http::>st) and other size-related %codes.

Revision 1.68: download - view: text, markup, annotated - select for diffs
Sun Sep 11 17:41:17 2016 UTC (8 years, 3 months ago) by taca
Branches: MAIN
CVS tags: pkgsrc-2016Q3-base, pkgsrc-2016Q3
Diff to: previous 1.67: preferred, colored
Changes since revision 1.67: +2 -3 lines
Update squid to 3.5.21.

Changes to squid-3.5.21 (08 Sep 2016):

	- Bug 4563: duplicate code in httpMakeVaryMark
	- Bug 4542: authentication credentials IP TTL updated incorrectly
	- Bug 4534: assertion failure in xcalloc when using many cache_dir
	- Bug 4428: mal-formed Cache-Control:stale-if-error header
	- Bug 3025: Proxy-Authenticate problem using ICAP server
	- Fix segfault via Ftp::Client::readControlReply()
	- Fix SSL-Bump failure results in SEGFAULT
	- HTTP/1.1: MUST always revalidate Cache-Control:no-cache responses
	- HTTP/1.1: do not allow Proxy-Connection to override Connection header
	- SSL: CN wildcard must only match a single domain component [fragment]

Revision 1.67: download - view: text, markup, annotated - select for diffs
Sat Jul 9 06:39:14 2016 UTC (8 years, 5 months ago) by wiz
Branches: MAIN
Diff to: previous 1.66: preferred, colored
Changes since revision 1.66: +2 -1 lines
Bump PKGREVISION for perl-5.24.0 for everything mentioning perl.

Revision 1.66: download - view: text, markup, annotated - select for diffs
Mon Jul 4 12:06:45 2016 UTC (8 years, 5 months ago) by adam
Branches: MAIN
Diff to: previous 1.65: preferred, colored
Changes since revision 1.65: +2 -2 lines
Changes 3.5.20:
Assertion failed: Write.cc:38: "fd_table[conn->fd].flags.open"
Bug 4523: smblib compile fails on NetBSD
Do not make bogus recvmsg(2) calls when closing UDS sockets.
Fix SEGFAULT parsing malformed adaptation service configuration
Fixed ConnStateData::In::maybeMakeSpaceAvailable() logic.
Bug 3579: assertion failed 'MemPools[type]' from dst_as ACL
Do not allow low-level debugging to hide important/critical messages.
Bug 4485: off-by-one out-of-bounds Parser::Tokenizer::int64() read errors
Increase debug level in a peek-and-splice related debug message
Fix icons loading speed.
Fix OpenSSL detection on FreeBSD
Do not override user defined -std option
Support unified EUI format code in external_acl_type

Revision 1.63.2.2: download - view: text, markup, annotated - select for diffs
Fri May 13 12:25:34 2016 UTC (8 years, 7 months ago) by bsiegert
Branches: pkgsrc-2016Q1
Diff to: previous 1.63.2.1: preferred, colored; branchpoint 1.63: preferred, colored; next MAIN 1.64: preferred, colored
Changes since revision 1.63.2.1: +2 -2 lines
Pullup ticket #5009 - requested by taca
www/squid3: security fix, build fix

Revisions pulled up:
- www/squid3/Makefile                                           1.65
- www/squid3/distinfo                                           1.51
- www/squid3/patches/patch-src_eui_Eui48.cc                     deleted

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Sun May  8 23:29:19 UTC 2016

   Modified Files:
   	pkgsrc/www/squid3: Makefile distinfo
   Removed Files:
   	pkgsrc/www/squid3/patches: patch-src_eui_Eui48.cc

   Log Message:
   Update squid3 to 3.5.19, 3.5.18 contains security fix.

   Changes to squid-3.5.19 (09 May 2016):

   	- Regression Bug 4515: interception proxy hangs

   Changes to squid-3.5.18 (06 May 2016):

   	- Bug 4510: stale comment about 32KB limit on shared memory cache entries
   	- Bug 4509: EUI compile error on NetBSD
   	- Bug 4501: HTTP/1.1: normalize Host header
   	- Bug 4498: URL-unescape the login-info after extraction from URI
   	- Bug 4455: SegFault from ESIInclude::Start
   	- Prevent Squid forcing -b 2048 into the arguments for sslcrtd_program
   	- Fix TLS/SSL server handshake alert handling

Revision 1.65: download - view: text, markup, annotated - select for diffs
Sun May 8 23:29:19 2016 UTC (8 years, 7 months ago) by taca
Branches: MAIN
CVS tags: pkgsrc-2016Q2-base, pkgsrc-2016Q2
Diff to: previous 1.64: preferred, colored
Changes since revision 1.64: +2 -2 lines
Update squid3 to 3.5.19, 3.5.18 contains security fix.

Changes to squid-3.5.19 (09 May 2016):

	- Regression Bug 4515: interception proxy hangs

Changes to squid-3.5.18 (06 May 2016):

	- Bug 4510: stale comment about 32KB limit on shared memory cache entries
	- Bug 4509: EUI compile error on NetBSD
	- Bug 4501: HTTP/1.1: normalize Host header
	- Bug 4498: URL-unescape the login-info after extraction from URI
	- Bug 4455: SegFault from ESIInclude::Start
	- Prevent Squid forcing -b 2048 into the arguments for sslcrtd_program
	- Fix TLS/SSL server handshake alert handling

Revision 1.63.2.1: download - view: text, markup, annotated - select for diffs
Sun May 8 08:09:58 2016 UTC (8 years, 7 months ago) by bsiegert
Branches: pkgsrc-2016Q1
Diff to: previous 1.63: preferred, colored
Changes since revision 1.63: +2 -2 lines
Pullup ticket #4971 - requested by taca
www/squid3: security fix

Revisions pulled up:
- www/squid3/Makefile                                           1.64
- www/squid3/distinfo                                           1.49-1.50
- www/squid3/patches/patch-src_eui_Eui48.cc                     1.1

---
   Module Name:	pkgsrc
   Committed By:	adam
   Date:		Fri Apr 22 15:14:22 UTC 2016

   Modified Files:
   	pkgsrc/www/squid3: Makefile distinfo

   Log Message:
   Changes 3.5.17:
   * nullptr is a C++11 feature
   * Fix several ESI element construction issues
   * SourceFormat Enforcement
   * cachemgr.cgi: use dynamic MemBuf for internal content generation
   * Add chained certificates and signing certificate to peek-then-bumped connections.
   * Handshake Error: ccs received early: fix typo
   * Avoid startup/shutdown crashes [by avoiding static non-POD globals].
   * Bugs fixed.

---
   Module Name:	pkgsrc
   Committed By:	adam
   Date:		Tue Apr 26 10:36:48 UTC 2016

   Modified Files:
   	pkgsrc/www/squid3: distinfo
   Added Files:
   	pkgsrc/www/squid3/patches: patch-src_eui_Eui48.cc

   Log Message:
   Fix build on NetBSD >=7.99.27 due route(4) change (deprecation of RTF_LLINFO). Courtesy of leot.

Revision 1.64: download - view: text, markup, annotated - select for diffs
Fri Apr 22 15:14:22 2016 UTC (8 years, 7 months ago) by adam
Branches: MAIN
Diff to: previous 1.63: preferred, colored
Changes since revision 1.63: +2 -2 lines
Changes 3.5.17:
* nullptr is a C++11 feature
* Fix several ESI element construction issues
* SourceFormat Enforcement
* cachemgr.cgi: use dynamic MemBuf for internal content generation
* Add chained certificates and signing certificate to peek-then-bumped connections.
* Handshake Error: ccs received early: fix typo
* Avoid startup/shutdown crashes [by avoiding static non-POD globals].
* Bugs fixed.

Revision 1.63: download - view: text, markup, annotated - select for diffs
Sat Apr 2 09:07:40 2016 UTC (8 years, 8 months ago) by taca
Branches: MAIN
CVS tags: pkgsrc-2016Q1-base
Branch point for: pkgsrc-2016Q1
Diff to: previous 1.62: preferred, colored
Changes since revision 1.62: +2 -3 lines
Update squid3 pacakge to 3.5.16, fixing several security problems.
Please refer release note for other changes:
http://www.squid-cache.org/Versions/v3/3.5/RELEASENOTES.html

* SQUID-2016:4 - Denial of Service issue in HTTP Response processing

    http://www.squid-cache.org/Advisories/SQUID-2016_4.txt
    aka. CVE-2016-3948

This is another of the bugs left unfixed by the SQUID-2016:2 patches.
The visible symptom is assertions about:
 "String.cc:*: 'len_ + len <65536'"

There is an attack in the wild for this one, but not as widely as for
the previous issues.


* SQUID-2016:3 - Buffer overrun issue in pinger ICMPv6 processing.

    http://www.squid-cache.org/Advisories/SQUID-2016_3.txt
    aka. CVE-2016-3947

This bug shows up as pinger crashing with Icmp6::Recv errors. This may
affect Squid HTTP routing decisions. In some configurations, sub-optimal
routing decisions may result in serious service degradation or even
transaction failures.

All previous Squid-3 releases are affected by both these issues. See the
advisory for further details. Upgrade or patching should be considered a
high priority.


* pinger: drop capabilities on Linux

On Linux, it is now possible to install pinger helper with only
CAP_NET_RAW permissions raised instead of full setuid-root:

  (setcap cap_net_raw+ep /path/to/pinger &&
   chmod u-s /path/to/pinger) || :

Other operating systems without libcap capabilities features are not
affected by this change.


* Bug #4447: FwdState.cc:447 "serverConnection() == conn" assertion

This rather cripling bug appears after the CVE-2016-2569 patch. It
turned out to be a race condition closing connections and has now been
fully fixed.

Revision 1.62: download - view: text, markup, annotated - select for diffs
Sat Mar 5 11:29:40 2016 UTC (8 years, 9 months ago) by jperkin
Branches: MAIN
Diff to: previous 1.61: preferred, colored
Changes since revision 1.61: +2 -1 lines
Bump PKGREVISION for security/openssl ABI bump.

Revision 1.57.2.2: download - view: text, markup, annotated - select for diffs
Mon Feb 29 10:10:47 2016 UTC (8 years, 9 months ago) by bsiegert
Branches: pkgsrc-2015Q4
Diff to: previous 1.57.2.1: preferred, colored; branchpoint 1.57: preferred, colored; next MAIN 1.58: preferred, colored
Changes since revision 1.57.2.1: +2 -2 lines
Pullup ticket #4931 - requested by taca
www/squid3: security fix

Revisions pulled up:
- www/squid3/Makefile                                           1.60
- www/squid3/distinfo                                           1.47

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Wed Feb 24 06:38:57 UTC 2016

   Modified Files:
   	pkgsrc/www/squid3: Makefile distinfo

   Log Message:
   Update squid3 package to 3.5.15, security release.

   * SQUID-2016:2 - Multiple Denial of Service issues in HTTP Response
     processing

       http://www.squid-cache.org/Advisories/SQUID-2016_2.txt

   Changes to squid-3.5.15 (23 Feb 2016):

   	- Bug 3870: assertion failed: String.cc: 'len_ + len <65536' in ESI::CustomParser
   	- Fix multiple assertion on String overflows
   	- Fix unit test errors on MacOS
   	- Better handling of huge response headers. Fewer incorrect "Bug #3279" messages.
   	- Log noise reduction for eCAP

Revision 1.61: download - view: text, markup, annotated - select for diffs
Fri Feb 26 10:57:46 2016 UTC (8 years, 9 months ago) by jperkin
Branches: MAIN
Diff to: previous 1.60: preferred, colored
Changes since revision 1.60: +2 -4 lines
Use OPSYSVARS.

Revision 1.60: download - view: text, markup, annotated - select for diffs
Wed Feb 24 06:38:57 2016 UTC (8 years, 9 months ago) by taca
Branches: MAIN
Diff to: previous 1.59: preferred, colored
Changes since revision 1.59: +2 -2 lines
Update squid3 package to 3.5.15, security release.

* SQUID-2016:2 - Multiple Denial of Service issues in HTTP Response
  processing

    http://www.squid-cache.org/Advisories/SQUID-2016_2.txt

Changes to squid-3.5.15 (23 Feb 2016):

	- Bug 3870: assertion failed: String.cc: 'len_ + len <65536' in ESI::CustomParser
	- Fix multiple assertion on String overflows
	- Fix unit test errors on MacOS
	- Better handling of huge response headers. Fewer incorrect "Bug #3279" messages.
	- Log noise reduction for eCAP

Revision 1.57.2.1: download - view: text, markup, annotated - select for diffs
Tue Feb 16 20:18:01 2016 UTC (8 years, 9 months ago) by bsiegert
Branches: pkgsrc-2015Q4
Diff to: previous 1.57: preferred, colored
Changes since revision 1.57: +2 -2 lines
Pullup ticket #4924 - requested by taca
www/squid3: security fix

Revisions pulled up:
- www/squid3/Makefile                                           1.58-1.59
- www/squid3/distinfo                                           1.45-1.46

---
   Module Name:	pkgsrc
   Committed By:	adam
   Date:		Mon Jan 11 09:24:32 UTC 2016

   Modified Files:
   	pkgsrc/www/squid3: Makefile distinfo

   Log Message:
   Changes 3.5.13:
   * Ssl::CertValidationHelper::sslSubmit: Assure that the callback->getDialer()
   * Fix build error with ICC
   * Fix GnuTLS detection via pkg-config
   * Reflect the [ugly] reality in external_acl_type cache=n documentation.
   * Avoid memory leaks when a certificate validator is used with SslBump
   * Support Ephemeral Elliptic Curve Diffie-Hellman (EECDH) key exchange
   * Fix clang build error after rev.13961
   * Bug 4397: DragonFly BSD, POSIX shared memory is implemented as filepath
   * Fix startup crash with a misconfigured (too-small) shared memory cache
   * Fix connection retry and fallback after failed server TLS connections
   * Complete certificate chains using external intermediate certificates
   * Bug 4387: Kerberos build errors on Solaris

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Tue Feb 16 06:50:06 UTC 2016

   Modified Files:
   	pkgsrc/www/squid3: Makefile distinfo

   Log Message:
   Update squid3 to 3.5.14 (Squid 3.5.14), security release.

   Changes to squid-3.5.14 (16 Feb 2016):

   	- Bug 4437: Fix Segfault on Certain SSL Handshake Errors
   	- Bug 4431: C code is not compiled with CFLAGS
   	- Bug 4418: FlexibleArray compile error with GCC 6
   	- Bug 4378: assertion failed: DestinationIp.cc:60:
   		'checklist->conn() && checklist->conn()->clientConnection != NULL'
   	- Fix invalid FTP connection handling on blocked content
   	- Fix handling of shared memory left over by Squid crashes or bugs
   	- Fix mgr:config report 'qos_flows mark' output
   	- Fix compile error in CPU affinity
   	- Fix %un logging external ACL username
   	- Avoid more certificate validation memory leaks
   	- ... and some documentation updates

Revision 1.59: download - view: text, markup, annotated - select for diffs
Tue Feb 16 06:50:06 2016 UTC (8 years, 9 months ago) by taca
Branches: MAIN
Diff to: previous 1.58: preferred, colored
Changes since revision 1.58: +2 -2 lines
Update squid3 to 3.5.14 (Squid 3.5.14), security release.

Changes to squid-3.5.14 (16 Feb 2016):

	- Bug 4437: Fix Segfault on Certain SSL Handshake Errors
	- Bug 4431: C code is not compiled with CFLAGS
	- Bug 4418: FlexibleArray compile error with GCC 6
	- Bug 4378: assertion failed: DestinationIp.cc:60:
		'checklist->conn() && checklist->conn()->clientConnection != NULL'
	- Fix invalid FTP connection handling on blocked content
	- Fix handling of shared memory left over by Squid crashes or bugs
	- Fix mgr:config report 'qos_flows mark' output
	- Fix compile error in CPU affinity
	- Fix %un logging external ACL username
	- Avoid more certificate validation memory leaks
	- ... and some documentation updates

Revision 1.58: download - view: text, markup, annotated - select for diffs
Mon Jan 11 09:24:32 2016 UTC (8 years, 11 months ago) by adam
Branches: MAIN
Diff to: previous 1.57: preferred, colored
Changes since revision 1.57: +2 -2 lines
Changes 3.5.13:
* Ssl::CertValidationHelper::sslSubmit: Assure that the callback->getDialer()
* Fix build error with ICC
* Fix GnuTLS detection via pkg-config
* Reflect the [ugly] reality in external_acl_type cache=n documentation.
* Avoid memory leaks when a certificate validator is used with SslBump
* Support Ephemeral Elliptic Curve Diffie-Hellman (EECDH) key exchange
* Fix clang build error after rev.13961
* Bug 4397: DragonFly BSD, POSIX shared memory is implemented as filepath
* Fix startup crash with a misconfigured (too-small) shared memory cache
* Fix connection retry and fallback after failed server TLS connections
* Complete certificate chains using external intermediate certificates
* Bug 4387: Kerberos build errors on Solaris

Revision 1.57: download - view: text, markup, annotated - select for diffs
Wed Dec 2 10:44:49 2015 UTC (9 years ago) by adam
Branches: MAIN
CVS tags: pkgsrc-2015Q4-base
Branch point for: pkgsrc-2015Q4
Diff to: previous 1.56: preferred, colored
Changes since revision 1.56: +2 -2 lines
Changes 3.5.12:
* Add missing stub definition for CPU_ISSET
* Fix build errors in cpuafinity.cc
* Bug 4228: links with krb5 libs despite --without options
* Fix delay_parameters documentation
* Stop using dangling pointers for eCAP-set custom HTTP reason phrases.
* Fix status code-based HTTP reason phrase for eCAP-generated messages.
* Revert r13921: Migrate StoreEntry to using MEMPROXY_CLASS
* Fix cache_peer forceddomain= in CONNECT
* TLS: Handshake Problem during Renegotiation
* Docs: Updated stale Ssl text to make the comment match the code again.
* Fix SSL_get_certificate() problem detection
* Polished cache_peer_access and related documentation.
* Bug 4374: refresh_pattern config parser (%)
* Bug 4373: assertion failed: client_side_request.cc:1709: 'calloutContext->redirect_state == REDIRECT_NONE'
* Make FATAL messages have a consistent prefix

Revision 1.53.2.1: download - view: text, markup, annotated - select for diffs
Tue Nov 24 18:19:32 2015 UTC (9 years ago) by bsiegert
Branches: pkgsrc-2015Q3
Diff to: previous 1.53: preferred, colored; next MAIN 1.54: preferred, colored
Changes since revision 1.53: +2 -2 lines
Pullup ticket #4860 - requested by taca
www/squid3: security fix

Revisions pulled up:
- www/squid3/Makefile                                           1.54-1.56
- www/squid3/distinfo                                           1.41-1.43
- www/squid3/files/squid.sh                                     1.3

---
   Module Name:	pkgsrc
   Committed By:	adam
   Date:		Fri Oct  2 07:57:13 UTC 2015

   Modified Files:
   	pkgsrc/www/squid3: Makefile distinfo

   Log Message:
   Changes 3.5.10:
   * Align behavior of MEMPROXY_CLASS's operator delete with ::delete on nullptr
   * Bug 4330: Do not use SSL_METHOD::put_cipher_by_char to determine size
   * Fix cache_peer login=PASS(THRU) after CVE-2015-5400
   * Bug 4304: PeerConnector.cc:743 "!callback" assertion.
   * Relicense SSPI helper to GPLv2+
   * Bug 4208: more than one port in wccp2_service_info line causes error
   * Relicense smb_lm auth helper to GPLv2+
   * Relicense ntlm_fake_auth.pl to GPLv2+
   * SMP: register worker listening ports one by one
   * Bug 4328: %un format code does not work for external ACLs in credentials-fetching rules
   * Bug 4323: Netfilter broken cross-includes with Linux 4.2
   * Cleanup: Migrate StoreEntry to using MEMPROXY_CLASS
   * Remove custom pool chunk size for StoreEntry
   * Implement default constructor for hash_link
   * Bug 4326: base64 binary encoder rejects data beginning with nil byte

---
   Module Name:	pkgsrc
   Committed By:	sborrill
   Date:		Thu Oct  8 10:07:10 UTC 2015

   Modified Files:
   	pkgsrc/www/squid3: Makefile
   	pkgsrc/www/squid3/files: squid.sh

   Log Message:
   Check current file descriptor limit and raise if required rather than
   blindly setting to 4096 (which may in fact be lower than current limit).
   Bump PKGREVISION

---
   Module Name:	pkgsrc
   Committed By:	adam
   Date:		Wed Nov  4 21:44:27 UTC 2015

   Modified Files:
   	pkgsrc/www/squid3: Makefile distinfo

   Log Message:
   Changes 3.5.11:
   * Add Locker friend class to SBuf for protection against memory issues
   * Connection stats, including %<lp, missing for persistent connections
   * Fix incorrect authentication headers on cache digest requests
   * Bug 4281: copy-paste typos in src/tools.cc
   * Bug 4188: Bumping intercepted SSL connections does not work on Solaris
   * Avoid errors when parsing manager ACL in old squid.conf
   * Bug 4279: No response from proxy for FTP-download of non-existing file
   * Bug 3574: crashes on reconfigure and startup
   * Bug 4347: compile errors with LibreSSL 2.3

Revision 1.56: download - view: text, markup, annotated - select for diffs
Wed Nov 4 21:44:27 2015 UTC (9 years, 1 month ago) by adam
Branches: MAIN
Diff to: previous 1.55: preferred, colored
Changes since revision 1.55: +2 -3 lines
Changes 3.5.11:
* Add Locker friend class to SBuf for protection against memory issues
* Connection stats, including %<lp, missing for persistent connections
* Fix incorrect authentication headers on cache digest requests
* Bug 4281: copy-paste typos in src/tools.cc
* Bug 4188: Bumping intercepted SSL connections does not work on Solaris
* Avoid errors when parsing manager ACL in old squid.conf
* Bug 4279: No response from proxy for FTP-download of non-existing file
* Bug 3574: crashes on reconfigure and startup
* Bug 4347: compile errors with LibreSSL 2.3

Revision 1.55: download - view: text, markup, annotated - select for diffs
Thu Oct 8 10:07:10 2015 UTC (9 years, 2 months ago) by sborrill
Branches: MAIN
Diff to: previous 1.54: preferred, colored
Changes since revision 1.54: +2 -1 lines
Check current file descriptor limit and raise if required rather than
blindly setting to 4096 (which may in fact be lower than current limit).
Bump PKGREVISION

Revision 1.54: download - view: text, markup, annotated - select for diffs
Fri Oct 2 07:57:13 2015 UTC (9 years, 2 months ago) by adam
Branches: MAIN
Diff to: previous 1.53: preferred, colored
Changes since revision 1.53: +2 -2 lines
Changes 3.5.10:
* Align behavior of MEMPROXY_CLASS's operator delete with ::delete on nullptr
* Bug 4330: Do not use SSL_METHOD::put_cipher_by_char to determine size
* Fix cache_peer login=PASS(THRU) after CVE-2015-5400
* Bug 4304: PeerConnector.cc:743 "!callback" assertion.
* Relicense SSPI helper to GPLv2+
* Bug 4208: more than one port in wccp2_service_info line causes error
* Relicense smb_lm auth helper to GPLv2+
* Relicense ntlm_fake_auth.pl to GPLv2+
* SMP: register worker listening ports one by one
* Bug 4328: %un format code does not work for external ACLs in credentials-fetching rules
* Bug 4323: Netfilter broken cross-includes with Linux 4.2
* Cleanup: Migrate StoreEntry to using MEMPROXY_CLASS
* Remove custom pool chunk size for StoreEntry
* Implement default constructor for hash_link
* Bug 4326: base64 binary encoder rejects data beginning with nil byte

Revision 1.53: download - view: text, markup, annotated - select for diffs
Tue Sep 22 13:39:31 2015 UTC (9 years, 2 months ago) by taca
Branches: MAIN
CVS tags: pkgsrc-2015Q3-base
Branch point for: pkgsrc-2015Q3
Diff to: previous 1.52: preferred, colored
Changes since revision 1.52: +2 -2 lines
Update squid3 to 3.5.9, it is security fix release.

* SQUID-2015:3 Multiple Remote Denial of service issues in SSL/TLS
  processing

These problems allow any trusted client or external server to
perform a denial of service attack on the Squid service and all
other services on the same machine.

However, the bugs are exploitable only if you have configured a
Squid-3.5 listening port with ssl-bump.

The visible signs of these bugs are a Squid crash or high CPU usage.
Skype is known to trigger the crash and/or a small amount of extra CPU
use unintentionally. Malicious traffic is possible which could have
severe effects.


* Regression Bug 3618: ntlm_smb_lm_auth rejects correct passwords

The SMB LanMan authentication helper in Squid-3.2 and later has been
rejecting valid user credentials.

Reminder: Use of this helper is deprecated. We strongly recommend
against using it. LanMan authentication gives the illusion of
transmitting NTLM protocol while actually transmitting username and
password with crypto algorithms that can be decoded in real-time (this
helper relies on that ability). The combination makes it overall less
secure than even HTTP Basic authentication.


* TLS: Support SNI on generated CONNECT after peek

When Squid generates CONNECT requests it will now attempt to use the
client SNI value if any is known.

Note that SNI is found during an ssl_bump peek action, so will only be
available on some generated CONNECT. Intercepted traffic will always
begin with a raw-IP CONNECT message which must pass access controls and
adaptations before ssl_bump peek is even considered.


* Quieten UFS cache maintenance skipped warnings

This resolves the log noise encountered since the 3.5.8 release when
large caches are running a full (aka. 'DIRTY') cache_dir rebuild scan.

Revision 1.52: download - view: text, markup, annotated - select for diffs
Sat Sep 5 14:25:37 2015 UTC (9 years, 3 months ago) by adam
Branches: MAIN
Diff to: previous 1.51: preferred, colored
Changes since revision 1.51: +2 -3 lines
Changes 3.5.8:
Fix FreeBSD Clang-3.5 build error
Support splice for SSLv3 and TLSv1 sessions that start with an SSLv2 Hello
Bug 3553: cache_swap_high ignored and maxCapacity used instead
Fix memory leak in Surrogate-Capability header detection
When a RESPMOD service aborts, mark the body it produced as truncated.
Cleanup: fix assertion in Store unit tests
Bug 3696: crash when client delay pools are activated
Bug 4278: Docs: typo in the refresh_pattern freshness algorithm
Bug 4306: build portability fix in Kerberos helpers
Docs: auto-build release notes for snapshots
FtpServer.cc:1024: "reply != NULL" assertion
Work around clang-3.6 complaining of unknown attributes in libxml2
Ignore impossible SSL bumping actions, as intended and documented.
Bug 4242: compile errors with eCAP using clang-3.6
Docs: fix typo in miss_access
Bug 4285 partial: %us is not supported in access.log
Bug 4302: IPFilter v5 transparent interception
Docs: update intercept/tproxy related text
Bug 4301: compile errors with IPFilter interception
Polish: add debug section,level to cache.log
Reject non-chunked HTTP messages with conflicting Content-Length values
Boilerplate: update ignored files
Boilerplate: add Foundation details to rfcnb and smblib documentation files
Cleanup: de-duplicate fake-CONNECT code
Use automake subdir-objects feature

Revision 1.51: download - view: text, markup, annotated - select for diffs
Mon Aug 17 16:41:28 2015 UTC (9 years, 3 months ago) by prlw1
Branches: MAIN
Diff to: previous 1.50: preferred, colored
Changes since revision 1.50: +2 -1 lines
Bump for IPFilter fix

Revision 1.50: download - view: text, markup, annotated - select for diffs
Wed Aug 5 08:10:56 2015 UTC (9 years, 4 months ago) by adam
Branches: MAIN
Diff to: previous 1.49: preferred, colored
Changes since revision 1.49: +2 -2 lines
Changes 3.5.7:
* Bug 4293: wrong SNI sent to server after URL-rewrite
* Add ENABLE_POD2MAN_DOC automake conditional for pod2man builds
* basic_smb_auth: rejecting valid credentials
* basic_smb_auth: doesn't handle passwords with backslashes
* basic_smb_auth: nmblookup fails when smb.conf contaisn WINS servers
* Docs: fix man(8) page syntax for lexgrof tool
* Make pod2man an optional dependency
* Handle exceptions during squid.conf parse
* When SBuf chop()s away everything, always clear the buffer.
* Cleanup: avoid mentioning compiler directives in configure output
* Bug 4251: incorrect instance name for memory segments in /dev/shm
* Bug 3345: Support %un (any available user name) format code for external ACLs.
* AUFS: Raise I/O queue congestion limits
* Improve handling of client connections on shutdown
* Avoid SSL certificate db corruption with empty index.txt as a symptom.
* Errors served using invalid certificates when dealing with SSL server errors.
* IPv6: improve BCP 177 compliance
* Polish debugs on NAT failure
* Fix crash in TcpAccepter with profiler enabled
* Splice to origin cache_peer.
* Bug 4227: invalid key in AuthUserHashPointer causing assertation failure

Revision 1.48.2.1: download - view: text, markup, annotated - select for diffs
Tue Jul 21 17:28:23 2015 UTC (9 years, 4 months ago) by tron
Branches: pkgsrc-2015Q2
Diff to: previous 1.48: preferred, colored; next MAIN 1.49: preferred, colored
Changes since revision 1.48: +2 -3 lines
Pullup ticket #4777 - requested by taca
www/squid3: security update

Revisions pulled up:
- www/squid3/Makefile                                           1.49
- www/squid3/PLIST                                              1.11
- www/squid3/distinfo                                           1.35
- www/squid3/patches/patch-configure                            1.8

---
   Module Name:	pkgsrc
   Committed By:	adam
   Date:		Mon Jul  6 09:39:40 UTC 2015

   Modified Files:
   	pkgsrc/www/squid3: Makefile PLIST distinfo
   	pkgsrc/www/squid3/patches: patch-configure

   Log Message:
   Changes 3.5.6:
   * ext_edirectory_userip_acl: fix uninitialized variable
   * Do not blindly forward cache peer CONNECT responses.
   * Bug 3483: assertion failed store.cc:1866: 'isEmpty()'
   * Use relative-URL in errorpage.css for SN.png
   * Bug 4193: Memory leak on FTP listings
   * Bug 4274: ssl_crtd.8 not being installed
   * Fix CONNECT failover to IPv4 after trying broken IPv6 servers
   * Bug 4183: segfault when freeing https_port clientca on reconfigure or exit.
   * TLS: Disable client-initiated renegotiation
   * Translations: add Spanish US dialect alias
   * Cleanup: replace __DATE__ and __TIME__ macros
   * Fix assertion String.cc:221: "str"
   * Fix assertion comm.cc:759: "Comm::IsConnOpen(conn)" in ConnStateData::getSslContextDone
   * Bug 3875: bad mimeLoadIconFile error handling
   * Support custom OIDs in *_cert ACLs
   * Bug 3329: The server side pinned connection is not closed properly

Revision 1.49: download - view: text, markup, annotated - select for diffs
Mon Jul 6 09:39:40 2015 UTC (9 years, 5 months ago) by adam
Branches: MAIN
Diff to: previous 1.48: preferred, colored
Changes since revision 1.48: +2 -3 lines
Changes 3.5.6:
* ext_edirectory_userip_acl: fix uninitialized variable
* Do not blindly forward cache peer CONNECT responses.
* Bug 3483: assertion failed store.cc:1866: 'isEmpty()'
* Use relative-URL in errorpage.css for SN.png
* Bug 4193: Memory leak on FTP listings
* Bug 4274: ssl_crtd.8 not being installed
* Fix CONNECT failover to IPv4 after trying broken IPv6 servers
* Bug 4183: segfault when freeing https_port clientca on reconfigure or exit.
* TLS: Disable client-initiated renegotiation
* Translations: add Spanish US dialect alias
* Cleanup: replace __DATE__ and __TIME__ macros
* Fix assertion String.cc:221: "str"
* Fix assertion comm.cc:759: "Comm::IsConnOpen(conn)" in ConnStateData::getSslContextDone
* Bug 3875: bad mimeLoadIconFile error handling
* Support custom OIDs in *_cert ACLs
* Bug 3329: The server side pinned connection is not closed properly

Revision 1.48: download - view: text, markup, annotated - select for diffs
Fri Jun 12 10:52:15 2015 UTC (9 years, 6 months ago) by wiz
Branches: MAIN
CVS tags: pkgsrc-2015Q2-base
Branch point for: pkgsrc-2015Q2
Diff to: previous 1.47: preferred, colored
Changes since revision 1.47: +2 -2 lines
Recursive PKGREVISION bump for all packages mentioning 'perl',
having a PKGNAME of p5-*, or depending such a package,
for perl-5.22.0.

Revision 1.47: download - view: text, markup, annotated - select for diffs
Mon Jun 1 16:18:20 2015 UTC (9 years, 6 months ago) by sborrill
Branches: MAIN
Diff to: previous 1.46: preferred, colored
Changes since revision 1.46: +2 -1 lines
Fix transparent proxying with IPFilter. Patch submitted to squid mailing
list.

Revision 1.46: download - view: text, markup, annotated - select for diffs
Fri May 29 07:50:59 2015 UTC (9 years, 6 months ago) by adam
Branches: MAIN
Diff to: previous 1.45: preferred, colored
Changes since revision 1.45: +2 -2 lines
Changes 3.5.5:
* Portability: migrate auto_ptr to C++11 unique_ptr
* Portability: Define nullptr if not provided
* Cleanup: sync ModSelect.cc and ModSelectWin32.cc
* Fix segmentation fault inside Adaptation::Icap::Xaction::swanSong
* Fix "Not enough space to hold server hello message" error message
* Bug 4132: regression in short_icon_urls with global_internal_static on
* Prevent unused ssl_crtd helpers being run
* Docs: fix debug output on https_port context failure
* HTTP/2: publish RFC 7540
* Fix incorrect use of errno in various libcomm.la places
* Bug 4236: SSL negotiation error of 'success'
* Fix signal.h usage to resolve compiler warning
* Bug 3930: assertion 'connIsUsable(http->getConn())'
* Fix missing external ACL helper notes
* Bug 4238: assertion Read.cc:205: "params.data == data"
* Docs: remove 4.0-only info added by rev.13823
* comm_connect_addr on failures returns Comm:OK
* Docs: shuffle SMP specific options to the top of squid.conf
* CacheMgr: display 'client_db off' instead of 0 clients accessing cache
* Fix assertion errorpage.cc:600: "entry->isEmpty()"
* Fix assertion MemBuf.cc:380: "new_cap > (size_t) capacity" in SSL I/O buffer

Revision 1.44.2.1: download - view: text, markup, annotated - select for diffs
Mon May 11 19:42:27 2015 UTC (9 years, 7 months ago) by tron
Branches: pkgsrc-2015Q1
Diff to: previous 1.44: preferred, colored; next MAIN 1.45: preferred, colored
Changes since revision 1.44: +2 -2 lines
Pullup ticket #4711 - requested by taca
www/squid3: security update

Revisions pulled up:
- www/squid3/Makefile                                           1.45
- www/squid3/distinfo                                           1.32
- www/squid3/options.mk                                         1.16
- www/squid3/patches/patch-configure                            1.6

---
   Module Name:	pkgsrc
   Committed By:	adam
   Date:		Mon May  4 09:13:35 UTC 2015

   Modified Files:
   	pkgsrc/www/squid3: Makefile distinfo options.mk
   	pkgsrc/www/squid3/patches: patch-configure

   Log Message:
   Changes 3.5.4:
   * Fix X509 server certificate domain matching
   * Bug 3775: Disable HTTP/1.1 pipeline feature for pinned connections
   * Cleanup: Display correct error code in debugging output for IoCallback::finish
   * Cleanup: Fix spelling error in debug message in parseHttpRequest()
   * Cleanup: Add whitespace to make debug message in writeComplete() more readable
   * Add Kerberos support for MAC OS X 10.x
   * Bug 4234: comm_connect_addr uses errno incorrectly
   * Fix 'access_log none' to prevent following logs being used
   * Unexpected SQUID_X509_V_ERR_DOMAIN_MISMATCH errors while accessing sites with valid certificates
   * Docs: Update CONTRIBUTORS
   * Ensure class Lock counter remains within bounds
   * Portability: Add hacks to define C++11 explicit N-bit type limits
   * Fix SSL_get_peer_certificate memory leak
   * Bug 4231 pt2: comm_open_uds does not provide description for newly opened FD
   * Bug 4231 pt1: fd_open() not correctly handling empty descriptions
   * Negotiate Kerberos authentication request size exceeds output buffer size.
   * Do not increment an iterator invalidated by std::map::erase().
   * Fix require-proxy-header preventing HTTPS proxying and ssl-bump
   * Fix atomics check broken by C++11 #include added in v3.5 branch r13783
   * Support for resuming TLS sessions
   * Bug 4212: ssl_crtd crashes with corrupt database
   * Fix rev.13795 ServerName class
   * Add server_name ACL matching server name(s) obtained from various sources
   * Bug 4226: digest_edirectory_auth: found but cannot be built
   * Invalid request->clientConnectionManager object used by Ssl::PeerConnector::handleNegotiateError
   * Bug 4198: assertion failed: client_side.h:364: "sslServerBump == srvBump"
   * Fix cross-compile issues with SSL_get_certificate()
   * Docs: RFC 7238 obsoleted by RFC 7538
   * Boilerplate: reference Translator copyrights in CREDITS
   * Cleanup: Place explicit size on ref-count lock counter
   * Cleanup: extend SBuf debugging information
   * digest_edirectory_auth: Fix -lnettle dependency error

Revision 1.45: download - view: text, markup, annotated - select for diffs
Mon May 4 09:13:34 2015 UTC (9 years, 7 months ago) by adam
Branches: MAIN
Diff to: previous 1.44: preferred, colored
Changes since revision 1.44: +2 -2 lines
Changes 3.5.4:
* Fix X509 server certificate domain matching
* Bug 3775: Disable HTTP/1.1 pipeline feature for pinned connections
* Cleanup: Display correct error code in debugging output for IoCallback::finish
* Cleanup: Fix spelling error in debug message in parseHttpRequest()
* Cleanup: Add whitespace to make debug message in writeComplete() more readable
* Add Kerberos support for MAC OS X 10.x
* Bug 4234: comm_connect_addr uses errno incorrectly
* Fix 'access_log none' to prevent following logs being used
* Unexpected SQUID_X509_V_ERR_DOMAIN_MISMATCH errors while accessing sites with valid certificates
* Docs: Update CONTRIBUTORS
* Ensure class Lock counter remains within bounds
* Portability: Add hacks to define C++11 explicit N-bit type limits
* Fix SSL_get_peer_certificate memory leak
* Bug 4231 pt2: comm_open_uds does not provide description for newly opened FD
* Bug 4231 pt1: fd_open() not correctly handling empty descriptions
* Negotiate Kerberos authentication request size exceeds output buffer size.
* Do not increment an iterator invalidated by std::map::erase().
* Fix require-proxy-header preventing HTTPS proxying and ssl-bump
* Fix atomics check broken by C++11 #include added in v3.5 branch r13783
* Support for resuming TLS sessions
* Bug 4212: ssl_crtd crashes with corrupt database
* Fix rev.13795 ServerName class
* Add server_name ACL matching server name(s) obtained from various sources
* Bug 4226: digest_edirectory_auth: found but cannot be built
* Invalid request->clientConnectionManager object used by Ssl::PeerConnector::handleNegotiateError
* Bug 4198: assertion failed: client_side.h:364: "sslServerBump == srvBump"
* Fix cross-compile issues with SSL_get_certificate()
* Docs: RFC 7238 obsoleted by RFC 7538
* Boilerplate: reference Translator copyrights in CREDITS
* Cleanup: Place explicit size on ref-count lock counter
* Cleanup: extend SBuf debugging information
* digest_edirectory_auth: Fix -lnettle dependency error

Revision 1.39.2.1: download - view: text, markup, annotated - select for diffs
Sat Feb 21 12:53:08 2015 UTC (9 years, 9 months ago) by tron
Branches: pkgsrc-2014Q4
Diff to: previous 1.39: preferred, colored; next MAIN 1.40: preferred, colored
Changes since revision 1.39: +2 -2 lines
Pullup ticket #4623 - requested by taca
www/squid3: security update

Revisions pulled up:
- www/squid3/Makefile                                           patch
- www/squid3/distinfo                                           patch
- www/squid3/patches/patch-compat_compat.h                      new file
- www/squid3/patches/patch-src_ip_Intercept.cc                  patch

---
Apply patch:
- Fix buidling when IPF is turned on
- Update to version 3.4.12

Revision 1.44: download - view: text, markup, annotated - select for diffs
Thu Feb 19 01:10:23 2015 UTC (9 years, 9 months ago) by taca
Branches: MAIN
CVS tags: pkgsrc-2015Q1-base
Branch point for: pkgsrc-2015Q1
Diff to: previous 1.43: preferred, colored
Changes since revision 1.43: +2 -2 lines
Update squid3 to 3.5.2 (Squid 3.5.3).

Changes to squid-3.5.2 (18 Feb 2015):

	- Regression Bug 4176: Digest auth too many helper lookups
	- Regression Bug 4180: not-fully-initialized data member in ACLUserData
	- Bug 4172: Solaris broken krb5-config
	- Bug 4073: Cygwin compile errors
	- Bug 3919: remove several never-true / never-false comparisons
	- HTTPS: Add missing root CAs when validating chains that passed internal checks
	- Fix some cbdataFree related memory leaks
	- Quieten CBDATA 'leak' messages
	- Set SNI information in transparent bumping mode
	- negotiate_kerberos_auth: fix krb5.conf backward compatibility
	- Fix memory leaks in cachemgr.cgi URL parser
	- Fix sslproxy_options in peek-and-splice mode
	- ... and fix several portability and build issues
	- ... and some documentation updates
	- ... and all fixes from squid 3.4.11

Revision 1.43: download - view: text, markup, annotated - select for diffs
Thu Jan 22 11:53:21 2015 UTC (9 years, 10 months ago) by obache
Branches: MAIN
Diff to: previous 1.42: preferred, colored
Changes since revision 1.42: +2 -1 lines
libltdl is used.

Revision 1.42: download - view: text, markup, annotated - select for diffs
Thu Jan 22 11:38:58 2015 UTC (9 years, 10 months ago) by obache
Branches: MAIN
Diff to: previous 1.41: preferred, colored
Changes since revision 1.41: +1 -6 lines
int64_t GNU atomic operations are used, check them instead in configure.

i486 is not sufficient, i686 and/or much newer compiler will be required for
NetBSD-5.*-i386.

Revision 1.41: download - view: text, markup, annotated - select for diffs
Wed Jan 21 11:23:16 2015 UTC (9 years, 10 months ago) by adam
Branches: MAIN
Diff to: previous 1.40: preferred, colored
Changes since revision 1.40: +3 -4 lines
Changes 3.5.1:
Support libecap v1.0
Authentication helper query extensions
Support named services
Upgraded squidclient tool
Helper support for concurrency channels
Native FTP Relay
Receive PROXY protocol, Versions 1 & 2
Basic authentication MSNT helper changes

Revision 1.40: download - view: text, markup, annotated - select for diffs
Fri Jan 16 11:41:11 2015 UTC (9 years, 10 months ago) by adam
Branches: MAIN
Diff to: previous 1.39: preferred, colored
Changes since revision 1.39: +2 -2 lines
Changes 3.4.11:
* cachemgr.cgi: memory leak in request parser
* Fix typo on commStartSslClose
* Fix SQUID_CC_REQUIRE_ARGUMENT autoconf macro
* Bug 3760: squidclient ignores --disable-ipv6
* Bug 3664: ssl_crtd fails to build on OpenSolaris/OpenIndiana/Solaris 11
* Bug 3754: configure doesnt detect IPFilter 5.1.2 system headers
* Bug 4164: SEGFAULT when %W formating code used in errorpages
* Deleting first fs left psstate->servers pointing to uninitialized memory
* Maintenance: check release notes on packaging
* Bug 4057: Avoid on-exit crashes when adaptation is enabled.

Revision 1.39: download - view: text, markup, annotated - select for diffs
Wed Dec 10 10:18:36 2014 UTC (10 years ago) by adam
Branches: MAIN
CVS tags: pkgsrc-2014Q4-base
Branch point for: pkgsrc-2014Q4
Diff to: previous 1.38: preferred, colored
Changes since revision 1.38: +2 -2 lines
Changes 3.4.10:
* Fix bootstrap.sh dependency on SPONSORS.list
* HTTP/2: Support 421 (Misdirected Request) status code
* Alternate-Protocol is a hop-by-hop header
* Bug 4148: external_acl_type header format does not accept the new libformat syntax
* Bug 4033: Rebuild corrupted ssl_db/size file
* Bug 3902: Docs: external_acl_type cache hash key
* Bug 4145: squid_endian.h compile errors with OpenBSD 5.6
* Fix segmentation fault in ACLUrlPathStrategy::match

Revision 1.38: download - view: text, markup, annotated - select for diffs
Sat Nov 8 09:33:33 2014 UTC (10 years, 1 month ago) by adam
Branches: MAIN
Diff to: previous 1.37: preferred, colored
Changes since revision 1.37: +2 -2 lines
Changes 3.4.9:
* Fix man(8)/man(1) page syntax
* Source Maintenance: bump astyle version to 2.03
* Bug 4093: source-maintenance.sh bad perl -i option
* Bug 4102: sslbump cert contains only a dot character in key usage extension
* kerberos_ldap_group/cert_tool: Remove ksh dependency
* ext_kerberos_ldap_group_acl: Fix regression typo in 3.4.7
* Bug 3803: ident leaks memory on failure
* Bug 4024: Bad host/IP ::1 when using IPv4-only environment
* Bug 4093: source-maintenance.sh errors and warnings due to wrong tools/options
* CBDATA: log memory leak situations when --enable-debug-cbdata
* Bug 4088: memory leak in external_acl_type helper with cache=0 or ttl=0
* SourceFormat Enforcement

Revision 1.36.2.1: download - view: text, markup, annotated - select for diffs
Thu Oct 2 09:59:22 2014 UTC (10 years, 2 months ago) by tron
Branches: pkgsrc-2014Q3
Diff to: previous 1.36: preferred, colored; next MAIN 1.37: preferred, colored
Changes since revision 1.36: +2 -3 lines
Pullup ticket #4512 - requested by taca
www/squid3: security update

Revisions pulled up:
- www/squid3/Makefile                                           1.37
- www/squid3/distinfo                                           1.24

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Thu Oct  2 07:33:47 UTC 2014

   Modified Files:
   	pkgsrc/www/squid3: Makefile distinfo

   Log Message:
   Update squid to 3.4.8, a security release resolving several vulnerability
   issues found in the prior Squid releases.

   The major changes to be aware of:

   * CVE-2014-6270 : SQUID-2014:3 Buffer overflow in SNMP processing

     http://www.squid-cache.org/Advisories/SQUID-2014_3.txt

   This vulnerability allows any client who is allowed to send SNMP
   packets to the proxy to perform a denial of service attack on Squid.

   The issue came to light as the result of active 0-day attacks. Since
   publication several other attack sightings have been reported.

   * CVE-2014-7141 and CVE-2014-7142 : SQUID-2014:4

     http://www.squid-cache.org/Advisories/SQUID-2014_4.txt

   These vulnerabilities allow a remote attack server to trigger DoS or
   information leakage by sending various malformed ICMP and ICMPv6
   packets to the Squid pinger helper.
   The worst-case DoS scenario is a rarity, a more common impact will be
   general service degradation for high-performance systems relying on
   the pinger for realtime network measurement.

    All users of Squid are urged to upgrade to this release as soon as
   possible.

    See the ChangeLog for the full list of changes in this and earlier
    releases.

   Please refer to the release notes at
   http://www.squid-cache.org/Versions/v3/3.4/RELEASENOTES.html
   when you are ready to make the switch to Squid-3.4

   Upgrade tip:
     "squid -k parse" is starting to display even more
      useful hints about squid.conf changes.

Revision 1.37: download - view: text, markup, annotated - select for diffs
Thu Oct 2 07:33:47 2014 UTC (10 years, 2 months ago) by taca
Branches: MAIN
Diff to: previous 1.36: preferred, colored
Changes since revision 1.36: +2 -3 lines
Update squid to 3.4.8, a security release resolving several vulnerability
issues found in the prior Squid releases.

The major changes to be aware of:

* CVE-2014-6270 : SQUID-2014:3 Buffer overflow in SNMP processing

  http://www.squid-cache.org/Advisories/SQUID-2014_3.txt

This vulnerability allows any client who is allowed to send SNMP
packets to the proxy to perform a denial of service attack on Squid.

The issue came to light as the result of active 0-day attacks. Since
publication several other attack sightings have been reported.


* CVE-2014-7141 and CVE-2014-7142 : SQUID-2014:4

  http://www.squid-cache.org/Advisories/SQUID-2014_4.txt

These vulnerabilities allow a remote attack server to trigger DoS or
information leakage by sending various malformed ICMP and ICMPv6
packets to the Squid pinger helper.
The worst-case DoS scenario is a rarity, a more common impact will be
general service degradation for high-performance systems relying on
the pinger for realtime network measurement.


 All users of Squid are urged to upgrade to this release as soon as
possible.



 See the ChangeLog for the full list of changes in this and earlier
 releases.

Please refer to the release notes at
http://www.squid-cache.org/Versions/v3/3.4/RELEASENOTES.html
when you are ready to make the switch to Squid-3.4

Upgrade tip:
  "squid -k parse" is starting to display even more
   useful hints about squid.conf changes.

Revision 1.33.2.1: download - view: text, markup, annotated - select for diffs
Mon Sep 1 22:18:03 2014 UTC (10 years, 3 months ago) by tron
Branches: pkgsrc-2014Q2
Diff to: previous 1.33: preferred, colored; next MAIN 1.34: preferred, colored
Changes since revision 1.33: +2 -2 lines
Pullup ticket #4491 - requested by taca
www/squid3: security update

Revisions pulled up:
- www/squid3/Makefile                                           1.34-1.36
- www/squid3/distinfo                                           1.22-1.23
- www/squid3/files/squid.sh                                     1.2

---
   Module Name:	pkgsrc
   Committed By:	adam
   Date:		Wed Jul  2 08:48:27 UTC 2014

   Modified Files:
   	pkgsrc/www/squid3: Makefile distinfo

   Log Message:
   Changes 3.4.6:
   Docs: external_acl_type documentation lies for cache=n option
   Non https connectiona on SSL-bump enabled port may stuck
   Do not leak implicit ACLs during reconfigure.
   Assure that when LruMap::memLimit_ is set to 0 no entries stored on LruMap
   Portability: use 64-bit for X-Cache-Age header
   Windows: fix various libip build issues
   Windows: rename TcpLogger::connect
   Windows: rename ConnOpener::connect
   Change order of BSD-specific network includes so that they are properly picked up
   Do not leak ex_data for SSL state that survived reconfigure.
   Do not register the same Cache Manager action more than once
   Fix leaked TcpAcceptor job on reconfiguration
   Fix leak of ACLs related to adaptation access rules
   Bug 4056: assertion MemPools[type] from netdbExchangeStart()
   Bug 4065: round-robin neighbor selection with unequal weights
   Bug 4050: Segfault in CommSelectEngine::checkEvents on helper response
   Fix segfault setting up server SSL connnection
   Regression: segfault logging with %tg format specifier
   SourceFormat Enforcement

---
   Module Name:	pkgsrc
   Committed By:	adam
   Date:		Thu Aug 28 16:52:02 UTC 2014

   Modified Files:
   	pkgsrc/www/squid3: Makefile distinfo

   Log Message:
   Changes 3.4.7:
   kerberos_ldap_group: Fix 'error during setup of Kerberos credential cache'
   Ignore Range headers with unidentifiable byte-range values
   Use v3 for fake certificate if we add _any_ certificate extension.
   Fix regression in rev.13156
   Fix %USER_CA_CERT_* and %CA_CERT_ external_acl formating codes
   Enable compile-time override for MAXTCPLISTENPORTS
   ntlm_sspi_auth: fix various build errors
   negotiate_wrapper: vfork is not portable
   Windows: fix iphlpapi.h include case-sensitivity
   Windows: correct libsspwin32 API for SSP_LogonUser()
   negotiate_sspi_auth: Portability fixes for MinGW
   ext_lm_group_acl: portability fixes for MinGW
   SourceFormat Enforcement
   Bug 4080: worker hangs when client identd is not responding
   Bug 3966: Add KeyEncipherment when ssl-bump substitues RSA for EC.
   Reduce cache_effective_user was leaking $HOME memory

---
   Module Name:	pkgsrc
   Committed By:	tron
   Date:		Fri Aug 29 11:13:46 UTC 2014

   Modified Files:
   	pkgsrc/www/squid3: Makefile
   	pkgsrc/www/squid3/files: squid.sh

   Log Message:
   Get "/etc/rc.d/squid status" and "/etc/rc.d/squid restart" to work again
   under NetBSD (and other platforms using "/etc/rc.subr"?).

   Bump package revision because of this fix.

Revision 1.36: download - view: text, markup, annotated - select for diffs
Fri Aug 29 11:13:46 2014 UTC (10 years, 3 months ago) by tron
Branches: MAIN
CVS tags: pkgsrc-2014Q3-base
Branch point for: pkgsrc-2014Q3
Diff to: previous 1.35: preferred, colored
Changes since revision 1.35: +2 -1 lines
Get "/etc/rc.d/squid status" and "/etc/rc.d/squid restart" to work again
under NetBSD (and other platforms using "/etc/rc.subr"?).

Bump package revision because of this fix.

Revision 1.35: download - view: text, markup, annotated - select for diffs
Thu Aug 28 16:52:02 2014 UTC (10 years, 3 months ago) by adam
Branches: MAIN
Diff to: previous 1.34: preferred, colored
Changes since revision 1.34: +2 -2 lines
Changes 3.4.7:
kerberos_ldap_group: Fix 'error during setup of Kerberos credential cache'
Ignore Range headers with unidentifiable byte-range values
Use v3 for fake certificate if we add _any_ certificate extension.
Fix regression in rev.13156
Fix %USER_CA_CERT_* and %CA_CERT_ external_acl formating codes
Enable compile-time override for MAXTCPLISTENPORTS
ntlm_sspi_auth: fix various build errors
negotiate_wrapper: vfork is not portable
Windows: fix iphlpapi.h include case-sensitivity
Windows: correct libsspwin32 API for SSP_LogonUser()
negotiate_sspi_auth: Portability fixes for MinGW
ext_lm_group_acl: portability fixes for MinGW
SourceFormat Enforcement
Bug 4080: worker hangs when client identd is not responding
Bug 3966: Add KeyEncipherment when ssl-bump substitues RSA for EC.
Reduce cache_effective_user was leaking $HOME memory

Revision 1.34: download - view: text, markup, annotated - select for diffs
Wed Jul 2 08:48:27 2014 UTC (10 years, 5 months ago) by adam
Branches: MAIN
Diff to: previous 1.33: preferred, colored
Changes since revision 1.33: +2 -3 lines
Changes 3.4.6:
Docs: external_acl_type documentation lies for cache=n option
Non https connectiona on SSL-bump enabled port may stuck
Do not leak implicit ACLs during reconfigure.
Assure that when LruMap::memLimit_ is set to 0 no entries stored on LruMap
Portability: use 64-bit for X-Cache-Age header
Windows: fix various libip build issues
Windows: rename TcpLogger::connect
Windows: rename ConnOpener::connect
Change order of BSD-specific network includes so that they are properly picked up
Do not leak ex_data for SSL state that survived reconfigure.
Do not register the same Cache Manager action more than once
Fix leaked TcpAcceptor job on reconfiguration
Fix leak of ACLs related to adaptation access rules
Bug 4056: assertion MemPools[type] from netdbExchangeStart()
Bug 4065: round-robin neighbor selection with unequal weights
Bug 4050: Segfault in CommSelectEngine::checkEvents on helper response
Fix segfault setting up server SSL connnection
Regression: segfault logging with %tg format specifier
SourceFormat Enforcement

Revision 1.33: download - view: text, markup, annotated - select for diffs
Fri Jun 27 23:07:44 2014 UTC (10 years, 5 months ago) by asau
Branches: MAIN
CVS tags: pkgsrc-2014Q2-base
Branch point for: pkgsrc-2014Q2
Diff to: previous 1.32: preferred, colored
Changes since revision 1.32: +6 -1 lines
configure fails to detect <netinet/ip_icmp.h> presense on FreeBSD 10.
Work around it.

Revision 1.32: download - view: text, markup, annotated - select for diffs
Thu May 29 23:38:17 2014 UTC (10 years, 6 months ago) by wiz
Branches: MAIN
Diff to: previous 1.31: preferred, colored
Changes since revision 1.31: +2 -1 lines
Bump for perl-5.20.0.
Do it for all packages that
* mention perl, or
* have a directory name starting with p5-*, or
* depend on a package starting with p5-
like last time, for 5.18, where this didn't lead to complaints.
Let me know if you have any this time.

Revision 1.31: download - view: text, markup, annotated - select for diffs
Mon May 5 09:59:21 2014 UTC (10 years, 7 months ago) by adam
Branches: MAIN
Diff to: previous 1.30: preferred, colored
Changes since revision 1.30: +2 -2 lines
Changes 3.4.5:
* Logformat annotation fixes
* Resolve 'dying from an unhandled exception: c'
* Fix order dependency between cache_dir and maximum_object_size
* Bug 4051: fix inverted test on CONNECT payload existence

Revision 1.30: download - view: text, markup, annotated - select for diffs
Mon Mar 10 12:19:42 2014 UTC (10 years, 9 months ago) by adam
Branches: MAIN
CVS tags: pkgsrc-2014Q1-base, pkgsrc-2014Q1
Diff to: previous 1.29: preferred, colored
Changes since revision 1.29: +2 -3 lines
Changes 3.4.4:
* Avoid assertions on Range requests that trigger Squid-generated errors.
* Protect MemBlob::append() against raw-space writes
* Copyright: Relicense helpers by Treehouse Networks Ltd.
* Portability: define CMSG related structures individually
* Fix helper ID number assignment
* Fixed stalled concurrent rock store reads by insuring their ID uniqueness.
* Bug 3186, Bug 3628: Digest authentication always sending stale=false for nonce
* dynamic_cert_mem_cache_size option related fixes
* Fix umask default on crash report generated email
* Fix pthread library detection on FreeBSD 10
* Bug 4029: intercepted HTTPS requests bypass caching checks
* Bug 4026: SSL and adaptation_access does not handle aborted connections
* Bug 4001: remove use of strsep()
* Move compat/unsafe.h protections from libcompat to source maintenance
* Bug 3969: user credentials cache lookup for Digest authentication broken
* Various fixes to configure for FreeBSD 10
* Regression Bug 3769: client_netmask not evaluated since Comm redesign

Revision 1.29: download - view: text, markup, annotated - select for diffs
Fri Feb 28 12:28:32 2014 UTC (10 years, 9 months ago) by obache
Branches: MAIN
Diff to: previous 1.28: preferred, colored
Changes since revision 1.28: +2 -2 lines
Exactly disable krb5 if option is off, otherwise specify wanted krb5-config.

Bump PKGREVISION.

Revision 1.28: download - view: text, markup, annotated - select for diffs
Wed Feb 12 23:18:47 2014 UTC (10 years, 10 months ago) by tron
Branches: MAIN
Diff to: previous 1.27: preferred, colored
Changes since revision 1.27: +2 -2 lines
Recursive PKGREVISION bump for OpenSSL API version bump.

Revision 1.24.2.1: download - view: text, markup, annotated - select for diffs
Mon Feb 10 09:47:25 2014 UTC (10 years, 10 months ago) by tron
Branches: pkgsrc-2013Q4
Diff to: previous 1.24: preferred, colored; next MAIN 1.25: preferred, colored
Changes since revision 1.24: +5 -5 lines
Pullup ticket #4318 - requested by sborrill
www/squid3: bug fix update

Revisions pulled up:
- www/squid3/Makefile                                           1.25-1.27
- www/squid3/PLIST                                              1.8
- www/squid3/distinfo                                           1.18-1.19
- www/squid3/patches/patch-compat_os_hpux.h                     deleted
- www/squid3/patches/patch-include_SquidNew.h                   deleted
- www/squid3/patches/patch-src_base_Vector.h                    deleted

---
   Module Name:	pkgsrc
   Committed By:	adam
   Date:		Tue Dec 31 11:54:32 UTC 2013

   Modified Files:
   	pkgsrc/www/squid3: Makefile distinfo

   Log Message:
   Changes 3.4.2:
   * Added missing header in client_side_reply.cc for clang
   * Bug 3498: FTP PUT assertion Server.cc:246: 'r->body_pipe != NULL'
   * Bug 3985: 60s limit introduced by balance_on_multiple_ip breaks bad IP recovery
   * Fix \-unescaping in quoted strings from helpers
   * WCCPv2: fix assertion 'Cannot convert non-IPv4 to IPv4' on FreeBSD
   * Fix missing cast in rev.13162
   * Bug 3980: FATAL ERROR due to max_user_ip -s option
   * Fix linker errors "relocation R_X86_64_32 against .rodata"
   * Regression in URL helper API
   * Bug 3806: Caching responses with Vary header
   * Set sslcrtvalidator_children concurrency option default value to 1
   * Release notes: update HTML version

---
   Module Name:	pkgsrc
   Committed By:	adam
   Date:		Tue Feb  4 14:23:01 UTC 2014

   Modified Files:
   	pkgsrc/www/squid3: Makefile distinfo
   Removed Files:
   	pkgsrc/www/squid3/patches: patch-compat_os_hpux.h
   	    patch-include_SquidNew.h patch-src_base_Vector.h

   Log Message:
   Changes 3.4.3:
   * Update CONTRIBUTORS
   * Fix peerSelectDnsResults() IP address cycling
   * Comm job callbacks need job's cbdata pointer, not a job pointer.
   * Bug 3975: atomic detection cross-compilation failure
   * Bug 3954: compile failure in CpuAffinity.cc
   * Bug 3971: "cannot aggregate mgr:client_list: cmd->profile != NULL" in SMP mode
   * Initialize asyncLoopDepth_ in constructor
   * Fix external_acl_type async loop failures
   * Bug 4008: HttpHeader warnOnError should be an int not a bool
   * Fix memory leak in peer cache Digest exchange
   * Bug 3927: tests/testRock fatal.cc required
   * Bug 4002: clang 3.4 unable to compile
   * Document and enforce invariant on Format::Token.divisor
   * Bug 4002: clang 3.4 unable to compile
   * Bug 3996: Malformed DNS reply leads to crash
   * Disable error page translation by default in builds
   * Bug 3995: compile error on CentOS 5 with GCC 4.1.2
   * Centrally destroy all ACLs to avoid destruction segfaults

---
   Module Name:	pkgsrc
   Committed By:	obache
   Date:		Fri Feb  7 05:28:19 UTC 2014

   Modified Files:
   	pkgsrc/www/squid3: Makefile PLIST

   Log Message:
   Remove tons of unwanted dir in INSTALLATION_DIRS, and remove last backslash,
   it will concat to next line "SPECIAL_PERMS", then it result in creating unwanted
   directory and let "pinger" to install into wrong directry, and permission is not
   set correctly.

   Bump PKGREVISION.

Revision 1.27: download - view: text, markup, annotated - select for diffs
Fri Feb 7 05:28:19 2014 UTC (10 years, 10 months ago) by obache
Branches: MAIN
Diff to: previous 1.26: preferred, colored
Changes since revision 1.26: +4 -3 lines
Remove tons of unwanted dir in INSTALLATION_DIRS, and remove last backslash,
it will concat to next line "SPECIAL_PERMS", then it result in creating unwanted
directory and let "pinger" to install into wrong directry, and permission is not
set correctly.

Bump PKGREVISION.

Revision 1.26: download - view: text, markup, annotated - select for diffs
Tue Feb 4 14:23:01 2014 UTC (10 years, 10 months ago) by adam
Branches: MAIN
Diff to: previous 1.25: preferred, colored
Changes since revision 1.25: +2 -2 lines
Changes 3.4.3:
* Update CONTRIBUTORS
* Fix peerSelectDnsResults() IP address cycling
* Comm job callbacks need job's cbdata pointer, not a job pointer.
* Bug 3975: atomic detection cross-compilation failure
* Bug 3954: compile failure in CpuAffinity.cc
* Bug 3971: "cannot aggregate mgr:client_list: cmd->profile != NULL" in SMP mode
* Initialize asyncLoopDepth_ in constructor
* Fix external_acl_type async loop failures
* Bug 4008: HttpHeader warnOnError should be an int not a bool
* Fix memory leak in peer cache Digest exchange
* Bug 3927: tests/testRock fatal.cc required
* Bug 4002: clang 3.4 unable to compile
* Document and enforce invariant on Format::Token.divisor
* Bug 4002: clang 3.4 unable to compile
* Bug 3996: Malformed DNS reply leads to crash
* Disable error page translation by default in builds
* Bug 3995: compile error on CentOS 5 with GCC 4.1.2
* Centrally destroy all ACLs to avoid destruction segfaults

Revision 1.25: download - view: text, markup, annotated - select for diffs
Tue Dec 31 11:54:32 2013 UTC (10 years, 11 months ago) by adam
Branches: MAIN
Diff to: previous 1.24: preferred, colored
Changes since revision 1.24: +2 -3 lines
Changes 3.4.2:
* Added missing header in client_side_reply.cc for clang
* Bug 3498: FTP PUT assertion Server.cc:246: 'r->body_pipe != NULL'
* Bug 3985: 60s limit introduced by balance_on_multiple_ip breaks bad IP recovery
* Fix \-unescaping in quoted strings from helpers
* WCCPv2: fix assertion 'Cannot convert non-IPv4 to IPv4' on FreeBSD
* Fix missing cast in rev.13162
* Bug 3980: FATAL ERROR due to max_user_ip -s option
* Fix linker errors "relocation R_X86_64_32 against .rodata"
* Regression in URL helper API
* Bug 3806: Caching responses with Vary header
* Set sslcrtvalidator_children concurrency option default value to 1
* Release notes: update HTML version

Revision 1.24: download - view: text, markup, annotated - select for diffs
Sun Dec 29 12:10:45 2013 UTC (10 years, 11 months ago) by taca
Branches: MAIN
CVS tags: pkgsrc-2013Q4-base
Branch point for: pkgsrc-2013Q4
Diff to: previous 1.23: preferred, colored
Changes since revision 1.23: +5 -2 lines
Explicitly disable CPU optimized instruction.  (--enable-arch-native is
default.)  Enabling CPU optimized instruction gains some performance, but
it lost portability of the binary package.

Bump PKGREVISION.

Revision 1.23: download - view: text, markup, annotated - select for diffs
Sat Dec 28 19:50:34 2013 UTC (10 years, 11 months ago) by hauke
Branches: MAIN
Diff to: previous 1.22: preferred, colored
Changes since revision 1.22: +2 -2 lines
For PKG_OPTIONS.squid = -ssl, do not PLIST files that will not be
installed.

Revision 1.22: download - view: text, markup, annotated - select for diffs
Wed Dec 11 14:55:02 2013 UTC (11 years ago) by tron
Branches: MAIN
Diff to: previous 1.21: preferred, colored
Changes since revision 1.21: +3 -2 lines
Fix path to Perl interpreter in "libexec/cert_valid.pl".

Bump package revision because the binary got changed.

Revision 1.21: download - view: text, markup, annotated - select for diffs
Tue Dec 10 14:48:26 2013 UTC (11 years ago) by adam
Branches: MAIN
Diff to: previous 1.20: preferred, colored
Changes since revision 1.20: +46 -10 lines
Changes 3.4.1:
* Bug 3589: intercepted and ICAP modified request using a cache_peer
* OpenBSD portability fix in DiskThreads
* Bug 3935: Invalid pointer dereference when peeking at origin server certificate
* Destroy ACLs in the reverse order of creation to avoid destruction segfaults
* Portability: sleep() is sometimes a macro
* Windows: fix compile errors in WinSvc.cc
* Portability: std::string:npos is not always appropriate for String::npos
* Portability: refresh_pattern requires regex
* librfcnb: portability fixes

Revision 1.20: download - view: text, markup, annotated - select for diffs
Tue Dec 3 15:23:51 2013 UTC (11 years ago) by adam
Branches: MAIN
Diff to: previous 1.19: preferred, colored
Changes since revision 1.19: +3 -2 lines
Changes 3.3.11:
* Fix more of rev.12660
* Protect aclIsProxyAuth() debugging from NULL names (via NULL AclMatchedName).
* Bug 3972: Segfault when getting the deny info page ID after a reconfigure
* Fix mistake in porting rev.12660
* Bug 3782: Digest authentication not obeying nonce_max_count
* Bug 3970: max_filedescriptors disabled due to missing setrlimit
* Bug 3967: ipc/Kid.cc compilation failure: 'time' was not declared in this scope
* Re-compute Range response content offset after an FTP response was adapted.
* Source Maintenance: re-add snapshot script to branch
* Bug 3960: Dead Peers Are Not Revived
* Windows: Fix aclocal "is already registered" errors
* Windows: Ensure array index is an integer in C code
* Bug 3956: xstrndup: tried to dup a NULL pointer
* Make HTTP header parser obey relaxed_header_parser
* SourceFormat Enforcement
* Replace blocking sleep(3) and close UDS socket on failures.
* Bug 3936: error-details.txt parse error
* Bug 3906: Filedescriptor leaks in SNMP

Revision 1.19: download - view: text, markup, annotated - select for diffs
Mon Nov 4 09:04:59 2013 UTC (11 years, 1 month ago) by adam
Branches: MAIN
Diff to: previous 1.18: preferred, colored
Changes since revision 1.18: +2 -2 lines
Changes 3.3.10:
* kerberos_ldap_group: fix LDAP string duplication
* Avoid "hot idle": A series of rapid select() calls with zero timeout.
* Bug 3887: tcp_outgoing_tos not working for IPv6
* Fix cbdata 'error: expression result unused' errors
* Have testRock use cachemgr stubs
* Bug 3836: Fix issues with automake 1.13 and later and make check (extra)
* Bug 3836: Fix issues with automake 1.13 and later and make check
* Append Connection:close to OPTIONS requests when icap_persistent_connections is off.
* Add cache_miss_revalidate
* Bug 3480: StoreEntry::kickProducer() segfaults in store_client::copy()
* Fix CBDATA_CLASS2 macro definition
* libntlmauth: Fix string field truncation
* ntlm_fake_auth: pass DOMAIN data to Squid in original case
* Fix SQUID_CC_CHECK_ARGUMENT autoconf macro
* Polish: better WARNING when workers directive is ignore on reconfigure.
* Use IPv6 localhost nameserver on DNS configuration errors
* Bug 3923: cbdata and undefined behavior due to dynamic runtime enumeration
* Polish: report bytes received when bad content-length detected by quick-abort
* Bug 3918: Squid 3.3.9 Self Test Failures on Mac OS X 10.8
* Bug 3929: request_header_add not working for tunnel requests
* Fix pinning hierarchy log information
* Close idle client connections associated with closed idle pinned connections.

Revision 1.18: download - view: text, markup, annotated - select for diffs
Wed Sep 11 06:28:20 2013 UTC (11 years, 3 months ago) by adam
Branches: MAIN
CVS tags: pkgsrc-2013Q3-base, pkgsrc-2013Q3
Diff to: previous 1.17: preferred, colored
Changes since revision 1.17: +2 -2 lines
Changes 3.3.9:
* Bug 3849: Duplicate certificate sent when using https_port
* Fix myportname ACL on ICAP/eCAP transactions
* Improved compatibility with clang and icc
* Bug 3895: fix acl_uses_indirect_client and cache_peer_access
* Show number of available filedescriptors when reserved FD changes
* Regression Bug 3077: off-by-one error in Digest header decoding
* Register Http2-Settings header
* Fix configure parsing IP/domain directives
* Sync with newest OpenSSL error codes
* Handle infinite certificate validation loops caused by OpenSSL Bug 3090.
* Make GCC 4.8 happy with libip code
* Fix assert with side effects in ServerStateData::handleAdaptedHeader
* Fix mgr:info report 'Largest file desc currently in use' with SMP
* Bug 3879: assertion failed ConnStateData::validatePinnedConnection
* Bug 2287: Better fix for unsupported HTTP version handling
* Bug 2112: Reload into If-None-Match
* Fix external ACL user:pass detail logging after adaptation
* Fix assert() with side effects
* Bug 3863: myportname acl causes segmentation fault

Revision 1.13.2.1: download - view: text, markup, annotated - select for diffs
Mon Jul 15 19:56:12 2013 UTC (11 years, 5 months ago) by tron
Branches: pkgsrc-2013Q2
Diff to: previous 1.13: preferred, colored; next MAIN 1.14: preferred, colored
Changes since revision 1.13: +2 -3 lines
Pullup ticket #4178 - requested by taca
www/squid3: security update

Revisions pulled up:
- www/squid3/Makefile                                           1.14-1.17
- www/squid3/distinfo                                           1.9-1.11

---
   Module Name:	pkgsrc
   Committed By:	adam
   Date:		Wed Jul  3 12:47:11 UTC 2013

   Modified Files:
   	pkgsrc/www/squid3: Makefile distinfo

   Log Message:
   Changes 3.3.6:
   Bug 3762: remove bogus WARNING in cache.log
   Fix Ip::Address::operator =(sockaddr_storage)
   Make sure %<tt includes all [failed] connection attempts.
   Bug 3854: pt1: compile errors on AIX
   Fix request headers logging for icap_log
   Support HTTP reply ACLs in icap_log and log_icap
   Bug 3802: Fix wrong check inside Format::Format::assemble
   Bug 3786: Fix configure with --disable-internal-dns compile error
   Polished icap_service and ecap_service documentation.
   SourceFormat Enforcement
   Bug 3717: assertion failed with dstdom_regex with IP based URL
   Fix incorrect external_acl_type codes
   Avoid segfaults on seriously malformed requests when ICAP logging is enabled.
   Ask for SSL key password when started with -N but without sslpassword_program.
   basic_ncsa_auth: fix unused variable warnings (typo in rev.12762)
   Fix buffer null termination
   Bug 1991: kqueue causes SSL to hang

---
   Module Name:	pkgsrc
   Committed By:	jperkin
   Date:		Fri Jul 12 10:45:05 UTC 2013

   Modified Files:
   	pkgsrc/audio/icecast: Makefile
   	pkgsrc/audio/mt-daapd: Makefile
   	pkgsrc/audio/pulseaudio: Makefile
   	pkgsrc/audio/ubs: Makefile
   	pkgsrc/chat/anope: Makefile
   	pkgsrc/chat/atheme: Makefile
   	pkgsrc/chat/bitlbee: Makefile
   	pkgsrc/chat/gale: Makefile
   	pkgsrc/chat/inspircd: Makefile
   	pkgsrc/chat/inspircd12: Makefile
   	pkgsrc/chat/ircd-hybrid: Makefile
   	pkgsrc/chat/ircu: Makefile
   	pkgsrc/chat/jabberd: Makefile
   	pkgsrc/chat/jabberd2: Makefile
   	pkgsrc/chat/silc-server: Makefile
   	pkgsrc/chat/unrealircd: Makefile
   	pkgsrc/comms/asterisk: Makefile
   	pkgsrc/comms/asterisk10: Makefile
   	pkgsrc/comms/asterisk18: Makefile
   	pkgsrc/comms/fidogate: Makefile
   	pkgsrc/comms/mgetty+sendfax: Makefile
   	pkgsrc/comms/minicom: Makefile
   	pkgsrc/comms/snooper: Makefile
   	pkgsrc/databases/apache-cassandra: Makefile
   	pkgsrc/databases/gnats: Makefile
   	pkgsrc/databases/mysql5-server: Makefile
   	pkgsrc/databases/mysql51-server: Makefile
   	pkgsrc/databases/mysql55-server: Makefile
   	pkgsrc/databases/mysql56-server: Makefile
   	pkgsrc/databases/openldap-server: Makefile
   	pkgsrc/databases/pgbouncer: Makefile
   	pkgsrc/databases/phpmyadmin: Makefile
   	pkgsrc/databases/postgresql84-server: Makefile
   	pkgsrc/databases/postgresql90-server: Makefile
   	pkgsrc/databases/postgresql91-server: Makefile
   	pkgsrc/databases/postgresql92-server: Makefile
   	pkgsrc/databases/virtuoso: Makefile
   	pkgsrc/devel/cvsd: Makefile
   	pkgsrc/devel/distcc: Makefile
   	pkgsrc/devel/memcached: Makefile
   	pkgsrc/devel/monotone-server: Makefile
   	pkgsrc/filesystems/tahoe-lafs: Makefile
   	pkgsrc/inputmethod/canna-dict: Makefile
   	pkgsrc/inputmethod/canna-server: Makefile
   	pkgsrc/inputmethod/ja-freewnn-server: Makefile
   	pkgsrc/inputmethod/sj3-server: Makefile
   	pkgsrc/mail/amavisd-new: Makefile
   	pkgsrc/mail/courier-imap: Makefile
   	pkgsrc/mail/courier-maildir: Makefile
   	pkgsrc/mail/dcc: Makefile
   	pkgsrc/mail/dkim-milter: Makefile
   	pkgsrc/mail/dovecot: Makefile
   	pkgsrc/mail/dovecot2: Makefile
   	pkgsrc/mail/dspam: Makefile
   	pkgsrc/mail/enma: Makefile
   	pkgsrc/mail/exim: Makefile
   	pkgsrc/mail/exim3: Makefile
   	pkgsrc/mail/fml: Makefile
   	pkgsrc/mail/fml4: Makefile
   	pkgsrc/mail/freepops: Makefile
   	pkgsrc/mail/gld: Makefile
   	pkgsrc/mail/imapproxy: Makefile
   	pkgsrc/mail/maildrop: Makefile
   	pkgsrc/mail/mailman: Makefile
   	pkgsrc/mail/majordomo: Makefile
   	pkgsrc/mail/milter-greylist: Makefile
   	pkgsrc/mail/milter-manager: Makefile
   	pkgsrc/mail/milter-regex: Makefile
   	pkgsrc/mail/mimedefang: Makefile
   	pkgsrc/mail/nullmailer: Makefile
   	pkgsrc/mail/opendkim: Makefile
   	pkgsrc/mail/policyd-weight: Makefile
   	pkgsrc/mail/popa3d: Makefile
   	pkgsrc/mail/postgrey: Makefile
   	pkgsrc/mail/prayer: Makefile
   	pkgsrc/mail/qpopper: Makefile
   	pkgsrc/mail/quickml: Makefile
   	pkgsrc/mail/sendmail: Makefile
   	pkgsrc/mail/smtp-vilter: Makefile
   	pkgsrc/mail/spamd: Makefile
   	pkgsrc/mail/sqlgrey: Makefile
   	pkgsrc/mail/sqwebmail: Makefile
   	pkgsrc/mail/sympa: Makefile
   	pkgsrc/mail/tmda: Makefile
   	pkgsrc/multimedia/gmediaserver: Makefile
   	pkgsrc/multimedia/mediatomb: Makefile
   	pkgsrc/net/DarwinStreamingServer: Makefile
   	pkgsrc/net/avahi: Makefile
   	pkgsrc/net/bind96: Makefile
   	pkgsrc/net/bind98: Makefile
   	pkgsrc/net/bind99: Makefile
   	pkgsrc/net/cacti: Makefile
   	pkgsrc/net/cntlm: Makefile
   	pkgsrc/net/couriertcpd: Makefile
   	pkgsrc/net/freeradius: Makefile
   	pkgsrc/net/freeradius2: Makefile
   	pkgsrc/net/gofish: Makefile
   	pkgsrc/net/iodine: Makefile
   	pkgsrc/net/irrd: Makefile
   	pkgsrc/net/kismet: Makefile
   	pkgsrc/net/lambdamoo: Makefile
   	pkgsrc/net/lldpd: Makefile
   	pkgsrc/net/mldonkey: Makefile
   	pkgsrc/net/mydns-mysql: Makefile
   	pkgsrc/net/mydns-pgsql: Makefile
   	pkgsrc/net/netdisco: Makefile
   	pkgsrc/net/nsd: Makefile
   	pkgsrc/net/openntpd: Makefile
   	pkgsrc/net/openvpn: Makefile
   	pkgsrc/net/pygopherd: Makefile
   	pkgsrc/net/quagga: Makefile
   	pkgsrc/net/rancid: Makefile
   	pkgsrc/net/rbldnsd: Makefile
   	pkgsrc/net/ruby-stompserver: Makefile
   	pkgsrc/net/snort: Makefile
   	pkgsrc/net/spread: Makefile
   	pkgsrc/net/tacacs-shrubbery: Makefile
   	pkgsrc/net/teamspeak-server: Makefile
   	pkgsrc/net/tor: Makefile
   	pkgsrc/net/unbound: Makefile
   	pkgsrc/net/uucp: Makefile
   	pkgsrc/net/vsftpd: Makefile
   	pkgsrc/net/xymon: Makefile
   	pkgsrc/net/xymonclient: Makefile
   	pkgsrc/news/leafnode: Makefile
   	pkgsrc/news/nntpcache: Makefile
   	pkgsrc/parallel/gridscheduler: Makefile
   	pkgsrc/parallel/sge: Makefile
   	pkgsrc/parallel/slurm: Makefile
   	pkgsrc/print/cups: Makefile
   	pkgsrc/security/cyrus-sasl: Makefile
   	pkgsrc/security/dirmngr: Makefile
   	pkgsrc/security/f-prot-antivirus6-ms-bin: Makefile
   	pkgsrc/security/libprelude: Makefile
   	pkgsrc/security/libprelude-lua: Makefile
   	pkgsrc/security/libprelude-perl: Makefile
   	pkgsrc/security/libprelude-python: Makefile
   	pkgsrc/security/libprelude-ruby: Makefile
   	pkgsrc/security/opendnssec: Makefile
   	pkgsrc/security/openssh: Makefile
   	pkgsrc/security/pks: Makefile
   	pkgsrc/security/policykit: Makefile
   	pkgsrc/security/prelude-correlator: Makefile
   	pkgsrc/security/prelude-lml: Makefile
   	pkgsrc/security/prelude-manager: Makefile
   	pkgsrc/security/py-prewikka: Makefile
   	pkgsrc/security/sfs: Makefile
   	pkgsrc/security/stunnel: Makefile
   	pkgsrc/sysutils/amanda-common: Makefile
   	pkgsrc/sysutils/bacula: Makefile
   	pkgsrc/sysutils/dbus: Makefile
   	pkgsrc/sysutils/hal: Makefile
   	pkgsrc/sysutils/munin-node: Makefile
   	pkgsrc/sysutils/munin-server: Makefile
   	pkgsrc/sysutils/sysbuild-user: Makefile
   	pkgsrc/sysutils/ups-nut: Makefile
   	pkgsrc/textproc/dict-server: Makefile
   	pkgsrc/www/apache: Makefile
   	pkgsrc/www/apache-tomcat6: Makefile
   	pkgsrc/www/apache-tomcat7: Makefile
   	pkgsrc/www/apache2: Makefile
   	pkgsrc/www/apache22: Makefile
   	pkgsrc/www/apache24: Makefile
   	pkgsrc/www/dansguardian: Makefile
   	pkgsrc/www/jetty7: Makefile
   	pkgsrc/www/nginx: Makefile
   	pkgsrc/www/nginx-devel: Makefile
   	pkgsrc/www/ocsigen: Makefile
   	pkgsrc/www/php-concrete5: Makefile
   	pkgsrc/www/php-owncloud: Makefile
   	pkgsrc/www/php-piwigo: Makefile
   	pkgsrc/www/php-soycms: Makefile
   	pkgsrc/www/php-sugarcrm: Makefile
   	pkgsrc/www/php-tiki6: Makefile
   	pkgsrc/www/php-tt-rss: Makefile
   	pkgsrc/www/privoxy: Makefile
   	pkgsrc/www/screws: Makefile
   	pkgsrc/www/sencha-sns: Makefile
   	pkgsrc/www/squid3: Makefile
   	pkgsrc/www/squidGuard: Makefile
   	pkgsrc/www/tinyproxy: Makefile

   Log Message:
   Bump PKGREVISION of all packages which create users, to pick up change of
   sysutils/user_* packages.

---
   Module Name:	pkgsrc
   Committed By:	adam
   Date:		Fri Jul 12 21:32:36 UTC 2013

   Modified Files:
   	pkgsrc/www/squid3: Makefile distinfo

   Log Message:
   Changes 3.3.7:
   * Protect against buffer overrun in DNS query generation
   * SourceFormat Enforcement
   * Bug 3297: Fix openSSL related build failures
   * Fix build on FreeBSD 9.x platform with clang

---
   Module Name:	pkgsrc
   Committed By:	adam
   Date:		Sun Jul 14 17:54:44 UTC 2013

   Modified Files:
   	pkgsrc/www/squid3: Makefile distinfo

   Log Message:
   Changes 3.3.8:
   * Better handling of strange port values in Host:
   * Bug 3869: assertion failed: MemBuf.cc:272: size < capacity

Revision 1.17: download - view: text, markup, annotated - select for diffs
Sun Jul 14 17:54:43 2013 UTC (11 years, 5 months ago) by adam
Branches: MAIN
Diff to: previous 1.16: preferred, colored
Changes since revision 1.16: +2 -2 lines
Changes 3.3.8:
* Better handling of strange port values in Host:
* Bug 3869: assertion failed: MemBuf.cc:272: size < capacity

Revision 1.16: download - view: text, markup, annotated - select for diffs
Fri Jul 12 21:32:36 2013 UTC (11 years, 5 months ago) by adam
Branches: MAIN
Diff to: previous 1.15: preferred, colored
Changes since revision 1.15: +2 -3 lines
Changes 3.3.7:
* Protect against buffer overrun in DNS query generation
* SourceFormat Enforcement
* Bug 3297: Fix openSSL related build failures
* Fix build on FreeBSD 9.x platform with clang

Revision 1.15: download - view: text, markup, annotated - select for diffs
Fri Jul 12 10:45:05 2013 UTC (11 years, 5 months ago) by jperkin
Branches: MAIN
Diff to: previous 1.14: preferred, colored
Changes since revision 1.14: +2 -1 lines
Bump PKGREVISION of all packages which create users, to pick up change of
sysutils/user_* packages.

Revision 1.14: download - view: text, markup, annotated - select for diffs
Wed Jul 3 12:47:11 2013 UTC (11 years, 5 months ago) by adam
Branches: MAIN
Diff to: previous 1.13: preferred, colored
Changes since revision 1.13: +2 -3 lines
Changes 3.3.6:
Bug 3762: remove bogus WARNING in cache.log
Fix Ip::Address::operator =(sockaddr_storage)
Make sure %<tt includes all [failed] connection attempts.
Bug 3854: pt1: compile errors on AIX
Fix request headers logging for icap_log
Support HTTP reply ACLs in icap_log and log_icap
Bug 3802: Fix wrong check inside Format::Format::assemble
Bug 3786: Fix configure with --disable-internal-dns compile error
Polished icap_service and ecap_service documentation.
SourceFormat Enforcement
Bug 3717: assertion failed with dstdom_regex with IP based URL
Fix incorrect external_acl_type codes
Avoid segfaults on seriously malformed requests when ICAP logging is enabled.
Ask for SSL key password when started with -N but without sslpassword_program.
basic_ncsa_auth: fix unused variable warnings (typo in rev.12762)
Fix buffer null termination
Bug 1991: kqueue causes SSL to hang

Revision 1.13: download - view: text, markup, annotated - select for diffs
Fri Jun 7 12:28:39 2013 UTC (11 years, 6 months ago) by tron
Branches: MAIN
CVS tags: pkgsrc-2013Q2-base
Branch point for: pkgsrc-2013Q2
Diff to: previous 1.12: preferred, colored
Changes since revision 1.12: +3 -3 lines
Make Perl a run-time dependence because multiple scripts included in this
package use it.

Revision 1.12: download - view: text, markup, annotated - select for diffs
Tue Jun 4 15:16:42 2013 UTC (11 years, 6 months ago) by tron
Branches: MAIN
Diff to: previous 1.11: preferred, colored
Changes since revision 1.11: +2 -2 lines
Override broken "configure" test that doesn't work with Perl 5.18.0
to fix the build of one of the helper scripts.

Bump the package revision because the binary package would have been
incomplete previously.

Revision 1.11: download - view: text, markup, annotated - select for diffs
Fri May 31 12:42:54 2013 UTC (11 years, 6 months ago) by wiz
Branches: MAIN
Diff to: previous 1.10: preferred, colored
Changes since revision 1.10: +2 -1 lines
Bump all packages for perl-5.18, that
a) refer 'perl' in their Makefile, or
b) have a directory name of p5-*, or
c) have any dependency on any p5-* package

Like last time, where this caused no complaints.

Revision 1.10: download - view: text, markup, annotated - select for diffs
Thu May 23 20:21:28 2013 UTC (11 years, 6 months ago) by adam
Branches: MAIN
Diff to: previous 1.9: preferred, colored
Changes since revision 1.9: +2 -3 lines
Changes 3.3.5:
* Allocate ClientInfo::hash.key using malloc() instead of new char[]
* Bug 3851: Delay Pool class 5 tag:levels displayed incorrectly in cache manager
* Use case-insensitive comparison for HTTP header names in *_header_access
* Bug 3744: squid terminated: FATAL: Bungled (null) line 3: sslproxy_cert_sign signTrusted all
* Bug 3759: OpenSSL compilation error on stock Fedora17, RHEL, CentOS 6 systems
* Bug 3816: SSL_get_certificate call inside Ssl::verifySslCertificate crashes squid, part2
* Port from 2.6: external acl %ACL and %DATA tags
* Log an ERROR instead of halting on unknown cache_dir types
* Add missing piece omitted from rev.9677
* Remove origin_tries limiter on forwarding
* Fixed leaking configurable SSL error details.
* Fix memory error with Kerberos authentication
* Avoid !closing assertions when helpers call comm_read [during reconfigure].
* Avoid Comm::Connection leaks when helpers are reconfigured or otherwise closed.
* find-alive.pl: Replaced HttpReq entry (already covered by the guessing code) with HttpHeaderEntry entry
* Docs: Polish [http::]>h and [http::]>ha descriptions to emphasize their pre-cache scope
* Polish: show file path on Bungled lines

Revision 1.9: download - view: text, markup, annotated - select for diffs
Thu May 23 15:28:45 2013 UTC (11 years, 6 months ago) by tron
Branches: MAIN
Diff to: previous 1.8: preferred, colored
Changes since revision 1.8: +2 -2 lines
Resign as maintainer of this package. Other pkgsrc developers are doing
a much better job of maintaining this package anyway.

Revision 1.8: download - view: text, markup, annotated - select for diffs
Thu May 16 12:04:57 2013 UTC (11 years, 6 months ago) by obache
Branches: MAIN
Diff to: previous 1.7: preferred, colored
Changes since revision 1.7: +2 -1 lines
* Fixes a digest auth helper name, no `password', but `file' exists.
* overwrite `config.test' scripts for helper modules, because its check
  is incomplete but assured with pkgsrc option. PR pkg/47787.

Bump PKGREVISION.

Revision 1.7: download - view: text, markup, annotated - select for diffs
Sat Apr 27 17:51:24 2013 UTC (11 years, 7 months ago) by tron
Branches: MAIN
Diff to: previous 1.6: preferred, colored
Changes since revision 1.6: +2 -3 lines
Update "squid3" package to version 3.3.4. Changes since 3.3.3:
- Bug 3831: basic_ncsa_auth Blowfish and SHA support
- Bug 3816: SSL_get_certificate call inside Ssl::verifySslCertificate crashes
- Bug 3794: MacOS: workaround compiler errors and case-insensitivity
- Bug 3781: Proxy Authentication not sent to cache_peer
- Bug 3720 pt1: SourceLayout: shuffle fd_table definition into fde.h
- Bug 3720 pt2: Add missing include in /dev/poll I/O module
- Bug 3674: Improve compiler detection, better support warnings-as-errors on clang
- Add support for TPROXY on BSD
- Fix SSL Bump bypass for intercepted traffic
- Fix memory leaks in ConnStateData pinning
- Fix external_acl.cc "inBackground" assertion on queue overloads
- CacheMgr: fix missing column separator in helper stats
- OpenBSD: libpthreads requires OpenBSD 5.2 or later
- ... and lots of documentation updates
- ... and all changes from squid 3.2.10

This update might fix PR pkg/42568.

Revision 1.6: download - view: text, markup, annotated - select for diffs
Tue Mar 19 01:43:05 2013 UTC (11 years, 8 months ago) by obache
Branches: MAIN
CVS tags: pkgsrc-2013Q1-base, pkgsrc-2013Q1
Diff to: previous 1.5: preferred, colored
Changes since revision 1.5: +6 -1 lines
Fixes build on NetBSD-5.2-i386, i486 features are required.

Revision 1.5: download - view: text, markup, annotated - select for diffs
Wed Mar 13 17:11:25 2013 UTC (11 years, 9 months ago) by taca
Branches: MAIN
Diff to: previous 1.4: preferred, colored
Changes since revision 1.4: +2 -1 lines
* pkglint friendly.
* Add and Update PKG_OPTIONS related to storage backend.

- squid-backend-null: "null" type of storage backend had been deperecated.
- Add squid-backend-rock.
- Revive squid-backend-aufs.

Bump PKGREVISION.

Revision 1.4: download - view: text, markup, annotated - select for diffs
Wed Mar 13 12:36:39 2013 UTC (11 years, 9 months ago) by adam
Branches: MAIN
Diff to: previous 1.3: preferred, colored
Changes since revision 1.3: +2 -2 lines
Changes 3.3.3:
* Regression fix: Accept-Language header parse
* Bug 3673: Silence 'Failed to select source' messages
* Solaris, OpenIndiana: Add missing limits.h includes
* Bug 3720: Add missing include in /dev/poll I/O module
* Fix authentication headers sent on peer digest requests

Revision 1.3: download - view: text, markup, annotated - select for diffs
Fri Mar 8 17:24:34 2013 UTC (11 years, 9 months ago) by adam
Branches: MAIN
Diff to: previous 1.2: preferred, colored
Changes since revision 1.2: +2 -3 lines
Changes 3.3.2:
Docs: document ConnOpener::swanSong() better
Bug 3329: Quieten orphan Comm::Connection messages
Sync TESTDIR names used by testCoss and testUfs with testRock changes.
MacOS: reduce the testRock unit test UDS path
Bug 3720: SourceLayout: shuffle fd_table definition into fde.h
Bug 3794: MacOS: workaround compiler errors and case-insensitivity
Polish debugs in cacheability test
Bug 3753: Removes the domain from the cache_peer server pconn key
Bug 3781: Proxy Authentication not sent to cache_peer
Bug 3763: diskd Error: no filename in shm buffer
Solaris: Fix xstrto*() function linkages
Mentioned creation of diskers in cache_dir rock documentation.
Fix coverity scan issue 740457: unsecure temporary file creation
Bug 3686: cache_dir max-size default fails
Bug 3752: objects that cannot be cached in memory are not cached on disk if cache_dir max-size is used.

Revision 1.2: download - view: text, markup, annotated - select for diffs
Tue Feb 19 19:22:45 2013 UTC (11 years, 9 months ago) by markd
Branches: MAIN
Diff to: previous 1.1: preferred, colored
Changes since revision 1.1: +2 -1 lines
Add upstream patch 12497.  Fixes diskd complaints about no filename in shm
buffer.  Bump PKGREVISION

Revision 1.1: download - view: text, markup, annotated - select for diffs
Sun Feb 10 18:16:53 2013 UTC (11 years, 10 months ago) by adam
Branches: MAIN
Squid 3.3 represents a new feature release above 3.2.
The most important of these new features are:
* SQL Database logging helper
* Time-Quota session helper
* SSL-Bump Server First
* Server Certificate Mimic
* Custom HTTP request headers

Diff request

This form allows you to request diffs between any two revisions of a file. You may select a symbolic revision name using the selection box or you may type in a numeric name using the type-in text box.

Log view options

CVSweb <webmaster@jp.NetBSD.org>