head 1.4; access; symbols pkgsrc-2013Q2:1.4.0.46 pkgsrc-2013Q2-base:1.4 pkgsrc-2012Q4:1.4.0.44 pkgsrc-2012Q4-base:1.4 pkgsrc-2011Q4:1.4.0.42 pkgsrc-2011Q4-base:1.4 pkgsrc-2011Q2:1.4.0.40 pkgsrc-2011Q2-base:1.4 pkgsrc-2009Q4:1.4.0.38 pkgsrc-2009Q4-base:1.4 pkgsrc-2008Q4:1.4.0.36 pkgsrc-2008Q4-base:1.4 pkgsrc-2008Q3:1.4.0.34 pkgsrc-2008Q3-base:1.4 cube-native-xorg:1.4.0.32 cube-native-xorg-base:1.4 pkgsrc-2008Q2:1.4.0.30 pkgsrc-2008Q2-base:1.4 pkgsrc-2008Q1:1.4.0.28 pkgsrc-2008Q1-base:1.4 pkgsrc-2007Q4:1.4.0.26 pkgsrc-2007Q4-base:1.4 pkgsrc-2007Q3:1.4.0.24 pkgsrc-2007Q3-base:1.4 pkgsrc-2007Q2:1.4.0.22 pkgsrc-2007Q2-base:1.4 pkgsrc-2007Q1:1.4.0.20 pkgsrc-2007Q1-base:1.4 pkgsrc-2006Q4:1.4.0.18 pkgsrc-2006Q4-base:1.4 pkgsrc-2006Q3:1.4.0.16 pkgsrc-2006Q3-base:1.4 pkgsrc-2006Q2:1.4.0.14 pkgsrc-2006Q2-base:1.4 pkgsrc-2006Q1:1.4.0.12 pkgsrc-2006Q1-base:1.4 pkgsrc-2005Q4:1.4.0.10 pkgsrc-2005Q4-base:1.4 pkgsrc-2005Q3:1.4.0.8 pkgsrc-2005Q3-base:1.4 pkgsrc-2005Q2:1.4.0.6 pkgsrc-2005Q2-base:1.4 pkgsrc-2005Q1:1.4.0.4 pkgsrc-2005Q1-base:1.4 pkgsrc-2004Q4:1.4.0.2 pkgsrc-2004Q4-base:1.4 pkgsrc-2004Q3:1.3.0.10 pkgsrc-2004Q3-base:1.3 pkgsrc-2004Q2:1.3.0.8 pkgsrc-2004Q2-base:1.3 pkgsrc-2004Q1:1.3.0.6 pkgsrc-2004Q1-base:1.3 pkgsrc-2003Q4:1.3.0.4 pkgsrc-2003Q4-base:1.3 netbsd-1-6-1:1.3.0.2 netbsd-1-6-1-base:1.3 netbsd-1-6:1.2.0.8 netbsd-1-6-RELEASE-base:1.2 pkgviews:1.2.0.4 pkgviews-base:1.2 buildlink2:1.2.0.2 buildlink2-base:1.2 netbsd-1-5-PATCH003:1.2; locks; strict; comment @# @; 1.4 date 2004.10.13.15.35.55; author taca; state dead; branches; next 1.3; 1.3 date 2002.10.13.16.43.22; author taca; state Exp; branches 1.3.10.1; next 1.2; 1.2 date 2002.02.24.12.25.41; author veego; state Exp; branches; next 1.1; 1.1 date 2001.12.12.17.06.21; author taca; state Exp; branches; next ; 1.3.10.1 date 2004.10.20.16.33.44; author agc; state dead; branches; next ; desc @@ 1.4 log @Update squid package to 2.5.7. This includes security problem with SNMP support which enabled by default. * pkgsrc changes: - Don't use PKGNAME within DIST_SUBDIR. Instead, date based DIST_STAMP. This change prevent extra DIST_SUBDIR change asked by kim@@. - Remove setproctitle(3) hack for dnsserver helper program since use of dnsserver itself is problematic with huge size of squid process. * Changes to squid-2.5.STABLE7 (11 Oct 2004) - [Medium] No objects cached in ufs cache_dir type in some configurations. Issue introduced in 2.5.STABLE6 by the patch for Bug #676. (Bug #1011) - [Minor] LDAP helpers update to correct LDAP connection management and add support for literal password compare instead of binding - [Minor] A large number of queued DNS lookups for the same domain (Bug #852) - [Cosmetic] request_header_max_size configuration partly ignored (Bug #899) - [Minor] Partial hit results in TCP_HIT, not TCP_MISS. (Bug #1001) - Bug #1012: [Cosmetic] HEAD requests may return stale information (Bug #1012) - [Cosmetic] Warn if cache_dir ufs can not create files. (Bug #918) - [Minor] case insensitive authentication (Bug #431) - [Cosmetic] Add delay pools information to active_requests. (Bug #882) - [Minor] Apparent memory leak in client_db (Bug #833) - [Minor] NTLM authentication truncated causing failures. (Bug #1016) - [Cosmetic] Grammatical corrections in squid.conf.default - [Cosmetic] Unknown %X errorpage codes incorrectly quoted. (Bug #1030) - [Medium] Segfaults and other strange crashes when using heap policies. (Bug #1009) - [Minor] Supplementary group memberships not set (Bug #1021) - [Cosmetic] ERR_TOO_BIG Portugese translation - [Minor] external_acl does not handle newlines (Bug #1038) - [Major] NTLM authentication denial of service when using msnt_auth or fake_auth (Bug #1045) - [Medium] Memory leaks when using NTLM authentication without challenge reuse. (Bug #994) - [Minor] Temporary NTLM memory leak with challenge reuse enabled (Bug #910) - [Minor] assertion failed: "n_ufs_dirs <= Config.cacheSwap.n_configured". (Bug #1053) - [Minor] Segfault in authenticateDigestHandleReply. (Bug #1031) - [Minor] acl time fails to parse multiple time specifications (Bug #1060) - [Minor] cachemgr config dumps mixed up Range and Request-Range headers in http_header_access & replace directives. (Bug #1056) - [Minor] Content-Disposition added as a well known header (Bug #961) - [Cosmetic] Don't warn about arp acls not being supported on FreeBSD (Bug #1074) - [Cosmetic] Limit internal send/receive buffer sizes (Bug #1075) - [Medium] New acl types to match arbitrary HTTP headers. In addition the http_header_access & replace directivess now support arbitrary headers and not only the well known ones. (Bug #961) - [Cosmetic] ncsa_auth now accepts Window formatted password files (Bug #1078) - [Cosmetic] Support the --program-prefix/suffix options or other configure program name transforms (Bug #1019) - [Minor] Fix race condition in CONNECT and also handle aborts of CONNECT requests in a more graceful manner. (Bug #859) - [Minor] New balance_on_multiple_ip directive to work around certain broken load balancers and optimized ipcache on reload requests (Bug #1058) - [Medium] New reply_header_max_size directive (Bug #874) - [Minor] Suspected instability on aborted PUT/POST requests (Bug #1089) - [Security] SNMP Denial of Service fix (CAN-2004-0918) @ text @$NetBSD: patch-ba,v 1.3 2002/10/13 16:43:22 taca Exp $ --- src/dnsserver.c.orig Mon Jul 1 17:55:46 2002 +++ src/dnsserver.c @@@@ -138,6 +138,9 @@@@ #if HAVE_RESOLV_H #include #endif +#if HAVE_UTIL_H +#include +#endif #include "util.h" #include "snprintf.h" @@@@ -263,6 +266,9 @@@@ main(int argc, char *argv[]) char *t = NULL; int c; int opt_s = 0; +#if HAVE_SETPROCTITLE + int count = 0; +#endif extern char *optarg; safe_inet_addr("255.255.255.255", &no_addr); @@@@ -336,6 +342,10 @@@@ main(int argc, char *argv[]) } } +#if HAVE_SETPROCTITLE + setproctitle("(no requests)"); +#endif + for (;;) { memset(request, '\0', REQ_SZ); if (fgets(request, REQ_SZ, stdin) == NULL) @@@@ -348,6 +358,10 @@@@ main(int argc, char *argv[]) *t = '\0'; /* strip CR */ lookup(request); fflush(stdout); +#if HAVE_SETPROCTITLE + count++; + setproctitle("(%d requests)", count); +#endif } /* NOTREACHED */ return 0; @ 1.3 log @Update squid to 2.5.1 with several patches from http://www.squid-cache.org/Versions/v2/2.5/bugs/. Now try to install more authentication modules, but those modules should be handled by proper frame work (Curretly, SASL modules aren't handled). Changes to squid-2.5 (): - Major rewrite of proxy authentication to support other schemes than basic. First in the line is NTLM support but others can easily be added (minimal digest is present). See Programmers Guide. (Robert Collins & Francesco Chemolli) - Reworked how request bodies are passed down to the protocols. Now all client side processing is inside client_side.c, and the pass and pump modules is no longer used. - Optimized searching in proxy_auth and ident ACL types. Squid should now handle large access lists a lot more efficiently. (Francesco Chemolli) - Fixed forwarding/peer loop detection code (Brian Degenhardt) - now a peer is ignored if it turns out to be us, rather than committing suicide - Changed the internal URL code to obey appendDomain for internal objects if it needs appending. This fixes weirdnesses where a machine can think it is "foo.bar.com", and "foo" is requested. (Brian Degenhardt) - Added the use of Automake to create the Makefile.in's in the squid source tree. This will allow libtool in the future, and immediately allows better dependency tracking - with or without gcc - as well as the dist-all and distcheck targets for developers which respectively build a tar.gz and a tar.bz2 distribution, and check that what will be distributed builds. - Added TOS and source address selection based on ACLs, written by Roger Venning. This allows administrators to set the TOS precedence bits and/or the source IP from a set of available IPs based upon some ACLs, generally to map different users to different outgoing links and traffic profiles. - Added 'max-conn' option to 'cache_peer' - Added SSL gatewaying support, allowing Squid to act as a SSL server in accelerator setups. - SASL authentication helper by Ian Castle - msntauth updated to v2.0.3 - no_cache now applies to cache hits as well as cache misses - the Gopher client in Squid has been significantly improved - Squid now sanity checks FTP data connections to ensure the connection is from the requested server. Can be disabled if needed by turning off the ftp_sanitycheck option. - external acl support. A mechanism where flexible ACL checks can be driven by external helpers. See the external_acl_type and acl external directives. - Countless other small things and fixes - HTML pages generated by Squid or CacheMgr as well as the ERR documents now contain a doctype declaration so that browsers know which HTML specification the document uses. In addition to that they have a new look (background-color, font) and are valid according to the HTML standards at www.w3.org. (Clemens Löser) - Login and password send to Basic auth helpers is now URL escaped to allow for spaces and other "odd" characters in logins and passwords - Proxy Authentication is no longer blindly forwarded to peer caches if not used locally. If forwarding of proxy authentication is desired then it must now be configured with the login=PASS cache_peer option. - Responses with Vary: in the header are now cached by squid. (Henrik Nordstrom). - Removed unused 'siteselect_timeout' directive. @ text @d1 1 a1 1 $NetBSD: patch-ba,v 1.2 2002/02/24 12:25:41 veego Exp $ @ 1.3.10.1 log @Pullup (via patch) ticket 123 - requested by Takahiro Kambe security fix for squid Modified Files: pkgsrc/www/squid: Makefile distinfo pkgsrc/www/squid/patches: patch-ag patch-an patch-bb Removed Files: pkgsrc/www/squid/patches: patch-ba Log Message: Update squid package to 2.5.7. This includes security problem with SNMP support which enabled by default. * pkgsrc changes: - Don't use PKGNAME within DIST_SUBDIR. Instead, date based DIST_STAMP. This change prevent extra DIST_SUBDIR change asked by kim@@. - Remove setproctitle(3) hack for dnsserver helper program since use of dnsserver itself is problematic with huge size of squid process. * Changes to squid-2.5.STABLE7 (11 Oct 2004) - [Medium] No objects cached in ufs cache_dir type in some configurations. Issue introduced in 2.5.STABLE6 by the patch for Bug #676. (Bug #1011) - [Minor] LDAP helpers update to correct LDAP connection management and add support for literal password compare instead of binding - [Minor] A large number of queued DNS lookups for the same domain (Bug #852) - [Cosmetic] request_header_max_size configuration partly ignored (Bug #899) - [Minor] Partial hit results in TCP_HIT, not TCP_MISS. (Bug #1001) - Bug #1012: [Cosmetic] HEAD requests may return stale information (Bug #1012) - [Cosmetic] Warn if cache_dir ufs can not create files. (Bug #918) - [Minor] case insensitive authentication (Bug #431) - [Cosmetic] Add delay pools information to active_requests. (Bug #882) - [Minor] Apparent memory leak in client_db (Bug #833) - [Minor] NTLM authentication truncated causing failures. (Bug #1016) - [Cosmetic] Grammatical corrections in squid.conf.default - [Cosmetic] Unknown %X errorpage codes incorrectly quoted. (Bug #1030) - [Medium] Segfaults and other strange crashes when using heap policies. (Bug #1009) - [Minor] Supplementary group memberships not set (Bug #1021) - [Cosmetic] ERR_TOO_BIG Portugese translation - [Minor] external_acl does not handle newlines (Bug #1038) - [Major] NTLM authentication denial of service when using msnt_auth or fake_auth (Bug #1045) - [Medium] Memory leaks when using NTLM authentication without challenge reuse. (Bug #994) - [Minor] Temporary NTLM memory leak with challenge reuse enabled (Bug #910) - [Minor] assertion failed: "n_ufs_dirs <= Config.cacheSwap.n_configured". (Bug #1053) - [Minor] Segfault in authenticateDigestHandleReply. (Bug #1031) - [Minor] acl time fails to parse multiple time specifications (Bug #1060) - [Minor] cachemgr config dumps mixed up Range and Request-Range headers in http_header_access & replace directives. (Bug #1056) - [Minor] Content-Disposition added as a well known header (Bug #961) - [Cosmetic] Don't warn about arp acls not being supported on FreeBSD (Bug #1074) - [Cosmetic] Limit internal send/receive buffer sizes (Bug #1075) - [Medium] New acl types to match arbitrary HTTP headers. In addition the http_header_access & replace directivess now support arbitrary headers and not only the well known ones. (Bug #961) - [Cosmetic] ncsa_auth now accepts Window formatted password files (Bug #1078) - [Cosmetic] Support the --program-prefix/suffix options or other configure program name transforms (Bug #1019) - [Minor] Fix race condition in CONNECT and also handle aborts of CONNECT requests in a more graceful manner. (Bug #859) - [Minor] New balance_on_multiple_ip directive to work around certain broken load balancers and optimized ipcache on reload requests (Bug #1058) - [Medium] New reply_header_max_size directive (Bug #874) - [Minor] Suspected instability on aborted PUT/POST requests (Bug #1089) - [Security] SNMP Denial of Service fix (CAN-2004-0918) @ text @d1 1 a1 1 $NetBSD: patch-ba,v 1.3 2002/10/13 16:43:22 taca Exp $ @ 1.2 log @Fix build problems on systems without setproctitle(3). Check setproctitle in the configure script and remove the define in patch-ba. @ text @d1 1 a1 1 $NetBSD$ d3 3 a5 3 --- src/dnsserver.c.orig Fri Jan 12 01:51:47 2001 +++ src/dnsserver.c Sun Feb 24 12:44:12 2002 @@@@ -135,6 +135,7 @@@@ d9 1 d11 1 d15 1 a15 3 @@@@ -258,8 +259,10 @@@@ { char request[512]; d17 1 a17 3 - int c; + int c, count = 0; +#if HAVE_RES_INIT d19 2 d25 1 a25 1 @@@@ -333,6 +336,10 @@@@ d30 1 a30 1 + setproctitle("(%d requests)", count); d36 1 a36 1 @@@@ -345,6 +352,10 @@@@ @ 1.1 log @Update squid to 2.4.3 (squid-2.4.STABLE3), referring to tech-pkg's mail from "Ciarcinski, Adam \(ISS Brussels\)" . From ChangeLog: Changes to Squid-2.4.STABLE3 (Nov 28, 2001): - Fixed bug #255: core dump on SSL/CONNECT if access denied by miss_access - Fixed bug #246: corrupt on-disk meta information preventing rebuilds of lost swap.state files - Fixed bug #243: squid_ldap_auth now supports spaces in passwords - Fixed a coredump when creating FTP directories - Fixed a compile time problem with statHistDump prototype mistmatch, reported by some compilers - Fixed a potential coredump situation on snmpwalk in certain configurations - Fixed bug #229: filedescriptor leakage in the "aufs" cache_dir store implementation - Serbian error message translations I added following changes, too. o honor PKG_SYSCONFDIR keep SQUID_SYSCONFDIR effective. o Add --disable-internal-dns. This made external dnsserver available. External dnsserver could be disabled with configuration file. o Enable optimization with "-O". o Fix a problem to access nat device when transparent proxy enabled. This fix will be contained in squid 2.5 release. o setproctitle() hack for external dnsserver from daemonnews's article. @ text @d3 3 a5 3 --- src/dnsserver.c.orig Fri Jan 12 09:51:47 2001 +++ src/dnsserver.c @@@@ -135,6 +135,8 @@@@ a9 1 +#define HAVE_SETPROCTITLE 1 d13 1 a13 1 @@@@ -258,8 +260,10 @@@@ d25 1 a25 1 @@@@ -333,6 +337,10 @@@@ d36 1 a36 1 @@@@ -345,6 +353,10 @@@@ @