head 1.12; access; symbols pkgsrc-2013Q2:1.12.0.40 pkgsrc-2013Q2-base:1.12 pkgsrc-2012Q4:1.12.0.38 pkgsrc-2012Q4-base:1.12 pkgsrc-2011Q4:1.12.0.36 pkgsrc-2011Q4-base:1.12 pkgsrc-2011Q2:1.12.0.34 pkgsrc-2011Q2-base:1.12 pkgsrc-2009Q4:1.12.0.32 pkgsrc-2009Q4-base:1.12 pkgsrc-2008Q4:1.12.0.30 pkgsrc-2008Q4-base:1.12 pkgsrc-2008Q3:1.12.0.28 pkgsrc-2008Q3-base:1.12 cube-native-xorg:1.12.0.26 cube-native-xorg-base:1.12 pkgsrc-2008Q2:1.12.0.24 pkgsrc-2008Q2-base:1.12 pkgsrc-2008Q1:1.12.0.22 pkgsrc-2008Q1-base:1.12 pkgsrc-2007Q4:1.12.0.20 pkgsrc-2007Q4-base:1.12 pkgsrc-2007Q3:1.12.0.18 pkgsrc-2007Q3-base:1.12 pkgsrc-2007Q2:1.12.0.16 pkgsrc-2007Q2-base:1.12 pkgsrc-2007Q1:1.12.0.14 pkgsrc-2007Q1-base:1.12 pkgsrc-2006Q4:1.12.0.12 pkgsrc-2006Q4-base:1.12 pkgsrc-2006Q3:1.12.0.10 pkgsrc-2006Q3-base:1.12 pkgsrc-2006Q2:1.12.0.8 pkgsrc-2006Q2-base:1.12 pkgsrc-2006Q1:1.12.0.6 pkgsrc-2006Q1-base:1.12 pkgsrc-2005Q4:1.12.0.4 pkgsrc-2005Q4-base:1.12 pkgsrc-2005Q3:1.12.0.2 pkgsrc-2005Q3-base:1.12 pkgsrc-2005Q2:1.9.0.2 pkgsrc-2005Q2-base:1.9 pkgsrc-2005Q1:1.5.0.2 pkgsrc-2005Q1-base:1.5 pkgsrc-2004Q4:1.4.0.4 pkgsrc-2004Q4-base:1.4 pkgsrc-2004Q3:1.4.0.2 pkgsrc-2004Q3-base:1.4 pkgsrc-2004Q2:1.3.0.2 pkgsrc-2004Q2-base:1.3 pkgsrc-2004Q1:1.2.0.4 pkgsrc-2004Q1-base:1.2 pkgsrc-2003Q4:1.2.0.2 pkgsrc-2003Q4-base:1.2; locks; strict; comment @# @; 1.12 date 2005.09.15.15.40.47; author taca; state dead; branches; next 1.11; 1.11 date 2005.09.04.05.07.05; author taca; state Exp; branches; next 1.10; 1.10 date 2005.08.09.15.48.30; author taca; state Exp; branches; next 1.9; 1.9 date 2005.06.07.14.19.10; author taca; state Exp; branches 1.9.2.1; next 1.8; 1.8 date 2005.06.05.14.20.27; author taca; state Exp; branches; next 1.7; 1.7 date 2005.05.01.23.17.49; author taca; state Exp; branches; next 1.6; 1.6 date 2005.04.25.15.39.14; author taca; state dead; branches; next 1.5; 1.5 date 2005.02.11.14.47.18; author taca; state Exp; branches 1.5.2.1; next 1.4; 1.4 date 2004.08.22.15.11.09; author taca; state Exp; branches 1.4.4.1; next 1.3; 1.3 date 2004.03.30.08.17.46; author agc; state Exp; branches; next 1.2; 1.2 date 2003.02.19.23.44.42; author taca; state dead; branches; next 1.1; 1.1 date 2003.02.16.06.43.42; author taca; state Exp; branches; next ; 1.9.2.1 date 2005.09.10.11.16.41; author salo; state Exp; branches; next 1.9.2.2; 1.9.2.2 date 2005.09.15.16.35.33; author salo; state dead; branches; next ; 1.5.2.1 date 2005.04.30.05.35.57; author salo; state dead; branches; next 1.5.2.2; 1.5.2.2 date 2005.05.02.00.18.13; author salo; state Exp; branches; next ; 1.4.4.1 date 2005.02.11.23.30.56; author snj; state Exp; branches; next ; desc @@ 1.12 log @Update squid package to 2.5.10nb3. - pkgsrc update: o s/SQUID_BACKEND/SQUID_BACKENDS/ as suggested by pkglint. o Fix leaving ${PREFIX}/etc/squid/msntauth.conf.default out of PLIST. o IP Filter related patches are incorporated to squid. - Add/update official patches: o 2005-09-15 11:15 (Major) FATAL: Incorrect scheme in auth header o 2005-09-15 09:56 (Medium) Odd results on pipelined CONNECT requests o 2005-09-13 23:59 (Minor) Transparent proxy problem with IP Filter o 2005-09-11 01:53 (Medium) Clients bypassing delay pools by faking a cache hit o 2005-09-11 01:42 (Cosmetic) Allow leaving core dumps on Linux o 2005-09-11 01:21 (Cosmetic) enums can not be assumed to be signed ints o 2005-09-11 01:21 (Cosmetic) Incorrect store dir selection debug message on objects >2G o 2005-09-11 00:57 (Minor) LDAP helpers does not work with TLS (-Z option) @ text @$NetBSD: patch-cd,v 1.11 2005/09/04 05:07:05 taca Exp $ --- src/client_side.c.orig 2005-09-02 10:23:02.000000000 +0900 +++ src/client_side.c @@@@ -55,6 +55,11 @@@@ #ifdef _SQUID_SOLARIS_ #undef free #endif +#ifdef HAVE_IPL_H +#include +#elif HAVE_NETINET_IPL_H +#include +#endif #if HAVE_IP_FIL_COMPAT_H #include #elif HAVE_NETINET_IP_FIL_COMPAT_H @@@@ -2606,6 +2611,9 @@@@ parseHttpRequest(ConnStateData * conn, m static int natfd = -1; static int siocgnatl_cmd = SIOCGNATL & 0xff; int x; +#if defined(IPFILTER_VERSION) && (IPFILTER_VERSION >= 4000027) + struct ipfobj obj; +#endif #endif #if PF_TRANSPARENT struct pfioc_natlook nl; @@@@ -2748,6 +2756,13 @@@@ parseHttpRequest(ConnStateData * conn, m if (vhost_mode) { #if IPF_TRANSPARENT static time_t last_reported = 0; +#if defined(IPFILTER_VERSION) && (IPFILTER_VERSION >= 4000027) + obj.ipfo_rev = IPFILTER_VERSION; + obj.ipfo_size = sizeof(natLookup); + obj.ipfo_ptr = &natLookup; + obj.ipfo_type = IPFOBJ_NATLOOKUP; + obj.ipfo_offset = 0; +#endif natLookup.nl_inport = http->conn->me.sin_port; natLookup.nl_outport = http->conn->peer.sin_port; natLookup.nl_inip = http->conn->me.sin_addr; @@@@ -2756,8 +2771,8 @@@@ parseHttpRequest(ConnStateData * conn, m if (natfd < 0) { int save_errno; enter_suid(); -#ifdef IPL_NAME - natfd = open(IPL_NAME, O_RDONLY, 0); +#ifdef IPNAT_NAME + natfd = open(IPNAT_NAME, O_RDONLY, 0); #else natfd = open(IPL_NAT, O_RDONLY, 0); #endif @@@@ -2771,6 +2786,9 @@@@ parseHttpRequest(ConnStateData * conn, m last_reported = squid_curtime; } } else { +#if defined(IPFILTER_VERSION) && (IPFILTER_VERSION >= 4000027) + x = ioctl(natfd, SIOCGNATL, &obj); +#else /* * IP-Filter changed the type for SIOCGNATL between * 3.3 and 3.4. It also changed the cmd value for @@@@ -2784,6 +2802,7 @@@@ parseHttpRequest(ConnStateData * conn, m } else { x = ioctl(natfd, SIOCGNATL, &natLookup); } +#endif if (x < 0) { if (errno != ESRCH) { if (squid_curtime - last_reported > 60) { @ 1.11 log @Update squid package to 2.5.10nb2. - pkgsrc changes: check IP filter's header file as well as . - Apply recent official patches including a security fix for DoS noted by http://secunia.com/advisories/16674/ * 2005-09-03 09:41 (Minor) E-mail sent when cache dies is blocked from many antispam rules * 2005-09-03 09:41 (Minor) Solaris 10 SPARC transparent proxy build problem with ipfilter * 2005-09-01 22:57 (Minor) snmo cacheClientTable fails on "long" IP addresses * 2005-09-01 22:49 (Minor) squid_ldap_auth -U does not work * 2005-09-01 22:44 (Major) assertion failed: store.c:523: "e->store_status == STORE_PENDING" * 2005-09-01 22:39 (Cosmetic) Greek translation of error messages * 2005-09-01 22:31 (Minor) Some odd FTP servers respond with 250 where 226 is expected * 2005-09-01 22:26 (Cosmetic) Fails to compile with glibc -D_FORTIFY_SOURCE=2 * 2005-09-01 22:18 (Cosmetic) Odd URLs when failing to forward request via parent and several error messages inconsistent in reported request details * 2005-09-01 22:09 (Minor) More chroot_dir and squid -k reconfigure issues * 2005-09-01 21:56 (Medium) assertion failed: StatHist.c:93: ((int) floor (0.99L + statHistVal(H, 0) - min)) == 0 * 2005-09-01 20:27 (Major) Segmentation fault in sslConnectTimeout * 2005-08-19 09:31 (Minor) sync redeclarations when support for ARP acls * 2005-08-14 17:05 (Cosmetic) New 'mail_program' configuration option in squid.conf @ text @d1 1 a1 1 $NetBSD: patch-cd,v 1.10 2005/08/09 15:48:30 taca Exp $ @ 1.10 log @- Add missing optional installed files. - Slightly simplify installation of example configurations. - Add official patches. * 2005-07-11 00:46 (Cosmetic) The new --with-build-environment=... option doesn't work * 2005-07-09 08:58 (Cosmetic) Allow wb_ntlm_auth to run more silent * 2005-07-03 08:24 (Cosmetic) "make all" gives many warnings * 2005-06-29 20:36 (Minor) wbinfo_group.pl only looks into the first group specified * 2005-06-21 22:28 (Minor) FTP listings uses "BASE HREF" much more than it needs to, * 2005-06-22 10:46 (Cosmetic) Title in FTP listings somewhat messed up * 2005-06-19 21:03 (Minor) SNMP GETNEXT fails if the given OID is outside the Squid MIB * 2005-06-19 09:39 (Minor) squid -k reconfigure internal corruption if the type of a cache_dir is changed * 2005-06-13 22:55 (Minor) httpd_accel_signle_host incompatible with redireection * 2005-06-30 08:49 (Minor) Core dump with --enable-ipf-transparent if access to NAT device not granted * 2005-06-27 21:24 (Minor) squid -k fails in combination with chroot after patch for bug 1157 * 2005-06-09 08:01 (Minor) Squid internal icons served up with slightly incorrect HTTP headers * 2005-06-06 21:38 (Cosmetic) Updated Spanish error messages Bump PKGREVISION. @ text @d1 1 a1 1 $NetBSD: patch-cd,v 1.9 2005/06/07 14:19:10 taca Exp $ d3 1 a3 1 --- src/client_side.c.orig 2005-07-13 01:16:03.000000000 +0900 d5 3 a7 1 @@@@ -41,6 +41,9 @@@@ d9 3 a11 3 #include #include +#if HAVE_NETINET_IPL_H d17 1 a17 1 @@@@ -2592,6 +2595,9 @@@@ parseHttpRequest(ConnStateData * conn, m d27 1 a27 1 @@@@ -2734,6 +2740,13 @@@@ parseHttpRequest(ConnStateData * conn, m d41 1 a41 1 @@@@ -2742,8 +2755,8 @@@@ parseHttpRequest(ConnStateData * conn, m d52 1 a52 1 @@@@ -2757,6 +2770,9 @@@@ parseHttpRequest(ConnStateData * conn, m d62 1 a62 1 @@@@ -2770,6 +2786,7 @@@@ parseHttpRequest(ConnStateData * conn, m @ 1.9 log @- Fix build problem with IP Filter prior to 4.0; NetBSD 1.6.2. - Avoid use of ":ts" modifier of make(1) since NetBSD 1.6.2's make(1) dosen't support it. It might be fix "diskd" PKG_OPTION problem, too. - Remove extra "--enable-async-io" configure option. No PKGREVISION change. @ text @d1 1 a1 1 $NetBSD: patch-cd,v 1.8 2005/06/05 14:20:27 taca Exp $ d3 1 a3 1 --- src/client_side.c.orig 2005-04-21 06:46:06.000000000 +0900 d15 1 a15 1 @@@@ -2589,6 +2592,9 @@@@ parseHttpRequest(ConnStateData * conn, m d25 1 a25 2 @@@@ -2731,6 +2737,13 @@@@ parseHttpRequest(ConnStateData * conn, m int vport; d28 1 d39 1 a39 1 @@@@ -2739,8 +2752,8 @@@@ parseHttpRequest(ConnStateData * conn, m d50 3 a52 3 @@@@ -2756,6 +2769,9 @@@@ parseHttpRequest(ConnStateData * conn, m cbdataFree(http); xfree(inbuf); d60 1 a60 1 @@@@ -2769,6 +2785,7 @@@@ parseHttpRequest(ConnStateData * conn, m d67 1 a67 1 debug(50, 1) ("parseHttpRequest: NAT lookup failed: ioctl(SIOCGNATL)\n"); @ 1.9.2.1 log @Pullup ticket 738 - requested by Takahiro Kambe security fix for squid Revisions pulled up: - pkgsrc/www/squid/Makefile 1.155, 1.157 - pkgsrc/www/squid/PLIST 1.19 - pkgsrc/www/squid/distinfo 1.100, 1.101 - pkgsrc/www/squid/patches/patch-aa 1.17 - pkgsrc/www/squid/patches/patch-ag 1.20 - pkgsrc/www/squid/patches/patch-an 1.8 - pkgsrc/www/squid/patches/patch-ap 1.1 - pkgsrc/www/squid/patches/patch-bb 1.7 - pkgsrc/www/squid/patches/patch-cd 1.10, 1.11 Module Name: pkgsrc Committed By: taca Date: Tue Aug 9 15:48:30 UTC 2005 Modified Files: pkgsrc/www/squid: Makefile PLIST distinfo pkgsrc/www/squid/patches: patch-aa patch-cd Added Files: pkgsrc/www/squid/patches: patch-ap Log Message: - Add missing optional installed files. - Slightly simplify installation of example configurations. - Add official patches. * 2005-07-11 00:46 (Cosmetic) The new --with-build-environment=... option doesn't work * 2005-07-09 08:58 (Cosmetic) Allow wb_ntlm_auth to run more silent * 2005-07-03 08:24 (Cosmetic) "make all" gives many warnings * 2005-06-29 20:36 (Minor) wbinfo_group.pl only looks into the first group specified * 2005-06-21 22:28 (Minor) FTP listings uses "BASE HREF" much more than it needs to, * 2005-06-22 10:46 (Cosmetic) Title in FTP listings somewhat messed up * 2005-06-19 21:03 (Minor) SNMP GETNEXT fails if the given OID is outside the Squid MIB * 2005-06-19 09:39 (Minor) squid -k reconfigure internal corruption if the type of a cache_dir is changed * 2005-06-13 22:55 (Minor) httpd_accel_signle_host incompatible with redireection * 2005-06-30 08:49 (Minor) Core dump with --enable-ipf-transparent if access to NAT device not granted * 2005-06-27 21:24 (Minor) squid -k fails in combination with chroot after patch for bug 1157 * 2005-06-09 08:01 (Minor) Squid internal icons served up with slightly CVSincorrect HTTP headers * 2005-06-06 21:38 (Cosmetic) Updated Spanish error messages Bump PKGREVISION. --- Module Name: pkgsrc Committed By: taca Date: Sun Sep 4 05:07:05 UTC 2005 Modified Files: pkgsrc/www/squid: Makefile distinfo pkgsrc/www/squid/patches: patch-ag patch-an patch-bb patch-cd Log Message: Update squid package to 2.5.10nb2. - pkgsrc changes: check IP filter's header file as well as . - Apply recent official patches including a security fix for DoS noted by http://secunia.com/advisories/16674/ * 2005-09-03 09:41 (Minor) E-mail sent when cache dies is blocked from many antispam rules * 2005-09-03 09:41 (Minor) Solaris 10 SPARC transparent proxy build problem with ipfilter * 2005-09-01 22:57 (Minor) snmo cacheClientTable fails on "long" IP addresses * 2005-09-01 22:49 (Minor) squid_ldap_auth -U does not work * 2005-09-01 22:44 (Major) assertion failed: store.c:523: "e->store_status == STORE_PENDING" * 2005-09-01 22:39 (Cosmetic) Greek translation of error messages * 2005-09-01 22:31 (Minor) Some odd FTP servers respond with 250 where 226 is expected * 2005-09-01 22:26 (Cosmetic) Fails to compile with glibc -D_FORTIFY_SOURCE=2 * 2005-09-01 22:18 (Cosmetic) Odd URLs when failing to forward request via parent and several error messages inconsistent in reported request details * 2005-09-01 22:09 (Minor) More chroot_dir and squid -k reconfigure issues * 2005-09-01 21:56 (Medium) assertion failed: StatHist.c:93: ((int) floor (0.99L + statHistVal(H, 0) - min)) == 0 * 2005-09-01 20:27 (Major) Segmentation fault in sslConnectTimeout * 2005-08-19 09:31 (Minor) sync redeclarations when support for ARP acls * 2005-08-14 17:05 (Cosmetic) New 'mail_program' configuration option in squid.conf @ text @d1 1 a1 1 $NetBSD: patch-cd,v 1.11 2005/09/04 05:07:05 taca Exp $ d3 1 a3 1 --- src/client_side.c.orig 2005-09-02 10:23:02.000000000 +0900 d5 1 a5 3 @@@@ -55,6 +55,11 @@@@ #ifdef _SQUID_SOLARIS_ #undef free d7 3 a9 3 +#ifdef HAVE_IPL_H +#include +#elif HAVE_NETINET_IPL_H d15 1 a15 1 @@@@ -2606,6 +2611,9 @@@@ parseHttpRequest(ConnStateData * conn, m d25 2 a26 1 @@@@ -2748,6 +2756,13 @@@@ parseHttpRequest(ConnStateData * conn, m a28 1 static time_t last_reported = 0; d39 1 a39 1 @@@@ -2756,8 +2771,8 @@@@ parseHttpRequest(ConnStateData * conn, m d50 3 a52 3 @@@@ -2771,6 +2786,9 @@@@ parseHttpRequest(ConnStateData * conn, m last_reported = squid_curtime; } d60 1 a60 1 @@@@ -2784,6 +2802,7 @@@@ parseHttpRequest(ConnStateData * conn, m d67 1 a67 1 if (squid_curtime - last_reported > 60) { @ 1.9.2.2 log @Pullup ticket 756 - requested by Takahiro Kambe bugfix update for squid Revisions pulled up: - pkgsrc/www/squid/Makefile 1.158 - pkgsrc/www/squid/distinfo 1.102 - pkgsrc/www/squid/options.mk 1.4 - pkgsrc/www/squid/patches/patch-ag 1.21 - pkgsrc/www/squid/patches/patch-an 1.9 - pkgsrc/www/squid/patches/patch-ap 1.2 - pkgsrc/www/squid/patches/patch-bb 1.8 - pkgsrc/www/squid/patches/patch-cd removed Module Name: pkgsrc Committed By: taca Date: Thu Sep 15 15:40:47 UTC 2005 Modified Files: pkgsrc/www/squid: Makefile distinfo options.mk pkgsrc/www/squid/patches: patch-ag patch-an patch-ap patch-bb Removed Files: pkgsrc/www/squid/patches: patch-cd Log Message: Update squid package to 2.5.10nb3. - pkgsrc update: o s/SQUID_BACKEND/SQUID_BACKENDS/ as suggested by pkglint. o Fix leaving ${PREFIX}/etc/squid/msntauth.conf.default out of PLIST. o IP Filter related patches are incorporated to squid. - Add/update official patches: o 2005-09-15 11:15 (Major) FATAL: Incorrect scheme in auth header o 2005-09-15 09:56 (Medium) Odd results on pipelined CONNECT requests o 2005-09-13 23:59 (Minor) Transparent proxy problem with IP Filter o 2005-09-11 01:53 (Medium) Clients bypassing delay pools by faking a cache hit o 2005-09-11 01:42 (Cosmetic) Allow leaving core dumps on Linux o 2005-09-11 01:21 (Cosmetic) enums can not be assumed to be signed ints o 2005-09-11 01:21 (Cosmetic) Incorrect store dir selection debug message on objects >2G o 2005-09-11 00:57 (Minor) LDAP helpers does not work with TLS (-Z option) @ text @d1 1 a1 1 $NetBSD: patch-cd,v 1.9.2.1 2005/09/10 11:16:41 salo Exp $ @ 1.8 log @Update squid package to 2.5.10 * squid 2.5.STABLE10 + official + one official patch. - 2005-05-25 23:01 (Cosmetic) Double content-length often harmless Other fixes are already done by official patches for squid 2.5.STABLE9. * Add missing cachemgr.cgi.8 to PLIST. * Introduce options.mk which may need to be brushed more. * Drop support for diskd on Darwin since diskd needs System V msg function which dosen't supported on Darwin. * Real fix for transparent proxy with IP Filter, fix PR pkg/30085. @ text @d1 1 a1 1 $NetBSD: patch-cd,v 1.7 2005/05/01 23:17:49 taca Exp $ d5 1 a5 1 @@@@ -41,6 +41,7 @@@@ d9 1 d11 1 d15 1 a15 1 @@@@ -2589,6 +2590,9 @@@@ parseHttpRequest(ConnStateData * conn, m d25 1 a25 1 @@@@ -2731,6 +2735,13 @@@@ parseHttpRequest(ConnStateData * conn, m d39 1 a39 1 @@@@ -2739,8 +2750,8 @@@@ parseHttpRequest(ConnStateData * conn, m d50 1 a50 1 @@@@ -2756,6 +2767,9 @@@@ parseHttpRequest(ConnStateData * conn, m d60 1 a60 1 @@@@ -2769,6 +2783,7 @@@@ parseHttpRequest(ConnStateData * conn, m @ 1.7 log @Disable squid-2.5.STABLE9-transparent_port.patch since it is broken with IP Filter 4.1 and later. (It has no problem on IP Filter 3.x, but it is difficult apply it conditionally with IP Filter's version.) This apparently fix PR pkg/30085. But note, Squid's transparent proxy with IP Filter dosen't work. It is worked without IP Filter's NAT process. So, web acceess through squid may fail for HTTP 1.0 client which dosen't send Host header. Bump PKGREVISION (squid-2.5.9nb10). @ text @d1 1 a1 1 $NetBSD$ d3 1 a3 1 --- src/client_side.c.orig 2005-05-02 01:31:18.000000000 +0900 d5 33 a37 1 @@@@ -2782,7 +2782,7 @@@@ parseHttpRequest(ConnStateData * conn, m d41 3 a43 1 - natfd = open(IPL_NAT, O_RDONLY, 0); d45 21 a65 3 save_errno = errno; leave_suid(); errno = save_errno; @ 1.6 log @Add new four official patches. o 2005-04-23 01:38 (Minor Security) Fix for CVE-1999-0710: cachemgr malicouse use o 2005-04-22 20:48 (Cosmetic) PID file check fails when chrooting o 2005-04-24 16:35 (Minor) Make the use of the %m error page to return auth info messages o 2005-04-22 20:21 (Minor) Unrecognized cache-control directives are silently dropped pkgsrc change. - remove aufs from store I/O backend until it controlled by options.mk frame work. - remove patch-cd; it is covered by squid-2.5.STABLE9-transparent_port.patch. Bump PKGREVISION. @ text @d1 1 a1 1 $NetBSD: patch-cd,v 1.5 2005/02/11 14:47:18 taca Exp $ d3 1 a3 1 --- src/client_side.c.orig 2005-02-04 09:10:09.000000000 +0900 d5 1 a5 7 @@@@ -2773,6 +2773,9 @@@@ parseHttpRequest(ConnStateData * conn, m natLookup.nl_inip = http->conn->me.sin_addr; natLookup.nl_outip = http->conn->peer.sin_addr; natLookup.nl_flags = IPN_TCP; +#ifndef IPL_NAT +#define IPL_NAT IPNAT_NAME +#endif d9 5 @ 1.5 log @Update squid package to 2.5.8 (squid-2.5.STABLE8). Most of these changes are already included in previous squid-2.5.7nb12. But last one is really new one. Changes to squid-2.5.STABLE8 (11 Feb 2005) - [Minor] 100% CPU usage on half-closed PUT/POST requests (Bug #354, #1096) - [Cosmetic] Document -v (protocol version) option to LDAP helpers - [Minor] The new req_header and resp_header acls segfaults immediately on parse of squid.conf (Bug #961) - [Minor] Failure to shut down busy helpers on -k rotate/reconfigure (Bug #1118) - [Minor] Don't use O_NONBLOCK on disk files. (Bug #1102) - [Minor] Squid fails to close TCP connection after blank HTTP response (Bug #1116) - [Minor security] Random error messages in response to malformed host name (Bug #1143) - [Minor] PURGE should not be able to delete internal objects (Bug #1112) - [Minor] httpd_accel_port 0 (virtual) not working correctly (Bug #1121) - [Minor] cachemgr vm_objects segfault (Bug #1149) - [Minor security] Confusing results on empty acl declarations (Bug #1166) - [Minor] Don't close all "other" filedescriptors on startup (Bug #1177) - [Minor] fakeauth_auth memory leak and NULL pointer access (Bug #1183) - [Security] buffer overflow bug in gopherToHTML() (Bug #1189) - [Medium security] Denial of service with forged WCCP messages (Bug #1190) - [Minor] DNS related memory leak on certain malformed DNS responses (Bug #1197) - [Minor] Internal DNS sometimes truncates host names in reverse (PTR) lookups (Bug #1136) - [Minor Security] Add sanity checks on LDAP user names (Bug #1187) - [Security] Harden Squid agains HTTP request smuggling attacks - [Minor] Icon URLs fails in non-anonymous FTP directory listings is short_icon_urls is on (Bug #1203) - [Security] Harden Squid agains HTTP response splitting attacks (Bug #1200) - [Medium security] Buffer overflow in WCCP recvfrom() call (Bug #1217) - [Security] Properly handle oversized reply headers (Bug #1216) - [Minor] LDAP helpers search fixed to properly ask for no attributes - [Minor] A sporadic segmentation fault when using ntlm authentication fixed (Bug #1127) - [Major] Segmentation fault on failed PUT/POST requests (Bug #1224) - [Medium] Persistent connection mismatch on failed PUT/POST request (Bug #1122) - [Minor] WCCP easily disturbed by forged packets (Bug #1225) - [Minor] Password management in ftp:// gatewaying improved (Bug #1226) - [Major] HTTP reply data corruption in certain situations involving reply headers split over multiple packets (Bug #1233) @ text @d1 1 a1 1 $NetBSD: patch-cd,v 1.4 2004/08/22 15:11:09 taca Exp $ @ 1.5.2.1 log @Pullup ticket 468 - requested by Takahiro Kambe security and build fixes for squid Revisions pulled up: - pkgsrc/www/squid/Makefile 1.147-1.148 - pkgsrc/www/squid/distinfo 1.94-1.95 - pkgsrc/www/squid/files/squid.sh 1.18 - pkgsrc/www/squid/patches/patch-aa 1.16 - pkgsrc/www/squid/patches/patch-ao 1.1 - pkgsrc/www/squid/patches/patch-cd removed Module Name: pkgsrc Committed By: taca Date: Mon Apr 25 15:39:14 UTC 2005 Modified Files: pkgsrc/www/squid: Makefile distinfo pkgsrc/www/squid/files: squid.sh pkgsrc/www/squid/patches: patch-aa Removed Files: pkgsrc/www/squid/patches: patch-cd Log Message: Add new four official patches. o 2005-04-23 01:38 (Minor Security) Fix for CVE-1999-0710: cachemgr malicouse use o 2005-04-22 20:48 (Cosmetic) PID file check fails when chrooting o 2005-04-24 16:35 (Minor) Make the use of the %m error page to return auth info messages o 2005-04-22 20:21 (Minor) Unrecognized cache-control directives are silently dropped pkgsrc change. - remove aufs from store I/O backend until it controlled by options.mk frame work. - remove patch-cd; it is covered by squid-2.5.STABLE9-transparent_port.patch. Bump PKGREVISION. --- Module Name: pkgsrc Committed By: taca Date: Tue Apr 26 16:19:43 UTC 2005 Modified Files: pkgsrc/www/squid: Makefile distinfo Added Files: pkgsrc/www/squid/patches: patch-ao Log Message: squid package maintainous. - Fix bad PID directory of squid binary introduced by previous pkgsrc. - Update DIST_SUBDIR through DIST_STAMP since some of patch files are updated. - Fix error in doc/Makefile with nbmake. - Newer patch (aufs improvement) aren't included now. Bump PKGREVISION. @ text @d1 1 a1 1 $NetBSD: patch-cd,v 1.5 2005/02/11 14:47:18 taca Exp $ @ 1.5.2.2 log @Pullup ticket 477 - requested by Takahiro Kambe disable transparent proxy in squid Revisions pulled up: - pkgsrc/www/squid/Makefile 1.149 - pkgsrc/www/squid/distinfo 1.96 - pkgsrc/www/squid/patches/patch-cd 1.7 Module Name: pkgsrc Committed By: taca Date: Sun May 1 23:17:49 UTC 2005 Modified Files: pkgsrc/www/squid: Makefile distinfo Added Files: pkgsrc/www/squid/patches: patch-cd Log Message: Disable squid-2.5.STABLE9-transparent_port.patch since it is broken with IP Filter 4.1 and later. (It has no problem on IP Filter 3.x, but it is difficult apply it conditionally with IP Filter's version.) This apparently fix PR pkg/30085. But note, Squid's transparent proxy with IP Filter dosen't work. It is worked without IP Filter's NAT process. So, web acceess through squid may fail for HTTP 1.0 client which dosen't send Host header. Bump PKGREVISION (squid-2.5.9nb10). @ text @d1 1 a1 1 $NetBSD: patch-cd,v 1.7 2005/05/01 23:17:49 taca Exp $ d3 1 a3 1 --- src/client_side.c.orig 2005-05-02 01:31:18.000000000 +0900 d5 7 a11 1 @@@@ -2782,7 +2782,7 @@@@ parseHttpRequest(ConnStateData * conn, m a14 5 - natfd = open(IPL_NAT, O_RDONLY, 0); + natfd = open(IPNAT_NAME, O_RDONLY, 0); save_errno = errno; leave_suid(); errno = save_errno; @ 1.4 log @Update squid package to 2.5.6 (squid 2.5.STALBE6 + official patches). Squid 2.5.STABLE5 to 2.5.STABLE6: * Several "Assertion error" bugs fixed * Several "Segmentation fault" bugs fixes * Corrects a security issue in the old ntlm_auth NTLM helper used in transparent NTLM authentication to a NT domain without using samba. * Processing of Vary: * and Vary on error messages corrected * a large number of minor and cosmetic bugfixes. See the list of squid-2.5.STABLE5 patches and the ChangeLog file for details. 2.5.STABLE56 official patches: * 2004-08-20 08:18 (Major) NTLM authentication denial of service * 2004-08-14 21:07 (Minor) external_acl does not handle newlines * 2004-08-09 14:03 (Minor) Supplementary group memberships not set * 2004-08-05 20:33 (Medium) Segfaults and other strange crashes when using heap policies * 2004-08-06 11:05 (Cosmetic) Unknown %X errorpage codes incorrectly quoted * 2004-08-17 12:22 (Cosmetic) Grammatical corrections in squid.conf.default * 2004-07-27 21:52 (Minor) NTLM authentication truncated * 2004-07-17 22:43 (Minor) Memory leak in client_db * 2004-07-17 20:11 (Cosmetic) Add delay pools information to active_requests * 2004-07-17 19:57 (Minor) case insensitive authentication * 2004-07-17 19:48 (Cosmetic) Warn if cache_dir ufs can not create files * 2004-07-17 16:33 (Cosmetic) HEAD requests may return stale information * 2004-07-17 16:33 (Minor) Partial hit results in TCP_HIT, not TCP_MISS * 2004-07-17 16:33 (Cosmetic) request_header_max_size configuration option doesn't work correctly * 2004-07-29 13:29 (Minor) A large number of queued DNS lookups for the same domain * 2004-08-10 09:40 (Minor) LDAP helpers update * 2004-07-14 16:29 (Medium) storeCreate: no valid swapdirs for this object @ text @d1 1 a1 1 $NetBSD: patch-cd,v 1.3 2004/03/30 08:17:46 agc Exp $ d3 1 a3 1 --- src/client_side.c.orig 2004-08-20 18:35:25.000000000 +0900 d5 1 a5 1 @@@@ -2752,6 +2752,9 @@@@ parseHttpRequest(ConnStateData * conn, m @ 1.4.4.1 log @Pullup ticket 280 - requested by Takahiro Kambe update squid Revisions pulled up: pkgsrc/www/squid/Makefile 1.134 pkgsrc/www/squid/distinfo 1.80 pkgsrc/www/squid/patches/patch-al 1.6 pkgsrc/www/squid/patches/patch-cd 1.5 Module Name: pkgsrc Committed By: taca Date: Fri Feb 11 14:47:18 UTC 2005 Modified Files: pkgsrc/www/squid: Makefile distinfo pkgsrc/www/squid/patches: patch-al patch-cd Log Message: Update squid package to 2.5.8 (squid-2.5.STABLE8). Most of these changes are already included in previous squid-2.5.7nb12. But last one is really new one. Changes to squid-2.5.STABLE8 (11 Feb 2005) - [Minor] 100% CPU usage on half-closed PUT/POST requests (Bug #354, #1096) - [Cosmetic] Document -v (protocol version) option to LDAP helpers - [Minor] The new req_header and resp_header acls segfaults immediately on parse of squid.conf (Bug #961) - [Minor] Failure to shut down busy helpers on -k rotate/reconfigure (Bug #1118) - [Minor] Don't use O_NONBLOCK on disk files. (Bug #1102) - [Minor] Squid fails to close TCP connection after blank HTTP response (Bug #1116) - [Minor security] Random error messages in response to malformed host name (Bug #1143) - [Minor] PURGE should not be able to delete internal objects (Bug #1112) - [Minor] httpd_accel_port 0 (virtual) not working correctly (Bug #1121) - [Minor] cachemgr vm_objects segfault (Bug #1149) - [Minor security] Confusing results on empty acl declarations (Bug #1166) - [Minor] Don't close all "other" filedescriptors on startup (Bug #1177) - [Minor] fakeauth_auth memory leak and NULL pointer access (Bug #1183) - [Security] buffer overflow bug in gopherToHTML() (Bug #1189) - [Medium security] Denial of service with forged WCCP messages (Bug #1190) - [Minor] DNS related memory leak on certain malformed DNS responses (Bug #1197) - [Minor] Internal DNS sometimes truncates host names in reverse (PTR) lookups (Bug #1136) - [Minor Security] Add sanity checks on LDAP user names (Bug #1187) - [Security] Harden Squid agains HTTP request smuggling attacks - [Minor] Icon URLs fails in non-anonymous FTP directory listings is short_icon_urls is on (Bug #1203) - [Security] Harden Squid agains HTTP response splitting attacks (Bug #1200) - [Medium security] Buffer overflow in WCCP recvfrom() call (Bug #1217) - [Security] Properly handle oversized reply headers (Bug #1216) - [Minor] LDAP helpers search fixed to properly ask for no attributes - [Minor] A sporadic segmentation fault when using ntlm authentication fixed (Bug #1127) - [Major] Segmentation fault on failed PUT/POST requests (Bug #1224) - [Medium] Persistent connection mismatch on failed PUT/POST request (Bug #1122) - [Minor] WCCP easily disturbed by forged packets (Bug #1225) - [Minor] Password management in ftp:// gatewaying improved (Bug #1226 - [Major] HTTP reply data corruption in certain situations involving reply headers split over multiple packets (Bug #1233) @ text @d1 1 a1 1 $NetBSD: patch-cd,v 1.5 2005/02/11 14:47:18 taca Exp $ d3 1 a3 1 --- src/client_side.c.orig 2005-02-04 09:10:09.000000000 +0900 d5 1 a5 1 @@@@ -2773,6 +2773,9 @@@@ parseHttpRequest(ConnStateData * conn, m @ 1.3 log @Make this build on NetBSD-2.0A with ipfilter-4.1.1 @ text @d1 1 a1 1 $NetBSD$ d3 3 a5 3 --- src/client_side.c 2004/03/30 08:10:51 1.1 +++ src/client_side.c 2004/03/30 08:12:35 @@@@ -2753,6 +2753,9 @@@@ @ 1.2 log @Remove patches/patch-cd since squid-2.5.STABLE1-mib.patch's content is fixed. @ text @d1 1 a1 1 $NetBSD: patch-cd,v 1.1 2003/02/16 06:43:42 taca Exp $ d3 12 a14 9 --- src/mib.txt.orig 2000-05-16 16:06:05.000000000 +0900 +++ src/mib.txt @@@@ -1,4 +1,4 @@@@ -SQUID-MIB { iso org(3) dod(6) internet(1) private(4) enterprises(1) 3495 } +-- SQUID-MIB { iso org(3) dod(6) internet(1) private(4) enterprises(1) 3495 } -DEFINITIONS ::= BEGIN +SQUID-MIB DEFINITIONS ::= BEGIN -- @ 1.1 log @- Add more official patches, last one is applied as patches/patch-cd since it is broken (reported to squid-bugs@@squid-cache.org.) - use DIST_SUBDIR. - bump PKG_REVISION. @ text @d1 1 a1 1 $NetBSD$ @