head 1.17; access; symbols pkgsrc-2023Q4:1.17.0.12 pkgsrc-2023Q4-base:1.17 pkgsrc-2023Q3:1.17.0.10 pkgsrc-2023Q3-base:1.17 pkgsrc-2023Q2:1.17.0.8 pkgsrc-2023Q2-base:1.17 pkgsrc-2023Q1:1.17.0.6 pkgsrc-2023Q1-base:1.17 pkgsrc-2022Q4:1.17.0.4 pkgsrc-2022Q4-base:1.17 pkgsrc-2022Q3:1.17.0.2 pkgsrc-2022Q3-base:1.17 pkgsrc-2022Q2:1.15.0.6 pkgsrc-2022Q2-base:1.15 pkgsrc-2022Q1:1.15.0.4 pkgsrc-2022Q1-base:1.15 pkgsrc-2021Q4:1.15.0.2 pkgsrc-2021Q4-base:1.15 pkgsrc-2021Q3:1.12.0.2 pkgsrc-2021Q3-base:1.12 pkgsrc-2021Q2:1.11.0.2 pkgsrc-2021Q2-base:1.11 pkgsrc-2021Q1:1.10.0.2 pkgsrc-2021Q1-base:1.10 pkgsrc-2020Q4:1.9.0.4 pkgsrc-2020Q4-base:1.9 pkgsrc-2020Q3:1.9.0.2 pkgsrc-2020Q3-base:1.9 pkgsrc-2020Q2:1.7.0.2 pkgsrc-2020Q2-base:1.7 pkgsrc-2020Q1:1.3.0.2 pkgsrc-2020Q1-base:1.3; locks; strict; comment @# @; 1.17 date 2022.09.23.15.07.13; author taca; state Exp; branches; next 1.16; commitid 4V0qTtStYRXVZZUD; 1.16 date 2022.08.15.08.51.16; author taca; state Exp; branches; next 1.15; commitid Vpo9vtovcT6qaXPD; 1.15 date 2021.10.26.11.31.08; author nia; state Exp; branches; next 1.14; commitid Gv0TNLbuylhFsjeD; 1.14 date 2021.10.10.15.55.47; author taca; state Exp; branches; next 1.13; commitid BzvbpYTRTsYYrhcD; 1.13 date 2021.10.07.15.08.53; author nia; state Exp; branches; next 1.12; commitid kEwAbZZbki9jhTbD; 1.12 date 2021.07.22.22.47.58; author taca; state Exp; branches; next 1.11; commitid QQU3dEeEP3WVi22D; 1.11 date 2021.05.10.14.22.56; author taca; state Exp; branches; next 1.10; commitid pLuMWJmTf0AaRBSC; 1.10 date 2021.03.13.15.24.44; author taca; state Exp; branches 1.10.2.1; next 1.9; commitid UF3pP1iYZPmZ3aLC; 1.9 date 2020.08.23.09.51.35; author taca; state Exp; branches; next 1.8; commitid 71xq5cPgTQi0IalC; 1.8 date 2020.07.09.20.57.11; author otis; state Exp; branches; next 1.7; commitid 8YysP3lucXYJOrfC; 1.7 date 2020.06.19.13.44.28; author taca; state Exp; branches; next 1.6; commitid oC7rd0nLxnpC5QcC; 1.6 date 2020.04.23.13.52.24; author mef; state Exp; branches; next 1.5; commitid RFmrfonsKYhHXv5C; 1.5 date 2020.04.09.16.27.15; author sborrill; state Exp; branches; next 1.4; commitid c8ZyjXLZCjlKgJ3C; 1.4 date 2020.04.09.09.45.19; author sborrill; state Exp; branches; next 1.3; commitid 57P1hfmZc32z2H3C; 1.3 date 2020.02.04.03.03.48; author taca; state Exp; branches 1.3.2.1; next 1.2; commitid C41XfkMcgzJKUiVB; 1.2 date 2020.01.10.21.22.22; author joerg; state Exp; branches; next 1.1; commitid ilKoxCj3xyrBNbSB; 1.1 date 2020.01.04.10.57.18; author taca; state Exp; branches; next ; commitid XVmaPNtynO9VwmRB; 1.10.2.1 date 2021.05.31.13.28.45; author bsiegert; state Exp; branches; next ; commitid DRN7Fm9WpuWLSiVC; 1.3.2.1 date 2020.04.30.08.35.50; author bsiegert; state Exp; branches; next ; commitid c82VzJ686XqtZn6C; desc @@ 1.17 log @www/squid4: add official patches for security fix Add official patches for security fix to CVE-2022-41317 and CVE-2022-41318. Bump PKGREVISION. @ text @$NetBSD: distinfo,v 1.16 2022/08/15 08:51:16 taca Exp $ BLAKE2s (SQUID-2022_1.patch) = 83cbae437b88f2a45edf4f106d0e54aed9ccb7a4da83fa06fbb5f0ba252ccda5 SHA512 (SQUID-2022_1.patch) = e4ed490f5736b51fa7bdedd9091d94fca327f41180fca38578bb65bff19f90c1a43810a4eae381beb7974bade68723e1788e2063f805e060ee2ca1f35a44ff62 Size (SQUID-2022_1.patch) = 867 bytes BLAKE2s (SQUID-2022_2.patch) = c2755d5d2f5840c96640e5ee1fa9534597164f1fa599b25d9aa5144d1cf5bb73 SHA512 (SQUID-2022_2.patch) = e63825d5baeeee04bd7c64c0954c9595031a5053fe1df29284a18e0b5dc3201df07b130af942fb98b713bc37673b26af96666f97734b029e6e4e8ccd1005a887 Size (SQUID-2022_2.patch) = 1719 bytes BLAKE2s (squid-4.17.tar.xz) = 017ccf4d7df44393dafc40347e66d3b6d7498c5aef9654ae6401d5a1a5b6f883 SHA512 (squid-4.17.tar.xz) = cea36de10f128f5beb51bdc89604c16af3a820a5ac27284b2aa181ac87144930489688e1d85ce357fe1ed8a4e96e300277b95034a2475cbf86c9d6923ddf7c0a Size (squid-4.17.tar.xz) = 2464204 bytes SHA1 (patch-compat_compat.h) = 839381a5e1f46e7d9b822bbb53d82a53c996ddc0 SHA1 (patch-configure) = b8c6d66a59d8fd1e5b042889a36c32e15e9629c4 SHA1 (patch-errors_Makefile.in) = 84cbf5c836f02ed5fbfff140888c6d3aadeac326 SHA1 (patch-src_Makefile.in) = afc5aefd97c46d1ffab43e97aeaeade3a5a8c648 SHA1 (patch-src_acl_external_kerberos__ldap__group_support__resolv.cc) = 0ea41d55e32d689a16e012391a9eea67631daf3a SHA1 (patch-src_comm_ModKqueue.cc) = d8c5d235f07a48731275101d60fcbf2e22f77b96 SHA1 (patch-src_esi_VarState.cc) = d9418e59cdc390b2d970195167a99bb7ed392c38 SHA1 (patch-src_fs_ufs_RebuildState.h) = 76ee5c437b3dad05e428ae89cd5af6c052a40e59 SHA1 (patch-tools_Makefile.in) = d098c0c9dc4af577f74e562d99f07ed98be5ae01 @ 1.16 log @www/squid4: trying to remove references to the build directory Trying to remove references to the build directory related to PKG_CONF*. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.15 2021/10/26 11:31:08 nia Exp $ d3 6 @ 1.15 log @www: Replace RMD160 checksums with BLAKE2s checksums All checksums have been double-checked against existing RMD160 and SHA512 hashes Not committed (merge conflicts): www/nghttp2/distinfo Unfetchable distfiles (almost certainly fetched conditionally...): ./www/nginx-devel/distinfo array-var-nginx-module-0.05.tar.gz ./www/nginx-devel/distinfo echo-nginx-module-0.62.tar.gz ./www/nginx-devel/distinfo encrypted-session-nginx-module-0.08.tar.gz ./www/nginx-devel/distinfo form-input-nginx-module-0.12.tar.gz ./www/nginx-devel/distinfo headers-more-nginx-module-0.33.tar.gz ./www/nginx-devel/distinfo lua-nginx-module-0.10.19.tar.gz ./www/nginx-devel/distinfo naxsi-1.3.tar.gz ./www/nginx-devel/distinfo nginx-dav-ext-module-3.0.0.tar.gz ./www/nginx-devel/distinfo nginx-rtmp-module-1.2.2.tar.gz ./www/nginx-devel/distinfo nginx_http_push_module-1.2.10.tar.gz ./www/nginx-devel/distinfo ngx_cache_purge-2.5.1.tar.gz ./www/nginx-devel/distinfo ngx_devel_kit-0.3.1.tar.gz ./www/nginx-devel/distinfo ngx_http_geoip2_module-3.3.tar.gz ./www/nginx-devel/distinfo njs-0.5.0.tar.gz ./www/nginx-devel/distinfo set-misc-nginx-module-0.32.tar.gz ./www/nginx/distinfo array-var-nginx-module-0.05.tar.gz ./www/nginx/distinfo echo-nginx-module-0.62.tar.gz ./www/nginx/distinfo encrypted-session-nginx-module-0.08.tar.gz ./www/nginx/distinfo form-input-nginx-module-0.12.tar.gz ./www/nginx/distinfo headers-more-nginx-module-0.33.tar.gz ./www/nginx/distinfo lua-nginx-module-0.10.19.tar.gz ./www/nginx/distinfo naxsi-1.3.tar.gz ./www/nginx/distinfo nginx-dav-ext-module-3.0.0.tar.gz ./www/nginx/distinfo nginx-rtmp-module-1.2.2.tar.gz ./www/nginx/distinfo nginx_http_push_module-1.2.10.tar.gz ./www/nginx/distinfo ngx_cache_purge-2.5.1.tar.gz ./www/nginx/distinfo ngx_devel_kit-0.3.1.tar.gz ./www/nginx/distinfo ngx_http_geoip2_module-3.3.tar.gz ./www/nginx/distinfo njs-0.5.0.tar.gz ./www/nginx/distinfo set-misc-nginx-module-0.32.tar.gz @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.14 2021/10/10 15:55:47 taca Exp $ d7 1 a7 1 SHA1 (patch-configure) = d19dcb189447f9693d29bf477ebb6c5a7d479ec8 @ 1.14 log @www/squid4: update to 4.17 Changes in squid-4.17 (03 Oct 2021): - WCCP: Validate packets better @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.13 2021/10/07 15:08:53 nia Exp $ d3 1 a3 1 RMD160 (squid-4.17.tar.xz) = bbd2ade0960eac70298b78a34bb85cdf6cce617c @ 1.13 log @www: Remove SHA1 hashes for distfiles @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.12 2021/07/22 22:47:58 taca Exp $ d3 3 a5 3 RMD160 (squid-4.16.tar.xz) = c22206e9cfc82c4a5adf4c199ce3c4b719ccb5db SHA512 (squid-4.16.tar.xz) = 3425dc0afffdea837bfe5aff49646378011b5a2dc664491da36cf30351de967285a667528b68ab25e630a7c54ac30865a065dc4160182419f6f2b0ccba24971e Size (squid-4.16.tar.xz) = 2454396 bytes d7 1 a7 1 SHA1 (patch-configure) = 0d204989666c36172f0765f2a44766d9194c7bb2 @ 1.12 log @www/squid4: update to 4.16 Changes in squid-4.16 (04 Jul 2021): - Regression Fix: --with-valgrind-debug build broken since 4.15 - Bug 5129 pt1: remove Lock use from HttpRequestMethod - Bug 5128: Translation: Fix '% i' typo in es/ERR_FORWARDING_DENIED - Bug 4528: ICAP transactions quit on async DNS lookups @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.11 2021/05/10 14:22:56 taca Exp $ a2 1 SHA1 (squid-4.16.tar.xz) = 4ddc098b5f7c276d19134c7c3b247cdb51d1c88d @ 1.11 log @www/squid4: update to 4.15 This release fixes these security issues from prior release. * SQUID-2020:11 HTTP Request Smuggling (CVE-2020-25097) * SQUID-2021:1 Denial of Service in URN processing (CVE-2021-28651) * SQUID-2021:2 Denial of Service in HTTP Response Processing (CVE-2021-28662) * SQUID-2021:3 Denial of Service issue in Cache Manager (CVE-2021-28652) * SQUID-2021:4 Multiple issues in HTTP Range header (CVE-2021-31806, CVE-2021-31807, CVE-2021-31808) * SQUID-2021:5 Denial of Service in HTTP Response Processing (CVE pending allocation) Changes in squid-4.15 (10 May 2021): - Bug 5112: Excessively loud chunked reply parsing error reporting - Bug 5106: Broken cache manager URL parsing - Bug 5104: Memory leak in RFC 2169 response parsing - Bug 3556: "FD ... is not an open socket" for accept() problems - Profiling: CPU timing implemented for MAC non-x86 - Fix HttpHeaderStats definition to include hoErrorDetail - Fix Squid-to-client write_timeout triggers client_lifetime timeout - Limit HeaderLookupTable_t::lookup() to BadHdr and specific IDs - Handle more Range requests - Handle more partial responses - Stop processing a response if the Store entry is gone - ... and some portability fixes - ... and some documentation updates @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.10 2021/03/13 15:24:44 taca Exp $ d3 4 a6 4 SHA1 (squid-4.15.tar.xz) = 60bda34ba39657e2d870c8c1d2acece8a69c3075 RMD160 (squid-4.15.tar.xz) = 8345df992154ab72d566036f5f284188a8352aa6 SHA512 (squid-4.15.tar.xz) = 8f0ce6e30dd9173927e8133618211ffb865fb5dde4c63c2fb465e2efccda4a6efb33f2c0846870c9b915340aff5f59461a60171882bcc0c890336b846fe60bd1 Size (squid-4.15.tar.xz) = 2454176 bytes @ 1.10 log @www/squid4: update to 4.14 Changes in squid-4.14 (02 Feb 2021): - Regression Fix: support for non-lowercase Transfer-Encoding value - Regression Fix: cachemgr.cgi wrong 403 response to authenticated menu URIs - Bug 5076: WCCP Security Info incorrect - Bug 5073: Compile error: index was not declared in this scope - Bug 5065: url_rewrite_program documentation update - Bug 3074 pt2: improved handling of URI paths implicit '/' - Fix transactions exceeding client_lifetime logged as _ABORTED @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.9 2020/08/23 09:51:35 taca Exp $ d3 4 a6 4 SHA1 (squid-4.14.tar.xz) = 71ae13a845a6a7ffc69ce11086ea3e427625bc08 RMD160 (squid-4.14.tar.xz) = dfc524f6098fa4b5996962d6298cc5c8ab43d60c SHA512 (squid-4.14.tar.xz) = 3509caea9e10ea54547eeb769a21f0ca4d37e39a063953821fc51d588b22facfa183d0a48be9ab15831ee646e031079b515c75162515b8a4e7c708df2d41958b Size (squid-4.14.tar.xz) = 2452892 bytes @ 1.10.2.1 log @Pullup ticket #6465 - requested by taca www/squid4: security fix Revisions pulled up: - www/squid4/Makefile 1.18 - www/squid4/distinfo 1.11 --- Module Name: pkgsrc Committed By: taca Date: Mon May 10 14:22:57 UTC 2021 Modified Files: pkgsrc/www/squid4: Makefile distinfo Log Message: www/squid4: update to 4.15 This release fixes these security issues from prior release. * SQUID-2020:11 HTTP Request Smuggling (CVE-2020-25097) * SQUID-2021:1 Denial of Service in URN processing (CVE-2021-28651) * SQUID-2021:2 Denial of Service in HTTP Response Processing (CVE-2021-28662) * SQUID-2021:3 Denial of Service issue in Cache Manager (CVE-2021-28652) * SQUID-2021:4 Multiple issues in HTTP Range header (CVE-2021-31806, CVE-2021-31807, CVE-2021-31808) * SQUID-2021:5 Denial of Service in HTTP Response Processing (CVE pending allocation) Changes in squid-4.15 (10 May 2021): - Bug 5112: Excessively loud chunked reply parsing error reporting - Bug 5106: Broken cache manager URL parsing - Bug 5104: Memory leak in RFC 2169 response parsing - Bug 3556: "FD ... is not an open socket" for accept() problems - Profiling: CPU timing implemented for MAC non-x86 - Fix HttpHeaderStats definition to include hoErrorDetail - Fix Squid-to-client write_timeout triggers client_lifetime timeout - Limit HeaderLookupTable_t::lookup() to BadHdr and specific IDs - Handle more Range requests - Handle more partial responses - Stop processing a response if the Store entry is gone - ... and some portability fixes - ... and some documentation updates @ text @d1 1 a1 1 $NetBSD$ d3 4 a6 4 SHA1 (squid-4.15.tar.xz) = 60bda34ba39657e2d870c8c1d2acece8a69c3075 RMD160 (squid-4.15.tar.xz) = 8345df992154ab72d566036f5f284188a8352aa6 SHA512 (squid-4.15.tar.xz) = 8f0ce6e30dd9173927e8133618211ffb865fb5dde4c63c2fb465e2efccda4a6efb33f2c0846870c9b915340aff5f59461a60171882bcc0c890336b846fe60bd1 Size (squid-4.15.tar.xz) = 2454176 bytes @ 1.9 log @www/squid4: update to 4.13 Update squid4 to 4.13 (Squid 4.13). Here is release announce: The Squid HTTP Proxy team is very pleased to announce the availability of the Squid-4.13 release! This release is a security release resolving several issues found in the prior Squid releases. The major changes to be aware of: * SQUID-2020:8 HTTP(S) Request Splitting (CVE-2020-15811) This problem is serious because it allows any client, including browser scripts, to bypass local security and poison the browser cache and any downstream caches with content from an arbitrary source. See the advisory for patches: * SQUID-2020:9 Denial of Service processing Cache Digest Response (CVE pending allocation) This problem allows a trusted peer to deliver to perform Denial of Service by consuming all available CPU cycles on the machine running Squid when handling a crafted Cache Digest response message. This attack is limited to Squid using cache_peer with cache digests feature. See the advisory for patches: * SQUID-2020:10 HTTP(S) Request Smuggling (CVE-2020-15810) This problem is serious because it allows any client, including browser scripts, to bypass local security and poison the proxy cache and any downstream caches with content from an arbitrary source. See the advisory for patches: * Bug 5051: Some collapsed revalidation responses never expire This bug appears as a 4xx or 5xx status response becoming the only response delivered by Squid to a URL when Collapsed Forwarding feature is used. It primarily affects Squid which are caching the 4xx/5xx status object since Bug 5030 fix in Squid-4.11. But may have been occurring for short times on any proxy with Collapsed Forwarding. * SSL-Bump: Support parsing GREASEd (and future) TLS handshakes Chrome Browser intentionally sends random garbage values in the TLS handshake to force TLS implementations to cope with future TLS extensions cleanly. The changes in Squid-4.12 to disable TLS/1.3 caused our parser to be extra strict and reject this TLS garbage. This release adds explicit support for Chrome, or any other TLS agent performing these "GREASE" behaviours. * Honor on_unsupported_protocol for intercepted https_port This behaviour was one of the intended use-cases for unsupported protocol handling, but somehow was not enabled earlier. Squid should now be able to perform the on_unsupported_protocol selected action for any traffic handled by SSL-Bump. All users of Squid are urged to upgrade as soon as possible. See the ChangeLog for the full list of changes in this and earlier releases. Please refer to the release notes at http://www.squid-cache.org/Versions/v4/RELEASENOTES.html when you are ready to make the switch to Squid-4 @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.8 2020/07/09 20:57:11 otis Exp $ d3 4 a6 4 SHA1 (squid-4.13.tar.xz) = cac95c18789e9ecd6620c2f278fc3900498c065b RMD160 (squid-4.13.tar.xz) = e49c1b0c6154a3ec0c1ce84e1d9c1c76733cefc1 SHA512 (squid-4.13.tar.xz) = 06807f82ed01e12afe2dd843aa0a94f69c351765b1889c4c5c3da1cf2ecb06ac3a4be6a24a62f04397299c8fc0df5397f76f64df5422ff78b37a9382d5fdf7fc Size (squid-4.13.tar.xz) = 2452752 bytes a14 1 SHA1 (patch-src_security_Handshake.cc) = 5c48ab63e7e387ff14e3a0a2d9cddfeef66782ec @ 1.8 log @squid4: Fix build and SSL handshake on Chromium-based browsers Changes: - Fix an error where strings.h was not properly included - Add SMF support on apropriate platforms - Backport https://github.com/squid-cache/squid/pull/663: SslBump: Support parsing GREASEd (and future) TLS handshakes @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.7 2020/06/19 13:44:28 taca Exp $ d3 4 a6 4 SHA1 (squid-4.12.tar.xz) = 316b8a343aa542b5e7469d33b9d726bee00679c6 RMD160 (squid-4.12.tar.xz) = 5d593efe84ca34c39a21bab523e75621dec4e9bb SHA512 (squid-4.12.tar.xz) = 96fa700a0c28711eb1ec5e44e1d324dc8d3accdddbc675def8babe057e2cc71083bd3817bc37cbd9f3c03772743df578573ee3698bbd6131df68c3580ad31ef4 Size (squid-4.12.tar.xz) = 2450564 bytes @ 1.7 log @www/squid4: update to 4.12 Update squid4 to 4.12 (Squid 4.12). This release includes fix for CVE-2020-14058: . Changes to squid-4.12 (05 Jun 2020): - Regression Fix: Revert to slow search for new SMP shm pages - Bug 5045: ext_edirectory_userip_acl is missing include files - Bug 5041: Missing Debug::Extra breaks build on hosts with systemd - Bug 5030: Negative responses are never cached - HTTP: validate Content-Length value prefix - HTTP: add flexible RFC 3986 URI encoder - SslBump: disable OpenSSL TLSv1.3 support for older TLS traffic - Tests: Support passing a custom config.cache to test builds - Fix IPFilter IPv6 detection, especially on NetBSD - Fix stall if transaction overwrites a recently active cache entry - ... and some compile fixes @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.6 2020/04/23 13:52:24 mef Exp $ d13 1 d15 1 @ 1.6 log @(www/squid4) Updated to 4.10 (and clear pkglint one point in patch) Changes to squid-4.11 (18 Apr 2020): - Bug 5036: capital 'L's in logs when daemon queue overflows - Bug 5022: Reconfigure kills Coordinator in SMP+ufs configurations - Bug 5016: systemd thinks Squid is ready before Squid listens - kerberos_ldap_group: fix encryption type for cross realm check - HTTP: Ignore malformed Host header in intercept and reverse proxy mode - Fix Digest authentication nonce handling - Supply ALE to request_header_add/reply_header_add - ... and some documentation updates - ... and some compile fixes @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.5 2020/04/09 16:27:15 sborrill Exp $ d3 4 a6 5 SHA1 (squid-4.11.tar.xz) = 053277bf5497163ffc9261b9807abda5959bb6fc RMD160 (squid-4.11.tar.xz) = 14392a0e6a5b44c0673bcc37b5753d274762b10e SHA512 (squid-4.11.tar.xz) = 02d4bb4d5860124347670615e69b1b92be7ea4fc0131e54091a06cb2e67bd73583d8e6cbe472473f0c59764611a49561d02ab9fe2bf0305ce4652d4ec7714f26 Size (squid-4.11.tar.xz) = 2447700 bytes SHA1 (patch-acinclude_os-deps.m4) = 7af769f4df2c8293bec0be1fb4c222da35aa3fee d8 1 a8 1 SHA1 (patch-configure) = 24ae8657741697f4170c5e41657b07715956de95 a13 1 SHA1 (patch-src_ip_Intercept.cc) = dd24a402f3634d156ecaeb4eae815b21c7a0adfa @ 1.5 log @Generate correct #defines for the IPFilter IPv6 detection with no trailing underscores @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.3 2020/02/04 03:03:48 taca Exp $ d3 4 a6 4 SHA1 (squid-4.10.tar.xz) = b8b267771550bb8c7f2b2968b305118090e7217a RMD160 (squid-4.10.tar.xz) = 33b4f2fb2a428fb37379541eabb1c892fa29ae44 SHA512 (squid-4.10.tar.xz) = 033891f84789fe23a23fabcfb6f51a5b044c16892600f94380b5f0bcbceaef67b95c7047154d940511146248ca9846a949f00a609c6ed27f9af8829325eb08e0 Size (squid-4.10.tar.xz) = 2445848 bytes d9 1 a9 1 SHA1 (patch-configure) = f3c0c21a9bd6e3a706873c621fbdd2c6420cfbb3 @ 1.4 log @Fix IPFilter transparent proxy support by: - including correct headers in configure tests - using correct autoconf value output by configure Bump PKGREVISION @ text @d7 1 a7 1 SHA1 (patch-acinclude_os-deps.m4) = 7655c38427fea34156e146ce72095946df344f3f d9 1 a9 1 SHA1 (patch-configure) = 9c31a02086b308334a263b77dd3552c49af64d1d @ 1.3 log @www/squid4: update to 4.10 pkgsrc changes: clean up PKG_OPTIONS and enable several backends default. Quote from release announce: This release is a security release resolving several issues found in the prior Squid releases. The major changes to be aware of: * SQUID-2020:1 Improper Input Validation issues in HTTP Request processing (CVE-2020-8449, CVE-2020-8450) This issue allows attackers to perform denial of service on the proxy and all clients using it. This issue potentially allows attackers to bypass security access controls in systems between client and proxy. This issue potentially allows remote code execution under the proxy low-privilege level. While restricted, it does have access to a wide range of information about the network structure and other clients using the proxy. This issue is limited to Squid acting as a reverse-proxy. Some effects also require allow_direct permissions. See the advisory for updated patches: Please note that NTLM is a deprecated authentication mechanism. All users of this tool are advised to plan migration to Negotiate/Kerberos authentication. * SQUID-2020:2 Information Disclosure issue in FTP Gateway. (CVE-2019-12528) Certain FTP server responses can result in Squid revealing random amounts of memory content from heap. When Squid mempools feature is enabled the leak is limited to lines in FTP directory listings, possibly from other clients. When mempools is disabled the information may be anything from the heap area including information from other processes on the machine. See the advisory for more details: * SQUID-2020:3 Buffer Overflow issue in ext_lm_group_acl helper. (CVE-2020-8517) This problem is limited to installations using the ext_lm_group_acl binary (previously shipped as mswin_check_lm_group). Due to incorrect input validation the NTLM authentication credentials parser in ext_lm_group_acl may write to memory outside the credentials buffer. On systems with memory access protections this can result in the the helper process being terminated unexpectedly. Resulting in Squid process also terminating and a denial of service for all clients using the proxy. See the advisory for more details: * Bug 5008: SIGBUS in PagePool::level() with custom rock slot size This shows up as SMP Squids crashing on arm64 with a SIGBUS error. The issues was incorrect memory alignment with certain cache sizes. This Squid release now forces alignment of the critical rock page details. * Bug 4735: Truncated chunked responses cached as whole This bug shows up as clients getting the cached truncated response objects until the cache object expires or is force removed. In absence of partial-object caching this Squid release treats incomplete responses as non-cacheable and prevents the chunked encoding terminator chunk being delivered to the active client(s). * Fix server_cert_fingerprint on cert validator-reported errors This bug shows up as a server_cert_fingerprint ACL mismatch when sslproxy_cert_error directive was applied to validation errors reported by the certificate validator, because the ACL could not find the server certificate. All users of Squid are urged to upgrade as soon as possible. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.2 2020/01/10 21:22:22 joerg Exp $ d7 1 d9 1 a9 1 SHA1 (patch-configure) = e7920ba353716e26d0b7559366c86b22cb03adfd d15 1 @ 1.3.2.1 log @Pullup ticket #6179 - requested by taca www/squid4: security fix Revisions pulled up: - www/squid4/Makefile 1.6-1.7 - www/squid4/distinfo 1.4-1.6 - www/squid4/patches/patch-acinclude_os-deps.m4 1.1-1.2 - www/squid4/patches/patch-configure 1.3-1.5 - www/squid4/patches/patch-src_ip_Intercept.cc 1.1 --- Module Name: pkgsrc Committed By: sborrill Date: Thu Apr 9 09:45:20 UTC 2020 Modified Files: pkgsrc/www/squid4: Makefile distinfo pkgsrc/www/squid4/patches: patch-configure Added Files: pkgsrc/www/squid4/patches: patch-acinclude_os-deps.m4 patch-src_ip_Intercept.cc Log Message: Fix IPFilter transparent proxy support by: - including correct headers in configure tests - using correct autoconf value output by configure Bump PKGREVISION --- Module Name: pkgsrc Committed By: sborrill Date: Thu Apr 9 16:27:15 UTC 2020 Modified Files: pkgsrc/www/squid4: distinfo pkgsrc/www/squid4/patches: patch-acinclude_os-deps.m4 patch-configure Log Message: Generate correct #defines for the IPFilter IPv6 detection with no trailing underscores --- Module Name: pkgsrc Committed By: mef Date: Thu Apr 23 13:52:24 UTC 2020 Modified Files: pkgsrc/www/squid4: Makefile distinfo pkgsrc/www/squid4/patches: patch-configure Log Message: (www/squid4) Updated to 4.10 (and clear pkglint one point in patch) Changes to squid-4.11 (18 Apr 2020): - Bug 5036: capital 'L's in logs when daemon queue overflows - Bug 5022: Reconfigure kills Coordinator in SMP+ufs configurations - Bug 5016: systemd thinks Squid is ready before Squid listens - kerberos_ldap_group: fix encryption type for cross realm check - HTTP: Ignore malformed Host header in intercept and reverse proxy mode - Fix Digest authentication nonce handling - Supply ALE to request_header_add/reply_header_add - ... and some documentation updates - ... and some compile fixes @ text @d1 1 a1 1 $NetBSD$ d3 4 a6 5 SHA1 (squid-4.11.tar.xz) = 053277bf5497163ffc9261b9807abda5959bb6fc RMD160 (squid-4.11.tar.xz) = 14392a0e6a5b44c0673bcc37b5753d274762b10e SHA512 (squid-4.11.tar.xz) = 02d4bb4d5860124347670615e69b1b92be7ea4fc0131e54091a06cb2e67bd73583d8e6cbe472473f0c59764611a49561d02ab9fe2bf0305ce4652d4ec7714f26 Size (squid-4.11.tar.xz) = 2447700 bytes SHA1 (patch-acinclude_os-deps.m4) = 7af769f4df2c8293bec0be1fb4c222da35aa3fee d8 1 a8 1 SHA1 (patch-configure) = 24ae8657741697f4170c5e41657b07715956de95 a13 1 SHA1 (patch-src_ip_Intercept.cc) = dd24a402f3634d156ecaeb4eae815b21c7a0adfa @ 1.2 log @Fix kqueue fallout on NetBSD current. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.1 2020/01/04 10:57:18 taca Exp $ d3 4 a6 4 SHA1 (squid-4.9.tar.xz) = 43c90a1a2eb4d1613f1bfc603ad08e8a835be319 RMD160 (squid-4.9.tar.xz) = 164d000671dba370ebd1b1d1e36137b1d9d7df67 SHA512 (squid-4.9.tar.xz) = ca3db39379ea0582ff28297dde21899d02916ea499fb9c0f86aa60301829b7c601bb21ee274f841555047bc911e878717b38670b8796e5d717862b7a285ef84f Size (squid-4.9.tar.xz) = 2444664 bytes d8 1 a8 1 SHA1 (patch-configure) = 1474c9b2a2706b3105ee6ebe9354d33a66deb0c7 a13 1 SHA1 (patch-src_security_ServerOptions.h) = 36ed59837040d652ca00ca685970f7c728ff67c3 @ 1.1 log @www/squid4: Add squid4 package version 4.9 Add squid4 package version 4.9 based on wip/squid4 package. Squid is a fully-featured HTTP/1.0 proxy with partial HTTP/1.1 support The 4 series brings many new features and upgrades to the basic networking protocols. A short list of the major new features is: Squid 4 represents a new feature release above 3.5. The most important of these new features are: * Configurable helper queue size * Helper concurrency channels changes * SSL support removal * Helper Binary Changes * Secure ICAP * Improved SMP support * Improved process management * Initial GnuTLS support * ESI Custom Parser removal @ text @d1 1 a1 1 $NetBSD$ d12 1 a12 1 SHA1 (patch-src_comm_ModKqueue.cc) = 6ca7596a56c86d2dd9d88387a9e7784f262db319 d14 1 @