Commit graph

202 commits

Author SHA1 Message Date
Edwin Groothuis
b3f2631a43 [Maintainer] www/squid: rc(8) related fixups
- Fix rc(8) preamble in the squid run script
	- Use the .sh suffix only for the old style script
	- Do not refer to "rcNG" in pkg-install anymore, rcNG is the default
	  rc style by now
	- Bump PORTREVISION (to mark this change and because the package content
	  changes)

PR:		ports/90858
Submitted by:	Thomas-Martin Seck <tmseck@netcologne.de>
2005-12-25 23:38:48 +00:00
Renato Botelho
878295ccf1 - Integrate vendor patch to fix a problem with the SMB helper when
--enable-ntlm-fail-open was specified as an additional configuration
  option (squid bug #1022).
  The port does not enable this option by default; document it, while at it.
- Add SHA256 checksum for the squid tarball
- Integrate ICAP client support based upon the icap project's CVS repository,
  turned off by default.
  To activate it, build the port with WITH_SQUID_ICAP defined or rerun
  'make config'.
- Bump PORTREVISION

PR:		ports/90688
Submitted by:	maintainer
2005-12-20 16:01:15 +00:00
Kirill Ponomarev
f903bed87f Update to 2.5.STABLE12
PR:		ports/88327
Submitted by:	maintainer
2005-11-01 14:05:59 +00:00
Renato Botelho
29dca01b77 Integrate the following vendor patches as published on
<http://www.squid-cache.org/Versions/v2/2.5/bugs/>:

- document that tcp_outgoing_xxx works badly in combination with
  server_persistent_connections (squid bug #454)
- add more tracing in test mode of squid_ldap_auth (squid bug #1395)
- fix breakage of accel_single_host when combined with
  server_persistent_connection (squid bug #1402)
- correctly implement the CACHE_HTTP_PORT configuration directive
  (squid bug #1403)
- fix the problem that CNAME addresses were remembered with a wrong TTL
  (squid bug #1404)
- fix incorrect handling of squid-internal-dynamic/netdb in conjunction with
  httpd_accel/transparent proxies (squid bug #1410)
- properly revalidate the cache on HEAD requests (squid bug #1411)
- correct handling of Set-Cookie headers on cache refreshes (squid bug #1419)
- fix a vulnerability in the FTP parsing code (squid bug #1426)

PR:		ports/87637
Submitted by:	maintainer
2005-10-19 12:21:11 +00:00
Marcus Alves Grando
c5799da9be Fix smb_auth helper
PR:		86850
Pointed by:	Dean M. Phillips <dmphilli@gmail.com>
Submitted by:	Thomas-Martin Seck <tmseck@netcologne.de> (maintainer)
2005-10-06 18:47:55 +00:00
Renato Botelho
8d51ef89de Integrate a patch from
<http://www.squid-cache.org/Versions/v2/2.5/bugs/>:
- fix delay pools behaviour which was broken by the patch for squid bug #500,
  introduced in squid-2.5.10_6 (squid bug #1405)

PR:		ports/86669
Submitted by:	maintainer
2005-09-28 12:55:56 +00:00
Renato Botelho
c6e5ee8cbf - Update to 2.5-STABLE11
- Adapt the follow-XFF patches to the changes to squid's sources

PR:		ports/86472
Submitted by:	maintainer
2005-09-22 17:28:33 +00:00
Pav Lucistnik
f8834e53d2 Update the NTLM-scheme patch to version 2. The first version of the patch is
broken (cf <http://www.squid-cache.org/bugs/show_bug.cgi?id=1391>).

PR:		ports/86215
Submitted by:	Thomas-Martin Seck <tmseck@netcologne.de> (maintainer)
2005-09-16 17:39:01 +00:00
Pav Lucistnik
43e58bb9bc - Integrate the following vendor patches:
- LDAP helpers do not work with TLS (-Z option)
    (squid bug #1389)
  - Incorrect store dir selection debug message on objects >2G
    (squid bug #1343)
  - Enums cannot be assumed to be signed ints
    (squid bug #1343)
  - Allow leaving core dumps on Linux
    (squid bug #1335)
  - Do not let clients bypass delay pools by faking a cache hit
    (squid bug #500)
  - Fix problems regarding CONNECT requests when squid is configured with
    "pipeline_prefetch on"
  - Fix a possible DOS condition which may be triggered by certain NTLM
    authentication requests
    (squid bug #1391)
- Remove patching relevant to recently removed pf from ports option

PR:		ports/86179
Submitted by:	Thomas-Martin Seck <tmseck@netcologne.de> (maintainer)
2005-09-15 20:10:59 +00:00
Pav Lucistnik
3ba03fca82 - Remove dependencies on security/pf, it was removed. pf is in base since
502106

Pointy hat to:	pav
2005-09-14 23:27:00 +00:00
Sergey Matveychuk
b082667271 - Fix somewhat messed up titles in FTP listings (squid bug #1220)
- FTP listings use "BASE HREF" much more than necessary (squid bug #1204)
- Cleanups for 64bit architectures (squid bug #1316)
- Allow wb_ntlm_auth to run more silent (squid bug #518)
- Add a new 'mail_program' configuration option
- Fix a possible denial of service condition regarding sslConnectTimeout
  (squid bug #1355, Secunia Advisory SA16674)
- Avoid a possible assertion failure in StatHist.c (squid bug #1325)
- Fix issues regarding chroot'ed installations on 'squid -k reconfigure'
  (squid bug #1331)
- Make URLs in error pages more consistent and less confusing (squid bug #1342)
- Fix compilation when _FORTIFY_SOURCE is defined (squid bug #1344)
- Fix handling of unexpected 250 replies from certain odd FTP servers
  (squid bug #1348)
- Add Greek error pages (squid bug #1351)
- Fix a possible denial of service condition with regards to aborted requests
  (squid bug #1368)
- Fix the -U option of squid_ldap_auth (squid bug #1370)
- Fix the output of the SNMP cacheClientTable for IP adresses that consist of
  16 digits (squid bug #1375)
- Make the From: field of mails sent from squid configurable to avoid
  mails getting lost due to spam filtering (squid bug #1380)

PR:		ports/85688
Submitted by:	maintainer
2005-09-04 07:57:55 +00:00
Florent Thoumie
aa4c9add34 - Update transparent patch.
PR:		ports/82838
Submitted by:	maintainer
2005-06-30 19:25:09 +00:00
Jean-Yves Lefort
9c2eddd2c6 Update the chroot vendor patch to version 2, cf
http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE10-chroot

PR:		ports/82739
Submitted by:	maintainer
2005-06-29 20:41:27 +00:00
Michael Johnson
342997ec98 - Integrate the following vendor patches as published on
<http://www.squid-cache.org/Versions/v2/2.5/bugs/>:

  + double content-length often harmless (squid bug #1305)
  + update spanish error pages
  + squid internal icons were served with slightly incorrect headers
    (squid bug #1275)
  + squid -k fails in combination with chroot (squid bug #1307)
  + core dump with --enable-ipf-transparent if access to NAT device is denied
    (squid bug #1313)
  + http_accel_single_host incompatible with redirection (squid bug #1314)
  + squid -k reconfigure caused data corruption when a cache_dir type had been
    changed (squid bug #1308)
  + SNMP getnext failed if the given OID was outside the squid MIB (squid bug
    #1317)

PR:		ports/82703
Submitted by:	Thomas-Martin Seck <tmseck@netcologne.de> (maintainer)
2005-06-28 02:38:39 +00:00
Jean-Yves Lefort
0561518b0c - Read cachemgr.conf rather than cachemgr.conf.default
- Add a missing %SUBDIR% in MASTER_SITES

PR:		ports/81319
Submitted by:	maintainer
2005-05-22 13:49:22 +00:00
Pav Lucistnik
33ad773d04 - Update Squid to 2.5.STABLE10
PR:		ports/81213
Submitted by:	Thomas-Martin Seck <tmseck@netcologne.de> (maintainer)
2005-05-19 14:17:01 +00:00
Volker Stolz
9cec7c9ea0 - update distinfo for the updated syslog patch
- remove local patch that is now incorporated into the corresponding
  vendor patch (with slightly different wording)

PR:		ports/80367
Submitted by:	maintainer
2005-04-27 07:31:36 +00:00
Yen-Ming Lee
6410f43979 - Update distinfo for the 2GB patch, this includes a fix for
squid bugs #1283, 1287 and 1288 (assertion failed in store_client.c:343).
  (already committed)

- Bump portrevision as a datapoint for this bugfix.

PR:		80163
Submitted by:	Thomas-Martin Seck <tmseck@netcologne.de> (maintainer)
2005-04-21 08:57:57 +00:00
Yen-Ming Lee
ce7cb9f97a - according web page, the patch file is rerolled at 2005-04-20 14:59 again
http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE9-2GB

Noticed by:	kris
2005-04-20 23:53:27 +00:00
Yen-Ming Lee
12dbf6e9c8 - the patch is repacked at 2005-04-18 00:57, after maintainer submit PR 80028
- diff is listed below:

--- /tmp/squid-2.5.STABLE9-2GB.patch	Mon Apr  4 17:09:16 2005
+++ /usr/ports/distfiles/squid2.5/squid-2.5.STABLE9-2GB.patch	Mon Apr 18 08:57:57 2005
@@ -3000,7 +3000,7 @@
       }
       /* there are some things we cannot do yet */
 Index: squid/src/protos.h
-diff -c squid/src/protos.h:1.420.2.28 squid/src/protos.h:1.420.2.32
+diff -c squid/src/protos.h:1.420.2.28 squid/src/protos.h:1.420.2.30
 *** squid/src/protos.h:1.420.2.28	Fri Mar 18 17:01:52 2005
 --- squid/src/protos.h	Sat Mar 26 10:36:01 2005
 ***************
@@ -3455,9 +3455,9 @@
 +
   #endif /* SQUID_H */
 Index: squid/src/ssl.c
-diff -c squid/src/ssl.c:1.118.2.9 squid/src/ssl.c:1.118.2.10
+diff -c squid/src/ssl.c:1.118.2.9 squid/src/ssl.c:1.118.2.11
 *** squid/src/ssl.c:1.118.2.9	Mon Mar 21 12:39:29 2005
---- squid/src/ssl.c	Fri Mar 25 19:50:53 2005
+--- squid/src/ssl.c	Sun Apr 17 18:54:30 2005
 ***************
 *** 46,52 ****
   	int len;
@@ -3482,7 +3482,7 @@
   	kb_incr(&statCounter.server.all.kbytes_out, len);
   	kb_incr(&statCounter.server.other.kbytes_out, len);
 + 	/* increment total object size */
-+ 	if (sslState->size_ptr)
++ 	if (sslState->size_ptr && sslState->client.fd != -1)
 + #if SIZEOF_SQUID_OFF_T <= 4
 + 	    if (*sslState->size_ptr < 0x7FFF0000)
 + #endif

Noticed by:	many people ...
2005-04-18 07:09:02 +00:00
Yen-Ming Lee
4e9c0a92b4 Integrate the following vendor patches as published on
<http://www.squid-cache.org/Versions/v2/2.5/bugs/>:

- Correct several minor aufs issues (squid bug #671)
- Basic authentification fails when login+password totalled to more than
  64 characters (squid bug #1171)
- Fix an assertion that could occur when traffic other than HTTPS was
  tunneled through squid via the CONNECT method (squid bug #1269)
- Make the --disable-hostname-check configuration option actually work
  (squid bug #1270)
- Fix aufs warning about open filedescriptors when the cache was shut down
  (squid bug #671)
- Allow squid to process requests for files larger than 2GB in size
  (squid bug #437)

  Introduce a new OPTION "WITH_SQUID_LARGEFILE", default to off to match
  squid's default behaviour.
  Rebuild squid with -DWITH_SQUID_LARGEFILE or run 'make config' and
  select this new option.

- Add two new cachemgr actions: "pending_objects" and "client_objects"
- Make external acls that require authentication request new credentials
  after access had been denied (squid bug #1278)
- Make squid use "daemon" instead of "local4" as syslog facility (squid bug
  #1227)

PR:		80028
Submitted by:	Thomas-Martin Seck <tmseck@netcologne.de> (maintainer)
2005-04-18 01:05:35 +00:00
Michael Johnson
a668257234 - Chase checksum of the updated pid_t patch
PR:		ports/78897
Submitted by:	maintainer
2005-03-15 22:50:50 +00:00
Michael Johnson
386223668b - Integrate the following vendor patches as published on
<http://www.squid-cache.org/Versions/v2/2.5/bugs/>:
  + Handle odd data formats (squid bug #321)
  + reload_into_ims fails to revalidate negatively cached entries
    (squid bug #1159)
  + Clarify delay_access function (squid bug #1245)
  + Check several squid.conf directives for int overflows (squid bug #1247)
  + Use memset(3) instead of bzero(3) (squid bug #1256)
  + Fix compile warnings due to pid_t not being an int (squid bug #1257)
  + Fix incorrect use of ctype functions (squid bug #1259)
  + Defer digest fetch if the peer is not allowed to be used (squid bug #1262)
  + Extend relaxed_header_parser to work around "excess data from" errors from
    many major web servers (squid bug #1265)

- Enable IPFilter based transparent proxying on all FreeBSD versions where
  IPFilter headers are part of the base system (i.e. RELENG_4 < 4.7-RELEASE,
  RELENG_5 and 6-CURRENT). Create a new OPTION WITH_SQUID_IPFILTER for this
  purpose. Thanks to sem@ for keeping track of this issue!

PR:		ports/78780
Submitted by:	Thomas-Martin Seck <tmseck@netcologne.de> (maintainer)
2005-03-13 19:32:53 +00:00
Pav Lucistnik
b7d8eb0728 Integrate the following vendor patches as published on
- correct a race condition related to the Set-Cookie header
- correct the FTP parser with regards to the EPLF format
  (squid bug #1252)
- correct FTP listing output when the URL was requested without a trailing
  slash (squid bug #1253)
- make ACL configuration errors fatal (squid bug #1255)

PR:		ports/78446
Submitted by:	Thomas-Martin Seck <tmseck@netcologne.de> (maintainer)
2005-03-08 23:27:46 +00:00
Pav Lucistnik
d31edd36f0 - Update to 2.5.STABLE9
PR:		ports/78079
Submitted by:	Thomas-Martin Seck <tmseck@netcologne.de> (maintainer)
2005-02-26 15:56:49 +00:00
Pav Lucistnik
30a5c8b165 * Vendor patches:
- fix some cross-platform build format warnings
- allow high characters in generated FTP and Gopher directory listings
  (squid bug #1220)
  - cleanup generation of FTP URLs
  - relax the newly introduced strict HTTP parser slightly to work around some
    more malformed HTTP responses (squid bug #1242)

PR:		ports/77779
Submitted by:	Thomas-Martin Seck <tmseck@netcologne.de> (maintainer)
2005-02-20 17:45:36 +00:00
Sergey Matveychuk
d87f4f9b49 - Update to 2.5-STABLE8
- Integrate a vendor patch from:
  http://www.squid-cache.org/Versions/v2/2.5/bugs/
  it fixes a major problem regarding the handling of invalid DNS responses

PR:		ports/77423
Submitted by:	maintainer
2005-02-13 17:21:02 +00:00
Pav Lucistnik
0cd2e54538 - Update header_parsing.patch
PR:		ports/77360
Submitted by:	Thomas-Martin Seck <tmseck@netcologne.de> (maintainer)
2005-02-10 23:15:08 +00:00
Jacques Vidrine
97fe67d617 Integrate the following vendor patch as published on
<http://www.squid-cache.org/Versions/v2/2.5/bugs/>:

 - Address HTTP protocol mismatch related to oversized reply headers and
   enhance cache.log on reply header parsing failures (squid bug #1216)
 - correct the search request generated by the LDAP authentication helper
 - fix a race within the NTLM authentication mechanism (squid bug #1127)
 - fix handling of failed PUT/POST requests (squid bug #1224)
 - fix problems with persistent server connections after failed PUT/POST
   requests (squid bug #1122)
 - improve handling of forged WCCP packets (squid bug #1225)

PR:		ports/76967
Submitted by:	Thomas-Martin Seck <tmseck@netcologne.de> (maintainer)
Security:	http://vuxml.freebsd.org/bfda39de-7467-11d9-9e1e-c296ac722cb3.html
2005-02-08 15:11:56 +00:00
Sergey Matveychuk
fd5003dd66 - Fix fetching.
* The response_splitting patch has been updated
    to correct a problem with cache digests.

PR:		ports/76889
Submitted by:	maintainer
2005-02-01 14:11:22 +00:00
Sergey Matveychuk
264e6d34e2 - Integrate a vendor patch against a buffer overflow in the WCCP handling,
see <http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-wccp_buffer_overflow>
  and <http://www.squid-cache.org/Advisories/SQUID-2005_3.txt>.

PR:		ports/76827
Submitted by:	maintainer
2005-01-29 21:49:20 +00:00
Kirill Ponomarev
3d4d28a80e Sync follow-XFF with the latest vendor patch.
PR:		ports/76801
Submitted by:	maintainer
2005-01-29 10:42:13 +00:00
Sergey Matveychuk
906ad4d94f - Integrate vendor patches as published on
<http://www.squid-cache.org/Versions/v2/2.5/bugs/>:
  + Reject malformed HTTP requests and responses that conflict with the HTTP
    specifications
    This issue is qualified as a security issue by the vendor.
  + PURGE is allowed to delete internal objects (squid bug #1112)
  + Disable Path-MTU discovery on intercepted requests (squid bug #1154)

  (VuXML vid=b4d94fa0-6e38-11d9-9e1e-c296ac722cb3)

- Clean up and correct package list generation. Now installed files
  and directories are visible via PLIST_FILES and PLIST_DIRS.
- Don't claim that squid related files or directories are still present
  after deinstallation when in fact they are not.
- Add "-g" to CFLAGS when WITH_SQUID_STACKTRACES is defined to make this
  option actually useful.

PR:		ports/76628
Submitted by:	maintainer
2005-01-26 17:56:25 +00:00
Edwin Groothuis
55e802ecd8 [Maintainer/security] www/squid: protect against HTTP resonse split
attack and other patches

    Integrate vendor patches as published on
    <http://www.squid-cache.org/Versions/v2/2.5/bugs/>:

    - FTP data connection fails on some FTP servers when requesting
      a directory without a trailing slash (squid bug #1194)

    - Icons fail to load on non-anonymous FTP when using the
      short_icons_url configuration directive (squid bug #1203)

    - Strengthen squid against HTTP response splitting cache pollution
      attacks (squid bug #1200), classified as security issue by
      the vendor

    Proposed VuXML information, entry date left to be filled in:

    (Note: I added only a publically accessible link to the Sanctum,
    Inc.  whitepaper, the squid bug tracker contains a deep link
    to the PDF itself; if we are allowed to publish it, it could
    instead be used as reference because Sanctum, Inc. wants you
    to register with them before you get access to their whitepapers.)

PR:		ports/76550
Submitted by:	Thomas-Martin Seck <tmseck@netcologne.de>
2005-01-22 09:31:33 +00:00
Edwin Groothuis
7d318011dd [Maintainer/Security] www/squid: integrate vendor patches
Integrate vendor patches as published on
	<http://www.squid-cache.org/Versions/v2/2.5/bugs/>:

	- Sanity check usernames in squid_ldap_auth (squid bug #1187),
	  classified as minor security issue by the vendor, see below for VuXML
	  information
	- FQDN names truncated on compressed DNS responses (squid bug #1136)
	- Internal DNS memory leak on malformed responses (squid bug #1197)

PR:		ports/76364
Submitted by:	Thomas-Martin Seck <tmseck@netcologne.de>
2005-01-19 10:58:40 +00:00
Simon L. B. Nielsen
8b446059f5 - Integrate vendor patches as published on
<http://www.squid-cache.org/Versions/v2/2.5/bugs/> for the following
  issues:
  + Prevent a possible denial of service attack via WCCP messages (squid bug
    #1190), classified as security issue by the vendor
  + Fix a buffer overflow in the Gopher to HTML conversion routine (squid bug
    #1189), classified as security issue by the vendor
  + Fix a null pointer access and plug memory leaks in the fake_auth NTLM
    helper (squid bug #1183) (this helper app is not installed by default by
    the port)
  + Stop closing open filedescriptors beyond stdin, stdout and stderr on
    startup (squid bug #1177)

- Unbreak the port on NO_NIS systems (thanks to "Alexander <freebsd AT
  nagilum.de>" for reporting this)

- Document the two security issues in VuXML.

PR:		ports/76173
Submitted by:	Thomas-Martin Seck <tmseck@netcologne.de> (maintainer)
Approved by:	erwin (mentor)
2005-01-12 22:37:29 +00:00
Kirill Ponomarev
82fd48012e Patch was rerolled because of some bug fixes.
Approved by:	maintainer
2004-12-29 08:59:49 +00:00
Kirill Ponomarev
a0c019c5c7 Handle empty ACL definitions properly.
PR:		ports/75403
Submitted by:	maintainer
2004-12-23 12:15:30 +00:00
Sergey Matveychuk
4c0635e2e4 Integrate the following vendor patches as published on
http://www.squid-cache.org/Versions/v2/2.5/bugs/:

- a malformed hostname can cause squid to return random data as error messages,
  possibly leaking internal information from former requests (squid bug #1143).
  (This is classified as a minor security issue by the squid developers, so
  maintainer cc'ed security-team@. See VuXML entry.)
- the "httpd_accel_port 0" directive does not work on its own (squid bug #1121)
- fix crashes occuring when using cachemgr's "vm_objects" operation (squid
  bug #1149)

PR:		ports/74859
Submitted by:	maintainer
2004-12-08 23:16:53 +00:00
Kirill Ponomarev
157aa64e02 - fix shutting down of helper applications on reconfigure or
logrotation (squid bug #1118)
- properly close the client TCP connection when a malformed blank
  HTTP response was received from the server (squid bug #1116)

PR:		ports/73913
Submitted by:	maintainer
2004-11-14 09:55:40 +00:00
Sergei Kolobov
18f920d66d - Integrate the following vendor patches:
- document the LDAP helpers' -v option
  - correct the implementation of the req_header and resp_header acls
    (the original implementation submitted in squid bug #961 was faulty)
    See <http://www.squid-cache.org/Versions/v2/2.5/bugs/> for further details.
- Bump PORTREVISION

PR:		ports/73154
Submitted by:	Thomas-Martin Seck (maintainer)
2004-10-27 08:48:52 +00:00
Sergei Kolobov
0d50bf886c - Integrate a vendor patch that prevents squid from consuming 100%
CPU for half closed PUT/POST requests (squid bugs #354, 1096).
  See <http://www.squid-cache.org/Versions/v2/2.5/bugs/> for further
  details.
- Adapt the follow_xff patch to changes in some of squid's data
  structures and unbreak the WITH_SQUID_FOLLOW_XFF option.
- Bump PORTREVISION.

PR:		ports/72840
Submitted by:	Thomas-Martin Seck (maintainer)
2004-10-18 21:50:20 +00:00
Sergei Kolobov
fddce0995a - Update to 2.5-STABLE7; this release fixes a security issue regarding
the SNMP module
- Remove a patch that is now part of the distribution
- Miscellaneuous small fixes:
  + in squid.sh, make stop_command poll for the squid processes' exit in
    the rcNG case too; this eliminates the need to do this in restart_command
  + make the information regarding rcNG'ness in pkg-install easier to read
  + install unstripped binaries if WITH_SQUID_STACKTRACES is defined

PR:		ports/72581
Submitted by:	Thomas-Martin Seck (maintainer)
2004-10-13 09:43:48 +00:00
Sergei Kolobov
e580a3f878 - Unbreak fetching squid again:
The recently updated client_db_gc patch has been reissued again;
  according to squid CVS to "finetune the client db garbage collection
  interval".  Update distinfo accordingly and bump PORTREVISION.

PR:		ports/72461 [1], ports/72463 [2]
Submitted by:	Sunpoet Po-Chuan Hsieh <sunpoet@sunpoet.net> [1],
		Thomas-Martin Seck (maintainer) [2]
Approved by:	portsmgr (krion)
2004-10-11 07:43:34 +00:00
Sergei Kolobov
3d01017637 - Unbreak fetching:
The client_db_gc patch contained a wrong debugging information
  and was thus reissued by the vendor.
  Update distinfo accordingly and bump PORTREVISION.

PR:		ports/72387
Submitted by:	Thomas-Martin Seck (maintainer)
Approved by:	portsmgr (krion)
2004-10-07 08:42:16 +00:00
Sergey Matveychuk
e550e8984f Implement vendor patches for the following issues:
- try to prevent crashes of the digest helper (squid bug #1031)
- correct parsing of the acl_time directive when multiple time specifications
  are given (squid bug #1060)
- correct "cachemgr config" output for http_header_* directives
  (squid bug #1056)
- recognize the Content-Disposition header to be able to specify
  http_header_access directives using it (squid bug #961)

See <http://www.squid-cache.org/Versions/v2/2.5/bugs/> for further
information.

Reimplement the rcNG support. See UPDATING for details.

PR:		ports/71260
Submitted by:	maintainer
2004-09-02 06:44:14 +00:00
Sergey Matveychuk
e2f6b0ca88 Integrate vendor patches for the following issues:
- close a memory leak when NTLM authentication without challenge reuse
  is used (squid bug #994)
- close a temporary memory leak when NTLM challenge response reuse is
  enabled (squid bug #910)
- when performing log rotation with 'squid -k rotate' do not crash if a
  swap state file or a cache directory is unwriteable (squid bug #1053)

See <http://www.squid-cache.org/Versions/v2/2.5/bugs/> for further
information.

PR:		ports/71082
Submitted by:	maintainer
2004-08-28 20:51:36 +00:00
Kirill Ponomarev
8028c80a5a Fix grammatical and whitespace errors in squid.conf.default.
Set supplementary group membership correctly when running squid
as a non-root user and do not ignore the squid_group setting
when starting squid as root (squid bug #1021)

Enable the external_acl helper protocol to handle newlines
in the embedded data (squid bug #1038)

PR:		ports/70767
Submitted by:	maintainer
2004-08-21 12:28:56 +00:00
Sergey Matveychuk
eb5501ee79 * Integrate a vendor patch for a possible DOS against the NTLM
authentication helpers, see squid bug #1045.
* Bump PORTREVISION.

PR:		ports/70707
Submitted by:	maintainer
2004-08-20 13:54:30 +00:00
Kirill Ponomarev
3d6d174755 The ldap_helpers patch has been updated again; see squid bug
#1032 for details.

PR:		ports/70312
Submitted by:	maintainer
2004-08-11 19:18:07 +00:00