- Fix rc(8) preamble in the squid run script
- Use the .sh suffix only for the old style script
- Do not refer to "rcNG" in pkg-install anymore, rcNG is the default
rc style by now
- Bump PORTREVISION (to mark this change and because the package content
changes)
PR: ports/90858
Submitted by: Thomas-Martin Seck <tmseck@netcologne.de>
--enable-ntlm-fail-open was specified as an additional configuration
option (squid bug #1022).
The port does not enable this option by default; document it, while at it.
- Add SHA256 checksum for the squid tarball
- Integrate ICAP client support based upon the icap project's CVS repository,
turned off by default.
To activate it, build the port with WITH_SQUID_ICAP defined or rerun
'make config'.
- Bump PORTREVISION
PR: ports/90688
Submitted by: maintainer
- LDAP helpers do not work with TLS (-Z option)
(squid bug #1389)
- Incorrect store dir selection debug message on objects >2G
(squid bug #1343)
- Enums cannot be assumed to be signed ints
(squid bug #1343)
- Allow leaving core dumps on Linux
(squid bug #1335)
- Do not let clients bypass delay pools by faking a cache hit
(squid bug #500)
- Fix problems regarding CONNECT requests when squid is configured with
"pipeline_prefetch on"
- Fix a possible DOS condition which may be triggered by certain NTLM
authentication requests
(squid bug #1391)
- Remove patching relevant to recently removed pf from ports option
PR: ports/86179
Submitted by: Thomas-Martin Seck <tmseck@netcologne.de> (maintainer)
<http://www.squid-cache.org/Versions/v2/2.5/bugs/>:
+ double content-length often harmless (squid bug #1305)
+ update spanish error pages
+ squid internal icons were served with slightly incorrect headers
(squid bug #1275)
+ squid -k fails in combination with chroot (squid bug #1307)
+ core dump with --enable-ipf-transparent if access to NAT device is denied
(squid bug #1313)
+ http_accel_single_host incompatible with redirection (squid bug #1314)
+ squid -k reconfigure caused data corruption when a cache_dir type had been
changed (squid bug #1308)
+ SNMP getnext failed if the given OID was outside the squid MIB (squid bug
#1317)
PR: ports/82703
Submitted by: Thomas-Martin Seck <tmseck@netcologne.de> (maintainer)
- remove local patch that is now incorporated into the corresponding
vendor patch (with slightly different wording)
PR: ports/80367
Submitted by: maintainer
<http://www.squid-cache.org/Versions/v2/2.5/bugs/>:
- Correct several minor aufs issues (squid bug #671)
- Basic authentification fails when login+password totalled to more than
64 characters (squid bug #1171)
- Fix an assertion that could occur when traffic other than HTTPS was
tunneled through squid via the CONNECT method (squid bug #1269)
- Make the --disable-hostname-check configuration option actually work
(squid bug #1270)
- Fix aufs warning about open filedescriptors when the cache was shut down
(squid bug #671)
- Allow squid to process requests for files larger than 2GB in size
(squid bug #437)
Introduce a new OPTION "WITH_SQUID_LARGEFILE", default to off to match
squid's default behaviour.
Rebuild squid with -DWITH_SQUID_LARGEFILE or run 'make config' and
select this new option.
- Add two new cachemgr actions: "pending_objects" and "client_objects"
- Make external acls that require authentication request new credentials
after access had been denied (squid bug #1278)
- Make squid use "daemon" instead of "local4" as syslog facility (squid bug
#1227)
PR: 80028
Submitted by: Thomas-Martin Seck <tmseck@netcologne.de> (maintainer)
- Integrate a vendor patch from:
http://www.squid-cache.org/Versions/v2/2.5/bugs/
it fixes a major problem regarding the handling of invalid DNS responses
PR: ports/77423
Submitted by: maintainer
<http://www.squid-cache.org/Versions/v2/2.5/bugs/>:
+ Reject malformed HTTP requests and responses that conflict with the HTTP
specifications
This issue is qualified as a security issue by the vendor.
+ PURGE is allowed to delete internal objects (squid bug #1112)
+ Disable Path-MTU discovery on intercepted requests (squid bug #1154)
(VuXML vid=b4d94fa0-6e38-11d9-9e1e-c296ac722cb3)
- Clean up and correct package list generation. Now installed files
and directories are visible via PLIST_FILES and PLIST_DIRS.
- Don't claim that squid related files or directories are still present
after deinstallation when in fact they are not.
- Add "-g" to CFLAGS when WITH_SQUID_STACKTRACES is defined to make this
option actually useful.
PR: ports/76628
Submitted by: maintainer
CPU for half closed PUT/POST requests (squid bugs #354, 1096).
See <http://www.squid-cache.org/Versions/v2/2.5/bugs/> for further
details.
- Adapt the follow_xff patch to changes in some of squid's data
structures and unbreak the WITH_SQUID_FOLLOW_XFF option.
- Bump PORTREVISION.
PR: ports/72840
Submitted by: Thomas-Martin Seck (maintainer)
the SNMP module
- Remove a patch that is now part of the distribution
- Miscellaneuous small fixes:
+ in squid.sh, make stop_command poll for the squid processes' exit in
the rcNG case too; this eliminates the need to do this in restart_command
+ make the information regarding rcNG'ness in pkg-install easier to read
+ install unstripped binaries if WITH_SQUID_STACKTRACES is defined
PR: ports/72581
Submitted by: Thomas-Martin Seck (maintainer)
- try to prevent crashes of the digest helper (squid bug #1031)
- correct parsing of the acl_time directive when multiple time specifications
are given (squid bug #1060)
- correct "cachemgr config" output for http_header_* directives
(squid bug #1056)
- recognize the Content-Disposition header to be able to specify
http_header_access directives using it (squid bug #961)
See <http://www.squid-cache.org/Versions/v2/2.5/bugs/> for further
information.
Reimplement the rcNG support. See UPDATING for details.
PR: ports/71260
Submitted by: maintainer
Set supplementary group membership correctly when running squid
as a non-root user and do not ignore the squid_group setting
when starting squid as root (squid bug #1021)
Enable the external_acl helper protocol to handle newlines
in the embedded data (squid bug #1038)
PR: ports/70767
Submitted by: maintainer
- Fix dynamic plist generation to not include files that happen to be
in target directories. This prevents their removal on deinstallation
or upgrade.
PR: ports/69552, ports/69266
Submitted by: Thomas-Martin Seck <tmseck@netcologne.de> (maintainer)
follow-xff-patchset (thanks to Michael Ranner for spotting the
problem and testing the fix). While at it, wordsmith the
comments in the patch.
Use the official patch for the NTLM auth helper vulnerability,
see <http://www.squid-cache.org/Versions/v2/2.5/bugs/> for
details.
Build install the SMB basic authentication helpers by default
PR: ports/68448
Submitted by: maintainer
to <http://www.squid-cache.org/bugs/show_bug.cgi?id=998>
Apply some cleanups:
+ prefer PATCHDIR over FILEDIR when referring patches
+ remove unnecessary quotes
+ move all substitution tasks to the post-patch target
+ use "${FALSE}" instead of "exit 1" to generate error 1 from a shell
Bump PORTREVISION
PR: ports/68078
Submitted by: maintainer
ports/67724, submitted by Michal F. Hanula)
- Change ": foo=${foo:=bar}" into "foo=${foo:-bar}" to make the
shell scripts easier to read and understand
- Correct credits for the recently published NTLM auth
vulnerability and fix a nearby braino, too
- Bump PORTREVISION
PR: ports/67797
Submitted by: maintainer
<http://www.squid-cache.org/Versions/v2/2.5/bugs/> for details
- Correct OpenSSL support and, while at it, clean up CFLAGS and
LDFLAGS handling (thanks to dinoex for lots of helpful advice!).
- better be safe than sorry and pass PTHREAD_CFLAGS through in
case we are compiling with threads
- try to remove the errorpages directory silently since user
defined directories might legitimately be present
- clean up shell scripting:
+ do not use too many variables
+ use /bin/sh's features instead of external commands
PR: ports/65356
Submitted by: maintainer
- provide more OPTIONS, including (untested) support for pf(4)
- integrate the follow-XFF-patch from devel.squid-cache.org (submitted by
Michael Ranner), this should improve interaction with dansguardian
- use id 100 for the squid pseudo user instead of choosing the first free
id greater than 3127, a behaviour introduced with PORTVERSION 2.5.4_6.
Provide a 'changeuser' target to make migration from a high id to id 100
possible (requested by Kris Kennaway)
- don't let the port CONFLICT with itself (criticized by Oliver Eikemeier)
- provide rcNG support in squid.sh only on systems with /etc/rc.subr
PR: ports/64061
Submitted by: Thomas-Martin Seck (maintainer)
http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE4-ftp_telnet
for details
- integrate a patch by Glen Gibb to enable ARP based ACLs and make this an
OPTION; see also http://www.squid-cache.org/bugs/show_bug.cgi?id=909
for his original bug report
- integrate additional vendor patches
- make --enable-underscores an OPTION
- set a tighter ACL on libexec/pinger
- use $SQUID_USER and $SQUID_GROUP in pkg-install
- wordsmith comments
- bump PORTREVISION
PR: ports/62442
Submitted by: maintainer
- Fix checksum for updated errorpages patch
PR: ports/62923
Submitted by: Michal Pasternak <dotz@irc.pl>
Approved by: maintainer
http://www.squid-cache.org/Versions/v2/2.5/bugs/ for details
- cleanup dynamic plist generation:
sort files, replace needlessly complex ex-scripting with a ${REINPLACE_CMD}
one-liner
- integrate a patch to make the SMB-NTLM helper compile on 5.x and hook this
helper up to the build (thanks to Stefano Tagliaferri for reporting the bug
and testing the patch)
- bump PORTREVISION
PR: 61543
Submitted by: maintainer
of SQUID_{UID,GID} which other squid-related ports already implemented.
The user/group will be created on the fly if they do not already exist.
- introduce WITH_SQUID_LDAP_AUTH to pull in the necessary bits to compile and
use the ldap_auth helper
- install some more authentication helper applications by default
- install helper applications to ${PREFIX}/libexec/squid instead of
${PREFIX}/libexec, add notes about it in pkg-install and pkg-descr
- cleanup the pre-installation tasks and move them from Makefile and pkg-plist
into the pkg-install script; make 'make install' and 'pkg_add' actually do
the same thing
- introduce a pkg-deinstall script
- make squid.sh rcNG compatible (when either /etc/rc_subr or
${PREFIX}/etc/rc_subr is present, the first one will be used, otherwise the
script will work as a "rc classic" script so no additional dependency on
the rc_subr port should be needed)
- some Makefile cleanups:
+ the squid installation procedure now correctly strips binaries, so there
is no need to do this manually anymore
+ generate those parts of pkg-plist dynamically that may be affected by user
set tunables (currently the localized error pages and helper applications)
+ document the available configuration options in a slightly different style
+ remove some obsolete variable declarations and comments
+ honor NOPORTDOCS
- add CONFLICTS
- add another vendor patch, see
http://www.squid-cache.org/bugs/show_bug.cgi?id=890 for a thorough
explanation of what has been fixed.
- since we can no longer take the presence of Lithuanian error pages for
granted, wrap the workaround for the errorpages.patch with '.if exists()'
- bump PORTREVISION
PR: 61315
Submitted by: maintainer
This now means that 'stop' as an argument works correctly, and doesn't
end up having squid restarted.
I've added some sleep code to wait for squid to complete its shutdown,
but I have commented it out for the time being as I don't know whether
its good practice to have your machine sleep during shutdown.
I'll research it some more. :)
options `start' and `stop' now (unless I have forgotten any). This allows
us to call the scripts from /etc/rc.shutdown with the correct option.
The (42 or so) ports that already DTRT before are unchanged.
Note: the b14 -> b15 change will loose your cache unless you take
the steps on http://squid.nlanr.net/ to recover it.
Read the Changelog for details, this is a fairly large update.
