1.) Allow individual "squid*" packages to register an extra target that
is run before the common "post-install" target.
2.) Use a much simpler logic to figure out what files get installed into
"share/squid/errors" and "share/squid/icons".
Tested with the "squid27" and the "squid31" package.
It was accidently deleted by previous commit.
Also stop using PLIST.common_end here.
It should fix some bulk problem of squid27/squid30/squid31 packages.
* Now www/squid directory is common directory for squid packages.
* package options clean up and all options are described.
* LDAP helper support. (PR pkg/39386)
* DESTDIR support.
* Move some MESSAGE to documation directory.
Next, I'll import squid26, squid27 and squid30 packages.
two security fixes:
- Bug #1993: Memory leak in http_reply_access deny processing
- Bug #2122: In some situations collapsed_forwarding could leak
private information
Changes to squid-2.6.STABLE21 (27 June 2008)
- Bug #2350: Bugs in Linux kernel capabilities code
- Bug #2241: weights not applied properly in round-robin peer
selection
- Off by one error in DNS label decompression could cause valid DNS
messages to be rejected
- logformat docs contain extra whitespace
- Reject ridiculously large ASN.1 lengths
- Fix SNMP reporting of counters with a value > 0xFF80000
- Correct spelling of WCCPv2 dst_port_hash to match the source
- Plug some "squid -k reconfigure" memory leaks. Mostly SSL related.
- Bug #1993: Memory leak in http_reply_access deny processing
- Bug #2122: In some situations collapsed_forwarding could leak
private information
- Bug #2376: Round-Robin becomes unbalanced when a peer dies and comes
back
- Bug #2387: The calculation of the number of hash buckets need to
account for the memory size, not only disk size
- Bug #2393: DNS requests retried indefinitely at full speed on failed
TCP connection
- Bug #2393: DNS retransmit queue could get hold up
- Correct socket syscalls statistics in commResetFD()
It would be last 2.6 stable release.
Changes to squid-2.6.STABLE20 (25 Apr 2008)
- Bug #2263: Custom log formats fail to log file sizes >2GB properly
on 32-bit platforms
- Fix stripping NT domain in squid_ldap_group
- Bug #2278: Cache-Control: max-stale=0 forwarded wrongly as max-stale
(without delta)
- Bug #2283: Fails to parse chunked encoding using chunk extensions
- Bug #420: Deal properly with empty list HTTP header members
- Windows Server 2008 support
- Bug #1886: tcp_outgoing_address acl doesn't work with indirect
source address (follow-x-forwarded-for)
- Bug #2296: Stuck in 100% CPU when fetching an corrupt peer digest
- Add support for the resolv.conf domain directive, and also
automatically derived default domain
- minimum_icp_query_timeout directive
- Bug #2329: Range header ignored on HIT
Changes to squid-2.6.STABLE19 (19 Mar 2008)
- Fix tcp_outgoing_address example config to match its description
- Bug #2198: assertion failed sc != NULL when using peer monitor
function
- Fix missing default disk store type into QUICKSTART example.
- Bugzilla #761 : Handle recursive completion operations in diskd.
- documentation bugfix for tcp_outgoing_tos directive
- Sort cache list in wccpv2 to ensure a consistent hash allocation
across all services
- Updated Ukrainan error pages
- Compile error in squid_kerb_auth under Mac OS X 10.5.2
- squid_radius_auth failed ro process more than 256 requests
- Clarified description of 'cache_vary' directive
- Make range_offset_limit 0 disable local range processing as
documented, even if the first range starts at 0
- Revive support for system without NetBSD style rc/rc.d.
- Always pass command_args and squid_flags to squid command.
This should fix the PR pkg/38036 by Wolfgang Stukenbrock.
Bump PKGREVISION.
Changes to squid-2.6.STABLE18 (10 Jan 2008)
- Fix 2 assertion failures related to the fix for SQUID-2007:2
- GPL license cleanup to GPLv2 or later. One file in edir_digest_auth
was GPLv2 only, now replaced with a GPLv2 or later licensed vesion.
- Minor cleanups to make certain 64-bit platforms happier
- Several Digest authentication bugs fixed wich was causing random
authenitcation popups or failures.
- --with-valgrind-debug updated for valgrind-3.3.0.
- Move some common parameter to Makefile.common; squid's user, group and
data directory.
- Add LOGDIR to Makefile.common.
These changes have no functional change but make it possible for
squidGuard package to share parameters.
Changes to squid-2.6.STABLE17 (26 Nov 2007)
- Fix compile error with old GCC 2.x or other ANSI-C compilers before
C99
- Mention the login= cache_peer option in release notes
- Fix bad cache_peer example in squid.conf
- Bug #2086: Fix a compile-time memory corruption error causing cf_gen
to fail
- Bug #2048: Clarify high_memory_warning usage
- Reject DNS responses which result in no data
- Fix version number in configuration manual
- Move cache and request/reply_header_max_size to their proper
sections
- Bug #2088: sbrk statistics broken when process size >2GB
- Move logopen() much earlier to have fatal startup errors sent to the
proper syslog facility
- Fix HTTP/0.9 responses
- Correct bad example config for tos_outgoing_tos
- Fix grammar in description of mail_program squid.conf option
- Ignore Content-Length in chunked responses instead of rejecting the
response as invalid
- Documented that http_port no longer have a default
- Cleanup of cache digest documentation
- Make aufs store rebuilding back off a little if I/O load too high
- Bug #2100: Respect DNS ttl=0
- Update udp_(incoming|outgoing)_address documentation to reflect
current bahaviour.
- Update HTCP documentation
- Document the overlapping helper request format
- Change priority of proxy auth and extacl provided username in
login=*:pass
- pack header entries on cache updates
- Make squid_db_auth reopen the database connection on each query by
default
- Improve helper debug ouput, including the channel number
- Update cachePeerEntry MIB description to mention what is used as
index key
- Import squid_radius_auth for authenticating to RADIUS
Changes to squid-2.6.STABLE16 (5 Sep 2007)
- Test for sys/capability.h linux include file to avoid failing on
linux systems missing libcap
- Release private objects on cache rebuild
- Segfault in clientBuildReplyHeader when http->entry == NULL
- Bug #2072: digest_pw_auth fails when using plaintext passwords
- Bug #2073: assertion failed: client_side.c:4175: "buf != NULL ||
!conn->body.request on POST
- Adjust default pconn timeouts to avoid shutting down connection while
child sends request
- Bug #1980: cache_peer monitortimeout not working
- Bug #1882: Parent responses are not cached if sibling returns 504
- More squid.conf reordering to get the dependencies between options
sorted proper
Changes to squid-2.6.STABLE15 (31 Aug 2007)
- The select() I/O loop got broken by the /dev/poll addition
(2.6.STABLE14)
- Bug #2017: Fails to work around broken servers sending just the HTTP
headers
- Bug #2023: Compile error with old GCC 2.x or other ANSI-C compilers
before C99
- squid.conf.default updated and reorganised in more sensible groups
- correct and document the syslog access_log format
- Armenian error pages translation
- digest_ldap_helper usage help updated
- Bug #1560: ftpSendPasv: getsockname(-1,..): (9) Bad file descriptor
- Improve delay pools in low traffic environment by checking timeouts
at a steady 1 second interval even when there is not much activity
- Don't request authentication on transparently intercepted
connections
- Cleanup linux capabilities for tproxy
- Bug #2003: 'via' config directive doesn't affect response headers
- Bug #1902: Adds Numeric Hit and invalid request counters to IP Cache
- Add missing $|=1 to squid_db_auth
- Bug #2050: Persistent connection dropped if cache has no
Content-Length
- Verify the URL on memory cache hits
- Bug #2057: NTLM stop work in messengers after upgrade to 2.6.STABLE14
- Bug #1972: Squid sets peers to down state when they are in fact
working.
- potential segmentation fault in storeLocateVary()
- Bug #2066: chdir after chroot
- Windows port: Fix compiler warnings when building Squid as
application (not Windows service mode)
- Spelling correction of received
pkgsrc chagnes
o Add "coss" option which enable COSS (Cyclic Object storage system).
Noted by Chris Ross on pkgsrc-users.
Changes to squid-2.6.STABLE14 (15 Jul 2007)
- squid.conf.default cleanup to have options in their proper sections.
- documentation correction in the refresh_pattern ignore-auth option
- URI-escaping not uses the recommended upper-case hex codes
- refresh_pattern min-age 0 correted to really mean 0, and not 1 second
- Always use xisxxxx() Squid defined macros instead of ctype
functions.
- Kerberos SPNEGO/Negotiate helper for the negotiate scheme
- Database basic auth helper using Perl DBI to connect to most SQL DBs
- Solaris /dev/poll network I/O support
- configure fixes to make cross compilation somewhat easier
- Removed incorrect -a reference from http_port documentation
- Bug #1900: Double "squid -k shutdown" makes Squid restart again
- Bug #1968: Squid hangs occasionally when using DNS search paths
- Novell eDirectory digest auth helper (digest_edir_auth)
- Bug #1130: min-size option for cache_dir
- POP3 basic auth helper querying a POP3 server
- Cosmetic squid_ldap_auth fixes from Squid-3
- Bug #1085: Add no-wrap to cache manager HTML tables
- Automatically restart if number of available filedescriptors becomes
alarmingly low, preventing a situation where Squid would otherwise
permanently stop processing requests.
- Bug #2010: snmp_core.cc:828: warning: array subscript is above
array bounds
- Deal better with forwarding loops
the owner of all installed files is a non-root user. This change
affects most packages that require special users or groups by making
them use the specified unprivileged user and group instead.
(1) Add two new variables PKG_GROUPS_VARS and PKG_USERS_VARS to
unprivileged.mk. These two variables are lists of other bmake
variables that define package-specific users and groups. Packages
that have user-settable variables for users and groups, e.g. apache
and APACHE_{USER,GROUP}, courier-mta and COURIER_{USER,GROUP},
etc., should list these variables in PKG_USERS_VARS and PKG_GROUPS_VARS
so that unprivileged.mk can know to set them to ${UNPRIVILEGED_USER}
and ${UNPRIVILEGED_GROUP}.
(2) Modify packages to use PKG_GROUPS_VARS and PKG_USERS_VARS.
Changes to squid-2.6.STABLE13 (11 May 2007)
- Make sure reply headers gets sent even if there is no body available
yet, fixing RealMedia streaming over HTTP issues.
- Undo an accidental name change of storeUnregisterAbort.
- Kill an ancient malplaced storeUnregisterAbort call from ftp.c
- Bug #1814: SSL memory leak on persistent SSL connections
- Don't log ECONNREFUSED/ECONNABORTED accept failures in cache.log
- Cosmetic fix: added missing newline in WCCPv2 configuration dump.
- Ukrainan error messages
- Convert various error pages from DOS to UNIX text format
- Bug #1820: COSS assertion failure t->length == MD5_DIGEST_CHARS
- Clarify the max-conn=n cache_peer option syntax slightly
- Bug #1892: COSS segfault on shutdown
- Windows port: fix undefined ECONNABORTED
- Make refreshIsCachable handle ETag as a cache validator, not
only last-modified
- in_port_t is not portable, use unsigned short instead
- Fix fs / auth / snmp dependencies
- Portability: statfs() may reqire #include <sys/statfs.h>
Changes to squid-2.6.STABLE11 (Mar 17 2007)
- Bug #1915: assertion failed: client_side.c:4055: "buf != NULL ||
!conn->body.request"
- Handle garbage helper responses better in concurrent protocol format
- Fix kqueue when overflowing the changes queue
- Make sure the child worker process commits suicide if it could
not start up
- Don't log short responses at debug level 1
- Fix bswap16 & bwsap32 error on NetBSD
- Fix collapsed_forwarding for non-GET requests
Changes to squid-2.6.STABLE10 (Mar 4 2007)
- Upgrade HTTP/0.9 responses to our HTTP version (HTTP/1.0)
- various diskd bugfixes
- In the access.log hierarchy field log the unique peer name
instead of the host name
- unlinkdClose() should be called after (not before) storeDirSync()
- CLEAN_BUF_SZ was defined, but never used anywhere
- logging HTTP-request size
- Fix icmp pinger communication on FreeBSD and other not supporing
large dgram AF_UNIX sockets
- Release objects on swapin failure
- Bug #1787: Objects stuck in cache if origin server clock in future
- Bug #1420: 302 responses with an Expires header is always cached
- Primitive support for HTTP/1.1 chunked encoding, working around
broken servers
- Clean up relations between TCP probing and DNS checks of peers with
no known addresses.
- Fix a minor HTML coding error in ftp directory listings with // in
the path
- Bug #1875, #1420. Cleanup of refresh logics when dealing with
non-refreshable content
- Negotiate authentication fixed again. Broken since STABLE7 by the
patch for Bug #1792.
- Bug #1892: COSS tries to shut down the same directory twice on exit
- Bug #1908: store*DirRebuildFromSwapLog() ignores some SWAP_LOG_DEL
entries
- Added support for Subversion HTTP request methods MKACTIVITY,
CHECKOUT and MERGE.
Changes to squid-2.6.STABLE9 (Jan 24 2007)
- Bug #1878: If-Modified-Since broken in 2.6.STABLE8
- Bug #1877 diskd bug in storeDiskdIOCallback()
Changes to squid-2.6.STABLE8 (Jan 21 2007)
- Bug #1873: authenticateNTLMFixErrorHeader: state 4.
- Document the https_port vhost option, useful in combination with
a wildcard certificate
- Document the existence of connection pinning / forwarding of NTLM
auth and a few other features overlooked in the release notes.
- Spelling correction of the ssl cache_peer option
- Add back the optional "accel" http_port option. Makes accelerator
mode configurations easier to read.
- Bug #1872: Date parsing error causing objects to get unexpectedly
cached.
- Cleanup to have the access.log tags autogenerated from enums.h
- Bug #1783: STALE: Entry's timestamp greater than check time. Clock
going backwards?
- Don't update object timestamps on a failed revalidation.
- Fix how ftp://user@host URLs is rendered when Squid is built with
leak checking enabled
o arp-acl is now supported on NetBSD contributed by Jaromir Dolecek <jdolecek@>.
Changes to squid-2.6.STABLE7 (Jan 13 2007)
- Windows port: Fix intermittent build error using Visual Studio
- Add missing tproxy info from the dump of http port configuration
- Bug #1853: Support for ARP ACL on NetBSD
- clientNatLookup(): fix wrong function name in debug messages
- Convert ncsa_auth man page from DOS to Unix text format.
- Bug #1858: digest_ldap_auth had some remains of old hash format
- Correct the select_loops counter when using select(). Was counted twice
- Clarify the http_port vhost option a bit
- Fix cache-control: max-stale without value or bad value
- Bug #1857: Segmentation fault on certain types of ftp:// requests
- Bug #1848: external_acl crashes with an infinite loop under high load
- Bug #1792: max_user_ip not working with NTLM authentication
- Bug #1865: deny_info redirection with authentication related acls
- Small example on how to use the squid_session helper
- Bug #1863: cache_peer monitorurl, monitorsize and monitorinterval not working properly
- Clarify the transparent http_port option a bit more
- Bug #1828: squid.conf docutemtation error for proxy_auth digest
- Bug #1867: squid.pid isn't removed on shutdown
pkgsrc change: remove PATCHFILES which hasn't used recent days.
Changes to squid-2.6.STABLE6 (Dec 12 2006)
- Bug #1817: Assertion failure assert(buflen >= copy_sz) in htcp.c htcpBuildAuth()
- Add client source port logformat tag >p
- Cleanup of transparent & accelerator mode request parsing to untangle the firewall dependencies a bit
- Bug #1799: Harmless 1 byte buffer overflow on long host names in /etc/hosts
- automake no longer recommends mkinstalldirs. Removed.
- Only use crypt() if it's available, allowing ncsa_auth to be built
on platofms without crypt() support.
- Windows port documentation updates
- Bug #1818: Assertion failure assert(e->swap_dirn >= 0) in fs/coss/store_dir_coss.c storeCoss_DeleteStoreEntry
- Bug #1117: assertion failed: aufs/store_dir_aufs.c:642: "rb->flags.need_to_validate"
- Remove extra newline in redirect message sent by deny_info http://... aclname
- Bug #1805: assertion failed: StatHist.c:195: "D[i] >= 0"
- Clarify the external_acl_type helper format specification and some defaults
- Add support for the weight= parameter to round-robin peers
- Bug #1832: Error building squid-2.6.STABLE5 using --enable-truncate
- Convert snmpDebugOid to use a temporary String object instead of strcat
- Document that proxy_auth also accepts -i for case-insensitive operation
- Remove malloc/free of temporary buffer in time parsing routines.
- Reduce memory allocator pressure by not continually allocating client-side read buffers
- Accept large dates >2^31 on 64-bit platformst. Seen for example in the Google logo.
- Convert the connStateData->chr single link list to a normal dlink_list for clarity.
- Bug #1584: Unable to register with multiple WCCP2 routers
- Fix the WCCPv2 mask assignment code to not crash as the value assignments are built.
- Bug #439: Multicast ICP peering is unstable and considers most peers dead
- Bug #1801: NTLM authentication ends up in a loop if the server responds with a retriable error
- Bug #1839: Cosmetic debug message cleanup in peerHandleHtcpReply.
- Bug #1840: Disable digest and netdb queries to multicast peers
- Bug #1641: assertion failed: stmem.c:149: "size > 0" while processing certain Vary objects
- Fix build errors when using latest MinGW Windows environment
* install pinger program setuid to make ICMP work; the problem noted by
Heron Gallegos via private mail.
Key changes squid-2.6.STABLE4 to 2.6.STABLE5
* Bug #1776: 2.6.STABLE4 aufs fails to compile if coss isn't enabled
* COSS improvements and cleanups
* Bug #1785: Memory leak in handling of negatively cached objects
* Bug #1780: Incorrect Vary processing in combination with collapsed_forwarding
* Bug #1779: Delay pools fairness when multiple connections compete for bandwidth
* Bug #1796: Assertion error HttpHeader.c:914: "str"
* All comm loops now use the generic event framework
* a number of other minor and cosmetic bugfixes. See the list of squid-2.6.STABLE4 changes and the ChangeLog file for details.
Changes to squid-2.6.STABLE4 (Sep 22 2006)
- Bug #1736: Missing Italian translation of ERR_TOO_BIG error page
- Windows port enhancement: added native exception handler with signal emulation
- Fix the %un log_format tag again. Got broken in 2.6.STABLE2
- Fix Squid crash when using %a in ERR_INVALID_REQ and ERR_INVALID_URL error messages.
- Bug #212: variable %i always 0.0.0.0 in many error pages
- Bug #1708: Ports in ACL accepts characters and out of range
- Bug #1706: Squid time acl accepts invalid time range.
- Fix another harmless fake_auth compiler warning on gcc 4.1.1 x86
- Fix an harmless snmp_core.c compiler warning on gcc 4.1.1 x86
- Bug #1744: squid-2.6.STABLE3 - fakeauth_auth crashing on certain requests
- Bug #1746: Harmless off by one overrun in ncsa_auth md5 password validation
- Bug #1598: start_announce cannot be disabled
- Periodically flush cache.log to disk when "buffered_logs on" is set
- Numerous COSS improvements and fixes
- Windows port: merge of MinGW support
- Windows port: Merged Windows threads support into aufs
- Bug #1759: Windows port cachemgr.cgi attempts to write to file system root directory
- Numerous portability fixes
- Various minor statistics cleanup on 64-bit hosts with more than 4GB of memory
- Bug #1758: HEAD on ftp:// URLs always returned 200 OK.
- Bug #1760: FTP related memory leak
- Bug #1770: WCCP2 weighted assignment
- Bug #1768: Redundant DNS PTR lookups
- Bug #1696: Add support for wccpv2 mask assignment
- Bug #1774: ncsa_auth support for cramfs timestamps
- Bug #1769: near-hit and filedescriptor usage missing in SNMP MIB
- Bug #1725: cache_peer login=PASS documentation somewhat confusing
- Bug #1590: Silence those ETag loop warnings
- Bug #1740: Squid crashes on certain malformed HTTP responses
- Bug #1699: assertion failed: authenticate.c:836: "auth_user_request != NULL"
- Improve error reporting on unexpected CONNECT requests in accelerator mode
- Cosmetic change to increase cache.log detail level on invalid requests
- Bug #1229: http_port and other directives accept invalid ports
- Reject http_port specifications using both transparent and accelerator options
- Cosmetic cleanup to not dump stacktraces on configuration errors
