Commit Graph

34 Commits

Author SHA1 Message Date
brad
c813d99c13 upgrade to 2.5.STABLE12
- [Major] Error introduced in 2.5.STABLE11 causing truncated responses
  when using delay pools (Bug #1405)
2005-10-29 23:26:38 +00:00
brad
f01c664640 upgrade to 2.5.STABLE11
Alex Masterov has reported a vulnerability in Squid,
which potentially can be exploited by malicious people
to cause a DoS.

The vulnerability is caused due to an unspecified error
in the "sslConnectTimeout()" function after handling
malformed requests. This may be exploited to crash Squid.

CAN-2005-2796
2005-09-25 17:03:32 +00:00
brad
5359105907 upgrade to 2.5.STABLE10
- Malicious users may spoof DNS lookups if the DNS client UDP port (random,
  assigned by OS at startup) is unfiltered and your network is not protected
  from IP spoofing.
- CVE-1999-0710, adds access controls to the cachemgr.cgi script, preventing
  it from being abused to reach other servers than allowed in a local
  configuration file.
2005-05-25 02:27:13 +00:00
brad
abdb1f835e upgrade to Squid 2.5.STABLE9 2005-02-25 16:37:25 +00:00
brad
8e2e7b5074 upgrade to Squid 2.5.STABLE8 + patches
Fixes 2 major issues over STABLE7 + the previous round of patches..

- Data corruption when HTTP reply headers is split in several packets
- Assertion failure on certain odd DNS responses
2005-02-17 03:32:24 +00:00
brad
a754b815eb fix for ldap_search 2005-02-05 21:36:30 +00:00
brad
29a54c815a SECURITY:
add most of the latest distribution patches which include 4 security
fixes.

-Correct handling of oversized reply headers
-Buffer overflow in WCCP recvfrom() call
-Strengthen Squid from HTTP response splitting cache pollution attack
-Reject malformed HTTP requests and responses that conflict with the HTTP specifications
2005-02-04 04:27:38 +00:00
brad
6c1b677ada Fix 2 security issues...
A bug exists in the code that parses responses from Gopher servers.
The bug results in a buffer overflow if a Gopher server returns a
line longer than 4096 bytes.  The overflow results in memory
corruption and usually crashes Squid.

CAN-2005-0094

A bug exists in the code that parses WCCP messages.  An attacker
that sends a malformed WCCP messages, with a spoofed source address
matching Squid's "home router" can crash Squid.

CAN-2005-0095
2005-01-26 05:08:11 +00:00
naddy
ae76d3ea1f SIZE 2005-01-05 17:21:50 +00:00
brad
3935b2a8bb upgrade to Squid 2.5.STABLE7
A parsing error exists in the SNMP module of Squid where a
specially-crafted UDP packet can potentially cause the server to
restart, closing all current connections.
2004-10-20 21:44:20 +00:00
brad
333f7e2260 upgrade to Squid 2.5.STABLE6 2004-07-11 17:00:47 +00:00
brad
86d502ddb4 - add 2 more distribution patches
- add snmp FLAVOR from Joel CARNAT <joel at carnat dot net>
- add some auth types and auth/acl helpers
- add NTLM auth SMB patch even though the default port does NOT compile this support in
2004-06-11 08:00:35 +00:00
brad
8134d5f3d6 one of the distrib patches was updated 2004-06-07 04:15:22 +00:00
brad
be1ae753c5 more distribution patches 2004-06-02 21:39:59 +00:00
brad
5c7d163fec Add 2 more distribution patches. One of them fixes an issue if using
Digest authentication. Users can crash Squid with a segmentation fault
simply by entering a blank user name.
2004-04-21 11:11:19 +00:00
brad
145a5e937b - add some distribution patches. From: Robert Nagy <thuglife at bsd dot hu>
- only apply optimization workaround for gcc if using 2.95
2004-04-13 00:40:47 +00:00
brad
b765b0c3ec upgrade to Squid 2.5.STABLE5 2004-03-03 01:20:42 +00:00
brad
b1f0d46719 add 29 of the latest distribution patches. 2004-02-16 10:21:20 +00:00
brad
4e2e7789ec upgrade to Squid 2.5.STABLE4 2003-10-17 18:03:54 +00:00
brad
bdba8d4dc9 apply another distribution patch, the squid-2.5.STABLE3-mem_cfd.patch patch
broke the forwarded_for directive.
2003-08-22 21:12:18 +00:00
brad
d8d89da2a5 add some more distribution patches.
--
Thanks to mpech@ for some testing
2003-08-18 17:13:40 +00:00
brad
459cc69576 apply a number of distribution patches. 2003-07-23 01:47:20 +00:00
brad
b2f602749a upgrade to Squid 2.5.STABLE3
throw in the SSL gatewaying support, this is not enabled by default.
2003-07-07 17:44:43 +00:00
brad
5cd00e6c5d upgrade to Squid 2.5.STABLE2 2003-05-13 20:12:02 +00:00
brad
b0766fdf67 upgrade to Squid 2.5.STABLE1 2002-10-04 13:52:48 +00:00
brad
0ab206aa68 upgrade to Squid 2.5.PRE13 2002-09-20 01:27:10 +00:00
brad
d4b58e4aa8 upgrade to Squid 2.5.PRE11 2002-08-23 14:10:20 +00:00
brad
1b1ddd6bfa upgrade to Squid 2.5.PRE10
- The squid binary has been moved from bin/ to sbin/
- The cachemgr CGI is statically linked now
2002-07-24 18:14:08 +00:00
brad
01aba3a6ba upgrade to Squid 2.5.PRE8 2002-06-30 18:29:22 +00:00
brad
9657c1e001 upgrade to Squid 2.5.PRE7 2002-05-02 02:37:04 +00:00
brad
130f964688 upgrade to Squid 2.5.PRE6
- PF patches integrated
2002-04-17 18:03:21 +00:00
brad
39748ff848 upgrade to Squid 2.5.PRE5 2002-03-21 21:17:54 +00:00
brad
ad5edec476 checksums changed for 2.5.PRE4, minor fix. 2002-02-21 16:53:07 +00:00
brad
53133d4b10 upgrade to Squid 2.5.PRE4
- The port now runs as uid/gid of nobody:nobody instead of www:www
- This needs some testing, especially the transparent proxy support for PF
2002-02-20 01:17:03 +00:00