New features include:
- SQL Database logging helper
- Time-Quota session helper
- Custom HTTP request headers
- SSL-Bump Server First
- Server Certificate Mimic
While there, add notes to README-main about increasing the number of
file descriptors via login.conf.
#ifdef'd headers to be used and dpb was junking it thus breaking the build;
fix by improving detection for backtrace_symbol_fd / libexecinfo and
explicitly using it.
no_ldap' block
- squid optionally uses atomic ops if available, however in the code
it requires 4 byte operations, whereas configure only tests for int.
change configure test which may give hppa a chance to build; breakage
reported by landry
This is merged from work by myself and Matthias Pitzl @ genua, thanks to
Rodolfo Gouveia for testing with NTLM.
Flavours have been removed:
- the external helper programs for NTLM/LDAP are now in subpackages:
squid-ldap and squid-ntlm.
- SNMP support is built by default in Squid 3.x so this has moved
to the main package (no external dependencies for this).
is the maximum time rc.subr waits for a daemon, so usually it would end up
being forcefully killed (i.e. unclean shutdown -> cache must be rescanned
at next startup). suggested by aja@, diff from Brad.
- adjust PLIST to prevent warnings with pkg_delete -c, from aja@ ok Brad.
trouble for autoconf 2.62+; remove this workaround which now causes
the build to fail. No bump as the package doesn't change from the
version which last built successfully.
Build failure noticed by naddy@. 'make it so' jasper@, Brad ok.
Alex Masterov has reported a vulnerability in Squid,
which potentially can be exploited by malicious people
to cause a DoS.
The vulnerability is caused due to an unspecified error
in the "sslConnectTimeout()" function after handling
malformed requests. This may be exploited to crash Squid.
CAN-2005-2796
- Malicious users may spoof DNS lookups if the DNS client UDP port (random,
assigned by OS at startup) is unfiltered and your network is not protected
from IP spoofing.
- CVE-1999-0710, adds access controls to the cachemgr.cgi script, preventing
it from being abused to reach other servers than allowed in a local
configuration file.
A parsing error exists in the SNMP module of Squid where a
specially-crafted UDP packet can potentially cause the server to
restart, closing all current connections.
