This is merged from work by myself and Matthias Pitzl @ genua, thanks to
Rodolfo Gouveia for testing with NTLM.
Flavours have been removed:
- the external helper programs for NTLM/LDAP are now in subpackages:
squid-ldap and squid-ntlm.
- SNMP support is built by default in Squid 3.x so this has moved
to the main package (no external dependencies for this).
If the proxy server is running on the same subnet as the clients, the
return traffic from the proxy will go directly back to them without
ever hitting the firewall, which means the states will never get updated
and may fill-up your pflog(4) with blocked attempts. To circumvent this
the "no state" option needs to be specified for the route-to rule.
ok Brad, intput/ok sthen@ (maintainer)
is the maximum time rc.subr waits for a daemon, so usually it would end up
being forcefully killed (i.e. unclean shutdown -> cache must be rescanned
at next startup). suggested by aja@, diff from Brad.
- adjust PLIST to prevent warnings with pkg_delete -c, from aja@ ok Brad.
Alex Masterov has reported a vulnerability in Squid,
which potentially can be exploited by malicious people
to cause a DoS.
The vulnerability is caused due to an unspecified error
in the "sslConnectTimeout()" function after handling
malformed requests. This may be exploited to crash Squid.
CAN-2005-2796
- Malicious users may spoof DNS lookups if the DNS client UDP port (random,
assigned by OS at startup) is unfiltered and your network is not protected
from IP spoofing.
- CVE-1999-0710, adds access controls to the cachemgr.cgi script, preventing
it from being abused to reach other servers than allowed in a local
configuration file.
Fixes 2 major issues over STABLE7 + the previous round of patches..
- Data corruption when HTTP reply headers is split in several packets
- Assertion failure on certain odd DNS responses
- add snmp FLAVOR from Joel CARNAT <joel at carnat dot net>
- add some auth types and auth/acl helpers
- add NTLM auth SMB patch even though the default port does NOT compile this support in
