cpet/openbsd-ports
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
115,607 Commits 1 Branch 0 Tags
Commit Graph

290 Commits

Author SHA1 Message Date
sthen
bc924e53fc update to squid-3.5.22 2016-10-11 13:47:44 +00:00
sthen
b8e4361f30 update to squid-3.5.21 2016-09-13 19:27:11 +00:00
sthen
cad1945c38 update to squid-3.5.20, various fixes including some asserts 2016-07-04 12:13:40 +00:00
sthen
d7bb82ebb8 Switch squid to ports gcc, it's already used on powerpc, fixes some problems 
on arm (found by Steven Chamberlain), so it seems like it may be a safer
approach (and the next major version requires newer c++ anyway).  Based on
a diff from Steven Chamberlain.
 2016-06-11 18:10:00 +00:00
sthen
5448cb79e8 fix no_ldap builds 2016-05-12 16:15:58 +00:00
sthen
2012b0ace2 update to squid-3.5.19 (compared to 3.5.18, fixes a problem with interception 
proxies)
 2016-05-09 13:52:45 +00:00
sthen
df3b722c65 update to squid-3.5.18 2016-05-07 14:06:41 +00:00
sthen
38a830c8b0 add upstream patches to Squid (there should be an upstream release 
soon, but the patches make sense for now) -

1) Cache Poisoning issue in HTTP Request handling
http://www.squid-cache.org/Advisories/SQUID-2016_7.txt

2) Header Smuggling issue in HTTP Request processing
http://www.squid-cache.org/Advisories/SQUID-2016_8.txt

3) Multiple Denial of Service issues in ESI Response processing.
http://www.squid-cache.org/Advisories/SQUID-2016_9.txt
 2016-05-06 19:44:11 +00:00
sthen
685c415639 update to squid-3.5.17, fixing some buffer overflows and possible 
disclosure of stack contents. when available, reports will be at
http://www.squid-cache.org/Advisories/SQUID-2016_5.txt
http://www.squid-cache.org/Advisories/SQUID-2016_6.txt
 2016-04-20 16:36:50 +00:00
sthen
b8de09f036 update to squid-3.5.16, various fixes including a buffer overflow in pinger 
with icmp6.
 2016-04-02 10:44:18 +00:00
naddy
ce859edcb4 garbage collect CONFIGURE_SHARED 2016-03-11 20:28:21 +00:00
sthen
f8011b5675 update to squid 3.5.15, dos fix 2016-02-25 00:47:20 +00:00
sthen
370a9fb9c0 Security update to squid-3.5.14, ok jasper@ rpointel@ 
http://www.squid-cache.org/Advisories/SQUID-2016_1.txt

"Due to incorrectly handling server errors Squid is vulnerable to a
denial of service attack when connecting to TLS or SSL servers."
 2016-02-16 13:21:07 +00:00
sthen
eeede057c8 update to squid-3.5.13, a couple of fixes, mostly TLS-intercept-related 2016-01-10 20:09:58 +00:00
sthen
aa7f6d8dac update to squid-3.5.12 2015-11-30 10:26:16 +00:00
sthen
2a41ed34cd fix autoconf check which used SSLv3_method; results in assert failure in 
some ssl interception modes
 2015-11-04 15:39:55 +00:00
sthen
c9e2ff2014 update to squid-3.5.11 2015-11-02 17:21:55 +00:00
sthen
f712f64382 update to squid-3.5.10 2015-10-09 00:28:56 +00:00
sthen
83f88baaa6 bump REVISION to ensure the pkg version number in -current is above 
-stable, especially now that dirs have been reorganised.
 2015-09-30 08:56:27 +00:00
sthen
0f44ba58ad Update to squid-3.5.9, fixes problems with TLS/SSL parsing in configurations 
using SSL-Bump.

- int overflow with extension parsing: char << 8 into a short
http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-13915.patch

- {Client,Server}Hello parsing; when checking for TLS extensions, don't
check for bytes following compression_method in the _whole_ message, only
in the *Hello part ("does not account for the fact that the message may
contain more than just ServerHello").
http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-13915.patch
 2015-09-18 11:17:04 +00:00
sthen
f5d8cc22e3 drop accidentally-added .orig patch file. ports ignore these anyway so no bump. 2015-09-10 13:02:40 +00:00
sthen
6c2a6e4b95 Currently Squid 3.5 is considered stable. Rather than moving snapshot/* 
to stable/*, just drop back to a single version of squid in ports.
 2015-09-10 13:00:10 +00:00
sthen
cda9ae88c4 update to squid-3.5.8 and reenable -ntlm subpackage while there. 
(I have no way to test ntlmauth but it builds ok, reports welcome).
 2015-09-04 21:39:31 +00:00
sthen
1ae5691acb update to squid-3.5.8 and reenable -ntlm subpackage while there. 
(I have no way to test ntlmauth but it builds ok, reports welcome).
 2015-09-04 21:38:46 +00:00
sthen
8fb57d1a40 fix squid-3.5 build with OPENSSL_NO_SSL3, with help from jsing and 
the src/ssl/support.cc part is borrwed from jca's diff to squid-3.4
 2015-08-28 21:43:50 +00:00
jca
7056367d18 Additional fixes for SSLv3 removal. ok sthen@ (maintainer) 2015-08-28 11:45:39 +00:00
ajacoutot
b6c53696b5 /var/run content is already removed by /etc/rc, so no need to handle that in 
the package. If a /var/run/foo directory must exist for proper start of a
software, then the rc.d script should take care of it.
 2015-08-25 07:30:29 +00:00
sthen
19d3101693 add a secondary MASTER_SITES 2015-08-24 10:44:26 +00:00
sthen
1cb2abdb65 update to squid-3.5.7 2015-08-11 21:54:55 +00:00
sthen
0cf34d4698 SECURITY update to squid-3.4.14 
- Do not blindly forward cache peer CONNECT responses (CVE-2015-5400)
 2015-08-11 20:47:47 +00:00
sthen
682738c92b guard SSLv3_client_method with OPENSSL_NO_SSL3 2015-07-18 21:00:13 +00:00
sthen
809418b1bc update to squid 3.5.6 2015-07-06 13:43:06 +00:00
sthen
655c23489d update to squid-3.5.5 2015-06-11 14:57:30 +00:00
sthen
73094487fc don't pick up openpam if installed; dpb junking problem reported by aja. 
no bump needed, it is used to decide whether or not to build a helper app
that isn't packaged anyway.
 2015-06-06 23:08:22 +00:00
pascal
f0585aa4cf gcc4 bumps, reminded by aja@ 2015-05-28 10:17:22 +00:00
sthen
5507f6ccfa update to squid-3.5.4, fixing a certificate validation bypass issue 
in SSL-Bump configurations using "client-first" or "bump" modes.
This does not affect configurations that don't use SSL-Bump (this is
not something you are likely to have enabled by accident as it needs
fairly significant configuration).

http://www.squid-cache.org/Advisories/SQUID-2015_1.txt
 2015-05-04 11:04:24 +00:00
sthen
a2f2fe367e update to squid-3.4.13, fixing a certificate validation bypass issue 
in SSL-Bump configurations using "client-first" or "bump" modes.
This does not affect configurations that don't use SSL-Bump (this is
not something you are likely to have enabled by accident as it needs
fairly significant configuration).

http://www.squid-cache.org/Advisories/SQUID-2015_1.txt
 2015-05-04 11:04:08 +00:00
sthen
bae64ff4c6 update to squid-3.5.3, upstream have rolled in patches to build with libressl 2015-04-03 19:23:27 +00:00
sthen
fdff74eaaf add portroach limit 2015-03-16 09:16:17 +00:00
sthen
ffa0530eb6 update to squid-3.5.2 2015-03-14 21:07:04 +00:00
sthen
a0c780fe5c bugfix update to squid-3.4.12, including several crashes with debugging, 
and fix silent SSL/TLS failure on "split-stack" OS (i.e. using different
sockets for v4/v6, like us)
 2015-02-19 14:30:29 +00:00
sthen
647b551c25 update squid 3.5 branch to 3.5.1 and re-enable now that the horrible 
*_cipher_by_char API has been added back to libssl.
 2015-02-06 16:30:17 +00:00
sthen
244819fe9a update to squid 3.4.11 2015-01-19 08:35:43 +00:00
sthen
a3de8ff79f update squid/snapshot to 3.5.0.4 and mark BROKEN for now 2015-01-06 22:51:54 +00:00
sthen
b718a009bb disable squid/snapshot for now, the present version is stale, there are newer 
versions but they require some libressl compat work first
 2015-01-06 22:50:35 +00:00
sthen
868b4bdcb7 update to squid 3.4.10 and enable ssl-crtd 
Fixes a segmentation fault in ACLUrlPathStrategy::match which would
occur when urlpath_regex ACL was used in access controls to test
transactions where no URL path is available. eg CONNECT or OPTIONS
requests, some WebDAV requests, etc.
 2014-12-12 22:17:33 +00:00
sthen
192dd39297 Reduce warning spam during build now that we have le*toh. From sven falempin. 2014-12-09 21:44:29 +00:00
ajacoutot
d6aa8845b4 Bump daemon_timeout from 31 to 35. Default squid shutdown timeout is 30s, 
but we may be a bit slow, so give us some room.

ok sthen@ (maintainer)
 2014-11-17 14:02:19 +00:00
sthen
a5edcc6e38 update to squid 3.4.9 2014-11-07 01:00:01 +00:00
sthen
1a0439b56b update to squid-3.4.8, fix off by one in SNMP subsystem 
3.4.8 also fixes an issue with the standalone pinger process as described
in http://www.openwall.com/lists/oss-security/2014/09/16/6, but we don't have
that enabled in the port at present.
 2014-09-16 15:29:30 +00:00