SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for squid3-3.1.23-15.1.i586.rpm :
Sun Jan 13 13:00:00 2013 chrisAATTcomputersalat.de
- Changes to squid-3.1.23 (09 Jan 2013):
fix for bnc#794954, CVE-2012-5643, SQUID:2012-1
- Additional fixes for CVE-2012-5643 / SQUID:2012-1

* http://www.squid-cache.org/Advisories/SQUID-2012_1.txt

* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5643
- removed patches

* 3.1-10236, 3.1.10-swapdir, 3.1.4-config

* 3.1.11-bnc727492-CVE-2011-4096_invalid_free_CNAME.diff

* 3.1.12-bnc715171-CVE-2011-3205.patch
- add patches

* FSF, config, nobuilddates, swapdir
- add squid_cache_swap.sh, squid.service
- renamed rc.squid to squid.init

Wed Dec 21 13:00:00 2011 drahtAATTsuse.de
- Do not leave files named /1 behind from %post. [bnc#737905]
- squid-3.1.11-bnc727492-CVE-2011-4096_invalid_free_CNAME.diff
fixes invalid free() when caching DNS entries. CVE-2011-4096
[bnc#727492]

Wed Aug 31 14:00:00 2011 drahtAATTsuse.de
- squid-3.1.12-bnc715171-CVE-2011-3205.patch fixes CVE-2011-3205,
a regression of CVE-2005-0094: error in parsing responses from
gopher servers, resulting in a buffer overflow that crashes
squid. [bnc#715171]

Mon May 16 14:00:00 2011 chrisAATTcomputersalat.de
- fix bnc#694120 - NONE/400 (null) under heavy load
o http://bugs.squid-cache.org/show_bug.cgi?id=2976
[#2976]: invalid URL on intercepted requests during reconfigure
add squid-3.1-10236.patch

Sun Feb 13 13:00:00 2011 chrisAATTcomputersalat.de
- update to 3.1.11
- Bug 3149: not caching eCAP adapted body
- Bug 3144: redirector program blocks while reading STDIN
- Bug 3140: memory leak in error page generation
- Bug 3137: RADIUS auth helper does not send identifier to RADIUS server
- Bug 3115: logging segfaults if access_log is set to a directory
- Bug 2968: Show the Vary: headers information in cachemgr objects report
- Bug 2959: remove SAMBAPREFIX dependency
- Bug 2868: icc doesn\'t like string literal in assert checks
- HTTP/1.1: Send 307 status on deny_info redirection
- HTTP/1.1: Support POST/PUT with no body
- HTTP/1.1: Allow persistent connections for Mozilla/3.0 User-Agents
- Support RFC 5861 Cache-Control: stale-if-error option
- Add ftp_eprt directive to disable EPRT extensions in FTP
- Fix external_acl_type grace=0 to obey TTL
- Fix IP/FQDN cache accounting to avoid idle caches on busy servers
- Prevent pipeline_prefetch misconfigurations breaking NTLM/Negotiate auth
- ... and some documentation updates and corrections
- ... and some portability and stability fixes

Tue Jan 4 13:00:00 2011 chrisAATTcomputersalat.de
- update to 3.1.10
- Bug 3121: memory leak in DigestAuth: AuthUser object is locked twice
- Bug 3113: Consuming too much memory when uploading files
- Bug 3110: \'reply_body_max_size none\' does not work with x-forwarded-for
- Bug 3096: Consuming too much memory when delaying traffic
- Bug 3091: Bypassed ICAP errors are not counted as service failures
- Bug 3090: Polish FTP login error handing
- Bug 3068: cache_dir capacity and usage overflows
- Bug 3028: Permit wbinfo_group.pl to authenticate Kerberos users with NT domain
- Bug 427: HTTP Compliance: Support If-Match and If-None-Match requests
- Fix memory leak in adaptation_access
- Fix /dev/poll and poll() selection priority
- Fix PREFIX/var/run creation during install
- Fix cachemgr http_port config report display
- Add upgrade help process for obsolete options
- Accept RFC 2965 Set-Cookie2 / Cookie2 headers as \'known\'
- HTTP/1.1: entry is stale if request has max-age=0
- HTTP/1.1: do not forward TRACE with Max-Forwards: 0 after REQMOD
- Toolchain update to support newer auto-tools
- ... and updated error page translations
- ... and updated documentation
- ... and some code optimization/simplification polish
- reworked swapdir patch

Fri Oct 29 14:00:00 2010 chrisAATTcomputersalat.de
- update to 3.1.9
- Bug 3088: dnsserver is segfaulting
- Bug 3084: IPv6 without Host: header in request causes connection to hang
- Bug 3082: Typo in error message
- Bug 3073: tunnelStateFree memory leak of host member
- Bug 3058: errorSend and ICY leak MemBuf object
- Bug 3057: 64-bit Solaris 9 Squid unable to determine peer IP and port
- Bug 3056: comm.cc \"!fd_table[fd].closing()\" assertion crash when a helper dies
- Bug 3053: cache version 1 LFS support detection broken
- Bug 3051: integer display overflow
- Bug 3040: Lower-case domain entries from hosts and resolv.conf files
- Bug 3036: adaptation_access acls cannot see myportname
- Bug 3023: url_rewrite_program silently fails to rewrite on broken URLs
- Bug 2964: Prevent memory leaks when ICAP transactions fail
- Bug 2808: getRoundRobinParent not handling weights correctly
- Bug 2793: memory statistics sometimes display wrong
- Bug 2356: Port from 2.7: Solaris /dev/poll event ports support
- Bug 2311: crashes with ICAP RESPMOD for HTTP body size greater than 100kb
- Ensure /var/cache or jail equivalent exists on install
- HTTP/1.1: delete Warnings that have warning-date different from Date
- HTTP/1.1: do not remove ETag header from partial responses
- HTTP/1.1: make date parser stricter to better handle malformed Expires
- HTTP/1.1: improve age calculation
- HTTP/1.1: reply with a 504 error if required validation fails
- HTTP/1.1: add appropriate Warnings if serving a stale hit
- HTTP/1.1: support requests with Cache-Control: min-fresh
- HTTP/1.1: do not cache replies to requests with Cache-Control: no-store
- squidclient: Display IP(s) connected to in verbose (-v) display
- Fixes several issues with ICAP persistent connections
- Fixes small leaks in Netdb, DNS, ICAP, ICY, HTTPS
- ... and some cosmetic polishing
- removed obsolete patches
o squid-beta-3.0-ia64 (upstream)
o squid-beta-3.0-mem_node_64bit (not needed, Amos)
o squid-3.1.4-openldap (not needed, Amos)
- reworked swapdir patch
o send upstream

Sun Sep 5 14:00:00 2010 chrisAATTcomputersalat.de
- update to 3.1.8
- Bug 3033: incorrect information regarding TOS
- Bug 3020: Segmentation fault: nameservers[vc->ns].vc = NULL
- Bug 3005,2972: Locate LTDL headers correctly (again)
- Bug 2872: leaking file descriptors
- Bug 2583: pure virtual method called
- Hardened DNS client against packet queue attacks
- Hardened HTTP request-line parser
- Several HTTP/1.1 support improvements
- Improved cross-compile support
- .. and several internal pointer safety fixes
- remove obsolete patches
o bug2972-real-fix.patch
o squid-bootstrap.patch

Tue Aug 31 14:00:00 2010 chrisAATTcomputersalat.de
- added bug2972-real-fix.patch
o fix build for SLE_10
o but impossible to apply LDAP patch

Wed Aug 25 14:00:00 2010 chrisAATTcomputersalat.de
- update to 3.1.7
- Regression Bug 3021: Large DNS reply causes crash
- Regression Bug 3011: ICAP, HTTPS, cache_peer probe IPv4-only port fixes
- Regression Bug 2997: visible_hostname directive no longer matches docs
- Bug 3012: deprecate sslBump and support ssl-bump spelling in http_port
- Bug 3006: handle IPV6_V6ONLY definition missing
- Bug 3004: Solaris 9 SunStudio 12 build failure
- Bug 3003: inconsistent concepts in documentation of cache_dir
- Bug 3001: dnsserver link issues
- HTTP/1.1: default keep-alive for 1.1 clients (bug 3016)
- HTTP/1.1: Improved Range header field validation
- HTTP/1.1: Forward multiple unknown Cache-Control directives
- HTTP/1.1: Stop sending Proxy-Connection header
- Fix 32-bit wrap in refresh_pattern min/max values
- ... and several documentation corrections.

Tue Aug 10 14:00:00 2010 chrisAATTcomputersalat.de
- update to 3.1.6
- Bug 2994, 2995: IPv4-only regressions
- Bug 2991: Wrong parameters to fcntl() in commSetCloseOnExec()
- Bug 2975: chunked requests not supported after regular ones
- Fix: 32-bit overflow in reported bytes received from next hop
- Fix Libtool build regressions
- Limited split-stack IPv6 support.
- squid_db_auth support MD5 encrypted passwords

Sun Jul 25 14:00:00 2010 chrisAATTcomputersalat.de
- update to 3.1.5
- Bug 2967: raw-IPv6 address URL with append_domain broken
- Bug 2950: HTTP responses with no Date, L-M or Expires can now be cached
- Bug 2943: ICAP tokens not logged when using multiple access
- Bug 2937: Fails to detect chunked encoding if not given in all lower case
- Bug 2903: does not send indirect X-Client-Ip in ICAP respmod
- Fix free memory corruption and off-by-one error when comparing SNMP OIDs
- Port from 2.7: max_filedescriptor config option
- Fix persistent_connection_after_error is meant to be on by default
- ... and several build errors.

Wed Jun 9 14:00:00 2010 chrisAATTcomputersalat.de
- fix build for SLE_10
o added bootstrap patch
o fix permissions.secure for pam_auth
- spec mods
o build with --mandir
o add BuildReq libcap-devel (TPROXY)

Tue Jun 8 14:00:00 2010 chrisAATTcomputersalat.de
- new version 3.1.4
- Bug 2933: Verification of the max. port number for WCCP2 dynamic service
- Bug 2924: RADIUS helper compile issues
- Bug 2922: Fix assertion failed: HttpHeader.cc: \"Headers[id].stat.aliveCount\"
- Bug 2919: tcp_outgoing_address ACLs not obeying acl_uses_indirect_client
- Bug 2896: Fix assertion failed: comm.cc:2063: \"!fd_table[fd].closing()\"
- Bug 2879: pt2: 3.0 regression in headers end finding
- Bug 2877: pt2: only output zero-size warning on reverse-proxy requests
- Bug 2876: FD_SETSIZE override not working on all linux distributions
- Bug 2810: common log format generates 2 lines of syslog
- Bug 2789: Optimize unlimited memory pools, and correctly handle limits over 2GB
- Bug 2753: Fall back on IPv4 if IPv6 is not present
- Bug 2697: Adaptation leaks and extra requests after reconfiguration
- Bug 2633: Fix Ecap::HeaderRep::value(name) fails when there is no named header field
- Change LDAP helpers to default to LDAP version 3 if available
- Add Joomla and Salted Hash support to squid_db_auth helper
- Fixed IpAddress port printing for ports higher than 9999
- Disable chunked memory pooling by default.
- ... and several build errors.
- reworked config patch with fuzz=0
- removed libxml2 patch
- added swapdir patch
- reworked ldap patch
- adopt build_option storeio: (build all)
o --enable-storeio=aufs,diskd,null,ufs -> --enable-storeio
- adopt build_option ntlm-auth-helpers: SMB -> smb_lm
o ntlm_auth -> ntlm_smb_lm_auth
- enable parallel build
- fix permissions file

Tue Mar 16 13:00:00 2010 chrisAATTcomputersalat.de
- new version 3.0.STABLE25
- Bug 2845: Rework the http digest auth parser
- Bug 2787: unknown/unexpected status code messages
- Bug 2507: squid_ldap_group: Strip Domain name separated by +
- Bug 2367: stale=true on digest requests with unknown nonce
- ... and several other minor corrections

Tue Feb 16 13:00:00 2010 chrisAATTcomputersalat.de
- new version 3.0.STABLE24

* Bug 2858: Segment violation in HTCP

* Updated refresh pattern for dynamic pages
- version 3.0.STABLE23

* Bug 2856: removing assert() required for 3.0 patch for SQUID-2010:1

* Regression Fix: Build error in Kerberos helper after library removal.
- version 3.0.STABLE22

* Regression Fix: Make Squid abort on all config parse failures.

* Bug 2787: Reduce unexpected http status to non-critical warnings.

* Bug 2496: Downloading some variants in full before relaying

* Bug 2452: Add upper limit to external_acl_type entries.

* Removed optional kerberos/spnegohelp/ library due to licensing issues

* Add client_ip_max_connections

* Handle DNS header-only packets as invalid.
- version 3.0.STABLE21

* Bug 2830: Clarify where NULL byte is in headers.

* Bug 2778: Linking issues using SunCC

* Bug 2395: FTP errors not displayed

* Bug 2155: Assertion failures on malformed Content-Range response headers

* Fix parsing and a few bugs in ACL time type

* Fix RFC keep-alive compliance on intercepted replies

* Improved security hardening on %nn parser

* Replace several GCC-specific code snippets.

Mon Nov 9 13:00:00 2009 chrisAATTcomputersalat.de
- new version 3.0.STABLE20

* Bug 2794: ESI parsing on FreeBSD

* Bug 2791: assertion failed: MemBuf.cc:400: new_cap > (size_t) capacity

* Bug 2779: Support GNU/kFreeBSD

* Bug 2773: Segfault in RFC2069 Digest authantication

* Bug 2768: squid_ldap_group argument parsing error

* Bug 2761: Gopher and double HTTP response header

* Bug 2735: Incomplete -fhuge-objects detection

* Bug 2722: prevent CONNECT via http_port with accel

* Bug 2624: Invalid response for IMS request

* Bug 2510: digest_ldap_auth TLS support

* Correct LINUX_CAPABILITY actions on non-Linux
- removed old upstream patches
o squid-3.0-9107.patch - squid-3.0-9124.patch

Wed Oct 7 14:00:00 2009 chrisAATTcomputersalat.de
- added upstream patches
o squid-3.0-9107.patch - squid-3.0-9124.patch

Mon Sep 14 14:00:00 2009 chrisAATTcomputersalat.de
- new version 3.0.STABLE19

* Bug 2745: Invalid Response error on small reads

* Bug 2739: DNS resolver option ndots can\'t be parsed from resolv.conf

* Bug 2734: some compile errors on Solaris

* Bug 2648: stateful helpers stuck in reserved if client disconnects while helper busy

* Bug 2541: Hang in 100% CPU loop while extacting header details
using a delimiter other than comma

* Bug 2362: Remove support for deferred state in stateful helpers

* Add 0.0.0.0 as a to_localhost address

* Docs: Improve chroot directive documentation slightly

* Fixup libxml2 include magics, was failing when a configure cache was used

* ... and some minor testing improvements.
- spec mods
o adding group winbind, add squid to group winbind
when using squid with samba-winbind for ntlm_auth
squid needs read access to /var/lib/samba/winbindd_privileged
group winbind is added if squid is installed before winbind ;)

Sat Sep 5 14:00:00 2009 chrisAATTcomputersalat.de
- added upstream patches
o b9097 - b9103
- rpmlint
o added fdupes

Wed Sep 2 14:00:00 2009 chrisAATTcomputersalat.de
- cleanup spec
o removed #--------

Tue Sep 1 14:00:00 2009 cooloAATTnovell.com
- remove outdated patches

Mon Aug 31 14:00:00 2009 cooloAATTnovell.com
- merge factory changes with buildservice

Sun Aug 30 14:00:00 2009 ajAATTsuse.de
- Fix patch numbering for rpm 4.7.

Wed Aug 26 14:00:00 2009 mlsAATTsuse.de
- make patch0 usage consistent

Fri Aug 21 14:00:00 2009 chrisAATTcomputersalat.de
- added upstream patches
o b9095, b9096

Sat Aug 15 14:00:00 2009 chrisAATTcomputersalat.de
- added upstream patches
o b9089 - b9094
o disabled b9089,b9090,b9092 cause can not patch inexistent file

Tue Aug 11 14:00:00 2009 chrisAATTcomputersalat.de
- new version 3.0.STABLE18:

* Bug 2728: regression: assertion failed: !eof

* Bug 2732: reply_body_max_size smaller than error page loops
infinitely until out of memory

* Bug 2725: pconn failure if domain or client_address are unset

* Bug 2648: reserved helpers not shut down after reconfigure/rotate

* Bug 2462: make check should tell when cppunit is missing

* Remove excess messages about headers < minimum size

* Support Libtool 2.2.6
- Changes to squid-3.0.STABLE17 (27 Jul 2009):

* Bug 2680 regression: Crash after rotate with no helpers running

* Bug 2710: squid_kerb_auth non-terminated string

* Bug 2679: strsep and strtoll detection failure

* Bug 2674: Remove limit on HTTP headers read.

* Bug 2659: String length overflows on append, leading to segfaults

* Bug 2620: Invalid HTTP response codes causes segfault

* Bug 2080: wbinfo_group.pl - false positive under certain conditions

* Bug 1087: ESI processor not quoting attributes correctly.

* Fix: issue with AUFS/UFS/DiskD writing objects to disk cache

* Several small build issues with previous release.
for full changes list, see:
http://www.squid-cache.org/Versions/v3/3.0/squid-3.0.STABLE18-RELEASENOTES.html
- removed squid-3.0.STABLE16-gcc_warn_kerb_auth.patch
- removed changed, deprectated configure options
o deprecated:
- -enable-poll
o changed to default:
- -enable-htcp
- -enable-snmp

Sat Jul 25 14:00:00 2009 chrisAATTcomputersalat.de
- spec mods

* removed ^----------

* removed ^#---------

Thu Jul 23 14:00:00 2009 chrisAATTcomputersalat.de
- new version 3.0.STABLE16:

* Bug 2672: cacheMemMaxSize 32-bit overflow during snmpwalk

* Bug 2481: Don\'t set expires: now in generated error responses

* Bug 2387: The calculation of the number of hash buckets correctly

* Fix infinite loop in MSNT auth helper

* Fix FD_SETSIZE on FreeBSD

* Fix stripping NT domain in squid_ldap_group

* Fix RADIUS auth helper build

* Add Translate: and Unless-Modified-Since: headers to known list

* Make fakeauth handle NTLMv2 better

* Better Kerberos support detection

* Several Widows port fixes
- Changes to squid-3.0.STABLE16-RC1 (16 May 2009):

* Bug 1148: Ported from 3.1: Chunked Transfer Encoding

* Bug 2648: NTLM helpers not shutting down when deferred
- Changes to squid-3.0.STABLE15 (06 May 2009):

* Regression Bug 2635: Incorrect Max-Forwards header type

* Bug 2652: \'Success\' error on CONNECT requests

* Bug 2625: IDENT receiving errors

* Bug 2610: ipfilter support detection

* Bug 2578: FTP download resume failure

* Bug 2536: %H on HTTPS error pages

* Bug 2491: assertion \"age >= 0\"

* Bug 2276: too many NTLM helpers running

* Endian system and compiler fixes provided by the NetBSD project

* documentation fixes provided by the Debian project
- Changes to squid-3.0.STABLE14 (11 Apr 2009):

* Regression Fix: HTTP/0.9 in accelerator mode

* Bug 1232: cache_dir parameter limited to only 63 entries

* Bug 1868: support HTTP 207 status

* Bug 2518: assertion failure on restart/reconfigure

* Bug 2588: coredump in rDNS lookup

* Bug 2595: Out of bounds memory write in squid_kerb_auth

* Bug 2599: Idempotent start

* Bug 2605: Prevent setsid() on helpers in daemon mode

* Fix external_acl_type option parsing

* Fix delay pools counters on FTP

* Fix several issues with ident (some remain)

* Fix performance issues with persistent connections

* Fix performance issues with delay pools

* Fix forwarding of OPTIONS requests

* Add support for HTTP 1.1 Content-Disposition header

* Add support for Windows 7, Windows Server 2008 R2 and later

* ... and many small documentation updates
for full changes list, see:
http://www.squid-cache.org/Versions/v3/3.0/squid-3.0.STABLE16-RELEASENOTES.html
- reworked gcc_warn_kerb_auth

* was partially added
- added after RELEASE patches

* b9052 - b9067
for full changes list, see:
http://www.squid-cache.org/Versions/v3/3.0/changesets/SQUID_3_0_STABLE16.html
- some spec mods

* removed {rel}

Wed Jun 10 14:00:00 2009 roAATTsuse.de
- strchr returns a const char
* now, work around

Sun May 3 14:00:00 2009 chrisAATTcomputersalat.de
- some spec fixes


  
ICM