openSUSE Build Service

Overview Repositories Revisions Requests Users Attributes Meta

File squid3.changes of Package squid3

-------------------------------------------------------------------
Thu Oct 14 12:38:32 CEST 2010 - draht@suse.de

- security patch: squid-3.0-9189-bnc637287-CVE-2010-3072.patch fixes
  CVE-2010-3072 DoS with internal string handling error

-------------------------------------------------------------------
Mon Mar 11 16:06:23 CET 2010 - draht@suse.de

- [bnc#576087] squid_dns_dos_bnc576087.patch fixes dns dos vuln.
  CVE-2010-0308
- [bnc#525774] squid-3.0.STABLE5-b9070_b9074_b9074_b9081_b9082_bnc525774.patch
  fixes CVE-2009-2621 and CVE-2009-2622 (missing/wrong bounds checks
  in incomplete requests or large headers).
- [bnc#577347] squid-3.0.STABLE5-bug2541-bnc577347.patch fixes
  CVE-2009-2855 denial of service with comma delimited auth headers

-------------------------------------------------------------------
Thu Nov  6 15:59:17 CET 2008 - kssingvo@suse.de

- reworked on sysconfig files (bnc#439006)

-------------------------------------------------------------------
Mon Oct 27 16:48:56 CET 2008 - kssingvo@suse.de

- update to squid-3.0.STABLE10, fixes mainly:
  bad assert in forwarding
  Segfault on failed TCP DNS query
  DNS requests getting stuck in idns queue
  FTP PUT gives bad gateway
  ... and few minor ones. For complete list see:
  http://www.squid-cache.org/Versions/v3/3.0/changesets/SQUID_3_0_STABLE10.html
- removed old patches, which were included upstream now
- renamed sysconfig.squid to sysconfig.squid3 (bnc#439006)

-------------------------------------------------------------------
Mon Oct 13 14:52:39 CEST 2008 - kssingvo@suse.de

- reenabled linux-netfilter in configure as seems to work now again

-------------------------------------------------------------------
Thu Oct  2 14:36:14 CEST 2008 - kssingvo@suse.de

- added official patches:
  * assertion fix in forward.cc
  * bad links in ./configure due to website changes
  * define DEFAULT_CACHEMGR_CONFIG before its first use
  * don't strcmp Config.Log.store if it's NULL in storeLogOpen
  * workaround: When dns_error_message value is lost
  * ftp put gives bad gateway but put is correct
  * fix of a compilation error

-------------------------------------------------------------------
Wed Sep 10 12:40:46 CEST 2008 - kssingvo@suse.de

- new version 3.0.STABLE9:
  * Correct HTCP stats
  * fix: mgr:active_requests always returns "delay_pool 0"
  * fix: 3.0 must still wrap CARP properly
  * Improve display on fd debug output
  * Correct ICAP notes: *_postcache vector points not coded
  * fix: squid_ldap_group -h reports the old % codes for -f
  * Fix: Unsupported method in request may show raw binary data in log
  * Fix: cppunit tests broken by squid.h defines
  * fix: no_check.pl ntlm helper never sends challenge
  * Increase buffer in authenticateNegotiateStart / squid_kerb_auth
  * peer name not logged in access.log like expected, instead the ip
    address is logged
  * Fixed typo in squid.h which would prevent leak checking for arrays
  * COSS removal from 3.0
  * Use safe functions in basic auth MSNT helper
  for full changes list, see:
  http://www.squid-cache.org/Versions/v3/3.0/changesets/SQUID_3_0_STABLE8.html
- removed coss as disk storage method, as it became unstable now

-------------------------------------------------------------------
Wed Aug 20 12:29:36 CEST 2008 - kssingvo@suse.de

- fixed configure option:
  * change from "with-large-files" to "enable-large-files"
  * removed netfilters (kernel 2.4) option
- fixed init script
- added sysconfig as in squid

-------------------------------------------------------------------
Tue Jul 22 16:08:26 CEST 2008 - kssingvo@suse.de

- new version 3.0.STABLE8:
  * Support for cachemgr sub-actions
  * userhash peer selection method
  * sourcehash peer selection method
  * round-robin balancing fixes
  * acl documentation cleanup
  * cachemgr.cgi HTML output encoding
  * Regression: Log format size options
  * Correct the opening of PF device file.
  * ICAP accept mechanism
  * Regression: fakeauth_auth crashes
  * Boost error pages HTML standards.
  * Fixes several issues on 64-bit systems
  * Fixes several issues on older or stricter compilers
  * Linux-2.6.24/2.6.25 netfilter_ipv4.h __u32 workaround
  * Update Release Notes: 'all' ACL is built-in since 3.0.STABLE1
  for full changes list, see:
  http://www.squid-cache.org/Versions/v3/3.0/changesets/SQUID_3_0_STABLE8.html
- removed unneccesary compiler warning patch
- added new patch for warnings in kerberos auth

-------------------------------------------------------------------
Wed Jul  2 16:13:35 CEST 2008 - kssingvo@suse.de

- update to version 3.0.STABLE7, which is mainly a bugfix version only:
  * important fix for ASN.1 DoS (no CVE)
  * spelling corrections
  * assertion on ESI page
  * in snmp reporting
  * (extra) whitespaces in logfile
  * added note that negative_ttl is a HTTP violation
  * Memory allocation problem in restoreCapabilities(), tools.cc
  * etc.
  for full change list see:
http://www.squid-cache.org/Versions/v3/3.0/changesets/SQUID_3_0_STABLE7.html

-------------------------------------------------------------------
Wed May 21 17:39:14 CEST 2008 - kssingvo@suse.de

- update to version 3.0.STABLE5, which is mainly a bugfix version only:
  * fix in parsing cachemgr.conf
  * segfault in tunnelConnectTimeout()
  * segfault in MemBuf::append()
  * basic auth leaks memory
  * access_log syslog results in blanks syslog lines
  * umask support with porting from 2.6
  * segfault in AuthDigestUserRequest::authUser
  * ntlm_auth helper resolves DC hostname to 0
  ... and some minor bugfixes more
- added cachemngr.conf.default to files

-------------------------------------------------------------------
Mon May 19 19:39:48 CEST 2008 - kssingvo@suse.de

- added "sharedscripts" to logrotate (bnc#388088)

-------------------------------------------------------------------
Fri May  9 15:36:15 CEST 2008 - schwab@suse.de

- Use autoreconf.

-------------------------------------------------------------------
Tue Apr 29 17:39:40 CEST 2008 - kssingvo@suse.de

- update to version 3.0.STABLE5, which is mainly a bugfix version only:
  * Bypassing 403 and 404 status to ICAP using icap_access - Failed
  * file uploads (RFC1867) fail with "error:double-CR"
  * Range tests failing.
  * crashes/restarts when ICAP enabled on respmod for HTTP body size
    greater than 100kb
  * Support for resolv.conf 'domain' option
  * Fix for incorrect default time/date log format
  * Fix: reentrant debugging crashes Squid
  * better handling of intercepted URI
  * better port for non-FQDN URI lookups
  * Improved logging, including incorrect timestamp format in earlier
    3.0 releases
  * Support for profiling on x86 64-bit systems
- removed upstream patches, which are now included in source tarball
- removed own compiler warning patch (now upstream)

-------------------------------------------------------------------
Thu Apr 17 12:07:17 CEST 2008 - kssingvo@suse.de

- added official patches:
  * increase MAX_URL to 8192
  * Honor 0x and 0 prefixes as numeric base indication when parsing
    squid.conf integer options.
  * Correct and simplify parsing of list headers
  * Fix processing of large reply headers
  * Removed execute bit from various non-executable source files
  * assertion failed: HttpHdrContRange.cc:100: "spec->length >= 0"
  * Fallback on transparent interception mode even if the connection
    didn't seem to be transparently intercepted
  * fix pt 2: DIRECT/<ip> mixed with DIRECT/
  * Fallout from build-testing the new backports.
- fixed a compiler warning, which got treated as an error

-------------------------------------------------------------------
Mon Apr  7 18:46:46 CEST 2008 - kssingvo@suse.de

- fix for unpackaged non-man pages (SLE9, SLE10 build failures)

-------------------------------------------------------------------
Mon Apr  7 18:26:43 CEST 2008 - kssingvo@suse.de

- update to version 3.0.STABLE2:
  * improved HTTP 1.1 support
  * Proxy-Authentication regression
  * Strip Domain from NTLM usernames for use in class 4 Delay Pools
  * compile error slipped into STABLE3
  * ... and as usual Many bug fixes since STABLE 2.
  Please, have a look into included ChangeLog file for details.

-------------------------------------------------------------------
Tue Mar 18 16:11:37 CET 2008 - kssingvo@suse.de

- update to version 3.0.STABLE2:
  * Add myportname ACL for matching the accepting port name (see
    release notes)
  * Add include directive for squid.conf (see release notes)
  * Add ability to strip kerberos realm from usernames during Auth
  * License cleanup to comply with GPLv2 or later
  * Updated Error Pages and Translations
  * Updated configuration examples
  * Updated valgrind support for valgrind-3.3.0
  * Improved support for Windows and MacOS X Leopard
  * Improved support for files larger than 2GB
  * Improved support for CARP arrays and WCCPv2
  * Improved cachmgr, SNMP, and log reporting
  * ... and as usual Many bug fixes since STABLE 1
- removed unnecessary, official patches for STABLE1

-------------------------------------------------------------------
Wed Mar 12 13:39:43 CET 2008 - kssingvo@suse.de

- added many official patches:
  * Squid Bugzilla #2250: double-freeing memory in http_port name=
    option code.
  * Optimisation cleanup of fake_auth
  * Fix Castings slipped out of back-ported patches from 3.1.
  * Update errors/list to match the actual list of error pages used
  * Added a CPPUNIT assertion to test whether a failed CPPUNIT test
    case properly
  * Several String fixes.
  * The connect(2) system call might return "connection ready"
  * Sort cache list in wccpv2 to ensure a consistent hash
    allocation across all serv
  * Squid Bugzilla #1978: fwdServerClose retries non-idempotent
    methods
  * Squid Bugzilla #2172: When user fails authentification Squid
    restarts
  * Squid Bugzilla #2186: NONE/- due to persistent connections
  * Squid Bugzilla #2189 fix: when dumping SNMP oids, do not
    overrun the result buffer.
  * Assert that checklist and request are set instead of
    segfaulting as in bug 2168
  * Squid Bugzilla #1923 fix: Do not send hop-by-hop headers to the
    ICAP server.
  * Squid Bugzilla #1933 fix: Fixed memory pools configuration
    reporting.
  * Squid Bugzilla #2110 fix: When Squid is shutting down, disable
    persistent connections
  * Squid Bugzilla #2153: Use the cache_peer name in CARP hashing
    to support multiple peers on the same host
  * Add check for glob() and glob.h availability
  * make include support wildcards, and document the directive
    (copied from squid-2)
  * Use our own strwordtok instead of strtok_r. Not only is it
    portable, but also understands quoting and escaping
  * Squid Bugzilla #2180 (update) - include minor issues
  * include directive for squid.conf
  * More off_t related cleanups triggered by Squid Bugzilla #2164.
  * Squid Bugzilla #2164: assertion failed: stmem.cc:321:
    "candidate.offset >= 0"
  * Squid Bugzilla #2150: Connection hangs on automatic retry
  * Squid Bugzilla #2175: Update valgrind support for
    valgrind-3.3.0
  * Random authenticaiton failures when using Digest authentication
  * digest auth related memory corruption
  * Allow informal errors on stderr when using -k parse
  * Squid Bugzilla #2063: Hide debugging messages before cache.log
    is opened
  * Squid Bugzilla #2018: dead_peer_timeout fails to declare peer
    dead
  * Squid Bugzilla #2114: cache memory accounting not working well
  * Fix some minor casting errors affecting cachemgr reporting when
    cache/mem >2GB
  * Squid Bugzilla #2231: Compile error in squid_kerb_auth under
    Mac OS X 10.5.2
  * Squid Bugzilla #2101: Reuse pconns using LIFO
  * Squid Bugzilla #2159: WCCPv2 assertion failure on Mask
    assignment
  * Kill unused body_size variable
  * Kill obsolete phttpd/0.99.72 malformed HEAD response
    workaround.
  * License cleanup to comply with GPLv2 or later.
  * Sync store meta assignments with Squid-2.
  * Don't be so verbose about not yet implemented store meta data
    types
  * Accept some unknown store meta entries without throwing away
    the rest.
  * Patch to strip kerberos realm from username
  * Clean up of deferred reads and delay pools was not applied to
    comm_select_win32.cc
  * Fix missing default disk store type into QUICKSTART example.
  * Alter caching policy for Dynamic Objects.
  * Squid Bugzilla #2166 - Error compiling on Mac OS X 10.5 Leopard
  * Correct example IPs in tcp_outgoing_address config
  * Squid Bugzilla #2189 - wrong parameters used for memset
- removed our patches, which are upstream included now
- worked on BuildRequires:

-------------------------------------------------------------------
Tue Jan 15 15:04:06 CET 2008 - kssingvo@suse.de

- update to version 3.0.STABLE1:
  * Updated changelog for 3.0.STABLE1 release
  * MFC
  * Name the upcoming release 3.0.STABLE1 MFC
  * Remove references to myself and NLANR, add pointer to COPYRIGHT
    file
  * Change old info@ircache.net contact address to
    info@squid-cache.org
  * Fixed more compile errors after removal of snprintf.h
  * Fix compile errors after removal of snprintf.h
  * Removed the following debugging line, numerous copies of which
    used to appear
  * Set default formatting flags for the debugging stream to
    "fixed" with a
  * Delete now unused snprintf.h header file
  * removed lib/snprintf.c credits as it's no longer shipped with
    Squid
  * Kill GPL-incompatible (Apache) lib/snprintf.c source.
  * assertion failed: comm.cc:116: "ccb->active == false"
  * squid.conf, others overwrite -X
  * Wrap equation argument to debugs() properly.
  * Correct attribution of current MD5 changes.
  * Fix typo added during some patch.
  * Fix SegFault when NetDB asked to ping a zero-length
    domain/hostname
  * allow pending cache hits when delay pools not compiled in pack
    header entries on cache updates
  * Update to Squid MD5 syntax
  * Correct update of 304 headers
  * Make squid_db_auth reopen the database connection on each query
    by default
  * Updated MD5 credits (no longer RSA). Removed winbind credits
    (no longer shipped with Squid)
  * Drop the RSA licensed MD5 implementation, and use the one
    shipped with Squid instead
  * Change priority of proxy auth and extacl provided username in
    login=*:pass
  * Declare Squid 3 Windows support NOT STABLE.
  * Fix build failure caused by a typo.
  * Renamed "SQUID_ESI" to "USE_SQUID_ESI" at request of other
    developers
  * Change 'ESI' define to 'SQUID_ESI'
  * More fixes for recent MD5 mixups
  * Fix-fix for MD5.
  * fix GCC 4.3 warnings, part 1
  * operator != declared outside of the HttpRequestMethod class
    results in
  * Returning -1 in the unreached portion of u_short GetService()
    code results in
  * partial fix: Allocate space for a NULL terminator of the helper
  * RFC 1157 - SNMP v1 Protocol is used by squid.
  * Enable squid to lookup /etc/services for named peer ports.
  * Re-fix libmd5 detection on configure
  * Solaris 10 appears to provide MD5 natively
  * Add some include-protection to IPInterception.cc
  * Extended the Squid -> Rewriter interface with key=value pairs
  * Close three possible buffer over/under-runs
  * Looks like 'dstdomain' and 'dstdomain_regex' ACLs were broken.
  * Spelling.
  * Code cleanup.
  * NetBIOS is now officially obsolete.
  * fix: Better handling of HTTP 206 Partial Content responses.
  * Added debugging while investigating
  * RFC bits omitted earlier.
  * RFC 3162 - updated RADIUS authentication protocol
  * Policy Change: Make all ACL a predefined default.
  * Add RFC 1902, 1905 - SNMP Protocols used by squid.
  * Close several unsafe control paths after fatalf()
  * Close several unsafe control paths after self_destruct()
  * fix: handle REQMOD HTTP responses without body
  * fix: SegFault in tunnelConnectTimeout error page generation.
  * Need to read clearer. We agreed on allow localnet->deny all.
  * Alter policy of ICP and HTCP access to default allow only local
    networks
  * autoconf 2.61 works.
  * Add notes about htcp_access effects on HTCP peers to config.
  * Update udp_(incoming|outgoing)_address option docs to reflect
    current state.
  * Respect DNS ttl=0
  * Digest delays are no longer bound to any fixed unit of time.
  * digest_generation docs should reference compile option not
    internal macro.
  * 3.0RC1: Add stub ERR_ESI and ERR_ICAP_FAILURE documents to
    errors/Armenian
  * Likely fix for helper-related SEGV shortly after reconfigure
  * automake 1.10 also works..
  * More >2GB fixes. BodyPipe::unproducedSize() method should also
    return an uint64_t
- squid3 now obsoletes squid (= squid2)
- renamed patches, removed unused patches
- removed obsolete use of suse 8.0 version requirement
- changed X-UnitedLinux-Should-XXX to Should-XXX in init script

-------------------------------------------------------------------
Wed Dec 12 18:25:27 CET 2007 - kssingvo@suse.de

- BuildRequires doesn't need openldap2 anymore. fixed.

-------------------------------------------------------------------
Thu Nov 29 11:10:33 CET 2007 - kssingvo@suse.de

- removed gcc-4.3 patch, now in upstream
- added many upstream patches:
  * Fix typo added during some patch.
  * Fix SegFault when NetDB asked to ping a zero-length
    domain/hostname
  * Bug #2096: allow pending cache hits when delay pools not
    compiled in
  * pack header entries on cache updates
  * Update to Squid MD5 syntax
  * Correct update of 304 headers
  * Make squid_db_auth reopen the database connection on each
    query by default
  * Updated MD5 credits (no longer RSA). Removed winbind credits
    (no longer shipped with Squid)
  * Drop the RSA licensed MD5 implementation, and use the one
    shipped with Squid instead
  * Change priority of proxy auth and extacl provided username in
    login=*:pass
  * Declare Squid 3 Windows support NOT STABLE.
  * Fix build failure caused by a typo.
  * Renamed "SQUID_ESI" to "USE_SQUID_ESI" at request of other
    developers
  * Change 'ESI' define to 'SQUID_ESI'
  * More fixes for recent MD5 mixups
  * Fix-fix for MD5.
  * Bug #2123 fix, part 1: GCC 4.3 warnings
  * operator != declared outside of the HttpRequestMethod class
    results in
  * Returning -1 in the unreached portion of u_short GetService()
    code results in
  * Bug #2123 partial fix: Allocate space for a NULL terminator
    of the helper
  * RFC 1157 - SNMP v1 Protocol is used by squid.
  * Enable squid to lookup /etc/services for named peer ports.
  * Re-fix libmd5 detection on configure
  * Solaris 10 appears to provide MD5 natively
  * Add some include-protection to IPInterception.cc
  * Extended the Squid -> Rewriter interface with key=value pairs
  * Close three possible buffer over/under-runs
  * Looks like 'dstdomain' and 'dstdomain_regex' ACLs were
    broken.
  * Spelling.
  * Code cleanup.
  * NetBIOS is now officially obsolete.
  * Bug #2116 fix: Better handling of HTTP 206 Partial Content
    responses.
  * Added debugging while investigating bug #2116.
  * RFC bits omitted earlier.
  * RFC 3162 - updated RADIUS authentication protocol
  * Policy Change: Make all ACL a predefined default.
  * Add RFC 1902, 1905 - SNMP Protocols used by squid.
  * Close several unsafe control paths after fatalf()
  * Close several unsafe control paths after self_destruct()
  * Author:Rafael Martinez <rmartine@fdi.ucm.es>
  * Author: Rafael Martinez <rmartine@fdi.ucm.es>
  * Bug #2104 fix: handle REQMOD HTTP responses without body
  * Bug #2098 fix: SegFault in tunnelConnectTimeout error page
    generation.
  * Need to read clearer. We agreed on allow localnet->deny all.
  * Alter policy of ICP and HTCP access to default allow only
    local networks
  * autoconf 2.61 works.
  * Add notes about htcp_access effects on HTCP peers to config.
  * Update udp_(incoming|outgoing)_address option docs to reflect
    current state.
  * Bug #2100: Respect DNS ttl=0
  * Digest delays are no longer bound to any fixed unit of time.
  * digest_generation docs should reference compile option not
    internal macro.
  * Bug #2094: 3.0RC1: Add stub ERR_ESI and ERR_ICAP_FAILURE
    documents to errors/Armenian
  * Likely fix for helper-related SEGV shortly after reconfigure
  * automake 1.10 also works..
  * More >2GB fixes. BodyPipe::unproducedSize() method should
    also return an uint64_t

-------------------------------------------------------------------
Tue Nov 20 12:30:45 CET 2007 - kssingvo@suse.de

- added "squid-beta" to Conflicts: section
- removed unneeded snprintf.c due to license issue (bugzilla#341246)
- replace md5.c and md5.h by GPL version (bugzilla#341246)

-------------------------------------------------------------------
Tue Nov 13 11:42:02 CET 2007 - kssingvo@suse.de

- fixed gcc-4.3 "-Wall -Werror" issues

-------------------------------------------------------------------
Thu Nov  8 10:00:27 CET 2007 - kssingvo@suse.de

- initial try with RC1, based on squid-beta

Places

File squid3.changes of Package squid3

Places