webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-19 07:23:03 +02:00
Code Issues Packages Projects Releases Wiki Activity
10,127 Commits 2 Branches 1 Tag
06ff7e28d7993d02be4e4a87bfc959b3bb375346
Commit Graph

95 Commits

Author SHA1 Message Date
Matthias Fischer
b78a8742ae squid 3.5.19: latest patches from upstream 
For details, see:
http://www.squid-cache.org/Versions/v3/3.5/changesets/

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2016-06-01 22:12:15 +01:00
Matthias Fischer
9a4bfe0284 squid: Update to 3.5.19 
Activated 'ipv6', as discussed in ipfire-list with Michael:

"I had a look what the IPv6 switch actually changes. And that is not really much.
Essentially nothing. It just probes if the system supports IPv6 and if not it
disables it internally.

http://git.ipfire.org/?p=thirdparty%2Fsquid.git&a=search&h=refs%2Fheads%2Ftrunk&st=grep&s=USE_IPV6

I think we can as well enable this."

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2016-05-11 15:46:21 +01:00
Matthias Fischer
efccb43303 squid: Update to 3.5.18 
Removed unecessary quotations and two configure-options, see:
ftp://ftp.fu-berlin.de/unix/www/squid/archive/3.1/squid-3.1.0.16-RELEASENOTES.html

--with-aio
Deprecated. POSIX AIO is now auto-detected and enabled.
Use --without-aio to disable, but only if you really have to.

--with-pthreads
Deprecated. pthreads library is now auto-detected and enabled.
Use --without-pthreads to disable, but only if you really have to.

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2016-05-07 13:25:18 +01:00
Matthias Fischer
77d0467c05 squid: Update to 3.5.17 
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2016-04-29 18:25:08 +01:00
Matthias Fischer
198c39265b squid 3.4.14: latest patches, sorted options 
The 'configure'-options were sorted (kind of) to get a better overview.

Added latest patches from upstream.

Changed '--enable-async-io=8' to '--enable-async-io=16' because of
http://www.squid-cache.org/mail-archive/squid-users/200705/0768.html :

"The default number of threads is dependent on the number of aufs
cache_dir lines, based on a reasonable estimate of how the code behaves."

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2016-04-26 22:19:29 +01:00
Matthias Fischer
8e6421d78e squid 3.4.14: Bugfix for #4323 (Netfilter broken cross-includes with Linux 4.2) 
For details see: http://bugs.squid-cache.org/show_bug.cgi?id=4323

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2016-04-05 22:56:04 +01:00
Michael Tremer
bdb319c0ca squid: Patch SQUID-2016:3/CVE-2016-3947 
http://www.squid-cache.org/Advisories/SQUID-2016_3.txt

 Due to a buffer overrun Squid pinger binary is vulnerable to
 denial of service or information leak attack when processing
 ICMPv6 packets.

 This bug also permits the server response to manipulate other
 ICMP and ICMPv6 queries processing to cause information leak.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2016-04-05 22:52:54 +01:00
Matthias Fischer
fd3b90c875 squid 3.4.14: Bugfix for #4431 (C code is not compiled with CFLAGS) 
For details see: http://bugs.squid-cache.org/show_bug.cgi?id=4431

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2016-02-13 18:51:08 +00:00
Michael Tremer
02a60a9b9e squid: Actually make --with-filedescriptors work 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2016-01-23 01:49:37 +00:00
Matthias Fischer
bc7cb3eaeb squid 3.4.14: removed duplicate configure-option in lfs-file 
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2015-09-04 22:06:50 +01:00
matthias.fischer@ipfire.org
f10a246946 squid 3.4.14: Import latest patch from upstream 
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2015-08-31 23:26:38 +01:00
Matthias Fischer
ec27a5ae21 squid: Update to 3.4.14 
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2015-08-07 20:36:27 +01:00
Michael Tremer
d1b7736a28 squid: Apply fix for Squid Advisory SQUID-2015:2 
Squid configured with cache_peer and operating on explicit proxy
traffic does not correctly handle CONNECT method peer responses.

The bug is important because it allows remote clients to bypass
security in an explicit gateway proxy.

However, the bug is exploitable only if you have configured
cache_peer to receive CONNECT requests.

  http://www.squid-cache.org/Advisories/SQUID-2015_2.txt

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
 2015-07-09 12:31:04 +02:00
Michael Tremer
88b1e637ac squid: Disable SSL support 
The SSL support parts of squid are a great security
risk. The majority of all security issues has been
in this area. As we are not using any of that in
production we can as well disable SSL support.

This won't affect squid's possibility to forward
SSL connections with the CONNECT method.
 2015-05-02 12:56:09 +02:00
Michael Tremer
49c3105cc3 squid: Update to 3.4.13 2015-05-02 11:21:14 +02:00
Matthias Fischer
bc3dd1e975 Update: squid to 3.4.9 2014-11-06 07:33:45 +01:00
Michael Tremer
243f8ca6e9 squid: Update to 3.4.8 
Contains some security fixes:

 * CVE-2014-6270
   http://www.squid-cache.org/Advisories/SQUID-2014_3.txt
 * CVE-2014-7141
   CVE-2014-7142
   http://www.squid-cache.org/Advisories/SQUID-2014_4.txt
 2014-10-02 18:21:51 +02:00
Michael Tremer
94b3d7d2f2 squid: Update to 3.4.7 
Solves a DoS issue "Ignore Range headers with unidentifiable byte-range values"
filed under security advisory SQUID-2014:2 and CVE-2014-3609.
 2014-08-28 16:09:31 +02:00
Michael Tremer
69a324f0bb squid: Disable -march=native. 
This produces a binary that cannot be executed on
all systems that we support.

(cherry picked from commit 5930a368ad)
 2014-05-28 20:24:44 +02:00
Michael Tremer
27ecea56ce squid: Update to 3.4.5. 2014-05-12 12:54:48 +02:00
Michael Tremer
4c7bfb1f27 Merge remote-tracking branch 'stevee/squid-zph-qos' into beyond-next 2014-03-21 14:48:22 +01:00
Michael Tremer
6bd4bcdaa1 squid: Update to 3.4.4. 2014-03-21 13:46:03 +01:00
Stefan Schantl
abfd82b15e Squid: Enable support for zph-qos. 
Fixes #10087.
 2014-01-22 20:29:26 +01:00
Michael Tremer
a408e02da2 squid: Update to 3.3.11. 2013-12-03 14:42:30 +01:00
Michael Tremer
78c2b230d4 squid: Apply patch for properly detect rlimit. 
https://bugzilla.ipfire.org/show_bug.cgi?id=10445
 2013-11-26 11:43:11 +01:00
Michael Tremer
4f160f04cb proxy: Set number of file descriptors much higher. 
Some users are hitting the 65k limit regularly, so
we set the limit to a much higher number.
 2013-11-21 21:36:02 +01:00
Michael Tremer
36b1c19138 squid: Update to 3.3.10 + SSL options fix. 2013-11-08 14:13:30 +01:00
Michael Tremer
6f49e32b74 squid: Enable netfilter transparent mode. 2013-10-12 13:26:53 +02:00
Michael Tremer
0e4f36aee4 squid: Update to 3.3.9. 
Just a couple of minor bugfixes. Nothing too serious.
 2013-10-11 13:49:00 +02:00
Michael Tremer
754f508b5b squid: Update to 3.3.8. 2013-08-22 12:57:56 +02:00
Michael Tremer
7323724196 squid: Fix two security issues. 
* CVE-2013-4115
* CVE-2013-4123

http://www.squid-cache.org/Versions/v3/3.1/changesets/
 2013-08-07 22:15:31 +02:00
Michael Tremer
8b9b6c0164 squid: Increase FDs to 65536 (#10387). 2013-07-15 14:35:07 +02:00
Jan Behrens
6bea848d34 squid: Compile with --enable-cache-digests. 
Bug #10311
https://bugzilla.ipfire.org/show_bug.cgi?id=10311
 2013-03-01 00:03:20 +01:00
Michael Tremer
940da289ef squid: Update to 3.1.23. 
http://www.squid-cache.org/Versions/v3/3.1/changesets/SQUID_3_1_23.html
 2013-01-12 20:44:39 +01:00
Michael Tremer
f3b0222e3f squid: Update to 3.1.22. 2013-01-09 12:39:16 +01:00
Arne Fitzenreiter
eba8a82614 squid: update to 3.1.20. 2012-07-03 13:41:13 +02:00
Michael Tremer
81b2c3f165 squid: Enable ICAP client. 2012-06-13 15:43:27 +02:00
Arne Fitzenreiter
5971e9a1aa squid: update to 3.19. 2012-02-08 07:48:52 +01:00
Arne Fitzenreiter
99f96fa93d squid: update to 3.1.18. 
enabled polish and russian error messages.
 2011-12-18 13:30:26 +01:00
Arne Fitzenreiter
2bcabb15f5 squid: update to 3.1.16. 2011-10-28 00:38:42 +02:00
Arne Fitzenreiter
fd4f39f210 squid: update to 3.1.15. 2011-09-05 16:41:53 +02:00
Arne Fitzenreiter
0458115681 squid: update to 3.1.14. 2011-07-12 07:30:05 +02:00
Arne Fitzenreiter
b651a44dba squid: update to 3.1.13. 2011-07-04 12:52:43 +02:00
Arne Fitzenreiter
800c1607ae squid: set --enable-async-io=8 2011-03-15 09:02:32 +01:00
Arne Fitzenreiter
1432ca2e26 Updated squid (3.1.11). 
Set some cfg switches like in IPFire 3.x
(enabled radius, aio ...)
 2011-03-04 13:32:28 +01:00
Michael Tremer
f19e720dbf squid: Enable LFS. 2011-02-03 12:47:43 +01:00
Christian Schmidt
0a3c4cf02b Updated squid to current stables. This should fix some bugs. 2011-01-22 15:52:01 +01:00
Arne Fitzenreiter
ab4a5a35af squid: Add french and spanish errorpages. 
reworked ipfire design pages by using stylesheets.
 2011-01-02 09:17:50 +01:00
Arne Fitzenreiter
d4c6ba21eb Updated squid (3.1.8). 2010-10-14 08:31:54 +02:00
Christian Schmidt
cee03fd1d4 Updated squid to current stable. 
This fixes bug #0000616
 2010-04-11 09:05:32 +02:00