This package failed to build on ARM because atomic functions
are being emulated on ARM32 and the required library was not
linked.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
For details see:
http://www.squid-cache.org/Versions/v4/changesets/
The 'configure'-option "--disable-ipv6" was removed, it is no longer necessary.
See:
https://lists.ipfire.org/pipermail/development/2016-April/002046.html
"The --disable-ipv6 build option is now deprecated.
...
Squid-3.5.7 and later will perform IPv6 availability tests on startup in
all builds.
- Where IPv6 is unavailable Squid will continue exactly as it would
have had the build option not been used.
These Squid can have the build option removed now."
The warning message concerning a "BCP 177 violation" while
starting 'squid' can be ignored.
Best,
Matthias
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
For details see:
http://www.squid-cache.org/Versions/v4/changesets/
In July 2018, 'squid 4' was "released for production use", see:
https://wiki.squid-cache.org/Squid-4
"The features have been set and large code changes are reserved for later versions."
I've tested almost all 4.x-versions and patch series before with good results.
Right now, 4.4 is running here with no seen problems together with
'squidclamav', 'squidguard' and 'privoxy'.
I too would declare this version stable.
Best,
Matthias
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
For details, see:
http://www.squid-cache.org/Versions/v3/3.5/changesets/
Since there were problems with "trailing white spaces" I started a new 'squid_3'
branch from scratch, based on current 'next'.
I hope this is what is needed and that it helps.
This one was built without errors and is running here without seen problems.
Best,
Matthias
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Removed unecessary quotations and two configure-options, see:
ftp://ftp.fu-berlin.de/unix/www/squid/archive/3.1/squid-3.1.0.16-RELEASENOTES.html
--with-aio
Deprecated. POSIX AIO is now auto-detected and enabled.
Use --without-aio to disable, but only if you really have to.
--with-pthreads
Deprecated. pthreads library is now auto-detected and enabled.
Use --without-pthreads to disable, but only if you really have to.
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
The 'configure'-options were sorted (kind of) to get a better overview.
Added latest patches from upstream.
Changed '--enable-async-io=8' to '--enable-async-io=16' because of
http://www.squid-cache.org/mail-archive/squid-users/200705/0768.html :
"The default number of threads is dependent on the number of aufs
cache_dir lines, based on a reasonable estimate of how the code behaves."
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
http://www.squid-cache.org/Advisories/SQUID-2016_3.txt
Due to a buffer overrun Squid pinger binary is vulnerable to
denial of service or information leak attack when processing
ICMPv6 packets.
This bug also permits the server response to manipulate other
ICMP and ICMPv6 queries processing to cause information leak.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Squid configured with cache_peer and operating on explicit proxy
traffic does not correctly handle CONNECT method peer responses.
The bug is important because it allows remote clients to bypass
security in an explicit gateway proxy.
However, the bug is exploitable only if you have configured
cache_peer to receive CONNECT requests.
http://www.squid-cache.org/Advisories/SQUID-2015_2.txt
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
The SSL support parts of squid are a great security
risk. The majority of all security issues has been
in this area. As we are not using any of that in
production we can as well disable SSL support.
This won't affect squid's possibility to forward
SSL connections with the CONNECT method.
