From patchwork Thu Sep 21 13:18:08 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adolf Belka X-Patchwork-Id: 7236 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) client-signature ECDSA (secp384r1)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4RrwvV34wLz3ws3 for ; Thu, 21 Sep 2023 13:18:30 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384 client-signature ECDSA (secp384r1) client-digest SHA384) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4RrwvK2n6qz1GG; Thu, 21 Sep 2023 13:18:21 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4RrwvJ69h4z2yZg; Thu, 21 Sep 2023 13:18:20 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4RrwvC3jxbz2xQl for ; Thu, 21 Sep 2023 13:18:15 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4Rrwv925gjzdl; Thu, 21 Sep 2023 13:18:13 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1695302293; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=S54PaGTWUzVLQ7ehcwCiF9vlUhIfw8ViENwu78Pt20Y=; b=JITLWBKUFYaaSXiyAlkWeY8z8LJUl5I5u3e1pv5G8uuuEZWZBCTCML4Z3rRAgByw7sobak wYzQgY4lTLhJEJAQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1695302293; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=S54PaGTWUzVLQ7ehcwCiF9vlUhIfw8ViENwu78Pt20Y=; b=UmzX98/be7GS0XQ6eqz7lFe/NagEYbtUOh/tJWT0gxdp2hLKFyH+n2KlfafcruHwK0tGdB VkvEPZz0lse9NTZqjhYrx0QU//gA0csSV1MHXKxu4sKo4R/jTbomnsiAN64s/4roVpR6Uk w1gT0W7k0CIH24ziBGhJW6hOV6WQTy0b3JynkBaiX98f6KPt2TRaPsfu1j00hXPtfRF9Kh E24IUkIweus7bNBCX7w2LxTsnVy0wpG+hHsbrc6L7blsy7cyLfmGnXVWqH0O4JcsD0RxGw wNj5J03bfO6brKh0w3MMksLF8B5I0en6kzawYT5TOijWs0TrHClSXJ22rawjXA== From: Adolf Belka To: development@lists.ipfire.org Subject: [PATCH] squid: Update to version 6.3-1 Date: Thu, 21 Sep 2023 15:18:08 +0200 Message-ID: <20230921131808.221249-1-adolf.belka@ipfire.org> MIME-Version: 1.0 X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" - IPFire-3.x - Update from version 5.7-2 to 6.3-1 - Changelog 6.3 (03 Sep 2023): - Bug 5294: ERR_CANNOT_FORWARD returned instead of ERR_DNS_FAIL - Bug 4981: Work around in-call job invalidation bugs - basic_smb_lm_auth: fix 'no previous declaration' warnings - CacheManager: require /squid-internal-mgr/ URL path prefix - ESI: Fix build [-Wsingle-bit-bitfield-constant-conversion] - ... and some documentation changes 6.2 (06 Aug 2023): - Bug 5187: Work around REQMOD satisfaction regression - Bug 5290: pure virtual call in Ftp::Client constructor - Fix memory leak when reconfiguring multiline all-of ACLs - ... and a lot of code cleanups - ... and some portability fixes on GNU/Hurd and MSWindows 6.1 (06 Jul 2023): - Bug 5278: Log %err_code for "early" request handling errors - Do not cache (and do not serve cached) cache manager responses - Fix key equality comparison in LookupTable map - Honor DNS RR TTLs larger than negative_dns_ttl - ... and some documentation changes 6.0.3 (07 Jun 2023): - Bug 5148: Log %Ss of failed tunnels as TCP_TUNNEL - Do not leak Security::CertErrors created in X509_verify_cert() - Do not erase aborted StoreMap entries that are still being read - Fix build in environments lacking syslog - Fix build failures in some environments due to time_t type conflicts in libdebug - Remove obsolete caddr_t - ... and some documentation changes 6.0.2 (30 Apr 2023): - Avoid excessive disk I/O in some environments - ... and several build and portability fixes - ... and all fixes from 5.9 6.0.1 (28 Feb 2023): - Bug 5256: Intercepting port fails to accept - Bug 5241: Block all non-localhost requests by default - Bug 5241: Block to-localhost, to-link-local requests by default - Bug 5232: Fix GCC v12 build [-Wuse-after-free] - Bug 5211: support.cc:355: "!filledCheck->sslErrors" assertion - Bug 5194: Remove all unused debug sections - Bug 5162: mgr:index URL do not produce MGR_INDEX template - Bug 5129 pt1: remove Lock use from HttpRequestMethod - Bug 5128: Translation: Fix % i typo in es/ERR_FORWARDING_DENIED - Bug 5021: Add a script to fix spelling error with codespell - Bug 4946: client_side_request.cc: "request != newRequest" - Bug 4832: '!schemeAccess' assertion on exit - Bug 4572: squidclient: Remove deprecated cache_object:// support - Bug 4528: ICAP transactions quit on async DNS lookups - Add scripts/trace-context.pl: a debugging tool - Remove cache_diff tool - Remove membanger tool - Remove pconn-banger tool - Remove recv-announce tool - Remove send-announce tool - Remove tcp-banger* tools - Remove ufsdump tool - Remove support for Gopher protocol - Remove support for unused libbsd - Remove bundled GnuRegex library - Remove CPU profiler mechanism - Remove leakfinder (--enable-leakfinder) - Remove --enable-kill-parent-hack - Remove --disable-loadable-modules - Remove unused/disabled/broken LEAK_CHECK_MODE code - Remove SCO 3.2 support - Remove m88k-specific support - Remove NeXTSTEP support - Remove HPUX compiler support - Remove CBDATA debugging - Require C++17 - cachemgr.cgi: Remove deprecated cache_object:// support - ext_kerberos_ldap_group_acl: Support -b with -D - ext_lm_group_acl: Improved username handling - negotiate_wrapper: ensure null-termination of strings - pinger: Fix MAX_PKT{4,6}_SZ to account for icmpEchoData padding - HTTP: Replaced X-Cache and X-Cache-Lookup headers with Cache-Status - HTTP: Update Host, Via, and other headers in-place when possible - HTTP: Update status code 413 compliance - RFC 9110: Reject different HTTP requests with unusual framing - RFC 9111: Stop treating Warning specially - RFC 9113: update documentation references - RFC 9218: Priority header registration - SSL-Bump: Remove step2+ stare-and-splice and peek-and-bump support - TLS: Do not send more than one self-signed certificate - TLS: Sort CA certificates in tls-cert=bundle - TLS: Preserve configured order of intermediate CA certificate chain - WCCP: Validate packets better - CI: Support "negative" squid-conf-tests - CI: Maintenance: Support custom astyle versions - CI: test-builds.sh: in case of error dump full log - CI: Add --progress option to test-builds.sh - CI: Change time_units test to also work on 32bit systems - CI: Maintenance: Update astyle version to 3.1 - Add cache_log_message directive - Add paranoid_hit_validation directive - Add tls_key_log to report TLS communication secrets - Add %busy_time logformat code - Add %transport::>connection_id logformat code - Add %request_attempts logformat code - Warn about some bad from-helper annotations - Ban acl key changes in req_header, rep_header, and note ACLs - Optimize ephemeral port reuse with IP_BIND_ADDRESS_NO_PORT - Honor httpd_suppress_version_string in more contexts - Honor ftp_port worker-queues option - Log early level-0/1 debugs() messages to cache_log - Support reliable zeroing of sensitive buffers - Do not overwrite caching bans - Do not blame cache_peer for 4xx CONNECT responses - Mimic GET reforwarding decisions when our CONNECT fails - Discarded connections do not contribute to forward_max_tries - Honor assertions during shutdown - Do not stop listening after "ERROR: NAT/TPROXY lookup failed..." - Do not skip problematic regexes in ACLs - Improve coredump_dir on FreeBSD and Solaris based OS - Avoid reverse DNS lookups when logformat %>A is unused - BUG: Unexpected state while connecting to ... server - Properly track (and mark) truncated store entries - Support "file" syntax for 'squid_error' and 'has' ACL parameters - Allow sending "squid -k ..." signals to PID 1 - Remove bogus "found KEY_PRIVATE" WARNINGs - Avoid "BUG #3329: Lost orphan ..." during accept problems - Report SMP store queues state (mgr:store_queues) - Remove 8K limit for single access.log line - Rename ./configure option --with-libxml2 to --with-xml2 - Rename ./configure option --with-libcap to --with-cap - Match ./configure --help parameter names with their defaults - Remove broken -sha1 option from server_cert_fingerprint - Fix typo in manager ACL - Fix milliseconds in certain cache.log messages - Fix ignore-cc/act-as-origin in wildcard split-stack ports - Fix comm.cc:644: "address.port() != 0" assertion - Fix StoreMap.cc "anchorAt(anchorId).reading()" assertions - Fix double-free segmentation fault on shutdown - Fix client_side_request.cc:2028 "request->method.id()" assertion - Fix reconfiguration leaking tls-cert=... memory - Fix X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY handling - Fix "mem_obj->inmem_lo == 0" assertion in StoreEntry::swapOut() - Fix TCP keepalive - Fix SslBump reconfiguration leaking public key memory - Fix socket accounting for TCP accept() - ... and many documentation changes - ... and much code cleanup and polishing - ... and all fixes from 5.8 5.9 (30 Apr 2023): - Improve reply_body_max_size matching accuracy - ... and some documentation changes - ... and many portability fixes 5.8 (28 Feb 2023): - Bug 5162: mgr:index URL do not produce MGR_INDEX template - Bug 5241: Block all non-localhost requests by default - Bug 5241: Block to-localhost, to-link-local requests by default - ext_kerberos_ldap_group_acl: Support -b with -D - Fix ACL type typo in req_header, rep_header key-changing ERRORs - ... and several compile fixes - ... and some code cleanup and polishing Signed-off-by: Adolf Belka --- squid/squid.nm | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/squid/squid.nm b/squid/squid.nm index 053c05543..0441ae658 100644 --- a/squid/squid.nm +++ b/squid/squid.nm @@ -4,10 +4,10 @@ ############################################################################### name = squid -major_ver = 5 -minor_ver = 7 +major_ver = 6 +minor_ver = 3 version = %{major_ver}.%{minor_ver} -release = 2 +release = 1 groups = Networking/Daemons url = https://www.squid-cache.org/