From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6) Gecko/20040122 Debian/1.6-1 Description of problem: Please upgrade to 2.5.STABLE4. Key changes squid-2.5.STABLE3 to 2.5.STABLE4: * several memory leaks corrected * segmentation fault if more than one deny_info corrected * Lithuanian error messages added * a crash related to ftpTimeout: timeout in SENT_PASV state corrected * http_reply_access deny now logs the request with TCP_DENIED to allow them to be accounted for properly in statistics * minimum_retry_timeout configuration directive removed. If you have this directive in your existing squid.conf you will need to remove the line. * Improvements to the (experimental) COSS storage scheme. * Updates to allow Squid to be compiled with GCC-3.3 * POST now works well with NTLM and Digest authentication * http_header_access now works in combination with cache_peer * Most Squid generated errors are now logged as TCP_DENIED/XXX rather than TCP_MISS/XXX or NONE/XXX. This to work around issues relating to access controls. * external_acl_type concurrency= option renamed to children= to prepare for Squid-3 upgrade. The old syntax is still accepted but you may want to upgrade your configuration now to save you from the trouble when upgrading to Squid-3 later. * a large number of minor bugfixes. See the list of squid-2.5.STABLE3 patches and the ChangeLog file for details. Version-Release number of selected component (if applicable): squid-2.5.STABLE3-0 How reproducible: Always Steps to Reproduce: 1.install squid Additional info:
Date: Mon, 1 Mar 2004 12:37:00 +0100 (CET) From: Henrik Nordstrom <hno> To: squid-announce Subject: Squid-2.5.STABLE5 released [minor security / major bugfix release] The Squid HTTP Proxy team is pleased to announce the availability of the Squid-2.5.STABLE5 bugfix release. This new release can be downloaded from our HTTP or FTP servers http://www.squid-cache.org/Versions/v2/2.5/ ftp://ftp.squid-cache.org/pub/squid-2/STABLE/ or the mirrors (may take a while before all mirrors are updated). For a list of mirror sites see http://www.squid-cache.org/Mirrors/http-mirrors.html http://www.squid-cache.org/Mirrors/ftp-mirrors.html Squid-2.5.STABLE5 is a major bugfix release of Squid-2.5 and corrects one minor security issue in url_regex access controls and several major non-security related bugs found in the earlier Squid-2.5 releases. Users are recommended to upgrade to this new release, especially if using any of the features mentioned below. The most important bug-fixes in this release are: [security] %00 in could be used in to bypass url_regex and urlpath_regex access controls in certain configurations. Other acl directives not affected. More information on this issue can be found in the SQUID-2004:1 security advisory distributed separately <url:http://www.squid-cache.org/Advisories/SQUID-2004_1.txt> [major] Several NTLM related bugfixes and improvements fixing the problem of random auth popups and account lockouts. Optional support for the NEGOTIATE NTLM packet is also added to allow Samba-3.0.2 or later to negotiate the use of NTLMv2 or NTLM2. [major] Several authentication related bugfixes to allow authentication to work in additional acl driven directives outside of http_access, and a number of corrections to assertion or segmentation faults and some memory leaks. In addition there is a small number of new features or improvements which enhances the functionality of Squid [medium] redirector interface modified to work with login names containing spaces or other odd characters. This is accomplished by URL-encoding the login name before sent to redirectors. Note: Existing redirectors or their configuration may need to be slightly modified in how they process the ident column to support the new username format (only applies to redirectors looking into the username) [medium] various timeouts adjusted: connect_timeout 1 minute (was 2 minutes which is now forward_timeout), negative_dns_ttl 1 minute (was 5 minutes) and is now also used as minimum positive dns ttl, dns_timeout 2 minutes (was 5 minutes) [minor] "short_icon_urls on" can be used to simplify the URLs used for icons etc to avoid issues with proxy host naming and authentication when requesting icons. [minor] A new "urllogin" ACL type has been introduced allowing regex matches to the "login" component of Internet style URLs (protocol://user:password@host/path/to/file). [minor] Squid now respects the Telnet protocol on connections to FTP servers. The ftp_telnet_protocol directice can be used to revert back to the old incorrect implementation if required. [minor] The default mime.conf has been updated with many new mime types and a few minor corrections. In addition the download and view links is used more frequently to allow view/download of different ftp:// contents regardless of their mime type assignment. in addition there is a large amount of minor and cosmetic bugfixes not included in the above list. For a complete list of changes see the ChangeLog and the Squid-2.5 Patches page <url:http://www.squid-cache.org/Versions/v2/2.5/bugs/> It is recommended to read the release notes when upgrading from an earlier Squid release (including Squid-2.5.STABLE4) as there has been some minorchanges in the configuration. Thanks goes to MARA Systems AB who has been actively sponsoring this bugfix release of Squid as part of their continuing effort to provide both free and commercial support to the Squid community, and to all users who have provided valuable bug reports and feedback via the Squid bug reporting tool. Regards The Squid HTTP Proxy developer team
Fixed for rawhide, what about Red Hat Linux 9?
Erratum RHSA-2004:134 in progress.
Errata done: http://rhn.redhat.com/errata/RHSA-2004-134.html