Module Name:	pkgsrc
Committed By:	taca
Date:		Mon Feb 18 17:00:41 UTC 2002

Modified Files:
	pkgsrc/www/squid: Makefile distinfo
	pkgsrc/www/squid/patches: patch-ag
Added Files:
	pkgsrc/www/squid/patches: patch-an

Log Message:
Update squid to squid-2.4.3nb1.

- replace a hack adding fd_mask definition in autoconf.h with re-writing
  configure script.  It cause to run configure twice and result "no fd_mask".
- Incorporate three official patches from
  http://www.squid-cache.org/Versions/v2/2.4/bugs/.

o SNMP memory leaks

	synopsis
		The SNMP implementation in Squid had several memory leaks
		possibly causing an denial of service.

	workaround
		Disable the SNMP port if enabled by using "snmp_port 0" in
		squid.conf.  Or if you only use SNMP for MRTG data
		collection running on the same host then use
		"snmp_incoming_address 127.0.0.1" to limit reachability
		of the SNMP port to only localhost or some other trusted
		network.

o Coredump on certain ftp:// style URL's

	synopsis
		If certain constructed ftp:// style URL's are received then
		squid crashes, causing a denial of service and maybe even
		remote execution of code.

	workaround
		Deny forwarding of non-anonymous FTP URLs by inserting
		the following rules at the top of squid.conf, prior to
		any http_access allow lines.

		acl non_anonymous_ftp url_regex -i ftp://[^/@]*@
		http_access deny non_anonymous_ftp

o "htcp_port 0" fails to disable the HTCP port

	synopsis
		"htcp_port 0" fails to completely disable the HTCP port as
		documented in squid.conf, instead HTCP will be listening on
		a random port number.


To generate a diff of this commit:
cvs rdiff -r1.58 -r1.59 pkgsrc/www/squid/Makefile
cvs rdiff -r1.7 -r1.8 pkgsrc/www/squid/distinfo
cvs rdiff -r1.9 -r1.10 pkgsrc/www/squid/patches/patch-ag
cvs rdiff -r0 -r1.1 pkgsrc/www/squid/patches/patch-an

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.