Squid 3?

jimp

Someone has said that the config should be the same for 2 and 3

If the GUI code for 2 will work with 3, I can sync the code in the package and update the binary version, bring it more up to date.

I'm not sure what the state of our package/gui code for squid3 is like right now.

simby

Jimp, can you please? :)

jimp

Well if the GUI code is the same, what does squid 3 get you that squid 2 doesn't have?

ToxIcon

squid squid-3.2.0.3 fix some security issues.
The string-comparison functions in String.cci in Squid 3.x before
3.1.8 and 3.2.x before 3.2.0.2 allow remote attackers to cause a
denial of service (NULL pointer dereference and daemon crash) via a
crafted request.
http://www.mirrorservice.org/sites/ftp.squid-cache.org/pub/squid/squid-3.2-ChangeLog.txt
http://www.mirrorservice.org/sites/ftp.squid-cache.org/pub/squid/squid-3.2.0.3.tar.gz
http://ftp.wa.co.za/pub/squid/squid-3.2.0.3.tar.gz

squidGuard-1.5
http://www.squidguard.org/Downloads/CHANGELOG
http://www.squidguard.org/Downloads/Devel/squidGuard-1.5-beta.tar.gz

HAVP 0.92a - security fix

• Add missing dot to sourceforge for safety
  Only the whitelist needs an update:
  Description of Issue
  havp's whitelist configuration file contains an entry that would allow specially-named domain names to serve malware and completely avoid detection by havp.
  Specifically, the following line in /etc/havp/whitelist:
  *sourceforge.net/clamav-
  The file has been updated in the sourceforge to include the fix:
  *.sourceforge.net/clamav-

clamav-0.96.4 - security fix
http://git.clamav.net/gitweb?p=clamav-devel.git;a=blob_plain;f=ChangeLog;hb=clamav-0.96.4

All packages above have security and bug fix would be nice if we could get these to work with pfsense :)

dvserg

Thanks!

jimp

I uploaded updated squid3 binaries for 2.0 just now, haven't gotten to the ones for 1.2.x. I also sync'd up the squid GUI code, so even with the older squid3 binary up there for 1.2.x it may work, who knows. Hard to say without trying.

Give it about 5 minutes and the changes should show up in the package repository.

dvserg

2.0-BETA4 (i386) built on Thu Nov 4 00:49:05 EDT 2010 FreeBSD 8.1-RELEASE-p1

Nov 20 00:40:01	check_reload_status: reloading filter
Nov 20 00:40:01	php: /pkg_edit.php: The command '/usr/local/sbin/squid -k reconfigure' returned exit code '1', the output was '2010/11/20 00:40:01| WARNING: Netmasks are deprecated. Please use CIDR masks instead. 2010/11/20 00:40:01| WARNING: IPv4 netmasks are particularly nasty when used to compare IPv6 to IPv4 ranges. 2010/11/20 00:40:01| WARNING: For now we will assume you meant to write /24 2010/11/20 00:40:01| ERROR: '0.0.0.0/0.0.0.0' needs to be replaced by the term 'all'. 2010/11/20 00:40:01| SECURITY NOTICE: Overriding config setting. Using 'all' instead. 2010/11/20 00:40:01| WARNING: (B) '::/0' is a subnetwork of (A) '::/0' 2010/11/20 00:40:01| WARNING: because of this '::/0' is ignored to keep splay tree searching predictable 2010/11/20 00:40:01| WARNING: You should probably remove '::/0' from the ACL named 'all' 2010/11/20 00:40:01| WARNING: Netmasks are deprecated. Please use CIDR masks instead. 2010/11/20 00:40:01| WARNING: IPv4 netmasks are particularly nasty when used to compare IPv6 to IPv
Nov 20 00:40:01	squid: Bungled squid.conf line 59: reply_body_max_size 0 allow all
Nov 20 00:40:01	php: /pkg_edit.php: Reloading Squid for configuration sync

jimp

Yeah it looks like the backend code will need some work, whoever said it was config-compatible with 2.x was slightly mistaken :-)

dvserg

;D
A lot of work done. More work needs to be done.
Thanks.

_igor_

Who maintains the squid3-package? To me it looks as if not much happens (still alpha), for this reason i didn't test till now. But i don't want to offend anyone, if i'm completely wrong with my opinion.

Would test it with 2.0.

Any status-update would be apreciated. Thanks!

jimp

@_igor_:

Who maintains the squid3-package? To me it looks as if not much happens (still alpha), for this reason i didn't test till now. But i don't want to offend anyone, if i'm completely wrong with my opinion.

Would test it with 2.0.

Any status-update would be apreciated. Thanks!

It had not been touched in a while. I tried to bring it up to date a bit last week by syncing the code from the 2.x package since someone had said it should be config-compatible, and I made it use Squid 3.1.x (which may be where the incompatibility came in). It should be possible to make it work, it just needs some TLC.