Integrate the following vendor patches as published on <http://www.squid-cache.org/Versions/v2/2.5/bugs/>: - document that tcp_outgoing_xxx works badly in combination with server_persistent_connections (squid bug #454) - add more tracing in test mode of squid_ldap_auth (squid bug #1395) - fix breakage of accel_single_host when combined with server_persistent_connection (squid bug #1402) - correctly implement the CACHE_HTTP_PORT configuration directive (squid bug #1403) - fix the problem that CNAME addresses were remembered with a wrong TTL (squid bug #1404) - fix incorrect handling of squid-internal-dynamic/netdb in conjunction with httpd_accel/transparent proxies (squid bug #1410) - properly revalidate the cache on HEAD requests (squid bug #1411) - correct handling of Set-Cookie headers on cache refreshes (squid bug #1419) - fix a vulnerability in the FTP parsing code (squid bug #1426) VuXML data for squid bug #1426 (please fill in <entry> date): <vuln vid="cf5d84d0-4007-11da-9e1e-c296ac722cb3"> <topic>squid -- vulnerability in FTP parsing code</topic> <affects> <package> <name>squid</name> <range><lt>2.5.11_3</lt></range> </package> </affects> <description> <body xmlns="http://www.w3.org/1999/xhtml"> <p>The squid patches page notes:</p> <blockquote cite="http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE11-rfc1738_do_escape"> <p>In certain odd FTP server responses Squid may crash with a segmentation fault in rfc1738_do_escape.</p> <p>Workaround: deny access to the ftp protocol via the proxy</p> </blockquote> </body> </description> <references> <url>http://www.squid-cache.org/bugs/show_bug.cgi?id=1426</url> <url>http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE11-rfc1738_do_escape</url> </references> <dates> <discovery>2005-10-12</discovery> <entry>YYYY-MM-DD</entry> </dates> </vuln> Fix: Apply this patch:
Responsible Changed From-To: freebsd-ports-bugs->garga I'll take it.
State Changed From-To: open->closed Committed. Thanks!