Squid

squid:v3.1

  1. Git
  2. lp:squid
  3. v3.1
Last commit made on 2016-12-17
Get this branch:
git clone -b v3.1 https://git.launchpad.net/squid

Branch merges

Branch information

Name:
v3.1
Repository:
lp:squid

Recent commits

a160e3d... by Garri Djavadyan <email address hidden>

Bug 4169: HIT marked as MISS when If-None-Match does not match

926e888... by Garri Djavadyan <email address hidden>

Bug 3379: Combination of If-Match and a Cache Hit result in TCP Connection Failure

4ce4f66... by Amos Jeffries

Bug 4515: regression after CVE-2016-4554 patch

6c4f6c7... by Amos Jeffries

Require exact match in Host header name lookup

d63e4b4... by "Yuriy M. Kaminskiy" <email address hidden>

pinger: Fix buffer overflow in Icmp6::Recv

d224c72... by Alex Rousskov

Do not blindly forward cache peer CONNECT responses.

Squid blindly forwards cache peer CONNECT responses to clients. This
may break things if the peer responds with something like HTTP 403
(Forbidden) and keeps the connection with Squid open:
  - The client application issues a CONNECT request.
  - Squid forwards this request to a cache peer.
  - Cache peer correctly responds back with a "403 Forbidden".
  - Squid does not parse cache peer response and
     just forwards it as if it was a Squid response to the client.
  - The TCP connections are not closed.

At this stage, Squid is unaware that the CONNECT request has failed. All
subsequent requests on the user agent TCP connection are treated as
tunnelled traffic. Squid is forwarding these requests to the peer on the
TCP connection previously used for the 403-ed CONNECT request, without
proper processing. The additional headers which should have been applied
by Squid to these requests are not applied, and the requests are being
forwarded to the cache peer even though the Squid configuration may
state that these requests must go directly to the origin server.

This fixes Squid to parse cache peer responses, and if an error response
found, respond with "502 Bad Gateway" to the client and close the
connections.

 Backport by RaphaĆ«l Hertzog based on original work by Alex Rousskov

073cda4... by Amos Jeffries

Fix backport error in rev.10490

bd207de... by Source Maintenance <email address hidden>

Docs: Update CONTRIBUTORS

381dc6c... by Amos Jeffries

Release Notes updates

e762b0a... by Amos Jeffries

Fix various ICMP handling issues in Squid pinger

* ICMP code type logging display could over-read the registered type
  string arrays.

* Malformed ICMP packets were accepted into processing with undefined
  and potentially nasty results.

Both sets of flaws can result in pinger segmentation fault and halting
the Squid functionality relying on pinger for correct operation.

 Thanks to the OpenSUSE project for analysis and resolution of these.