lp:squid/3.1

Created by Henrik Nordström on 2012-09-14 and last modified on 2016-12-17
Get this branch:
bzr branch lp:squid/3.1

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
squid
Project:
Squid
Status:
Mature

Import details

Import Status: Reviewed

This branch is an import of the Bazaar branch at http://bzr.squid-cache.org/bzr/squid3/3.1/.

The next import is scheduled to run in 4 hours.

Last successful import was 1 hour ago.

Import started 1 hour ago on alnitak and finished 1 hour ago taking 20 seconds — see the log
Import started 7 hours ago on izar and finished 7 hours ago taking 20 seconds — see the log
Import started 13 hours ago on alnitak and finished 13 hours ago taking 25 seconds — see the log
Import started 19 hours ago on alnitak and finished 19 hours ago taking 20 seconds — see the log
Import started on 2019-10-16 on izar and finished on 2019-10-16 taking 20 seconds — see the log
Import started on 2019-10-15 on izar and finished on 2019-10-15 taking 25 seconds — see the log
Import started on 2019-10-15 on izar and finished on 2019-10-15 taking 20 seconds — see the log
Import started on 2019-10-15 on izar and finished on 2019-10-15 taking 20 seconds — see the log
Import started on 2019-10-15 on alnitak and finished on 2019-10-15 taking 25 seconds — see the log
Import started on 2019-10-14 on izar and finished on 2019-10-14 taking 20 seconds — see the log

Recent revisions

10499. By Garri Djavadyan <email address hidden> on 2016-12-17

Bug 4169: HIT marked as MISS when If-None-Match does not match

10498. By Garri Djavadyan <email address hidden> on 2016-12-17

Bug 3379: Combination of If-Match and a Cache Hit result in TCP Connection Failure

10497. By Amos Jeffries on 2016-05-08

Bug 4515: regression after CVE-2016-4554 patch

10496. By Amos Jeffries on 2016-05-02

Require exact match in Host header name lookup

10495. By Yuriy M. Kaminskiy <email address hidden> on 2016-03-30

pinger: Fix buffer overflow in Icmp6::Recv

10494. By Alex Rousskov on 2015-07-30

Do not blindly forward cache peer CONNECT responses.

Squid blindly forwards cache peer CONNECT responses to clients. This
may break things if the peer responds with something like HTTP 403
(Forbidden) and keeps the connection with Squid open:
  - The client application issues a CONNECT request.
  - Squid forwards this request to a cache peer.
  - Cache peer correctly responds back with a "403 Forbidden".
  - Squid does not parse cache peer response and
     just forwards it as if it was a Squid response to the client.
  - The TCP connections are not closed.

At this stage, Squid is unaware that the CONNECT request has failed. All
subsequent requests on the user agent TCP connection are treated as
tunnelled traffic. Squid is forwarding these requests to the peer on the
TCP connection previously used for the 403-ed CONNECT request, without
proper processing. The additional headers which should have been applied
by Squid to these requests are not applied, and the requests are being
forwarded to the cache peer even though the Squid configuration may
state that these requests must go directly to the origin server.

This fixes Squid to parse cache peer responses, and if an error response
found, respond with "502 Bad Gateway" to the client and close the
connections.

 Backport by Raphaël Hertzog based on original work by Alex Rousskov

10493. By Amos Jeffries on 2015-06-12

Fix backport error in rev.10490

10492. By Source Maintenance <email address hidden> on 2015-04-23

Docs: Update CONTRIBUTORS

10491. By Amos Jeffries on 2015-02-18

Release Notes updates

10490. By Amos Jeffries on 2014-09-15

Fix various ICMP handling issues in Squid pinger

* ICMP code type logging display could over-read the registered type
  string arrays.

* Malformed ICMP packets were accepted into processing with undefined
  and potentially nasty results.

Both sets of flaws can result in pinger segmentation fault and halting
the Squid functionality relying on pinger for correct operation.

 Thanks to the OpenSUSE project for analysis and resolution of these.

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
This branch contains Public information 
Everyone can see this information.