Squid-3.1.1 has been released http://www.squid-cache.org/Versions/v3/3.1/RELEASENOTES.html Reproducible: Always
Created attachment 227901 [details] Proposed ebuild
Created attachment 227903 [details, diff] Updated squid-${PV}-gentoo.patch
Created attachment 227905 [details, diff] Updated squid-${PV}-qafixes.patch
Created attachment 227907 [details, diff] Updated squid-${PV}-libmd5.patch It's actually the same as squid-3.1.0.15_beta-libmd5.patch. Just renamed it to match squid version
Current status is obviously "works for me" :)
maybe it will help if we vote... :)
+1 "works for me"
Created attachment 230083 [details, diff] Updated -gentoo patch for 3.1.3 3.1.3 was released and the -gentoo patch required a small fix. The other patches can simply be renamed.
summary should be changed to net-proxy/squid-3.1.3 bump request to avoid missinterpretation
In testing squid-3.1.3, I encountered the following during the src_prepare() phase: Fixing configure recursion bootstrap.sh: line 158: ed: command not found It's easy to overlook because it is not treated as a fatal error. Consequently, sys-apps/ed should be added to DEPEND. This issue may apply to previous versions as well.
IMO, the -gentoo.patch file should update the bootstrap.sh file instead of adding an additional dependency of installing more software for the sake of a -very- tiny edit. i.e. the applicable section reads: # Fixup autoconf recursion using --silent/--quiet option # autoconf should inherit this option whe recursing into subdirectories # but it currently doesn't for some reason. if ! grep "configure_args --quiet" configure >/dev/null; then echo "Fixing configure recursion" ed -s configure <<'EOS' >/dev/null || true /ac_sub_configure_args=/ +1 i # Add --quiet option if used test "$silent" = yes && ac_sub_configure_args="$ac_sub_configure_args --quiet" . w EOS fi
(In reply to comment #11) > IMO, the -gentoo.patch file should update the bootstrap.sh file instead of > adding an additional dependency of installing more software for the sake of a > -very- tiny edit. I was thinking the same thing. On the other hand that piece of code fails (almost) silently so why should we bother with it?
Created attachment 231689 [details] Updated squid-3.1.1.ebuild with some patch references changed from ${P} to ${PN}-3.1.1
Motivation for upgrading in my case was that squid-3.1 now supports IPv6.
Squid 3.1.4 Released on 30 May 2010. http://www.squid-cache.org/Versions/v3/3.1/changesets/SQUID_3_1_4.html Is squid really needs none optional berkdb? I found only external session requires it? I'm wrong?
(In reply to comment #15) > Squid 3.1.4 Released on 30 May 2010. > http://www.squid-cache.org/Versions/v3/3.1/changesets/SQUID_3_1_4.html > net-proxy/squid-3.1.4.ebuild and updated patches in 'jasiu' overlay :-) Thanks to all of you!
go go jasiu overlay. it'd be great if the ebuild would get into portage, the ebuild for squid there are really old. it should also be noted that 3.1.x is needed to have support for this fancy new 10+ years old thing called ipv6. Bug #304751 could be closed as duplicate of this bug(?).
Re: Comment 17 ... Bug 304751 should have been assigned to security as I have now done so. It may not be closed until such time as it has been addressed, in accordance with the vulnerability policy. On another note, squid-3.1.4 is available.
I was looking at the ebuild in the jasiu overlay and was looking at the last hunk in the qa fixes patch: http://gitorious.org/jasiu/jasiu/blobs/master/net-proxy/squid/files/squid-3.1.4-qafixes.patch If you look at the patch in previous versions, the original file has changed. Indeed, it changed in this commit: http://bazaar.launchpad.net/~squid/squid/3.1/revision/9828#src/forward.cc When I tested the patch without that hunk the build succeeded without errors. If it is indeed not fixed, upstream should be engaged again to repair it, otherwise this patch hunk is not necessary. Other than that, looks great, and I can't wait for it to hit portage. (Removal of the old 3.1 beta ebuilds and the global mask on all squid-3.1* ebuilds will be nice too)
Squid 3.1.5 Released on 01 July 2010. http://www.squid-cache.org/Versions/v3/3.1/changesets/SQUID_3_1_5.html
*** Bug 304751 has been marked as a duplicate of this bug. ***
I had squid 2.7.x and 3.1.x only (not 3.0.x) Squid 3.1.1-3.1.5 eats all my ram and all my swap. Squid 2.7.x was fine. Issue http://bugs.squid-cache.org/show_bug.cgi?id=2927
Created attachment 238797 [details, diff] Proposed squid-3.1.5 ebuild (diff) This is a patch against the last committed ebuild in the mainline tree (3.1.0.15_beta-r1). It is presented as such because I think it is then easier for a developer to review the changes, which are as folllows: * Update to 3.1.5 * Use declarative patches * Define pkg_pretend phase for coss check, while retaining compatibility with < EAPI-4 * Don't use echo in pkg_postinst (elog doesn't necessarily go to the console) * Use default phase functions in src_prepare and src_install * Add 3 upstream patches to fix memory leaks
Created attachment 238799 [details, diff] squid-3.1.5-gentoo.patch
Created attachment 238801 [details, diff] squid-3.1.5-qafixes.patch
Created attachment 238803 [details, diff] squid-3.1.5-libmd5.patch
Created attachment 238805 [details, diff] squid-3.1.5-errorstate-leak-fix.patch
Created attachment 238807 [details, diff] squid-3.1.5-range-leak-fix-1.patch Backported by myself - test please!
Created attachment 238809 [details, diff] squid-3.1.5-range-leak-fix-2.patch
version bump http://www.squid-cache.org/Versions/v3/3.1/squid-3.1.6.tar.bz2
Some issues to note as currently known in this release which are not able to be fixed in the 3.1 series are: * The lack of some features available in Squid-2.x series. See the regression sections below for full details. * IPv6 split-stack support for Windows XP, MacOS X, OpenBSD and maybe others is not complete. * CVE-2009-0801 : NAT interception vulnerability to malicious clients. Currently known issues which only depends on available developer time and may still be resolved in a future 3.1 release are: * An ongoing slow FD leak introduced somewhere during the Squid-3.0 cycle. * Windows support is still largely missing. * AIX support for building with the IBM compiler is broken. (c) www.squid-cache.org
Thanks for the information, esc. Whatever its deficiences may be, it would still obviously be in the broader public interest to get it updated in gentoo. If it has to stay ~arch then so be it. squid-2.7.x remains eligible to be bumped also and - between them - the outstanding security bugs could be closed.
3.1.5 works fine for me (arguably only lightly loaded home server) with no apparent leaks, but 3.1.6 has new issues with mixed IPv4/6 handling, and a new bug with --disable-ipv6. I have a patch that I'll test and will report here.
(In reply to comment #32) > Thanks for the information, esc. Whatever its deficiences may be, it would > still obviously be in the broader public interest to get it updated in gentoo. > If it has to stay ~arch then so be it. squid-2.7.x remains eligible to be > bumped also and - between them - the outstanding security bugs could be closed. > Yes, please also bump 2.7 as there are still several features only avaliable in that branch. For example: collapsed_forwarding refresh_pattern/negative-ttl=, etc.
(In reply to comment #33) > 3.1.6 has new issues with mixed IPv4/6 handling, and a new bug with > --disable-ipv6. I have a patch that I'll test and will report here. Did not help, so +1 for an intermediate 3.1.5 and the fixes attached to this bug.
(In reply to comment #33) > 3.1.5 works fine for me (arguably only lightly loaded home server) with no > apparent leaks, but 3.1.6 has new issues with mixed IPv4/6 handling, and a new > bug with --disable-ipv6. I have a patch that I'll test and will report here. > Anecdotally, it works well here in two environments (In reply to comment #35) > (In reply to comment #33) > > 3.1.6 has new issues with mixed IPv4/6 handling, and a new bug with > > --disable-ipv6. I have a patch that I'll test and will report here. > > Did not help, so +1 for an intermediate 3.1.5 and the fixes attached to this > bug. > +1 also.
the 3.1.6 is available singe Aug 02, please update
(In reply to comment #37) > the 3.1.6 is available singe Aug 02, please update Please read Comment 33. There is little benefit in using squid-3.1.6 at this time because it has additional bugs and the most important patches are already included in the attached 3.1.5 ebuild. However, I'll review it soon, just in case I've missed anything.
squid-3.1.6 is now in the tree, with sys-apps/ed added to its DEPEND. From where I stand, it doesn't make sense to ignore a newer version. If something is wrong in 3.1.6, please open a new bug and attach patches for these new issues. Some parts of leak fixes patches are already merged by upstream while others cannot be applied (I presume because upstream has chosen different solutions for them).
