Re: [squid-users] Squid plugin sponsor
On 10/02/22 01:43, David Touzeau wrote: Hi I would like to sponsor the improvement of ntlm_fake_auth to support new protocols ntlm_* helpers are specific to NTLM authentication. All LanManager (LM) protocols should already be supported as well as currently possible. NTLM is formally discontinued by MS and *very* inefficient. NP: NTLMv2 with encryption does not *work* because that encryption step requires secret keys the proxy is not able to know. or go further produce a new negotiate_kerberos_auth_fake With current Squid this helper only needs to produce an "OK" response regardless of the input. The basic_auth_fake does that. Amos ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] [squid-announce] Squid 5.4 is available
Hello All Here docker image builds, automatic at each official release Amd64 and Arm (64 bits os only, tested on raspberry v3,v4) https://hub.docker.com/r/fredbcode/squid Fred -- Envoyé de mon appareil Android avec Courriel K-9 Mail. Veuillez excuser ma brièveté.___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] [squid-announce] Squid 5.4 is available
Hey All, I have just published the latest 5.4 RPMS for: * Oracle Linux 7+8 * CentOS Linux 7+8 * Amazon Linux 2 All the above includes my latest patch that allows intercepted connections to be passed towards the destination host in cases which the DNS resolution comes from another DNS which is not shared between the clients and the proxy. (8.8.8.8,1.1.1.1 etc) The next patch series has been used on 5.4-1: https://gist.github.com/elico/eb0f4e99331af5c23a8f5999f405d37b And the next patch was used on 4.17-8 https://gist.github.com/elico/630fa57d161b0c0b59ef68786d801589 All The Bests, Eliezer Eliezer Croitoru NgTech, Tech Support Mobile: +972-5-28704261 Email: ngtech1...@gmail.com -Original Message- From: squid-announce On Behalf Of Amos Jeffries Sent: Wednesday, February 9, 2022 10:53 To: squid-annou...@lists.squid-cache.org Subject: [squid-announce] Squid 5.4 is available The Squid HTTP Proxy team is very pleased to announce the availability of the Squid-5.4 release! This release is a bug fix release resolving several issues found in the prior Squid-5 releases. The major changes to be aware of: * Bug 5190: Preserve configured order of intermediate CA certificate chain Previous Squid-5 releases inverted the CA certificate chain order when delivering the server handshake. Breaking clients which are unable to reorder the chain. This release once again conforms with TLS specification requirements. * Bug 5187: Properly track (and mark) truncated store entries Squid used an error-prone approach to identifying truncated responses: The response is treated as whole unless somebody remembers to mark it as truncated. This dangerous default naturally resulted in bugs where truncated responses are treated as complete under various conditions. This change reverses that approach: Responses not explicitly marked as whole are treated as truncated. This change affects all Squid-server FwdState-dispatched communications: HTTP, FTP, Gopher, and WHOIS. It also affects responses received from the adaptation services. Transactions that failed due to origin server or peer timeout (a common source of truncation) are now logged with a _TIMEOUT %Ss suffix and ERR_READ_TIMEOUT/WITH_SRV %err_code/%err_detail. Transactions prematurely canceled by Squid during client-Squid communication (usually due to various timeouts) now have WITH_CLT default %err_detail. This detail helps distinguish otherwise similarly-logged problems that may happen when talking to the client or to the origin server/peer. * Bug 5134: assertion failed: Transients.cc:221: "old == e" This bug appears when caching is enabled and a worker dies and is automatically restarted. The SMP cache management was missing some necessary cross-checks on hash collision before updating stored objects. The worker recovery logic detected the hash collision better and would abort with the given error. * Bug 5132: Close the tunnel if to-server conn closes after client This bug has been present since 5.0.4 and shows up as a growing number of open (aka "hung") TCP connections used by Squid regardless of client traffic levels. It can be expected to affect on all HTTPS traffic, and proxy using SSL-Bump features. With the problem being worse the more CONNECT tunnels are handled. * Bug 5188: Fix reconfiguration leaking tls-cert=... memory This bug was found investigating other issues. Installations which are reconfiguring often may have been seeing sub-optimal memory usage. It has otherwise a minimal impact. All users of Squid-5 are encouraged to upgrade as soon as possible. See the ChangeLog for the full list of changes in this and earlier releases. Please refer to the release notes at http://www.squid-cache.org/Versions/v5/RELEASENOTES.html when you are ready to make the switch to Squid-5 This new release can be downloaded from our HTTP or FTP servers http://www.squid-cache.org/Versions/v5/ ftp://ftp.squid-cache.org/pub/squid/ ftp://ftp.squid-cache.org/pub/archive/5/ or the mirrors. For a list of mirror sites see http://www.squid-cache.org/Download/http-mirrors.html http://www.squid-cache.org/Download/mirrors.html If you encounter any issues with this release please file a bug report. https://bugs.squid-cache.org/ Amos Jeffries ___ squid-announce mailing list squid-annou...@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-announce ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
[squid-users] Squid plugin sponsor
Hi I would like to sponsor the improvement of ntlm_fake_auth to support new protocols or go further produce a new negotiate_kerberos_auth_fake Who should start the challenge? regards___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
[squid-users] [squid-announce] Squid 5.4 is available
The Squid HTTP Proxy team is very pleased to announce the availability of the Squid-5.4 release! This release is a bug fix release resolving several issues found in the prior Squid-5 releases. The major changes to be aware of: * Bug 5190: Preserve configured order of intermediate CA certificate chain Previous Squid-5 releases inverted the CA certificate chain order when delivering the server handshake. Breaking clients which are unable to reorder the chain. This release once again conforms with TLS specification requirements. * Bug 5187: Properly track (and mark) truncated store entries Squid used an error-prone approach to identifying truncated responses: The response is treated as whole unless somebody remembers to mark it as truncated. This dangerous default naturally resulted in bugs where truncated responses are treated as complete under various conditions. This change reverses that approach: Responses not explicitly marked as whole are treated as truncated. This change affects all Squid-server FwdState-dispatched communications: HTTP, FTP, Gopher, and WHOIS. It also affects responses received from the adaptation services. Transactions that failed due to origin server or peer timeout (a common source of truncation) are now logged with a _TIMEOUT %Ss suffix and ERR_READ_TIMEOUT/WITH_SRV %err_code/%err_detail. Transactions prematurely canceled by Squid during client-Squid communication (usually due to various timeouts) now have WITH_CLT default %err_detail. This detail helps distinguish otherwise similarly-logged problems that may happen when talking to the client or to the origin server/peer. * Bug 5134: assertion failed: Transients.cc:221: "old == e" This bug appears when caching is enabled and a worker dies and is automatically restarted. The SMP cache management was missing some necessary cross-checks on hash collision before updating stored objects. The worker recovery logic detected the hash collision better and would abort with the given error. * Bug 5132: Close the tunnel if to-server conn closes after client This bug has been present since 5.0.4 and shows up as a growing number of open (aka "hung") TCP connections used by Squid regardless of client traffic levels. It can be expected to affect on all HTTPS traffic, and proxy using SSL-Bump features. With the problem being worse the more CONNECT tunnels are handled. * Bug 5188: Fix reconfiguration leaking tls-cert=... memory This bug was found investigating other issues. Installations which are reconfiguring often may have been seeing sub-optimal memory usage. It has otherwise a minimal impact. All users of Squid-5 are encouraged to upgrade as soon as possible. See the ChangeLog for the full list of changes in this and earlier releases. Please refer to the release notes at http://www.squid-cache.org/Versions/v5/RELEASENOTES.html when you are ready to make the switch to Squid-5 This new release can be downloaded from our HTTP or FTP servers http://www.squid-cache.org/Versions/v5/ ftp://ftp.squid-cache.org/pub/squid/ ftp://ftp.squid-cache.org/pub/archive/5/ or the mirrors. For a list of mirror sites see http://www.squid-cache.org/Download/http-mirrors.html http://www.squid-cache.org/Download/mirrors.html If you encounter any issues with this release please file a bug report. https://bugs.squid-cache.org/ Amos Jeffries ___ squid-announce mailing list squid-annou...@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-announce ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
