Warning: latest Squid has a fatal bug

[DutchDaemon]

For those of you planning to upgrade Squid: the latest versions in ports that address the recent vulnerability have a fatal bug which will cause Squid to restart itself constantly:

http://www.squid-cache.org/bugs/show_bug.cgi?id=2728

This concerns versions 3.1.0.12 and 3.0.STABLE17, maybe others as well.

I advise you to hold off on upgrading until the bug fix hits the ports tree.

The error message in cache.log is:

2009/07/29 12:29:11| HttpMsg.cc(157) first line of HTTP message is invalid
2009/07/29 12:29:11| assertion failed: http.cc:738: "!eof"

 

[DutchDaemon]

If you already upgraded Squid and face the associated problems, you can do this to revert (assuming you're using ports):

# echo "date=2009.07.20.12.00.00" >> /usr/share/examples/cvsup/ports-supfile

[B]Either:[/B]
# csup -g -L 2 -1 -h cvsup2.uk.FreeBSD.org -i ports/www/squid[B]30[/B] /usr/share/examples/cvsup/ports-supfile

[B]Or:[/B]
# csup -g -L 2 -1 -h cvsup2.uk.FreeBSD.org -i ports/www/squid[B]31[/B] /usr/share/examples/cvsup/ports-supfile

(or use your local cvsup mirror)

# cd /usr/ports/www/squid30 (or 31)
# make deinstall clean && make -DDISABLE_VULNERABILITIES install clean

# /usr/local/etc/rc.d/squid restart

That should give you the previous version of Squid, for the time being. Do not forget to remove the 'date' line from /usr/share/examples/cvsup/ports-supfile!

 

[DutchDaemon]

According to the bug report at http://www.squid-cache.org/bugs/show_bug.cgi?id=2728 this issue has been resolved. I also see that Squid 3.0.18, and Squid 3.1.13 made it into ports today.