[squid-users] Antwort: [squid-users] Squid 3.0.STABLE17 is available from Martin.Pichlmaier_at_continental-corporation.com on 2009-07-27 (squid-users)

From: <Martin.Pichlmaier_at_continental-corporation.com>
Date: Mon, 27 Jul 2009 15:38:04 +0200

Hello all,

I just compiled squid-3.0.STABLE17 and it compiled fine.
Unfortunately I now get many warning messages in cache.log (still testing,
not yet in productive environment):
2009/07/27 15:11:26| HttpMsg.cc(157) first line of HTTP message is invalid
2009/07/27 15:11:28| HttpMsg.cc(157) first line of HTTP message is invalid
2009/07/27 15:11:37| HttpMsg.cc(157) first line of HTTP message is invalid
2009/07/27 15:11:37| HttpMsg.cc(157) first line of HTTP message is invalid
2009/07/27 15:11:37| HttpMsg.cc(157) first line of HTTP message is invalid
2009/07/27 15:11:37| HttpMsg.cc(157) first line of HTTP message is invalid
2009/07/27 15:11:37| HttpMsg.cc(157) first line of HTTP message is invalid
2009/07/27 15:11:38| HttpMsg.cc(157) first line of HTTP message is invalid
2009/07/27 15:11:38| HttpMsg.cc(157) first line of HTTP message is invalid
2009/07/27 15:11:38| HttpMsg.cc(157) first line of HTTP message is invalid
2009/07/27 15:11:38| HttpMsg.cc(157) first line of HTTP message is invalid
2009/07/27 15:11:38| HttpMsg.cc(157) first line of HTTP message is invalid
2009/07/27 15:11:38| HttpMsg.cc(157) first line of HTTP message is invalid
2009/07/27 15:11:38| HttpMsg.cc(157) first line of HTTP message is invalid
2009/07/27 15:11:38| HttpMsg.cc(157) first line of HTTP message is invalid
2009/07/27 15:11:38| HttpMsg.cc(157) first line of HTTP message is invalid
2009/07/27 15:11:40| HttpMsg.cc(157) first line of HTTP message is invalid
2009/07/27 15:11:41| HttpMsg.cc(157) first line of HTTP message is invalid

It seems that nearly every URL I try to access gives that warning message,
for example www.arin.net, www.ripe.net, www.hp.com,
www.arin.net, even www.squid-cache.org and so on.
Are nearly all pages in the internet invalid or is the if-query or rather
the function incorrect?
The lines that produce the above warning are new in STABLE17...

HttpMsg.cc -- lines 156 to 160:
    if (!sanityCheckStartLine(buf, hdr_len, error)) {
        debugs(58,1, HERE << "first line of HTTP message is invalid");
        // NP: sanityCheck sets *error
        return false;
    }

Maybe it has something to do with my configuration options. I complied
squid with:
# squid -v
Squid Cache: Version 3.0.STABLE17
configure options: '--prefix=/appl' '--localstate=/var'
'--with-filedescriptors=16384' '--enable-storeio=ufs,null'
'--enable-auth=ntlm,basic' '--enable-external-acl-helpers=wbinfo_group'
'--enable-icap-client'
# uname -a
Linux proxy 2.6.18-92.1.10.0.1.el5 #1 SMP Mon Aug 4 17:11:38 EDT 2008
x86_64 x86_64 x86_64 GNU/Linux
#

I could shut it out with "debug_options ALL,1 58,0" but don't know which
other important messages I may miss.

Best regards,
Martin

Amos Jeffries <squid3_at_treenet.co.nz>
27.07.2009 13:00

An
squid-announce_at_squid-cache.org, Squid <squid-users_at_squid-cache.org>
Kopie

Thema
[squid-users] Squid 3.0.STABLE17 is available

The Squid HTTP Proxy team is pleased to announce the
availability of the Squid-3.0.STABLE17 release!

This release is primarily a Security Update release.

All users of Squid-3.0 are urgently advised to move up to this release.

The major changes are for advisory SQUID-2009:2. This is for multiple
vulnerabilities in both request and response processing. The cause is
the same, but there are many variations of possible attack.
http://www.squid-cache.org/Advisories/SQUID-2009_2.txt

There are also a number of smaller fixes in this release with potential
towards security problems. These are much harder trigger within Squid.
The helper issues are primarily of concern when used by other systems
than Squid.

   - Bug 2710: squid_kerb_auth non-terminated string
   - Bug 2674: Remove limit on HTTP headers read.
   - Bug 2659: String length overflows on append, leading to segfaults
   - Bug 2620: Invalid HTTP response codes causes segfault
   - Bug 2080: wbinfo_group.pl - false positive under certain conditions

And a few more regular bugs:
   - Bug 2680 regression: Crash after rotate with no helpers running
   - Bug 2679: strsep and strtoll detection failure
   - Bug 1087: ESI processor not quoting attributes correctly.
   - Fix: issue with AUFS/UFS/DiskD writing objects to disk cache

Please refer to the release notes at
http://www.squid-cache.org/Versions/v3/3.0/RELEASENOTES.html
if and when you are ready to make the switch to Squid-3.

This new release can be downloaded from our HTTP or FTP servers

http://www.squid-cache.org/Versions/v3/3.0/
ftp://ftp.squid-cache.org/pub/squid-3/STABLE/

or the mirrors. For a list of mirror sites see

http://www.squid-cache.org/Download/http-mirrors.dyn
http://www.squid-cache.org/Download/mirrors.dyn

If you encounter any issues with this release please file a bug report.
http://bugs.squid-cache.org/

Amos Jeffries
Received on Mon Jul 27 2009 - 13:38:24 MDT

This archive was generated by hypermail 2.2.0 : Mon Jul 27 2009 - 12:00:05 MDT