Updated squid packages that fix several bugs are now available for Red Hat Enterprise Linux 6.
[Updated 20th September 2012] This advisory has been updated with an accurate description of the "http10" option for BZ#852863. This update does not change the packages in any way.
Squid is a high-performance proxy caching server for web clients that supports FTP, Gopher, and HTTP data objects.
- Due to a bug in the ConnStateData::noteMoreBodySpaceAvailable() function, child processes of squid aborted upon encountering a failed assertion. An upstream patch has been provided to address this issue and squid child processes no longer abort in the described scenario.
- Due to an upstream patch, which renamed the HTTP header controlling persistent connections from "Proxy-Connection" to "Connection", the NTLM pass-through authentication does not work, thus preventing login. This update introduces the new "http10" option to the squid.conf file, which can be used to enable the change in the patch. This option is set to "off" by default. When set to "on", the NTLM pass-through authentication works properly, thus allowing login attempts to succeed.
- When the IPv6 protocol was disabled and squid tried to handle an HTTP GET request containing an IPv6 address, the squid child process terminated due to signal 6. This bug has been fixed and such requests are now handled as expected.
- The old "stale if hit" logic did not account for cases where the stored stale response became fresh due to a successful re-validation with the origin server. Consequently, incorrect warning messages were returned. With this update, squid no longer marks elements as stale in the described scenario, thus fixing this bug.
All users of squid are advised to upgrade to these updated packages, which fix these bugs.