Revisions of squid
unknown
committed
(revision 4)
project was undeleted
Tom Patzig (tpatzig)
committed
(revision 3)
Tom Patzig (tpatzig)
committed
(revision 2)
Tom Patzig (tpatzig)
committed
(revision 1)
- update to 2.7.STABLE7
- update to 2.7.STABLE5, which is a bugfix version only:
* Don't set expires: now in generated error responses
* Old headers still returned after a cache validation
* swap.state permission issues if crashing during "squid -k
reconfigure"
* Limit stale-if-error to 500-504 responses
* Increase negotiate auth token buffer size
* add upgrade_http0.9 option making it possible to disable
upgrade of HTTP/0.9 responses
* assertion failed: sc->new_callback == NULL at store_client.c:190
* Shut down store url rewrite helpers on squid -k reconfigure
* configuration file contains non-ASCII characters
For complete list of changes see:
http://www.squid-cache.org/Versions/v2/2.7/changesets/SQUID_2_7_STABLE5.html
- removed obsolete, already in upstream version patches
- bugfix if user is in many kerberos groups (12380.patch)
- added a few official patches:
* HTTP/0.9: making it possible to disable upgrade of HTTP/0.9
responses
* assertion failed: sc->new_callback == NULL at store_client.c:190
* foreground rebuild should do all of the rebuilding before Squid
accepts
* Shut down store url rewrite helpers on squid -k reconfigure
* configuration file contains non-ASCII characters
- update to 2.7.STABLE4:
* DNS retransmit queue could get hold up
* assertion failed: forward.c:529: "fs"
* assertion failed: forward.c:110: "!EBIT_TEST(e->flags,
ENTRY_FWD_HDR_WAIT)"
* Workaround for Linux-2.6.24 & 2.6.25 netfiler_ipv4.h include
header __u32 problem
* Make dns_nameserver work when using --disable-internal-dns on
glibc based systems
* Handle aborted objects properly. The change in 2.7.STABLE3
triggered a number of issues.
* access.log logs rewritten URL and strip_query_terms ineffective
For full list of changes see:
http://www.squid-cache.org/Versions/v2/2.7/changesets/SQUID_2_7_STABLE4.html
- added cron to Requires: as rpmlint complains on this
- Fix init scripts.
- update to 2.7.STABLE3:
major changes from 2.6 to 2.7:
* HTTP/1.1 support
* performance improvements
* no longer WAIS support
* can emulate an origin server when acting as an accelerator
* "min-size" option for cache_dir
* semi-modular logging framework introduced
* Support for rewriting URLs into canonical forms when storing
and retrieving objects
* Object revalidation in background
* new option "zero_buffers"
* cache authentication based on source IP address
* configuration files can be included
* alteration for default rules to not cache dynamic content from
cgi-bin and query URLs
* cleanup of accelerator mode
* zero Penalty Hit support
* and many bugfixes
For full list of changes see:
http://www.squid-cache.org/Versions/v2/2.7/changesets
- fixed the config patch accordingly
- sorted files in /usr/sbin
- added new binary /usr/sbin/logfile-daemon
- added "sharedscripts" to logrotate (bnc#388088)
- update to 2.6.STABLE19:
* Custom log formats fail to log file sizes >2GB properly on
32-bit platforms
* outgoing_address acl doesn't work with indirect source address
(follow-x-forwarded-for)
* Stuck in 100% CPU when fetching an corrupt peer digest
* Add support for the resolv.conf domain directive, and also
automatically derived default domain
* minimum_icp_query_timeout directive
Full list of changes see:
http://www.squid-cache.org/Versions/v2/2.6/changesets/SQUID_2_6_STABLE20.html
- removed official patches, which are now included in latest version
- added official patches:
* Custom log formats fail to log file sizes >2GB properly on
32-bit platforms
* Fix stripping NT domain in squid_ldap_group
* Cache-Control: max-stale=0 forwarded wrongly as max-stale
(without delta)
* Fails to parse chunked encoding using chunk extensions
* Deal properly with empty list members
* tcp_outgoing_address acl doesn't work with indirect source
address (follow-x-forwarded-for)
- update to 2.6.STABLE19:
* Fix tcp_outgoing_address example config to match its description
* Assertion failed sc != NULL when using peer monitor function
fixed
* Fix missing default disk store type into QUICKSTART example.
* Handle recursive completion operations in diskd fixed.
* documentation bugfix for tcp_outgoing_tos directive
* Sort cache list in wccpv2 to ensure a consistent hash allocation
across all services
* Updated Ukrainan error pages
* Compile error in squid_kerb_auth under Mac OS X 10.5.2
* squid_radius_auth failed ro process more than 256 requests
* Clarified description of 'cache_vary' directive
* Make range_offset_limit 0 disable local range processing as
documented, even if the first range starts at 0
- updated 64bit patch
- updated FAQ: no longer avail, its a Wiki now. Best compromise to
use CompleteFaq webpage instead.
- update to 2.6.STABLE18:
* Preparing 2.6.STABLE18
* This is STABLE18, not 16..
* Remove HEAD ChangeLog entries copied by mistake
* Preparing for 2.6.STABLE18
* Update valgrind support for valgrind-3.3.0
* Sometimes arrayShrink() will be asked to shrink by 0 entries.
Handle that.
* Digest authentication fixes
* Minor cleanups to make some 64-bit platforms happier
* Novell eDirectory digest helper edir_digest_auth update to
clean up license
* Change old info@ircache.net contact address to
info@squid-cache.org
* Convert spnegohelp.h and spnegohelp.c files drom DOS to Unix
text format.
* Fix bug in header array compression
- removed obsolete suse 8.0 check in PreReq
- BuildRequires doesn't need openldap2 anymore. fixed.
- upgrade to version 2.6STABLE17:
* Fix compile error with old GCC 2.x or other ANSI-C compilers
before C99
* Mention the login= cache_peer option in release notes
* Fix bad cache_peer example in squid.conf
* Fix a compile-time memory corruption error causing cf_gen to
fail
* Clarify high_memory_warning usage
* Reject DNS responses which result in no data
* Fix version number in configuration manual
* Move cache and request/reply_header_max_size to their proper
sections
* sbrk statistics broken when process size >2GB
* Move logopen() much earlier to have fatal startup errors sent
to the proper syslog facility
* Fix HTTP/0.9 responses
* Correct bad example config for tos_outgoing_tos
* Fix grammar in description of mail_program squid.conf option
* Ignore Content-Length in chunked responses instead of
rejecting the response as invalid
* Documented that http_port no longer have a default
* Cleanup of cache digest documentation
* Make aufs store rebuilding back off a little if I/O load too
high
* Respect DNS ttl=0
* Update udp_(incoming|outgoing)_address documentation to
reflect current bahaviour.
* Update HTCP documentation
* Document the overlapping helper request format
* Change priority of proxy auth and extacl provided username in
login=*:pass
* pack header entries on cache updates
* Make squid_db_auth reopen the database connection on each
query by default
* Improve helper debug ouput, including the channel number
* Update cachePeerEntry MIB description to mention what is used
as index key
* Import squid_radius_auth for authenticating to RADIUS
- upgrade to version 2.6STABLE16:
* Test for sys/capability.h linux include file to avoid failing on
linux systems missing libcap
* Release private objects on cache rebuild
* Segfault in clientBuildReplyHeader when http->entry == NULL
* Bug #2072: digest_pw_auth fails when using plaintext passwords
* Bug #2073: assertion failed: client_side.c:4175: "buf != NULL ||
!conn->body.request on POST
* Adjust default pconn timeouts to avoid shutting down connection while
child sends request
* Bug #1980: cache_peer monitortimeout not working
* Bug #1882: Parent responses are not cached if sibling returns 504
* More squid.conf reordering to get the dependencies between options
sorted proper
* The select() I/O loop got broken by the /dev/poll addition
(2.6.STABLE14)
* Bug #2017: Fails to work around broken servers sending just the HTTP
headers
* Bug #2023: Compile error with old GCC 2.x or other ANSI-C compilers
before C99
* squid.conf.default updated and reorganised in more sensible groups
* correct and document the syslog access_log format
* Armenian error pages translation
* digest_ldap_helper usage help updated
* Bug #1560: ftpSendPasv: getsockname(-1,..): (9) Bad file descriptor
* Improve delay pools in low traffic environment by checking timeouts
at a steady 1 second interval even when there is not much activity
* Don't request authentication on transparently intercepted
connections
* Cleanup linux capabilities for tproxy
* Bug #2003: 'via' config directive doesn't affect response headers
* Bug #1902: Adds Numeric Hit and invalid request counters to IP Cache
* Add missing $|=1 to squid_db_auth
* Bug #2050: Persistent connection dropped if cache has no
Content-Length
* Verify the URL on memory cache hits
* Bug #2057: NTLM stop work in messengers after upgrade to 2.6.STABLE14
* Bug #1972: Squid sets peers to down state when they are in fact
working.
* potential segmentation fault in storeLocateVary()
* Bug #2066: chdir after chroot
* Windows port: Fix compiler warnings when building Squid as
application (not Windows service mode)
* Spelling correction of received
- adapted config patch
- removed /etc/squid/errrors: no longer needed (bugzilla#300933)
- removed explicit permissions handling (bugzilla#298341)
- moved $named from Required-Start to Should-Start (bugzilla#142653)
- renamed X-UnitedLinux-Should-Start to Should-Start in rc script
- renamed X-UnitedLinux-Should-Stop to Should-Stop in rc script
- upgrade to 2.6.STABLE14:
* Bug #2008: Work around clients trying to use NTLM or Negotiate
without persistent connections
* Deal better with forwarding loops
* Bug #2010: snmp_core.cc:828: warning: array subscript is above
array bounds
* Temporary shortage of system filedescriptors may cause Squid to
permanently stop accepting connections
* Bug #1085: Add no-wrap to cache manager HTML tables
* Cosmetic squid_ldap_auth cleanups from Squid-3
* Simple POP3 basic auth helper querying a POP3 server
* squid.conf.default cleanups
* Clean up HTML escapes in the configuration manual
* Simple POP3 basic auth helper querying a POP3 server
* Imported updated squid_kerb_auth helper from the SourceForge
squidkerbauth repository
* Bug #1130: min-size option for cache_dir
* digest_edir_auth helper, using novell eDirectory universal
password
* Bug #1968: Squid hangs occasionally when using DNS search paths
* Bug #1900: Double "squid -k shutdown" makes Squid restart again
* There is no -a command line option in Squid-2.6 and later.
* Make AC_CHECK_.._SYSTYPE wrappers around the default calls to
allow cross-compiling
* Renamed db_auth.pl to squid_db_auth, and autogenerate perl path
and man page
* make devpoll support work
* Bring over Solaris/IRIX /dev/poll network IO support from
Squid-2, enabled by compiling with --enable-devpoll
* Database auth helper using Perl DBI
* Kerberos SPNEGO helper
* Always use xisxxxx() Squid defined macros instead of ctype
functions.
* Round time to next event upwards to avoid storms of comm_select
loops doing nothing
* Adjust refresh_pattern min-age to make 0 mean 0, not 1 second
* URI-escape using the recommended upper case
* Correct the refresh_pattern ignore-auth documentation to refer
to CC: public
* Dump out the config manual while making snapshots
* Script to build HTML configuration manual from cf.data
* Shuffle around various configuration options into their own
sections
- moved cachemgr.cgi to %{_libdir}/squid to make rpmlint happy
- upgrade to 2.6.STABLE13:
* Make sure reply headers gets sent even if there is no body available
yet, fixing RealMedia streaming over HTTP issues.
* Undo an accidental name change of storeUnregisterAbort.
* Kill an ancient malplaced storeUnregisterAbort call from ftp.c
* Bug #1814: SSL memory leak on persistent SSL connections
* Don't log ECONNREFUSED/ECONNABORTED accept failures in cache.log
* Cosmetic fix: added missing newline in WCCPv2 configuration dump.
* Ukrainan error messages
* Convert various error pages from DOS to UNIX text format
* Bug #1820: COSS assertion failure t->length == MD5_DIGEST_CHARS
* Clarify the max-conn=n cache_peer option syntax slightly
* Bug #1892: COSS segfault on shutdown
* Windows port: fix undefined ECONNABORTED
* Make refreshIsCachable handle ETag as a cache validator, not
only last-modified
* in_port_t is not portable, use unsigned short instead
* Fix fs / auth / snmp dependencies
* Portability: statfs() may reqire #include <sys/statfs.h>
- added valgrind-devel to buildrequires
- upgrade to 2.6.STABLE12:
* Upgrade HTTP/0.9 responses to our HTTP version (HTTP/1.0)
* various diskd bugfixes
* In the access.log hierarchy field log the unique peer name
instead of the host name
* unlinkdClose() should be called after (not before)
storeDirSync()
* CLEAN_BUF_SZ was defined, but never used anywhere
* logging HTTP-request size
* Fix icmp pinger communication on FreeBSD and other not
supporing large dgram AF_UNIX sockets
* Release objects on swapin failure
* Objects stuck in cache if origin server clock in future
* 302 responses with an Expires header is always cached
* Primitive support for HTTP/1.1 chunked encoding, working around
broken servers
* Clean up relations between TCP probing and DNS checks of peers
with no known addresses.
* Fix a minor HTML coding error in ftp directory listings with //
in the path
* Cleanup of refresh logics when dealing with non-refreshable
content
* Gopher cleanups and bugfixes
* Negotiate authentication fixed again. Broken since STABLE7 by
the patch for
* COSS tries to shut down the same directory twice on exit
* store*DirRebuildFromSwapLog() ignores some SWAP_LOG_DEL entries
* Added support for Subversion HTTP request methods MKACTIVITY,
CHECKOUT and MERGE.
* assertion failed: client_side.c:4055: "buf != NULL ||
!conn->body.request"
* Handle garbage helper responses better in concurrent protocol
format
* Fix kqueue when overflowing the changes queue
* Make sure the child worker process commits suicide if it could
not start up
* Don't log short responses at debug level 1
* Fix bswap16 & bwsap32 error on NetBSD
* Fix collapsed_forwarding for non-GET requests
* Assertion error on TRACE
- needsrootforbuild injected: urgently required for ulimit setting
- upgrade to 2.6.STABLE9 with this fixes:
* Date parsing error causing objects to get unexpectedly cached.
Problem introduced in 2.6.STABLE6.
* authenticateNTLMFixErrorHeader: state 4. NTLM & Negotiate
instability introduced in 2.6.STABLE6.
* Primitive support for HTTP/1.1 chunked encoding, working around
broken servers sending chunked encoding in response to HTTP/1.0
requests.
* STALE: Entry's timestamp greater than check time. Clock going
backwards?
* Don't update object timestamps on a failed revalidation.
* If-Modified-Since broken in 2.6.STABLE8
* diskd bug in storeDiskdIOCallback()
- reinjected SAMBAPREFIX into specfile (bugzilla#236317)
- upgrade to 2.6.STABLE7:
* Windows port: Fix intermittent build error using Visual Studio
* Add missing tproxy info from the dump of http port
configuration
* Bug #1853: Support for ARP ACL on NetBSD
* clientNatLookup(): fix wrong function name in debug messages
* Convert ncsa_auth man page from DOS to Unix text format.
* Bug #1858: digest_ldap_auth had some remains of old hash format
* Correct the select_loops counter when using select(). Was
counted twice
* Clarify the http_port vhost option a bit
* Fix cache-control: max-stale without value or bad value
* Bug #1857: Segmentation fault on certain types of ftp://
requests
* Bug #1848: external_acl crashes with an infinite loop under
high load
* Bug #1792: max_user_ip not working with NTLM authentication
* Bug #1865: deny_info redirection with authentication related
acls
* Small example on how to use the squid_session helper
* Bug #1863: cache_peer monitorurl, monitorsize and
monitorinterval not working properly
* Clarify the transparent http_port option a bit more
* Bug #1828: squid.conf docutemtation error for proxy_auth digest
* Bug #1867: squid.pid isn't removed on shutdown
- install pam_auth setuid root instead of setgid shadow (#216816)
- fix permissions handling
- fixed gnu ftpserver name mangling (bugzilla#230751)
- fixed pidfile removal issue (bugzilla#223067)
- upgrade to 2.6.STABLE5:
* Whitespace cleanup
* Preparing for 2.6.STABLE6
* Resurrect httpd_accel_no_pmtu_disc after the transparent interception
cleanup
* Spell check in release notes
* Windows port: Updated release notes
* Windows port: Fixed build error on MinGW using SSL support
* Windows port: Updated release notes
* Windows port: Fix build errors when using latest MinGW environment
* Bug #1641: assertion failed: stmem.c:149: "size > 0" while processing
certain Vary objects
* Bug #1840: Disable digest and netdb queries to multicast peers
* Bug #1839: Cosmetic debug message cleanup in peerHandleHtcpReply.
* Bug #1801: NTLM authentication ends up in a loop if the server responds
with a retriable error
* Bug #439: Multicast ICP peering is unstable and considers most peers dead
* Fix the WCCPv2 mask assignment code to not crash as the value assignments
are built.
* Bug #1584: Unable to register with multiple WCCP2 routers
* Convert the connStateData->chr single link list to a normal dlink_list for
clarity.
* Accept large dates >2^31. Seen for example in the Google logo.
* Remove old leftover variable after the client_side buffer cleanup
* Reduce memory allocator pressure by not continually allocating client-side
read buffers
* Remove malloc/free of temporary buffer in time parsing routines.
* Document that proxy_auth also accepts -i for case-insensitive operation
* Convert snmpDebugOid to use a temporary String object instead of strcat
* Bug #1832: Error building squid-2.6.STABLE5 using --enable-truncate
* Add support for the weight= parameter to round-robin peers
* Fix defaultsite= processing after the accelerator mode cleanup
* Clarify the external_acl_type helper format specification and some defaults
* Bug #1773: Segmentation violation bug in the cleanup of transparent mode
* Cleanup to silence a harmess GCC inline warning
* Bug #1805: assertion failed: StatHist.c:195: "D[i] >= 0"
* Remove extra newline in redirect message sent by deny_info http://...
aclname
* Bug #1117: assertion failed: aufs/store_dir_aufs.c:642:
"rb->flags.need_to_validate"
* Bug #1818: Assertion failure assert(e->swap_dirn >= 0) in fs/coss/
store_dir_coss.c storeCoss_DeleteStoreEntry
* Windows port: updated release notes
* Only use crypt() if it's available
* automake no longer recommends mkinstalldirs. Remove it from the
distribution.
* Bug #1799: Harmless 1 byte buffer overflow on long host names in /etc/hosts
* Cleanup of transparent & accelerator mode request parsing to untangle the
firewall dependencies a bit
* Add client source port logformat tag >p
* Bug #1817: Assertion failure assert(buflen >= copy_sz) in htcp.c
htcpBuildAuth()
- upgrade to version 2.6.STABLE5, which is only a bug fix version, with
these most important bug fixes:
* Some memory leaks corrected, some of which could result in
denial of service conditions after some time.
* Assertion failure related to Vary/ETag processing, which could
maybe result in a denial of service condition.
* Delay pools now assigns bandwidth fairly among competing
connections.
* Port 563 removed from the default set of SSL ports.
- Changes from 2.6.STABEL4 to 2.6.STABEL5 in detail:
* 2.6.STABLE4 aufs fails to compile if coss isn't enabled
* COSS improvements and cleanups
* SNMP linking issue resolved, enabling SNMP support to be build in all
platforms
* access_log syslog results in blanks syslog lines between every entry
* Incorrect error message on invalid cache_peer specifications
* Memory leak in handling of negatively cached objects
* Incorrect Vary processing in combination with collapsed_forwarding
* Memory leak in ncsa_auth on password changes
* Suppress some annoying coss startup messages raising the debug level
to 2.
* Clarify the external_acl_helper concurrency= change.
* aioDone() could be called twice from aufs and from coss (when using
AIOPS) during shutdown.
* Accept 00:00-24:00 as a valid time specification even if redundand
and the same as 00:00-23:59
* Theoretical memory leak in storeSetPublicKey
* Removing port 563 from the default SSL_ports and Safe_ports ACLs
* Automatically enable Linux Netfilter support with
--enable-linux-tproxy.
* squid -k reconfigure crash when using req/rep_header acls
* Clarify the select/poll/kqueue/epoll configure --enable/disable
options
* Delay pools fairness when multiple connections compete for bandwidth
* Crash on exit in certain conditions where cache.log is not writeable
* Assertion error HttpHeader.c:914: "str"
* Crash on wccp2 + mask assignement + standard wccp service
* Silence harmless gcc compile warning.
* Clean up poll memory on shutdown
* Ported select, poll and win32 to new comm event framework
* Windows port: Correctly identify Windows Vista and Windows Server
Longhorn
* Added a basic comm_select_simple comm loop only requiring minimal
POSIX compliance.
* Safeguard from kb_t counter overflows on 32-bit platforms
- upgrade to version 2.6.STABLE4:
* New wccp2_weight directive
* Numeros COSS fixes and improvements
* Support for WCCP2 hash based assignment and weighted assignments
* Windows port update
* Many small fixes to better detect invalid configurations
* Bug #1760: FTP related memory leak
* SNMP mib updates for some minor missing details
* Bug #1590: Silence those harmless ETag loop warnings
* Bug #1740: Squid crashes on certain malformed HTTP responses
* Bug #1699: assertion failed: authenticate.c:836:
"auth_user_request != NULL"
* a number of other minor and cosmetic bugfixes. See the list of
squid-2.6.STABLE4 changes and the ChangeLog file for details.
- removed ncsa patch, now upstream included
- fix for buffer size in ncsa auth (bugzilla#202249)
- upgrade to version 2.6.STABLE3:
* src/dst acl parsing changed to not attempt to guess a netmask
if none was specified. Instead assume it's an IP address and not
a network even if it ends in 0
* Several memory leaks plugged
* Delay pools now work again (broken in 2.6.STABLE1 & 2)
* New log_format %ue and %us tags for external acl or ssl user id
* COSS fixes and performance improvements
* Include acl's is now shown in their original form in cachemgr
configuration dumps.
* ntlm fake_auth finally handles non-ascii user names
* TCP fallback on truncated DNS responses, making the internal
DNS client complete.
* Downloads could hang when using the cache_dir max-size option
* Fixed some assertion failures and segmentation faults
* Some small optimizations to reduce CPU usage
* a number of other minor and cosmetic bugfixes. See the list of
squid-2.6 changes and the ChangeLog file for details.
- upgrade to version 2.6.STABLE2:
* Bug #1650: transparent interception "Unable to forward this
request at this time"
* Bug #1658: Memory corruption when using client-side SSL
certificates
* Multiple fixes to the experimental COSS cache_dir type Added
* the missing concurrency parameter to basic/digest auth
schemes
* Bug #1669: SEGV in storeAddVaryReadOld Bug #1670: assertion
* failure: i->prefix_size > 0 in
client_side.c:2509
* Bug #1671: transparent interception fails with FreeBSD ipfw or
Linux-2.2 ipchains
* Bug #1660: Accept-Encoding related memory corruption Bug #1673:
* cache digests not served to other caches Bug #1684: xstrdup:
* tried to dup a NULL pointer! Bug #1688: Assertion failure in
* HttpHeader.c in some header_access
configurations
* Bug #1696, Bug #1700 and more: WCCP2 fixes Bug #1677: Duplicate
* etags in the If-None-Match in cache
validations causing lighttpd to fail with error 400
* Added ARP acl support for OpenBSD and ARP fixes for Windows Bug
* #1681: All ntlmauthenticator processes are busy new
* minimum_expiry_time squid.conf directive backported from
Squid-3
* Bug #1703: Wrong default path to the diskd helper causing hangs
* at
100% CPU
* Bug #1685: Crashes or other odd results after
* storeSwapMetaUnpack:
errors
* a number of other minor and cosmetic bugfixes. See the list of
squid-2.6 changes and the ChangeLog file for details.
- adapted ldflags patch
- added /usr/sbin/cossdump
- Fix build requires.
- upgrade to version 2.6.STABLE1:
o bug fixes
o Major improvements to the way that Squid handles web proxy,
accelerated and transparent proxy requests to make it easier to
configure transparent and acceleration functionality
o WCCPv2 support multiple cache engines registering with multiple
WCCP routers and switches.
o TPROXY totally transparent proxy support under Linux, which to
allow Squid to appear totally invisible to both client and server
systems when transparently caching requests.
o Support for Etag and Vary HTTP headers.
o Collapsed forwarding, which gives Squid the ability to
intelligently merge client requests for objects into one request
to the server.
o Support for epoll under Linux, which gives Squid the ability to
handle many many more concurrent requests with lower CPU
overhead.
o SSL assisted hardware encryption making use of OpenSSL
functionality within Squid.
o Logging enhancements to allow even greater customization of the
way Squid logs requests in the access-log or to syslog if
required
o Authentication enhancements including Negotiate/Kerberos support,
extra workarounds for NTLM clients and others using Microsoft
Integrated Login.
o Additional external_acl parameters to support SSL and even more
client side parameters.
o ACL changes in conjunction with SSL changes which have been
merged, to allow matching based on SSL certificate parameters.
o New authentication helpers:
- Digest LDAP helper
- Native Windows basic, NTLM and negotiate helpers
- External acl helpers for session monitoring and native Windows
group membership check
o HTCP significantly cleaned up and added support for the CLR
operation to purge contents from the cache
o Support for parsing X-Forwarded-For headers allowing access
controls to be based on the real client IP even if behind secondary
proxies
- adapted SUSE patches
- Fix typo.
- Set mandir.
- Use --with-maxfd and don't build as root.
- Don't lose LDFLAGS.
- added 6 official upstream patches
- added 15 official upstream patches
- updated FAQ
- converted neededforbuild to BuildRequires
- Don't strip binaries.
- added 2 official patches
- updated FAQ
- compile with -fno-strict-aliasing
- upgrade to squid-2.5.STABLE12
- added official patches
- updated FAQ
- upgrade to squid-2.5.STABLE11
- added official patches (includes CAN-2005-2917 and CVE-2005-3258)
- changed error message when creating cache dir (bugzilla#118561)
- add -DLDAP_DEPRECATED (to RPM_OPT_FLAGS, since they're the only
ones respected by all subsystems)
- added latest official patches from squid-cache.org
- fixed problem in rc script (bugzilla#100250)
- added latest official patches
- updated FAQ
- changed rc.squid to honor $SQUID_CONF (bugzilla#98186)
- upgrade to squid-2.5.STABLE10
- added official patches and added cachemgr.conf
- adapted local patches
- build with fPIE/pie
- use RPM_OPT_FLAGS
- rename vprintf to packer_vprintf (macro clash)
- fixed rc script for upgrade (bugzilla#76687)
- fixed permission problem (bugzilla#71801)
- fixed ulimit problem (bugzilla#71848)
- added 14 upstream patches (only minor+cosmetic)
- updated FAQ
- update to version 2.5.STABLE9
- updated FAQ
- fix for fillup and norootforbuild trigger
- update to version 2.5.STABLE8
- added latest official patches
- shutdown timeout is now configurable (bugzilla#50785)
- fixed init message for squid shutdown (bugzilla#50786)
- Use <owner>:<group> in permissions file.
- Use common-* PAM configuration
- updated FAQ documents
- added 3 official patches (2 minor, 1 cosmetic)
- removed ancient notify message
- added four official fixes
- added official fix for crash in NTLM module
- added ie_blocker configuration as suggested by Markus Gaugusch
- added 15 official patches
- had to adapt 2 of the official patches to SUSE configuration
- reenabled linux-netfilter on public request
- removed the error directory from %doc, as its already in %sysconfig
- update to version 2.5.STABLE6
- added EGREP definition in spec file to make configure happy
- added 13 official patches, with three major fixes;
and includes fix for cache_mem variable > 2048MB (bugzilla#42417)
- replaced NTLM security fix with official one
- buffer overflow fix in NTLM authentication helper (bugzilla#41771)
- added 1 mainstream patch (minor)
- updated FAQ documents
- updated FAQ documents
- added official patches: 2xcosmetic, 1xminor
- re-enabled transparent proxy support for sles (thx ke)
- re-enabled heap removale policy for sles
- added official patches: 2xcosmetic, 2xmedium, 1xmajor
- enabled more store I/O modules for sles products
- added two official patches: timeout produces wrong error code,
deny_info redirection escaped wrong
- update FAQs with latest available
- added official patches
- added four official patches
- upgrade to squid-2.5.STABLE5
- added many official patches (> 10)
- rejected official squid-2.5.STABLE4-ntlm_auth_popups.patch (breaks build)
- dropped winbind authentification support
(according to author and FAQ no longer supported with samba3.x)
- updated FAQ
- fixes for samba3 (first try - waiting for approve by personal samba
contact :)
- added next official patch: squid-2.5.STABLE4-ftp_telnet.patch
- rejected official patch: squid-2.5.STABLE4-ntlm_auth_popups.patch
causes a lot of compilation problems.
- added missing (official) squid-2.5.STABLE4-xpi_mime.patch
- added official patches (and did some fixes)
- Build as normal user
- Add pam-devel to neededforbuild
- enabled external-acl-helpers
- fixed RELEASENOTES version in %doc
- updated to 2.5.STABLE4
- removed old patches
- and added new ones. :-)
- change e-mail to root in squid.spec as suggested in bugzilla#31447
- Fix pam_auth permissions/group (like in /etc/permissions)
- added another upstream patch (delay_access_auth); had to make him fit
- removed patch listed twice: Patch10 and Patch11
- added official patches of last two weeks
- updated documentation to latest version
- fixed smb_auth (bugzilla#28260)
- specfile: restart of daemon on rpm package update (bugzilla#29036)
- try-restart needs rc_status for test and not rc_stop (bugzilla#26937)
- added next bunch of official patches (w/o improvement patch)
- Fix chown calls.
- added a bunch of official patches
- updated to 2.5.STABLE3
- added official patches
- fixed build problems with unpackaged files
- updated to 2.5.STABLE2
- added official patches
- made several fixes (and adaption of old ones)
- rediffed some patches to make it build
- Remove cyrus-sasl from neededforbuild
- updated neededforbuild: samba-devel -> samba (bugzilla#24235)
- added official patches
- adapted the winbind patch (bugzilla#24235) (hopefully builds on all archs)
- updated FAQ
- added and updated /etc/permissions.d/squid (bugzilla#23752)
- added manual pages
- added a few fixes for 64bit architecture
- enabled some useful (configure) options
- added all the missing official patches (before feature freeze)
- changed default heap replacement policy from "lru" to "heap"
- Use pam_unix2.so instead of pam_unix.so
- fix of automake fix
- added another official patch (today released)
- added mime.conf link and ...
- thanks to ro for again forgotten neededforbuild update
- fixed neededforbuild for the umpteenth time ...
- added next official patches
- requires now use of automake system
- fixed problematic config file mime.confs (now in /etc)
- added several official patches from www.squid-cache.org *sigh*
- added missing cachemgr.cgi
- added missing contrib files from old squid version
- added FAQ in various forms; downloaded from www.squid-cache.org
- added scripts as %doc
- fixed neededforbuild "sp" -> "opensp"
- added another bunch of official patches
- fixed path problems (runtime) in spec file
- updated to 2.5.STABLE1
- added official patches
- tuned up spec file
- changed neededforbuild <sp> to <opensp>
- changed neededforbuild <sp-devel> to <>
- fixed pathes in squid.logrotate (bugzilla#18792)
- added official msnt_auth patch
- added test for suse_version to be backward compatible with PreReq:
- fixed spec file: new PreReq tokens
- fixed spec file: file permission for cache_dir and log_dir
- fixed rc script: now honors cache_dir in squid.conf and fails if
problems in creation (bugzilla #14892)
- fixed Requires/Provides in SPEC file.
- added useful configure options
- added a lot of new authentification methods (and therefore conflicts
with RPM smb_auth)
- re-organized %Files section
- created /etc/logrotate.d/squid
- update to patchlevel 2.4STABLE7 (dropping the respective patches)
- rc.squid INIT section: use X-UnitedLinux-Should-Start
- move configuration to /etc/squid
- install error message files to /usr/share/squid. Link to English
as default.
- drop %pre script that renamed /usr/share/squid/errors
- use %defattr
- create squid user also at begin of install section
- squid does not need a valid login shell.
- Update to 2.4.STABLE6 (dropping the last two patches), and add
several new security fixes (see
http://www.squid-cache.org/Versions/v2/2.4/bugs/):
* Buffer overflows in the Gopher client
* Sanity checks of the FTP data channel
* FTP directory parsing buffer overflows
* Make Squid deny transfer-encoding to work around Apache issue
* Insecure forwarding of proxy_auth
and minor fixes:
* cache_mem documentation
* client -T not implemented
* HTCP coredump on "squid -k reconfigure"
Not included, because the module is not activated:
* Buffer overflows in the MSNT auth helper (updating the module
from 1.2 to 2.0)
- Using useradd in the specfile.
- squid-2.4.STABLE3-rfc1035-security.diff fixes compressed dns
reply buffer overflow.
- disable HTCP support (upon recommendation of Henrik Nordstrom
<hno@squid-cache.org>). The implementation lacks access control
and logging, and does not add any value to cache peering compared
to ICP.
- test for correct cache directory in rc.squid
- specify DEFAULT_PID_FILE
- added three security-relevant patches, combined in
squid-2.4.STABLE3-misc-sec.dif:
* "htcp port 0" fails to disable the HTCP port
* coredump on ftp:// style URLs
* fix for SNMP memory leaks
See http://www.squid-cache.org/Versions/v2/2.4/bugs/.
- update to 2.4.STABLE3: numerous bug fixes. for the Changelog see
http://www.squid-cache.org/Versions/v2/2.4/ChangeLog.txt
- make file locations more FHS conform:
/var/squid/cache --> /var/cache/squid
/var/squid/logs --> /var/log/squid
- drop security patch (included upstream)
- replace GmbH --> AG
- removed START_SQUID
- update to 2.4RC2 (prev. squid-beta package)
- use buildroot
- fix security hole where squid could be crashed by certain requests
- specfile fix: install /etc/squid.conf with noreplace [Bug #10023]
- removed /lib/security path from pam.d config file
- initscript and textfiles moved away from squid-2.3.STABLE4.dif
- changed neededforbuild <sp_libs> to <sp-devel>
- initscript fix: don't start squid in runlevel 2 [bug #7956]
- bzip2 sources
- initscript fix: check for running squid before creating cache-dir
- squid.conf: allow localhost access to squid by default
- initscript: ulimit -n 4096 added to increase filedescriptors
- cachemgr.cgi moved to doc/scripts
- build of Programming-Guide removed from specfile
- initscript-fix: $named for added for required startup
- new initscript more LSB conform
- new patch from www.squid-cache.org applied
- Fix bogus requires
- changed for openldap2
- fixed neededforbuild for openldap
- package squid23 renamed to squid
- specfile: Obsoletes squid2 and squid23 added
Conflicts squid-beta added (instead of squid24)
- pam_auth: permissions set to sgid shadow
- build of doc/Programming-Guide fixed
- specfile fix: ulimit was missing and conflicts squid24 added
- squid.h patched to allow increase of available filedescriptors:
set to 4096 at buildtime by "ulimit -n 4096" in spec-file
- use official tags for required-start
- error in initscript fixed
- Requires ldaplib added in specfile
- errors in README.SuSE fixed
- hno-patch by Henrik Nordstrom included
- Initscript now checks for a running squid
- new patches from www.squid-cache.org included
- Fix location of rcscript
- rcscript update
- fixed neededforbuild
- Fix need for build filelist
- initscript reload-option fixed
- more patches from www.squid-cache.org
- another patch from www.squid-cache.org added
- patch ftp_icon_not_found from www.squid-cache.org added
- update -> squid-2.3.STABLE4
- another patch from www.squid-cache.org added
- specfile-fix: installation of docu changed
- initscript fixed
- new patches ("Disk space over the limit") included
- update -> squid-2.3STABLE3
- logfile-rotation disabled in squid.conf to avoid interaction
with logfile-compression configured in /etc/logfiles
- new patches from squid.nlanr.net included
- update -> squid-2.3STABLE2
- more patches from squid.nlanr.net included
- init-script fix: wait for squid to shutdown
- location of pid-file changed to /var/run
- initial squid2.3STABLE1 package by bodammer
Displaying all 4 revisions
