File squid.spec of Package squid
#
# spec file for package squid (Version 2.7.STABLE6)
#
# Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
# needsrootforbuild
Name: squid
BuildRequires: db-devel opensp-devel pam-devel samba
BuildRequires: sgmltool sharutils openssl openssl-devel
Summary: Squid WWW proxy server
Version: 2.7.STABLE6
Release: 1
License: GPL v2 or later
Url: http://www.squid-cache.org
Group: Productivity/Networking/Web/Proxy
Requires: logrotate, cron
Provides: http_proxy
Conflicts: squid-beta squid2 squid23
AutoReqProv: on
PreReq: /usr/sbin/useradd, %insserv_prereq, %fillup_prereq
Source: squid-%{version}.tar.bz2
#Source1: squid_ldapauth-%{squid_ldapauth_version}.tar.bz2
Source2: rc.squid
Source4: README.SuSE
Source5: pam.squid
Source6: squid.logrotate
Source7: squid-%{version}-RELEASENOTES.html
Source8: contrib-2.4.STABLE6.tar.bz2
# OBSOLETE: Create with: wget --cut-dirs=1 -nH -m -k -r -I/Doc/FAQ/ http://www.squid-cache.org/Doc/FAQ/
# FAQ is now changed into a wiki. The complete FAQ can be found at:
# http://wiki.squid-cache.org/SquidFaq/CompleteFaq
Source10: CompleteFaq.html
# Source: http://gaugusch.at/squid.shtml
Source11: squid_ie_blocker.txt
Source12: http://www.squid-cache.org/WCCP-support/Linux/ip_wccp.c
Source13: squid.sysconfig
Patch0: squid-2.7.STABLE3-config.patch
Patch1: %{name}-2.6.STABLE2-ldflags.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%define squidconfdir /etc/squid
%description
The stable version of the Squid WWW Proxy Server.
Home page: http://www.squid-cache.org
Authors:
--------
Duane Wessels <wessels@ircache.net>
%prep
%setup -n squid-%{version} -a 8
%patch0 -p1
%patch1 -p1
#perl -pi -e 's%^#!/usr/local/bin/perl%#!/usr/bin/perl%g' `find -name "*.pl"`
#(cd squid_ldapauth*
#%patch2
#)
%build
%{?suse_update_config:%{suse_update_config}}
export RPM_OPT_FLAGS="$RPM_OPT_FLAGS -fPIE -fno-strict-aliasing"
export CFLAGS="$RPM_OPT_FLAGS"
export LDFLAGS="-pie"
aclocal
touch NEWS AUTHORS
automake
autoconf
./configure --prefix=/usr \
--sysconfdir=%{squidconfdir} \
--bindir=/usr/sbin \
--sbindir=/usr/sbin \
--localstatedir=/var \
--libexecdir=/usr/sbin \
--datadir=/usr/share/squid \
--mandir=%{_mandir} \
--with-dl \
--with-maxfd=4096 \
--enable-snmp \
--enable-carp \
--enable-useragent-log \
--enable-auth="basic digest negotiate ntlm" \
--enable-basic-auth-helpers="MSNT NCSA PAM SMB YP getpwnam multi-domain-NTLM" \
--enable-ntlm-auth-helpers="SMB fakeauth no_check" \
--enable-external-acl-helpers="ip_user session unix_group wbinfo_group" \
--enable-ntlm-fail-open \
--enable-referer-log \
--enable-arp-acl \
--enable-htcp \
--enable-underscores \
--enable-stacktraces \
--enable-delay-pools \
--enable-useragent-log \
--enable-referer-log \
--enable-forward-log \
--enable-multicast-miss \
--enable-ssl \
--enable-cache-digests \
--enable-auth-on-acceleration \
--enable-storeio="aufs,coss,diskd,null,ufs" \
--enable-linux-netfilter \
--enable-removal-policies="heap,lru" \
--enable-icmp \
--with-samba-sources=/usr/include/samba \
--enable-large-cache-files \
--enable-x-accelerator-vary \
--enable-follow-x-forwarded-for
make DEFAULT_SWAP_DIR=/var/cache/squid \
DEFAULT_LOG_PREFIX=/var/log/squid \
DEFAULT_PID_FILE=/var/run/squid.pid \
SAMBAPREFIX=/usr
mkdir FAQ
cp -p %{SOURCE10} FAQ
%install
mkdir -p $RPM_BUILD_ROOT/var/{cache,log}/squid
mkdir -p $RPM_BUILD_ROOT/usr/sbin
make install DESTDIR=$RPM_BUILD_ROOT SAMBAPREFIX=/usr
mv $RPM_BUILD_ROOT{/etc/squid/,/usr/share/squid/}mime.conf.default
mv $RPM_BUILD_ROOT{/etc/squid/,/usr/share/squid/}msntauth.conf.default
cp $RPM_BUILD_ROOT{/etc/squid/,/usr/share/squid/}msntauth.conf
ln -s /etc/squid/mime.conf $RPM_BUILD_ROOT/usr/share/squid # backward compatible
install -d -m 755 $RPM_BUILD_ROOT/etc/logrotate.d
install -m 644 %{SOURCE6} $RPM_BUILD_ROOT/etc/logrotate.d/squid
install -d %{buildroot}%{_mandir}/man8/
install -m 644 doc/squid.8 $RPM_BUILD_ROOT/%{_mandir}/man8/
install -m 644 helpers/basic_auth/PAM/pam_auth.8 $RPM_BUILD_ROOT/%{_mandir}/man8/
gzip -9 $RPM_BUILD_ROOT/%{_mandir}/man8/*.8
install -D %{SOURCE2} $RPM_BUILD_ROOT/etc/init.d/squid
ln -sf /etc/init.d/squid $RPM_BUILD_ROOT/usr/sbin/rcsquid
install -d -m 755 doc/scripts
install scripts/*.pl doc/scripts
cat > doc/scripts/cachemgr.readme <<-EOT
cachemgr.cgi will now be found in %{_libdir}/squid
EOT
install -d -m 755 $RPM_BUILD_ROOT/%{_libdir}/squid
mv $RPM_BUILD_ROOT/usr/sbin/cachemgr.cgi $RPM_BUILD_ROOT/%{_libdir}/squid
#nothing for squid-2.5.STABLE1:
install -d -m 755 doc/contrib
install contrib/*.pl doc/contrib
#rm doc/Programming-Guide/Makefile
install -m 644 %{SOURCE7} doc
install -m 644 %{SOURCE4} .
install -m 644 %{SOURCE11} doc/contrib
install -m 644 %{SOURCE12} doc/contrib
install -D -m 644 %{SOURCE5} $RPM_BUILD_ROOT/etc/pam.d/squid
cp -a helpers/external_acl/ip_user/README README.ip_user
rm %{buildroot}/usr/sbin/Run*
install -d -m 755 $RPM_BUILD_ROOT/var/adm/fillup-templates
install -m 644 %{SOURCE13} $RPM_BUILD_ROOT/var/adm/fillup-templates/sysconfig.squid
rm -f $RPM_BUILD_ROOT/etc/squid/squid.conf.default
rm -f $RPM_BUILD_ROOT%{_mandir}/man8/pam_auth.8
rm -f $RPM_BUILD_ROOT%{_mandir}/man8/squid.8
rm -f $RPM_BUILD_ROOT%{_mandir}/man8/squid_unix_group.8
%clean
rm -rf $RPM_BUILD_ROOT
%pre
/usr/sbin/useradd -r -o -g nogroup -u 31 -s /bin/false -c "WWW-proxy squid" -d /var/cache/squid squid 2> /dev/null || :
%post
%{fillup_and_insserv squid}
%preun
%stop_on_removal squid
%postun
%restart_on_update squid
%{insserv_cleanup}
%verifyscript
%files
%defattr(-,root,root)
%attr(750,squid,root) %dir /var/cache/squid
%attr(750,squid,root) %dir /var/log/squid
%dir %{squidconfdir}
%config(noreplace) %{squidconfdir}/squid.conf
%config(noreplace) %{squidconfdir}/cachemgr.conf
%config(noreplace) /etc/logrotate.d/squid
%config(noreplace) %{squidconfdir}/mime.conf
%config(noreplace) %{squidconfdir}/msntauth.conf
%config /etc/pam.d/squid
%config /etc/init.d/squid
%dir /usr/share/squid
/usr/share/squid/errors
/usr/share/squid/icons
%config /usr/share/squid/mib.txt
/usr/share/squid/mime.conf
/usr/share/squid/mime.conf.default
/usr/share/squid/msntauth.conf
/usr/share/squid/msntauth.conf.default
/usr/sbin/cossdump
/usr/sbin/diskd-daemon
/usr/sbin/fakeauth_auth
/usr/sbin/getpwname_auth
/usr/sbin/ip_user_check
/usr/sbin/logfile-daemon
/usr/sbin/msnt_auth
/usr/sbin/ncsa_auth
/usr/sbin/no_check.pl
/usr/sbin/ntlm_auth
%verify(not mode) %attr(4755,root,shadow)/usr/sbin/pam_auth
/usr/sbin/pinger
/usr/sbin/rcsquid
/usr/sbin/smb_auth
/usr/sbin/smb_auth.pl
/usr/sbin/smb_auth.sh
/usr/sbin/squid
/usr/sbin/squid_session
/usr/sbin/squid_unix_group
/usr/sbin/squidclient
/usr/sbin/unlinkd
/usr/sbin/wbinfo_group.pl
/usr/sbin/yp_auth
/var/adm/fillup-templates/sysconfig.squid
%dir %{_libdir}/squid
%{_libdir}/squid/cachemgr.cgi
%doc %{_mandir}/man*/*
%doc CONTRIBUTORS COPYING COPYRIGHT CREDITS
%doc ChangeLog QUICKSTART README README.SuSE
#%doc doc/HTTP-codes.txt doc/draft-vixie-htcp-proto-04.txt
#%doc doc/Programming-Guide
%doc doc/scripts doc/contrib FAQ
%doc doc/debug-sections.txt src/squid.conf.default
%doc doc/%{name}-%{version}-RELEASENOTES.html
%doc README.ip_user
%changelog
* Mon Oct 27 2008 kssingvo@suse.de
- update to 2.7.STABLE5, which is a bugfix version only:
* Don't set expires: now in generated error responses
* Old headers still returned after a cache validation
* swap.state permission issues if crashing during "squid -k
reconfigure"
* Limit stale-if-error to 500-504 responses
* Increase negotiate auth token buffer size
* add upgrade_http0.9 option making it possible to disable
upgrade of HTTP/0.9 responses
* assertion failed: sc->new_callback == NULL at store_client.c:190
* Shut down store url rewrite helpers on squid -k reconfigure
* configuration file contains non-ASCII characters
For complete list of changes see:
http://www.squid-cache.org/Versions/v2/2.7/changesets/SQUID_2_7_STABLE5.html
- removed obsolete, already in upstream version patches
* Thu Oct 02 2008 kssingvo@suse.de
- bugfix if user is in many kerberos groups (12380.patch)
* Thu Sep 25 2008 kssingvo@suse.de
- added a few official patches:
* HTTP/0.9: making it possible to disable upgrade of HTTP/0.9
responses
* assertion failed: sc->new_callback == NULL at store_client.c:190
* foreground rebuild should do all of the rebuilding before Squid
accepts
* Shut down store url rewrite helpers on squid -k reconfigure
* configuration file contains non-ASCII characters
* Wed Aug 20 2008 kssingvo@suse.de
- update to 2.7.STABLE4:
* DNS retransmit queue could get hold up
* assertion failed: forward.c:529: "fs"
* assertion failed: forward.c:110: "!EBIT_TEST(e->flags,
ENTRY_FWD_HDR_WAIT)"
* Workaround for Linux-2.6.24 & 2.6.25 netfiler_ipv4.h include
header __u32 problem
* Make dns_nameserver work when using --disable-internal-dns on
glibc based systems
* Handle aborted objects properly. The change in 2.7.STABLE3
triggered a number of issues.
* access.log logs rewritten URL and strip_query_terms ineffective
For full list of changes see:
http://www.squid-cache.org/Versions/v2/2.7/changesets/SQUID_2_7_STABLE4.html
- added cron to Requires: as rpmlint complains on this
* Sun Aug 17 2008 aj@suse.de
- Fix init scripts.
* Wed Jul 02 2008 kssingvo@suse.de
- update to 2.7.STABLE3:
major changes from 2.6 to 2.7:
* HTTP/1.1 support
* performance improvements
* no longer WAIS support
* can emulate an origin server when acting as an accelerator
* "min-size" option for cache_dir
* semi-modular logging framework introduced
* Support for rewriting URLs into canonical forms when storing
and retrieving objects
* Object revalidation in background
* new option "zero_buffers"
* cache authentication based on source IP address
* configuration files can be included
* alteration for default rules to not cache dynamic content from
cgi-bin and query URLs
* cleanup of accelerator mode
* zero Penalty Hit support
* and many bugfixes
For full list of changes see:
http://www.squid-cache.org/Versions/v2/2.7/changesets
- fixed the config patch accordingly
- sorted files in /usr/sbin
- added new binary /usr/sbin/logfile-daemon
* Mon May 19 2008 kssingvo@suse.de
- added "sharedscripts" to logrotate (bnc#388088)
* Tue Apr 29 2008 kssingvo@suse.de
- update to 2.6.STABLE19:
* Custom log formats fail to log file sizes >2GB properly on
32-bit platforms
* outgoing_address acl doesn't work with indirect source address
(follow-x-forwarded-for)
* Stuck in 100%% CPU when fetching an corrupt peer digest
* Add support for the resolv.conf domain directive, and also
automatically derived default domain
* minimum_icp_query_timeout directive
Full list of changes see:
http://www.squid-cache.org/Versions/v2/2.6/changesets/SQUID_2_6_STABLE20.html
- removed official patches, which are now included in latest version
* Thu Apr 17 2008 kssingvo@suse.de
- added official patches:
* Custom log formats fail to log file sizes >2GB properly on
32-bit platforms
* Fix stripping NT domain in squid_ldap_group
* Cache-Control: max-stale=0 forwarded wrongly as max-stale
(without delta)
* Fails to parse chunked encoding using chunk extensions
* Deal properly with empty list members
* tcp_outgoing_address acl doesn't work with indirect source
address (follow-x-forwarded-for)
* Wed Mar 26 2008 kssingvo@suse.de
- update to 2.6.STABLE19:
* Fix tcp_outgoing_address example config to match its description
* Assertion failed sc != NULL when using peer monitor function
fixed
* Fix missing default disk store type into QUICKSTART example.
* Handle recursive completion operations in diskd fixed.
* documentation bugfix for tcp_outgoing_tos directive
* Sort cache list in wccpv2 to ensure a consistent hash allocation
across all services
* Updated Ukrainan error pages
* Compile error in squid_kerb_auth under Mac OS X 10.5.2
* squid_radius_auth failed ro process more than 256 requests
* Clarified description of 'cache_vary' directive
* Make range_offset_limit 0 disable local range processing as
documented, even if the first range starts at 0
- updated 64bit patch
- updated FAQ: no longer avail, its a Wiki now. Best compromise to
use CompleteFaq webpage instead.
* Tue Jan 15 2008 kssingvo@suse.de
- update to 2.6.STABLE18:
* Preparing 2.6.STABLE18
* This is STABLE18, not 16..
* Remove HEAD ChangeLog entries copied by mistake
* Preparing for 2.6.STABLE18
* Update valgrind support for valgrind-3.3.0
* Sometimes arrayShrink() will be asked to shrink by 0 entries.
Handle that.
* Digest authentication fixes
* Minor cleanups to make some 64-bit platforms happier
* Novell eDirectory digest helper edir_digest_auth update to
clean up license
* Change old info@ircache.net contact address to
info@squid-cache.org
* Convert spnegohelp.h and spnegohelp.c files drom DOS to Unix
text format.
* Fix bug in header array compression
- removed obsolete suse 8.0 check in PreReq
* Wed Dec 12 2007 kssingvo@suse.de
- BuildRequires doesn't need openldap2 anymore. fixed.
* Mon Dec 03 2007 kssingvo@suse.de
- upgrade to version 2.6STABLE17:
* Fix compile error with old GCC 2.x or other ANSI-C compilers
before C99
* Mention the login= cache_peer option in release notes
* Fix bad cache_peer example in squid.conf
* Fix a compile-time memory corruption error causing cf_gen to
fail
* Clarify high_memory_warning usage
* Reject DNS responses which result in no data
* Fix version number in configuration manual
* Move cache and request/reply_header_max_size to their proper
sections
* sbrk statistics broken when process size >2GB
* Move logopen() much earlier to have fatal startup errors sent
to the proper syslog facility
* Fix HTTP/0.9 responses
* Correct bad example config for tos_outgoing_tos
* Fix grammar in description of mail_program squid.conf option
* Ignore Content-Length in chunked responses instead of
rejecting the response as invalid
* Documented that http_port no longer have a default
* Cleanup of cache digest documentation
* Make aufs store rebuilding back off a little if I/O load too
high
* Respect DNS ttl=0
* Update udp_(incoming|outgoing)_address documentation to
reflect current bahaviour.
* Update HTCP documentation
* Document the overlapping helper request format
* Change priority of proxy auth and extacl provided username in
login=*:pass
* pack header entries on cache updates
* Make squid_db_auth reopen the database connection on each
query by default
* Improve helper debug ouput, including the channel number
* Update cachePeerEntry MIB description to mention what is used
as index key
* Import squid_radius_auth for authenticating to RADIUS
* Tue Oct 23 2007 kssingvo@suse.de
- upgrade to version 2.6STABLE16:
* Test for sys/capability.h linux include file to avoid failing on
linux systems missing libcap
* Release private objects on cache rebuild
* Segfault in clientBuildReplyHeader when http->entry == NULL
* Bug #2072: digest_pw_auth fails when using plaintext passwords
* Bug #2073: assertion failed: client_side.c:4175: "buf != NULL ||
!conn->body.request on POST
* Adjust default pconn timeouts to avoid shutting down connection while
child sends request
* Bug #1980: cache_peer monitortimeout not working
* Bug #1882: Parent responses are not cached if sibling returns 504
* More squid.conf reordering to get the dependencies between options
sorted proper
* The select() I/O loop got broken by the /dev/poll addition
(2.6.STABLE14)
* Bug #2017: Fails to work around broken servers sending just the HTTP
headers
* Bug #2023: Compile error with old GCC 2.x or other ANSI-C compilers
before C99
* squid.conf.default updated and reorganised in more sensible groups
* correct and document the syslog access_log format
* Armenian error pages translation
* digest_ldap_helper usage help updated
* Bug #1560: ftpSendPasv: getsockname(-1,..): (9) Bad file descriptor
* Improve delay pools in low traffic environment by checking timeouts
at a steady 1 second interval even when there is not much activity
* Don't request authentication on transparently intercepted
connections
* Cleanup linux capabilities for tproxy
* Bug #2003: 'via' config directive doesn't affect response headers
* Bug #1902: Adds Numeric Hit and invalid request counters to IP Cache
* Add missing $|=1 to squid_db_auth
* Bug #2050: Persistent connection dropped if cache has no
Content-Length
* Verify the URL on memory cache hits
* Bug #2057: NTLM stop work in messengers after upgrade to 2.6.STABLE14
* Bug #1972: Squid sets peers to down state when they are in fact
working.
* potential segmentation fault in storeLocateVary()
* Bug #2066: chdir after chroot
* Windows port: Fix compiler warnings when building Squid as
application (not Windows service mode)
* Spelling correction of received
- adapted config patch
* Thu Aug 16 2007 kssingvo@suse.de
- removed /etc/squid/errrors: no longer needed (bugzilla#300933)
* Thu Aug 09 2007 kssingvo@suse.de
- removed explicit permissions handling (bugzilla#298341)
* Mon Aug 06 2007 kssingvo@suse.de
- moved $named from Required-Start to Should-Start (bugzilla#142653)
- renamed X-UnitedLinux-Should-Start to Should-Start in rc script
- renamed X-UnitedLinux-Should-Stop to Should-Stop in rc script
* Mon Jul 30 2007 kssingvo@suse.de
- upgrade to 2.6.STABLE14:
* Bug #2008: Work around clients trying to use NTLM or Negotiate
without persistent connections
* Deal better with forwarding loops
* Bug #2010: snmp_core.cc:828: warning: array subscript is above
array bounds
* Temporary shortage of system filedescriptors may cause Squid to
permanently stop accepting connections
* Bug #1085: Add no-wrap to cache manager HTML tables
* Cosmetic squid_ldap_auth cleanups from Squid-3
* Simple POP3 basic auth helper querying a POP3 server
* squid.conf.default cleanups
* Clean up HTML escapes in the configuration manual
* Simple POP3 basic auth helper querying a POP3 server
* Imported updated squid_kerb_auth helper from the SourceForge
squidkerbauth repository
* Bug #1130: min-size option for cache_dir
* digest_edir_auth helper, using novell eDirectory universal
password
* Bug #1968: Squid hangs occasionally when using DNS search paths
* Bug #1900: Double "squid -k shutdown" makes Squid restart again
* There is no -a command line option in Squid-2.6 and later.
* Make AC_CHECK_.._SYSTYPE wrappers around the default calls to
allow cross-compiling
* Renamed db_auth.pl to squid_db_auth, and autogenerate perl path
and man page
* make devpoll support work
* Bring over Solaris/IRIX /dev/poll network IO support from
Squid-2, enabled by compiling with --enable-devpoll
* Database auth helper using Perl DBI
* Kerberos SPNEGO helper
* Always use xisxxxx() Squid defined macros instead of ctype
functions.
* Round time to next event upwards to avoid storms of comm_select
loops doing nothing
* Adjust refresh_pattern min-age to make 0 mean 0, not 1 second
* URI-escape using the recommended upper case
* Correct the refresh_pattern ignore-auth documentation to refer
to CC: public
* Dump out the config manual while making snapshots
* Script to build HTML configuration manual from cf.data
* Shuffle around various configuration options into their own
sections
* Wed May 23 2007 kssingvo@suse.de
- moved cachemgr.cgi to %%{_libdir}/squid to make rpmlint happy
* Mon May 14 2007 kssingvo@suse.de
- upgrade to 2.6.STABLE13:
* Make sure reply headers gets sent even if there is no body available
yet, fixing RealMedia streaming over HTTP issues.
* Undo an accidental name change of storeUnregisterAbort.
* Kill an ancient malplaced storeUnregisterAbort call from ftp.c
* Bug #1814: SSL memory leak on persistent SSL connections
* Don't log ECONNREFUSED/ECONNABORTED accept failures in cache.log
* Cosmetic fix: added missing newline in WCCPv2 configuration dump.
* Ukrainan error messages
* Convert various error pages from DOS to UNIX text format
* Bug #1820: COSS assertion failure t->length == MD5_DIGEST_CHARS
* Clarify the max-conn=n cache_peer option syntax slightly
* Bug #1892: COSS segfault on shutdown
* Windows port: fix undefined ECONNABORTED
* Make refreshIsCachable handle ETag as a cache validator, not
only last-modified
* in_port_t is not portable, use unsigned short instead
* Fix fs / auth / snmp dependencies
* Portability: statfs() may reqire #include <sys/statfs.h>
* Fri Apr 06 2007 ro@suse.de
- added valgrind-devel to buildrequires
* Tue Apr 03 2007 kssingvo@suse.de
- upgrade to 2.6.STABLE12:
* Upgrade HTTP/0.9 responses to our HTTP version (HTTP/1.0)
* various diskd bugfixes
* In the access.log hierarchy field log the unique peer name
instead of the host name
* unlinkdClose() should be called after (not before)
storeDirSync()
* CLEAN_BUF_SZ was defined, but never used anywhere
* logging HTTP-request size
* Fix icmp pinger communication on FreeBSD and other not
supporing large dgram AF_UNIX sockets
* Release objects on swapin failure
* Objects stuck in cache if origin server clock in future
* 302 responses with an Expires header is always cached
* Primitive support for HTTP/1.1 chunked encoding, working around
broken servers
* Clean up relations between TCP probing and DNS checks of peers
with no known addresses.
* Fix a minor HTML coding error in ftp directory listings with //
in the path
* Cleanup of refresh logics when dealing with non-refreshable
content
* Gopher cleanups and bugfixes
* Negotiate authentication fixed again. Broken since STABLE7 by
the patch for
* COSS tries to shut down the same directory twice on exit
* store*DirRebuildFromSwapLog() ignores some SWAP_LOG_DEL entries
* Added support for Subversion HTTP request methods MKACTIVITY,
CHECKOUT and MERGE.
* assertion failed: client_side.c:4055: "buf != NULL ||
!conn->body.request"
* Handle garbage helper responses better in concurrent protocol
format
* Fix kqueue when overflowing the changes queue
* Make sure the child worker process commits suicide if it could
not start up
* Don't log short responses at debug level 1
* Fix bswap16 & bwsap32 error on NetBSD
* Fix collapsed_forwarding for non-GET requests
* Assertion error on TRACE
* Mon Feb 26 2007 kssingvo@suse.de
- needsrootforbuild injected: urgently required for ulimit setting
* Wed Jan 31 2007 kssingvo@suse.de
- upgrade to 2.6.STABLE9 with this fixes:
* Date parsing error causing objects to get unexpectedly cached.
Problem introduced in 2.6.STABLE6.
* authenticateNTLMFixErrorHeader: state 4. NTLM & Negotiate
instability introduced in 2.6.STABLE6.
* Primitive support for HTTP/1.1 chunked encoding, working around
broken servers sending chunked encoding in response to HTTP/1.0
requests.
* STALE: Entry's timestamp greater than check time. Clock going
backwards?
* Don't update object timestamps on a failed revalidation.
* If-Modified-Since broken in 2.6.STABLE8
* diskd bug in storeDiskdIOCallback()
* Mon Jan 22 2007 kssingvo@suse.de
- reinjected SAMBAPREFIX into specfile (bugzilla#236317)
* Thu Jan 18 2007 kssingvo@suse.de
- upgrade to 2.6.STABLE7:
* Windows port: Fix intermittent build error using Visual Studio
* Add missing tproxy info from the dump of http port
configuration
* Bug #1853: Support for ARP ACL on NetBSD
* clientNatLookup(): fix wrong function name in debug messages
* Convert ncsa_auth man page from DOS to Unix text format.
* Bug #1858: digest_ldap_auth had some remains of old hash format
* Correct the select_loops counter when using select(). Was
counted twice
* Clarify the http_port vhost option a bit
* Fix cache-control: max-stale without value or bad value
* Bug #1857: Segmentation fault on certain types of ftp://
requests
* Bug #1848: external_acl crashes with an infinite loop under
high load
* Bug #1792: max_user_ip not working with NTLM authentication
* Bug #1865: deny_info redirection with authentication related
acls
* Small example on how to use the squid_session helper
* Bug #1863: cache_peer monitorurl, monitorsize and
monitorinterval not working properly
* Clarify the transparent http_port option a bit more
* Bug #1828: squid.conf docutemtation error for proxy_auth digest
* Bug #1867: squid.pid isn't removed on shutdown
* Wed Jan 17 2007 lnussel@suse.de
- install pam_auth setuid root instead of setgid shadow (#216816)
- fix permissions handling
* Tue Jan 09 2007 kssingvo@suse.de
- fixed gnu ftpserver name mangling (bugzilla#230751)
- fixed pidfile removal issue (bugzilla#223067)
* Tue Dec 12 2006 kssingvo@suse.de
- upgrade to 2.6.STABLE5:
* Whitespace cleanup
* Preparing for 2.6.STABLE6
* Resurrect httpd_accel_no_pmtu_disc after the transparent interception
cleanup
* Spell check in release notes
* Windows port: Updated release notes
* Windows port: Fixed build error on MinGW using SSL support
* Windows port: Updated release notes
* Windows port: Fix build errors when using latest MinGW environment
* Bug #1641: assertion failed: stmem.c:149: "size > 0" while processing
certain Vary objects
* Bug #1840: Disable digest and netdb queries to multicast peers
* Bug #1839: Cosmetic debug message cleanup in peerHandleHtcpReply.
* Bug #1801: NTLM authentication ends up in a loop if the server responds
with a retriable error
* Bug #439: Multicast ICP peering is unstable and considers most peers dead
* Fix the WCCPv2 mask assignment code to not crash as the value assignments
are built.
* Bug #1584: Unable to register with multiple WCCP2 routers
* Convert the connStateData->chr single link list to a normal dlink_list for
clarity.
* Accept large dates >2^31. Seen for example in the Google logo.
* Remove old leftover variable after the client_side buffer cleanup
* Reduce memory allocator pressure by not continually allocating client-side
read buffers
* Remove malloc/free of temporary buffer in time parsing routines.
* Document that proxy_auth also accepts -i for case-insensitive operation
* Convert snmpDebugOid to use a temporary String object instead of strcat
* Bug #1832: Error building squid-2.6.STABLE5 using --enable-truncate
* Add support for the weight= parameter to round-robin peers
* Fix defaultsite= processing after the accelerator mode cleanup
* Clarify the external_acl_type helper format specification and some defaults
* Bug #1773: Segmentation violation bug in the cleanup of transparent mode
* Cleanup to silence a harmess GCC inline warning
* Bug #1805: assertion failed: StatHist.c:195: "D[i] >= 0"
* Remove extra newline in redirect message sent by deny_info http://...
aclname
* Bug #1117: assertion failed: aufs/store_dir_aufs.c:642:
"rb->flags.need_to_validate"
* Bug #1818: Assertion failure assert(e->swap_dirn >= 0) in fs/coss/
store_dir_coss.c storeCoss_DeleteStoreEntry
* Windows port: updated release notes
* Only use crypt() if it's available
* automake no longer recommends mkinstalldirs. Remove it from the
distribution.
* Bug #1799: Harmless 1 byte buffer overflow on long host names in /etc/hosts
* Cleanup of transparent & accelerator mode request parsing to untangle the
firewall dependencies a bit
* Add client source port logformat tag >p
* Bug #1817: Assertion failure assert(buflen >= copy_sz) in htcp.c
htcpBuildAuth()
* Mon Nov 06 2006 kssingvo@suse.de
- upgrade to version 2.6.STABLE5, which is only a bug fix version, with
these most important bug fixes:
* Some memory leaks corrected, some of which could result in
denial of service conditions after some time.
* Assertion failure related to Vary/ETag processing, which could
maybe result in a denial of service condition.
* Delay pools now assigns bandwidth fairly among competing
connections.
* Port 563 removed from the default set of SSL ports.
- Changes from 2.6.STABEL4 to 2.6.STABEL5 in detail:
* 2.6.STABLE4 aufs fails to compile if coss isn't enabled
* COSS improvements and cleanups
* SNMP linking issue resolved, enabling SNMP support to be build in all
platforms
* access_log syslog results in blanks syslog lines between every entry
* Incorrect error message on invalid cache_peer specifications
* Memory leak in handling of negatively cached objects
* Incorrect Vary processing in combination with collapsed_forwarding
* Memory leak in ncsa_auth on password changes
* Suppress some annoying coss startup messages raising the debug level
to 2.
* Clarify the external_acl_helper concurrency= change.
* aioDone() could be called twice from aufs and from coss (when using
AIOPS) during shutdown.
* Accept 00:00-24:00 as a valid time specification even if redundand
and the same as 00:00-23:59
* Theoretical memory leak in storeSetPublicKey
* Removing port 563 from the default SSL_ports and Safe_ports ACLs
* Automatically enable Linux Netfilter support with
--enable-linux-tproxy.
* squid -k reconfigure crash when using req/rep_header acls
* Clarify the select/poll/kqueue/epoll configure --enable/disable
options
* Delay pools fairness when multiple connections compete for bandwidth
* Crash on exit in certain conditions where cache.log is not writeable
* Assertion error HttpHeader.c:914: "str"
* Crash on wccp2 + mask assignement + standard wccp service
* Silence harmless gcc compile warning.
* Clean up poll memory on shutdown
* Ported select, poll and win32 to new comm event framework
* Windows port: Correctly identify Windows Vista and Windows Server
Longhorn
* Added a basic comm_select_simple comm loop only requiring minimal
POSIX compliance.
* Safeguard from kb_t counter overflows on 32-bit platforms
* Wed Oct 18 2006 kssingvo@suse.de
- upgrade to version 2.6.STABLE4:
* New wccp2_weight directive
* Numeros COSS fixes and improvements
* Support for WCCP2 hash based assignment and weighted assignments
* Windows port update
* Many small fixes to better detect invalid configurations
* Bug #1760: FTP related memory leak
* SNMP mib updates for some minor missing details
* Bug #1590: Silence those harmless ETag loop warnings
* Bug #1740: Squid crashes on certain malformed HTTP responses
* Bug #1699: assertion failed: authenticate.c:836:
"auth_user_request != NULL"
* a number of other minor and cosmetic bugfixes. See the list of
squid-2.6.STABLE4 changes and the ChangeLog file for details.
- removed ncsa patch, now upstream included
* Wed Aug 30 2006 kssingvo@suse.de
- fix for buffer size in ncsa auth (bugzilla#202249)
* Wed Aug 23 2006 kssingvo@suse.de
- upgrade to version 2.6.STABLE3:
* src/dst acl parsing changed to not attempt to guess a netmask
if none was specified. Instead assume it's an IP address and not
a network even if it ends in 0
* Several memory leaks plugged
* Delay pools now work again (broken in 2.6.STABLE1 & 2)
* New log_format %%ue and %%us tags for external acl or ssl user id
* COSS fixes and performance improvements
* Include acl's is now shown in their original form in cachemgr
configuration dumps.
* ntlm fake_auth finally handles non-ascii user names
* TCP fallback on truncated DNS responses, making the internal
DNS client complete.
* Downloads could hang when using the cache_dir max-size option
* Fixed some assertion failures and segmentation faults
* Some small optimizations to reduce CPU usage
* a number of other minor and cosmetic bugfixes. See the list of
squid-2.6 changes and the ChangeLog file for details.
* Thu Aug 03 2006 kssingvo@suse.de
- upgrade to version 2.6.STABLE2:
* Bug #1650: transparent interception "Unable to forward this
request at this time"
* Bug #1658: Memory corruption when using client-side SSL
certificates
* Multiple fixes to the experimental COSS cache_dir type Added
* the missing concurrency parameter to basic/digest auth
schemes
* Bug #1669: SEGV in storeAddVaryReadOld Bug #1670: assertion
* failure: i->prefix_size > 0 in
client_side.c:2509
* Bug #1671: transparent interception fails with FreeBSD ipfw or
Linux-2.2 ipchains
* Bug #1660: Accept-Encoding related memory corruption Bug #1673:
* cache digests not served to other caches Bug #1684: xstrdup:
* tried to dup a NULL pointer! Bug #1688: Assertion failure in
* HttpHeader.c in some header_access
configurations
* Bug #1696, Bug #1700 and more: WCCP2 fixes Bug #1677: Duplicate
* etags in the If-None-Match in cache
validations causing lighttpd to fail with error 400
* Added ARP acl support for OpenBSD and ARP fixes for Windows Bug
* #1681: All ntlmauthenticator processes are busy new
* minimum_expiry_time squid.conf directive backported from
Squid-3
* Bug #1703: Wrong default path to the diskd helper causing hangs
* at
100%% CPU
* Bug #1685: Crashes or other odd results after
* storeSwapMetaUnpack:
errors
* a number of other minor and cosmetic bugfixes. See the list of
squid-2.6 changes and the ChangeLog file for details.
- adapted ldflags patch
- added /usr/sbin/cossdump
* Tue Jul 25 2006 schwab@suse.de
- Fix build requires.
* Thu Jul 13 2006 kssingvo@suse.de
- upgrade to version 2.6.STABLE1:
o bug fixes
o Major improvements to the way that Squid handles web proxy,
accelerated and transparent proxy requests to make it easier to
configure transparent and acceleration functionality
o WCCPv2 support multiple cache engines registering with multiple
WCCP routers and switches.
o TPROXY totally transparent proxy support under Linux, which to
allow Squid to appear totally invisible to both client and server
systems when transparently caching requests.
o Support for Etag and Vary HTTP headers.
o Collapsed forwarding, which gives Squid the ability to
intelligently merge client requests for objects into one request
to the server.
o Support for epoll under Linux, which gives Squid the ability to
handle many many more concurrent requests with lower CPU
overhead.
o SSL assisted hardware encryption making use of OpenSSL
functionality within Squid.
o Logging enhancements to allow even greater customization of the
way Squid logs requests in the access-log or to syslog if
required
o Authentication enhancements including Negotiate/Kerberos support,
extra workarounds for NTLM clients and others using Microsoft
Integrated Login.
o Additional external_acl parameters to support SSL and even more
client side parameters.
o ACL changes in conjunction with SSL changes which have been
merged, to allow matching based on SSL certificate parameters.
o New authentication helpers:
- Digest LDAP helper
- Native Windows basic, NTLM and negotiate helpers
- External acl helpers for session monitoring and native Windows
group membership check
o HTCP significantly cleaned up and added support for the CLR
operation to purge contents from the cache
o Support for parsing X-Forwarded-For headers allowing access
controls to be based on the real client IP even if behind secondary
proxies
- adapted SUSE patches
* Sat Jun 17 2006 schwab@suse.de
- Fix typo.
* Sat Jun 17 2006 schwab@suse.de
- Set mandir.
- Use --with-maxfd and don't build as root.
- Don't lose LDFLAGS.
* Mon Mar 13 2006 kssingvo@suse.de
- added 6 official upstream patches
* Mon Mar 06 2006 kssingvo@suse.de
- added 15 official upstream patches
- updated FAQ
* Wed Jan 25 2006 mls@suse.de
- converted neededforbuild to BuildRequires
* Fri Jan 20 2006 schwab@suse.de
- Don't strip binaries.
* Wed Jan 11 2006 kssingvo@suse.de
- added 2 official patches
- updated FAQ
* Fri Dec 16 2005 mmj@suse.de
- compile with -fno-strict-aliasing
* Thu Dec 15 2005 kssingvo@suse.de
- upgrade to squid-2.5.STABLE12
- added official patches
- updated FAQ
* Wed Oct 26 2005 kssingvo@suse.de
- upgrade to squid-2.5.STABLE11
- added official patches (includes CAN-2005-2917 and CVE-2005-3258)
- changed error message when creating cache dir (bugzilla#118561)
* Tue Oct 18 2005 mmj@suse.de
- add -DLDAP_DEPRECATED (to RPM_OPT_FLAGS, since they're the only
ones respected by all subsystems)
* Fri Sep 02 2005 kssingvo@suse.de
- added latest official patches from squid-cache.org
* Tue Aug 02 2005 kssingvo@suse.de
- fixed problem in rc script (bugzilla#100250)
* Tue Jul 26 2005 kssingvo@suse.de
- added latest official patches
- updated FAQ
- changed rc.squid to honor $SQUID_CONF (bugzilla#98186)
* Thu Jun 30 2005 kssingvo@suse.de
- upgrade to squid-2.5.STABLE10
- added official patches and added cachemgr.conf
- adapted local patches
* Mon Jun 27 2005 ro@suse.de
- build with fPIE/pie
- use RPM_OPT_FLAGS
- rename vprintf to packer_vprintf (macro clash)
* Mon Apr 11 2005 kssingvo@suse.de
- fixed rc script for upgrade (bugzilla#76687)
* Thu Mar 10 2005 kssingvo@suse.de
- fixed permission problem (bugzilla#71801)
- fixed ulimit problem (bugzilla#71848)
- added 14 upstream patches (only minor+cosmetic)
- updated FAQ
* Wed Mar 02 2005 kssingvo@suse.de
- update to version 2.5.STABLE9
* Thu Feb 17 2005 kssingvo@suse.de
- updated FAQ
* Tue Feb 15 2005 kssingvo@suse.de
- fix for fillup and norootforbuild trigger
* Mon Feb 14 2005 kssingvo@suse.de
- update to version 2.5.STABLE8
- added latest official patches
- shutdown timeout is now configurable (bugzilla#50785)
- fixed init message for squid shutdown (bugzilla#50786)
* Sat Jan 15 2005 schwab@suse.de
- Use <owner>:<group> in permissions file.
* Mon Nov 15 2004 kukuk@suse.de
- Use common-* PAM configuration
* Fri Sep 24 2004 kssingvo@suse.de
- updated FAQ documents
- added 3 official patches (2 minor, 1 cosmetic)
* Tue Aug 31 2004 kssingvo@suse.de
- removed ancient notify message
- added four official fixes
* Tue Aug 24 2004 kssingvo@suse.de
- added official fix for crash in NTLM module
- added ie_blocker configuration as suggested by Markus Gaugusch
* Tue Aug 17 2004 kssingvo@suse.de
- added 15 official patches
- had to adapt 2 of the official patches to SUSE configuration
- reenabled linux-netfilter on public request
- removed the error directory from %%doc, as its already in %%sysconfig
* Thu Jul 15 2004 kssingvo@suse.de
- update to version 2.5.STABLE6
* Thu Jun 24 2004 kssingvo@suse.de
- added EGREP definition in spec file to make configure happy
- added 13 official patches, with three major fixes;
and includes fix for cache_mem variable > 2048MB (bugzilla#42417)
- replaced NTLM security fix with official one
* Tue Jun 08 2004 kssingvo@suse.de
- buffer overflow fix in NTLM authentication helper (bugzilla#41771)
* Wed May 26 2004 kssingvo@suse.de
- added 1 mainstream patch (minor)
- updated FAQ documents
* Mon Apr 26 2004 kssingvo@suse.de
- updated FAQ documents
- added official patches: 2xcosmetic, 1xminor
- re-enabled transparent proxy support for sles (thx ke)
- re-enabled heap removale policy for sles
* Wed Apr 21 2004 kssingvo@suse.de
- added official patches: 2xcosmetic, 2xmedium, 1xmajor
- enabled more store I/O modules for sles products
* Mon Mar 29 2004 kssingvo@suse.de
- added two official patches: timeout produces wrong error code,
deny_info redirection escaped wrong
- update FAQs with latest available
* Mon Mar 22 2004 kssingvo@suse.de
- added official patches
* Mon Mar 15 2004 kssingvo@suse.de
- added four official patches
* Mon Mar 01 2004 kssingvo@suse.de
- upgrade to squid-2.5.STABLE5
* Thu Feb 19 2004 kssingvo@suse.de
- added many official patches (> 10)
- rejected official squid-2.5.STABLE4-ntlm_auth_popups.patch (breaks build)
- dropped winbind authentification support
(according to author and FAQ no longer supported with samba3.x)
- updated FAQ
* Mon Feb 09 2004 kssingvo@suse.de
- fixes for samba3 (first try - waiting for approve by personal samba
contact :)
- added next official patch: squid-2.5.STABLE4-ftp_telnet.patch
- rejected official patch: squid-2.5.STABLE4-ntlm_auth_popups.patch
causes a lot of compilation problems.
* Wed Jan 21 2004 kssingvo@suse.de
- added missing (official) squid-2.5.STABLE4-xpi_mime.patch
* Tue Jan 20 2004 kssingvo@suse.de
- added official patches (and did some fixes)
* Fri Jan 16 2004 kukuk@suse.de
- Build as normal user
- Add pam-devel to neededforbuild
* Tue Nov 11 2003 kssingvo@suse.de
- enabled external-acl-helpers
* Wed Oct 01 2003 kssingvo@suse.de
- fixed RELEASENOTES version in %%doc
* Thu Sep 25 2003 kssingvo@suse.de
- updated to 2.5.STABLE4
- removed old patches
- and added new ones. :-)
* Mon Sep 22 2003 kssingvo@suse.de
- change e-mail to root in squid.spec as suggested in bugzilla#31447
* Mon Sep 15 2003 kukuk@suse.de
- Fix pam_auth permissions/group (like in /etc/permissions)
* Thu Sep 11 2003 kssingvo@suse.de
- added another upstream patch (delay_access_auth); had to make him fit
* Mon Sep 01 2003 kssingvo@suse.de
- removed patch listed twice: Patch10 and Patch11
- added official patches of last two weeks
- updated documentation to latest version
- fixed smb_auth (bugzilla#28260)
* Mon Sep 01 2003 kssingvo@suse.de
- specfile: restart of daemon on rpm package update (bugzilla#29036)
- try-restart needs rc_status for test and not rc_stop (bugzilla#26937)
* Mon Aug 11 2003 kssingvo@suse.de
- added next bunch of official patches (w/o improvement patch)
* Tue Jul 29 2003 aj@suse.de
- Fix chown calls.
* Wed Jul 23 2003 kssingvo@suse.de
- added a bunch of official patches
* Mon Jun 02 2003 kssingvo@suse.de
- updated to 2.5.STABLE3
- added official patches
- fixed build problems with unpackaged files
* Wed Apr 02 2003 kssingvo@suse.de
- updated to 2.5.STABLE2
- added official patches
- made several fixes (and adaption of old ones)
* Wed Apr 02 2003 ro@suse.de
- rediffed some patches to make it build
* Thu Mar 06 2003 kukuk@suse.de
- Remove cyrus-sasl from neededforbuild
* Mon Mar 03 2003 kssingvo@suse.de
- updated neededforbuild: samba-devel -> samba (bugzilla#24235)
* Mon Mar 03 2003 kssingvo@suse.de
- added official patches
- adapted the winbind patch (bugzilla#24235) (hopefully builds on all archs)
- updated FAQ
* Tue Feb 18 2003 kssingvo@suse.de
- added and updated /etc/permissions.d/squid (bugzilla#23752)
* Wed Feb 12 2003 kssingvo@suse.de
- added manual pages
- added a few fixes for 64bit architecture
- enabled some useful (configure) options
* Mon Feb 10 2003 kssingvo@suse.de
- added all the missing official patches (before feature freeze)
- changed default heap replacement policy from "lru" to "heap"
* Fri Feb 07 2003 kukuk@suse.de
- Use pam_unix2.so instead of pam_unix.so
* Tue Feb 04 2003 kssingvo@suse.de
- fix of automake fix
- added another official patch (today released)
* Tue Feb 04 2003 kssingvo@suse.de
- added mime.conf link and ...
- thanks to ro for again forgotten neededforbuild update
* Tue Feb 04 2003 ro@suse.de
- fixed neededforbuild for the umpteenth time ...
* Mon Feb 03 2003 kssingvo@suse.de
- added next official patches
- requires now use of automake system
- fixed problematic config file mime.confs (now in /etc)
* Wed Jan 22 2003 kssingvo@suse.de
- added several official patches from www.squid-cache.org *sigh*
- added missing cachemgr.cgi
- added missing contrib files from old squid version
- added FAQ in various forms; downloaded from www.squid-cache.org
- added scripts as %%doc
* Thu Jan 16 2003 ro@suse.de
- fixed neededforbuild "sp" -> "opensp"
* Tue Jan 14 2003 kssingvo@suse.de
- added another bunch of official patches
- fixed path problems (runtime) in spec file
* Thu Dec 12 2002 kssingvo@suse.de
- updated to 2.5.STABLE1
- added official patches
- tuned up spec file
* Mon Nov 11 2002 ro@suse.de
- changed neededforbuild <sp> to <opensp>
- changed neededforbuild <sp-devel> to <>
* Tue Sep 03 2002 kssingvo@suse.de
- fixed pathes in squid.logrotate (bugzilla#18792)
* Mon Aug 05 2002 kssingvo@suse.de
- added official msnt_auth patch
- added test for suse_version to be backward compatible with PreReq:
* Wed Jul 31 2002 kssingvo@suse.de
- fixed spec file: new PreReq tokens
- fixed spec file: file permission for cache_dir and log_dir
- fixed rc script: now honors cache_dir in squid.conf and fails if
problems in creation (bugzilla #14892)
* Mon Jul 29 2002 kssingvo@suse.de
- fixed Requires/Provides in SPEC file.
* Mon Jul 29 2002 kssingvo@suse.de
- added useful configure options
- added a lot of new authentification methods (and therefore conflicts
with RPM smb_auth)
- re-organized %%Files section
* Fri Jul 26 2002 kssingvo@suse.de
- created /etc/logrotate.d/squid
* Sun Jul 14 2002 poeml@suse.de
- update to patchlevel 2.4STABLE7 (dropping the respective patches)
- rc.squid INIT section: use X-UnitedLinux-Should-Start
- move configuration to /etc/squid
- install error message files to /usr/share/squid. Link to English
as default.
- drop %%pre script that renamed /usr/share/squid/errors
- use %%defattr
* Wed Jul 03 2002 ro@suse.de
- create squid user also at begin of install section
* Tue Jul 02 2002 poeml@suse.de
- squid does not need a valid login shell.
* Tue Jul 02 2002 poeml@suse.de
- Update to 2.4.STABLE6 (dropping the last two patches), and add
several new security fixes (see
http://www.squid-cache.org/Versions/v2/2.4/bugs/):
* Buffer overflows in the Gopher client
* Sanity checks of the FTP data channel
* FTP directory parsing buffer overflows
* Make Squid deny transfer-encoding to work around Apache issue
* Insecure forwarding of proxy_auth
and minor fixes:
* cache_mem documentation
* client -T not implemented
* HTCP coredump on "squid -k reconfigure"
Not included, because the module is not activated:
* Buffer overflows in the MSNT auth helper (updating the module
from 1.2 to 2.0)
- Using useradd in the specfile.
* Thu Mar 21 2002 draht@suse.de
- squid-2.4.STABLE3-rfc1035-security.diff fixes compressed dns
reply buffer overflow.
* Mon Feb 25 2002 poeml@suse.de
- disable HTCP support (upon recommendation of Henrik Nordstrom
<hno@squid-cache.org>). The implementation lacks access control
and logging, and does not add any value to cache peering compared
to ICP.
* Sat Feb 23 2002 poeml@suse.de
- test for correct cache directory in rc.squid
- specify DEFAULT_PID_FILE
* Wed Feb 20 2002 draht@suse.de
- added three security-relevant patches, combined in
squid-2.4.STABLE3-misc-sec.dif:
* "htcp port 0" fails to disable the HTCP port
* coredump on ftp:// style URLs
* fix for SNMP memory leaks
See http://www.squid-cache.org/Versions/v2/2.4/bugs/.
* Mon Feb 18 2002 poeml@suse.de
- update to 2.4.STABLE3: numerous bug fixes. for the Changelog see
http://www.squid-cache.org/Versions/v2/2.4/ChangeLog.txt
- make file locations more FHS conform:
/var/squid/cache --> /var/cache/squid
/var/squid/logs --> /var/log/squid
- drop security patch (included upstream)
* Sat Feb 02 2002 poeml@suse.de
- replace GmbH --> AG
* Fri Dec 14 2001 ro@suse.de
- removed START_SQUID
* Fri Oct 05 2001 bjacke@suse.de
- update to 2.4RC2 (prev. squid-beta package)
- use buildroot
- fix security hole where squid could be crashed by certain requests
* Tue Sep 04 2001 bodammer@suse.de
- specfile fix: install /etc/squid.conf with noreplace [Bug #10023]
* Fri Aug 24 2001 ro@suse.de
- removed /lib/security path from pam.d config file
* Fri Aug 17 2001 bodammer@suse.de
- initscript and textfiles moved away from squid-2.3.STABLE4.dif
* Mon Aug 13 2001 ro@suse.de
- changed neededforbuild <sp_libs> to <sp-devel>
* Thu May 10 2001 bodammer@suse.de
- initscript fix: don't start squid in runlevel 2 [bug #7956]
* Wed May 09 2001 mfabian@suse.de
- bzip2 sources
* Tue Apr 17 2001 bodammer@suse.de
- initscript fix: check for running squid before creating cache-dir
* Thu Apr 05 2001 bodammer@suse.de
- squid.conf: allow localhost access to squid by default
- initscript: ulimit -n 4096 added to increase filedescriptors
- cachemgr.cgi moved to doc/scripts
- build of Programming-Guide removed from specfile
* Fri Mar 30 2001 bodammer@suse.de
- initscript-fix: $named for added for required startup
* Wed Mar 28 2001 bodammer@suse.de
- new initscript more LSB conform
* Thu Mar 22 2001 bodammer@suse.de
- new patch from www.squid-cache.org applied
* Fri Mar 16 2001 kukuk@suse.de
- Fix bogus requires
* Thu Mar 15 2001 ro@suse.de
- changed for openldap2
* Thu Mar 15 2001 ro@suse.de
- fixed neededforbuild for openldap
* Tue Feb 13 2001 bodammer@suse.de
- package squid23 renamed to squid
- specfile: Obsoletes squid2 and squid23 added
Conflicts squid-beta added (instead of squid24)
- pam_auth: permissions set to sgid shadow
- build of doc/Programming-Guide fixed
* Fri Jan 19 2001 bodammer@suse.de
- specfile fix: ulimit was missing and conflicts squid24 added
* Tue Dec 19 2000 bodammer@suse.de
- squid.h patched to allow increase of available filedescriptors:
set to 4096 at buildtime by "ulimit -n 4096" in spec-file
* Tue Dec 12 2000 ro@suse.de
- use official tags for required-start
* Mon Dec 11 2000 bodammer@suse.de
- error in initscript fixed
* Wed Dec 06 2000 bodammer@suse.de
- Requires ldaplib added in specfile
- errors in README.SuSE fixed
* Tue Dec 05 2000 bodammer@suse.de
- hno-patch by Henrik Nordstrom included
- Initscript now checks for a running squid
* Tue Dec 05 2000 bodammer@suse.de
- new patches from www.squid-cache.org included
* Tue Nov 28 2000 bodammer@suse.de
- Fix location of rcscript
* Fri Nov 24 2000 bodammer@suse.de
- rcscript update
* Mon Nov 06 2000 ro@suse.de
- fixed neededforbuild
* Sat Oct 28 2000 kukuk@suse.de
- Fix need for build filelist
* Mon Sep 18 2000 bodammer@suse.de
- initscript reload-option fixed
- more patches from www.squid-cache.org
* Mon Jul 24 2000 bodammer@suse.de
- another patch from www.squid-cache.org added
* Fri Jul 21 2000 bodammer@suse.de
- patch ftp_icon_not_found from www.squid-cache.org added
* Tue Jul 18 2000 bodammer@suse.de
- update -> squid-2.3.STABLE4
* Mon Jun 26 2000 bodammer@suse.de
- another patch from www.squid-cache.org added
* Tue May 23 2000 bodammer@suse.de
- specfile-fix: installation of docu changed
- initscript fixed
* Thu May 18 2000 bodammer@suse.de
- new patches ("Disk space over the limit") included
* Wed May 17 2000 bodammer@suse.de
- update -> squid-2.3STABLE3
* Wed Apr 12 2000 bodammer@suse.de
- logfile-rotation disabled in squid.conf to avoid interaction
with logfile-compression configured in /etc/logfiles
* Mon Mar 13 2000 bodammer@suse.de
- new patches from squid.nlanr.net included
* Fri Mar 03 2000 bodammer@suse.de
- update -> squid-2.3STABLE2
* Wed Feb 23 2000 bodammer@suse.de
- more patches from squid.nlanr.net included
- init-script fix: wait for squid to shutdown
- location of pid-file changed to /var/run
* Wed Feb 16 2000 bk@suse.de
- initial squid2.3STABLE1 package by bodammer
