SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for squid-2.7.STABLE6-7.3.1.i586.rpm :
Wed Dec 21 13:00:00 2011 drahtAATTsuse.de
- squid-2.7.STABLE5-bnc587375-CVE-2010-0639.patch fixes remote
dos via NULL ptr deref on HTCP. [bnc#587375]

Tue Nov 3 13:00:00 2009 cooloAATTnovell.com
- updated patches to apply with fuzz=0

Tue Aug 11 14:00:00 2009 chrisAATTcomputersalat.de
- update to 2.7.STABLE6

* Bug #2494: Fix tproxy url in configure

* Correct latency measurements

* Correct upgrade_http0.9 example

* Correct parsing of invalid http version numbers

* Crossreference authenticate_ip_shortcircuit_access and

* authenticate_ip_shortcircuit_ttl

* Add in some better documentation for override-expire.
- added upstream patches
o 12466, 12480-12495, 12497
o disabled 12488.patch (can not patch not existing file)

Mon Oct 27 13:00:00 2008 kssingvoAATTsuse.de
- update to 2.7.STABLE5, which is a bugfix version only:

* Don\'t set expires: now in generated error responses

* Old headers still returned after a cache validation

* swap.state permission issues if crashing during \"squid -k
reconfigure\"

* Limit stale-if-error to 500-504 responses

* Increase negotiate auth token buffer size

* add upgrade_http0.9 option making it possible to disable
upgrade of HTTP/0.9 responses

* assertion failed: sc->new_callback == NULL at store_client.c:190

* Shut down store url rewrite helpers on squid -k reconfigure

* configuration file contains non-ASCII characters
For complete list of changes see:
http://www.squid-cache.org/Versions/v2/2.7/changesets/SQUID_2_7_STABLE5.html
- removed obsolete, already in upstream version patches

Thu Oct 2 14:00:00 2008 kssingvoAATTsuse.de
- bugfix if user is in many kerberos groups (12380.patch)

Thu Sep 25 14:00:00 2008 kssingvoAATTsuse.de
- added a few official patches:

* HTTP/0.9: making it possible to disable upgrade of HTTP/0.9
responses

* assertion failed: sc->new_callback == NULL at store_client.c:190

* foreground rebuild should do all of the rebuilding before Squid
accepts

* Shut down store url rewrite helpers on squid -k reconfigure

* configuration file contains non-ASCII characters

Wed Aug 20 14:00:00 2008 kssingvoAATTsuse.de
- update to 2.7.STABLE4:

* DNS retransmit queue could get hold up

* assertion failed: forward.c:529: \"fs\"

* assertion failed: forward.c:110: \"!EBIT_TEST(e->flags,
ENTRY_FWD_HDR_WAIT)\"

* Workaround for Linux-2.6.24 & 2.6.25 netfiler_ipv4.h include
header __u32 problem

* Make dns_nameserver work when using --disable-internal-dns on
glibc based systems

* Handle aborted objects properly. The change in 2.7.STABLE3
triggered a number of issues.

* access.log logs rewritten URL and strip_query_terms ineffective
For full list of changes see:
http://www.squid-cache.org/Versions/v2/2.7/changesets/SQUID_2_7_STABLE4.html
- added cron to Requires: as rpmlint complains on this

Sun Aug 17 14:00:00 2008 ajAATTsuse.de
- Fix init scripts.

Wed Jul 2 14:00:00 2008 kssingvoAATTsuse.de
- update to 2.7.STABLE3:
major changes from 2.6 to 2.7:

* HTTP/1.1 support

* performance improvements

* no longer WAIS support

* can emulate an origin server when acting as an accelerator

* \"min-size\" option for cache_dir

* semi-modular logging framework introduced

* Support for rewriting URLs into canonical forms when storing
and retrieving objects

* Object revalidation in background

* new option \"zero_buffers\"

* cache authentication based on source IP address

* configuration files can be included

* alteration for default rules to not cache dynamic content from
cgi-bin and query URLs

* cleanup of accelerator mode

* zero Penalty Hit support

* and many bugfixes
For full list of changes see:
http://www.squid-cache.org/Versions/v2/2.7/changesets
- fixed the config patch accordingly
- sorted files in /usr/sbin
- added new binary /usr/sbin/logfile-daemon

Mon May 19 14:00:00 2008 kssingvoAATTsuse.de
- added \"sharedscripts\" to logrotate (bnc#388088)

Tue Apr 29 14:00:00 2008 kssingvoAATTsuse.de
- update to 2.6.STABLE19:

* Custom log formats fail to log file sizes >2GB properly on
32-bit platforms

* outgoing_address acl doesn\'t work with indirect source address
(follow-x-forwarded-for)

* Stuck in 100% CPU when fetching an corrupt peer digest

* Add support for the resolv.conf domain directive, and also
automatically derived default domain

* minimum_icp_query_timeout directive
Full list of changes see:
http://www.squid-cache.org/Versions/v2/2.6/changesets/SQUID_2_6_STABLE20.html
- removed official patches, which are now included in latest version

Thu Apr 17 14:00:00 2008 kssingvoAATTsuse.de
- added official patches:

* Custom log formats fail to log file sizes >2GB properly on
32-bit platforms

* Fix stripping NT domain in squid_ldap_group

* Cache-Control: max-stale=0 forwarded wrongly as max-stale
(without delta)

* Fails to parse chunked encoding using chunk extensions

* Deal properly with empty list members

* tcp_outgoing_address acl doesn\'t work with indirect source
address (follow-x-forwarded-for)

Wed Mar 26 13:00:00 2008 kssingvoAATTsuse.de
- update to 2.6.STABLE19:

* Fix tcp_outgoing_address example config to match its description

* Assertion failed sc != NULL when using peer monitor function
fixed

* Fix missing default disk store type into QUICKSTART example.

* Handle recursive completion operations in diskd fixed.

* documentation bugfix for tcp_outgoing_tos directive

* Sort cache list in wccpv2 to ensure a consistent hash allocation
across all services

* Updated Ukrainan error pages

* Compile error in squid_kerb_auth under Mac OS X 10.5.2

* squid_radius_auth failed ro process more than 256 requests

* Clarified description of \'cache_vary\' directive

* Make range_offset_limit 0 disable local range processing as
documented, even if the first range starts at 0
- updated 64bit patch
- updated FAQ: no longer avail, its a Wiki now. Best compromise to
use CompleteFaq webpage instead.

Tue Jan 15 13:00:00 2008 kssingvoAATTsuse.de
- update to 2.6.STABLE18:

* Preparing 2.6.STABLE18

* This is STABLE18, not 16..

* Remove HEAD ChangeLog entries copied by mistake

* Preparing for 2.6.STABLE18

* Update valgrind support for valgrind-3.3.0

* Sometimes arrayShrink() will be asked to shrink by 0 entries.
Handle that.

* Digest authentication fixes

* Minor cleanups to make some 64-bit platforms happier

* Novell eDirectory digest helper edir_digest_auth update to
clean up license

* Change old infoAATTircache.net contact address to
infoAATTsquid-cache.org

* Convert spnegohelp.h and spnegohelp.c files drom DOS to Unix
text format.

* Fix bug in header array compression
- removed obsolete suse 8.0 check in PreReq

Wed Dec 12 13:00:00 2007 kssingvoAATTsuse.de
- BuildRequires doesn\'t need openldap2 anymore. fixed.

Mon Dec 3 13:00:00 2007 kssingvoAATTsuse.de
- upgrade to version 2.6STABLE17:

* Fix compile error with old GCC 2.x or other ANSI-C compilers
before C99

* Mention the login= cache_peer option in release notes

* Fix bad cache_peer example in squid.conf

* Fix a compile-time memory corruption error causing cf_gen to
fail

* Clarify high_memory_warning usage

* Reject DNS responses which result in no data

* Fix version number in configuration manual

* Move cache and request/reply_header_max_size to their proper
sections

* sbrk statistics broken when process size >2GB

* Move logopen() much earlier to have fatal startup errors sent
to the proper syslog facility

* Fix HTTP/0.9 responses

* Correct bad example config for tos_outgoing_tos

* Fix grammar in description of mail_program squid.conf option

* Ignore Content-Length in chunked responses instead of
rejecting the response as invalid

* Documented that http_port no longer have a default

* Cleanup of cache digest documentation

* Make aufs store rebuilding back off a little if I/O load too
high

* Respect DNS ttl=0

* Update udp_(incoming|outgoing)_address documentation to
reflect current bahaviour.

* Update HTCP documentation

* Document the overlapping helper request format

* Change priority of proxy auth and extacl provided username in
login=
*:pass

* pack header entries on cache updates

* Make squid_db_auth reopen the database connection on each
query by default

* Improve helper debug ouput, including the channel number

* Update cachePeerEntry MIB description to mention what is used
as index key

* Import squid_radius_auth for authenticating to RADIUS

Tue Oct 23 14:00:00 2007 kssingvoAATTsuse.de
- upgrade to version 2.6STABLE16:

* Test for sys/capability.h linux include file to avoid failing on
linux systems missing libcap

* Release private objects on cache rebuild

* Segfault in clientBuildReplyHeader when http->entry == NULL

* Bug #2072: digest_pw_auth fails when using plaintext passwords

* Bug #2073: assertion failed: client_side.c:4175: \"buf != NULL ||
!conn->body.request on POST

* Adjust default pconn timeouts to avoid shutting down connection while
child sends request

* Bug #1980: cache_peer monitortimeout not working

* Bug #1882: Parent responses are not cached if sibling returns 504

* More squid.conf reordering to get the dependencies between options
sorted proper

* The select() I/O loop got broken by the /dev/poll addition
(2.6.STABLE14)

* Bug #2017: Fails to work around broken servers sending just the HTTP
headers

* Bug #2023: Compile error with old GCC 2.x or other ANSI-C compilers
before C99

* squid.conf.default updated and reorganised in more sensible groups

* correct and document the syslog access_log format

* Armenian error pages translation

* digest_ldap_helper usage help updated

* Bug #1560: ftpSendPasv: getsockname(-1,..): (9) Bad file descriptor

* Improve delay pools in low traffic environment by checking timeouts
at a steady 1 second interval even when there is not much activity

* Don\'t request authentication on transparently intercepted
connections

* Cleanup linux capabilities for tproxy

* Bug #2003: \'via\' config directive doesn\'t affect response headers

* Bug #1902: Adds Numeric Hit and invalid request counters to IP Cache

* Add missing $|=1 to squid_db_auth

* Bug #2050: Persistent connection dropped if cache has no
Content-Length

* Verify the URL on memory cache hits

* Bug #2057: NTLM stop work in messengers after upgrade to 2.6.STABLE14

* Bug #1972: Squid sets peers to down state when they are in fact
working.

* potential segmentation fault in storeLocateVary()

* Bug #2066: chdir after chroot

* Windows port: Fix compiler warnings when building Squid as
application (not Windows service mode)

* Spelling correction of received
- adapted config patch

Thu Aug 16 14:00:00 2007 kssingvoAATTsuse.de
- removed /etc/squid/errrors: no longer needed (bugzilla#300933)

Thu Aug 9 14:00:00 2007 kssingvoAATTsuse.de
- removed explicit permissions handling (bugzilla#298341)

Mon Aug 6 14:00:00 2007 kssingvoAATTsuse.de
- moved $named from Required-Start to Should-Start (bugzilla#142653)
- renamed X-UnitedLinux-Should-Start to Should-Start in rc script
- renamed X-UnitedLinux-Should-Stop to Should-Stop in rc script

Mon Jul 30 14:00:00 2007 kssingvoAATTsuse.de
- upgrade to 2.6.STABLE14:

* Bug #2008: Work around clients trying to use NTLM or Negotiate
without persistent connections

* Deal better with forwarding loops

* Bug #2010: snmp_core.cc:828: warning: array subscript is above
array bounds

* Temporary shortage of system filedescriptors may cause Squid to
permanently stop accepting connections

* Bug #1085: Add no-wrap to cache manager HTML tables

* Cosmetic squid_ldap_auth cleanups from Squid-3

* Simple POP3 basic auth helper querying a POP3 server

* squid.conf.default cleanups

* Clean up HTML escapes in the configuration manual

* Simple POP3 basic auth helper querying a POP3 server

* Imported updated squid_kerb_auth helper from the SourceForge
squidkerbauth repository

* Bug #1130: min-size option for cache_dir

* digest_edir_auth helper, using novell eDirectory universal
password

* Bug #1968: Squid hangs occasionally when using DNS search paths

* Bug #1900: Double \"squid -k shutdown\" makes Squid restart again

* There is no -a command line option in Squid-2.6 and later.

* Make AC_CHECK_.._SYSTYPE wrappers around the default calls to
allow cross-compiling

* Renamed db_auth.pl to squid_db_auth, and autogenerate perl path
and man page

* make devpoll support work

* Bring over Solaris/IRIX /dev/poll network IO support from
Squid-2, enabled by compiling with --enable-devpoll

* Database auth helper using Perl DBI

* Kerberos SPNEGO helper

* Always use xisxxxx() Squid defined macros instead of ctype
functions.

* Round time to next event upwards to avoid storms of comm_select
loops doing nothing

* Adjust refresh_pattern min-age to make 0 mean 0, not 1 second

* URI-escape using the recommended upper case

* Correct the refresh_pattern ignore-auth documentation to refer
to CC: public

* Dump out the config manual while making snapshots

* Script to build HTML configuration manual from cf.data

* Shuffle around various configuration options into their own
sections

Wed May 23 14:00:00 2007 kssingvoAATTsuse.de
- moved cachemgr.cgi to %{_libdir}/squid to make rpmlint happy

Mon May 14 14:00:00 2007 kssingvoAATTsuse.de
- upgrade to 2.6.STABLE13:

* Make sure reply headers gets sent even if there is no body available
yet, fixing RealMedia streaming over HTTP issues.

* Undo an accidental name change of storeUnregisterAbort.

* Kill an ancient malplaced storeUnregisterAbort call from ftp.c

* Bug #1814: SSL memory leak on persistent SSL connections

* Don\'t log ECONNREFUSED/ECONNABORTED accept failures in cache.log

* Cosmetic fix: added missing newline in WCCPv2 configuration dump.

* Ukrainan error messages

* Convert various error pages from DOS to UNIX text format

* Bug #1820: COSS assertion failure t->length == MD5_DIGEST_CHARS

* Clarify the max-conn=n cache_peer option syntax slightly

* Bug #1892: COSS segfault on shutdown

* Windows port: fix undefined ECONNABORTED

* Make refreshIsCachable handle ETag as a cache validator, not
only last-modified

* in_port_t is not portable, use unsigned short instead

* Fix fs / auth / snmp dependencies

* Portability: statfs() may reqire #include

Fri Apr 6 14:00:00 2007 roAATTsuse.de
- added valgrind-devel to buildrequires

Tue Apr 3 14:00:00 2007 kssingvoAATTsuse.de
- upgrade to 2.6.STABLE12:

* Upgrade HTTP/0.9 responses to our HTTP version (HTTP/1.0)

* various diskd bugfixes

* In the access.log hierarchy field log the unique peer name
instead of the host name

* unlinkdClose() should be called after (not before)
storeDirSync()

* CLEAN_BUF_SZ was defined, but never used anywhere

* logging HTTP-request size

* Fix icmp pinger communication on FreeBSD and other not
supporing large dgram AF_UNIX sockets

* Release objects on swapin failure

* Objects stuck in cache if origin server clock in future

* 302 responses with an Expires header is always cached

* Primitive support for HTTP/1.1 chunked encoding, working around
broken servers

* Clean up relations between TCP probing and DNS checks of peers
with no known addresses.

* Fix a minor HTML coding error in ftp directory listings with //
in the path

* Cleanup of refresh logics when dealing with non-refreshable
content

* Gopher cleanups and bugfixes

* Negotiate authentication fixed again. Broken since STABLE7 by
the patch for

* COSS tries to shut down the same directory twice on exit

* store
*DirRebuildFromSwapLog() ignores some SWAP_LOG_DEL entries

* Added support for Subversion HTTP request methods MKACTIVITY,
CHECKOUT and MERGE.

* assertion failed: client_side.c:4055: \"buf != NULL ||
!conn->body.request\"

* Handle garbage helper responses better in concurrent protocol
format

* Fix kqueue when overflowing the changes queue

* Make sure the child worker process commits suicide if it could
not start up

* Don\'t log short responses at debug level 1

* Fix bswap16 & bwsap32 error on NetBSD

* Fix collapsed_forwarding for non-GET requests

* Assertion error on TRACE

Mon Feb 26 13:00:00 2007 kssingvoAATTsuse.de
- needsrootforbuild injected: urgently required for ulimit setting

Wed Jan 31 13:00:00 2007 kssingvoAATTsuse.de
- upgrade to 2.6.STABLE9 with this fixes:

* Date parsing error causing objects to get unexpectedly cached.
Problem introduced in 2.6.STABLE6.

* authenticateNTLMFixErrorHeader: state 4. NTLM & Negotiate
instability introduced in 2.6.STABLE6.

* Primitive support for HTTP/1.1 chunked encoding, working around
broken servers sending chunked encoding in response to HTTP/1.0
requests.

* STALE: Entry\'s timestamp greater than check time. Clock going
backwards?

* Don\'t update object timestamps on a failed revalidation.

* If-Modified-Since broken in 2.6.STABLE8

* diskd bug in storeDiskdIOCallback()

Mon Jan 22 13:00:00 2007 kssingvoAATTsuse.de
- reinjected SAMBAPREFIX into specfile (bugzilla#236317)

Thu Jan 18 13:00:00 2007 kssingvoAATTsuse.de
- upgrade to 2.6.STABLE7:

* Windows port: Fix intermittent build error using Visual Studio

* Add missing tproxy info from the dump of http port
configuration

* Bug #1853: Support for ARP ACL on NetBSD

* clientNatLookup(): fix wrong function name in debug messages

* Convert ncsa_auth man page from DOS to Unix text format.

* Bug #1858: digest_ldap_auth had some remains of old hash format

* Correct the select_loops counter when using select(). Was
counted twice

* Clarify the http_port vhost option a bit

* Fix cache-control: max-stale without value or bad value

* Bug #1857: Segmentation fault on certain types of ftp://
requests

* Bug #1848: external_acl crashes with an infinite loop under
high load

* Bug #1792: max_user_ip not working with NTLM authentication

* Bug #1865: deny_info redirection with authentication related
acls

* Small example on how to use the squid_session helper

* Bug #1863: cache_peer monitorurl, monitorsize and
monitorinterval not working properly

* Clarify the transparent http_port option a bit more

* Bug #1828: squid.conf docutemtation error for proxy_auth digest

* Bug #1867: squid.pid isn\'t removed on shutdown

Wed Jan 17 13:00:00 2007 lnusselAATTsuse.de
- install pam_auth setuid root instead of setgid shadow (#216816)
- fix permissions handling

Tue Jan 9 13:00:00 2007 kssingvoAATTsuse.de
- fixed gnu ftpserver name mangling (bugzilla#230751)
- fixed pidfile removal issue (bugzilla#223067)

Tue Dec 12 13:00:00 2006 kssingvoAATTsuse.de
- upgrade to 2.6.STABLE5:

* Whitespace cleanup

* Preparing for 2.6.STABLE6

* Resurrect httpd_accel_no_pmtu_disc after the transparent interception
cleanup

* Spell check in release notes

* Windows port: Updated release notes

* Windows port: Fixed build error on MinGW using SSL support

* Windows port: Updated release notes

* Windows port: Fix build errors when using latest MinGW environment

* Bug #1641: assertion failed: stmem.c:149: \"size > 0\" while processing
certain Vary objects

* Bug #1840: Disable digest and netdb queries to multicast peers

* Bug #1839: Cosmetic debug message cleanup in peerHandleHtcpReply.

* Bug #1801: NTLM authentication ends up in a loop if the server responds
with a retriable error

* Bug #439: Multicast ICP peering is unstable and considers most peers dead

* Fix the WCCPv2 mask assignment code to not crash as the value assignments
are built.

* Bug #1584: Unable to register with multiple WCCP2 routers

* Convert the connStateData->chr single link list to a normal dlink_list for
clarity.

* Accept large dates >2^31. Seen for example in the Google logo.

* Remove old leftover variable after the client_side buffer cleanup

* Reduce memory allocator pressure by not continually allocating client-side
read buffers

* Remove malloc/free of temporary buffer in time parsing routines.

* Document that proxy_auth also accepts -i for case-insensitive operation

* Convert snmpDebugOid to use a temporary String object instead of strcat

* Bug #1832: Error building squid-2.6.STABLE5 using --enable-truncate

* Add support for the weight= parameter to round-robin peers

* Fix defaultsite= processing after the accelerator mode cleanup

* Clarify the external_acl_type helper format specification and some defaults

* Bug #1773: Segmentation violation bug in the cleanup of transparent mode

* Cleanup to silence a harmess GCC inline warning

* Bug #1805: assertion failed: StatHist.c:195: \"D[i] >= 0\"

* Remove extra newline in redirect message sent by deny_info http://...
aclname

* Bug #1117: assertion failed: aufs/store_dir_aufs.c:642:
\"rb->flags.need_to_validate\"

* Bug #1818: Assertion failure assert(e->swap_dirn >= 0) in fs/coss/
store_dir_coss.c storeCoss_DeleteStoreEntry

* Windows port: updated release notes

* Only use crypt() if it\'s available

* automake no longer recommends mkinstalldirs. Remove it from the
distribution.

* Bug #1799: Harmless 1 byte buffer overflow on long host names in /etc/hosts

* Cleanup of transparent & accelerator mode request parsing to untangle the
firewall dependencies a bit

* Add client source port logformat tag >p

* Bug #1817: Assertion failure assert(buflen >= copy_sz) in htcp.c
htcpBuildAuth()

Mon Nov 6 13:00:00 2006 kssingvoAATTsuse.de
- upgrade to version 2.6.STABLE5, which is only a bug fix version, with
these most important bug fixes:

* Some memory leaks corrected, some of which could result in
denial of service conditions after some time.

* Assertion failure related to Vary/ETag processing, which could
maybe result in a denial of service condition.

* Delay pools now assigns bandwidth fairly among competing
connections.

* Port 563 removed from the default set of SSL ports.
- Changes from 2.6.STABEL4 to 2.6.STABEL5 in detail:

* 2.6.STABLE4 aufs fails to compile if coss isn\'t enabled

* COSS improvements and cleanups

* SNMP linking issue resolved, enabling SNMP support to be build in all
platforms

* access_log syslog results in blanks syslog lines between every entry

* Incorrect error message on invalid cache_peer specifications

* Memory leak in handling of negatively cached objects

* Incorrect Vary processing in combination with collapsed_forwarding

* Memory leak in ncsa_auth on password changes

* Suppress some annoying coss startup messages raising the debug level
to 2.

* Clarify the external_acl_helper concurrency= change.

* aioDone() could be called twice from aufs and from coss (when using
AIOPS) during shutdown.

* Accept 00:00-24:00 as a valid time specification even if redundand
and the same as 00:00-23:59

* Theoretical memory leak in storeSetPublicKey

* Removing port 563 from the default SSL_ports and Safe_ports ACLs

* Automatically enable Linux Netfilter support with
- -enable-linux-tproxy.

* squid -k reconfigure crash when using req/rep_header acls

* Clarify the select/poll/kqueue/epoll configure --enable/disable
options

* Delay pools fairness when multiple connections compete for bandwidth

* Crash on exit in certain conditions where cache.log is not writeable

* Assertion error HttpHeader.c:914: \"str\"

* Crash on wccp2 + mask assignement + standard wccp service

* Silence harmless gcc compile warning.

* Clean up poll memory on shutdown

* Ported select, poll and win32 to new comm event framework

* Windows port: Correctly identify Windows Vista and Windows Server
Longhorn

* Added a basic comm_select_simple comm loop only requiring minimal
POSIX compliance.

* Safeguard from kb_t counter overflows on 32-bit platforms

Wed Oct 18 14:00:00 2006 kssingvoAATTsuse.de
- upgrade to version 2.6.STABLE4:

* New wccp2_weight directive

* Numeros COSS fixes and improvements

* Support for WCCP2 hash based assignment and weighted assignments

* Windows port update

* Many small fixes to better detect invalid configurations

* Bug #1760: FTP related memory leak

* SNMP mib updates for some minor missing details

* Bug #1590: Silence those harmless ETag loop warnings

* Bug #1740: Squid crashes on certain malformed HTTP responses

* Bug #1699: assertion failed: authenticate.c:836:
\"auth_user_request != NULL\"

* a number of other minor and cosmetic bugfixes. See the list of
squid-2.6.STABLE4 changes and the ChangeLog file for details.
- removed ncsa patch, now upstream included

Wed Aug 30 14:00:00 2006 kssingvoAATTsuse.de
- fix for buffer size in ncsa auth (bugzilla#202249)

Wed Aug 23 14:00:00 2006 kssingvoAATTsuse.de
- upgrade to version 2.6.STABLE3:

* src/dst acl parsing changed to not attempt to guess a netmask
if none was specified. Instead assume it\'s an IP address and not
a network even if it ends in 0

* Several memory leaks plugged

* Delay pools now work again (broken in 2.6.STABLE1 & 2)

* New log_format %ue and %us tags for external acl or ssl user id

* COSS fixes and performance improvements

* Include acl\'s is now shown in their original form in cachemgr
configuration dumps.

* ntlm fake_auth finally handles non-ascii user names

* TCP fallback on truncated DNS responses, making the internal
DNS client complete.

* Downloads could hang when using the cache_dir max-size option

* Fixed some assertion failures and segmentation faults

* Some small optimizations to reduce CPU usage

* a number of other minor and cosmetic bugfixes. See the list of
squid-2.6 changes and the ChangeLog file for details.

Thu Aug 3 14:00:00 2006 kssingvoAATTsuse.de
- upgrade to version 2.6.STABLE2:

* Bug #1650: transparent interception \"Unable to forward this
request at this time\"

* Bug #1658: Memory corruption when using client-side SSL
certificates

* Multiple fixes to the experimental COSS cache_dir type Added

* the missing concurrency parameter to basic/digest auth
schemes

* Bug #1669: SEGV in storeAddVaryReadOld Bug #1670: assertion

* failure: i->prefix_size > 0 in
client_side.c:2509

* Bug #1671: transparent interception fails with FreeBSD ipfw or
Linux-2.2 ipchains

* Bug #1660: Accept-Encoding related memory corruption Bug #1673:

* cache digests not served to other caches Bug #1684: xstrdup:

* tried to dup a NULL pointer! Bug #1688: Assertion failure in

* HttpHeader.c in some header_access
configurations

* Bug #1696, Bug #1700 and more: WCCP2 fixes Bug #1677: Duplicate

* etags in the If-None-Match in cache
validations causing lighttpd to fail with error 400

* Added ARP acl support for OpenBSD and ARP fixes for Windows Bug

* #1681: All ntlmauthenticator processes are busy new

* minimum_expiry_time squid.conf directive backported from
Squid-3

* Bug #1703: Wrong default path to the diskd helper causing hangs

* at
100% CPU

* Bug #1685: Crashes or other odd results after

* storeSwapMetaUnpack:
errors

* a number of other minor and cosmetic bugfixes. See the list of
squid-2.6 changes and the ChangeLog file for details.
- adapted ldflags patch
- added /usr/sbin/cossdump

Tue Jul 25 14:00:00 2006 schwabAATTsuse.de
- Fix build requires.

Thu Jul 13 14:00:00 2006 kssingvoAATTsuse.de
- upgrade to version 2.6.STABLE1:
o bug fixes
o Major improvements to the way that Squid handles web proxy,
accelerated and transparent proxy requests to make it easier to
configure transparent and acceleration functionality
o WCCPv2 support multiple cache engines registering with multiple
WCCP routers and switches.
o TPROXY totally transparent proxy support under Linux, which to
allow Squid to appear totally invisible to both client and server
systems when transparently caching requests.
o Support for Etag and Vary HTTP headers.
o Collapsed forwarding, which gives Squid the ability to
intelligently merge client requests for objects into one request
to the server.
o Support for epoll under Linux, which gives Squid the ability to
handle many many more concurrent requests with lower CPU
overhead.
o SSL assisted hardware encryption making use of OpenSSL
functionality within Squid.
o Logging enhancements to allow even greater customization of the
way Squid logs requests in the access-log or to syslog if
required
o Authentication enhancements including Negotiate/Kerberos support,
extra workarounds for NTLM clients and others using Microsoft
Integrated Login.
o Additional external_acl parameters to support SSL and even more
client side parameters.
o ACL changes in conjunction with SSL changes which have been
merged, to allow matching based on SSL certificate parameters.
o New authentication helpers:
- Digest LDAP helper
- Native Windows basic, NTLM and negotiate helpers
- External acl helpers for session monitoring and native Windows
group membership check
o HTCP significantly cleaned up and added support for the CLR
operation to purge contents from the cache
o Support for parsing X-Forwarded-For headers allowing access
controls to be based on the real client IP even if behind secondary
proxies
- adapted SUSE patches


  
ICM