SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for squid-6.10-lp155.323.10.x86_64.rpm :

* Thu Jun 27 2024 Adam Majer - update to 6.10 - ESI: Disable by default (#1728) - Bug 5378: type mismatch in libTrie (#1830) (bsc#1227086, CVE-2024-37894) - testCacheManager: use cppunit exception tests (#1811) - testRandomUuid: use cppunit exception tests (#1814) - Docs: REQUIRED in ident_regex, proxy_auth_regex, ext_user_regex (#1818) - Fix build with clang v18 [-Wvla-cxx-extension] (#1813) (#1817)
* Tue May 28 2024 Adam Majer - update to 6.9 - Regression Bug 5349: basic_nis_auth build error: unterminated #ifndef - Bug 5069: Keep listening after getsockname() error - Bug 5360: FwdState::noteDestinationsEnd() assertion \"err\" - Reduce stale errno usage - Plug memory leak in handling cache manager requests - Fix error: template-id not allowed for constructor in C++20 - Improve release packaging automation- header_fixups.patch: upstreamed, removed- 9be86d8db5e8f40829374d26334d0bb5272c1afd.patch: upstreamed, removed- CVE-2024-33427.patch: fixes possible buffer overread leading to denial of service (bsc#1225417, CVE-2024-33427)
* Wed Mar 06 2024 Adam Majer - update to 6.8 - Fix marking of problematic cached IP addresses (#1691) - Bug 5344: mgr:config segfaults without logformat (#1680) - Fix infinite recursion when parsing HTTP chunks (#1553) (bsc#1216715, CVE-2024-25111)- changes in 6.7 - Bug 5337: workaround for crash on startup if -a option is used - Bug 5274: Successful tunnels logged as TCP_TUNNEL/500 - Fix crash when NTLM and Negotiate helpers are queried with no HTTP request - Fix SslBump memory leak when mimicking certificates with Authority Key Identifier - Fix memory leak on SslBump certificates with Authority Key Identifier extension - Fix a possible integer overflow in FTP Gateway - Extend cache_log_message to Bug 5187 and job invalidation BUGs - Remove incorrect beta version warning- squid.keyring: updated- header_fixups.patch: added- 9be86d8db5e8f40829374d26334d0bb5272c1afd.patch: don\'t throw on client errors
* Mon Feb 26 2024 Dominique Leuenberger - Use %patch -P N instead of deprecated %patchN.
* Thu Dec 28 2023 Sean Lewis - update to 6.6: - bug 5328: Fix ESI build with libxml2 v2.12.0 - Bug 5319: QOS Netfilter MARK preservation is always disabled - Bug 5318: peer_digest.cc:399: \"fetch->pd && receivedData.data\" - Bug 5317: FATAL attempt to read data from memory - Bug 5154: Do not open IPv6 sockets when IPv6 is disabled - FTP: Ignore credenials with a NUL-prefixed username - log_db_daemon: Fix DSN construction - Limit the number of allowed X-Forwarded-For hops (bsc#1217654, CVE-2023-50269) - Do not update StoreEntry expiration after errorAppendEntry() - improve handling of response sending errors (bsc#1219131, CVE-2024-23638)- changes in 6.5: - Bug 5309: frequent \"lowestOffset () <= target_offset\" assertion - Bug 4977: Remove mem_hdr::freeDataUpto() assertion - Fix handling of expanding HTTP header values (bsc#1219960, CVE-2024-25617) - Fix RFC 1123 date parsing (bsc#1217813, CVE-2023-49285) - Gracefully shutdown when helper process startup fails (bsc#1217815, CVE-2023-49286)
* Wed Oct 25 2023 Adam Majer - update to 6.4:
* security fixes: + Request/Response smuggling in HTTP/1.1 and ICAP (bsc#1216500, CVE-2023-46846) + Multiple issues in HTTP response caching (bsc#1216496, CVE-2023-5824) + Denial of Service in HTTP Digest Authentication (bsc#1216495, CVE-2023-46847) + Denial of Service in FTP (bsc#1216498, CVE-2023-46848) + Fix validation of certificates (bsc#1216803, CVE-2023-46724) + One-Byte Buffer OverRead in HTTP Request Header Parsing (bsc#1217274)
* Bug 5294: ERR_CANNOT_FORWARD returned instead of ERR_DNS_FAIL
* Bug 4981: Work around in-call job invalidation bugs
* basic_smb_lm_auth: fix \'no previous declaration\' warnings
* CacheManager: require /squid-internal-mgr/ URL path prefix
* ESI: Fix build [-Wsingle-bit-bitfield-constant-conversion]
* documentation changes
* Tue Sep 19 2023 Adam Majer - update to 6.3: - Bug 5294: ERR_CANNOT_FORWARD returned instead of ERR_DNS_FAIL - Bug 4981: Work around in-call job invalidation bugs - basic_smb_lm_auth: fix \'no previous declaration\' warnings - CacheManager: require /squid-internal-mgr/ URL path prefix - ESI: Fix build [-Wsingle-bit-bitfield-constant-conversion]
* Wed Aug 09 2023 Paolo Stivanin - update to 6.2 (bsc#1217825, CVE-2023-49288, bsc#1216497):
* Major UI changes: - Remove 8K limit for single access.log line - Add tls_key_log to report TLS communication secrets
* Minor UI changes: - Add %transport::>connection_id logformat code - Add paranoid_hit_validation directive - Report SMP store queues state (mgr:store_queues) - Addcache_log_message directive
* Developer Interest changes: - Replaced X-Cache and X-Cache-Lookup headers with Cache-Status - Reject HTTP/1.0 requests with unusual framing - codespell check added to source maintenance enforcement - Streamlined ./configure handling of optional libraries - Add –progress option to test-builds.sh - Remove layer-00-bootstrap from test script - Convert LRU map into a CLP map - Remove legacy context-based debugging in favor of CodeContext
* Removed features: - Remove unused cache_diff binary - Remove obsolete membanger test - Remove deprecated leakfinder (–enable-leakfinder)
* Tue May 09 2023 Adam Majer - update to 5.9:
* Improve reply_body_max_size matching accuracy
* fix gcc13 warning
* Tue May 02 2023 Adam Majer - partial revert of earlier \"fix PIDFile\" - move pidfile back to /run/squid.pid and not in the directory owned by squid. The purpose of /run/squid/ is to facilitate SMP worker\'s IPC and not for the PID file. The PID file can live just fine in /run since it\'s written by root. (bsc#1210960)
* Fri Mar 31 2023 Dirk Müller - update to 5.8:
* Bug 5162: mgr:index URL do not produce MGR_INDEX template
* Bug 5241: Block all non-localhost requests by default
* Bug 5241: Block to-localhost, to-link-local requests by default
* ext_kerberos_ldap_group_acl: Support -b with -D
* Fix ACL type typo in req_header, rep_header key-changing ERRORs
* ... and several compile fixes
* ... and some code cleanup and polishing
* Thu Mar 23 2023 Martin Liška - Enable LTO again as it survives tests now.
* Wed Jan 25 2023 Thorsten Kukuk - Disable NIS auth module (NIS is deprecated and get\'s currently removed)
* Tue Jan 03 2023 Stefan Schubert - Migration of PAM settings to /usr/lib/pam.d.
* Thu Sep 15 2022 Stefan Schubert - Migration to /usr/etc: Saving user changed configuration files in /etc and restoring them while an RPM update.
* Sun Sep 11 2022 Dirk Müller - update to 5.7: - Regression Fix: Typo in manager ACL (bsc#1203677, CVE-2022-41317) - Bug 5186: noteDestinationsEnd check failed: transportWait - Bug 5160: Test suite fails with -flto=auto - Bug 3193 pt2: NTLM decoder truncating strings (bsc#1203680, CVE-2022-41318) - Bug 5133: OpenSSL 3.0 support - ext_session_acl: fix TDB key lookup - forward_max_tries: Do not count discarded connections - ... and many compile and debugging fixes
* Mon Aug 29 2022 chrisAATTcomputersalat.de- fix PIDFile
* NOT needed in service file (squid.service: Can\'t open PID file /run/squid.pid)
* placed to tmpfilesdir
* Wed Jun 29 2022 Stefan Schubert - Moved logrotate files from user specific directory /etc/logrotate.d to vendor specific directory /usr/etc/logrotate.d.
* Fri Jun 24 2022 Adam Majer - Update to 5.6:
* Improve handling of Gopher responses (bsc#1200907, CVE-2021-46784)- Changes in 5.5:
* fixes regression Bug 5192: esi_parser default is incorrect
* Bug 5177: clientca certificates sent to https_port clients
* Bug 5090: Must(!request->pinnedConnection()) violation
* Kid restart leads to persistent queue overflows, delays/timeouts
* Thu Mar 31 2022 Adam Majer - Do not try to set special permissions for basic_pam_auth (bsc#1197649)
* Tue Mar 29 2022 Adam Majer - Fix upgrade path from squid 4.x where we replaced some symlinks with directories in pretrans section (bsc#1197333)- old_nettle_compat.patch: refresh patch
* Sat Feb 26 2022 Andreas Stieger - Update to 5.4.1:
* Bug 5055: FATAL FwdState::noteDestinationsEnd exception: opening
* code clean-ups and developer visible changes
* Tue Feb 08 2022 Paolo Stivanin - Update to 5.4:
* Bug 5190: Preserve configured order of intermediate CA certificate chain
* Bug 5188: Fix reconfiguration leaking tls-cert=... memory
* Bug 5187: Properly track (and mark) truncated store entries
* Bug 5134: assertion failed: Transients.cc:221: \"old == e\"
* Bug 5132: Close the tunnel if to-server conn closes after client
* Wed Dec 22 2021 Martin Pluskal - Adjust harden_squid.service.patch to resolve boo#1193938
* Sat Dec 11 2021 Dirk Müller - update to 5.3:
* Bug 5169: StoreMap.cc:517 \"!s.reading()\" assertion
* Bug 5158: AnyP::Uri::host() mishandles [escaped] IPv6 addresses
* Bug 5060: Parallel builds are not reliable
* Documentation updates for logformat directive
* Tue Nov 23 2021 Johannes Segitz - Added hardening to systemd service(s) (bsc#1181400). Added patch(es):
* harden_squid.service.patch Modified:
* squid.service
* Mon Oct 04 2021 Adam Majer - transition to squid 5.x. This is a major release and for changes and how to transition from 4.x, see the release notes, http://www.squid-cache.org/Versions/v5/RELEASENOTES.html- update to 5.2
* fixes issues with WCCP protocol that may lead to information disclosure (bsc#1189403, CVE-2021-28116)- drop unused BR: db-devel, ed, opensp-devel, pkgconfig(kdb)- new BR: pkgconfig(tdb)
* Sun Aug 01 2021 Dirk Müller - update to 4.16: - Regression Fix: --with-valgrind-debug build broken since 4.15 - Bug 5129 pt1: remove Lock use from HttpRequestMethod - Bug 5128: Translation: Fix \'% i\' typo in es/ERR_FORWARDING_DENIED - Bug 4528: ICAP transactions quit on async DNS lookups
* Tue May 18 2021 Adam Majer - fix building with SLE12
* Tue May 11 2021 Dirk Müller - update to 4.15: - Bug 5112: Excessively loud chunked reply parsing error reporting - Bug 5106: Broken cache manager URL parsing (bsc#1185918, CVE-2021-28652) - Bug 5104: Memory leak in RFC 2169 response parsing (bsc#1185921, CVE-2021-28651) - Bug 3556: \"FD ... is not an open socket\" for accept() problems - Profiling: CPU timing implemented for MAC non-x86 - Fix HttpHeaderStats definition to include hoErrorDetail - Fix Squid-to-client write_timeout triggers client_lifetime timeout - Limit HeaderLookupTable_t::lookup() to BadHdr and specific IDs (bsc#1185919, CVE-2021-28662) - Handle more Range requests (bsc#1185916, CVE-2021-31806) - Handle more partial responses (bsc#1185923, bsc#1186654, CVE-2021-33620) - Stop processing a response if the Store entry is gone - ... and some portability fixes - ... and some documentation updates
* Tue Feb 09 2021 Dirk Müller - update to 4.14: - fixes HTTP Request Smuggling vulnerability (bsc#1183436, CVE-2020-25097) - Regression Fix: support for non-lowercase Transfer-Encoding value - Regression Fix: cachemgr.cgi wrong 403 response to authenticated menu URIs - Bug 5076: WCCP Security Info incorrect - Bug 5073: Compile error: index was not declared in this scope - Bug 5065: url_rewrite_program documentation update - Bug 3074 pt2: improved handling of URI paths implicit \'/\' - Fix transactions exceeding client_lifetime logged as _ABORTED
* Mon Nov 02 2020 Adam Majer - re-add older SLES12 requirements so we can use one devel project for all codestreams
* Fri Oct 30 2020 Matthias Gerstner - fix previous change to reinstante permissions macros, because the wrong path has been used (bsc#1171569).- use libexecdir instead of libdir to conform to recent changes in Factory (bsc#1171164).
* Thu Oct 08 2020 Matthias Gerstner - Reinstate permissions macros for pinger binary, because the permissions package is also responsible for setting up the cap_net_raw capability, currently a fresh squid install doesn\'t get a capability bit at all (bsc#1171569).
* Mon Aug 24 2020 Adam Majer - squid 4.13:
* Enforce token characters for field-name (#700)
* Fix livelocking in peerDigestHandleReply (#698) (bsc#1175671, CVE-2020-24606)
* Improve Transfer-Encoding handling (#702) (bsc#1175665, CVE-2020-15811)
* Forbid obs-fold and bare CR whitespace in framing header fields (#701)
* Source Format Enforcement
* Enforce token characters for field-name (#700) (bsc#1175664, CVE-2020-15810)
* Do not stall while debugging a scan of an empty store_table (#699)
* Fix livelocking in peerDigestHandleReply (#698)
* Honor on_unsupported_protocol for intercepted https_port (#689)
* Bug #5051: Some collapsed revalidation responses never expire (#683)
* SslBump: Support parsing GREASEd (and future) TLS handshakes (#663)
* Fri Jul 24 2020 Adam Majer - Change pinger and basic_pam_auth helper to use standard permissions. pinger uses cap_net_raw=ep instead (bsc#1171569)- Move squid helpers under /usr/lib{,64}/squid for Tumbleweed and SLE16 Please adjust your config paths accordingly
* Sun Jun 21 2020 Andreas Stieger - squid 4.12:
* Fixes a potential Denial of Service when processing TLS certificates during HTTPS or SSL-Bump connections (CVE-2020-14059, bsc#1173304)
* Regression Fix: Revert to slow search for new SMP shm pages
* Fix Negative responses are never cached
* HTTP: validate Content-Length value prefix (CVE-2020-15049, bsc#1173455)
* HTTP: add flexible RFC 3986 URI encoder
* Fix stall if transaction overwrites a recently active cache entry
* Thu Apr 23 2020 Adam Majer - Update to squid 4.11:
* Fix incorrect buffer handling that can result in cache poisoning, remote execution, and denial of service attacks when processing ESI responses (CVE-2019-12519, CVE-2019-12521, bsc#1169659)
* Fixes possible information disclosure when translating FTP server listings into HTTP responses. (CVE-2019-12528, bsc#1162689)
* Fixes possible denial of service caused by incorrect buffer management ext_lm_group_acl when processing NTLM Authentication credentials. (CVE-2020-8517, bsc#1162691)
* Fixes a potential remote execution vulnerability when using HTTP Digest Authentication (CVE-2020-11945, bsc#1170313)
* Fixes problem when reconfigure killed Coordinator in SMP+ufs configurations (#556)
* Mon Apr 20 2020 Thorsten Kukuk - Make logrotate recommended, it\'s not strictly required and doesn\'t make any sense in containers
* Tue Feb 18 2020 kukukAATTsuse.de- Use sysusers instead of shadow to create squid user and groups- Don\'t hard require systemd
* Wed Feb 05 2020 Adam Majer - Update to squid 4.10:
* fixes a security issue allowing a remote client ability to cause use a buffer overflow when squid is acting as reverse-proxy. (CVE-2020-8449, CVE-2020-8450, bsc#1162687)
* fixes a security issue allowing for information disclosure in FTP gateway (CVE-2019-12528, bsc#1162689)
* fixes a security issue in ext_lm_group_acl when processing NTLM Authentication credentials. (CVE-2020-8517, bsc#1162691)
* improve cache handling with chunked responses
* Fri Nov 08 2019 Adam Majer - Update to squid 4.9:
* fixes multiple Cross-Site Scripting issues in cachemgr.cgi (CVE-2019-13345, bsc#1140738)
* fixes heap overflow in URN processing (CVE-2019-12526, bsc#1156326)
* fixes multiple issues in URI processing (CVE-2019-12523, CVE-2019-18676, bsc#1156329)
* fixes Cross-Site Request Forgery in HTTP Request processing (CVE-2019-18677, bsc#1156328)
* fixes HTTP Request Splitting in HTTP message processing (CVE-2019-18678, bsc#1156323)
* fixes information disclosure in HTTP Digest Authentication (CVE-2019-18679, bsc#1156324)
* lower cache_peer hostname - this showed up as DNS failures if peer name was configured with any upper case characters
* TLS: Multiple SSL-Bump fixes
* TLS: Fix expiration of self-signed generated certs to be 3 years
* TLS: Fix on_unsupported_protocol tunnel action
* Fix several rock cache_dir corruption issues
* fixes handling of invalid domain names in cachemgr.cgi (CVE-2019-18860, bsc#1167373)- fix_configuration_error.patch: upstreamed- old_nettle_compat.patch: refreshed
* Tue Aug 06 2019 Adam Majer - fix_configuration_error.patch: Fix compilation with -Wreturn-type- old_nettle_compat.patch: Update to actually use older version
* Thu Jul 18 2019 Adam Majer - old_nettle_compat.patch: Fix compatibility with nettle in SLE-12
* Mon Jul 15 2019 Adam Majer - Update to squid 4.8: + Ignore ECONNABORTED in accept(2) + RFC 7230 forbids generation of userinfo subcomponent of https URL + cachemgr.cgi: unallocated memory access resulting in a potential denial of service. (bsc#1141442, CVE-2019-12854) + terminating c-strings beyond BASE64_DECODE_LENGTH + Replace uudecode with libnettle base64 decoder fixing a denial of service vulnerability (bsc#1141329, CVE-2019-12529) + fix to_localhost does not include :: + Fix GCC-9 build issues + Fix Digest auth parameter parsing preventing a potential denial of service (bsc#1141332, CVE-2019-12525) + Update HttpHeader::getAuth to SBuf which prevents a potential heap overflowing allowing a possible remote code execution attack when processing HTTP Authentication credentials (bsc#1141330, CVE-2019-12527) + Add the NO_TLSv1_3 option to available tls-options values + Fix handling of tiny invalid responses + Fix Memory leak when http_reply_access uses external_acl + Fix Multiple XSS issues in cachemgr.cgi (bsc#1140738, CVE-2019-13345)- use unbundled version of libnettle- disable LTO as a workaround to tests failing
* Wed May 08 2019 Adam Majer - Update to squid 4.7: (jsc#SLE-5648) + Fix stack-based buffer-overflow when parsing SNMP messages + Fixed squidclient authentication + Add support for buffer-size= to UDP logging + Trust intermediate CAs from trusted stores + Bug #4928: Cannot convert non-IPv4 to IPv4 + Bug #4796: comm.cc !isOpen(conn->fd) assertion when rotating logs + Bug #4823: assertion failed: \"lowestOffset () <= target_offset\" (bsc#1133089) + Bug #4942: --with-filedescriptors does not do anything
* Tue Feb 26 2019 adam.majerAATTsuse.de- Syncronize bug and CVE references between 3.x and 4.x squid changelog versions. These bugs were fixed here either without properly referencing them during the fix or 4.x branch was never affected by them. (bsc#1090089, CVE-2018-1172, bsc#979008, CVE-2016-4556, bsc#938715, CVE-2015-5400, bsc#949942, CVE-2014-9749, bsc#1016169, CVE-2016-10003, bsc#1016168, CVE-2016-10002, bsc#979011, CVE-2016-4555, bsc#979010, CVE-2016-4554, bsc#979009, CVE-2016-4553, bsc#976556, CVE-2016-4054, bsc#976553, CVE-2016-4051, bsc#973783, CVE-2016-3948, bsc#973782, CVE-2016-3947, bsc#968395, CVE-2016-2572, bsc#968394, CVE-2016-2571, bsc#968393, CVE-2016-2570, bsc#968392, CVE-2016-2569, bsc#967011, CVE-2016-2390, bsc#959290, CVE-2016-4052, CVE-2016-4053, bsc#1029157, bsc#1024020, bsc#998595, fate#319674)
* Sat Feb 23 2019 seanlewAATTopensuse.org- Update to squid 4.6: + master commit b599471 leaks memory (#4919) + SourceFormat Enforcement (#367) + Detect IPv6 loopack binding errors (#355) + Do not call setsid() in --foreground mode (#354) + Fail Rock swapout if the disk dropped write reqs (#352) + Initialize StoreMapSlice when reserving a new cache slot (#350) + Fixed disker-to-worker queue overflows (#353) + Fix OpenSSL builds that define OPENSSL_NO_ENGINE (#349) + Fix BodyPipe/Sink memory leaks associated with auto-consumption + Exit when GoIntoBackground() fork() call fails (#344) + GCC-8 compile errors with -O3 optimization (#4875) + Initial translations to ka/georgian language (#345) + basic_ldap_auth: Return BH on internal errors (#347)
* Mon Feb 18 2019 adam.majerAATTsuse.de- Revert whitespace deletions of .changes as it makes diffs a pain.
* Sat Feb 16 2019 Jan Engelhardt - Do not hide errors from useradd. Make scriptlets plain sh compatible.
* Wed Jan 02 2019 seanAATTsuspend.net- Update to squid 4.5: + Squid crashes when ICAPS and a sslcrtvalidator used together (#328) + ssl_bump prevents from accessing some web contents (#304) + Docs: improved lexgrog compatibility (#340) + Redesign forward_max_tries count TCP connection attempts + Fix client_connection_mark ACL handling of clientless transactions + Fix netdb exchange with a TLS cache peer + Update netdb when tunneling requests + Use pkg-config for detecting libxml2 + Misc doc updates + Misc code compile fixes
* Fri Nov 09 2018 adam.majerAATTsuse.de- Fix permissions of installed file to tmpfilesdir
* Mon Oct 29 2018 adam.majerAATTsuse.de- New upstream stable version 4.4: + Fix memory leak when parsing SNMP packet (bsc#1113669, CVE-2018-19132) + Fixed display of error page by quoting certificate fields before displaying them (bsc#1113668, CVE-2018-19131) + Malformed %>ru URIs for CONNECT requests
* Tue Oct 23 2018 adam.majerAATTsuse.de- Create runtime directories needed when SMP mode is enabled. (bsc#1112695, bsc#1112066)- Make changelog entries format consistent
* Thu Oct 04 2018 Martin Pluskal - Correct changelog- Enable tests
* Tue Oct 02 2018 seanAATTsuspend.net- New upstream stable version 4.3: + Bug 4885: Excessive memory usage when running out of descriptors + Bug 4877: Add missing text about external_acl_type %DATA changes + Bug 4875 pt1: GCC-8 compile errors with -O3 optimization + Bug 4716: Blank lines in cachemgr.conf are not skipped + Bug 4691: balance_on_multiple_ip config option docs + basic_pop3_auth: fix startup errors + langpack: Add missing dialect aliases + Fix range_offset_limit debugging + Fix icc build errors + Update systemd dependencies in squid.service
* Mon Aug 13 2018 adam.majerAATTsuse.de- New upstream stable version 4.2: + fix HTTPMSGLOCK missing pointer safety + gcc-8 fixes + fix milliseconds logformats prepend 0s instead of spaces + fix %>ru logging of huge URLs
* Thu Jul 05 2018 adam.majerAATTsuse.de- New upstream stable version 4.1: + Fix --with-netfilter-conntrack error message + Supply ALE for force_request_body_continuation ACL
* Mon Jun 18 2018 adam.majerAATTsuse.de- New upstream version 4.0.25: + Fixed regression: querying private entries for HTCP/ICP + Fixed regression: deny_info %R macro not being expanded + Fixed regression: proxy_auth ACL -i/+i flags not working + Fixed regression: filter chain certificates for validity when loading + Fixed regression: Transient reader locking broken in 4.0.24 + Fixed NegotiateSsl crash on aborting transaction + Fixed IPC shared memory leaks when disker queue overflows + Update negotiate_kerberos_auth helper protocol to v3.4 + Fixed: purge tool does not obey --sysconfdir= build option + Add timestamps to (most) FATAL messages- a3f6783.patch: upstreamed, obsolete.
* Wed Jun 06 2018 adam.majerAATTsuse.de- a3f6783.patch: Fixes certificate handling with intermediates chains
* Tue May 15 2018 adam.majerAATTsuse.de- Fix package configure
* Wed Mar 28 2018 adam.majerAATTsuse.de- New upstream version 4.0.24 + Bug 4505: SMP caches sometimes do not purge entries + TPROXY: Fix clientside_mark and client port logging + Native FTP: Fix \"Cannot assign requested address\" with TPROXY + SSL-Bump: Fix authentication with types other than Basic + ... and some documentation fixes- install license correctly (bsc#1082318) and transition to SPDXv3
* Mon Feb 19 2018 adam.majerAATTsuse.de- Spec file cleanup: + Drop unused fillup template - it\'s not used by systemd script + Drop %pretrans section which is only used to upgrade from version 3.4 of squid - no supported codestream has that version. + Drop explicit BR: on systemd-rpm-macros- Update squid.service systemd file + Don\'t need to use squid to manage squid anymore + Drop references to default config file, since it\'s default- Drop reference to nonexistent EnvironmentFile in the service file
* Mon Jan 29 2018 adam.majerAATTsuse.de- Change default error pages symlink from German to English.
* Mon Jan 22 2018 adam.majerAATTsuse.de- Update Squid to 4.0.23
* fixes DoS caused by incorrect pointer handling when processing ESI responses. This affects the default custom esi_parser (libxml2 and expat esi_parsers are unaffected) (bnc#1077003, CVE-2018-1000024)
* fixes DoS caused by incorrect pointer handing whien processing ESI responses or downloading intermediate CA certificates (bnc#1077006, CVE-2018-1000027)
* fixes \"User names not sent to url_rewrite_program\"
* fixes %* Tue Jan 09 2018 mpluskalAATTsuse.com- Update download url
* Mon Jan 08 2018 adam.majerAATTsuse.de- Update Squid to 4.0.22 (fate#324583, bnc#1073089)
* re-enable building with default openssl-devel
* Helper changes since 3.5.27: + basic_msnt_multi_domain_auth removed - basic_smb_lm_auth helper performs the same functionality + cert_valid.pl testing helper renamed to security_fake_certverify + ssl_crtd renamed to security_file_certgen For complete set of release notes and changes since squid 3.5 see http://www.squid-cache.org/Versions/v4/squid-4.0.22-RELEASENOTES.html- Updated squid.keyring using current keyring file from upstream- missing_installs.patch: install manpages for installed helpers
* Mon Dec 04 2017 adam.majerAATTsuse.de- Explicitly BuildRequire libopenssl-1_0_0-devel until OpenSSL 1.1.x support can be ported.
* Thu Nov 23 2017 rbrownAATTsuse.com- Replace references to /var/adm/fillup-templates with new %_fillupdir macro (boo#1069468)
* Mon Oct 09 2017 dimstarAATTopensuse.org- libnsl-devel is required from suse_version 1330 on (not only 1500+).
* Thu Sep 21 2017 adam.majerAATTsuse.de- Add missing build dependency on libnsl-devel for Factory. libnsl was split from glibc- Update Squid to 3.5.27
* bug fix release - for complete list of changes see http://www.squid-cache.org/Versions/v3/3.5/changesets/
* Thu Jul 27 2017 brasshAATTweb.de- Enable compiling of time_quota extension
* Wed Jul 05 2017 jengelhAATTinai.de- Update description from webpage.
* Mon Jun 19 2017 mpluskalAATTsuse.com- Packaging cleanup- Dropped:
* squid-brokenad.patch
* squid-config.patch
* squid.init squid.init.rh
* squid-old-kerberos.patch
* squid-rpmlintrc- Update description and url
* Wed Jun 14 2017 adam.majerAATTsuse.de- Update Squid to 3.5.26
* SubjectAlternativeNames missing in some generated certificates Previous releases of Squid were not able to generate valid mimic certificates from AltName server certificate field only.
* Fix ignoring http_access deny with client-first bumping mode
* ssl_crtd: now returns non-zero on failure
* Fix FTP directory listings display issues
* OpenSSL support better compliance with license requirements This release of Squid will now include the required OpenSSL advertisement on builds -v output where features are displayed.
* Mon Apr 10 2017 adam.majerAATTsuse.de- Update Squid to 3.5.25
* Fix host forgery stalls intercepted being-spliced connections
* Native FTP relay fixes, now able to cope with active-mode FTP DATA connections when intercepting FTP traffic.
* SSL Bump client fixes. Error responses for issues encountered early in the TLS/SSL handling being sent to clients unencrypted when Squid should have bumped and delivered them encrypted.
* Wed Mar 22 2017 adam.majerAATTsuse.de- initialize_cache_if_needed.sh, squid_dir.sed: Initialize cache directory on startup if it is missing. Move scripts out of systemd service file and into individual files. (bnc#1030421)
* Mon Jan 30 2017 adam.majerAATTsuse.de- Update Squid to 3.5.24
* Mitigate DoS attacks that use client-initiated SSL/TLS renegotiation. Rate limit TLS renegotiation.
* SSLv2 records force SslBump bumping despite a matching step2 peek rule.
* Update External ACL helpers error handling and caching
* Fix regression in 3.5.23 where `cache deny` rule was not obeyed.
* Fri Jan 27 2017 adam.majerAATTsuse.de- Update Squid to 3.5.23
* Do not share private responses with collapsed client(s). (CVE-2016-10003)
* Fixes incorrect processing of responses to If-None-Modified HTTP conditional requests. (CVE-2016-10002)
* partially fix hostHeaderVerify failures MISS when they should be HIT
* HTTP/1.1: Add registered codes entry for new 103 (Early Hints) status code
* Hang on DNS query with dead-end CNAME
* partial: Fix segfault via Ftp::Client::readControlReply
* Fix ssl::server_name ACL - was badly broken since inception.
* HTTP/1.1: make Vary:
* objects cacheable
* fix Strange IPv6 shown in access.log
* Wed Oct 12 2016 adam.majerAATTsuse.de- Update Squid to 3.5.22
* HTTP: MUST ignore a [revalidation] response with an older Date header.
* Optimized/simplified buffering: Appending nothing is always possible.
* Avoid segfaults when debugging section 4 at level 9.
* fix #4302 pt2: IPFilter v5 transparent interception
* Bug #4471: revalidation doesn\'t work when expired cached object lacks Last-Modified.
* Bug #2833: Collapse internal revalidation requests (SMP-unaware caches)
* Bug #3819: \"fd >= 0\" assertion in file_write() during reconfiguration
* Do not leak url_rewrite_extras and store_id_extras on reconfigure/shutdown.
* Fix potential ICAP null pointer dereference after rev.14082
* Fix logged request size (%http::>st) and other size-related %codes.
* Tue Sep 13 2016 adam.majerAATTsuse.de- Merge changes from SLE12 SP2 so we have identical packages
* Mon Sep 12 2016 adam.majerAATTsuse.de- Update Squid to 3.5.21
* fix assertion failure in xcalloc when using many cache_dir Squid is documented as supporting up to 64 cache directories, but would crash with a memory allocation error if more than a few were actually configured.
* fix authentication credentials IP TTL updated incorrectly This bug caused error in max_user_ip ACL accounting to allow clients to shift IP address more times than configured. Fix may have an effect on IPv6 clients using \"proviacy adressing\" to rotate IPs.
* fix mal-formed Cache-Control:stale-if-error header This bug shows up as incorrect stale-if-error values being relayed by Squid breaking the use of this feature in the recipients. Squid now relays the header values correctly.
* fix Proxy-Authenticate problem using ICAP server With this change Squid now treats the ICAP REQMOD adaptation point as a part of itself with regards to proxy authentication. The Proxy-Authentication header received from the client is delivered as part of the HTTP request headers in expectation that the ICAP service may authenticate and/or produce 407 response itself.
* fix HTTP: MUST always revalidate Cache-Control:no-cache responses This bug shows up as Squid not revalidating some responses until they became stale according to refresh_pattern heuristic rules (specifically the minimum caching age). Squid now revalidates these objects on every request.
* fix HTTP: do not allow Proxy-Connection to override Connection
* fix SSL CN wildcard must only match a single domain fragment This bug shows up as incorrect matching (or non-matching) of the ss::server_name ACL against TLS certificate values. Squid now treats the certificate CN fields according to X.509 domain matching requirements instead of HTTP domain matching requirements.- squid-brokenad.patch
* propertly capitalize option name
* make the conditional if() not a riddle
* Mon Jul 18 2016 adam.majerAATTsuse.de- Remove no-op option from configure - -enable-ntlm-fail-open has been removed more than 4 years ago in squid 3.3.0.1 and apparently it wasn\'t useful for 10 years prior to that already http://www.squid-cache.org/mail-archive/squid-dev/201207/0072.html
* Sun Jul 10 2016 mpluskalAATTsuse.com- Update to version 3.5.20:
* Assertion failed: Write.cc:38: \"fd_table[conn->fd].flags.open\"
* Bug #4523: smblib compile fails on NetBSD
* Do not make bogus recvmsg(2) calls when closing UDS sockets.
* Fix SEGFAULT parsing malformed adaptation service configuration
* Fixed ConnStateData::In::maybeMakeSpaceAvailable() logic.
* Bug #3579: assertion failed \'MemPools[type]\' from dst_as ACL
* SourceFormat Enforcement
* Do not allow low-level debugging to hide important/critical messages.
* Bug #4485: off-by-one out-of-bounds Parser::Tokenizer::int64() read errors
* Increase debug level in a peek-and-splice related debug message
* Fix icons loading speed.
* Fix OpenSSL detection on FreeBSD
* Do not override user defined -std option
* SourceFormat Enforcement
* Support unified EUI format code in external_acl_type
* Mon May 09 2016 hpjAATTurpla.net- Update to 3.5.19
* Regression Bug 4515: interception proxy hangs- Update to 3.5.18
* Bug 4510: stale comment about 32KB limit on shared memory cache entries
* Bug 4509: EUI compile error on NetBSD
* Bug 4501: HTTP/1.1: normalize Host header
* Bug 4498: URL-unescape the login-info after extraction from URI
* Bug 4455: SegFault from ESIInclude::Start
* Prevent Squid forcing -b 2048 into the arguments for sslcrtd_program
* Fix TLS/SSL server handshake alert handling
* Thu May 05 2016 hpjAATTurpla.net- Update to 3.5.17
* Regression Bug 4480: logformat [.width_max]
* Regression Bug 4481: varyEvaluateMatch: Oops. Not a Vary match on second attempt
* Bug 4495: Unknown SSL option SSL_OP_NO_TICKET
* Bug 4493: theObject->sharedMemorySize() == theSegment.size() exception
* Bug 4483: ./configure garbles -Og option in CFLAGS
* Bug 4482: Solaris GCC 5.2 warning in src/ip/Intercept.cc
* Bug 4468: NotNode (!acl) naming: Terminate the name before strncat(name).
* Bug 4465: Header forgery detection leads to crash
* Bug 2460 partial: workaround deferred reads on shutdown and restart
* cachemgr.cgi: use dynamic MemBuf for internal content generation
* ESI: Fix several element construction issues
* TLS: Fix Handshake Error: ccs received early
* TLS: Add chained and signing cert to peek-then-bumped connections
* Fix some startup/shutdown crashes
* Mon Apr 04 2016 mpluskalAATTsuse.com- Update to 3.5.16 (boo#973771)
* Bug 4476: Removed duplicated #include lines
* Bug 4452: squid -z segfaults with ufs
* Bug 4447:FwdState.cc:447 \"serverConnection() == conn\" assertion
* Bug 4423: adding stdio: prefix to cache_log directive produces FATAL error
* Bug 4409: compile error when two Heimdal libraries are installed
* Bug 2831: Cache-control: max-age not sent on TCP_IMS_HIT/304
* pinger: Fix buffer overflow in Icmp6::Recv
* pinger: Fix select(2) to actually use max_fd
* pinger: drop capabilities on Linux
* Fix memory leak of HttpRequest objects
* Fix memory leak when the cache of sslcrtvalidator_program is disabled via ttl=0
* Fix assertion failed: Write.cc:41: \"!ccb->active()\"
* Fix crash on shutdown while cleaning up idle ICAP connections
* RFC 7725: Add registry entry for 451 status text
* ... and some build issues- Refresh all patches
* Mon Mar 07 2016 chrisAATTcomputersalat.de- Changes to squid-3.5.15 (23 Feb 2016):
* Bug 3870: assertion failed: String.cc: \'len_ + len <65536\' in ESI::CustomParser
* Fix multiple assertion on String overflows
* Fix unit test errors on MacOS
* Better handling of huge response headers. Fewer incorrect \"Bug #3279\" messages.
* Log noise reduction for eCAP- Changes to squid-3.5.14 (16 Feb 2016):
* Bug 4437: Fix Segfault on Certain SSL Handshake Errors
* Bug 4431: C code is not compiled with CFLAGS
* Bug 4418: FlexibleArray compile error with GCC 6
* Bug 4378: assertion failed: DestinationIp.cc:60: \'checklist->conn() && checklist->conn()->clientConnection != NULL\'
* Fix invalid FTP connection handling on blocked content
* Fix handling of shared memory left over by Squid crashes or bugs
* Fix mgr:config report \'qos_flows mark\' output
* Fix compile error in CPU affinity
* Fix %un logging external ACL username
* Avoid more certificate validation memory leaks
* ... and some documentation updates
* Sun Jan 24 2016 chrisAATTcomputersalat.de- Changes to squid-3.5.13 (06 Jan 2016):
* Bug 4397: DragonFly BSD, POSIX shared memory is implemented as filepath
* Bug 4387: Kerberos build errors on Solaris
* TLS: Support Ephemeral Elliptic Curve Diffie-Hellman (EECDH) key exchange
* TLS: Complete certificate chains using external intermediate certificates
* Avoid memory leaks when an X.509 certificate validator is used with SslBump
* Fix connection retry and fallback after failed server TLS connections
* Fix GnuTLS detection via pkg-config
* Fix startup crash with a misconfigured (too-small) shared memory cache
* ... and some documentation updates- Changes to squid-3.5.12 (28 Nov 2015):
* Bug 4374: refresh_pattern config parser (%)
* Bug 4373: assertion \'calloutContext->redirect_state == REDIRECT_NONE\'
* Bug 4228: links with krb5 libs despite --without options
* Fix SSL_get_certificate() problem detection
* Fix TLS handshake problem during Renegotiation
* Fix cache_peer forceddomain= in CONNECT
* Fix status code-based HTTP reason phrase for eCAP-generated messages
* Fix build errors in cpuafinity.cc
* ... and several documentation updates- Changes to squid-3.5.11 (01 Nov 2015):
* Bug 3574: crashes on reconfigure and startup
* Bug 4347: compile errors with LibreSSL 2.3
* Bug 4281: copy-paste typos in src/tools.cc
* Bug 4279: No response from proxy for FTP-download of non-existing file
* Bug 4188: Bumping intercepted SSL connections does not work on Solaris
* Fix incorrect authentication headers on cache digest requests
* Fix connection stats, including %* Fix invalid memory access issues in SBuf
* Avoid errors when parsing manager ACL in old squid.conf- rebase squid-config.patch- disable pre scriptlet (sed -i \'/emulate_httpd_log/d\' /etc/{name}/{name}.conf)- downgrade to 3.5.x
* cause 4.x is Beta, should not have been here
* moved 4.x Beta package to server:proxy:Beta- fix ChangeLog
* remove 4.x ChangeLog Entries
* Sat Dec 05 2015 borisAATTsteki.net- fixes for boo#956989 - updated pretrans scriptlet so it handles only rpm link vs folders issue - pre scriptlet updated to not change configuration file without real need for configuration updates
* Thu Oct 15 2015 jkeilAATTsuse.de- Fix rpmlint errors / warnings
* systemd-service-without-service_add_pre moved service_add_pre to %pre
* non-etc-or-var-file-marked-as-conffile moved mib.txt to /usr/share/snmp/mibs/SQUID-MIB.txt idea taken from Fedora package
* Thu Oct 08 2015 jkeilAATTsuse.de- Changes to squid-3.5.10 (01 Oct 2015):
* Regression Fix cache_peer login=PASS(THRU) after CVE-2015-5400
* Regression Bug 4326: base64 binary encoder rejects data beginning with nil byte
* Bug 4323: Netfilter broken cross-includes with Linux 4.2
* Bug 4328: %un format code does not work for external ACLs in credentials-fetching rules
* Bug 4208: more than one port in wccp2_service_info line causes error
* Bug 4304: PeerConnector.cc:743 \"!callback\" assertion.
* Bug 4330: Do not use SSL_METHOD::put_cipher_by_char to determine size of SSL hello ciphers
* Relicense ntlm_fake_auth.pl to GPLv2+
* Relicense smb_lm auth helper to GPLv2+
* Relicense SSPI helper to GPLv2+
* ... and several minor performance optimizations
* Fri Sep 04 2015 chrisAATTcomputersalat.de- rebase squid-config.patch
* Thu Sep 03 2015 jkeilAATTsuse.de- Changes to squid-3.5.8 (02 Sep 2015):
* Regression Bug 4306: build portability fix in Kerberos helpers
* Bug 4302: IPFilter v5 transparent interception
* Bug 4301: compile errors with IPFilter interception
* Bug 4285 partial: %us is not supported in access.log
* Bug 4278: Docs: typo in the refresh_pattern freshness algorithm
* Bug 4242: compile errors with eCAP using clang-3.6
* Bug 3696: crash when client delay pools are activated
* Bug 3553: cache_swap_high ignored and maxCapacity used instead
* Regression Fix: FtpServer.cc:1024: \"reply != NULL\" assertion
* Fix ignore of impossible SSL bumping actions, as intended and documented
* Fix memory leak in Surrogate-Capability header detection
* Fix truncated body length when RESPMOD service aborts
* Reject non-chunked HTTP messages with conflicting Content-Length values
* Support splice for SSLv3 and TLSv1 sessions that start with an SSLv2 Hello
* ... and several portability and compile fixes
* ... and several documentation updates
* Mon Aug 10 2015 jkeilAATTsuse.de- Move update logic to proper scriptlet
* Replace \'etc\' with %{_sysconfdir} macro
* Wed Aug 05 2015 chrisAATTcomputersalat.de- Changes to squid-3.5.7 (01 Aug 2015):
* Bug 4293: wrong SNI sent to server after URL-rewrite
* Bug 4251: incorrect instance name for memory segments in /dev/shm
* Bug 4227: invalid key in AuthUserHashPointer causing assertation failure
* Bug 3345: support %un (any available user name) format code for external ACLs.
* basic_smb_auth: Fix several old issues identified by Debian users
* Support ssl-bump splicing to origin cache_peer
* Fix SSL errors relayed using invalid certificates
* Fix crash in TcpAccepter with profiler enabled
* Fix some cases of ssl_crtd SSL certificate DB corruption
* Fix performance regression in SBuf::chop operations
* Improve handling of client connections on shutdown
* Handle exceptions during squid.conf parse
* Make pod2man an optional dependency
* ... and polishing for several cache.log notification messages
* Do not blindly forward cache peer CONNECT responses (CVE-2015-5400)- rebase patch
* squid-config.patch
* Tue Jul 21 2015 mpluskalAATTsuse.com- Update to 3.5.6
* Bug 4274: ssl_crtd.8 not being installed
* Bug 4193: memory leak on FTP listings
* Bug 4183: segfault when freeing https_port clientca on reconfigure or exit
* Bug 3875: bad mimeLoadIconFile error handling
* Bug 3483: assertion failed store.cc:1866: \'isEmpty()\'
* Bug 3329: pinned server connection is not closed properly
* TLS: Disable client-initiated renegotiation
* ext_edirectory_userip_acl: fix uninitialized variable
* Support custom OIDs in
*_cert ACLs
* Fix CONNECT failover to IPv4 after trying broken IPv6 servers
* Use relative-URL in errorpage.css for SN.png
* Do not blindly forward cache peer CONNECT responses
* Fix assertion String.cc:221: \"str\"
* Fix assertion comm.cc:759: \"Comm::IsConnOpen(conn)\" in ConnStateData::getSslContextDone
* Translations: add Spanish US dialect alias- Drop no longer needed squid-nobuilddates.patch
* Thu Jun 04 2015 mpluskalAATTsuse.com- Update to 3.5.5
* Regression Bug 4132: short_icon_urls with global_internal_static on
* Bug 4238: assertion Read.cc:205: \"params.data == data\"
* Bug 4236: SSL negotiation error of \'success\'
* Bug 3930: assertion \'connIsUsable(http->getConn())\'
* Fix assertion MemBuf.cc:380: \"new_cap > (size_t) capacity\" in SSL I/O buffer
* Fix assertion errorpage.cc:600: \"entry->isEmpty()\"
* Fix comm_connect_addr on failures returns Comm:OK
* Fix missing external ACL helper notes
* Fix \"Not enough space to hold server hello message\" error message
* Fix segmentation fault inside Adaptation::Icap::Xaction::swanSong
* Prevent unused ssl_crtd helpers being run- Update permission in logrotate config- Refresh squid-config.patch
* Fri May 22 2015 mpluskalAATTsuse.com- Update to 3.5.4
* Bug 4234: comm_connect_addr uses errno incorrectly
* Bug 4231: fd_open() not correctly handling UDS socket descriptions
* Bug 4226: digest_edirectory_auth: found but cannot be built
* Bug 4198: assertion failed: client_side.h:364: \"sslServerBump == srvBump\"
* Bug 3775: Disable HTTP/1.1 pipeline feature for pinned connections
* Fix require-proxy-header preventing HTTPS proxying and ssl-bump
* Fix Negotiate/Kerberos authentication request size exceeds output buffer size
* Fix SQUID_X509_V_ERR_DOMAIN_MISMATCH errors while accessing sites with valid certificates
* Add server_name ACL matching server name(s) obtained from various sources
* Add Kerberos support for MAC OS X 10.x
* Support for resuming TLS sessions
* ... and some portability and compile fixes
* ... and several documentation updates
* ... and all fixes from squid 3.4.13- Refresh patches
* Wed May 06 2015 mpluskalAATTsuse.com- Remove emulate_httpd_log from config on update
* Tue Apr 28 2015 mpluskalAATTsuse.com- Fix update from 3.4 to 3.5
* Sun Apr 26 2015 mpluskalAATTsuse.com- Fix SLE 11 build with older kerberos libraries
* squid-old-kerberos.patch
* Wed Apr 01 2015 mpluskalAATTsuse.com- Update to 3.5.3
* Regression Bug 4213: negotiate_kerberos_auth: freeing non-dynamic memory
* Regression Bug 4206: Incorrect connection close on expect:100-continue
* Bug 4204: ./configure does not abort when required helpers cannot be built
* Bug 3805: support shared memory on MacOS X in Mem::IPC::Segment
* Bug 2907: high CPU usage on CONNECT when using delay pools
* basic_getpwnam_auth: fail authentication on crypt() failures
* basic_nis_auth: fail authentication on crypt() failures
* ext_kerberos_ldap_group_acl: Heimdal support improvements
* ext_wbinfo_group_acl: Perl 5.20 support
* ... and several compile issues
* Sat Mar 21 2015 mpluskalAATTsuse.com- Use xz compressed source- Update to 3.5.2
* Regression Bug 4176: Digest auth too many helper lookups
* Regression Bug 4180: not-fully-initialized data member in ACLUserData
* Bug 4172: Solaris broken krb5-config
* Bug 4073: Cygwin compile errors
* Bug 3919: remove several never-true / never-false comparisons
* HTTPS: Add missing root CAs when validating chains that passed internal checks
* Fix some cbdataFree related memory leaks
* Quieten CBDATA \'leak\' messages
* Set SNI information in transparent bumping mode
* negotiate_kerberos_auth: fix krb5.conf backward compatibility
* Fix memory leaks in cachemgr.cgi URL parser
* Fix sslproxy_options in peek-and-splice mode
* ... and fix several portability and build issues
* ... and some documentation updates
* ... and all fixes from squid 3.4.11
* Thu Feb 19 2015 chrisAATTcomputersalat.de- Update to 3.5.1 (13 Jan 2015):
* Fix handling of invalid SSL server certificates when splicing connections
* basic_smb_lm_auth: Simplified MSNT basic auth helper
* squidclient: Fix -A and -P options
* ... and several portability fixes
* ... and all fixes from squid 3.4.11
* ... and a lot of documentation updates- removed obsolete patch
* squid-compiled_without_RPM_OPT_FLAGS.patch- rebased patches
* squid-config.patch
* squid-nobuilddates.patch
* squid-brokenad.patch- replace configure option
* --enable-ssl > --with-openssl
* Wed Feb 18 2015 chrisAATTcomputersalat.de- remove obsolete RELEASENOTES.html
* included in package
* Wed Feb 11 2015 mpluskalAATTsuse.com- Update to 3.4.11:
* cachemgr.cgi: memory leak in request parser
* Fix typo on commStartSslClose
* Fix SQUID_CC_REQUIRE_ARGUMENT autoconf macro
* Bug #3760: squidclient ignores --disable-ipv6
* Bug #3664: ssl_crtd fails to build on OpenSolaris/OpenIndiana/Solaris 11
* Bug #3754: configure doesnt detect IPFilter 5.1.2 system headers
* Bug #4164: SEGFAULT when %W formating code used in errorpages
* Deleting first fs left psstate->servers pointing to uninitialized memory
* Maintenance: check release notes on packaging
* Bug #4057: Avoid on-exit crashes when adaptation is enabled.
* Sat Jan 10 2015 chrisAATTcomputersalat.de- recover old spec
* merge in suggested changes from tchvatal- fix permissions for SLE11
* revert suid bit for pinger and basic_pam_auth add them to permissions file (commented)- readd deleted files
* RELEASENOTES
* permissions (needed for SLE11)
* init.rh
* Fri Jan 09 2015 tchvatalAATTsuse.com- Cleanup with spec-cleaner- Version bump to 3.4.10:
* Fix bootstrap.sh dependency on SPONSORS.list
* HTTP/2: Support 421 (Misdirected Request) status code
* Alternate-Protocol is a hop-by-hop header
* Bug #4148: external_acl_type header format does not accept the new libformat syntax
* Bug #4033: Rebuild corrupted ssl_db/size file
* Bug #3902: Docs: external_acl_type cache hash key
* Bug #4145: squid_endian.h compile errors with OpenBSD 5.6
* Fix segmentation fault in ACLUrlPathStrategy::match- Remove support for other distros as we build for opensuse anyway
* Fri Jan 02 2015 borisAATTsteki.net- remove permissions.easy and permissions.paranoid files from package as they are not used any more
* Tue Dec 09 2014 borisAATTsteki.net- remove setBadness in rpmlintrc as it should be already in Factory permissions package handled
* Mon Dec 08 2014 meissnerAATTsuse.com- %verifyscript is its own section, move out of the %postun section
* Tue Dec 02 2014 dimstarAATTopensuse.org- Use URLs to paths that the source validator actually understands and make this acceptable for Tumbleweed.
* Thu Nov 27 2014 chrisAATTcomputersalat.de- fix for boo#894636 (squid\'s logrotate snippet runs init script)
* modify squid.logrotate to work on both systemd and SysVinit
* Thu Nov 27 2014 lmuelleAATTsuse.com- Changes to 3.4.9 (31 Oct 2014): + Regression fix: ext_kerberos_ldap_group_acl typo in 3.4.7 update + Bug 4102: sslbump cert contains only a dot character in key usage extension + Bug 4093: source-maintenance.sh errors and warnings due to wrong tools/options + Bug 4088: memory leak in external_acl_type helper with cache=0 or ttl=0 + Bug 4024: Bad host/IP ::1 when using IPv4-only environment + Bug 3803: ident leaks memory on failure + kerberos_ldap_group/cert_tool: Remove ksh dependency; obsoletes squid-cert_tool_use_bash_not_ksh.patch + ... and some automated code style updates + ... and some documentation updates- Changes to 3.4.8 (15 Sep 2014): + Fix off by one in SNMP subsystem + pinger: Fix various ICMP handling issues; CVE-2014-7141; CVE-2014-7142; http://www.squid-cache.org/Advisories/SQUID-2014_4.txt; bnc#891268 obsoletes squid-icmp-DoS.patch
* Wed Nov 26 2014 lmuelleAATTsuse.com- Remove dependency on gpg-offline as signature checking is implemented in the source validator.
 
ICM