diff --git a/squid-3.4.10-RELEASENOTES.html b/squid-3.4.10-RELEASENOTES.html deleted file mode 100644 index c1814af..0000000 --- a/squid-3.4.10-RELEASENOTES.html +++ /dev/null @@ -1,597 +0,0 @@ - - - - - Squid 3.4.10 release notes - - -

Squid 3.4.10 release notes

- -

Squid Developers

-
-This document contains the release notes for version 3.4 of Squid. -Squid is a WWW Cache application developed by the National Laboratory -for Applied Network Research and members of the Web Caching community. -
-

-

1. Notice

- - -

-

2. Major new features since Squid-3.3

- - -

-

3. Changes to squid.conf since Squid-3.3

- - -

-

4. Changes to ./configure options since Squid-3.3

- - -

-

5. Regressions since Squid-2.7

- - - -
-

1. Notice

- -

The Squid Team are pleased to announce the release of Squid-3.4.10 for testing.

-

This new release is available for download from -http://www.squid-cache.org/Versions/v3/3.4/ or the -mirrors.

- -

Some interesting new features adding system flexibility have been added along with general improvements all around. -While this release is not fully bug-free we believe it is ready for use in production on many systems.

- -

We welcome feedback and bug reports. If you find a bug, please see -http://wiki.squid-cache.org/SquidFaq/BugReporting -for how to submit a report with a stack trace.

- -

1.1 Known issues -

- -

Although this release is deemed good enough for use in many setups, please note the existence of -open bugs against Squid-3.4.

- -

1.2 Changes since earlier releases of Squid-3.4 -

- -

The 3.4 change history can be -viewed here.

- - -

2. Major new features since Squid-3.3

- -

Squid 3.4 represents a new feature release above 3.3.

- -

The most important of these new features are: -

-

-

Most user-facing changes are reflected in squid.conf (see below).

- - -

2.1 Helper protocol extensions -

- -

Details at -http://wiki.squid-cache.org/Features/AddonHelpers.

- -

The Squid helper protocol used to communicate with authenticators, -URL-rewriters, Redirectors, and External ACL helpers has been updated -and extended.

- -

BH status code is now accepted from all helpers to report -internal error events separate from ERR rejection code. -Permitting Squid to perform recovery operations specific to -helper failure instead of a blanket client rejection.

- -

Arbitrary key-value pairs can be returned from any helper. -Allowing future helpers to be forward- and backward- compatible -with this and future versions of Squid.

- - -

2.2 SSL Server Certificate Validator -

- -

Details at -http://wiki.squid-cache.org/Features/SslServerCertValidator.

- -

The helper consulted after the internal OpenSSL validation, regardless of the -validation results. The helper will receive:

-

-

-

- -

If the helper decides to honor an OpenSSL error or report another validation -error(s), the helper will return:

-

-

-

- -

The returned information mimics what the internal OpenSSL-based validation code -collects now. Returned errors, if any, are fed to sslproxy_cert_error, -triggering the existing SSL error processing code.

- -

The helper invocation controlled by the sslcrtvalidator_program and -sslcrtvalidator_children configurations options which are similar to the -ssl_crtd related options.

- - -

2.3 Store-ID -

- -

Details at -http://wiki.squid-cache.org/Features/StoreID.

- -

This feature is a redesigned equivalent to the Squid-2.7 feature known as StoreURL-rewrite.

- -

Notice that this is not a direct portage of the Squid-2.7 feature so behaviour -differences do exist. Although the new feature works in similar enough ways that the old -helper scripts used for Squid-2.7 are expected to work in this and later versions of Squid.

- -

Squid traditionally uses the requested URL as an index key ID to locate objects in cache. -It is not the only key possible and the Store-ID feature exposes an API for external -helpers to provide Squid with an alternative key name for any URL.

- -

When any client request is received which requires a cache lookup the URL is passed to -a helper specified with the store_id_program directive to check for an alternative -Store ID. This allows the helper to identify URLs which refer to duplicate resources and -de-duplicate the cache content. store_id_access is provided to allow ACL-based -tuning of which traffic gets sent to the helper and reduce overheads.

- -

One subtle and noteworthy difference between Squid-2 and Squid-3 which is highlighted by -this feature is that refresh_pattern applies its regex argument against the Store -ID key and not the transaction URL. So using the Store-ID feature to alter the value -affects which refresh_pattern directive will be matched.

- -

Store-ID helpers bundled with Squid can be built with the --enable-storeid-rewrite-helpers -option which is added in this version. Currently there is a file helper -provided.

- - -

2.4 TPROXY Support for OpenBSD 5.1+ and FreeBSD 9+ -

- -

Details at -http://wiki.squid-cache.org/ConfigExamples/Intercept/OpenBsdPf.

- -

The Packet Filter (PF) firewall in OpenBSD 4.4 and later offers traffic interception -using several very simple methods. One of which is the divert-to rule type -which acts as a simple routing diversion instead of performing NAT packet alterations.

- -

The IP Firewall (IPFW) on FreeBSD 9+ contains a port of the Linux Netfilter TPROXY feature.

- -

This version of Squid adds support for these features through the ./configure -options --enable-pf-transparent and --enable-ipfw-transparent when Squid is built on -systems with the required support. No special extras are required to enable -http_port ... tproxy configuration to work.

- -

NOTE: To resolve NAT lookup issues on recent PF firewall versions the code behind -./configure --enable-pf-transparent has been altered and is expected to -break on the version of PF firewall shipped with BSD systems such as NetBSD and FreeBSD -which do not yet support the getsockname() API. -These systems require --with-nat-devpf to enable /dev/pf support when using PF firewall.

- - -

2.5 Transaction Annotations -

- -

Previously the only annotation methods available were ICAP/eCAP HTTP header insertions -or external ACL tag= result code. Each of which had only limited possibilities -for use and little or no correlation.

- -

It is now possible to add annotations to a client transaction from several sources: -

-

- -

Annotations on the transaction can be passed to ICAP services or eCAP modules using the -adaptation_meta directive to send them as headers. -They can also be logged using the %note log format code in custom logs. With -the new helper response syntax changes this means all helper response key=value details -such as URL-rewrite or store-id changes, external ACL tag etc. are now able to be logged.

- -

Annotations which are already assigned to a transaction can be checked using an ACL test -of the new note ACL type. This can match a particular note by name and value, -of for any notes with a given name.

- -

NOTE: not all helper interfaces are yet enabled to convert key=value into annotations -and the external ACL interface does not yet send annotations to the helper.

- - -

2.6 Multicast DNS -

- -

The internal DNS component of Squid now supports multicast DNS (mDNS) resolution in -accordance with RFC 6762.

- -

The dns_multicast_local directive must be set to on to enable this -feature.

- -

The multicast DNS group IP addresses for IPv4 and IPv6 resolving are added to the set -of available DNS resolvers and used automatically for domain names ending in .local -and reverse-DNS lookups before attempting a secondary resolution on the configured -resolvers. Domains without .local are resolved using only the configured resolvers.

- -

Statistics for multicast DNS resolution can be found on the idns cache manager -report.

- -

NOTE that the external DNS helper interface is now deprecated and has been -removed from future Squid versions. Any installations still using it for local hostname -resolution need to upgrade to mDNS resolution with this Squid version.

- - -

3. Changes to squid.conf since Squid-3.3

- -

There have been changes to Squid's configuration file since Squid-3.3.

- -

Squid supports reading configuration option parameters from external -files using the syntax parameters("/path/filename"). For example: -

-    acl whitelist dstdomain parameters("/etc/squid/whitelist.txt")
-
-

- -

There have also been changes to individual directives in the config file.

-

This section gives a thorough account of those changes in three categories:

-

-

-

- - -

3.1 New tags -

- -

-

-
configuration_includes_quoted_values
-

Whether Squid supports directive parameters with spaces, quotes, and other -special characters. Surround such parameters with "double quotes" and -also set this directive on/off around the relevant squid.conf line(s) -making use of such quoting.

- -
dns_multicast_local
-

Use multicast DNS for .local domains and reverse-DNS resolution.

- -
note
-

Use ACLs to annotate a transaction with customized annotations -which can be logged in access.log

- -
spoof_client_ip
-

Access control to determine whether to disable the TPROXY spoofing on upstream traffic.

- -
sslcrtvalidator_children
-

Specifies the settings for how many SSL server certificate -validator helpers are run and when they are started.

- -
sslcrtvalidator_program
-

Specifies the location of a SSL server certificate validator helper.

- -
store_id_access
-

Whether the URL for a given request is passed to the Store-ID helper process. -Used to improve StoreID performance by quickly eliminating helper delays using ACL tests.

-

Ported equivalent to storeurl_access from 2.7

- -
store_id_bypass
-

Whether the StoreID helper may be bypassed when overloaded.

- -
store_id_children
-

Controls the number of StoreID helper processes.

-

Options startup=N, idle=N, concurrency=N -

-

- -
store_id_rewrite_program
-

A helper program to provide cache storage internal key ID value for a request.

-

Ported equivalent to storeurl_rewrite_program from 2.7

- -
-

- -

3.2 Changes to existing tags -

- -

-

-
access_log
-

Configuration syntax extended to support name=value options. -New Syntax: access_log module:place [option ...] [acl ...]

-

New option logformat= to specify the logging format name.

-

New option buffer-size= to specify how large the log buffer -for this log is to be when buffered_logs is enabled.

-

New option on-error= to specify what handling is to be done -if the logging module encounters a non-recoverable error writing logs. -With the value die (the default) Squid halts operation. -With the value drop Squid drops log lines and continue running.

- -
acl
-

New test type server_cert_fingerprint to match against -server SSL certificate fingerprint.

-

New test type note to match against transaction annotations -by name and value, or just by name.

-

New test type any-of to match if any one of a set of named ACLs.

-

New test type all-of to match against all of a set of named ACLs.

- -
auth_param
-

New result code BH to signal helper internal errors -available in all authentication schemes.

-

New key message= for error message details in all authentication schemes.

-

New result code OK and key ha1= in Digest authentication.

-

New result codes OK, ERR replace result codes AF, -and NA in NTLM and Negotiate authentication.

-

New key token= for NTLM and Negotiate authentication OK responses.

-

Details at -http://wiki.squid-cache.org/Features/AddonHelpers.

- -
external_acl_type
-

Deprecated protocol=3.0 option. No longer necessary.

-

New result code BH to signal helper internal errors

-

Details at -http://wiki.squid-cache.org/Features/AddonHelpers.

- -
http_port
-

Support IPv6 for intercept mode. Requires ip6tables support on Linux, -PF support on OpenBSD and IPFW support on FreeBSD. Squid will no longer complain -about misconfiguration if IPv6 support is missing, we now rely on the firewall -tools reporting misconfiguration when the NAT rules are created.

-

Support tproxy mode traffic on BSD systems with BINDANY support -(OpenBSD 5+, FreeBSD 9+ so far).

-

Changed build options behind intercept traffic mode handling on BSD. -see --enable-pf-transparent for more details.

- -
logformat
-

New format code %note to log a transaction annotation linked to the -transaction by ICAP, eCAP, a helper, or the note squid.conf directive.

-

New format code %>qos to log client connection TOS/DSCP value set by Squid.

-

New format code %<qos to log server connection TOS/DSCP value set by Squid.

-

New format code %>nfmark to log client connection netfilter mark set by Squid.

-

New format code %<nfmark to log server connection netfilter mark set by Squid.

- -
pipeline_prefetch
-

Updated to take a numeric count of prefetched pipeline requests instead of ON/OFF.

- -
refresh_pattern
-

NOTE: the regular expression pattern operates on the cache Store-ID value. -Which by default is identical to the requested URL, but may differ for some -objects if the Store-ID feature is in use.

- -
unlinkd_program
-

New helper response format utilizing result codes OK and BH, -to signal helper lookup results. Also, key-value response values to return -multiple values to Squid.

-

Details at -http://wiki.squid-cache.org/Features/AddonHelpers.

- -
url_rewrite_program
-

New helper response format utilizing result codes OK, ERR, -and BH to signal helper lookup results. Also, key-value response -values to return multiple values to Squid.

-

Details at -http://wiki.squid-cache.org/Features/AddonHelpers.

- -
-

- -

3.3 Removed tags -

- -

-

-
storeurl_access
-

Replaced by store_id_access.

- -
storeurl_rewrite_children
-

Replaced by store_id_children.

- -
storeurl_rewrite_concurrency
-

Replaced by store_id_children with concurrency=N option.

- -
storeurl_rewrite_program
-

Replaced by store_id_program.

- -
-

- - -

4. Changes to ./configure options since Squid-3.3

- -

There have been some changes to Squid's build configuration since Squid-3.3.

-

This section gives an account of those changes in three categories:

-

-

-

- - -

4.1 New options -

- -

-

-
--enable-storeid-rewrite-helpers
-

New option to control which Store-ID helpers are built. As with other -helper options use --disable-* to prevent any helpers building and -omit to get all helper auto-detected.

-

Currenly only a helper using file for backend is provided.

- -
--disable-arch-native
-

New option to disable use of -march=native compiler flag.

-

The new flag auto-enables CPU-specific optimizations in GCC and is -required by Clang++ v3.2 for correct 64-bit environment detection. -It does not always work well however, so this build option is provided -to remove it when necessary.

- -
--with-nat-devpf
-

New option to alter the behaviour of http_port ... intercept option -in squid.conf.

-

When this option is used Squid performs the /dev/pf lookups required to -support PF rdr-to rules. Otherwise Squid will perform perform the -getsockname() API calls to support PF divert-to rules.

-

NOTE: systems such as NetBSD and FreeBSD which do not yet support -the getsockname() API in recent PF versions require this option.

- -
-

- -

4.2 Changes to existing options -

- -

-

-
--enable-pf-transparent
-

NAT table support updated to use the getsockname() API provided by the -latest PF versions divert-to. This allows http_port -in squid.conf to support both intercept and tproxy traffic -and to silence NAT lookup failure messages on recent BSD.

-

NOTE: systems such as NetBSD and FreeBSD which do not yet support -the getsockname() API in recent PF versions require --with-nat-devpf -to re-enable /dev/pf support when using PF firewall.

- -
--disable-translation
-

Default changed to prevent translating error page templates during build. -Use --enable-translation to explicitly build and install the templates.

-

The latest pre-translated templates can be downloaded from -http://www.squid-cache.org/Versions/langpack/

- -
-

-

4.3 Removed options -

- -

-

-

There are no removed ./configure options in Squid-3.4.

- -
-

- - -

5. Regressions since Squid-2.7

- -

Some squid.conf options which were available in Squid-2.7 are not yet available in Squid-3.4

- -

If you need something to do then porting one of these from Squid-2 to Squid-3 is most welcome.

- -

5.1 Missing squid.conf options available in Squid-2.7 -

- -

-

-
broken_vary_encoding
-

Not yet ported from 2.6

- -
cache_dir
-

COSS storage type is lacking stability fixes from 2.6

-

COSS overwrite-percent= option not yet ported from 2.6

-

COSS max-stripe-waste= option not yet ported from 2.6

-

COSS membufs= option not yet ported from 2.6

-

COSS maxfullbufs= option not yet ported from 2.6

- -
cache_peer
-

idle= not yet ported from 2.7

-

monitorinterval= not yet ported from 2.6

-

monitorsize= not yet ported from 2.6

-

monitortimeout= not yet ported from 2.6

-

monitorurl= not yet ported from 2.6

- -
cache_vary
-

Not yet ported from 2.6

- -
collapsed_forwarding
-

Not yet ported from 2.6

- -
error_map
-

Not yet ported from 2.6

- -
external_refresh_check
-

Not yet ported from 2.7

- -
location_rewrite_access
-

Not yet ported from 2.6

- -
location_rewrite_children
-

Not yet ported from 2.6

- -
location_rewrite_concurrency
-

Not yet ported from 2.6

- -
location_rewrite_program
-

Not yet ported from 2.6

- -
refresh_pattern
-

stale-while-revalidate= not yet ported from 2.7

-

ignore-stale-while-revalidate= not yet ported from 2.7

-

negative-ttl= not yet ported from 2.7

- -
refresh_stale_hit
-

Not yet ported from 2.7

- -
update_headers
-

Not yet ported from 2.7

- -
-

- - - diff --git a/squid.changes b/squid.changes index 18869f2..bfe4432 100644 --- a/squid.changes +++ b/squid.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Wed Feb 18 23:28:06 UTC 2015 - chris@computersalat.de + +- remove obsolete RELEASENOTES.html + * included in package + ------------------------------------------------------------------- Wed Feb 11 22:35:30 UTC 2015 - mpluskal@suse.com diff --git a/squid.spec b/squid.spec index 0ffecfe..e4e08fd 100644 --- a/squid.spec +++ b/squid.spec @@ -1,7 +1,7 @@ # # spec file for package squid # -# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -28,7 +28,7 @@ Group: Productivity/Networking/Web/Proxy Url: http://www.squid-cache.org/Versions/v3/3.4 Source0: http://www.squid-cache.org/Versions/v3/3.4/%{name}-%{version}.tar.bz2 Source1: http://www.squid-cache.org/Versions/v3/3.4/%{name}-%{version}.tar.bz2.asc -Source2: %{name}-%{version}-RELEASENOTES.html + Source3: squid.init Source4: squid.sysconfig Source5: pam.squid