Accepting request 214647 from server:proxy
update to 3.4.2 (forwarded request 214646 from computersalat) OBS-URL: https://build.opensuse.org/request/show/214647 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/squid?expand=0&rev=16
This commit is contained in:
commit
d7aa5e4f6d
@ -2,14 +2,14 @@
|
|||||||
<HTML>
|
<HTML>
|
||||||
<HEAD>
|
<HEAD>
|
||||||
<META NAME="GENERATOR" CONTENT="LinuxDoc-Tools 0.9.69">
|
<META NAME="GENERATOR" CONTENT="LinuxDoc-Tools 0.9.69">
|
||||||
<TITLE>Squid 3.3.11 release notes</TITLE>
|
<TITLE>Squid 3.4.2 release notes</TITLE>
|
||||||
</HEAD>
|
</HEAD>
|
||||||
<BODY>
|
<BODY>
|
||||||
<H1>Squid 3.3.11 release notes</H1>
|
<H1>Squid 3.4.2 release notes</H1>
|
||||||
|
|
||||||
<H2>Squid Developers</H2>
|
<H2>Squid Developers</H2>
|
||||||
<HR>
|
<HR>
|
||||||
<EM>This document contains the release notes for version 3.3 of Squid.
|
<EM>This document contains the release notes for version 3.4 of Squid.
|
||||||
Squid is a WWW Cache application developed by the National Laboratory
|
Squid is a WWW Cache application developed by the National Laboratory
|
||||||
for Applied Network Research and members of the Web Caching community.</EM>
|
for Applied Network Research and members of the Web Caching community.</EM>
|
||||||
<HR>
|
<HR>
|
||||||
@ -18,20 +18,21 @@ for Applied Network Research and members of the Web Caching community.</EM>
|
|||||||
|
|
||||||
<UL>
|
<UL>
|
||||||
<LI><A NAME="toc1.1">1.1</A> <A HREF="#ss1.1">Known issues</A>
|
<LI><A NAME="toc1.1">1.1</A> <A HREF="#ss1.1">Known issues</A>
|
||||||
<LI><A NAME="toc1.2">1.2</A> <A HREF="#ss1.2">Changes since earlier releases of Squid-3.3</A>
|
<LI><A NAME="toc1.2">1.2</A> <A HREF="#ss1.2">Changes since earlier releases of Squid-3.4</A>
|
||||||
</UL>
|
</UL>
|
||||||
<P>
|
<P>
|
||||||
<H2><A NAME="toc2">2.</A> <A HREF="#s2">Major new features since Squid-3.2</A></H2>
|
<H2><A NAME="toc2">2.</A> <A HREF="#s2">Major new features since Squid-3.3</A></H2>
|
||||||
|
|
||||||
<UL>
|
<UL>
|
||||||
<LI><A NAME="toc2.1">2.1</A> <A HREF="#ss2.1">SQL Database logging helper</A>
|
<LI><A NAME="toc2.1">2.1</A> <A HREF="#ss2.1">Helper protocol extensions</A>
|
||||||
<LI><A NAME="toc2.2">2.2</A> <A HREF="#ss2.2">Time-Quota session helper</A>
|
<LI><A NAME="toc2.2">2.2</A> <A HREF="#ss2.2">SSL Server Certificate Validator</A>
|
||||||
<LI><A NAME="toc2.3">2.3</A> <A HREF="#ss2.3">SSL-Bump Server First</A>
|
<LI><A NAME="toc2.3">2.3</A> <A HREF="#ss2.3">Store-ID</A>
|
||||||
<LI><A NAME="toc2.4">2.4</A> <A HREF="#ss2.4">Server Certificate Mimic</A>
|
<LI><A NAME="toc2.4">2.4</A> <A HREF="#ss2.4">TPROXY Support for OpenBSD 5.1+ and FreeBSD 9+</A>
|
||||||
<LI><A NAME="toc2.5">2.5</A> <A HREF="#ss2.5">Custom HTTP request headers</A>
|
<LI><A NAME="toc2.5">2.5</A> <A HREF="#ss2.5">Transaction Annotations</A>
|
||||||
|
<LI><A NAME="toc2.6">2.6</A> <A HREF="#ss2.6">Multicast DNS</A>
|
||||||
</UL>
|
</UL>
|
||||||
<P>
|
<P>
|
||||||
<H2><A NAME="toc3">3.</A> <A HREF="#s3">Changes to squid.conf since Squid-3.2</A></H2>
|
<H2><A NAME="toc3">3.</A> <A HREF="#s3">Changes to squid.conf since Squid-3.3</A></H2>
|
||||||
|
|
||||||
<UL>
|
<UL>
|
||||||
<LI><A NAME="toc3.1">3.1</A> <A HREF="#ss3.1">New tags</A>
|
<LI><A NAME="toc3.1">3.1</A> <A HREF="#ss3.1">New tags</A>
|
||||||
@ -39,7 +40,7 @@ for Applied Network Research and members of the Web Caching community.</EM>
|
|||||||
<LI><A NAME="toc3.3">3.3</A> <A HREF="#ss3.3">Removed tags</A>
|
<LI><A NAME="toc3.3">3.3</A> <A HREF="#ss3.3">Removed tags</A>
|
||||||
</UL>
|
</UL>
|
||||||
<P>
|
<P>
|
||||||
<H2><A NAME="toc4">4.</A> <A HREF="#s4">Changes to ./configure options since Squid-3.2</A></H2>
|
<H2><A NAME="toc4">4.</A> <A HREF="#s4">Changes to ./configure options since Squid-3.3</A></H2>
|
||||||
|
|
||||||
<UL>
|
<UL>
|
||||||
<LI><A NAME="toc4.1">4.1</A> <A HREF="#ss4.1">New options</A>
|
<LI><A NAME="toc4.1">4.1</A> <A HREF="#ss4.1">New options</A>
|
||||||
@ -56,14 +57,11 @@ for Applied Network Research and members of the Web Caching community.</EM>
|
|||||||
<HR>
|
<HR>
|
||||||
<H2><A NAME="s1">1.</A> <A HREF="#toc1">Notice</A></H2>
|
<H2><A NAME="s1">1.</A> <A HREF="#toc1">Notice</A></H2>
|
||||||
|
|
||||||
<P>The Squid Team are pleased to announce the release of Squid-3.3.11.</P>
|
<P>The Squid Team are pleased to announce the release of Squid-3.4.2 for testing.</P>
|
||||||
<P>This new release is available for download from
|
<P>This new release is available for download from
|
||||||
<A HREF="http://www.squid-cache.org/Versions/v3/3.3/">http://www.squid-cache.org/Versions/v3/3.3/</A> or the
|
<A HREF="http://www.squid-cache.org/Versions/v3/3.4/">http://www.squid-cache.org/Versions/v3/3.4/</A> or the
|
||||||
<A HREF="http://www.squid-cache.org/Mirrors/http-mirrors.html">mirrors</A>.</P>
|
<A HREF="http://www.squid-cache.org/Mirrors/http-mirrors.html">mirrors</A>.</P>
|
||||||
|
<P>While this release is not deemed ready for production use, we believe it is ready for wider testing by the community.</P>
|
||||||
<P>A large number of the design flaws in SSL-Bump feature have been fixed along with general improvements all around.
|
|
||||||
While this release is not fully bug-free we believe it is ready for use in production on many systems.</P>
|
|
||||||
|
|
||||||
<P>We welcome feedback and bug reports. If you find a bug, please see
|
<P>We welcome feedback and bug reports. If you find a bug, please see
|
||||||
<A HREF="http://wiki.squid-cache.org/SquidFaq/BugReporting">http://wiki.squid-cache.org/SquidFaq/BugReporting</A>
|
<A HREF="http://wiki.squid-cache.org/SquidFaq/BugReporting">http://wiki.squid-cache.org/SquidFaq/BugReporting</A>
|
||||||
for how to submit a report with a stack trace.</P>
|
for how to submit a report with a stack trace.</P>
|
||||||
@ -72,162 +70,210 @@ for how to submit a report with a stack trace.</P>
|
|||||||
</H2>
|
</H2>
|
||||||
|
|
||||||
<P>Although this release is deemed good enough for use in many setups, please note the existence of
|
<P>Although this release is deemed good enough for use in many setups, please note the existence of
|
||||||
<A HREF="http://bugs.squid-cache.org/buglist.cgi?query_format=advanced&product=Squid&bug_status=UNCONFIRMED&bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&version=3.3">open bugs against Squid-3.3</A>.</P>
|
<A HREF="http://bugs.squid-cache.org/buglist.cgi?query_format=advanced&product=Squid&bug_status=UNCONFIRMED&bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&version=3.4">open bugs against Squid-3.4</A>.</P>
|
||||||
|
|
||||||
|
<H2><A NAME="ss1.2">1.2</A> <A HREF="#toc1.2">Changes since earlier releases of Squid-3.4</A>
|
||||||
<H2><A NAME="ss1.2">1.2</A> <A HREF="#toc1.2">Changes since earlier releases of Squid-3.3</A>
|
|
||||||
</H2>
|
</H2>
|
||||||
|
|
||||||
<P>The 3.3 change history can be
|
<P>The 3.4 change history can be
|
||||||
<A HREF="http://www.squid-cache.org/Versions/v3/3.3/changesets/">viewed here</A>.</P>
|
<A HREF="http://www.squid-cache.org/Versions/v3/3.4/changesets/">viewed here</A>.</P>
|
||||||
|
|
||||||
<H2><A NAME="s2">2.</A> <A HREF="#toc2">Major new features since Squid-3.2</A></H2>
|
|
||||||
|
|
||||||
<P>Squid 3.3 represents a new feature release above 3.2.</P>
|
<H2><A NAME="s2">2.</A> <A HREF="#toc2">Major new features since Squid-3.3</A></H2>
|
||||||
|
|
||||||
|
<P>Squid 3.4 represents a new feature release above 3.3.</P>
|
||||||
|
|
||||||
<P>The most important of these new features are:
|
<P>The most important of these new features are:
|
||||||
<UL>
|
<UL>
|
||||||
<LI>SQL Database logging helper</LI>
|
<LI>Helper protocol extensions</LI>
|
||||||
<LI>Time-Quota session helper</LI>
|
<LI>SSL Server Certificate Validator</LI>
|
||||||
<LI>SSL-Bump Server First</LI>
|
<LI>Store-ID</LI>
|
||||||
<LI>Server Certificate Mimic</LI>
|
<LI>TPROXY Support for OpenBSD 5.1+ and FreeBSD 9+</LI>
|
||||||
<LI>Custom HTTP request headers</LI>
|
<LI>Transaction Annotations</LI>
|
||||||
|
<LI>Multicast DNS</LI>
|
||||||
</UL>
|
</UL>
|
||||||
</P>
|
</P>
|
||||||
<P>Most user-facing changes are reflected in squid.conf (see below).</P>
|
<P>Most user-facing changes are reflected in squid.conf (see below).</P>
|
||||||
|
|
||||||
<H2><A NAME="ss2.1">2.1</A> <A HREF="#toc2.1">SQL Database logging helper</A>
|
|
||||||
</H2>
|
|
||||||
|
|
||||||
<P><EM>log_db_daemon</EM> - Database logging daemon for Squid</P>
|
<H2><A NAME="ss2.1">2.1</A> <A HREF="#toc2.1">Helper protocol extensions</A>
|
||||||
|
|
||||||
<P>This program writes Squid access.log entries to an SQL database.
|
|
||||||
Written in Perl it can utilize any database supported by the Perl
|
|
||||||
database abstraction layer.</P>
|
|
||||||
|
|
||||||
<P>NOTE: Presently it only accepts the Squid native log format.</P>
|
|
||||||
|
|
||||||
|
|
||||||
<H2><A NAME="ss2.2">2.2</A> <A HREF="#toc2.2">Time-Quota session helper</A>
|
|
||||||
</H2>
|
|
||||||
|
|
||||||
<P><EM>ext_time_quota_acl</EM> - Time quota external ACL helper.</P>
|
|
||||||
|
|
||||||
<P>Allows an administrator to define time budgets (quota) for the
|
|
||||||
users of Squid to limit the time using Squid.</P>
|
|
||||||
|
|
||||||
<P>This is useful for corporate lunch time allocations, wifi portal
|
|
||||||
pay-per-minute installations or for parental control of children.</P>
|
|
||||||
|
|
||||||
<P>The administrator can define a time budget (e.g. 1 hour per day)
|
|
||||||
which is enforced through this helper using session estimations
|
|
||||||
of their browsing time. A 'pause' threshold is given in seconds
|
|
||||||
and defines the period between two requests to be treated as part
|
|
||||||
of the same session. Pauses shorter than this value will be
|
|
||||||
counted against the quota, longer ones ignored.</P>
|
|
||||||
|
|
||||||
|
|
||||||
<H2><A NAME="ss2.3">2.3</A> <A HREF="#toc2.3">SSL-Bump Server First</A>
|
|
||||||
</H2>
|
</H2>
|
||||||
|
|
||||||
<P>Details at
|
<P>Details at
|
||||||
<A HREF="http://wiki.squid-cache.org/Features/BumpSslServerFirst">http://wiki.squid-cache.org/Features/BumpSslServerFirst</A>.</P>
|
<A HREF="http://wiki.squid-cache.org/Features/AddonHelpers">http://wiki.squid-cache.org/Features/AddonHelpers</A>.</P>
|
||||||
|
|
||||||
<P>When an intercepted connection is received, Squid first connects
|
<P>The Squid helper protocol used to communicate with authenticators,
|
||||||
to the server using SSL and receives the server certificate.
|
URL-rewriters, Redirectors, and External ACL helpers has been updated
|
||||||
Squid then uses the host name inside the true server certificate
|
and extended.</P>
|
||||||
to generate a fake one and impersonates the server while still
|
|
||||||
using the already established secure connection to the server.</P>
|
|
||||||
|
|
||||||
<P>Bumping server first is essentially required for handling
|
<P><EM>BH</EM> status code is now accepted from all helpers to report
|
||||||
intercepted HTTPS connections but the same scheme should be used
|
internal error events separate from <EM>ERR</EM> rejection code.
|
||||||
for most HTTP CONNECT requests because it offers a few advantages
|
Permitting Squid to perform recovery operations specific to
|
||||||
compared to the old bump-client-first approach:</P>
|
helper failure instead of a blanket client rejection.</P>
|
||||||
|
|
||||||
|
<P>Arbitrary key-value pairs can be returned from any helper.
|
||||||
|
Allowing future helpers to be forward- and backward- compatible
|
||||||
|
with this and future versions of Squid.</P>
|
||||||
|
|
||||||
|
|
||||||
|
<H2><A NAME="ss2.2">2.2</A> <A HREF="#toc2.2">SSL Server Certificate Validator</A>
|
||||||
|
</H2>
|
||||||
|
|
||||||
|
<P>Details at
|
||||||
|
<A HREF="http://wiki.squid-cache.org/Features/SslServerCertValidator">http://wiki.squid-cache.org/Features/SslServerCertValidator</A>.</P>
|
||||||
|
|
||||||
|
<P>The helper consulted after the internal OpenSSL validation, regardless of the
|
||||||
|
validation results. The helper will receive:</P>
|
||||||
<P>
|
<P>
|
||||||
<UL>
|
<UL>
|
||||||
<LI>When Squid knows valid server certificate details, it can
|
<LI>the origin server certificate (chain),</LI>
|
||||||
generate its fake server certificate with those details.
|
<LI>the intended domain name, and</LI>
|
||||||
With the bump-client-first scheme, all those details are lost.
|
<LI>a list of OpenSSL validation errors (if any).</LI>
|
||||||
In general, browsers do not care about those details but there
|
|
||||||
may be HTTP clients (or even human users) that require or could
|
|
||||||
benefit from knowing them.
|
|
||||||
</LI>
|
|
||||||
<LI>When a server sends a bad certificate, Squid may be able to
|
|
||||||
replicate that brokenness in its own fake certificate, giving
|
|
||||||
the HTTP client control whether to ignore the problem or
|
|
||||||
terminate the transaction. With bump-client-furst, it is
|
|
||||||
difficult to support similar dynamic, user-directed opt out;
|
|
||||||
Squid itself has to decide what to do when the server
|
|
||||||
certificate cannot be validated.
|
|
||||||
</LI>
|
|
||||||
<LI>When a server asks for a client certificate, Squid may be
|
|
||||||
able to ask the client and then forward the client certificate
|
|
||||||
to the server. Such client certificate handling may not be
|
|
||||||
possible with the bump-client-first scheme because it would
|
|
||||||
have to be done after the SSL handshake.
|
|
||||||
</LI>
|
|
||||||
<LI>Some clients (e.g., Rekonq browser v0.7.x) do not send host
|
|
||||||
names in CONNECT requests. Such clients require bump-server-first
|
|
||||||
even in forward proxying mode. Unfortunately, there are other
|
|
||||||
problems with fully supporting such clients (i.e., Squid does
|
|
||||||
not know whether the IP address in the CONNECT request is what
|
|
||||||
the user have typed into the address bar) so not all features
|
|
||||||
will work well for them until more specialized detection code
|
|
||||||
is added.</LI>
|
|
||||||
</UL>
|
</UL>
|
||||||
</P>
|
</P>
|
||||||
|
|
||||||
<H2><A NAME="ss2.4">2.4</A> <A HREF="#toc2.4">Server Certificate Mimic</A>
|
<P>If the helper decides to honor an OpenSSL error or report another validation
|
||||||
|
error(s), the helper will return:</P>
|
||||||
|
<P>
|
||||||
|
<UL>
|
||||||
|
<LI>A list of certificates.</LI>
|
||||||
|
<LI>A list of items consists the the validation error name (see <EM>%err_name</EM>
|
||||||
|
error page macro and <EM>%err_details</EM> code for <EM>logformat</EM>), error reason
|
||||||
|
(<EM>%ssl_lib_error macro</EM>), and the offending certificate.</LI>
|
||||||
|
</UL>
|
||||||
|
</P>
|
||||||
|
|
||||||
|
<P>The returned information mimics what the internal OpenSSL-based validation code
|
||||||
|
collects now. Returned errors, if any, are fed to <EM>sslproxy_cert_error</EM>,
|
||||||
|
triggering the existing SSL error processing code.</P>
|
||||||
|
|
||||||
|
<P>The helper invocation controlled by the <EM>sslcrtvalidator_program</EM> and
|
||||||
|
<EM>sslcrtvalidator_children</EM> configurations options which are similar to the
|
||||||
|
<EM>ssl_crtd</EM> related options. </P>
|
||||||
|
|
||||||
|
|
||||||
|
<H2><A NAME="ss2.3">2.3</A> <A HREF="#toc2.3">Store-ID</A>
|
||||||
</H2>
|
</H2>
|
||||||
|
|
||||||
<P>Details at
|
<P>Details at
|
||||||
<A HREF="http://wiki.squid-cache.org/Features/MimicSslServerCert">http://wiki.squid-cache.org/Features/MimicSslServerCert</A>.</P>
|
<A HREF="http://wiki.squid-cache.org/Features/StoreID">http://wiki.squid-cache.org/Features/StoreID</A>.</P>
|
||||||
|
|
||||||
<P>One of the SslBump features serious drawbacks is the loss of
|
<P>This feature is a redesigned equivalent to the Squid-2.7 feature known as StoreURL-rewrite.</P>
|
||||||
information embedded in SSL server certificate.
|
|
||||||
This certificate mimic feature passes original SSL server
|
<P><EM>Notice</EM> that this is not a direct portage of the Squid-2.7 feature so behaviour
|
||||||
certificate information to the user. Allowing the user to
|
differences do exist. Although the new feature works in similar enough ways that the old
|
||||||
make an informed decision on whether to trust the server
|
helper scripts used for Squid-2.7 are expected to work in this and later versions of Squid.</P>
|
||||||
certificate.</P>
|
|
||||||
|
<P>Squid traditionally uses the requested URL as an index key ID to locate objects in cache.
|
||||||
|
It is not the only key possible and the Store-ID feature exposes an API for external
|
||||||
|
helpers to provide Squid with an alternative key name for any URL.</P>
|
||||||
|
|
||||||
|
<P>When any client request is received which requires a cache lookup the URL is passed to
|
||||||
|
a helper specified with the <EM>store_id_program</EM> directive to check for an alternative
|
||||||
|
Store ID. This allows the helper to identify URLs which refer to duplicate resources and
|
||||||
|
de-duplicate the cache content. <EM>store_id_access</EM> is provided to allow ACL-based
|
||||||
|
tuning of which traffic gets sent to the helper and reduce overheads.</P>
|
||||||
|
|
||||||
|
<P>One subtle and noteworthy difference between Squid-2 and Squid-3 which is highlighted by
|
||||||
|
this feature is that <EM>refresh_pattern</EM> applies its regex argument against the Store
|
||||||
|
ID key and not the transaction URL. So using the Store-ID feature to alter the value
|
||||||
|
affects which <EM>refresh_pattern</EM> directive will be matched.</P>
|
||||||
|
|
||||||
|
<P>Store-ID helpers bundled with Squid can be built with the --enable-storeid-rewrite-helpers
|
||||||
|
option which is added in this version. Currently there is a <EM>file</EM> helper
|
||||||
|
provided.</P>
|
||||||
|
|
||||||
|
|
||||||
<H2><A NAME="ss2.5">2.5</A> <A HREF="#toc2.5">Custom HTTP request headers</A>
|
<H2><A NAME="ss2.4">2.4</A> <A HREF="#toc2.4">TPROXY Support for OpenBSD 5.1+ and FreeBSD 9+</A>
|
||||||
</H2>
|
</H2>
|
||||||
|
|
||||||
<P>The <EM>request_header_add</EM> option is added to insert
|
<P>Details at
|
||||||
HTTP header fields to outgoing HTTP requests (i.e.,
|
<A HREF="http://wiki.squid-cache.org/ConfigExamples/Intercept/OpenBsdPf">http://wiki.squid-cache.org/ConfigExamples/Intercept/OpenBsdPf</A>.</P>
|
||||||
request headers sent by Squid to the next HTTP hop such as a
|
|
||||||
cache peer or an origin server). The option has no effect on
|
|
||||||
cache hit traffic or requests serviced by Squid and ICAP.</P>
|
|
||||||
|
|
||||||
<P>WARNING: If a standard HTTP header name is used, Squid does not check whether
|
<P>The Packet Filter (PF) firewall in OpenBSD 4.4 and later offers traffic interception
|
||||||
the new header conflicts with any existing headers or violates
|
using several very simple methods. One of which is the <EM>divert-to</EM> rule type
|
||||||
HTTP rules. If the request to be modified already contains a
|
which acts as a simple routing diversion instead of performing NAT packet alterations.</P>
|
||||||
field with the same name, the old field is preserved but the
|
|
||||||
header field values are not merged.</P>
|
|
||||||
|
|
||||||
<P>Field-value set can be either a token or a quoted string. If quoted
|
<P>The IP Firewall (IPFW) on FreeBSD 9+ contains a port of the Linux Netfilter TPROXY feature.</P>
|
||||||
string format is used, then the surrounding quotes are removed
|
|
||||||
while escape sequences and %macros are processed.</P>
|
|
||||||
|
|
||||||
<P>In theory, all of the <EM>logformat</EM> codes can be used as %macros.
|
<P>This version of Squid adds support for these features through the ./configure
|
||||||
However, unlike logging (which happens at the very end of
|
options --enable-pf-transparent and --enable-ipfw-transparent when Squid is built on
|
||||||
transaction lifetime), the transaction may not yet have enough
|
systems with the required support. No special extras are required to enable
|
||||||
information to expand a macro when the new header value is needed.
|
<EM>http_port ... tproxy</EM> configuration to work.</P>
|
||||||
And some information may already be available to Squid but not yet
|
|
||||||
committed where the macro expansion code can access it (please report
|
|
||||||
such instances!). The macro will be expanded into a single dash
|
|
||||||
('-') in such cases. Not all macros have been tested.</P>
|
|
||||||
|
|
||||||
<P>One or more Squid ACLs may be specified to restrict header
|
<P>NOTE: To resolve NAT lookup issues on recent PF firewall versions the code behind
|
||||||
injection to matching requests. As always in squid.conf, all
|
<EM>./configure --enable-pf-transparent</EM> has been altered and is expected to
|
||||||
ACLs in an option ACL list must be satisfied for the insertion
|
break on the version of PF firewall shipped with BSD systems such as NetBSD and FreeBSD
|
||||||
to happen. The <EM>request_header_add</EM> option supports fast ACLs only.</P>
|
which do not yet support the getsockname() API.
|
||||||
|
These systems require <EM>--with-nat-devpf</EM> to enable /dev/pf support when using PF firewall.</P>
|
||||||
|
|
||||||
|
|
||||||
<H2><A NAME="s3">3.</A> <A HREF="#toc3">Changes to squid.conf since Squid-3.2</A></H2>
|
<H2><A NAME="ss2.5">2.5</A> <A HREF="#toc2.5">Transaction Annotations</A>
|
||||||
|
</H2>
|
||||||
|
|
||||||
<P>There have been changes to Squid's configuration file since Squid-3.2.</P>
|
<P>Previously the only annotation methods available were ICAP/eCAP HTTP header insertions
|
||||||
|
or external ACL <EM>tag=</EM> result code. Each of which had only limited possibilities
|
||||||
|
for use and little or no correlation.</P>
|
||||||
|
|
||||||
|
<P>It is now possible to add annotations to a client transaction from several sources:
|
||||||
|
<UL>
|
||||||
|
<LI> Directly from squid.conf using the <EM>note</EM> directive with
|
||||||
|
ACL-based selection of which annotation is linked to any
|
||||||
|
particular transaction.
|
||||||
|
</LI>
|
||||||
|
<LI> By configured helper processes returning a key=value pair.
|
||||||
|
The key name becomes the annotation name.</LI>
|
||||||
|
</UL>
|
||||||
|
</P>
|
||||||
|
|
||||||
|
<P>Annotations on the transaction can be passed to ICAP services or eCAP modules using the
|
||||||
|
<EM>adaptation_meta</EM> directive to send them as headers.
|
||||||
|
They can also be logged using the <EM>%note</EM> log format code in custom logs. With
|
||||||
|
the new helper response syntax changes this means all helper response key=value details
|
||||||
|
such as URL-rewrite or store-id changes, external ACL tag etc. are now able to be logged.</P>
|
||||||
|
|
||||||
|
<P>Annotations which are already assigned to a transaction can be checked using an ACL test
|
||||||
|
of the new <EM>note</EM> ACL type. This can match a particular note by name and value,
|
||||||
|
of for any notes with a given name.</P>
|
||||||
|
|
||||||
|
<P>NOTE: not all helper interfaces are yet enabled to convert key=value into annotations
|
||||||
|
and the external ACL interface does not yet send annotations to the helper.</P>
|
||||||
|
|
||||||
|
|
||||||
|
<H2><A NAME="ss2.6">2.6</A> <A HREF="#toc2.6">Multicast DNS</A>
|
||||||
|
</H2>
|
||||||
|
|
||||||
|
<P>The internal DNS component of Squid now supports multicast DNS (mDNS) resolution in
|
||||||
|
accordance with RFC 6762.</P>
|
||||||
|
|
||||||
|
<P>The <EM>dns_multicast_local</EM> directive must be set to <EM>on</EM> to enable this
|
||||||
|
feature.</P>
|
||||||
|
|
||||||
|
<P>The multicast DNS group IP addresses for IPv4 and IPv6 resolving are added to the set
|
||||||
|
of available DNS resolvers and used automatically for domain names ending in <EM>.local</EM>
|
||||||
|
and reverse-DNS lookups before attempting a secondary resolution on the configured
|
||||||
|
resolvers. Domains without <EM>.local</EM> are resolved using only the configured resolvers.</P>
|
||||||
|
|
||||||
|
<P>Statistics for multicast DNS resolution can be found on the <EM>idns</EM> cache manager
|
||||||
|
report.</P>
|
||||||
|
|
||||||
|
<P><EM>NOTE</EM> that the external DNS helper interface is now deprecated and has been
|
||||||
|
removed from future Squid versions. Any installations still using it for local hostname
|
||||||
|
resolution need to upgrade to mDNS resolution with this Squid version.</P>
|
||||||
|
|
||||||
|
|
||||||
|
<H2><A NAME="s3">3.</A> <A HREF="#toc3">Changes to squid.conf since Squid-3.3</A></H2>
|
||||||
|
|
||||||
|
<P>There have been changes to Squid's configuration file since Squid-3.3.</P>
|
||||||
|
|
||||||
|
<P>Squid supports reading configuration option parameters from external
|
||||||
|
files using the syntax <EM>parameters("/path/filename")</EM>. For example:
|
||||||
|
<PRE>
|
||||||
|
acl whitelist dstdomain parameters("/etc/squid/whitelist.txt")
|
||||||
|
</PRE>
|
||||||
|
</P>
|
||||||
|
|
||||||
|
<P>There have also been changes to individual directives in the config file.</P>
|
||||||
<P>This section gives a thorough account of those changes in three categories:</P>
|
<P>This section gives a thorough account of those changes in three categories:</P>
|
||||||
<P>
|
<P>
|
||||||
<UL>
|
<UL>
|
||||||
@ -246,20 +292,50 @@ to happen. The <EM>request_header_add</EM> option supports fast ACLs only.</P>
|
|||||||
|
|
||||||
<P>
|
<P>
|
||||||
<DL>
|
<DL>
|
||||||
<DT><B>cache_miss_revalidate</B><DD>
|
<DT><B>configuration_includes_quoted_values</B><DD>
|
||||||
<P>Whether Squid is to pass-through If-Modified-Since and If-None-Match headers on cache MISS.
|
<P>Whether Squid supports directive parameters with spaces, quotes, and other
|
||||||
Revalidation requests can prevent cache gathering objects to HIT on.</P>
|
special characters. Surround such parameters with "double quotes" and
|
||||||
<P>Based on the Squid-2.7 <EM>ignore_ims_on_miss</EM> feature.</P>
|
also set this directive on/off around the relevant squid.conf line(s)
|
||||||
<P><EM>IMPORTANT:</EM> the meaning for on/off values has changed along with the name since 2.7.</P>
|
making use of such quoting.</P>
|
||||||
|
|
||||||
<DT><B>request_header_add</B><DD>
|
<DT><B>dns_multicast_local</B><DD>
|
||||||
<P>New directive to add custom headers on HTTP traffic sent to upstream servers.</P>
|
<P>Use multicast DNS for <EM>.local</EM> domains and reverse-DNS resolution.</P>
|
||||||
|
|
||||||
<DT><B>sslproxy_cert_sign</B><DD>
|
<DT><B>note</B><DD>
|
||||||
<P>New option to determine how the client certificate sent to upstream servers is signed.</P>
|
<P>Use ACLs to annotate a transaction with customized annotations
|
||||||
|
which can be logged in access.log</P>
|
||||||
|
|
||||||
<DT><B>sslproxy_cert_adapt</B><DD>
|
<DT><B>spoof_client_ip</B><DD>
|
||||||
<P>New option to adapt certain properties of outgoing SSL certificates generated for use when bumping SSL to an upstream server.</P>
|
<P>Access control to determine whether to disable the TPROXY spoofing on upstream traffic.</P>
|
||||||
|
|
||||||
|
<DT><B>sslcrtvalidator_children</B><DD>
|
||||||
|
<P>Specifies the settings for how many SSL server certificate
|
||||||
|
validator helpers are run and when they are started.</P>
|
||||||
|
|
||||||
|
<DT><B>sslcrtvalidator_program</B><DD>
|
||||||
|
<P>Specifies the location of a SSL server certificate validator helper.</P>
|
||||||
|
|
||||||
|
<DT><B>store_id_access</B><DD>
|
||||||
|
<P>Whether the URL for a given request is passed to the Store-ID helper process.
|
||||||
|
Used to improve StoreID performance by quickly eliminating helper delays using ACL tests.</P>
|
||||||
|
<P>Ported equivalent to <EM>storeurl_access</EM> from 2.7</P>
|
||||||
|
|
||||||
|
<DT><B>store_id_bypass</B><DD>
|
||||||
|
<P>Whether the StoreID helper may be bypassed when overloaded.</P>
|
||||||
|
|
||||||
|
<DT><B>store_id_children</B><DD>
|
||||||
|
<P>Controls the number of StoreID helper processes.</P>
|
||||||
|
<P>Options <EM>startup=N</EM>, <EM>idle=N</EM>, <EM>concurrency=N</EM>
|
||||||
|
<UL>
|
||||||
|
<LI>startup=N allow finer tuning of how many helpers are started initially.</LI>
|
||||||
|
<LI>idle=N allow fine tuning of how many helper to retain as buffer against sudden traffic loads.</LI>
|
||||||
|
<LI>concurrency=N was previously called url_rewrite_concurrency as a distinct directive.</LI>
|
||||||
|
</UL>
|
||||||
|
</P>
|
||||||
|
|
||||||
|
<DT><B>store_id_rewrite_program</B><DD>
|
||||||
|
<P>A helper program to provide cache storage internal key ID value for a request.</P>
|
||||||
|
<P>Ported equivalent to <EM>storeurl_rewrite_program</EM> from 2.7</P>
|
||||||
|
|
||||||
</DL>
|
</DL>
|
||||||
</P>
|
</P>
|
||||||
@ -269,36 +345,81 @@ Revalidation requests can prevent cache gathering objects to HIT on.</P>
|
|||||||
|
|
||||||
<P>
|
<P>
|
||||||
<DL>
|
<DL>
|
||||||
|
<DT><B>access_log</B><DD>
|
||||||
|
<P>Configuration syntax extended to support name=value options.
|
||||||
|
<EM>New Syntax:</EM> access_log module:place [option ...] [acl ...]</P>
|
||||||
|
<P>New option <EM>logformat=</EM> to specify the logging format name.</P>
|
||||||
|
<P>New option <EM>buffer-size=</EM> to specify how large the log buffer
|
||||||
|
for this log is to be when <EM>buffered_logs</EM> is enabled.</P>
|
||||||
|
<P>New option <EM>on-error=</EM> to specify what handling is to be done
|
||||||
|
if the logging module encounters a non-recoverable error writing logs.
|
||||||
|
With the value <EM>die</EM> (the default) Squid halts operation.
|
||||||
|
With the value <EM>drop</EM> Squid drops log lines and continue running.</P>
|
||||||
|
|
||||||
<DT><B>acl</B><DD>
|
<DT><B>acl</B><DD>
|
||||||
<P><EM>myport</EM> and <EM>myip</EM>ACL types replaced with <EM>localport</EM> and <EM>localip</EM> respectively.
|
<P>New test type <EM>server_cert_fingerprint</EM> to match against
|
||||||
To reflect that it matches the TCP connection details and not the squid.conf port.
|
server SSL certificate fingerprint.</P>
|
||||||
This matters when dealing with intercepted traffic, where the Squid receiving port differs from the TCP connection IP:port.
|
<P>New test type <EM>note</EM> to match against transaction annotations
|
||||||
Always use <EM>myportname</EM> type to match the squid.conf port details.</P>
|
by name and value, or just by name.</P>
|
||||||
<P>New default built-in ACLs for testing SSL certificate properties.</P>
|
<P>New test type <EM>any-of</EM> to match if any one of a set of named ACLs.</P>
|
||||||
<P><EM>ssl::certHasExpired</EM>,
|
<P>New test type <EM>all-of</EM> to match against all of a set of named ACLs.</P>
|
||||||
<EM>ssl::certNotYetValid</EM>,
|
|
||||||
<EM>ssl::certDomainMismatch</EM>,
|
<DT><B>auth_param</B><DD>
|
||||||
<EM>ssl::certUntrusted</EM>,
|
<P>New result code <EM>BH</EM> to signal helper internal errors
|
||||||
<EM>ssl::certSelfSigned</EM>.</P>
|
available in all authentication schemes.</P>
|
||||||
|
<P>New key <EM>message=</EM> for error message details in all authentication schemes.</P>
|
||||||
|
<P>New result code <EM>OK</EM> and key <EM>ha1=</EM> in Digest authentication.</P>
|
||||||
|
<P>New result codes <EM>OK</EM>, <EM>ERR</EM> replace result codes <EM>AF</EM>,
|
||||||
|
and <EM>NA</EM> in NTLM and Negotiate authentication.</P>
|
||||||
|
<P>New key <EM>token=</EM> for NTLM and Negotiate authentication <EM>OK</EM> responses.</P>
|
||||||
|
<P>Details at
|
||||||
|
<A HREF="http://wiki.squid-cache.org/Features/AddonHelpers">http://wiki.squid-cache.org/Features/AddonHelpers</A>.</P>
|
||||||
|
|
||||||
<DT><B>external_acl_type</B><DD>
|
<DT><B>external_acl_type</B><DD>
|
||||||
<P><EM>%ACL</EM> format tag ported from 2.6.
|
<P>Deprecated <EM>protocol=3.0</EM> option. No longer necessary.</P>
|
||||||
Sends the name of ACL being tested to the external helper.</P>
|
<P>New result code <EM>BH</EM> to signal helper internal errors</P>
|
||||||
<P><EM>%DATA</EM> format tag ported from 2.6.
|
<P>Details at
|
||||||
Inserts the ACL arguments into a particular location of the helper input instead of at the end of the line.</P>
|
<A HREF="http://wiki.squid-cache.org/Features/AddonHelpers">http://wiki.squid-cache.org/Features/AddonHelpers</A>.</P>
|
||||||
|
|
||||||
|
<DT><B>http_port</B><DD>
|
||||||
|
<P>Support IPv6 for <EM>intercept</EM> mode. Requires ip6tables support on Linux,
|
||||||
|
PF support on OpenBSD and IPFW support on FreeBSD. Squid will no longer complain
|
||||||
|
about misconfiguration if IPv6 support is missing, we now rely on the firewall
|
||||||
|
tools reporting misconfiguration when the NAT rules are created.</P>
|
||||||
|
<P>Support <EM>tproxy</EM> mode traffic on BSD systems with BINDANY support
|
||||||
|
(OpenBSD 5+, FreeBSD 9+ so far).</P>
|
||||||
|
<P>Changed build options behind <EM>intercept</EM> traffic mode handling on BSD.
|
||||||
|
see <EM>--enable-pf-transparent</EM> for more details.</P>
|
||||||
|
|
||||||
<DT><B>logformat</B><DD>
|
<DT><B>logformat</B><DD>
|
||||||
<P>New token <EM>%ssl::bump_mode</EM> to log the SSL-bump mode type performed on a request.
|
<P>New format code <EM>%note</EM> to log a transaction annotation linked to the
|
||||||
Logs values of: <EM>-</EM>, <EM>none</EM>, <EM>client-first</EM>, or <EM>server-first</EM>.</P>
|
transaction by ICAP, eCAP, a helper, or the <EM>note</EM> squid.conf directive.</P>
|
||||||
<P>New token of <EM>%ssl::>cert_subject</EM> to log the Subject field of a SSL certificate received from the client.</P>
|
<P>New format code <EM>%>qos</EM> to log client connection TOS/DSCP value set by Squid.</P>
|
||||||
<P>New token of <EM>%ssl::>cert_issuer</EM> to log the Issuer field of a SSL certificate received from the client.</P>
|
<P>New format code <EM>%<qos</EM> to log server connection TOS/DSCP value set by Squid.</P>
|
||||||
|
<P>New format code <EM>%>nfmark</EM> to log client connection netfilter mark set by Squid.</P>
|
||||||
|
<P>New format code <EM>%<nfmark</EM> to log server connection netfilter mark set by Squid.</P>
|
||||||
|
|
||||||
<DT><B>ssl_bump</B><DD>
|
<DT><B>pipeline_prefetch</B><DD>
|
||||||
<P>New action types <EM>none</EM>, <EM>client-first</EM>, <EM>server-first</EM>. The default is <EM>none</EM>.</P>
|
<P>Updated to take a numeric count of prefetched pipeline requests instead of ON/OFF.</P>
|
||||||
<P>Use of <EM>allow</EM>/<EM>deny</EM> is now deprecated and they should be removed as soon as possible.
|
|
||||||
To retain the exact same behaviour between 3.3 and older releases replace <EM>deny</EM> with <EM>none</EM>,
|
<DT><B>refresh_pattern</B><DD>
|
||||||
and <EM>allow</EM> with <EM>client-first</EM>. However an upgrade to <EM>server-first</EM> is the recommended.</P>
|
<P><EM>NOTE:</EM> the regular expression pattern operates on the cache Store-ID value.
|
||||||
<P><EM>NOTE</EM>: Mixing of allow/deny with the new action types is prohibited and will cause Squid to exit with a FATAL error.</P>
|
Which by default is identical to the requested URL, but may differ for some
|
||||||
|
objects if the Store-ID feature is in use.</P>
|
||||||
|
|
||||||
|
<DT><B>unlinkd_program</B><DD>
|
||||||
|
<P>New helper response format utilizing result codes <EM>OK</EM> and <EM>BH</EM>,
|
||||||
|
to signal helper lookup results. Also, key-value response values to return
|
||||||
|
multiple values to Squid.</P>
|
||||||
|
<P>Details at
|
||||||
|
<A HREF="http://wiki.squid-cache.org/Features/AddonHelpers">http://wiki.squid-cache.org/Features/AddonHelpers</A>.</P>
|
||||||
|
|
||||||
|
<DT><B>url_rewrite_program</B><DD>
|
||||||
|
<P>New helper response format utilizing result codes <EM>OK</EM>, <EM>ERR</EM>,
|
||||||
|
and <EM>BH</EM> to signal helper lookup results. Also, key-value response
|
||||||
|
values to return multiple values to Squid.</P>
|
||||||
|
<P>Details at
|
||||||
|
<A HREF="http://wiki.squid-cache.org/Features/AddonHelpers">http://wiki.squid-cache.org/Features/AddonHelpers</A>.</P>
|
||||||
|
|
||||||
</DL>
|
</DL>
|
||||||
</P>
|
</P>
|
||||||
@ -308,16 +429,25 @@ and <EM>allow</EM> with <EM>client-first</EM>. However an upgrade to <EM>server-
|
|||||||
|
|
||||||
<P>
|
<P>
|
||||||
<DL>
|
<DL>
|
||||||
<DT><B>ignore_ims_on_miss</B><DD>
|
<DT><B>storeurl_access</B><DD>
|
||||||
<P>This option has been replaced by the <EM>cache_miss_revalidate</EM> feature.</P>
|
<P>Replaced by <EM>store_id_access</EM>.</P>
|
||||||
|
|
||||||
|
<DT><B>storeurl_rewrite_children</B><DD>
|
||||||
|
<P>Replaced by <EM>store_id_children</EM>.</P>
|
||||||
|
|
||||||
|
<DT><B>storeurl_rewrite_concurrency</B><DD>
|
||||||
|
<P>Replaced by <EM>store_id_children</EM> with <EM>concurrency=N</EM> option.</P>
|
||||||
|
|
||||||
|
<DT><B>storeurl_rewrite_program</B><DD>
|
||||||
|
<P>Replaced by <EM>store_id_program</EM>.</P>
|
||||||
|
|
||||||
</DL>
|
</DL>
|
||||||
</P>
|
</P>
|
||||||
|
|
||||||
|
|
||||||
<H2><A NAME="s4">4.</A> <A HREF="#toc4">Changes to ./configure options since Squid-3.2</A></H2>
|
<H2><A NAME="s4">4.</A> <A HREF="#toc4">Changes to ./configure options since Squid-3.3</A></H2>
|
||||||
|
|
||||||
<P>There have been some changes to Squid's build configuration since Squid-3.2.</P>
|
<P>There have been some changes to Squid's build configuration since Squid-3.3.</P>
|
||||||
<P>This section gives an account of those changes in three categories:</P>
|
<P>This section gives an account of those changes in three categories:</P>
|
||||||
<P>
|
<P>
|
||||||
<UL>
|
<UL>
|
||||||
@ -336,7 +466,27 @@ and <EM>allow</EM> with <EM>client-first</EM>. However an upgrade to <EM>server-
|
|||||||
|
|
||||||
<P>
|
<P>
|
||||||
<DL>
|
<DL>
|
||||||
<P><EM>There are no new ./configure options in Squid-3.3.</EM></P>
|
<DT><B>--enable-storeid-rewrite-helpers</B><DD>
|
||||||
|
<P>New option to control which Store-ID helpers are built. As with other
|
||||||
|
helper options use --disable-* to prevent any helpers building and
|
||||||
|
omit to get all helper auto-detected.</P>
|
||||||
|
<P>Currenly only a helper using <EM>file</EM> for backend is provided.</P>
|
||||||
|
|
||||||
|
<DT><B>--disable-arch-native</B><DD>
|
||||||
|
<P>New option to disable use of -march=native compiler flag.</P>
|
||||||
|
<P>The new flag auto-enables CPU-specific optimizations in GCC and is
|
||||||
|
required by Clang++ v3.2 for correct 64-bit environment detection.
|
||||||
|
It does not always work well however, so this build option is provided
|
||||||
|
to remove it when necessary.</P>
|
||||||
|
|
||||||
|
<DT><B>--with-nat-devpf</B><DD>
|
||||||
|
<P>New option to alter the behaviour of <EM>http_port ... intercept</EM> option
|
||||||
|
in squid.conf.</P>
|
||||||
|
<P>When this option is used Squid performs the /dev/pf lookups required to
|
||||||
|
support PF <EM>rdr-to</EM> rules. Otherwise Squid will perform perform the
|
||||||
|
getsockname() API calls to support PF <EM>divert-to</EM> rules.</P>
|
||||||
|
<P>NOTE: systems such as NetBSD and FreeBSD which do not yet support
|
||||||
|
the getsockname() API in recent PF versions require this option.</P>
|
||||||
|
|
||||||
</DL>
|
</DL>
|
||||||
</P>
|
</P>
|
||||||
@ -346,14 +496,14 @@ and <EM>allow</EM> with <EM>client-first</EM>. However an upgrade to <EM>server-
|
|||||||
|
|
||||||
<P>
|
<P>
|
||||||
<DL>
|
<DL>
|
||||||
<DT><B>--enable-kqueue</B><DD>
|
<DT><B>--enable-pf-transparent</B><DD>
|
||||||
<P>kqueue network I/O module is now built by default when it is available.
|
<P>NAT table support updated to use the getsockname() API provided by the
|
||||||
This option is no longer required to enable kqueue support,
|
latest PF versions <EM>divert-to</EM>. This allows <EM>http_port</EM>
|
||||||
but if used will abort build when kqueue dependencies are missing or broken.</P>
|
in squid.conf to support both <EM>intercept</EM> and <EM>tproxy</EM> traffic
|
||||||
|
and to silence NAT lookup failure messages on recent BSD.</P>
|
||||||
<DT><B>--disable-kqueue</B><DD>
|
<P>NOTE: systems such as NetBSD and FreeBSD which do not yet support
|
||||||
<P>kqueue network I/O module is now built by default when it is available.
|
the getsockname() API in recent PF versions require <EM>--with-nat-devpf</EM>
|
||||||
This configure option is now needed to disable it. Previously it did nothing.</P>
|
to re-enable /dev/pf support when using PF firewall.</P>
|
||||||
|
|
||||||
</DL>
|
</DL>
|
||||||
</P>
|
</P>
|
||||||
@ -362,8 +512,7 @@ This configure option is now needed to disable it. Previously it did nothing.</P
|
|||||||
|
|
||||||
<P>
|
<P>
|
||||||
<DL>
|
<DL>
|
||||||
<DT><B>--enable-ntlm-fail-open</B><DD>
|
<P><EM>There are no removed ./configure options in Squid-3.4.</EM></P>
|
||||||
<P>This has not been supported by Squid for several versions.</P>
|
|
||||||
|
|
||||||
</DL>
|
</DL>
|
||||||
</P>
|
</P>
|
||||||
@ -371,7 +520,7 @@ This configure option is now needed to disable it. Previously it did nothing.</P
|
|||||||
|
|
||||||
<H2><A NAME="s5">5.</A> <A HREF="#toc5">Regressions since Squid-2.7</A></H2>
|
<H2><A NAME="s5">5.</A> <A HREF="#toc5">Regressions since Squid-2.7</A></H2>
|
||||||
|
|
||||||
<P>Some squid.conf and ./configure options which were available in Squid-2.7 are not yet available in Squid-3.3</P>
|
<P>Some squid.conf options which were available in Squid-2.7 are not yet available in Squid-3.4</P>
|
||||||
|
|
||||||
<P>If you need something to do then porting one of these from Squid-2 to Squid-3 is most welcome.</P>
|
<P>If you need something to do then porting one of these from Squid-2 to Squid-3 is most welcome.</P>
|
||||||
|
|
||||||
@ -429,16 +578,7 @@ This configure option is now needed to disable it. Previously it did nothing.</P
|
|||||||
<DT><B>refresh_stale_hit</B><DD>
|
<DT><B>refresh_stale_hit</B><DD>
|
||||||
<P>Not yet ported from 2.7</P>
|
<P>Not yet ported from 2.7</P>
|
||||||
|
|
||||||
<DT><B>storeurl_access</B><DD>
|
<DT><B>update_headers</B><DD>
|
||||||
<P>Not yet ported from 2.7</P>
|
|
||||||
|
|
||||||
<DT><B>storeurl_rewrite_children</B><DD>
|
|
||||||
<P>Not yet ported from 2.7</P>
|
|
||||||
|
|
||||||
<DT><B>storeurl_rewrite_concurrency</B><DD>
|
|
||||||
<P>Not yet ported from 2.7</P>
|
|
||||||
|
|
||||||
<DT><B>storeurl_rewrite_program</B><DD>
|
|
||||||
<P>Not yet ported from 2.7</P>
|
<P>Not yet ported from 2.7</P>
|
||||||
|
|
||||||
</DL>
|
</DL>
|
||||||
|
@ -1,2 +1,3 @@
|
|||||||
addFilter("macro-in-comment")
|
addFilter("macro-in-comment")
|
||||||
addFilter("no-manual-page-for-binary")
|
addFilter("no-manual-page-for-binary")
|
||||||
|
addFilter("zero-length")
|
||||||
|
@ -1,3 +0,0 @@
|
|||||||
version https://git-lfs.github.com/spec/v1
|
|
||||||
oid sha256:6b314cd706693522f01d5ab1930f3aa7a9b03a913bc0e699def16cca8d15ea54
|
|
||||||
size 2989941
|
|
@ -1,20 +0,0 @@
|
|||||||
File: squid-3.3.11.tar.bz2
|
|
||||||
Date: Sat Nov 30 14:12:34 UTC 2013
|
|
||||||
Size: 2989941
|
|
||||||
MD5 : abf2b0fe128f73f5dc157e7e917949e0
|
|
||||||
SHA1: f99627f9f5c76cc2ddf6e14e4a3e955963801b6f
|
|
||||||
Key : 0xFF5CF463 <squid3@treenet.co.nz>
|
|
||||||
fingerprint = EA31 CC5E 9488 E516 8D2D CC5E B268 E706 FF5C F463
|
|
||||||
keyring = http://www.squid-cache.org/pgp.asc
|
|
||||||
keyserver = subkeys.pgp.net
|
|
||||||
-----BEGIN PGP SIGNATURE-----
|
|
||||||
Version: GnuPG v1.4.15 (GNU/Linux)
|
|
||||||
|
|
||||||
iQEcBAABAgAGBQJSmfXuAAoJELJo5wb/XPRjaqcIAKvTzz9frodyUOeuop5W2yZx
|
|
||||||
s3knaI5ZyM7dsXYdDUixto5Q1+a8wIUAvZzCp2sLij3QQTKZJAxgmQ8Tztl/sgKI
|
|
||||||
NbHJSJxAtibNOGKBfCqCDurcNfmn2kLZJPxJXx3gulEP5O7rTdKVoZq/1vyj/rvv
|
|
||||||
rnzZBP2HZ5fnXNRfs7UPrOzMLmg423zXzsDnRjj69xy6w0dXpObDP5tb32jNmOLg
|
|
||||||
zRvk3lw4mtpWJ5kGZ4BbwPpO9i2MT94M9YupjL/doNbbiAt2nutGfGuLgPcmsCwA
|
|
||||||
fpb74hKIM20ON8A7XypeyX6eNeYn4nkRBSuzEX/sPWQUyq0BMxheCEZRboGCnvo=
|
|
||||||
=rlWB
|
|
||||||
-----END PGP SIGNATURE-----
|
|
3
squid-3.4.2.tar.bz2
Normal file
3
squid-3.4.2.tar.bz2
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
version https://git-lfs.github.com/spec/v1
|
||||||
|
oid sha256:bc1f2c3e2b2d8975bfc3745419a6c5bfcbb4716b6cd04011303610b77b19b454
|
||||||
|
size 2812777
|
20
squid-3.4.2.tar.bz2.asc
Normal file
20
squid-3.4.2.tar.bz2.asc
Normal file
@ -0,0 +1,20 @@
|
|||||||
|
File: squid-3.4.2.tar.bz2
|
||||||
|
Date: Mon Dec 30 11:52:11 UTC 2013
|
||||||
|
Size: 2812777
|
||||||
|
MD5 : 7ec46965bc58bc927e81869805a25241
|
||||||
|
SHA1: 0b96ee7502b21c69b5f9bd8d2c113b35dd58ecf0
|
||||||
|
Key : 0xFF5CF463 <squid3@treenet.co.nz>
|
||||||
|
fingerprint = EA31 CC5E 9488 E516 8D2D CC5E B268 E706 FF5C F463
|
||||||
|
keyring = http://www.squid-cache.org/pgp.asc
|
||||||
|
keyserver = subkeys.pgp.net
|
||||||
|
-----BEGIN PGP SIGNATURE-----
|
||||||
|
Version: GnuPG v1.4.15 (GNU/Linux)
|
||||||
|
|
||||||
|
iQEcBAABAgAGBQJSwWThAAoJELJo5wb/XPRjdhgIAIjPMGSUDhylA56CEH5NAXg7
|
||||||
|
yevT8tC6D3dFhQLtXt8a0sT4ULzMwvXGvH/lYBrEyn8mO8tcU145AJldCAKA3tGS
|
||||||
|
j1EmB48w5Vu7R4rkfEpwraYS1y4X/hM1nqv0On78yvAOueau6E2Ti5bbkPKCU0xB
|
||||||
|
oP1YPv+WoLGQtvpgjO9EhX/uVTF+cnCWUwediq9EulAtnkkXAZnJlXgNoJW7cBFv
|
||||||
|
YhLKpds4Ge/LO0jsPp7j6BsOOhbpvIOmMiELCepZ8hk9Cxm7VeCMrFzI069tUiWs
|
||||||
|
TQGvblf32oVhlFWRNkVZI4ZPINXmGPPHT2t4f33Lrep0EawQDnFQfoJxOi2VUUM=
|
||||||
|
=Ugn1
|
||||||
|
-----END PGP SIGNATURE-----
|
@ -2,7 +2,7 @@ Index: src/Makefile.am
|
|||||||
===================================================================
|
===================================================================
|
||||||
--- src/Makefile.am.orig
|
--- src/Makefile.am.orig
|
||||||
+++ src/Makefile.am
|
+++ src/Makefile.am
|
||||||
@@ -975,7 +975,7 @@ cache_cf.o: cf_parser.cci
|
@@ -981,7 +981,7 @@ cache_cf.o: cf_parser.cci
|
||||||
|
|
||||||
# cf_gen builds the configuration files.
|
# cf_gen builds the configuration files.
|
||||||
cf_gen$(EXEEXT): $(cf_gen_SOURCES) $(cf_gen_DEPENDENCIES) cf_gen_defines.cci
|
cf_gen$(EXEEXT): $(cf_gen_SOURCES) $(cf_gen_DEPENDENCIES) cf_gen_defines.cci
|
||||||
@ -15,7 +15,7 @@ Index: src/Makefile.in
|
|||||||
===================================================================
|
===================================================================
|
||||||
--- src/Makefile.in.orig
|
--- src/Makefile.in.orig
|
||||||
+++ src/Makefile.in
|
+++ src/Makefile.in
|
||||||
@@ -7306,7 +7306,7 @@ cache_cf.o: cf_parser.cci
|
@@ -7294,7 +7294,7 @@ cache_cf.o: cf_parser.cci
|
||||||
|
|
||||||
# cf_gen builds the configuration files.
|
# cf_gen builds the configuration files.
|
||||||
cf_gen$(EXEEXT): $(cf_gen_SOURCES) $(cf_gen_DEPENDENCIES) cf_gen_defines.cci
|
cf_gen$(EXEEXT): $(cf_gen_SOURCES) $(cf_gen_DEPENDENCIES) cf_gen_defines.cci
|
||||||
|
@ -2,7 +2,7 @@ Index: src/cf.data.pre
|
|||||||
===================================================================
|
===================================================================
|
||||||
--- src/cf.data.pre.orig
|
--- src/cf.data.pre.orig
|
||||||
+++ src/cf.data.pre
|
+++ src/cf.data.pre
|
||||||
@@ -1196,6 +1196,8 @@ http_access deny manager
|
@@ -1350,6 +1350,8 @@ http_access deny manager
|
||||||
# Adapt localnet in the ACL section to list your (internal) IP networks
|
# Adapt localnet in the ACL section to list your (internal) IP networks
|
||||||
# from where browsing should be allowed
|
# from where browsing should be allowed
|
||||||
http_access allow localnet
|
http_access allow localnet
|
||||||
@ -11,7 +11,7 @@ Index: src/cf.data.pre
|
|||||||
http_access allow localhost
|
http_access allow localhost
|
||||||
|
|
||||||
# And finally deny all other access to this proxy
|
# And finally deny all other access to this proxy
|
||||||
@@ -3144,6 +3146,10 @@ DOC_START
|
@@ -3361,6 +3363,10 @@ DOC_START
|
||||||
Instead, if you want Squid to use the entire disk drive,
|
Instead, if you want Squid to use the entire disk drive,
|
||||||
subtract 20% and use that value.
|
subtract 20% and use that value.
|
||||||
|
|
||||||
@ -22,7 +22,7 @@ Index: src/cf.data.pre
|
|||||||
'L1' is the number of first-level subdirectories which
|
'L1' is the number of first-level subdirectories which
|
||||||
will be created under the 'Directory'. The default is 16.
|
will be created under the 'Directory'. The default is 16.
|
||||||
|
|
||||||
@@ -3277,7 +3283,7 @@ DOC_START
|
@@ -3494,7 +3500,7 @@ DOC_START
|
||||||
NOCOMMENT_START
|
NOCOMMENT_START
|
||||||
|
|
||||||
# Uncomment and adjust the following to add a disk cache directory.
|
# Uncomment and adjust the following to add a disk cache directory.
|
||||||
@ -31,7 +31,7 @@ Index: src/cf.data.pre
|
|||||||
NOCOMMENT_END
|
NOCOMMENT_END
|
||||||
DOC_END
|
DOC_END
|
||||||
|
|
||||||
@@ -3890,7 +3896,7 @@ DOC_END
|
@@ -4147,7 +4153,7 @@ DOC_END
|
||||||
|
|
||||||
NAME: logfile_rotate
|
NAME: logfile_rotate
|
||||||
TYPE: int
|
TYPE: int
|
||||||
|
@ -1,24 +0,0 @@
|
|||||||
Index: helpers/basic_auth/DB/config.test
|
|
||||||
===================================================================
|
|
||||||
--- helpers/basic_auth/DB/config.test.orig
|
|
||||||
+++ helpers/basic_auth/DB/config.test
|
|
||||||
@@ -2,6 +2,6 @@
|
|
||||||
|
|
||||||
## Test: do we have perl to build the helper scripts?
|
|
||||||
## Test: do we have pod2man to build the manual?
|
|
||||||
-perl --version >/dev/null && echo | pod2man >/dev/null
|
|
||||||
+perl --version >/dev/null && pod2man --help >/dev/null
|
|
||||||
|
|
||||||
exit $?
|
|
||||||
Index: helpers/log_daemon/DB/config.test
|
|
||||||
===================================================================
|
|
||||||
--- helpers/log_daemon/DB/config.test.orig
|
|
||||||
+++ helpers/log_daemon/DB/config.test
|
|
||||||
@@ -2,6 +2,6 @@
|
|
||||||
|
|
||||||
## Test: do we have perl to build the helper scripts?
|
|
||||||
## Test: do we have pod2man to build the manual?
|
|
||||||
-perl --version >/dev/null && echo | pod2man >/dev/null
|
|
||||||
+perl --version >/dev/null && pod2man --help >/dev/null
|
|
||||||
|
|
||||||
exit $?
|
|
@ -1,3 +1,88 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Tue Jan 7 19:45:22 UTC 2014 - chris@computersalat.de
|
||||||
|
|
||||||
|
- Changes to squid-3.4.2 (30 Dec 2013):
|
||||||
|
* Regression Bug 3980: FATAL ERROR due to max_user_ip -s option
|
||||||
|
* Regression Fix: \-unescaping in quoted strings from helpers
|
||||||
|
* Regression Fix: URL helper API bypassing on URL containing '=' character
|
||||||
|
* Bug 3985: 60s limit introduced by balance_on_multiple_ip breaks bad IP recovery
|
||||||
|
* Bug 3806: Caching responses with Vary header
|
||||||
|
* Bug 3498: FTP PUT assertion
|
||||||
|
* WCCPv2: Fix assertion 'Cannot convert non-IPv4 to IPv4' on FreeBSD
|
||||||
|
* Enable concurrency by default for SSL certificate validator
|
||||||
|
* ... and fix several build errors
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed Dec 25 23:10:24 UTC 2013 - chris@computersalat.de
|
||||||
|
|
||||||
|
- Changes to squid-3.4.1 (09 Dec 2013):
|
||||||
|
* Bug 3935: Invalid pointer dereference when peeking at origin server certificate
|
||||||
|
* Bug 3589: intercepted and ICAP modified request using a cache_peer
|
||||||
|
* ... and several portability fixes
|
||||||
|
* ... and some documentation updates
|
||||||
|
- Changes to squid-3.4.0.3 (01 Dec 2013):
|
||||||
|
* Bug 3941: Release notes error
|
||||||
|
* Receive annotations from authentication and external ACL helpers
|
||||||
|
* basic_nis_auth: Improved portability
|
||||||
|
* ... and several documentation updates
|
||||||
|
* ... and all bug fixes from 3.3.9, 3.3.10, 3.3.11
|
||||||
|
- Changes to squid-3.4.0.2 (03 Oct 2013):
|
||||||
|
* Regression Bug 3891: squid.conf parser errors in 3.4.0.1
|
||||||
|
* Regression Fix: re-disable MinGW C++11 support
|
||||||
|
* Bug 3914: partial: make squidclient tool build cleanly with -Wconversion
|
||||||
|
* Fix memory leak in refresh_pattern parsing
|
||||||
|
* negotiate_kerberos_auth: upgrade to present group= keys
|
||||||
|
* Handle NTLM helper returning OK without user= value
|
||||||
|
* Add dns_multicast_local to control mDNS operation
|
||||||
|
* Add --disable-arch-native build option
|
||||||
|
* Display Build-Info in cache manager info report
|
||||||
|
* ... and all changes from squid 3.3.9
|
||||||
|
* ... and some code and debug output polishing
|
||||||
|
- Changes to squid-3.4.0.1 (29 Jul 2013):
|
||||||
|
* Port from 2.7: StoreURL (renamed Store-ID) support
|
||||||
|
* Bug 3795: fix several mistakes in the MIB file
|
||||||
|
* Bug 3793: configure: improved helper detection
|
||||||
|
* Bug 3722: Invalid markup in Armenian hy ERR_ONLY_IF_CACHED_MISS
|
||||||
|
* Bug 3676: Support GCC 4.7 with -Wshadow option
|
||||||
|
* Bug 3643: NTLM helpers stuck in reserved state by Safari
|
||||||
|
* Bug 3389: Auto-reconnect for tcp access_log
|
||||||
|
* Bug 2066: squid does not do chdir() after chroot()
|
||||||
|
* Fix uninitialized fields in IcapLogEntry
|
||||||
|
* Fix a number of minor issues detected by Coverity Scan
|
||||||
|
* Fix some potential memory leaks detected by Coverity Scan
|
||||||
|
* Fix 64-bit support for Intel compiler suite (ICC) and other similar compilers
|
||||||
|
* Fix ACL matching algorithm to avoid repeating tests
|
||||||
|
* basic_pam_auth: Add -r option to strip NTLM/Negotiate domain from username
|
||||||
|
* squidpurge: fix META TLV parsing issues
|
||||||
|
* squid.conf: enforce all the directive and option names are lower-case
|
||||||
|
* Support EUI on HTTPS and FTP data connections
|
||||||
|
* Support OK/ERR/BH response codes from any helper
|
||||||
|
* Support No-lookup flag (-n) on DNS ACLs
|
||||||
|
* Support -march=native compiler optimization by default
|
||||||
|
* Support forwarding intercepted but not bumped connections to cache_peers
|
||||||
|
* Support IPv6 NAT interception on Linux and some BSD
|
||||||
|
* Deprecate log_icap and log_access configuration directives
|
||||||
|
* HTTP/1.1: improved method invalidation and cacheability detection
|
||||||
|
* HTTP/1.1: support length configuration for pipeline_prefetch queue
|
||||||
|
* Improved TPROXY support for OpenBSD and FreeBSD
|
||||||
|
* Add storeid_file_rewrite helper to perform Store-ID rewrites from a rules file
|
||||||
|
* Add all-of and any-of ACL types for grouping sets of ACL tests
|
||||||
|
* Add note directive for transaction annotations
|
||||||
|
* Add %note log format for transaction annotation logging
|
||||||
|
* Add note ACL type for matching annotated transactions with by annotation name or value
|
||||||
|
* Add kv-pair support to URL-rewrite/redirector interface
|
||||||
|
* Add SSL server certificate validator interface, helper and result cache
|
||||||
|
* Add SSL server certificate fingerprint ACL type
|
||||||
|
* Add spoof_client_ip access control
|
||||||
|
* Add pt-bz (Belize Portuguese) dialect to translations
|
||||||
|
* ... and many Windows portability changes (still incomplete)
|
||||||
|
* ... and many documentation changes
|
||||||
|
* ... and much code cleanup and polishing
|
||||||
|
- modified patches:
|
||||||
|
* squid-compiled_without_RPM_OPT_FLAGS.patch
|
||||||
|
* squid-config.patch
|
||||||
|
- remove obsolete fix-pod2man-check patch
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Wed Dec 25 21:29:38 UTC 2013 - chris@computersalat.de
|
Wed Dec 25 21:29:38 UTC 2013 - chris@computersalat.de
|
||||||
|
|
||||||
|
38
squid.spec
38
squid.spec
@ -1,7 +1,7 @@
|
|||||||
#
|
#
|
||||||
# spec file for package squid
|
# spec file for package squid
|
||||||
#
|
#
|
||||||
# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany.
|
# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
|
||||||
#
|
#
|
||||||
# All modifications and additions to the file contributed by third parties
|
# All modifications and additions to the file contributed by third parties
|
||||||
# remain the property of their copyright owners, unless otherwise agreed
|
# remain the property of their copyright owners, unless otherwise agreed
|
||||||
@ -16,17 +16,19 @@
|
|||||||
#
|
#
|
||||||
|
|
||||||
|
|
||||||
%define squidlibdir %{_libdir}/squid
|
%define squidlibdir %{_libdir}/squid
|
||||||
%define squidconfdir /etc/squid
|
%define squidconfdir /etc/squid
|
||||||
|
#define snap -20131225-r13064
|
||||||
|
|
||||||
Name: squid
|
Name: squid
|
||||||
Summary: Squid Version 3.3 WWW Proxy Server
|
Summary: Squid Version 3.3 WWW Proxy Server
|
||||||
License: GPL-2.0+
|
License: GPL-2.0+
|
||||||
Group: Productivity/Networking/Web/Proxy
|
Group: Productivity/Networking/Web/Proxy
|
||||||
Version: 3.3.11
|
Version: 3.4.2
|
||||||
Release: 0
|
Release: 0
|
||||||
Url: http://www.squid-cache.org/Versions/v3/3.3
|
Url: http://www.squid-cache.org/Versions/v3/3.4
|
||||||
Source0: http://www.squid-cache.org/Versions/v3/3.3/%{name}-%{version}.tar.bz2
|
#Source0: http://www.squid-cache.org/Versions/v3/3.3/%{name}-%{version}%{snap}.tar.bz2
|
||||||
|
Source0: http://www.squid-cache.org/Versions/v3/3.4/%{name}-%{version}.tar.bz2
|
||||||
Source1: %{name}-%{version}.tar.bz2.asc
|
Source1: %{name}-%{version}.tar.bz2.asc
|
||||||
Source2: RELEASENOTES.html
|
Source2: RELEASENOTES.html
|
||||||
Source3: squid.init
|
Source3: squid.init
|
||||||
@ -58,8 +60,6 @@ Patch101: %{name}-nobuilddates.patch
|
|||||||
## File is compiled without RPM_OPT_FLAGS
|
## File is compiled without RPM_OPT_FLAGS
|
||||||
# squid3 no-rpm-opt-flags <cmdline>:./cf_gen.cc
|
# squid3 no-rpm-opt-flags <cmdline>:./cf_gen.cc
|
||||||
Patch102: %{name}-compiled_without_RPM_OPT_FLAGS.patch
|
Patch102: %{name}-compiled_without_RPM_OPT_FLAGS.patch
|
||||||
# Upstream notified of this problem by mageia guys
|
|
||||||
Patch103: %{name}-fix-pod2man-check.patch
|
|
||||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||||
PreReq: %fillup_prereq
|
PreReq: %fillup_prereq
|
||||||
PreReq: %insserv_prereq
|
PreReq: %insserv_prereq
|
||||||
@ -108,21 +108,23 @@ Obsoletes: %{name}3 < %{version}
|
|||||||
%description
|
%description
|
||||||
Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. It reduces bandwidth and improves response times by caching and reusing frequently-requested web pages. Squid has extensive access controls and makes a great server accelerator.
|
Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. It reduces bandwidth and improves response times by caching and reusing frequently-requested web pages. Squid has extensive access controls and makes a great server accelerator.
|
||||||
|
|
||||||
Squid 3.3 represents a new feature release above 3.2.
|
Squid 3.4 represents a new feature release above 3.3.
|
||||||
|
|
||||||
The most important of these new features are:
|
The most important of these new features are:
|
||||||
|
|
||||||
* SQL Database logging helper
|
* Helper protocol extensions
|
||||||
* Time-Quota session helper
|
* SSL Server Certificate Validator
|
||||||
* SSL-Bump Server First
|
* Store-ID
|
||||||
* Server Certificate Mimic
|
* TPROXY Support for OpenBSD 5.1+ and FreeBSD 9+
|
||||||
* Custom HTTP request headers
|
* Transaction Annotations
|
||||||
|
* Multicast DNS
|
||||||
|
|
||||||
Most user-facing changes are reflected in squid.conf (see below).
|
Most user-facing changes are reflected in squid.conf (see below).
|
||||||
|
|
||||||
First STABLE release Date: 20 Oct 2012
|
First STABLE release Date: 08 Dec 2013
|
||||||
|
|
||||||
%prep
|
%prep
|
||||||
|
#setup -q -n %{name}-%{version}%{snap}
|
||||||
%gpg_verify %{S:1}
|
%gpg_verify %{S:1}
|
||||||
%setup -q -n %{name}-%{version}
|
%setup -q -n %{name}-%{version}
|
||||||
cp %{S:10} .
|
cp %{S:10} .
|
||||||
@ -134,7 +136,6 @@ perl -p -i -e 's|/usr/local/bin/perl|/usr/bin/perl|' `find -name "*.pl"`
|
|||||||
chmod a-x CREDITS
|
chmod a-x CREDITS
|
||||||
%patch101
|
%patch101
|
||||||
%patch102
|
%patch102
|
||||||
%patch103
|
|
||||||
|
|
||||||
%build
|
%build
|
||||||
export CFLAGS="%{optflags} -fPIE -fPIC -DOPENSSL_LOAD_CONF"
|
export CFLAGS="%{optflags} -fPIE -fPIC -DOPENSSL_LOAD_CONF"
|
||||||
@ -351,7 +352,8 @@ fi
|
|||||||
%{_sbindir}/basic_smb_auth
|
%{_sbindir}/basic_smb_auth
|
||||||
%{_sbindir}/basic_smb_auth.sh
|
%{_sbindir}/basic_smb_auth.sh
|
||||||
%{_sbindir}/cert_tool
|
%{_sbindir}/cert_tool
|
||||||
%{_sbindir}/digest_edirectory_auth
|
%{_sbindir}/cert_valid.pl
|
||||||
|
#{_sbindir}/digest_edirectory_auth
|
||||||
%{_sbindir}/digest_file_auth
|
%{_sbindir}/digest_file_auth
|
||||||
%{_sbindir}/digest_ldap_auth
|
%{_sbindir}/digest_ldap_auth
|
||||||
%{_sbindir}/diskd
|
%{_sbindir}/diskd
|
||||||
@ -359,6 +361,7 @@ fi
|
|||||||
%{_sbindir}/ext_file_userip_acl
|
%{_sbindir}/ext_file_userip_acl
|
||||||
%{_sbindir}/ext_kerberos_ldap_group_acl
|
%{_sbindir}/ext_kerberos_ldap_group_acl
|
||||||
%{_sbindir}/ext_ldap_group_acl
|
%{_sbindir}/ext_ldap_group_acl
|
||||||
|
%{_sbindir}/ext_session_acl
|
||||||
%{_sbindir}/ext_unix_group_acl
|
%{_sbindir}/ext_unix_group_acl
|
||||||
%{_sbindir}/ext_wbinfo_group_acl
|
%{_sbindir}/ext_wbinfo_group_acl
|
||||||
%{_sbindir}/helper-mux.pl
|
%{_sbindir}/helper-mux.pl
|
||||||
@ -372,6 +375,7 @@ fi
|
|||||||
%{_sbindir}/pinger
|
%{_sbindir}/pinger
|
||||||
%{_sbindir}/rc%{name}
|
%{_sbindir}/rc%{name}
|
||||||
%{_sbindir}/%{name}
|
%{_sbindir}/%{name}
|
||||||
|
%{_sbindir}/storeid_file_rewrite
|
||||||
%{_sbindir}/unlinkd
|
%{_sbindir}/unlinkd
|
||||||
%{_sbindir}/url_fake_rewrite
|
%{_sbindir}/url_fake_rewrite
|
||||||
%{_sbindir}/url_fake_rewrite.sh
|
%{_sbindir}/url_fake_rewrite.sh
|
||||||
|
Loading…
Reference in New Issue
Block a user