forked from pool/squid
Accepting request 662363 from home:seanlew:branches:server:proxy
Updat squid OBS-URL: https://build.opensuse.org/request/show/662363 OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=175
This commit is contained in:
parent
a2705b2937
commit
f3e0551c1d
@ -1,3 +0,0 @@
|
|||||||
version https://git-lfs.github.com/spec/v1
|
|
||||||
oid sha256:4905e6da7f5574d2583ba36f398bb062a12d51e70d67035078b6e85b09e9ee82
|
|
||||||
size 2436468
|
|
@ -1,25 +0,0 @@
|
|||||||
File: squid-4.4.tar.xz
|
|
||||||
Date: Sat Oct 27 21:20:24 UTC 2018
|
|
||||||
Size: 2436468
|
|
||||||
MD5 : 892504ca9700e1f139a53f84098613bd
|
|
||||||
SHA1: 0ab6b133f65866d825bf72cbbe8cef209768b2fa
|
|
||||||
Key : CD6DBF8EF3B17D3E <squid3@treenet.co.nz>
|
|
||||||
B068 84ED B779 C89B 044E 64E3 CD6D BF8E F3B1 7D3E
|
|
||||||
keyring = http://www.squid-cache.org/pgp.asc
|
|
||||||
keyserver = pool.sks-keyservers.net
|
|
||||||
-----BEGIN PGP SIGNATURE-----
|
|
||||||
|
|
||||||
iQIzBAABCgAdFiEEsGiE7bd5yJsETmTjzW2/jvOxfT4FAlvU1qAACgkQzW2/jvOx
|
|
||||||
fT5Y3Q//R3/ZtDHal9H9c4VUB1fEzkk22JfgXTzRRUdzNkN+XxDkVGmM9R0E0Opo
|
|
||||||
9E/lsE9PcLX1EBtBXbPfwLESzfMe4QJgqq1B4FocpJcdtfCQX6ADU4Qdfc+oo8Z1
|
|
||||||
J/xCf8XrU3yUgXn3pMnQ9DT+IuPYe+Jte7Awm148mC15GMC49NBAYAd793XZ+L2t
|
|
||||||
fVPCbVYA40AU3xVJkxlblh7O0E8UEQ7zQMxcXM2jJJ4jJOjqecOIoJt6lyPD59q3
|
|
||||||
UjD0EmcjTj54BpaU8r++kAc2TkLyBvFV1vWQuQRNG5IAMEOF3H8OfujCXl3lX9fD
|
|
||||||
Tvi9763f9LxdImLJttkzgTt20XAudlUmKOdpj6t1uF+7EmNJg/ChowyLsLzlLLST
|
|
||||||
1mGNdcUdP9VhX2aoTXN/ctn8BTQ/cNIx2VY8kKWsXB+ymFcCJRBW1cBAr3R+UzuX
|
|
||||||
KVlsDzlxP6Dp8EFvKN3sIbM/QtpstKgbTkxro7d9XBkeldsasd5uI2Yt5PSMIs+y
|
|
||||||
VtscqCnwDjxAIW6FNqB96J4hcOYECdWHDL3s46wEDnQaiR0IdBAN5QHn1imzM5e1
|
|
||||||
eHuwZimqBW6vE4rPnVpPIr1Gml5OlLl3te2jsbUVmBiOwDVlQLZJQGzI5UTazvnN
|
|
||||||
eR3QeTW+ggSAdVc6GEApELARfKPRxywLQTOlAhEPn0xayy4ByME=
|
|
||||||
=1eSQ
|
|
||||||
-----END PGP SIGNATURE-----
|
|
740
squid-4.5-RELEASENOTES.html
Normal file
740
squid-4.5-RELEASENOTES.html
Normal file
@ -0,0 +1,740 @@
|
|||||||
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
|
||||||
|
<HTML>
|
||||||
|
<HEAD>
|
||||||
|
<META NAME="GENERATOR" CONTENT="LinuxDoc-Tools 0.9.73">
|
||||||
|
<TITLE>Squid 4.5 release notes</TITLE>
|
||||||
|
</HEAD>
|
||||||
|
<BODY>
|
||||||
|
<H1>Squid 4.5 release notes</H1>
|
||||||
|
|
||||||
|
<H2>Squid Developers</H2>
|
||||||
|
<HR>
|
||||||
|
<EM>This document contains the release notes for version 4 of Squid.
|
||||||
|
Squid is a WWW Cache application developed by the National Laboratory
|
||||||
|
for Applied Network Research and members of the Web Caching community.</EM>
|
||||||
|
<HR>
|
||||||
|
<P>
|
||||||
|
<H2><A NAME="toc1">1.</A> <A HREF="#s1">Notice</A></H2>
|
||||||
|
|
||||||
|
<UL>
|
||||||
|
<LI><A NAME="toc1.1">1.1</A> <A HREF="#ss1.1">Known issues</A>
|
||||||
|
<LI><A NAME="toc1.2">1.2</A> <A HREF="#ss1.2">Changes since earlier releases of Squid-4</A>
|
||||||
|
</UL>
|
||||||
|
<P>
|
||||||
|
<H2><A NAME="toc2">2.</A> <A HREF="#s2">Major new features since Squid-3.5</A></H2>
|
||||||
|
|
||||||
|
<UL>
|
||||||
|
<LI><A NAME="toc2.1">2.1</A> <A HREF="#ss2.1">Configurable helper queue size</A>
|
||||||
|
<LI><A NAME="toc2.2">2.2</A> <A HREF="#ss2.2">Helper concurrency channels changes</A>
|
||||||
|
<LI><A NAME="toc2.3">2.3</A> <A HREF="#ss2.3">SSL support removal</A>
|
||||||
|
<LI><A NAME="toc2.4">2.4</A> <A HREF="#ss2.4">Helper Binary Changes</A>
|
||||||
|
<LI><A NAME="toc2.5">2.5</A> <A HREF="#ss2.5">Secure ICAP</A>
|
||||||
|
<LI><A NAME="toc2.6">2.6</A> <A HREF="#ss2.6">Improved SMP support</A>
|
||||||
|
<LI><A NAME="toc2.7">2.7</A> <A HREF="#ss2.7">Improved process management</A>
|
||||||
|
<LI><A NAME="toc2.8">2.8</A> <A HREF="#ss2.8">Initial GnuTLS support</A>
|
||||||
|
<LI><A NAME="toc2.9">2.9</A> <A HREF="#ss2.9">ESI Custom Parser removal</A>
|
||||||
|
</UL>
|
||||||
|
<P>
|
||||||
|
<H2><A NAME="toc3">3.</A> <A HREF="#s3">Changes to squid.conf since Squid-3.5</A></H2>
|
||||||
|
|
||||||
|
<UL>
|
||||||
|
<LI><A NAME="toc3.1">3.1</A> <A HREF="#ss3.1">New tags</A>
|
||||||
|
<LI><A NAME="toc3.2">3.2</A> <A HREF="#ss3.2">Changes to existing tags</A>
|
||||||
|
<LI><A NAME="toc3.3">3.3</A> <A HREF="#ss3.3">Removed tags</A>
|
||||||
|
</UL>
|
||||||
|
<P>
|
||||||
|
<H2><A NAME="toc4">4.</A> <A HREF="#s4">Changes to ./configure options since Squid-3.5</A></H2>
|
||||||
|
|
||||||
|
<UL>
|
||||||
|
<LI><A NAME="toc4.1">4.1</A> <A HREF="#ss4.1">New options</A>
|
||||||
|
<LI><A NAME="toc4.2">4.2</A> <A HREF="#ss4.2">Changes to existing options</A>
|
||||||
|
<LI><A NAME="toc4.3">4.3</A> <A HREF="#ss4.3">Removed options</A>
|
||||||
|
</UL>
|
||||||
|
<P>
|
||||||
|
<H2><A NAME="toc5">5.</A> <A HREF="#s5">Regressions since Squid-2.7</A></H2>
|
||||||
|
|
||||||
|
<UL>
|
||||||
|
<LI><A NAME="toc5.1">5.1</A> <A HREF="#ss5.1">Missing squid.conf options available in Squid-2.7</A>
|
||||||
|
</UL>
|
||||||
|
<P>
|
||||||
|
<H2><A NAME="toc6">6.</A> <A HREF="#s6">Copyright</A></H2>
|
||||||
|
|
||||||
|
|
||||||
|
<HR>
|
||||||
|
<H2><A NAME="s1">1.</A> <A HREF="#toc1">Notice</A></H2>
|
||||||
|
|
||||||
|
<P>The Squid Team are pleased to announce the release of Squid-4.5 for testing.</P>
|
||||||
|
<P>This new release is available for download from
|
||||||
|
<A HREF="http://www.squid-cache.org/Versions/v4/">http://www.squid-cache.org/Versions/v4/</A> or the
|
||||||
|
<A HREF="http://www.squid-cache.org/Download/http-mirrors.html">mirrors</A>.</P>
|
||||||
|
|
||||||
|
<P>We welcome feedback and bug reports. If you find a bug, please see
|
||||||
|
<A HREF="http://wiki.squid-cache.org/SquidFaq/BugReporting">http://wiki.squid-cache.org/SquidFaq/BugReporting</A>
|
||||||
|
for how to submit a report with a stack trace.</P>
|
||||||
|
|
||||||
|
<H2><A NAME="ss1.1">1.1</A> <A HREF="#toc1.1">Known issues</A>
|
||||||
|
</H2>
|
||||||
|
|
||||||
|
<P>Although this release is deemed good enough for use in production, please note the existence of
|
||||||
|
<A HREF="http://bugs.squid-cache.org/buglist.cgi?query_format=advanced&product=Squid&bug_status=UNCONFIRMED&bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&version=4">open bugs against Squid-4</A>.</P>
|
||||||
|
|
||||||
|
<P>This release adds a dependency on C++11 support in any compiler used to build Squid.
|
||||||
|
As a result older C++03 -only and most C++0x compilers will no longer build successfully.
|
||||||
|
GCC 4.9+ and Clang 3.5+ are known to have working C++11 support and are usable.
|
||||||
|
GCC-4.8 will also build for now despite lack of full C++11 support, but some future features may not be available.</P>
|
||||||
|
|
||||||
|
<P>This release does not support LibreSSL.
|
||||||
|
Due to a bug in the way LibreSSL uses the OpenSSL version macro some changes
|
||||||
|
necessary to support OpenSSL 1.1 prevent building with LibreSSL.</P>
|
||||||
|
|
||||||
|
|
||||||
|
<H2><A NAME="ss1.2">1.2</A> <A HREF="#toc1.2">Changes since earlier releases of Squid-4</A>
|
||||||
|
</H2>
|
||||||
|
|
||||||
|
<P>The Squid-4 change history can be
|
||||||
|
<A HREF="http://www.squid-cache.org/Versions/v4/changesets/">viewed here</A>.</P>
|
||||||
|
|
||||||
|
|
||||||
|
<H2><A NAME="s2">2.</A> <A HREF="#toc2">Major new features since Squid-3.5</A></H2>
|
||||||
|
|
||||||
|
<P>Squid 4 represents a new feature release above 3.5.</P>
|
||||||
|
|
||||||
|
<P>The most important of these new features are:
|
||||||
|
<UL>
|
||||||
|
<LI>Configurable helper queue size</LI>
|
||||||
|
<LI>Helper concurrency channels changes</LI>
|
||||||
|
<LI>SSL support removal</LI>
|
||||||
|
<LI>Helper Binary Changes</LI>
|
||||||
|
<LI>Secure ICAP</LI>
|
||||||
|
<LI>Improved SMP support</LI>
|
||||||
|
<LI>Improved process management</LI>
|
||||||
|
<LI>Initial GnuTLS support</LI>
|
||||||
|
<LI>ESI Custom Parser removal</LI>
|
||||||
|
</UL>
|
||||||
|
</P>
|
||||||
|
<P>Most user-facing changes are reflected in squid.conf (see below).</P>
|
||||||
|
|
||||||
|
|
||||||
|
<H2><A NAME="ss2.1">2.1</A> <A HREF="#toc2.1">Configurable helper queue size</A>
|
||||||
|
</H2>
|
||||||
|
|
||||||
|
<P>The new queue-size=N option to helpers configuration, allows users
|
||||||
|
to configure the maximum number of queued requests to busy helpers.</P>
|
||||||
|
|
||||||
|
<H2><A NAME="ss2.2">2.2</A> <A HREF="#toc2.2">Helper concurrency channels changes</A>
|
||||||
|
</H2>
|
||||||
|
|
||||||
|
<P>helper-mux.pl we have been distributing for the past few years to
|
||||||
|
encourage use of concurrency is no longer compatible with Squid. If
|
||||||
|
used it will spawn up to 2^64 helpers and DoS the Squid server.</P>
|
||||||
|
|
||||||
|
<P>Helpers utilizing arrays to handle fixed amounts of concurrency
|
||||||
|
channels MUST be re-written to use queues and capable of handling a
|
||||||
|
64-bit int as index or they will be vulnerable to buffer overrun and
|
||||||
|
arbitrary memory accesses.</P>
|
||||||
|
|
||||||
|
<P>32-bit helpers need re-writing to handle the concurrency channel ID
|
||||||
|
as a 64-bit integer value. If not updated they will cause proxies to
|
||||||
|
return unexpected results or timeout once crossing the 32-bit wrap
|
||||||
|
boundary. Leading to undefined behaviour in the client HTTP traffic.</P>
|
||||||
|
|
||||||
|
|
||||||
|
<H2><A NAME="ss2.3">2.3</A> <A HREF="#toc2.3">SSL support removal</A>
|
||||||
|
</H2>
|
||||||
|
|
||||||
|
<P>Details in
|
||||||
|
<A HREF="https://tools.ietf.org/html/rfc6176">RFC 6176</A>
|
||||||
|
and
|
||||||
|
<A HREF="https://tools.ietf.org/html/rfc7568">RFC 7568</A></P>
|
||||||
|
|
||||||
|
<P>SSLv2 is not fit for purpose. Squid no longer supports being configured with
|
||||||
|
any settings regarding this protocol. That includes settings manually disabling
|
||||||
|
its use since it is now forced to disable by default. Also settings enabling
|
||||||
|
various client/server workarounds specific to SSLv2 are removed.</P>
|
||||||
|
|
||||||
|
<P>SSLv3 is not fit for purpose. Squid still accepts configuration, but use
|
||||||
|
is deprecated and will be removed entirely in a future version.
|
||||||
|
Squid default behavour is to follow the TLS built in negotiation mechanism
|
||||||
|
which prefers the latest TLS version. But also to accept downgrades to SSLv3.
|
||||||
|
Use <EM>tls-options=NO_SSLv3</EM> to disable SSLv3 support completely.</P>
|
||||||
|
|
||||||
|
<P>A new option <EM>tls-min-version=1.N</EM> is added in place of <EM>sslversion=</EM>
|
||||||
|
to configure the minimum version the TLS negotiation will allow to be used
|
||||||
|
when an old TLS version is requested by the remote endpoint.</P>
|
||||||
|
|
||||||
|
<P>The system Trusted CAs are no longer used by default when verifying client
|
||||||
|
certificates. The <EM>cafile=</EM> option should be used instead to
|
||||||
|
explicitly load the specific CA which signed acceptible client certificates,
|
||||||
|
even if that CA is one of the system Trusted CAs.
|
||||||
|
The <EM>tls-default-ca</EM> option can be used to restore the old
|
||||||
|
behaviour if needed.</P>
|
||||||
|
|
||||||
|
|
||||||
|
<H2><A NAME="ss2.4">2.4</A> <A HREF="#toc2.4">Helper Binary Changes</A>
|
||||||
|
</H2>
|
||||||
|
|
||||||
|
<P>The <EM>basic_msnt_multi_domain_auth</EM> helper has been removed. The
|
||||||
|
<EM>basic_smb_lm_auth</EM> helper performs the same actions without extra
|
||||||
|
Perl and Samba dependencies.</P>
|
||||||
|
|
||||||
|
<P>The <EM>cert_valid.pl</EM> testing helper has been renamed to
|
||||||
|
<EM>security_fake_certverify</EM>, reflecting the Squid helper naming schema
|
||||||
|
and that it does not actually perform any certificate checks.</P>
|
||||||
|
|
||||||
|
<P>The <EM>security_fake_certverify</EM> helper is also now built and installed
|
||||||
|
by default. It is written in Perl so does not require OpenSSL dependencies
|
||||||
|
for installation. But does use the Perl Crypt::OpenSSL::X509 module for execution.
|
||||||
|
Building the helper can be controlled using the <EM>--enable-security-cert-validators="fake"</EM>
|
||||||
|
option.</P>
|
||||||
|
|
||||||
|
<P>The <EM>ssl_crtd</EM> helper has been renamed to <EM>security_file_certgen</EM>
|
||||||
|
and is now built and installed by default whenever OpenSSL support is enabled.
|
||||||
|
Building the helper can be controlled using the <EM>--enable-security-cert-generators="file"</EM>
|
||||||
|
option.</P>
|
||||||
|
|
||||||
|
<P>NOTE: The <EM>--enable-ssl-crtd</EM> option is still required to enable the
|
||||||
|
<EM>sslcrtd_program</EM> helper interface within Squid that uses the helper.</P>
|
||||||
|
|
||||||
|
<P>The <EM>ntlm_smb_lm_auth</EM> helper is now built using <EM>--enable-auth-ntlm="SMB_LM"</EM>.
|
||||||
|
Notice the upper case where it was previously a (wrongly) lower cased acronym.</P>
|
||||||
|
|
||||||
|
|
||||||
|
<H2><A NAME="ss2.5">2.5</A> <A HREF="#toc2.5">Secure ICAP</A>
|
||||||
|
</H2>
|
||||||
|
|
||||||
|
<P>ICAP services can now be used over TLS connections.</P>
|
||||||
|
|
||||||
|
<P>To mark an ICAP service as secure, use an <EM>icaps://</EM> service URI scheme when
|
||||||
|
listing your service via an icap_service directive. The industry is using a
|
||||||
|
<EM>Secure ICAP</EM> term, and Squid follows that convention, but <EM>icaps</EM> seems more
|
||||||
|
appropriate for a <EM>scheme</EM> name.</P>
|
||||||
|
|
||||||
|
<P>Squid uses <EM>port 11344</EM> for Secure ICAP by default, following another popular
|
||||||
|
proxy convention. The old 1344 default for plain ICAP ports has not changed.</P>
|
||||||
|
|
||||||
|
|
||||||
|
<H2><A NAME="ss2.6">2.6</A> <A HREF="#toc2.6">Improved SMP support</A>
|
||||||
|
</H2>
|
||||||
|
|
||||||
|
<P>Use of C++11 atomic operations instead of GNU atomics allows a wider range of
|
||||||
|
operating systems and compilers to build Squid SMP and multi-process features.
|
||||||
|
However this does require a C++11 compiler with a recent version of the C++
|
||||||
|
standard library.</P>
|
||||||
|
|
||||||
|
<P>IpcIo and Mmapped disk I/O modules are now auto-detected properly which
|
||||||
|
enables Rock storage on more systems by default than previously.</P>
|
||||||
|
|
||||||
|
|
||||||
|
<H2><A NAME="ss2.7">2.7</A> <A HREF="#toc2.7">Improved process management</A>
|
||||||
|
</H2>
|
||||||
|
|
||||||
|
<P>Squid is traditionally refered to as a daemon. But is actually a combination
|
||||||
|
of daemon and daemon manager processes. This has caused significant problems
|
||||||
|
integrating it with other third-party daemon managers.</P>
|
||||||
|
|
||||||
|
<P>The Squid process which places its PID into the squid.pid file has always
|
||||||
|
been the process to which control signals are sent. The manager process is
|
||||||
|
now taking on signal handling instead of the main daemon process. Enabling
|
||||||
|
integration with daemon managers such as Upstart or systemd which assume the
|
||||||
|
process they initiated is the daemon with a PID to control.</P>
|
||||||
|
|
||||||
|
<P>The squid binary now has a new <EM>--foreground</EM> command line option,
|
||||||
|
which (only) prevents daemonizing the master process.
|
||||||
|
Unlike the old <EM>-N</EM> option,
|
||||||
|
<EM>--foreground</EM> supports SMP workers and multi-process features.
|
||||||
|
<EM>--foreground</EM> is particularly useful for use with <EM>-z</EM> (disk
|
||||||
|
cache structures creation), as it allows the caller to wait until Squid has
|
||||||
|
finished.</P>
|
||||||
|
|
||||||
|
<P>The squid binary now accepts a <EM>--kid</EM> command line option which
|
||||||
|
informs the process which role it is to take on. This aids with debugging
|
||||||
|
SMP issues with specific process types and resolves some SMP forking issues.</P>
|
||||||
|
|
||||||
|
|
||||||
|
<H2><A NAME="ss2.8">2.8</A> <A HREF="#toc2.8">Initial GnuTLS support</A>
|
||||||
|
</H2>
|
||||||
|
|
||||||
|
<P>Squid can now be built to use GnuTLS in place of OpenSSL for the core
|
||||||
|
features of receiving TLS connections from clients and making TLS
|
||||||
|
connections to servers. The GnuTLS support is still very much experimental
|
||||||
|
and should be tested before use.</P>
|
||||||
|
|
||||||
|
<P>SSL-Bump and certificate generation features are not yet supported by
|
||||||
|
GnuTLS builds. Nor are many other less commonly used Squid TLS/SSL features.</P>
|
||||||
|
|
||||||
|
<P><EM>squid.conf</EM> directives and configuration options which have undergone
|
||||||
|
name changes from 'ssl' to 'tls' prefix in Squid-4 have GnuTLS support, unless
|
||||||
|
explicitly stated otherwise.</P>
|
||||||
|
|
||||||
|
<P>Advanced configuration with specific selection of ciphers and similar settings
|
||||||
|
should still work, but needs the GnuTLS <EM>Priority Strings</EM> instead of
|
||||||
|
the OpenSSL options when using GnuTLS.
|
||||||
|
See
|
||||||
|
<A HREF="https://www.gnutls.org/manual/gnutls.html#Priority-Strings">GnuTLS manual</A>
|
||||||
|
for more details.</P>
|
||||||
|
|
||||||
|
|
||||||
|
<H2><A NAME="ss2.9">2.9</A> <A HREF="#toc2.9">ESI Custom Parser removal</A>
|
||||||
|
</H2>
|
||||||
|
|
||||||
|
<P>The Squid custom ESI (Edge Side Includes) parser has been removed in favour
|
||||||
|
of better supported and maintained third-party libraries. At least one of libxml2
|
||||||
|
or libexpat is now mandatory to build support for the ESI response processor.</P>
|
||||||
|
|
||||||
|
|
||||||
|
<H2><A NAME="s3">3.</A> <A HREF="#toc3">Changes to squid.conf since Squid-3.5</A></H2>
|
||||||
|
|
||||||
|
<P>There have been changes to Squid's configuration file since Squid-3.5.</P>
|
||||||
|
<P>This section gives a thorough account of those changes in three categories:</P>
|
||||||
|
<P>
|
||||||
|
<UL>
|
||||||
|
<LI>
|
||||||
|
<A HREF="#newtags">New tags</A></LI>
|
||||||
|
<LI>
|
||||||
|
<A HREF="#modifiedtags">Changes to existing tags</A></LI>
|
||||||
|
<LI>
|
||||||
|
<A HREF="#removedtags">Removed tags</A></LI>
|
||||||
|
</UL>
|
||||||
|
</P>
|
||||||
|
|
||||||
|
|
||||||
|
<H2><A NAME="newtags"></A> <A NAME="ss3.1">3.1</A> <A HREF="#toc3.1">New tags</A>
|
||||||
|
</H2>
|
||||||
|
|
||||||
|
<P>
|
||||||
|
<DL>
|
||||||
|
<DT><B>collapsed_forwarding_shared_entries_limit</B><DD>
|
||||||
|
<P>New directive to limit the size of a table used for sharing information
|
||||||
|
about collapsible entries among SMP workers.</P>
|
||||||
|
|
||||||
|
<DT><B>force_request_body_continuation</B><DD>
|
||||||
|
<P>New directive to control Squid behaviour on the client connection when
|
||||||
|
receiving an HTTP request with an Expect:100-continue header.</P>
|
||||||
|
|
||||||
|
<DT><B>hopeless_kid_revival_delay</B><DD>
|
||||||
|
<P>New directive to set a cool-down delay reviving a child process if
|
||||||
|
the process is encountering frequent deaths.</P>
|
||||||
|
|
||||||
|
<DT><B>on_unsupported_protocol</B><DD>
|
||||||
|
<P>New directive to set the action performed when encountering strange
|
||||||
|
protocol requests at the beginning of an accepted TCP connection.</P>
|
||||||
|
|
||||||
|
<DT><B>pconn_lifetime</B><DD>
|
||||||
|
<P>New directive to limit the lifetime of persistent connections.</P>
|
||||||
|
|
||||||
|
<DT><B>reply_header_add</B><DD>
|
||||||
|
<P>New directive to add header fields to outgoing HTTP responses to
|
||||||
|
the client.</P>
|
||||||
|
|
||||||
|
<DT><B>request_start_timeout</B><DD>
|
||||||
|
<P>New directive controlling how long Squid waits for the first request
|
||||||
|
bytes to arrive after initial connection establishment by a client.</P>
|
||||||
|
|
||||||
|
<DT><B>server_pconn_for_nonretriable</B><DD>
|
||||||
|
<P>New directive to provide fine-grained control over persistent connection
|
||||||
|
reuse when forwarding HTTP requests that Squid cannot retry. It is useful
|
||||||
|
in environments where opening new connections is very expensive
|
||||||
|
and race conditions associated with persistent connections are very rare
|
||||||
|
and/or only cause minor problems.</P>
|
||||||
|
|
||||||
|
<DT><B>shared_memory_locking</B><DD>
|
||||||
|
<P>New directive to ensure shared memory is all available immediately
|
||||||
|
on startup. Protects against SIGBUS errors, but delays startup.</P>
|
||||||
|
|
||||||
|
<DT><B>tls_outgoing_options</B><DD>
|
||||||
|
<P>New directive to define TLS security context options for outgoing
|
||||||
|
connections. For example to HTTPS servers.</P>
|
||||||
|
|
||||||
|
<DT><B>url_rewrite_timeout</B><DD>
|
||||||
|
<P>Squid times active requests to redirector. This directive sets
|
||||||
|
the timeout value and the Squid reaction to a timed out
|
||||||
|
request.</P>
|
||||||
|
|
||||||
|
</DL>
|
||||||
|
</P>
|
||||||
|
|
||||||
|
<H2><A NAME="modifiedtags"></A> <A NAME="ss3.2">3.2</A> <A HREF="#toc3.2">Changes to existing tags</A>
|
||||||
|
</H2>
|
||||||
|
|
||||||
|
<P>
|
||||||
|
<DL>
|
||||||
|
<DT><B>access_log</B><DD>
|
||||||
|
<P>TCP accept(2) errors logged with URI <EM>error:accept-client-connection</EM>.</P>
|
||||||
|
<P>Unused connections received in <EM>http_port</EM> or <EM>https_port</EM>
|
||||||
|
or transactions terminated before reading[parsing] request headers are
|
||||||
|
logged with URI <EM>error:transaction-end-before-headers</EM>.</P>
|
||||||
|
<P>New option <EM>rotate=</EM> to control the number of log file rotations
|
||||||
|
to make when <EM>-k rotate</EM> command is received. Default is to
|
||||||
|
obey the <EM>logfile_rotate</EM> directive.</P>
|
||||||
|
|
||||||
|
<DT><B>acl</B><DD>
|
||||||
|
<P>New <EM>-m</EM> flag for <EM>note</EM> ACL to match substrings.</P>
|
||||||
|
<P>New <EM>client_connection_mark</EM> type for matching Netfilter
|
||||||
|
CONNMARK of the client TCP connection.</P>
|
||||||
|
<P>New <EM>connections_encrypted</EM> type for matching transactions
|
||||||
|
where all HTTP messages were received over TLS transport connections,
|
||||||
|
including messages received from ICAP servers.</P>
|
||||||
|
<P>New <EM>has</EM> type for matching whether or not Squid is able to provide
|
||||||
|
certain sets of transaction state. For example HTTP reply headers.</P>
|
||||||
|
<P>New <EM>transaction_initiator</EM> type for detecting various
|
||||||
|
unusual transactions.</P>
|
||||||
|
<P>New <EM>--consensus</EM>, <EM>--client-requested</EM> and
|
||||||
|
<EM>--server-provided</EM> flags for the <EM>ssl::server_name</EM>
|
||||||
|
type to control which server name to match against.</P>
|
||||||
|
|
||||||
|
<DT><B>auth_param</B><DD>
|
||||||
|
<P>New parameter <EM>queue-size=</EM> to set the maximum number
|
||||||
|
of queued requests.</P>
|
||||||
|
<P>New parameter <EM>on-persistent-overload=</EM> to set the action taken
|
||||||
|
when the helper queue is overloaded.</P>
|
||||||
|
|
||||||
|
<DT><B>cache_peer</B><DD>
|
||||||
|
<P>New option <EM>auth-no-keytab</EM> to let GSSAPI implementation determine
|
||||||
|
which Kerberos credentials to use, instead of specifying a keytab.</P>
|
||||||
|
<P>Replaced option <EM>ssl</EM> with <EM>tls</EM>. Use of any
|
||||||
|
<EM>tls-</EM> prefixed options implies <EM>tls</EM> is enabled.</P>
|
||||||
|
<P>New option <EM>tls-min-version=1.N</EM> to set minimum TLS version allowed.</P>
|
||||||
|
<P>New option <EM>tls-default-ca</EM> replaces <EM>sslflags=NO_DEFAULT_CA</EM></P>
|
||||||
|
<P>New option <EM>tls-no-npn</EM> to disable sending TLS NPN extension.</P>
|
||||||
|
<P>All <EM>ssloptions=</EM> values for SSLv2 configuration or disabling
|
||||||
|
have been removed.</P>
|
||||||
|
<P>Removed <EM>sslversion=</EM> option. Use <EM>tls-options=</EM> instead.</P>
|
||||||
|
<P>Manual squid.conf update may be required on upgrade.</P>
|
||||||
|
<P>Replaced option <EM>sslcafile=</EM> with <EM>tls-cafile=</EM>
|
||||||
|
which takes multiple entries.</P>
|
||||||
|
|
||||||
|
<DT><B>deny_info</B><DD>
|
||||||
|
<P>New format macro <EM>%O</EM> to expand the <EM>message=</EM> value supplied
|
||||||
|
by external ACL helpers.</P>
|
||||||
|
|
||||||
|
<DT><B>ecap_service</B><DD>
|
||||||
|
<P>New <EM>connection-encryption=</EM> option to determine ICAP service
|
||||||
|
effect on <EM>connections_encrypted</EM> ACL.</P>
|
||||||
|
|
||||||
|
<DT><B>esi_parser</B><DD>
|
||||||
|
<P>Removed <EM>custom</EM> parser option.</P>
|
||||||
|
<P>Changed default to auto-detect available parsers instead of <EM>custom</EM>.</P>
|
||||||
|
|
||||||
|
<DT><B>external_acl_type</B><DD>
|
||||||
|
<P>New parameter <EM>queue-size=</EM> to set the maximum number
|
||||||
|
of queued requests.</P>
|
||||||
|
<P>New parameter <EM>on-persistent-overload=</EM> to set the action taken
|
||||||
|
when the helper queue is overloaded.</P>
|
||||||
|
<P>Format field updated to accept any logformat %macro code.</P>
|
||||||
|
<P>The optional <EM>acl-value</EM> fields in this helper input now expand
|
||||||
|
to a dash ('-') if the %DATA macro is not specified explicitly.</P>
|
||||||
|
|
||||||
|
<DT><B>http_port</B><DD>
|
||||||
|
<P>New option <EM>tls-min-version=1.N</EM> to set minimum TLS version allowed.</P>
|
||||||
|
<P>New option <EM>tls-default-ca</EM> replaces <EM>sslflags=NO_DEFAULT_CA</EM>,
|
||||||
|
the default is also changed to OFF.</P>
|
||||||
|
<P>New option <EM>tls-no-npn</EM> to disable sending TLS NPN extension.</P>
|
||||||
|
<P>All <EM>option=</EM> values for SSLv2 configuration or disabling
|
||||||
|
have been removed.</P>
|
||||||
|
<P>Removed <EM>version=</EM> option. Use <EM>tls-options=</EM> instead.</P>
|
||||||
|
<P>Manual squid.conf update may be required on upgrade.</P>
|
||||||
|
<P>Replaced <EM>cafile=</EM> with <EM>tls-cafile=</EM> which takes multiple entries.</P>
|
||||||
|
<P>Changed default value of <EM>generate-host-certificates</EM> to ON.</P>
|
||||||
|
|
||||||
|
<DT><B>https_port</B><DD>
|
||||||
|
<P>New option <EM>tls-min-version=1.N</EM> to set minimum TLS version allowed.</P>
|
||||||
|
<P>New option <EM>tls-default-ca</EM> replaces <EM>sslflags=NO_DEFAULT_CA</EM>,
|
||||||
|
the default is also changed to OFF.</P>
|
||||||
|
<P>New option <EM>tls-no-npn</EM> to disable sending TLS NPN extension.</P>
|
||||||
|
<P>All <EM>options=</EM> values for SSLv2
|
||||||
|
configuration or disabling have been removed.</P>
|
||||||
|
<P>Removed <EM>version=</EM> option. Use <EM>tls-options=</EM> instead.</P>
|
||||||
|
<P>Manual squid.conf update may be required on upgrade.</P>
|
||||||
|
<P>Replaced <EM>cafile=</EM> with <EM>tls-cafile=</EM> which takes multiple entries.</P>
|
||||||
|
<P>Changed default value of <EM>generate-host-certificates</EM> to ON.</P>
|
||||||
|
|
||||||
|
<DT><B>icap_service</B><DD>
|
||||||
|
<P>New scheme <EM>icaps://</EM> to enable TLS/SSL connections to Secure ICAP
|
||||||
|
servers on port 11344.</P>
|
||||||
|
<P>New <EM>connection-encryption=</EM> option to determine ICAP service
|
||||||
|
effect on <EM>connections_encrypted</EM> ACL.</P>
|
||||||
|
<P>New <EM>tls-cert=</EM> option to set TLS client certificate to use.</P>
|
||||||
|
<P>New <EM>tls-key=</EM> option to set TLS private key matching the client
|
||||||
|
certificate used.</P>
|
||||||
|
<P>New <EM>tls-min-version=1.N</EM> option to set minimum TLS version allowed
|
||||||
|
on server connections.</P>
|
||||||
|
<P>New <EM>tls-options=</EM> option to set OpenSSL library parameters.</P>
|
||||||
|
<P>New <EM>tls-flags=</EM> option to set flags modifying Squid TLS operations.</P>
|
||||||
|
<P>New <EM>tls-cipher=</EM> option to set a list of ciphers permitted.</P>
|
||||||
|
<P>New <EM>tls-cafile=</EM> option to set a file with additional CA
|
||||||
|
certificate(s) to verify the server certificate.</P>
|
||||||
|
<P>New <EM>tls-capath=</EM> option to set a directory with additional CA
|
||||||
|
certificate(s) to verify the server certificate.</P>
|
||||||
|
<P>New <EM>tls-crlfile=</EM> option to set a file with a CRL to verify the
|
||||||
|
server certificate.</P>
|
||||||
|
<P>New <EM>tls-default-ca</EM> option to use the system Trusted CAs to
|
||||||
|
verify the server certificate.</P>
|
||||||
|
<P>New <EM>tls-domain=</EM> option to verify the server certificate domain.</P>
|
||||||
|
|
||||||
|
<DT><B>logfile_daemon</B><DD>
|
||||||
|
<P>Now only requires that helper binary exists when daemon: log module
|
||||||
|
is actually being used.</P>
|
||||||
|
|
||||||
|
<DT><B>logformat</B><DD>
|
||||||
|
<P>New quoting modifier to produce <EM>\-escaped</EM> output.</P>
|
||||||
|
<P>New code <EM>%ssl::<cert_errors</EM> to display server X.509
|
||||||
|
certificate errors.</P>
|
||||||
|
<P>New code <EM>%ssl::<cert_issuer</EM> to display Issuer field of
|
||||||
|
the received server X.509 certificate.</P>
|
||||||
|
<P>New code <EM>%ssl::<cert_subject</EM> to display Subject field of
|
||||||
|
the received server X.509 certificate.</P>
|
||||||
|
<P>New code <EM>%ssl::>negotiated_version</EM> to display
|
||||||
|
negotiated TLS version of the client connection.</P>
|
||||||
|
<P>New code <EM>%ssl::<negotiated_version</EM> to display
|
||||||
|
negotiated TLS version of the last server or peer connection.</P>
|
||||||
|
<P>New code <EM>%ssl::>received_hello_version</EM> to display the
|
||||||
|
TLS version of the Hello message received from TLS client.</P>
|
||||||
|
<P>New code <EM>%ssl::<received_hello_version</EM> to display the
|
||||||
|
TLS version of the Hello message received from TLS server.</P>
|
||||||
|
<P>New code <EM>%ssl::>received_supported_version</EM> to display
|
||||||
|
the maximum TLS version supported by the TLS client.</P>
|
||||||
|
<P>New code <EM>%ssl::<received_supported_version</EM> to display
|
||||||
|
the maximum TLS version supported by the TLS server.</P>
|
||||||
|
<P>New code <EM>%ssl::>negotiated_cipher</EM> to display the
|
||||||
|
negotiated cipher of the client connection.</P>
|
||||||
|
<P>New code <EM>%ssl::<negotiated_cipher</EM> to display the
|
||||||
|
negotiated cipher of the last server or peer connection.</P>
|
||||||
|
<P>New code <EM>%>handshake</EM> to display initial octets
|
||||||
|
received on a client connection (Base64 encoded).</P>
|
||||||
|
<P>Fixed <EM>%<Hs</EM>, <EM>%<pt</EM> and <EM>%<tt</EM>
|
||||||
|
codes for received CONNECT errors.</P>
|
||||||
|
<P>Improved <EM>%<bs</EM> logging on forwarding retries.</P>
|
||||||
|
<P>Improved <EM>%<Hs</EM>, <EM>%<pt</EM>, <EM>%<tt</EM>,
|
||||||
|
<EM>%<bs</EM> logging on SslBump errors.</P>
|
||||||
|
|
||||||
|
<DT><B>pid_filename</B><DD>
|
||||||
|
<P>Default value now based on squid -n command line parameter.</P>
|
||||||
|
<P>This directive is no longer mandatory to edit for
|
||||||
|
multi-instance/tenant Squid installations.</P>
|
||||||
|
|
||||||
|
<DT><B>refresh_pattern</B><DD>
|
||||||
|
<P>Removed option <EM>ignore-auth</EM>. Its commonly desired behaviour
|
||||||
|
is performed by default with correct HTTP/1.1 revalidation.</P>
|
||||||
|
<P>Removed option <EM>ignore-must-revalidate</EM>. Other more HTTP compliant
|
||||||
|
directives (<EM>cache</EM>, <EM>store_miss</EM>) can be used to prevent
|
||||||
|
objects from caching.</P>
|
||||||
|
|
||||||
|
<DT><B>sslcrtd_children</B><DD>
|
||||||
|
<P>New parameter <EM>queue-size=</EM> to set the maximum number
|
||||||
|
of queued requests.</P>
|
||||||
|
<P>New parameter <EM>on-persistent-overload=</EM> to set the action taken
|
||||||
|
when the helper queue is overloaded.</P>
|
||||||
|
|
||||||
|
<DT><B>sslcrtvalidator_children</B><DD>
|
||||||
|
<P>New parameter <EM>queue-size=</EM> to set the maximum number
|
||||||
|
of queued requests.</P>
|
||||||
|
<P>New parameter <EM>on-persistent-overload=</EM> to set the action taken
|
||||||
|
when the helper queue is overloaded.</P>
|
||||||
|
|
||||||
|
<DT><B>store_id_children</B><DD>
|
||||||
|
<P>New parameter <EM>queue-size=</EM> to set the maximum number
|
||||||
|
of queued requests.</P>
|
||||||
|
<P>New parameter <EM>on-persistent-overload=</EM> to set the action taken
|
||||||
|
when the helper queue is overloaded.</P>
|
||||||
|
|
||||||
|
<DT><B>url_rewrite_children</B><DD>
|
||||||
|
<P>New parameter <EM>queue-size=</EM> to set the maximum number
|
||||||
|
of queued requests.</P>
|
||||||
|
<P>New parameter <EM>on-persistent-overload=</EM> to set the action taken
|
||||||
|
when the helper queue is overloaded.</P>
|
||||||
|
|
||||||
|
</DL>
|
||||||
|
</P>
|
||||||
|
|
||||||
|
<H2><A NAME="removedtags"></A> <A NAME="ss3.3">3.3</A> <A HREF="#toc3.3">Removed tags</A>
|
||||||
|
</H2>
|
||||||
|
|
||||||
|
<P>
|
||||||
|
<DL>
|
||||||
|
<DT><B>cache_peer_domain</B><DD>
|
||||||
|
<P>Superceded by <EM>cache_peer_access</EM>. Use dstdomain ACL
|
||||||
|
in the access control list to restrict domains requested.</P>
|
||||||
|
|
||||||
|
<DT><B>ie_refresh</B><DD>
|
||||||
|
<P>Removed. MSIE 3.x, 4.x, 5.0 and 5.01 are no longer popular browsers.</P>
|
||||||
|
|
||||||
|
<DT><B>sslproxy_cafile</B><DD>
|
||||||
|
<P>Replaced by <EM>tls_outgoing_options cafile=</EM>.
|
||||||
|
Which now takes multiple entries.</P>
|
||||||
|
|
||||||
|
<DT><B>sslproxy_capath</B><DD>
|
||||||
|
<P>Replaced by <EM>tls_outgoing_options capath=</EM>.</P>
|
||||||
|
|
||||||
|
<DT><B>sslproxy_cipher</B><DD>
|
||||||
|
<P>Replaced by <EM>tls_outgoing_options cipher=</EM>.</P>
|
||||||
|
|
||||||
|
<DT><B>sslproxy_client_certificate</B><DD>
|
||||||
|
<P>Replaced by <EM>tls_outgoing_options cert=</EM>.</P>
|
||||||
|
|
||||||
|
<DT><B>sslproxy_client_key</B><DD>
|
||||||
|
<P>Replaced by <EM>tls_outgoing_options key=</EM>.</P>
|
||||||
|
|
||||||
|
<DT><B>sslproxy_flags</B><DD>
|
||||||
|
<P>Replaced by <EM>tls_outgoing_options flags=</EM>.</P>
|
||||||
|
|
||||||
|
<DT><B>sslproxy_options</B><DD>
|
||||||
|
<P>Replaced by <EM>tls_outgoing_options options=</EM>.</P>
|
||||||
|
<P>All values for SSLv2 configuration or disabling have been removed.</P>
|
||||||
|
<P>Manual squid.conf update may be required on upgrade.</P>
|
||||||
|
|
||||||
|
<DT><B>sslproxy_version</B><DD>
|
||||||
|
<P>Replaced by <EM>tls_outgoing_options options=</EM>.</P>
|
||||||
|
<P>All values for SSLv2 configuration or disabling have been removed.</P>
|
||||||
|
<P>Manual squid.conf update may be required on upgrade.</P>
|
||||||
|
|
||||||
|
</DL>
|
||||||
|
</P>
|
||||||
|
|
||||||
|
|
||||||
|
<H2><A NAME="s4">4.</A> <A HREF="#toc4">Changes to ./configure options since Squid-3.5</A></H2>
|
||||||
|
|
||||||
|
<P>There have been some changes to Squid's build configuration since Squid-3.5.</P>
|
||||||
|
<P>This section gives an account of those changes in three categories:</P>
|
||||||
|
<P>
|
||||||
|
<UL>
|
||||||
|
<LI>
|
||||||
|
<A HREF="#newoptions">New options</A></LI>
|
||||||
|
<LI>
|
||||||
|
<A HREF="#modifiedoptions">Changes to existing options</A></LI>
|
||||||
|
<LI>
|
||||||
|
<A HREF="#removedoptions">Removed options</A></LI>
|
||||||
|
</UL>
|
||||||
|
</P>
|
||||||
|
|
||||||
|
|
||||||
|
<H2><A NAME="newoptions"></A> <A NAME="ss4.1">4.1</A> <A HREF="#toc4.1">New options</A>
|
||||||
|
</H2>
|
||||||
|
|
||||||
|
<P>
|
||||||
|
<DL>
|
||||||
|
<DT><B>--enable-security-cert-generators</B><DD>
|
||||||
|
<P>New option to control which TLS/SSL dynamic certificate generator
|
||||||
|
helpers are built and installed.</P>
|
||||||
|
<P>Helper <EM>ssl_crtd</EM> has been renamed to <EM>security_file_certgen</EM>
|
||||||
|
and built with module name <EM>file</EM>. Requires <EM>--with-openssl</EM>.</P>
|
||||||
|
|
||||||
|
<DT><B>--enable-security-cert-validators</B><DD>
|
||||||
|
<P>New option to control which TLS/SSL certificate validation
|
||||||
|
helpers are built and installed.</P>
|
||||||
|
<P>One <EM>fake</EM> helper that does not actually perform any
|
||||||
|
certificate checks is provided for testing and as an example
|
||||||
|
for writing custom helpers.</P>
|
||||||
|
|
||||||
|
<DT><B>--without-cppunit</B><DD>
|
||||||
|
<P>The cppunit testing framework is auto-detected and used when available.
|
||||||
|
This option can be used to disable it explicitly.</P>
|
||||||
|
|
||||||
|
</DL>
|
||||||
|
</P>
|
||||||
|
|
||||||
|
<H2><A NAME="modifiedoptions"></A> <A NAME="ss4.2">4.2</A> <A HREF="#toc4.2">Changes to existing options</A>
|
||||||
|
</H2>
|
||||||
|
|
||||||
|
<P>
|
||||||
|
<DL>
|
||||||
|
<DT><B>--enable-auth-basic</B><DD>
|
||||||
|
<P>The <EM>MSNT-multi-domain</EM> helper has been removed.</P>
|
||||||
|
<P>The SMB LanMan helper <EM>SMB_LM</EM> is no longer built by default.
|
||||||
|
It needs to be explicitly listed to be built.</P>
|
||||||
|
|
||||||
|
<DT><B>--enable-auth-ntlm</B><DD>
|
||||||
|
<P>The SMB LanMan helper is now built using <EM>SMB_LM</EM>
|
||||||
|
(was lower case <EM>smb_lm</EM>).</P>
|
||||||
|
<P>The SMB LanMan helper <EM>SMB_LM</EM> is no longer built by default.
|
||||||
|
It needs to be explicitly listed to be built.</P>
|
||||||
|
|
||||||
|
<DT><B>--enable-diskio</B><DD>
|
||||||
|
<P>Auto-detection of SMP related modules has been fixed to
|
||||||
|
actually auto-detect them without configuring the module
|
||||||
|
list manually.</P>
|
||||||
|
|
||||||
|
<DT><B>--enable-esi</B><DD>
|
||||||
|
<P>Custom ESI parser has been removed.
|
||||||
|
Libxml2 or libexpat is now required to enable ESI processing.</P>
|
||||||
|
|
||||||
|
</DL>
|
||||||
|
</P>
|
||||||
|
<H2><A NAME="removedoptions"></A> <A NAME="ss4.3">4.3</A> <A HREF="#toc4.3">Removed options</A>
|
||||||
|
</H2>
|
||||||
|
|
||||||
|
<P>
|
||||||
|
<DL>
|
||||||
|
<DT><B>--with-cppunit-basedir</B><DD>
|
||||||
|
<P>Replaced by <EM>--with-cppunit=PATH</EM>.
|
||||||
|
Please prefer the default auto-detection though.</P>
|
||||||
|
|
||||||
|
<DT><B>XSTD_USE_LIBLTDL</B><DD>
|
||||||
|
<P>Removed. Use <EM>--with-included-ltdl</EM> instead.</P>
|
||||||
|
</DL>
|
||||||
|
</P>
|
||||||
|
|
||||||
|
|
||||||
|
<H2><A NAME="s5">5.</A> <A HREF="#toc5">Regressions since Squid-2.7</A></H2>
|
||||||
|
|
||||||
|
<P>Some squid.conf options which were available in Squid-2.7 are not yet available in Squid-4</P>
|
||||||
|
|
||||||
|
<P>If you need something to do then porting one of these from Squid-2 to Squid-3 is most welcome.</P>
|
||||||
|
|
||||||
|
<H2><A NAME="ss5.1">5.1</A> <A HREF="#toc5.1">Missing squid.conf options available in Squid-2.7</A>
|
||||||
|
</H2>
|
||||||
|
|
||||||
|
<P>
|
||||||
|
<DL>
|
||||||
|
<DT><B>broken_vary_encoding</B><DD>
|
||||||
|
<P>Not yet ported from 2.6</P>
|
||||||
|
|
||||||
|
<DT><B>cache_peer</B><DD>
|
||||||
|
<P><EM>monitorinterval=</EM> not yet ported from 2.6</P>
|
||||||
|
<P><EM>monitorsize=</EM> not yet ported from 2.6</P>
|
||||||
|
<P><EM>monitortimeout=</EM> not yet ported from 2.6</P>
|
||||||
|
<P><EM>monitorurl=</EM> not yet ported from 2.6</P>
|
||||||
|
|
||||||
|
<DT><B>cache_vary</B><DD>
|
||||||
|
<P>Not yet ported from 2.6</P>
|
||||||
|
|
||||||
|
<DT><B>error_map</B><DD>
|
||||||
|
<P>Not yet ported from 2.6</P>
|
||||||
|
|
||||||
|
<DT><B>external_refresh_check</B><DD>
|
||||||
|
<P>Not yet ported from 2.7</P>
|
||||||
|
|
||||||
|
<DT><B>location_rewrite_access</B><DD>
|
||||||
|
<P>Not yet ported from 2.6</P>
|
||||||
|
|
||||||
|
<DT><B>location_rewrite_children</B><DD>
|
||||||
|
<P>Not yet ported from 2.6</P>
|
||||||
|
|
||||||
|
<DT><B>location_rewrite_concurrency</B><DD>
|
||||||
|
<P>Not yet ported from 2.6</P>
|
||||||
|
|
||||||
|
<DT><B>location_rewrite_program</B><DD>
|
||||||
|
<P>Not yet ported from 2.6</P>
|
||||||
|
|
||||||
|
<DT><B>refresh_pattern</B><DD>
|
||||||
|
<P><EM>stale-while-revalidate=</EM> not yet ported from 2.7</P>
|
||||||
|
<P><EM>ignore-stale-while-revalidate=</EM> not yet ported from 2.7</P>
|
||||||
|
<P><EM>negative-ttl=</EM> not yet ported from 2.7</P>
|
||||||
|
|
||||||
|
<DT><B>refresh_stale_hit</B><DD>
|
||||||
|
<P>Not yet ported from 2.7</P>
|
||||||
|
|
||||||
|
<DT><B>update_headers</B><DD>
|
||||||
|
<P>Not yet ported from 2.7</P>
|
||||||
|
|
||||||
|
</DL>
|
||||||
|
</P>
|
||||||
|
|
||||||
|
<H2><A NAME="s6">6.</A> <A HREF="#toc6">Copyright</A></H2>
|
||||||
|
|
||||||
|
<P>Copyright (C) 1996-2018 The Squid Software Foundation and contributors</P>
|
||||||
|
<P>Squid software is distributed under GPLv2+ license and includes
|
||||||
|
contributions from numerous individuals and organizations.
|
||||||
|
Please see the COPYING and CONTRIBUTORS files for details.</P>
|
||||||
|
|
||||||
|
</BODY>
|
||||||
|
</HTML>
|
3
squid-4.5.tar.xz
Normal file
3
squid-4.5.tar.xz
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
version https://git-lfs.github.com/spec/v1
|
||||||
|
oid sha256:553edf76d6ee9a1627af9c2be7be850c14cd6836170b3d6c1393fd700d44ccc5
|
||||||
|
size 2437936
|
25
squid-4.5.tar.xz.asc
Normal file
25
squid-4.5.tar.xz.asc
Normal file
@ -0,0 +1,25 @@
|
|||||||
|
File: squid-4.5.tar.xz
|
||||||
|
Date: Tue Jan 1 05:12:50 UTC 2019
|
||||||
|
Size: 2437936
|
||||||
|
MD5 : 8275da5846f9f2243ad2625e5aef2ee0
|
||||||
|
SHA1: 1249cf60f1ea2a0cd145f66a790d1e9e48333c51
|
||||||
|
Key : CD6DBF8EF3B17D3E <squid3@treenet.co.nz>
|
||||||
|
B068 84ED B779 C89B 044E 64E3 CD6D BF8E F3B1 7D3E
|
||||||
|
keyring = http://www.squid-cache.org/pgp.asc
|
||||||
|
keyserver = pool.sks-keyservers.net
|
||||||
|
-----BEGIN PGP SIGNATURE-----
|
||||||
|
|
||||||
|
iQIzBAABCgAdFiEEsGiE7bd5yJsETmTjzW2/jvOxfT4FAlwq9vIACgkQzW2/jvOx
|
||||||
|
fT5u8hAAnXV/L+XDTZXjxIYimN/4zKPVwG0lEbAg6uXQ0z/7+tH3G8kQ+DAXtxlz
|
||||||
|
my5MnJ0GvI98RhuIIR34wces/KLMYtcH8wTj5YzNRxLZu929eIm5IyV02Ve83FNd
|
||||||
|
uuU4Tea0H2qCPUKZrsdQX7fn9ZlVeSvu7/pRNmM1/V+Txnn0Jut+Xk1KxkTHtwr5
|
||||||
|
5UjGm+sP9/ISpttosY5FcYEdIrOB9PlqLI6umt9L+mdAOnnhIN2YgXX167PzSZqv
|
||||||
|
O+3VRUKGEFXi31krvWE+gL46tnHpV75A9Ccy52yNKCkdfVbRelJijnk7WYj/32GC
|
||||||
|
jWOzkjJh235CoIwiVt0xQshnrVs3EbiEWgu2XLBbGmWAyc4eJerPxwR8MQR6hnWf
|
||||||
|
tGB+RyzQ+7rGBTCupKuk1k75tHOqPxcPN6N2Pw+l+A34yAyu721Bnt76AqQVYPQH
|
||||||
|
wKwK5BGQF5t1llW8I5C7CAO5Kn/mtF5ZbkhjTsqy+BvqVPAeMVbCCgGro694vWKG
|
||||||
|
YOX2MqXwVaA/LE+Y8cWRYIVfyl3ABpP98JZU9HAzC9D+AIwLFUI6EaVrwcKfDU1j
|
||||||
|
GRSBJsG6N0Z/MvdQdlU3xqAWvyKI+HRLKxRP+9DK2DkRX8RVsODhZ2txsjpCxh3t
|
||||||
|
mYICqcuahPuPSUvR6m+wfLDsniQ93Fdzzv6YC34f/9LPdnj4DrM=
|
||||||
|
=aK8J
|
||||||
|
-----END PGP SIGNATURE-----
|
@ -1,3 +1,18 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed Jan 02 05:45:03 UTC 2019 - sean@suspend.net
|
||||||
|
|
||||||
|
- Update to squid 4.5:
|
||||||
|
+ Squid crashes when ICAPS and a sslcrtvalidator used together (#328)
|
||||||
|
+ ssl_bump prevents from accessing some web contents (#304)
|
||||||
|
+ Docs: improved lexgrog compatibility (#340)
|
||||||
|
+ Redesign forward_max_tries count TCP connection attempts
|
||||||
|
+ Fix client_connection_mark ACL handling of clientless transactions
|
||||||
|
+ Fix netdb exchange with a TLS cache peer
|
||||||
|
+ Update netdb when tunneling requests
|
||||||
|
+ Use pkg-config for detecting libxml2
|
||||||
|
+ Misc doc updates
|
||||||
|
+ Misc code compile fixes
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Fri Nov 9 13:13:37 UTC 2018 - adam.majer@suse.de
|
Fri Nov 9 13:13:37 UTC 2018 - adam.majer@suse.de
|
||||||
|
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
#
|
#
|
||||||
# spec file for package squid
|
# spec file for package squid
|
||||||
#
|
#
|
||||||
# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
|
# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
|
||||||
#
|
#
|
||||||
# All modifications and additions to the file contributed by third parties
|
# All modifications and additions to the file contributed by third parties
|
||||||
# remain the property of their copyright owners, unless otherwise agreed
|
# remain the property of their copyright owners, unless otherwise agreed
|
||||||
@ -12,14 +12,14 @@
|
|||||||
# license that conforms to the Open Source Definition (Version 1.9)
|
# license that conforms to the Open Source Definition (Version 1.9)
|
||||||
# published by the Open Source Initiative.
|
# published by the Open Source Initiative.
|
||||||
|
|
||||||
# Please submit bugfixes or comments via http://bugs.opensuse.org/
|
# Please submit bugfixes or comments via https://bugs.opensuse.org/
|
||||||
#
|
#
|
||||||
|
|
||||||
|
|
||||||
%define squidlibdir %{_libdir}/squid
|
%define squidlibdir %{_libdir}/squid
|
||||||
%define squidconfdir %{_sysconfdir}/squid
|
%define squidconfdir %{_sysconfdir}/squid
|
||||||
Name: squid
|
Name: squid
|
||||||
Version: 4.4
|
Version: 4.5
|
||||||
Release: 0
|
Release: 0
|
||||||
Summary: Caching and forwarding HTTP web proxy
|
Summary: Caching and forwarding HTTP web proxy
|
||||||
License: GPL-2.0-or-later
|
License: GPL-2.0-or-later
|
||||||
|
Loading…
Reference in New Issue
Block a user