forked from pool/squid
Adam Majer
62ba66243a
* security fixes: + Request/Response smuggling in HTTP/1.1 and ICAP (bsc#1216500, CVE-2023-46846) + Multiple issues in HTTP response caching (bsc#1216496, CVE-2023-5824) + Denial of Service in HTTP Digest Authentication (bsc#1216495, CVE-2023-46847) + Denial of Service in FTP (bsc#1216498, CVE-2023-46848) + Fix validation of certificates (bsc#1216803, CVE-2023-46724) * Bug 5294: ERR_CANNOT_FORWARD returned instead of ERR_DNS_FAIL * Bug 4981: Work around in-call job invalidation bugs * basic_smb_lm_auth: fix 'no previous declaration' warnings * CacheManager: require /squid-internal-mgr/ URL path prefix * ESI: Fix build [-Wsingle-bit-bitfield-constant-conversion] * documentation changes OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=281
3282 lines
140 KiB
Plaintext
3282 lines
140 KiB
Plaintext
-------------------------------------------------------------------
|
||
Wed Oct 25 14:32:33 UTC 2023 - Adam Majer <adam.majer@suse.de>
|
||
|
||
- update to 6.4:
|
||
* security fixes:
|
||
+ Request/Response smuggling in HTTP/1.1 and ICAP (bsc#1216500, CVE-2023-46846)
|
||
+ Multiple issues in HTTP response caching (bsc#1216496, CVE-2023-5824)
|
||
+ Denial of Service in HTTP Digest Authentication (bsc#1216495, CVE-2023-46847)
|
||
+ Denial of Service in FTP (bsc#1216498, CVE-2023-46848)
|
||
+ Fix validation of certificates (bsc#1216803, CVE-2023-46724)
|
||
* Bug 5294: ERR_CANNOT_FORWARD returned instead of ERR_DNS_FAIL
|
||
* Bug 4981: Work around in-call job invalidation bugs
|
||
* basic_smb_lm_auth: fix 'no previous declaration' warnings
|
||
* CacheManager: require /squid-internal-mgr/ URL path prefix
|
||
* ESI: Fix build [-Wsingle-bit-bitfield-constant-conversion]
|
||
* documentation changes
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Sep 19 16:20:19 UTC 2023 - Adam Majer <adam.majer@suse.de>
|
||
|
||
- update to 6.3:
|
||
- Bug 5294: ERR_CANNOT_FORWARD returned instead of ERR_DNS_FAIL
|
||
- Bug 4981: Work around in-call job invalidation bugs
|
||
- basic_smb_lm_auth: fix 'no previous declaration' warnings
|
||
- CacheManager: require /squid-internal-mgr/ URL path prefix
|
||
- ESI: Fix build [-Wsingle-bit-bitfield-constant-conversion]
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Aug 9 07:48:25 UTC 2023 - Paolo Stivanin <info@paolostivanin.com>
|
||
|
||
- update to 6.2:
|
||
* Major UI changes:
|
||
- Remove 8K limit for single access.log line
|
||
- Add tls_key_log to report TLS communication secrets
|
||
* Minor UI changes:
|
||
- Add %transport::>connection_id logformat code
|
||
- Add paranoid_hit_validation directive
|
||
- Report SMP store queues state (mgr:store_queues)
|
||
- Addcache_log_message directive
|
||
* Developer Interest changes:
|
||
- Replaced X-Cache and X-Cache-Lookup headers with Cache-Status
|
||
- Reject HTTP/1.0 requests with unusual framing
|
||
- codespell check added to source maintenance enforcement
|
||
- Streamlined ./configure handling of optional libraries
|
||
- Add –progress option to test-builds.sh
|
||
- Remove layer-00-bootstrap from test script
|
||
- Convert LRU map into a CLP map
|
||
- Remove legacy context-based debugging in favor of CodeContext
|
||
* Removed features:
|
||
- Remove unused cache_diff binary
|
||
- Remove obsolete membanger test
|
||
- Remove deprecated leakfinder (–enable-leakfinder)
|
||
|
||
-------------------------------------------------------------------
|
||
Tue May 9 14:32:34 UTC 2023 - Adam Majer <adam.majer@suse.de>
|
||
|
||
- update to 5.9:
|
||
* Improve reply_body_max_size matching accuracy
|
||
* fix gcc13 warning
|
||
|
||
-------------------------------------------------------------------
|
||
Tue May 2 15:14:15 UTC 2023 - Adam Majer <adam.majer@suse.de>
|
||
|
||
- partial revert of earlier "fix PIDFile"
|
||
- move pidfile back to /run/squid.pid and not in the directory
|
||
owned by squid. The purpose of /run/squid/ is to facilitate
|
||
SMP worker's IPC and not for the PID file. The PID file can
|
||
live just fine in /run since it's written by root. (bsc#1210960)
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Mar 31 08:43:29 UTC 2023 - Dirk Müller <dmueller@suse.com>
|
||
|
||
- update to 5.8:
|
||
* Bug 5162: mgr:index URL do not produce MGR_INDEX template
|
||
* Bug 5241: Block all non-localhost requests by default
|
||
* Bug 5241: Block to-localhost, to-link-local requests by
|
||
default
|
||
* ext_kerberos_ldap_group_acl: Support -b with -D
|
||
* Fix ACL type typo in req_header, rep_header key-changing
|
||
ERRORs
|
||
* ... and several compile fixes
|
||
* ... and some code cleanup and polishing
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Mar 23 14:56:44 UTC 2023 - Martin Liška <mliska@suse.cz>
|
||
|
||
- Enable LTO again as it survives tests now.
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jan 25 09:48:26 UTC 2023 - Thorsten Kukuk <kukuk@suse.com>
|
||
|
||
- Disable NIS auth module (NIS is deprecated and get's currently
|
||
removed)
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Jan 3 08:24:05 UTC 2023 - Stefan Schubert <schubi@suse.com>
|
||
|
||
- Migration of PAM settings to /usr/lib/pam.d.
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Sep 15 10:41:14 UTC 2022 - Stefan Schubert <schubi@suse.com>
|
||
|
||
- Migration to /usr/etc: Saving user changed configuration files
|
||
in /etc and restoring them while an RPM update.
|
||
|
||
-------------------------------------------------------------------
|
||
Sun Sep 11 08:00:04 UTC 2022 - Dirk Müller <dmueller@suse.com>
|
||
|
||
- update to 5.7:
|
||
- Regression Fix: Typo in manager ACL (bsc#1203677, CVE-2022-41317)
|
||
- Bug 5186: noteDestinationsEnd check failed: transportWait
|
||
- Bug 5160: Test suite fails with -flto=auto
|
||
- Bug 3193 pt2: NTLM decoder truncating strings
|
||
(bsc#1203680, CVE-2022-41318)
|
||
- Bug 5133: OpenSSL 3.0 support
|
||
- ext_session_acl: fix TDB key lookup
|
||
- forward_max_tries: Do not count discarded connections
|
||
- ... and many compile and debugging fixes
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Aug 29 08:25:53 UTC 2022 - chris@computersalat.de
|
||
|
||
- fix PIDFile
|
||
* NOT needed in service file
|
||
(squid.service: Can't open PID file /run/squid.pid)
|
||
* placed to tmpfilesdir
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jun 29 11:31:00 UTC 2022 - Stefan Schubert <schubi@suse.com>
|
||
|
||
- Moved logrotate files from user specific directory /etc/logrotate.d
|
||
to vendor specific directory /usr/etc/logrotate.d.
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Jun 24 09:26:49 UTC 2022 - Adam Majer <adam.majer@suse.de>
|
||
|
||
- Update to 5.6:
|
||
* Improve handling of Gopher responses (bsc#1200907, CVE-2021-46784)
|
||
|
||
- Changes in 5.5:
|
||
* fixes regression Bug 5192: esi_parser default is incorrect
|
||
* Bug 5177: clientca certificates sent to https_port clients
|
||
* Bug 5090: Must(!request->pinnedConnection()) violation
|
||
* Kid restart leads to persistent queue overflows, delays/timeouts
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Mar 31 14:24:59 UTC 2022 - Adam Majer <adam.majer@suse.de>
|
||
|
||
- Do not try to set special permissions for basic_pam_auth (bsc#1197649)
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Mar 29 10:48:38 UTC 2022 - Adam Majer <adam.majer@suse.de>
|
||
|
||
- Fix upgrade path from squid 4.x where we replaced some symlinks
|
||
with directories in pretrans section (bsc#1197333)
|
||
- old_nettle_compat.patch: refresh patch
|
||
|
||
-------------------------------------------------------------------
|
||
Sat Feb 26 11:29:47 UTC 2022 - Andreas Stieger <andreas.stieger@gmx.de>
|
||
|
||
- Update to 5.4.1:
|
||
* Bug 5055: FATAL FwdState::noteDestinationsEnd exception: opening
|
||
* code clean-ups and developer visible changes
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Feb 8 09:55:02 UTC 2022 - Paolo Stivanin <info@paolostivanin.com>
|
||
|
||
- Update to 5.4:
|
||
* Bug 5190: Preserve configured order of intermediate CA certificate chain
|
||
* Bug 5188: Fix reconfiguration leaking tls-cert=... memory
|
||
* Bug 5187: Properly track (and mark) truncated store entries
|
||
* Bug 5134: assertion failed: Transients.cc:221: "old == e"
|
||
* Bug 5132: Close the tunnel if to-server conn closes after client
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Dec 22 14:03:32 UTC 2021 - Martin Pluskal <mpluskal@suse.com>
|
||
|
||
- Adjust harden_squid.service.patch to resolve boo#1193938
|
||
|
||
-------------------------------------------------------------------
|
||
Sat Dec 11 09:36:41 UTC 2021 - Dirk Müller <dmueller@suse.com>
|
||
|
||
- update to 5.3:
|
||
* Bug 5169: StoreMap.cc:517 "!s.reading()" assertion
|
||
* Bug 5158: AnyP::Uri::host() mishandles [escaped] IPv6 addresses
|
||
* Bug 5060: Parallel builds are not reliable
|
||
* Documentation updates for logformat directive
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Nov 23 15:20:27 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
|
||
|
||
- Added hardening to systemd service(s) (bsc#1181400). Added patch(es):
|
||
* harden_squid.service.patch
|
||
Modified:
|
||
* squid.service
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Oct 4 13:19:48 UTC 2021 - Adam Majer <adam.majer@suse.de>
|
||
|
||
- transition to squid 5.x. This is a major release and for changes
|
||
and how to transition from 4.x, see the release notes,
|
||
http://www.squid-cache.org/Versions/v5/RELEASENOTES.html
|
||
- update to 5.2
|
||
* fixes issues with WCCP protocol that may lead to information
|
||
disclosure (bsc#1189403, CVE-2021-28116)
|
||
|
||
- drop unused BR: db-devel, ed, opensp-devel, pkgconfig(kdb)
|
||
- new BR: pkgconfig(tdb)
|
||
|
||
-------------------------------------------------------------------
|
||
Sun Aug 1 09:20:03 UTC 2021 - Dirk Müller <dmueller@suse.com>
|
||
|
||
- update to 4.16:
|
||
- Regression Fix: --with-valgrind-debug build broken since 4.15
|
||
- Bug 5129 pt1: remove Lock use from HttpRequestMethod
|
||
- Bug 5128: Translation: Fix '% i' typo in es/ERR_FORWARDING_DENIED
|
||
- Bug 4528: ICAP transactions quit on async DNS lookups
|
||
|
||
-------------------------------------------------------------------
|
||
Tue May 18 09:43:49 UTC 2021 - Adam Majer <adam.majer@suse.de>
|
||
|
||
- fix building with SLE12
|
||
|
||
-------------------------------------------------------------------
|
||
Tue May 11 21:54:04 UTC 2021 - Dirk Müller <dmueller@suse.com>
|
||
|
||
- update to 4.15:
|
||
- Bug 5112: Excessively loud chunked reply parsing error reporting
|
||
- Bug 5106: Broken cache manager URL parsing (bsc#1185918, CVE-2021-28652)
|
||
- Bug 5104: Memory leak in RFC 2169 response parsing
|
||
(bsc#1185921, CVE-2021-28651)
|
||
- Bug 3556: "FD ... is not an open socket" for accept() problems
|
||
- Profiling: CPU timing implemented for MAC non-x86
|
||
- Fix HttpHeaderStats definition to include hoErrorDetail
|
||
- Fix Squid-to-client write_timeout triggers client_lifetime timeout
|
||
- Limit HeaderLookupTable_t::lookup() to BadHdr and specific IDs
|
||
(bsc#1185919, CVE-2021-28662)
|
||
- Handle more Range requests (bsc#1185916, CVE-2021-31806)
|
||
- Handle more partial responses (bsc#1185923, bsc#1186654, CVE-2021-33620)
|
||
- Stop processing a response if the Store entry is gone
|
||
- ... and some portability fixes
|
||
- ... and some documentation updates
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Feb 9 22:55:15 UTC 2021 - Dirk Müller <dmueller@suse.com>
|
||
|
||
- update to 4.14:
|
||
- fixes HTTP Request Smuggling vulnerability (bsc#1183436, CVE-2020-25097)
|
||
- Regression Fix: support for non-lowercase Transfer-Encoding value
|
||
- Regression Fix: cachemgr.cgi wrong 403 response to authenticated menu URIs
|
||
- Bug 5076: WCCP Security Info incorrect
|
||
- Bug 5073: Compile error: index was not declared in this scope
|
||
- Bug 5065: url_rewrite_program documentation update
|
||
- Bug 3074 pt2: improved handling of URI paths implicit '/'
|
||
- Fix transactions exceeding client_lifetime logged as _ABORTED
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Nov 2 10:34:59 UTC 2020 - Adam Majer <adam.majer@suse.de>
|
||
|
||
- re-add older SLES12 requirements so we can use one devel project
|
||
for all codestreams
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Oct 30 11:52:08 UTC 2020 - Matthias Gerstner <matthias.gerstner@suse.com>
|
||
|
||
- fix previous change to reinstante permissions macros, because the wrong path
|
||
has been used (bsc#1171569).
|
||
- use libexecdir instead of libdir to conform to recent changes in Factory
|
||
(bsc#1171164).
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Oct 8 11:01:44 UTC 2020 - Matthias Gerstner <matthias.gerstner@suse.com>
|
||
|
||
- Reinstate permissions macros for pinger binary, because the permissions
|
||
package is also responsible for setting up the cap_net_raw capability,
|
||
currently a fresh squid install doesn't get a capability bit at all
|
||
(bsc#1171569).
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Aug 24 11:38:09 UTC 2020 - Adam Majer <adam.majer@suse.de>
|
||
|
||
- squid 4.13:
|
||
* Enforce token characters for field-name (#700)
|
||
* Fix livelocking in peerDigestHandleReply (#698)
|
||
(bsc#1175671, CVE-2020-24606)
|
||
* Improve Transfer-Encoding handling (#702)
|
||
(bsc#1175665, CVE-2020-15811)
|
||
* Forbid obs-fold and bare CR whitespace in framing header fields (#701)
|
||
* Source Format Enforcement
|
||
* Enforce token characters for field-name (#700)
|
||
(bsc#1175664, CVE-2020-15810)
|
||
* Do not stall while debugging a scan of an empty store_table (#699)
|
||
* Fix livelocking in peerDigestHandleReply (#698)
|
||
* Honor on_unsupported_protocol for intercepted https_port (#689)
|
||
* Bug #5051: Some collapsed revalidation responses never expire (#683)
|
||
* SslBump: Support parsing GREASEd (and future) TLS handshakes (#663)
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Jul 24 15:03:53 UTC 2020 - Adam Majer <adam.majer@suse.de>
|
||
|
||
- Change pinger and basic_pam_auth helper to use standard permissions.
|
||
pinger uses cap_net_raw=ep instead (bsc#1171569)
|
||
- Move squid helpers under /usr/lib{,64}/squid for Tumbleweed and SLE16
|
||
Please adjust your config paths accordingly
|
||
|
||
-------------------------------------------------------------------
|
||
Sun Jun 21 05:28:33 UTC 2020 - Andreas Stieger <andreas.stieger@gmx.de>
|
||
|
||
- squid 4.12:
|
||
* Fixes a potential Denial of Service when processing TLS certificates
|
||
during HTTPS or SSL-Bump connections (CVE-2020-14059, bsc#1173304)
|
||
* Regression Fix: Revert to slow search for new SMP shm pages
|
||
* Fix Negative responses are never cached
|
||
* HTTP: validate Content-Length value prefix (CVE-2020-15049, bsc#1173455)
|
||
* HTTP: add flexible RFC 3986 URI encoder
|
||
* Fix stall if transaction overwrites a recently active cache
|
||
entry
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Apr 23 13:02:37 UTC 2020 - Adam Majer <adam.majer@suse.de>
|
||
|
||
- Update to squid 4.11:
|
||
* Fix incorrect buffer handling that can result in cache
|
||
poisoning, remote execution, and denial of service attacks when
|
||
processing ESI responses
|
||
(CVE-2019-12519, CVE-2019-12521, bsc#1169659)
|
||
* Fixes possible information disclosure when translating
|
||
FTP server listings into HTTP responses.
|
||
(CVE-2019-12528, bsc#1162689)
|
||
* Fixes possible denial of service caused by incorrect buffer
|
||
management ext_lm_group_acl when processing NTLM Authentication
|
||
credentials. (CVE-2020-8517, bsc#1162691)
|
||
* Fixes a potential remote execution vulnerability when using
|
||
HTTP Digest Authentication (CVE-2020-11945, bsc#1170313)
|
||
* Fixes problem when reconfigure killed Coordinator in
|
||
SMP+ufs configurations (#556)
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Apr 20 10:24:46 UTC 2020 - Thorsten Kukuk <kukuk@suse.com>
|
||
|
||
- Make logrotate recommended, it's not strictly required and
|
||
doesn't make any sense in containers
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Feb 18 15:46:02 CET 2020 - kukuk@suse.de
|
||
|
||
- Use sysusers instead of shadow to create squid user and groups
|
||
- Don't hard require systemd
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Feb 5 09:57:59 UTC 2020 - Adam Majer <adam.majer@suse.de>
|
||
|
||
- Update to squid 4.10:
|
||
* fixes a security issue allowing a remote client ability to cause
|
||
use a buffer overflow when squid is acting as reverse-proxy.
|
||
(CVE-2020-8449, CVE-2020-8450, bsc#1162687)
|
||
* fixes a security issue allowing for information disclosure in
|
||
FTP gateway (CVE-2019-12528, bsc#1162689)
|
||
* fixes a security issue in ext_lm_group_acl when processing
|
||
NTLM Authentication credentials. (CVE-2020-8517, bsc#1162691)
|
||
* improve cache handling with chunked responses
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Nov 8 15:24:15 UTC 2019 - Adam Majer <adam.majer@suse.de>
|
||
|
||
- Update to squid 4.9:
|
||
* fixes multiple Cross-Site Scripting issues in cachemgr.cgi
|
||
(CVE-2019-13345, bsc#1140738)
|
||
* fixes heap overflow in URN processing
|
||
(CVE-2019-12526, bsc#1156326)
|
||
* fixes multiple issues in URI processing
|
||
(CVE-2019-12523, CVE-2019-18676, bsc#1156329)
|
||
* fixes Cross-Site Request Forgery in HTTP Request processing
|
||
(CVE-2019-18677, bsc#1156328)
|
||
* fixes HTTP Request Splitting in HTTP message processing
|
||
(CVE-2019-18678, bsc#1156323)
|
||
* fixes information disclosure in HTTP Digest Authentication
|
||
(CVE-2019-18679, bsc#1156324)
|
||
* lower cache_peer hostname - this showed up as DNS failures
|
||
if peer name was configured with any upper case characters
|
||
* TLS: Multiple SSL-Bump fixes
|
||
* TLS: Fix expiration of self-signed generated certs to be 3 years
|
||
* TLS: Fix on_unsupported_protocol tunnel action
|
||
* Fix several rock cache_dir corruption issues
|
||
* fixes handling of invalid domain names in cachemgr.cgi
|
||
(CVE-2019-18860, bsc#1167373)
|
||
|
||
- fix_configuration_error.patch: upstreamed
|
||
- old_nettle_compat.patch: refreshed
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Aug 6 13:05:58 UTC 2019 - Adam Majer <adam.majer@suse.de>
|
||
|
||
- fix_configuration_error.patch: Fix compilation with -Wreturn-type
|
||
- old_nettle_compat.patch: Update to actually use older version
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Jul 18 14:11:28 UTC 2019 - Adam Majer <adam.majer@suse.de>
|
||
|
||
- old_nettle_compat.patch: Fix compatibility with nettle in SLE-12
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Jul 15 14:58:13 UTC 2019 - Adam Majer <adam.majer@suse.de>
|
||
|
||
- Update to squid 4.8:
|
||
+ Ignore ECONNABORTED in accept(2)
|
||
+ RFC 7230 forbids generation of userinfo subcomponent of https URL
|
||
+ cachemgr.cgi: unallocated memory access resulting in a potential
|
||
denial of service. (bsc#1141442, CVE-2019-12854)
|
||
+ terminating c-strings beyond BASE64_DECODE_LENGTH
|
||
+ Replace uudecode with libnettle base64 decoder fixing a denial
|
||
of service vulnerability (bsc#1141329, CVE-2019-12529)
|
||
+ fix to_localhost does not include ::
|
||
+ Fix GCC-9 build issues
|
||
+ Fix Digest auth parameter parsing preventing a potential
|
||
denial of service (bsc#1141332, CVE-2019-12525)
|
||
+ Update HttpHeader::getAuth to SBuf which prevents a potential
|
||
heap overflowing allowing a possible remote code execution
|
||
attack when processing HTTP Authentication credentials
|
||
(bsc#1141330, CVE-2019-12527)
|
||
+ Add the NO_TLSv1_3 option to available tls-options values
|
||
+ Fix handling of tiny invalid responses
|
||
+ Fix Memory leak when http_reply_access uses external_acl
|
||
+ Fix Multiple XSS issues in cachemgr.cgi
|
||
(bsc#1140738, CVE-2019-13345)
|
||
- use unbundled version of libnettle
|
||
- disable LTO as a workaround to tests failing
|
||
|
||
-------------------------------------------------------------------
|
||
Wed May 8 10:41:22 UTC 2019 - Adam Majer <adam.majer@suse.de>
|
||
|
||
- Update to squid 4.7: (jsc#SLE-5648)
|
||
+ Fix stack-based buffer-overflow when parsing SNMP messages
|
||
+ Fixed squidclient authentication
|
||
+ Add support for buffer-size= to UDP logging
|
||
+ Trust intermediate CAs from trusted stores
|
||
+ Bug #4928: Cannot convert non-IPv4 to IPv4
|
||
+ Bug #4796: comm.cc !isOpen(conn->fd) assertion when rotating logs
|
||
+ Bug #4823: assertion failed: "lowestOffset () <= target_offset"
|
||
(bsc#1133089)
|
||
+ Bug #4942: --with-filedescriptors does not do anything
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Feb 26 15:53:50 UTC 2019 - adam.majer@suse.de
|
||
|
||
- Syncronize bug and CVE references between 3.x and 4.x squid changelog
|
||
versions. These bugs were fixed here either without properly referencing
|
||
them during the fix or 4.x branch was never affected by them.
|
||
(bsc#1090089, CVE-2018-1172, bsc#979008, CVE-2016-4556,
|
||
bsc#938715, CVE-2015-5400, bsc#949942, CVE-2014-9749,
|
||
bsc#1016169, CVE-2016-10003, bsc#1016168, CVE-2016-10002,
|
||
bsc#979011, CVE-2016-4555, bsc#979010, CVE-2016-4554,
|
||
bsc#979009, CVE-2016-4553, bsc#976556, CVE-2016-4054,
|
||
bsc#976553, CVE-2016-4051, bsc#973783, CVE-2016-3948,
|
||
bsc#973782, CVE-2016-3947, bsc#968395, CVE-2016-2572,
|
||
bsc#968394, CVE-2016-2571, bsc#968393, CVE-2016-2570,
|
||
bsc#968392, CVE-2016-2569, bsc#967011, CVE-2016-2390,
|
||
bsc#959290, CVE-2016-4052, CVE-2016-4053,
|
||
bsc#1029157, bsc#1024020, bsc#998595, fate#319674)
|
||
|
||
-------------------------------------------------------------------
|
||
Sat Feb 23 06:37:31 UTC 2019 - seanlew@opensuse.org
|
||
|
||
- Update to squid 4.6:
|
||
+ master commit b599471 leaks memory (#4919)
|
||
+ SourceFormat Enforcement (#367)
|
||
+ Detect IPv6 loopack binding errors (#355)
|
||
+ Do not call setsid() in --foreground mode (#354)
|
||
+ Fail Rock swapout if the disk dropped write reqs (#352)
|
||
+ Initialize StoreMapSlice when reserving a new cache slot (#350)
|
||
+ Fixed disker-to-worker queue overflows (#353)
|
||
+ Fix OpenSSL builds that define OPENSSL_NO_ENGINE (#349)
|
||
+ Fix BodyPipe/Sink memory leaks associated with auto-consumption
|
||
+ Exit when GoIntoBackground() fork() call fails (#344)
|
||
+ GCC-8 compile errors with -O3 optimization (#4875)
|
||
+ Initial translations to ka/georgian language (#345)
|
||
+ basic_ldap_auth: Return BH on internal errors (#347)
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Feb 18 10:03:23 UTC 2019 - adam.majer@suse.de
|
||
|
||
- Revert whitespace deletions of .changes as it makes diffs a pain.
|
||
|
||
-------------------------------------------------------------------
|
||
Sat Feb 16 00:19:25 UTC 2019 - Jan Engelhardt <jengelh@inai.de>
|
||
|
||
- Do not hide errors from useradd. Make scriptlets
|
||
plain sh compatible.
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jan 02 05:45:03 UTC 2019 - sean@suspend.net
|
||
|
||
- Update to squid 4.5:
|
||
+ Squid crashes when ICAPS and a sslcrtvalidator used together (#328)
|
||
+ ssl_bump prevents from accessing some web contents (#304)
|
||
+ Docs: improved lexgrog compatibility (#340)
|
||
+ Redesign forward_max_tries count TCP connection attempts
|
||
+ Fix client_connection_mark ACL handling of clientless transactions
|
||
+ Fix netdb exchange with a TLS cache peer
|
||
+ Update netdb when tunneling requests
|
||
+ Use pkg-config for detecting libxml2
|
||
+ Misc doc updates
|
||
+ Misc code compile fixes
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Nov 9 13:13:37 UTC 2018 - adam.majer@suse.de
|
||
|
||
- Fix permissions of installed file to tmpfilesdir
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Oct 29 10:26:08 UTC 2018 - adam.majer@suse.de
|
||
|
||
- New upstream stable version 4.4:
|
||
+ Fix memory leak when parsing SNMP packet
|
||
(bsc#1113669, CVE-2018-19132)
|
||
+ Fixed display of error page by quoting certificate fields
|
||
before displaying them (bsc#1113668, CVE-2018-19131)
|
||
+ Malformed %>ru URIs for CONNECT requests
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Oct 23 09:20:12 UTC 2018 - adam.majer@suse.de
|
||
|
||
- Create runtime directories needed when SMP mode is enabled.
|
||
(bsc#1112695, bsc#1112066)
|
||
- Make changelog entries format consistent
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Oct 4 07:36:49 UTC 2018 - Martin Pluskal <mpluskal@suse.com>
|
||
|
||
- Correct changelog
|
||
- Enable tests
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Oct 02 10:16:22 UTC 2018 - sean@suspend.net
|
||
|
||
- New upstream stable version 4.3:
|
||
+ Bug 4885: Excessive memory usage when running out of descriptors
|
||
+ Bug 4877: Add missing text about external_acl_type %DATA changes
|
||
+ Bug 4875 pt1: GCC-8 compile errors with -O3 optimization
|
||
+ Bug 4716: Blank lines in cachemgr.conf are not skipped
|
||
+ Bug 4691: balance_on_multiple_ip config option docs
|
||
+ basic_pop3_auth: fix startup errors
|
||
+ langpack: Add missing dialect aliases
|
||
+ Fix range_offset_limit debugging
|
||
+ Fix icc build errors
|
||
+ Update systemd dependencies in squid.service
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Aug 13 07:30:05 UTC 2018 - adam.majer@suse.de
|
||
|
||
- New upstream stable version 4.2:
|
||
+ fix HTTPMSGLOCK missing pointer safety
|
||
+ gcc-8 fixes
|
||
+ fix milliseconds logformats prepend 0s instead of spaces
|
||
+ fix %>ru logging of huge URLs
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Jul 5 15:30:07 UTC 2018 - adam.majer@suse.de
|
||
|
||
- New upstream stable version 4.1:
|
||
+ Fix --with-netfilter-conntrack error message
|
||
+ Supply ALE for force_request_body_continuation ACL
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Jun 18 13:04:17 UTC 2018 - adam.majer@suse.de
|
||
|
||
- New upstream version 4.0.25:
|
||
+ Fixed regression: querying private entries for HTCP/ICP
|
||
+ Fixed regression: deny_info %R macro not being expanded
|
||
+ Fixed regression: proxy_auth ACL -i/+i flags not working
|
||
+ Fixed regression: filter chain certificates for validity
|
||
when loading
|
||
+ Fixed regression: Transient reader locking broken in 4.0.24
|
||
+ Fixed NegotiateSsl crash on aborting transaction
|
||
+ Fixed IPC shared memory leaks when disker queue overflows
|
||
+ Update negotiate_kerberos_auth helper protocol to v3.4
|
||
+ Fixed: purge tool does not obey --sysconfdir= build option
|
||
+ Add timestamps to (most) FATAL messages
|
||
- a3f6783.patch: upstreamed, obsolete.
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jun 6 13:52:01 UTC 2018 - adam.majer@suse.de
|
||
|
||
- a3f6783.patch: Fixes certificate handling with intermediates
|
||
chains
|
||
|
||
-------------------------------------------------------------------
|
||
Tue May 15 07:43:44 UTC 2018 - adam.majer@suse.de
|
||
|
||
- Fix package configure
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Mar 28 09:01:14 UTC 2018 - adam.majer@suse.de
|
||
|
||
- New upstream version 4.0.24
|
||
+ Bug 4505: SMP caches sometimes do not purge entries
|
||
+ TPROXY: Fix clientside_mark and client port logging
|
||
+ Native FTP: Fix "Cannot assign requested address" with TPROXY
|
||
+ SSL-Bump: Fix authentication with types other than Basic
|
||
+ ... and some documentation fixes
|
||
- install license correctly (bsc#1082318) and transition to SPDXv3
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Feb 19 08:08:14 UTC 2018 - adam.majer@suse.de
|
||
|
||
- Spec file cleanup:
|
||
+ Drop unused fillup template - it's not used by systemd script
|
||
+ Drop %pretrans section which is only used to upgrade from
|
||
version 3.4 of squid - no supported codestream has that version.
|
||
+ Drop explicit BR: on systemd-rpm-macros
|
||
- Update squid.service systemd file
|
||
+ Don't need to use squid to manage squid anymore
|
||
+ Drop references to default config file, since it's default
|
||
- Drop reference to nonexistent EnvironmentFile in the service file
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Jan 29 10:36:36 UTC 2018 - adam.majer@suse.de
|
||
|
||
- Change default error pages symlink from German to English.
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Jan 22 12:48:24 UTC 2018 - adam.majer@suse.de
|
||
|
||
- Update Squid to 4.0.23
|
||
* fixes DoS caused by incorrect pointer handling when processing
|
||
ESI responses. This affects the default custom esi_parser
|
||
(libxml2 and expat esi_parsers are unaffected)
|
||
(bnc#1077003, CVE-2018-1000024)
|
||
* fixes DoS caused by incorrect pointer handing whien processing
|
||
ESI responses or downloading intermediate CA certificates
|
||
(bnc#1077006, CVE-2018-1000027)
|
||
* fixes "User names not sent to url_rewrite_program"
|
||
* fixes %<Hs, %<pt, %<tt, %<bs calculation bugs for error responses
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Jan 9 17:06:14 UTC 2018 - mpluskal@suse.com
|
||
|
||
- Update download url
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Jan 8 12:21:51 UTC 2018 - adam.majer@suse.de
|
||
|
||
- Update Squid to 4.0.22 (fate#324583, bnc#1073089)
|
||
* re-enable building with default openssl-devel
|
||
* Helper changes since 3.5.27:
|
||
+ basic_msnt_multi_domain_auth removed - basic_smb_lm_auth
|
||
helper performs the same functionality
|
||
+ cert_valid.pl testing helper renamed to
|
||
security_fake_certverify
|
||
+ ssl_crtd renamed to security_file_certgen
|
||
For complete set of release notes and changes since squid 3.5 see
|
||
http://www.squid-cache.org/Versions/v4/squid-4.0.22-RELEASENOTES.html
|
||
|
||
- Updated squid.keyring using current keyring file from upstream
|
||
- missing_installs.patch: install manpages for installed helpers
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Dec 4 12:31:44 UTC 2017 - adam.majer@suse.de
|
||
|
||
- Explicitly BuildRequire libopenssl-1_0_0-devel until
|
||
OpenSSL 1.1.x support can be ported.
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Nov 23 13:47:31 UTC 2017 - rbrown@suse.com
|
||
|
||
- Replace references to /var/adm/fillup-templates with new
|
||
%_fillupdir macro (boo#1069468)
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Oct 9 15:57:54 UTC 2017 - dimstar@opensuse.org
|
||
|
||
- libnsl-devel is required from suse_version 1330 on (not only
|
||
1500+).
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Sep 21 12:01:50 UTC 2017 - adam.majer@suse.de
|
||
|
||
- Add missing build dependency on libnsl-devel for Factory.
|
||
libnsl was split from glibc
|
||
- Update Squid to 3.5.27
|
||
* bug fix release - for complete list of changes see
|
||
http://www.squid-cache.org/Versions/v3/3.5/changesets/
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Jul 27 06:54:01 UTC 2017 - brassh@web.de
|
||
|
||
- Enable compiling of time_quota extension
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jul 5 20:00:49 UTC 2017 - jengelh@inai.de
|
||
|
||
- Update description from webpage.
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Jun 19 08:20:52 UTC 2017 - mpluskal@suse.com
|
||
|
||
- Packaging cleanup
|
||
- Dropped:
|
||
* squid-brokenad.patch
|
||
* squid-config.patch
|
||
* squid.init squid.init.rh
|
||
* squid-old-kerberos.patch
|
||
* squid-rpmlintrc
|
||
- Update description and url
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jun 14 08:54:53 UTC 2017 - adam.majer@suse.de
|
||
|
||
- Update Squid to 3.5.26
|
||
* SubjectAlternativeNames missing in some generated certificates
|
||
Previous releases of Squid were not able to generate valid
|
||
mimic certificates from AltName server certificate field only.
|
||
* Fix ignoring http_access deny with client-first bumping mode
|
||
* ssl_crtd: now returns non-zero on failure
|
||
* Fix FTP directory listings display issues
|
||
* OpenSSL support better compliance with license requirements
|
||
This release of Squid will now include the required OpenSSL
|
||
advertisement on builds -v output where features are displayed.
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Apr 10 09:50:21 UTC 2017 - adam.majer@suse.de
|
||
|
||
- Update Squid to 3.5.25
|
||
* Fix host forgery stalls intercepted being-spliced connections
|
||
* Native FTP relay fixes, now able to cope with active-mode
|
||
FTP DATA connections when intercepting FTP traffic.
|
||
* SSL Bump client fixes. Error responses for issues encountered
|
||
early in the TLS/SSL handling being sent to clients unencrypted
|
||
when Squid should have bumped and delivered them encrypted.
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Mar 22 14:28:05 UTC 2017 - adam.majer@suse.de
|
||
|
||
- initialize_cache_if_needed.sh, squid_dir.sed: Initialize cache
|
||
directory on startup if it is missing. Move scripts out of
|
||
systemd service file and into individual files. (bnc#1030421)
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Jan 30 09:33:08 UTC 2017 - adam.majer@suse.de
|
||
|
||
- Update Squid to 3.5.24
|
||
* Mitigate DoS attacks that use client-initiated SSL/TLS
|
||
renegotiation. Rate limit TLS renegotiation.
|
||
* SSLv2 records force SslBump bumping despite a matching step2
|
||
peek rule.
|
||
* Update External ACL helpers error handling and caching
|
||
* Fix regression in 3.5.23 where `cache deny` rule was not
|
||
obeyed.
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Jan 27 15:15:15 UTC 2017 - adam.majer@suse.de
|
||
|
||
- Update Squid to 3.5.23
|
||
* Do not share private responses with collapsed client(s).
|
||
(CVE-2016-10003)
|
||
* Fixes incorrect processing of responses to If-None-Modified
|
||
HTTP conditional requests. (CVE-2016-10002)
|
||
* partially fix hostHeaderVerify failures MISS when they should
|
||
be HIT
|
||
* HTTP/1.1: Add registered codes entry for new 103 (Early Hints)
|
||
status code
|
||
* Hang on DNS query with dead-end CNAME
|
||
* partial: Fix segfault via Ftp::Client::readControlReply
|
||
* Fix ssl::server_name ACL - was badly broken since inception.
|
||
* HTTP/1.1: make Vary:* objects cacheable
|
||
* fix Strange IPv6 shown in access.log
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Oct 12 14:51:59 UTC 2016 - adam.majer@suse.de
|
||
|
||
- Update Squid to 3.5.22
|
||
* HTTP: MUST ignore a [revalidation] response with an older Date
|
||
header.
|
||
* Optimized/simplified buffering: Appending nothing is always
|
||
possible.
|
||
* Avoid segfaults when debugging section 4 at level 9.
|
||
* fix #4302 pt2: IPFilter v5 transparent interception
|
||
* Bug #4471: revalidation doesn't work when expired cached
|
||
object lacks Last-Modified.
|
||
* Bug #2833: Collapse internal revalidation requests
|
||
(SMP-unaware caches)
|
||
* Bug #3819: "fd >= 0" assertion in file_write() during
|
||
reconfiguration
|
||
* Do not leak url_rewrite_extras and store_id_extras on
|
||
reconfigure/shutdown.
|
||
* Fix potential ICAP null pointer dereference after rev.14082
|
||
* Fix logged request size (%http::>st) and other size-related
|
||
%codes.
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Sep 13 15:32:34 UTC 2016 - adam.majer@suse.de
|
||
|
||
- Merge changes from SLE12 SP2 so we have identical packages
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Sep 12 09:57:30 UTC 2016 - adam.majer@suse.de
|
||
|
||
- Update Squid to 3.5.21
|
||
* fix assertion failure in xcalloc when using many cache_dir
|
||
Squid is documented as supporting up to 64 cache directories,
|
||
but would crash with a memory allocation error if more than
|
||
a few were actually configured.
|
||
* fix authentication credentials IP TTL updated incorrectly
|
||
This bug caused error in max_user_ip ACL accounting to allow
|
||
clients to shift IP address more times than configured.
|
||
Fix may have an effect on IPv6 clients using "proviacy adressing"
|
||
to rotate IPs.
|
||
* fix mal-formed Cache-Control:stale-if-error header
|
||
This bug shows up as incorrect stale-if-error values being
|
||
relayed by Squid breaking the use of this feature in the
|
||
recipients. Squid now relays the header values correctly.
|
||
* fix Proxy-Authenticate problem using ICAP server
|
||
With this change Squid now treats the ICAP REQMOD adaptation
|
||
point as a part of itself with regards to proxy authentication.
|
||
The Proxy-Authentication header received from the client is
|
||
delivered as part of the HTTP request headers in expectation
|
||
that the ICAP service may authenticate and/or
|
||
produce 407 response itself.
|
||
* fix HTTP: MUST always revalidate Cache-Control:no-cache responses
|
||
This bug shows up as Squid not revalidating some responses until
|
||
they became stale according to refresh_pattern heuristic rules
|
||
(specifically the minimum caching age). Squid now revalidates
|
||
these objects on every request.
|
||
* fix HTTP: do not allow Proxy-Connection to override Connection
|
||
* fix SSL CN wildcard must only match a single domain fragment
|
||
This bug shows up as incorrect matching (or non-matching) of the
|
||
ss::server_name ACL against TLS certificate values. Squid now
|
||
treats the certificate CN fields according to X.509 domain
|
||
matching requirements instead of HTTP domain matching
|
||
requirements.
|
||
- squid-brokenad.patch
|
||
* propertly capitalize option name
|
||
* make the conditional if() not a riddle
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Jul 18 08:05:42 UTC 2016 - adam.majer@suse.de
|
||
|
||
- Remove no-op option from configure
|
||
--enable-ntlm-fail-open has been removed more than 4 years ago in
|
||
squid 3.3.0.1 and apparently it wasn't useful for 10 years prior
|
||
to that already
|
||
http://www.squid-cache.org/mail-archive/squid-dev/201207/0072.html
|
||
|
||
-------------------------------------------------------------------
|
||
Sun Jul 10 07:49:53 UTC 2016 - mpluskal@suse.com
|
||
|
||
- Update to version 3.5.20:
|
||
* Assertion failed: Write.cc:38: "fd_table[conn->fd].flags.open"
|
||
* Bug #4523: smblib compile fails on NetBSD
|
||
* Do not make bogus recvmsg(2) calls when closing UDS sockets.
|
||
* Fix SEGFAULT parsing malformed adaptation service configuration
|
||
* Fixed ConnStateData::In::maybeMakeSpaceAvailable() logic.
|
||
* Bug #3579: assertion failed 'MemPools[type]' from dst_as ACL
|
||
* SourceFormat Enforcement
|
||
* Do not allow low-level debugging to hide important/critical
|
||
messages.
|
||
* Bug #4485: off-by-one out-of-bounds Parser::Tokenizer::int64()
|
||
read errors
|
||
* Increase debug level in a peek-and-splice related debug message
|
||
* Fix icons loading speed.
|
||
* Fix OpenSSL detection on FreeBSD
|
||
* Do not override user defined -std option
|
||
* SourceFormat Enforcement
|
||
* Support unified EUI format code in external_acl_type
|
||
|
||
-------------------------------------------------------------------
|
||
Mon May 9 08:50:11 UTC 2016 - hpj@urpla.net
|
||
|
||
- Update to 3.5.19
|
||
* Regression Bug 4515: interception proxy hangs
|
||
- Update to 3.5.18
|
||
* Bug 4510: stale comment about 32KB limit on shared memory cache
|
||
entries
|
||
* Bug 4509: EUI compile error on NetBSD
|
||
* Bug 4501: HTTP/1.1: normalize Host header
|
||
* Bug 4498: URL-unescape the login-info after extraction from URI
|
||
* Bug 4455: SegFault from ESIInclude::Start
|
||
* Prevent Squid forcing -b 2048 into the arguments for
|
||
sslcrtd_program
|
||
* Fix TLS/SSL server handshake alert handling
|
||
|
||
-------------------------------------------------------------------
|
||
Thu May 5 10:56:34 UTC 2016 - hpj@urpla.net
|
||
|
||
- Update to 3.5.17
|
||
* Regression Bug 4480: logformat [.width_max]
|
||
* Regression Bug 4481: varyEvaluateMatch: Oops. Not a Vary match
|
||
on second attempt
|
||
* Bug 4495: Unknown SSL option SSL_OP_NO_TICKET
|
||
* Bug 4493: theObject->sharedMemorySize() == theSegment.size()
|
||
exception
|
||
* Bug 4483: ./configure garbles -Og option in CFLAGS
|
||
* Bug 4482: Solaris GCC 5.2 warning in src/ip/Intercept.cc
|
||
* Bug 4468: NotNode (!acl) naming: Terminate the name before
|
||
strncat(name).
|
||
* Bug 4465: Header forgery detection leads to crash
|
||
* Bug 2460 partial: workaround deferred reads on shutdown and
|
||
restart
|
||
* cachemgr.cgi: use dynamic MemBuf for internal content
|
||
generation
|
||
* ESI: Fix several element construction issues
|
||
* TLS: Fix Handshake Error: ccs received early
|
||
* TLS: Add chained and signing cert to peek-then-bumped
|
||
connections
|
||
* Fix some startup/shutdown crashes
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Apr 4 07:19:58 UTC 2016 - mpluskal@suse.com
|
||
|
||
- Update to 3.5.16 (boo#973771)
|
||
* Bug 4476: Removed duplicated #include lines
|
||
* Bug 4452: squid -z segfaults with ufs
|
||
* Bug 4447:FwdState.cc:447 "serverConnection() == conn" assertion
|
||
* Bug 4423: adding stdio: prefix to cache_log directive produces
|
||
FATAL error
|
||
* Bug 4409: compile error when two Heimdal libraries are
|
||
installed
|
||
* Bug 2831: Cache-control: max-age not sent on TCP_IMS_HIT/304
|
||
* pinger: Fix buffer overflow in Icmp6::Recv
|
||
* pinger: Fix select(2) to actually use max_fd
|
||
* pinger: drop capabilities on Linux
|
||
* Fix memory leak of HttpRequest objects
|
||
* Fix memory leak when the cache of sslcrtvalidator_program is
|
||
disabled via ttl=0
|
||
* Fix assertion failed: Write.cc:41: "!ccb->active()"
|
||
* Fix crash on shutdown while cleaning up idle ICAP connections
|
||
* RFC 7725: Add registry entry for 451 status text
|
||
* ... and some build issues
|
||
- Refresh all patches
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Mar 7 13:47:55 UTC 2016 - chris@computersalat.de
|
||
|
||
- Changes to squid-3.5.15 (23 Feb 2016):
|
||
* Bug 3870: assertion failed: String.cc: 'len_ + len <65536' in ESI::CustomParser
|
||
* Fix multiple assertion on String overflows
|
||
* Fix unit test errors on MacOS
|
||
* Better handling of huge response headers. Fewer incorrect "Bug #3279" messages.
|
||
* Log noise reduction for eCAP
|
||
- Changes to squid-3.5.14 (16 Feb 2016):
|
||
* Bug 4437: Fix Segfault on Certain SSL Handshake Errors
|
||
* Bug 4431: C code is not compiled with CFLAGS
|
||
* Bug 4418: FlexibleArray compile error with GCC 6
|
||
* Bug 4378: assertion failed: DestinationIp.cc:60:
|
||
'checklist->conn() && checklist->conn()->clientConnection != NULL'
|
||
* Fix invalid FTP connection handling on blocked content
|
||
* Fix handling of shared memory left over by Squid crashes or bugs
|
||
* Fix mgr:config report 'qos_flows mark' output
|
||
* Fix compile error in CPU affinity
|
||
* Fix %un logging external ACL username
|
||
* Avoid more certificate validation memory leaks
|
||
* ... and some documentation updates
|
||
|
||
-------------------------------------------------------------------
|
||
Sun Jan 24 18:28:45 UTC 2016 - chris@computersalat.de
|
||
|
||
- Changes to squid-3.5.13 (06 Jan 2016):
|
||
* Bug 4397: DragonFly BSD, POSIX shared memory is implemented as filepath
|
||
* Bug 4387: Kerberos build errors on Solaris
|
||
* TLS: Support Ephemeral Elliptic Curve Diffie-Hellman (EECDH) key exchange
|
||
* TLS: Complete certificate chains using external intermediate certificates
|
||
* Avoid memory leaks when an X.509 certificate validator is used with SslBump
|
||
* Fix connection retry and fallback after failed server TLS connections
|
||
* Fix GnuTLS detection via pkg-config
|
||
* Fix startup crash with a misconfigured (too-small) shared memory cache
|
||
* ... and some documentation updates
|
||
- Changes to squid-3.5.12 (28 Nov 2015):
|
||
* Bug 4374: refresh_pattern config parser (%)
|
||
* Bug 4373: assertion 'calloutContext->redirect_state == REDIRECT_NONE'
|
||
* Bug 4228: links with krb5 libs despite --without options
|
||
* Fix SSL_get_certificate() problem detection
|
||
* Fix TLS handshake problem during Renegotiation
|
||
* Fix cache_peer forceddomain= in CONNECT
|
||
* Fix status code-based HTTP reason phrase for eCAP-generated messages
|
||
* Fix build errors in cpuafinity.cc
|
||
* ... and several documentation updates
|
||
- Changes to squid-3.5.11 (01 Nov 2015):
|
||
* Bug 3574: crashes on reconfigure and startup
|
||
* Bug 4347: compile errors with LibreSSL 2.3
|
||
* Bug 4281: copy-paste typos in src/tools.cc
|
||
* Bug 4279: No response from proxy for FTP-download of non-existing file
|
||
* Bug 4188: Bumping intercepted SSL connections does not work on Solaris
|
||
* Fix incorrect authentication headers on cache digest requests
|
||
* Fix connection stats, including %<lp, missing for persistent connections
|
||
* Fix invalid memory access issues in SBuf
|
||
* Avoid errors when parsing manager ACL in old squid.conf
|
||
- rebase squid-config.patch
|
||
- disable pre scriptlet (sed -i '/emulate_httpd_log/d' /etc/{name}/{name}.conf)
|
||
- downgrade to 3.5.x
|
||
* cause 4.x is Beta, should not have been here
|
||
* moved 4.x Beta package to server:proxy:Beta
|
||
- fix ChangeLog
|
||
* remove 4.x ChangeLog Entries
|
||
|
||
-------------------------------------------------------------------
|
||
Sat Dec 5 00:36:04 UTC 2015 - boris@steki.net
|
||
|
||
- fixes for boo#956989
|
||
- updated pretrans scriptlet so it handles only rpm link vs folders issue
|
||
- pre scriptlet updated to not change configuration file without real need
|
||
for configuration updates
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Oct 15 14:57:13 UTC 2015 - jkeil@suse.de
|
||
|
||
- Fix rpmlint errors / warnings
|
||
* systemd-service-without-service_add_pre
|
||
moved service_add_pre to %pre
|
||
* non-etc-or-var-file-marked-as-conffile
|
||
moved mib.txt to /usr/share/snmp/mibs/SQUID-MIB.txt
|
||
idea taken from Fedora package
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Oct 8 14:41:53 UTC 2015 - jkeil@suse.de
|
||
|
||
- Changes to squid-3.5.10 (01 Oct 2015):
|
||
* Regression Fix cache_peer login=PASS(THRU) after CVE-2015-5400
|
||
* Regression Bug 4326: base64 binary encoder rejects data beginning with nil byte
|
||
* Bug 4323: Netfilter broken cross-includes with Linux 4.2
|
||
* Bug 4328: %un format code does not work for external ACLs in credentials-fetching rules
|
||
* Bug 4208: more than one port in wccp2_service_info line causes error
|
||
* Bug 4304: PeerConnector.cc:743 "!callback" assertion.
|
||
* Bug 4330: Do not use SSL_METHOD::put_cipher_by_char to determine size of SSL hello ciphers
|
||
* Relicense ntlm_fake_auth.pl to GPLv2+
|
||
* Relicense smb_lm auth helper to GPLv2+
|
||
* Relicense SSPI helper to GPLv2+
|
||
* ... and several minor performance optimizations
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Sep 4 15:18:54 UTC 2015 - chris@computersalat.de
|
||
|
||
- rebase squid-config.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Sep 3 12:59:31 UTC 2015 - jkeil@suse.de
|
||
|
||
- Changes to squid-3.5.8 (02 Sep 2015):
|
||
* Regression Bug 4306: build portability fix in Kerberos helpers
|
||
* Bug 4302: IPFilter v5 transparent interception
|
||
* Bug 4301: compile errors with IPFilter interception
|
||
* Bug 4285 partial: %us is not supported in access.log
|
||
* Bug 4278: Docs: typo in the refresh_pattern freshness algorithm
|
||
* Bug 4242: compile errors with eCAP using clang-3.6
|
||
* Bug 3696: crash when client delay pools are activated
|
||
* Bug 3553: cache_swap_high ignored and maxCapacity used instead
|
||
* Regression Fix: FtpServer.cc:1024: "reply != NULL" assertion
|
||
* Fix ignore of impossible SSL bumping actions, as intended and documented
|
||
* Fix memory leak in Surrogate-Capability header detection
|
||
* Fix truncated body length when RESPMOD service aborts
|
||
* Reject non-chunked HTTP messages with conflicting Content-Length values
|
||
* Support splice for SSLv3 and TLSv1 sessions that start with an SSLv2 Hello
|
||
* ... and several portability and compile fixes
|
||
* ... and several documentation updates
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Aug 10 12:26:30 UTC 2015 - jkeil@suse.de
|
||
|
||
- Move update logic to proper scriptlet
|
||
* Replace 'etc' with %{_sysconfdir} macro
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Aug 5 21:20:28 UTC 2015 - chris@computersalat.de
|
||
|
||
- Changes to squid-3.5.7 (01 Aug 2015):
|
||
* Bug 4293: wrong SNI sent to server after URL-rewrite
|
||
* Bug 4251: incorrect instance name for memory segments in /dev/shm
|
||
* Bug 4227: invalid key in AuthUserHashPointer causing assertation failure
|
||
* Bug 3345: support %un (any available user name) format code for external ACLs.
|
||
* basic_smb_auth: Fix several old issues identified by Debian users
|
||
* Support ssl-bump splicing to origin cache_peer
|
||
* Fix SSL errors relayed using invalid certificates
|
||
* Fix crash in TcpAccepter with profiler enabled
|
||
* Fix some cases of ssl_crtd SSL certificate DB corruption
|
||
* Fix performance regression in SBuf::chop operations
|
||
* Improve handling of client connections on shutdown
|
||
* Handle exceptions during squid.conf parse
|
||
* Make pod2man an optional dependency
|
||
* ... and polishing for several cache.log notification messages
|
||
* Do not blindly forward cache peer CONNECT responses (CVE-2015-5400)
|
||
- rebase patch
|
||
* squid-config.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Jul 21 06:44:15 UTC 2015 - mpluskal@suse.com
|
||
|
||
- Update to 3.5.6
|
||
* Bug 4274: ssl_crtd.8 not being installed
|
||
* Bug 4193: memory leak on FTP listings
|
||
* Bug 4183: segfault when freeing https_port clientca on
|
||
reconfigure or exit
|
||
* Bug 3875: bad mimeLoadIconFile error handling
|
||
* Bug 3483: assertion failed store.cc:1866: 'isEmpty()'
|
||
* Bug 3329: pinned server connection is not closed properly
|
||
* TLS: Disable client-initiated renegotiation
|
||
* ext_edirectory_userip_acl: fix uninitialized variable
|
||
* Support custom OIDs in *_cert ACLs
|
||
* Fix CONNECT failover to IPv4 after trying broken IPv6 servers
|
||
* Use relative-URL in errorpage.css for SN.png
|
||
* Do not blindly forward cache peer CONNECT responses
|
||
* Fix assertion String.cc:221: "str"
|
||
* Fix assertion comm.cc:759: "Comm::IsConnOpen(conn)" in
|
||
ConnStateData::getSslContextDone
|
||
* Translations: add Spanish US dialect alias
|
||
- Drop no longer needed squid-nobuilddates.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Jun 4 22:31:30 UTC 2015 - mpluskal@suse.com
|
||
|
||
- Update to 3.5.5
|
||
* Regression Bug 4132: short_icon_urls with
|
||
global_internal_static on
|
||
* Bug 4238: assertion Read.cc:205: "params.data == data"
|
||
* Bug 4236: SSL negotiation error of 'success'
|
||
* Bug 3930: assertion 'connIsUsable(http->getConn())'
|
||
* Fix assertion MemBuf.cc:380: "new_cap > (size_t) capacity" in
|
||
SSL I/O buffer
|
||
* Fix assertion errorpage.cc:600: "entry->isEmpty()"
|
||
* Fix comm_connect_addr on failures returns Comm:OK
|
||
* Fix missing external ACL helper notes
|
||
* Fix "Not enough space to hold server hello message" error
|
||
message
|
||
* Fix segmentation fault inside
|
||
Adaptation::Icap::Xaction::swanSong
|
||
* Prevent unused ssl_crtd helpers being run
|
||
- Update permission in logrotate config
|
||
- Refresh squid-config.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Fri May 22 17:43:50 UTC 2015 - mpluskal@suse.com
|
||
|
||
- Update to 3.5.4
|
||
* Bug 4234: comm_connect_addr uses errno incorrectly
|
||
* Bug 4231: fd_open() not correctly handling UDS socket descriptions
|
||
* Bug 4226: digest_edirectory_auth: found but cannot be built
|
||
* Bug 4198: assertion failed: client_side.h:364: "sslServerBump == srvBump"
|
||
* Bug 3775: Disable HTTP/1.1 pipeline feature for pinned connections
|
||
* Fix require-proxy-header preventing HTTPS proxying and ssl-bump
|
||
* Fix Negotiate/Kerberos authentication request size exceeds output buffer size
|
||
* Fix SQUID_X509_V_ERR_DOMAIN_MISMATCH errors while accessing sites with valid certificates
|
||
* Add server_name ACL matching server name(s) obtained from various sources
|
||
* Add Kerberos support for MAC OS X 10.x
|
||
* Support for resuming TLS sessions
|
||
* ... and some portability and compile fixes
|
||
* ... and several documentation updates
|
||
* ... and all fixes from squid 3.4.13
|
||
- Refresh patches
|
||
|
||
-------------------------------------------------------------------
|
||
Wed May 6 08:32:28 UTC 2015 - mpluskal@suse.com
|
||
|
||
- Remove emulate_httpd_log from config on update
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Apr 28 08:59:41 UTC 2015 - mpluskal@suse.com
|
||
|
||
- Fix update from 3.4 to 3.5
|
||
|
||
-------------------------------------------------------------------
|
||
Sun Apr 26 11:18:42 UTC 2015 - mpluskal@suse.com
|
||
|
||
- Fix SLE 11 build with older kerberos libraries
|
||
* squid-old-kerberos.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Apr 1 06:55:04 UTC 2015 - mpluskal@suse.com
|
||
|
||
- Update to 3.5.3
|
||
* Regression Bug 4213: negotiate_kerberos_auth: freeing non-dynamic memory
|
||
* Regression Bug 4206: Incorrect connection close on expect:100-continue
|
||
* Bug 4204: ./configure does not abort when required helpers cannot be built
|
||
* Bug 3805: support shared memory on MacOS X in Mem::IPC::Segment
|
||
* Bug 2907: high CPU usage on CONNECT when using delay pools
|
||
* basic_getpwnam_auth: fail authentication on crypt() failures
|
||
* basic_nis_auth: fail authentication on crypt() failures
|
||
* ext_kerberos_ldap_group_acl: Heimdal support improvements
|
||
* ext_wbinfo_group_acl: Perl 5.20 support
|
||
* ... and several compile issues
|
||
|
||
-------------------------------------------------------------------
|
||
Sat Mar 21 13:16:42 UTC 2015 - mpluskal@suse.com
|
||
|
||
- Use xz compressed source
|
||
- Update to 3.5.2
|
||
* Regression Bug 4176: Digest auth too many helper lookups
|
||
* Regression Bug 4180: not-fully-initialized data member in
|
||
ACLUserData
|
||
* Bug 4172: Solaris broken krb5-config
|
||
* Bug 4073: Cygwin compile errors
|
||
* Bug 3919: remove several never-true / never-false comparisons
|
||
* HTTPS: Add missing root CAs when validating chains that passed
|
||
internal checks
|
||
* Fix some cbdataFree related memory leaks
|
||
* Quieten CBDATA 'leak' messages
|
||
* Set SNI information in transparent bumping mode
|
||
* negotiate_kerberos_auth: fix krb5.conf backward compatibility
|
||
* Fix memory leaks in cachemgr.cgi URL parser
|
||
* Fix sslproxy_options in peek-and-splice mode
|
||
* ... and fix several portability and build issues
|
||
* ... and some documentation updates
|
||
* ... and all fixes from squid 3.4.11
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Feb 19 01:09:38 UTC 2015 - chris@computersalat.de
|
||
|
||
- Update to 3.5.1 (13 Jan 2015):
|
||
* Fix handling of invalid SSL server certificates when splicing connections
|
||
* basic_smb_lm_auth: Simplified MSNT basic auth helper
|
||
* squidclient: Fix -A and -P options
|
||
* ... and several portability fixes
|
||
* ... and all fixes from squid 3.4.11
|
||
* ... and a lot of documentation updates
|
||
- removed obsolete patch
|
||
* squid-compiled_without_RPM_OPT_FLAGS.patch
|
||
- rebased patches
|
||
* squid-config.patch
|
||
* squid-nobuilddates.patch
|
||
* squid-brokenad.patch
|
||
- replace configure option
|
||
* --enable-ssl > --with-openssl
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Feb 18 23:28:06 UTC 2015 - chris@computersalat.de
|
||
|
||
- remove obsolete RELEASENOTES.html
|
||
* included in package
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Feb 11 22:35:30 UTC 2015 - mpluskal@suse.com
|
||
|
||
- Update to 3.4.11:
|
||
* cachemgr.cgi: memory leak in request parser
|
||
* Fix typo on commStartSslClose
|
||
* Fix SQUID_CC_REQUIRE_ARGUMENT autoconf macro
|
||
* Bug #3760: squidclient ignores --disable-ipv6
|
||
* Bug #3664: ssl_crtd fails to build on OpenSolaris/OpenIndiana/Solaris 11
|
||
* Bug #3754: configure doesnt detect IPFilter 5.1.2 system headers
|
||
* Bug #4164: SEGFAULT when %W formating code used in errorpages
|
||
* Deleting first fs left psstate->servers pointing to uninitialized memory
|
||
* Maintenance: check release notes on packaging
|
||
* Bug #4057: Avoid on-exit crashes when adaptation is enabled.
|
||
|
||
-------------------------------------------------------------------
|
||
Sat Jan 10 01:08:40 UTC 2015 - chris@computersalat.de
|
||
|
||
- recover old spec
|
||
* merge in suggested changes from tchvatal
|
||
- fix permissions for SLE11
|
||
* revert suid bit for pinger and basic_pam_auth
|
||
add them to permissions file (commented)
|
||
- readd deleted files
|
||
* RELEASENOTES
|
||
* permissions (needed for SLE11)
|
||
* init.rh
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Jan 9 10:19:10 UTC 2015 - tchvatal@suse.com
|
||
|
||
- Cleanup with spec-cleaner
|
||
- Version bump to 3.4.10:
|
||
* Fix bootstrap.sh dependency on SPONSORS.list
|
||
* HTTP/2: Support 421 (Misdirected Request) status code
|
||
* Alternate-Protocol is a hop-by-hop header
|
||
* Bug #4148: external_acl_type header format does not accept the new libformat syntax
|
||
* Bug #4033: Rebuild corrupted ssl_db/size file
|
||
* Bug #3902: Docs: external_acl_type cache hash key
|
||
* Bug #4145: squid_endian.h compile errors with OpenBSD 5.6
|
||
* Fix segmentation fault in ACLUrlPathStrategy::match
|
||
- Remove support for other distros as we build for opensuse anyway
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Jan 2 16:07:38 UTC 2015 - boris@steki.net
|
||
|
||
- remove permissions.easy and permissions.paranoid files from package
|
||
as they are not used any more
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Dec 9 12:42:48 UTC 2014 - boris@steki.net
|
||
|
||
- remove setBadness in rpmlintrc as it should be already in Factory
|
||
permissions package handled
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Dec 8 15:28:42 UTC 2014 - meissner@suse.com
|
||
|
||
- %verifyscript is its own section, move out of the %postun section
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Dec 2 10:27:49 UTC 2014 - dimstar@opensuse.org
|
||
|
||
- Use URLs to paths that the source validator actually understands
|
||
and make this acceptable for Tumbleweed.
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Nov 27 21:18:35 UTC 2014 - chris@computersalat.de
|
||
|
||
- fix for boo#894636 (squid's logrotate snippet runs init script)
|
||
* modify squid.logrotate to work on both systemd and SysVinit
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Nov 27 13:16:58 UTC 2014 - lmuelle@suse.com
|
||
|
||
- Changes to 3.4.9 (31 Oct 2014):
|
||
+ Regression fix: ext_kerberos_ldap_group_acl typo in 3.4.7 update
|
||
+ Bug 4102: sslbump cert contains only a dot character in key usage extension
|
||
+ Bug 4093: source-maintenance.sh errors and warnings due to wrong
|
||
tools/options
|
||
+ Bug 4088: memory leak in external_acl_type helper with cache=0 or ttl=0
|
||
+ Bug 4024: Bad host/IP ::1 when using IPv4-only environment
|
||
+ Bug 3803: ident leaks memory on failure
|
||
+ kerberos_ldap_group/cert_tool: Remove ksh dependency;
|
||
obsoletes squid-cert_tool_use_bash_not_ksh.patch
|
||
+ ... and some automated code style updates
|
||
+ ... and some documentation updates
|
||
- Changes to 3.4.8 (15 Sep 2014):
|
||
+ Fix off by one in SNMP subsystem
|
||
+ pinger: Fix various ICMP handling issues; CVE-2014-7141; CVE-2014-7142;
|
||
http://www.squid-cache.org/Advisories/SQUID-2014_4.txt; bnc#891268
|
||
obsoletes squid-icmp-DoS.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Nov 26 21:45:48 UTC 2014 - lmuelle@suse.com
|
||
|
||
- Remove dependency on gpg-offline as signature checking is implemented in the
|
||
source validator.
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Sep 24 11:49:04 UTC 2014 - chris@computersalat.de
|
||
|
||
- fix spec and changes file
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Sep 16 09:31:35 UTC 2014 - boris@steki.net
|
||
|
||
- update logrotate file
|
||
* postrotate now defaults to 'systemd'
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Sep 16 08:35:11 UTC 2014 - boris@steki.net
|
||
|
||
- fix for icmp pinger DOS bnc#891268
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Sep 15 11:36:51 UTC 2014 - chris@computersalat.de
|
||
|
||
- some spec cleanup
|
||
- some systemd/SysVinit fixes
|
||
- fix sysconfig file for ! suse_version
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Sep 11 15:25:01 UTC 2014 - boris@steki.net
|
||
|
||
- replaced permissions handling using setuid bit with use of
|
||
linux capabilities (on supported systems)
|
||
- general cleanup of .spec file and systemd handling
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Sep 5 15:04:47 UTC 2014 - chris@computersalat.de
|
||
|
||
- Changes to 3.4.7 (28 Aug 2014):
|
||
* Regression Fix: Kerberos LDAP authorizing groups with principle subdomain
|
||
* Bug 4080: worker hangs when client identd is not responding
|
||
* Bug 3966: Add KeyEncipherment when ssl-bump substitues RSA for EC
|
||
* HTTP/1.1: Ignore Range headers with unidentifiable byte-range values
|
||
* SSL-bump: Use v3 for fake certificate if we add _any_ certificate extension
|
||
* Enable compile-time override for MAXTCPLISTENPORTS
|
||
* ntlm_sspi_auth: Fix various build errors
|
||
* negotiate_wrapper: Fix build issues with non-portable vfork()
|
||
* negotiate_sspi_auth: Portability fixes for MinGW
|
||
* ext_lm_group_acl: Portability fixes for MinGW
|
||
* ... and several minor memory leaks
|
||
- fix for bnc#894636
|
||
* fix postrotate for systemd
|
||
- rebase patches
|
||
* squid-cert_tool_use_bash_not_ksh.patch
|
||
* squid-compiled_without_RPM_OPT_FLAGS.patch
|
||
* squid-nobuilddates.patch
|
||
* squid-config.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Sep 4 16:02:45 UTC 2014 - chris@computersalat.de
|
||
|
||
- fix for bnc#894840
|
||
* fix logrotate file (sharedscripts)
|
||
|
||
-------------------------------------------------------------------
|
||
Sun Aug 31 09:32:01 UTC 2014 - boris@steki.net
|
||
|
||
- add --disable-arch-native configure param as vmware does not
|
||
emulate all instruction set and squid fails with
|
||
"Illegal instruction" more info at
|
||
http://wiki.squid-cache.org/KnowledgeBase/IllegalInstructionError
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Aug 14 16:42:17 CEST 2014 - draht@suse.de
|
||
|
||
- squid-cert_tool_use_bash_not_ksh.patch:
|
||
/usr/sbin/cert_tool should use bash, not ksh. [bnc#891313]
|
||
|
||
-------------------------------------------------------------------
|
||
Sun Aug 10 21:16:29 UTC 2014 - chris@computersalat.de
|
||
|
||
- Changes to squid-3.4.6 (25 Jun 2014):
|
||
* Regression: segmentation fault logging with %tg format specifier
|
||
* Bug 4065: round-robin neighbor selection with unequal weights
|
||
* Bug 4056: assertion MemPools[type] from netdbExchangeStart()
|
||
* Bug 4050: segmentation fault in CommSelectEngine::checkEvents on helper response
|
||
* Fix segmentation fault setting up server SSL connnection
|
||
* Fix hanging Non-HTTPS connections on SSL-bump enabled port
|
||
* Fix Cache Manager actions listed more than once
|
||
* ... and many minor memory leaks
|
||
* ... and several portability build issues
|
||
* ... and some documentation updates
|
||
- Changes to squid-3.4.5 (02 May 2014):
|
||
* Regression Bug 4051: inverted test on CONNECT payload existence
|
||
* Regression Fix: order dependency between cache_dir and maximum_object_size
|
||
* Fix logformat %note display
|
||
* Resolve 'dying from an unhandled exception: c'
|
||
* Copyright: Update CONTRIBUTORS list of copyright holders
|
||
- fix deps
|
||
* libtool >= 2.4
|
||
* older libtool needs --with-included-ltd
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Jul 31 14:01:54 UTC 2014 - dimstar@opensuse.org
|
||
|
||
- Rename rpmlintrc to %{name}-rpmlintrc.
|
||
Follow the packaging guidelines.
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Apr 24 20:47:05 UTC 2014 - boris@steki.net
|
||
|
||
- fix rhel/centos usermod parameter invocation order
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Apr 9 15:42:06 UTC 2014 - boris@steki.net
|
||
|
||
- setuid handling for opensuse using permissions updated
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Apr 7 12:06:41 UTC 2014 - boris@steki.net
|
||
|
||
- enable build for centos/rhel
|
||
- add centos/rhel init script
|
||
|
||
-------------------------------------------------------------------
|
||
Sat Mar 29 16:47:44 UTC 2014 - chris@computersalat.de
|
||
|
||
- add 'squid' as default group and added suid bit for /usr/sbin/pinger
|
||
# pinger needs 'root' privileges to be able to ping (cache peer)
|
||
* attr(4750,root,squid) /usr/sbin/pinger
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Mar 28 18:46:44 UTC 2014 - chris@computersalat.de
|
||
|
||
- fix pidfile dir
|
||
* systemd -> /run/squid.pid
|
||
* SysVinit -> /var/run/squid.pid
|
||
|
||
-------------------------------------------------------------------
|
||
Sun Mar 16 08:54:50 UTC 2014 - boris@steki.net
|
||
|
||
- added patch to force kerberos principalname handling
|
||
( http://bugs.squid-cache.org/show_bug.cgi?id=4042 )
|
||
* squid-brokenad.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Sat Mar 15 12:11:30 UTC 2014 - chris@computersalat.de
|
||
|
||
- Changes to squid-3.4.4 (09 Mar 2014):
|
||
* Bug 4029: intercepted HTTPS requests bypass caching checks
|
||
* Bug 4001: remove use of strsep()
|
||
* Bug 3186 and 3628: Digest authentication always sending stale=false for nonce
|
||
* Fix stalled concurrent rock store reads
|
||
* Fix helper ID number assignment
|
||
* Fix build failures from CMSG related definitions
|
||
* Fix build failures from libcompat unsafe.h protections
|
||
* Copyright: Relicense helpers by Treehouse Networks Ltd.
|
||
* ... and all bug fixes from 3.3.12
|
||
- fix for bnc#743563
|
||
* fix spec(post): remove SLE_10 permissions stuff
|
||
- rebased patches:
|
||
* squid-compiled_without_RPM_OPT_FLAGS.patch
|
||
* squid-nobuilddates.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Mar 14 14:34:27 UTC 2014 - boris@steki.net
|
||
|
||
- add ssl bump to build config
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Feb 27 13:26:24 UTC 2014 - chris@computersalat.de
|
||
|
||
- Changes to squid-3.4.3 (02 Feb 2014):
|
||
* Bug 4008: HttpHeader warnOnError should be an int not a bool
|
||
* Bug 4002: clang 3.4 unable to compile
|
||
* Bug 3996: Malformed DNS reply leads to crash
|
||
* Bug 3995: compile error on CentOS 5 with GCC 4.1.2
|
||
* Bug 3975: atomic detection cross-compilation failure
|
||
* Bug 3971: "cannot aggregate mgr:client_list: cmd->profile != NULL" in SMP mode
|
||
* Bug 3954: compile failure in CpuAffinity.cc
|
||
* Bug 3927: tests/testRock fatal.cc required
|
||
* Fix memory leak in peer Cache Digest exchange
|
||
* Fix external_acl_type async loop failures
|
||
* Fix destination IP address cycling
|
||
* ... and a few polishing changes
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Jan 7 19:45:22 UTC 2014 - chris@computersalat.de
|
||
|
||
- Changes to squid-3.4.2 (30 Dec 2013):
|
||
* Regression Bug 3980: FATAL ERROR due to max_user_ip -s option
|
||
* Regression Fix: \-unescaping in quoted strings from helpers
|
||
* Regression Fix: URL helper API bypassing on URL containing '=' character
|
||
* Bug 3985: 60s limit introduced by balance_on_multiple_ip breaks bad IP recovery
|
||
* Bug 3806: Caching responses with Vary header
|
||
* Bug 3498: FTP PUT assertion
|
||
* WCCPv2: Fix assertion 'Cannot convert non-IPv4 to IPv4' on FreeBSD
|
||
* Enable concurrency by default for SSL certificate validator
|
||
* ... and fix several build errors
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Dec 25 23:10:24 UTC 2013 - chris@computersalat.de
|
||
|
||
- Changes to squid-3.4.1 (09 Dec 2013):
|
||
* Bug 3935: Invalid pointer dereference when peeking at origin server certificate
|
||
* Bug 3589: intercepted and ICAP modified request using a cache_peer
|
||
* ... and several portability fixes
|
||
* ... and some documentation updates
|
||
- Changes to squid-3.4.0.3 (01 Dec 2013):
|
||
* Bug 3941: Release notes error
|
||
* Receive annotations from authentication and external ACL helpers
|
||
* basic_nis_auth: Improved portability
|
||
* ... and several documentation updates
|
||
* ... and all bug fixes from 3.3.9, 3.3.10, 3.3.11
|
||
- Changes to squid-3.4.0.2 (03 Oct 2013):
|
||
* Regression Bug 3891: squid.conf parser errors in 3.4.0.1
|
||
* Regression Fix: re-disable MinGW C++11 support
|
||
* Bug 3914: partial: make squidclient tool build cleanly with -Wconversion
|
||
* Fix memory leak in refresh_pattern parsing
|
||
* negotiate_kerberos_auth: upgrade to present group= keys
|
||
* Handle NTLM helper returning OK without user= value
|
||
* Add dns_multicast_local to control mDNS operation
|
||
* Add --disable-arch-native build option
|
||
* Display Build-Info in cache manager info report
|
||
* ... and all changes from squid 3.3.9
|
||
* ... and some code and debug output polishing
|
||
- Changes to squid-3.4.0.1 (29 Jul 2013):
|
||
* Port from 2.7: StoreURL (renamed Store-ID) support
|
||
* Bug 3795: fix several mistakes in the MIB file
|
||
* Bug 3793: configure: improved helper detection
|
||
* Bug 3722: Invalid markup in Armenian hy ERR_ONLY_IF_CACHED_MISS
|
||
* Bug 3676: Support GCC 4.7 with -Wshadow option
|
||
* Bug 3643: NTLM helpers stuck in reserved state by Safari
|
||
* Bug 3389: Auto-reconnect for tcp access_log
|
||
* Bug 2066: squid does not do chdir() after chroot()
|
||
* Fix uninitialized fields in IcapLogEntry
|
||
* Fix a number of minor issues detected by Coverity Scan
|
||
* Fix some potential memory leaks detected by Coverity Scan
|
||
* Fix 64-bit support for Intel compiler suite (ICC) and other similar compilers
|
||
* Fix ACL matching algorithm to avoid repeating tests
|
||
* basic_pam_auth: Add -r option to strip NTLM/Negotiate domain from username
|
||
* squidpurge: fix META TLV parsing issues
|
||
* squid.conf: enforce all the directive and option names are lower-case
|
||
* Support EUI on HTTPS and FTP data connections
|
||
* Support OK/ERR/BH response codes from any helper
|
||
* Support No-lookup flag (-n) on DNS ACLs
|
||
* Support -march=native compiler optimization by default
|
||
* Support forwarding intercepted but not bumped connections to cache_peers
|
||
* Support IPv6 NAT interception on Linux and some BSD
|
||
* Deprecate log_icap and log_access configuration directives
|
||
* HTTP/1.1: improved method invalidation and cacheability detection
|
||
* HTTP/1.1: support length configuration for pipeline_prefetch queue
|
||
* Improved TPROXY support for OpenBSD and FreeBSD
|
||
* Add storeid_file_rewrite helper to perform Store-ID rewrites from a rules file
|
||
* Add all-of and any-of ACL types for grouping sets of ACL tests
|
||
* Add note directive for transaction annotations
|
||
* Add %note log format for transaction annotation logging
|
||
* Add note ACL type for matching annotated transactions with by annotation name or value
|
||
* Add kv-pair support to URL-rewrite/redirector interface
|
||
* Add SSL server certificate validator interface, helper and result cache
|
||
* Add SSL server certificate fingerprint ACL type
|
||
* Add spoof_client_ip access control
|
||
* Add pt-bz (Belize Portuguese) dialect to translations
|
||
* ... and many Windows portability changes (still incomplete)
|
||
* ... and many documentation changes
|
||
* ... and much code cleanup and polishing
|
||
- modified patches:
|
||
* squid-compiled_without_RPM_OPT_FLAGS.patch
|
||
* squid-config.patch
|
||
- remove obsolete fix-pod2man-check patch
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Dec 25 21:29:38 UTC 2013 - chris@computersalat.de
|
||
|
||
- Changes to squid-3.3.11 (01 Dec 2013):
|
||
* Regression Bug 3936: error-details.txt parse error with OpenSSL since 3.3.9
|
||
* Bug 3972: Segfault when getting the deny_info page ID after a reconfigure
|
||
* Bug 3970: max_filedescriptors disabled due to missing setrlimit
|
||
* Bug 3967: ipc/Kid.cc compilation failure: 'time' was not declared in this scope
|
||
* Bug 3960: DEAD cache_peer are not revived
|
||
* Bug 3956: xstrndup: tried to dup a NULL pointer
|
||
* Bug 3906: Filedescriptor leaks in SNMP
|
||
* Bug 3782: Digest authentication not obeying nonce_max_count
|
||
* HTTP/1.1: Make header parser obey relaxed_header_parser
|
||
* HTTP/1.1: Re-compute Range response content offset after an FTP response was adapted
|
||
* SMP: Replace blocking sleep(3) and close UDS socket on failures
|
||
* Windows: fix several compile errors
|
||
- Changes to squid-3.3.10 (03 Nov 2013):
|
||
* Bug 3929: request_header_add not working for tunnel requests
|
||
* Bug 3923: cbdata and undefined behavior due to dynamic runtime enumeration
|
||
* Bug 3918: Self Test Failures on Mac OS X 10.8
|
||
* Bug 3887: tcp_outgoing_tos not working for IPv6
|
||
* Bug 3836: Fix issues with automake 1.13+ and make check
|
||
* Bug 3480: StoreEntry::kickProducer() segfaults in store_client::copy()
|
||
* Fix pinning hierarchy log information
|
||
* Fix close idle client connections associated with closed idle pinned connections.
|
||
* Fix cbdata 'error: expression result unused' errors
|
||
* Avoid "hot idle": A series of rapid select() calls with zero timeout.
|
||
* Append Connection:close to OPTIONS requests when icap_persistent_connections is off
|
||
* ntlm_fake_auth: pass DOMAIN data to Squid in original case
|
||
* kerberos_ldap_group: fix LDAP string duplication
|
||
* Use IPv6 localhost nameserver on DNS configuration errors
|
||
* Add cache_miss_revalidate
|
||
* ... and several portability improvements
|
||
- modified patches:
|
||
* squid-compiled_without_RPM_OPT_FLAGS.patch
|
||
* squid-config.patch
|
||
- fix build for SLE (libxml2-devel vs pkgconfig(libxml2))
|
||
- fix changed files
|
||
* bindir/purge
|
||
* bindir/squidclient
|
||
|
||
-------------------------------------------------------------------
|
||
Sat Sep 28 17:56:52 UTC 2013 - chris@computersalat.de
|
||
|
||
- Changes to squid-3.3.9 (11 Sep 2013):
|
||
* Regression Bug 3077: off-by-one error in Digest header decoding
|
||
* Bug 3895: fix acl_uses_indirect_client and cache_peer_access
|
||
* Bug 3879: assertion failed ConnStateData::validatePinnedConnection
|
||
* Bug 3863: myportname acl causes segmentation fault
|
||
* Bug 3849: Duplicate certificate sent when using https_port
|
||
* Bug 2287: Better fix for unsupported HTTP version handling
|
||
* Bug 2112: Reload into If-None-Match
|
||
* Fix several assert with side effects in ICAP/eCAP response handling
|
||
* Fix myportname ACL on ICAP/eCAP transactions
|
||
* Fix external ACL user:pass detail logging after adaptation
|
||
* Fix SMP mgr:info report 'Largest file desc currently in use'
|
||
* Improved compatibility with gcc 4.8, clang and icc
|
||
* Show number of available filedescriptors when reserved FD changes
|
||
* Sync with newest OpenSSL error codes
|
||
* Register Http2-Settings header
|
||
* ... and many Windows portability fixes
|
||
- fix changelog
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Sep 5 11:43:22 UTC 2013 - chris@computersalat.de
|
||
|
||
- fix build for Factory
|
||
* rework fix-pod2man-check
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Sep 2 21:58:38 UTC 2013 - chris@computersalat.de
|
||
|
||
- fix build for 1110 (SLES_11)
|
||
* add configure --disable-strict-error-checking
|
||
|
||
-------------------------------------------------------------------
|
||
Sun Sep 1 12:25:46 UTC 2013 - chris@computersalat.de
|
||
|
||
- Changes to squid-3.3.8 (13 Jul 2013):
|
||
* Bug 3869: assertion failed: MemBuf.cc:272: size < capacity
|
||
* Improved handling of port values in Host: header validation
|
||
- Changes to squid-3.3.7 (11 Jul 2013):
|
||
* Bug 3297: Fix openSSL related build failures
|
||
* Fix build on FreeBSD 9.x platform with clang
|
||
* Protect against buffer overrun in DNS query generation
|
||
- Changes to squid-3.3.6 (01 Jul 2013):
|
||
* Bug 3854: pt1: compile errors on AIX
|
||
* Bug 3802: Fix wrong check inside Format::Format::assemble
|
||
* Bug 3762: remove bogus WARNING in cache.log
|
||
* Bug 3717: assertion failed with dstdom_regex with IP based URL
|
||
* Bug 1991: kqueue causes SSL to hang
|
||
* Ask for SSL key password when started with -N but without sslpassword_program
|
||
* Make sure %<tt includes all [failed] connection attempts
|
||
* Support HTTP reply ACLs in icap_log and log_icap
|
||
* Fix incorrect external_acl_type codes
|
||
* Fix ICAP logging request headers and segmentation faults
|
||
* ... and some documentation polish
|
||
- Changes to squid-3.3.5 (20 May 2013):
|
||
* Bug 3851: Delay Pool class 5 tag:levels displayed incorrectly in cache manager
|
||
* Bug 3845: http_port tcpkeepalive= option fails parsing
|
||
* Bug 3840: assertion failed 'sde' in UFS cache loading
|
||
* Bug 3836: make check failures with automake-1.13
|
||
* Bug 3827: Remove AccessLogEntry::cache.authuser
|
||
* Bug 3816 pt2: SSL_get_certificate call inside Ssl::verifySslCertificate crashes
|
||
* Bug 3780: cachemgr.cgi: output problem in HTTP Header Statistics
|
||
* Bug 3759: OpenSSL compilation error on stock Fedora17, RHEL, CentOS 6 systems
|
||
* Bug 3744: squid terminated: FATAL: Bungled (null) line 3: sslproxy_cert_sign
|
||
signTrusted all
|
||
* Port from 2.6: external acl %ACL and %DATA tags
|
||
* Update copyright on SN.png
|
||
* ... and several minor memory leaks
|
||
* ... and some documentation polish
|
||
- Changes to squid-3.3.4 (27 Apr 2013):
|
||
* Bug 3831: basic_ncsa_auth Blowfish and SHA support
|
||
* Bug 3816: SSL_get_certificate call inside Ssl::verifySslCertificate crashes
|
||
* Bug 3794: MacOS: workaround compiler errors and case-insensitivity
|
||
* Bug 3781: Proxy Authentication not sent to cache_peer
|
||
* Bug 3720 pt1: SourceLayout: shuffle fd_table definition into fde.h
|
||
* Bug 3720 pt2: Add missing include in /dev/poll I/O module
|
||
* Bug 3674: Improve compiler detection, better support warnings-as-errors on clang
|
||
* Add support for TPROXY on BSD
|
||
* Fix SSL Bump bypass for intercepted traffic
|
||
* Fix memory leaks in ConnStateData pinning
|
||
* Fix external_acl.cc "inBackground" assertion on queue overloads
|
||
* CacheMgr: fix missing column separator in helper stats
|
||
* OpenBSD: libpthreads requires OpenBSD 5.2 or later
|
||
* ... and lots of documentation updates
|
||
* ... and all changes from squid 3.2.10
|
||
- Changes to squid-3.3.3 (12 Mar 2013):
|
||
* Bug 3720: Add missing include in /dev/poll I/O module (pt2)
|
||
* ... and all changes from squid 3.2.9
|
||
- Changes to squid-3.3.2 (02 Mar 2013):
|
||
* Bug 3781: Proxy Authentication not sent to cache_peer
|
||
* Bug 3794: MacOS: workaround compiler errors
|
||
* Bug 3720: Compile error in Solaris /OpenIndiana
|
||
* ... and all changes from squid 3.2.8
|
||
- Changes to squid-3.3.1 (09 Feb 2013):
|
||
* Bug 3726: build errors with --disable-ssl
|
||
* Propigate pinned connection persistency and closures to the client.
|
||
* Mimic SSL certificate Key Usage and Basic Constraints
|
||
* Fix segmentation fault on missing squid.conf values
|
||
* ext_sql_session_acl: Fix hex decoding on UID
|
||
* ... and some code polish
|
||
* ... and a lot of documentation polish
|
||
* ... and all changes from squid 3.2.7
|
||
- rebase patches
|
||
* config, nobuilddates, compiled_without_RPM_OPT_FLAGS
|
||
|
||
-------------------------------------------------------------------
|
||
Sun Jul 28 12:44:37 UTC 2013 - bruno@ioda-net.ch
|
||
|
||
- Changes to squid-3.2.13 (13 Jul 2013):
|
||
* Bug 3869: assertion failed: MemBuf.cc:272: size < capacity
|
||
* Improved handling of port values in Host: header validation
|
||
- Changes to squid-3.2.12 (11 Jul 2013):
|
||
* Protect against buffer overrun in DNS query generation
|
||
* Avoid !closing assertions when helpers call comm_read during reconfigure.
|
||
* Fix several minor memory leaks during reconfigure
|
||
* Remove origin_tries limiter on forwarding and permit large max_forward_tries values
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Jul 25 10:19:05 UTC 2013 - tchvatal@suse.com
|
||
|
||
- Add patch squid-fix-pod2man-check.patch solving building with
|
||
new perl.
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Apr 30 11:42:06 UTC 2013 - bruno@ioda-net.ch
|
||
|
||
- Changes for squid 3.2.11 release (29 April 2013)
|
||
* Fix enter_suid/leave_suid build errors in ip/Intercept.cc
|
||
* GNU Hurd: define MAP_NORESERVE as no-op when missing
|
||
* Bug #3833: Option '-k' is not present in squidclient man page
|
||
* Bug #3817: Memory leak in SSL cert validate for alt_name peer certs
|
||
* Bug #3822: Locate LDAP and SASL headers in /usr/local/include for BSD support
|
||
* Bug #3825: basic_ncsa_auth segfaulting with glibc-2.17
|
||
* Bug #3774: -k reconfigure drops rock
|
||
* Bug #3565: Resuming postponed accept kills Squid
|
||
* HTTP/1.1: partial support for no-cache and private controls with parameters
|
||
* ssl_crtd: helpers dying during startup on ARM
|
||
* Updated copyright for icons/SN.png squid-3.2-11813.patch
|
||
* Revert r11810 - tools.h does not exist in 3.2 squid-3.2-11812.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Sun Mar 24 18:57:26 UTC 2013 - bruno@ioda-net.ch
|
||
|
||
- Fixed squid.service
|
||
- Removed commented patch lines
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Mar 15 10:31:02 UTC 2013 - bruno@ioda-net.ch
|
||
|
||
- New revision for squid.service (using only sed)
|
||
handle multiple cache_dir line
|
||
Added sed as require
|
||
- Packaging : fixed systemd squid.service
|
||
* Rework on squid.service ExecStartPre line
|
||
remove dependency on unfunctionnal wrapper
|
||
* Fix bnc#802635 (creating cache struture fail on first call)
|
||
* Fixed Type=forking and remove the use off -N (non daemon flag)
|
||
* Fixed missing pid file
|
||
* Structural : add all -k to end of Exec/Stop line
|
||
* Ulimit : Added LimitNOFile=4096 ( same value as in /etc/sysconfig)
|
||
but there's no way to decode dynamically /etc/sysconfig
|
||
* Remove syslog.target ( no need anymore : advise from fcrozat )
|
||
* Clean up squid_cache_build.sh
|
||
- Changes to squid-3.2.9 (12 Mar 2013):
|
||
* Regression fix: Accept-Language header parse
|
||
* Bug 3673: Silence 'Failed to select source' messages
|
||
* Fix authentication headers sent on peer digest requests
|
||
* Fix build error on Solaris, OpenIndiana, Omnios
|
||
- Changes to squid-3.2.8 (02 Mar 2013):
|
||
* Bug 3767: tcp_outgoing_tos/mark ACLs do not obey acl_uses_indirect_client
|
||
* Bug 3763: diskd Error: no filename in shm buffer
|
||
* Bug 3752: objects that cannot be cached in memory are not cached on disk
|
||
* Bug 3753: Removes the domain from the cache_peer server pconn key
|
||
* Bug 3749: IDENT lookup using wrong ports to identify the user
|
||
* Bug 3723: tcp_outgoing_tos/mark broken for CONNECT requests
|
||
* Bug 3686: cache_dir max-size default fails
|
||
* Bug 3515: crash in FtpStateData::ftpTimeout
|
||
* Bug 3329: Quieten orphan Comm::Connection messages
|
||
* Make squid -z for cache_dir rock preserve the rock DB
|
||
* Fixed several server connect problems
|
||
* ... and some build issues on Solaris, OpenIndiana, MacOS X
|
||
* ... and some documentation and debugs polishing
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Feb 20 23:24:06 UTC 2013 - e.istomin@edss.ee
|
||
|
||
- Changes to squid-3.2.7 (01 Feb 2013):
|
||
* Bug 3736: Floating point exception due to divide by zero
|
||
* Bug 3735: raw-IPv6 domain URLs crash if IPv6-disabled
|
||
* Bug 3732: Fix ConnOpener IPv6 awareness
|
||
* Bug 3729: 32-bit overflow in parsing 64-bit configuration values
|
||
* Bug 3728: Improve debug for cache_dir
|
||
* Bug 3687: unhandled exception: c when using interception and peers
|
||
* Bug 3678: external acl grace period causes acl lookup failures
|
||
* Bug 3567: Memory leak handling malformed requests
|
||
* Bug 3111: Mid-term fix for the forward.cc "err" assertion
|
||
* Support OpenSSL NO_Compression optio
|
||
* Fix IPv6 enabled pinger on split-stack or IPv6-disabled systems
|
||
* Fix "address.GetPort() != 0" assertion for helpers
|
||
* ... and several minor memory leaks
|
||
* ... and some cache.log message polishing
|
||
|
||
-------------------------------------------------------------------
|
||
Sun Jan 13 20:09:22 UTC 2013 - chris@computersalat.de
|
||
|
||
- Changes to squid-3.2.6 (09 Jan 2013):
|
||
fix for bnc#794954, CVE-2012-5643, SQUID:2012-1
|
||
- Regression Bug 3731: TOS setsockopt() requires int value
|
||
- Regression Bug 3712: Rotating logs overwrites the previous log
|
||
- Bug 3727: LLVM compile errors in kerberos_ldap_group
|
||
- Bug 3650: Negotiate auth missing challenge token
|
||
- Additional fixes for CVE-2012-5643 / SQUID:2012-1
|
||
* http://www.squid-cache.org/Advisories/SQUID-2012_1.txt
|
||
* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5643
|
||
- rebase nobuilddates, config patches
|
||
|
||
-------------------------------------------------------------------
|
||
Sun Dec 30 14:56:38 UTC 2012 - chris@computersalat.de
|
||
|
||
- Changes to squid-3.2.5 (10 Dec 2012):
|
||
- Bug 3698: Add missing include of errno.h
|
||
- Changes to squid-3.2.4 (03 Dec 2012):
|
||
- Ported: urllogin ACL from squid 2.7
|
||
- Bug 3688: Lots of Orphan Comm:Connections to ICAP server
|
||
- Bug 3677: Port un-pinning logic changes from squid 3.3
|
||
- Bug 3405: ssl_crtd crashes failing to remove certificate
|
||
- ... and major bugs fixed in squid 3.1.22
|
||
- Fix accept_filter on Linux
|
||
- Remove 'Bungled' warning on missing component directives
|
||
- ... and many buffer and memory leak issues in the bundled helpers
|
||
- ... and a small amount of code polishing
|
||
- remove obsolete glibc-217 patch
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Nov 29 19:10:16 CET 2012 - sbrabec@suse.cz
|
||
|
||
- Verify GPG signature.
|
||
|
||
-------------------------------------------------------------------
|
||
Sat Nov 17 09:38:19 UTC 2012 - aj@suse.de
|
||
|
||
- Fix build with glibc 2.17 (add patch squid-glibc217.patch).
|
||
|
||
-------------------------------------------------------------------
|
||
Sun Oct 21 14:30:21 UTC 2012 - chris@computersalat.de
|
||
|
||
- update to 3.2.3 (21 Oct 2012):
|
||
- Regression: SMP crashes on startup with workers > 1
|
||
- Bug 3655: pinning failure breaks NTLM and Negotiate authentication
|
||
- SMP: Allow a UFS cache_dir entry to coexist with a shared memory cache entry
|
||
- HTTP/1.1: honour Cache-Control before Pragma:no-cache
|
||
- HTTP/1.1: Cache-Control compliance upgrade
|
||
- Remove obsoleted refresh_pattern ignore-no-cache option
|
||
- Fix IPv6 enabled squidclient
|
||
- ... and several compile fixes
|
||
|
||
-------------------------------------------------------------------
|
||
Sat Oct 20 11:52:33 UTC 2012 - chris@computersalat.de
|
||
|
||
- update to 3.2.2 (06 Oct 2012):
|
||
- Regression: Make login=PASS send no credentials when none available
|
||
- Regression: Handle dstdomain duplicates and overlapping names better
|
||
- Bug 3661: Segmentation fault when using more than 1 worker
|
||
- Bug 3660: ACLFilledChecklist::fd set with wrong fd for sslproxy_cert_error
|
||
- Bug 3658: ERR_ZERO_SIZE_OBJECT propagates out even after successful retry
|
||
- Bug 3648: polish String class files
|
||
- Bug 3647: parsing hier_code acl fails
|
||
- Bug 3626: forwarding loops on intercepted traffic
|
||
- Bug 3616: retrieve client connection for ACL checks from the related HttpRequest object
|
||
- Bug 3609: several RADIUS helper improvements
|
||
- Bug 3605: memory leak in Negotiate authentication
|
||
- Fix small memory leak in src ACL parse
|
||
- Fix maximum_single_addr_tries upgrade
|
||
- Fix chunked encoding on responses carrying a Content-Range header.
|
||
- Do not reuse persistent connections for PUTs to avoid ERR_ZERO_SIZE_OBJECT
|
||
- ... and several compile errors
|
||
- fix deps
|
||
* add missing Obsoletes/Provides for squid3
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Aug 15 17:40:30 UTC 2012 - chris@computersalat.de
|
||
|
||
- package rename from squid3 back to squid
|
||
* old 'squid' (2.7STABLE9) now obsolete
|
||
* only one "stable" squid available >= 3.2
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Aug 15 11:46:11 UTC 2012 - chris@computersalat.de
|
||
|
||
- update to 3.2.1 (15 Aug 2012):
|
||
- Bug 3605: memory leak in peer selection
|
||
- Bug 3478: better default handling without -DSTRICT_ORIGINAL_DST
|
||
- ... and some documentation updates
|
||
- rebase squid-config patch
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Aug 3 11:27:00 UTC 2012 - chris@computersalat.de
|
||
|
||
- update to 3.2.0.19 (02 Aug 2012)
|
||
- Regression Bug 3580: IDENT request makes squid crash
|
||
- Regression Bug 3577: File Descriptors not properly closed
|
||
- Regression Bug 3478: Allow peer selection and connection auth on intercepted traffic
|
||
- Regression Fix: Restore memory caching ability
|
||
- Bug 3556 Workaround: epoll assertion failed: comm.cc:1093: isOpen(fd)
|
||
- Bug 3551: store_rebuild.cc:116: "store_errors == 0" assertion
|
||
- Bug 3525: Do not resend nibbled PUTs and avoid "mustAutoConsume" assertion.
|
||
- Avoid bogus "Disk space over limit" warnings when rebuidling dirty ufs index
|
||
- Support custom headers in [request|reply]_header_* manglers
|
||
- ... and much code polishing
|
||
- remove upstream patches
|
||
* 3.2-11611 - 3.2-11638
|
||
- rebase config, nobuilddates, compiled_without_RPM_OPT_FLAGS patches
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Jul 30 23:52:17 UTC 2012 - chris@computersalat.de
|
||
|
||
- add upstream patches
|
||
* 3.2-11631 - 3.2-11638
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Jul 27 13:11:15 UTC 2012 - chris@computersalat.de
|
||
|
||
- update to 3.2.0.18 (29 Jun 2012)
|
||
- Bug 3576: ICY streams being Transfer-Encoding:chunked
|
||
- Bug 3537: statistics histogram leaks memory
|
||
- Bug 3526: digest authentication crash
|
||
- Bug 3484: Docs: sslproxy_cert_error example flawed
|
||
- Bug 3462: Delay Pools and ICAP
|
||
- Bug 3405: ssl_crtd crashes failing to remove certificate
|
||
- Bug 3380: Mac OSX compile errors with CMSG_SPACE
|
||
- Bug 3258: Requests hang when Host forgery verify fails
|
||
- Bug 3186: Digest auth caches failed state without revalidating
|
||
- Bug 2976: ERR_INVALID_URL for transparently captured requests when reconfiguring
|
||
- Bug 2885: AIX: check and set required compiler flags
|
||
- Fix ssl_crtd compile issues with libsslutil
|
||
- Fix build with GCC 4.7 (and probably other C++11 compilers).
|
||
- Fix double-escape of %R on deny_info redirect responses
|
||
- Support status 308 Permanent Redirect
|
||
- Support for TLSv1.1 and TLSv1.2 options and methods
|
||
- Support passing external_acl_type credentials on ICAP
|
||
- Language Updates: fr, hy, pt_BR
|
||
- ... and many compile issues on Windows
|
||
- ... and some minor code polish
|
||
for more info please see ChangeLog
|
||
- remove obsolete swapdir, FSF patches
|
||
- rebase config, nobuilddates patches
|
||
- add upstream patches
|
||
* 3.2-11611 - 3.2-11630
|
||
- add compiled_without_RPM_OPT_FLAGS patch
|
||
* squid3 no-rpm-opt-flags <cmdline>:./cf_gen.cc
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Jun 12 10:22:46 UTC 2012 - chris@computersalat.de
|
||
|
||
- update to 3.1.20
|
||
- Regression Bug 3545: FreeBSD dnsserver segfaults
|
||
- Regression Bug 3504: clientside_tos fails to mark traffic
|
||
- Bug 3539: CONNECT server connection not closed correctly on errors
|
||
- Bug 3502: client timeout uses server-side read_timeout, not request_timeout
|
||
- Bug 3466: Adaptation stuck on last single-byte body piece
|
||
- Bug 3463: dnsserver fails to compile
|
||
- Bug 3439: correct external_acl_type documented default for ipv4/ipv6 option
|
||
- Bug 3390: Proxy auth data visible to scripts
|
||
- Bug 3263: ssl_crtd: undefined references to squid_curtime
|
||
- Bug 3233: Invalid URL accepted with url host is white spaces
|
||
- Bug 3133: Memory leak handling requests for sites that don't exist
|
||
- Bug 3074: Improper URL handling with empty path (RFC 3986)
|
||
- Bug 3013: segmentation fault on shutdown commSetCloseOnExec at comm.cc:1889
|
||
- Regression: snmp/udp address directives not resolving hostname
|
||
- Better helper-to-Squid buffer size management.
|
||
- Support CoAP over HTTP (coap:// and coaps:// URLs)
|
||
- Support for 3.2 error template codes
|
||
- rebase config, swapdir patch
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Feb 17 16:01:23 UTC 2012 - chris@computersalat.de
|
||
|
||
- some cleanup
|
||
* rebase patches (p0), remove version from patch_names
|
||
- add Source signature file
|
||
- add FSF patch (incorrect-fsf-address)
|
||
- add rpmlintrc file
|
||
* macro-in-comment
|
||
* no-manual-page-for-binary
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Feb 15 20:50:59 UTC 2012 - chris@computersalat.de
|
||
|
||
- update to 3.1.19
|
||
- Regression Bug 3441: part 2: Prevent further cache size corruption of swap.state
|
||
- Bug 3473: erase last uses of obsolete auth_user_hash_pointer
|
||
- Bug 3470: GCC 4.7
|
||
- Bug 3442: assertion failed: external_acl.cc:908: ch->auth_user_request != NULL
|
||
- Bug 3441: part 1: Minimize cache size corruption by malformed swap.state
|
||
- Bug 3440: compile error in Adaptation
|
||
- Bug 3420: Request body consumption races and !theConsumer exception
|
||
- Bug 3370: external ACL sometimes skipping
|
||
- Bug 3085: Crash when parsing esi:include
|
||
- HTTP/1.1: do not add 110 and 111 Warnings to revalidated responses
|
||
- Fix SSL library dependency fixes
|
||
- remove obsolete upstream patches
|
||
* squid-3.1-10415 - ..421
|
||
- add squid source signature file
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Jan 16 13:49:22 UTC 2012 - chris@computersalat.de
|
||
|
||
- add upstream patches
|
||
* 3.1-10419: Bug #3085: Crash when parsing esi:include
|
||
* 3.1-10420: Bug #3473: erase last uses of obsolete auth_user_hash_pointer
|
||
* 3.1-10421: Bug #3420: Request body consumption races and !theConsumer
|
||
exception.
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Dec 21 12:12:09 UTC 2011 - chris@computersalat.de
|
||
|
||
- fix for bnc#737905
|
||
* fix test EXPRESSION in post section
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Dec 12 12:47:50 UTC 2011 - chris@computersalat.de
|
||
|
||
- add upstream patches
|
||
* 3.1-10417: Polish: debug messages on swap.state rename failure
|
||
* 3.1-10418: Bug #3442: assertion failed: external_acl.cc:908:
|
||
ch->auth_user_request != NULL
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Dec 7 22:33:43 UTC 2011 - chris@computersalat.de
|
||
|
||
- fix build
|
||
* add upstream patches
|
||
- 3.1-10415: Portability: SSL library dependency fixes
|
||
- 3.1-10416: Bug #3440: compile error in Adaptation
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Dec 5 09:21:26 UTC 2011 - chris@computersalat.de
|
||
|
||
- update to 3.1.18
|
||
- Regression: compile error in FTP
|
||
- Changes to squid-3.1.17 (03 Dec 2011):
|
||
- Bug 3432: Crash logging FTP errors
|
||
- Bug 3428: Active FTP data channel accepted twice
|
||
- Bug 3423: access violation in URL parser
|
||
- Bug 3422: Buffer overflow in recv-announce
|
||
- Bug 3412: External ACL Uses Invalid Cache Entry
|
||
- Bug 3408: Wrong header length leads to EFAULTs when creating UFS swap.log.new
|
||
- Bug 3398: persistent server connection closed after PUT/DELETE
|
||
- Bug 3299: dnsserver: various undefined references
|
||
- Bug 3077: '\' in url query strings cause Digest authentication to fail
|
||
- Bug 2910: MemBuf may grow beyond max_capacity
|
||
- Bug 2619: Excessive RAM growth due to unlimited adapted body data consumption
|
||
- Bug 1243: Build overrides configured AR setting
|
||
- Avoid crashes when processing bad X509 common names (CN).
|
||
- Support %% in external ACL format
|
||
- ... and several other compile error fixes
|
||
- ... and several documentation fixes
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Nov 30 18:58:11 UTC 2011 - crrodriguez@opensuse.org
|
||
|
||
- make coolo's bot reviewer happy
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Nov 30 18:11:27 UTC 2011 - crrodriguez@opensuse.org
|
||
|
||
- Use service type "simple"
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Nov 28 20:18:40 UTC 2011 - crrodriguez@opensuse.org
|
||
|
||
- Support systemd
|
||
|
||
-------------------------------------------------------------------
|
||
Sun Nov 27 06:56:29 UTC 2011 - coolo@suse.com
|
||
|
||
- add libtool as buildrequire to avoid implicit dependency
|
||
|
||
-------------------------------------------------------------------
|
||
Sat Oct 15 14:00:35 UTC 2011 - chris@computersalat.de
|
||
|
||
- update to 3.1.16
|
||
- Bug 3373: invalid URL in ERR_CACHE_ACCESS_DENIED
|
||
- Bug 3368: Unhandled exceptions are not logged (workaround)
|
||
- Bug 3326: miss_access incorrect default
|
||
- Bug 3320: miss_access description confusing
|
||
- Bug 3241: squid_kerb_auth cross compilation fix
|
||
- Bug 3237: seq fault in free() from rfc1035RRDestroy
|
||
- Bug 3190: Large HTTP POST stuck after early ICAP 400 error response
|
||
- db_auth: display available DSN drivers on connect error
|
||
- Updated OpenSSL 1.0.0 version checks
|
||
- ... and several documentation fixes
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Oct 5 00:32:36 UTC 2011 - crrodriguez@opensuse.org
|
||
|
||
- Build with -DOPENSSL_LOAD_CONF see OPENSSL_config(3) for detail
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Aug 30 15:44:50 UTC 2011 - chris@computersalat.de
|
||
|
||
- update to 3.1.15
|
||
- Regression fix: vhost and defaultsite causing vport to be ignored
|
||
- Regression Bug 3295: broken escaping in rfc1738_do_escape
|
||
- Bug #3232: fails to compile with OpenSSL v1.0.0
|
||
- Bug #3222: cache_peer name is not logging on CONNECT
|
||
- Bug #3131: fd_table[fd].closing() assert
|
||
from ConnStateData::noteMoreBodySpaceAvailable()
|
||
- Bug #3217: "!fd_table[fd].closing()"
|
||
from ServerStateData::noteMoreBodySpaceAvailable
|
||
- Bug #3213: https sites (CONNECT) not open when using NTLM
|
||
- Bug #3114: Memory leak in SSL certificate verify code
|
||
- Bug #3107: ncsa_auth DES silently truncates passwords to 8 bytes
|
||
- Bug #2662: cf_gen failure when cross compiling
|
||
- Bug #2655: passing wrong the username to the url_rewrite_program
|
||
- Bug #2495: ignore whitespace prefix on config lines
|
||
- Bug #2051: 'default' cache_peer option does not match documentation
|
||
- Bug #1842: Optimize order of tests in peerWouldBePinged() and peerHTTPOkay()
|
||
- Bug #1791: timestampsSet does not validate Date: if server sends very old date
|
||
- Correct parsing of large Gopher indexes
|
||
- Enable negative cacheing on unknown or -1 expiry timestamp
|
||
- Remove hierarchy_stoplist default value
|
||
- Migrate cf_gen tool from C-style to C++
|
||
- ... and several documentation and compiler warning fixes
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Aug 18 04:33:40 UTC 2011 - crrodriguez@opensuse.org
|
||
|
||
- Disable "ident" lookups, obsolete and dangerous thing
|
||
to have enabled these days.
|
||
|
||
-------------------------------------------------------------------
|
||
Sun Jul 24 14:29:24 UTC 2011 - chris@computersalat.de
|
||
|
||
- fix build for SLE_10
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jul 20 04:29:08 UTC 2011 - crrodriguez@opensuse.org
|
||
|
||
- This is a long running network daemon, build with
|
||
full RELRO
|
||
- remove -fno-strict-aliasing, no longer needed.
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Jul 4 22:05:17 UTC 2011 - chris@computersalat.de
|
||
|
||
- update to 3.1.14
|
||
- Regression Bug 3261: Could not create a DNS socket and exit
|
||
- 3.1.13
|
||
- Regression Bug 3239: problems with myip/myport upgrade
|
||
- Bug 3153: hung ICAP RESPMOD transactions
|
||
- Update ssl_crtd to use 'OK' status inline with other helpers
|
||
- remove obsolete upstream patches (10319,10320)
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Jun 27 13:42:53 UTC 2011 - chris@computersalat.de
|
||
|
||
- add upstream patches
|
||
o 10319, SourceFormat Enforcemen
|
||
o 10320, Bug 3153: additional compile fixes
|
||
|
||
-------------------------------------------------------------------
|
||
Sun Jun 19 18:37:40 UTC 2011 - chris@computersalat.de
|
||
|
||
- update to 3.1.12.3
|
||
- Bug 3236: Port of %oa, %<lp and %<lp and %<la log format options
|
||
- Bug 3214: unexpected read from ssl_crtd
|
||
- Bug 3153: Prevent ICAP RESPMOD transactions getting stuck with the adapted body
|
||
- Fix RADIUS helper resource leak
|
||
- Fix segfault parsing digest auth realm
|
||
- Fix segfault in parse_eol()
|
||
- Fixed bypass of SSL certificate validation errors
|
||
- Warn about myip/myport problems on interception proxies
|
||
- Polish: display easily grepped config lines on -k parse
|
||
- Fix squidclient -V option and allow non-HTTP protocols to be tested
|
||
- rework patches
|
||
o swapdir 3.1.10 -> 3.1.12.3
|
||
o nobuilddates 3.1.12 -> 3.1.12.3
|
||
- remove obsolete patches
|
||
o 3.1.11-unused
|
||
o 3.1.12-no-sslv2
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Jun 2 14:33:36 UTC 2011 - chris@computersalat.de
|
||
|
||
- update to 3.1.12.2
|
||
- Bug 3226: Tags from external ACLs do not correctly expire
|
||
- Bug 3215: Malformed IPv6 DNS reverse lookup
|
||
- Bug 3209: ssl-bumped requests forwarded unencrypted to the parent proxies/caches
|
||
- Bug 3205: SSL-bump starts then hangs
|
||
- Bug 3178: gcc-4.6 complains unused variables
|
||
- Bug 3122: Unknown record type in WCCPv2 Packet (6)
|
||
- Bug 2965 (partial): Compile errors on MinGW
|
||
- Fix to only ssl-bump CONNECT requests if they are about to be tunneled
|
||
- Fix cache manager display of -i/+i in regex ACL config display
|
||
- Fix cache manager display of cache_peer options userhash and sourcehash
|
||
- Fix URL re-writer loosing many transaction details
|
||
- Fix always-true comparison in ICAP for some 32-bit platforms
|
||
- Support for 'slow' group ACLs in ssl_bump access control
|
||
- Support OpenSSL 1.0.0 built without SSLv2
|
||
- Support GCC 4.6 and binutils-gold
|
||
- Add CSS id attribute to BODY tag of generated error pages.
|
||
- Display WARNING and ERROR when max_filedescriptors has failed
|
||
|
||
-------------------------------------------------------------------
|
||
Thu May 5 19:27:36 UTC 2011 - chris@computersalat.de
|
||
|
||
- update to 3.1.12.1
|
||
- Port from 3.2: Dynamic SSL Certificate generation
|
||
- Bug 3194: selinux may prevent ntlm_smb_lm_auth from using /tmp
|
||
- Bug 3185: 3.1.11 fails to compile on OpenBSD 4.8 and 4.9
|
||
- Bug 3183: Invalid URL accepted with url host part of only '@'
|
||
- Display ERROR in cache.log for invalid configured paths
|
||
- Cache Manager: send User-Agent header from cachemgr.cgi
|
||
- ... and many portability compile fixes for non-GCC systems.
|
||
|
||
-------------------------------------------------------------------
|
||
Tue May 3 17:57:56 UTC 2011 - chris@computersalat.de
|
||
|
||
- rework initscript
|
||
o rename source to squid.init
|
||
o ShouldStart winbind
|
||
o setup cache_dir only if defined in squid.conf
|
||
otherwise squid won't start, cause cache_dir is not set by default
|
||
o new vars to squid.sysconfig
|
||
default_opts '-sYD' -> '-sY' (-D obsolete)
|
||
- remove author from spec
|
||
- updated unused patch (idoenmez@novell.com)
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Apr 29 11:10:06 UTC 2011 - idoenmez@novell.com
|
||
|
||
- Add squid-3.1.11-unused.patch: remove write only variables to
|
||
fix compilation with gcc 4.6
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Apr 21 16:05:07 UTC 2011 - chris@computersalat.de
|
||
|
||
- mv RPM_BUILD_ROOT to {buildroot}
|
||
- fdupes only on {buildroot}{_prefix}
|
||
o no symlinks on config files ;)
|
||
hence configs won't be overwritten on update
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Apr 12 13:11:40 UTC 2011 - chris@computersalat.de
|
||
|
||
- rework config patch
|
||
o 3.1.4 -> 3.1.12
|
||
- add some comments for patches
|
||
- sort header TAGS
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Apr 11 03:03:01 UTC 2011 - crrodriguez@opensuse.org
|
||
|
||
- Allow compile without SSLv2
|
||
o no-sslv2 patch
|
||
- Supress build dates in binaries.
|
||
o nobuilddates patch
|
||
- Default cache storage type should be "aufs" in Linux
|
||
o update config patch
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Apr 6 14:15:58 UTC 2011 - chris@computersalat.de
|
||
|
||
- update to 3.1.12
|
||
(Bugs tracked by http://bugs.squid-cache.org/)
|
||
- Regression fix: Use bigger buffer for server reads.
|
||
- Regression fix: Add reply_header_replace directive for ability lost since 2.7
|
||
- Bug 3181: /dev/poll fails to build on Solaris with GCC 4.5.0
|
||
- Bug 3177: assertion failed: comm.cc:1583: "fd >= 0"
|
||
- Bug 3175: IPv6 PTR lookup crashes on raw-IP URLs when IPv6 disabled
|
||
- Bug 3173: Assertion bodyPipe!=NULL on SslBump CONNECT response writing failure
|
||
- Bug 3164: Total memory info display 32-bit overflows
|
||
- Bug 3155: Werror is hard-coded in libTrie build
|
||
- Bug 3151: squid_kerb_auth: use autoconf LIBS instead of FLAGS for library linkage
|
||
- Bug 2976: invalid URL on intercepted requests during reconfigure
|
||
- Bug 2720: comment in same line as cache/mem_replacement_policy causes error
|
||
- Bug 2621: Provide request headers to RESPMOD when using cache_peer.
|
||
- Bug 2330: AuthUser objects are never unlocked
|
||
- Prevent CONNECT request relaying to origin servers
|
||
- squidclient HTTP/1.1 compliance updates (Pragma and User-Agent headers)
|
||
- squidclient: send Cache Manager password using -w
|
||
- eCAP: give full Request-URI to adapters
|
||
- ... and several debug and error display cleanups
|
||
|
||
-------------------------------------------------------------------
|
||
Sun Feb 13 17:03:55 UTC 2011 - chris@computersalat.de
|
||
|
||
- update to 3.1.11
|
||
- Bug 3149: not caching eCAP adapted body
|
||
- Bug 3144: redirector program blocks while reading STDIN
|
||
- Bug 3140: memory leak in error page generation
|
||
- Bug 3137: RADIUS auth helper does not send identifier to RADIUS server
|
||
- Bug 3115: logging segfaults if access_log is set to a directory
|
||
- Bug 2968: Show the Vary: headers information in cachemgr objects report
|
||
- Bug 2959: remove SAMBAPREFIX dependency
|
||
- Bug 2868: icc doesn't like string literal in assert checks
|
||
- HTTP/1.1: Send 307 status on deny_info redirection
|
||
- HTTP/1.1: Support POST/PUT with no body
|
||
- HTTP/1.1: Allow persistent connections for Mozilla/3.0 User-Agents
|
||
- Support RFC 5861 Cache-Control: stale-if-error option
|
||
- Add ftp_eprt directive to disable EPRT extensions in FTP
|
||
- Fix external_acl_type grace=0 to obey TTL
|
||
- Fix IP/FQDN cache accounting to avoid idle caches on busy servers
|
||
- Prevent pipeline_prefetch misconfigurations breaking NTLM/Negotiate auth
|
||
- ... and some documentation updates and corrections
|
||
- ... and some portability and stability fixes
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Jan 4 11:49:40 UTC 2011 - chris@computersalat.de
|
||
|
||
- update to 3.1.10
|
||
- Bug 3121: memory leak in DigestAuth: AuthUser object is locked twice
|
||
- Bug 3113: Consuming too much memory when uploading files
|
||
- Bug 3110: 'reply_body_max_size none' does not work with x-forwarded-for
|
||
- Bug 3096: Consuming too much memory when delaying traffic
|
||
- Bug 3091: Bypassed ICAP errors are not counted as service failures
|
||
- Bug 3090: Polish FTP login error handing
|
||
- Bug 3068: cache_dir capacity and usage overflows
|
||
- Bug 3028: Permit wbinfo_group.pl to authenticate Kerberos users with NT domain
|
||
- Bug 427: HTTP Compliance: Support If-Match and If-None-Match requests
|
||
- Fix memory leak in adaptation_access
|
||
- Fix /dev/poll and poll() selection priority
|
||
- Fix PREFIX/var/run creation during install
|
||
- Fix cachemgr http_port config report display
|
||
- Add upgrade help process for obsolete options
|
||
- Accept RFC 2965 Set-Cookie2 / Cookie2 headers as 'known'
|
||
- HTTP/1.1: entry is stale if request has max-age=0
|
||
- HTTP/1.1: do not forward TRACE with Max-Forwards: 0 after REQMOD
|
||
- Toolchain update to support newer auto-tools
|
||
- ... and updated error page translations
|
||
- ... and updated documentation
|
||
- ... and some code optimization/simplification polish
|
||
- reworked swapdir patch
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Oct 29 23:57:39 UTC 2010 - chris@computersalat.de
|
||
|
||
- update to 3.1.9
|
||
- Bug 3088: dnsserver is segfaulting
|
||
- Bug 3084: IPv6 without Host: header in request causes connection to hang
|
||
- Bug 3082: Typo in error message
|
||
- Bug 3073: tunnelStateFree memory leak of host member
|
||
- Bug 3058: errorSend and ICY leak MemBuf object
|
||
- Bug 3057: 64-bit Solaris 9 Squid unable to determine peer IP and port
|
||
- Bug 3056: comm.cc "!fd_table[fd].closing()" assertion crash when a helper dies
|
||
- Bug 3053: cache version 1 LFS support detection broken
|
||
- Bug 3051: integer display overflow
|
||
- Bug 3040: Lower-case domain entries from hosts and resolv.conf files
|
||
- Bug 3036: adaptation_access acls cannot see myportname
|
||
- Bug 3023: url_rewrite_program silently fails to rewrite on broken URLs
|
||
- Bug 2964: Prevent memory leaks when ICAP transactions fail
|
||
- Bug 2808: getRoundRobinParent not handling weights correctly
|
||
- Bug 2793: memory statistics sometimes display wrong
|
||
- Bug 2356: Port from 2.7: Solaris /dev/poll event ports support
|
||
- Bug 2311: crashes with ICAP RESPMOD for HTTP body size greater than 100kb
|
||
- Ensure /var/cache or jail equivalent exists on install
|
||
- HTTP/1.1: delete Warnings that have warning-date different from Date
|
||
- HTTP/1.1: do not remove ETag header from partial responses
|
||
- HTTP/1.1: make date parser stricter to better handle malformed Expires
|
||
- HTTP/1.1: improve age calculation
|
||
- HTTP/1.1: reply with a 504 error if required validation fails
|
||
- HTTP/1.1: add appropriate Warnings if serving a stale hit
|
||
- HTTP/1.1: support requests with Cache-Control: min-fresh
|
||
- HTTP/1.1: do not cache replies to requests with Cache-Control: no-store
|
||
- squidclient: Display IP(s) connected to in verbose (-v) display
|
||
- Fixes several issues with ICAP persistent connections
|
||
- Fixes small leaks in Netdb, DNS, ICAP, ICY, HTTPS
|
||
- ... and some cosmetic polishing
|
||
- removed obsolete patches
|
||
o squid-beta-3.0-ia64 (upstream)
|
||
o squid-beta-3.0-mem_node_64bit (not needed, Amos)
|
||
o squid-3.1.4-openldap (not needed, Amos)
|
||
- reworked swapdir patch
|
||
o send upstream
|
||
|
||
-------------------------------------------------------------------
|
||
Sun Sep 5 18:49:46 UTC 2010 - chris@computersalat.de
|
||
|
||
- update to 3.1.8
|
||
- Bug 3033: incorrect information regarding TOS
|
||
- Bug 3020: Segmentation fault: nameservers[vc->ns].vc = NULL
|
||
- Bug 3005,2972: Locate LTDL headers correctly (again)
|
||
- Bug 2872: leaking file descriptors
|
||
- Bug 2583: pure virtual method called
|
||
- Hardened DNS client against packet queue attacks
|
||
- Hardened HTTP request-line parser
|
||
- Several HTTP/1.1 support improvements
|
||
- Improved cross-compile support
|
||
- .. and several internal pointer safety fixes
|
||
- remove obsolete patches
|
||
o bug2972-real-fix.patch
|
||
o squid-bootstrap.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Aug 31 13:43:26 UTC 2010 - chris@computersalat.de
|
||
|
||
- added bug2972-real-fix.patch
|
||
o fix build for SLE_10
|
||
o but impossible to apply LDAP patch
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Aug 25 09:46:36 UTC 2010 - chris@computersalat.de
|
||
|
||
- update to 3.1.7
|
||
- Regression Bug 3021: Large DNS reply causes crash
|
||
- Regression Bug 3011: ICAP, HTTPS, cache_peer probe IPv4-only port fixes
|
||
- Regression Bug 2997: visible_hostname directive no longer matches docs
|
||
- Bug 3012: deprecate sslBump and support ssl-bump spelling in http_port
|
||
- Bug 3006: handle IPV6_V6ONLY definition missing
|
||
- Bug 3004: Solaris 9 SunStudio 12 build failure
|
||
- Bug 3003: inconsistent concepts in documentation of cache_dir
|
||
- Bug 3001: dnsserver link issues
|
||
- HTTP/1.1: default keep-alive for 1.1 clients (bug 3016)
|
||
- HTTP/1.1: Improved Range header field validation
|
||
- HTTP/1.1: Forward multiple unknown Cache-Control directives
|
||
- HTTP/1.1: Stop sending Proxy-Connection header
|
||
- Fix 32-bit wrap in refresh_pattern min/max values
|
||
- ... and several documentation corrections.
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Aug 10 11:07:29 UTC 2010 - chris@computersalat.de
|
||
|
||
- update to 3.1.6
|
||
- Bug 2994, 2995: IPv4-only regressions
|
||
- Bug 2991: Wrong parameters to fcntl() in commSetCloseOnExec()
|
||
- Bug 2975: chunked requests not supported after regular ones
|
||
- Fix: 32-bit overflow in reported bytes received from next hop
|
||
- Fix Libtool build regressions
|
||
- Limited split-stack IPv6 support.
|
||
- squid_db_auth support MD5 encrypted passwords
|
||
|
||
-------------------------------------------------------------------
|
||
Sun Jul 25 16:16:47 UTC 2010 - chris@computersalat.de
|
||
|
||
- update to 3.1.5
|
||
- Bug 2967: raw-IPv6 address URL with append_domain broken
|
||
- Bug 2950: HTTP responses with no Date, L-M or Expires can now be cached
|
||
- Bug 2943: ICAP tokens not logged when using multiple access
|
||
- Bug 2937: Fails to detect chunked encoding if not given in all lower case
|
||
- Bug 2903: does not send indirect X-Client-Ip in ICAP respmod
|
||
- Fix free memory corruption and off-by-one error when comparing SNMP OIDs
|
||
- Port from 2.7: max_filedescriptor config option
|
||
- Fix persistent_connection_after_error is meant to be on by default
|
||
- ... and several build errors.
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jun 9 11:51:33 UTC 2010 - chris@computersalat.de
|
||
|
||
- fix build for SLE_10
|
||
o added bootstrap patch
|
||
o fix permissions.secure for pam_auth
|
||
- spec mods
|
||
o build with --mandir
|
||
o add BuildReq libcap-devel (TPROXY)
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Jun 8 20:54:20 UTC 2010 - chris@computersalat.de
|
||
|
||
- new version 3.1.4
|
||
- Bug 2933: Verification of the max. port number for WCCP2 dynamic service
|
||
- Bug 2924: RADIUS helper compile issues
|
||
- Bug 2922: Fix assertion failed: HttpHeader.cc: "Headers[id].stat.aliveCount"
|
||
- Bug 2919: tcp_outgoing_address ACLs not obeying acl_uses_indirect_client
|
||
- Bug 2896: Fix assertion failed: comm.cc:2063: "!fd_table[fd].closing()"
|
||
- Bug 2879: pt2: 3.0 regression in headers end finding
|
||
- Bug 2877: pt2: only output zero-size warning on reverse-proxy requests
|
||
- Bug 2876: FD_SETSIZE override not working on all linux distributions
|
||
- Bug 2810: common log format generates 2 lines of syslog
|
||
- Bug 2789: Optimize unlimited memory pools, and correctly handle limits over 2GB
|
||
- Bug 2753: Fall back on IPv4 if IPv6 is not present
|
||
- Bug 2697: Adaptation leaks and extra requests after reconfiguration
|
||
- Bug 2633: Fix Ecap::HeaderRep::value(name) fails when there is no named header field
|
||
- Change LDAP helpers to default to LDAP version 3 if available
|
||
- Add Joomla and Salted Hash support to squid_db_auth helper
|
||
- Fixed IpAddress port printing for ports higher than 9999
|
||
- Disable chunked memory pooling by default.
|
||
- ... and several build errors.
|
||
- reworked config patch with fuzz=0
|
||
- removed libxml2 patch
|
||
- added swapdir patch
|
||
- reworked ldap patch
|
||
- adopt build_option storeio: (build all)
|
||
o --enable-storeio=aufs,diskd,null,ufs -> --enable-storeio
|
||
- adopt build_option ntlm-auth-helpers: SMB -> smb_lm
|
||
o ntlm_auth -> ntlm_smb_lm_auth
|
||
- enable parallel build
|
||
- fix permissions file
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Mar 16 22:18:08 UTC 2010 - chris@computersalat.de
|
||
|
||
- new version 3.0.STABLE25
|
||
- Bug 2845: Rework the http digest auth parser
|
||
- Bug 2787: unknown/unexpected status code messages
|
||
- Bug 2507: squid_ldap_group: Strip Domain name separated by +
|
||
- Bug 2367: stale=true on digest requests with unknown nonce
|
||
- ... and several other minor corrections
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Feb 16 09:33:33 UTC 2010 - chris@computersalat.de
|
||
|
||
- new version 3.0.STABLE24
|
||
* Bug 2858: Segment violation in HTCP
|
||
* Updated refresh pattern for dynamic pages
|
||
- version 3.0.STABLE23
|
||
* Bug 2856: removing assert() required for 3.0 patch for SQUID-2010:1
|
||
* Regression Fix: Build error in Kerberos helper after library removal.
|
||
- version 3.0.STABLE22
|
||
* Regression Fix: Make Squid abort on all config parse failures.
|
||
* Bug 2787: Reduce unexpected http status to non-critical warnings.
|
||
* Bug 2496: Downloading some variants in full before relaying
|
||
* Bug 2452: Add upper limit to external_acl_type entries.
|
||
* Removed optional kerberos/spnegohelp/ library due to licensing issues
|
||
* Add client_ip_max_connections
|
||
* Handle DNS header-only packets as invalid.
|
||
- version 3.0.STABLE21
|
||
* Bug 2830: Clarify where NULL byte is in headers.
|
||
* Bug 2778: Linking issues using SunCC
|
||
* Bug 2395: FTP errors not displayed
|
||
* Bug 2155: Assertion failures on malformed Content-Range response headers
|
||
* Fix parsing and a few bugs in ACL time type
|
||
* Fix RFC keep-alive compliance on intercepted replies
|
||
* Improved security hardening on %nn parser
|
||
* Replace several GCC-specific code snippets.
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Nov 9 20:40:30 UTC 2009 - chris@computersalat.de
|
||
|
||
- new version 3.0.STABLE20
|
||
* Bug 2794: ESI parsing on FreeBSD
|
||
* Bug 2791: assertion failed: MemBuf.cc:400: new_cap > (size_t) capacity
|
||
* Bug 2779: Support GNU/kFreeBSD
|
||
* Bug 2773: Segfault in RFC2069 Digest authantication
|
||
* Bug 2768: squid_ldap_group argument parsing error
|
||
* Bug 2761: Gopher and double HTTP response header
|
||
* Bug 2735: Incomplete -fhuge-objects detection
|
||
* Bug 2722: prevent CONNECT via http_port with accel
|
||
* Bug 2624: Invalid response for IMS request
|
||
* Bug 2510: digest_ldap_auth TLS support
|
||
* Correct LINUX_CAPABILITY actions on non-Linux
|
||
- removed old upstream patches
|
||
o squid-3.0-9107.patch - squid-3.0-9124.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Oct 7 23:58:37 CEST 2009 - chris@computersalat.de
|
||
|
||
- added upstream patches
|
||
o squid-3.0-9107.patch - squid-3.0-9124.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Sep 14 13:37:55 UTC 2009 - chris@computersalat.de
|
||
|
||
- new version 3.0.STABLE19
|
||
* Bug 2745: Invalid Response error on small reads
|
||
* Bug 2739: DNS resolver option ndots can't be parsed from resolv.conf
|
||
* Bug 2734: some compile errors on Solaris
|
||
* Bug 2648: stateful helpers stuck in reserved if client disconnects while helper busy
|
||
* Bug 2541: Hang in 100% CPU loop while extacting header details
|
||
using a delimiter other than comma
|
||
* Bug 2362: Remove support for deferred state in stateful helpers
|
||
* Add 0.0.0.0 as a to_localhost address
|
||
* Docs: Improve chroot directive documentation slightly
|
||
* Fixup libxml2 include magics, was failing when a configure cache was used
|
||
* ... and some minor testing improvements.
|
||
- spec mods
|
||
o adding group winbind, add squid to group winbind
|
||
when using squid with samba-winbind for ntlm_auth
|
||
squid needs read access to /var/lib/samba/winbindd_privileged
|
||
group winbind is added if squid is installed before winbind ;)
|
||
|
||
-------------------------------------------------------------------
|
||
Sat Sep 5 20:21:53 CEST 2009 - chris@computersalat.de
|
||
|
||
- added upstream patches
|
||
o b9097 - b9103
|
||
- rpmlint
|
||
o added fdupes
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Sep 2 13:15:45 UTC 2009 - chris@computersalat.de
|
||
|
||
- cleanup spec
|
||
o removed #--------
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Sep 1 10:04:02 CEST 2009 - coolo@novell.com
|
||
|
||
- remove outdated patches
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Aug 31 10:30:54 CEST 2009 - coolo@novell.com
|
||
|
||
- merge factory changes with buildservice
|
||
|
||
-------------------------------------------------------------------
|
||
Sun Aug 30 20:03:46 UTC 2009 - aj@suse.de
|
||
|
||
- Fix patch numbering for rpm 4.7.
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Aug 26 12:53:54 CEST 2009 - mls@suse.de
|
||
|
||
- make patch0 usage consistent
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Aug 21 13:27:52 UTC 2009 - chris@computersalat.de
|
||
|
||
- added upstream patches
|
||
o b9095, b9096
|
||
|
||
-------------------------------------------------------------------
|
||
Sat Aug 15 16:26:30 CEST 2009 - chris@computersalat.de
|
||
|
||
- added upstream patches
|
||
o b9089 - b9094
|
||
o disabled b9089,b9090,b9092 cause can not patch inexistent file
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Aug 11 11:10:13 UTC 2009 - chris@computersalat.de
|
||
|
||
- new version 3.0.STABLE18:
|
||
* Bug 2728: regression: assertion failed: !eof
|
||
* Bug 2732: reply_body_max_size smaller than error page loops
|
||
infinitely until out of memory
|
||
* Bug 2725: pconn failure if domain or client_address are unset
|
||
* Bug 2648: reserved helpers not shut down after reconfigure/rotate
|
||
* Bug 2462: make check should tell when cppunit is missing
|
||
* Remove excess messages about headers < minimum size
|
||
* Support Libtool 2.2.6
|
||
- Changes to squid-3.0.STABLE17 (27 Jul 2009):
|
||
* Bug 2680 regression: Crash after rotate with no helpers running
|
||
* Bug 2710: squid_kerb_auth non-terminated string
|
||
* Bug 2679: strsep and strtoll detection failure
|
||
* Bug 2674: Remove limit on HTTP headers read.
|
||
* Bug 2659: String length overflows on append, leading to segfaults
|
||
* Bug 2620: Invalid HTTP response codes causes segfault
|
||
* Bug 2080: wbinfo_group.pl - false positive under certain conditions
|
||
* Bug 1087: ESI processor not quoting attributes correctly.
|
||
* Fix: issue with AUFS/UFS/DiskD writing objects to disk cache
|
||
* Several small build issues with previous release.
|
||
for full changes list, see:
|
||
http://www.squid-cache.org/Versions/v3/3.0/squid-3.0.STABLE18-RELEASENOTES.html
|
||
- removed squid-3.0.STABLE16-gcc_warn_kerb_auth.patch
|
||
- removed changed, deprectated configure options
|
||
o deprecated:
|
||
--enable-poll
|
||
o changed to default:
|
||
--enable-htcp
|
||
--enable-snmp
|
||
|
||
-------------------------------------------------------------------
|
||
Sat Jul 25 19:27:34 CEST 2009 - chris@computersalat.de
|
||
|
||
- spec mods
|
||
* removed ^----------
|
||
* removed ^#---------
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Jul 23 18:22:09 CEST 2009 - chris@computersalat.de
|
||
|
||
- new version 3.0.STABLE16:
|
||
* Bug 2672: cacheMemMaxSize 32-bit overflow during snmpwalk
|
||
* Bug 2481: Don't set expires: now in generated error responses
|
||
* Bug 2387: The calculation of the number of hash buckets correctly
|
||
* Fix infinite loop in MSNT auth helper
|
||
* Fix FD_SETSIZE on FreeBSD
|
||
* Fix stripping NT domain in squid_ldap_group
|
||
* Fix RADIUS auth helper build
|
||
* Add Translate: and Unless-Modified-Since: headers to known list
|
||
* Make fakeauth handle NTLMv2 better
|
||
* Better Kerberos support detection
|
||
* Several Widows port fixes
|
||
- Changes to squid-3.0.STABLE16-RC1 (16 May 2009):
|
||
* Bug 1148: Ported from 3.1: Chunked Transfer Encoding
|
||
* Bug 2648: NTLM helpers not shutting down when deferred
|
||
- Changes to squid-3.0.STABLE15 (06 May 2009):
|
||
* Regression Bug 2635: Incorrect Max-Forwards header type
|
||
* Bug 2652: 'Success' error on CONNECT requests
|
||
* Bug 2625: IDENT receiving errors
|
||
* Bug 2610: ipfilter support detection
|
||
* Bug 2578: FTP download resume failure
|
||
* Bug 2536: %H on HTTPS error pages
|
||
* Bug 2491: assertion "age >= 0"
|
||
* Bug 2276: too many NTLM helpers running
|
||
* Endian system and compiler fixes provided by the NetBSD project
|
||
* documentation fixes provided by the Debian project
|
||
- Changes to squid-3.0.STABLE14 (11 Apr 2009):
|
||
* Regression Fix: HTTP/0.9 in accelerator mode
|
||
* Bug 1232: cache_dir parameter limited to only 63 entries
|
||
* Bug 1868: support HTTP 207 status
|
||
* Bug 2518: assertion failure on restart/reconfigure
|
||
* Bug 2588: coredump in rDNS lookup
|
||
* Bug 2595: Out of bounds memory write in squid_kerb_auth
|
||
* Bug 2599: Idempotent start
|
||
* Bug 2605: Prevent setsid() on helpers in daemon mode
|
||
* Fix external_acl_type option parsing
|
||
* Fix delay pools counters on FTP
|
||
* Fix several issues with ident (some remain)
|
||
* Fix performance issues with persistent connections
|
||
* Fix performance issues with delay pools
|
||
* Fix forwarding of OPTIONS requests
|
||
* Add support for HTTP 1.1 Content-Disposition header
|
||
* Add support for Windows 7, Windows Server 2008 R2 and later
|
||
* ... and many small documentation updates
|
||
for full changes list, see:
|
||
http://www.squid-cache.org/Versions/v3/3.0/squid-3.0.STABLE16-RELEASENOTES.html
|
||
- reworked gcc_warn_kerb_auth
|
||
* was partially added
|
||
- added after RELEASE patches
|
||
* b9052 - b9067
|
||
for full changes list, see:
|
||
http://www.squid-cache.org/Versions/v3/3.0/changesets/SQUID_3_0_STABLE16.html
|
||
- some spec mods
|
||
* removed {rel}
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jun 10 16:54:49 CEST 2009 - ro@suse.de
|
||
|
||
- strchr returns a const char* now, work around
|
||
|
||
-------------------------------------------------------------------
|
||
Sun May 3 15:34:27 CEST 2009 - chris@computersalat.de
|
||
|
||
- some spec fixes
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Feb 19 19:53:26 UTC 2009 - chris@computersalat.de
|
||
|
||
- new version 3.0.STABLE13:
|
||
* following patches removed from build
|
||
* b8898.patch
|
||
* b8900.patch
|
||
* b8902.patch
|
||
* b8904.patch
|
||
* b8905.patch
|
||
* b8906.patch
|
||
* b8907.patch
|
||
- some rpmlint fixes
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Feb 18 12:37:05 UTC 2009 - chris@computersalat.de
|
||
|
||
- fixed failing fillup
|
||
- fixed expansion error for SLES_9
|
||
- added KRB5_KTNAME to sysconfig file
|
||
mods to init script
|
||
- added README.kerberos
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jan 28 16:40:00 CET 2009 - kssingvo@suse.de
|
||
|
||
- update to squid-3.0.STABLE13 with these fixes:
|
||
* ICAP filters break download resume
|
||
* HTCP fails without icp_port
|
||
* logformat '%tl' field not working as advertised
|
||
* Policy: Change half_closed_clients default to off
|
||
* Policy: Removed -V command line option, deprecated by 2.6
|
||
* filedescriptors being left unnecessary opened
|
||
* fault passing ICAP filtered traffic to peers
|
||
* Sefgaults in MemBuf::reset during idnsSendQuery
|
||
* bad default in ACLChecklist
|
||
* access.log request size tag
|
||
* cache_peer forceddomainname=X option
|
||
... and few minor ones. For complete list see:
|
||
http://www.squid-cache.org/Versions/v3/3.0/changesets/SQUID_3_0_STABLE12.html
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Nov 6 15:59:17 CET 2008 - kssingvo@suse.de
|
||
|
||
- reworked on sysconfig files (bnc#439006)
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Oct 27 16:48:56 CET 2008 - kssingvo@suse.de
|
||
|
||
- update to squid-3.0.STABLE10, fixes mainly:
|
||
bad assert in forwarding
|
||
Segfault on failed TCP DNS query
|
||
DNS requests getting stuck in idns queue
|
||
FTP PUT gives bad gateway
|
||
... and few minor ones. For complete list see:
|
||
http://www.squid-cache.org/Versions/v3/3.0/changesets/SQUID_3_0_STABLE10.html
|
||
- removed old patches, which were included upstream now
|
||
- renamed sysconfig.squid to sysconfig.squid3 (bnc#439006)
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Oct 13 14:52:39 CEST 2008 - kssingvo@suse.de
|
||
|
||
- reenabled linux-netfilter in configure as seems to work now again
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Oct 2 14:36:14 CEST 2008 - kssingvo@suse.de
|
||
|
||
- added official patches:
|
||
* assertion fix in forward.cc
|
||
* bad links in ./configure due to website changes
|
||
* define DEFAULT_CACHEMGR_CONFIG before its first use
|
||
* don't strcmp Config.Log.store if it's NULL in storeLogOpen
|
||
* workaround: When dns_error_message value is lost
|
||
* ftp put gives bad gateway but put is correct
|
||
* fix of a compilation error
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Sep 10 12:40:46 CEST 2008 - kssingvo@suse.de
|
||
|
||
- new version 3.0.STABLE9:
|
||
* Correct HTCP stats
|
||
* fix: mgr:active_requests always returns "delay_pool 0"
|
||
* fix: 3.0 must still wrap CARP properly
|
||
* Improve display on fd debug output
|
||
* Correct ICAP notes: *_postcache vector points not coded
|
||
* fix: squid_ldap_group -h reports the old % codes for -f
|
||
* Fix: Unsupported method in request may show raw binary data in log
|
||
* Fix: cppunit tests broken by squid.h defines
|
||
* fix: no_check.pl ntlm helper never sends challenge
|
||
* Increase buffer in authenticateNegotiateStart / squid_kerb_auth
|
||
* peer name not logged in access.log like expected, instead the ip
|
||
address is logged
|
||
* Fixed typo in squid.h which would prevent leak checking for arrays
|
||
* COSS removal from 3.0
|
||
* Use safe functions in basic auth MSNT helper
|
||
for full changes list, see:
|
||
http://www.squid-cache.org/Versions/v3/3.0/changesets/SQUID_3_0_STABLE8.html
|
||
- removed coss as disk storage method, as it became unstable now
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Aug 20 12:29:36 CEST 2008 - kssingvo@suse.de
|
||
|
||
- fixed configure option:
|
||
* change from "with-large-files" to "enable-large-files"
|
||
* removed netfilters (kernel 2.4) option
|
||
- fixed init script
|
||
- added sysconfig as in squid
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Jul 22 16:08:26 CEST 2008 - kssingvo@suse.de
|
||
|
||
- new version 3.0.STABLE8:
|
||
* Support for cachemgr sub-actions
|
||
* userhash peer selection method
|
||
* sourcehash peer selection method
|
||
* round-robin balancing fixes
|
||
* acl documentation cleanup
|
||
* cachemgr.cgi HTML output encoding
|
||
* Regression: Log format size options
|
||
* Correct the opening of PF device file.
|
||
* ICAP accept mechanism
|
||
* Regression: fakeauth_auth crashes
|
||
* Boost error pages HTML standards.
|
||
* Fixes several issues on 64-bit systems
|
||
* Fixes several issues on older or stricter compilers
|
||
* Linux-2.6.24/2.6.25 netfilter_ipv4.h __u32 workaround
|
||
* Update Release Notes: 'all' ACL is built-in since 3.0.STABLE1
|
||
for full changes list, see:
|
||
http://www.squid-cache.org/Versions/v3/3.0/changesets/SQUID_3_0_STABLE8.html
|
||
- removed unneccesary compiler warning patch
|
||
- added new patch for warnings in kerberos auth
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jul 2 16:13:35 CEST 2008 - kssingvo@suse.de
|
||
|
||
- update to version 3.0.STABLE7, which is mainly a bugfix version only:
|
||
* important fix for ASN.1 DoS (no CVE)
|
||
* spelling corrections
|
||
* assertion on ESI page
|
||
* in snmp reporting
|
||
* (extra) whitespaces in logfile
|
||
* added note that negative_ttl is a HTTP violation
|
||
* Memory allocation problem in restoreCapabilities(), tools.cc
|
||
* etc.
|
||
for full change list see:
|
||
http://www.squid-cache.org/Versions/v3/3.0/changesets/SQUID_3_0_STABLE7.html
|
||
|
||
-------------------------------------------------------------------
|
||
Wed May 21 17:39:14 CEST 2008 - kssingvo@suse.de
|
||
|
||
- update to version 3.0.STABLE5, which is mainly a bugfix version only:
|
||
* fix in parsing cachemgr.conf
|
||
* segfault in tunnelConnectTimeout()
|
||
* segfault in MemBuf::append()
|
||
* basic auth leaks memory
|
||
* access_log syslog results in blanks syslog lines
|
||
* umask support with porting from 2.6
|
||
* segfault in AuthDigestUserRequest::authUser
|
||
* ntlm_auth helper resolves DC hostname to 0
|
||
... and some minor bugfixes more
|
||
- added cachemngr.conf.default to files
|
||
|
||
-------------------------------------------------------------------
|
||
Mon May 19 19:39:48 CEST 2008 - kssingvo@suse.de
|
||
|
||
- added "sharedscripts" to logrotate (bnc#388088)
|
||
|
||
-------------------------------------------------------------------
|
||
Fri May 9 15:36:15 CEST 2008 - schwab@suse.de
|
||
|
||
- Use autoreconf.
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Apr 29 17:39:40 CEST 2008 - kssingvo@suse.de
|
||
|
||
- update to version 3.0.STABLE5, which is mainly a bugfix version only:
|
||
* Bypassing 403 and 404 status to ICAP using icap_access - Failed
|
||
* file uploads (RFC1867) fail with "error:double-CR"
|
||
* Range tests failing.
|
||
* crashes/restarts when ICAP enabled on respmod for HTTP body size
|
||
greater than 100kb
|
||
* Support for resolv.conf 'domain' option
|
||
* Fix for incorrect default time/date log format
|
||
* Fix: reentrant debugging crashes Squid
|
||
* better handling of intercepted URI
|
||
* better port for non-FQDN URI lookups
|
||
* Improved logging, including incorrect timestamp format in earlier
|
||
3.0 releases
|
||
* Support for profiling on x86 64-bit systems
|
||
- removed upstream patches, which are now included in source tarball
|
||
- removed own compiler warning patch (now upstream)
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Apr 17 12:07:17 CEST 2008 - kssingvo@suse.de
|
||
|
||
- added official patches:
|
||
* increase MAX_URL to 8192
|
||
* Honor 0x and 0 prefixes as numeric base indication when parsing
|
||
squid.conf integer options.
|
||
* Correct and simplify parsing of list headers
|
||
* Fix processing of large reply headers
|
||
* Removed execute bit from various non-executable source files
|
||
* assertion failed: HttpHdrContRange.cc:100: "spec->length >= 0"
|
||
* Fallback on transparent interception mode even if the connection
|
||
didn't seem to be transparently intercepted
|
||
* fix pt 2: DIRECT/<ip> mixed with DIRECT/
|
||
* Fallout from build-testing the new backports.
|
||
- fixed a compiler warning, which got treated as an error
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Apr 7 18:46:46 CEST 2008 - kssingvo@suse.de
|
||
|
||
- fix for unpackaged non-man pages (SLE9, SLE10 build failures)
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Apr 7 18:26:43 CEST 2008 - kssingvo@suse.de
|
||
|
||
- update to version 3.0.STABLE2:
|
||
* improved HTTP 1.1 support
|
||
* Proxy-Authentication regression
|
||
* Strip Domain from NTLM usernames for use in class 4 Delay Pools
|
||
* compile error slipped into STABLE3
|
||
* ... and as usual Many bug fixes since STABLE 2.
|
||
Please, have a look into included ChangeLog file for details.
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Mar 18 16:11:37 CET 2008 - kssingvo@suse.de
|
||
|
||
- update to version 3.0.STABLE2:
|
||
* Add myportname ACL for matching the accepting port name (see
|
||
release notes)
|
||
* Add include directive for squid.conf (see release notes)
|
||
* Add ability to strip kerberos realm from usernames during Auth
|
||
* License cleanup to comply with GPLv2 or later
|
||
* Updated Error Pages and Translations
|
||
* Updated configuration examples
|
||
* Updated valgrind support for valgrind-3.3.0
|
||
* Improved support for Windows and MacOS X Leopard
|
||
* Improved support for files larger than 2GB
|
||
* Improved support for CARP arrays and WCCPv2
|
||
* Improved cachmgr, SNMP, and log reporting
|
||
* ... and as usual Many bug fixes since STABLE 1
|
||
- removed unnecessary, official patches for STABLE1
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Mar 12 13:39:43 CET 2008 - kssingvo@suse.de
|
||
|
||
- added many official patches:
|
||
* Squid Bugzilla #2250: double-freeing memory in http_port name=
|
||
option code.
|
||
* Optimisation cleanup of fake_auth
|
||
* Fix Castings slipped out of back-ported patches from 3.1.
|
||
* Update errors/list to match the actual list of error pages used
|
||
* Added a CPPUNIT assertion to test whether a failed CPPUNIT test
|
||
case properly
|
||
* Several String fixes.
|
||
* The connect(2) system call might return "connection ready"
|
||
* Sort cache list in wccpv2 to ensure a consistent hash
|
||
allocation across all serv
|
||
* Squid Bugzilla #1978: fwdServerClose retries non-idempotent
|
||
methods
|
||
* Squid Bugzilla #2172: When user fails authentification Squid
|
||
restarts
|
||
* Squid Bugzilla #2186: NONE/- due to persistent connections
|
||
* Squid Bugzilla #2189 fix: when dumping SNMP oids, do not
|
||
overrun the result buffer.
|
||
* Assert that checklist and request are set instead of
|
||
segfaulting as in bug 2168
|
||
* Squid Bugzilla #1923 fix: Do not send hop-by-hop headers to the
|
||
ICAP server.
|
||
* Squid Bugzilla #1933 fix: Fixed memory pools configuration
|
||
reporting.
|
||
* Squid Bugzilla #2110 fix: When Squid is shutting down, disable
|
||
persistent connections
|
||
* Squid Bugzilla #2153: Use the cache_peer name in CARP hashing
|
||
to support multiple peers on the same host
|
||
* Add check for glob() and glob.h availability
|
||
* make include support wildcards, and document the directive
|
||
(copied from squid-2)
|
||
* Use our own strwordtok instead of strtok_r. Not only is it
|
||
portable, but also understands quoting and escaping
|
||
* Squid Bugzilla #2180 (update) - include minor issues
|
||
* include directive for squid.conf
|
||
* More off_t related cleanups triggered by Squid Bugzilla #2164.
|
||
* Squid Bugzilla #2164: assertion failed: stmem.cc:321:
|
||
"candidate.offset >= 0"
|
||
* Squid Bugzilla #2150: Connection hangs on automatic retry
|
||
* Squid Bugzilla #2175: Update valgrind support for
|
||
valgrind-3.3.0
|
||
* Random authenticaiton failures when using Digest authentication
|
||
* digest auth related memory corruption
|
||
* Allow informal errors on stderr when using -k parse
|
||
* Squid Bugzilla #2063: Hide debugging messages before cache.log
|
||
is opened
|
||
* Squid Bugzilla #2018: dead_peer_timeout fails to declare peer
|
||
dead
|
||
* Squid Bugzilla #2114: cache memory accounting not working well
|
||
* Fix some minor casting errors affecting cachemgr reporting when
|
||
cache/mem >2GB
|
||
* Squid Bugzilla #2231: Compile error in squid_kerb_auth under
|
||
Mac OS X 10.5.2
|
||
* Squid Bugzilla #2101: Reuse pconns using LIFO
|
||
* Squid Bugzilla #2159: WCCPv2 assertion failure on Mask
|
||
assignment
|
||
* Kill unused body_size variable
|
||
* Kill obsolete phttpd/0.99.72 malformed HEAD response
|
||
workaround.
|
||
* License cleanup to comply with GPLv2 or later.
|
||
* Sync store meta assignments with Squid-2.
|
||
* Don't be so verbose about not yet implemented store meta data
|
||
types
|
||
* Accept some unknown store meta entries without throwing away
|
||
the rest.
|
||
* Patch to strip kerberos realm from username
|
||
* Clean up of deferred reads and delay pools was not applied to
|
||
comm_select_win32.cc
|
||
* Fix missing default disk store type into QUICKSTART example.
|
||
* Alter caching policy for Dynamic Objects.
|
||
* Squid Bugzilla #2166 - Error compiling on Mac OS X 10.5 Leopard
|
||
* Correct example IPs in tcp_outgoing_address config
|
||
* Squid Bugzilla #2189 - wrong parameters used for memset
|
||
- removed our patches, which are upstream included now
|
||
- worked on BuildRequires:
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Jan 15 15:04:06 CET 2008 - kssingvo@suse.de
|
||
|
||
- update to version 3.0.STABLE1:
|
||
* Updated changelog for 3.0.STABLE1 release
|
||
* MFC
|
||
* Name the upcoming release 3.0.STABLE1 MFC
|
||
* Remove references to myself and NLANR, add pointer to COPYRIGHT
|
||
file
|
||
* Change old info@ircache.net contact address to
|
||
info@squid-cache.org
|
||
* Fixed more compile errors after removal of snprintf.h
|
||
* Fix compile errors after removal of snprintf.h
|
||
* Removed the following debugging line, numerous copies of which
|
||
used to appear
|
||
* Set default formatting flags for the debugging stream to
|
||
"fixed" with a
|
||
* Delete now unused snprintf.h header file
|
||
* removed lib/snprintf.c credits as it's no longer shipped with
|
||
Squid
|
||
* Kill GPL-incompatible (Apache) lib/snprintf.c source.
|
||
* assertion failed: comm.cc:116: "ccb->active == false"
|
||
* squid.conf, others overwrite -X
|
||
* Wrap equation argument to debugs() properly.
|
||
* Correct attribution of current MD5 changes.
|
||
* Fix typo added during some patch.
|
||
* Fix SegFault when NetDB asked to ping a zero-length
|
||
domain/hostname
|
||
* allow pending cache hits when delay pools not compiled in pack
|
||
header entries on cache updates
|
||
* Update to Squid MD5 syntax
|
||
* Correct update of 304 headers
|
||
* Make squid_db_auth reopen the database connection on each query
|
||
by default
|
||
* Updated MD5 credits (no longer RSA). Removed winbind credits
|
||
(no longer shipped with Squid)
|
||
* Drop the RSA licensed MD5 implementation, and use the one
|
||
shipped with Squid instead
|
||
* Change priority of proxy auth and extacl provided username in
|
||
login=*:pass
|
||
* Declare Squid 3 Windows support NOT STABLE.
|
||
* Fix build failure caused by a typo.
|
||
* Renamed "SQUID_ESI" to "USE_SQUID_ESI" at request of other
|
||
developers
|
||
* Change 'ESI' define to 'SQUID_ESI'
|
||
* More fixes for recent MD5 mixups
|
||
* Fix-fix for MD5.
|
||
* fix GCC 4.3 warnings, part 1
|
||
* operator != declared outside of the HttpRequestMethod class
|
||
results in
|
||
* Returning -1 in the unreached portion of u_short GetService()
|
||
code results in
|
||
* partial fix: Allocate space for a NULL terminator of the helper
|
||
* RFC 1157 - SNMP v1 Protocol is used by squid.
|
||
* Enable squid to lookup /etc/services for named peer ports.
|
||
* Re-fix libmd5 detection on configure
|
||
* Solaris 10 appears to provide MD5 natively
|
||
* Add some include-protection to IPInterception.cc
|
||
* Extended the Squid -> Rewriter interface with key=value pairs
|
||
* Close three possible buffer over/under-runs
|
||
* Looks like 'dstdomain' and 'dstdomain_regex' ACLs were broken.
|
||
* Spelling.
|
||
* Code cleanup.
|
||
* NetBIOS is now officially obsolete.
|
||
* fix: Better handling of HTTP 206 Partial Content responses.
|
||
* Added debugging while investigating
|
||
* RFC bits omitted earlier.
|
||
* RFC 3162 - updated RADIUS authentication protocol
|
||
* Policy Change: Make all ACL a predefined default.
|
||
* Add RFC 1902, 1905 - SNMP Protocols used by squid.
|
||
* Close several unsafe control paths after fatalf()
|
||
* Close several unsafe control paths after self_destruct()
|
||
* fix: handle REQMOD HTTP responses without body
|
||
* fix: SegFault in tunnelConnectTimeout error page generation.
|
||
* Need to read clearer. We agreed on allow localnet->deny all.
|
||
* Alter policy of ICP and HTCP access to default allow only local
|
||
networks
|
||
* autoconf 2.61 works.
|
||
* Add notes about htcp_access effects on HTCP peers to config.
|
||
* Update udp_(incoming|outgoing)_address option docs to reflect
|
||
current state.
|
||
* Respect DNS ttl=0
|
||
* Digest delays are no longer bound to any fixed unit of time.
|
||
* digest_generation docs should reference compile option not
|
||
internal macro.
|
||
* 3.0RC1: Add stub ERR_ESI and ERR_ICAP_FAILURE documents to
|
||
errors/Armenian
|
||
* Likely fix for helper-related SEGV shortly after reconfigure
|
||
* automake 1.10 also works..
|
||
* More >2GB fixes. BodyPipe::unproducedSize() method should also
|
||
return an uint64_t
|
||
- squid3 now obsoletes squid (= squid2)
|
||
- renamed patches, removed unused patches
|
||
- removed obsolete use of suse 8.0 version requirement
|
||
- changed X-UnitedLinux-Should-XXX to Should-XXX in init script
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Dec 12 18:25:27 CET 2007 - kssingvo@suse.de
|
||
|
||
- BuildRequires doesn't need openldap2 anymore. fixed.
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Nov 29 11:10:33 CET 2007 - kssingvo@suse.de
|
||
|
||
- removed gcc-4.3 patch, now in upstream
|
||
- added many upstream patches:
|
||
* Fix typo added during some patch.
|
||
* Fix SegFault when NetDB asked to ping a zero-length
|
||
domain/hostname
|
||
* Bug #2096: allow pending cache hits when delay pools not
|
||
compiled in
|
||
* pack header entries on cache updates
|
||
* Update to Squid MD5 syntax
|
||
* Correct update of 304 headers
|
||
* Make squid_db_auth reopen the database connection on each
|
||
query by default
|
||
* Updated MD5 credits (no longer RSA). Removed winbind credits
|
||
(no longer shipped with Squid)
|
||
* Drop the RSA licensed MD5 implementation, and use the one
|
||
shipped with Squid instead
|
||
* Change priority of proxy auth and extacl provided username in
|
||
login=*:pass
|
||
* Declare Squid 3 Windows support NOT STABLE.
|
||
* Fix build failure caused by a typo.
|
||
* Renamed "SQUID_ESI" to "USE_SQUID_ESI" at request of other
|
||
developers
|
||
* Change 'ESI' define to 'SQUID_ESI'
|
||
* More fixes for recent MD5 mixups
|
||
* Fix-fix for MD5.
|
||
* Bug #2123 fix, part 1: GCC 4.3 warnings
|
||
* operator != declared outside of the HttpRequestMethod class
|
||
results in
|
||
* Returning -1 in the unreached portion of u_short GetService()
|
||
code results in
|
||
* Bug #2123 partial fix: Allocate space for a NULL terminator
|
||
of the helper
|
||
* RFC 1157 - SNMP v1 Protocol is used by squid.
|
||
* Enable squid to lookup /etc/services for named peer ports.
|
||
* Re-fix libmd5 detection on configure
|
||
* Solaris 10 appears to provide MD5 natively
|
||
* Add some include-protection to IPInterception.cc
|
||
* Extended the Squid -> Rewriter interface with key=value pairs
|
||
* Close three possible buffer over/under-runs
|
||
* Looks like 'dstdomain' and 'dstdomain_regex' ACLs were
|
||
broken.
|
||
* Spelling.
|
||
* Code cleanup.
|
||
* NetBIOS is now officially obsolete.
|
||
* Bug #2116 fix: Better handling of HTTP 206 Partial Content
|
||
responses.
|
||
* Added debugging while investigating bug #2116.
|
||
* RFC bits omitted earlier.
|
||
* RFC 3162 - updated RADIUS authentication protocol
|
||
* Policy Change: Make all ACL a predefined default.
|
||
* Add RFC 1902, 1905 - SNMP Protocols used by squid.
|
||
* Close several unsafe control paths after fatalf()
|
||
* Close several unsafe control paths after self_destruct()
|
||
* Author:Rafael Martinez <rmartine@fdi.ucm.es>
|
||
* Author: Rafael Martinez <rmartine@fdi.ucm.es>
|
||
* Bug #2104 fix: handle REQMOD HTTP responses without body
|
||
* Bug #2098 fix: SegFault in tunnelConnectTimeout error page
|
||
generation.
|
||
* Need to read clearer. We agreed on allow localnet->deny all.
|
||
* Alter policy of ICP and HTCP access to default allow only
|
||
local networks
|
||
* autoconf 2.61 works.
|
||
* Add notes about htcp_access effects on HTCP peers to config.
|
||
* Update udp_(incoming|outgoing)_address option docs to reflect
|
||
current state.
|
||
* Bug #2100: Respect DNS ttl=0
|
||
* Digest delays are no longer bound to any fixed unit of time.
|
||
* digest_generation docs should reference compile option not
|
||
internal macro.
|
||
* Bug #2094: 3.0RC1: Add stub ERR_ESI and ERR_ICAP_FAILURE
|
||
documents to errors/Armenian
|
||
* Likely fix for helper-related SEGV shortly after reconfigure
|
||
* automake 1.10 also works..
|
||
* More >2GB fixes. BodyPipe::unproducedSize() method should
|
||
also return an uint64_t
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Nov 20 12:30:45 CET 2007 - kssingvo@suse.de
|
||
|
||
- added "squid-beta" to Conflicts: section
|
||
- removed unneeded snprintf.c due to license issue (bugzilla#341246)
|
||
- replace md5.c and md5.h by GPL version (bugzilla#341246)
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Nov 13 11:42:02 CET 2007 - kssingvo@suse.de
|
||
|
||
- fixed gcc-4.3 "-Wall -Werror" issues
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Nov 8 10:00:27 CET 2007 - kssingvo@suse.de
|
||
|
||
- initial try with RC1, based on squid-beta
|
||
|