[squid-users] New rpm for i686 is out

From: Eliezer Croitoru <eliezer_at_ngtech.co.il>
Date: Mon, 30 Sep 2013 08:49:32 +0300

I compiled a new RPM for CentOS but the i686 (32 bit) compatible.

It exists now only on:
repo and www1 servers.
information on where to find these RPMs is here:
http://wiki.squid-cache.org/KnowledgeBase/CentOS#Squid-3.3

+ Since it's a i686 RPM the repo will be with i686 instead of x86_64 in
the url.

- I have never installed it on a production i686 machine so feel free to
send a feedback and suggestions for improvements.
- the init script was not designed by me or any squid developer so it
still need a magic touch.
I will try to make the script a bit simpler.

in a case you want to kill a tree of process like squid and all of the
forked and sub-process you can use this script:
#!/bin/bash

killtree() {
    local _pid=$1
    local _sig=${2:-TERM}
    kill -stop ${_pid} # needed to stop quickly forking parent from
producing child between child killing and parent killing
    for _child in $(ps -o pid --no-headers --ppid ${_pid}); do
        killtree ${_child} ${_sig}
    done
    kill -${_sig} ${_pid}
}

if [ $# -eq 0 -o $# -gt 2 ]; then
    echo "Usage: $(basename $0) <pid> [signal]"
    exit 1
fi

killtree $@
#end

Note that this RPM is built for ISP more then authentication etc.
it suppose to support a simple and basic forward proxy, intercept and
tproxy.
This build works and tested with external_acl.
If you do have any troubles feel free to contact the list or\and me.

Eliezer

On 09/28/2013 05:52 PM, Amos Jeffries wrote:
> [Apologies if this is a duplicate. The original announcement appears
> not to have made it to several of the mailing lists.]
>
>
> The Squid HTTP Proxy team is very pleased to announce the availability
> of the Squid-3.3.9 release!
>
>
> This release is a bug fix release resolving several major issues
> found in the prior Squid releases.
>
>
> The major changes to be aware of:
>
> * Bug #3849 <http://bugs.squid-cache.org/show_bug.cgi?id=3849>:
> Duplicate certificate sent when using https_port
>
> This bug is causing the SSL negotiation to fail for some clients.
> In particular those using recent versions of GnuTLS.
>
>
> * Bug #3879 <http://bugs.squid-cache.org/show_bug.cgi?id=3879>:
> assertion failed ConnStateData::validatePinnedConnection
>
> This bug can occur when transiting NTLM or Kerberos authenticated
> messages even when the proxy is performing authentication.
>
>
> * Regression Bug: off-by-one error in Digest header decoding
>
> The earlier fix for bug 3077 had a small but critical typo when ported
> to 3.2 series which broke Digest authentication in 3.2 and older 3.3
> releases.
>
>
> * OpenSSL infinite loop on validating certificate
>
> This release includes a workaround for OpenSSL bug #3090 (their
> bug number). This bug was visible as an infinite loop consuming
> all or many CPU cycles when validating a certificate. Squid is
> now able to quickly detect and halt such loops. Treating
> certificates which trigger it as containing an error.
>
> Also the supported OpenSSL error codes have been updated to include
> those available in the most recent OpenSSL release.
>
>
> * Bug #3863 <http://bugs.squid-cache.org/show_bug.cgi?id=3863>:
> myportname acl causes segmentation fault
>
> This bug is visible when adaptation (ICAP or eCAP) is being performed
> and a myportname ACL is used to test an adapted request.
>
>
>
> Other notable changes include:
>
> * Bug #2112 <http://bugs.squid-cache.org/show_bug.cgi?id=2112>: Reload
> into If-None-Match
>
> This bug fix allows Squid to participate in HTTP revalidation of
> cached objects using ETag values.
>
>
> * Improved compatibility with Clang, ICC and GCC 4.8
>
> Recent release of these compilers are getting ever more strict.
> This release fixes several small issues which have been detected
> by these ongoing compiler improvements and may break the build.
>
>
> * Windows support improvements
>
> Thanks to a new sponsor iCelero providing development resources.
>
> There are still many issues to be resolved but a patch will become
> available soon for building a limited Squid-3.3 proxy with the MinGW
> compiler environment. Those interested should contact the squid-dev
> mailing list.
>
>
>
>
> See the ChangeLog for the full list of changes in this and earlier
> releases.
>
> All users are urged to upgrade to this release as soon as possible.
>
>
> Please remember to run "squid -k parse" when testing upgrade to a new
> version of Squid. It will audit your configuration files and report
> any identifiable issues the new release will have in your installation
> before you "press go". We are still removing the infamous "Bungled
> Config" halting points and adding checks, so if something is not
> identified please report it.
>
>
>
> Please refer to the release notes at
> http://www.squid-cache.org/Versions/v3/3.3/RELEASENOTES.html
> when you are ready to make the switch to Squid-3.3
>
> Upgrade tip:
> "squid -k parse" is starting to display even more
> useful hints about squid.conf changes.
>
> This new release can be downloaded from our HTTP or FTP servers
>
> http://www.squid-cache.org/Versions/v3/3.3/
> ftp://ftp.squid-cache.org/pub/squid/
> ftp://ftp.squid-cache.org/pub/archive/3.3/
>
> or the mirrors. For a list of mirror sites see
>
> http://www.squid-cache.org/Download/http-mirrors.html
> http://www.squid-cache.org/Download/mirrors.html
>
> If you encounter any issues with this release please file a bug report.
> http://bugs.squid-cache.org/
>
>
> Amos Jeffries
>
Received on Mon Sep 30 2013 - 05:49:45 MDT

This archive was generated by hypermail 2.2.0 : Mon Sep 30 2013 - 12:00:04 MDT