auto-import squid-2.4.STABLE1-4 from squid-2.4.STABLE1-4.src.rpm

2004-09-09 12:36:55 +00:00 · 2004-09-09 12:36:55 +00:00 · 703f3d3fd8
commit 703f3d3fd8
parent d4c19ac096
4 changed files with 597 additions and 218 deletions
--- a/.cvsignore
+++ b/.cvsignore
@ -1 +1 @@
-squid-2.3.STABLE4-src.tar.gz
+squid-2.4.STABLE1-src.tar.gz
--- a/FAQ.sgml
+++ b/FAQ.sgml
@ -82,7 +82,7 @@ for the most recent versions.
 <P>
 Squid is the result of efforts by numerous individuals from
 the Internet community.
-<url	url="mailto:wessels@ircache.net"
+<url	url="mailto:wessels@squid-cache.org"
 	name="Duane Wessels">
 of the National Laboratory for Applied Network Research (funded by
 the National Science Foundation) leads code development.
@ -127,10 +127,11 @@ For more specific information, please see
 <url url="http://www.squid-cache.org/platforms.html" name="platforms.html">.
 If you encounter any platform-specific problems, please
 let us know by sending email to
-<url	url="mailto:squid-bugs@ircache.net"
+<url	url="mailto:squid-bugs@squid-cache.org"
 	name="squid-bugs">.
 <sect1>Does Squid run on Windows NT?
 <label id="squid-NT">
 <P>
 Recent versions of Squid will <em/compile and run/ on Windows/NT
 with the
@ -149,12 +150,20 @@ Thanks to LogiSense for making the code available as required by the GPL terms.
 is working on a Windows NT port as well.  You can find more information from him
 at <url url="http://www.ideal.net.au/~collinsdial/Squid2.4.htm" name="his page">.
 <p>
 <url url="http://serassio.interfree.it/SquidNT.htm" name="Guido Serassio">
 and <url url="http://www.phys-iasi.ro/users/romeo/squidnt.htm" name="Romeo Anghelache"> have Squid NT pages, including
 binaries and patches.
 <p>
 <sect1>What Squid mailing lists are available?
 <P>
 <itemize>
-<item> squid-users@ircache.net: general discussions about the
+<item> squid-users@squid-cache.org: general discussions about the
 Squid cache software. Subscribe via
-<it/squid-users-request@ircache.net/.
+<it/squid-users-subscribe@squid-cache.org/.
 Previous messages are available for browsing at
 <url	url="http://www.squid-cache.org/mail-archive/squid-users/"
@ -164,26 +173,26 @@ and also at <url url="http://marc.theaimsgroup.com/?l=squid-users&amp;r=1&amp;w=
 <item>
 squid-users-digest: digested (daily) version of
 above.  Subscribe via
-<it/squid-users-digest-request@ircache.net/.
+<it/squid-users-digest-subscribe@squid-cache.org/.
 <item>
-squid-announce@ircache.net: A receive-only list for
+squid-announce@squid-cache.org: A receive-only list for
 announcements of new versions.
 Subscribe via
-<it/squid-announce-request@ircache.net/.
+<it/squid-announce-subscribe@squid-cache.org/.
 <item>
-<it/squid-bugs@ircache.net/:
+<it/squid-bugs@squid-cache.org/:
 A closed list for sending us bug reports.
 Bug reports received here are given priority over
 those mentioned on squid-users.
 <item>
-<it/squid@ircache.net/:
+<it/squid@squid-cache.org/:
 A closed list for sending us feed-back and ideas.
 <item>
-<it/squid-faq@ircache.net/:
+<it/squid-faq@squid-cache.org/:
 A closed list for sending us feed-back, updates, and additions to
 the Squid FAQ.
 </itemize>
@ -207,11 +216,10 @@ the IETF.  It may be resurrected some day, you never know!
 <sect1>I can't figure out how to unsubscribe from your mailing list.
 <P>
-All of our mailing lists have ``-request'' addresses that you must
+All of our mailing lists have ``-subscribe'' and ``-unsubscribe''
 addresses that you must
 use for subscribe and unsubscribe requests.  To unsubscribe from
-the squid-users list, you send a message to <em/squid-users-request@ircache.net/
+the squid-users list, you send a message to <em/squid-users-unsubscribe@squid-cache.org/.
 and in the subject and/or body of your message, you put the magic word
 ``unsubscribe.''
 <sect1>What Squid web pages are available?
 <P>
@ -445,8 +453,8 @@ The following people have made contributions to this document:
 </itemize>
 <P>
 Please send corrections, updates, and comments to:
-<url	url="mailto:squid-faq@ircache.net"
+<url	url="mailto:squid-faq@squid-cache.org"
-	name="squid-faq@ircache.net">.
+	name="squid-faq@squid-cache.org">.
 <sect1>About This Document
 <P>
@ -1844,6 +1852,40 @@ acl hotmail dstdomain .hotmail.com
 always_direct allow hotmail
 </verb>
 <sect1>Can I make Squid proxy only, without caching anything?
 <p>
 Sure, there are few things you can do.
 <p>
 You can use the <em/no_cache/ access list to make Squid never cache any response:
 <verb>
 	acl all src 0/0
 	no_cache deny all
 </verb>
 <p>
 With Squid-2.4 and later you can use the ``null'' storage module:
 <verb>
 	cache_dir null -1 1000
 </verb>
 <sect1>Can I prevent users from downloading large files?
 <p>
 You can set the global <em/reply_body_max_size/ parameter.  This option
 controls the largest HTTP message body that will be sent to a cache
 client for one request.
 <p>
 If the HTTP response coming from the server has a <tt/Content-length/
 header, then Squid compares the content-length value to the
 <em/reply_body_max_size/ value.  If the content-length is larger,
 the server connection is closed and the user receives an error
 message from Squid.
 <p>
 Some responses don't have <tt/Content-length/
 headers.  In this case, Squid counts how many bytes are written
 to the client.  Once the limit is reached, the client's connection
 is simply closed.
 <p>
 Note that ``creative'' user-agents will still be able to download
 really large files through the cache using HTTP/1.1 range requests.
 <!-- %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -->
@ -3268,6 +3310,22 @@ directory of the Squid source distribution.  The usage is
 file numbers are read on stdin, and pathnames are printed on
 stdout.
 <sect1>Can I use <em/store.log/ to figure out if a response was cachable?
 <p>
 Sort of.  You can use <em/store.log/ to find out if a particular response
 was <em>cached</em>.
 <p>
 Cached responses are logged with the SWAPOUT tag.
 Uncached responses are logged with the RELEASE tag.
 <p>
 However, your
 analysis must also consider that when a cached response is removed
 from the cache (for example due to cache replacement) it is also
 logged in <em/store.log/ with the RELEASE tag.  To differentiate these
 two, you can look at the filenumber (3rd) field.  When an uncachable
 response is released, the filenumber is FFFFFFFF (-1).  Any other
 filenumber indicates a cached response was released.
 <!-- %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -->
@ -4987,7 +5045,7 @@ the <em/all/ ACL.  For example:
 </verb>
-<sect1>How do allow my clients to use the cache?
+<sect1>How do I allow my clients to use the cache?
 <p>
 Define an ACL that corresponds to your client's IP addresses.
 For example:
@ -5422,6 +5480,18 @@ http_access allow FOO WORKING
 http_access deny FOO
 </verb>
 <sect1>How can I allow some users to use the cache at specific times?
 <p>
 <verb>
 acl USER1 proxy_auth Dick
 acl USER2 proxy_auth Jane
 acl DAY time 06:00-18:00
 http_access allow USER1 DAY
 http_access deny USER1
 http_access allow USER2 !DAY
 http_access deny USER2
 </verb>
 <sect1>Problems with IP ACL's that have complicated netmasks
 <p>
 <em>Note: The information here is current for version 2.3.</em>
@ -5507,6 +5577,10 @@ at once, Squid returns an error page.  Unless you use the
 <em/deny_info/ feature, the error message will just say ``access
 denied.''
 <p>
 The <em/maxconn/ ACL requires the client_db feature.  If you've
 disabled client_db (for example with <em/client_db off/) then
 <em/maxconn/ ALCs will not work.
 <p>
 Note, the <em/maxconn/ ACL type is kind of tricky because it
 uses less-than comparison.  The ACL is a match when the number
 of established connections is <em/greater/ than the value you
@ -5516,6 +5590,51 @@ ACL with <em/http_access allow/.
 Also note that you could use <em/maxconn/ in conjunction with
 a user type (ident, proxy_auth), rather than an IP address type.  
 <sect1>I'm trying to deny <em/foo.com/, but it's not working.
 <p>
 In Squid-2.3 we changed the way that Squid matches subdomains.
 There is a difference between <em/.foo.com/ and <em/foo.com/.  The
 first matches any domain in <em/foo.com/, while the latter matches
 only ``foo.com'' exactly.  So if you want to deny <em/bar.foo.com/,
 you should write
 <verb>
 acl yuck dstdomain .foo.com
 http_access deny yuck
 </verb>
 To be safe, you probably want to list both forms in your
 access lists, for example:
 <verb>
 acl yuck dstdomain .foo.com foo.com
 http_access deny yuck
 </verb>
 <sect1>I want to customize, or make my own error messages.
 <p>
 You can customize the existing error messages as described in
 <ref id="custom-err-msgs" name="Customizable Error Messages">.
 You can also create new error messages and use these in conjunction
 with the <em/deny_info/ option.
 <p>
 For example, lets say you want your users to see a special message
 when they request something that matches your pornography list.
 First, create a file named ERR_NO_PORNO in the
 <em>/usr/local/squid/etc/errors</em> directory.  That file might
 contain something like this:
 <verb>
 &lt;p&gt;
 Our company policy is to deny requests to known porno sites.  If you
 feel you've received this message in error, please contact 
 the support staff (support@this.company.com, 555-1234).
 </verb>
 <p>
 Next, set up your access controls as follows:
 <verb>
 acl porn url_regex "/usr/local/squid/etc/porno.txt"
 deny_info ERR_NO_PORNO porn
 http_access deny porn
 (additional http_access lines ...)
 </verb>
 <!-- %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -->
 <sect>Troubleshooting
@ -6172,7 +6291,7 @@ Should produce something like:
 <sect1>Sending in Squid bug reports
 <P>
-Bug reports for Squid should be sent to the <url url="mailto:squid-bugs@ircache.net"
+Bug reports for Squid should be sent to the <url url="mailto:squid-bugs@squid-cache.org"
 name="squid-bugs alias">.  Any bug report must include
 <itemize>
 <item>The Squid version
@ -6569,9 +6688,13 @@ Forwarding loops are detected by examining the <em/Via/ request header.
 Each cache which "touches" a request must add its hostname to the
 <em/Via/ header.  If a cache notices its own hostname in this header
 for an incoming request, it knows there is a forwarding loop somewhere.
 <p>
 NOTE:
-A pair of caches which have the same <em/visible_hostname/ value
+Squid may report a forwarding loop if a request goes through
-will report forwarding loops.
+two caches that have the same <em/visible_hostname/ value.
 If you want to have multiple machines with the same
 <em/visible_hostname/ then you must give each machine a different
 <em/unique_hostname/ so that forwarding loops are correctly detected.
 <P>
 When Squid detects a forwarding loop, it is logged to the <em/cache.log/
@ -6932,6 +7055,72 @@ Andrew Doroshenko reports that removing <em>/dev/null</em>, or
 mounting a filesystem with the <em>nodev</em> option, can cause
 Squid to use 100% of CPU.  His suggested solution is to ``touch /dev/null.''
 <sect1>Webmin's <em/cachemgr.cgi/ crashes the operating system
 <p>
 Mikael Andersson reports that clicking on Webmin's <em/cachemgr.cgi/ 
 link creates numerous instances of <em/cachemgr.cgi/ that quickly
 consume all available memory and brings the system to its knees.
 <p>
 Changing the path to use Squid's own <em/cachemgr.cgi/ fixes 
 this problem.  You can change the path by logging into the
 Webmin GUI, select <em/Servers/ then <em/Squid Proxy Cache/.
 Next select <em/Module Config/.  From here  you'll be
 able to enter the pathname to the <em/cachemgr.cgi/ that came
 with Squid.
 <sect1>Segment Violation at startup or upon first request
 <p>
 Some versions of GCC (notably 2.95.1 through 2.95.3) have bugs
 with compiler optimization.  These GCC bugs may cause NULL pointer
 accesses in Squid, resulting in a ``FATAL: Received Segment
 Violation...dying'' message and a core dump.
 <p>
 You can work around these GCC bugs by disabling compiler
 optimization.  The best way to do that is start with a clean
 source tree and set the CC options specifically:
 <verb>
 % cd squid-x.y
 % make distclean
 % setenv CFLAGS='-g -Wall'
 % ./configure ...
 </verb>
 <p>
 To check that  you did it right, you can search for AC_CFLAGS in
 <em>src/Makefile</em>:
 <verb>
 % grep AC_CFLAGS src/Makefile
 AC_CFLAGS       = -g -Wall
 </verb>
 Now when you recompile, GCC won't try to optimize anything:
 <verb>
 % make
 Making all in lib...
 gcc -g -Wall -I../include -I../include -c rfc1123.c
 ...etc...
 </verb>
 <p>
 NOTE: some people worry that disabling compiler optimization will
 negatively impact Squid's performance.  The impact should be
 negligible, unless your cache is really busy and already runs
 at a high CPU usage.  For most people, the compiler optimization
 makes little or no difference at all.
 <sect1>urlParse: Illegal character in hostname 'proxy.mydomain.com:8080proxy.mydomain.com'
 <p>
 By Yomler of fnac.net
 <p>
 A combination of a bad configuration of Internet Explorer and any 
 application which use the cydoor DLLs will produce the entry in the log. 
 See <url url="http://www.cydoor.com/" name="cydoor.com"> for a complete list.
 <p>
 The bad configuration of IE is the use of a active configuration script 
 (proxy.pac) and an active or inactive, but filled proxy settings. IE will 
 only use the proxy.pac. Cydoor aps will use both and will generate the errors.
 <p>
 Disabling the old proxy settings in IE is not enought, you should delete 
 them completely and only use the proxy.pac for example.
 <!-- %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -->
@ -7983,6 +8172,53 @@ local end of the client's TCP connection.  Since the local address
 isn't really local (its some far away origin server's IP address),
 the <em/bind()/ system call fails.  Squid handles this as a failed
 ident lookup.
 <p>
 <it>
 So why bind in that way? If you know you are transparent proxying, then why
 not bind the local endpoint to the host's (intranet) IP address? Why make
 the masses suffer needlessly?
 </it>
 <p>
 Because thats just how ident works.  
 Please read <url url="ftp://ftp.isi.edu/in-notes/rfc931.txt" name="RFC 931">,
 in particular the RESTRICTIONS section.
 <sect1>dnsSubmit: queue overload, rejecting blah
 <p>
 This means that you are using external <em/dnsserver/ processes
 for lookups, and all processes are busy, and Squid's pending queue
 is full.  Each <em/dnsserver/ program can only handle one request
 at a time.  When all <em/dnsserver/ processes are busy, Squid queues
 up requests, but only to a certain point.
 <p>
 To alleviate this condition, you need to either (1) increase the number
 of <em/dnsserver/ processes by changing the value for <em/dns_children/
 in your config file, or (2) switch to using Squid's internal DNS client
 code.
 <p>
 Note that in some versions, Squid limits <em/dns_children/ to 32.  To
 increase it beyond that value, you would have to edit the source code.
 <sect1>What are FTP passive connections?
 <p>
 by Colin Campbell
 <p>
 Ftp uses two data streams, one for passing commands around, the other for
 moving data. The command channel is handled by the ftpd listening on port
 21.
 <p>
 The data channel varies depending on whether you ask for passive ftp or
 not. When you request data in a non-passive environment, you client tells
 the server ``I am listening on &lt;ip-address&gt; &lt;port&gt;.'' The server then
 connects FROM port 20 to the ip address and port specified by your client.
 This requires your "security device" to permit any host outside from port
 20 to any host inside on any port &gt; 1023. Somewhat of a hole.
 <p>
 In passive mode, when you request a data transfer, the server tells the
 client ``I am listening on &lt;ip address&gt; &lt;port&gt;.'' Your client then connects
 to the server on that IP and port and data flows.
 <!-- %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -->
@ -8501,8 +8737,8 @@ diff -p -u -r1.40 -r1.41
  * SUCH DAMAGE.
  *
  *	@(#)uipc_socket.c	8.3 (Berkeley) 4/15/94
- *	$Id: FAQ.sgml,v 1.2 2004/09/09 12:36:20 cvsdist Exp $
+- *	$Id: FAQ.sgml,v 1.3 2004/09/09 12:36:55 cvsdist Exp $
-+ *	$Id: FAQ.sgml,v 1.2 2004/09/09 12:36:20 cvsdist Exp $
+ *	$Id: FAQ.sgml,v 1.3 2004/09/09 12:36:55 cvsdist Exp $
  */
 #include <sys/param.h>
@ -8742,6 +8978,22 @@ source unless you know exactly what you are doing, as this can easily
 render the system unuseable.
 </enum>
 <sect2>Can't connect to some sites through Squid
 <p>
 When using Squid, some sites may give erorrs such as
 ``(111) Connection refused'' or ``(110) Connection timed out''
 although these sites work fine without going through Squid.
 <p>
 Some versions of linux implement 
 <url url="ftp://ftp.isi.edu/in-notes/rfc2481.txt" name="Explicit
 Congestion Notification"> (ECN) and this can cause
 some TCP connections to fail.  You can disable ECN with
 the following command:
 <verb>
 echo 0 >/proc/sys/net/ipv4/tcp_ecn
 </verb>
 <p>
 See also the <url url="http://answerpointe.cctec.com/maillists/nanog/historical/0104/msg00714.html" name="thread on the NANOG mailing list">.
 <sect1>HP-UX
@ -9611,7 +9863,7 @@ solve the ``big scale'' problem.
 <!-- %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -->
-<sect>Transparent Caching/Proxying
+<sect>Interception Caching/Proxying
 <label id="trans-caching">
 <P>
@ -9713,11 +9965,11 @@ users, which you can do with Squid in this configuration.
 </itemize>
-<sect1>Transparent caching for Solaris, SunOS, and BSD systems
+<sect1>Interception caching for Solaris, SunOS, and BSD systems
 <sect2>Install IP Filter
 <P>
 First, get and install the
-<url	url="ftp://coombs.anu.edu.au/pub/net/ip-filter/"
+<url	url="http://coombs.anu.edu.au/ipfilter/"
 	name="IP Filter package">.
 <sect2>Configure ipnat
@ -9774,12 +10026,12 @@ Add these lines to <em/squid.conf/:
 <P>
 Thanks to <url url="mailto:q@fan.net.au" name="Quinton Dolan">.
-<sect1>Transparent caching with Linux
+<sect1>Interception caching with Linux 2.0 and ipfwadm
 <label id="trans-linux-1">
 <P>
 by <url url="mailto:Rodney.van.den.Oever@tip.nl" name="Rodney van den Oever">
-<P><bf/Note:/ Transparent proxying does NOT work with Linux&nbsp;2.0.30!
+<P><bf/Note:/ Interception proxying does NOT work with Linux&nbsp;2.0.30!
 Linux&nbsp;2.0.29 is known to work well.  If you're using a more recent
 kernel, like 2.2.X, then you should probably use an ipchains configuration,
 <ref id="trans-linux-2" name="as described below">.
@ -9964,8 +10216,125 @@ am quite pleased with the results.
 See also <url url="http://www.unxsoft.com/transproxy.html"
 name="Daniel Kiracofe's page">.
 <sect1>Interception caching with Linux 2.2 and ipchains
 <label id="trans-linux-2">
 <P>
 by <url url="mailto:Support@dnet.co.uk" name="Martin Lyons">
 <P>
 You need to configure your kernel for ipchains.
 Configuring Linux kernels is beyond the scope of 
 this FAQ.  One way to do it is:
 <verb>
 	# cd /usr/src/linux
 	# make menuconfig
 </verb>
 <p>
 The following shows important kernel features to include:
 <verb>
 	[*] Network firewalls
 	[ ] Socket Filtering
 	[*] Unix domain sockets
 	[*] TCP/IP networking
 	[ ] IP: multicasting
 	[ ] IP: advanced router
 	[ ] IP: kernel level autoconfiguration
 	[*] IP: firewalling
 	[ ] IP: firewall packet netlink device
 	[*] IP: always defragment (required for masquerading)
 	[*] IP: transparent proxy support
 </verb>
 <P>
 You must include the <em>IP: always defragment</em>, otherwise it prevents
 you from using the REDIRECT chain.
-<sect1>Transparent caching with Cisco routers
+<P>
 You can use this script as a template for your own <em/rc.firewall/
 to configure ipchains:
 <verb>
 	#!/bin/sh
 	# rc.firewall   Linux kernel firewalling rules
 	# Leon Brooks (leon at brooks dot fdns dot net)
 	FW=/sbin/ipchains
 	ADD="$FW -A"
 	# Flush rules, for testing purposes
 	for i in I O F # A      # If we enabled accounting too
 	do
 		${FW} -F $i
 	done
 	# Default policies:
 	${FW} -P input REJECT   # Incoming policy: reject (quick error)
 	${FW} -P output ACCEPT  # Output policy: accept
 	${FW} -P forward DENY   # Forwarding policy: deny
 	# Input Rules:
 	# Loopback-interface (local access, eg, to local nameserver):
 	${ADD} input -j ACCEPT -s localhost/32 -d localhost/32
 	# Local Ethernet-interface:
 	# Redirect to Squid proxy server:
 	${ADD} input -p tcp -d 0/0 80 -j REDIRECT 8080
 	# Accept packets from local network:
 	${ADD} input -j ACCEPT -s localnet/8 -d 0/0 -i eth0
 	# Only required for other types of traffic (FTP, Telnet):
 	# Forward localnet with masquerading (udp and tcp, no icmp!):
 	${ADD} forward -j MASQ -p tcp -s localnet/8 -d 0/0
 	${ADD} forward -j MASQ -P udp -s localnet/8 -d 0/0
 </verb>
 <P>
 Also, <url url="mailto:andrew@careless.net" name="Andrew Shipton">
 notes that with 2.0.x kernels you don't need to enable packet forwarding,
 but with the 2.1.x and 2.2.x kernels using ipchains you do.  Packet
 forwarding is enabled with the following command:
 <verb>
 	echo 1 > /proc/sys/net/ipv4/ip_forward
 </verb>
 <sect1>Interception caching with Linux 2.4 and netfilter
 <label id="trans-linux-3">
 <P>
 NOTE: this information comes from Daniel Kiracofe's
 <url url="http://www.linuxdoc.org/HOWTO/mini/TransparentProxy.html"
 name="Transparent Proxy with Squid mini-HOWTO">.
 <p>
 You may need to build a new kernel.  Be sure to enable
 all of these options (none of them as modules):
 <itemize>
 <item>Networking support 
 <item>Sysctl support 
 <item>Network packet filtering 
 <item>TCP/IP networking 
 <item>Connection tracking (Under ``IP: Netfilter Configuration'' in menuconfig) 
 <item>IP tables support 
 <item>Full NAT 
 <item>REDIRECT target support 
 <item>/proc filesystem support 
 </itemize>
 <p>
 You must say NO to ``Fast switching'' 
 <p>
 After building the kernel, install it and reboot.
 <p>
 You may need to enable packet forwarding (e.g. in your startup scripts):
 <verb>
 echo 1 > /proc/sys/net/ipv4/ip_forward
 </verb>
 <p>
 Use the <em/iptables/ command to make your kernel intercept HTTP connections
 and send them to Squid:
 <verb>
 iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128 
 </verb>
 <sect1>Interception caching with Cisco routers
 <P>
 by <url url="mailto:John.Saunders@scitec.com.au" name="John Saunders">
@ -10053,7 +10422,7 @@ Conversely, this set has worse performance, but works for all protocols:
 	access-list 110 deny   tcp any any
 </verb>
-<sect1>Transparent caching with LINUX 2.0.29 and CISCO IOS 11.1
+<sect1>Interception caching with LINUX 2.0.29 and CISCO IOS 11.1
 <P>
 Just for kicks, here's an email message posted to squid-users
@ -10064,7 +10433,7 @@ and Squid running on Linux.
 by <url url="mailto:signal@shreve.net" name="Brian Feeny">
 <P>
-Here is how I have Transparent proxying working for me, in an environment
+Here is how I have Interception proxying working for me, in an environment
 where my router is a Cisco 2501 running IOS 11.1, and Squid machine is
 running Linux 2.0.33.
@ -10187,10 +10556,10 @@ avoids the most common loops.
 <item>
 If you are using ipfilter then you should also use transproxyd in
 front of Squid. Squid does not yet know how to interface to ipfilter
-(patches are welcome: squid-bugs@ircache.net).
+(patches are welcome: squid-bugs@squid-cache.org).
 </itemize>
-<sect1>Transparent caching with FreeBSD
+<sect1>Interception caching with FreeBSD
 <label id="trans-freebsd">
 <P>
 by Duane Wessels
@ -10277,88 +10646,7 @@ and the <em/squid.conf/ lines are:
 	httpd_accel_uses_host_header on
 </verb>
-<sect1>Transparent caching with Linux and ipchains
+<sect1>Interception caching with ACC Tigris digital access server
 <label id="trans-linux-2">
 <P>
 by <url url="mailto:Support@dnet.co.uk" name="Martin Lyons">
 <P>
 You need to configure your kernel for ipchains.
 Configuring Linux kernels is beyond the scope of 
 this FAQ.  One way to do it is:
 <verb>
 	# cd /usr/src/linux
 	# make menuconfig
 </verb>
 <p>
 The following shows important kernel features to include:
 <verb>
 	[*] Network firewalls
 	[ ] Socket Filtering
 	[*] Unix domain sockets
 	[*] TCP/IP networking
 	[ ] IP: multicasting
 	[ ] IP: advanced router
 	[ ] IP: kernel level autoconfiguration
 	[*] IP: firewalling
 	[ ] IP: firewall packet netlink device
 	[*] IP: always defragment (required for masquerading)
 	[*] IP: transparent proxy support
 </verb>
 <P>
 You must include the <em>IP: always defragment</em>, otherwise it prevents
 you from using the REDIRECT chain.
 <P>
 You can use this script as a template for your own <em/rc.firewall/
 to configure ipchains:
 <verb>
 	#!/bin/sh
 	# rc.firewall   Linux kernel firewalling rules
 	# Leon Brooks (leon at brooks dot fdns dot net)
 	FW=/sbin/ipchains
 	ADD="$FW -A"
 	# Flush rules, for testing purposes
 	for i in I O F # A      # If we enabled accounting too
 	do
 		${FW} -F $i
 	done
 	# Default policies:
 	${FW} -P input REJECT   # Incoming policy: reject (quick error)
 	${FW} -P output ACCEPT  # Output policy: accept
 	${FW} -P forward DENY   # Forwarding policy: deny
 	# Input Rules:
 	# Loopback-interface (local access, eg, to local nameserver):
 	${ADD} input -j ACCEPT -s localhost/32 -d localhost/32
 	# Local Ethernet-interface:
 	# Redirect to Squid proxy server:
 	${ADD} input -p tcp -d 0/0 80 -j REDIRECT 8080
 	# Accept packets from local network:
 	${ADD} input -j ACCEPT -s localnet/8 -d 0/0 -i eth0
 	# Only required for other types of traffic (FTP, Telnet):
 	# Forward localnet with masquerading (udp and tcp, no icmp!):
 	${ADD} forward -j MASQ -p tcp -s localnet/8 -d 0/0
 	${ADD} forward -j MASQ -P udp -s localnet/8 -d 0/0
 </verb>
 <P>
 Also, <url url="mailto:andrew@careless.net" name="Andrew Shipton">
 notes that with 2.0.x kernels you don't need to enable packet forwarding,
 but with the 2.1.x and 2.2.x kernels using ipchains you do.  Packet
 forwarding is enabled with the following command:
 <verb>
 	echo 1 > /proc/sys/net/ipv4/ip_forward
 </verb>
 <sect1>Transparent caching with ACC Tigris digital access server
 <P>
 by <url url="mailto:John.Saunders@scitec.com.au" name="John Saunders">
 <P>
@ -10594,6 +10882,11 @@ address seems to work.
 HTTP packets.  &lt;Host-IP&gt; is the IP address of your cache, and
 &lt;interface&gt; is the network interface that receives those packets (probably eth0).
 <sect3>Joe Cooper's Patch
 <p>
 Joe Cooper has a patch for Linux 2.2.18 kernel on his 
 <url url="http://www.swelltech.com/pengies/joe/patches/" name="Squid page">.
 <sect3>WCCP Specific Module
 <P>
@ -10651,7 +10944,7 @@ name="Internet Draft"> (expires Jan 2001).
 At this point, Squid does not support WCCPv2, but anyone 
 is welcome to code it up and contribute to the Squid project.
-<sect1>Transparent caching with Foundry L4 switches
+<sect1>Interception caching with Foundry L4 switches
 <p>
 by <url url="mailto:signal at shreve dot net" name="Brian Feeny">.
 <p>
@ -10860,7 +11153,7 @@ in 2.2.
 <P>
 You can test if your Squid supports SNMP with the <em/snmpwalk/ program
 (<em/snmpwalk/ is a part of the
-<url url="http://www.ece.ucdavis.edu/ucd-snmp/" name="UCD-SNMP project">).
+<url url="http://net-snmp.sourceforge.net/" name="NET-SNMP project">).
 Note that you have to specify the SNMP port, which in Squid defaults to
 3401.
 <verb>
@ -10876,8 +11169,8 @@ then it is working ok, and you should be able to make nice statistics out of it.
 <P>
 For an explanation of what every string (OID) does, you should
-refer to the <url url="http://www.ircache.net/Cache/cache-snmp/"
+refer to the <url url="/SNMP/"
-name="Cache SNMP web pages">.
+name="Squid SNMP web pages">.
 <sect1>What can I use SNMP and Squid for?
 <P>
@ -10890,21 +11183,24 @@ frequently. Why not let MRTG do it for you?
 <sect1>How can I use SNMP with Squid?
 <p>
-There are a number of tools that you can use to monitor Squid via SNMP. A very popular one
+There are a number of tools that you can use to monitor Squid via
-is MRTG, there are however a number of others. To learn what they are and to get additional
+SNMP.  Many people use MRTG.  Another good combination is <url
-documentation, please visit the <url url="http://www.ircache.net/Cache/cache-snmp/"
+url="http://net-snmp.sourceforge.net/" name="NET-SNMP"> plus <url
-name="Cache SNMP web pages">.
+url="http://people.ee.ethz.ch/~oetiker/webtools/rrdtool/"
 name="RRDTool">.  You might be able to find more
 information at the <url url="/SNMP/"
 name="Squid SNMP web pages">.
 <sect2>MRTG
 <P>
-We use <url url="http://ee-staff.ethz.ch/&percnt;7eoetiker/webtools/mrtg/mrtg.html" name="MRTG">
+Some people use <url url="http://www.mrtg.org/" name="MRTG">
-to query Squid through its <url url="http://www.nlanr.net/Cache/cache-snmp/" name="SNMP interface">.
+to query Squid through its SNMP interface.
 <P>
 To get instruction on using MRTG with Squid please visit these pages:
 <enum>
 <item><url url="http://unary.calvin.edu/squid.html" name="Squid + MRTG graphs">
 <item><url url="http://www.ircache.net/Cache/cache-snmp/" name="Cache SNMP web pages">
 </enum>
 <sect1>Where can I get more information/discussion about Squid and SNMP?
@ -11048,7 +11344,7 @@ the password file as an argument.  For example:
 <P>
 After all that, you should be able to start up Squid.  If we left something out, or
-haven't been clear enough, please let us know (squid-faq@ircache.net).
+haven't been clear enough, please let us know (squid-faq@squid-cache.org).
 <sect1>Why does proxy-auth reject all users with Squid-2.2?
 <P>
@ -11501,6 +11797,7 @@ will be empty.
 <sect1>Customizable Error Messages
 <label id="custom-err-msgs">
 <P>
 Squid-2 lets you customize your error messages.  The source distribution
 includes error messages in different languages.  You can select the
@ -11752,7 +12049,7 @@ get stuck in a forwarding loop.
 <sect2>Wget
 <P>
 <url url="ftp://gnjilux.cc.fer.hr/pub/unix/util/wget/" name="Wget"> is a
-command-line Web client.  It supports recursive retrievals and
+command-line Web client.  It supports HTTP and FTP URLs, recursive retrievals, and
 HTTP proxies.
 <sect2>echoping
@ -11861,30 +12158,37 @@ and
 <sect1>What is DISKD?
 <p>
-DISKD refers to some features in Squid-2.4 to improve Disk I/O performance.
+DISKD refers to some features in Squid-2.4 to improve Disk I/O
-The basic idea is that each <em/cache_dir/ has its own <em/diskd/ child process.
+performance.  The basic idea is that each <em/cache_dir/ has its
-The diskd process performs all disk I/O operations (open, close, read, write, unlink)
+own <em/diskd/ child process.  The diskd process performs all disk
-for the cache_dir.  Message queues are used to send requests and responses between
+I/O operations (open, close, read, write, unlink) for the cache_dir.
-the Squid and diskd processes.  Shared memory is used for chunks of data to 
+Message queues are used to send requests and responses between the
-be read and written.
+Squid and diskd processes.  Shared memory is used for chunks of
 data to be read and written.
 <sect1>Does it perform better?
 <p>
-Yes.  We benchmarked Squid-2.4 with DISKD at the
+Yes.  We benchmarked Squid-2.4 with DISKD at the <url
-<url url="http://polygraph.ircache.net/Results/bakeoff-2/" name="Second IRCache Bake-Off">.
+url="http://polygraph.ircache.net/Results/bakeoff-2/" name="Second
-The results are also described <url url="/Benchmarking/bakeoff-02/" name="here">.
+IRCache Bake-Off">.  The results are also described <url
-At the bakeoff, we got 160 req/sec with diskd.  Without diskd, we'd have gotten about 40 req/sec.
+url="/Benchmarking/bakeoff-02/" name="here">.  At the bakeoff, we
 got 160 req/sec with diskd.  Without diskd, we'd have gotten about
 40 req/sec.
-<sect1>What do I need to use it?
+<sect1>How do I use it?
 <p>
-<enum>
+You need to run Squid version <url url="/Versions/v2/2.4" name="2.4"> or later.
-<item>
+Your operating system must support message queues, and shared memory.
-	Squid-2.4
+<p>
-<item>
+To configure Squid for DISKD, use the <em/--enable-storeio/ option:
-	Your operating system must support message queues.
+<verb>
-<item>
+% ./configure --enable-storeio=diskd,ufs
-	Your operating system must support shared memory.
+</verb>
-</enum>
+
 <sect1>FATAL: Unknown cache_dir type 'diskd'
 <p>
 You didn't put <em/diskd/ in the list of storeio modules as described
 above.  You need to run <em/configure/ and and recompile Squid.
 <sect1>If I use DISKD, do I have to wipe out my current cache?
 <p>
@ -11990,6 +12294,15 @@ message queue parameters except to modify the include files
 and build a new kernel.  On my system, the file
 is <em>/usr/src/linux/include/linux/msg.h</em>.
 <p>
 Stefan K&ouml;psell reports that if you compile sysctl support
 into your kernel, then you can change the following values:
 <itemize>
 <item>kernel.msgmnb
 <item>kernel.msgmni
 <item>kernel.msgmax
 </itemize>
 <sect2>Solaris
 <p>
 Refer to <url url="http://www.sunworld.com/sunworldonline/swol-11-1997/swol-11-insidesolaris.html"
@ -12097,6 +12410,15 @@ is <em>/usr/src/linux/include/asm-i386/shmparam.h</em>
 Oh, it looks like you can change <em/SHMMAX/ by writing
 the file <em>/proc/sys/kernel/shmmax</em>.
 <p>
 Stefan K&ouml;psell reports that if you compile sysctl support
 into your kernel, then you can change the following values:
 <itemize>
 <item>kernel.shmall
 <item>kernel.shmmni
 <item>kernel.shmmax
 </itemize>
 <sect2>Solaris
 <p>
@ -12132,20 +12454,24 @@ These numbers refer to the number of oustanding requests on a message
 queue.  They are specified on the <em/cache_dir/ option line, after
 the L1 and L2 directories:
 <verb>
-cache_dir diskd -1 /cache1 1024 16 256 64 72
+cache_dir diskd /cache1 1024 16 256 Q1=72 Q2=64
 </verb>
 <p>
-If there are more than Q1 messages outstanding, then the main Squid
+If there are more than Q1 messages outstanding, then Squid will
 process ``blocks'' for a little bit until the diskd process services
 some of the messages and sends back some replies. 
 <p>
 If there are more than Q2 messages outstanding, then Squid will
 intentionally fail to open disk files for reading and writing.
 This is a load-shedding mechanism.  If your cache gets really really
 busy and the disks can not keep up, Squid bypasses the disks until
 the load goes down again.
 <p>
-Reasonable values for Q1 and Q2 are 64 and 72, respectively.
+If there are more than Q2 messages outstanding, then the main Squid
 process ``blocks'' for a little bit until the diskd process services
 some of the messages and sends back some replies. 
 <p>
 Q1 should be larger than Q2.  You want Squid to get to the 
 ``blocking'' condition before it gets to the ``refuse to open files''
 condition.
 <p>
 Reasonable values for Q1 and Q2 are 72 and 64, respectively.
 <!-- %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -->
@ -12173,6 +12499,15 @@ the user to enter a name and password.  The name and password are
 encoded, and sent in the <em/Authorization/ header for subsequent
 requests to the proxy.
 <p>
 <em>NOTE</em>: The name and password are encoded using ``base64''
 (See section 11.1 of <url url="ftp://ftp.isi.edu/in-notes/rfc2616.txt"
 name="RFC 2616">).  However, base64 is a binary-to-text encoding only,
 it does NOT encrypt the information it encodes.  This means that
 the username and password are essentially ``cleartext'' between
 the browser and the proxy.  Therefore, you probably should not use
 the same username and password that you would use for your account login.
 <p>
 Authentication is actually performed outside of main Squid process.
 When Squid starts, it spawns a number of authentication subprocesses.
@ -12294,8 +12629,51 @@ name="A Tao of Regular Expressions"> and
 <url url="http://www.newbie.org/gazette/xxaxx/xprmnt02.html"
 name="Newbie's page">.
 <!-- %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -->
 <sect>Security Concerns
 <sect1>Open-access proxies
 <p>
 Squid's default configuration file denies all client requests.  It is the
 administrator's responsibility to configure Squid to allow access only
 to trusted hosts and/or users.
 <p>
 If your proxy allows access from untrusted hosts or users, you can be
 sure that people will find and abuse your service.  Some people
 will use your proxy to make their browsing anonymous.  Others will
 intentionally use your proxy for transactions that may be illegal
 (such as credit card fraud).  A number of web sites exist simply
 to provide the world with a list of open-access HTTP proxies.  You
 don't want to end up on this list.
 <p>
 Be sure to carefully design your access control scheme.  You should
 also check it from time to time to make sure that it works as you
 expect. 
 <sect1>Mail relaying
 <p>
 SMTP and HTTP are rather similar in design.  This, unfortunately, may
 allow someone to relay an email message through your HTTP proxy.  To
 prevent this, you must make sure that your proxy denies HTTP requests
 to port 25, the SMTP port.
 <p>
 Squid is configured this way by default.  The default <em/squid.conf/
 file lists a small number of trusted ports.  See the <em/Safe_ports/
 ACL in <em/squid.conf/.  Your configuration file should always deny
 unsafe ports early in the <em/http_access/ lists:
 <verb>
-$Id: FAQ.sgml,v 1.2 2004/09/09 12:36:20 cvsdist Exp $
+http_access deny !Safe_ports
 (additional http_access lines ...)
 </verb>
 <p>
 Do NOT add port 25 to <em/Safe_ports/ (unless your goal is to end
 up in the <url url="http://mail-abuse.org/rbl/" name="RBL">).  You may
 want to make a cron job that regularly verifies that your proxy blocks
 access to port 25.
 <verb>
 $Id: FAQ.sgml,v 1.3 2004/09/09 12:36:55 cvsdist Exp $
 </verb>
 </article>
 <!--  LocalWords:  SSL MSIE Netmanage Chameleon WebSurfer unchecking remotehost
--- a/2
+++ b/2
@ -1 +1 @@
-c38c083f44c222a8d026fa129c30b98f  squid-2.3.STABLE4-src.tar.gz
+6a3977716571a8459cf66b96306f7c05  squid-2.4.STABLE1-src.tar.gz
--- a/squid.spec
+++ b/squid.spec
@ -1,9 +1,9 @@
 Summary: The Squid proxy caching server.
 Name: squid
-Version: 2.3.STABLE4
+Version: 2.4.STABLE1
-Release: 10.7.1
+Release: 4
 Serial: 6
-Copyright: GPL
+License: GPL
 Group: System Environment/Daemons
 Source: http://www.squid-cache.org/Squid/v2/squid-%{version}-src.tar.gz
 Source1: http://www.squid-cache.org/Squid/FAQ/FAQ.sgml
@ -11,24 +11,19 @@ Source2: squid.init
 Source3: squid.logrotate
 Source4: squid.sysconfig
 Patch0: squid-2.1-make.patch
-Patch1: squid-2.3-config.patch
+Patch1: squid-2.4-config.patch
 Patch2: squid-perlpath.patch
-Patch3: squid-2.3.STABLE4-domainmatch.patch
+Patch3: squid-location.patch
-Patch4: squid-mktemp.patch
+Patch10: squid-2.4.stable1-diskd_fixed_path.patch
-Patch5: squid-location.patch
+Patch11: squid-2.4.stable1-force_valid_blksize.patch
-Patch10: squid-2.3.stable4-ftp_icon_not_found.patch
+Patch12: squid-2.4.stable1-high_cpu_with_peers.patch
-Patch11: squid-2.3.stable4-internal_dns_rcode_table_formatting.patch
+Patch13: squid-2.4.stable1-htcp_assertion_fix.patch
-Patch12: squid-2.3.stable4-invalid_ip_acl_entry.patch
+Patch14: squid-2.4.stable1-kill_parent_on_child_sigkill.patch
-Patch13: squid-2.3.stable4-ipfw_configure.patch
+Patch15: squid-2.4.stable1-wrong_sign_on_timestamp_check.patch
-Patch14: squid-2.3.stable4-accel_only_access.patch
+BuildRoot: %{_tmppath}/%{name}-%{version}-root
 Patch15: squid-2.3.stable4-carp-assertion.patch
 Patch16: squid-2.3.stable4-html_quoting.patch
 Patch17: squid-2.3.stable4-snmp-community-null-pointer.patch
 Patch18: squid-2.4stable-ftpcrash.path
 BuildRoot: /var/tmp/squid-root
 Prereq: /sbin/chkconfig logrotate shadow-utils  /etc/init.d
 Requires: bash >= 2.0
-BuildPrereq: jade sgml-tools
+BuildPrereq: openjade sgml-tools openldap-devel pam-devel
 Obsoletes: squid-novm
 %description
@ -49,27 +44,23 @@ lookup program (dnsserver), a program for retrieving FTP data
 %patch0 -p1 -b .make
 %patch1 -p1 -b .config
 %patch2 -p1 -b .perlpath
-%patch3 -p1 -b .acl2
+%patch3 -p1
-cd src
+%patch10 -p0 -b .diskd
-%patch4 -p0 -b .mktemp
+%patch11 -p0 -b .force_valid_blksize
-cd ..
+%patch12 -p0 -b .cpu_peer
-%patch5 -p1
+%patch13 -p0 -b .htcp
-%patch10 -p0 -b .ftp-icon
+%patch14 -p0 -b .kill_parent
-%patch11 -p0 -b .dns
+%patch15 -p0 -b .timestamp
 %patch12 -p0 -b .ip_acl
 %patch13 -p0 -b .config
 %patch14 -p0 -b .accel_only
 %patch15 -p0 -b .carp
 %patch16 -p0 -b .html_quote
 %patch17 -p0 -b .snmp
 %patch18 -p0 -b .ftp-crash
 %build
 %configure \
   --exec_prefix=/usr --bindir=/usr/sbin --libexecdir=/usr/lib/squid \
   --localstatedir=/var --sysconfdir=/etc/squid \
-   --enable-poll --enable-snmp --enable-heap-replacement \
+   --enable-poll --enable-snmp --enable-removal-policies="heap,lru" \
-   --enable-delay-pools # --enable-icmp
+   --enable-storeio="aufs,coss,diskd,ufs" \
   --enable-delay-pools --enable-linux-netfilter \
   --enable-htcp --enable-carp --with-pthreads \
   --enable-auth-modules="LDAP,NCSA,PAM,SMB,MSNT"  # --enable-icmp
 # Some versions of autoconf fail to detect sys/resource.h correctly;
 # apparently because it generates a compiler warning.
@ -90,19 +81,19 @@ cp $RPM_SOURCE_DIR/FAQ.sgml faq
 cd faq 
 sgml2html FAQ.sgml
-cd ..
+#cd ..
-cd auth_modules
+#cd auth_modules
-cd LDAP
+#cd LDAP
-make
+#make
-cd ../NCSA
+#cd ../NCSA
-make
+#make
-cd ../PAM
+#cd ../PAM
-make
+#make
-cd ../SMB
+#cd ../SMB
-make SAMBAPREFIX=%{prefix}
+#make SAMBAPREFIX=%{prefix}
-cd ../getpwnam
+#cd ../getpwnam
-make
+#make
-cd ../..
+#cd ../..
 %install
 rm -rf $RPM_BUILD_ROOT
@ -113,11 +104,7 @@ rm -rf $RPM_BUILD_ROOT
 	libexecdir=$RPM_BUILD_ROOT/usr/lib/squid
 #install -m 4750 src/pinger $RPM_BUILD_ROOT/usr/lib/squid
-install -m 755 auth_modules/PAM/pam_auth $RPM_BUILD_ROOT/usr/lib/squid
+mv $RPM_BUILD_ROOT/usr/sbin/*auth $RPM_BUILD_ROOT/usr/lib/squid
 install -m 755 auth_modules/LDAP/squid_ldap_auth $RPM_BUILD_ROOT/usr/lib/squid
 install -m 755 auth_modules/NCSA/ncsa_auth $RPM_BUILD_ROOT/usr/lib/squid
 install -m 755 auth_modules/SMB/smb_auth $RPM_BUILD_ROOT/usr/lib/squid
 install -m 755 auth_modules/getpwnam/getpwnam_auth $RPM_BUILD_ROOT/usr/lib/squid
 cd errors
 rm -rf $RPM_BUILD_ROOT/etc/squid/errors
@ -148,21 +135,17 @@ rm -rf $RPM_BUILD_ROOT
 %files
 %defattr(-,root,root)
 %dir /etc/squid
 %config(noreplace) /etc/squid/squid.conf
 %config(noreplace) /etc/squid/mime.conf
 %config(noreplace) /etc/sysconfig/squid
 %config /etc/squid/mib.txt
 /etc/squid/squid.conf.default
 /etc/squid/mime.conf.default
 /etc/squid/errors
-/usr/lib/squid/errors
+/usr/lib/squid
 /usr/lib/squid/icons
 /usr/lib/squid/dnsserver
 /usr/lib/squid/unlinkd
 /usr/lib/squid/*_auth
 #%attr(4750,root,squid) /usr/lib/squid/pinger
 /usr/sbin/squid
 /usr/sbin/client
 /usr/lib/squid/cachemgr.cgi
 %config /etc/rc.d/init.d/squid
 %config /etc/logrotate.d/squid
 %doc faq/* README ChangeLog QUICKSTART doc/*
@ -262,19 +245,37 @@ fi
 %preun
 if [ $1 = 0 ] ; then
 	service squid stop >/dev/null 2>&1
 	rm -f /var/log/squid/*
 	/sbin/chkconfig --del squid
 	service squid stop >/dev/null 2>&1
 fi
 %postun
 if [ $1 = 0 ] ; then
 	userdel squid
 fi
 if [ "$1" -ge "1" ] ; then
 	service squid condrestart >/dev/null 2>&1
 fi
 %changelog
-* Mon Sep 24 2001 Bill Nottingham <notting@redhat.com>
+* Mon Jul 23 2001 Bill Nottingham <notting@redhat.com>
- add patches to fix SNMP assertion, FTP crash
+- add some buildprereqs (#49705)
 * Sun Jul 22 2001 Bill Nottingham <notting@redhat.com>
 - update FAQ
 * Tue Jul 17 2001 Bill Nottingham <notting@redhat.com>
 - own /etc/squid, /usr/lib/squid
 * Tue Jun 12 2001 Nalin Dahyabhai <nalin@redhat.com>
 - rebuild in new environment
 - s/Copyright:/License:/
 * Tue Apr 24 2001 Bill Nottingham <notting@redhat.com>
 - update to 2.4.STABLE1 + patches
 - enable some more configure options (#24981)
 - oops, ship /etc/sysconfig/squid
 * Fri Mar  2 2001 Nalin Dahyabhai <nalin@redhat.com>
 - rebuild in new environment
`@ -1 +1 @@`
	`squid-2.3.STABLE4-src.tar.gz`	`squid-2.4.STABLE1-src.tar.gz`
`@ -1 +1 @@`
	`c38c083f44c222a8d026fa129c30b98f squid-2.3.STABLE4-src.tar.gz`	`6a3977716571a8459cf66b96306f7c05 squid-2.4.STABLE1-src.tar.gz`