From: Amos Jeffries Date: Mon, 2 Aug 2010 13:55:59 +0000 (+1200) Subject: Prep for 3.2.0.1 X-Git-Tag: take1~424 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=6be4a9a8e7f309847bfc669075428380de552512;p=thirdparty%2Fsquid.git Prep for 3.2.0.1 --- diff --git a/ChangeLog b/ChangeLog index ca875a8e0e..2ec07a5bb9 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,49 @@ +Changes to squid-3.2.0.1 (03 Aug 2010): + + - Port from 2.7: Logging infrastructure updates + - Port from 2.7: Unique sequence number per log line + - Port from 2.6: STORE_META_OBJSIZE swapout storage type + - Bug 2792: tcp_outgoing_addr does not work with TPROXY + - Bug 2631: refresh_pattern store-stale option + - Bug 2305: Multiple leaks and assertion crashes in authentication + - Bug 1239: Much needed ACL type random + - Bug 7: (partial): Migrate on-disk objects to cache_mem on hit/refresh and update + - Support full Surrogate/1.0 protocol extensions to HTTP for reverse-proxies + - Support SMP for essential non-caching functionality + - Support logging over TCP + - Support Solaris 10 pthreads (experimental) + - Support Kerberos login to peers + - Support EUI / MAC in more environments + - Support format tags in deny_info URLs + - Support running helpers on-demand instead of all at startup + - Support fully transparent login=PASSTHRU of authentication headers to peers + - Support multi-lingual localised FTP directory listings + - Support TPROXYv4 spoofing of X-Forwarded-For client address + - Support ICAP 206 Partial Content extension + - Append the _ABORTED or _TIMEDOUT suffixes to the action access.log field + - Add ACL support to range_offset_limit + - Add helpers for url_rewrite + - Add helper multiplexer for concurrency emulation with legacy helpers + - Add Perl library which facilitates parsing access logfile entries. + - Add a simple script to summarise traffic use per user + - Add templates for captive portal proxy configuration instructions + - Add logging of the local TCP port used by transactions with HTTP servers + - Update mswin_check_ad_group to version 2.0 + - Update squid_kerb_auth helper to version 3.0.2 + - Remove double-language error page hack (replaced by locale auto-negotiation) + - Remove TPROXYv2 support (replaced by TPROXYv4) + - Remove no_check.pl NTLM helper (replaced by ntlm_fake_auth) + - Re-work ./configure script for smarter auto-detect and early error checks + - Auto-enable all features by default + - Workaround com_err.h C++ brokenness triggered by OpenSSL includes + - Helpers naming scheme + - Add support for write timeouts + - Modify icap_service_failure_limit option to forget old ICAP errors + - Updated man(8) manuals including several additions and translations + - ... and a great many code cleanups + - ... and a great many testing improvements + - ... and many documentation updates + Changes to squid-3.1.6 (02 Aug 2010): - Bug 2994, 2995: IPv4-only regressions diff --git a/doc/release-notes/release-3.2.sgml b/doc/release-notes/release-3.2.sgml index f5256caeb7..4cc6b3382b 100644 --- a/doc/release-notes/release-3.2.sgml +++ b/doc/release-notes/release-3.2.sgml @@ -1,6 +1,6 @@
-Squid 3.2.0.0 release notes +Squid 3.2.0.1 release notes Squid Developers @@ -13,7 +13,7 @@ for Applied Network Research and members of the Web Caching community. Notice

-The Squid Team are pleased to announce the release of Squid-3.2.0.0 for testing. +The Squid Team are pleased to announce the release of Squid-3.2.0.1 for testing. This new release is available for download from or the . @@ -35,14 +35,17 @@ The 3.2 change history can be Squid.conf macros and conditionals

Added support for process_name and process_number macros as well as simple if-statement conditionals in squid.conf. These features allow individual @@ -126,8 +128,38 @@ Most user-facing changes are reflected in squid.conf (see below). SIGHUP: dump the state of all helpers to STDERR -Helper Name Changes +Helpers On-Demand +

Traditionally Squid has been configured with a fixed number of helpers and started them during + it's start and reconfigure phases. This forces the hard configuration problem of how many helpers + will be needed to be solved before starting Squid in production use. + +

The on-demand helpers feature allows greater flexibility and resolves this problem by allowing + maximum, initial and idle thresholds to be configured. Squid will start the initial set during + start and reconfigure phases. However over the operational use new helpers up to the maxium will + be started as load demands. The idle threshold determins how many more helpers to start if the + currently running set is not enough to handle current request loads. + +

For example, a traditional configration is + + auth_param ntlm /usr/libexec/squid/ntlm_auth + auth_param ntlm children 200 + + the alternative on-demand configuration could be: + + auth_param ntlm /usr/libexec/squid/ntlm_auth + auth_param ntlm children 200 startup=10 idle=2 + + +

The example still permits up to 200 helpers to be running at once under peak traffic loads. + But only starts 10 when Squid is initialized resulting in a faster boot up. + When client requests threaten to overload the running helpers an additional 2 will be started. + +

NOTE: if no startup and idle values are specified the traditional behaviour + of starting the maximum number of helpers will occur. + + +Helper Name Changes

To improve the understanding of what each helper does and where it should be used the helper binaries which are bundled with Squid have undergone a naming change in this release. @@ -188,7 +220,6 @@ Most user-facing changes are reflected in squid.conf (see below). Multi-Lingual manuals -

The man(8) and man(1) pages bundled with Squid are now provided online for all versions and beginning with 3.2 they are available in languages other than english. @@ -199,9 +230,59 @@ Most user-facing changes are reflected in squid.conf (see below). Solaris 10 pthreads Support (Experimental) -

Automatic detection and use of the pthreads library available from Solaris 10 +

The result of this addition means that faster more efficient AUFS cache storage mechanisims + are now available in Solaris 10. + +

Support is experimental at this stage due to lack of feedback on the results of enabling it. + We recommend giving AUFS a try for faster disk storage and encourage feedback. + + +Surrogate/1.0 protocol extensions to HTTP +

The Surrogate extensions to HTTP protocol enable an origin web server to specify separate + cache controls for a reverse proxy acting on its behalf. Previously this was closely tied with the ESI + feature support in Squid. This release opens Surrogate support to all reverse proxies. + +

Reverse proxy requests sent on to the web server include the HTTP header Surrogate-Capabilities: + specifying the capabilities of the reverse proxy along with an ID which can be used to target reponses with + a Surrogate-Control: HTTP header used instead of the Cache-Control: header. + +

The default surrogate ID is generated automatically from the Squid site-unique hostname as found by the + automatic detection or manual configuration of visible_hostname although can be configured + separately with the httpd_accel_surrogate_id option. + +

Security Considerations: Websites sould be careful of accepting any surrogate ID. + Older releases of Squid leak the Surrogate-Control headers to external servers. + This 3.2 series of Squid will now prevent this leakage of its own ID destined responses, however it is possible + and for some uses desirable to receive external reverse-proxies Surrogate-Capabilities: headers. + +

NOTE: Several operating system distributions historically package Squid with a forced value of + visible_hostname localhost. If this is done on a Surrogate enabled install a manual re-configuration + is required to prevent an unacceptable surrogate ID of 'localhost' being generated. + + +Logging Infrastructure Updated +

The advanced logging modules introduced in Squid-2.7 are now available from Squid-3.2. + +

This feature is documented at http://wiki.squid-cache.org/Features/LogModules + +

The new infrastructure currently supports several different channels types (modules) ranging from + direct filesystem logging (stdio, daemon) to network logging (syslog, UDP and TCP). The daemon logging + interface allows for a custom helper to be written to process logs in real-time. + +

Upgrading: the access_log was previously logge via what is now called the stdio module. + This is still supported and used by default if no module is named. For best performance particularly in SMP + environments we recommend the daemon be used. The provided log_file_daemon helper + performs the traditional logging to local filesystem. + +

Additional to this the cache.log can now be limited to a smaller number of files stored. + Traditionally cache.log.N has been fixed at the same number of rotated files as access.log.N through the + logfile_rotate setting. The debug_options setting can now be used to configure the number + of debug cache.log files to rotate through with a rotate=N option. This is particularly useful for + logging a single cache.log at relatively high debug levels on a high-traffic system. Or one which is + required to store a long period of access.log and needs to conserve disk space. + Changes to squid.conf since Squid-3.1