OK so the new RPM of 3.3.9 for CentOS x86_64 is out. it exists now only on: repo and www1 servers. information on where to find these RPMs is here: http://wiki.squid-cache.org/KnowledgeBase/CentOS#Squid-3.3 The SRPM can be found at the SRPM directory of the CentOS repo. Note that this RPM is built for ISP more then authentication etc. it suppose to support a simple and basic forward proxy, intercept and tproxy. This build works and tested with external_acl. if you do have any troubles feel free to contact the list or\and me. Eliezer On 09/28/2013 05:52 PM, Amos Jeffries wrote: > [Apologies if this is a duplicate. The original announcement appears > not to have made it to several of the mailing lists.] > > > The Squid HTTP Proxy team is very pleased to announce the availability > of the Squid-3.3.9 release! > > > This release is a bug fix release resolving several major issues > found in the prior Squid releases. > > > The major changes to be aware of: > > * Bug #3849 <http://bugs.squid-cache.org/show_bug.cgi?id=3849>: > Duplicate certificate sent when using https_port > > This bug is causing the SSL negotiation to fail for some clients. > In particular those using recent versions of GnuTLS. > > > * Bug #3879 <http://bugs.squid-cache.org/show_bug.cgi?id=3879>: > assertion failed ConnStateData::validatePinnedConnection > > This bug can occur when transiting NTLM or Kerberos authenticated > messages even when the proxy is performing authentication. > > > * Regression Bug: off-by-one error in Digest header decoding > > The earlier fix for bug 3077 had a small but critical typo when ported > to 3.2 series which broke Digest authentication in 3.2 and older 3.3 > releases. > > > * OpenSSL infinite loop on validating certificate > > This release includes a workaround for OpenSSL bug #3090 (their > bug number). This bug was visible as an infinite loop consuming > all or many CPU cycles when validating a certificate. Squid is > now able to quickly detect and halt such loops. Treating > certificates which trigger it as containing an error. > > Also the supported OpenSSL error codes have been updated to include > those available in the most recent OpenSSL release. > > > * Bug #3863 <http://bugs.squid-cache.org/show_bug.cgi?id=3863>: > myportname acl causes segmentation fault > > This bug is visible when adaptation (ICAP or eCAP) is being performed > and a myportname ACL is used to test an adapted request. > > > > Other notable changes include: > > * Bug #2112 <http://bugs.squid-cache.org/show_bug.cgi?id=2112>: Reload > into If-None-Match > > This bug fix allows Squid to participate in HTTP revalidation of > cached objects using ETag values. > > > * Improved compatibility with Clang, ICC and GCC 4.8 > > Recent release of these compilers are getting ever more strict. > This release fixes several small issues which have been detected > by these ongoing compiler improvements and may break the build. > > > * Windows support improvements > > Thanks to a new sponsor iCelero providing development resources. > > There are still many issues to be resolved but a patch will become > available soon for building a limited Squid-3.3 proxy with the MinGW > compiler environment. Those interested should contact the squid-dev > mailing list. > > > > > See the ChangeLog for the full list of changes in this and earlier > releases. > > All users are urged to upgrade to this release as soon as possible. > > > Please remember to run "squid -k parse" when testing upgrade to a new > version of Squid. It will audit your configuration files and report > any identifiable issues the new release will have in your installation > before you "press go". We are still removing the infamous "Bungled > Config" halting points and adding checks, so if something is not > identified please report it. > > > > Please refer to the release notes at > http://www.squid-cache.org/Versions/v3/3.3/RELEASENOTES.html > when you are ready to make the switch to Squid-3.3 > > Upgrade tip: > "squid -k parse" is starting to display even more > useful hints about squid.conf changes. > > This new release can be downloaded from our HTTP or FTP servers > > http://www.squid-cache.org/Versions/v3/3.3/ > ftp://ftp.squid-cache.org/pub/squid/ > ftp://ftp.squid-cache.org/pub/archive/3.3/ > > or the mirrors. For a list of mirror sites see > > http://www.squid-cache.org/Download/http-mirrors.html > http://www.squid-cache.org/Download/mirrors.html > > If you encounter any issues with this release please file a bug report. > http://bugs.squid-cache.org/ > > > Amos Jeffries >