- Upgrade to 4.13-1tarball with the following release notes:
 - Update to squid-4.13 with release announcement at
     https://www.mail-archive.com/squid-announce@lists.squid-cache.org/msg00117.html
    It includes a couple of relevant security advisories related to
    cache poisoning.
 - Remove patch for bug 5051 since it is included in the 4.13 release.
- Remove the recursion on the restorecon for SELinux in the %post install
    step, to avoid taking a long time when going through a large cache.

- Upgrade to 4.12-2 tarball with the following release notes (from 4.12-1
   and 4.12-2):
 - Update to squid-4.12 with release announcement at
     https://www.mail-archive.com/squid-announce@lists.squid-cache.org/msg00114.html
    It includes a couple of security advisories, but the are on
    features that as far as I know are not used by frontier-squid users.
 - Remove patches for bug #5030 and #5041 which are included in 4.12
 - Slightly update patch for bug #5051 as recommended by squid consultant
 - Note that an additional, more relevant squid advisory fixed in 4.12 was
    published late:
     https://www.mail-archive.com/squid-announce@lists.squid-cache.org/msg00116.html
 - Support the "stdio:" prefix for access_log

- Require systemd-devel on non-el6 systems, so squid's configure will
  recognize that it is on a systemd-based system.
- Update to shoal-agent-0.9.9, and remove python3 patch because that
  is now merged.

- Fix quoting on el6 build options to select the correct types of basic
  authentication.  The bug accidentally enabled ldap authentication which
  prevented an el6 rpm from installing on el7.
- Remove openldap-devel build dependency.

- Upgrade to 4.11-3 tarball with the following release notes:
 - Apply patch for bug #5051 which prevents a negative cache from
    persisting indefinitely with if-modified-since and collapsed forwarding.
 - Fix shoal when there are multiple squid workers.
 - Add cc.*\.in2p3\.fr to MAJOR_CVMFS.  It was already in ATLAS_FRONTIER
    so it was included for installations that accept both, but not for
    those that accept only MAJOR_CVMFS.

- Upgrade to 4.11-2 tarball with the following release notes:
 - The 4.11 release announcement is now at
     https://www.mail-archive.com/squid-announce@lists.squid-cache.org/msg00108.html
    The announcement was delayed because security vulnerabilities were
    being double-checked.
 - frontier-squid was not susceptible to the ESI vulnerability, because of
    missing libraries on the build machine.  Add --disable-esi to make
    sure it doesn't get accidentally enabled.

- Upgrade to 4.10-4 tarball with the following release note:
 - Add patch for bug 5036 which caused a varying number of capital 'L's
    to appear at the beginning of access.log lines when the log buffer
    overflows.

- Upgrade to 4.10-3 tarball with the following release notes:
 - Update patch for squid bug #5022 to final version.
 - Add patch for squid bug #5030 which reported that negative caching
    was not working.  This is an important feature for keeping load
    down on CVMFS stratum 1s that are not hosting a repository.

- Upgrade to 4.10-2 tarball with the following release notes:
 - Apply patch for squid bug #5022, to prevent a reconfigure from crashing
    the coordinator process when there are multiple workers.
 - Use reconfigure signal for log rotation in all cases again.

- Upgrade to 4.10-1 tarball with the following release notes:
 - Update to squid-4.10, with release notes at
    https://www.mail-archive.com/squid-announce@lists.squid-cache.org/msg00103.html
   including a fix for a serious security vulnerability affecting
   reverse proxies and a potential information leak when proxying ftp.
 - Remove patch for bug #4735, as it has been included in the 4.10 release.
 - Change compressing log rotation back to use copytruncate when there
   are multiple workers, because the reconfigure signal triggers an
   SNMP bug when there are multiple workers (squid bug #5022).
 - Disable log rotatation when SQUID_MAX_ACCESS_LOG=0.  Using this is
    highly discouraged since standard logrotate is usually unable to
    keep up with the high volume of logs typically generated by squid.
    It also interferes with frontier-awstats support.
 - Change log rotating cron scripts to ignore commented lines in
    /etc/sysconfig/frontier-squid

- Upgrade to 4.9-4 tarball with the following release note:
 - Limit the hard nofile ulimit check to the "start" operation.

- Upgrade to 4.9-2 tarball with the following release note:
 - Fix bug in daily cron that prevented it from rotating any logs

- Upgrade to 4.8-2 tarball with the following release note:
 - Add support for starting and stopping shoal-agent when installed and
   enabled by SQUID_AUTO_DISCOVER=true
- Add compilation and installation for shoal-agent

- Upgrade to 4.8-1 tarball with the following release notes:
 - Update to squid-4.8 with release notes at
    https://www.mail-archive.com/squid-announce@lists.squid-cache.org/msg00096.html
   There was no 4.7 announcement but here's the ChangeLog:
    https://github.com/squid-cache/squid/blob/f977bfa698ab92e9474c775cef0e01fb756a4b0f/ChangeLog

- Add %verify (not user group) to the %ghost statements for cache dir
  and log dir, and add %verify (not user group mode) on squid.conf and
  squid.conf.old.  Without those, rpm -V complains on el7 only, not el6.

- Support SELinux by default by doing resorecon -R /var/cache/squid
  during postinstall.

- Upgrade to 3.5.27-4 tarball with the following release note:
 - If the maximum listen backlog (sysctl net.core.somaxconn) is less than
   1/4th the file descriptor limit (ulimit -n) when starting squid,
   increase it to that amount.  That's the listen backlog that squid
   requests, and the larger backlog helps when a server is hit so hard
   with requests that squid can't keep up.

- Upgrade to 3.5.27-3 tarball with the following release notes:
 - Add configuration options to always honor "Pragma: no-cache" from a
   client, even if the client also sends a "Cache-control" header, as
   the current frontier-client (v2.8.20) always does.
     https://bugs.squid-cache.org/show_bug.cgi?id=4809
 - Included provided patches from the squid project related to two
   denial of service security advisories which they say could affect
   all reverse proxies.
    http://www.squid-cache.org/Advisories/SQUID-2018_1.txt
    http://www.squid-cache.org/Advisories/SQUID-2018_2.txt
   For example frontier server launchpad squids are configured as
   reverse proxies.

- Upgrade to 3.5.24-3 tarball with the following release notes:
 - Change quick_abort_min and quick_abort_max once again, this time to
   0 KB, because someone doing a different repeatable test found that
   the 1 GB value still caused some crashes but 0 KB didn't.

- Upgrade to 3.5.23-2 tarball with the following release note:
 - Comment out the fix for security advisory SQUID-2016:10, because it
   caused collapsed forwarding to break for If-Modified-Since requests.
   It was probably implemented incorrectly; discussion is in the
   reopened squid bug report #2833.

- Upgrade to 3.5.22-2 tarball with the following release note:
 - Change default value of dns_v4_first to "on", so it will always try
   ipv4 first if available and then ipv6.  The default was "off" which
   always tries ipv6 first.

- Add creation of config file in /usr/lib/tmpfiles.d to create /run/squid
  directory on reboot of EL7-based systems.