]> git.ipfire.org Git - thirdparty/squid.git/blame - ChangeLog
projects / thirdparty / squid.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Throw, not self_destruct(), on qos_flow configuration errors (#1644)
[thirdparty/squid.git] / ChangeLog
CommitLineData
12638bed
FC		 1Changes in squid-6.7 (4 Feb 2024)
2
3 - Bug 5274: Successful tunnels logged as TCP_TUNNEL/500
4 - Fix crash when NTLM and Negotiate helpers are queried with no HTTP request
5 - Extend cache_log_message to Bug 5187 and job invalidation BUGs
6 - Remove incorrect beta version warning
7 - MS Windows portability improvements
8 - ... and some documentation improvements
9
a0ac5c49
AJ		 10Changes in squid-6.6 (5 Dec 2023):
11
12 - Bug 5328: Fix ESI build with libxml2 v2.12.0
13 - Bug 5319: QOS Netfilter MARK preservation is always disabled
14 - Bug 5318: peer_digest.cc:399: "fetch->pd && receivedData.data"
15 - Bug 5317: FATAL attempt to read data from memory
16 - Bug 5154: Do not open IPv6 sockets when IPv6 is disabled
17 - FTP: Ignore credentials with a NUL-prefixed username
18 - log_db_daemon: Fix DSN construction
19 - Limit the number of allowed X-Forwarded-For hops
20 - Do not update StoreEntry expiration after errorAppendEntry()
21 - improve handling of response sending errors
22
4954e148
FC		 23Changes in squid-6.5 (5 Nov 2023):
24
25 - Bug 5309: frequent "lowestOffset () <= target_offset" assertion
26 - Bug 4977: Remove mem_hdr::freeDataUpto() assertion
27 - Fix handling of expanding HTTP header values
28 - Fix RFC 1123 date parsing
29 - Gracefully shutdown when helper process startup fails
30
7254f20c 31Changes in squid-6.4 (22 Oct 2023):
6a932baa
AJ		 32
33 - Regression: Restore support for legacy cache_object cache manager requests
34 - Regression: Do not use static initialization to register modules
35 - Bug 5301: cachemgr.cgi not showing new manager interface URLs
36 - Bug 5300: cachemgr.cgi assertion
7254f20c
FC		 37 - Fix stack buffer overflow when parsing Digest Authorization
38 - Fix userinfo percent-encoding
39 - Fix store_client caller memory leak on certain errors
40 - Fix validation of certificates with CN=*
41 - Fix handling of large stored response headers
42 - Miss if a HTTP/304 update would exceed reply_header_max_size
43 - RFC 9112: Improve HTTP chunked encoding compliance
6a932baa
AJ		 44 - HTTP: Improve handling of empty lines received prior to request-line
45 - Y2038: improve printing of time settings
46 - Extend cache_log_message to problematic from-helper annotations
7254f20c 47 - ... and several Continuous Integration improvements
6a932baa 48
4f23290e
AJ		 49Changes in squid-6.3 (03 Sep 2023):
50
51 - Bug 5294: ERR_CANNOT_FORWARD returned instead of ERR_DNS_FAIL
52 - Bug 4981: Work around in-call job invalidation bugs
53 - basic_smb_lm_auth: fix 'no previous declaration' warnings
54 - CacheManager: require /squid-internal-mgr/ URL path prefix
55 - ESI: Fix build [-Wsingle-bit-bitfield-constant-conversion]
56 - ... and some documentation changes
57
5ef44798
FC		 58Changes in squid-6.2 (06 Aug 2023):
59
60 - Bug 5187: Work around REQMOD satisfaction regression
61 - Bug 5290: pure virtual call in Ftp::Client constructor
62 - Fix memory leak when reconfiguring multiline all-of ACLs
63 - ... and a lot of code cleanups
64 - ... and some portability fixes on GNU/Hurd and MSWindows
65
b3fa2bcb
AJ		 66Changes in squid-6.1 (06 Jul 2023):
67
68 - Bug 5278: Log %err_code for "early" request handling errors
69 - Do not cache (and do not serve cached) cache manager responses
70 - Fix key equality comparison in LookupTable map
71 - Honor DNS RR TTLs larger than negative_dns_ttl
72 - ... and some documentation changes
73
eecdbc19 74Changes in squid-6.0.3 (07 Jun 2023):
e23389df
FC		 75
76 - Bug 5148: Log %Ss of failed tunnels as TCP_TUNNEL
77 - Do not leak Security::CertErrors created in X509_verify_cert()
78 - Do not erase aborted StoreMap entries that are still being read
79 - Fix build in environments lacking syslog
80 - Fix build failures in some environments due to time_t type conflicts in libdebug
81 - Remove obsolete caddr_t
82 - ... and some documentation changes
83
2519a7b6
FC		 84Changes in squid-6.0.2 (30 Apr 2023):
85
86 - Avoid excessive disk I/O in some environments
87 - ... and several build and portability fixes
88 - ... and all fixes from 5.9
89
49193367 90Changes in squid-6.0.1 (28 Feb 2023):
552d1774
AJ		 91
92 - Bug 5256: Intercepting port fails to accept
93 - Bug 5241: Block all non-localhost requests by default
94 - Bug 5241: Block to-localhost, to-link-local requests by default
95 - Bug 5232: Fix GCC v12 build [-Wuse-after-free]
96 - Bug 5211: support.cc:355: "!filledCheck->sslErrors" assertion
97 - Bug 5194: Remove all unused debug sections
98 - Bug 5162: mgr:index URL do not produce MGR_INDEX template
99 - Bug 5129 pt1: remove Lock use from HttpRequestMethod
100 - Bug 5128: Translation: Fix % i typo in es/ERR_FORWARDING_DENIED
101 - Bug 5021: Add a script to fix spelling error with codespell
102 - Bug 4946: client_side_request.cc: "request != newRequest"
103 - Bug 4832: '!schemeAccess' assertion on exit
5afcde4d 104 - Bug 4572: squidclient: Remove deprecated cache_object:// support
552d1774
AJ		 105 - Bug 4528: ICAP transactions quit on async DNS lookups
106 - Add scripts/trace-context.pl: a debugging tool
107 - Remove cache_diff tool
108 - Remove membanger tool
109 - Remove pconn-banger tool
110 - Remove recv-announce tool
111 - Remove send-announce tool
112 - Remove tcp-banger* tools
113 - Remove ufsdump tool
114 - Remove support for Gopher protocol
115 - Remove support for unused libbsd
116 - Remove bundled GnuRegex library
117 - Remove CPU profiler mechanism
118 - Remove leakfinder (--enable-leakfinder)
119 - Remove --enable-kill-parent-hack
120 - Remove --disable-loadable-modules
121 - Remove unused/disabled/broken LEAK_CHECK_MODE code
122 - Remove SCO 3.2 support
123 - Remove m88k-specific support
124 - Remove NeXTSTEP support
125 - Remove HPUX compiler support
126 - Remove CBDATA debugging
127 - Require C++17
193ed125 128 - cachemgr.cgi: Remove deprecated cache_object:// support
552d1774
AJ		 129 - ext_kerberos_ldap_group_acl: Support -b with -D
130 - ext_lm_group_acl: Improved username handling
131 - negotiate_wrapper: ensure null-termination of strings
132 - pinger: Fix MAX_PKT{4,6}_SZ to account for icmpEchoData padding
133 - HTTP: Replaced X-Cache and X-Cache-Lookup headers with Cache-Status
134 - HTTP: Update Host, Via, and other headers in-place when possible
135 - HTTP: Update status code 413 compliance
136 - RFC 9110: Reject different HTTP requests with unusual framing
137 - RFC 9111: Stop treating Warning specially
138 - RFC 9113: update documentation references
139 - RFC 9218: Priority header registration
140 - SSL-Bump: Remove step2+ stare-and-splice and peek-and-bump support
141 - TLS: Do not send more than one self-signed certificate
142 - TLS: Sort CA certificates in tls-cert=bundle
143 - TLS: Preserve configured order of intermediate CA certificate chain
144 - WCCP: Validate packets better
145 - CI: Support "negative" squid-conf-tests
146 - CI: Maintenance: Support custom astyle versions
147 - CI: test-builds.sh: in case of error dump full log
148 - CI: Add --progress option to test-builds.sh
149 - CI: Change time_units test to also work on 32bit systems
150 - CI: Maintenance: Update astyle version to 3.1
151 - Add cache_log_message directive
152 - Add paranoid_hit_validation directive
153 - Add tls_key_log to report TLS communication secrets
154 - Add %busy_time logformat code
155 - Add %transport::>connection_id logformat code
156 - Add %request_attempts logformat code
157 - Warn about some bad from-helper annotations
158 - Ban acl key changes in req_header, rep_header, and note ACLs
159 - Optimize ephemeral port reuse with IP_BIND_ADDRESS_NO_PORT
160 - Honor httpd_suppress_version_string in more contexts
161 - Honor ftp_port worker-queues option
162 - Log early level-0/1 debugs() messages to cache_log
163 - Support reliable zeroing of sensitive buffers
164 - Do not overwrite caching bans
165 - Do not blame cache_peer for 4xx CONNECT responses
166 - Mimic GET reforwarding decisions when our CONNECT fails
167 - Discarded connections do not contribute to forward_max_tries
168 - Honor assertions during shutdown
169 - Do not stop listening after "ERROR: NAT/TPROXY lookup failed..."
170 - Do not skip problematic regexes in ACLs
171 - Improve coredump_dir on FreeBSD and Solaris based OS
172 - Avoid reverse DNS lookups when logformat %>A is unused
173 - BUG: Unexpected state while connecting to ... server
174 - Properly track (and mark) truncated store entries
175 - Support "file" syntax for 'squid_error' and 'has' ACL parameters
176 - Allow sending "squid -k ..." signals to PID 1
177 - Remove bogus "found KEY_PRIVATE" WARNINGs
178 - Avoid "BUG #3329: Lost orphan ..." during accept problems
179 - Report SMP store queues state (mgr:store_queues)
180 - Remove 8K limit for single access.log line
181 - Rename ./configure option --with-libxml2 to --with-xml2
182 - Rename ./configure option --with-libcap to --with-cap
183 - Match ./configure --help parameter names with their defaults
193ed125 184 - Remove broken -sha1 option from server_cert_fingerprint
552d1774
AJ		 185 - Fix typo in manager ACL
186 - Fix milliseconds in certain cache.log messages
187 - Fix ignore-cc/act-as-origin in wildcard split-stack ports
188 - Fix comm.cc:644: "address.port() != 0" assertion
189 - Fix StoreMap.cc "anchorAt(anchorId).reading()" assertions
190 - Fix double-free segmentation fault on shutdown
191 - Fix client_side_request.cc:2028 "request->method.id()" assertion
192 - Fix reconfiguration leaking tls-cert=... memory
193 - Fix X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY handling
194 - Fix "mem_obj->inmem_lo == 0" assertion in StoreEntry::swapOut()
195 - Fix TCP keepalive
196 - Fix SslBump reconfiguration leaking public key memory
197 - Fix socket accounting for TCP accept()
198 - ... and many documentation changes
199 - ... and much code cleanup and polishing
200 - ... and all fixes from 5.8
201
4a7431df
FC		 202Changes in squid-5.9 (30 Apr 2023):
203
204 - Improve reply_body_max_size matching accuracy
205 - ... and some documentation changes
206 - ... and many portability fixes
207
49193367
AJ		 208Changes in squid-5.8 (28 Feb 2023):
209
210 - Bug 5162: mgr:index URL do not produce MGR_INDEX template
211 - Bug 5241: Block all non-localhost requests by default
212 - Bug 5241: Block to-localhost, to-link-local requests by default
213 - ext_kerberos_ldap_group_acl: Support -b with -D
214 - Fix ACL type typo in req_header, rep_header key-changing ERRORs
215 - ... and several compile fixes
216 - ... and some code cleanup and polishing
217
911833fc
AJ		 218Changes in squid-5.7 (05 Sep 2022):
219
220 - Regression Fix: Typo in manager ACL
221 - Bug 5186: noteDestinationsEnd check failed: transportWait
222 - Bug 5160: Test suite fails with -flto=auto
223 - Bug 3193 pt2: NTLM decoder truncating strings
224 - Bug 5133: OpenSSL 3.0 support
225 - ext_session_acl: fix TDB key lookup
226 - forward_max_tries: Do not count discarded connections
227 - ... and many compile and debugging fixes
228
6f4bee9d
AJ		 229Changes in squid-5.6 (06 Jun 2022):
230
231 - Bug 5208: Part 1: Restart kids killed by SIGKILL
232 - Fix SQUID-MIB smilint errors
233 - negotiate_kerberos_auth: Initialise default_keytab
234 - Improve handling of Gopher responses
235 - ... and some semi-automated code polish
236
c40111e8
AJ		 237Changes in squid-5.5 (12 Apr 2022):
238
239 - Regression Bug 5192: esi_parser default is incorrect
240 - Bug 5177: clientca certificates sent to https_port clients
241 - Bug 5090: Must(!request->pinnedConnection()) violation
242 - Kid restart leads to persistent queue overflows, delays/timeouts
243 - Fix build on Illumos
244 - ESI: Drop incorrect and unnecessary xmlSetFeature() call
245
246Changes in squid-5.4.1 (12 Feb 2022):
b62df37f
AJ		 247
248 - Bug 5055: FATAL FwdState::noteDestinationsEnd exception: opening
249 - Fix FATAL ServiceRep::putConnection exception: theBusyConns > 0
250 - Fix ConnOpener orphan connection warnings when requester ends early
251 - Fix ConnOpener connection handling when sending negative answers
252 - Fix Comm::ConnOpener::cleanFd() debugging
253 - Fix ConnOpener callback's syncWithComm()
254 - Fix FwdState::advanceDestination() losing ERR_GATEWAY_FAILURE details
255 - Fix Tunneler handling of last-resort callback on premature job ending
256 - Fix PeerConnector handling of last-resort callback on premature job ending
257 - Fix FreeBSD 14 build
258 - Fix OpenBSD 7.0 build
259 - Add Comm::Connection::cloneDestinationDetails() debugging
260 - Improve Security::PeerConnector::serverConn and Http::Tunneler::connection management
261 - Refactor ConnOpener users to stop relying on the answer providing Comm::Connection
262 - Refactor ICAP connection-establishing code
263 - Polish PeerPoolMgr code
264 - Polish IDENT code
265 - Polish Gopher code
266 - Polished AsyncJob::Start() API
267 - ... and update code documentation
268
c40111e8 269Changes in squid-5.4 (07 Feb 2022):
4f019e78
AJ		 270
271 - Bug 5190: Preserve configured order of intermediate CA certificate chain
272 - Bug 5188: Fix reconfiguration leaking tls-cert=... memory
273 - Bug 5187: Properly track (and mark) truncated store entries
274 - Bug 5134: assertion failed: Transients.cc:221: "old == e"
275 - Bug 5132: Close the tunnel if to-server conn closes after client
276 - langpack: Fix typo in Russian texts
277 - copyright years and CONTRIBUTORS update
278
3bdbb995
AJ		 279Changes in squid-5.3 (06 Dec 2021):
280
281 - Bug 5169: StoreMap.cc:517 "!s.reading()" assertion
282 - Bug 5158: AnyP::Uri::host() mishandles [escaped] IPv6 addresses
283 - Bug 5060: Parallel builds are not reliable
284 - Documentation updates for logformat directive
285
04add666
AJ		 286Changes in squid-5.2 (03 Oct 2021):
287
288 - Bug 5164: a copy-paste typo in HttpHdrCc::hasMinFresh()
289 - Bug 4922: Improve ftp://... filename extraction
290 - TLS: Fix X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY handling
291 - ... and all fixes from 4.17
292
0c6f7c33
AJ		 293Changes in squid-5.1 (01 Aug 2021):
294
295 - Bug 4696: Fix leaky String move assignment operator
296 - Fix ACL-related reconfiguration memory leak
297 - Fix SSL-Bump reconfiguration leaking public key memory
298 - Fix build on RISC-V
299 - Fix build on Ubuntu 21.04
300
5ea861f5
AJ		 301Changes in squid-5.0.7 (04 Jul 2021):
302
303 - Fix a helper logging issues
304 - Fix some helper connection issues
305 - Cleanup: remove much unused code
306 - ... and all fixes from 4.16
307
5297c853
AJ		 308Changes in squid-5.0.6 (10 May 2021):
309
310 - Bug 5057: Generated response lacks status code
311 - TLS: Handling missing issuer certificates for TLSv1.3
312 - TLS: Detail certificate validation errors during TLS handshake
313 - TLS: Detail client closures of CONNECT tunnels during TLS handshake
314 - TLS: %ssl::<negotiated_version and %ssl::>negotiated_version for TLS/1.3
315 - HTTP: Allow 1xx and 204 responses with Transfer-Encoding headers
316 - Maintenance: Start following Inclusive Naming Initiative advice
317 - Maintenance: Sort source file lists in Makefiles
318 - Maintenance: Support plugin-style scripts for source format enforcement
319 - Cleanup: Deduplicating IPC strand messages
320 - ... and some compile and debugging fixes
321 - ... and all fixes from 4.15
322
5f37a71a
AJ		 323Changes in squid-5.0.5 (02 Feb 2021):
324
325 - HTTP: Do not send Connection:keep-alive/close in HTTP Upgrade requests
326 - Translations: Add es-mx dialect translation of error pages
327 - Fix missing port in request-target of CONNECT requests to peers
328 - Fix some warnings about client_lifetime timeout
329 - ... and several documentation updates
330 - ... and some debug improvements
331 - ... and all fixes from 4.14
332
76b18386
AJ		 333Changes in squid-5.0.4 (23 Aug 2020):
334
335 - Bug 5054: mark dns_v4_first as obsolete in cf.data.pre
336 - Bug 5048: ResolvedPeers.cc:35: "found != paths_.end()" assertion
337 - Reforward CONNECT after TLS handshake failure with peer
338 - Do not send keep-alive in 101 (Switching Protocols) responses
339 - Add http_port sslflags=CONDITIONAL_AUTH
340 - ... and several documentation changes
341 - ... and some compile fixes
342 - ... and all fixes from 4.13
343
5b0fbc71
AJ		 344Changes in squid-5.0.3 (05 Jun 2020):
345
346 - Bug 5046: FreeBSD lacks open(2) O_DSYNC flag
347 - Happy Eyeballs: Do not discard viable reforwarding destinations
348 - Reduced startup time with large rock cache_dirs
349 - Fix the ABA problem with Ipc::Mem::PageStack::pop() in v5.0.1
350 - Fix sending of unknown validation errors to certificate validator
351 - ... and several debug improvements
352 - ... and all fixes from 4.12
353
51f07c98
AJ		 354Changes in squid-5.0.2 (18 Apr 2020):
355
356 - Bug 5030: Negative responses are never cached
357 - Bug 4796: comm.cc !isOpen(conn->fd) assertion when rotating logs
358 - Support worker-dedicated listening queues (SO_REUSEPORT)
359 - High precision time units
360 - Ban reserved annotations in "note", "adaptation_meta" directives
361 - ESI: convert parse exceptions into 500 status response
362 - Fix PURGE error responses
363 - ... and several documentation changes
364 - ... and some compile fixes
5b0fbc71 365 - ... and all fixes from 4.11
51f07c98 366
755eac94
AJ		 367Changes in squid-5.0.1 (14 Jan 2020):
368
369 - Bug 4989: Leaking StoreEntry objects on Cache Digest rebuilds
370 - Bug 4912: same-name notes being appended instead of replaced
371 - Bug 4864: !Comm::MonitorsRead assertion in maybeReadVirginBody()
372 - Bug 4579: cannot hit an entry being written by another worker
373 - ICAP: Initial support for trailers
374 - Add auth_schemes to control schemes presence and order in 401s/407s
375 - Make CONNECT ACL a built-in default
376 - Remove USE_CHUNKEDMEMPOOLS compiler flag
377 - Two new ACLs implemented: annotate_transaction and annotate_client
378 - Add response delay pools feature for Squid-to-client speed limiting
379 - QA: allow test-suite to be run without a full build
380 - Happy Eyeballs: Use each fully resolved forwarding destination ASAP
381 - Support selective CF: collapsed_forwarding_access
382 - Reworked packet/connection marking
383 - Add new deny_info %A macro
384 - Identify collapsed transactions
385 - Add sample Kerberos group authentication external_acl helper
386 - Optimization: Fewer memory (re)allocations for HTTP headers
387 - Add TrivialDB support
388 - Do not send Content-Length in 1xx or 204 responses
389 - negotiate_kerberos_auth: fix memory leaks
390 - ntlm_fake_auth: add ability to test delayed responses
391 - Add %ssl::<cert macro for logging server X.509 certificate
392 - Reuse reserved Negotiate and NTLM helpers after an idle timeout
393 - Log PROXY protocol v2 TLVs
394 - Support logformat %codes in error page templates
395 - Fix incremental parsing of chunked quoted extensions
396 - Peering support for SslBump
397 - RFC 8586: Loop Detection in Content Delivery Networks
398 - Prevent TLS transaction stalls by preserving flags.read_pending
399 - Fix "BUG: Lost previously bumped from-Squid connection"
400 - Add %master_xaction logformat code
401 - Log "-" instead of the made-up method "NONE"
402 - Add GeneratingCONNECT step for the existing at_step ACL
403 - Report context of level-0/1 cache.log messages
404 - Re-enabled updates of stored headers on HTTP 304 responses
405 - Translations: Fix grammatical error in French error pages
406 - Smarter auth_param utf8 handling, including CP1251 support
407 - Fix rock disk entry contamination related to aborted swapouts
408 - Send HTTP/500 (Internal Server Error) when lacking peers
409 - Fix prohibitively slow search for new SMP shm pages
410 - Centralized PagePool/PageStack ID generation
411 - ... and many documentation changes
412 - ... and much code cleanup and polishing
5b0fbc71
AJ		 413 - ... and all fixes from 4.10
414
04add666
AJ		 415Changes in squid-4.17 (03 Oct 2021):
416
417 - WCCP: Validate packets better
418
5ea861f5
AJ		 419Changes in squid-4.16 (04 Jul 2021):
420
421 - Regression Fix: --with-valgrind-debug build broken since 4.15
422 - Bug 5129 pt1: remove Lock use from HttpRequestMethod
423 - Bug 5128: Translation: Fix '% i' typo in es/ERR_FORWARDING_DENIED
424 - Bug 4528: ICAP transactions quit on async DNS lookups
425
5297c853
AJ		 426Changes in squid-4.15 (10 May 2021):
427
428 - Bug 5112: Excessively loud chunked reply parsing error reporting
429 - Bug 5106: Broken cache manager URL parsing
430 - Bug 5104: Memory leak in RFC 2169 response parsing
431 - Bug 3556: "FD ... is not an open socket" for accept() problems
432 - Profiling: CPU timing implemented for MAC non-x86
433 - Fix HttpHeaderStats definition to include hoErrorDetail
434 - Fix Squid-to-client write_timeout triggers client_lifetime timeout
435 - Limit HeaderLookupTable_t::lookup() to BadHdr and specific IDs
436 - Handle more Range requests
437 - Handle more partial responses
438 - Stop processing a response if the Store entry is gone
439 - ... and some portability fixes
440 - ... and some documentation updates
441
5f37a71a
AJ		 442Changes in squid-4.14 (02 Feb 2021):
443
444 - Regression Fix: support for non-lowercase Transfer-Encoding value
445 - Regression Fix: cachemgr.cgi wrong 403 response to authenticated menu URIs
446 - Bug 5076: WCCP Security Info incorrect
447 - Bug 5073: Compile error: index was not declared in this scope
448 - Bug 5065: url_rewrite_program documentation update
449 - Bug 3074 pt2: improved handling of URI paths implicit '/'
450 - Fix transactions exceeding client_lifetime logged as _ABORTED
451
76b18386
AJ		 452Changes to squid-4.13 (23 Aug 2020):
453
454 - Regression Fix: Support parsing GREASEd (and future) TLS handshakes
455 - Bug 5051: Some collapsed revalidation responses never expire
456 - HTTP: Enforce token characters for field-name
457 - HTTP: Forbid obs-fold and bare CR whitespace in framing header fields
458 - HTTP: Improve Transfer-Encoding handling
459 - WCCP: Fix GCC-10 -Wstringop-truncation failures
460 - Honor on_unsupported_protocol for intercepted https_port
461 - Fix livelocking in peerDigestHandleReply
462 - Do not stall while debugging a scan of an empty store_table
463
5b0fbc71
AJ		 464Changes to squid-4.12 (05 Jun 2020):
465
466 - Regression Fix: Revert to slow search for new SMP shm pages
467 - Bug 5045: ext_edirectory_userip_acl is missing include files
468 - Bug 5041: Missing Debug::Extra breaks build on hosts with systemd
469 - Bug 5030: Negative responses are never cached
470 - HTTP: validate Content-Length value prefix
471 - HTTP: add flexible RFC 3986 URI encoder
472 - SslBump: disable OpenSSL TLSv1.3 support for older TLS traffic
473 - Tests: Support passing a custom config.cache to test builds
474 - Fix IPFilter IPv6 detection, especially on NetBSD
475 - Fix stall if transaction overwrites a recently active cache entry
476 - ... and some compile fixes
755eac94 477
51f07c98
AJ		 478Changes to squid-4.11 (18 Apr 2020):
479
480 - Bug 5036: capital 'L's in logs when daemon queue overflows
481 - Bug 5022: Reconfigure kills Coordinator in SMP+ufs configurations
482 - Bug 5016: systemd thinks Squid is ready before Squid listens
483 - kerberos_ldap_group: fix encryption type for cross realm check
484 - HTTP: Ignore malformed Host header in intercept and reverse proxy mode
485 - Fix Digest authentication nonce handling
486 - Supply ALE to request_header_add/reply_header_add
487 - ... and some documentation updates
488 - ... and some compile fixes
489
755eac94
AJ		 490Changes to squid-4.10 (14 Jan 2020):
491
492 - Bug 5009: Build failure with older clang libc++
493 - Bug 5008: SIGBUS in PagePool::level() with custom rock slot size
494 - Bug 5007: Docs: Fix max_filedescriptors description
495 - Bug 4735: Truncated chunked responses cached as whole
496 - ext_lm_group_acl: Improved username handling
497 - Fix FTP buffers handling
498 - Fix shared memory size calculation on 64-bit systems
499 - Fix server_cert_fingerprint on cert validator-reported errors
500 - Fix request URL generation in reverse proxy configurations
501 - ... and several documentation updates
502 - ... and several compile fixes
503
47f1e147
AJ		 504Changes to squid-4.9 (05 Nov 2019):
505
506 - Bug 4978: eCAP crash after using MyHost().newRequest()
507 - Bug 4970: excessive gnutls_certificate_credentials debug msgs
508 - Bug 4969: GCC-9 build failure: stringop-truncation
509 - Bug 4966: Lower cache_peer hostname
510 - Bug 4918: Crashes when using OpenSSL prior to v1.0.2
511 - TLS: Fix parsing of certificate validator responses
512 - TLS: Fix parsing of TLS messages that span multiple records
513 - TLS: Fix on_unsupported_protocol tunnel action
514 - TLS: Fix expiration of self-signed generated certs to be 3 years
515 - HTTP: Ignore malformed Host header in intercept and reverse proxy mode
516 - HTTP: RFC 7230: server MUST reject messages with BWS after field-name
517 - HTTP: Fix URN response handling
518 - HTTP: Hash Digest noncedata
519 - Update URI parser to use SBuf parsing APIs
520 - Prevent truncation for large origin-relative domains
521 - Fix several rock cache_dir corruption issues
522 - Debug detail validation errors for loaded-from-file certificate chains
523 - smblib: Improve SMB server name maintenance
524 - cachemgr.cgi: Add validation for hostname parameter
525 - ... and several compile issues
526 - ... and some documentation updates
527
b339d00c
AJ		 528Changes to squid-4.8 (09 Jul 2019):
529
530 - Bug 4957: Multiple XSS issues in cachemgr.cgi
531 - Bug 4953: to_localhost does not include ::
532 - Bug 4937: cachemgr.cgi: unallocated memory access
533 - Bug 4936: terminating c-strings beyond BASE64_DECODE_LENGTH
534 - Bug 4889: Ignore ECONNABORTED in accept(2)
535 - Bug 4842: Memory leak when http_reply_access uses external_acl
536 - TLS: Fix tls-min-version= being ignored
537 - TLS: Add the NO_TLSv1_3 option to available tls-options values
538 - HTTP: RFC 7230 forbids generation of userinfo subcomponent of https URL
539 - HTTP: Remove userinfo support from old protocols
540 - HTTP: Fix Digest auth parameter parsing
541 - HTTP: Send Connection:close with the known-last request on a connection
542 - HTTP: Fix handling of tiny invalid responses
543 - Replace uudecode with libnettle base64 decoder
544 - Update HttpHeader::getAuth to SBuf
545 - ... and some compile issues
546
b3cc78d3
AJ		 547Changes to squid-4.7 (06 May 2019):
548
549 - Bug 4942: --with-filedescriptors does not do anything
550 - Bug 4928: Cannot convert non-IPv4 to IPv4
551 - Bug 4823: assertion failed: "lowestOffset () <= target_offset"
552 - Bug 4796: comm.cc !isOpen(conn->fd) assertion when rotating logs
553 - Fix squidclient authentication to origin servers
554 - Fix stack-based buffer-overflow when parsing SNMP messages
555 - Add support for buffer-size= to UDP logging
556 - TLS: When using OpenSSL, trust intermediate CAs from trusted store
557
b339d00c 558Changes to squid-4.6 (19 Feb 2019):
2e11c9c2
AJ		 559
560 - Bug 4915: Detect IPv6 loopback binding errors
561 - Bug 4914: Do not call setsid() in --foreground mode
562 - Bug 4875 pt2: GCC-8 compile errors with -O3 optimization
563 - Bug 4856: Exit when GoIntoBackground() fork() call fails
564 - basic_ldap_auth: Return BH on internal errors; polished messages
565 - Fix BodyPipe/Sink memory leaks associated with auto-consumption
566 - Fix OpenSSL builds that define OPENSSL_NO_ENGINE
567 - Fix several cases of rock cache corruption
568 - Add Georgian (ka) language translation
569
6f405e99
AJ		 570Changes to squid-4.5 (01 Jan 2019):
571
572 - Bug 4253: ssl_bump prevents access to some web contents
573 - TLS: add %>handshake logformat code
574 - Redesign forward_max_tries to count TCP connection attempts
575 - Fix client_connection_mark ACL handling of clientless transactions
576 - Fix netdb exchange with a TLS cache_peer
577 - Update netdb when tunneling requests
578 - Use pkg-config for detecting libxml2
579 - ... and some documentation updates
580 - ... and some code compile fixes
581
582Changes to squid-4.4 (28 Oct 2018):
011c7156
AJ		 583
584 - Bug 4893: Malformed %>ru URIs for CONNECT requests
585 - Fix %USER_CA_CERT_xx and %USER_CERT_xx crashes
586 - SSL: support compilation with minimal OpenSSL
587 - SSL: certificate fields injection via %D in ERR_SECURE_CONNECT_FAIL
588 - Fix netdb not saving to disk
589 - Fix memory leak when parsing SNMP packet
590 - ... and some compile issues
591
bc535d91
AJ		 592Changes to squid-4.3 (01 Oct 2018):
593
594 - Bug 4885: Excessive memory usage when running out of descriptors
595 - Bug 4877: Add missing text about external_acl_type %DATA changes
596 - Bug 4875 pt1: GCC-8 compile errors with -O3 optimization
597 - Bug 4716: Blank lines in cachemgr.conf are not skipped
598 - Bug 4691: balance_on_multiple_ip config option docs
599 - basic_pop3_auth: fix startup errors
600 - langpack: Add missing dialect aliases
601 - Fix range_offset_limit debugging
602 - Fix icc build errors
603 - Update systemd dependencies in squid.service
604
2c7246f7
AJ		 605Changes to squid-4.2 (04 Aug 2018):
606
607 - Regression fix: support for https_port clientca= option
608 - Regression Bug 4870: milliseconds logformats prepend 0s instead of spaces
609 - Bug 4861: HTTPMSGLOCK missing pointer safety
610 - Bug 4843 pt3: GCC-8 fixes and refactoring
611 - HTTP: Do not update stored headers on 304 responses
612 - Fix segmentation fault on -k parse
613 - Fix %>ru logging of huge URLs
614 - ... and several performance optimizations
615 - ... and some documentation updates
616 - ... and all fixes from 3.5.28
617
3cd71470
AJ		 618Changes to squid-4.1 (02 Jul 2018):
619
620 - Bug 4223: fixed retries of failed re-forwardable transactions
621 - Bug 4791: Build failure on MacOS
622 - Fix --with-netfilter-conntrack error message
623 - ... and many documentation updates
624
b5391492
AJ		 625Changes to squid-4.0.25 (11 Jun 2018):
626
627 - Regression Bug 4855: querying private entries for HTCP/ICP
628 - Regression Bug 4852: deny_info %R macro not being expanded
629 - Regression Bug 4847: proxy_auth ACL -i/+i flags not working
630 - Regression Bug 4831: filter chain certificates for validity when loading
631 - Regression fix: Transient reader locking broken in 4.0.24
632 - Bug 4845: NegotiateSsl crash on aborting transaction
633 - Bug 4843 pt1: ext_edirectory_userip_acl refactoring for GCC-8
634 - Bug 4843 pt2: squidclient refactoring for GCC-8
635 - Bug 4829: IPC shared memory leaks when disker queue overflows
636 - Bug 4828: Use feature detection for IPFilter API/ABI checks
637 - Bug 4816: update negotiate_kerberos_auth helper protocol to v3.4
638 - Bug 4811: supply AccessLogEntry (ALE) for more fast ACL checks
639 - Bug 4707: purge tool does not obey --sysconfdir= build option
640 - Bug 4171: checking for log_file_daemon despite disabling logging
641 - Bug 4042: ext_kerberos_ldap_group: add -P principal option
642 - TLS: avoid "ssl_crtd" assertions on reconfiguration
643 - Add timestamps to (most) FATAL messages
644 - Add "--kid role-ID" command line option
645 - ... and many documentation updates
646
2db9989c
AJ		 647Changes to squid-4.0.24 (07 Mar 2018):
648
649 - Bug 4822: Build failure (-Wformat) where time_t is not long int
650 - Bug 4505: SMP caches sometimes do not purge entries
651 - TLS: GnuTLS implementation for listening ports and client connections
652 - TPROXY: Fix clientside_mark and client port logging
653 - Native FTP: Fix "Cannot assign requested address" with TPROXY
654 - SSL-Bump: Fix authentication with types other than Basic
655 - ... and many small compile and stability fixes
656 - ... and some documentation fixes
657
f1dfef29 658Changes to squid-4.0.23 (19 Jan 2018):
659
660 - Bug 4715: security_file_certgen: Remove -g and -n options docs
661 - Bug 4679: User names not sent to url_rewrite_program
662 - Bug 4631: security_file_certgen helper without disk cache
663 - Bug 3911: clang -fsanitize warnings
664 - Bug 2378: Duplicates in selected peer destinations
665 - Nettle v3.4 support
666 - Fix Squid FTP server dying because of an unhandled exception
667 - Automatically revive hopeless kids on reconfigure and after a timeout
668 - Fix %<Hs, %<pt, %<tt, %<bs calculation bugs for error responses
669 - ... and many documentation updates
670 - ... and some stability fixes
671
96e628ec 672Changes to squid-4.0.22 (07 Dec 2017):
673
674 - Regression fix: Relay peer CONNECT error status line and headers to clients
675 - Bug 4767: SMP breaks IPv6 SNMP and cache manager queries
676 - Bug 4718: support filling raw buffer space of shared SBufs
677 - Bug 4648: object revalidation for HTTPS scheme
678 - Bug 4616: store_client.cc:92: "mem" assertion
679 - Bug 2821: ignore Content-Range in non-206 responses
680 - HTCP: Ignore packets with invalid URI
681 - TLS: Validate the shortest certificate chain
682 - TLS: Add checks for OpenSSL 1.1.0f API changes
683 - TLS: Fix reporting of validation errors for downloaded intermediate certs
684 - TLS: Fix SSL certificate cache refresh and collision handling
685 - Fix backwards compatibility for Squid-3.5 external_acl_type formats
686 - Fix invalid mime icon URLs in cache
687 - Do not die silently when dying early
688 - Docs: update translation files
689
b008ed2e
AJ		 690Changes to squid-4.0.21 (02 Jul 2017):
691
692 - Bug 4730: segfault while processing internal HTTP requests
693 - Bug 4492: Chunk extension parser is too pedantic
694 - Bug 1961: Redesign urlParse() API
695 - TLS: recognise tls:: namespace on logformat tokens
696 - SSL-Bump: tproxy does not spoof spliced connections
697 - security_file_certgen: collapse queued requests
698 - Add a basic apparmour profile
699 - Add transaction_initiator ACL for detecting various unusual transactions
700 - Add ssl::server_name options to control matching logic
701 - Support for --long-acl-options
702 - Do not die silently when dying via std::terminate()
703 - Fix option --foreground to implement expected behavior
704 - Translations: update .po and .pot to latest texts
705 - ... and some documentation updates
706 - ... and many code cleanup and stability fixes
707 - ... and all fixes from 3.5.27
708
ef396425
AJ		 709Changes to squid-4.0.20 (01 Jun 2017):
710
96e628ec 711 - Bug 4692: SslBump breaks intercepted IPv6 connections
712 - Bug 4682: ignoring http_access deny when client-first bumping mode is used
713 - Bug 4662: build errors with LibreSSL 2.4.4
714 - Bug 4659: sslproxy_foreign_intermediate_certs does not work
715 - Bug 4321: ssl_bump terminate does not terminate at step1
ef396425
AJ		 716 - Add 'has' ACL
717 - Do not forward HTTP requests to dead idle peers
718 - Do not unconditionally revive dead peers after a DNS refresh
719 - Make PID file check/creation atomic to avoid associated race conditions
720 - Count failures and use peer-specific connect timeouts when tunneling
721 - SSL-Bump: Fix crashes when server-first bumping mode is used with openSSL-1.1.0
722 - eCAP: Fix empty header handling in Ecap::HeaderRep::hasAny()
723 - SSL-Bump: Second adaptation missing for CONNECTs
724 - ext_session_acl: cope with new logformat inputs
725 - ... and some documentation updates
726 - ... and some code stability fixes
b008ed2e 727 - ... and all fixes from 3.5.26
ef396425 728
7b84ebcc
AJ		 729Changes to squid-4.0.19 (02 Apr 2017):
730
731 - Bug 4674: delay_parameters for class 3 and 4 assertion failed
732 - Bug 4671: GCC 7 compile errors
733 - Bug 4663: GCC 5+ compile errors with optimization level -O3
734 - Bug 4657: delay IDENT until after PROXY protocol handling
735 - Bug 4610: cleanup of BerkleyDB related checks
736 - squidclient: Fix missing error handling on PUT
737 - digest_ldap_auth: Add -r option to clamp the realm to a fixed value
738 - TLS: initial GnuTLS support for encrypted server connections
739 - Fix appending Http::HdrType::VIA code
740 - Fix URI scheme case-sensitivity treatment
741 - Fix two read-ahead problems related to delay pools (or lack thereof)
742 - Detail swapfile header inconsistencies
743 - ... and several build fixes
744 - ... and many code polishing updates
745 - ... and all fixes from 3.5.25
746
8527bed1
AJ		 747Changes to squid-4.0.18 (06 Feb 2017):
748
749 - Bug 4661: compile error 'warning: _XPG4_2 redefined' with GCC on Solaris 10
750 - Bug 4636: assertion 'byteCount > 0 && byteCount <= inBuf.length()'
751 - Bug 4610 partial: compile errors on Solaris 11.3 with Oracle Studio 12.5
752 - Bug 4599: support OpenSSL 1.1
753 - squidclient: link GnuTLS library debugs to -v level display
754 - Fix GCC6: unused local variable 'weInitiatedThisClosure'
755 - ... and some code polishing
756 - ... and some copyright updates
757 - ... and all fixes from 3.5.24
758
a2eb97b4 759Changes to squid-4.0.17 (16 Dec 2016):
6f4a12cf
AJ		 760
761 - Bug 4630: user credentials cache cleanup not re-scheduled
762 - Bug 4610 partial: compile errors on Solaris 11.3 with Oracle Studio 12.5
763 - Bug 4599 partial: initial support for OpenSSL v1.1
764 - TLS: Support tunneling of bumped non-HTTP traffic
765 - ... and many code polishing and performance updates
766 - ... and some documentation updates
767 - ... and some fixes from 3.5.23
768
6276f56c
AJ		 769Changes to squid-4.0.16 (30 Oct 2016):
770
771 - Avoid segfaults when lacking the server name for certificate validator
772 - HTTP: initial support for Cache-Control:immutable
773 - Fix ssl::server_name ACL
774 - ... and many code polishing updates
775 - ... and some fixes from 3.5.23
776
d710ff25
AJ		 777Changes to squid-4.0.15 (09 Oct 2016):
778
779 - Regression fix crash on reconfigure with TOS/DiffServ/MARK configured
780 - Bug 4610: compile errors on Solaris 11.3 with Oracle Studio 12.5
781 - Bug 4581: Secure ICAP segfault in checkForMissingCertificates
782 - Bug 4578: changes required to install squid.service
783 - Fix crash on shutdown while cleaning up idle ICAP connections
784 - Fix memory leak of Downloader-related objects
785 - HTTP/1.1: handle syntactically valid requests with unsupported HTTP versions
786 - Log TCP client port for error:transaction-end-before-headers and such
787 - ... and many portability and build fixes
788 - ... and some documentation updates
789 - ... and all fixes from 3.5.22
790
f6791433
AJ		 791Changes to squid-4.0.14 (08 Sep 2016):
792
793 - Regression Bug 4570: crash after rev.14755
794 - Regression Bug 4561: Replace use of default move operators with explicit implementation
795 - Bug 4503: Do not access-log SslBump-faked CONNECTs with _ABORTED suffixes
796 - Bug 4404: Do not access-log chunked non-persistent responses with _ABORTED suffix
797 - Fix crashes on shutdown while cleaning up idle ICAP connections
798 - Fix logformat unable to configure codes with /-escape
799 - HTTP: MUST respond with 414 (URI Too Long) when request-target exceeds limits
800 - HTTP: validate Content-Length header values
801 - Make Squid death due to overloaded helpers optional
802 - Better support for unknown URL schemes
803 - Do not log error:transaction-end-before-headers after invalid requests
804 - ... and many portability and build fixes
805 - ... and some documentation updates
d710ff25 806 - ... and all fixes from 3.5.21
f6791433 807
7566fb7e
AJ		 808Changes to squid-4.0.13 (05 Aug 2016):
809
810 - Regression Bug 4540: revert r14720 buffer update
811 - Bug 4555: Minor improvements to error pages CSS
812 - Bug 4551: fix exceptions in new chunked decoder
813 - Bug 4311: support collapse for internal revalidation requests (SMP-unaware caches)
814 - Fix Certificate Validator buffer-overflow crashes Squid
815 - Fix some failed transactions not being logged
816 - Fix segfault via Ftp::Client::readControlReply().
817 - basic_db_auth: add support for unsalted SHA1 passwords
818 - kerberos_ldap_group: add support for SSL/TLS connection to an LDAP server
819 - TLS: Add missing 'tls' option for cache_peer
820 - TLS: Do not hang when 'connector' fails
821 - TLS: Add support for fetching missing certificates
822 - Remove XSTD_USE_LIBLTDL, which has not been needed in a long while
823 - ... and many code polishing updates
824 - ... and some documentation updates
825
267a742e
AJ		 826Changes to squid-4.0.12 (01 Jul 2016):
827
828 - Regression Fix: shell issues with require_smblib definition
829 - Regression Bug 4532: pid_filename not working as documented
830 - Regression Bug 4504: Too many WARNING: Ignoring error setting CA certificate locations
831 - Bug 4516: security_file_certgen man page update
832 - Bug 4446: undefined reference to 'libecap::Name::Name'
833 - Bug 4376: clang cannot build Squid eCAP code
834 - HTTP/1.1: Update all stored headers on 304 revalidation
835 - TLS: Authority Key Identifier certificate extension
836 - Add a script to find kid-specific cache.log lines
837 - Cleanup cppunit detection and use
838 - ... and several performance improvements
839 - ... and some unit test updates
840 - ... and all fixes from 3.5.20
841
c17f835b
AJ		 842Changes to squid-4.0.11 (09 Jun 2016):
843
844 - Bug 4517: error: comparison between signed and unsigned integer
845 - Bug 4492: chunked parser needs to accept BWS after chunk size
846 - HTTP/1.1: allow chunking the last HTTP response on a connection
847 - HTTP/1.1: unfold mime header blocks
848 - TLS: fast SNI peek
849 - TLS: check for SSL_CIPHER_get_id() support required in adjustSSL()
850 - TLS: never enable OPENSSL_HELLO_OVERWRITE_HACK automatically
851 - squidclient: improve shell-escape support in -H option
852 - Do not allow low-level debugging to hide important/critical messages
853 - Replace new/delete operators using modern C++ rules
854 - Remove ie_refresh configuration option
855 - Deprecating SMB LanMan helpers
856 - Mark refresh-waiting transactions with REFRESH
857 - ... and some code cleanup and polishing
858
25e7b074
AJ		 859Changes to squid-4.0.10 (06 May 2016):
860
861 - Accumulate fewer unknown-size responses to avoid overwhelming disks.
862 - Fix shared memory corruption when storing multi-slot (>32KB) shm misses.
863 - ... and some documentation and code cleanup
864 - ... and all fixes from 3.5.18
865
2dae5986
AJ		 866Changes to squid-4.0.9 (20 Apr 2016):
867
25e7b074 868 - Bug 4405: assertion failed: comm.cc:554: "Comm::IsConnOpen(conn)"
2dae5986
AJ		 869 - Add a new error page token for unquoted external ACL messages.
870 - Stop parsing response prefix after discovering an "HTTP/0.9" response.
871 - ... and some documentation updates
872 - ... and some code polishing
873 - ... and all fixes from 3.5.17
874
b1e01a62
AJ		 875Changes to squid-4.0.8 (02 Apr 2016):
876
877 - Bug 4459: FHS compliance: move netdb.state and ssl_db to /var/cache/squid
878 - Bug 4458: Behaviour change with external ACL arguments
879 - Bug 4450: wait() related cleanup
880 - Bug 4438: SIGSEGV in memFreeString() destructing SBuf globals on shutdown/restart
881 - Bug 4312: Support disabling collapsed forwarding SMP cooperation
882 - Bug 3826: SMP compatibility with systemd and --foreground option
883 - Bug 1979: Add ACL-driven server_pconn_for_nonretriable squid.conf directive
884 - Bug 7 (partial): Update cached entries on 304 responses
885 - Add reply_header_add directive
886 - HTTP/1.1: Do not prohibit updating Last-Modified on 304 responses
887 - Fix memory leaks of lastAclData and AccessLogentry::url
888 - Fix clang -Winconsistent-missing-override warning
889 - Tests: update test suite for GnuTLS
890 - ... and some documentation updates
891 - ... and some code cleanup and polishing
97f9388a 892 - ... and all fixes from squid 3.5.16
b1e01a62 893
81bf66f8
AJ		 894Changes to squid-4.0.7 (23 Feb 2016):
895
896 - Regression Fix: external_acl parameters separated by %20 instead of space
897 - Bug 4432: assertion failed: store.cc:1919: "isEmpty()"
898 - Bug 4111: leave_suid() does not properly handle error codes returned by setuid
899 - Fix propagation of response status line parsing error details
900 - Fix memory leak when the cache of sslcrtvalidator_program is disabled via ttl=0
901 - ... and some code SourceLayout project cleaning
902 - ... and all fixes from squid 3.5.15
903
4e071e97
AJ		 904Changes to squid-4.0.6 (16 Feb 2016):
905
906 - Regression Bug 4436: Fix DEFAULT_SSL_CRTD
907 - Fix "dial: Ssl::PeerConnector::sslCrtvdHandleReply threw exception: callback != NULL"
4e071e97
AJ		 908 - ... and some documentation updates
909 - ... and all fixes from squid 3.5.14
910
ff87fda5
AJ		 911Changes to squid-4.0.5 (09 Feb 2016):
912
913 - Regression Bug 4429: http(s)_port options= error message missing characters
914 - Regression Bug 4410: 4.0.4 compile error in basic_ncsa_auth
915 - Regression Bug 4403: helper compile errors after 4.0.4 rev.14454
916 - Regression Bug 4401: compile error on Solaris
917 - Regression Fix: TLS/SSL flags parsing
918 - Regression Fix: cert validadator always disabled in 4.x
919 - Regression Fix: Name-only note ACL stopped matching after 4.0.4 rev.14465 (note -m)
920 - Regression Fix: external_acl problems after 4.0.1 rev.14351
921 - Bug 4409 (partial): compile error when two Heimdal libraries are installed
922 - Bug 4005: Dynamic certificate cache exceeds dynamic_cert_mem_cache_size
923 - SMP: Fix cleanup of a shared memory segment in an unusual configuration
924 - SSL-Bump: Fix step3 splicing.
925 - Add connections_encrypted ACL
926 - Make %<a and %<p details available to [eCAP] RESPMOD services
927 - Rename cert_valid.pl to security_fake_certverify
928 - Rename ssl_crtd helper to security_file_certgen
929 - ... and a lot of code SourceLayout project cleaning
930 - ... and some documentation updates
931 - ... and all fixes from squid 3.5.13 up to rev.13979
932
0461fde7
AJ		 933Changes to squid-4.0.4 (06 Jan 2016):
934
78121f9a
AJ		 935 - Regression Bug 4393: compile fails on OS X
936 - Bug 4392: assertion CbcPointer.h:159: 'c' via tunnelServerClosed or tunnelClientClosed
0461fde7
AJ		 937 - Support use of Kerberos credentials cache instead of keytab
938 - Support logging of TLS Cryptography Parameters
939 - Support substring matching in Note ACL
940 - ... and some code cleanup and polishing
941 - ... and all fixes from squid 3.5.13
942
bf7891f2
AJ		 943Changes to squid-4.0.3 (28 Nov 2015):
944
945 - Bug 4372: missing template files
946 - Bug 4371: compile errors: no such file or directory: DiskIO/*/*DiskIOModule.o
947 - Bug 4368: A simpler and more robust HTTP request line parser
948 - Fix compile erorr on clang undefined reference to '__atomic_load_8'
949 - ext_kerberos_ldap_group_acl: Add missing workarounds for Heimdal Kerberos
950 - ext_ldap_group_acl: Allow unlimited LDAP search filter
951 - ext_unix_group_acl: Support -r parameter to strip @REALM from usernames
952 - ... and much code cleanup and polishing
0461fde7 953 - ... and all fixes from squid 3.5.12
bf7891f2 954
0b475d3f
AJ		 955Changes to squid-4.0.2 (01 Nov 2015):
956
957 - Regression Bug 4351: compile errors when authentication modules disabled
958 - Regression fix: HTTP/1.1 Transfer-Encoding:chunked parsing
959 - Bug 4359: assertion failure 'Comm::IsConnOpen(conn)' within ConnStateData::requestTimeout
960 - Bug 4356: segmentation fault using proxy_auth ACL
961 - Bug 4352: compile errors in OS X 10.11
962 - Bug 4021: ext_user_regex does exact match
963 - Bug 3574: avoid crashes, prohibit reconfiguration during shutdown
964 - Support re-assigning delay pools based on HTTP reply details
965 - ... and all fixes from squid 3.5.11
966
1243ec71
AJ		 967Changes to squid-4.0.1 (14 Oct 2015):
968
969 - Bug 4329: GCC 5.2 no known conversion for argument
970 - Bug 4292: negotiate_wrapper: Unreleased Resources
971 - Bug 4269: ignore-must-revalidate broken
972 - Bug 4190: assertion 'hash_remove_link' from Auth::User::cacheCleanup
973 - Bug 3920: Splay::remove() reference counting inconsistent
974 - Bug 3069: CONNECT method bytes sent logging
975 - Bug 2741 partial: libsecurity API for GnuTLS support
976 - Bug 1961 partial: redesign of URL handling
977 - Fix crash when parsing invalid squid.conf
978 - Fix eCAP: Return 'unknown body size' for bodies with unknown body sizes
979 - Remove unused OS detection: Sun, SysV, Ultrix, BSDi
980 - Remove cache_peer_domain directive
981 - RFC 6176 compliance: Remove SSLv2 support
982 - HTTP/1.1: Remove refresh_pattern ignore-auth and ignore-must-revalidate
983 - Remove GCC 2.x and 3.x detection and support
984 - C++11 compiler support is now mandatory
985 - Enable flexible transport protocol
986 - Enable long (--foo) command line parameters on squid binary
987 - Add per-rule refresh_pattern matching statistics
988 - Replace sslversion=N with tls-min-version=1.N
989 - Replace sslproxy_* directives with tls_outgoing_options
990 - Replace GNU atomics and related hacks with C++11 std::atomic
991 - Replace external_acl_type format %macros with logformat codes
1243ec71
AJ		 992 - Support Secure ICAP services
993 - Support rotate=N option on access_log
994 - Support bypass for non-HTTP intercepted traffic (on_unsupported_protocol)
995 - Support lifetime timeout for persistent connections (pconn_lifetime)
996 - Support timeout for URL-rewrite helper lookups (url_rewrite_timeout)
997 - Support logging fast things (nanosecond log resolution)
998 - Support ICAP/eCAP adaptation for 100-continue responses
999 - Support configurable helper queue size, with consistent defaults
1000 and better overflow handling.
1001 - Support named service PID file by default (pid_filename)
1002 - url_lfs_rewrite: Add URL-rewriter based on local file existence
1003 - negotiate_kerberos_auth: output group= kv-pair
1004 - helper-mux: add man(8) page
1005 - purge: convert README to man(1) page
1006 - basic_msnt_multi_domain_auth: Superceeded by basic_smb_lm_auth
1007 - basic_sspi_auth: fix MinGW compile errors
1008 - negotiate_sspi_auth: fix various build errors
1009 - Crypto-NG: libnettle Base64 algorithm support
1010 - Parser-NG: HTTP Parser structural redesign
1011 - libltdl: copyright updated to LGPL version 2.1
1012 - ... and several performance optimizations
1013 - ... and many documentation changes
1014 - ... and much code cleanup and polishing
1015
1c8fc2a2
AJ		 1016Changes to squid-3.5.28 (15 Jul 2018):
1017
1018 - SQUID-2018:1: crash processing SSL-Bumped traffic containing ESI
1019 - SQUID-2018:2: crash handling responses to internally generated requests
1020 - SQUID-2018:3 / CVE-2018-1172: crash in ESI Response processing
1021 - Bug 4861: HTTPMSGLOCK missing pointer safety
1022 - Bug 4829: IPC shared memory leaks when disker queue overflows
1023 - Bug 4767: SMP breaks IPv6 SNMP and cache manager queries
1024 - Bug 2821: Ignore Content-Range in non-206 responses
1025 - HTCP: Ignore HTCP packets with invalid URI
1026 - SSL-Bump: fix authentication with schemes other than Basic
1027 - TPROXY: Fix clientside_mark and client port logging
1028 - Fix "Cannot assign requested address" for to-origin TPROXY FTP data
1029 - Fix --with-netfilter-conntrack error message
1030 - Validate mime icon URL before allocating store entries
1031 - ... and many documentation changes
1032
b1268cb4 1033Changes to squid-3.5.27 (20 Aug 2017):
1034
1035 - Regression Bug #4112: ssl_engine does not accept cryptodev
1036 - Bug 4687: Wrong names of components in man page, section SEE ALSO
1037 - Bug 4671: various GCC 7 compile errors
1038 - Bug 4464: Reduce "!Comm::MonitorsRead(serverConnection->fd)" assertions
1039 - Bug 2833: Collapse internal revalidation requests (SMP-unaware caches)
1040 - Bug 2833: Do not respond with HTTP/304 to unconditional requests
1041 - Fix message packing error handling in mgr and snmp SMP Forwarders
1042 - Fix mgr query handoff from the original recipient to Coordinator.
1043 - ... and some documentation updates
1044
ef396425
AJ		 1045Changes to squid-3.5.26 (01 Jun 2017):
1046
1047 - Bug 4711: SubjectAlternativeNames is missing in some generated certificates
1048 - Bug 4695: squidpurge: GCC 7 build errors
1049 - Bug 4682: ignoring http_access deny when client-first bumping mode is used
1050 - Bug 4682: Fix ssl_bump "bump" action documentation
1051 - Bug 4653: %st lies about tunneled traffic volumes
1052 - Bug 4589: ssl_crtd: returning zero on failure
1053 - Bug 3772: message from FTP server gets mangled
1054 - Bug 3102: FTP directory listing drops fist character of file names
1055 - Add OpenSSL library details to -v output
b1268cb4 1056 - ... and some documentation updates
ef396425 1057
7b84ebcc
AJ		 1058Changes to squid-3.5.25 (02 Apr 2017):
1059
1060 - Bug 4688: various typo error(s) in man page(s)
1061 - Bug 4508: Host forgery stalls intercepted being-spliced connections
1062 - Native FTP relay: NAT and TPROXY interception fixes
1063 - Fix missing CRLF on FTP timeout ABORT commands
1064 - TLS: Bump client on errors encountered before ssl_bump evaluation
1065 - ext_kerberos_ldap_group_acl: fix unused value warnings
1066 - Fix crash when configuring with invalid delay_parameters restore value.
1067 - Check that -k argument is provided before trying to use it.
1068 - ... and some build fixes
1069
6c12d87e
AJ		 1070Changes to squid-3.5.24 (28 Jan 2017):
1071
1072 - Regression Bug 3940: Make 'cache deny' do what is documented
1073 - TLS: Fix SSLv2 records bumping despite a matching step2 peek rule
1074 - TLS: Mitigate DoS attacks that use client-initiated SSL/TLS renegotiation
1075 - Fix "Source and destination overlap in memcpy" Valgrind errors
1076 - Reduce crashes due to unexpected ClientHttpRequest termination
1077 - Update External ACL helpers error handling and caching
1078 - Detect HTTP header ACL issues
1079 - ... and some documentation fixes
1080
a2eb97b4 1081Changes to squid-3.5.23 (16 Dec 2016):
6f4a12cf
AJ		 1082
1083 - Bug 4627: fix generate-host-certificates and dynamic_cert_mem_cache_size docs
1084 - Bug 4620: NetBSD build error with --enable-ipf-transparent
1085 - Bug 4567: Strange IPv6 shown in access.log
1086 - Bug 4406: SIGSEV in TunnelStateData::handleConnectResponse() during reconfigure and restart
1087 - Bug 4174 partial: fix Write.cc:41 "!ccb->active()" assertion.
1088 - Bug 4169: HIT marked as MISS when If-None-Match does not match
1089 - Bug 4007: Hang on DNS query with dead-end CNAME
1090 - Bug 4004 partial: Fix segfault via Ftp::Client::readControlReply
1091 - Bug 3940 partial: hostHeaderVerify failures MISS when they should be HIT
1092 - Bug 3533: Cache still valid after HTTP/1.1 303 See Other
1093 - Bug 3379: Combination of If-Match and a Cache Hit result in TCP Connection Failure
1094 - Bug 3290: authenticate_ttl not working for digest authentication
1095 - Bug 2258: bypassing cache but not destroying cache entry
1096 - HTTP/1.1: make Vary:* objects cacheable
1097 - HTTP/1.1: Add registered codes entry for new 103 (Early Hints) status code
1098 - Support IPv6 NAT with PF for NetBSD and FreeBSD
1099 - TLS: Make key= before cert= an error instead of quietly hiding the issue
1100 - ... and some debug updates
1101 - ... and some build fixes
1102 - ... and several documentation updates
1103
d710ff25
AJ		 1104Changes to squid-3.5.22 (09 Oct 2016):
1105
1106 - Bug 4594: build failure with clang 3.9
1107 - Bug 4471: revalidation does not work when expired cached object lacks Last-Modified
1108 - Bug 4302 pt2: IPv6 support for IPFilter v5 transparent interception
1109 - Bug 4228: ./configure bug/typo in r14394
1110 - Bug 3819: "fd >= 0" assertion in file_write() during reconfiguration
1111 - Bug 2833: Collapse internal revalidation requests (SMP-unaware caches)
1112 - Fix logged request size (%http::>st) and other size-related %codes
1113 - Fix some memory leaks from putenv()
1114 - Fix memory leaks from url_rewrite_extras and store_id_extras on reconfigure/shutdown
1115 - Fix segfault crash when debugging section 4 at level 9
1116 - HTTP: MUST ignore a [revalidation] response with an older Date header
1117
f6791433
AJ		 1118Changes to squid-3.5.21 (08 Sep 2016):
1119
1120 - Bug 4563: duplicate code in httpMakeVaryMark
1121 - Bug 4542: authentication credentials IP TTL updated incorrectly
1122 - Bug 4534: assertion failure in xcalloc when using many cache_dir
1123 - Bug 4428: mal-formed Cache-Control:stale-if-error header
1124 - Bug 3025: Proxy-Authenticate problem using ICAP server
1125 - Fix segfault via Ftp::Client::readControlReply()
1126 - Fix SSL-Bump failure results in SEGFAULT
1127 - HTTP/1.1: MUST always revalidate Cache-Control:no-cache responses
1128 - HTTP/1.1: do not allow Proxy-Connection to override Connection header
1129 - SSL: CN wildcard must only match a single domain component [fragment]
1130
267a742e
AJ		 1131Changes to squid-3.5.20 (01 Jul 2016):
1132
1133 - Bug 4523: smblib compile fails on NetBSD
1134 - Bug 4485: off-by-one out-of-bounds Parser::Tokenizer::int64() read errors
1135 - Bug 3579: assertion failed 'MemPools[type]' from dst_as ACL
1136 - Fix icons loading speed
1137 - Fix OpenSSL detection on FreeBSD
1138 - Fix assertion failed: Write.cc:38: 'fd_table[conn->fd].flags.open'
1139 - Fix SEGFAULT parsing malformed adaptation service configuration
1140 - Fix ConnStateData::In::maybeMakeSpaceAvailable() logic
1141 - Do not override user defined -std option
1142 - Do not allow low-level debugging to hide important/critical messages
1143 - Do not make bogus recvmsg(2) calls when closing UDS sockets
1144 - Support unified EUI format code in external_acl_type
1145
1146Changes to squid-3.5.19 (09 May 2016):
1147
1148 - Regression Bug 4515: interception proxy hangs
1149
25e7b074
AJ		 1150Changes to squid-3.5.18 (06 May 2016):
1151
1152 - Bug 4510: stale comment about 32KB limit on shared memory cache entries
1153 - Bug 4509: EUI compile error on NetBSD
1154 - Bug 4501: HTTP/1.1: normalize Host header
1155 - Bug 4498: URL-unescape the login-info after extraction from URI
1156 - Bug 4455: SegFault from ESIInclude::Start
1157 - Prevent Squid forcing -b 2048 into the arguments for sslcrtd_program
1158 - Fix TLS/SSL server handshake alert handling
1159
2dae5986
AJ		 1160Changes to squid-3.5.17 (20 Apr 2016):
1161
1162 - Regression Bug 4480: logformat [.width_max]
1163 - Regression Bug 4481: varyEvaluateMatch: Oops. Not a Vary match on second attempt
1164 - Bug 4495: Unknown SSL option SSL_OP_NO_TICKET
1165 - Bug 4493: theObject->sharedMemorySize() == theSegment.size() exception
1166 - Bug 4483: ./configure garbles -Og option in CFLAGS
1167 - Bug 4482: Solaris GCC 5.2 warning in src/ip/Intercept.cc
1168 - Bug 4468: NotNode (!acl) naming: Terminate the name before strncat(name).
1169 - Bug 4465: Header forgery detection leads to crash
1170 - Bug 2460 partial: workaround deferred reads on shutdown and restart
1171 - cachemgr.cgi: use dynamic MemBuf for internal content generation
1172 - ESI: Fix several element construction issues
1173 - TLS: Fix Handshake Error: ccs received early
1174 - TLS: Add chained and signing cert to peek-then-bumped connections
1175 - Fix some startup/shutdown crashes
1176
b1e01a62
AJ		 1177Changes to squid-3.5.16 (02 Apr 2016):
1178
1179 - Bug 4476: Removed duplicated #include lines
1180 - Bug 4452: squid -z segfaults with ufs
1181 - Bug 4447:FwdState.cc:447 "serverConnection() == conn" assertion
1182 - Bug 4423: adding stdio: prefix to cache_log directive produces FATAL error
1183 - Bug 4409: compile error when two Heimdal libraries are installed
1184 - Bug 2831: Cache-control: max-age not sent on TCP_IMS_HIT/304
1185 - pinger: Fix buffer overflow in Icmp6::Recv
1186 - pinger: Fix select(2) to actually use max_fd
1187 - pinger: drop capabilities on Linux
1188 - Fix memory leak of HttpRequest objects
1189 - Fix memory leak when the cache of sslcrtvalidator_program is disabled via ttl=0
1190 - Fix assertion failed: Write.cc:41: "!ccb->active()"
1191 - Fix crash on shutdown while cleaning up idle ICAP connections
1192 - RFC 7725: Add registry entry for 451 status text
1193 - ... and some build issues
1194
81bf66f8
AJ		 1195Changes to squid-3.5.15 (23 Feb 2016):
1196
1197 - Bug 3870: assertion failed: String.cc: 'len_ + len <65536' in ESI::CustomParser
1198 - Fix multiple assertion on String overflows
1199 - Fix unit test errors on MacOS
1200 - Better handling of huge response headers. Fewer incorrect "Bug #3279" messages.
1201 - Log noise reduction for eCAP
1202
4e071e97
AJ		 1203Changes to squid-3.5.14 (16 Feb 2016):
1204
1205 - Bug 4437: Fix Segfault on Certain SSL Handshake Errors
1206 - Bug 4431: C code is not compiled with CFLAGS
1207 - Bug 4418: FlexibleArray compile error with GCC 6
1208 - Bug 4378: assertion failed: DestinationIp.cc:60:
1209 'checklist->conn() && checklist->conn()->clientConnection != NULL'
1210 - Fix invalid FTP connection handling on blocked content
1211 - Fix handling of shared memory left over by Squid crashes or bugs
1212 - Fix mgr:config report 'qos_flows mark' output
1213 - Fix compile error in CPU affinity
404063c5 1214 - Fix %un logging external ACL username
4e071e97 1215 - Avoid more certificate validation memory leaks
404063c5 1216 - ... and some documentation updates
4e071e97 1217
0461fde7
AJ		 1218Changes to squid-3.5.13 (06 Jan 2016):
1219
1220 - Bug 4397: DragonFly BSD, POSIX shared memory is implemented as filepath
1221 - Bug 4387: Kerberos build errors on Solaris
1222 - TLS: Support Ephemeral Elliptic Curve Diffie-Hellman (EECDH) key exchange
1223 - TLS: Complete certificate chains using external intermediate certificates
1224 - Avoid memory leaks when an X.509 certificate validator is used with SslBump
1225 - Fix connection retry and fallback after failed server TLS connections
1226 - Fix GnuTLS detection via pkg-config
1227 - Fix startup crash with a misconfigured (too-small) shared memory cache
1228 - ... and some documentation updates
1229
bf7891f2
AJ		 1230Changes to squid-3.5.12 (28 Nov 2015):
1231
1232 - Bug 4374: refresh_pattern config parser (%)
1233 - Bug 4373: assertion 'calloutContext->redirect_state == REDIRECT_NONE'
1234 - Bug 4228: links with krb5 libs despite --without options
1235 - Fix SSL_get_certificate() problem detection
1236 - Fix TLS handshake problem during Renegotiation
1237 - Fix cache_peer forceddomain= in CONNECT
1238 - Fix status code-based HTTP reason phrase for eCAP-generated messages
1239 - Fix build errors in cpuafinity.cc
1240 - ... and several documentation updates
1241
0b475d3f
AJ		 1242Changes to squid-3.5.11 (01 Nov 2015):
1243
1244 - Bug 3574: crashes on reconfigure and startup
1245 - Bug 4347: compile errors with LibreSSL 2.3
1246 - Bug 4281: copy-paste typos in src/tools.cc
1247 - Bug 4279: No response from proxy for FTP-download of non-existing file
1248 - Bug 4188: Bumping intercepted SSL connections does not work on Solaris
1249 - Fix incorrect authentication headers on cache digest requests
1250 - Fix connection stats, including %<lp, missing for persistent connections
1251 - Fix invalid memory access issues in SBuf
1252 - Avoid errors when parsing manager ACL in old squid.conf
1253
574e0f53
AJ		 1254Changes to squid-3.5.10 (01 Oct 2015):
1255
1256 - Regression Fix cache_peer login=PASS(THRU) after CVE-2015-5400
1257 - Regression Bug 4326: base64 binary encoder rejects data beginning with nil byte
1258 - Bug 4323: Netfilter broken cross-includes with Linux 4.2
1259 - Bug 4328: %un format code does not work for external ACLs in credentials-fetching rules
1260 - Bug 4208: more than one port in wccp2_service_info line causes error
1243ec71 1261 - Bug 4303: PeerConnector.cc:743 "!callback" assertion.
574e0f53
AJ		 1262 - Bug 4330: Do not use SSL_METHOD::put_cipher_by_char to determine size of SSL hello ciphers
1263 - Relicense ntlm_fake_auth.pl to GPLv2+
1264 - Relicense smb_lm auth helper to GPLv2+
1265 - Relicense SSPI helper to GPLv2+
1266 - ... and several minor performance optimizations
1267
3de58ac0
AJ		 1268Changes to squid-3.5.9 (17 Sep 2015):
1269
1270 - Regression Bug 3618: ntlm_smb_lm_auth rejects correct passwords
1271 - Bug 4309: incorrect extensions detection in SSL Hello messages
1272 - Bug 4309: crash during Skype login
1273 - Bug 4284: missing sanity checks for malloc
1274 - Regression Fix: CONNECT request debugging 11,2 traces
1275 - Regression Fix: Quieten UFS cache maintenance skipped warnings
1276 - TLS: Support SNI on generated CONNECT after peek
1277 - ... and some documentation updates
1278
4fff8fc1
AJ		 1279Changes to squid-3.5.8 (02 Sep 2015):
1280
1281 - Regression Bug 4306: build portability fix in Kerberos helpers
1282 - Bug 4302: IPFilter v5 transparent interception
1283 - Bug 4301: compile errors with IPFilter interception
1284 - Bug 4285 partial: %us is not supported in access.log
1285 - Bug 4278: Docs: typo in the refresh_pattern freshness algorithm
1286 - Bug 4242: compile errors with eCAP using clang-3.6
1287 - Bug 3696: crash when client delay pools are activated
1288 - Bug 3553: cache_swap_high ignored and maxCapacity used instead
1289 - Regression Fix: FtpServer.cc:1024: "reply != NULL" assertion
1290 - Fix ignore of impossible SSL bumping actions, as intended and documented
1291 - Fix memory leak in Surrogate-Capability header detection
1292 - Fix truncated body length when RESPMOD service aborts
1293 - Reject non-chunked HTTP messages with conflicting Content-Length values
1294 - Support splice for SSLv3 and TLSv1 sessions that start with an SSLv2 Hello
1295 - ... and several portability and compile fixes
1296 - ... and several documentation updates
1297
4df5649e
AJ		 1298Changes to squid-3.5.7 (01 Aug 2015):
1299
c52a4693 1300 - Bug 4293: wrong SNI sent to server after URL-rewrite
4df5649e
AJ		 1301 - Bug 4251: incorrect instance name for memory segments in /dev/shm
1302 - Bug 4227: invalid key in AuthUserHashPointer causing assertation failure
1303 - Bug 3345: support %un (any available user name) format code for external ACLs.
ab5bc97e 1304 - basic_smb_auth: Fix several old issues identified by Debian users
4df5649e
AJ		 1305 - Support ssl-bump splicing to origin cache_peer
1306 - Fix SSL errors relayed using invalid certificates
1307 - Fix crash in TcpAccepter with profiler enabled
1308 - Fix some cases of ssl_crtd SSL certificate DB corruption
1309 - Fix performance regression in SBuf::chop operations
1310 - Improve handling of client connections on shutdown
1311 - Handle exceptions during squid.conf parse
1312 - Make pod2man an optional dependency
1313 - ... and polishing for several cache.log notification messages
1314 - ... and all fixes from squid 3.4.14
1315
ab248038
AJ		 1316Changes to squid-3.5.6 (03 Jul 2015):
1317
1318 - Bug 4274: ssl_crtd.8 not being installed
1319 - Bug 4193: memory leak on FTP listings
1320 - Bug 4183: segfault when freeing https_port clientca on reconfigure or exit
1321 - Bug 3875: bad mimeLoadIconFile error handling
1322 - Bug 3483: assertion failed store.cc:1866: 'isEmpty()'
1323 - Bug 3329: pinned server connection is not closed properly
1324 - TLS: Disable client-initiated renegotiation
1325 - ext_edirectory_userip_acl: fix uninitialized variable
1326 - Support custom OIDs in *_cert ACLs
1327 - Fix CONNECT failover to IPv4 after trying broken IPv6 servers
1328 - Use relative-URL in errorpage.css for SN.png
1329 - Do not blindly forward cache peer CONNECT responses
1330 - Fix assertion String.cc:221: "str"
1331 - Fix assertion comm.cc:759: "Comm::IsConnOpen(conn)" in ConnStateData::getSslContextDone
1332 - Translations: add Spanish US dialect alias
1333
c75a7d0a
AJ		 1334Changes to squid-3.5.5 (28 May 2015):
1335
1336 - Regression Bug 4132: short_icon_urls with global_internal_static on
1337 - Bug 4238: assertion Read.cc:205: "params.data == data"
1338 - Bug 4236: SSL negotiation error of 'success'
1339 - Bug 3930: assertion 'connIsUsable(http->getConn())'
1340 - Fix assertion MemBuf.cc:380: "new_cap > (size_t) capacity" in SSL I/O buffer
1341 - Fix assertion errorpage.cc:600: "entry->isEmpty()"
1342 - Fix comm_connect_addr on failures returns Comm:OK
1343 - Fix missing external ACL helper notes
1344 - Fix "Not enough space to hold server hello message" error message
1345 - Fix segmentation fault inside Adaptation::Icap::Xaction::swanSong
1346 - Prevent unused ssl_crtd helpers being run
1347 - ... and some code cleanup and portability updates
1348 - ... and several documentation updates
1349
88e192b1
AJ		 1350Changes to squid-3.5.4 (01 May 2015):
1351
1352 - Bug 4234: comm_connect_addr uses errno incorrectly
1353 - Bug 4231: fd_open() not correctly handling UDS socket descriptions
1354 - Bug 4226: digest_edirectory_auth: found but cannot be built
1355 - Bug 4198: assertion failed: client_side.h:364: "sslServerBump == srvBump"
1356 - Bug 3775: Disable HTTP/1.1 pipeline feature for pinned connections
1357 - Fix require-proxy-header preventing HTTPS proxying and ssl-bump
1358 - Fix Negotiate/Kerberos authentication request size exceeds output buffer size
1359 - Fix SQUID_X509_V_ERR_DOMAIN_MISMATCH errors while accessing sites with valid certificates
1360 - Add server_name ACL matching server name(s) obtained from various sources
1361 - Add Kerberos support for MAC OS X 10.x
1362 - Support for resuming TLS sessions
1363 - ... and some portability and compile fixes
1364 - ... and several documentation updates
1365 - ... and all fixes from squid 3.4.13
1366
548362ff
AJ		 1367Changes to squid-3.5.3 (28 Mar 2015):
1368
1369 - Regression Bug 4213: negotiate_kerberos_auth: freeing non-dynamic memory
1370 - Regression Bug 4206: Incorrect connection close on expect:100-continue
1371 - Bug 4204: ./configure does not abort when required helpers cannot be built
1372 - Bug 3805: support shared memory on MacOS X in Mem::IPC::Segment
1373 - Bug 2907: high CPU usage on CONNECT when using delay pools
1374 - basic_getpwnam_auth: fail authentication on crypt() failures
1375 - basic_nis_auth: fail authentication on crypt() failures
1376 - ext_kerberos_ldap_group_acl: Heimdal support improvements
1377 - ext_wbinfo_group_acl: Perl 5.20 support
1378 - ... and several compile issues
1379
4d3be924
AJ		 1380Changes to squid-3.5.2 (18 Feb 2015):
1381
1382 - Regression Bug 4176: Digest auth too many helper lookups
1383 - Regression Bug 4180: not-fully-initialized data member in ACLUserData
1384 - Bug 4172: Solaris broken krb5-config
1385 - Bug 4073: Cygwin compile errors
1386 - Bug 3919: remove several never-true / never-false comparisons
1387 - HTTPS: Add missing root CAs when validating chains that passed internal checks
1388 - Fix some cbdataFree related memory leaks
1389 - Quieten CBDATA 'leak' messages
1390 - Set SNI information in transparent bumping mode
1391 - negotiate_kerberos_auth: fix krb5.conf backward compatibility
1392 - Fix memory leaks in cachemgr.cgi URL parser
1393 - Fix sslproxy_options in peek-and-splice mode
1394 - ... and fix several portability and build issues
1395 - ... and some documentation updates
1396 - ... and all fixes from squid 3.4.11
1397
aac5b91d
AJ		 1398Changes to squid-3.5.1 (13 Jan 2015):
1399
1400 - Fix handling of invalid SSL server certificates when splicing connections
1401 - basic_smb_lm_auth: Simplified MSNT basic auth helper
1402 - squidclient: Fix -A and -P options
1403 - ... and several portability fixes
1404 - ... and all fixes from squid 3.4.11
1405 - ... and a lot of documentation updates
1406
cf62b886
AJ		 1407Changes to squid-3.5.0.4 (21 Dec 2014):
1408
1409 - Bug 3826: pt 2: Provide a systemd .service file for Squid
1410 - Support http_access denials of SslBump "peeked" connections.
1411 - Fix DONT_VERIFY_DOMAIN ssl flag
1412 - Fix peek-and-splice mode: certificate validation for domain mismatched errors
1413 - negotiate_kerberos_auth: MEMORY keytab and replay cache support
1414 - ... and some documentation updates
1415 - ... and a large amount of code polishing (non-logic changes)
1416
4666bb8d
AJ		 1417Changes to squid-3.5.0.3 (09 Dec 2014):
1418
1419 - Bug 4146: workaround SSL Bump crash on Linux
1420 - Bug 4135: Support \-escaped characters in regex patterns
1421 - Bug 4131: SIGSEGV at store.cc:962 content_length > store_maxobjsize
1422 - Fix delay_parameters parsing
1423 - HTTP/2: handle 'PRI' method found in HTTP/1.x traffic
1424 - ... and all changes from squid 3.4.10
1425 - ... and a lot of documentation updates
1426
bf611e3a
AJ		 1427Changes to squid-3.5.0.2 (31 Oct 2014):
1428
1429 - Fix FTP socket opening during reconfigure
1430 - ... and all changes from 3.4.9
1431 - ... and some build errors in rarely used code
1432 - ... and several documentation updates
1433
e0dbeeb6
AJ		 1434Changes to squid-3.5.0.1 (17 Oct 2014):
1435
1436 - Port from 2.7: redirector and logging urlgroup feature
1437 - Bug 4093: source-maintenance.sh bad perl -i option
1438 - Bug 3608: per-service name for workers UDS sockets
1439 - Bug 2554: 32-bit wrap in AUFS counters
1440 - Bug 1961 pt1: URL handling redesign
1441 - Bug 1202 pt1: documentation for refresh_pattern algorithms
1442 - Update Squid boilerplate copyright/license
1443 - Update the http(s)_port directives protocol= parameter
1444 - Update forward_max_tries to permit 25 server paths
1445 - Update Kerberos library detection and build options
1446 - Support ACLs on ftp_epsv directive
1447 - Support >32KB objects in cache_dir rock storage
1448 - Support client connection annotation by helpers via clt_conn_tag=TAG
1449 - Support native FTP Relay
1450 - Support libgnugss Kerberos library
1451 - Support libecap v1.0
1452 - Support SSL Peek and Splice feature
1453 - Support receiving PROXY protocol version 1 and 2
1454 - Replace --enable-ssl build option with --with-openssl
1455 - Enable -n service name command line option for all Squid builds
1456 - Enable ICAP client by default
1457 - Fix configuration file parsing bugs, related to quoted strings
1458 - Fix Windows MinGW build errors
1459 - Fix multiple TCP outgoing TOS/DiffServ bugs
1460 - Fix Cygwin /etc/resolv.conf parsing
1461 - Fix crash when sending %ssl::cert_subject to external ACL w/o certificate
1462 - Fix crash reading malformed config files
1463 - Send selected SSL version and cipher to the certificate validation helper
1464 - Validate server certificates without bumping
1465 - Add zero-copy string buffer support
1466 - Add automated squid.conf parser testing with squid -k parse
1467 - Add adaptation_service ACL
1468 - Add logformat code %tS to log transaction start time
1469 - Add logformat code %>rd to log client URL domain name
1470 - Add key_extras to proxy authentication
1471 - Add url_rewrite_extras and store_id_extras directives
1472 - Add send_hit and store_miss directives
1473 - Add collapsed_forwarding directive
1474 - Add sslproxy_cert_sign_hash directive
1475 - Add SMP SSL session cache
1476 - Add cache_peer standby connections
1477 - Add helper ext_delayer_acl
1478 - Add TCP_TUNNEL log code for CONNECT tunnels which are not SSL-bumped
1479 - Add BUILDCXX and BUILDCXXFLAGS configure options for cross-compile
1480 - Remove COSS storage in favour of Rock storage
1481 - Remove dnsserver and external DNS helper API in favour of mDNS
1482 - Remove broken mallinfo() accounting and memory tracing
1483 - Remove hierarchy_stoplist in favour of always_direct
1484 - Deprecate tag ACL type in favour of note ACL type
1485 - Deprecate urlgroup feature in favour of note ACL type
1486 - HTTP/1.1: method names are case-sensitive
1487 - HTTP/1.1: register new headers from RFC 723x
1488 - squidclient: polish and update help display
1489 - squidclient: support TLS with GnuTLS 3.1.5+
1490 - squidclient: support verbosity levels
1491 - squidclient: --ping mode module support
1492 - url_fake_rewrite: support concurrency
1493 - storeid_file_rewrite: support concurrency
1494 - digest_file_auth: support concurrency
1495 - digest_edirectory_auth: support concurrency
1496 - digest_ldap_auth: support concurrency
1497 - ... and many error page translation updates
1498 - ... and much code cleanup and polishing
1499
4df5649e
AJ		 1500Changes to squid-3.4.14 (01 Aug 2015):
1501
1502 - Do not blindly forward cache peer CONNECT responses (CVE-2015-5400)
1503
88e192b1
AJ		 1504Changes to squid-3.4.13 (01 May 2015):
1505
1506 - Bug 4212: ssl_crtd crashes with corrupt database
1507 - ... and some documentation updates
1508 - ... and all fixes from squid 3.3.14
1509
4d3be924
AJ		 1510Changes to squid-3.4.12 (18 Feb 2015):
1511
1512 - Bug 4066: Digest auth nonce indefinite rollover
1513 - Bug 3997: Excessive NTLM or Negotiate auth helper annotations
1514 - Fix several crashes when debugging enabled
1515 - Fix silent SSL/TLS failure on split-stack operating systems
1516 - HTTP/1.1: Stop emitting (Proxy-)Authentication-Info for Negotiate
1517 - HTTPS: Add TLS/SSL option NO_TICKET to http[s]_port
1518 - Remove dst ACL dependency on HTTP request message existence
1519 - Set cap_net_admin when Squid sets TOS/Diffserv packet values
1520 - ... and some documentation updates
1521
aac5b91d
AJ		 1522Changes to squid-3.4.11 (13 Jan 2015):
1523
1524 - Bug 4164: SEGFAULT when %W formating code used in errorpages
1525 - Bug 4057: Avoid on-exit crashes when adaptation is enabled.
1526 - Bug 3760: squidclient ignores --disable-ipv6
1527 - Bug 3754: configure doesnt detect IPFilter 5.1.2 system headers
1528 - Bug 3664: ssl_crtd fails to build on OpenSolaris/OpenIndiana/Solaris 11
1529 - cachemgr.cgi: memory leak in request parser
1530 - Deleting first fs left psstate->servers pointing to uninitialized memory
1531 - ... and some build issues
1532
4666bb8d
AJ		 1533Changes to squid-3.4.10 (09 Dec 2014):
1534
1535 - Bug 4148: external_acl_type header format does not accept the new libformat syntax
1536 - Bug 4145: squid_endian.h compile errors with OpenBSD 5.6
1537 - Bug 4033: Rebuild corrupted ssl_db/size file
1538 - Bug 3902: Docs: external_acl_type cache hash key
1539 - Fix segmentation fault in ACL urlpath_regex
1540 - Fix bootstrap.sh dependency on SPONSORS.list
1541 - Alternate-Protocol is a hop-by-hop header
1542 - HTTP/2: Support 421 (Misdirected Request) status code
1543
bf611e3a
AJ		 1544Changes to squid-3.4.9 (31 Oct 2014):
1545
1546 - Regression fix: ext_kerberos_ldap_group_acl typo in 3.4.7 update
1547 - Bug 4102: sslbump cert contains only a dot character in key usage extension
1548 - Bug 4093: source-maintenance.sh errors and warnings due to wrong tools/options
1549 - Bug 4088: memory leak in external_acl_type helper with cache=0 or ttl=0
1550 - Bug 4024: Bad host/IP ::1 when using IPv4-only environment
1551 - Bug 3803: ident leaks memory on failure
1552 - kerberos_ldap_group/cert_tool: Remove ksh dependency
1553 - ... and some automated code style updates
1554 - ... and some documentation updates
1555
bd6c316a
AJ		 1556Changes to squid-3.4.8 (15 Sep 2014):
1557
1558 - Fix off by one in SNMP subsystem
1559 - pinger: Fix various ICMP handling issues
1560
abc809ce
AJ		 1561Changes to squid-3.4.7 (28 Aug 2014):
1562
1563 - Regression Fix: Kerberos LDAP authorizing groups with principle subdomain
1564 - Bug 4080: worker hangs when client identd is not responding
1565 - Bug 3966: Add KeyEncipherment when ssl-bump substitues RSA for EC
1566 - HTTP/1.1: Ignore Range headers with unidentifiable byte-range values
1567 - SSL-bump: Use v3 for fake certificate if we add _any_ certificate extension
1568 - Enable compile-time override for MAXTCPLISTENPORTS
1569 - ntlm_sspi_auth: Fix various build errors
1570 - negotiate_wrapper: Fix build issues with non-portable vfork()
1571 - negotiate_sspi_auth: Portability fixes for MinGW
1572 - ext_lm_group_acl: Portability fixes for MinGW
1573 - ... and several minor memory leaks
1574
7f089ae4
AJ		 1575Changes to squid-3.4.6 (25 Jun 2014):
1576
1577 - Regression: segmentation fault logging with %tg format specifier
1578 - Bug 4065: round-robin neighbor selection with unequal weights
1579 - Bug 4056: assertion MemPools[type] from netdbExchangeStart()
1580 - Bug 4050: segmentation fault in CommSelectEngine::checkEvents on helper response
1581 - Fix segmentation fault setting up server SSL connnection
1582 - Fix hanging Non-HTTPS connections on SSL-bump enabled port
1583 - Fix Cache Manager actions listed more than once
1584 - ... and many minor memory leaks
1585 - ... and several portability build issues
1586 - ... and some documentation updates
1587
51a22544
AJ		 1588Changes to squid-3.4.5 (02 May 2014):
1589
1590 - Regression Bug 4051: inverted test on CONNECT payload existence
1591 - Regression Fix: order dependency between cache_dir and maximum_object_size
1592 - Fix logformat %note display
1593 - Resolve 'dying from an unhandled exception: c'
1594
445d8733
AJ		 1595Changes to squid-3.4.4.2 (23 Apr 2014):
1596
51a22544 1597 - version bump for packaging re-build with altered toolchain
445d8733 1598
e6b41a35
AJ		 1599Changes to squid-3.4.4.1 (23 Apr 2014):
1600
1601 - Regression Bug 4019: Cache digest exchange segmentation fault
1602 - Regression Bug 3982: EUI logging and helpers show blank MAC address
1603 - Bug 4047: Support Android builds
1604 - Bug 4043: Remove XMALLOC_TRACE and references to sbrk(2)
1605 - Bug 4041: Missing files in compat/Makefile.am
1606 - Bug 4014: Build failure with --disable-optimizations --disable-auth
1607 - Bug 3986: (partial) assertion due to incorrect error page buffer size
1608 - Bug 3955: Solaris EUI-48 lookup leaks FDs
1609 - Bug 3371: CONNECT with data sent at once loses data
1610 - C++11: Upgrade auto-detection to use the formal -std=c++11
1611 - Crypto-NG: libnettle MD5 algorithm support
1612 - SSL-Bump: Fix Basic auth caching on bumped connections
1613 - Store-ID: Fix request URI when forwarding requests to peers
1614 - ... and fix several other build errors
1615 - ... and some documentation updates
1616
d3b930ff
AJ		 1617Changes to squid-3.4.4 (09 Mar 2014):
1618
1619 - Bug 4029: intercepted HTTPS requests bypass caching checks
1620 - Bug 4001: remove use of strsep()
1621 - Bug 3186 and 3628: Digest authentication always sending stale=false for nonce
1622 - Fix stalled concurrent rock store reads
1623 - Fix helper ID number assignment
1624 - Fix build failures from CMSG related definitions
1625 - Fix build failures from libcompat unsafe.h protections
1626 - Copyright: Relicense helpers by Treehouse Networks Ltd.
1627 - ... and all bug fixes from 3.3.12
1628
a01166da
AJ		 1629Changes to squid-3.4.3 (02 Feb 2014):
1630
1631 - Bug 4008: HttpHeader warnOnError should be an int not a bool
1632 - Bug 4002: clang 3.4 unable to compile
1633 - Bug 3996: Malformed DNS reply leads to crash
1634 - Bug 3995: compile error on CentOS 5 with GCC 4.1.2
1635 - Bug 3975: atomic detection cross-compilation failure
1636 - Bug 3971: "cannot aggregate mgr:client_list: cmd->profile != NULL" in SMP mode
1637 - Bug 3954: compile failure in CpuAffinity.cc
1638 - Bug 3927: tests/testRock fatal.cc required
1639 - Fix memory leak in peer Cache Digest exchange
1640 - Fix external_acl_type async loop failures
1641 - Fix destination IP address cycling
1642 - ... and a few polishing changes
1643
441842f0
AJ		 1644Changes to squid-3.4.2 (30 Dec 2013):
1645
1646 - Regression Bug 3980: FATAL ERROR due to max_user_ip -s option
1647 - Regression Fix: \-unescaping in quoted strings from helpers
1648 - Regression Fix: URL helper API bypassing on URL containing '=' character
1649 - Bug 3985: 60s limit introduced by balance_on_multiple_ip breaks bad IP recovery
1650 - Bug 3806: Caching responses with Vary header
1651 - Bug 3498: FTP PUT assertion
1652 - WCCPv2: Fix assertion 'Cannot convert non-IPv4 to IPv4' on FreeBSD
1653 - Enable concurrency by default for SSL certificate validator
1654 - ... and fix several build errors
1655
12f64d19
AJ		 1656Changes to squid-3.4.1 (09 Dec 2013):
1657
1658 - Bug 3935: Invalid pointer dereference when peeking at origin server certificate
1659 - Bug 3589: intercepted and ICAP modified request using a cache_peer
1660 - ... and several portability fixes
1661 - ... and some documentation updates
1662
277afc6e
AJ		 1663Changes to squid-3.4.0.3 (01 Dec 2013):
1664
1665 - Bug 3941: Release notes error
1666 - Receive annotations from authentication and external ACL helpers
1667 - basic_nis_auth: Improved portability
1668 - ... and several documentation updates
1669 - ... and all bug fixes from 3.3.9, 3.3.10, 3.3.11
1670
2d011f52 1671Changes to squid-3.4.0.2 (03 Oct 2013):
ae2b6fc9
AJ		 1672
1673 - Regression Bug 3891: squid.conf parser errors in 3.4.0.1
1674 - Regression Fix: re-disable MinGW C++11 support
1675 - Bug 3914: partial: make squidclient tool build cleanly with -Wconversion
1676 - Fix memory leak in refresh_pattern parsing
1677 - negotiate_kerberos_auth: upgrade to present group= keys
1678 - Handle NTLM helper returning OK without user= value
1679 - Add dns_multicast_local to control mDNS operation
1680 - Add --disable-arch-native build option
1681 - Display Build-Info in cache manager info report
1682 - ... and all changes from squid 3.3.9
1683 - ... and some code and debug output polishing
1684
14561e1c 1685Changes to squid-3.4.0.1 (29 Jul 2013):
13db7eef
AJ		 1686
1687 - Port from 2.7: StoreURL (renamed Store-ID) support
1688 - Bug 3795: fix several mistakes in the MIB file
1689 - Bug 3793: configure: improved helper detection
1690 - Bug 3722: Invalid markup in Armenian hy ERR_ONLY_IF_CACHED_MISS
1691 - Bug 3676: Support GCC 4.7 with -Wshadow option
1692 - Bug 3643: NTLM helpers stuck in reserved state by Safari
1693 - Bug 3389: Auto-reconnect for tcp access_log
1694 - Bug 2066: squid does not do chdir() after chroot()
1695 - Fix uninitialized fields in IcapLogEntry
1696 - Fix a number of minor issues detected by Coverity Scan
1697 - Fix some potential memory leaks detected by Coverity Scan
1698 - Fix 64-bit support for Intel compiler suite (ICC) and other similar compilers
1699 - Fix ACL matching algorithm to avoid repeating tests
1700 - basic_pam_auth: Add -r option to strip NTLM/Negotiate domain from username
1701 - squidpurge: fix META TLV parsing issues
1702 - squid.conf: enforce all the directive and option names are lower-case
1703 - Support EUI on HTTPS and FTP data connections
1704 - Support OK/ERR/BH response codes from any helper
1705 - Support No-lookup flag (-n) on DNS ACLs
1706 - Support -march=native compiler optimization by default
1707 - Support forwarding intercepted but not bumped connections to cache_peers
0bbaae54 1708 - Support IPv6 NAT interception on Linux and some BSD
13db7eef
AJ		 1709 - Deprecate log_icap and log_access configuration directives
1710 - HTTP/1.1: improved method invalidation and cacheability detection
1711 - HTTP/1.1: support length configuration for pipeline_prefetch queue
1712 - Improved TPROXY support for OpenBSD and FreeBSD
0bbaae54 1713 - Add storeid_file_rewrite helper to perform Store-ID rewrites from a rules file
13db7eef
AJ		 1714 - Add all-of and any-of ACL types for grouping sets of ACL tests
1715 - Add note directive for transaction annotations
1716 - Add %note log format for transaction annotation logging
1717 - Add note ACL type for matching annotated transactions with by annotation name or value
1718 - Add kv-pair support to URL-rewrite/redirector interface
1719 - Add SSL server certificate validator interface, helper and result cache
1720 - Add SSL server certificate fingerprint ACL type
1721 - Add spoof_client_ip access control
1722 - Add pt-bz (Belize Portuguese) dialect to translations
1723 - ... and many Windows portability changes (still incomplete)
1724 - ... and many documentation changes
1725 - ... and much code cleanup and polishing
988a7fba 1726
88e192b1
AJ		 1727Changes to squid-3.3.14 (01 May 2015):
1728
1729 - Bug 4093: source-maintenance.sh errors and warnings due to wrong tools/options
1730 - ... and some documentation updates
1731 - ... and all fixes from squid 3.2.14
1732
abc809ce
AJ		 1733Changes to squid-3.3.13 (28 Aug 2014):
1734
1735 - Fix segmentation fault setting up server SSL connnection
1736 - HTTP/1.1: Ignore Range headers with unidentifiable byte-range values
1737
d3b930ff
AJ		 1738Changes to squid-3.3.12 (09 Mar 2014):
1739
1740 - Regression Bug 3769: client_netmask not evaluated since Comm redesign
1741 - Bug 4026: Fix SSL and adaptation_access handling of aborted connections
1742 - Bug 3969: Fix credentials caching for Digest authentication
1743 - Bug 3806: Caching responses with Vary header
1744 - Fix umask default on crash report generated email
1745 - Fix pthread library detection on FreeBSD 10
1746 - Avoid assertions on Range requests that trigger Squid-generated errors.
1747
277afc6e
AJ		 1748Changes to squid-3.3.11 (01 Dec 2013):
1749
1750 - Regression Bug 3936: error-details.txt parse error with OpenSSL since 3.3.9
1751 - Bug 3972: Segfault when getting the deny_info page ID after a reconfigure
1752 - Bug 3970: max_filedescriptors disabled due to missing setrlimit
1753 - Bug 3967: ipc/Kid.cc compilation failure: 'time' was not declared in this scope
1754 - Bug 3960: DEAD cache_peer are not revived
1755 - Bug 3956: xstrndup: tried to dup a NULL pointer
1756 - Bug 3906: Filedescriptor leaks in SNMP
1757 - Bug 3782: Digest authentication not obeying nonce_max_count
1758 - HTTP/1.1: Make header parser obey relaxed_header_parser
1759 - HTTP/1.1: Re-compute Range response content offset after an FTP response was adapted
1760 - SMP: Replace blocking sleep(3) and close UDS socket on failures
1761 - Windows: fix several compile errors
1762
c663cc36
AJ		 1763Changes to squid-3.3.10 (03 Nov 2013):
1764
1765 - Bug 3929: request_header_add not working for tunnel requests
1766 - Bug 3923: cbdata and undefined behavior due to dynamic runtime enumeration
1767 - Bug 3918: Self Test Failures on Mac OS X 10.8
1768 - Bug 3887: tcp_outgoing_tos not working for IPv6
1769 - Bug 3836: Fix issues with automake 1.13+ and make check
1770 - Bug 3480: StoreEntry::kickProducer() segfaults in store_client::copy()
1771 - Fix pinning hierarchy log information
1772 - Fix close idle client connections associated with closed idle pinned connections.
1773 - Fix cbdata 'error: expression result unused' errors
1774 - Avoid "hot idle": A series of rapid select() calls with zero timeout.
1775 - Append Connection:close to OPTIONS requests when icap_persistent_connections is off
1776 - ntlm_fake_auth: pass DOMAIN data to Squid in original case
1777 - kerberos_ldap_group: fix LDAP string duplication
1778 - Use IPv6 localhost nameserver on DNS configuration errors
1779 - Add cache_miss_revalidate
1780 - ... and several portability improvements
1781
db01c30c
AJ		 1782Changes to squid-3.3.9 (11 Sep 2013):
1783
1784 - Regression Bug 3077: off-by-one error in Digest header decoding
1785 - Bug 3895: fix acl_uses_indirect_client and cache_peer_access
1786 - Bug 3879: assertion failed ConnStateData::validatePinnedConnection
1787 - Bug 3863: myportname acl causes segmentation fault
1788 - Bug 3849: Duplicate certificate sent when using https_port
1789 - Bug 2287: Better fix for unsupported HTTP version handling
1790 - Bug 2112: Reload into If-None-Match
1791 - Fix several assert with side effects in ICAP/eCAP response handling
1792 - Fix myportname ACL on ICAP/eCAP transactions
1793 - Fix external ACL user:pass detail logging after adaptation
1794 - Fix SMP mgr:info report 'Largest file desc currently in use'
1795 - Handle infinite certificate validation loops caused by OpenSSL Bug 3090.
1796 - Improved compatibility with gcc 4.8, clang and icc
1797 - Show number of available filedescriptors when reserved FD changes
1798 - Sync with newest OpenSSL error codes
1799 - Register Http2-Settings header
1800 - ... and many Windows portability fixes
1801
8dbafb10
AJ		 1802Changes to squid-3.3.8 (13 Jul 2013):
1803
1804 - Bug 3869: assertion failed: MemBuf.cc:272: size < capacity
1805 - Improved handling of port values in Host: header validation
1806
2fea9d2b
AJ		 1807Changes to squid-3.3.7 (11 Jul 2013):
1808
1809 - Bug 3297: Fix openSSL related build failures
1810 - Fix build on FreeBSD 9.x platform with clang
1811 - Protect against buffer overrun in DNS query generation
1812
1a39473b
AJ		 1813Changes to squid-3.3.6 (01 Jul 2013):
1814
1815 - Bug 3854: pt1: compile errors on AIX
1816 - Bug 3802: Fix wrong check inside Format::Format::assemble
13db7eef 1817 - Bug 3762: remove bogus WARNING in cache.log
1a39473b
AJ		 1818 - Bug 3717: assertion failed with dstdom_regex with IP based URL
1819 - Bug 1991: kqueue causes SSL to hang
1820 - Ask for SSL key password when started with -N but without sslpassword_program
1821 - Make sure %<tt includes all [failed] connection attempts
1822 - Support HTTP reply ACLs in icap_log and log_icap
1823 - Fix incorrect external_acl_type codes
1824 - Fix ICAP logging request headers and segmentation faults
1825 - ... and some documentation polish
1826
9c7aeeb8
AJ		 1827Changes to squid-3.3.5 (20 May 2013):
1828
1829 - Bug 3851: Delay Pool class 5 tag:levels displayed incorrectly in cache manager
1830 - Bug 3845: http_port tcpkeepalive= option fails parsing
1831 - Bug 3840: assertion failed 'sde' in UFS cache loading
1832 - Bug 3836: make check failures with automake-1.13
1833 - Bug 3827: Remove AccessLogEntry::cache.authuser
1834 - Bug 3816 pt2: SSL_get_certificate call inside Ssl::verifySslCertificate crashes
1835 - Bug 3780: cachemgr.cgi: output problem in HTTP Header Statistics
1836 - Bug 3759: OpenSSL compilation error on stock Fedora17, RHEL, CentOS 6 systems
1837 - Bug 3744: squid terminated: FATAL: Bungled (null) line 3: sslproxy_cert_sign signTrusted all
1838 - Port from 2.6: external acl %ACL and %DATA tags
1839 - Update copyright on SN.png
1840 - ... and several minor memory leaks
1841 - ... and some documentation polish
1842
988a7fba
AJ		 1843Changes to squid-3.3.4 (27 Apr 2013):
1844
1845 - Bug 3831: basic_ncsa_auth Blowfish and SHA support
1846 - Bug 3816: SSL_get_certificate call inside Ssl::verifySslCertificate crashes
1847 - Bug 3794: MacOS: workaround compiler errors and case-insensitivity
1848 - Bug 3781: Proxy Authentication not sent to cache_peer
1849 - Bug 3720 pt1: SourceLayout: shuffle fd_table definition into fde.h
1850 - Bug 3720 pt2: Add missing include in /dev/poll I/O module
1851 - Bug 3674: Improve compiler detection, better support warnings-as-errors on clang
1852 - Add support for TPROXY on BSD
1853 - Fix SSL Bump bypass for intercepted traffic
1854 - Fix memory leaks in ConnStateData pinning
1855 - Fix external_acl.cc "inBackground" assertion on queue overloads
1856 - CacheMgr: fix missing column separator in helper stats
1857 - OpenBSD: libpthreads requires OpenBSD 5.2 or later
1858 - ... and lots of documentation updates
1859 - ... and all changes from squid 3.2.10
1860
40c973aa
AJ		 1861Changes to squid-3.3.3 (12 Mar 2013):
1862
1863 - Bug 3720: Add missing include in /dev/poll I/O module (pt2)
1864 - ... and all changes from squid 3.2.9
1865
d4dc9eea
AJ		 1866Changes to squid-3.3.2 (02 Mar 2013):
1867
1868 - Bug 3781: Proxy Authentication not sent to cache_peer
1869 - Bug 3794: MacOS: workaround compiler errors
1870 - Bug 3720: Compile error in Solaris /OpenIndiana
1871 - ... and all changes from squid 3.2.8
1872
21744e8b
AJ		 1873Changes to squid-3.3.1 (09 Feb 2013):
1874
1875 - Bug 3726: build errors with --disable-ssl
1876 - Propigate pinned connection persistency and closures to the client.
1877 - Mimic SSL certificate Key Usage and Basic Constraints
1878 - Fix segmentation fault on missing squid.conf values
1879 - ext_sql_session_acl: Fix hex decoding on UID
1880 - ... and some code polish
1881 - ... and a lot of documentation polish
1882 - ... and all changes from squid 3.2.7
1883
56eea3f2
AJ		 1884Changes to squid-3.3.0.3 (09 Jan 2013):
1885
1886 - Bug 3729: 32-bit overflow in parsing 64-bit configuration values
1887 - Bug 3728: Improve debug for cache_dir
1888 - Additional fixes for CVE-2012-5643 / SQUID:2012-1
1889 - kerberos_ldap_group: support multiple groups in squid.conf ACL definition
1890 - kqueue: update status from experimental to fully available net I/O method
1891 - ... and many memory leaks and potential bugs detected by Coverity Scan
1892
bd4920ca
AJ		 1893Changes to squid-3.3.0.2 (03 Dec 2012):
1894
1895 - Support matching empty header field values using req_header and rep_header
1896 - ... and some minor code polish and input vaidations
1897 - ... and all changes from squid 3.2.4
1898
362d74b6
AJ		 1899Changes to squid-3.3.0.1 (21 Oct 2012):
1900
1901 - Bug 3610: Add peername_regex ACL
1902 - Bug 3239: rename myip/myport as localip/localport
1903 - Bug 3130: helpers are crashing too rapidly
1904 - Add log_db_daemon SQL Database Logging Daemon
1905 - Add ext_time_quota_acl helper managing sessions by bandwidth usage
1906 - Add request_header_add option
1907 - Support C++11 features where possible
1908 - Support bump-ssl-server-first
1909 - Support mimic SSL server certificates
1910 - Remove --enable-ntlm-fail-open
1911 - Fix TLS/SSL Options does not apply to the dynamically generated certificates
1912 - Fix SslBump stuck after error
1913 - Polish: display ACL enumeration text in debugs
1914 - ... and many portability fixes for MacOS X, Windows and others
1915 - ... and many compile error fixes
1916 - ... and a very large amount of code polish for faster compilation
1917
88e192b1
AJ		 1918Changes to squid-3.2.14 (01 May 2015):
1919
1920 - Fix 'access_log none' to prevent following logs being used
1921 - Fix X509 server certificate domain matching
1922 - ... some documentation updates
1923
8dbafb10
AJ		 1924Changes to squid-3.2.13 (13 Jul 2013):
1925
1926 - Bug 3869: assertion failed: MemBuf.cc:272: size < capacity
1927 - Improved handling of port values in Host: header validation
1928
2fea9d2b
AJ		 1929Changes to squid-3.2.12 (11 Jul 2013):
1930
1931 - Protect against buffer overrun in DNS query generation
1932 - Avoid !closing assertions when helpers call comm_read during reconfigure.
1933 - Fix several minor memory leaks during reconfigure
1934 - Remove origin_tries limiter on forwarding and permit large max_forward_tries values
1935
80c1bddb
AJ		 1936Changes to squid-3.2.11 (30 Apr 2013):
1937
1938 - Regression Bug 3839: build error: src/tools.h: No such file or directory
1939 - Update copyright on SN.png
1940
988a7fba
AJ		 1941Changes to squid-3.2.10 (27 Apr 2013):
1942
1943 - Bug 3833: squidclient: Option '-k' is not present in man(1) page
1944 - Bug 3825: basic_ncsa_auth: segfaulting with glibc-2.17
1945 - Bug 3822: Locate LDAP and SASL headers for BSD support
1946 - Bug 3817: Memory leak in SSL cert validate for alt_name peer certs
1947 - Bug 3774: 'squid -k reconfigure' drops rock cache
1948 - Bug 3565: Resuming postponed accept kills Squid
1949 - HTTP/1.1: partial support for no-cache and private controls with parameters
1950 - ssl_crtd: fix helpers dying during startup on ARM
1951 - GNU Hurd: define MAP_NORESERVE as no-op when missing
1952 - BSD: fix enter_suid/leave_suid build errors in ip/Intercept.cc
1953
40c973aa
AJ		 1954Changes to squid-3.2.9 (12 Mar 2013):
1955
1956 - Regression fix: Accept-Language header parse
1957 - Bug 3673: Silence 'Failed to select source' messages
1958 - Fix authentication headers sent on peer digest requests
1959 - Fix build error on Solaris, OpenIndiana, Omnios
1960
d4dc9eea
AJ		 1961Changes to squid-3.2.8 (02 Mar 2013):
1962
1963 - Bug 3767: tcp_outgoing_tos/mark ACLs do not obey acl_uses_indirect_client
1964 - Bug 3763: diskd Error: no filename in shm buffer
1965 - Bug 3752: objects that cannot be cached in memory are not cached on disk
1966 - Bug 3753: Removes the domain from the cache_peer server pconn key
1967 - Bug 3749: IDENT lookup using wrong ports to identify the user
1968 - Bug 3723: tcp_outgoing_tos/mark broken for CONNECT requests
1969 - Bug 3686: cache_dir max-size default fails
1970 - Bug 3515: crash in FtpStateData::ftpTimeout
1971 - Bug 3329: Quieten orphan Comm::Connection messages
1972 - Make squid -z for cache_dir rock preserve the rock DB
1973 - Fixed several server connect problems
02824360
AJ		 1974 - ... and some build issues on Solaris, OpenIndiana, MacOS X
1975 - ... and some documentation and debugs polishing
d4dc9eea 1976
54ccbeea
AJ		 1977Changes to squid-3.2.7 (01 Feb 2013):
1978
1979 - Bug 3736: Floating point exception due to divide by zero
1980 - Bug 3735: raw-IPv6 domain URLs crash if IPv6-disabled
1981 - Bug 3732: Fix ConnOpener IPv6 awareness
1982 - Bug 3729: 32-bit overflow in parsing 64-bit configuration values
1983 - Bug 3728: Improve debug for cache_dir
1984 - Bug 3687: unhandled exception: c when using interception and peers
1985 - Bug 3678: external acl grace period causes acl lookup failures
1986 - Bug 3567: Memory leak handling malformed requests
1987 - Bug 3111: Mid-term fix for the forward.cc "err" assertion
1988 - Support OpenSSL NO_Compression optio
1989 - Fix IPv6 enabled pinger on split-stack or IPv6-disabled systems
1990 - Fix "address.GetPort() != 0" assertion for helpers
1991 - ... and several minor memory leaks
1992 - ... and some cache.log message polishing
1993
56eea3f2
AJ		 1994Changes to squid-3.2.6 (09 Jan 2013):
1995
1996 - Regression Bug 3731: TOS setsockopt() requires int value
1997 - Regression Bug 3712: Rotating logs overwrites the previous log
1998 - Bug 3727: LLVM compile errors in kerberos_ldap_group
1999 - Bug 3650: Negotiate auth missing challenge token
2000 - Additional fixes for CVE-2012-5643 / SQUID:2012-1
2001
eeb80d48
AJ		 2002Changes to squid-3.2.5 (10 Dec 2012):
2003
2004 - Bug 3698: Add missing include of errno.h
2005
bd4920ca
AJ		 2006Changes to squid-3.2.4 (03 Dec 2012):
2007
2008 - Ported: urllogin ACL from squid 2.7
2009 - Bug 3688: Lots of Orphan Comm:Connections to ICAP server
2010 - Bug 3677: Port un-pinning logic changes from squid 3.3
2011 - Bug 3405: ssl_crtd crashes failing to remove certificate
2012 - ... and major bugs fixed in squid 3.1.22
2013 - Fix accept_filter on Linux
2014 - Remove 'Bungled' warning on missing component directives
2015 - ... and many buffer and memory leak issues in the bundled helpers
2016 - ... and a small amount of code polishing
2017
362d74b6
AJ		 2018Changes to squid-3.2.3 (21 Oct 2012):
2019
2020 - Regression: SMP crashes on startup with workers > 1
2021 - Bug 3655: pinning failure breaks NTLM and Negotiate authentication
2022 - SMP: Allow a UFS cache_dir entry to coexist with a shared memory cache entry
2023 - HTTP/1.1: honour Cache-Control before Pragma:no-cache
2024 - HTTP/1.1: Cache-Control compliance upgrade
2025 - Remove obsoleted refresh_pattern ignore-no-cache option
2026 - Fix IPv6 enabled squidclient
2027 - ... and several compile fixes
2028
2029Changes to squid-3.2.2 (06 Oct 2012):
a18ad4b5
AJ		 2030
2031 - Regression: Make login=PASS send no credentials when none available
2032 - Regression: Handle dstdomain duplicates and overlapping names better
2033 - Bug 3661: Segmentation fault when using more than 1 worker
2034 - Bug 3660: ACLFilledChecklist::fd set with wrong fd for sslproxy_cert_error
2035 - Bug 3658: ERR_ZERO_SIZE_OBJECT propagates out even after successful retry
2036 - Bug 3648: polish String class files
2037 - Bug 3647: parsing hier_code acl fails
2038 - Bug 3626: forwarding loops on intercepted traffic
2039 - Bug 3616: retrieve client connection for ACL checks from the related HttpRequest object
2040 - Bug 3609: several RADIUS helper improvements
2041 - Bug 3605: memory leak in Negotiate authentication
2042 - Fix small memory leak in src ACL parse
2043 - Fix maximum_single_addr_tries upgrade
2044 - Fix chunked encoding on responses carrying a Content-Range header.
2045 - Do not reuse persistent connections for PUTs to avoid ERR_ZERO_SIZE_OBJECT
2046 - ... and several compile errors
2047
c72a2049
AJ		 2048Changes to squid-3.2.1 (15 Aug 2012):
2049
2050 - Bug 3605: memory leak in peer selection
2051 - Bug 3478: better default handling without -DSTRICT_ORIGINAL_DST
2052 - ... and some documentation updates
2053
a9eec4aa
AJ		 2054Changes to squid-3.2.0.19 (02 Aug 2012):
2055
2056 - Regression Bug 3580: IDENT request makes squid crash
2057 - Regression Bug 3577: File Descriptors not properly closed
2058 - Regression Bug 3478: Allow peer selection and connection auth on intercepted traffic
2059 - Regression Fix: Restore memory caching ability
2060 - Bug 3556 Workaround: epoll assertion failed: comm.cc:1093: isOpen(fd)
2061 - Bug 3551: store_rebuild.cc:116: "store_errors == 0" assertion
2062 - Bug 3525: Do not resend nibbled PUTs and avoid "mustAutoConsume" assertion.
2063 - Avoid bogus "Disk space over limit" warnings when rebuidling dirty ufs index
2064 - Support custom headers in [request|reply]_header_* manglers
2065 - ... and much code polishing
2066
5cc53d80 2067Changes to squid-3.2.0.18 (29 Jun 2012):
f787354b
AJ		 2068
2069 - Bug 3576: ICY streams being Transfer-Encoding:chunked
2070 - Bug 3537: statistics histogram leaks memory
2071 - Bug 3526: digest authentication crash
2072 - Bug 3484: Docs: sslproxy_cert_error example flawed
2073 - Bug 3462: Delay Pools and ICAP
2074 - Bug 3405: ssl_crtd crashes failing to remove certificate
2075 - Bug 3380: Mac OSX compile errors with CMSG_SPACE
2076 - Bug 3258: Requests hang when Host forgery verify fails
2077 - Bug 3186: Digest auth caches failed state without revalidating
2078 - Bug 2976: ERR_INVALID_URL for transparently captured requests when reconfiguring
2079 - Bug 2885: AIX: check and set required compiler flags
2080 - Fix ssl_crtd compile issues with libsslutil
2081 - Fix build with GCC 4.7 (and probably other C++11 compilers).
2082 - Fix double-escape of %R on deny_info redirect responses
2083 - Support status 308 Permanent Redirect
2084 - Support for TLSv1.1 and TLSv1.2 options and methods
2085 - Support passing external_acl_type credentials on ICAP
2086 - Language Updates: fr, hy, pt_BR
2087 - ... and many compile issues on Windows
2088 - ... and some minor code polish
2089
5cc53d80 2090Changes to squid-3.2.0.17 (12 Apr 2012):
f949585d
AJ		 2091
2092 - Bug 3527: EUI compile errors on Mac OS X 10.5.8 PPC
2093 - Bug 3509: kQueue compile error
2094 - Bug 3505: crash in CbcPointer<Comm::ConnOpener> constructor
2095 - Bug 3441: Part 3: Replace corrupted v1 swap.state with new v2 format.
2096 - Bug 3397: do not mark connection as opened until after SYN-ACK
2097 - Bug 3193: NTLM decoder truncating strings
2098 - Windows FD handling polish and some fixes
2099 - Solaris 9/10 various build fixes
2100 - ... and some more code polish
2101
5cc53d80 2102Changes to squid-3.2.0.16 (07 Mar 2012):
488e6901
AJ		 2103
2104 - Bug 3508: Correct DNS timeout handling.
2105 - Bug 3503: DNS PTR queries timeout due to wrong QIDs.
2106 - Bug 3497: Bad ssl_crtd db size file causes infinite loop
2107 - Bug 3490: part 1: SegFault opening FTP active data connections
2108 - Bug 3490: Crash writing Apache Common and Referer/Useragent logs
c5426f8f 2109 - Bug 3458: Icon Serving (squid-internal-static) Broken
488e6901
AJ		 2110 - Bug 3457: Display TLS error details in ERR_SECURE_CONNECT_FAIL
2111 - Bug 3381: 32-bit overflow assertion in StatHist
2112 - Bug 3324: loadFromFile: parse error while reading template file
2113 - Support sslpassword_program for ssl-bump HTTP ports
2114 - Support CoAP protocol coap:// and coaps:// URL schemes in HTTP requests
2115 - Retry requests that failed due to a persistent connection race
2116 - Log '-' on requests with no Referer or User-Agent headers
2117 - ... and several fixes related to in-transit object performance
2118 - ... and some structural design changes for portability
2119
5cc53d80 2120Changes to squid-3.2.0.15 (06 Feb 2012):
f9329b54
AJ		 2121
2122 - Bug 3472: segfault with the message 'urlParse: URL too large'
2123 - Bug 3471: segfault when %la formating code used
2124 - Bug 3449: part 3: shm_open can fail with a mangled path
2125 - Bug 3449: part 4: shm_open failed (fixing memory_cache_shared defaults)
2126 - Bug 3448: 204 response problem in adaptation chains
2127 - Bug 3447: assertion failed: CommCalls.h:150: "dp"
2128 - Bug 3461: build regression in IPFilter NAT
2129 - Bug 3413: raise cbdata lock limits
2130 - Bug 3391: forwarded_for log functionality broken
2131 - Bug 3268: Squid cannot do anything else during ufs/diskd rebuild
2132 - Bug 3268: remove wrong 'Ready to serve requests.' message
2133 - Bug 2519: ssl_bump + Authentication (LDAP Digest) issues
2134 - Disable OpenSSL SSL/TLS bug workarounds by default
2135 - Send DNS A and AAAA queries in parallel
2136 - Cache Manager migration support
2137 - Allow service of internal requests over reverse-proxy ports
2138 - Fix trimMemory for unswappable objects
2139 - ... and several build and polish fixes
2140
902bc38b
AJ		 2141Changes to squid-3.2.0.14 (12 Dec 2011):
2142
2143 - Bug 3433: Segfault closing SNMP
2144 - Bug 3420: Request body consumption races and !theConsumer exception.
2145 - Bug 3406: SSL Log Error in debug
2146 - Bug 3383: store.cc:1631: "new_status != IN_MEMORY" assertion
2147 - Bug 3383: unhandled exception: theGroupBSize > 0
2148 - Bug 3377: assertion failed: store.cc:885: "store_status == STORE_PENDING"
2149 - Bug 3367: fix inverted check on host_strict_verify
2150 - Bug 3366: assertion comm.cc:1276: isOpen(fd) via CompositePoolNode::kickReads
2151 - Bug 3364: SNMP Orphans
2152 - Bug 3301: ERR_DNS_FAIL never shown
2153 - Bug 3150: do not start useless unlinkd
2154 - ext_session_acl: version 1.2
2155 - Add adaptation_meta option
2156 - Add a mask on the qos_flows miss configuration value
2157 - Support intermediate CA in ssl-bump traffic certificates
2158 - Support SSL certificate failure details on error page
2159 - Fix flags for NAT intercept and TPROXY not set correctly
2160 - Fix fastCheck() default result on multi-line actions
2161 - Fix missing SMP shared memory statistics
2162 - Fix Comm::Write closing() assertion when retrying a failed UDP DNS query
2163 - ... and several other TCP and SMP support behaviour fixes
2164 - ... and many code polishing cleanups and fixed build errors
2165 - ... and several documentation polishings
2166
8fe9e0a2
AJ		 2167Changes to squid-3.2.0.13 (14 Oct 2011):
2168
2169 - Regression Bug 3363: never_direct always 'unable to forward this request at this time'
2170 - Regression Bug 3351: FTP timeout causing "store_status == STORE_PENDING" assertion
2171 - Regression Bug 3336: reconfigure assertion 'hlp->childs.n_running > 0'
2172 - Regression fix: always_direct/never_direct failures
2173 - Regression fix: stop an SSL header file being included after --disable-ssl
2174 - Regression fix: parse HTTP list headers with embedded 8-bit characters
2175 - Bug 3355: configure setting --with-swapdir ignored
2176 - Bug 3325: option to selectively enable strict host verify checks
2177 - Bug 3337: HTTP status 200 is not accepted for deny_info
2178 - Bug 3077: '\' in url query strings cause Digest authentication to fail
2179 - Support SMP worker shared memory cache
2180 - Support SMP worker shared disk cache (rock)
2181 - ext_session_acl: version 1.1
2182 - Fix Host verify: do not pinn destination IP if URL re-write has been done
2183 - Fix IPF interception
2184 - Fix ssl_crtd "Cannot add certificate to db" when updating expired cert
2185 - Fix ssl_crtd CertificateDB locking scheme
2186 - ... and all changes from 3.1.16
2187 - ... and many compile and polishing fixes
2188
f96fd18d
AJ		 2189Changes to squid-3.2.0.12 (17 Sep 2011):
2190
2191 - Regression Bug 3335: ICAP service is down
2192 - Regression Bug 3322: adapt:: and icap:: format codes do not parse
2193 - Regression Bug 3303: Support for non-English usernames in log files
2194 - Regression Bug 3259: assertion failed: Connection.cc:29: 'fd<0' after REVIVED PARENT
2195 - Regression: %I shows hostname on SSL error page
2196 - Regression: FTP outgoing port always 'in use' on PASV connections
2197 - Bug 3337: (partial) status 200 is not accepted for deny_info
2198 - Bug 3319: Inconsistencies in error messages
2199 - Bug 3281: pconn in-use while closing assertion
2200 - Bug 3243: Fix cases: raw-IPv6, case variant FQDN, internal request
2201 - Fixed max-stale check. Entities not exceeding max-stale were marked as stale
2202 - Adjust format code %la for intercepted connections
2203 - Log ICAP_ERR_GONE ICAP transaction outcome when ICAP initiator disappears early
2204 - Send RST packet when closing an ICAP connection after a transaction error
2205 - Support maximum field width for string access.log fields
2206
2284b7f7
AJ		 2207Changes to squid-3.2.0.11 (28 Aug 2011):
2208
2209 - Bug 3243: CVE-2009-0801 Bypass of browser same-origin access control
2210 - Host: authority validation of intercepted destination IP
2211 - Host: authority validation of request URL
2212 - Host: authority validation of CONNECT tunnel destination
2213 - Preserve client destination IP in intercepted communication
2214 - Regression Bug 3316: Failed to connect to nameserver using TCP
2215 - Regression Bug 3311: segmentation fault in getMyPort() with only intercept port set
2216 - Regression Bug 3310: %<pt translates as %<p
2217 - Regression Bug 3301: ERR_DNS_FAIL never shown (partial)
2218 - Regression Bug 3288: %<la and %<lp not displaying
2219 - Bug 3289: cache manager parameters not parsed without password
2220 - Bug 2279: Log Format options to log server source IP and port
2221 - Bug 3211: ssl_crtd start even if no ssl-bump port is configured
2222 - Bug 3138: squidclient mgr:objects/mgr:vm_objects never ends
2223 - Bug 3118: ecap_enable on forces icap_enable on
2224 - Bug 3107: ncsa_auth DES silently truncates passwords to 8 bytes
2225 - Default to vhost for accelerator mode (reverse proxy)
2226 - Display HTTP protocol syntax at section 11 level 2
2227 - Support for using custom keys in CARP parents
2228 - Optimize regular expression ACLs
2229 - ... and a lot of code portability fixes
2230 - ... and all bugs and polish changes from 3.1.15
2231
3ff024ec
AJ		 2232Changes to squid-3.2.0.10 (24 Jul 2011):
2233
2234 - Port from 2.7: act-as-origin for reverse proxy ports
2235 - Regression fix: broken --disable-ipv6
2236 - Regression fix: negative cacheing on unknown or -1 expiry timestamp
2237 - Regression fix: vhost and defaultsite causing vport to be ignored
2238 - Regression fix: several errors in persistent connection handling
2239 - Regression Bug 3280: allow max-size unset and min-size=N for large objects
2240 - Regression Bug 3245: reconfigure assertion in MemPools[type]
2241 - Regression Bug 3274: assertion failed: CommCalls.h:144: "dp"
2242 - Regression Bug 3273: assertion comm.cc:775: Comm::IsConnOpen(conn)
2243 - Regression Bug 3269: cache.log applyQueryParams messages
2244 - Regression Bug 3264: Segmentation Fault in src/ipc/Strand.cc(54) receive: 3
2245 - Regression Bug 3246: assertion client_side.cc:1407 connIsUsable(http->getConn())
2246 - Bug 3267: workers IPC mount points disobey --localstatedir
2247 - Bug 3248: login=NEGOTIATE sends wrong auth header to origin peers
2248 - Bug 3247: Domain from URL Stripped when going through peers
2249 - Bug 3244: wrong port for peer relayed requests
2250 - Bug 3195: kerberos_ldap_group will not build without kerberos
2251 - Bug 2862: add http(s):// support to cache manager
2252 - kerberos_ldap_group: several fixes to -S option
2253 - ssl_crtd: Add man(8) file
2254 - ... and several pieces of code cleanup and polishing.
2255 - ... and most bug fixes and updates from 3.1.14 and 3.1.15
2256
6d44d1e9
AJ		 2257Changes to squid-3.2.0.9 (18 Jun 2011):
2258
2259 - Bug 3159: delay pools --disable-auth compile problems
2260 - HTTP/1.1: Support multiline quoted-string header fields
2261 - HTTP/1.1: Send 505 Unsupported Version on mangled version codes
2262 - Support configurable and translated SSL error details messages
2263 - Add log format codes for split client/server views of HTTP request line
2264 - Major upgrade of TCP connection handling
2265 - Support split-stack IPv6 to servers
2266 - Support persistent connections with tcp_outgoing_address/tcp_outgoing_tos
2267 - Optimized persistent connection handling
2268 - Optimized FTP data connection handling
2269 - Optimized TCP failure recovery
2270 - ... and all bug fixes and updates from 3.1.12.3
2271 - ... and many code polish, documentation and translation cleanups
2272
65f2789a
AJ		 2273Changes to squid-3.2.0.8 (30 May 2011):
2274
2275 - Bug 3214: "helperHandleRead: unexpected read from ssl_crtd" errors.
2276 - Bug 3043: Properly detect Iphlpapi.h on windows
2277 - Bug 2055: Honor ICAP Max-Connections
2278 - Fix NTLM/Negotiate reply auth PASSTHRU to peers
2279 - Support SSL SNI to origin servers
2280 - Add %EXT_LOG and %EXT_TAG external_acl_type format options
2281 - Add %b tag for proxy listening port display in error pages
2282 - Optimize base64 encoding/decoding
2283 - Require libcap before enabling netfilter MARK support
2284 - Require libtool 2.2
2285 - Bundle pkg.m4 from pkg-config 0.25 for OS without pkg-config
2286 - ... and all bug fixes and updates from 3.1.12.2
2287 - ... and some documentation and code polishing
2288
065f7779
AJ		 2289Changes to squid-3.2.0.7 (19 Apr 2011):
2290
2291 - Regression fix: NTLM and Negotiate auth assertion "RefCountCount() == 2"
2292 - Regression fix: icons/ FHS compliance
2293 - Regression fix: Startup aborts with URL error when --disable-htcp
2294 - Bug 3192: comm.cc:216: "fd_table[fd].halfClosedReader != NULL"
2295 - Add negotiate_wrapper_auth version 1.0.1
2296 - Fixed %dt logging in the presence of REQMOD
2297 - Fixed chunked request forwarding in ICAP REQMOD presence
2298 - ... all bug fixes and updates from 3.1.12.1
2299 - ... many code polishings and display cleanups
2300
7d9ce496
AJ		 2301Changes to squid-3.2.0.6 (04 Apr 2011):
2302
2303 - Regression fix: upgrade existing icons
61beade2 2304 - Regression fix: do not crash when accessing an SSL certificate with errors
7d9ce496
AJ		 2305 - Regression fix: prevent stdio log module segfaults on rotate
2306 - Regression fix: shutdown properly even if a worker process crashes on exit
2307 - Regression Bug 3159: (partial fix) ICAP and --disable-auth compile problems
2308 - Bug 3170: "Unsupported or unconfigured/inactive proxy-auth scheme" on shutdown
2309 - Bug 3105: malformed Proxy-Authorization leaks memory
2310 - Bug 3007: CONNECT to cache_peer returns 000 status code
2311 - Bug 2885: Compile errors on AIX
2312 - Support parameterized Cache Manager queries
2313 - Support libecap v0.2.0; fixed eCAP body handling and logging
2314 - Support dynamic adaptation plans that cover multiple vectoring points
2315 - Support %D details for documented OpenSSL errors
2316 - Support logging of all transactions including those with uncertain status or no sent response
2317 - Updrate negotiate_kerberos_auth to version 3.0.4sq
2318 - Update ext_kerberos_ldap_group_acl to version 1.3.0sq
2319 - Update ext_edirectory_userip_acl to version 2.1
2320 - Convert dns_timeout and dns_retransmit_interval directives to use millisecond resolution
2321 - Change the default dns_timeout value from 2 minutes to 30 seconds
2322 - Fix TCP log stream flushing on every line
2323 - ... all bug fixes and updates from 3.1.12
2324 - ... a great many compiler portability fixes
2325 - ... many code polishings and display cleanups
2326
850ff99f
AJ		 2327Changes to squid-3.2.0.5 (12 Feb 2011):
2328
2329 - Regression Fix: profiler should not be built by default
2330 - Regression Bug 3081: assertion failed: AsyncCallQueue
2331 - Regression Bug 2948: Requests for FTP active downloads cause failed assertion
2332 - Bug 3089: FTP command output overrides directory listing
2333 - Bug 2870: --disable-auth does not work
2334 - Bug 2586: multiple memory leaks during reconfigure
2335 - Bug 2581: FTP directory listing sometimes fails
2336 - Port from 2.7: maximum staleness limits
2337 - HTTP/1.1: Support RFC 5861 Cache-Control: stale-if-error option
2338 - HTTP/1.1: Support configurable status codes for deny_info
2339 - Support upcoming "fresh message creation" eCAP API
2340 - Aggregate SNMP responses when using SMP with multiple workers
2341 - Several more Solaris, Windows and ICC support fixes
2342 - ... all bug fixes and updates from 3.1.11
2343 - ... and more code cleanup shufflings
2344 - ... and several documentation updates
2345
834d2128
AJ		 2346Changes to squid-3.2.0.4 (22 Dec 2010):
2347
2348 - Port 2.x: cache_dir min-size setting
2349 - Bug 3059: Crash on digest auth headers with unknown nonce
2350 - Fix cachemgr reported HTTP/ICP requests/messages per minute when multiple workers used
2351 - Fix cachemgr mem-pools reporting
2352 - Add Dynamic SSL certificate generation
2353 - Add useragent, referer, combined built-in log formats
2354 - Obsolete log_fqdn directive
2355 - Obsolete useragent/referer/forward_log directives
2356 - HTTP/1.1: Send 1.1 on CONNECT responses
2357 - Updated Kerberos support for newer GSSAPI releases
2358 - Improve handling of adapted body delivery failures in REQMOD request satisfaction mode
2359 - Improve handling of early eCAP transaction failures
2360 - Various ext_edirectory_acl fixes
2361 - ... all bug and feature fixes included in 3.1.10 release
2362 - ... and a lot of code and documentation polishing
2363
1664edf4 2364Changes to squid-3.2.0.3 (07 Nov 2010):
b40d9a33
AJ		 2365
2366 - Regression fix: SMP broke ICP outgoing IP lookup if no udp_outgoing_addr set
2367 - Regression fix: ESI processing of Surrogate filter
1664edf4 2368 - Bug 3091: bypassed ICAP errors are not counted as service failures
b40d9a33 2369 - Bug 3048: "commio_has_callback(fd, IOCB_READ, ccb)" assertion.
1664edf4 2370 - Bug 3038: Detatch libmisc from libcompat
b40d9a33
AJ		 2371 - Bug 3028: Permit wbinfo_group.pl to authenticate Kerberos users with NT domain
2372 - Bug 3002: store initialization (-z) does not work with SMP configs
2373 - Bug 2999: v2.0 of ext_edirectory_userip_acl
2374 - Bug 2785: DNS needs to set EDNS options advertising Squid capabilities
2375 - Bug 595: Add %err_code and %err_detail logformat codes for transaction failures
2376 - HTTP/1.1: support If-Match and If-None-Match requests
2377 - HTTP/1.1: forward 1xx control messages to clients that support them
2378 - HTTP/1.1: send Age:0 header even if it may break IE5
2379 - HTTP/1.1: dechunk incoming requests and chunk outgoing requests
2380 - HTTP/1.1: entry is stale if request has max-age=0
2381 - HTTP/1.1: harden quoted-string parser
2382 - Add --enable-build-info for extra "squid -v" display
2383 - Add --with-swapdir=PATH to override default /var/cache/squid
2384 - Add cpu_affinity_map directive to bind workers to CPU cores
2385 - Add Netfilter MARK support for QoS
2386 - Add upgrade process for obsolete options
2387 - Add support for RFC 2965 Set-Cookie2 / Cookie2 headers
2388 - Add support for client send bandwidth limits (a.k.a., quota or delay pool)
2389 - Fixes Eui48 support on OpenBSD
2390 - Fixes cache manager support with SMP configs
2391 - ... several documentation updates
2392 - ... all bug and feature fixes included in 3.1.9 release.
2393 - ... many more code polishes and leak removals
2394
dee6a922
AJ		 2395Changes to squid-3.2.0.2 (04 Sep 2010):
2396
2397 - Bug 3015: assertion failed: comm.cc:143: "ccb->active()"
2398 - Support rotating logs from cachemgr and squidclient
2399 - Support Kerberos authentication in squidclient
2400 - Add manual page for negotiate_kerberos_auth
2401 - Add helper ext_kerberos_ldap_group_acl to lookup Kerberos/NTLM group via LDAP
2402 - Add tool 'purge' for management of UFS/AUFS/DiskD caches (experimental)
2403 - Added log options %http::<bs and %icap::<bs
2404 - Collapse HTCP cache_peer options into one setting
2405 - Improved request smuggling attack detection. Tolerating valid benign HTTP
2406 - ... and several HTTP/1.1 compliance improvements
2407 - ... and all improvements in 3.1.7 and 3.1.8
2408
6be4a9a8
AJ		 2409Changes to squid-3.2.0.1 (03 Aug 2010):
2410
2411 - Port from 2.7: Logging infrastructure updates
2412 - Port from 2.7: Unique sequence number per log line
2413 - Port from 2.6: STORE_META_OBJSIZE swapout storage type
2414 - Bug 2792: tcp_outgoing_addr does not work with TPROXY
2415 - Bug 2631: refresh_pattern store-stale option
2416 - Bug 2305: Multiple leaks and assertion crashes in authentication
2417 - Bug 1239: Much needed ACL type random
2418 - Bug 7: (partial): Migrate on-disk objects to cache_mem on hit/refresh and update
2419 - Support full Surrogate/1.0 protocol extensions to HTTP for reverse-proxies
2420 - Support SMP for essential non-caching functionality
2421 - Support logging over TCP
2422 - Support Solaris 10 pthreads (experimental)
2423 - Support Kerberos login to peers
2424 - Support EUI / MAC in more environments
2425 - Support format tags in deny_info URLs
2426 - Support running helpers on-demand instead of all at startup
2427 - Support fully transparent login=PASSTHRU of authentication headers to peers
2428 - Support multi-lingual localised FTP directory listings
2429 - Support TPROXYv4 spoofing of X-Forwarded-For client address
2430 - Support ICAP 206 Partial Content extension
2431 - Append the _ABORTED or _TIMEDOUT suffixes to the action access.log field
2432 - Add ACL support to range_offset_limit
2433 - Add helpers for url_rewrite
2434 - Add helper multiplexer for concurrency emulation with legacy helpers
2435 - Add Perl library which facilitates parsing access logfile entries.
2436 - Add a simple script to summarise traffic use per user
2437 - Add templates for captive portal proxy configuration instructions
2438 - Add logging of the local TCP port used by transactions with HTTP servers
2439 - Update mswin_check_ad_group to version 2.0
2440 - Update squid_kerb_auth helper to version 3.0.2
2441 - Remove double-language error page hack (replaced by locale auto-negotiation)
2442 - Remove TPROXYv2 support (replaced by TPROXYv4)
2443 - Remove no_check.pl NTLM helper (replaced by ntlm_fake_auth)
2444 - Re-work ./configure script for smarter auto-detect and early error checks
2445 - Auto-enable all features by default
2446 - Workaround com_err.h C++ brokenness triggered by OpenSSL includes
2447 - Helpers naming scheme
2448 - Add support for write timeouts
2449 - Modify icap_service_failure_limit option to forget old ICAP errors
2450 - Updated man(8) manuals including several additions and translations
2451 - ... and a great many code cleanups
2452 - ... and a great many testing improvements
2453 - ... and many documentation updates
2454
56eea3f2
AJ		 2455Changes to squid-3.1.23 (09 Jan 2013):
2456
2457 - Additional fixes for CVE-2012-5643 / SQUID:2012-1
2458
bd4920ca
AJ		 2459Changes to squid-3.1.22 (03 Dec 2012):
2460
2461 - Bug 3685: Squid hangs in Delay Pools ClassCBucket::update
2462 - Bug 3659: read_timeout problem with HTTPS
2463 - Bug 3654: Fix IPv6 enabled squidclient
2464 - Bug 3189: AIO thread race on pipe() initialization
2465 - cachemgr.cgi: Memory Leaks and DoS Vulnerability
2466
4c73ceb8
AJ		 2467Changes to squid-3.1.21 (23 Sep 2012):
2468
2469 - Bug 3622: peerClearRRStart scheduling multiple events
2470 - Bug 3615: configure check for default max number of FDs is broken
2471 - Bug 3607: --enable-auth documented default action incorrect
2472 - Bug 3593: socket failure: Address family not supported by protocol
2473 - Bug 3584: Detection of setresuid() is broken
2474 - Bug 3568: Consolidate external_acl_type config dumping and add missing %%
2475 - Bug 3564: eCAP not supporting CoAP URI schemes
2476 - Bug 3484: Docs: sslproxy_cert_error example flawed
2477 - Bug 3462: Delay Pools and ICAP
2478 - Bug 3133: better fix: Memory leak handling requests for sites that don't exist
2479 - Bug 2976: ERR_INVALID_URL for transparently captured requests when reconfiguring
2480 - Silence IOS 15.1 unknown capabilities messages.
2481 - Account for Store disk client quota when bandwidth-limiting the server.
2482 - ... and several documentation fixes
2483 - ... and several compile fixes
2484
5cc53d80 2485Changes to squid-3.1.20 (08 Jun 2012):
dd8d2619
AJ		 2486
2487 - Regression Bug 3545: FreeBSD dnsserver segfaults
2488 - Regression Bug 3504: clientside_tos fails to mark traffic
2489 - Bug 3539: CONNECT server connection not closed correctly on errors
2490 - Bug 3502: client timeout uses server-side read_timeout, not request_timeout
2491 - Bug 3466: Adaptation stuck on last single-byte body piece
2492 - Bug 3463: dnsserver fails to compile
2493 - Bug 3439: correct external_acl_type documented default for ipv4/ipv6 option
2494 - Bug 3390: Proxy auth data visible to scripts
2495 - Bug 3263: ssl_crtd: undefined references to squid_curtime
2496 - Bug 3233: Invalid URL accepted with url host is white spaces
2497 - Bug 3133: Memory leak handling requests for sites that don't exist
2498 - Bug 3074: Improper URL handling with empty path (RFC 3986)
2499 - Bug 3013: segmentation fault on shutdown commSetCloseOnExec at comm.cc:1889
2500 - Regression: snmp/udp address directives not resolving hostname
2501 - Better helper-to-Squid buffer size management.
2502 - Support CoAP over HTTP (coap:// and coaps:// URLs)
2503 - Support for 3.2 error template codes
2504
5cc53d80 2505Changes to squid-3.1.19 (06 Feb 2012):
f9329b54
AJ		 2506
2507 - Regression Bug 3441: part 2: Prevent further cache size corruption of swap.state
2508 - Bug 3473: erase last uses of obsolete auth_user_hash_pointer
2509 - Bug 3470: GCC 4.7
2510 - Bug 3442: assertion failed: external_acl.cc:908: ch->auth_user_request != NULL
2511 - Bug 3441: part 1: Minimize cache size corruption by malformed swap.state
2512 - Bug 3440: compile error in Adaptation
2513 - Bug 3420: Request body consumption races and !theConsumer exception
2514 - Bug 3370: external ACL sometimes skipping
2515 - Bug 3085: Crash when parsing esi:include
2516 - HTTP/1.1: do not add 110 and 111 Warnings to revalidated responses
2517 - Fix SSL library dependency fixes
2518
339383cc
AJ		 2519Changes to squid-3.1.18 (03 Dec 2011):
2520
2521 - Regression: compile error in FTP
2522
c218b24d
AJ		 2523Changes to squid-3.1.17 (03 Dec 2011):
2524
2525 - Bug 3432: Crash logging FTP errors
2526 - Bug 3428: Active FTP data channel accepted twice
2527 - Bug 3423: access violation in URL parser
2528 - Bug 3422: Buffer overflow in recv-announce
2529 - Bug 3412: External ACL Uses Invalid Cache Entry
2530 - Bug 3408: Wrong header length leads to EFAULTs when creating UFS swap.log.new
2531 - Bug 3398: persistent server connection closed after PUT/DELETE
2532 - Bug 3299: dnsserver: various undefined references
2533 - Bug 3077: '\' in url query strings cause Digest authentication to fail
2534 - Bug 2910: MemBuf may grow beyond max_capacity
2535 - Bug 2619: Excessive RAM growth due to unlimited adapted body data consumption
2536 - Bug 1243: Build overrides configured AR setting
2537 - Avoid crashes when processing bad X509 common names (CN).
2538 - Support %% in external ACL format
2539 - ... and several other compile error fixes
2540 - ... and several documentation fixes
2541
8fe9e0a2
AJ		 2542Changes to squid-3.1.16 (14 Oct 2011):
2543
2544 - Bug 3373: invalid URL in ERR_CACHE_ACCESS_DENIED
2545 - Bug 3368: Unhandled exceptions are not logged (workaround)
2546 - Bug 3326: miss_access incorrect default
2547 - Bug 3320: miss_access description confusing
2548 - Bug 3241: squid_kerb_auth cross compilation fix
2549 - Bug 3237: seq fault in free() from rfc1035RRDestroy
2550 - Bug 3190: Large HTTP POST stuck after early ICAP 400 error response
2551 - db_auth: display available DSN drivers on connect error
2552 - Updated OpenSSL 1.0.0 version checks
2553 - ... and several documentation fixes
2554
2f954743
AJ		 2555Changes to squid-3.1.15 (28 Aug 2011):
2556
2557 - Regression fix: vhost and defaultsite causing vport to be ignored
2284b7f7 2558 - Regression Bug 3295: broken escaping in rfc1738_do_escape
2f954743
AJ		 2559 - Bug #3232: fails to compile with OpenSSL v1.0.0
2560 - Bug #3222: cache_peer name is not logging on CONNECT
2561 - Bug #3131: fd_table[fd].closing() assert from ConnStateData::noteMoreBodySpaceAvailable()
2562 - Bug #3217: "!fd_table[fd].closing()" from ServerStateData::noteMoreBodySpaceAvailable
2563 - Bug #3213: https sites (CONNECT) not open when using NTLM
2564 - Bug #3114: Memory leak in SSL certificate verify code
2565 - Bug #3107: ncsa_auth DES silently truncates passwords to 8 bytes
2566 - Bug #2662: cf_gen failure when cross compiling
2567 - Bug #2655: passing wrong the username to the url_rewrite_program
2568 - Bug #2495: ignore whitespace prefix on config lines
2569 - Bug #2051: 'default' cache_peer option does not match documentation
2570 - Bug #1842: Optimize order of tests in peerWouldBePinged() and peerHTTPOkay()
2571 - Bug #1791: timestampsSet does not validate Date: if server sends very old date
2572 - Correct parsing of large Gopher indexes
2573 - Enable negative cacheing on unknown or -1 expiry timestamp
2284b7f7 2574 - Remove hierarchy_stoplist default value
2f954743
AJ		 2575 - Migrate cf_gen tool from C-style to C++
2576 - ... and several documentation and compiler warning fixes
2577
04f5e27a
AJ		 2578Changes to squid-3.1.14 (04 Jul 2011):
2579
2580 - Regression Bug 3261: Could not create a DNS socket and exit
2581
e074e5be
AJ		 2582Changes to squid-3.1.13 (01 Jul 2011):
2583
2584 - Regression Bug 3239: problems with myip/myport upgrade
2585 - Bug 3153: hung ICAP RESPMOD transactions
2586 - Update ssl_crtd to use 'OK' status inline with other helpers
2587
6d44d1e9
AJ		 2588Changes to squid-3.1.12.3 (18 Jun 2011):
2589
2590 - Bug 3236: Port of %oa, %<lp and %<lp and %<la log format options
2591 - Bug 3214: unexpected read from ssl_crtd
2592 - Bug 3153: Prevent ICAP RESPMOD transactions getting stuck with the adapted body
2593 - Fix RADIUS helper resource leak
2594 - Fix segfault parsing digest auth realm
2595 - Fix segfault in parse_eol()
2596 - Fixed bypass of SSL certificate validation errors
2597 - Warn about myip/myport problems on interception proxies
2598 - Polish: display easily grepped config lines on -k parse
2599 - Fix squidclient -V option and allow non-HTTP protocols to be tested
2600
65f2789a
AJ		 2601Changes to squid-3.1.12.2 (30 May 2011):
2602
2603 - Bug 3226: Tags from external ACLs do not correctly expire
2604 - Bug 3215: Malformed IPv6 DNS reverse lookup
2605 - Bug 3209: ssl-bumped requests forwarded unencrypted to the parent proxies/caches
2606 - Bug 3205: SSL-bump starts then hangs
2607 - Bug 3178: gcc-4.6 complains unused variables
2608 - Bug 3122: Unknown record type in WCCPv2 Packet (6)
2609 - Bug 2965 (partial): Compile errors on MinGW
2610 - Fix to only ssl-bump CONNECT requests if they are about to be tunneled
2611 - Fix cache manager display of -i/+i in regex ACL config display
2612 - Fix cache manager display of cache_peer options userhash and sourcehash
2613 - Fix URL re-writer loosing many transaction details
2614 - Fix always-true comparison in ICAP for some 32-bit platforms
2615 - Support for 'slow' group ACLs in ssl_bump access control
2616 - Support OpenSSL 1.0.0 built without SSLv2
2617 - Support GCC 4.6 and binutils-gold
2618 - Add CSS id attribute to BODY tag of generated error pages.
2619 - Display WARNING and ERROR when max_filedescriptors has failed
2620
065f7779
AJ		 2621Changes to squid-3.1.12.1 (19 Apr 2011):
2622
2623 - Port from 3.2: Dynamic SSL Certificate generation
2624 - Bug 3194: selinux may prevent ntlm_smb_lm_auth from using /tmp
2625 - Bug 3185: 3.1.11 fails to compile on OpenBSD 4.8 and 4.9
2626 - Bug 3183: Invalid URL accepted with url host part of only '@'
2627 - Display ERROR in cache.log for invalid configured paths
2628 - Cache Manager: send User-Agent header from cachemgr.cgi
2629 - ... and many portability compile fixes for non-GCC systems.
2630
7d9ce496
AJ		 2631Changes to squid-3.1.12 (04 Apr 2011):
2632
2633 - Regression fix: Use bigger buffer for server reads.
2634 - Regression fix: Add reply_header_replace directive for ability lost since 2.7
2635 - Bug 3181: /dev/poll fails to build on Solaris with GCC 4.5.0
2636 - Bug 3177: assertion failed: comm.cc:1583: "fd >= 0"
2637 - Bug 3175: IPv6 PTR lookup crashes on raw-IP URLs when IPv6 disabled
2638 - Bug 3173: Assertion bodyPipe!=NULL on SslBump CONNECT response writing failure
2639 - Bug 3164: Total memory info display 32-bit overflows
2640 - Bug 3155: Werror is hard-coded in libTrie build
2641 - Bug 3151: squid_kerb_auth: use autoconf LIBS instead of FLAGS for library linkage
f787354b 2642 - Bug 2976: invalid URL on intercepted requests during reconfigure (workaround)
7d9ce496
AJ		 2643 - Bug 2720: comment in same line as cache/mem_replacement_policy causes error
2644 - Bug 2621: Provide request headers to RESPMOD when using cache_peer.
2645 - Bug 2330: AuthUser objects are never unlocked
2646 - Prevent CONNECT request relaying to origin servers
2647 - squidclient HTTP/1.1 compliance updates (Pragma and User-Agent headers)
2648 - squidclient: send Cache Manager password using -w
2649 - eCAP: give full Request-URI to adapters
2650 - ... and several debug and error display cleanups
2651
d88ad4db
AJ		 2652Changes to squid-3.1.11 (08 Feb 2011):
2653
2654 - Bug 3149: not caching eCAP adapted body
2655 - Bug 3144: redirector program blocks while reading STDIN
2656 - Bug 3140: memory leak in error page generation
2657 - Bug 3137: RADIUS auth helper does not send identifier to RADIUS server
2658 - Bug 3115: logging segfaults if access_log is set to a directory
2659 - Bug 2968: Show the Vary: headers information in cachemgr objects report
2660 - Bug 2959: remove SAMBAPREFIX dependency
2661 - Bug 2868: icc doesn't like string literal in assert checks
2662 - HTTP/1.1: Send 307 status on deny_info redirection
2663 - HTTP/1.1: Support POST/PUT with no body
2664 - HTTP/1.1: Allow persistent connections for Mozilla/3.0 User-Agents
2665 - Support RFC 5861 Cache-Control: stale-if-error option
2666 - Add ftp_eprt directive to disable EPRT extensions in FTP
2667 - Fix external_acl_type grace=0 to obey TTL
2668 - Fix IP/FQDN cache accounting to avoid idle caches on busy servers
2669 - Prevent pipeline_prefetch misconfigurations breaking NTLM/Negotiate auth
2670 - ... and some documentation updates and corrections
2671 - ... and some portability and stability fixes
2672
834d2128
AJ		 2673Changes to squid-3.1.10 (22 Dec 2010):
2674
2675 - Bug 3121: memory leak in DigestAuth: AuthUser object is locked twice
2676 - Bug 3113: Consuming too much memory when uploading files
2677 - Bug 3110: 'reply_body_max_size none' does not work with x-forwarded-for
2678 - Bug 3096: Consuming too much memory when delaying traffic
2679 - Bug 3091: Bypassed ICAP errors are not counted as service failures
2680 - Bug 3090: Polish FTP login error handing
2681 - Bug 3068: cache_dir capacity and usage overflows
2682 - Bug 3028: Permit wbinfo_group.pl to authenticate Kerberos users with NT domain
2683 - Bug 427: HTTP Compliance: Support If-Match and If-None-Match requests
2684 - Fix memory leak in adaptation_access
2685 - Fix /dev/poll and poll() selection priority
2686 - Fix PREFIX/var/run creation during install
2687 - Fix cachemgr http_port config report display
2688 - Add upgrade help process for obsolete options
2689 - Accept RFC 2965 Set-Cookie2 / Cookie2 headers as 'known'
2690 - HTTP/1.1: entry is stale if request has max-age=0
2691 - HTTP/1.1: do not forward TRACE with Max-Forwards: 0 after REQMOD
2692 - Toolchain update to support newer auto-tools
2693 - ... and updated error page translations
2694 - ... and updated documentation
2695 - ... and some code optimization/simplification polish
2696
e2f4c66a
AJ		 2697Changes to squid-3.1.9 (25 Oct 2010):
2698
2699 - Bug 3088: dnsserver is segfaulting
2700 - Bug 3084: IPv6 without Host: header in request causes connection to hang
2701 - Bug 3082: Typo in error message
2702 - Bug 3073: tunnelStateFree memory leak of host member
2703 - Bug 3058: errorSend and ICY leak MemBuf object
2704 - Bug 3057: 64-bit Solaris 9 Squid unable to determine peer IP and port
2705 - Bug 3056: comm.cc "!fd_table[fd].closing()" assertion crash when a helper dies
2706 - Bug 3053: cache version 1 LFS support detection broken
2707 - Bug 3051: integer display overflow
2708 - Bug 3040: Lower-case domain entries from hosts and resolv.conf files
2709 - Bug 3036: adaptation_access acls cannot see myportname
2710 - Bug 3023: url_rewrite_program silently fails to rewrite on broken URLs
2711 - Bug 2964: Prevent memory leaks when ICAP transactions fail
2712 - Bug 2808: getRoundRobinParent not handling weights correctly
2713 - Bug 2793: memory statistics sometimes display wrong
2714 - Bug 2356: Port from 2.7: Solaris /dev/poll event ports support
2715 - Bug 2311: crashes with ICAP RESPMOD for HTTP body size greater than 100kb
2716 - Ensure /var/cache or jail equivalent exists on install
2717 - HTTP/1.1: delete Warnings that have warning-date different from Date
2718 - HTTP/1.1: do not remove ETag header from partial responses
2719 - HTTP/1.1: make date parser stricter to better handle malformed Expires
2720 - HTTP/1.1: improve age calculation
2721 - HTTP/1.1: reply with a 504 error if required validation fails
2722 - HTTP/1.1: add appropriate Warnings if serving a stale hit
2723 - HTTP/1.1: support requests with Cache-Control: min-fresh
2724 - HTTP/1.1: do not cache replies to requests with Cache-Control: no-store
2725 - squidclient: Display IP(s) connected to in verbose (-v) display
2726 - Fixes several issues with ICAP persistent connections
2727 - Fixes small leaks in Netdb, DNS, ICAP, ICY, HTTPS
2728 - ... and some cosmetic polishing
2729
dee6a922
AJ		 2730Changes to squid-3.1.8 (04 Sep 2010):
2731
2732 - Bug 3033: incorrect information regarding TOS
2733 - Bug 3020: Segmentation fault: nameservers[vc->ns].vc = NULL
2734 - Bug 3005,2972: Locate LTDL headers correctly (again)
2735 - Bug 2872: leaking file descriptors
2736 - Bug 2583: pure virtual method called
2737 - Hardened DNS client against packet queue attacks
2738 - Hardened HTTP request-line parser
2739 - Several HTTP/1.1 support improvements
2740 - Improved cross-compile support
2741 - .. and several internal pointer safety fixes
2742
c3fe2798 2743Changes to squid-3.1.7 (23 Aug 2010):
161ec538 2744
c3fe2798 2745 - Regression Bug 3021: Large DNS reply causes crash
161ec538 2746 - Regression Bug 3011: ICAP, HTTPS, cache_peer probe IPv4-only port fixes
c3fe2798 2747 - Regression Bug 2997: visible_hostname directive no longer matches docs
161ec538
AJ		 2748 - Bug 3012: deprecate sslBump and support ssl-bump spelling in http_port
2749 - Bug 3006: handle IPV6_V6ONLY definition missing
2750 - Bug 3004: Solaris 9 SunStudio 12 build failure
2751 - Bug 3003: inconsistent concepts in documentation of cache_dir
2752 - Bug 3001: dnsserver link issues
2753 - HTTP/1.1: default keep-alive for 1.1 clients (bug 3016)
2754 - HTTP/1.1: Improved Range header field validation
2755 - HTTP/1.1: Forward multiple unknown Cache-Control directives
2756 - HTTP/1.1: Stop sending Proxy-Connection header
2757 - Fix 32-bit wrap in refresh_pattern min/max values
2758 - ... and several documentation corrections.
2759
aa844a33
AJ		 2760Changes to squid-3.1.6 (02 Aug 2010):
2761
2762 - Bug 2994, 2995: IPv4-only regressions
2763 - Bug 2991: Wrong parameters to fcntl() in commSetCloseOnExec()
2764 - Bug 2975: chunked requests not supported after regular ones
2765 - Fix: 32-bit overflow in reported bytes received from next hop
2766 - Fix Libtool build regressions
2767 - Limited split-stack IPv6 support.
2768 - squid_db_auth support MD5 encrypted passwords
2769
f41d79ba
AJ		 2770Changes to squid-3.1.5.1 (28 Jul 2010):
2771
2772 - Update Libtool to 2.2.
2773 - Bug 2985: search scope for digest_ldap_auth didn't work
2774 - Bug 2972: LTDL 2.2.6b compile errors
2775 - Bug 2963: Stop ignoring --with-valgrind-debug failures
2776 - Bug 2885: AIX support: several fixes
2777 - Bug 2651: crash handling NULL write callback
2778 - Fixed several memory leaks related to Range requests
2779 - Fixed Joomla DB auth handling
2780 - Fixed SASL helper build checks
2781 - Fixed several IPv6 portability problems
2782 - Updated error page translations
2783
88aa2b05 2784Changes to squid-3.1.5 (02 Jul 2010):
0e87db68 2785
88aa2b05
AJ		 2786 - Bug 2967: raw-IPv6 address URL with append_domain broken
2787 - Bug 2950: HTTP responses with no Date, L-M or Expires can now be cached
2788 - Bug 2943: ICAP tokens not logged when using multiple access
2789 - Bug 2937: Fails to detect chunked encoding if not given in all lower case
2790 - Bug 2903: does not send indirect X-Client-Ip in ICAP respmod
7e6cdc23 2791 - Fix free memory corruption and off-by-one error when comparing SNMP OIDs
88aa2b05
AJ		 2792 - Port from 2.7: max_filedescriptor config option
2793 - Fix persistent_connection_after_error is meant to be on by default
2794 - ... and several build errors.
0e87db68 2795
2d94c829
AJ		 2796Changes to squid-3.1.4 (30 May 2010):
2797
2798 - Bug 2933: Verification of the max. port number for WCCP2 dynamic service
2799 - Bug 2924: RADIUS helper compile issues
2800 - Bug 2922: Fix assertion failed: HttpHeader.cc: "Headers[id].stat.aliveCount"
2801 - Bug 2919: tcp_outgoing_address ACLs not obeying acl_uses_indirect_client
2802 - Bug 2896: Fix assertion failed: comm.cc:2063: "!fd_table[fd].closing()"
2803 - Bug 2879: pt2: 3.0 regression in headers end finding
2804 - Bug 2877: pt2: only output zero-size warning on reverse-proxy requests
2805 - Bug 2876: FD_SETSIZE override not working on all linux distributions
2806 - Bug 2810: common log format generates 2 lines of syslog
2807 - Bug 2789: Optimize unlimited memory pools, and correctly handle limits over 2GB
2808 - Bug 2753: Fall back on IPv4 if IPv6 is not present
2809 - Bug 2697: Adaptation leaks and extra requests after reconfiguration
2810 - Bug 2633: Fix Ecap::HeaderRep::value(name) fails when there is no named header field
2811 - Change LDAP helpers to default to LDAP version 3 if available
2812 - Add Joomla and Salted Hash support to squid_db_auth helper
2813 - Fixed IpAddress port printing for ports higher than 9999
2814 - Disable chunked memory pooling by default.
2815 - ... and several build errors.
2816
6808dbda
AJ		 2817Changes to squid-3.1.3 (02 May 2010):
2818
7e6cdc23 2819 - Remove: Advertise 1.1 on replies to clients (broken chunked handling)
6808dbda
AJ		 2820 - Fix tag ACL type not working
2821
ca959baa
AJ		 2822Changes to squid-3.1.2 (01 May 2010):
2823
2824 - Bug 2913: Fix DB auth warning in new perl version
2825 - Bug 2904: Prevent automake creating incomplete files
2826 - Bug 2899: Regression: Restore lost rfc1738_unescape() data type
2827 - Bug 2895: Regression: TPROXY2 compile errors
2828 - Bug 2879: Regression: headers end-finding
2829 - Bug 2874: Accept literal IPv6 address in icap_service URL
2830 - Bug 2860: Regression: WCCPv1 handshake
2831 - Bug 2848: Pass TCP_RST to client on early disconnect
2832 - Debian Bug 578047: Correct behaviour of --enable-ipv6
7e6cdc23
AJ		 2833 - HTTP/1.1: Advertise 1.1 on requests to servers
2834 - HTTP/1.1: Advertise 1.1 on replies to clients
ca959baa
AJ		 2835 - AIX / UNIX build fixes
2836 - Cygwin build fixes
2837 - squidclient: -k option to test connection keep-alive or close
2838 - Improved helper build for wider compatibility
2839 - Ensure the PID file directory exists on install
2840
2ec34bd3
AJ		 2841Changes to squid-3.1.1 (29 Mar 2010):
2842
2843 - Bug 2873: undefined symbol
2844 - Bug 2827: assertion in authentication
2845 - Remove ufsdump binary from default builds
2846 - Remove pinger from default startups
2847 - ... and several documentation updates.
2848
e09692bd
AJ		 2849Changes to squid-3.1.0.18 (14 Mar 2010):
2850
2851 - Regression Fix: IPv4-mapped prefix, broken in 3.1.0.16
2852 - Bug 2869: Remove unused external reference
2853 - Bug 2866: Support OpenSSL 1.0
2854 - Bug 2813: Random unix_group crash at startup
2855 - Send HTTP1.1 compliant 417 responses
2856 - Associate external acl message with the request
2857 - Various Digest parser fixes
2858 - ... and all bug fixes from 3.0 up to 3.0.STABLE25
2859
365d894c
AJ		 2860Changes to squid-3.1.0.17 (24 Feb 2010):
2861
2862 - Regression Fix: Non-English error page UTF encoding
2863 - Bug 2616: reduce IdleConnList::removeFD messages
2864 - Bug 1843: multicast-siblings cache_peer option
2865 - Port from 2.7: X509 certificate alias-domain handling
2866 - Add adapted_http_access option
2867 - NTLMv2 support for fake NTLM helper
2868
011dea45
AJ		 2869Changes to squid-3.1.0.16 (01 Feb 2010):
2870
2871 - Regression Fix: Make Squid abort on all config parse failures.
2872 - Regression Bug 2811: SNMP client/peer table OID numbering
2873 - Bug 2851: Connection pinning fails when using a peer
2874 - Bug 2850: Mismatch in hier_code enum / hier_strings array
2875 - Bug 2731: Add follow_x_forwarded_for support to ICAP
2876 - Bug 2730: Regressions in follow_x_forwarded_for since Squid-2
2877 - Bug 2706: Set timestamps during ICAP request satisfaction.
2878 - Bug 2553: X-Forwarded-For with IPv6 address not handled correctly
2879 - Fix: WCCPv1 not connecting to router correctly
2880 - Remove obsolete RunCache/RunAccel scripts.
2881 - Add client_ip_max_connections
2882 - Add the http::>ha format code and make http::>h log original request headers
2883 - ... and all bug fixes from 3.0 up to 3.0.STABLE22
2884 - ... and many more minor build and display annoyances.
2885
ba641958
AJ		 2886Changes to squid-3.1.0.15 (23 Nov 2009):
2887
2888 - Regression Fix: myip ACL not accepted in config
2889 - Bug 2795: acl arp lookups including port
2890 - Bug 2794: ESI parsing fails on FreeBSD
2891 - Bug 2778: fix linking issues using SunCC
2892 - Bug 2724: eCAP build failure unless ICAP enabled
2893 - Bug 2628: Correct default PID location to PREFIX/var/run/squid.pid
2894 - Bug 2617: Performance degradation during processing list of dstdomain ACL's
2895 - Bug 2374: Support ICY / ICEcast / SHOUTcast streaming protocol.
2896 - Fix: 64-bit filesize issue in squidclient POST of large files
2897 - Fix: send correct Connection: header on intercepted replies
2898 - Support libtool 2.x
2899 - ESI libraries libexpat and libxml2 now optional
2900 - ESI support default enabled
2901 - Bump libcap minimum requirement to libcap 2.09+
2902 - ARP / MAC support fixes for IPv6-mode
2903 - Add outstanding IPv6 settings to squid.conf (localnet, localhost)
2904 - ... and many additions to the background testing structure
2905 - ... and very many minor build and code cleanups for non-GCC compilers.
2906
8f37469c
AJ		 2907Changes to squid-3.1.0.14 (27 Sep 2009):
2908
2909 - Bug 2777: Various build issues on OpenSolaris
2910 - Bug 2773: Segfault in RFC2069 Digest authentication
2911 - Bug 2747: Compile errors on Solaris 10
2912 - Bug 2735: Incomplete -fhuge-objects detection
2913 - Bug 2722: Fix http_port accel combined with CONNECT
2914 - Bug 2718: FTP sends EPSV2 on IPv4 connection
2915 - Bug 2648: stateful helpers stuck in reserved
2916 - Bug 2570: wccp2 "Here I Am" announcements not sent in memory-ony mode
2917 - Bug 2510: digest_ldap_auth uses incorrect logic with TLS
2918 - Bug 2483: bind() called before connect()
2919 - Bug 2215: config file line length limit (extended to 2 KB)
2920 - Support Accept-Language: * wildcard
2921 - Support autoconf 2.64
2922 - Support TPROXY for IPv6 traffic (requires kernel support)
2923 - Support TPROXY cache cluster behind WCCPv2
2924 - Correct ESI support to work in multi-mode Squid
2925 - Add 0.0.0.0 as an to_localhost address
2926 - DiskIO detection fixes and use optimal IO in default build.
2927 - Correct peer connect-fail-limit default of 10
2928 - Prevent squidclient sending two Accept: headers
2929 - ... all bug fixes from 3.0.STABLE19
2930 - ... and many more documentation fixes
2931
f49a1c9e
AJ		 2932Changes to squid-3.1.0.13 (04 Aug 2009):
2933
2934 - Bug 2723 regression: enable PURGE requests if PURGE method ACL is present.
2935 - Fix one more internal profiler error
2936 - Language Updates: Italian, Russian
2937 - Language Updates: Add many more aliases
2938 - Add Copyright document for errors/ content
2939 - ... all bug fixes from 3.0.STABLE18
2940 - ... and several code polishing cleanups
2941
e7b1c518
AJ		 2942Changes to squid-3.1.0.12 (27 Jul 2009):
2943
2944 - Bug 2716: Chunked request Signed/Unsigned build error
2945 - Bug 2674: Remove limit on HTTP headers read.
2946 - Bug 2620: Invalid HTTP response codes causes segfault
2947 - Fix FTP EPSV negotiation parser.
2948 - Fix Via string when leak checking is enabled (valgrind etc)
2949 - ... and several documentation and testing additions
2950
0b8d12da
AJ		 2951Changes to squid-3.1.0.11 (19 Jul 2009):
2952
2953 - Bug 2087: Support adaptation sets and chains
2954 - Bug 2459: dns error message broken when error handling delayed
2955 - Support ICAP Retry
2956 - Support ICAP retries based on the ICAP responses status code
2957 - Support logging ICAP
2958 - Support logging total DNS wait time
2959 - Support logging response times of adaptation transactions
2960 - General logging enhancements
2961 - Dynamically form chains based on ICAP X-Next-Services header
2962 - Support cross-transactional ICAP header exchange
2963 - ... and much adaptation polish and improvements
2964
ce460dc8
AJ		 2965Changes to squid-3.1.0.10 (18 Jul 2009):
2966
2967 - Bug 2680: Regression Crash after rotate with no helpers running
2968 - Bug 2695: Regression in WCCPv2 L2 mask assignment
2969 - Bug 2707: Regression in FTP anonymous auth
2970 - Bug 422, 2706: RFC 2616 Date header requirements
2971 - Bug 1087: ESI processor not quoting attributes correctly.
2972 - Bug 1338: File prefetches aborted despite range_offset
287dcde6 2973 - Bug 2080: wbinfo_group.pl - false positive under certain conditions
ce460dc8 2974 - Bug 2092: select loop 32-bit call counter overflows
287dcde6 2975 - Bug 2127: delay pools class 4 crashes with ntlm auth
ce460dc8
AJ		 2976 - Bug 2611: document fast/slow acl types
2977 - Bug 2614: Potential loss of adapted body data from eCAP adapters
2978 - Bug 2658: Missing TextException copy constructor
2979 - Bug 2659: String length overflows on append, leading to segfaults
2980 - Bug 2699: Build failure NTLM smb_lm helper
2981 - Bug 2709: TRANSLATIONS not installed
2982 - Bug 2710: squid_kerb_auth non-terminated string
2983 - Delay pools 64-bit buckets and IPv6-polish
2984 - Break forwarding loops for "transparent" or "intercept" http_ports.
2985 - Add --disable-translation option to detatch .po from error negotiation
2986 - Add squidclient man(1) page
2987 - Add localhost to default permitted networks
2988 - http_port allow-direct option to allow direct forwarding in accelerator mode
2989 - ... and many testing infrastructure updates
2990
5df6d596
AJ		 2991Changes to squid-3.1.0.9 (26 Jun 2009):
2992
2993 - Bug 2682: Add ftp_epsv control to disable EPSV support.
2994 - Bug 2665: Detach automake system from using -I.
2995 - Bug 2395: FTP auth errors not displayed
2996 - ... also several changes and bugs closed in 3.0.STABLE16
2997 - Port from 2.7: Show local address on listening sockets
2998 - Add "tag" type acl matching tags set by external acl helpers.
2999 - Adds Language alias linker/installer/upgrade scripts
3000 - Support for GCC 4.4
3001 - Fix false NAT lookup errors on Linux
3002 - Fix many Windows port issues
3003 - Fix squid_kerb_auth helepr install location
3004 - Better detection of IPv6 stack types
3005 - Updates Licensing information for Squid 3.1
3006 - ... and many packaging portability build and install issues
3007
a7b15245
AJ		 3008Changes to squid-3.1.0.8 (24 May 2009):
3009
3010 - Bug 2656: Pinger dies with general protection fault
3011 - Bug 2650: configure requires epoll_ctl in libepoll when --enable-epoll used
3012 - Bug 2648: Authentificator processes deferring and don't shutdown.
3013 - Bug 2645: allow squid to ignore must-revalidate
3014 - Bug 2644: auth scheme initialization is broken
3015 - Bug 2632: Make number of reforwarding tries configurable
3016 - Bug 2628: --with-pidfile=PATH option to override DEFAULT_PID_FILE
3017 - Bug 2627: HTCP Logging
3018 - Bug 2615: Call libecap::adapter::Service::start() when finalizing config.
3019 - Bug 2589: SNMP returning no data - wrong oid decoded
3020 - Bug 2571: Squid with IPv6 fails to start on kernel without IPv6
3021 - Bug 2559: Problem parsing /0 and /0.0.0.0
3022 - Bug 2404: WCCP in mask mode is broken
3023 - ... also all bugs closed by 3.0.STABLE14, 3.0.STABLE15, 3.0.STABLE16-RC1
3024 - Complete Interception multiple NAT support
3025 - Add Content-Disposition to the known headers list.
3026 - Make PEER_TCP_MAGIC_COUNT configurable
3027 - Fix pinger install location
3028 - Enable TPROXY v4 spoofing of CONNECT requests
3029 - ... and much documentation and code polishing
3030
e1e28561
AJ		 3031Changes to squid-3.1.0.7 (08 Apr 2009):
3032
3033 - Fix: several issues with ident
3034 - Add several language translations
3035 - Upgrade code testing infrastructure
3036 - Migrate much code to build as internal libraries
3037 - Support gcc 4.4
3038 - Support doxygen 1.5.8
3039 - ... and much code polish to make things read easier
3040
727cb127
AJ		 3041Changes to squid-3.1.0.6 (01 Mar 2009):
3042
e1e28561 3043 - Regression Fix: Support HTTP/0.9 in accelerator mode
727cb127
AJ		 3044 - Bug 2601: Hack. Convert IPv4 netmasks to CIDR in IPv6-enabled mode
3045 - Bug 2593: Compile errors on Solaris 10
3046 - Bug 2591: adaptation_access does not work
3047 - Bug 2588: coredump in rDNS lookup
3048 - Bug 2526: default ALLOW when no list specified.
3049 - Bug 2287: Send a 505 on requests with unsupported HTTP versions
3050 - Bug 419: Hop by Hop headers MUST NOT be forwarded
3051 - Fix external_acl_type handling of SSL certificate details
3052 - Obsolete: dependency on nss_common.h and nss.h
3053 - Support libtool2
3054 - ... and various documentation and code polish
3055
f636c996
AJ		 3056Changes to squid-3.1.0.5 (03 Feb 2009):
3057
3058 - Bug 2583: Fixed issue in content adaptation
3059 - Bug 2576: Make translate target obey --disable-auto-locale
3060 - Bug 2571: Add DNS failover to use IPv4-only listen when IPv6 fails.
3061 - Bug 2563: 99+% CPU Usage on FTP URL
3062 - Bug 2505, 2524, 2558: fixed several issues on connection handling
3063 - Fix several issues in request parsing
3064 - Fix memory leak from logformat parsing
3065 - Fix various ESI build errors
3066 - Make configure tests use C++ instead of C
3067 - Drop special localhost conversion RFC violation.
3068 - Add Language: Arabic
3069 - ... and various documentation and code polish
3070
3071Changes to squid-3.1.0.4 (23 Jan 2009):
3072
3073 - Regression Fix: Bug 2558: rollback bug 2395 fix.
3074 - Bug 2555: Fixes to SNMP-MIB
3075 - Bug 2550: assertion comm.cc:350 !fd_table[fd].closing()
3076 - Bug 2547,2548: OSX compile errors (duplicate symbols and IPv6)
3077 - Bug 2508: comm.cc:2035 assertion fd_table[fd].closing()
3078 - Bug 2330: allow keep-alive+chunked; don't add max-age for no-cache
3079 - Polish ZPH configuration interface
3080 - Several Language Conversions to new auto-negotiate
3081 - Port from 2.7: squidclient -V and -j options for HTTP/1.1 and 0.9 testing
3082 - Fix: Pconn not being used when they should.
3083 - Fix: Fix pinger immediate shutdowns
3084 - Fix: Untangle CacheManager reports from log_fqdn
3085 - ... and all bugs fixed for 3.0.STABLE12
3086 - ... and many code polish and optimization fixes.
3087
3088Changes to squid-3.1.0.3 (5 Dec 2008):
3089
3090 - Regression Fix: StoreIOBuffer patch removed.
3091 - Regression Fix: build issues with 3.1.0.2 bundle
3092 - Security Bug 2526: default ALLOW when no list specified
3093 - Bug 2525: encoding error on error pages
3094 - Bug 2424: slow file descriptor leak
3095 - Bug 2527: ICAP compile error on g++ 4.3.2
3096 - Bug 2523: bad assertion left in from debug
3097 - Bug 2395: FTP Auth errors and others not displayed
3098 - Update squid_kerb_auth to 1.0.5
3099 with better Squid integration.
3100 - Fix cache_peer forcedomainname= option
3101 - ... and many other minor fixes
3102
5e80e4ee
AJ		 3103Changes to squid-3.1.0.2 (9 Nov 2008):
3104
3105 - Bug 2516: error page templates not properly installed
3106 - Bug 2500: Solaris build issues
3107 - Fixes FreeBSD build issues
3108 - Release Notes completed
3109 - Languages: new Russian, Japanese, Chinese, and general updates
3110 - ... and other minor fixes
70c5dfb2 3111
af4cd9a0
AJ		 3112Changes to squid-3.1.0.1 (27 Oct 2008):
3113
3114 - Bundled ntlm_auth helper renamed (see Release Notes before changing anything)
7a6e2ecc
AJ		 3115 - peername ACL added for matching against a named peer destination
3116 - configure option --with-logdir= added to select log files location
3117 - squid_kerb_auth helper updated to 1.0.3 release
3118 - Bug #740: allow external acl's to use reply headers in format
3119 - Bug #2379: obsolete dns_testnames option
3120 - Code test infrastructure expanded to configuration testing
3121 - Policy changes to negative_ttl, cache deny QUERY, refresh_pattern
af4cd9a0 3122 to bring their defaults up to RFC 2616 requirements.
7a6e2ecc
AJ		 3123 - Large increase in RFC 2616 standard compliance (ongoing)
3124 - squid.conf cleanups for minimal config
3125 - Connection Pinning ported from 2.6 for NTLM passthru authentication
3126 - eCAP internal adaptation module support
af4cd9a0 3127 - Localization and CSS display control of error pages
7a6e2ecc
AJ		 3128 - Added semi-automatic documentation of source code
3129 - Added TE chunked encoding decoder to workaround broken HTTP/1.1 servers
3130 - HTCP improvements ported from 2.7 adding HTCP CLR requests
70c5dfb2 3131 - IPv6 (Internet Protocol version 6) support
3132 - ICMPv6 (Internet Control Message Protocol version 6) support
f1233d8c 3133 - FTP agent now supports EPSV/EPRT commands
70c5dfb2 3134 - DNS internal resolver now supports AAAA and CNAME records
3135 - SNMP peer and client tables now support IPv6
3136 - SNMP peer table supports named peers with multiple entries per IP
4aa8e49c 3137 - SslBump: Squid-in-the-middle decryption and encryption of straight
3138 CONNECT and transparently redirected SSL traffic, using configurable
3139 client- and server-side certificates. While decrypted, the traffic
7a6e2ecc 3140 can be inspected using ICAP.
af4cd9a0 3141 - TPROXY version 4.1 support
a13b3732 3142 - IPFW and Netfilter interception methods may now both be built in one binary.
f1233d8c
AJ		 3143 - ZPH Quality of Service patch now integrated
3144 - Null store now fully obsoleted and removed
3145 - Unknown request methods all supported
3146 - Follow_x_forwarder_for ported from 2.6
7a6e2ecc 3147 - Bug #2223: Follow XFF extensions added
af4cd9a0 3148 - ... and many code and documentation cleanups
7a6e2ecc 3149
2f954743
AJ		 3150Changes to squid-3.0.STABLE26 (28 Aug 2011):
3151
3152 - Regression: header_replace for reply headers
3153 - Bug 3183: Invalid URL accepted with url host part of only '@'.
3154 - Bug 3107: ncsa_auth DES silently truncates passwords to 8 bytes
3155 - Bug 3056: comm.cc "!fd_table[fd].closing()" assertion from helperServerFree
3156 - Bug 2991: Wrong parameters to fcntl() in commSetCloseOnExec()
3157 - Bug 2933: Verification of the max. port number for WCCP2 dynamic service
3158 - Bug 2922: Fix assertion failed: HttpHeader.cc: "Headers[id].stat.aliveCount"
3159 - Regression Bug 2899: Restore lost rfc1738_unescape() data type
3160 - Regression Bug 2879: headers end finding
3161 - Bug 2876: FD_SETSIZE override not working on all linux distributions
3162 - Check for NULL and empty strings before calling str*cmp().
3163 - Correct parsing of large Gopher indexes
3164
1a10a7e5
AJ		 3165Changes to squid-3.0.STABLE25 (14 Mar 2010):
3166
3167 - Bug 2845: Rework the http digest auth parser
3168 - Bug 2787: unknown/unexpected status code messages
3169 - Bug 2507: squid_ldap_group: Strip Domain name separated by +
3170 - Bug 2367: stale=true on digest requests with unknown nonce
3171 - ... and several other minor corrections
3172
6add0585
AJ		 3173Changes to squid-3.0.STABLE24 (13 Feb 2010):
3174
3175 - Bug 2858: Segment violation in HTCP
3176 - Updated refresh pattern for dynamic pages
3177
bcd1f03d
AJ		 3178Changes to squid-3.0.STABLE23 (02 Feb 2010):
3179
3180 - Bug 2856: removing assert() required for 3.0 patch for SQUID-2010:1
3181 - Regression Fix: Build error in Kerberos helper after library removal.
3182
61544616
AJ		 3183Changes to squid-3.0.STABLE22 (01 Feb 2010):
3184
3185 - Regression Fix: Make Squid abort on all config parse failures.
3186 - Bug 2787: Reduce unexpected http status to non-critical warnings.
3187 - Bug 2496: Downloading some variants in full before relaying
3188 - Bug 2452: Add upper limit to external_acl_type entries.
3189 - Removed optional kerberos/spnegohelp/ library due to licensing issues
3190 - Add client_ip_max_connections
3191 - Handle DNS header-only packets as invalid.
3192
06d0f369
AJ		 3193Changes to squid-3.0.STABLE21 (22 Dec 2009):
3194
3195 - Bug 2830: Clarify where NULL byte is in headers.
3196 - Bug 2778: Linking issues using SunCC
3197 - Bug 2395: FTP errors not displayed
3198 - Bug 2155: Assertion failures on malformed Content-Range response headers
3199 - Fix parsing and a few bugs in ACL time type
3200 - Fix RFC keep-alive compliance on intercepted replies
3201 - Improved security hardening on %nn parser
3202 - Replace several GCC-specific code snippets.
3203
91228e4e
AJ		 3204Changes to squid-3.0.STABLE20 (29 Oct 2009):
3205
3206 - Bug 2794: ESI parsing on FreeBSD
3207 - Bug 2791: assertion failed: MemBuf.cc:400: new_cap > (size_t) capacity
3208 - Bug 2779: Support GNU/kFreeBSD
3209 - Bug 2773: Segfault in RFC2069 Digest authantication
3210 - Bug 2768: squid_ldap_group argument parsing error
3211 - Bug 2761: Gopher and double HTTP response header
3212 - Bug 2735: Incomplete -fhuge-objects detection
3213 - Bug 2722: prevent CONNECT via http_port with accel
3214 - Bug 2624: Invalid response for IMS request
3215 - Bug 2510: digest_ldap_auth TLS support
3216 - Correct LINUX_CAPABILITY actions on non-Linux
3217
98df01e3
AJ		 3218Changes to squid-3.0.STABLE19 (06 Sep 2009):
3219
3220 - Bug 2745: Invalid Response error on small reads
3221 - Bug 2739: DNS resolver option ndots can't be parsed from resolv.conf
3222 - Bug 2734: some compile errors on Solaris
3223 - Bug 2648: stateful helpers stuck in reserved if client disconnects while helper busy
3224 - Bug 2541: Hang in 100% CPU loop while extacting header details using a delimiter other than comma
3225 - Bug 2362: Remove support for deferred state in stateful helpers
3226 - Add 0.0.0.0 as a to_localhost address
3227 - Docs: Improve chroot directive documentation slightly
3228 - Fixup libxml2 include magics, was failing when a configure cache was used
3229 - ... and some minor testing improvements.
3230
b7a1ea6b
AJ		 3231Changes to squid-3.0.STABLE18 (04 Aug 2009):
3232
3233 - Bug 2728: regression: assertion failed: !eof
3234 - Bug 2732: reply_body_max_size smaller than error page loops
3235 infinitely until out of memory
3236 - Bug 2725: pconn failure if domain or client_address are unset
3237 - Bug 2648: reserved helpers not shut down after reconfigure/rotate
3238 - Bug 2462: make check should tell when cppunit is missing
3239 - Remove excess messages about headers < minimum size
3240 - Support Libtool 2.2.6
3241
e7b1c518 3242Changes to squid-3.0.STABLE17 (27 Jul 2009):
68c19036
AJ		 3243
3244 - Bug 2680 regression: Crash after rotate with no helpers running
3245 - Bug 2710: squid_kerb_auth non-terminated string
3246 - Bug 2679: strsep and strtoll detection failure
3247 - Bug 2674: Remove limit on HTTP headers read.
3248 - Bug 2659: String length overflows on append, leading to segfaults
3249 - Bug 2620: Invalid HTTP response codes causes segfault
3250 - Bug 2080: wbinfo_group.pl - false positive under certain conditions
3251 - Bug 1087: ESI processor not quoting attributes correctly.
3252 - Fix: issue with AUFS/UFS/DiskD writing objects to disk cache
3253 - Several small build issues with previous release.
3254
950b7d55
AJ		 3255Changes to squid-3.0.STABLE16 (15 Jun 2009):
3256
3257 - Bug 2672: cacheMemMaxSize 32-bit overflow during snmpwalk
3258 - Bug 2481: Don't set expires: now in generated error responses
3259 - Bug 2387: The calculation of the number of hash buckets correctly
3260 - Fix infinite loop in MSNT auth helper
3261 - Fix FD_SETSIZE on FreeBSD
3262 - Fix stripping NT domain in squid_ldap_group
3263 - Fix RADIUS auth helper build
3264 - Add Translate: and Unless-Modified-Since: headers to known list
3265 - Make fakeauth handle NTLMv2 better
3266 - Better Kerberos support detection
3267 - Several Widows port fixes
3268
6e4fa9b4
AJ		 3269Changes to squid-3.0.STABLE16-RC1 (16 May 2009):
3270
950b7d55 3271 - Bug 1148: Ported from 3.1: Chunked Transfer Encoding
6e4fa9b4
AJ		 3272 - Bug 2648: NTLM helpers not shutting down when deferred
3273
79200081
AJ		 3274Changes to squid-3.0.STABLE15 (06 May 2009):
3275
3276 - Regression Bug 2635: Incorrect Max-Forwards header type
3277 - Bug 2652: 'Success' error on CONNECT requests
3278 - Bug 2625: IDENT receiving errors
3279 - Bug 2610: ipfilter support detection
3280 - Bug 2578: FTP download resume failure
3281 - Bug 2536: %H on HTTPS error pages
3282 - Bug 2491: assertion "age >= 0"
3283 - Bug 2276: too many NTLM helpers running
3284 - Endian system and compiler fixes provided by the NetBSD project
3285 - documentation fixes provided by the Debian project
3286
6c2e5932
AJ		 3287Changes to squid-3.0.STABLE14 (11 Apr 2009):
3288
3289 - Regression Fix: HTTP/0.9 in accelerator mode
3290 - Bug 1232: cache_dir parameter limited to only 63 entries
3291 - Bug 1868: support HTTP 207 status
3292 - Bug 2518: assertion failure on restart/reconfigure
3293 - Bug 2588: coredump in rDNS lookup
3294 - Bug 2595: Out of bounds memory write in squid_kerb_auth
3295 - Bug 2599: Idempotent start
3296 - Bug 2605: Prevent setsid() on helpers in daemon mode
3297 - Fix external_acl_type option parsing
3298 - Fix delay pools counters on FTP
3299 - Fix several issues with ident (some remain)
3300 - Fix performance issues with persistent connections
3301 - Fix performance issues with delay pools
3302 - Fix forwarding of OPTIONS requests
3303 - Add support for HTTP 1.1 Content-Disposition header
3304 - Add support for Windows 7, Windows Server 2008 R2 and later
3305 - ... and many small documentation updates
3306
f636c996
AJ		 3307Changes to squid-3.0.STABLE13 (03 Feb 2009):
3308
3309 - Fix several issues in request parsing
3310 - Fix memory leak from logformat parsing
3311 - Fix various ESI build errors
3312 - ... and some documentation updates
3313
3314Changes to squid-3.0.STABLE12 (21 Jan 2009):
3315
3316 - Bug 2533: Solaris (sparc) 64-bit build breaks with gcc/g++
3317 - Bug 2542: ICAP filters break download resume
3318 - Bug 2556: HTCP fails without icp_port
3319 - Bug 2564: logformat '%tl' field not working as advertised
3320 - Port from 3.1: TestBed basic build consistency checks
3321 - Policy: Change half_closed_clients default to off
3322 - Policy: Removed -V command line option, deprecated by 2.6
3323 - ... and several other minor code cleanups
3324
3325Changes to squid-3.0.STABLE11 (24 Dec 2008):
3326
3327 - Bug 2424: filedescriptors being left unnecessary opened
3328 - Bug 2545: fault passing ICAP filtered traffic to peers
3329 - Bug 2227: Sefgaults in MemBuf::reset during idnsSendQuery
3330 - ... and some minor admin and debug cleanups.
3331
3332Changes to squid-3.0.STABLE11-RC1 (3 Dec 2008):
3333
3334 - Removes patch causing cache of bad objects
3335 - Bug 2526: bad security default in ACLChecklist
3336 - Fixes regression: access.log request size tag
3337 - Fixes cache_peer forceddomainname=X option
3338 - ... and many minor documentation cleanups
3339
7a6e2ecc
AJ		 3340Changes to squid-3.0.STABLE10 (14 Oct 2008):
3341
3342 - Bug 2391: Regression: bad assert in forwarding
3343 - Bug 2447: Segfault on failed TCP DNS query
3344 - Bug 2393: DNS requests getting stuck in idns queue
3345 - Bug 2433: FTP PUT gives bad gateway
3346 - Bug 2465: Limited DragonflyBSD support
3347 - ... and other minor bugs and documentation
3348
3349Changes to squid-3.0.STABLE9 (9 Sep 2008):
3350
3351 - Policy Enforcement: COSS is unusable in 3.0
3352 - Port from 3.1: Language Pack compatibility
3353 - Port from 2.6: Windows Support Notes
3354 - Fix several minor regressions:
3355 HTCP stats reporting
3356 cachemgr delay pool config
3357 CARP build error
3358 - Bug 2340: uudecode dependency for icons removed
3359 - Bug 2352: no_check.pl ntlm challenge fix
3360 - Bug 2426: buffer increase for kerberos auth fields
3361 - Bug 2427: squid_ldap_group codes fix
3362 - Bug 2437: peer name now shown in access.log
3363 - Add sane display of unsupported method errors
3364 - ... and various other code cleanups
3365
3366Changes to squid-3.0.STABLE8 (18 Jul 2008):
3367
3368 - Port from 2.6: Support for cachemgr sub-actions
3369 - Port from 2.6: userhash peer selection method
3370 - Port from 2.6: sourcehash peer selection method
3371 - Bug 2376: round-robin balancing fixes
3372 - Bug 2388: acl documentation cleanup
3373 - Bug 2365: cachemgr.cgi HTML output encoding
3374 - Bug 2301: Regression: Log format size options
3375 - Bug 2396: Correct the opening of PF device file.
3376 - Bug 2400: ICAP accept mechanism
3377 - Bug 2411: Regression: fakeauth_auth crashes
3378 - Many fixes to the Windows support (not complete yet).
3379 - Boost error pages HTML standards.
3380 - Fixes several issues on 64-bit systems
3381 - Fixes several issues on older or stricter compilers
3382 - Linux-2.6.24/2.6.25 netfilter_ipv4.h __u32 workaround
3383 - Update Release Notes: 'all' ACL is built-in since 3.0.STABLE1
3384
3385Changes to squid-3.0.STABLE7 (22 Jun 2008):
3386
3387 - Fix several ASN issues
3388 - Fix SNMP reporting of counters
3389 - Fix round-robin algorithms
3390 - GCC 4.3 support
3391 - Netfilter v1.4.0 bug workaround
3392 - Bugs 2350 and 2323: memory issues
3393 - Bugs 2384, 951, 1566: ESI assertions
3394 - Various minor debug and documentation cleanups
f1233d8c
AJ		 3395
3396Changes to squid-3.0.STABLE6 (20 May 2008):
3397
3398 - Bug 2254: umask Feature from 2.6 added
3399 - cachemgr.cgi default config file added
3400 - Several authentication bug fixes
3401 - Improved Windows Support
3402 - better DNS lookup methods for unqualified hostames
3403 - better support for 64-bit environments
3404 - Bug 2332: Crash when tunnelling
3405 - Removed the advertisement clause from BSD licenses
3406 according to the GPLv2+ changes in BSD
3407 - ... and other bugs and minor cleanups
3408
3409Changes to squid-3.0.STABLE5 (28 Apr 2008):
3410
3411 - Support for resolv.conf 'domain' option
3412 - Improved URI support, including
3413 longer URI up to 8192 bytes accepted
3414 better handling of intercepted URI
3415 better port for non-FQDN URI lookups
3416 - Improved logging, including
3417 Bug 3210 fixed: incorrect timestamp format in earlier 3.0 releases.
3418 Fixed 'log_ip_on_direct' option behaviour
3419 - Support for profiling on x86 64-bit systems
3420 - .. and other bugs and minor code cleanups.
3421
3422Changes to squid-3.0.STABLE4 (2 Apr 2008):
3423
3424 - Bug 2288: compile error slipped into STABLE3.
3425
3426Changes to squid-3.0.STABLE3 (31 Mar 2008):
3427
3428 - Improved HTTP 1.1 support.
3429 - Improved MacOSX (Leopard) support
3430 - Bug 2206: Proxy-Authentication regression in STABLE2.
3431 - Strip Domain from NTLM usernames for use in class 4 Delay Pools
3432 - ... and other bugs and minor code cleanup
3433
3434Changes to squid-3.0.STABLE2 (1 Mar 2008):
3435
3436 - Add myportname ACL for matching the accepting port name (see release notes)
3437 - Add include directive for squid.conf (see release notes)
3438 - Add ability to strip kerberos realm from usernames during Auth
3439 - License cleanup to comply with GPLv2 or later
3440 - Updated Error Pages and Translations
3441 - Updated configuration examples
3442 - Updated valgrind support for valgrind-3.3.0
3443 - Improved support for Windows and MacOS X Leopard
3444 - Improved support for files larger than 2GB
3445 - Improved support for CARP arrays and WCCPv2
3446 - Improved cachmgr, SNMP, and log reporting
3447 - ... and as usual Many bug fixes since STABLE 1
70c5dfb2 3448
284237d4 3449Changes to squid-3.0.STABLE1 (13 Dec 2007):
3ff01c3e 3450
3451 - Major rewrite translating the code to C++, originally based on
3452 Squid-2.5.STABLE1
3453 - Internal client streams concept for content adaptation
3454 - ICAP (Internet Content Adaptation Protocol) client support
3455 - ESI (Edge Side Includes) support added
284237d4 3456 - Improved support for files larger than 2GB.
3ff01c3e 3457 - And a lot more. Most features from Squid-2.6 is supported, but not
3458 all. See the release notes for details.
3459
9ae33c59
AJ		 3460
3461Squid-2 ChangeLog of versions fully ported to Squid-3 follows.
3462
3463Changes to squid-2.6.STABLE22 (19 October 2008)
3464
3465 - Bug #2396: Correct the opening of the PF device file.
eca47551 3466 - Make --with-large-files and --with-build-environment=default play
9ae33c59
AJ		 3467 nice together
3468 - Workaround for Linux-2.6.24 & 2.6.25 netfiler_ipv4.h include header
3469 __u32 problem
3470 - Make dns_nameserver work when using --disable-internal-dns on glibc
3471 based systems
3472 - Bug #2426: Increase negotiate auth token buffer size
3473 - Bug #2427: squid_ldap_group -h reports the old % codes for -f
3474 - Bug #2477: swap.state permission issues if crashing during "squid -k
3475 reconfigure"
3476 - Windows port: Fix build error using latest MinGW runtime.
3477
3478
3479
3ff01c3e 3480Older ChangeLog follows. The sections relating to Squid-2.6 is not entirely
3481authorative for this release and mirrored here for reference only.
f1233d8c 3482
467c94d1 3483 - CARP now plays well with the other peering algorithms,
3484 and support for CARP peerings is compiled by default. Can be
3485 disabled by --disable-carp
1741cbad 3486 - Configuration file can be read from an external program
3487 or preprocessor. See squid.8 man page.
52f772de 3488 - http_port is now optional, allowing for SSL only operation
4ca261f2 3489 - Satellite and other high latency peering relations enhancements
3490 (Robert Cohren)
a9245686 3491 - Nuked num32 types, and made type detection more robust by the
3492 use of typedefs rather than #defines.
b5fb34f1 3493 - the mailto links on Squid's ERR pages now contain data about the
3494 occurred error by default, so that the email will contain this data in
3495 its body. This feature can be disabled via the email_err_data directive.
9ae33c59 3496 (Clemens L?ser)
c8f4eac4 3497 - COSS now uses a file called stripe and the path in squid.conf is the
3498 directory this is placed in. Additionally squid -z will create the
3499 COSS swapfile.
14f5b6c3 3500 - WCCPv2 support, including mask assignment support
5401aa8d 3501 - HTCP support for access control and the CRL operation for
3502 purgeing of cache content
14f5b6c3 3503 - ICAP related fixes
3504 - Windows-related fixes, including Vista and Longhorn identification
3505 - Client-side parsing and some string use optimisations
3506 - Lots of off-by-one and memory leaks in corner cases have been fixed
3507 thanks to valgrind
3508 - Improved high-resolution profiling
3509 - Windows overlapped-IO and thread support added to the Async IO disk code
3510 - Improvements for handling large DNS replies
a7c8cce0 3511
3ff01c3e 3512Changes to squid-2.6.STABLE15 (31 Aug 2007)
3513
3514 - The select() I/O loop got broken by the /dev/poll addition
3515 (2.6.STABLE14)
3516 - Bug #2017: Fails to work around broken servers sending just the HTTP
3517 headers
3518 - Bug #2023: Compile error with old GCC 2.x or other ANSI-C compilers
3519 before C99
3520 - squid.conf.default updated and reorganised in more sensible groups
3521 - correct and document the syslog access_log format
3522 - Armenian error pages translation
3523 - digest_ldap_helper usage help updated
3524 - Bug #1560: ftpSendPasv: getsockname(-1,..): (9) Bad file descriptor
3525 - Improve delay pools in low traffic environment by checking timeouts
3526 at a steady 1 second interval even when there is not much activity
3527 - Don't request authentication on transparently intercepted
3528 connections
3529 - Cleanup linux capabilities for tproxy
3530 - Bug #2003: 'via' config directive doesn't affect response headers
3531 - Bug #1902: Adds Numeric Hit and invalid request counters to IP Cache
3532 - Add missing $|=1 to squid_db_auth
3533 - Bug #2050: Persistent connection dropped if cache has no
3534 Content-Length
3535 - Verify the URL on memory cache hits
3536 - Bug #2057: NTLM stop work in messengers after upgrade to 2.6.STABLE14
3537 - Bug #1972: Squid sets peers to down state when they are in fact
3538 working.
3539 - potential segmentation fault in storeLocateVary()
3540 - Bug #2066: chdir after chroot
3541 - Windows port: Fix compiler warnings when building Squid as
3542 application (not Windows service mode)
3543 - Spelling correction of received
3544
3545Changes to squid-2.6.STABLE14 (15 Jul 2007)
3546
3547 - squid.conf.default cleanup to have options in their proper sections.
3548 - documentation correction in the refresh_pattern ignore-auth option
3549 - URI-escaping not uses the recommended upper-case hex codes
3550 - refresh_pattern min-age 0 correted to really mean 0, and not 1 second
3551 - Always use xisxxxx() Squid defined macros instead of ctype
3552 functions.
3553 - Kerberos SPNEGO/Negotiate helper for the negotiate scheme
3554 - Database basic auth helper using Perl DBI to connect to most SQL DBs
3555 - Solaris /dev/poll network I/O support
3556 - configure fixes to make cross compilation somewhat easier
3557 - Removed incorrect -a reference from http_port documentation
3558 - Bug #1900: Double "squid -k shutdown" makes Squid restart again
3559 - Bug #1968: Squid hangs occasionally when using DNS search paths
3560 - Novell eDirectory digest auth helper (digest_edir_auth)
3561 - Bug #1130: min-size option for cache_dir
3562 - POP3 basic auth helper querying a POP3 server
3563 - Cosmetic squid_ldap_auth fixes from Squid-3
3564 - Bug #1085: Add no-wrap to cache manager HTML tables
3565 - Automatically restart if number of available filedescriptors becomes
3566 alarmingly low, preventing a situation where Squid would otherwise
3567 permanently stop processing requests.
3568 - Bug #2010: snmp_core.cc:828: warning: array subscript is above
3569 array bounds
3570 - Deal better with forwarding loops
3571
3572Changes to squid-2.6.STABLE13 (11 May 2007)
3573
3574 - Make sure reply headers gets sent even if there is no body available
3575 yet, fixing RealMedia streaming over HTTP issues.
3576 - Undo an accidental name change of storeUnregisterAbort.
3577 - Kill an ancient malplaced storeUnregisterAbort call from ftp.c
3578 - Bug #1814: SSL memory leak on persistent SSL connections
3579 - Don't log ECONNREFUSED/ECONNABORTED accept failures in cache.log
3580 - Cosmetic fix: added missing newline in WCCPv2 configuration dump.
3581 - Ukrainan error messages
3582 - Convert various error pages from DOS to UNIX text format
3583 - Bug #1820: COSS assertion failure t->length == MD5_DIGEST_CHARS
3584 - Clarify the max-conn=n cache_peer option syntax slightly
3585 - Bug #1892: COSS segfault on shutdown
3586 - Windows port: fix undefined ECONNABORTED
3587 - Make refreshIsCachable handle ETag as a cache validator, not
3588 only last-modified
3589 - in_port_t is not portable, use unsigned short instead
3590 - Fix fs / auth / snmp dependencies
3591 - Portability: statfs() may reqire #include <sys/statfs.h>
3592
3593Changes to squid-2.6.STABLE12 (20 Mar 2007)
3594
3595 - Assertion error on TRACE
3596
3597Changes to squid-2.6.STABLE11 (17 Mar 2007)
3598
3599 - Bug #1915: assertion failed: client_side.c:4055: "buf != NULL ||
3600 !conn->body.request"
3601 - Handle garbage helper responses better in concurrent protocol format
3602 - Fix kqueue when overflowing the changes queue
3603 - Make sure the child worker process commits suicide if it could
3604 not start up
3605 - Don't log short responses at debug level 1
3606 - Fix bswap16 & bwsap32 error on NetBSD
3607 - Fix collapsed_forwarding for non-GET requests
3608
3609Changes to squid-2.6.STABLE10 (4 Mar 2007)
3610
3611 - Upgrade HTTP/0.9 responses to our HTTP version (HTTP/1.0)
3612 - various diskd bugfixes
3613 - In the access.log hierarchy field log the unique peer name
3614 instead of the host name
3615 - unlinkdClose() should be called after (not before) storeDirSync()
3616 - CLEAN_BUF_SZ was defined, but never used anywhere
3617 - logging HTTP-request size
3618 - Fix icmp pinger communication on FreeBSD and other not supporing
3619 large dgram AF_UNIX sockets
3620 - Release objects on swapin failure
3621 - Bug #1787: Objects stuck in cache if origin server clock in future
3622 - Bug #1420: 302 responses with an Expires header is always cached
3623 - Primitive support for HTTP/1.1 chunked encoding, working around
3624 broken servers
3625 - Clean up relations between TCP probing and DNS checks of peers with
3626 no known addresses.
3627 - Fix a minor HTML coding error in ftp directory listings with // in
3628 the path
3629 - Bug #1875, #1420. Cleanup of refresh logics when dealing with
3630 non-refreshable content
3631 - Gopher cleanups and bugfixes
3632 - Negotiate authentication fixed again. Broken since STABLE7 by the
3633 patch for Bug #1792.
3634 - Bug #1892: COSS tries to shut down the same directory twice on exit
3635 - Bug #1908: store*DirRebuildFromSwapLog() ignores some SWAP_LOG_DEL
3636 entries
3637 - Added support for Subversion HTTP request methods MKACTIVITY,
3638 CHECKOUT and MERGE.
3639
3640Changes to squid-2.6.STABLE9 (24 Jan 2007)
3641
3642 - Bug #1878: If-Modified-Since broken in 2.6.STABLE8
3643 - Bug #1877 diskd bug in storeDiskdIOCallback()
3644
3645Changes to squid-2.6.STABLE8 (21 Jan 2007)
3646
3647 - Bug #1873: authenticateNTLMFixErrorHeader: state 4.
3648 - Document the https_port vhost option, useful in combination with
3649 a wildcard certificate
3650 - Document the existence of connection pinning / forwarding of NTLM
3651 auth and a few other features overlooked in the release notes.
3652 - Spelling correction of the ssl cache_peer option
3653 - Add back the optional "accel" http_port option. Makes accelerator
3654 mode configurations easier to read.
3655 - Bug #1872: Date parsing error causing objects to get unexpectedly
3656 cached.
3657 - Cleanup to have the access.log tags autogenerated from enums.h
3658 - Bug #1783: STALE: Entry's timestamp greater than check time. Clock
3659 going backwards?
3660 - Don't update object timestamps on a failed revalidation.
3661 - Fix how ftp://user@host URLs is rendered when Squid is built with
3662 leak checking enabled
3663
3664Changes to squid-2.6.STABLE7 (13 Jan 2007)
3665
3666 - Windows port: Fix intermittent build error using Visual Studio
3667 - Add missing tproxy info from the dump of http port configuration
3668 - Bug #1853: Support for ARP ACL on NetBSD
3669 - clientNatLookup(): fix wrong function name in debug messages
3670 - Convert ncsa_auth man page from DOS to Unix text format.
3671 - Bug #1858: digest_ldap_auth had some remains of old hash format
3672 - Correct the select_loops counter when using select(). Was counted twice
3673 - Clarify the http_port vhost option a bit
3674 - Fix cache-control: max-stale without value or bad value
3675 - Bug #1857: Segmentation fault on certain types of ftp:// requests
3676 - Bug #1848: external_acl crashes with an infinite loop under high load
3677 - Bug #1792: max_user_ip not working with NTLM authentication
3678 - Bug #1865: deny_info redirection with authentication related acls
3679 - Small example on how to use the squid_session helper
3680 - Bug #1863: cache_peer monitorurl, monitorsize and monitorinterval not working properly
3681 - Clarify the transparent http_port option a bit more
3682 - Bug #1828: squid.conf docutemtation error for proxy_auth digest
3683 - Bug #1867: squid.pid isn't removed on shutdown
3684
3685Changes to squid-2.6.STABLE6 (12 Dec 2006)
3686
3687 - Bug #1817: Assertion failure assert(buflen >= copy_sz) in htcp.c htcpBuildAuth()
3688 - Add client source port logformat tag >p
3689 - Cleanup of transparent & accelerator mode request parsing to untangle the firewall dependencies a bit
3690 - Bug #1799: Harmless 1 byte buffer overflow on long host names in /etc/hosts
3691 - automake no longer recommends mkinstalldirs. Removed.
3692 - Only use crypt() if it's available, allowing ncsa_auth to be built
3693 on platofms without crypt() support.
3694 - Windows port documentation updates
3695 - Bug #1818: Assertion failure assert(e->swap_dirn >= 0) in fs/coss/store_dir_coss.c storeCoss_DeleteStoreEntry
3696 - Bug #1117: assertion failed: aufs/store_dir_aufs.c:642: "rb->flags.need_to_validate"
3697 - Remove extra newline in redirect message sent by deny_info http://... aclname
3698 - Bug #1805: assertion failed: StatHist.c:195: "D[i] >= 0"
3699 - Clarify the external_acl_type helper format specification and some defaults
3700 - Add support for the weight= parameter to round-robin peers
3701 - Bug #1832: Error building squid-2.6.STABLE5 using --enable-truncate
3702 - Convert snmpDebugOid to use a temporary String object instead of strcat
3703 - Document that proxy_auth also accepts -i for case-insensitive operation
3704 - Remove malloc/free of temporary buffer in time parsing routines.
3705 - Reduce memory allocator pressure by not continually allocating client-side read buffers
3706 - Accept large dates >2^31 on 64-bit platformst. Seen for example in the Google logo.
3707 - Convert the connStateData->chr single link list to a normal dlink_list for clarity.
3708 - Bug #1584: Unable to register with multiple WCCP2 routers
3709 - Fix the WCCPv2 mask assignment code to not crash as the value assignments are built.
3710 - Bug #439: Multicast ICP peering is unstable and considers most peers dead
3711 - Bug #1801: NTLM authentication ends up in a loop if the server responds with a retriable error
3712 - Bug #1839: Cosmetic debug message cleanup in peerHandleHtcpReply.
3713 - Bug #1840: Disable digest and netdb queries to multicast peers
3714 - Bug #1641: assertion failed: stmem.c:149: "size > 0" while processing certain Vary objects
3715 - Fix build errors when using latest MinGW Windows environment
3716
3717Changes to squid-2.6.STABLE5 (3 Now 2006)
3718
3719 - Bug #1776: 2.6.STABLE4 aufs fails to compile if coss isn't enabled
3720 - COSS improvements and cleanups
3721 - SNMP linking issue resolved, enabling SNMP support to be build in all platforms
3722 - Bug #1784: access_log syslog results in blanks syslog lines between every entry
3723 - Bug #1719: Incorrect error message on invalid cache_peer specifications
3724 - Bug #1785: Memory leak in handling of negatively cached objects
3725 - Bug #1780: Incorrect Vary processing in combination with collapsed_forwarding
3726 - Bug #1782: Memory leak in ncsa_auth on password changes
3727 - Suppress some annoying coss startup messages raising the debug level to 2.
3728 - Clarify the external_acl_helper concurrency= change.
3729 - aioDone() could be called twice from aufs and from coss (when using AIOPS) during shutdown.
3730 - Bug #1794: Accept 00:00-24:00 as a valid time specification even if redundand and the same as 00:00-23:59
3731 - Bug #1795: Theoretical memory leak in storeSetPublicKey
3732 - Removing port 563 from the default SSL_ports and Safe_ports ACLs
3733 - Bug #1724: Automatically enable Linux Netfilter support with --enable-linux-tproxy.
3734 - Bug #1800: squid -k reconfigure crash when using req/rep_header acls
3735 - Clarify the select/poll/kqueue/epoll configure --enable/disable options
3736 - Bug #1779: Delay pools fairness when multiple connections compete for bandwidth
3737 - Bug #1802: Crash on exit in certain conditions where cache.log is not writeable
3738 - Bug #1796: Assertion error HttpHeader.c:914: "str"
3739 - Bug #1790: Crash on wccp2 + mask assignement + standard wccp service
3740 - Silence harmless gcc compile warning.
3741 - Clean up poll memory on shutdown
3742 - Ported select, poll and win32 to new comm event framework
3743 - Windows port: Correctly identify Windows Vista and Windows Server Longhorn
3744 - Added a basic comm_select_simple comm loop only requiring minimal POSIX compliance.
3745 - Safeguard from kb_t counter overflows on 32-bit platforms
3746
3747Changes to squid-2.6.STABLE4 (23 Sep 2006)
3748
3749 - Bug #1736: Missing Italian translation of ERR_TOO_BIG error page
3750 - Windows port enhancement: added native exception handler with signal emulation
3751 - Fix the %un log_format tag again. Got broken in 2.6.STABLE2
3752 - Fix Squid crash when using %a in ERR_INVALID_REQ and ERR_INVALID_URL error messages.
3753 - Bug #212: variable %i always 0.0.0.0 in many error pages
3754 - Bug #1708: Ports in ACL accepts characters and out of range
3755 - Bug #1706: Squid time acl accepts invalid time range.
3756 - Fix another harmless fake_auth compiler warning on gcc 4.1.1 x86
3757 - Fix an harmless snmp_core.c compiler warning on gcc 4.1.1 x86
3758 - Bug #1744: squid-2.6.STABLE3 - fakeauth_auth crashing on certain requests
3759 - Bug #1746: Harmless off by one overrun in ncsa_auth md5 password validation
3760 - Bug #1598: start_announce cannot be disabled
3761 - Periodically flush cache.log to disk when "buffered_logs on" is set
3762 - Numerous COSS improvements and fixes
3763 - Windows port: merge of MinGW support
3764 - Windows port: Merged Windows threads support into aufs
3765 - Bug #1759: Windows port cachemgr.cgi attempts to write to file system root directory
3766 - Numerous portability fixes
3767 - Various minor statistics cleanup on 64-bit hosts with more than 4GB of memory
3768 - Bug #1758: HEAD on ftp:// URLs always returned 200 OK.
3769 - Bug #1760: FTP related memory leak
3770 - Bug #1770: WCCP2 weighted assignment
3771 - Bug #1768: Redundant DNS PTR lookups
3772 - Bug #1696: Add support for wccpv2 mask assignment
3773 - Bug #1774: ncsa_auth support for cramfs timestamps
3774 - Bug #1769: near-hit and filedescriptor usage missing in SNMP MIB
3775 - Bug #1725: cache_peer login=PASS documentation somewhat confusing
3776 - Bug #1590: Silence those ETag loop warnings
3777 - Bug #1740: Squid crashes on certain malformed HTTP responses
3778 - Bug #1699: assertion failed: authenticate.c:836: "auth_user_request != NULL"
3779 - Improve error reporting on unexpected CONNECT requests in accelerator mode
3780 - Cosmetic change to increase cache.log detail level on invalid requests
3781 - Bug #1229: http_port and other directives accept invalid ports
3782 - Reject http_port specifications using both transparent and accelerator options
3783 - Cosmetic cleanup to not dump stacktraces on configuration errors
3784
3785
3786Changes to squid-2.6.STABLE3 (18 Aug 2006)
3787
3788 - Bug #1577: assertion failed "fm->max_n_files <= (1 << 24)" on
3789 very large cache_dir. Limit number of objects stored to slightly
3790 less to avoid this.
3791 - Bug #1705: Correct error message on invalid time weekday specification
3792 - Don't attempt to guess netmask in src/dst acl specifications
3793 if none was provided. Assume it's an IP even if it ends in 0
3794 - Bug #1665: log_format %ue, %us tags for external or ssl user id
3795 - Bug #1707: delay pools often ignored the set limit
3796 - Bug #1716: Support for recent OpenSSL 0.9.7 versions
3797 (0.9.8 always worked)
3798 - COSS fixes and performance improvements
3799 - Memory leak when reading configuration files with overlapping
3800 ACL data where squid -k parse complains.
3801 - Memory leak related to pinned connections
3802 - Show include acls unexpanded in cachemgr configuration dumps
3803 - Fixed WARNING defer handler for HTTP Socket does not call commDeferFD
3804 - Bug #1304: Downloads may hang when using the cache_dir max-size option
3805 - Optimization of network I/O
3806 - Bug #1730: make problem with --enable-follow-x-forwarded-for on Solaris
3807 - Fixed a memory leak on certain invalid requests
3808 - Bug #1733: ERR_CANNOT_FORWARD Portuguese translation update
3809 - Bug #582: ntlm fake_auth not handles non-ascii login names
3810 - New startup message indicating the type of event loop used
3811 - Bug #1602: TCP fallback on truncated DNS responses
3812 - Bug #1667: assertion failed: store.c:1081: "e->store_status == STORE_PENDING"
3813 - Bug #1723: cachemgr now works in accelerator mode
3814
3815Changes to squid-2.6.STABLE2 (31 Jul 2006)
3816
3817 - WCCP2 doesn't update statCounter.syscalls.sock.sendtos counter.
3818 - Releasenotes Table of contents should use relative links without
3819 filename.
3820 - Reject HTTP/0.9 formatted CONNECT requests.
3821 - Cosmetic cleanup to use safe_free instead of xfree + manual
3822 assign to NULL
3823 - Bug #1650: transparent interception "Unable to forward this
3824 request at this time"
3825 - Bug #1658: Memory corruption when using client-side SSL certificates
3826 - Add storeRecycle; a storeIO method to delete a StoreEntry w/out
3827 deleting the underlying object.
3828 - Many COSS fixes and new coss data dumper utility for diagnostics
3829 - Bug #1669: SEGV in storeAddVaryReadOld
3830 - Many fixes in debug sections and spelling of debug messages
3831 - Don't keep client connection persistent if there was a mismatch in
3832 the response size.
3833 - Move eventCleanup debug messages to debug level 2 (was 0)
3834 - Add the missing concurrency parameters to basic and digest auth
3835 schemes
3836 - Bug #1670: assertion failure: i->prefix_size > 0 in client_side.c:2509
3837 - Log SSL user id in the custom log User name format (%un)
3838 - Bug #1653: Username info not logged into Cachemgr active_requests
3839 statistics
3840 - Added to the redirectors interface the support for SSL client
3841 certificate
3842 - squid.conf.default cleanup to remove references to old options
3843 - Fix many filedescriptors in combination with TPROXY
3844 - Fix connection pinning in transparently intercepted connections
3845 - Bug #1679: LDFLAGS not honored in some programs.
3846 - Minor cleanup of port numbers in transparent interception or
3847 vhost + vport
3848 - Bug #1671: transparent interception fails with FreeBSD ipfw or
3849 Linux-2.2 ipchains
3850 - Bug #1660: Accept-Encoding related memory corruption
3851 - Bug #1651: Odd results if url_rewriter defined multiple times
3852 - Bug #1655: Squid does not produce coredumps under linux when
3853 started as root
3854 - Bug #1673: cache digests not served to other caches
3855 - Cleanup of Linux capability code used by tproxy
3856 - Bug #1684: xstrdup: tried to dup a NULL pointer!
3857 - Bug #1668: unchecked vsnprintf() return code could lead to log
3858 corruption
3859 - Bug #1688: Assertion failure in HttpHeader.c in some header_access
3860 configurations
3861 - Cygwin support fir --disable-internal-dns
3862 - Silence those annoying sslReadServer: Connection reset by peer
3863 errors.
3864 - Bug #1693: persistent connections broken in transparent
3865 interception mode
3866 - Bug #1691: multicast peering issues
3867 - Bug #1696: Correct WCCP2 processing of router capability info
3868 segments
3869 - Bug #1694: Assertion failure in mgr:config if using
3870 access_log_format %<h
3871 - Bug #1677: Duplicate etags in the If-None-Match header
3872 - Bug #1665: access_log_format codes for login names from external
3873 acl or ssl
3874 - Bug #1681: All ntlmauthenticator processes are busy
3875 - Added ARP acl support for OpenBSD and ARP fixes for Windows
3876 - Bug #1700: WCCP fails on FreeBSD (Unable to disconnect WCCP out
3877 socket)
3878 - WCCP2 correct dampening of assign buckets when there it lots of
3879 changes
3880 - minimum_expiry_time to tune the magic 60 seconds limit of what
3881 is considered cachable when the object doesn't have any cache
3882 validators.
3883 - Bug #1703: wrong path to diskd helper corrected, and config
3884 parser extended to trap incorrect paths early
3885 - Bug #1703: COSS failed to initialize async-io threads
3886 - Bug #1703: should abort if diskd helper exits unexpectedly
3887 - Bug #1702: Warn if acl name is too long
3888 - Bug #1685: Crashes or other odd results after storeSwapMetaUnpack: errors
3889 - wccp2_rebuild_wait directive to delay registering with WCCP until the
3890 - Bug #1662: Infinite loop in external acl with grace period if the
3891 same http_access line had multiple external acls
3892
3893Changes to squid-2.6.STABLE1 (1 Jul 2006)
3894
3895 - New --enable-default-hostsfile configure option
3896 - Added username info to active_requests cachemgr stats
3897 - Modified squid MIB to incorporate squid.conf visible_hostname
3898 - Added multi-line capability in squid.conf
3899 - Added new httpd_suppress_version_string configuration directive
3900 - WCCPv2 support
3901 - Negotiate authentication scheme support
3902 - NTLM authentication scheme rewritten
3903 - Customizable access log formats
3904 - Selective access logging
3905 - Access logging via syslog
3906 - Reverse proxy enhancements, with new cache_peer based forwarding
3907 model.
3908 - LDAP based Digest helper (Note: not true LDAP integration, just using
3909 LDAP for storage of the Digest hashes)
3910 - Improved helper communication protocol
3911 - External ACL improvements. %PATH, log=, grace=, and more..
3912 - Improved SSL support with hardware offload, client certificate
3913 support (primitive), chained certificates and numerous bug fixes
3914 - DNS lookups now use the search path from /etc/resolv.conf or
3915 the Windows registry
3916 - Linux epoll support
3917 - collapsed forwarding to optimize reverse proxies or other
3918 setups having very many clients going to the same URL
3919 - New improved COSS implementation
3920 - Optional support for blank passwords
3921 - The old and obsolete Samba-2.2.X winbind helpers have been removed
3922 - external acls now uses the simplified URL-escaped protol "3.0" by
3923 default.
3924 - Linux TPROXY support
3925 - Support for proxying of Microsoft Integrated Login by adding
3926 support for the deviations from the HTTP protocol required
3927 to support these authentication mechanisms
3928 - Added the capability to run as a Windows service under Cygwin
3929 - CARP now plays well with the other peering algorithms
3930 - read_ahead_gap option to read ahead more than 16KB of the reply
3931 - check_hostnames and allow_underscore squid.conf options
3932 - http_port is now optional, allowing for SSL only operation
3933 - Full ETag/Vary support, caching responses which varies with
3934 request details (browser, language etc).
3935 - umask now defaults to 027 to protect the content of cache and
3936 log files from local users
3937 - HTCP support for access control and the CRL operation for
3938 purgeing of cache content
3939 - Optionally follow X-Forwarded-For headers to determine the original
3940 client IP behind sedond level proxies
3941 - FreeBSD kqueue support
3942
3943Changes to squid-2.5.STABLE14 (20 May 2006)
3944 - [Minor] icons not displayed when visible_hostname is a
3945 short hostname (without domain). (Bug #1532)
3946 - [Medium] Memleak in HTCP client code (default disabled)
3947 (Bug #1553)
3948 - [Major] memory leak in ident processing (Bug #1557)
3949 - [Medium] Memory leak in header processing related to external_acl
3950 header detail format tag (Bug #1564)
3951
3952Changes to squid-2.5.STABLE13 (12 Mar 2006)
3953 - [Minor] Fails to compile on Solaris and some other platforms
3954 with undefined reference to setenv (Bug #1435)
3955 - [Cosmetic] Added WebDAV REPORT method to know HTTP methods list
3956 - [Minor] Squid ntlm_auth (not the Samba provided one) giving
3957 odd results if --enable-ntlm-fail-open is used (Bug #1022)
3958 - [Minor] wbinfo_group.pl doesn't work with Samba 3.0.21 and later
3959 (Bug #1472)
3960 - [Minor] Squid crash when asyncio function counters url accessed
3961 from Cachemgr CGI (Bug #1464)
3962 - [Cosmetic] Linux compile warning about prctl called with too few
3963 arguments (Bug #1483)
3964 - [Minor] Wrong timezone declaration for 64 bit Irix (Bug #1479)
3965 - [Minor] Some 206 responses logged incorrectly (Bug #1511)
3966 - [Minor] Issues in processing ranges on objects >2GB (Bug #437)
3967 - [Cosmetic] Segmentation fault on empty proxy_auth ACLs (Bug #1414)
3968 - [Minor] Ident access lists don't work in delay_access statements
3969 (Bug #1428)
3970 - [Minor] Some clients support NTLM even if not initially negotiating
3971 persistent connections (Bug #1447)
3972 - [Medium] 504 Gateway Time-out on FTP uploads (Bug #1459)
3973 - [Medium] delay pools given too much bandwidht after "-k reconfigure"
3974 (Bug #1481)
3975 - [Cosmetic] New persistent_connection_after_error configuration
3976 directive (Bug #1482)
3977 - [Cosmetic] Hangs at 100% CPU if /dev/null is not accessible (Bug
3978 #1484)
3979 - [Minor] Fails to compile on Fedora Core 5 test 2 x86_64 (Bug #1492)
3980 - [Cosmetic] Typo in ftp.c (Bug #1507)
3981 - [Cosmetic] Error in FTP listings of files with -> in their name
3982 (Bug #1508)
3983 - [Cosmetic] With Squid-2.5 there is no more the DUPLICATE IP logging
3984 in cache.log (Bug #779)
3985 - [Minor] Fails to process long host names (Bug #1434)
3986 - [Cosmetic] Azerbaijani errors translation (Bug #1454)
3987 - [Cosmetic] misleading error message message for bad/unresolveable
3988 cache_peer name (Bug #1504)
3989 - [Cosmetic] confusing statistics on stateful helpers (NTLM auth)
3990 (Bug #1506)
3991 - [Major] connstate memory leak (Bug #1522)
3992
3993Changes to squid-2.5.STABLE12 (22 Oct 2005)
3994
3995 - [Major] Error introduced in 2.5.STABLE11 causing truncated responses
3996 when using delay pools (Bug #1405)
3997 - [Cosmetic] Document that tcp_outgoing_* works badly in combination
3998 with server_persistent_connections (Bug #454)
3999 - [Cosmetic] Add additinal tracing to squid_ldap_auth making
4000 diagnostics easier on squid_ldap_auth configuration errors
4001 (Bug #1395)
4002 - [Minor] $HOME not set when started as root (Bug #1401)
4003 - [Minor] httpd_accel_single_host breaks in combination with
4004 server_persistent_connections (Bug #1402)
4005 - [Cosmetic] Setting CACHE_HTTP_PORT to configure was only partially
4006 implemented, effectively ignored. (Bug #1403)
4007 - [Minor] CNAME based DNS addresses could get cached for longer
4008 than intended (Bug #1404)
4009 - [Minor] Incorrect handling of squid-internal-dynamic/netdb exchanges
4010 in transparently intercepting proxies (Bug #1410).
4011 - [Minor] Cache revalidations on HEAD requests causing poor cache
4012 hit ratio (Bug #1411).
4013 - [Minor] Not possible to send 302 redirects via a redirector in
4014 response to CONNECT requests (bug #1412)
4015 - [Minor] Incorrect handling of Set-Cookie on cache refreshes (Bug
4016 #1419)
4017 - [Major] Segmentation fault crash in rfc1738_do_escape (Bug #1426)
4018 - [Minor] Delay pools class 3 fails on clients in network 255
4019 (Bug #1431)
4020
4021Changes to squid-2.5.STABLE11 (22 Sep 2005)
4022
4023 - [Minor] Workaround for servers sending double content-length headers
4024 (Bug #1305)
4025 - [Cosmetic] Updated Spanish error messages by Nicolas Ruiz
4026 - [Cosmetic] Date header corrected on internal objects (icons etc)
4027 (Bug #1275)
4028 - [Minor] squid -k fails in combination with chroot after patch for
4029 bug 1157 (Bug #1307)
4030 - [Cosmetic] Segmentation fault if compiled with
4031 --enable-ipf-transparent but denied access to the NAT device.
4032 (Bug #1313)
4033 - [Minor] httpd_accel_signle_host incompatible with redireection
4034 (Bug #1314)
4035 - [Minor] squid -k reconfigure internal corruption if the type of
4036 a cache_dir is changed (Bug #1308)
4037 - [Minor] SNMP GETNEXT fails if the given OID is outside the Squid MIB
4038 (Bug #1317)
4039 - [Minor] Title in FTP listings somewhat messed up after previous
4040 patch for bug 1220 (Bug #1220)
4041 - [Minor] FTP listings uses "BASE HREF" much more than it needs to,
4042 confusing authentication. (Bug #1204)
4043 - [Minor] winfo_group.pl only looked for the first group if multiple
4044 groups were defined in the same acl. (Bug #1333)
4045 - [Cosmetic] Compiler warnings on some 64-bit platforms (Bug #1316)
4046 - [Cosmetic] Removed some debug output from wb_ntlm_atuh (Bug #518)
4047 - [Cosmetic] The new --with-build-environment=... option doesn't work
4048 - [Cosmetic] New 'mail_program' configuration option in squid.conf
4049 - [Minor] Fails to compile with ip-filter and ARP support on Solaris
4050 x86 (Bug #199)
4051 - [Major] Segmentation fault in sslConnectTimeout (Bug #1355)
4052 - [Medium] assertion failed in StatHist.c:93 (Bug #1325)
4053 - [Minor] More chroot_dir and squid -k reconfigure issues (Bug #1331)
4054 - [Cosmetic] Invalid URLs in error messages when failing to connect
4055 to peer, and a few other inconsistent error messages (Bug #1342)
4056 - [Cosmetic] Fails to compile with glibc -D_FORTIFY_SOURCE=2
4057 (Bug #1344)
4058 - [Minor] Some odd FTP servers respond with 250 where 226 is expected
4059 (Bug #1348)
4060 - [Cosmetic] Greek translation of error messages (Bug #1351)
4061 - [Major] Assertion failed store_status == STORE_PENDING (Bug #1368)
4062 - [Minor] squid_ldap_auth -U does not work (Bug #1370)
4063 - [Minor] SNMP cacheClientTable fails on "long" IP addresses
4064 (Bug #1375)
4065 - [Minor] Solaris Sparc + IP-Filter compile error (Bug #1374)
4066 - [Minor] E-mail sent when cache dies is blocked from many antispam
4067 rules (Bug #1380)
4068 - [Minor] LDAP helpers does not work with TLS (-Z option) (Bug #1389)
4069 - [Cosmetic] Incorrect store dir selection debug message on objects
4070 larger than 2Gigabyte (Bug #1343)
4071 - [Cosmetic] header_id enum misused as an signed integer (Bug #1343)
4072 - [Cosmetic] Allow leaving core dumps when started as root (Bug #1335)
4073 - [Medium] Clients could bypass delay_pool settings by faking a cache
4074 hit request (Bug #500)
4075 - [Minor] IP-Filter 4.X support (Bug #1378)
4076 - [Medium] Odd results on pipelined CONNECT requests
4077 - [Major] Squid crashing with "FATAL: Incorrect scheme in auth header"
4078 when using NTLM authentication.
4079 - [Cosmetic] Odd results when pipeline_prefetch is combined with NTLM
4080 authentication (bug #1396)
4081 - [Minor] invalid host was processed as IP 255.255.255.255 in dst acl
4082 (Bug #1394)
4083 - [Cosmetic] New --with-maxfd=N configure option to override build
4084 time filedescriptor limit test
4085 - [Minor] Added support for Windows code name "Longhorn" on Cygwin.
4086
4087Changes to squid-2.5.STABLE10 (17 May 2005)
4088
4089 - [Minor Security] Fix race condition in relation to old Netscape
4090 Set-Cookie specifications
4091 - [Minor] Fails to parse D.J. Bernstein's FTP EPLF ftp listing
4092 format and PASV resposes (Bug #1252)
4093 - [Medium] BASE HREF missing on ftp directory URLs without /
4094 (Bug #1253)
4095 - [Minor security] confusing http_access results on configuration
4096 error (Bug #1255)
4097 - [Cosmetic] More robust Date parser (Bug #321)
4098 - [Minor] reload_with_ims fails to refresh negatively cached objects
4099 (Bug #1159)
4100 - [Cosmetic] delay_access description clarification (Bug #1245)
4101 - [Cosmetic] Check for integer overflow in size specifications in
4102 squid.conf (Bug #1247)
4103 - [Cosmetic] bzero is a non-standard function not available on all
4104 platforms (Bug #1256)
4105 - [Cosmetic] Compiler warnings if pid_t is not an int (Bug #1257)
4106 - [Cosmetic] Incorrect use of ctype functions (Bug #1259)
4107 - [Cosmetic] Defer digest fetch if the peer is not allowed to be used
4108 (Bug #1261)
4109 - [Minor] Duplicate content-length headers logged incorrectly or
4110 not cleaned up properly (Bug #1262)
4111 - [Cosmetic] Extend relaxed_header_parser to work around "excess
4112 data from" errors from many major web servers. (Bug #1265)
4113 - [Minor] Add HTTP headers to a netdb error messages
4114 - [Minor] Multiple minor aufs issues (Bug #671)
4115 - [Minor] Basic authentication fails with very long logins or
4116 password (Bug #1171)
4117 - [Minor] CONNECT requests truncated if client side disconnects first
4118 (Bug #1269)
4119 - [Minor] --disable-hostname-checks configure option did not work
4120 - [Cosmetic] LDAP helpers adjusted to compile with SUN LDAP SDK
4121 - [Cosmetic] aufs warning about open event filedescriptors on shutdown
4122 - [Medium] Failed to process requests for files larger than 2GB in size
4123 - [Cosmetic] rename() related cleanup
4124 - [Cosmetic] New cachemgr pending_objects and client_objects actions
4125 - [Cosmetic] external acls requiring authentication did not request
4126 new credentials on access denials like proxy_auth does.
4127 - [Cosmetic] Syslog facility now configurable via command line options.
4128 - [Cosmetic] New %a error page template code expanding into the
4129 authenticated user name. (Bug #798)
4130 - [Minor] IP-Filter 4.0 support in --enable-ipf-transparent
4131 - [Minor] Support interception of multiple ports
4132 - [Cosmetic] Allow "squid -k ..." to run even if the local hostname
4133 can not be determined (Bug #1196)
4134 - [Cosmetic] Configuration file parser now handles DOS/Windows formatted
4135 configuration files with CRLF lineendings proper.
4136 - [Minor] Unrecognized Cache-Control directives now forwarded properly
4137 (Bug #414)
4138 - [Minor] Authentication helpers now returns useable information
4139 in the %m error page macro on failed authentication (Bug #1223)
4140 - [Minor] pid file management corrected in chroot use (Bug #1157)
4141 - [Minor Security] Fix for CVE-1999-0710: cachemgr malicouse use.
4142 cachemgr.cgi now reads a config file telling which proxy servers
4143 it can administer.
4144 - [Minor] aufs statistics improvements
4145 - [Minor] SNMP bugfixes and support for SNMPv2(c) (Bug #1288, #1299)
4146 - [Minor] ARP acl documentation and cachemgr config dump corrections
4147 - [Minor] dstdomain/dstdom_regex acls now allow matching of numeric
4148 hostnames in addition to the reverse lookup of the domain name.
4149 - [Security] Internal DNS client hardened against spoofing
4150
4151Changes to squid-2.5.STABLE9 (24 Feb 2005)
4152
4153 - [Medium] Don't retry requests on 403 errors (Bug #1210)
4154 - [Minor] Ignore invalid FQDN DNS responses (Bug #1222)
4155 - [Minor] cache_peer related memory leaks on reconfigure (Bug #1246)
4156 - [Cosmetic] Adjusted to build cleanly with GCC-4 (Bug #1211)
4157 - [Minor] relaxed_header_parser extended to work around even more
4158 broken web servers (Bug #1242)
4159 - [Minor] FTP gatewaying URLs cleaned up slightly, mainly to work
4160 better with Mozilla but also to improve security slightly on
4161 non-anonymous FTP.
4162 - [Minor] High characters allowed un-encoded in FTP and Gopher
4163 listings to allow the user-agent to display data in non-iso8859-1
4164 charsets. (Bug #1220)
4165 - [Cosmetic] format fixes to silence compiler warnings on many
4166 platforms.
4167 - [Major] Assertion failures on certain odd DNS responses (Bug #1234)
4168
4169Changes to squid-2.5.STABLE8 (11 Feb 2005)
4170
4171 - [Minor] 100% CPU usage on half-closed PUT/POST requests (Bug #354,
4172 #1096)
4173 - [Cosmetic] Document -v (protocol version) option to LDAP helpers
4174 - [Minor] The new req_header and resp_header acls segfaults
4175 immediately on parse of squid.conf (Bug #961)
4176 - [Minor] Failure to shut down busy helpers on -k rotate/reconfigure
4177 (Bug #1118)
4178 - [Minor] Don't use O_NONBLOCK on disk files. (Bug #1102)
4179 - [Minor] Squid fails to close TCP connection after blank HTTP
4180 response (Bug #1116)
4181 - [Minor security] Random error messages in response to malformed
4182 host name (Bug #1143)
4183 - [Minor] PURGE should not be able to delete internal objects
4184 (Bug #1112)
4185 - [Minor] httpd_accel_port 0 (virtual) not working correctly (Bug
4186 #1121)
4187 - [Minor] cachemgr vm_objects segfault (Bug #1149)
4188 - [Minor security] Confusing results on empty acl declarations (Bug
4189 #1166)
4190 - [Minor] Don't close all "other" filedescriptors on startup (Bug
4191 #1177)
4192 - [Minor] fakeauth_auth memory leak and NULL pointer access (Bug
4193 #1183)
4194 - [Security] buffer overflow bug in gopherToHTML() (Bug #1189)
4195 - [Medium security] Denial of service with forged WCCP messages
4196 (Bug #1190)
4197 - [Minor] DNS related memory leak on certain malformed DNS responses
4198 (Bug #1197)
4199 - [Minor] Internal DNS sometimes truncates host names in reverse
4200 (PTR) lookups (Bug #1136)
4201 - [Minor Security] Add sanity checks on LDAP user names (Bug #1187)
4202 - [Security] Harden Squid against HTTP request smuggling attacks
4203 - [Minor] Icon URLs fails in non-anonymous FTP directory listings is
4204 short_icon_urls is on (Bug #1203)
4205 - [Security] Harden Squid against HTTP response splitting attacks
4206 (Bug #1200)
4207 - [Medium security] Buffer overflow in WCCP recvfrom() call
4208 (Bug #1217)
4209 - [Security] Properly handle oversized reply headers (Bug #1216)
4210 - [Minor] LDAP helpers search fixed to properly ask for no attributes
4211 - [Minor] A sporadic segmentation fault when using ntlm authentication
4212 fixed (Bug #1127)
4213 - [Major] Segmentation fault on failed PUT/POST requests (Bug #1224)
4214 - [Medium] Persistent connection mismatch on failed PUT/POST request
4215 (Bug #1122)
4216 - [Minor] WCCP easily disturbed by forged packets (Bug #1225)
4217 - [Minor] Password management in ftp:// gatewaying improved (Bug #1226)
4218 - [Major] HTTP reply data corruption in certain situations involving
4219 reply headers split over multiple packets (Bug #1233)
4220
4221Changes to squid-2.5.STABLE7 (11 Oct 2004)
4222
4223 - [Medium] No objects cached in ufs cache_dir type in some
4224 configurations. Issue introduced in 2.5.STABLE6 by the patch for
4225 Bug #676. (Bug #1011)
4226 - [Minor] LDAP helpers update to correct LDAP connection management
4227 and add support for literal password compare instead of binding
4228 - [Minor] A large number of queued DNS lookups for the same domain
4229 (Bug #852)
4230 - [Cosmetic] request_header_max_size configuration partly ignored
4231 (Bug #899)
4232 - [Minor] Partial hit results in TCP_HIT, not TCP_MISS. (Bug #1001)
4233 - [Cosmetic] HEAD requests may return stale information
4234 (Bug #1012)
4235 - [Cosmetic] Warn if cache_dir ufs can not create files. (Bug #918)
4236 - [Minor] case insensitive authentication (Bug #431)
4237 - [Cosmetic] Add delay pools information to active_requests. (Bug
4238 #882)
4239 - [Minor] Apparent memory leak in client_db (Bug #833)
4240 - [Minor] NTLM authentication truncated causing failures. (Bug
4241 #1016)
4242 - [Cosmetic] Grammatical corrections in squid.conf.default
4243 - [Cosmetic] Unknown %X errorpage codes incorrectly quoted. (Bug
4244 #1030)
4245 - [Medium] Segfaults and other strange crashes when using heap
4246 policies. (Bug #1009)
4247 - [Minor] Supplementary group memberships not set (Bug #1021)
4248 - [Cosmetic] ERR_TOO_BIG Portuguese translation
4249 - [Minor] external_acl does not handle newlines (Bug #1038)
4250 - [Major] NTLM authentication denial of service when using msnt_auth
4251 or fake_auth (Bug #1045)
4252 - [Medium] Memory leaks when using NTLM authentication without
4253 challenge reuse. (Bug #994)
4254 - [Minor] Temporary NTLM memory leak with challenge reuse enabled
4255 (Bug #910)
4256 - [Minor] assertion failed: "n_ufs_dirs <=
4257 Config.cacheSwap.n_configured". (Bug #1053)
4258 - [Minor] Segfault in authenticateDigestHandleReply. (Bug #1031)
4259 - [Minor] acl time fails to parse multiple time specifications
4260 (Bug #1060)
4261 - [Minor] cachemgr config dumps mixed up Range and Request-Range
4262 headers in http_header_access & replace directives. (Bug #1056)
4263 - [Minor] Content-Disposition added as a well known header (Bug #961)
4264 - [Cosmetic] Don't warn about arp acls not being supported on FreeBSD
4265 (Bug #1074)
4266 - [Cosmetic] Limit internal send/receive buffer sizes (Bug #1075)
4267 - [Medium] New acl types to match arbitrary HTTP headers. In addition
4268 the http_header_access & replace directives now support arbitrary
4269 headers and not only the well known ones. (Bug #961)
4270 - [Cosmetic] ncsa_auth now accepts Window formatted password files
4271 (Bug #1078)
4272 - [Cosmetic] Support the --program-prefix/suffix options or other
4273 configure program name transforms (Bug #1019)
4274 - [Minor] Fix race condition in CONNECT and also handle aborts of
4275 CONNECT requests in a more graceful manner. (Bug #859)
4276 - [Minor] New balance_on_multiple_ip directive to work around certain
4277 broken load balancers and optimized ipcache on reload requests
4278 (Bug #1058)
4279 - [Medium] New reply_header_max_size directive
4280 (Bug #874)
4281 - [Minor] Suspected instability on aborted PUT/POST requests
4282 (Bug #1089)
4283 - [Security] SNMP Denial of Service fix (CAN-2004-0918)
4284
4285Changes to squid-2.5.STABLE6 (9 Jul 2004)
4286
4287 - Bug #937: NTLM assertion error "srv->flags.reserved"
4288 - Bug #935: squid_ldap_auth can be confused by the use of reserved
4289 characters
4290 - Helper queue warnings imprecise on the number of helpers required
4291 - squid_ldap_auth TLS mode works correctly again
4292 - Bug #940, #305: pkg-config support for finding correct OpenSSL
4293 compile flags
4294 - Bug #426: "Vary: *" is ignored
4295 - 100% CPU usage on Linux-2.2
4296 - Version number should not include -CVS if autoconf is run
4297 - Bug #947: deny_info redirection with requested URL escaped wrongly
4298 - Bug #495: CONNECT timeout should produce a 504 or 503
4299 - Bug #956: cache_swap_log documentation referred to swap.state by
4300 it's old swap.log name
4301 - ntlm/auth_ntlm.c(683): warning #187: use of "=" where "==" may
4302 have been intended
4303 - Bug #962: rfc1035NameUnpack: Assertion (*off) < sz failed
4304 - Bug #954: Segment violation when using a blank user name in digest
4305 authentication
4306 - Bug #943: assertion failed: errorpage.c:292: "mem->inmem_hi == 0"
4307 - Spelling corrections in configure and squid.conf.default
4308 - The meaning of ERR in digest helper protocol clarified in the
4309 squid.conf documentation
4310 - Bug #950: Spelling error in Turkish ERR_DNS_FAIL
4311 - Bug #616: Negative cached 404 replies with VARY header never matched
4312 - Bug #968: range_offset_limit -1 KB rejected as invalid syntax
4313 due to a shortcoming in the fix to bug #817
4314 - Bug #570: Very large cache_mem values reported wrongly in cache.log
4315 - Bug #676: store_dir_select_algorithm least-load doesn't work for
4316 ufs cache_dir type
4317 - Bug #946: cacheCurrentUnlinkRequests should be a counter, not gauge
4318 - Bug #948: Show client ip in cache.log debug output
4319 - Bug #960: compilation issue on OpenBSD/m88k
4320 - Bug #969: FTP directory listing HTML DOCTYPE misread by some tools
4321 - Bug #991: dns_servers should default to localhost if no resolv.conf
4322 - Bug #717: msnt_auth documentation update
4323 - Bug #753: Segfault in memBufVPrintf on certain architectures
4324 requiring va_copy
4325 - Bug #941: Negative size in access.log on long running CONNECT
4326 requests
4327 - Bug #972: Segmentation fault after "Likely proxy abuse detected"
4328 - Bug #981: sasl_auth updated to work with SALS2
4329 - Overflow bug in Squid's ntlm_auth helper used for transparent NTLM
4330 authentication to a NT domain without using Samba.
4331
4332Changes to squid-2.5.STABLE5 (1 Mar 2004):
4333
4334 - cache.log message on "squid -k reconfigure" was slightly confusing,
4335 claiming Squid restarted when it just reread the configuration.
4336 - Bug #787: digest auth never detects password changes
4337 - Bug #789: login with space confuses redirector helpers
4338 - Bug #791: FQDNcache discards negative responses when using
4339 internal DNS
4340 - pam_auth fails on Solaris when using pam_authtok_get. Persistent
4341 PAM connections are unsafe and now disabled by default.
4342 - auth_param documentation clarifications and added default realm
4343 values making only the helper program a required attribute
4344 - Bug #795: German ERR_DNS_FAIL correction
4345 - Bug #803: Lithuanian error messages update
4346 - Bug #806: Segfault if failing to load error page
4347 - Bug #812: Mozilla/Netscape plugins mime type defined (.xpi)
4348 - Bug #817: maximum_object_size too large causes squid not to cache
4349 - Bug #824: 100% CPU loop if external_acl combined with separate
4350 authentication acl in the same http_access line
4351 - squid_ldap_group updated to version 2.12 with support for ldaps://
4352 (LDAPv2 over SSL) and a numer of other improvements.
4353 - Bug #799: positive_dns_ttl ignored when using internal DNS.
4354 - Bug #690: Incorrect html on empty Gopher responses
4355 - Bug #729: --enable-arp-acl may give warning about net/route.h
4356 - Bug #14: attempts to establish connection may look like syn flood
4357 attack if the contacted server is refusing connections
4358 - errorpage README files included in the distribution again showing
4359 who contributed which translation
4360 - Bug #848: connect_timeout connect_timeout ends up twice the length.
4361 forward_timeout option added to address this.
4362 - Bug #849: DNS log error messages should report the failed query
4363 - Bug #851: DNS retransmits too often
4364 - Bug #862: Very frequently repeated POST requests may cause a
4365 filedescriptor shortage due to persitent connections building up
4366 - Bug #853: Sporatic segmentation faults on aborted FTP PUT requests
4367 - Bug #571: Need to limit use of persistent connections when
4368 filedescriptor usage is high
4369 - Bug #856: FTP/Gopher Icon URLs are unneededly complex and often
4370 does not work properly
4371 - Bug #860: redirector_access does not handle "slow" acls such as
4372 "dst" or "external" requiring a external lookup.
4373 - Bug #865: Persistent connection usage too high after sudden burst
4374 of traffic.
4375 - Bug #867: cache_peer max-conn=.. option does not work
4376 - Bug #868: refuses to start if pid_filename none is specified
4377 - Bug #887: LDAP helper -Z (TLS) option does not work
4378 - Bug #877: Squid doesn't follow telnet protocol on FTP control
4379 connections
4380 - Bug #908: Random auth popups and account lockouts when using ntlm
4381 - Support for NTLM_NEGOTIATE exchanges with ntlm helpers
4382 - Bug #585: cache_peer_access fails with NTLM authentication
4383 - Bug #592: always/never_direct fails with NTLM authentication
4384 - wbinfo_group update for Samba-3
4385 - Bug #892: helpers/ntlm_auth/SMB/ fails to compile on FreeBSD 5.0
4386 - Bug #924: miss_access restricts internal and cachemgr requests
4387 even if these are local
4388 - Bug #925: auth headers send by squidclient are mildly malformed
4389 - Bug #922: miss_access and delay_access and several other
4390 authentication related bug fixes.
4391 - Bug #909: Added ARP acl support for FreeBSD
4392 - Bug #926: deny_info with http_reply_access or miss_access
4393 - Bug #872: reply_body_max_size problems when using NTLM auth
4394 - Bug #825: random segmentation faults when using digest auth
4395 - Bug #910: Partial fix for temporary memory leaks when using NTLM
4396 auth. There is still problems if challenge reuse is enabled.
4397 - ftp://anonymous@host/ now accepted without requiring a password
4398 - Bug #594: several mime type updates (ftp:// related)
4399 - url_regex enhanced to allow matching of %00
4400
4401Changes to squid-2.5.STABLE4 (15 Sep 2003):
4402
4403 - Lithuanian error messages added to the distribution
4404 - Bug #660: segfauld if more than one custom deny_info line
4405 - cache_dir disd documentation cleanup
4406 - check open of /dev/null to avoid 100% CPU loop in badly
4407 configured chroot environments
4408 - documentation update on uri_whitespace to refer to the correct RFC
4409 - Bug #655: icmpRecv: recv: (11) Resource temporarily unavailable
4410 - Bug #683: external_acl does not wait for ident lookups to complete
4411 - aufs: Fix a minor use-after-free problem which could cause the
4412 count of opening filedescriptors to grow larger than it should
4413 - Syntax changes to make GCC-3.3 accept Squid without complaints
4414 - Warning if CARP server defined in incorrect load factor order
4415 - neighbor_type_domain documentation update
4416 - http_header_access now works when using cache peers
4417 - high_memory_warning now uses sbrk as fallback mechanism on
4418 platforms where neither mallinfo or mstats are available.
4419 - hosts_file now handles comments at the end of lines correcly
4420 - storeCheckCachable() Stats corrected for release_request and
4421 wrong_content_length.
4422 - cachePeerPingsSent MIB type corrected
4423 - unused minimum_retry_timeout directive removed
4424 - Bug #702: ERR_TO_BIG spanish translation
4425 - Bug #705: Memory leak on deny_info TCP_RESET
4426 - Code cleanup to fix compile error in httpHeaderDelById
4427 - Bug #699: Host header now forwarded exactly where it was in the
4428 original request to work around certain broken firewalls or
4429 load balancers which fail if this header is too far into the
4430 request headers.
4431 - Bug #704: Memory leak on reply_body_max_size
4432 - Bug #686: requests denied due to http_reply_access are now
4433 logged with TCP_DENIED (instead of TCP_MISS, etc).
4434 - Bug #708: ie_refresh now sends no-cache to have the reload
4435 request propagate properly in cache meshes
4436 - Bug #700: Crashes related to ftpTimeout: timeout in SENT_PASV state
4437 - Bug #709: cbdata.c:186: "c->valid" assertion due to peer
4438 digest not found
4439 - Bug #710: round-robin cache_dir selection incorrectly
4440 compares max-size.
4441 - Statistics corrections in HTTP header statitics
4442 - QUICKSTART cleanups
4443 - Bug #715: statCounter.syscalls.disk counters treated
4444 inconsistently. Now increment the counters in AUFS
4445 functions and for unlinkd.
4446 - Improvements to the (experimental) COSS storage scheme.
4447 - Bug #721: User name field in access.log sometimes blank
4448 - Bug #94: assertion failed: http.c: "-1 == cfd ||
4449 FD_SOCKET == fd_table[cfd].type"
4450 - Bug #716: assertion failed: client_side.c:1478: "size > 0"
4451 - Bug #732: aufs calculates number of threads and limits wrongly
4452 - Bug #663: Username not logged into access.log in case of /407
4453 - Bug #267: Form POSTing troubles with NTLM authentication
4454 and occationally in differen other error conditions.
4455 - Bug #736: ICP dynamic timeout algorithm ignores multicast.
4456 - Bug #733: No explicit error message when ncsa_auth can't access
4457 passwd file
4458 - Bug #267, #757: POST with NTLM stops after persistent connection
4459 timeout
4460 - Bug #742: Wrong status code on access denials if delay_access
4461 is used. Most notably 407 instead of 403 could be returned.
4462 - Bug #763: segfault if using ntlm in http_reply_access
4463 - Bug #638: assertion error if using proxy_auth in delay_access
4464 - Bug #756: segmentation fault if using ntlm proxy_auth in delay_access
4465 - The issue of reply_body_max_size limiting the size of error
4466 messages no longer applies.
4467 - external_acl_type concurrency= option renamed to children= to
4468 prepare for Squid-3 upgrades. Old syntax still accepted for the
4469 duration of the Squid-2.5 release.
4470 - number of filedescriptors rounded down to an even multiple of 64
4471 to work around issues in certain libc implementations.
4472 - winbind helpers less noisy in cache.log on restarts/shutdown.
4473 - Squid now automatically restarts helpers if too many of them
4474 have crashed.
4475
4476Changes to squid-2.5.STABLE3 (25 May 2003):
4477
4478 - Bug #573: Occational false negatives in external acl lookups
4479 - Bug #577: assertion failed: cbdata.c:224: "c->y == c" when
4480 external_acl helpers crashes
4481 - Bug #590: Squid may hang or behave oddly on shutdown while
4482 requests is being processed.
4483 - Bug #590: external acl lookups does not deal well with queue
4484 overload
4485 - cache_effective_user documentation update
4486 - cache_peer documentation update for htcp and carp
4487 - Bug #600: The example header_access paranoid setting is
4488 missing WWW-Authenticate
4489 - Bug #605: Segmentation fault in idnsGrokReply() on certain
4490 platforms
4491 - Fixes to build properly on AIX 5
4492 - Bug #574: wb_group updated to version 1.1 to make group names
4493 case insensitive and correct a segfault issue in the helper
4494 - SNMP mib updates to make cacheNumObjCount,
4495 cacheCurrentUnlinkRequests, cacheCurrentSwapSize and cacheClients
4496 correctly report as gauges (was reporting as counters).
4497 - Woraround for --enable-ssl Kerberos issue on RedHat 9
4498 - Bug #579: Close and repopen log files on "squid -k reconfigure"
4499 - Bug #598: squid_ldap_auth could segfault if LDAP server is
4500 unavailable
4501 - Bug #609,#612: msntauth helper fixes in dealing with large
4502 or non-existing allow/deny user files.
4503 - Bug #620: acl ident REQUIRED matches even if the ident lookup fails
4504 - Bug #432: reply_body_max_size fails with ident or proxy_auth acls
4505 and also fails to block large objects where the content-length
4506 is not known
4507 - Bug #606: Basic auth looping and gets stuck at high CPU usage when
4508 multiple proxy_auth ACLs combined in one line and login fails.
4509 - squid_ldap_auth updated with support for TLS and SSL
4510 - Bug #623: segfault if using negated external acls in certain
4511 configurations involving other acls later on the same http_access
4512 line.
4513 - Bug #622: wb_group helper update to version 1.2 to ass support for
4514 Domain-Qualified groups refering to groups in a specific domain
4515 - Bug #596: logic error in poll() error management
4516 - Bug #597: logic errors in error management
4517 - Bug #591: segmentation fault in authentication on "squid -k debug"
4518 - Bug #587: smb_auth fails on complex logins involving domain names
4519 or other odd characters
4520 - Bug #558, #587: smb_auth.pl fails on complex logins involving
4521 domain names or other odd characters
4522 - Bug #643: external_acl fails with ttl=0 due to a change introduced
4523 by the patch for Bug #553 in 2.5.STABLE2.
4524 - Bug #630: minor issues in digest authantication causing random
4525 authentication failures and incompability with many mainstream
4526 browser digest implementations due to browser qop bugs. To deal
4527 with those broken browser nonce_stricness now defaults to off,
4528 and two new digest options have been added (check_nonce_count
4529 and post_workaround) to allow workarounds to other quite bad
4530 browser bugs if needed.
4531 - Bug #644: digest authentication fails on requests with one
4532 or more comma in the requested URL
4533 - Bug #648: deny_info TCP_RESET not working. The fix for this also
4534 adds the ability to send redirects.
4535
4536Changes to squid-2.5.STABLE2 (Mars 17, 2003):
4537
4538 - Contrib files added back to the distribution
4539 - Several compiler warnings fixed when using --disable-ident or
4540 --disable-http-violations
4541 - authentication can now be used in most access controls, but
4542 must in most cases first be enforced in http_access to force
4543 the user to authenticate.
4544 - cleanups in the developer bootstrap.sh process when preparing
4545 the sources.
4546 - several squid.conf.default documentation updated to correctly
4547 refer to the current names when refering to other directives
4548 - authenticate_ip_ttl documentation updates
4549 - several assertion faults and segmentation violations corrected
4550 - the RunCache/RunAccel and squid.rc scripts updated to refer to
4551 the squid binary in sbin rather than the old bin location.
4552 - squid_ldap_auth command line processing fixes when specifying
4553 the LDAP server last on the line instead of -h option
4554 - aufs data corruption bugfix
4555 - aufs performance improvement for low traffic systems
4556 - aufs stability improvements
4557 - external_acl corrected to properly deal with quoted strings
4558 - WCCPv1 bugfix to make sure the router accepts the hash assignments
4559 - "Total accounted memory" now correctly reported in cachemgr
4560 - several small memory leaks (mostly reconfigure related)
4561 - new squid.conf option to allow GET/HEAD requests with a request
4562 entity
4563 - "make uninstall" no longer removes squid.conf
4564 - cachemgr.cgi now uses POST to avoid having the cachemgr password
4565 logged in the web server logs
4566 - authentication schemes which are known to not be proxyable are now
4567 filtered out from forwarded server replies to avoid that the clients
4568 tries to use such schemes when we know for a fact it won't work
4569 - spelling corrections in various error messages
4570 - now possible to define acl values with spaces in them
4571 by using the "include file" feature
4572 - squid_ldap_group updated to 2.10 to fix compilation issues with
4573 recent (and older) OpenLDAP libraries and to make the helper deal
4574 correctly with true LDAP groups by first looking up the user DN.
4575 - Some internal code cleanups
4576 - now verifies that programs etc exists iside the chroot directory
4577 when using chroot_dir. No longer neccesary to set up a split view
4578 environment where the same paths works both inside the chroot and
4579 outside just to convince Squid that the files is actually there..
4580 - improved memory usage reporting
4581 - --disable-hostname-checks configure option
4582 - no longer ignores double dots in host names. Any hostname with
4583 double dots is now rejected as invalid.
4584 - log_mime_hdrs no longer logs garbage if very long headers
4585 are seen.
4586 - 'select_fds_hist' object added to cachemgr 'histogram' output
4587 - pid file now unlinked when squid has really shut down, not
4588 immediately when the shutdown request is received. This allows
4589 the pid file to be monitored to determine when Squid has shut down
4590 properly
4591 - correct authentication scheme setups on some platforms or compilers
4592 - several squid.conf.default documentation updates to remove references
4593 to renamed or replaced directives by changing them to their current
4594 names.
4595 - the SSL reverse proxy support updated to allow building with
4596 OpenSSL 0.9.7 and and later.
4597 - Corrected a minor performance problem while processing HEAD replies
4598 from various broken web servers not sending a correct HTTP reply
4599 - time acls can now specify multiple times in the same acl name, like
4600 most other acl types.
4601 - winbind helpers updated to match Samba-2.2.7a and should
4602 work with Samba-2.2.6 or later (required). For compability with
4603 older Samba versions A new configure option --with-samba-sources=...
4604 has been added to allow you to specify which Samba version the
4605 helpers should be built for if different than the above versions.
4606 - Squid MIB definition syntax correction to work better with newer
4607 (and older) SNMP tools.
4608 - Fixed access.log format when logging "error:invalid-HTTP-ident" on
4609 requests where parsing the HTTP identifier (HTTP/1.0) failed.
4610 - "make distclean" no longer removes the icons, this avoids the
4611 dependency on "uudecode" to rebuild Squid after "make distclean"
4612 - User name returned by external acl lookups (external_acl_type)
4613 is now available as "ident" in later acl checks in addition to
4614 the logging in access.log.
4615 - Incorrect behaviour of Digest authentication partly corrected - it
4616 will not handle sessions, but will always enforce password
4617 correctness.. (patch submitted by Sean Burford).
4618 - Issue with persistent connections and PUT/POST request corrected
4619
4620Changes to squid-2.5.STABLE1 (September 25, 2002):
ddf1c0c4 4621
94439e4e 4622 - Major rewrite of proxy authentication to support other schemes
4623 than basic. First in the line is NTLM support but others can
a2794549 4624 easily be added (minimal digest is present). See Programmers Guide.
6437ac71 4625 (Robert Collins & Francesco Chemolli)
94439e4e 4626 - Reworked how request bodies are passed down to the protocols.
4627 Now all client side processing is inside client_side.c, and
4628 the pass and pump modules is no longer used.
3ff01c3e 4629 used by Squid.
722a4b40 4630 - Optimized searching in proxy_auth and ident ACL types. Squid should
4631 now handle large access lists a lot more efficiently.
05fbbc17 4632 (Francesco Chemolli)
e396d395 4633 - Fixed forwarding/peer loop detection code (Brian Degenhardt) -
4634 now a peer is ignored if it turns out to be us, rather than
4635 committing suicide
1224d740 4636 - Changed the internal URL code to obey appendDomain for internal
4637 objects if it needs appending. This fixes weirdnesses where
4638 a machine can think it is "foo.bar.com", and "foo" is requested.
4639 (Brian Degenhardt)
a2794549 4640 - Added the use of Automake to create the Makefile.in's in the squid
4641 source tree. This will allow libtool in the future, and immediately
4642 allows better dependency tracking - with or without gcc - as well
4643 as the dist-all and distcheck targets for developers which respectively
4644 build a tar.gz and a tar.bz2 distribution, and check that what will be
4645 distributed builds.
d6827718 4646 - Added TOS and source address selection based on ACLs,
4647 written by Roger Venning. This allows administrators to set
4648 the TOS precedence bits and/or the source IP from a set of
4649 available IPs based upon some ACLs, generally to map different
4650 users to different outgoing links and traffic profiles.
50821507 4651 - Added 'max-conn' option to 'cache_peer'
4652 - Added SSL gatewaying support, allowing Squid to act as a SSL server
4653 in accelerator setups.
4e2c57a0 4654 - SASL authentication helper by Ian Castle
6474667e 4655 - msntauth updated to v2.0.3
3e4057db 4656 - no_cache now applies to cache hits as well as cache misses
810118ab 4657 - the Gopher client in Squid has been significantly improved
05463204 4658 - Squid now sanity checks FTP data connections to ensure the
6474667e 4659 connection is from the requested server. Can be disabled if
05463204 4660 needed by turning off the ftp_sanitycheck option.
98858605 4661 - external acl support. A mechanism where flexible ACL checks
4662 can be driven by external helpers. See the external_acl_type
4663 and acl external directives.
3e4057db 4664 - Countless other small things and fixes
2d8d56b0 4665 - HTML pages generated by Squid or CacheMgr as well as the
4666 ERR documents now contain a doctype declaration so that
22567bb5 4667 browsers know which HTML specification the document uses.
2d8d56b0 4668 In addition to that they have a new look (background-color, font)
4669 and are valid according to the HTML standards at www.w3.org.
3ff01c3e 4670 (Clemens L ser)
9bbd1655 4671 - Login and password send to Basic auth helpers is now URL escaped
4672 to allow for spaces and other "odd" characters in logins and
4673 passwords
c90fbf46 4674 - Proxy Authentication is no longer blindly forwarded to peer
4675 caches if not used locally. If forwarding of proxy authentication
4676 is desired then it must now be configured with the login=PASS
4677 cache_peer option.
6474667e 4678 - Responses with Vary: in the header are now cached by squid.
1239cfea 4679 (Henrik Nordstrom).
3ff01c3e 4680 - Removed unused 'siteselect_timeout' directive.
c5bc64d3 4681
dde94193 4682Changes to Squid-2.4.STABLE7 (July 2, 2002):
4683
4684 - Squid now drops any requests using transfer-encoding.
4685 Squid is a HTTP/1.0 proxy and as such do not support
4686 the use of transfer-encoding.
4687 - The MSNT auth helper has been updated to v2.0.3+fixes for
4688 buffer overflow security issues found in this helper.
4689 - A security issue in how Squid forwards proxy authentication
4690 credentials has been fixed
4691 - Minor changes to support Apple MAC OS X and some other platforms
4692 more easily.
4693 - The client -T option has been implemented
4694 - HTCP related bugfixes in "squid -k reconfigure"
4695 - Several bugfixes and cleanup of the Gopher client, both
4696 to correct some security issues and to make Squid properly
4697 render certain Gopher menus.
4698 - FTP data channels are now sanity checked to match the address of
4699 the requested FTP server. This to prevent theft or injection of
4700 data. See the new ftp_sanitycheck directive if this is not desired.
4701 - Security fixes in how Squid parses FTP directory listings into HTML
4702
c5bc64d3 4703Changes to Squid-2.4.STABLE6 (March 19, 2002):
4704
722a4b40 4705 - The patch for 2.4.STABLE5 was insufficiently tested and
c5bc64d3 4706 introduced a bug that causes frequent assertions when
4707 handling DNS PTR answers.
4708
4709Changes to Squid-2.4.STABLE5 (March 15, 2002):
4710
4711 - Fixed an array bounds bug in lib/rfc1035.c. This bug
4712 could allow a malicious DNS server to send bogus replies
4713 and corrupt the heap memory.
4714
572b218d 4715Changes to Squid-2.4.STABLE4 (Feb 19, 2002)
08e8e4d0 4716
722a4b40 4717 - htcp_port 0 now properly disables htcp
6474667e 4718 - Fixed problem with certain non-anonymous ftp:// style URL's
08e8e4d0 4719 - SNMP bugfixes including several memory leaks
4720
4721Changes to Squid-2.4.STABLE3 (Nov 28, 2001):
4722
4723 - Fixed bug #255: core dump on SSL/CONNECT if access denied by
4724 miss_access
4725 - Fixed bug #246: corrupt on-disk meta information preventing
4726 rebuilds of lost swap.state files
4727 - Fixed bug #243: squid_ldap_auth now supports spaces in passwords
4728 - Fixed a coredump when creating FTP directories
4729 - Fixed a compile time problem with statHistDump prototype mistmatch,
4730 reported by some compilers
4731 - Fixed a potential coredump situation on snmpwalk in certain
4732 configurations
4733 - Fixed bug #229: filedescriptor leakage in the "aufs" cache_dir
4734 store implementation
4735 - Serbian error message translations
4736
50821507 4737Changes to Squid-2.4.STABLE2 (Aug 24, 2001):
4738
722a4b40 4739 - Expanded configure's GCC optimization disabling check to
50821507 4740 include GCC 2.95.3
4741 - avoid negative served_date in storeTimestampsSet().
4742 - Made 'diskd' pathnames more configurable
4743 - Make sure squid parent dies if child is killed with
4744 KILL signal
4745 - Changed diskd offset args to off_t instead of int
4746 - Fixed bugs #102, #101, #205: various problems with useragent
4747 log files
4748 - Fixed bug #116: Large Age: values still cause problems
4749 - Fixed bug #119: Floating point exception in
4750 storeDirUpdateSwapSize()
4751 - Fixed bug #114: usernames not logged with
4752 authenticate_ip_ttl_is_strict
722a4b40 4753 - Fixed bug #115: squid eating up resources (eventAdd args)
50821507 4754 - Fixed bug #125: garbage HTCP requests cause assertion
4755 - Fixed bug #134: 'virtual port' support ignores
4756 httpd_accel_port, causes a loop in httpd_accel mode
4757 - Fixed bug #135: assertion failed: logfile.c:135: "lf->offset
4758 <= lf->bufsz"
4759 - Fixed bug #137: Ranges on misses are over-done
4760 - Fixed bug #160: referer_log doesn't seem to work
4761 - Fixed bug #162: some memory leaks (SNMP, delay_pools,
4762 comm_dns_incoming histogram)
4763 - Fixed bug #165: "Store Mem Buffer" leaks badly
4764 - Fixed bug #172: Ident Based ACLs fail when applied to
4765 cache_peer_access
4766 - Fixed bug #177: LinuxPPC 2000 segfault bug due to varargs abuse
4767 - Fixed bug #182: 'config' cachemgr option dumps core with
4768 null storage
4769 - Fixed bug #185: storeDiskdDirParseQ[12]() use wrong number
4770 of args in debug/printf
4771 - Fixed bug #187: bugs in lib/base64.c
4772 - Fixed bug #184: storeDiskdShmGet() assertion; changed
4773 diskd to use bitmap instead of linked list
4774 - Fixed bug #194: Compilation fails on index() on some
722a4b40 4775 non-BSD platforms
50821507 4776 - Fixed bug #197: refreshIsCachable() incorrectly checks
4777 entry->mem_obj->reply
4778 - Fixed bug #215: NULL pointer access for proxy requests
4779 in accel-only mode
4780
4781Changes to Squid-2.4.STABLE1 (Mar 20, 2001):
4782
4783 - Fixed a bug in and cleaned up class 2/3 delay pools
4784 incrementing.
4785 - Fixed a coredump bug when using external dnsservers that
4786 become overloaded.
4787 - Fixed some NULL pointer bugs for NULL storage system
4788 when reconfiguring.
4789 - Fixed a bug with useragent logging that caused Squid to
4790 think the logfile never got opened.
4791 - Fixed a compiling bug with --disable-unlinkd.
4792 - Changed src/squid.h to always use O_NONBLOCK on Solaris
4793 if it is defined.
4794 - Fixed a bug with signed/unsigned bitfield flag variables
4795 that caused problems on Solaris.
4796 - Fixed a bug in clientBuildReplyHeader() that could add
4797 an Age: header with a negative value, causing an assertion
4798 later.
4799 - Fixed an SNMP reporting bug. cacheCurrentResFileDescrCnt
4800 was returning the number of FDs in use, rather than
4801 the number of reserved FDs.
4802 - Added the 'pipeline_prefetch' configuration option.
4803 - cache_dir syntax changed to use options instead of many
4804 arguments. This means that the max_objsize argument now
4805 is an optional option, and that the syntax for how to
722a4b40 4806 specify the diskd magics is slightly different.
50821507 4807 - Various fixes for CYGWIN
4808 - Upgraded MSNT auth module to version 2.0.
4809 - Fixed potential problems with HTML by making sure all
4810 HTML output is properly encoded.
4811 - Fixed a memory initialization problem with resource records in
4812 lib/rfc1035.c.
4813 - Rewrote date parsing in lib/rfc1123.c and made it a little
4814 more lenient.
4815 - Added Cache-control: max-stale support.
4816 - Fixed 'range_offset_limit' again. The problem this time
4817 is that client_side.c wouldn't set the we_dont_do_ranges
4818 flag for normal cache misses. It was only being set for
4819 requests that might have been hits, but we decided to
4820 change to a miss.
4821 - Added the Authenticate-Info and Proxy-Authenticate-Info
4822 headers from RFC 2617.
4823 - HTTP header lines longer than 64K could cause an assertion.
4824 Now they get ignored.
4825 - Fixed an IP address scanning bug that caused "123.foo.com"
4826 to be interpreted as an IP address.
4827 - Converted many structure allocations to use mem pools.
4828 - Changed proxy authentication to strip leading whitespace
4829 from usernames after decoding.
4830 - Prevented NULL pointer access in aclMatchAcl(). Some
4831 ACL types require checklist->request_t, but it won't be
4832 available in some cases (like snmp_access). Warn the
4833 admin that the ACL can't be checked and that we're denying
4834 it.
4835 - Allow zero-size disk caches.
4836 - The actual filesystem blocksize is now used to account
4837 for space overheads when calculating on-disk cache size.
4838 - Made the maximum memory cache object size configurable.
4839 - Added 'minimum_direct_rtt' configuration option.
4840 - Added 'ie_refresh' configuration option, which is a hack
4841 to turn IMS requests into no-cache requests.
58d1265f 4842 - Added support for netfilter in linux-2.4. This allows transparent
4843 proxy connections to function correctly in the absence of a Host:
4844 header. This requires --enable-linux-netfilter to be passed through
4845 to configure. (Evan Jones)
50821507 4846 - Fixed a bug with clientAccessCheck() that allowed proxy
4847 requests in accel mode.
4848 - Fixed a bug with 301/302 replies from redirectors. Now
4849 we force them to be cache misses.
4850 - Accommodated changes to the IP-Filter ioctl() interface
4851 for intercepted connections.
4852 - Fixed handling of client lifetime timeouts.
4853 - Fixed a buffer overflow bug with internal DNS replies
4854 by truncating received packets to 512 bytes, as per
4855 RFC 1035.
4856 - Added "forward.log" support, but its work in progress.
4857 - Rewrote much of the IP and FQDN cache implementation.
4858 This change gets rid of pending hits.
4859 - Changed peerWouldBePinged() to return false if our
4860 ICP/HTCP port is zero (i.e. disabled).
4861 - Changed src/net_db.c to use src/logfile.c routines,
4862 rather than stdio, because of solaris stdio filedescriptor
4863 limits.
4864 - Made netdbReloadState() more robust in case of corrupted
4865 data.
4866 - Rewrote some freshness/staleness functions in src/refresh.c,
4867 partially inspired to support cache-control max-stale.
4868 - Fixed status code logging for SSL/CONNECT requests.
4869 - Added a hack to subtract cache digest network traffic
4870 from statistics so that byte hit ratio stays positive
4871 and more closely reflects what people expect it to be.
4872 - Fixed a bug with storeCheckTooSmall() that caused
4873 internal icons and cache digests to always be released.
4874 - Added statfs(2) support for displaying actual filesystem
4875 usage in the cache manager 'storedir' output.
4876 - Changed status reporting for storage rebuilding. Now it
4877 prints percentage complete instead of number of entries
4878 parsed.
4879 - Use mkstemp() rather than problem-prone tempnam().
4880 - Changed urlParse() to condense multiple dots in hostnames.
4881 - Major rewrite of async-io (src/fs/aufs) to make it behave
4882 a bit more sane with substantially less overhead. Some
4883 tuning work still remains to make it perform optimal.
4884 See the start of store_asyncufs.h for all the knobs.
4885 - Fixed storage FS modules to use individual swap space
4886 high/low values rather than the global ones.
4887 - Fixed storage FS bugs with calling file_map_bit_reset()
4888 before checking the bit value. Calling with an invalid
4889 value caused memory corruption in random places.
4890 - Prevent NULL pointer access in store_repl_lru.c for
4891 entries that exist in the hash but not the LRU list.
4892
cab24814 4893Changes to Squid-2.4.DEVEL4 ():
ad445e36 4894
ddf1c0c4 4895 - Added --enable-auth-modules=... configure option
83b381d5 4896 - Improved ICP dead peer detection to also work when the workload
4897 is low
a8c926ff 4898 - Improved TCP dead peer detection and recovery
4899 - Squid is now a bit more persistent in trying to find a alive
4900 parent when never_direct is used.
4901 - nonhierarchical_direct squid.conf directive to make non-ICP
4902 peer selection behave a bit more like ICP selection with respect
4903 to hierarchy.
4904 - Bugfix where netdb selection could override never_direct
4905 - ICP timeout selection now prefers to use parents only when
4906 calculating the dynamic timeout to compensate for common RTT
4907 differences between parents and siblings.
c1fc651e 4908 - No longer starts to swap out objects which are known to be above
4909 the maximum allowed size.
987de783 4910 - allow-miss cache_peer option disabling the use of "only-if-cached".
4911 Meant to be used in conjunction with icp_hit_stale.
c8b40803 4912 - Delay pools tuned to allow large initial pool values
0343b99c 4913 - cachemgr filesystem space information changed to show useable space
4914 rather than raw space, and platform support somewhat extended.
890b0fa8 4915 - Logs destination IP in the hierarchy log tag when going direct.
4916 (can be disabled by turning log_ip_on_direct off)
ff21eb3e 4917 - Async-IO on linux now makes proper use of mutexes. This fixes some
4918 odd pthread segfaults on SMP Linux machines, at a slight performance
4919 penalty.
722a4b40 4920 - %s can now be used in cache_swap_log and will be substituted with
a80e50c7 4921 the last path component of cache_dir.
4d55827a 4922 - no_cache is now a full ACL check without, allowing most ACL types
4923 to be used.
f1003989 4924 - The CONNECT method now obeys miss_access requirements
145cf928 4925 - proxy_auth_regex and ident_regex ACL types
3cdb7cd0 4926 - Fixed a StoreEntry memory leak during "dirty" rebuild
4927 - Helper processes no longer hold unrelated filedescriptors open
e40aa8da 4928 - Helpers are now restarted when the logs are rotated
afc1e43f 4929 - Negatively cached DNS entries are now purged on "reload".
4930 - PURGE now also purges the DNS cache
722a4b40 4931 - HEAD on FTP objects no longer retrieves the whole object
aca95add 4932 - More cleanups of the dstdomain ACL type
288c06ce 4933 - Squid no longer tries to do Range internally if it is not supported
4934 by the origin server. Doing so could cause bandwidth spikes and/or
4935 negative hit ratio.
13c7936a 4936 - httpd_accel_single_host squid.conf directive
82056f1e 4937 - "round-robin" cache_peer counters are reset every 5 minutes to
4938 compensate previously dead peers
4fe0e1d0 4939 - DNS retransmit parameters
858783c9 4940 - Show all FTP server messages
6b53c392 4941 - squid.conf.default now indicates if a directive isn't enabled in
4942 the installed binary, and what configure option to use for enabling it
418cbe9f 4943 - Fixed a temporary memory leak on persistent POSTs
304d289e 4944 - Fixed a temporary memory leak when the server response headers
4945 includes NULL characters
ba2b31a8 4946 - authenticate_ip_ttl_is_strict squid.conf option
4947 - req_mime_type ACL type
afb87666 4948 - A reworked storage system that supports storage directories in
4949 a more modular fashion. The object replacement and IO is now
4950 responsibility of the storage directory, and not of the storage
4951 manager.
722a4b40 4952 - Fixed a bogus MD5 mismatch warning sometimes seen when using
e7407eb8 4953 aufs or diskd stores
ce3d30fb 4954 - Added --enable-stacktraces configure option to set PRINT_STACK_TRACE,
4955 and extended support for this to Linux/GNU libc.
af57a2e3 4956 - Disabled the "request timeout" error message sent if the user agent
4957 did not provide a request in a timely manner after opening the
4958 connection. Now the connection is silently closed. The error message
4959 was confusing user agents utilizing persistent connections.
cab24814 4960 - Fixed configure --enable descriptions to match the arg names.
4961 - Eliminated compile warnings from auth_modules/MSNT code.
4962 - Require first character of hostnames to be alphanumeric.
4963 - Made ARP ACL work for Solaris.
4964 - Removed storeClientListSearch().
4965 - Added counters to track diskd operation success and
4966 failures.
4967 - Fixed range_offset_limit.
4968 - Added code to retry ServFail replies for internal DNS
4969 lookups.
4970 - Added referer header logging (Jens-S. Voeckler).
4971 - Added "multi-domain-NTLM" authentication module, a Perl
4972 script from Thomas Jarosch.
4973 - Added configurable warning messages for high memory usage,
4974 high response time, and high page faults.
4975 - Made store dir selection algorithm configurable.
4976 - Added support for admin-definable extension methods,
4977 up to 20.
16689110 4978 - Added 'maximum_object_size_in_memory' as a configuration option -
4979 this defines the watermark where objects transit from being true
4980 hot objects to being in-transit objects in memory. It currently
4981 defaults to 8 KB.
5cd41d0d 4982 - Change to the fqdn code which changes how pending DNS requests
4983 are treated as private and only become public once they are
4984 completed. This can add extra load on DNS servers but prevents
4985 all the pending clients blocking if one of the queries got
4986 stuck. (Duane Wessels)
7e543177 4987 - Converted more code to use MemPools, from Andres Kroonmaa.
4988 - Added more CYGWIN patches from Robert Collins.
e7407eb8 4989
4990Changes to Squid-2.4.DEVEL3 ():
4991
4992 - Added Logfile module.
4993 - Added DISKD stats via cachemgr.
4994 - Added squid.conf options for DISKD magic constants.
ad445e36 4995
e7407eb8 4996Changes to Squid-2.4.DEVEL2 (Feb 29, 2000):
ad445e36 4997
4998Changes to Squid-2.4.DEVEL1 ():
4999
42b51993 5000Changes to Squid-2.3.STABLE4 (July 18, 2000):
5001
5002 - Fixed --localstatedir configure option (IKEDA Shigeru).
5003 - Fixed IPFilter headers on OpenBSD (Nic Bellamy, Brad
5004 Smith).
5005 - Added pthread_sigmask() check to configure (Daniel
5006 Ehrlich).
5007 - Added CYGWIN patches from Robert Collins.
5008 - Changed internal DNS lookups to retry queries that are
5009 returned with RCODE 2 (ServFail).
5010 - Added 'virtual port' support (Gregg Kellogg). If
5011 'httpd_accel_uses_host_header' is enabled, then we use
5012 the port number from the Host header. Otherwise, when
5013 'httpd_accel_port' is set to "0" we use the port number
5014 of the local end of the client socket.
5015 - Fixed a typo in carp.c (Nikolaj Yourgandjiev).
5016 - Made Squid accept GET requests that have a "content-length:
5017 0" header.
5018 - Added a sanity check on the NHttpSockets[] array index
5019 (Gregg Kellogg).
5020 - Added a friendlier message when Squid can't find any DNS
5021 nameserver addresses to use (Daniel Kiracofe).
5022 - Added nonstandard WEBDAV methods: BMOVE, BDELETE, BPROPFIND
5023 (Craig Whitmore).
5024 - Added missing '%c' token replacement in error page
5025 generation.
5026 - Fixed a bug with 'minimum_object_size' that prevented
5027 internal icons from being loaded.
5028 - Fixed "extra semicolon" bug in storeExpiredReferenceAge()
5029 that could prevent any objects from being replaced.
5030 - Make sure that storeDirDiskFull() doesn't actually
5031 *increase* the cache size.
5032 - Changed a storeSwapMetaUnpack() assertion to a recoverable
5033 error condition.
5034 - Removed "wccpHereIam" event check that could cause Squid
5035 to stop sending HERE_I_AM messages.
5036
d20b1cd0 5037Changes to Squid-2.3.STABLE3 (May 15, 2000):
5038
5039 - Fixed malloc linking problems on Solaris. The configure
5040 script incorrectly set options for dlmalloc.
5041 - Added a configure check to remove compiler optimization
5042 for GCC 2.95.x.
5043 - Updated MSNT authenticator module.
5044 - Updated Estonian error pages.
5045 - Updated Japanese error pages.
5046 - Fixed expires bug in httpReplyHdrCacheInit. It was
5047 incorrectly setting expires based on max-age. It was using
5048 the current time as a basis, instead of the response date.
5049 - Fixed "USE_DNSSERVER" typos.
5050 - Added a workaround for getpwnam() problems on Solaris.
5051 getpwnam() could fail if there are fewer than 256 FDs
5052 available. This causes root to own some disk files.
5053 - Added an 'offline_toggle' option via the cache manager.
5054 - Added a 'minimum_object_size' option. Files smaller than
5055 this size are not stored.
5056 - Added 'passive_ftp' option to disable passive FTP transfers.
5057 - Added 'wccp_version' option because some Cisco IOS versions
5058 require WCCP version 3.
5059 - The 'client' program in ping mode (-g) now prints transfer
5060 throughput.
5061 - Fixed logging of proxy auth username for redirected
5062 requests.
5063 - Fixed bogus Age values for IMS requests.
5064 - Fixed persistent connection timeout for client-side
5065 connections. It was hard-coded to 15 seconds, now uses
5066 the 'pconn_timeout' value.
5067 - Fixed up httpAcceptDefer. It wasn't being used properly
5068 and caused high CPU usage when Squid gets close to the FD
5069 limit.
5070 - Numerous delay_pools fixes and checks.
5071 - Fixed SNMP coredumps from running snmpwalk.
5072 - Added a check for errno == EPIPE in icmp.c when pinger uses
5073 a Unix socket instead of a UDP socket.
5074 - Fixed ACL checklist memory initialization bugs.
5075 - Cleaned up the MIB file. Replaced contact information and
5076 checked description fields.
5077 - Removed LRU reference_age hard-coded upper limit.
5078 - Fixed async I/O FD leak.
5079 - Made getMyHostname() more robust.
5080 - Fixed domain list matching bug. "x-foo.com" wasn't properly
5081 compared to ".foo.com" and confused splay tree ordering.
5082 - Added a check for whitespace in hostnames and optionally
5083 strip whitespace if 'uri_whitespace' setting allows.
5084 - Added status code and checking to ASN/whois queries.
5085
5086Changes to Squid-2.3.STABLE2 (Mar 2, 2000):
5087
5088 - Changed Copyright text.
5089 - Changed configure so that some IRIX-6.4 hacks apply to
5090 all IRIX-6.* versions.
5091 - Cleaned up HTML bugs in error pages.
5092 - Told configure to check for netinet/if_ether.h, which
5093 is used in ARP ACL code, but might not be required.
5094 - Added "Cookie" to known HTTP headers so it can be
5095 used in anonymizer configuration.
5096 - Added optional TCP_REDIRECT log code for logging
5097 of 301/302 responses returned by Squid.
5098 - Added a check for a currently running Squid process.
5099 If the pid file exists, and the pid is running,
5100 Squid complains and refuses to start another instance.
5101 - Changed async I/O scope to PTHREAD_SCOPE_PROCESS for
5102 IRIX.
5103 - Fixed a bug with the PURGE method. The purge enable
5104 flag was not getting cleared during reconfigure.
5105 Also required PURGE method to be used in http_access
5106 list before enabling.
5107 - Fixed async I/O assertions for file open errors.
5108 - Fixed internal DNS assertion when unpacking truncated
5109 messages.
5110 - Fixed anonymize_headers bug that caused all headers
5111 to be allowed after a reconfigure.
5112 - Fixed an access denied bug for accelerator-only installations.
5113 - Fixed internal DNS initialization so that it uses
5114 'dns_nameservers' settings in squid.conf if set.
5115 - Fixed 'maxconn' ACL bug that caused it to work backwards
5116 (Pedro Ribeiro).
5117 - Fixed syslog bug for daemon mode on Linux.
5118 - Fixed 'http_port' parsing bugs.
5119 - Fixed internal DNS byte ordering bugs for PTR queries.
5120 - Fixed internal DNS queue getting stuck during periods
5121 of low activity (Henrik).
5122 - Fixed byte ordering bugs for parsing EPLF FTP listings
5123 on 64-bit systems.
5124 - Fixed 'request_body_max_size' bug that caused all
5125 POST, PUT requests to be denied if max size is set
5126 to zero.
5127 - Fixed 'redirector_access' bug when using 'myport' ACLs.
5128 - Fixed CARP neighbor selection bugs for down peers.
5129 - Added 'client_persistent_connections' and
5130 'server_persistent_connections' flags to disable persistent
5131 connections for clients and servers.
5132 - Fixed access logging bug that caused many requests to be
5133 logged as TCP_MISS.
5134 - Added some bounds checking to delay pools code.
5135
ad445e36 5136Changes to Squid-2.3.STABLE1 (Jan 9, 2000):
5137
5138 - Updated PAM authentication module from Henrik Nordstrom.
5139 - Updated Bulgarian error messages from Svetlin Simeonov.
5140 - Changed ACL routines so that User-Agent (browser) string
5141 is always taken from compiled HTTP request headers
5142 instead of passed as an argument to aclCreateChecklist.
5143 - Added a 'strip' option to the 'uri_whitesace' configuration
5144 directive and made it the default behavior. Whitespace
5145 found in URI's is now stripped out by default.
5146 - Added chroot feature. The 'chroot_dir' config option enables
5147 it and specifies the directory.
5148 - Changed clientBuildReplyHeader so that the Age header is
5149 added only for cache hits, and only when we can calculate
5150 a valid, positive age value.
5151 - Changed clientWriteComplete and clientGotNotEnough so
5152 that they keep persistent connections open for more types
5153 of replies that don't have bodies.
5154 - Changed filemap.c routines to dynamically grow filemap
5155 space as needed.
5156 - Added a hack to ftp.c to deal with ftp.netscape.com, which
5157 sometimes doesn't acknowledge PASV commands.
5158 - Fixed FTP bug with ftpScheduleReadControlReply; there
5159 was not always a timeout handler on the control socket
5160 after the transfer completed.
5161 - Fixed FTP filedescriptor leak from invalid PASV replies.
5162 - Changed httpBuildRequestHeader so that it doesn't
5163 copy the Host header from the client request. Instead
5164 we should generate our own Host header which is known
5165 to be correct.
5166 - Changed storeTimestampsSet to adjust entry->timestamp
5167 if the response includes an Age header.
5168 - Removed size limit from storeKeyHashBuckets.
5169 - Changed fwdConnectStart from a "heavy" to a "light" event.
5170 - Fixed an 'anonymize_headers' bug that affects unknown
5171 HTTP headers. With the bug, if you list a header that
5172 Squid doesn't know about (such as "Charset"), it would
5173 add HDR_OTHER to the allow/deny mask. This caused all
5174 unknown headers to be allowed or denied (depending on
5175 the scheme you use). Now, with the bug fixed, an unknown
5176 header in the 'anonymize_headers' list is simply ignored.
5177
7e3ce7b9 5178Changes to Squid-2.3.DEVEL3 ():
5179
ad445e36 5180 - Added MSNT auth module from Antonino Iannella.
7e3ce7b9 5181 - Added --enable-underscores configure option. This allows
5182 Squid to accept hostnames with underscores in them. Your
5183 DNS resolver may still complain about them, however.
5184 - Added --heap-replacement configure option. This enables
5185 the alternative cache replacement policies, such as
5186 GDSF, and LFUDA.
3ff01c3e 5187 - WCCP establishes and registers with the router faster.
7e3ce7b9 5188 - Added 'maxconn' acl type to limit the number of established
5189 connections from a single client IP address. Submitted
5190 by Vadim Kolontsov.
5191 - Close FTP data socket as soon as transfer completes
5192 (Alexander V. Lukyanov).
5193 - Fixed ftpReadPass() to not clobber ctrl.message when
5194 the PASS command fails.
5195 - Added a redirect.c patch so squidGuard is able to do
5196 per-user access control (Antony T Curtis).
5197 - discard the pumpMethod() function, and instead use the
5198 fact that the request has a request entity (content-length
5199 present) (Henrik).
5200 - Reload the MIME icons at reconfigure time (Radu Greab).
5201 - Updated Richard Huveneers' SMB authentication module to
5202 his version 0.05 package.
5203 - Fixed lib/heap.c::heap_delete() bug when deleting the
5204 last node.
5205 - Fixed an integer conversion bug in
5206 lib/rfc1035.c::rfc1035AnswersUnpack().
5207 - Fixed lib/rfc1738 routines to encode reserved characters,
5208 in addition to encoding the unsafe characters (Henrik).
5209 - Changed the interface for splay compare and "walk"
5210 functions to take a void pointer, instead of a splayNode
5211 pointer (Henrik).
5212 - Changed numerous HTTP parsing routines to use ssize_t
5213 instead of size_t. This was done because size_t may be
5214 signed or unsigned. When it is unsigned, gcc emits
5215 numerous "comparison is always true" warnings. At least
5216 we know ssize_t is always signed.
5217 - Fixed src/HttpHeaderTools::httpHeaderHasConnDir() and
5218 friends so that it properly handles multi-value lists.
5219 - Added an "end" (ssize_t) parameter to
5220 src/HttpReply::httpReplyParse() so that we know exactly
5221 where to terminate the header buffer.
5222 - Changed src/access_log.c::log_quote() so that it only
5223 encodes whitespace characters, and not all URL-special
5224 characters (Henrik).
5225 - Added local port ACL type ("myport") (Henrik).
5226 - Added maximum number of connections per client ("maxconn")
5227 as an ACL type.
5228 - Fixed proxy authentication username/password parsing to
5229 be more robust (Henrik).
5230 - Fixed ACL domain/host and domain/domain comparison
5231 functions yet again. Eliminated duplicate code so that
5232 only src/url.c::matchDomainName() contains this mysterious
5233 code.
5234 - Changed the 'http_port' option to accept an IP address
5235 or hostname as well (Henrik).
5236 - Removed 'tcp_incoming_addr' option.
5237 - Added an access control list for the redirector
5238 ('redirector_access'). Requests which match are sent to
5239 the redirector. All requests. are redirected by default.
5240 - Added the 'authenticate_ip_ttl' option. It specifies
5241 how long a valid proxy authentication credential is
5242 bound to a specific address.
5243 - Added 280, 488, 591, and 777 to "Safe_ports" ACL.
5244 - Removed the unused and highly questionable 'forward_snmpd_port'
5245 option.
5246 - Added an option to accept DNS messages from unknown nameservers.
5247 This may be necessary if replies come from a different address
5248 than queries are sent to.
5249 - Added #includes for IP Filter files in netinet directory.
5250 - Fixed a bug with retrying forwarded IMS requests (Henrik).
5251 - Fixed a bug in src/client_side.c::clientInterpretRequestHeaders()
5252 where we were checking a cache-control bit before getting the
5253 mask from the HTTP headers (pallo@initio.no).
5254 - Fixed a bug with "no_cache" access list. If not defined,
5255 everything was uncachable by default.
5256 - Fixed a bug with timed-out client-side HTTP connections.
5257 We didn't cancel the read handler, which could lead to
5258 "rwstate != NULL" warnings.
5259 - Changed comm_open() to only call fdAdjustReserved() for
5260 specific errors (ENFILE, EMFILE);
5261 - Fixed NULL pointer bug in idnsParseResolvConf().
5262 - Split CACHE_DIGEST_HIT into CD_PARENT_HIT and CD_SIBLING_HIT.
5263 - Added DELETE request method.
5264 - Added RFC 2518 HTTP status codes.
5265 - Fixed handling of URL passwords when we need to rewrite a
5266 BASE HREF URL (Henrik).
5267 - Fixed a bug with FTP requests where a request gets aborted,
5268 but we try to complete it anyway. It would result in a
5269 "store_status != STORE_PENDING" assertion. The solution
5270 is to check for ENTRY_ABORTED before reading from
5271 the control channel too.
5272 - Changed FTP to retry a request if Squid fails to establish
5273 a PASV data connection (Henrik).
5274 - Fixed numerous HTCP memory leaks and an uninitialized memory
5275 bug.
5276 - Changed httpMaybeRemovePublic() with RFC 2518 and 2616 in
5277 mind (Henrik).
5278 - Minor fixes for Rhapsody systems.
5279 - Define _XOPEN_SOURCE_EXTENDED in squid.h so that AIX systems
5280 don't include varargs.h.
5281 - Changed src/store_client.c::storeClientType() so that
5282 an entry can have more than one STORE_MEM_CLIENT.
5283 - Changed src/store_client.c::storeClientReadHeader()
5284 to check swapfile metadata (Henrik).
5285 - Changed src/url.c::urlCheckRequest() to return FALSE for
5286 any "https://" URL. These should always be CONNECT
5287 instead. If Squid gets an "https://" URL, it is a browser
5288 bug.
5289 - Added numerous squid.conf options for controlling cache
5290 digests. Previously these were hard-coded in
5291 src/store_digest.c. (Martin Hamilton)
5292 - Added 'cache_peer' option called 'digest-url' that
5293 lets you specify the URL for a peer's digest.
5294 (Martin Hamilton)
5295 - Added DELAY_POOLS hacks to scan "slow" connections in
5296 a random order (David Luyer).
5297 - ARP_ACL fixes from Damien Miller. Linux 2.2.x uses a
5298 per-interface arp/neighbour cache, whereas 2.0.x uses a
5299 unified cache. Under 2.2.x you are required to specify
5300 a interface name when looking up ARP table entries with
5301 SIOCGARP.
5302 - If the process umask is not set (i.e. 0), then Squid
5303 changes it to 007.
5304
9bc73deb 5305Changes to Squid-2.3.DEVEL2 ():
5306
5307 - Added --enable-truncate configure option.
5308 - Updated Czech error messages ()
5309 - Updated French error messages ()
5310 - Updated Spanish error messages ()
5311 - Added xrename() function for better debugging.
5312 - Disallow empty ("") password in aclDecodeProxyAuth()
5313 (BoB Miorelli).
5314 - Fixed ACL SPLAY subdomain detection (again).
5315 - Increased default 'request_body_max_size' from 100KB
5316 to 1MB in cf.data.pre.
5317 - Added 'content_length' member to request_t structure
5318 so we don't have to use httpHdrGetInt() so often.
5319 - Fixed repeatedly calling memDataInit() for every reconfigure.
5320 - Cleaned up the case when fwdDispatch() cannot forward a
5321 request. Error messages used to report "[no URL]".
5322 - Added a check to return specific error messages for a
5323 "store_digest" request when the digest entry doesn't exist
5324 and we reach internalStart().
5325 - Changed the interface of storeSwapInStart() to avoid a bug
5326 where we closed "sc->swapin_sio" but couldn't set the
5327 pointer to NULL.
5328 - Changed storeDirClean() so that the rate it gets called
5329 depends on the number of objects deleted.
5330 - Some WCCP fixes.
5331 - Added 'hostname_aliases' option to detect internal requests
5332 (cache digests) when a cache has more than one hostname
5333 in use.
5334 - Async I/O NUMTHREADS now configurable with --enable-async-io=N
5335 (Henrik Nordstrom).
5336 - Added queue length to async I/O cachemgr stats (Henrik Nordstrom).
5337 - Added OPTIONS request method.
9bc73deb 5338
eb824054 5339Changes to Squid-2.3.DEVEL1 ():
5340
5341 - Added WCCP support. This adds the 'wccp_router' squid.conf
5342 option.
5343 - Added internal DNS queries; Most installations can run
5344 without the external dnsserver processes.
5345 - Rewrote much of the code that stores cache objects on
5346 disk. Developed a programming interface that should
5347 allow new storage systems to be added easily. This still
5348 is pretty ugly and needs a lot of work, however.
5349 - Replaced async_io.c "tags" with callback data locks.
5350 This probably breaks async IO in a bad way.
5351 - Tried to write an Async IO disk storage module.
5352 - Added code to replace the StoreEntry linked list with a
5353 heap structure. This allows for different replacement
5354 algorithms, instead of being stuck with LRU. This adds
5355 the 'replacement_policy' squid.conf option. (John Dilley
5356 et al).
5357 - Fixed HTCP queries by actually checking for freshness
5358 based on the HTCP header fields.
5359 - Fixed passing of redirector command line arguments.
5360 - Added 'request_header_max_size' squid.conf option.
5361 - Added 'request_body_max_size' squid.conf option.
5362 - Added 'reply_body_max_size' squid.conf option.
5363 - Added 'peer_connect_timeout' squid.conf option.
5364 - Added 'redirector_bypass' squid.conf option.
5365 - Added RFC 2518 (WEBDAV) request methods.
d20b1cd0 5366
6b8e7481 5367Changes to Squid-2.2 (April 19, 1999):
b93549f6 5368
98b093e7 5369 - Removed all SNMP specific ACL code
5370 SNMP now uses generic squid ACL's
5371 - Removed view-based access crontrol
00b7a8b6 5372 - Cleaned up and simplified SNMP section of squid.conf
98b093e7 5373 - Changed the SNMP code to use a tree stucture.
3ff01c3e 5374 - Added objects to MIB:
00b7a8b6 5375 Request Hit Ratio's
5376 Byte Hit Ratio's
5377 Number of Clients
61d53e64 5378 - Changed SNMP Agent to return object instances correctly.
b93549f6 5379 - Added our own assert() macro so we can use debug() instead of
5380 printing to stderr.
5381 - Added eventFreeMemory().
5382 - Fixed ipcCreate() bug when debug_log has FD <= 2.
5383 - Changed watchChild() and related code in main.c so that
5384 Squid can behave more like a proper daemon process.
5385 - Added 'prefer_direct' option (enabled by default) so that
5386 people can give parents higher preference than direct.
6703526b 5387 - Fixed ipc.c close() bug for async IO. On FreeBSD,
5388 comm_close() doesn't work for child processes when async IO is
5389 used.
5390 - Fixed setting the public key for large ``icons'' (Henrik
5391 Nordstrom).
68f87dc5 5392 - Rewrote peer digest module to fix memory leaks on reconfigure
5393 and clean the code. Increased "current" digest version to 5
6474667e 5394 ("required" version is still 3). Revised "Peer Select" cache
5395 manager stats.
68f87dc5 5396 - Added "-k parse" command line option: parses the config file
5397 but does not send a signal unlike other -k options.
1743c283 5398 - Revamped storeAbort() calling. Only store_client.c has all
5399 the right information to determine if the request should
5400 be aborted. Now client and server modules just storeUnregister
d81e3f33 5401 without ever needing to call storeAbort.
96aeb95d 5402 - Small change of Squid output for FTP (Andrew Filonov,
5403 Henrik Nordstrom).
5404 - clientGetsOldEntry() sends old entry if new request status
5405 is in the 500-range (Henrik Nordstrom).
5406 - Changed configure so it works with IRIX6.4 C compiler (broken?)
5407 option -OPT:fast_io=ON.
5408 - Fixed comm_connect_addr() non-blocking connections for
5409 SONY NEWSOS (Makoto MATSUSHITA).
5410 - Changed "#ifdef __STDC__" to "#if STDC_HEADERS" as recommended
5411 by autoconf documentation.
5412 - Fixed client-side cache-control max-age (Henrik Nordstrom).
5413 - Added a new error page: ERR_SHUTTING_DOWN. fwdStart() returns
5414 this error if it is called while squid is in the process of
5415 shutting down.
5416 - Added support for linuxthreads package under FreeBSD (Tony Finch).
5417 - Fixed HP-UX StatHist.c assertions by making the "hbase_f"
5418 functions non-static (Michael Pelletier).
5419 - Fixed logging of authenticated usernames even if the
5420 authorization is not cached (Dancer).
5421 - Fixed pconnPush() bug that prevented holding on to
5422 persistent connections (Manfred Bathelt).
2328711e 5423 - Pid file now rewritten on SIGHUP.
b4019ff7 5424 - Numerous Ident changes:
5425 - Ident lookups will now be done on demand if you use the
5426 'ident' ACL type.
5427 - The 'ident_lookup on|off' option has been replaced with
5428 an access list, so you can do lookups only for some
5429 client addresses.
5430 - Added an 'ident_timeout' option to specifiy the amount
5431 of time to wait for an ident lookup.
5432 - Added a (local) hit rate to mempool metering.
5433 - FTP Restarts (REST command) is now supported.
5434 - Check for libintl.a on SCO3.2.
5435 - Disable poll() on SCO3.2.
5436 - Numerous Async IO enhancements from Henrik.
5437 - Removed cache_mem_low and cache_mem_high options (Henrik
5438 Nordstrom).
5439 - Replaced 'persistent_client_posts' with 'broken_posts' access
5440 list.
97474590 5441 - Rewrote the anonymizer.
5442 - Removed the http_anonymizer option.
548b801c 5443 - Added the anonymize_headers option to allow individual
5444 referencing of headers for addition or removal. See
5445 'anonymize_headers' in squid.conf for additional
5446 configuration.
b3abf16c 5447 - Fixed config file parser's handing of optional directives.
5448 Some people might get new warnings about unknown config
5449 directives.
548b801c 5450 - Added 'myip' ACL type. This is the local IP address for
5451 connected sockets (Luyer).
5452 - Fixed parsing of FTP DOS directory listings with spaces
5453 (Nordstrom).
dd0b0295 5454 - Numerous DELAY_POOL changes/fixes from David Luyer:
5455 - Makes no-delay neighbors for DELAY_POOLS work by
5456 using a fd_set with the connections to no-delay
5457 peers marked in it.
5458 - Makes IP addresses ending in 0 and 255, and
5459 network number 255, work with individual and
5460 network delay pools (they were previously not
5461 permitted, and documented as such).
5462 - Massive overhaul of delay pools code - dynamically
5463 allocated delay pools, as many as required.
5464 - delayPoolsUpdate stops running if DELAY_POOLS is
5465 configured but no delay pools are configured.
5466 - Initial delay pool levels are now configurable
5467 as a percentage of the maximum for the pool in
5468 question (used to be all set to 1 second worth
5469 of traffic). Pools are restored to this level
5470 on reconfiguratoin.
242188c9 5471 - Changed storeClientCopy to give a swap-in failure if
5472 the number of open disk FD's is above the 'max_open_disk_fds'
5473 limit. Otherwise, a very loaded cache will end up with
5474 all disk files open for reading, and none for writing.
b6a2f15e 5475 - Added lib/inet_ntoa.c from BSD Unix for systems that have
5476 broken inet_ntoa(). (Erik Hofman).
5477 - Added more specific FTP error messages for "permission
5478 denied, "file not found," and "service unavailable."
5479 (Tony Finch)
5480 - Added xisspace(), xisdigit(), etc, macros to cast function
5481 args and eliminate compiler warnings.
5482 - Fixed case-sensitive comparisons of domain names (Henrik
5483 Nordstrom).
5484 - Added proxy-authentication to cachemgr.cgi's requests
5485 (Henrik Nordstrom).
5486 - Changed Squid to *truncate* rather than *unlink* purged
5487 swap files. Can be reversed by undefining
5488 USE_TRUNCATE_NOT_UNLINK in src/defines.h.
5489 - Changed internal icon headers to use Cache-control
5490 Max-age instead of Expires.
5491 - Changed storeMaintainSwapSpace behavior to be adjusted
5492 smoothly, instead of discretely, between store_swap_low
5493 and store_swap_high. This includes the number of
5494 objects to scan, number to remove, and time until the
5495 next storeMaintainSwapSpace event.
5496 - Fixed a quick_abort bug that incorrectly calculated
5497 content lengths.
5498 - Added getpwnam() auth module from Erik Hofman.
5499 - Added 'coredump_dir' option.
5500 - Fixed a peerDestroy() assertion that required peer->digest
5501 to be NULL at the end of peerDestroy().
5502 - configure script now automatically enables dlmalloc for
5503 Solaris/x86.
5504 - configure enables poll() on linux 2.2 and later (Henrik).
5505 - Icon files are now distributed in binary format, install
5506 will not need to run 'sh' and 'uudecode'.
5507 - Fixed some bugs with large responses (>READ_AHEAD_GAP) and
5508 re-forwarding requests and ENTRY_FWD_HDR_WAIT.
5509 fwdCheckDeferRead() will NOT defer reading if the
5510 ENTRY_FWD_HDR_WAIT bit is set.
5511 - Fixed a "F->flags.open" assertion for aborted FTP PUT's.
5512 - Fixed a (double) cast problem that caused statAvgTick()
5513 events to be added as fast as possible.
6b8e7481 5514 - Changed httpPacked304Reply() to not include the Content-Length
5515 header for 304 replies that Squid generates. We used to
5516 include the length of the cached object, and this broke
5517 persistent connections.
5518
5519 2.2.STABLE2:
5520
5521 - Fixed configure bug for statvfs() checks. Configure reports
5522 "test: =: unary operator expected" or similar because an
5523 unquoted variable is not defined.
5524 - Fixed aclDestroyAcls() assertion because some ACL types
5525 are not listed in the switch statement. Occurs for
5526 srcdom_regex and dstdom_regex ACL types during reconfigure.
5527 - Typo "applicatoin" in src/mime.conf
5528 - The unlinkd daemon never saw the USE_TRUNCATE_NOT_UNLINK
5529 #define because it didn't include squid.h.
5530 - Fixed commRetryFD() when bind() fails. commRetryFD was
5531 closing the filedescriptor, but it is the upper layer's
5532 job to close it.
5533 - Changed configure's "maximum number of filedescriptors"
5534 detection to only use getrlimit() for Linux. On AIX,
5535 getrlimit returns RLIM_INFINITY.
5536 - Fixed snmpInit() nesting bug.
5537 - Fixed a bug with peerGetSomeParent(). It was adding
5538 a parent to the FwdServers list, regardless of the
5539 ps->direct value. This could cause every request to
5540 go to a parent even when always_direct is used.
5541 - Changed fwdServerClosed() to rotate the "forward servers"
5542 list when a connection establishment fails. Otherwise
5543 it always kept trying to connect to the first server
5544 int the list.
b93549f6 5545
2be4e260 5546 2.2.STABLE3:
5547
5548 - Fixed preprocessor problems for HP-UX in lib/safe_inet_addr.c.
5549 - Avoid coredump in aclMatchAcl() if someone tries to use
5550 proxy authentication with a non-HTTP request (e.g. icp_access).
5551 - Moved 'ident_lookup_access' in squid.conf so it appears
5552 after the ACL section.
5553 - Fixed typo in squid.conf on "Config.Addrs.snmp_outgoing"
5554 - Fixed a case in clientCacheHit() where we thought it
5555 was a hit, but the reply status was not 200, so we
5556 had to perform a cache miss. We forgot to change the
5557 log_type and these were being recorded as TCP_HIT's.
5558 - Fixed a void pointer subtraction bug in delayIdPtrHashCmp().
5559 - Fixed delay_pools coredump and memory leak bugs from
5560 NULL delay_id values.
5561 - Fixed a SEGV bug with delay_pools when requesting
5562 'objects' or 'vm_objects' from the cachemgr.
5563 - Added a workaround for buggy FTP servers that return
5564 a size of zero for non-zero-sized objects.
5565 - Removed umask(0) call from main().
5566 - Fixed a peer selection bug that caused us to never select
5567 a neighbor based on ICP replies if the ICP timeout occurs.
5568 In conjunction with this, removed the PING_TIMEOUT state.
5569 - Fixed a store_rebuild bug that caused us to get stuck trying
5570 if a cache_dir subdirectory didn't exist.
5571 - Fixed a buffer overrun bug in gb_to_str().
5572
9bc73deb 5573 2.2.STABLE4:
5574
5575 - Fixed a dread_ctrl leak caused in store_client.c
5576 - Fixed a memory leak in eventRun().
5577 - Fixed a memory leak of ErrorState structures due to
5578 a bug in forward.c.
5579 - Fixed detection of subdomain collisions for SPLAY trees.
5580 - Fixed logging of hierarchy codes for SSL requests (Henrik
5581 Nordstrom).
5582 - Added some descriptions to mib.txt.
5583 - Fixed a bug with non-hierarchical requests (e.g. POST)
5584 and cache digests. We used to look up non-hierarchical
5585 requests in peer digests. A false hit may cause Squid
5586 to forward a request to a sibling. In combination with
5587 'Cache-control: only-if-cached, this generates 504 Gateway
5588 Timeout responses and the request may not be re-forwardable.
5589 - Fixed a filedescriptor leak for some aborted requests.
5590
5591
4d62b0af 5592Changes to Squid-2.1 (November 16, 1998):
8f897f34 5593
5594 - Changed delayPoolsUpdate() to be called as an event.
5595 - Replaced comm_select FD scanning loops with global fd_set
5596 structures. Inspired by Jeff Mogul's patch for squid 1.1.
9e1559ea 5597 - Moved functions common to dns.c, redirect.c, authenticate.c,
5598 ipcache.c, and fqdncache.c into helper.c.
0753aa46 5599 - Changed storeClientCopy2() so that it keeps sending the remainder
5600 of a STORE_ABORTED request, instead of cutting off the client as
5601 soon as the object becomes aborted.
f0538986 5602 - Fixed combined ipf-transparent proxy and a local http-accelerator
5603 operation (Quinton Dolan).
5604 - Rewrote base64_decode.c because of potential buffer overrun
5605 bugs.
912432d8 5606 - Configurable handling of whitespace in request URI's.
5607 See 'uri_whitespace' in squid.conf.
e33ec474 5608 - Added ability to generate HTTP redirect messages from
5609 the redirector output by prepending "301:" or "302:" to the
5610 new url. See FAQ 4.16 for more details.
829a9357 5611 - Eliminated refreshWhen() which was out-of-sync with refreshCheck()
5612 potentially causing under-utilized cache digests
5613 - Maintain refreshCheck statistics on per-protocol basis so we
5614 can tell why ICP or Digests return too many misses, etc.
c68e9c6b 5615 - Fixed delay_pools.c class2/class3 typo (Simon Woods).
5616 - Changed squid.conf's default access controls to deny all
5617 HTTP requests. Admins must write ACL rules to specifically
5618 allow their local clients.
5619 - Patched French error messages (Mathias HERBERTS).
5620 - NextStep porting fixes by Mike Laster:
5621 - use xstrdup() in cf_gen.c
5622 - check for putenv() in configure
5623 - #define S_ISDIR macro
5624 - Added --disable-poll configure option (Henrik Nordstrom).
5625 - Fixed internal URL hostname case bugs (Henrik Nordstrom).
5626 - Patched ftp.c so we never cache autenticated FTP requests
5627 (Henrik Nordstrom).
5628 - Fixed FTP authentication. We tried to unescape authentication
5629 given by basic authentication which is not URL escaped
5630 (Henrik Nordstrom).
5631 - Fixed HTTP version for common logfile format (Henrik Nordstrom).
5632 - Added 'redirect_rewrites_host_header' option to disable rewriting
5633 of Host header for redirector responses (Henrik Nordstrom).
5634 - Allow semi-customized error message signatures (Henrik Nordstrom).
5635 - Fixed bug with errors for unsupported requests (Henrik Nordstrom).
5636 - Fixed handling of blank lines in ACL input files (Henrik
5637 Nordstrom).
5638 - Changed proxy_auth ACL type to consist of a list of valid
5639 users. REQUIRED == any (same as ident ACL). ACL type user
5640 changed to ident since this is what it really is.
5641 (Henrik Nordstrom).
5642 - Fixed long URL bugs; make sure 'log_uri' never exceeds
5643 MAX_URL bytes.
5644 - Allow comments in external ACL files (Gerhard Wiesinger).
5645 - Added 'range_offset_limit' configuration option. Requests
5646 with ranges that start after this value will be passed
5647 on unmodified, and Squid will not cache the response
5648 (Henrik Nordstrom).
5649 - Added Client HTTP Hit byte counters to 'counters' output
5650 (Douglas Swarin).
5651 - Got Squid to compile with --enable-async-io on FreeBSD.
5652 - Fixed infinite loop bug for cachemgr 'config' option.
5653 - Fixed cachability bugs for replies with Pragma: no-cache.
5654 - Made content-type multipart/x-mixed-replace uncachable.
5655 - Y2K fix for parsing dates in "Wed Jun 9 01:29:59 1993 GMT"
5656 format (Richard Kettlewell).
5657 - Fixed passing -s option to dnsserver processes (Alvaro Jose
5658 Fernandez Lago).
5659 - Changed proxy_auth to work on internal objects and when in
5660 accelerator mode. (Henrik Nordstrom)
5661 - Added login=user:password option to cache_peer directive to
5662 be used from a dial-up cache where the parent requires proxy
5663 authentication. (Henrik Nordstrom)
5664 - If you want to "auto-login", then use a URL on the form
5665 http://username:password@server/.... Squid now picks this up
5666 when going direct, and turns it into basic WWW
5667 authentication. It is also possible to do automatic login to
5668 certain servers by using a redirector to add the needed
5669 authentication information. (Henrik Nordstrom)
04f0ba5c 5670 - Changed refreshCheck() so that objects with negative age
5671 are always stale.
4d62b0af 5672 - Fixed "plain" FTP listings (Henrik Nordstrom).
5673 - Fixed showing banner/logon message for top-level FTP
5674 directories (Henrik Nordstrom).
5675 * Changes below have been made to SQUID_2_1_PATCH1
5676 - Fixed pinger packet size assertion.
5677 - Fixed WAIS forwarding.
5678 - Fixed dnsserver coredump bug caused by using both -D and
5679 -s options.
e42d5181 5680 * Changes below have been made to SQUID_2_1_PATCH2
5681 - Fixed EBIT macro bugs when the bitmask is a 64-bit long.
5682 - Fixed proxy auth NULL password bug.
5683 - Fixed queueing of multiple peerRefreshDNS events.
5684 - Added a stack of StoreEntry objects to be released after
5685 store rebuild completes.
5686 - Fixed NULL pointer bugs with too-large requests (found by
5687 Martin Lathoud).
5688 - Fixed reading replies from buggy ident servers. Replies
5689 might not have terminating CR or LF (Henrik Nordstrom).
b4019ff7 5690 - Changed internal StoreEntry key so that the request method
5691 is encoded as a single octet. Encoding an enumerated type
5692 has size and byte-order incompatibilities, especially for
5693 cache digests.
5694 - Fixed storeEntryLocked so that SPECIAL, but PRIVATE entries
5695 are not always locked. This fixes having multiple
5696 store_digest's stuck in memory.
5697 - Fixed clientProcessOnlyIfCachedMiss so it unlocks and
5698 unregisters from "cache hit" entries.
5699 * Changes below have been made to SQUID_2_1_PATCH3
5700 - Fixed memory leak in clientHandleIMSReply for
5701 storeClientCopy failures.
8f897f34 5702
41587298 5703Changes to Squid-2.0 (October 2, 1998):
71d6dc56 5704
4c154d99 5705 - Added NAT/Transparent hijacking code from Quinton Dolan.
5706 - Added actual filesystem usage to cachemgr 'storedir' page.
41587298 5707 Only works for operating systems which support statvfs().
a79d724b 5708 - Fixed HTCP compile-time bugs.
5709 - Fixed quick_abort bugs. Configured values are stored as
5710 Kbytes, not bytes.
41587298 5711 - Removed fwdAbortFetch(). It breaks quick_abort and seems
5712 mostly useless.
0da7d807 5713 - Changed storeDirSelectSwapDir() to skip swap directories
5714 when their utilization is over the high water mark ratio.
9ca005ac 5715 - Fixed off-by-one bug for dead neighbor detection (Joe Ramey).
18cc143b 5716 - fixed bugs in Content-Range header generation
5717 - changed the way Range requests are handled:
71d6dc56 5718 - do not "advertise" our ability to process ranges at
5719 all
5720 - on hits, handle simple ranges and forward complex
5721 ones
5722 - on misses, fetch the whole document for simple ranges
5723 and forward range request for complex ranges
5724 The change is supposed to decrease the number of cases when
5725 clients such as Adobe acrobat reader get confused when we
5726 send a "200" response instead of "206" (because we cannot
5727 handle complex ranges, even for hits) Note: Support for
5728 complex ranges requires storage of partial objects.
41587298 5729 - Removed SNMP mib-2.system group from squid.
6474667e 5730 - Removed SNMP ability to iterate through ipcache and friends.
5731 - Added SNMP ipcache/fqdncache basic statistics.
5732 - Converted SQUID-MIB to SMIv2 (RFC 1902).
5733 - Moved SQUID-MIB to enterprises section of the tree in preparation
5734 of the split into PROXY-MIB & SQUID-MIB.
5735 - Corrected minor errors in SQUID-MIB.
5736 - Moved uptime into cacheSystem from cacheConfig.
5737 - Corrected a number of get-next-request bugs, snmpwalk should now
5738 return all objects and not skip some.
41587298 5739 - Fixed netdbClosestParent() so it won't return sibling
5740 peers.
5741 - Fixed a bug with secondary clients on entries with
5742 ENTRY_BAD_LENGTH set. We should release the
5743 bad entry to prevent secondary clients jumping on.
5744 - Changed MIB to prevent parse warnings at startup.
f0538986 5745 * Changes below have been made to SQUID_2_0_PATCH1
9689d97c 5746 - Fixed a forwarding loop bug. Even though we were detecting
5747 a loop, it was not being broken.
5748 - Try to prevent sibling forwarding loops by NOT forwarding a
5749 request to a sibling if we have a stale copy of the object.
5750 Validation requests should only be sent to parents (or
5751 direct).
5752 - Fixed ncsa_auth hash bugs when re-reading password file.
5753 - Changed clientHierarchical() so that by default SSL/CONNECT
5754 requests do NOT go to neighbor caches.
d87ebd78 5755 - Changed clientHandleIMSReply() to not call storeAbort()
5756 because there can be more than one client hanging on the
5757 StoreEntry. This hopefully fixes "store_status !=
5758 STORE_ABORTED" assertions.
f0538986 5759 - Added temporary fix to httpMakePublic() to prevent assertions
5760 (!EBIT_TEST(e->flags, RELEASE_REQUEST)) in storeSetPublicKey().
5761 * Changes below have been made to SQUID_2_0_PATCH2
5762 - PATCH1 introduced a seriously stupid bug which prevented ICP
5763 queries for all requests. Fixed by checking
5764 request->hierarchical in peerSelectFoo().
18cc143b 5765
4c154d99 5766Changes to squid-1.2.beta25 (September 21, 1998):
5767
4b66bfd3 5768 - Fixed async IO bugs from adding filedescriptor arg to AIOCB
5769 callbacks (Henrik Nordstrom).
5770 - Fixed store_swapout.c assertion. We were freeing object data
5771 past the swapout_done offset. This probably happens (only?)
5772 when an object changes from cachable to uncachable while
5773 it is being swapped out.
a260d877 5774 - Added MEM_CLIENT_SOCK_BUF type so we can change the size
5775 of the buffers used for writing data to the client sockets.
669d90e7 5776 - Added configure check for libbind.a. If found, it will be
5777 used instead of libresolv.a.
5778 - Changed fwdStart() to always allow internally generated
dddd5b55 5779 requests, such as for peer digests. These requests are
5780 known to fwdStart() because the address arg is set to
5781 'no_addr'.
669d90e7 5782 - Completed initial HTCP implementation. It works, but is not
5783 tested much.
2d5c8e74 5784 - Added counters for I/O syscalls.
5785 - Fixed httpMaybeRemovePublic. With broken ICP neighbors
5786 (netapp) Squid doesn't use private keys. This caused us
5787 to remove almost every object from the cache.
5788 - Added 'asndb' cachemgr stats to show AS Number tree.
dddd5b55 5789 - Fixed AS Number byte-order bug for netmasks.
2d5c8e74 5790 - Fixed comm_incoming calling rate for high loads (Stewart
5791 Forster).
426012d2 5792 - Give always_direct higher precedence than never_direct
5793 (Henrik Nordstrom).
dddd5b55 5794 - Changed PORT ACL type to accept ranges. Now you can easily
5795 deny, for example, all priveleged ports except 80, 70, 21,
5796 etc.
5797 - ARP ACL fixes for Linux (David Luyer).
5798 - Replaced various "EBIT" flags bitfileds with structures of
5799 "int:1" members.
5800 - Changed storeKeyPrivate and storeKeyPublic to be a bit more
5801 efficient by removing snprintf(). This causes an
5802 incompatibility with old cache keys, however. To transition,
5803 we will look up both the new and old style keys for about the
5804 next 30 days. After that, if you haven't run this (or a
5805 future) version, your cache contents will be lost.
5806 - Made the client-side write buffer size configurable with
5807 a #define in defines.h. By default it is still 4096 bytes.
5808 - Removed redirectUnregister(). It should be unnecessary
5809 because of cbdata locks.
5810 - Fixed multiple HEAD request brokennesses (Henrik Nordstrom).
5811 - Changed non-blocking connect(2) code to call getsockopt()
5812 instead of connect() again. This is the approach recommended
5813 by Stevens, and fixes bugs on BSD-ish systems when subsequent
5814 connect() calls loop with EAGAIN status.
5815 - Added MD5 cache keys to memory pool accounting.
5816 - Added code to track number of open DISK descriptors and stop
5817 swapping out objects if the number of disk descriptors becomes
5818 too large. For now the limit must be manually configured with
5819 the 'max_open_disk_fds'. By default, there is no limit.
5820 - Stopped encoding a request method in the high byte of the ICP
5821 reqnum field. Instead queried cache keys are copied to a
5822 static array, indexed by the reqnum, modulo the array size.
5823 Now we just use the request number to lookup a cache key,
5824 instead of rebuilding it from the ICP reply URL and method,
5825 unless we have netapp neighbors--they don't do reqnum
5826 properly.
5827 - Fixed reconfigure memory access bugs in redirect.c.
0753aa46 5828 - Ignore unreasonably large ICP RTT values which cause overflow
5829 bugs in calculating the average RTT (thanks Niall!)
4b66bfd3 5830
8e6a43e8 5831Changes to squid-1.2.beta24 (August 21, 1998):
5832
6c4067e5 5833 - Added Bulgarian error pages by Evgeny Gechev.
ceb79b2b 5834 - Changed StoreEntry->lock_count to a u_short.
c7d6216e 5835 - Replaced urlcmp with strcmp
5836 - Fixed pragma no-cache ejecting ENTRY_SPECIAL objects
5837 (Henrik Nordstrom).
5838 - Eliminated unneeded BASE HREF on "root" directories (Henrik
5839 Nordstrom).
5840 - Fixed peerDigestFetchFinish() assertion caused by forwarding
5841 failures (e.g. miss_access rules).
ada249f8 5842 - Changed signal handlers with ASYNC_IO and Linux so that
5843 -k command line options work (Miquel van Smoorenburg).
4616f9ea 5844 - Rewrote shutdown code to use events instead of setting
5845 FD timeouts.
903e21a0 5846 - Fixed cachemgr 'objects' (statObjects()) by adding a check
b6a76fb2 5847 for READ_AHEAD_GAP, and calling storeCheckSwapout() in
5848 storeBufferFlush(). Otherwise, the read-past pages would
5849 never be freed.
681979a2 5850 - Fixed DNSSERVER shutdown bugs. The re-opened dnsserver processes
5851 were being closed by the dnsServerShutdown event.
b6a76fb2 5852 - Modified storeHashInsert() to insert PRIVATE objects at
5853 the tail of the LRU list, and PUBLIC objects at the head.
5854 Thus, PRIVATE objects get kicked out quicker.
95e36d02 5855 - Added David Luyer's DELAY_POOLS code.
54b5b3e5 5856 - Fixed a bug due to HEAD replies which lack the end-of-headers
5857 line.
5858 - Made proxy-auth realm string configurable (Bob Franklin)
5859 - Changed default mime time to a viewable one (Henrik Nordstrom).
5860 - configure fixes for Sony's NEWS-OS 6.x (Makoto MATSUSHITA).
5861 - Fixed 'you are running out of filedescriptors' bug which
5862 could cause the HTTP incoming connection handler to not
5863 be reset.
e23fbf04 5864 - Changed syslog logging. Now squid debug levels 0 and 1 go
d737baa0 5865 to syslog. Level 0 gets LOG_WARNING and level 1 gets LOG_NOTICE
e23fbf04 5866 (this needs more work!)
2cb51fe0 5867 - Fixed memory access errors in statAvgTick().
abc1237e 5868 - Fixed duplicate requestUnlink() bug in forward.c
6c4067e5 5869 - Fixed possible memory access bugs from not setting e->mem_obj
5870 = NULL in destroy_MemObject().
5871 - Deleted TCP_IMS_MISS tag. Always use TCP_IMS_HIT instead.
5872 - Modified headersEnd and httpMsgIsolateHeaders to account
5873 for funky line terminations such as CRCRNL.
5874 (``but Netscape and IE _tolerate_ this'')
5875 - Fixed carp functions (Eric Stern).
5876 - Replaced internal proxy_auth code with extern authentication
5877 module (Arjan de Vet).
5878 - moved hash.c to libmiscutil.a.
e931f99a 5879 - Fixed handling of ICP queries with whitespace in URLs.
5880 Now we return ICP error and escape the URL before logging.
3a15a393 5881 - Added configure check for socklen_t (David Luyer).
5882 - Removed USE_SPLAY #defines; it is now standard.
3a76c002 5883 - Added FD arg to async IO callbacks (AIOCB) so we can eliminate
5884 temporary disk_ctrl_t structures.
5885 - Changed ENOSPC disk write errors to reduce specific cache_dir
5886 sizes, and not just the size of the cache as a whole.
f9cece6e 5887 - Added httpMaybeRemovePublic() to purge public objects for
5888 certain responses even though they are uncachable. This is
5889 needed, for example, when an initially cachable object
5890 later becomes uncachable.
8e6a43e8 5891 - Added refresh_pattern options to ignore client reloads
5892 (Henrik Nordstrom)
5893 - Relocated disk.c code which combines blocks for writing
5894 (Stewart Forster).
c7d6216e 5895
857703c6 5896Changes to squid-1.2.beta23 (June 22, 1998):
5897
cf7f704c 5898 - Added Turkish error pages by Tural KAPTAN.
66bbb757 5899 - Added basic support for Range requests. For most cachable
5900 requests, Squid replies with an "Accept-Ranges" header. Upon
5901 receiving a potentially cachable Range request for a not
5902 cached object, Squid requests the whole object from origin
5903 server and then replies with specified range(s) to the
5904 client. Multi-range requests are supported. Adjacent
5905 overlapping ranges are merged. If-Range requests are
5906 supported. Limitations: Multi-range requests with out of
5907 order ranges are not supported.
5908 - Made md5.c use standard memcpy and memset if they are
5909 avaliable.
5910 - Memory pools will now shrink if Squid is run-time
5911 reconfigured with smaller value of memory_pools_limit tag.
5912 - Added counter for number of clients (Tomi Hakala).
5913 - Changed neighbor UP/DOWN algorithm to require 10 failed TCP
5914 connections for UP->DOWN transition.
5915 - Added 'unique_hostname' configuration option when its
5916 necessary to have multiple machines with the same visible
5917 hostname.
222917b2 5918 - Fixed pumpReadFromClient() to not read too many bytes on
5919 persistent connections.
53856ebd 5920 - We can now cache HTTP replies with Set-Cookie. These evil
5921 headers are now filtered out for cache hits on the client
5922 side.
222917b2 5923 - Fixed SNMP bugs caused by using snmpwalk.
9089cc70 5924 - Fixed snmp system Group; all objects are now returned.
5925 - Fixed snmp system Group sysDescr and sysContact.
78dfab2a 5926 - Fixed snmp system Group sysObjectID it now returns a OBJECT
5927 IDENTIFIER.
7fce9c3e 5928 - Allocate FwdState from mem pools.
5929 - Minor HTCP progress.
222917b2 5930 - Moved 'miss_access' ACL check from client_side.c to forward.c
ed169eab 5931 - Fixed logging of usernames for requests which require
5932 proxy-authentication.
cf7f704c 5933 - Fixed HTTP request parser to accept lowercase HTTP identifier
5934 (Oskar Pearson).
5935 - Fixed FTP listings to always include links to the parent
5936 directory (Henrik Nordstrom).
5937 - Fixed FTP to show an "empty" listing instead of showing
5938 a "document contains no data" error (Henrik Nordstrom).
5939 - Fixed refreshCheck() bug. Often it was checking the
5940 refresh patterns against the string "[null_mem_obj]"
5941 because we moved URLs to MemObject.
5942 - Added CARP support by Eric Stern.
48382032 5943 - Fixed select-spin bug when an ICP reply actually gets queued
5944 and we failed to execute the write callback.
354b5fe1 5945 - Fixed a storeCheckSwapOut bug. We were freeing up to
5946 the queued offset instead of the done offset. This
5947 resulted in a small chunk of object data not being in
5948 memory and not yet written to disk. A client could
5949 recieve a partial object because file_read() unexpectedly
5950 returns EOF.
0aa791f8 5951 - Fixed proxy-authentication hangs (Henrik Nordstrom).
c2354a6b 5952 - Fixed request_t->flags bug causing authenticated, proxied
5953 responses to be cached (Arjan de Vet).
e0e32f36 5954 - Fixed MIME types for .tgz extension (Henrik Nordstrom).
5955 - Added view and download options to FTP listings (Henrik
5956 Nordstrom).
5957 - Modified configure to allow using pre-installed libdlmalloc.a
5958 (Masashi Fujita).
e8d8856c 5959 - Fixed cachemgr 'objects' implementation.
fecf98dc 5960 - Changed refreshCheck() algorithm. For cached objects, we
5961 now check, in the following order:
5962 * request max-age
5963 * response Expires (if present)
5964 * refresh_pattern max-age
5965 * response Last-Modified compared to refresh_pattern
5966 LM-factor (only if Last-Modified is present)
5967 * refresh_pattern min-age
5968 - Changed Copyrights.
d192d11f 5969
ee3a78d4 5970Changes to squid-1.2.beta22 (June 1, 1998):
5971
2246b732 5972 - do not cut off "; parameter" from "digitized" Content-Type
5973 http fields
5974 - Added X-Request-URI for persistent connection debugging
5975 (Henrik Nordstrom)
f4d83f6d 5976 - Added Polish error pages from Maciej Kozinski.
145f10f1 5977 - Fixed hash_first/hash_next bugs with **Current pointer.
5978 Replaced with *next pointer.
f4d83f6d 5979 - Fixed PUT/POST bugs in client (Henrik Nordstrom).
5980 - Deny forwarding loops in httpd accel mode (Henrik Nordstrom).
5981 - Fixed eventRun "spin" bug when event delta time == 0.
a9cc1935 5982 - Fixed setting Last Modified time on cached entries when
5983 receiving a 304 reply.
06e87923 5984 - Added while loop in httpAccept().
5985 - Added while loop in icpHandleUdp().
5986 - Fixed some small memory leaks.
5987 - Fixed single-bit-int flag checks (Henrik Nordstrom).
137ee196 5988 - Replaced "complex" (offset accounting) calls to snprintf with MemBuf
5989 - Do not send only-if-cached cc directive with requests
6474667e 5990 for peer's digests.
ee3a78d4 5991 - Added "automatic tuning" for incoming request rate, i.e.
5992 how often to check HTTP and ICP sockets. See comm.c
5993 comments for details.
145f10f1 5994
6ee40ea2 5995Changes to squid-1.2.beta21 (May 22, 1998):
5996
434b408f 5997 - Added Italian error pages by Alessio Bragadini.
a3f9588e 5998 - Added Estonian error pages by Toomas Soome.
06066bbc 5999 - Added Russian (koi-r) error pages by Andrew L. Davydov.
7b381d33 6000 - Added Czech error pages by Jakub Nantl.
8e866bb4 6001 - Fixed asnAclInitialize calling to prevent coredump.
6002 - Fixed FTP directory parsing again.
6003 - Made FTP directory listing "Generated" tagline like
6004 the one for error pages.
52f977aa 6005 - Fixed an assertion coredump in statHistCopy from
6474667e 6006 reconfiguring with different #peers in squid.conf
10202788 6007 - Ignore leading whitespace on requests (and replies). RFC
6008 2068 section 4.1, robustness (Henrik Nordstrom)
6009 - Fixed keep_alive bug. We did not always honour reply
6010 headers, but rather assumed connections could be persistent.
6011 - Fixed reading whois output for AS numbers, especially when
6012 they are longer than 4 KB.
6013 - Removed 'cache_stoplist_pattern' configuration option. This
6014 feature is now handled by 'no_cache'.
6015 - If a URN resolves to only one URL, just return it immediately
6016 instead of giving the user a "choice" (Andy Powell).
6017 - Fixed year-2000 bug in lib/iso3307.c (Henrik Nordstrom).
6018 - Changed squid-internal object names.
6019 - Added netdb exchange protocol.
6020 - Fixed wordlistDestroy() uninitialized pointer bug in
6021 ftpParseControlReply.
06066bbc 6022 - Fixed redirector subprocess to show real program name.
6023 - Changed URN menu output to be sorted.
6024 - Added fast select(2) timeouts when using ASYNC_IO.
6025 - Added ARP ACL support for Linux (David Luyer).
6474667e 6026 - Added binary http headers to requests
6027 - request_t objects are now created and destroyed in a consistent way
6028 - Fixed cache control printf bug
6029 - Added a lot of new http header ids
6030 - Improved Connection: header handling; now both Connection and
6031 Proxy-Connection headers are checked for connection directives
6032 - Connection request header is now handled correctly regardless
6033 of its position and the number of entries
2246b732 6034 - Only replies with valid Content-Length can be sent with keep-alive
6035 connection directive (Henrik Nordstrom)
6474667e 6036 - Better handling of persistent connection "clues" in HTTP headers;
2246b732 6037 the decision now depends on HTTP version (and User-Agent exceptions)
6474667e 6038 - Removed handling of "length=" directive in IMS headers;
6039 the directive is not in the HTTP/1.1 standard;
6040 standing by for objections
6041 - allowed/denied headers are now checked using bit masks instead of
6042 strcmp loops
6043 - removed Uri: from allowed headers; Uri is deprecated in RFC 2068
2246b732 6044 - removed processing of Request-Range header (not in specs?)
7b381d33 6045 - Fixed byte-order bugs in cacheDigestHashKey.
6046 - Changed hash_remove_link() to return void.
6047 - Changed ipcache_gethostbyname() to return NULL if
6048 i->addrs.count == 0.
6de5fa88 6049 - Added millisecond-timing to select/poll loops and event
6050 queue.
6051 - Changed 'peerPingTimeout' value to be twice the average
6052 of all the peer ICP RTT's.
6053 - Added 'half_closed_clients' option to force closing of
6054 client connections which might only be half-closed.
6055 - Fixed matchDomainName coredump bug.
6056 - Don't cache HTTP replies with Vary: headers until we
6057 get content negotiation working.
6058 - Fixed SSL proxying to forward full HTTP request headers.
c09459dd 6059 - Changed storeGetMemSpace(). Only purge down to the HIGH
6060 water mark; move locked entries to the head of the inmem
6061 list.
6062 - Changed clientReadRequest() to locally handle any
6063 "squid-internal-static" URL for any host.
52f977aa 6064 - Disable persistent connections for client connections
6065 from broken Netscape User-Agent, version 3.* (Stewart Forster)
434b408f 6066
901b8eaf 6067Changes to squid-1.2.beta20 (April 24, 1998):
6068
fd1bc012 6069 - Improved support for only-if-cached cache control directive.
6070 - Enabled 304 replies for ENTRY_SPECIAL objects (e.g., icons).
a1a62b14 6071 - Fixed 'quick_abort' percent calculation bug.
6072 - Fixed quick_abort FPE bug.
6073 - Changed more errno-checking functions to use ignoreErrno().
6074 - Added ERESTART to ignoreErrno() because of report from
6075 a Solaris system.
6076 - Fixed '#elsif' typo.
6077 - Fixed MemPool assertion by moving memInit() to before
6078 configuration parsing functions.
6079 - Fixed default 'announce_period' value (was 1 day, should
6080 be 0) (Joe Ramey).
6081 - Added configure warning for low filedescriptors and pointer
6082 to FAQ.
b0497a40 6083 - Fixed httpBodySet() bug causing URN related coredumps.
6084 - Changed ipcacheCycleAddr() to always cycle through all all
6085 available addresses, and not just advance when one of
6086 them goes BAD.
6087 - Fixed squid-internal bug for mixed-case hostnames (Henrik
6088 Nordstrom).
4e41d49f 6089 - Fixed ICP counting probelm. icpUdpSend() arg should be
6090 LOG_ICP_QUERY instead of LOG_TAG_NONE.
e4b71f74 6091 - Added some additional fault toleranse on FTP data channels
6092 (Henrik Nordstrom).
6093 - Corrected error reporting on FTP "hacks" (Henrik Nordstrom).
6094 - Added lock/unlock for StoreEntry during storeAbort().
6095 - Added filemap bit usage stats to cachemgr 'storedir' and
6096 'info'.
6097 - Replaced 'cache_stoplist' with 'no_cache' Access list.
6098 - Fixed (hopefully) remaining swapfile-open-at-exit bugs.
44745828 6099 - Fixed default hierarchy_stoplist to be ``default if none.''
6100 - Fixed 'fake a recent reply' hack for detecting DEAD
6101 and ALIVE neighbors (Joe Ramey).
e376562a 6102 - Fixed FTP directory parsing bugs (Joe Ramey).
6103 - Fixed ftpTraverseDirectory coredump for NULL ftpState->filepath
6104 (Joe Ramey).
dea17509 6105 - Fixed daylight savings time bug (again).
fd1bc012 6106 - A lot of Cache Digests additions, fixes, and tuning.
6107 Cache Digests are still "very experimental".
e376562a 6108 - Fixed snprintf() bug. When len == 1, snprintf() would treat
6109 the buffer as unknown size, emulating sprintf() behaviour.
6110 - Made Error page language configurable with configure script
6111 (Henrik Nordstrom).
6112 - Fixed squid-internal URLs when http_port == 80.
6113 - Remember the client address on redirected requests (Henrik
6114 Nordstrom).
6115 - Don't rebuild the request if the redirector returned the same
6116 URL (Henrik Nordstrom).
6117 - Rewrite Host: header on redirected requests (Henrik
6118 Nordstrom).
6119 - Include port (if non-standard) in generated Host: headers
6120 (Henrik Nordstrom).
6121 - Fixed rfc1123 timezone hacks for Windows NT
6122 (Henrik Nordstrom).
6123 - Added Russian Error pages by Ilia Zadorozhko.
6124 - Added totals for ICP and HTTP hits to cachemgr client_list
6125 output.
6cfa8966 6126 - Changed error message to 'Generated TIME by HOST (SQUID/VER)'
6127 because any string with an '@' must be an email address.
e376562a 6128 - Fixed POST for content-length == 0.
901b8eaf 6129 - Fixed "huge 304 reply" loop bug.
5e9ab945 6130 - Fixed --enable-splaytree compile bugs.
c93fbf13 6131 - Removed ASN lookup code in peer_select.c.
b6a2f15e 6132 - Added warnings if ACL code detects subdomains in SPLAY
6133 trees.
6134 - Rewrote some bits of httpRequestFree() to eliminate
6135 possible bugs that could cause an "e->lock_count" asseertion.
6136 - Added value/bounds checking to _db_init() when setting
6137 the debugLevels[] array.
fd1bc012 6138
005e5260 6139Changes to squid-1.2.beta19 (Apr 8, 1998):
6140
b0497a40 6141 - Squid-1.2.beta19 compiles and runs on Windows/NT with
6142 Cygnus Gnu-WIN32 b19 (Henrik Nordstrom).
447203a7 6143 - Added French Error pages by Frank DENIS.
6144 - Added Dutch Error pages by Mark Visser
901b8eaf 6145 - Added German Error pages by Bernd P. Ziller, Jens Frank,
6146 and Anke S.
f9f2be04 6147 - Added support for only-if-cached cache-control directive.
005e5260 6148 - Added RELAXED_HTTP_PARSER #define to allow requests which are
6149 missing the HTTP identifier on the request line (e.g. buggy
6150 SpyGame queries). RELAXED_HTTP_PARSER is undefined by default.
1f4d31f9 6151 - Fixed disk.c FD leak for delayed closes in
6152 diskHandleWriteComplete().
6153 - Fixed cache announcement feature.
20fe7191 6154 - Fixed httpReadReply() to retry failed HTTP requests on
6155 persistent connections when read() returns -1, not only
6156 when it returns 0.
805e5f70 6157 - Fixed cbdata memory counting leak. cbdataUnlock() always
6158 called free(), never memFree().
ff396fe6 6159 - Fixed storeDirWriteCleanLogs() malloc bug on Alphas.
005e5260 6160 - Fixed `++loopdetect < 10' assertion due to
6161 clientHandleIMSReply bug for invalid/partial HTTP
6162 replies.
6163 - Added preliminary code for HTCP.
6164 - Renamed 'aux' dir to 'cfgaux' for legacy DOS machines.
6165 - Added "snmp_community" as an ACL type.
6166 - Cleaned up proxy-auth acl implementation and removed
6167 memory leaks.
6168 - Added generic 'hashFreeItems()' function for efficiently
6169 freeing hash table pointers.
6170 - Added whoisTimeout() for ASN code.
447203a7 6171 - Removed BINARY TREE code.
005e5260 6172 - Fixed forgetting to reset Config.Swap.maxSize in
6173 configDoConfigure.
6174 - Fixed httpReplyUpdateOnNotModified() arguments-in-wrong-order
6175 bug which caused not modified replies to not get updated.
6176 - Fixed client_side.c bugs which could cause data to be written
6177 to the client in the wrong order for persistent connections.
6178 clientPurgeRequest() and clientHandleIMSComplete() must not
6179 call comm_write(). Instead they must create and write to
6180 StoreEntry's.
6181 - Fixed ICP query service time counting bug(s).
6182 - replaced 'char *mime_headers_end()' with 'size_t headersEnd()'
6183 to fix buffer overruns. This also requires adding 'buf_sz'
6184 args to some functions like clientBuildReplyHeader().
6185 But we can eliminate the need to NULL-terminate the
6186 buffer beforehand.
6187 - Changed commConnectCallback() to reset the FD timeout to
6188 zero before notifying about the connection. This requires
6189 commSetTimeout() calls in numerous places to reinstall
6190 timeouts.
6191 - Changed comm_poll_incoming() to be called less frequently
6192 (every 15 I/O's instead of every 7 FD's) (Michael O'Reilly).
6193 - Removed HAVE_SYSLOG case for debug() macro. Almost all
6194 systems do have syslog(), but more importatnly the
6195 _db_level value is needed for debugging to stderr.
6196 - Rewrote squid/dnsserver interface to use smaller, single-line
6197 messages.
6198 - Rewrote 'dns' cachemgr output to use a table format.
6199 - Rewrote a lot of dnsserver.c.
6200 - Added eventAddIsh() for semi-random event scheduling.
6201 - Fixed an ftpTimeout bug for sessions which use PORT
6202 commands.
6203 - Fixed ftp.c to recognized invalid PASV replies (e.g.
6204 port == 0).
6205 - Removed hash_insert(). All hasing uses hash_join() now.
6206 - Renamed hash_unlink() to hash_remove_link().
6207 - Added hashPrime() to find closes prime hash table size
6208 to a given value.
6209 - Fixed Keep-Alive ratio counting bug which prevented
6210 persistent connections from being used between cache
6211 peers.
6212 - Changed icmp.c to NOT queue messages sent from squid to
6213 the pinger program.
6214 - Changed icp_v2.c to NOT queue ICP messages by default.
6215 But they will be queued and resent once if the first
6216 send fails. Counters.icp.queued_replies counts the
6217 number of messaages queued.
6218 - Cleaned up ICP logging.
6219 - Added identTimeout().
6220 - Fixed ipcache reply counting bug. Overcounted dnsserver
6221 replies for partial replies.
6222 - Added urlInternal() for building internal Squid URLs.
6223 - Changed peerAllowedToUse() to check both 'cache_peer_domain'
6224 AND 'cache_peer_acl' configurations. This should be changed
6225 in the fugure to use ONLY cache_peer_acl.
6226 - Changed DEAD/REVIVED neighbor detection to avoid reporting
6227 so many false deaths. (Joe Ramey).
6228 - Added some preliminary code to support "cache digests."
6229 - Fixed pumpClose() coredumps (?).
6230 - Updated cachemgr 'info' output to show median service
6231 times for various categories.
6232 - Fixed ABW bug in storeDirWriteCleanLogs(). sizeof(off_t)
6233 != sizeof(int) for Alphas.
6234 - Fixed potential alignment problem in storeDirWriteCleanLogs().
6235 - Fixed store_rebuild.c to NOT replace current, but
6236 not-swapped-out StoreEntry's with on-disk entries.
6237 - Changed storeCleanup() to call storeRelease on invalid
6238 entries which don't have a swapfile (i.e. no unlink()
6239 penalty).
6240 - Fixed storeSwapInStart() to fail for unvalidated
6241 entries.
6242 - SNMP changes:
6243 . renovated mib and added descriptions and comments
6244 . added hit and byte counters to client_db , for
6245 cacheClientTable
6246 . cacheClientTable, netdbTable, cachePeerTable,
6247 cacheConnTable now indexed by ip address. hash_lookup was
6248 enhanced to allow for subsequent hash_next's similar to
6249 hash_first, to speed up getnext's in tables which refer to
6250 hash-table structures.
6251 . added generic (well, sorf of) table indexing functionality
6252 . added makefile dependencies for snmplib and cache_snmp.h
6253 . WaisHost, WaisPort, Timeouts removed
6254 . FdTable split into FdTable and ConnTable. FdTable simplified
6255 . PeerTable and PeerStat merged and put into new cacheMesh
6256 group
6257 . cacheClientTable added for client statistics and accounting
6258 (cacheMesh 2)
6259 . cacheSec and cacheAccounting groups removed
6260 . fixed acl bug when communities not defined
6261 . snmp_acl now survives bad configuration
81d0c856 6262
9a713ffb 6263Changes to squid-1.2.beta18 (Mar 23, 1998):
6264
275d9f2e 6265 - Added v1.1 'test_reachability' option.
6266 - Fixed hash4() len == 0 bug.
2c26197b 6267 - Fixed Config.Swap.maxSize reconfigure bug.
6268 - Fixed ICP query bug determining request method.
6269 - Moved ICP's storeGet() cache lookup into neighborsUdpAck()
6270 so that we know neighbors are alive even when they send
6271 us replies for unknown entries.
6272 - Changed configure script to add '-std1' for Digital Unix cc.
6273 - Fixed SNMP sizeof(int) / sizeof(long) bugs for 64-bit
6274 systems.
6275 - Added support for 'Cache-Control: Only-If-Cached' request header.
34ad1721 6276 - Fixed CheckQuickAbort() bugs for multiple clients on one
6277 StoreEntry. Also changed storePendingNClients() to return
6278 mem->nclients instead of counting the number of store_client
6279 entries with pending callback functions.
275d9f2e 6280
041b157e 6281Changes to squid-1.2.beta17 (Mar 17, 1998):
6282
df43fc93 6283 - SNMP MIB version check changed to non-rcs.
02922e76 6284 - Added memory pools for variable size objects (strings).
6285 There are three pools; for small, medium, and large objects.
6286 - Extended String object to use memory pools. Most fixed size char
6287 array fields will be replaced using string pools. Same for most
6288 malloc()-ed buffers.
5e14bf6d 6289 - Changed icon handling to use the hostname and port of the squid
9ed90c85 6290 server, instead of the special hostname "internal.squid"
6291 (Henrik Nordstrom).
5e14bf6d 6292 - All icons are now configured in mime.conf. No hardcoded icons,
f8360ee3 6293 including gohper icons (Henrik Nordstrom).
459f2559 6294 - Fixed ICP bug when we send queries, but expect zero
6295 replies.
ed9c0b33 6296 - Fixed alignment/casting bugs for ICP messages.
2b5b6324 6297 - A generic client-to-server "pump" was added to handle HTTP
6298 PUT as well as POST methods on the client-cache side. Based on
6299 "pump" PUT requests can be made to either HTTP or FTP url's.
6300 Code is still beta and interoperability with browsers etc has
6301 not been tested.
6302 - Put #ifdefs around 'source_ping' code.
5e14bf6d 6303 - Added missing typedef for _arp_ip_data (Wesha).
6304 - Added regular-expression-based ACLs for client and server
6305 domain names (Henrik Nordstrom).
6306 - Fixed ident-related coredumps from incorrect callback data.
6307 - Fixed parse_rfc1123() "space" bug.
6308 - Fixed xrealloc() XMALLOC_DEBUG bug (not calling check_free())..
6309 - Fixed some src/asn.c end-of-reply bugs and memory leaks.
6310 - Fixed some peer->options flag-setting bugs.
6311 - Fixed single-parent feature to work again
6312 - Removed 'single_parent_bypass' configuration option; instead
6313 just use 'no-query'.
6314 - Surrounded 'source_ping' code with #ifdefs.
6315 - Changed 'deny_info URL' to use a custom Error page.
6316 - Modified src/client.c for testing POST requests.
041b157e 6317 - Fixed hash4() for SCO (Vlado Potisk).
459f2559 6318
7ba777f2 6319Changes to squid-1.2.beta16 (Mar 4, 1998):
6320
447203a7 6321 - Added Spanish error messages from Javier Puche.
02922e76 6322 - Added Portuguese error messages from Pedro Lineu Orso
0965bd19 6323 - Added a simple but very effective hack to cachemgr.cgi that tries to
6324 interpret lines with '\t' as table records and formats them
6325 accordingly. With a few exceptions (see source code), first line
6326 becomes a table heading ("<th>" html tag) and the rest is formated
6327 with "<td>" tags.
7021844c 6328 - Added "mem_pools_limit" configuration option. Semantics of
6329 "mem_pools" option has also changed a bit to reflect new memory
6330 management policy.
7ba777f2 6331 - Reorganized memory pools. Squid now supports a global pool
6332 limit instead of individual pool limits. Per-pool limits can be
3a88d597 6333 implemented on top of the current scheme if needed, but it is
7ba777f2 6334 probably hard to guess their values. Squid distributes pool
6335 memory among "frequently allocated" objects. There is a
6336 configurable limit on the total amount of "idle" memory to be
6337 kept in reserve. All requests that exceed that amount are
6338 satisfied using malloc library. Support for variable size
6339 objects (mostly strings) will be enabled soon.
6340 - memAllocate() has now only one parameter. Objects are always
6341 reset with 0s. (We actually never used that parameter before;
6342 it was always set to "clear").
6343 - Added Squid "signature" to all ERR_ pages. The signature is
6344 hardcoded and is added on-the-fly. The signature may use
6345 %-escapes. Added interface to add more hard-coded responses if
6346 needed (see errorpage.c::error_hard_text).
6347 - Both default and configured directories are searched for ERR_
6348 pages now. Configured directory is, of course, searched first.
6349 This allows you to customize a subset of ERR_ pages (in a
6350 separate directory) without danger of getting other copies out
6351 of sync.
6352 - Security controls for the SNMP agent added. Besides
6353 communities (like password) and views (part of tree
6354 accessible), the snmp_acl config option can be used to do acl
6355 based access checks per community.
6356 - SNMP agent was heavily re-written, based on cmu-snmpV1.8. You
6357 can now walk through the whole mib tree. Several new variables
6358 added under cacheProtoAggregateStats
12cf1be2 6359 - Added rudimental statistics for HTTP headers.
7ba777f2 6360 - Adjusted StatLogHist to a more generic/flexible StatHist.
12cf1be2 6361 Moved StatHist implementation into a separate file.
178dbda2 6362 - Added FTP support for PORT if PASV fails, also try the
6363 default FTP data port (Henrik Nordstrom).
6364 - Fixed NULL pointer bug in clientGetHeadersForIMS when a
6365 request is cancelled for fails on the client side.
6366 - Filled in some squid.conf comments (never_direct,
6367 always_direct).
6368 - Added RES_DNSRCH to dnsserver's _res.options when the
6369 -D command line option is given.
6370 - Fixed repeated Detected DEAD/REVIVED Sibling messages when
6371 peer->tcp_up == 0 (Michael O'Reilly).
6372 - Fixed storeGetNextFile's incorrect "directory does not exist"
6373 errors (Michael O'Reilly).
6374 - Fixed aiops.c race condition (Michael O'Reilly, Stewart
6375 Forster).
6376 - Added 'dns_nameservers' config option to specify non-default
6377 DNS nameserver addresses (Maxim Krasnyansky).
6378 - Added lib/util.c code to show memory map as a tree
6379 (Henrik Nordstrom).
6380 - Added HTTP and ICP median service times to Counters and
6381 cachemgr average stats.
6382 - Changed "-d" command line option to take debugging level
6383 as argument. Debugging equal-to or less-than the argument
6384 will be written to stderr.
3ff01c3e 6385 - Removed unused urlClean() function from url.c.
adba4a64 6386 - Fixed a bug that allowed '?' parts of urls to be recorded in
ef65d6ca 6387 store.log. Logged urls are now "clean".
178dbda2 6388 - Cache Manager got new Web interface (cachemgr.cgi). New .cgi
6389 script forwards basic authentication from browser to squid.
6390 Authentication info is encoded within all dynamically generated
6391 pages so you do not have to type your password often.
6392 Authentication records expire after 3 hours (default) since
6393 last use. Cachemgr.cgi now recognizes "action protection" types
6394 described below.
6395 - Added better recognition of available protection for actions
6396 in Cache Manager. Actions are classified as "public" (no
6397 password needed), "protected" (must specify a valid password),
6398 "disabled" (those with a "disable" password in squid.conf), and
6399 "hidden" (actions that require a password, but do not have
6400 corresponding cachemgr_passwd entry). If you manage to request
6401 a hidden, disabled, or unknown action, squid replies with
6402 "Invalid URL" message. If a password is needed, and you failed
6403 to provide one, squid replies with "Access Denied" message and
6404 asks you to authenticate yourself.
6405 - Added "basic" authentication scheme for the Cache Manager.
6406 When a password protected function is accessed, Squid sends an
6407 HTTP_UNAUTHORIZED reply allowing the client to authorize itself
6408 by specifying "name" and "password" for the specified action.
6409 The user name is currently used for logging purposes only. The
6410 password must be an appropriate "cachemgr_passwd" entry from
6411 squid.conf. The old interface (appending @password to the url)
6412 is still supported but discouraged. Note: it is not possible
6413 to pass authentication information between squid and browser
6414 *via a web server*. The server will strip all authentication
6415 headers coming from the browser. A similar problem exists for
6416 Proxy-Authentication scheme.
6417 - Added ERR_CACHE_MGR_ACCESS_DENIED page to notify of
6418 authentication failures when accessing Cache Manager.
63259c34 6419 - Added "-v" (Verbose) and "-H" (extra Headers) options to client.c.
178dbda2 6420 - Added simple context-based debugging to debug.c. Currently,
6421 the context is defined as a constant string. Context reporting
6422 is triggered by debug() calls. Context debugging routines
6423 print minimal amount of information sufficient to describe
6424 current context. The interface will be enhanced in the future.
6425 - Replaced _http_reply with HttpReply. HttpReply is a
6426 stand-alone object that is responsible for parsing, swapping,
6427 and comm_writing of HTTP replies. Moved these functions from
6428 various modules into HttpReply module.
8bfcd557 6429 - Added HttpStatusLine, HttpHeader, HttpBody.
178dbda2 6430 - All HTTP headers are now parsed and stored in a "compiled"
6431 form in the HttpHeader object. This allows for a great
6432 flexibility in header processing and builds basis for support
6433 of yet unsupported HTTP headers.
6434 - Added Packer, a memory/store redirector with a printf
6435 interface. Packer allows to comm_write() or swap() an object
6436 using a single routine.
6437 - Added MemBuf, a auto-growing memory buffer with printf
6438 capabilities. MemBuf replaces most of old local buffers for
6439 compiling text messages.
6440 - Added MemPool that maintains a pre-allocated pool of opaque
6441 objects. Used to eliminate memory thrashing when allocating
6442 small objects (e.g. field-names and field-value in http
6443 headers).
8bfcd557 6444
3197e644 6445Changes to squid-1.2.beta15 (Feb 13, 1998):
6446
55647891 6447 NOTE: This version has changes which may cause all or part
6448 of your cache to be lost. However, you can problably
6449 save most of it by doing a slow restart. Specifically:
6450
6451 1. Kill the running squid-1.2.beta14 process; wait for it to
6452 fully exit.
6453 2. Remove all 'swap.state*' files, either in each cache_dir, or
6454 as defined in your squid.conf
6455 3. Start squid-1.2.beta15. The store will be rebuilt from the
6456 existing swap files, reading the directories and opening
6457 the files.
6458
bcfbdc11 6459 - Fixed some problems related to disk (and pipe) write error
6460 handling. file_close() doesn't always close the file
6461 immediately; i.e. when there are pending buffers to write.
6462 StoreEntry->lock_count could become zero while a write is
6463 pending, then bad things happen during the callback.
6464 - The file_write() callback data must now be in the callback
6465 database (cbdata). We now use the swapout_ctrl_t structure
6466 for the callback data; it stays around for as long as we are
6467 swapping out.
6468 - Changed the way write errors are handled by diskHandleWrite.
6469 If there is no callback function, now we exit with a fatal
6470 message under the assumption that the file in question is a
6471 log file or IPC pipe. Otherwise, we flush all the pending
6472 write buffers (so we don't see multiple repeated write errors
6473 from the same descriptor) and let the upper layer decide how
6474 to handle the failure.
6475 - Fixed storeDirWriteCleanLogs. A write failure was leaving
6476 some empty swap.state files, even though it tells us that its
6477 "not replacing the file." Don't flush/rename logs which we
6478 have prematurely closed due to write failures, indiciated by
6479 fd[dirn] == -1. Close these files LAST, not before
6480 renaming.
6481 - Fixed storeDirClean to clean directories in a more sensible
6482 order, instead of the new "MONOTONIC" order for swap files.
0465e406 6483 - Merged fdstat.c functions into fd.c.
6484 - Cleaned up some debugging sections. Some unrelated source
6485 files were using the same section.
6486 - Removed curly brackets from all cachemgr output.
6487 - Removed unused filemap->last_file_number_allocated member.
6488 - Removed unused fde->lifetime_data member.
6489 - Fixed incorrectly applying htonl() on icp_common_t->shostid.
6490 - Call setsid() before exec() in ipc.c so that child processes
6491 don't receive SIGINT (etc) when running squid on a tty.
2f2dd5ad 6492 - Changed StoreEntry->object_len to ->swap_file_sz so we
6493 can verify the disk file size at restart. Moved object_len
6494 to MemObject->object_sz. Note object_sz is initialized
6495 to -1. If object_sz < 0, then we need to open the swap
6496 file and read the swap metadata.
6497 - Changed store_client->mem to ->entry because we need
6498 e->swap_file_sz to set mem->object_sz at swapin.
2f2dd5ad 6499 - Renamed storeSwapData structure to storeSwapLogData.
6500 - Fixed storeGetNextFile to not increment d->dirn. Added
6501 check for opendir() failure.
6502 - Fixed storeRebuildStart to properly link the directory
6503 list for storeRebuildfromDirectory mode.
e157f97f 6504 - Added -S command line option to double-check store
6505 consistency with disk files in storeCleanup().
6506 - Fixed a problem with transactional logging. In many
6507 cases we were adding the public cache key and then
6508 logging a delete for the private key. This is worthless
6509 because during rebuild we could not locate the previous
6510 public-keyed entry. Now we assert that only public-keyed
6511 entries can be logged to swap.state. storeSetPublicKey()
6512 and storeSetPrivateKey() have been modified to log an
6513 ADD or DEL when the key changes.
6514 - Fixed storeDirClean bug. Needed to call
6515 storeDirProperFileno() so the "dirn bits" get set.
6516 - Fixed a storeRebuildFromDirectory bug. fullpath[] and
6517 fullfilename[] were static to that function and did
6518 not change when the "rebuild_dir" arg did. Moved these
6519 buffers to the rebuild_dir structure.
6520 - In storeRebuildFromSwapLog, we were calling storeRelease()
6521 for cache key collisions. This only set the RELEASE_REQUEST
6522 bit and did not clear the swap_file_number in the filemap or
6523 in the StoreEntry, so the swap file could get unlinked later
6524 when it was really released.
4e0f0471 6525 - Fixed FTP so that ';type=X' specifically sets the HTTP reply
6526 content-type and content-encoding (Henrik Nordstrom).
6527 - Removed 'icon_content_type' configuration option. Content
6528 types now taken from mime.conf (Henrik Nordstrom).
2a9b2b73 6529 - Added additional memory malloc tracing and memory leak
6530 detection. Use --enable-xmalloc-debug-trace configure
6531 option and -m command line option (Henrik Nordstrom).
bcfbdc11 6532
93169941 6533Changes to squid-1.2.beta14 (Feb 6, 1998):
6534
5471db88 6535 - Replaced snmplib free() calls with xfree().
6536 - Changed the 'net_db_name' hash table structure to
6537 make it easier to move names from one network to another
6538 (copied from 1.1 code).
93169941 6539 - Filled in some of the config dump routines (dump_acl,
6540 dump_acl_access).
6541 - Full memory debugging option (--enable-xmalloc-debug-trace)
6542 (Henrik Nordstrom).
6543 - Filled-in and clarified many squid.conf comments (Oskar
6544 Pearson).
6545 - Fixed up handling of SWAP_LOG_DEL swap.state entries.
5471db88 6546
f91834bf 6547Changes to squid-1.2.beta13 (Feb 4, 1998):
f577e074 6548
b4512acd 6549 - NOTE: With this version the "swap.state" file format has
6550 changed. Running this version for the first time will
6551 cause your current cache contents to be lost!
f91834bf 6552 - NOTE: this version still has the bug where we don't rewind
6553 a swapout file and rewrite the swap meta data. Objects
6554 larger than 8KB will be lost when rebuilding from the swap
6555 files.
d04dd4bf 6556 - Combined various interprocess communication setup functions
6557 into ipcCreate().
6558 - Removed some leftover ICP_HIT_OBJ things.
6559 - Removed cacheinfo and proto_count() and friends; these are to
6560 be replaced in functionality by StatCounters and 5/60 minute
6561 average views via cachemgr.
6562 - Fixed --enable-acltree configure message (Masashi Fujita).
6563 - Fixed no reference to @LIB_MALLOC@ in src/Makefile.in
6564 (Masashi Fujita).
6565 - Fixed building outside of source tree (Masashi Fujita).
dbfed404 6566 - FTP: Format NLST listings, and inform the user that the NLST
6567 (plain) format is available when we find a LIST listing that we
6568 don't understand (Henrik Nordstrom)
6569 - FTP: Use SIZE on Binary transfers, and not ASCII. The
6570 condition was inversed, making squid use SIZE on ASCII
6571 transfers (Henrik Nordstrom).
6572 - Enable virtual and Host: based acceleration in order to be
6573 able to use Squid as a transparent proxy without breaking
6574 either virtual servers or clients not sending Host: header
6575 the order of the virtual and Host: based acceleration needs
6576 to be swapped, giving Host: a higher precendence than virtual
6577 host (Henrik Nordstrom).
6578 - Use memmove/bcopy as detected by configure Some systems does
6579 not have memmove, but have the older bcopy implementation
6580 (Henrik Nordstrom).
6cf028ab 6581 - Completely rewritten aiops.c that creates and manages a pool
6582 of threads so thread creation overhead is eliminated (SLF).
6583 - Lots of mods to store.c to detect and cancel outstanding
6584 ASYNC ops. Code is not proven exhaustive and there are
6585 definately still cases to be found where outstanding disk ops
6586 aren't cancelled properly (SLF).
6587 - Changes to call interface to a few routines to support disk
6588 op `tagging', so operations can be cleanly cancelled on
6589 store_abort()s (SLF).
6590 - Implementation of swap.state files as transaction logs.
6591 Removed objects are now noted with a negative object size.
6592 This allows reliatively clean rebuilds from non-clean
6593 shutdowns (SLF).
6594 - Now that the swap.state files are transaction logs, there's
6595 now no need to validate by stat()ing. All the validation
6596 procedure does is now just set the valid bit AFTER all the
6597 swap.state files have been read, because by that time, only
6598 valid objects can be left. Object still need to be marked
6599 invalid when reading the swap.state file because there's no
6600 guarantee the file has been retaken or deleted (SLF).
6601 - An fstat() call is now added after every
6602 storeSwapInFileOpened() so object sizes can be checked. Added
6603 code to storeRelease() the object if the sizes don't match (SLF).
6474667e 6604 - #defining USE_ASYNC_IO now uses the async unlink() rather than
6605 unlinkd() (SLF).
6cf028ab 6606 - #defining MONOTONIC_STORE will support the creation of disk
6607 objects clustered into directories. This GREATLY improves disk
6608 performance (factor of 3) over old `write-over-old-object'
6609 method. If using the MONOTONIC_STORE, the
6610 {get/put}_unusedFileno stack stuff is disabled. This is
6611 actually a good thing and greatly reduces the risk of serving
6612 up bad objects (SLF).
6613 - Fixed unlink() in storeWriteCleanLogs to be real unlink()
6614 rather than ASYNC/unlinkd unlinks. swap.state.new files were
6615 being removed just after they were created due to delayed
6616 unlinks (SLF).
6617 - Disabled various assertions and made these into debug warning
6618 messages to make the code more stable until the bugs can be
6619 tracked down (SLF).
6620 - Added most of Michael O'Reilly's patches which included many
6621 bug fixes. Ask him for full details (SLF).
6622 - Moved aio_check_callbacks in comm_{poll|select}(). It was
6623 called after the fdset had been built which was wrong because
6624 the callbacks were changing the state of the read/write
6625 handlers prior to the poll/select() calls (SLF).
f09f5b26 6626 - Fixed ARP ACL memory leaks (Dale).
f577e074 6627 - Eliminated URL and SHA cache keys. Cache keys will always
6628 be MD5's now.
6629 - Fixed up store swap meta data.
6630 - Changed swap.state logs to a binary format.
f91834bf 6631 - The swap.state logs are written transaction-style.
d04dd4bf 6632
b5cfbd5b 6633Changes to squid-1.2.beta12 (Jan 30, 1998):
6634
b4512acd 6635 - Added metadata headers to cache swap files. This is an
6636 incompatible change with previous versions. Running this
6637 version for the first time will cause your current cache
6638 contents to be lost.
9fc0b4b8 6639 - -D_REENTRANT when linking with -lpthreads (Henrik Nordstrom)
6640 - Show symlink destinations as a hyperlink in FTP listings
6641 (Henrik Nordstrom)
3a4eaced 6642 - Fixed not allocating enough space for rewriting URLs with
6643 the Host: header (Eric Stern).
6644 - Year-2000 fixes (Arjan de Vet).
6645 - Fixed looping for cache hits on HEAD requests.
fc6dc767 6646 - Fixed parseHttpRequest() coredump for
6474667e 6647 "GET http://foo HTTP/1.0\r\n\r\n\r\n"
9fc0b4b8 6648
9f802cb1 6649Changes to squid-1.2.beta11 (Jan 6, 1998):
6650
fd82d0b0 6651 - Fixed fake 'struct rusage' definition which prevented compling
6652 on Solaris 2.4.
6653 - Fixed copy-by-ref bug for request->headers in
6654 clientRedirectDone() (Michael O'Reilly).
812db943 6655 - Workaround for Solaris pthreads closing FD 0 upon fork()
6656 (Michael O'Reilly).
05fd71a7 6657 - Fixed shutdown bug with outgoing UDP sockets; we need to
6658 disable their read handlers.
6659 - For comm_poll(), use the fast 50 msec timeout only when
6660 USE_ASYNC_IO is defined.
1fbc6de3 6661 - Fixed pointer bug when freeing AS# ACL entries.
6662 - Fixed forgetting to reset Config.npeers to zero in free_peer().
0f6bdbfa 6663 - Fixed ICP bug causing excessive TIMEOUTs with sibling
6664 neighbors. We must call the ICP reply callback even for
6665 sibling misses.
6666 - Fixed some dnsserver-related reconfigure bugs. Need to
6667 use cbdataLock, etc in fqdncache.c. Also don't want to
6668 use ipcacheQueueDrain() and fqdncacheQueueDrain().
6669 - Fixed persistent connection bug. We were incorrectly
6670 deciding that non-200 replies without content-length
6671 would not have a reply body.
6672 - Fixed intAverage() precedence bug.
6673 - Fixed memmove() 'len' arg bug.
6674 - Changed algorithm for determining alive/dead state of peers.
6675 Instead of using a fixed number of unacknowledged ICP
6676 replies, it is now based on timeouts. If there are no ICP
6677 replies received from a peer within 'dead_peer_timeout'
6678 seconds, then we call it dead.
6679 - Added calls to getCurrentTime() in
6680 comm_{select,poll}_incoming() when ALARM_UPDATES_TIME is not
6681 being used.
6682 - Fixed shutdown bug when the incoming and outgoing ICP socket
6683 is the same file descriptor.
e970f357 6684 - Added buffered writes for storeWriteCleanLogs() (Stewart
6685 Forster).
6686 - Patches for Qnx4 (Jean-Claude MICHOT).
6687 - Fixed returning void functions which seems to be a GCC-ism.
e5f4e1b0 6688 - New configure script options (Henrik Nordstrom):
6689 --enable-new-storekey=[sha|md5(|url)] (was --enable-hashkey)
6690 --enable-acltree
6691 --enable-icmp
6692 --enable-delay-hack
6693 --enable-useragent-log
6694 --enable-kill-parent (this should be named -hack)
6695 --enable-snmp
6696 --enable-time-hack
6697 --enable-cachemgr-hostname[=hostname] (new)
6698 --enable-arp-acl (new)
6699 - Added Doug Lea malloc-2.6.4 to the distribution, so that
6700 people easily can try a decent malloc package if they syspect
6701 their malloc is broken. --enable-dlmalloc (Henrik Nordstrom).
6702 - Made XMALLOC_DEBUG_COUNT working again. Requires a small stub
6703 function (Henrik Nordstrom).
6704 - Removed top-level Makefile. People must now run 'configure'
6705 before 'make'.
714ace98 6706 - Fixed checkFailureRatio() implementation.
82b3c7d9 6707 - Made 'squid -z' behave like the 1.1 version.
e5f4e1b0 6708
fd82d0b0 6709
ab9a3f7e 6710Changes to squid-1.2.beta10 (Jan 1, 1998):
6711
6712 - Fixed content-length bugs for 204 replies, 304 replies,
6713 and HEAD requests (Henrik Nordstrom).
6714 - Fixed errorAppendEntry() bug in gopherReadReply().
6715 - Basic support for FTP URL typecodes (;type=X).
9c965c1b 6716 - Support for access controls based on ethernet MAC addresses
ab9a3f7e 6717 (Dale).
6718 - Initial URN support; see
6719 http://squid.nlanr.net/Squid/urn-support.html
6720 - Fixed client-side persistent connections for objects with
6721 bad content lengths (Henrik Nordstrom).
6722 - Fixed bad call to storeDirUpdateSwapSize() for objects which
6723 never reach SWAPOUT_DONE state.
68e3a9df 6724 - Fixed up poll() #defines in squid.h (Stewart Forster).
6725 - Changed poll() timeout from 1000 msec to 50 msec for
6726 better performance under low load (Stewart Forster).
e7a1fde6 6727 - Changed storeWriteCleanLogs() to write objects in the LRU
6728 list order instead of the random hash table order.
109ff6af 6729 - Fixed FTP bug when data socket connections fail or timeout.
6730 - Reuse FTP data connection when possible (Henrik Nordstrom).
6731 - Added configure options (Henrik Nordstrom)
6732 --enable-store-key=sha|md5
6733 --enable-xmalloc-statistics
6734 --enable-xmalloc-debug
78743365 6735 --enable-xmalloc-debug-count
6736 --async-io
109203bf 6737 - Fixed confusing with the use/meaning of ERR_CANNOT_FORWARD
6738 by creating ERR_FORWARDING_DENIED and changing the
6739 content of the ERR_CANNOT_FORWARD text.
4e9c07c1 6740 - Fixed pipeline request bug from using strdup() (Henrik
6741 Nordstrom).
6742 - Call clientReadRequest() directly instead of commSetSelect()
6743 for pipelined requests (Henrik Nordstrom).
1b02b5be 6744 - Fixed 4k page leak in icpHandleIMSReply();
6745 - Renamed 'icp*' functions to 'client*' names in client_side.c.
e7a1fde6 6746
b90a0f8d 6747Changes to squid-1.2.beta8 (Dec 2, 1997):
6748
eae03fc8 6749 - Fixed accessLogLog() to log ident from Proxy-Authorization
6750 request header (BoB Miorelli).
226f9ba2 6751 - Fixed #includes, prototypes, etc. in SNMP source files.
6752 - Moved 'POLLRDNORM' and 'POLLWRNORM' macro checks from
6753 include/config.h.in to src/squid.h
6754 - Moved 'num32' typedefs from src/typedefs.h to
6755 include/config.h.in.
6756 - Moved snmplib/md5.c to lib/md5.c.
6757 - Added MD5 cache key support.
6758 - Removed xmalloc() return check in uudeocde.c
6759 - Added 'ifdef' support to cf_gen.c for optional code (e.g. SNMP)
6760 - Changed 'client' program to provide easier cache manager access,
3ff01c3e 6761 e.g.: 'client mgr:info'
226f9ba2 6762 - Fixed 'client' to send 'Connection' instead of 'Proxy-Connection'
6763 for simulated keep-alive requests.
6764 - Removed 'fd' arg from clientProcess* functions.
9e3468d5 6765 - Fixed bugs from using errorSend() on persistent/pipelined
226f9ba2 6766 client connections. A latter request should not be allowed to
6767 write to the client fd until the current request completes.
6768 Now use errorAppendEntry() for such situations.
6769 - Fixed content-length bugs. We were using content-length == 0
6770 to also indicate a lack of content-length reply header. But
6771 'content-length: 0' might appear in a reply, so now use -1 to
6772 indicate that no content length given.
6773 - Split up clientProcessRequest() into smaller chunks so it
6774 might be easier to follow.
6775 - renamed various client_side.c functions to start with 'client'
6776 instead of 'icp'.
6777 - Fixed a 'cbdata leak' from the comm.c close handlers.
6778 - Fixed a 'cbdata leak' from the comm.c connect routines.
6779 - Fixed comm_select() and comm_poll() to stop looping on the
6780 incoming HTTP/ICP sockets. If there are fewer than 7 FD's
6781 ready for I/O, the incoming sockets might not get service, so
6782 comm_select() would be called for up to 7 times until the
6783 'incoming_counter' was incremented enough to trigger a call
6784 to comm_select_incoming(). Now we make sure
6785 comm_select_incoming() gets called if select returns less
6786 than 7 ready FD's.
9e3468d5 6787 - Added errorpage '%B' token to generate FTP URLs with a '%2f'
6788 inserted at the start of the url-path. calls ftpUrlWith2f().
6789 (Henrik Nordstrom).
226f9ba2 6790 - Changed fqdncache.c to use LRU double-linked list instead of qsort()
6791 for replacement and cachemgr output.
6792 - Changed ipcache.c to use LRU double-linked list instead of qsort()
6793 - Changed hash_insert() and hash_join() to return void.
6794 for replacement and cachemgr output.
6795 - Moved StoreEntry->method member to MemObject->method.
6796 - Made StoreEntry->flags 16 bits.
6797 - Made StoreEntry->refcount 16 bits.
6798 - Changed URL-based public cache key to always include the request
6799 method.
eae03fc8 6800
95bc9f0b 6801Changes to squid-1.2.beta7 (Nov 24, 1997):
6802
6a11653c 6803 - Fixed poll() for Linux (David Luyer).
6804 - SHA optimizations (David Luyer).
6805 - Fixed errno clashes with macro on Linux (David Luyer).
6806 - Fixed storeDirCloseSwapLogs(); logs might not be open.
6807 - Fixed storeClientCopy2() bug. Detect when there is
6808 no more data to send for objects in STORE_OK state.
19ee64b1 6809 - Fixed FTP truncation bug when ftpState->size == 0, e.g.
6810 especially directory listings.
95bc9f0b 6811 - Mega FTP fix from Henrik Nordstrom. A better job of
6812 implementing the '%2f' hack.
6813 - Fixed some pipelined request bugs. storeClientCopy() was
6814 being given the wrong StoreEntry, and we had a race condition
6815 which is now handled by storeClientCopyPending().
99077fe6 6816 - Added initial SNMP support.
6a11653c 6817
2c9b45c9 6818Changes to squid-1.2.beta6 (Nov 13, 1997):
6819
1b5516d3 6820 - Fixed Authorized responses getting swapped out when they
6821 don't have Proxy-Revalidate reply header.
6822 - Fixed Proxy Authentication support. We never sent back
6823 a 407 reply, and were incorrectly incrementing the passwd
6824 before comparing it.
6825 - Fixed stat()ing pathnames for default values before parsing
6826 config file (Ron Gomes).
6827 - Fixed logging request and response headers on separate lines
6828 (Ron Gomes).
6829 - Fixed FTP Authentication message (Henrik Nordstrom).
6830 - Changed Proxy Authentication to trigger a reread of the passwd
6831 file if a password check fails (Henrik Nordstrom).
6832 - Changed FTP to retry the first CWD with a leading slash if it
6833 fails without one.
6834
8c17a569 6835Changes to squid-1.2.beta5 (Nov 6, 1997):
6836
90045285 6837 - Track the 'keep-alive ratio' for a peer as the ratio of
6838 the number of replies including 'Proxy-Connection: Keep-Alive'
6839 compared to the number of requests sent. If the peer does
6840 not support Persistent connections then this ratio will tend
6841 toward zero. If the ratio is less than 50% after 10 requests
6842 then we'll stop sending Keep-Alive.
8c3994aa 6843 - Proper support for %nn escapes in FTP, and numerous
6844 other fixes (Henrik Nordstrom).
6845 - Support for Secure Hash Algorithm and framework for other
6846 hash functions as cache keys.
6847 - Fixed SSL snprintf() bug which broke SSL proxying.
6848 - Fixed store_dir swap log bug from reconfigure (SIGHUP).
8c17a569 6849 - Fixed LRU Reference Age bug. The arg to pow() must be
8031bd43 6850 minutes, not seconds.
90045285 6851
9ddfb255 6852Changes to squid-1.2.beta4 (Oct 30, 1997):
6853
a493f974 6854 - Fixed DST bug in rfc1123.c
6855 - Changed default http_accel_port to 80.
6856 - added errorCon() as a ErrorState constructor function
6857 (Max Okumoto).
6858 - Added ERR_FTP_FAILURE message for ftpFail().
6859 - For FTP, the timeout callback must be moved to the 'data'
6860 descriptor when data transfer begins. Otherwise we are
6861 likely to get a timeout on the control descriptor.
6862 - Fixed double-free bug in httpRequestFree().
6863 - Fixed store_swap_size counting bug in storeSwapOutHandle().
6864
409a6aad 6865Changes to squid-1.2.beta3 (Oct 29, 1997):
6866
6867 - Initialize _res.options to RES_DEFAULT in dnsserver.c.
6868 - Fix assertions which assumed 4-byte pointers.
6869 - Fix missing % in fqdncache.c snprintf().
6870
5a2d610b 6871Changes to squid-1.2.beta2 (Oct 28, 1997):
6872
8c3994aa 6873 - Fixed aiops.c and async_io.c so that they actually compile
f5b8bbc4 6874 with USE_ASYNC_IO (Arjan de Vet).
6875 - Fixed errState->errno causing problems with some macros
6876 (Michael O'Reilly).
d287f51e 6877 - Fixed memory leaks in pconn.c (Max Okumoto).
0866009b 6878 - Enhanced 'client' program with 'ping' behaviour (Ron Gomes).
272547b5 6879 - Fixed InvokeHandlers() from calling memCopy() for ALL
6880 store_client's with callbacks. A store_client might be reading
6881 from disk.
5a2d610b 6882 - Rewrote storeMaintainSwapSpace(). No longer will we scan one
272547b5 6883 bucket at a time. Instead we'll maintain a single LRU
6884 list. When an object is 'touched' we move it to the
6885 top of this list. When we need disk space, we delete
6886 from the bottom.
5a2d610b 6887 - Removed storeGetSwapSpace().
f5b8bbc4 6888
871f0b8a 6889Changes to squid-1.2.beta1 ():
6890
6891 - Reworked storage manager to not keep objects in memory during
6892 transit. In other words, no separate NOVM distribution.
6893 - Lots of cleanup and debugging for beta release.
6894 - Use snprintf() everywhere instead of sprintf().
6895 - The 'in_memory' hash table has been replaced with a
6896 doubly-linked list. New objects are added to the head of
6897 the list. When memory space is needed, old objects are
6898 purged from the tail of the list.
6899
0edfe7a2 6900Changes to squid-1.2.alpha7 ():
6901
c4958532 6902 - fixes fixes fixes.
6903 - Made Arjan's PROXY_AUTH ACL patch standard.
0edfe7a2 6904
8905b90c 6905Changes to squid-1.2.alpha6 ():
6906
6684fec0 6907 - Simpler cacheobj implementation.
6605655c 6908 - persistent connection histogram
8872e1f8 6909 - SERVER-SIDE PERSISTENT CONNECTIONS:
6474667e 6910 - Added pconn.c
6911 - Addec Cofig.Timeout.pconn; default 120 seconds
6912 - Added httpState->flags
6913 - Added flags arg to httpBuildRequestHeader()
6914 - Added HTTP_PROXYING and HTTP_KEEPALIVE flags
6915 - Added 'Connection' to allowed HTTP headers (http-anon.c)
8872e1f8 6916 - Added 'Proxy-Connection' to allowed HTTP headers
6917 (http-anon.c)
a7736231 6918 - Merged proxyhttpStart() with httpStart() and created
8872e1f8 6919 new httpBuildState().
6920 - New httpPconnTransferDone() detects end-of-data on
6921 persistent connections.
6684fec0 6922
88738790 6923Changes to squid-1.2.alpha5 ():
6924
6925 - New configuration system. Everything is generated from
6926 'cf.data.pre', including the main parser, setting defaults,
6927 outputting current values, and freeing memory.
6928 This also involved moving some of the local data structures
6929 (e.g. struct _acl *AclList in acl.c) to the Config
6930 structure. (Max Okumoto)
6931 - No more '/i' for regular expressions. Now insert a '-i'
6932 to switch to case-insensitive. Use '+i' for case-sensitive.
6933 - When you have a variable named the same as its type, sizeof()
6934 gets the wrong one (fde).
6935 - Need to flush unbuffered logs before fork().
6936 - Added two fields swap log: refcount and e->flag.
6937 - Removed all the .h files for each .c file. Now #include stuff
6938 is in either: defines.h, enums.h, typedefs.h, structs.h,
6939 or protos.h, globals.h. This greatly reduces dependencies
6940 between the various source files.
6941 - globals.c is generated from globals.h by a Perl script.
8ee3ca2c 6942 - Started customizable error texts.
88738790 6943
97f674c8 6944Changes to squid-1.2.alpha4 ():
6945
ec973719 6946 - New MIME configuration, regular expression based
6947 - Added request_timeout config option
6948 - Multiple HTTP sockets (Lincoln Dale).
6949 - Moved 'fds_are_n_free' check to httpAccept().
6950 - s/USE_POLL/HAVE_POLL/; make poll() default if available.
7e49f700 6951 - Changed storeRegister to use offsets and make immediate
6952 callbacks if appropriate.
6953 - Removed icpDetectClientClose(). Some of that functionality
6954 goes into clientReadRequest() and the rest into
6955 httpRequestFree().
b1b387d1 6956 - Moved IP lookups to commConnect stuff.
6957 - Added support for retrying connect().
858164fc 6958 - New inline debug() macro (David Luyer).
e174e0fe 6959 - Replace frequent gettimeofday() calls with alarm(3) based
6960 clock. Need to add more gettimeofday() calls to get back
a59968c7 6961 high-resolution timestamp logging (Andres Kroonmaa).
0153d498 6962 - Added support for Cache-control: proxy-revalidate;
6963 based on squid-1.1 patch from Mike Mitchell.
ec973719 6964
3b08d32d 6965Changes to squid-1.2.alpha3 ():
6966
6967 - Implemented persistent connections between clients and squid.
6968 - Moved various FD tables (comm.c, fdstat.c, disk.c) to a single
6969 table in fd.c.
6970 - Removed use of FD as an identifier in certain callback
6971 operations (ipcache, fqdncache).
6972 - General code cleanup.
6973 - Fixed typedefs for callback functions.
6974 - Removed FD lifetime/timeout dichotomy. Now we only have
6975 timeouts, however the lifetime concept/keyword may still
6976 linger in certain places.
6977 - Change Makefile 'realclean' target to 'distclean'
6978 - Changed config file parsing of time specifications to use
6979 parseTimeLine().
6980 - Removed storetoString.c
6981
6982Changes to squid-1.2.alpha2 ():
74cebec0 6983
6984 - Merged squid-1.1.9, squid-1.1.10 changes
6985
7b41ec97 6986Changes to squid-1.2.alpha1 ():
6987
6988 - Unified peer selection algorithm.
75e88d56 6989 - aiops.c and aiops.h are a threaded implementation of
6990 asynchronous file operations (Stewart Forster).
6991 - async_io.c and async_io.h are complete rewrites of the old
6992 versions (Stewart Forster).
6ad85e8a 6993 - Rewrote all disk file operations of squid to support
75e88d56 6994 the idea of callbacks except where not required (Stewart
6995 Forster).
75e88d56 6996 - Background validation of 'tainted' swap log entries (Stewart
6997 Forster).
6998 - Modified storeWriteCleanLog to create the log file using the
6999 open/write rather than fopen/printf (Stewart Forster).
7000 - Added the EINTR error response to handle badly interrupted
7001 system calls (Stewart Forster).
6ad85e8a 7002 - UDP_HIT_OBJ not supported, removed.
7003 - Different sized 'cache_dirs' supported.
75e88d56 7004
e924600d 7005==============================================================================
Mirror of https://github.com/squid-cache/squid.git