]> git.ipfire.org Git - thirdparty/squid.git/blame - ChangeLog
projects / thirdparty / squid.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
SourceFormat Enforcement
[thirdparty/squid.git] / ChangeLog
CommitLineData
5cc53d80 1Changes to squid-3.2.0.18 (29 Jun 2012):
f787354b
AJ		 2
3 - Bug 3576: ICY streams being Transfer-Encoding:chunked
4 - Bug 3537: statistics histogram leaks memory
5 - Bug 3526: digest authentication crash
6 - Bug 3484: Docs: sslproxy_cert_error example flawed
7 - Bug 3462: Delay Pools and ICAP
8 - Bug 3405: ssl_crtd crashes failing to remove certificate
9 - Bug 3380: Mac OSX compile errors with CMSG_SPACE
10 - Bug 3258: Requests hang when Host forgery verify fails
11 - Bug 3186: Digest auth caches failed state without revalidating
12 - Bug 2976: ERR_INVALID_URL for transparently captured requests when reconfiguring
13 - Bug 2885: AIX: check and set required compiler flags
14 - Fix ssl_crtd compile issues with libsslutil
15 - Fix build with GCC 4.7 (and probably other C++11 compilers).
16 - Fix double-escape of %R on deny_info redirect responses
17 - Support status 308 Permanent Redirect
18 - Support for TLSv1.1 and TLSv1.2 options and methods
19 - Support passing external_acl_type credentials on ICAP
20 - Language Updates: fr, hy, pt_BR
21 - ... and many compile issues on Windows
22 - ... and some minor code polish
23
5cc53d80 24Changes to squid-3.2.0.17 (12 Apr 2012):
f949585d
AJ		 25
26 - Bug 3527: EUI compile errors on Mac OS X 10.5.8 PPC
27 - Bug 3509: kQueue compile error
28 - Bug 3505: crash in CbcPointer<Comm::ConnOpener> constructor
29 - Bug 3441: Part 3: Replace corrupted v1 swap.state with new v2 format.
30 - Bug 3397: do not mark connection as opened until after SYN-ACK
31 - Bug 3193: NTLM decoder truncating strings
32 - Windows FD handling polish and some fixes
33 - Solaris 9/10 various build fixes
34 - ... and some more code polish
35
5cc53d80 36Changes to squid-3.2.0.16 (07 Mar 2012):
488e6901
AJ		 37
38 - Bug 3508: Correct DNS timeout handling.
39 - Bug 3503: DNS PTR queries timeout due to wrong QIDs.
40 - Bug 3497: Bad ssl_crtd db size file causes infinite loop
41 - Bug 3490: part 1: SegFault opening FTP active data connections
42 - Bug 3490: Crash writing Apache Common and Referer/Useragent logs
c5426f8f 43 - Bug 3458: Icon Serving (squid-internal-static) Broken
488e6901
AJ		 44 - Bug 3457: Display TLS error details in ERR_SECURE_CONNECT_FAIL
45 - Bug 3381: 32-bit overflow assertion in StatHist
46 - Bug 3324: loadFromFile: parse error while reading template file
47 - Support sslpassword_program for ssl-bump HTTP ports
48 - Support CoAP protocol coap:// and coaps:// URL schemes in HTTP requests
49 - Retry requests that failed due to a persistent connection race
50 - Log '-' on requests with no Referer or User-Agent headers
51 - ... and several fixes related to in-transit object performance
52 - ... and some structural design changes for portability
53
5cc53d80 54Changes to squid-3.2.0.15 (06 Feb 2012):
f9329b54
AJ		 55
56 - Bug 3472: segfault with the message 'urlParse: URL too large'
57 - Bug 3471: segfault when %la formating code used
58 - Bug 3449: part 3: shm_open can fail with a mangled path
59 - Bug 3449: part 4: shm_open failed (fixing memory_cache_shared defaults)
60 - Bug 3448: 204 response problem in adaptation chains
61 - Bug 3447: assertion failed: CommCalls.h:150: "dp"
62 - Bug 3461: build regression in IPFilter NAT
63 - Bug 3413: raise cbdata lock limits
64 - Bug 3391: forwarded_for log functionality broken
65 - Bug 3268: Squid cannot do anything else during ufs/diskd rebuild
66 - Bug 3268: remove wrong 'Ready to serve requests.' message
67 - Bug 2519: ssl_bump + Authentication (LDAP Digest) issues
68 - Disable OpenSSL SSL/TLS bug workarounds by default
69 - Send DNS A and AAAA queries in parallel
70 - Cache Manager migration support
71 - Allow service of internal requests over reverse-proxy ports
72 - Fix trimMemory for unswappable objects
73 - ... and several build and polish fixes
74
902bc38b
AJ		 75Changes to squid-3.2.0.14 (12 Dec 2011):
76
77 - Bug 3433: Segfault closing SNMP
78 - Bug 3420: Request body consumption races and !theConsumer exception.
79 - Bug 3406: SSL Log Error in debug
80 - Bug 3383: store.cc:1631: "new_status != IN_MEMORY" assertion
81 - Bug 3383: unhandled exception: theGroupBSize > 0
82 - Bug 3377: assertion failed: store.cc:885: "store_status == STORE_PENDING"
83 - Bug 3367: fix inverted check on host_strict_verify
84 - Bug 3366: assertion comm.cc:1276: isOpen(fd) via CompositePoolNode::kickReads
85 - Bug 3364: SNMP Orphans
86 - Bug 3301: ERR_DNS_FAIL never shown
87 - Bug 3150: do not start useless unlinkd
88 - ext_session_acl: version 1.2
89 - Add adaptation_meta option
90 - Add a mask on the qos_flows miss configuration value
91 - Support intermediate CA in ssl-bump traffic certificates
92 - Support SSL certificate failure details on error page
93 - Fix flags for NAT intercept and TPROXY not set correctly
94 - Fix fastCheck() default result on multi-line actions
95 - Fix missing SMP shared memory statistics
96 - Fix Comm::Write closing() assertion when retrying a failed UDP DNS query
97 - ... and several other TCP and SMP support behaviour fixes
98 - ... and many code polishing cleanups and fixed build errors
99 - ... and several documentation polishings
100
8fe9e0a2
AJ		 101Changes to squid-3.2.0.13 (14 Oct 2011):
102
103 - Regression Bug 3363: never_direct always 'unable to forward this request at this time'
104 - Regression Bug 3351: FTP timeout causing "store_status == STORE_PENDING" assertion
105 - Regression Bug 3336: reconfigure assertion 'hlp->childs.n_running > 0'
106 - Regression fix: always_direct/never_direct failures
107 - Regression fix: stop an SSL header file being included after --disable-ssl
108 - Regression fix: parse HTTP list headers with embedded 8-bit characters
109 - Bug 3355: configure setting --with-swapdir ignored
110 - Bug 3325: option to selectively enable strict host verify checks
111 - Bug 3337: HTTP status 200 is not accepted for deny_info
112 - Bug 3077: '\' in url query strings cause Digest authentication to fail
113 - Support SMP worker shared memory cache
114 - Support SMP worker shared disk cache (rock)
115 - ext_session_acl: version 1.1
116 - Fix Host verify: do not pinn destination IP if URL re-write has been done
117 - Fix IPF interception
118 - Fix ssl_crtd "Cannot add certificate to db" when updating expired cert
119 - Fix ssl_crtd CertificateDB locking scheme
120 - ... and all changes from 3.1.16
121 - ... and many compile and polishing fixes
122
f96fd18d
AJ		 123Changes to squid-3.2.0.12 (17 Sep 2011):
124
125 - Regression Bug 3335: ICAP service is down
126 - Regression Bug 3322: adapt:: and icap:: format codes do not parse
127 - Regression Bug 3303: Support for non-English usernames in log files
128 - Regression Bug 3259: assertion failed: Connection.cc:29: 'fd<0' after REVIVED PARENT
129 - Regression: %I shows hostname on SSL error page
130 - Regression: FTP outgoing port always 'in use' on PASV connections
131 - Bug 3337: (partial) status 200 is not accepted for deny_info
132 - Bug 3319: Inconsistencies in error messages
133 - Bug 3281: pconn in-use while closing assertion
134 - Bug 3243: Fix cases: raw-IPv6, case variant FQDN, internal request
135 - Fixed max-stale check. Entities not exceeding max-stale were marked as stale
136 - Adjust format code %la for intercepted connections
137 - Log ICAP_ERR_GONE ICAP transaction outcome when ICAP initiator disappears early
138 - Send RST packet when closing an ICAP connection after a transaction error
139 - Support maximum field width for string access.log fields
140
2284b7f7
AJ		 141Changes to squid-3.2.0.11 (28 Aug 2011):
142
143 - Bug 3243: CVE-2009-0801 Bypass of browser same-origin access control
144 - Host: authority validation of intercepted destination IP
145 - Host: authority validation of request URL
146 - Host: authority validation of CONNECT tunnel destination
147 - Preserve client destination IP in intercepted communication
148 - Regression Bug 3316: Failed to connect to nameserver using TCP
149 - Regression Bug 3311: segmentation fault in getMyPort() with only intercept port set
150 - Regression Bug 3310: %<pt translates as %<p
151 - Regression Bug 3301: ERR_DNS_FAIL never shown (partial)
152 - Regression Bug 3288: %<la and %<lp not displaying
153 - Bug 3289: cache manager parameters not parsed without password
154 - Bug 2279: Log Format options to log server source IP and port
155 - Bug 3211: ssl_crtd start even if no ssl-bump port is configured
156 - Bug 3138: squidclient mgr:objects/mgr:vm_objects never ends
157 - Bug 3118: ecap_enable on forces icap_enable on
158 - Bug 3107: ncsa_auth DES silently truncates passwords to 8 bytes
159 - Default to vhost for accelerator mode (reverse proxy)
160 - Display HTTP protocol syntax at section 11 level 2
161 - Support for using custom keys in CARP parents
162 - Optimize regular expression ACLs
163 - ... and a lot of code portability fixes
164 - ... and all bugs and polish changes from 3.1.15
165
3ff024ec
AJ		 166Changes to squid-3.2.0.10 (24 Jul 2011):
167
168 - Port from 2.7: act-as-origin for reverse proxy ports
169 - Regression fix: broken --disable-ipv6
170 - Regression fix: negative cacheing on unknown or -1 expiry timestamp
171 - Regression fix: vhost and defaultsite causing vport to be ignored
172 - Regression fix: several errors in persistent connection handling
173 - Regression Bug 3280: allow max-size unset and min-size=N for large objects
174 - Regression Bug 3245: reconfigure assertion in MemPools[type]
175 - Regression Bug 3274: assertion failed: CommCalls.h:144: "dp"
176 - Regression Bug 3273: assertion comm.cc:775: Comm::IsConnOpen(conn)
177 - Regression Bug 3269: cache.log applyQueryParams messages
178 - Regression Bug 3264: Segmentation Fault in src/ipc/Strand.cc(54) receive: 3
179 - Regression Bug 3246: assertion client_side.cc:1407 connIsUsable(http->getConn())
180 - Bug 3267: workers IPC mount points disobey --localstatedir
181 - Bug 3248: login=NEGOTIATE sends wrong auth header to origin peers
182 - Bug 3247: Domain from URL Stripped when going through peers
183 - Bug 3244: wrong port for peer relayed requests
184 - Bug 3195: kerberos_ldap_group will not build without kerberos
185 - Bug 2862: add http(s):// support to cache manager
186 - kerberos_ldap_group: several fixes to -S option
187 - ssl_crtd: Add man(8) file
188 - ... and several pieces of code cleanup and polishing.
189 - ... and most bug fixes and updates from 3.1.14 and 3.1.15
190
6d44d1e9
AJ		 191Changes to squid-3.2.0.9 (18 Jun 2011):
192
193 - Bug 3159: delay pools --disable-auth compile problems
194 - HTTP/1.1: Support multiline quoted-string header fields
195 - HTTP/1.1: Send 505 Unsupported Version on mangled version codes
196 - Support configurable and translated SSL error details messages
197 - Add log format codes for split client/server views of HTTP request line
198 - Major upgrade of TCP connection handling
199 - Support split-stack IPv6 to servers
200 - Support persistent connections with tcp_outgoing_address/tcp_outgoing_tos
201 - Optimized persistent connection handling
202 - Optimized FTP data connection handling
203 - Optimized TCP failure recovery
204 - ... and all bug fixes and updates from 3.1.12.3
205 - ... and many code polish, documentation and translation cleanups
206
65f2789a
AJ		 207Changes to squid-3.2.0.8 (30 May 2011):
208
209 - Bug 3214: "helperHandleRead: unexpected read from ssl_crtd" errors.
210 - Bug 3043: Properly detect Iphlpapi.h on windows
211 - Bug 2055: Honor ICAP Max-Connections
212 - Fix NTLM/Negotiate reply auth PASSTHRU to peers
213 - Support SSL SNI to origin servers
214 - Add %EXT_LOG and %EXT_TAG external_acl_type format options
215 - Add %b tag for proxy listening port display in error pages
216 - Optimize base64 encoding/decoding
217 - Require libcap before enabling netfilter MARK support
218 - Require libtool 2.2
219 - Bundle pkg.m4 from pkg-config 0.25 for OS without pkg-config
220 - ... and all bug fixes and updates from 3.1.12.2
221 - ... and some documentation and code polishing
222
065f7779
AJ		 223Changes to squid-3.2.0.7 (19 Apr 2011):
224
225 - Regression fix: NTLM and Negotiate auth assertion "RefCountCount() == 2"
226 - Regression fix: icons/ FHS compliance
227 - Regression fix: Startup aborts with URL error when --disable-htcp
228 - Bug 3192: comm.cc:216: "fd_table[fd].halfClosedReader != NULL"
229 - Add negotiate_wrapper_auth version 1.0.1
230 - Fixed %dt logging in the presence of REQMOD
231 - Fixed chunked request forwarding in ICAP REQMOD presence
232 - ... all bug fixes and updates from 3.1.12.1
233 - ... many code polishings and display cleanups
234
7d9ce496
AJ		 235Changes to squid-3.2.0.6 (04 Apr 2011):
236
237 - Regression fix: upgrade existing icons
238 - Regression fix: dont crash when accessing an SSL certificate with errors
239 - Regression fix: prevent stdio log module segfaults on rotate
240 - Regression fix: shutdown properly even if a worker process crashes on exit
241 - Regression Bug 3159: (partial fix) ICAP and --disable-auth compile problems
242 - Bug 3170: "Unsupported or unconfigured/inactive proxy-auth scheme" on shutdown
243 - Bug 3105: malformed Proxy-Authorization leaks memory
244 - Bug 3007: CONNECT to cache_peer returns 000 status code
245 - Bug 2885: Compile errors on AIX
246 - Support parameterized Cache Manager queries
247 - Support libecap v0.2.0; fixed eCAP body handling and logging
248 - Support dynamic adaptation plans that cover multiple vectoring points
249 - Support %D details for documented OpenSSL errors
250 - Support logging of all transactions including those with uncertain status or no sent response
251 - Updrate negotiate_kerberos_auth to version 3.0.4sq
252 - Update ext_kerberos_ldap_group_acl to version 1.3.0sq
253 - Update ext_edirectory_userip_acl to version 2.1
254 - Convert dns_timeout and dns_retransmit_interval directives to use millisecond resolution
255 - Change the default dns_timeout value from 2 minutes to 30 seconds
256 - Fix TCP log stream flushing on every line
257 - ... all bug fixes and updates from 3.1.12
258 - ... a great many compiler portability fixes
259 - ... many code polishings and display cleanups
260
850ff99f
AJ		 261Changes to squid-3.2.0.5 (12 Feb 2011):
262
263 - Regression Fix: profiler should not be built by default
264 - Regression Bug 3081: assertion failed: AsyncCallQueue
265 - Regression Bug 2948: Requests for FTP active downloads cause failed assertion
266 - Bug 3089: FTP command output overrides directory listing
267 - Bug 2870: --disable-auth does not work
268 - Bug 2586: multiple memory leaks during reconfigure
269 - Bug 2581: FTP directory listing sometimes fails
270 - Port from 2.7: maximum staleness limits
271 - HTTP/1.1: Support RFC 5861 Cache-Control: stale-if-error option
272 - HTTP/1.1: Support configurable status codes for deny_info
273 - Support upcoming "fresh message creation" eCAP API
274 - Aggregate SNMP responses when using SMP with multiple workers
275 - Several more Solaris, Windows and ICC support fixes
276 - ... all bug fixes and updates from 3.1.11
277 - ... and more code cleanup shufflings
278 - ... and several documentation updates
279
834d2128
AJ		 280Changes to squid-3.2.0.4 (22 Dec 2010):
281
282 - Port 2.x: cache_dir min-size setting
283 - Bug 3059: Crash on digest auth headers with unknown nonce
284 - Fix cachemgr reported HTTP/ICP requests/messages per minute when multiple workers used
285 - Fix cachemgr mem-pools reporting
286 - Add Dynamic SSL certificate generation
287 - Add useragent, referer, combined built-in log formats
288 - Obsolete log_fqdn directive
289 - Obsolete useragent/referer/forward_log directives
290 - HTTP/1.1: Send 1.1 on CONNECT responses
291 - Updated Kerberos support for newer GSSAPI releases
292 - Improve handling of adapted body delivery failures in REQMOD request satisfaction mode
293 - Improve handling of early eCAP transaction failures
294 - Various ext_edirectory_acl fixes
295 - ... all bug and feature fixes included in 3.1.10 release
296 - ... and a lot of code and documentation polishing
297
1664edf4 298Changes to squid-3.2.0.3 (07 Nov 2010):
b40d9a33
AJ		 299
300 - Regression fix: SMP broke ICP outgoing IP lookup if no udp_outgoing_addr set
301 - Regression fix: ESI processing of Surrogate filter
1664edf4 302 - Bug 3091: bypassed ICAP errors are not counted as service failures
b40d9a33 303 - Bug 3048: "commio_has_callback(fd, IOCB_READ, ccb)" assertion.
1664edf4 304 - Bug 3038: Detatch libmisc from libcompat
b40d9a33
AJ		 305 - Bug 3028: Permit wbinfo_group.pl to authenticate Kerberos users with NT domain
306 - Bug 3002: store initialization (-z) does not work with SMP configs
307 - Bug 2999: v2.0 of ext_edirectory_userip_acl
308 - Bug 2785: DNS needs to set EDNS options advertising Squid capabilities
309 - Bug 595: Add %err_code and %err_detail logformat codes for transaction failures
310 - HTTP/1.1: support If-Match and If-None-Match requests
311 - HTTP/1.1: forward 1xx control messages to clients that support them
312 - HTTP/1.1: send Age:0 header even if it may break IE5
313 - HTTP/1.1: dechunk incoming requests and chunk outgoing requests
314 - HTTP/1.1: entry is stale if request has max-age=0
315 - HTTP/1.1: harden quoted-string parser
316 - Add --enable-build-info for extra "squid -v" display
317 - Add --with-swapdir=PATH to override default /var/cache/squid
318 - Add cpu_affinity_map directive to bind workers to CPU cores
319 - Add Netfilter MARK support for QoS
320 - Add upgrade process for obsolete options
321 - Add support for RFC 2965 Set-Cookie2 / Cookie2 headers
322 - Add support for client send bandwidth limits (a.k.a., quota or delay pool)
323 - Fixes Eui48 support on OpenBSD
324 - Fixes cache manager support with SMP configs
325 - ... several documentation updates
326 - ... all bug and feature fixes included in 3.1.9 release.
327 - ... many more code polishes and leak removals
328
dee6a922
AJ		 329Changes to squid-3.2.0.2 (04 Sep 2010):
330
331 - Bug 3015: assertion failed: comm.cc:143: "ccb->active()"
332 - Support rotating logs from cachemgr and squidclient
333 - Support Kerberos authentication in squidclient
334 - Add manual page for negotiate_kerberos_auth
335 - Add helper ext_kerberos_ldap_group_acl to lookup Kerberos/NTLM group via LDAP
336 - Add tool 'purge' for management of UFS/AUFS/DiskD caches (experimental)
337 - Added log options %http::<bs and %icap::<bs
338 - Collapse HTCP cache_peer options into one setting
339 - Improved request smuggling attack detection. Tolerating valid benign HTTP
340 - ... and several HTTP/1.1 compliance improvements
341 - ... and all improvements in 3.1.7 and 3.1.8
342
6be4a9a8
AJ		 343Changes to squid-3.2.0.1 (03 Aug 2010):
344
345 - Port from 2.7: Logging infrastructure updates
346 - Port from 2.7: Unique sequence number per log line
347 - Port from 2.6: STORE_META_OBJSIZE swapout storage type
348 - Bug 2792: tcp_outgoing_addr does not work with TPROXY
349 - Bug 2631: refresh_pattern store-stale option
350 - Bug 2305: Multiple leaks and assertion crashes in authentication
351 - Bug 1239: Much needed ACL type random
352 - Bug 7: (partial): Migrate on-disk objects to cache_mem on hit/refresh and update
353 - Support full Surrogate/1.0 protocol extensions to HTTP for reverse-proxies
354 - Support SMP for essential non-caching functionality
355 - Support logging over TCP
356 - Support Solaris 10 pthreads (experimental)
357 - Support Kerberos login to peers
358 - Support EUI / MAC in more environments
359 - Support format tags in deny_info URLs
360 - Support running helpers on-demand instead of all at startup
361 - Support fully transparent login=PASSTHRU of authentication headers to peers
362 - Support multi-lingual localised FTP directory listings
363 - Support TPROXYv4 spoofing of X-Forwarded-For client address
364 - Support ICAP 206 Partial Content extension
365 - Append the _ABORTED or _TIMEDOUT suffixes to the action access.log field
366 - Add ACL support to range_offset_limit
367 - Add helpers for url_rewrite
368 - Add helper multiplexer for concurrency emulation with legacy helpers
369 - Add Perl library which facilitates parsing access logfile entries.
370 - Add a simple script to summarise traffic use per user
371 - Add templates for captive portal proxy configuration instructions
372 - Add logging of the local TCP port used by transactions with HTTP servers
373 - Update mswin_check_ad_group to version 2.0
374 - Update squid_kerb_auth helper to version 3.0.2
375 - Remove double-language error page hack (replaced by locale auto-negotiation)
376 - Remove TPROXYv2 support (replaced by TPROXYv4)
377 - Remove no_check.pl NTLM helper (replaced by ntlm_fake_auth)
378 - Re-work ./configure script for smarter auto-detect and early error checks
379 - Auto-enable all features by default
380 - Workaround com_err.h C++ brokenness triggered by OpenSSL includes
381 - Helpers naming scheme
382 - Add support for write timeouts
383 - Modify icap_service_failure_limit option to forget old ICAP errors
384 - Updated man(8) manuals including several additions and translations
385 - ... and a great many code cleanups
386 - ... and a great many testing improvements
387 - ... and many documentation updates
388
5cc53d80 389Changes to squid-3.1.20 (08 Jun 2012):
dd8d2619
AJ		 390
391 - Regression Bug 3545: FreeBSD dnsserver segfaults
392 - Regression Bug 3504: clientside_tos fails to mark traffic
393 - Bug 3539: CONNECT server connection not closed correctly on errors
394 - Bug 3502: client timeout uses server-side read_timeout, not request_timeout
395 - Bug 3466: Adaptation stuck on last single-byte body piece
396 - Bug 3463: dnsserver fails to compile
397 - Bug 3439: correct external_acl_type documented default for ipv4/ipv6 option
398 - Bug 3390: Proxy auth data visible to scripts
399 - Bug 3263: ssl_crtd: undefined references to squid_curtime
400 - Bug 3233: Invalid URL accepted with url host is white spaces
401 - Bug 3133: Memory leak handling requests for sites that don't exist
402 - Bug 3074: Improper URL handling with empty path (RFC 3986)
403 - Bug 3013: segmentation fault on shutdown commSetCloseOnExec at comm.cc:1889
404 - Regression: snmp/udp address directives not resolving hostname
405 - Better helper-to-Squid buffer size management.
406 - Support CoAP over HTTP (coap:// and coaps:// URLs)
407 - Support for 3.2 error template codes
408
5cc53d80 409Changes to squid-3.1.19 (06 Feb 2012):
f9329b54
AJ		 410
411 - Regression Bug 3441: part 2: Prevent further cache size corruption of swap.state
412 - Bug 3473: erase last uses of obsolete auth_user_hash_pointer
413 - Bug 3470: GCC 4.7
414 - Bug 3442: assertion failed: external_acl.cc:908: ch->auth_user_request != NULL
415 - Bug 3441: part 1: Minimize cache size corruption by malformed swap.state
416 - Bug 3440: compile error in Adaptation
417 - Bug 3420: Request body consumption races and !theConsumer exception
418 - Bug 3370: external ACL sometimes skipping
419 - Bug 3085: Crash when parsing esi:include
420 - HTTP/1.1: do not add 110 and 111 Warnings to revalidated responses
421 - Fix SSL library dependency fixes
422
339383cc
AJ		 423Changes to squid-3.1.18 (03 Dec 2011):
424
425 - Regression: compile error in FTP
426
c218b24d
AJ		 427Changes to squid-3.1.17 (03 Dec 2011):
428
429 - Bug 3432: Crash logging FTP errors
430 - Bug 3428: Active FTP data channel accepted twice
431 - Bug 3423: access violation in URL parser
432 - Bug 3422: Buffer overflow in recv-announce
433 - Bug 3412: External ACL Uses Invalid Cache Entry
434 - Bug 3408: Wrong header length leads to EFAULTs when creating UFS swap.log.new
435 - Bug 3398: persistent server connection closed after PUT/DELETE
436 - Bug 3299: dnsserver: various undefined references
437 - Bug 3077: '\' in url query strings cause Digest authentication to fail
438 - Bug 2910: MemBuf may grow beyond max_capacity
439 - Bug 2619: Excessive RAM growth due to unlimited adapted body data consumption
440 - Bug 1243: Build overrides configured AR setting
441 - Avoid crashes when processing bad X509 common names (CN).
442 - Support %% in external ACL format
443 - ... and several other compile error fixes
444 - ... and several documentation fixes
445
8fe9e0a2
AJ		 446Changes to squid-3.1.16 (14 Oct 2011):
447
448 - Bug 3373: invalid URL in ERR_CACHE_ACCESS_DENIED
449 - Bug 3368: Unhandled exceptions are not logged (workaround)
450 - Bug 3326: miss_access incorrect default
451 - Bug 3320: miss_access description confusing
452 - Bug 3241: squid_kerb_auth cross compilation fix
453 - Bug 3237: seq fault in free() from rfc1035RRDestroy
454 - Bug 3190: Large HTTP POST stuck after early ICAP 400 error response
455 - db_auth: display available DSN drivers on connect error
456 - Updated OpenSSL 1.0.0 version checks
457 - ... and several documentation fixes
458
2f954743
AJ		 459Changes to squid-3.1.15 (28 Aug 2011):
460
461 - Regression fix: vhost and defaultsite causing vport to be ignored
2284b7f7 462 - Regression Bug 3295: broken escaping in rfc1738_do_escape
2f954743
AJ		 463 - Bug #3232: fails to compile with OpenSSL v1.0.0
464 - Bug #3222: cache_peer name is not logging on CONNECT
465 - Bug #3131: fd_table[fd].closing() assert from ConnStateData::noteMoreBodySpaceAvailable()
466 - Bug #3217: "!fd_table[fd].closing()" from ServerStateData::noteMoreBodySpaceAvailable
467 - Bug #3213: https sites (CONNECT) not open when using NTLM
468 - Bug #3114: Memory leak in SSL certificate verify code
469 - Bug #3107: ncsa_auth DES silently truncates passwords to 8 bytes
470 - Bug #2662: cf_gen failure when cross compiling
471 - Bug #2655: passing wrong the username to the url_rewrite_program
472 - Bug #2495: ignore whitespace prefix on config lines
473 - Bug #2051: 'default' cache_peer option does not match documentation
474 - Bug #1842: Optimize order of tests in peerWouldBePinged() and peerHTTPOkay()
475 - Bug #1791: timestampsSet does not validate Date: if server sends very old date
476 - Correct parsing of large Gopher indexes
477 - Enable negative cacheing on unknown or -1 expiry timestamp
2284b7f7 478 - Remove hierarchy_stoplist default value
2f954743
AJ		 479 - Migrate cf_gen tool from C-style to C++
480 - ... and several documentation and compiler warning fixes
481
04f5e27a
AJ		 482Changes to squid-3.1.14 (04 Jul 2011):
483
484 - Regression Bug 3261: Could not create a DNS socket and exit
485
e074e5be
AJ		 486Changes to squid-3.1.13 (01 Jul 2011):
487
488 - Regression Bug 3239: problems with myip/myport upgrade
489 - Bug 3153: hung ICAP RESPMOD transactions
490 - Update ssl_crtd to use 'OK' status inline with other helpers
491
6d44d1e9
AJ		 492Changes to squid-3.1.12.3 (18 Jun 2011):
493
494 - Bug 3236: Port of %oa, %<lp and %<lp and %<la log format options
495 - Bug 3214: unexpected read from ssl_crtd
496 - Bug 3153: Prevent ICAP RESPMOD transactions getting stuck with the adapted body
497 - Fix RADIUS helper resource leak
498 - Fix segfault parsing digest auth realm
499 - Fix segfault in parse_eol()
500 - Fixed bypass of SSL certificate validation errors
501 - Warn about myip/myport problems on interception proxies
502 - Polish: display easily grepped config lines on -k parse
503 - Fix squidclient -V option and allow non-HTTP protocols to be tested
504
65f2789a
AJ		 505Changes to squid-3.1.12.2 (30 May 2011):
506
507 - Bug 3226: Tags from external ACLs do not correctly expire
508 - Bug 3215: Malformed IPv6 DNS reverse lookup
509 - Bug 3209: ssl-bumped requests forwarded unencrypted to the parent proxies/caches
510 - Bug 3205: SSL-bump starts then hangs
511 - Bug 3178: gcc-4.6 complains unused variables
512 - Bug 3122: Unknown record type in WCCPv2 Packet (6)
513 - Bug 2965 (partial): Compile errors on MinGW
514 - Fix to only ssl-bump CONNECT requests if they are about to be tunneled
515 - Fix cache manager display of -i/+i in regex ACL config display
516 - Fix cache manager display of cache_peer options userhash and sourcehash
517 - Fix URL re-writer loosing many transaction details
518 - Fix always-true comparison in ICAP for some 32-bit platforms
519 - Support for 'slow' group ACLs in ssl_bump access control
520 - Support OpenSSL 1.0.0 built without SSLv2
521 - Support GCC 4.6 and binutils-gold
522 - Add CSS id attribute to BODY tag of generated error pages.
523 - Display WARNING and ERROR when max_filedescriptors has failed
524
065f7779
AJ		 525Changes to squid-3.1.12.1 (19 Apr 2011):
526
527 - Port from 3.2: Dynamic SSL Certificate generation
528 - Bug 3194: selinux may prevent ntlm_smb_lm_auth from using /tmp
529 - Bug 3185: 3.1.11 fails to compile on OpenBSD 4.8 and 4.9
530 - Bug 3183: Invalid URL accepted with url host part of only '@'
531 - Display ERROR in cache.log for invalid configured paths
532 - Cache Manager: send User-Agent header from cachemgr.cgi
533 - ... and many portability compile fixes for non-GCC systems.
534
7d9ce496
AJ		 535Changes to squid-3.1.12 (04 Apr 2011):
536
537 - Regression fix: Use bigger buffer for server reads.
538 - Regression fix: Add reply_header_replace directive for ability lost since 2.7
539 - Bug 3181: /dev/poll fails to build on Solaris with GCC 4.5.0
540 - Bug 3177: assertion failed: comm.cc:1583: "fd >= 0"
541 - Bug 3175: IPv6 PTR lookup crashes on raw-IP URLs when IPv6 disabled
542 - Bug 3173: Assertion bodyPipe!=NULL on SslBump CONNECT response writing failure
543 - Bug 3164: Total memory info display 32-bit overflows
544 - Bug 3155: Werror is hard-coded in libTrie build
545 - Bug 3151: squid_kerb_auth: use autoconf LIBS instead of FLAGS for library linkage
f787354b 546 - Bug 2976: invalid URL on intercepted requests during reconfigure (workaround)
7d9ce496
AJ		 547 - Bug 2720: comment in same line as cache/mem_replacement_policy causes error
548 - Bug 2621: Provide request headers to RESPMOD when using cache_peer.
549 - Bug 2330: AuthUser objects are never unlocked
550 - Prevent CONNECT request relaying to origin servers
551 - squidclient HTTP/1.1 compliance updates (Pragma and User-Agent headers)
552 - squidclient: send Cache Manager password using -w
553 - eCAP: give full Request-URI to adapters
554 - ... and several debug and error display cleanups
555
d88ad4db
AJ		 556Changes to squid-3.1.11 (08 Feb 2011):
557
558 - Bug 3149: not caching eCAP adapted body
559 - Bug 3144: redirector program blocks while reading STDIN
560 - Bug 3140: memory leak in error page generation
561 - Bug 3137: RADIUS auth helper does not send identifier to RADIUS server
562 - Bug 3115: logging segfaults if access_log is set to a directory
563 - Bug 2968: Show the Vary: headers information in cachemgr objects report
564 - Bug 2959: remove SAMBAPREFIX dependency
565 - Bug 2868: icc doesn't like string literal in assert checks
566 - HTTP/1.1: Send 307 status on deny_info redirection
567 - HTTP/1.1: Support POST/PUT with no body
568 - HTTP/1.1: Allow persistent connections for Mozilla/3.0 User-Agents
569 - Support RFC 5861 Cache-Control: stale-if-error option
570 - Add ftp_eprt directive to disable EPRT extensions in FTP
571 - Fix external_acl_type grace=0 to obey TTL
572 - Fix IP/FQDN cache accounting to avoid idle caches on busy servers
573 - Prevent pipeline_prefetch misconfigurations breaking NTLM/Negotiate auth
574 - ... and some documentation updates and corrections
575 - ... and some portability and stability fixes
576
834d2128
AJ		 577Changes to squid-3.1.10 (22 Dec 2010):
578
579 - Bug 3121: memory leak in DigestAuth: AuthUser object is locked twice
580 - Bug 3113: Consuming too much memory when uploading files
581 - Bug 3110: 'reply_body_max_size none' does not work with x-forwarded-for
582 - Bug 3096: Consuming too much memory when delaying traffic
583 - Bug 3091: Bypassed ICAP errors are not counted as service failures
584 - Bug 3090: Polish FTP login error handing
585 - Bug 3068: cache_dir capacity and usage overflows
586 - Bug 3028: Permit wbinfo_group.pl to authenticate Kerberos users with NT domain
587 - Bug 427: HTTP Compliance: Support If-Match and If-None-Match requests
588 - Fix memory leak in adaptation_access
589 - Fix /dev/poll and poll() selection priority
590 - Fix PREFIX/var/run creation during install
591 - Fix cachemgr http_port config report display
592 - Add upgrade help process for obsolete options
593 - Accept RFC 2965 Set-Cookie2 / Cookie2 headers as 'known'
594 - HTTP/1.1: entry is stale if request has max-age=0
595 - HTTP/1.1: do not forward TRACE with Max-Forwards: 0 after REQMOD
596 - Toolchain update to support newer auto-tools
597 - ... and updated error page translations
598 - ... and updated documentation
599 - ... and some code optimization/simplification polish
600
e2f4c66a
AJ		 601Changes to squid-3.1.9 (25 Oct 2010):
602
603 - Bug 3088: dnsserver is segfaulting
604 - Bug 3084: IPv6 without Host: header in request causes connection to hang
605 - Bug 3082: Typo in error message
606 - Bug 3073: tunnelStateFree memory leak of host member
607 - Bug 3058: errorSend and ICY leak MemBuf object
608 - Bug 3057: 64-bit Solaris 9 Squid unable to determine peer IP and port
609 - Bug 3056: comm.cc "!fd_table[fd].closing()" assertion crash when a helper dies
610 - Bug 3053: cache version 1 LFS support detection broken
611 - Bug 3051: integer display overflow
612 - Bug 3040: Lower-case domain entries from hosts and resolv.conf files
613 - Bug 3036: adaptation_access acls cannot see myportname
614 - Bug 3023: url_rewrite_program silently fails to rewrite on broken URLs
615 - Bug 2964: Prevent memory leaks when ICAP transactions fail
616 - Bug 2808: getRoundRobinParent not handling weights correctly
617 - Bug 2793: memory statistics sometimes display wrong
618 - Bug 2356: Port from 2.7: Solaris /dev/poll event ports support
619 - Bug 2311: crashes with ICAP RESPMOD for HTTP body size greater than 100kb
620 - Ensure /var/cache or jail equivalent exists on install
621 - HTTP/1.1: delete Warnings that have warning-date different from Date
622 - HTTP/1.1: do not remove ETag header from partial responses
623 - HTTP/1.1: make date parser stricter to better handle malformed Expires
624 - HTTP/1.1: improve age calculation
625 - HTTP/1.1: reply with a 504 error if required validation fails
626 - HTTP/1.1: add appropriate Warnings if serving a stale hit
627 - HTTP/1.1: support requests with Cache-Control: min-fresh
628 - HTTP/1.1: do not cache replies to requests with Cache-Control: no-store
629 - squidclient: Display IP(s) connected to in verbose (-v) display
630 - Fixes several issues with ICAP persistent connections
631 - Fixes small leaks in Netdb, DNS, ICAP, ICY, HTTPS
632 - ... and some cosmetic polishing
633
dee6a922
AJ		 634Changes to squid-3.1.8 (04 Sep 2010):
635
636 - Bug 3033: incorrect information regarding TOS
637 - Bug 3020: Segmentation fault: nameservers[vc->ns].vc = NULL
638 - Bug 3005,2972: Locate LTDL headers correctly (again)
639 - Bug 2872: leaking file descriptors
640 - Bug 2583: pure virtual method called
641 - Hardened DNS client against packet queue attacks
642 - Hardened HTTP request-line parser
643 - Several HTTP/1.1 support improvements
644 - Improved cross-compile support
645 - .. and several internal pointer safety fixes
646
c3fe2798 647Changes to squid-3.1.7 (23 Aug 2010):
161ec538 648
c3fe2798 649 - Regression Bug 3021: Large DNS reply causes crash
161ec538 650 - Regression Bug 3011: ICAP, HTTPS, cache_peer probe IPv4-only port fixes
c3fe2798 651 - Regression Bug 2997: visible_hostname directive no longer matches docs
161ec538
AJ		 652 - Bug 3012: deprecate sslBump and support ssl-bump spelling in http_port
653 - Bug 3006: handle IPV6_V6ONLY definition missing
654 - Bug 3004: Solaris 9 SunStudio 12 build failure
655 - Bug 3003: inconsistent concepts in documentation of cache_dir
656 - Bug 3001: dnsserver link issues
657 - HTTP/1.1: default keep-alive for 1.1 clients (bug 3016)
658 - HTTP/1.1: Improved Range header field validation
659 - HTTP/1.1: Forward multiple unknown Cache-Control directives
660 - HTTP/1.1: Stop sending Proxy-Connection header
661 - Fix 32-bit wrap in refresh_pattern min/max values
662 - ... and several documentation corrections.
663
aa844a33
AJ		 664Changes to squid-3.1.6 (02 Aug 2010):
665
666 - Bug 2994, 2995: IPv4-only regressions
667 - Bug 2991: Wrong parameters to fcntl() in commSetCloseOnExec()
668 - Bug 2975: chunked requests not supported after regular ones
669 - Fix: 32-bit overflow in reported bytes received from next hop
670 - Fix Libtool build regressions
671 - Limited split-stack IPv6 support.
672 - squid_db_auth support MD5 encrypted passwords
673
f41d79ba
AJ		 674Changes to squid-3.1.5.1 (28 Jul 2010):
675
676 - Update Libtool to 2.2.
677 - Bug 2985: search scope for digest_ldap_auth didn't work
678 - Bug 2972: LTDL 2.2.6b compile errors
679 - Bug 2963: Stop ignoring --with-valgrind-debug failures
680 - Bug 2885: AIX support: several fixes
681 - Bug 2651: crash handling NULL write callback
682 - Fixed several memory leaks related to Range requests
683 - Fixed Joomla DB auth handling
684 - Fixed SASL helper build checks
685 - Fixed several IPv6 portability problems
686 - Updated error page translations
687
88aa2b05 688Changes to squid-3.1.5 (02 Jul 2010):
0e87db68 689
88aa2b05
AJ		 690 - Bug 2967: raw-IPv6 address URL with append_domain broken
691 - Bug 2950: HTTP responses with no Date, L-M or Expires can now be cached
692 - Bug 2943: ICAP tokens not logged when using multiple access
693 - Bug 2937: Fails to detect chunked encoding if not given in all lower case
694 - Bug 2903: does not send indirect X-Client-Ip in ICAP respmod
7e6cdc23 695 - Fix free memory corruption and off-by-one error when comparing SNMP OIDs
88aa2b05
AJ		 696 - Port from 2.7: max_filedescriptor config option
697 - Fix persistent_connection_after_error is meant to be on by default
698 - ... and several build errors.
0e87db68 699
2d94c829
AJ		 700Changes to squid-3.1.4 (30 May 2010):
701
702 - Bug 2933: Verification of the max. port number for WCCP2 dynamic service
703 - Bug 2924: RADIUS helper compile issues
704 - Bug 2922: Fix assertion failed: HttpHeader.cc: "Headers[id].stat.aliveCount"
705 - Bug 2919: tcp_outgoing_address ACLs not obeying acl_uses_indirect_client
706 - Bug 2896: Fix assertion failed: comm.cc:2063: "!fd_table[fd].closing()"
707 - Bug 2879: pt2: 3.0 regression in headers end finding
708 - Bug 2877: pt2: only output zero-size warning on reverse-proxy requests
709 - Bug 2876: FD_SETSIZE override not working on all linux distributions
710 - Bug 2810: common log format generates 2 lines of syslog
711 - Bug 2789: Optimize unlimited memory pools, and correctly handle limits over 2GB
712 - Bug 2753: Fall back on IPv4 if IPv6 is not present
713 - Bug 2697: Adaptation leaks and extra requests after reconfiguration
714 - Bug 2633: Fix Ecap::HeaderRep::value(name) fails when there is no named header field
715 - Change LDAP helpers to default to LDAP version 3 if available
716 - Add Joomla and Salted Hash support to squid_db_auth helper
717 - Fixed IpAddress port printing for ports higher than 9999
718 - Disable chunked memory pooling by default.
719 - ... and several build errors.
720
6808dbda
AJ		 721Changes to squid-3.1.3 (02 May 2010):
722
7e6cdc23 723 - Remove: Advertise 1.1 on replies to clients (broken chunked handling)
6808dbda
AJ		 724 - Fix tag ACL type not working
725
ca959baa
AJ		 726Changes to squid-3.1.2 (01 May 2010):
727
728 - Bug 2913: Fix DB auth warning in new perl version
729 - Bug 2904: Prevent automake creating incomplete files
730 - Bug 2899: Regression: Restore lost rfc1738_unescape() data type
731 - Bug 2895: Regression: TPROXY2 compile errors
732 - Bug 2879: Regression: headers end-finding
733 - Bug 2874: Accept literal IPv6 address in icap_service URL
734 - Bug 2860: Regression: WCCPv1 handshake
735 - Bug 2848: Pass TCP_RST to client on early disconnect
736 - Debian Bug 578047: Correct behaviour of --enable-ipv6
7e6cdc23
AJ		 737 - HTTP/1.1: Advertise 1.1 on requests to servers
738 - HTTP/1.1: Advertise 1.1 on replies to clients
ca959baa
AJ		 739 - AIX / UNIX build fixes
740 - Cygwin build fixes
741 - squidclient: -k option to test connection keep-alive or close
742 - Improved helper build for wider compatibility
743 - Ensure the PID file directory exists on install
744
2ec34bd3
AJ		 745Changes to squid-3.1.1 (29 Mar 2010):
746
747 - Bug 2873: undefined symbol
748 - Bug 2827: assertion in authentication
749 - Remove ufsdump binary from default builds
750 - Remove pinger from default startups
751 - ... and several documentation updates.
752
e09692bd
AJ		 753Changes to squid-3.1.0.18 (14 Mar 2010):
754
755 - Regression Fix: IPv4-mapped prefix, broken in 3.1.0.16
756 - Bug 2869: Remove unused external reference
757 - Bug 2866: Support OpenSSL 1.0
758 - Bug 2813: Random unix_group crash at startup
759 - Send HTTP1.1 compliant 417 responses
760 - Associate external acl message with the request
761 - Various Digest parser fixes
762 - ... and all bug fixes from 3.0 up to 3.0.STABLE25
763
365d894c
AJ		 764Changes to squid-3.1.0.17 (24 Feb 2010):
765
766 - Regression Fix: Non-English error page UTF encoding
767 - Bug 2616: reduce IdleConnList::removeFD messages
768 - Bug 1843: multicast-siblings cache_peer option
769 - Port from 2.7: X509 certificate alias-domain handling
770 - Add adapted_http_access option
771 - NTLMv2 support for fake NTLM helper
772
011dea45
AJ		 773Changes to squid-3.1.0.16 (01 Feb 2010):
774
775 - Regression Fix: Make Squid abort on all config parse failures.
776 - Regression Bug 2811: SNMP client/peer table OID numbering
777 - Bug 2851: Connection pinning fails when using a peer
778 - Bug 2850: Mismatch in hier_code enum / hier_strings array
779 - Bug 2731: Add follow_x_forwarded_for support to ICAP
780 - Bug 2730: Regressions in follow_x_forwarded_for since Squid-2
781 - Bug 2706: Set timestamps during ICAP request satisfaction.
782 - Bug 2553: X-Forwarded-For with IPv6 address not handled correctly
783 - Fix: WCCPv1 not connecting to router correctly
784 - Remove obsolete RunCache/RunAccel scripts.
785 - Add client_ip_max_connections
786 - Add the http::>ha format code and make http::>h log original request headers
787 - ... and all bug fixes from 3.0 up to 3.0.STABLE22
788 - ... and many more minor build and display annoyances.
789
ba641958
AJ		 790Changes to squid-3.1.0.15 (23 Nov 2009):
791
792 - Regression Fix: myip ACL not accepted in config
793 - Bug 2795: acl arp lookups including port
794 - Bug 2794: ESI parsing fails on FreeBSD
795 - Bug 2778: fix linking issues using SunCC
796 - Bug 2724: eCAP build failure unless ICAP enabled
797 - Bug 2628: Correct default PID location to PREFIX/var/run/squid.pid
798 - Bug 2617: Performance degradation during processing list of dstdomain ACL's
799 - Bug 2374: Support ICY / ICEcast / SHOUTcast streaming protocol.
800 - Fix: 64-bit filesize issue in squidclient POST of large files
801 - Fix: send correct Connection: header on intercepted replies
802 - Support libtool 2.x
803 - ESI libraries libexpat and libxml2 now optional
804 - ESI support default enabled
805 - Bump libcap minimum requirement to libcap 2.09+
806 - ARP / MAC support fixes for IPv6-mode
807 - Add outstanding IPv6 settings to squid.conf (localnet, localhost)
808 - ... and many additions to the background testing structure
809 - ... and very many minor build and code cleanups for non-GCC compilers.
810
8f37469c
AJ		 811Changes to squid-3.1.0.14 (27 Sep 2009):
812
813 - Bug 2777: Various build issues on OpenSolaris
814 - Bug 2773: Segfault in RFC2069 Digest authentication
815 - Bug 2747: Compile errors on Solaris 10
816 - Bug 2735: Incomplete -fhuge-objects detection
817 - Bug 2722: Fix http_port accel combined with CONNECT
818 - Bug 2718: FTP sends EPSV2 on IPv4 connection
819 - Bug 2648: stateful helpers stuck in reserved
820 - Bug 2570: wccp2 "Here I Am" announcements not sent in memory-ony mode
821 - Bug 2510: digest_ldap_auth uses incorrect logic with TLS
822 - Bug 2483: bind() called before connect()
823 - Bug 2215: config file line length limit (extended to 2 KB)
824 - Support Accept-Language: * wildcard
825 - Support autoconf 2.64
826 - Support TPROXY for IPv6 traffic (requires kernel support)
827 - Support TPROXY cache cluster behind WCCPv2
828 - Correct ESI support to work in multi-mode Squid
829 - Add 0.0.0.0 as an to_localhost address
830 - DiskIO detection fixes and use optimal IO in default build.
831 - Correct peer connect-fail-limit default of 10
832 - Prevent squidclient sending two Accept: headers
833 - ... all bug fixes from 3.0.STABLE19
834 - ... and many more documentation fixes
835
f49a1c9e
AJ		 836Changes to squid-3.1.0.13 (04 Aug 2009):
837
838 - Bug 2723 regression: enable PURGE requests if PURGE method ACL is present.
839 - Fix one more internal profiler error
840 - Language Updates: Italian, Russian
841 - Language Updates: Add many more aliases
842 - Add Copyright document for errors/ content
843 - ... all bug fixes from 3.0.STABLE18
844 - ... and several code polishing cleanups
845
e7b1c518
AJ		 846Changes to squid-3.1.0.12 (27 Jul 2009):
847
848 - Bug 2716: Chunked request Signed/Unsigned build error
849 - Bug 2674: Remove limit on HTTP headers read.
850 - Bug 2620: Invalid HTTP response codes causes segfault
851 - Fix FTP EPSV negotiation parser.
852 - Fix Via string when leak checking is enabled (valgrind etc)
853 - ... and several documentation and testing additions
854
0b8d12da
AJ		 855Changes to squid-3.1.0.11 (19 Jul 2009):
856
857 - Bug 2087: Support adaptation sets and chains
858 - Bug 2459: dns error message broken when error handling delayed
859 - Support ICAP Retry
860 - Support ICAP retries based on the ICAP responses status code
861 - Support logging ICAP
862 - Support logging total DNS wait time
863 - Support logging response times of adaptation transactions
864 - General logging enhancements
865 - Dynamically form chains based on ICAP X-Next-Services header
866 - Support cross-transactional ICAP header exchange
867 - ... and much adaptation polish and improvements
868
ce460dc8
AJ		 869Changes to squid-3.1.0.10 (18 Jul 2009):
870
871 - Bug 2680: Regression Crash after rotate with no helpers running
872 - Bug 2695: Regression in WCCPv2 L2 mask assignment
873 - Bug 2707: Regression in FTP anonymous auth
874 - Bug 422, 2706: RFC 2616 Date header requirements
875 - Bug 1087: ESI processor not quoting attributes correctly.
876 - Bug 1338: File prefetches aborted despite range_offset
287dcde6 877 - Bug 2080: wbinfo_group.pl - false positive under certain conditions
ce460dc8 878 - Bug 2092: select loop 32-bit call counter overflows
287dcde6 879 - Bug 2127: delay pools class 4 crashes with ntlm auth
ce460dc8
AJ		 880 - Bug 2611: document fast/slow acl types
881 - Bug 2614: Potential loss of adapted body data from eCAP adapters
882 - Bug 2658: Missing TextException copy constructor
883 - Bug 2659: String length overflows on append, leading to segfaults
884 - Bug 2699: Build failure NTLM smb_lm helper
885 - Bug 2709: TRANSLATIONS not installed
886 - Bug 2710: squid_kerb_auth non-terminated string
887 - Delay pools 64-bit buckets and IPv6-polish
888 - Break forwarding loops for "transparent" or "intercept" http_ports.
889 - Add --disable-translation option to detatch .po from error negotiation
890 - Add squidclient man(1) page
891 - Add localhost to default permitted networks
892 - http_port allow-direct option to allow direct forwarding in accelerator mode
893 - ... and many testing infrastructure updates
894
5df6d596
AJ		 895Changes to squid-3.1.0.9 (26 Jun 2009):
896
897 - Bug 2682: Add ftp_epsv control to disable EPSV support.
898 - Bug 2665: Detach automake system from using -I.
899 - Bug 2395: FTP auth errors not displayed
900 - ... also several changes and bugs closed in 3.0.STABLE16
901 - Port from 2.7: Show local address on listening sockets
902 - Add "tag" type acl matching tags set by external acl helpers.
903 - Adds Language alias linker/installer/upgrade scripts
904 - Support for GCC 4.4
905 - Fix false NAT lookup errors on Linux
906 - Fix many Windows port issues
907 - Fix squid_kerb_auth helepr install location
908 - Better detection of IPv6 stack types
909 - Updates Licensing information for Squid 3.1
910 - ... and many packaging portability build and install issues
911
a7b15245
AJ		 912Changes to squid-3.1.0.8 (24 May 2009):
913
914 - Bug 2656: Pinger dies with general protection fault
915 - Bug 2650: configure requires epoll_ctl in libepoll when --enable-epoll used
916 - Bug 2648: Authentificator processes deferring and don't shutdown.
917 - Bug 2645: allow squid to ignore must-revalidate
918 - Bug 2644: auth scheme initialization is broken
919 - Bug 2632: Make number of reforwarding tries configurable
920 - Bug 2628: --with-pidfile=PATH option to override DEFAULT_PID_FILE
921 - Bug 2627: HTCP Logging
922 - Bug 2615: Call libecap::adapter::Service::start() when finalizing config.
923 - Bug 2589: SNMP returning no data - wrong oid decoded
924 - Bug 2571: Squid with IPv6 fails to start on kernel without IPv6
925 - Bug 2559: Problem parsing /0 and /0.0.0.0
926 - Bug 2404: WCCP in mask mode is broken
927 - ... also all bugs closed by 3.0.STABLE14, 3.0.STABLE15, 3.0.STABLE16-RC1
928 - Complete Interception multiple NAT support
929 - Add Content-Disposition to the known headers list.
930 - Make PEER_TCP_MAGIC_COUNT configurable
931 - Fix pinger install location
932 - Enable TPROXY v4 spoofing of CONNECT requests
933 - ... and much documentation and code polishing
934
e1e28561
AJ		 935Changes to squid-3.1.0.7 (08 Apr 2009):
936
937 - Fix: several issues with ident
938 - Add several language translations
939 - Upgrade code testing infrastructure
940 - Migrate much code to build as internal libraries
941 - Support gcc 4.4
942 - Support doxygen 1.5.8
943 - ... and much code polish to make things read easier
944
727cb127
AJ		 945Changes to squid-3.1.0.6 (01 Mar 2009):
946
e1e28561 947 - Regression Fix: Support HTTP/0.9 in accelerator mode
727cb127
AJ		 948 - Bug 2601: Hack. Convert IPv4 netmasks to CIDR in IPv6-enabled mode
949 - Bug 2593: Compile errors on Solaris 10
950 - Bug 2591: adaptation_access does not work
951 - Bug 2588: coredump in rDNS lookup
952 - Bug 2526: default ALLOW when no list specified.
953 - Bug 2287: Send a 505 on requests with unsupported HTTP versions
954 - Bug 419: Hop by Hop headers MUST NOT be forwarded
955 - Fix external_acl_type handling of SSL certificate details
956 - Obsolete: dependency on nss_common.h and nss.h
957 - Support libtool2
958 - ... and various documentation and code polish
959
f636c996
AJ		 960Changes to squid-3.1.0.5 (03 Feb 2009):
961
962 - Bug 2583: Fixed issue in content adaptation
963 - Bug 2576: Make translate target obey --disable-auto-locale
964 - Bug 2571: Add DNS failover to use IPv4-only listen when IPv6 fails.
965 - Bug 2563: 99+% CPU Usage on FTP URL
966 - Bug 2505, 2524, 2558: fixed several issues on connection handling
967 - Fix several issues in request parsing
968 - Fix memory leak from logformat parsing
969 - Fix various ESI build errors
970 - Make configure tests use C++ instead of C
971 - Drop special localhost conversion RFC violation.
972 - Add Language: Arabic
973 - ... and various documentation and code polish
974
975Changes to squid-3.1.0.4 (23 Jan 2009):
976
977 - Regression Fix: Bug 2558: rollback bug 2395 fix.
978 - Bug 2555: Fixes to SNMP-MIB
979 - Bug 2550: assertion comm.cc:350 !fd_table[fd].closing()
980 - Bug 2547,2548: OSX compile errors (duplicate symbols and IPv6)
981 - Bug 2508: comm.cc:2035 assertion fd_table[fd].closing()
982 - Bug 2330: allow keep-alive+chunked; don't add max-age for no-cache
983 - Polish ZPH configuration interface
984 - Several Language Conversions to new auto-negotiate
985 - Port from 2.7: squidclient -V and -j options for HTTP/1.1 and 0.9 testing
986 - Fix: Pconn not being used when they should.
987 - Fix: Fix pinger immediate shutdowns
988 - Fix: Untangle CacheManager reports from log_fqdn
989 - ... and all bugs fixed for 3.0.STABLE12
990 - ... and many code polish and optimization fixes.
991
992Changes to squid-3.1.0.3 (5 Dec 2008):
993
994 - Regression Fix: StoreIOBuffer patch removed.
995 - Regression Fix: build issues with 3.1.0.2 bundle
996 - Security Bug 2526: default ALLOW when no list specified
997 - Bug 2525: encoding error on error pages
998 - Bug 2424: slow file descriptor leak
999 - Bug 2527: ICAP compile error on g++ 4.3.2
1000 - Bug 2523: bad assertion left in from debug
1001 - Bug 2395: FTP Auth errors and others not displayed
1002 - Update squid_kerb_auth to 1.0.5
1003 with better Squid integration.
1004 - Fix cache_peer forcedomainname= option
1005 - ... and many other minor fixes
1006
5e80e4ee
AJ		 1007Changes to squid-3.1.0.2 (9 Nov 2008):
1008
1009 - Bug 2516: error page templates not properly installed
1010 - Bug 2500: Solaris build issues
1011 - Fixes FreeBSD build issues
1012 - Release Notes completed
1013 - Languages: new Russian, Japanese, Chinese, and general updates
1014 - ... and other minor fixes
70c5dfb2 1015
af4cd9a0
AJ		 1016Changes to squid-3.1.0.1 (27 Oct 2008):
1017
1018 - Bundled ntlm_auth helper renamed (see Release Notes before changing anything)
7a6e2ecc
AJ		 1019 - peername ACL added for matching against a named peer destination
1020 - configure option --with-logdir= added to select log files location
1021 - squid_kerb_auth helper updated to 1.0.3 release
1022 - Bug #740: allow external acl's to use reply headers in format
1023 - Bug #2379: obsolete dns_testnames option
1024 - Code test infrastructure expanded to configuration testing
1025 - Policy changes to negative_ttl, cache deny QUERY, refresh_pattern
af4cd9a0 1026 to bring their defaults up to RFC 2616 requirements.
7a6e2ecc
AJ		 1027 - Large increase in RFC 2616 standard compliance (ongoing)
1028 - squid.conf cleanups for minimal config
1029 - Connection Pinning ported from 2.6 for NTLM passthru authentication
1030 - eCAP internal adaptation module support
af4cd9a0 1031 - Localization and CSS display control of error pages
7a6e2ecc
AJ		 1032 - Added semi-automatic documentation of source code
1033 - Added TE chunked encoding decoder to workaround broken HTTP/1.1 servers
1034 - HTCP improvements ported from 2.7 adding HTCP CLR requests
70c5dfb2 1035 - IPv6 (Internet Protocol version 6) support
1036 - ICMPv6 (Internet Control Message Protocol version 6) support
f1233d8c 1037 - FTP agent now supports EPSV/EPRT commands
70c5dfb2 1038 - DNS internal resolver now supports AAAA and CNAME records
1039 - SNMP peer and client tables now support IPv6
1040 - SNMP peer table supports named peers with multiple entries per IP
4aa8e49c 1041 - SslBump: Squid-in-the-middle decryption and encryption of straight
1042 CONNECT and transparently redirected SSL traffic, using configurable
1043 client- and server-side certificates. While decrypted, the traffic
7a6e2ecc 1044 can be inspected using ICAP.
af4cd9a0 1045 - TPROXY version 4.1 support
a13b3732 1046 - IPFW and Netfilter interception methods may now both be built in one binary.
f1233d8c
AJ		 1047 - ZPH Quality of Service patch now integrated
1048 - Null store now fully obsoleted and removed
1049 - Unknown request methods all supported
1050 - Follow_x_forwarder_for ported from 2.6
7a6e2ecc 1051 - Bug #2223: Follow XFF extensions added
af4cd9a0 1052 - ... and many code and documentation cleanups
7a6e2ecc 1053
2f954743
AJ		 1054Changes to squid-3.0.STABLE26 (28 Aug 2011):
1055
1056 - Regression: header_replace for reply headers
1057 - Bug 3183: Invalid URL accepted with url host part of only '@'.
1058 - Bug 3107: ncsa_auth DES silently truncates passwords to 8 bytes
1059 - Bug 3056: comm.cc "!fd_table[fd].closing()" assertion from helperServerFree
1060 - Bug 2991: Wrong parameters to fcntl() in commSetCloseOnExec()
1061 - Bug 2933: Verification of the max. port number for WCCP2 dynamic service
1062 - Bug 2922: Fix assertion failed: HttpHeader.cc: "Headers[id].stat.aliveCount"
1063 - Regression Bug 2899: Restore lost rfc1738_unescape() data type
1064 - Regression Bug 2879: headers end finding
1065 - Bug 2876: FD_SETSIZE override not working on all linux distributions
1066 - Check for NULL and empty strings before calling str*cmp().
1067 - Correct parsing of large Gopher indexes
1068
1a10a7e5
AJ		 1069Changes to squid-3.0.STABLE25 (14 Mar 2010):
1070
1071 - Bug 2845: Rework the http digest auth parser
1072 - Bug 2787: unknown/unexpected status code messages
1073 - Bug 2507: squid_ldap_group: Strip Domain name separated by +
1074 - Bug 2367: stale=true on digest requests with unknown nonce
1075 - ... and several other minor corrections
1076
6add0585
AJ		 1077Changes to squid-3.0.STABLE24 (13 Feb 2010):
1078
1079 - Bug 2858: Segment violation in HTCP
1080 - Updated refresh pattern for dynamic pages
1081
bcd1f03d
AJ		 1082Changes to squid-3.0.STABLE23 (02 Feb 2010):
1083
1084 - Bug 2856: removing assert() required for 3.0 patch for SQUID-2010:1
1085 - Regression Fix: Build error in Kerberos helper after library removal.
1086
61544616
AJ		 1087Changes to squid-3.0.STABLE22 (01 Feb 2010):
1088
1089 - Regression Fix: Make Squid abort on all config parse failures.
1090 - Bug 2787: Reduce unexpected http status to non-critical warnings.
1091 - Bug 2496: Downloading some variants in full before relaying
1092 - Bug 2452: Add upper limit to external_acl_type entries.
1093 - Removed optional kerberos/spnegohelp/ library due to licensing issues
1094 - Add client_ip_max_connections
1095 - Handle DNS header-only packets as invalid.
1096
06d0f369
AJ		 1097Changes to squid-3.0.STABLE21 (22 Dec 2009):
1098
1099 - Bug 2830: Clarify where NULL byte is in headers.
1100 - Bug 2778: Linking issues using SunCC
1101 - Bug 2395: FTP errors not displayed
1102 - Bug 2155: Assertion failures on malformed Content-Range response headers
1103 - Fix parsing and a few bugs in ACL time type
1104 - Fix RFC keep-alive compliance on intercepted replies
1105 - Improved security hardening on %nn parser
1106 - Replace several GCC-specific code snippets.
1107
91228e4e
AJ		 1108Changes to squid-3.0.STABLE20 (29 Oct 2009):
1109
1110 - Bug 2794: ESI parsing on FreeBSD
1111 - Bug 2791: assertion failed: MemBuf.cc:400: new_cap > (size_t) capacity
1112 - Bug 2779: Support GNU/kFreeBSD
1113 - Bug 2773: Segfault in RFC2069 Digest authantication
1114 - Bug 2768: squid_ldap_group argument parsing error
1115 - Bug 2761: Gopher and double HTTP response header
1116 - Bug 2735: Incomplete -fhuge-objects detection
1117 - Bug 2722: prevent CONNECT via http_port with accel
1118 - Bug 2624: Invalid response for IMS request
1119 - Bug 2510: digest_ldap_auth TLS support
1120 - Correct LINUX_CAPABILITY actions on non-Linux
1121
98df01e3
AJ		 1122Changes to squid-3.0.STABLE19 (06 Sep 2009):
1123
1124 - Bug 2745: Invalid Response error on small reads
1125 - Bug 2739: DNS resolver option ndots can't be parsed from resolv.conf
1126 - Bug 2734: some compile errors on Solaris
1127 - Bug 2648: stateful helpers stuck in reserved if client disconnects while helper busy
1128 - Bug 2541: Hang in 100% CPU loop while extacting header details using a delimiter other than comma
1129 - Bug 2362: Remove support for deferred state in stateful helpers
1130 - Add 0.0.0.0 as a to_localhost address
1131 - Docs: Improve chroot directive documentation slightly
1132 - Fixup libxml2 include magics, was failing when a configure cache was used
1133 - ... and some minor testing improvements.
1134
b7a1ea6b
AJ		 1135Changes to squid-3.0.STABLE18 (04 Aug 2009):
1136
1137 - Bug 2728: regression: assertion failed: !eof
1138 - Bug 2732: reply_body_max_size smaller than error page loops
1139 infinitely until out of memory
1140 - Bug 2725: pconn failure if domain or client_address are unset
1141 - Bug 2648: reserved helpers not shut down after reconfigure/rotate
1142 - Bug 2462: make check should tell when cppunit is missing
1143 - Remove excess messages about headers < minimum size
1144 - Support Libtool 2.2.6
1145
e7b1c518 1146Changes to squid-3.0.STABLE17 (27 Jul 2009):
68c19036
AJ		 1147
1148 - Bug 2680 regression: Crash after rotate with no helpers running
1149 - Bug 2710: squid_kerb_auth non-terminated string
1150 - Bug 2679: strsep and strtoll detection failure
1151 - Bug 2674: Remove limit on HTTP headers read.
1152 - Bug 2659: String length overflows on append, leading to segfaults
1153 - Bug 2620: Invalid HTTP response codes causes segfault
1154 - Bug 2080: wbinfo_group.pl - false positive under certain conditions
1155 - Bug 1087: ESI processor not quoting attributes correctly.
1156 - Fix: issue with AUFS/UFS/DiskD writing objects to disk cache
1157 - Several small build issues with previous release.
1158
950b7d55
AJ		 1159Changes to squid-3.0.STABLE16 (15 Jun 2009):
1160
1161 - Bug 2672: cacheMemMaxSize 32-bit overflow during snmpwalk
1162 - Bug 2481: Don't set expires: now in generated error responses
1163 - Bug 2387: The calculation of the number of hash buckets correctly
1164 - Fix infinite loop in MSNT auth helper
1165 - Fix FD_SETSIZE on FreeBSD
1166 - Fix stripping NT domain in squid_ldap_group
1167 - Fix RADIUS auth helper build
1168 - Add Translate: and Unless-Modified-Since: headers to known list
1169 - Make fakeauth handle NTLMv2 better
1170 - Better Kerberos support detection
1171 - Several Widows port fixes
1172
6e4fa9b4
AJ		 1173Changes to squid-3.0.STABLE16-RC1 (16 May 2009):
1174
950b7d55 1175 - Bug 1148: Ported from 3.1: Chunked Transfer Encoding
6e4fa9b4
AJ		 1176 - Bug 2648: NTLM helpers not shutting down when deferred
1177
79200081
AJ		 1178Changes to squid-3.0.STABLE15 (06 May 2009):
1179
1180 - Regression Bug 2635: Incorrect Max-Forwards header type
1181 - Bug 2652: 'Success' error on CONNECT requests
1182 - Bug 2625: IDENT receiving errors
1183 - Bug 2610: ipfilter support detection
1184 - Bug 2578: FTP download resume failure
1185 - Bug 2536: %H on HTTPS error pages
1186 - Bug 2491: assertion "age >= 0"
1187 - Bug 2276: too many NTLM helpers running
1188 - Endian system and compiler fixes provided by the NetBSD project
1189 - documentation fixes provided by the Debian project
1190
6c2e5932
AJ		 1191Changes to squid-3.0.STABLE14 (11 Apr 2009):
1192
1193 - Regression Fix: HTTP/0.9 in accelerator mode
1194 - Bug 1232: cache_dir parameter limited to only 63 entries
1195 - Bug 1868: support HTTP 207 status
1196 - Bug 2518: assertion failure on restart/reconfigure
1197 - Bug 2588: coredump in rDNS lookup
1198 - Bug 2595: Out of bounds memory write in squid_kerb_auth
1199 - Bug 2599: Idempotent start
1200 - Bug 2605: Prevent setsid() on helpers in daemon mode
1201 - Fix external_acl_type option parsing
1202 - Fix delay pools counters on FTP
1203 - Fix several issues with ident (some remain)
1204 - Fix performance issues with persistent connections
1205 - Fix performance issues with delay pools
1206 - Fix forwarding of OPTIONS requests
1207 - Add support for HTTP 1.1 Content-Disposition header
1208 - Add support for Windows 7, Windows Server 2008 R2 and later
1209 - ... and many small documentation updates
1210
f636c996
AJ		 1211Changes to squid-3.0.STABLE13 (03 Feb 2009):
1212
1213 - Fix several issues in request parsing
1214 - Fix memory leak from logformat parsing
1215 - Fix various ESI build errors
1216 - ... and some documentation updates
1217
1218Changes to squid-3.0.STABLE12 (21 Jan 2009):
1219
1220 - Bug 2533: Solaris (sparc) 64-bit build breaks with gcc/g++
1221 - Bug 2542: ICAP filters break download resume
1222 - Bug 2556: HTCP fails without icp_port
1223 - Bug 2564: logformat '%tl' field not working as advertised
1224 - Port from 3.1: TestBed basic build consistency checks
1225 - Policy: Change half_closed_clients default to off
1226 - Policy: Removed -V command line option, deprecated by 2.6
1227 - ... and several other minor code cleanups
1228
1229Changes to squid-3.0.STABLE11 (24 Dec 2008):
1230
1231 - Bug 2424: filedescriptors being left unnecessary opened
1232 - Bug 2545: fault passing ICAP filtered traffic to peers
1233 - Bug 2227: Sefgaults in MemBuf::reset during idnsSendQuery
1234 - ... and some minor admin and debug cleanups.
1235
1236Changes to squid-3.0.STABLE11-RC1 (3 Dec 2008):
1237
1238 - Removes patch causing cache of bad objects
1239 - Bug 2526: bad security default in ACLChecklist
1240 - Fixes regression: access.log request size tag
1241 - Fixes cache_peer forceddomainname=X option
1242 - ... and many minor documentation cleanups
1243
7a6e2ecc
AJ		 1244Changes to squid-3.0.STABLE10 (14 Oct 2008):
1245
1246 - Bug 2391: Regression: bad assert in forwarding
1247 - Bug 2447: Segfault on failed TCP DNS query
1248 - Bug 2393: DNS requests getting stuck in idns queue
1249 - Bug 2433: FTP PUT gives bad gateway
1250 - Bug 2465: Limited DragonflyBSD support
1251 - ... and other minor bugs and documentation
1252
1253Changes to squid-3.0.STABLE9 (9 Sep 2008):
1254
1255 - Policy Enforcement: COSS is unusable in 3.0
1256 - Port from 3.1: Language Pack compatibility
1257 - Port from 2.6: Windows Support Notes
1258 - Fix several minor regressions:
1259 HTCP stats reporting
1260 cachemgr delay pool config
1261 CARP build error
1262 - Bug 2340: uudecode dependency for icons removed
1263 - Bug 2352: no_check.pl ntlm challenge fix
1264 - Bug 2426: buffer increase for kerberos auth fields
1265 - Bug 2427: squid_ldap_group codes fix
1266 - Bug 2437: peer name now shown in access.log
1267 - Add sane display of unsupported method errors
1268 - ... and various other code cleanups
1269
1270Changes to squid-3.0.STABLE8 (18 Jul 2008):
1271
1272 - Port from 2.6: Support for cachemgr sub-actions
1273 - Port from 2.6: userhash peer selection method
1274 - Port from 2.6: sourcehash peer selection method
1275 - Bug 2376: round-robin balancing fixes
1276 - Bug 2388: acl documentation cleanup
1277 - Bug 2365: cachemgr.cgi HTML output encoding
1278 - Bug 2301: Regression: Log format size options
1279 - Bug 2396: Correct the opening of PF device file.
1280 - Bug 2400: ICAP accept mechanism
1281 - Bug 2411: Regression: fakeauth_auth crashes
1282 - Many fixes to the Windows support (not complete yet).
1283 - Boost error pages HTML standards.
1284 - Fixes several issues on 64-bit systems
1285 - Fixes several issues on older or stricter compilers
1286 - Linux-2.6.24/2.6.25 netfilter_ipv4.h __u32 workaround
1287 - Update Release Notes: 'all' ACL is built-in since 3.0.STABLE1
1288
1289Changes to squid-3.0.STABLE7 (22 Jun 2008):
1290
1291 - Fix several ASN issues
1292 - Fix SNMP reporting of counters
1293 - Fix round-robin algorithms
1294 - GCC 4.3 support
1295 - Netfilter v1.4.0 bug workaround
1296 - Bugs 2350 and 2323: memory issues
1297 - Bugs 2384, 951, 1566: ESI assertions
1298 - Various minor debug and documentation cleanups
f1233d8c
AJ		 1299
1300Changes to squid-3.0.STABLE6 (20 May 2008):
1301
1302 - Bug 2254: umask Feature from 2.6 added
1303 - cachemgr.cgi default config file added
1304 - Several authentication bug fixes
1305 - Improved Windows Support
1306 - better DNS lookup methods for unqualified hostames
1307 - better support for 64-bit environments
1308 - Bug 2332: Crash when tunnelling
1309 - Removed the advertisement clause from BSD licenses
1310 according to the GPLv2+ changes in BSD
1311 - ... and other bugs and minor cleanups
1312
1313Changes to squid-3.0.STABLE5 (28 Apr 2008):
1314
1315 - Support for resolv.conf 'domain' option
1316 - Improved URI support, including
1317 longer URI up to 8192 bytes accepted
1318 better handling of intercepted URI
1319 better port for non-FQDN URI lookups
1320 - Improved logging, including
1321 Bug 3210 fixed: incorrect timestamp format in earlier 3.0 releases.
1322 Fixed 'log_ip_on_direct' option behaviour
1323 - Support for profiling on x86 64-bit systems
1324 - .. and other bugs and minor code cleanups.
1325
1326Changes to squid-3.0.STABLE4 (2 Apr 2008):
1327
1328 - Bug 2288: compile error slipped into STABLE3.
1329
1330Changes to squid-3.0.STABLE3 (31 Mar 2008):
1331
1332 - Improved HTTP 1.1 support.
1333 - Improved MacOSX (Leopard) support
1334 - Bug 2206: Proxy-Authentication regression in STABLE2.
1335 - Strip Domain from NTLM usernames for use in class 4 Delay Pools
1336 - ... and other bugs and minor code cleanup
1337
1338Changes to squid-3.0.STABLE2 (1 Mar 2008):
1339
1340 - Add myportname ACL for matching the accepting port name (see release notes)
1341 - Add include directive for squid.conf (see release notes)
1342 - Add ability to strip kerberos realm from usernames during Auth
1343 - License cleanup to comply with GPLv2 or later
1344 - Updated Error Pages and Translations
1345 - Updated configuration examples
1346 - Updated valgrind support for valgrind-3.3.0
1347 - Improved support for Windows and MacOS X Leopard
1348 - Improved support for files larger than 2GB
1349 - Improved support for CARP arrays and WCCPv2
1350 - Improved cachmgr, SNMP, and log reporting
1351 - ... and as usual Many bug fixes since STABLE 1
70c5dfb2 1352
284237d4 1353Changes to squid-3.0.STABLE1 (13 Dec 2007):
3ff01c3e 1354
1355 - Major rewrite translating the code to C++, originally based on
1356 Squid-2.5.STABLE1
1357 - Internal client streams concept for content adaptation
1358 - ICAP (Internet Content Adaptation Protocol) client support
1359 - ESI (Edge Side Includes) support added
284237d4 1360 - Improved support for files larger than 2GB.
3ff01c3e 1361 - And a lot more. Most features from Squid-2.6 is supported, but not
1362 all. See the release notes for details.
1363
9ae33c59
AJ		 1364
1365Squid-2 ChangeLog of versions fully ported to Squid-3 follows.
1366
1367Changes to squid-2.6.STABLE22 (19 October 2008)
1368
1369 - Bug #2396: Correct the opening of the PF device file.
1370 - Make --with-large-files and --with-build-envirnment=default play
1371 nice together
1372 - Workaround for Linux-2.6.24 & 2.6.25 netfiler_ipv4.h include header
1373 __u32 problem
1374 - Make dns_nameserver work when using --disable-internal-dns on glibc
1375 based systems
1376 - Bug #2426: Increase negotiate auth token buffer size
1377 - Bug #2427: squid_ldap_group -h reports the old % codes for -f
1378 - Bug #2477: swap.state permission issues if crashing during "squid -k
1379 reconfigure"
1380 - Windows port: Fix build error using latest MinGW runtime.
1381
1382
1383
3ff01c3e 1384Older ChangeLog follows. The sections relating to Squid-2.6 is not entirely
1385authorative for this release and mirrored here for reference only.
f1233d8c 1386
467c94d1 1387 - CARP now plays well with the other peering algorithms,
1388 and support for CARP peerings is compiled by default. Can be
1389 disabled by --disable-carp
1741cbad 1390 - Configuration file can be read from an external program
1391 or preprocessor. See squid.8 man page.
52f772de 1392 - http_port is now optional, allowing for SSL only operation
4ca261f2 1393 - Satellite and other high latency peering relations enhancements
1394 (Robert Cohren)
a9245686 1395 - Nuked num32 types, and made type detection more robust by the
1396 use of typedefs rather than #defines.
b5fb34f1 1397 - the mailto links on Squid's ERR pages now contain data about the
1398 occurred error by default, so that the email will contain this data in
1399 its body. This feature can be disabled via the email_err_data directive.
9ae33c59 1400 (Clemens L?ser)
c8f4eac4 1401 - COSS now uses a file called stripe and the path in squid.conf is the
1402 directory this is placed in. Additionally squid -z will create the
1403 COSS swapfile.
14f5b6c3 1404 - WCCPv2 support, including mask assignment support
5401aa8d 1405 - HTCP support for access control and the CRL operation for
1406 purgeing of cache content
14f5b6c3 1407 - ICAP related fixes
1408 - Windows-related fixes, including Vista and Longhorn identification
1409 - Client-side parsing and some string use optimisations
1410 - Lots of off-by-one and memory leaks in corner cases have been fixed
1411 thanks to valgrind
1412 - Improved high-resolution profiling
1413 - Windows overlapped-IO and thread support added to the Async IO disk code
1414 - Improvements for handling large DNS replies
a7c8cce0 1415
3ff01c3e 1416Changes to squid-2.6.STABLE15 (31 Aug 2007)
1417
1418 - The select() I/O loop got broken by the /dev/poll addition
1419 (2.6.STABLE14)
1420 - Bug #2017: Fails to work around broken servers sending just the HTTP
1421 headers
1422 - Bug #2023: Compile error with old GCC 2.x or other ANSI-C compilers
1423 before C99
1424 - squid.conf.default updated and reorganised in more sensible groups
1425 - correct and document the syslog access_log format
1426 - Armenian error pages translation
1427 - digest_ldap_helper usage help updated
1428 - Bug #1560: ftpSendPasv: getsockname(-1,..): (9) Bad file descriptor
1429 - Improve delay pools in low traffic environment by checking timeouts
1430 at a steady 1 second interval even when there is not much activity
1431 - Don't request authentication on transparently intercepted
1432 connections
1433 - Cleanup linux capabilities for tproxy
1434 - Bug #2003: 'via' config directive doesn't affect response headers
1435 - Bug #1902: Adds Numeric Hit and invalid request counters to IP Cache
1436 - Add missing $|=1 to squid_db_auth
1437 - Bug #2050: Persistent connection dropped if cache has no
1438 Content-Length
1439 - Verify the URL on memory cache hits
1440 - Bug #2057: NTLM stop work in messengers after upgrade to 2.6.STABLE14
1441 - Bug #1972: Squid sets peers to down state when they are in fact
1442 working.
1443 - potential segmentation fault in storeLocateVary()
1444 - Bug #2066: chdir after chroot
1445 - Windows port: Fix compiler warnings when building Squid as
1446 application (not Windows service mode)
1447 - Spelling correction of received
1448
1449Changes to squid-2.6.STABLE14 (15 Jul 2007)
1450
1451 - squid.conf.default cleanup to have options in their proper sections.
1452 - documentation correction in the refresh_pattern ignore-auth option
1453 - URI-escaping not uses the recommended upper-case hex codes
1454 - refresh_pattern min-age 0 correted to really mean 0, and not 1 second
1455 - Always use xisxxxx() Squid defined macros instead of ctype
1456 functions.
1457 - Kerberos SPNEGO/Negotiate helper for the negotiate scheme
1458 - Database basic auth helper using Perl DBI to connect to most SQL DBs
1459 - Solaris /dev/poll network I/O support
1460 - configure fixes to make cross compilation somewhat easier
1461 - Removed incorrect -a reference from http_port documentation
1462 - Bug #1900: Double "squid -k shutdown" makes Squid restart again
1463 - Bug #1968: Squid hangs occasionally when using DNS search paths
1464 - Novell eDirectory digest auth helper (digest_edir_auth)
1465 - Bug #1130: min-size option for cache_dir
1466 - POP3 basic auth helper querying a POP3 server
1467 - Cosmetic squid_ldap_auth fixes from Squid-3
1468 - Bug #1085: Add no-wrap to cache manager HTML tables
1469 - Automatically restart if number of available filedescriptors becomes
1470 alarmingly low, preventing a situation where Squid would otherwise
1471 permanently stop processing requests.
1472 - Bug #2010: snmp_core.cc:828: warning: array subscript is above
1473 array bounds
1474 - Deal better with forwarding loops
1475
1476Changes to squid-2.6.STABLE13 (11 May 2007)
1477
1478 - Make sure reply headers gets sent even if there is no body available
1479 yet, fixing RealMedia streaming over HTTP issues.
1480 - Undo an accidental name change of storeUnregisterAbort.
1481 - Kill an ancient malplaced storeUnregisterAbort call from ftp.c
1482 - Bug #1814: SSL memory leak on persistent SSL connections
1483 - Don't log ECONNREFUSED/ECONNABORTED accept failures in cache.log
1484 - Cosmetic fix: added missing newline in WCCPv2 configuration dump.
1485 - Ukrainan error messages
1486 - Convert various error pages from DOS to UNIX text format
1487 - Bug #1820: COSS assertion failure t->length == MD5_DIGEST_CHARS
1488 - Clarify the max-conn=n cache_peer option syntax slightly
1489 - Bug #1892: COSS segfault on shutdown
1490 - Windows port: fix undefined ECONNABORTED
1491 - Make refreshIsCachable handle ETag as a cache validator, not
1492 only last-modified
1493 - in_port_t is not portable, use unsigned short instead
1494 - Fix fs / auth / snmp dependencies
1495 - Portability: statfs() may reqire #include <sys/statfs.h>
1496
1497Changes to squid-2.6.STABLE12 (20 Mar 2007)
1498
1499 - Assertion error on TRACE
1500
1501Changes to squid-2.6.STABLE11 (17 Mar 2007)
1502
1503 - Bug #1915: assertion failed: client_side.c:4055: "buf != NULL ||
1504 !conn->body.request"
1505 - Handle garbage helper responses better in concurrent protocol format
1506 - Fix kqueue when overflowing the changes queue
1507 - Make sure the child worker process commits suicide if it could
1508 not start up
1509 - Don't log short responses at debug level 1
1510 - Fix bswap16 & bwsap32 error on NetBSD
1511 - Fix collapsed_forwarding for non-GET requests
1512
1513Changes to squid-2.6.STABLE10 (4 Mar 2007)
1514
1515 - Upgrade HTTP/0.9 responses to our HTTP version (HTTP/1.0)
1516 - various diskd bugfixes
1517 - In the access.log hierarchy field log the unique peer name
1518 instead of the host name
1519 - unlinkdClose() should be called after (not before) storeDirSync()
1520 - CLEAN_BUF_SZ was defined, but never used anywhere
1521 - logging HTTP-request size
1522 - Fix icmp pinger communication on FreeBSD and other not supporing
1523 large dgram AF_UNIX sockets
1524 - Release objects on swapin failure
1525 - Bug #1787: Objects stuck in cache if origin server clock in future
1526 - Bug #1420: 302 responses with an Expires header is always cached
1527 - Primitive support for HTTP/1.1 chunked encoding, working around
1528 broken servers
1529 - Clean up relations between TCP probing and DNS checks of peers with
1530 no known addresses.
1531 - Fix a minor HTML coding error in ftp directory listings with // in
1532 the path
1533 - Bug #1875, #1420. Cleanup of refresh logics when dealing with
1534 non-refreshable content
1535 - Gopher cleanups and bugfixes
1536 - Negotiate authentication fixed again. Broken since STABLE7 by the
1537 patch for Bug #1792.
1538 - Bug #1892: COSS tries to shut down the same directory twice on exit
1539 - Bug #1908: store*DirRebuildFromSwapLog() ignores some SWAP_LOG_DEL
1540 entries
1541 - Added support for Subversion HTTP request methods MKACTIVITY,
1542 CHECKOUT and MERGE.
1543
1544Changes to squid-2.6.STABLE9 (24 Jan 2007)
1545
1546 - Bug #1878: If-Modified-Since broken in 2.6.STABLE8
1547 - Bug #1877 diskd bug in storeDiskdIOCallback()
1548
1549Changes to squid-2.6.STABLE8 (21 Jan 2007)
1550
1551 - Bug #1873: authenticateNTLMFixErrorHeader: state 4.
1552 - Document the https_port vhost option, useful in combination with
1553 a wildcard certificate
1554 - Document the existence of connection pinning / forwarding of NTLM
1555 auth and a few other features overlooked in the release notes.
1556 - Spelling correction of the ssl cache_peer option
1557 - Add back the optional "accel" http_port option. Makes accelerator
1558 mode configurations easier to read.
1559 - Bug #1872: Date parsing error causing objects to get unexpectedly
1560 cached.
1561 - Cleanup to have the access.log tags autogenerated from enums.h
1562 - Bug #1783: STALE: Entry's timestamp greater than check time. Clock
1563 going backwards?
1564 - Don't update object timestamps on a failed revalidation.
1565 - Fix how ftp://user@host URLs is rendered when Squid is built with
1566 leak checking enabled
1567
1568Changes to squid-2.6.STABLE7 (13 Jan 2007)
1569
1570 - Windows port: Fix intermittent build error using Visual Studio
1571 - Add missing tproxy info from the dump of http port configuration
1572 - Bug #1853: Support for ARP ACL on NetBSD
1573 - clientNatLookup(): fix wrong function name in debug messages
1574 - Convert ncsa_auth man page from DOS to Unix text format.
1575 - Bug #1858: digest_ldap_auth had some remains of old hash format
1576 - Correct the select_loops counter when using select(). Was counted twice
1577 - Clarify the http_port vhost option a bit
1578 - Fix cache-control: max-stale without value or bad value
1579 - Bug #1857: Segmentation fault on certain types of ftp:// requests
1580 - Bug #1848: external_acl crashes with an infinite loop under high load
1581 - Bug #1792: max_user_ip not working with NTLM authentication
1582 - Bug #1865: deny_info redirection with authentication related acls
1583 - Small example on how to use the squid_session helper
1584 - Bug #1863: cache_peer monitorurl, monitorsize and monitorinterval not working properly
1585 - Clarify the transparent http_port option a bit more
1586 - Bug #1828: squid.conf docutemtation error for proxy_auth digest
1587 - Bug #1867: squid.pid isn't removed on shutdown
1588
1589Changes to squid-2.6.STABLE6 (12 Dec 2006)
1590
1591 - Bug #1817: Assertion failure assert(buflen >= copy_sz) in htcp.c htcpBuildAuth()
1592 - Add client source port logformat tag >p
1593 - Cleanup of transparent & accelerator mode request parsing to untangle the firewall dependencies a bit
1594 - Bug #1799: Harmless 1 byte buffer overflow on long host names in /etc/hosts
1595 - automake no longer recommends mkinstalldirs. Removed.
1596 - Only use crypt() if it's available, allowing ncsa_auth to be built
1597 on platofms without crypt() support.
1598 - Windows port documentation updates
1599 - Bug #1818: Assertion failure assert(e->swap_dirn >= 0) in fs/coss/store_dir_coss.c storeCoss_DeleteStoreEntry
1600 - Bug #1117: assertion failed: aufs/store_dir_aufs.c:642: "rb->flags.need_to_validate"
1601 - Remove extra newline in redirect message sent by deny_info http://... aclname
1602 - Bug #1805: assertion failed: StatHist.c:195: "D[i] >= 0"
1603 - Clarify the external_acl_type helper format specification and some defaults
1604 - Add support for the weight= parameter to round-robin peers
1605 - Bug #1832: Error building squid-2.6.STABLE5 using --enable-truncate
1606 - Convert snmpDebugOid to use a temporary String object instead of strcat
1607 - Document that proxy_auth also accepts -i for case-insensitive operation
1608 - Remove malloc/free of temporary buffer in time parsing routines.
1609 - Reduce memory allocator pressure by not continually allocating client-side read buffers
1610 - Accept large dates >2^31 on 64-bit platformst. Seen for example in the Google logo.
1611 - Convert the connStateData->chr single link list to a normal dlink_list for clarity.
1612 - Bug #1584: Unable to register with multiple WCCP2 routers
1613 - Fix the WCCPv2 mask assignment code to not crash as the value assignments are built.
1614 - Bug #439: Multicast ICP peering is unstable and considers most peers dead
1615 - Bug #1801: NTLM authentication ends up in a loop if the server responds with a retriable error
1616 - Bug #1839: Cosmetic debug message cleanup in peerHandleHtcpReply.
1617 - Bug #1840: Disable digest and netdb queries to multicast peers
1618 - Bug #1641: assertion failed: stmem.c:149: "size > 0" while processing certain Vary objects
1619 - Fix build errors when using latest MinGW Windows environment
1620
1621Changes to squid-2.6.STABLE5 (3 Now 2006)
1622
1623 - Bug #1776: 2.6.STABLE4 aufs fails to compile if coss isn't enabled
1624 - COSS improvements and cleanups
1625 - SNMP linking issue resolved, enabling SNMP support to be build in all platforms
1626 - Bug #1784: access_log syslog results in blanks syslog lines between every entry
1627 - Bug #1719: Incorrect error message on invalid cache_peer specifications
1628 - Bug #1785: Memory leak in handling of negatively cached objects
1629 - Bug #1780: Incorrect Vary processing in combination with collapsed_forwarding
1630 - Bug #1782: Memory leak in ncsa_auth on password changes
1631 - Suppress some annoying coss startup messages raising the debug level to 2.
1632 - Clarify the external_acl_helper concurrency= change.
1633 - aioDone() could be called twice from aufs and from coss (when using AIOPS) during shutdown.
1634 - Bug #1794: Accept 00:00-24:00 as a valid time specification even if redundand and the same as 00:00-23:59
1635 - Bug #1795: Theoretical memory leak in storeSetPublicKey
1636 - Removing port 563 from the default SSL_ports and Safe_ports ACLs
1637 - Bug #1724: Automatically enable Linux Netfilter support with --enable-linux-tproxy.
1638 - Bug #1800: squid -k reconfigure crash when using req/rep_header acls
1639 - Clarify the select/poll/kqueue/epoll configure --enable/disable options
1640 - Bug #1779: Delay pools fairness when multiple connections compete for bandwidth
1641 - Bug #1802: Crash on exit in certain conditions where cache.log is not writeable
1642 - Bug #1796: Assertion error HttpHeader.c:914: "str"
1643 - Bug #1790: Crash on wccp2 + mask assignement + standard wccp service
1644 - Silence harmless gcc compile warning.
1645 - Clean up poll memory on shutdown
1646 - Ported select, poll and win32 to new comm event framework
1647 - Windows port: Correctly identify Windows Vista and Windows Server Longhorn
1648 - Added a basic comm_select_simple comm loop only requiring minimal POSIX compliance.
1649 - Safeguard from kb_t counter overflows on 32-bit platforms
1650
1651Changes to squid-2.6.STABLE4 (23 Sep 2006)
1652
1653 - Bug #1736: Missing Italian translation of ERR_TOO_BIG error page
1654 - Windows port enhancement: added native exception handler with signal emulation
1655 - Fix the %un log_format tag again. Got broken in 2.6.STABLE2
1656 - Fix Squid crash when using %a in ERR_INVALID_REQ and ERR_INVALID_URL error messages.
1657 - Bug #212: variable %i always 0.0.0.0 in many error pages
1658 - Bug #1708: Ports in ACL accepts characters and out of range
1659 - Bug #1706: Squid time acl accepts invalid time range.
1660 - Fix another harmless fake_auth compiler warning on gcc 4.1.1 x86
1661 - Fix an harmless snmp_core.c compiler warning on gcc 4.1.1 x86
1662 - Bug #1744: squid-2.6.STABLE3 - fakeauth_auth crashing on certain requests
1663 - Bug #1746: Harmless off by one overrun in ncsa_auth md5 password validation
1664 - Bug #1598: start_announce cannot be disabled
1665 - Periodically flush cache.log to disk when "buffered_logs on" is set
1666 - Numerous COSS improvements and fixes
1667 - Windows port: merge of MinGW support
1668 - Windows port: Merged Windows threads support into aufs
1669 - Bug #1759: Windows port cachemgr.cgi attempts to write to file system root directory
1670 - Numerous portability fixes
1671 - Various minor statistics cleanup on 64-bit hosts with more than 4GB of memory
1672 - Bug #1758: HEAD on ftp:// URLs always returned 200 OK.
1673 - Bug #1760: FTP related memory leak
1674 - Bug #1770: WCCP2 weighted assignment
1675 - Bug #1768: Redundant DNS PTR lookups
1676 - Bug #1696: Add support for wccpv2 mask assignment
1677 - Bug #1774: ncsa_auth support for cramfs timestamps
1678 - Bug #1769: near-hit and filedescriptor usage missing in SNMP MIB
1679 - Bug #1725: cache_peer login=PASS documentation somewhat confusing
1680 - Bug #1590: Silence those ETag loop warnings
1681 - Bug #1740: Squid crashes on certain malformed HTTP responses
1682 - Bug #1699: assertion failed: authenticate.c:836: "auth_user_request != NULL"
1683 - Improve error reporting on unexpected CONNECT requests in accelerator mode
1684 - Cosmetic change to increase cache.log detail level on invalid requests
1685 - Bug #1229: http_port and other directives accept invalid ports
1686 - Reject http_port specifications using both transparent and accelerator options
1687 - Cosmetic cleanup to not dump stacktraces on configuration errors
1688
1689
1690Changes to squid-2.6.STABLE3 (18 Aug 2006)
1691
1692 - Bug #1577: assertion failed "fm->max_n_files <= (1 << 24)" on
1693 very large cache_dir. Limit number of objects stored to slightly
1694 less to avoid this.
1695 - Bug #1705: Correct error message on invalid time weekday specification
1696 - Don't attempt to guess netmask in src/dst acl specifications
1697 if none was provided. Assume it's an IP even if it ends in 0
1698 - Bug #1665: log_format %ue, %us tags for external or ssl user id
1699 - Bug #1707: delay pools often ignored the set limit
1700 - Bug #1716: Support for recent OpenSSL 0.9.7 versions
1701 (0.9.8 always worked)
1702 - COSS fixes and performance improvements
1703 - Memory leak when reading configuration files with overlapping
1704 ACL data where squid -k parse complains.
1705 - Memory leak related to pinned connections
1706 - Show include acls unexpanded in cachemgr configuration dumps
1707 - Fixed WARNING defer handler for HTTP Socket does not call commDeferFD
1708 - Bug #1304: Downloads may hang when using the cache_dir max-size option
1709 - Optimization of network I/O
1710 - Bug #1730: make problem with --enable-follow-x-forwarded-for on Solaris
1711 - Fixed a memory leak on certain invalid requests
1712 - Bug #1733: ERR_CANNOT_FORWARD Portuguese translation update
1713 - Bug #582: ntlm fake_auth not handles non-ascii login names
1714 - New startup message indicating the type of event loop used
1715 - Bug #1602: TCP fallback on truncated DNS responses
1716 - Bug #1667: assertion failed: store.c:1081: "e->store_status == STORE_PENDING"
1717 - Bug #1723: cachemgr now works in accelerator mode
1718
1719Changes to squid-2.6.STABLE2 (31 Jul 2006)
1720
1721 - WCCP2 doesn't update statCounter.syscalls.sock.sendtos counter.
1722 - Releasenotes Table of contents should use relative links without
1723 filename.
1724 - Reject HTTP/0.9 formatted CONNECT requests.
1725 - Cosmetic cleanup to use safe_free instead of xfree + manual
1726 assign to NULL
1727 - Bug #1650: transparent interception "Unable to forward this
1728 request at this time"
1729 - Bug #1658: Memory corruption when using client-side SSL certificates
1730 - Add storeRecycle; a storeIO method to delete a StoreEntry w/out
1731 deleting the underlying object.
1732 - Many COSS fixes and new coss data dumper utility for diagnostics
1733 - Bug #1669: SEGV in storeAddVaryReadOld
1734 - Many fixes in debug sections and spelling of debug messages
1735 - Don't keep client connection persistent if there was a mismatch in
1736 the response size.
1737 - Move eventCleanup debug messages to debug level 2 (was 0)
1738 - Add the missing concurrency parameters to basic and digest auth
1739 schemes
1740 - Bug #1670: assertion failure: i->prefix_size > 0 in client_side.c:2509
1741 - Log SSL user id in the custom log User name format (%un)
1742 - Bug #1653: Username info not logged into Cachemgr active_requests
1743 statistics
1744 - Added to the redirectors interface the support for SSL client
1745 certificate
1746 - squid.conf.default cleanup to remove references to old options
1747 - Fix many filedescriptors in combination with TPROXY
1748 - Fix connection pinning in transparently intercepted connections
1749 - Bug #1679: LDFLAGS not honored in some programs.
1750 - Minor cleanup of port numbers in transparent interception or
1751 vhost + vport
1752 - Bug #1671: transparent interception fails with FreeBSD ipfw or
1753 Linux-2.2 ipchains
1754 - Bug #1660: Accept-Encoding related memory corruption
1755 - Bug #1651: Odd results if url_rewriter defined multiple times
1756 - Bug #1655: Squid does not produce coredumps under linux when
1757 started as root
1758 - Bug #1673: cache digests not served to other caches
1759 - Cleanup of Linux capability code used by tproxy
1760 - Bug #1684: xstrdup: tried to dup a NULL pointer!
1761 - Bug #1668: unchecked vsnprintf() return code could lead to log
1762 corruption
1763 - Bug #1688: Assertion failure in HttpHeader.c in some header_access
1764 configurations
1765 - Cygwin support fir --disable-internal-dns
1766 - Silence those annoying sslReadServer: Connection reset by peer
1767 errors.
1768 - Bug #1693: persistent connections broken in transparent
1769 interception mode
1770 - Bug #1691: multicast peering issues
1771 - Bug #1696: Correct WCCP2 processing of router capability info
1772 segments
1773 - Bug #1694: Assertion failure in mgr:config if using
1774 access_log_format %<h
1775 - Bug #1677: Duplicate etags in the If-None-Match header
1776 - Bug #1665: access_log_format codes for login names from external
1777 acl or ssl
1778 - Bug #1681: All ntlmauthenticator processes are busy
1779 - Added ARP acl support for OpenBSD and ARP fixes for Windows
1780 - Bug #1700: WCCP fails on FreeBSD (Unable to disconnect WCCP out
1781 socket)
1782 - WCCP2 correct dampening of assign buckets when there it lots of
1783 changes
1784 - minimum_expiry_time to tune the magic 60 seconds limit of what
1785 is considered cachable when the object doesn't have any cache
1786 validators.
1787 - Bug #1703: wrong path to diskd helper corrected, and config
1788 parser extended to trap incorrect paths early
1789 - Bug #1703: COSS failed to initialize async-io threads
1790 - Bug #1703: should abort if diskd helper exits unexpectedly
1791 - Bug #1702: Warn if acl name is too long
1792 - Bug #1685: Crashes or other odd results after storeSwapMetaUnpack: errors
1793 - wccp2_rebuild_wait directive to delay registering with WCCP until the
1794 - Bug #1662: Infinite loop in external acl with grace period if the
1795 same http_access line had multiple external acls
1796
1797Changes to squid-2.6.STABLE1 (1 Jul 2006)
1798
1799 - New --enable-default-hostsfile configure option
1800 - Added username info to active_requests cachemgr stats
1801 - Modified squid MIB to incorporate squid.conf visible_hostname
1802 - Added multi-line capability in squid.conf
1803 - Added new httpd_suppress_version_string configuration directive
1804 - WCCPv2 support
1805 - Negotiate authentication scheme support
1806 - NTLM authentication scheme rewritten
1807 - Customizable access log formats
1808 - Selective access logging
1809 - Access logging via syslog
1810 - Reverse proxy enhancements, with new cache_peer based forwarding
1811 model.
1812 - LDAP based Digest helper (Note: not true LDAP integration, just using
1813 LDAP for storage of the Digest hashes)
1814 - Improved helper communication protocol
1815 - External ACL improvements. %PATH, log=, grace=, and more..
1816 - Improved SSL support with hardware offload, client certificate
1817 support (primitive), chained certificates and numerous bug fixes
1818 - DNS lookups now use the search path from /etc/resolv.conf or
1819 the Windows registry
1820 - Linux epoll support
1821 - collapsed forwarding to optimize reverse proxies or other
1822 setups having very many clients going to the same URL
1823 - New improved COSS implementation
1824 - Optional support for blank passwords
1825 - The old and obsolete Samba-2.2.X winbind helpers have been removed
1826 - external acls now uses the simplified URL-escaped protol "3.0" by
1827 default.
1828 - Linux TPROXY support
1829 - Support for proxying of Microsoft Integrated Login by adding
1830 support for the deviations from the HTTP protocol required
1831 to support these authentication mechanisms
1832 - Added the capability to run as a Windows service under Cygwin
1833 - CARP now plays well with the other peering algorithms
1834 - read_ahead_gap option to read ahead more than 16KB of the reply
1835 - check_hostnames and allow_underscore squid.conf options
1836 - http_port is now optional, allowing for SSL only operation
1837 - Full ETag/Vary support, caching responses which varies with
1838 request details (browser, language etc).
1839 - umask now defaults to 027 to protect the content of cache and
1840 log files from local users
1841 - HTCP support for access control and the CRL operation for
1842 purgeing of cache content
1843 - Optionally follow X-Forwarded-For headers to determine the original
1844 client IP behind sedond level proxies
1845 - FreeBSD kqueue support
1846
1847Changes to squid-2.5.STABLE14 (20 May 2006)
1848 - [Minor] icons not displayed when visible_hostname is a
1849 short hostname (without domain). (Bug #1532)
1850 - [Medium] Memleak in HTCP client code (default disabled)
1851 (Bug #1553)
1852 - [Major] memory leak in ident processing (Bug #1557)
1853 - [Medium] Memory leak in header processing related to external_acl
1854 header detail format tag (Bug #1564)
1855
1856Changes to squid-2.5.STABLE13 (12 Mar 2006)
1857 - [Minor] Fails to compile on Solaris and some other platforms
1858 with undefined reference to setenv (Bug #1435)
1859 - [Cosmetic] Added WebDAV REPORT method to know HTTP methods list
1860 - [Minor] Squid ntlm_auth (not the Samba provided one) giving
1861 odd results if --enable-ntlm-fail-open is used (Bug #1022)
1862 - [Minor] wbinfo_group.pl doesn't work with Samba 3.0.21 and later
1863 (Bug #1472)
1864 - [Minor] Squid crash when asyncio function counters url accessed
1865 from Cachemgr CGI (Bug #1464)
1866 - [Cosmetic] Linux compile warning about prctl called with too few
1867 arguments (Bug #1483)
1868 - [Minor] Wrong timezone declaration for 64 bit Irix (Bug #1479)
1869 - [Minor] Some 206 responses logged incorrectly (Bug #1511)
1870 - [Minor] Issues in processing ranges on objects >2GB (Bug #437)
1871 - [Cosmetic] Segmentation fault on empty proxy_auth ACLs (Bug #1414)
1872 - [Minor] Ident access lists don't work in delay_access statements
1873 (Bug #1428)
1874 - [Minor] Some clients support NTLM even if not initially negotiating
1875 persistent connections (Bug #1447)
1876 - [Medium] 504 Gateway Time-out on FTP uploads (Bug #1459)
1877 - [Medium] delay pools given too much bandwidht after "-k reconfigure"
1878 (Bug #1481)
1879 - [Cosmetic] New persistent_connection_after_error configuration
1880 directive (Bug #1482)
1881 - [Cosmetic] Hangs at 100% CPU if /dev/null is not accessible (Bug
1882 #1484)
1883 - [Minor] Fails to compile on Fedora Core 5 test 2 x86_64 (Bug #1492)
1884 - [Cosmetic] Typo in ftp.c (Bug #1507)
1885 - [Cosmetic] Error in FTP listings of files with -> in their name
1886 (Bug #1508)
1887 - [Cosmetic] With Squid-2.5 there is no more the DUPLICATE IP logging
1888 in cache.log (Bug #779)
1889 - [Minor] Fails to process long host names (Bug #1434)
1890 - [Cosmetic] Azerbaijani errors translation (Bug #1454)
1891 - [Cosmetic] misleading error message message for bad/unresolveable
1892 cache_peer name (Bug #1504)
1893 - [Cosmetic] confusing statistics on stateful helpers (NTLM auth)
1894 (Bug #1506)
1895 - [Major] connstate memory leak (Bug #1522)
1896
1897Changes to squid-2.5.STABLE12 (22 Oct 2005)
1898
1899 - [Major] Error introduced in 2.5.STABLE11 causing truncated responses
1900 when using delay pools (Bug #1405)
1901 - [Cosmetic] Document that tcp_outgoing_* works badly in combination
1902 with server_persistent_connections (Bug #454)
1903 - [Cosmetic] Add additinal tracing to squid_ldap_auth making
1904 diagnostics easier on squid_ldap_auth configuration errors
1905 (Bug #1395)
1906 - [Minor] $HOME not set when started as root (Bug #1401)
1907 - [Minor] httpd_accel_single_host breaks in combination with
1908 server_persistent_connections (Bug #1402)
1909 - [Cosmetic] Setting CACHE_HTTP_PORT to configure was only partially
1910 implemented, effectively ignored. (Bug #1403)
1911 - [Minor] CNAME based DNS addresses could get cached for longer
1912 than intended (Bug #1404)
1913 - [Minor] Incorrect handling of squid-internal-dynamic/netdb exchanges
1914 in transparently intercepting proxies (Bug #1410).
1915 - [Minor] Cache revalidations on HEAD requests causing poor cache
1916 hit ratio (Bug #1411).
1917 - [Minor] Not possible to send 302 redirects via a redirector in
1918 response to CONNECT requests (bug #1412)
1919 - [Minor] Incorrect handling of Set-Cookie on cache refreshes (Bug
1920 #1419)
1921 - [Major] Segmentation fault crash in rfc1738_do_escape (Bug #1426)
1922 - [Minor] Delay pools class 3 fails on clients in network 255
1923 (Bug #1431)
1924
1925Changes to squid-2.5.STABLE11 (22 Sep 2005)
1926
1927 - [Minor] Workaround for servers sending double content-length headers
1928 (Bug #1305)
1929 - [Cosmetic] Updated Spanish error messages by Nicolas Ruiz
1930 - [Cosmetic] Date header corrected on internal objects (icons etc)
1931 (Bug #1275)
1932 - [Minor] squid -k fails in combination with chroot after patch for
1933 bug 1157 (Bug #1307)
1934 - [Cosmetic] Segmentation fault if compiled with
1935 --enable-ipf-transparent but denied access to the NAT device.
1936 (Bug #1313)
1937 - [Minor] httpd_accel_signle_host incompatible with redireection
1938 (Bug #1314)
1939 - [Minor] squid -k reconfigure internal corruption if the type of
1940 a cache_dir is changed (Bug #1308)
1941 - [Minor] SNMP GETNEXT fails if the given OID is outside the Squid MIB
1942 (Bug #1317)
1943 - [Minor] Title in FTP listings somewhat messed up after previous
1944 patch for bug 1220 (Bug #1220)
1945 - [Minor] FTP listings uses "BASE HREF" much more than it needs to,
1946 confusing authentication. (Bug #1204)
1947 - [Minor] winfo_group.pl only looked for the first group if multiple
1948 groups were defined in the same acl. (Bug #1333)
1949 - [Cosmetic] Compiler warnings on some 64-bit platforms (Bug #1316)
1950 - [Cosmetic] Removed some debug output from wb_ntlm_atuh (Bug #518)
1951 - [Cosmetic] The new --with-build-environment=... option doesn't work
1952 - [Cosmetic] New 'mail_program' configuration option in squid.conf
1953 - [Minor] Fails to compile with ip-filter and ARP support on Solaris
1954 x86 (Bug #199)
1955 - [Major] Segmentation fault in sslConnectTimeout (Bug #1355)
1956 - [Medium] assertion failed in StatHist.c:93 (Bug #1325)
1957 - [Minor] More chroot_dir and squid -k reconfigure issues (Bug #1331)
1958 - [Cosmetic] Invalid URLs in error messages when failing to connect
1959 to peer, and a few other inconsistent error messages (Bug #1342)
1960 - [Cosmetic] Fails to compile with glibc -D_FORTIFY_SOURCE=2
1961 (Bug #1344)
1962 - [Minor] Some odd FTP servers respond with 250 where 226 is expected
1963 (Bug #1348)
1964 - [Cosmetic] Greek translation of error messages (Bug #1351)
1965 - [Major] Assertion failed store_status == STORE_PENDING (Bug #1368)
1966 - [Minor] squid_ldap_auth -U does not work (Bug #1370)
1967 - [Minor] SNMP cacheClientTable fails on "long" IP addresses
1968 (Bug #1375)
1969 - [Minor] Solaris Sparc + IP-Filter compile error (Bug #1374)
1970 - [Minor] E-mail sent when cache dies is blocked from many antispam
1971 rules (Bug #1380)
1972 - [Minor] LDAP helpers does not work with TLS (-Z option) (Bug #1389)
1973 - [Cosmetic] Incorrect store dir selection debug message on objects
1974 larger than 2Gigabyte (Bug #1343)
1975 - [Cosmetic] header_id enum misused as an signed integer (Bug #1343)
1976 - [Cosmetic] Allow leaving core dumps when started as root (Bug #1335)
1977 - [Medium] Clients could bypass delay_pool settings by faking a cache
1978 hit request (Bug #500)
1979 - [Minor] IP-Filter 4.X support (Bug #1378)
1980 - [Medium] Odd results on pipelined CONNECT requests
1981 - [Major] Squid crashing with "FATAL: Incorrect scheme in auth header"
1982 when using NTLM authentication.
1983 - [Cosmetic] Odd results when pipeline_prefetch is combined with NTLM
1984 authentication (bug #1396)
1985 - [Minor] invalid host was processed as IP 255.255.255.255 in dst acl
1986 (Bug #1394)
1987 - [Cosmetic] New --with-maxfd=N configure option to override build
1988 time filedescriptor limit test
1989 - [Minor] Added support for Windows code name "Longhorn" on Cygwin.
1990
1991Changes to squid-2.5.STABLE10 (17 May 2005)
1992
1993 - [Minor Security] Fix race condition in relation to old Netscape
1994 Set-Cookie specifications
1995 - [Minor] Fails to parse D.J. Bernstein's FTP EPLF ftp listing
1996 format and PASV resposes (Bug #1252)
1997 - [Medium] BASE HREF missing on ftp directory URLs without /
1998 (Bug #1253)
1999 - [Minor security] confusing http_access results on configuration
2000 error (Bug #1255)
2001 - [Cosmetic] More robust Date parser (Bug #321)
2002 - [Minor] reload_with_ims fails to refresh negatively cached objects
2003 (Bug #1159)
2004 - [Cosmetic] delay_access description clarification (Bug #1245)
2005 - [Cosmetic] Check for integer overflow in size specifications in
2006 squid.conf (Bug #1247)
2007 - [Cosmetic] bzero is a non-standard function not available on all
2008 platforms (Bug #1256)
2009 - [Cosmetic] Compiler warnings if pid_t is not an int (Bug #1257)
2010 - [Cosmetic] Incorrect use of ctype functions (Bug #1259)
2011 - [Cosmetic] Defer digest fetch if the peer is not allowed to be used
2012 (Bug #1261)
2013 - [Minor] Duplicate content-length headers logged incorrectly or
2014 not cleaned up properly (Bug #1262)
2015 - [Cosmetic] Extend relaxed_header_parser to work around "excess
2016 data from" errors from many major web servers. (Bug #1265)
2017 - [Minor] Add HTTP headers to a netdb error messages
2018 - [Minor] Multiple minor aufs issues (Bug #671)
2019 - [Minor] Basic authentication fails with very long logins or
2020 password (Bug #1171)
2021 - [Minor] CONNECT requests truncated if client side disconnects first
2022 (Bug #1269)
2023 - [Minor] --disable-hostname-checks configure option did not work
2024 - [Cosmetic] LDAP helpers adjusted to compile with SUN LDAP SDK
2025 - [Cosmetic] aufs warning about open event filedescriptors on shutdown
2026 - [Medium] Failed to process requests for files larger than 2GB in size
2027 - [Cosmetic] rename() related cleanup
2028 - [Cosmetic] New cachemgr pending_objects and client_objects actions
2029 - [Cosmetic] external acls requiring authentication did not request
2030 new credentials on access denials like proxy_auth does.
2031 - [Cosmetic] Syslog facility now configurable via command line options.
2032 - [Cosmetic] New %a error page template code expanding into the
2033 authenticated user name. (Bug #798)
2034 - [Minor] IP-Filter 4.0 support in --enable-ipf-transparent
2035 - [Minor] Support interception of multiple ports
2036 - [Cosmetic] Allow "squid -k ..." to run even if the local hostname
2037 can not be determined (Bug #1196)
2038 - [Cosmetic] Configuration file parser now handles DOS/Windows formatted
2039 configuration files with CRLF lineendings proper.
2040 - [Minor] Unrecognized Cache-Control directives now forwarded properly
2041 (Bug #414)
2042 - [Minor] Authentication helpers now returns useable information
2043 in the %m error page macro on failed authentication (Bug #1223)
2044 - [Minor] pid file management corrected in chroot use (Bug #1157)
2045 - [Minor Security] Fix for CVE-1999-0710: cachemgr malicouse use.
2046 cachemgr.cgi now reads a config file telling which proxy servers
2047 it can administer.
2048 - [Minor] aufs statistics improvements
2049 - [Minor] SNMP bugfixes and support for SNMPv2(c) (Bug #1288, #1299)
2050 - [Minor] ARP acl documentation and cachemgr config dump corrections
2051 - [Minor] dstdomain/dstdom_regex acls now allow matching of numeric
2052 hostnames in addition to the reverse lookup of the domain name.
2053 - [Security] Internal DNS client hardened against spoofing
2054
2055Changes to squid-2.5.STABLE9 (24 Feb 2005)
2056
2057 - [Medium] Don't retry requests on 403 errors (Bug #1210)
2058 - [Minor] Ignore invalid FQDN DNS responses (Bug #1222)
2059 - [Minor] cache_peer related memory leaks on reconfigure (Bug #1246)
2060 - [Cosmetic] Adjusted to build cleanly with GCC-4 (Bug #1211)
2061 - [Minor] relaxed_header_parser extended to work around even more
2062 broken web servers (Bug #1242)
2063 - [Minor] FTP gatewaying URLs cleaned up slightly, mainly to work
2064 better with Mozilla but also to improve security slightly on
2065 non-anonymous FTP.
2066 - [Minor] High characters allowed un-encoded in FTP and Gopher
2067 listings to allow the user-agent to display data in non-iso8859-1
2068 charsets. (Bug #1220)
2069 - [Cosmetic] format fixes to silence compiler warnings on many
2070 platforms.
2071 - [Major] Assertion failures on certain odd DNS responses (Bug #1234)
2072
2073Changes to squid-2.5.STABLE8 (11 Feb 2005)
2074
2075 - [Minor] 100% CPU usage on half-closed PUT/POST requests (Bug #354,
2076 #1096)
2077 - [Cosmetic] Document -v (protocol version) option to LDAP helpers
2078 - [Minor] The new req_header and resp_header acls segfaults
2079 immediately on parse of squid.conf (Bug #961)
2080 - [Minor] Failure to shut down busy helpers on -k rotate/reconfigure
2081 (Bug #1118)
2082 - [Minor] Don't use O_NONBLOCK on disk files. (Bug #1102)
2083 - [Minor] Squid fails to close TCP connection after blank HTTP
2084 response (Bug #1116)
2085 - [Minor security] Random error messages in response to malformed
2086 host name (Bug #1143)
2087 - [Minor] PURGE should not be able to delete internal objects
2088 (Bug #1112)
2089 - [Minor] httpd_accel_port 0 (virtual) not working correctly (Bug
2090 #1121)
2091 - [Minor] cachemgr vm_objects segfault (Bug #1149)
2092 - [Minor security] Confusing results on empty acl declarations (Bug
2093 #1166)
2094 - [Minor] Don't close all "other" filedescriptors on startup (Bug
2095 #1177)
2096 - [Minor] fakeauth_auth memory leak and NULL pointer access (Bug
2097 #1183)
2098 - [Security] buffer overflow bug in gopherToHTML() (Bug #1189)
2099 - [Medium security] Denial of service with forged WCCP messages
2100 (Bug #1190)
2101 - [Minor] DNS related memory leak on certain malformed DNS responses
2102 (Bug #1197)
2103 - [Minor] Internal DNS sometimes truncates host names in reverse
2104 (PTR) lookups (Bug #1136)
2105 - [Minor Security] Add sanity checks on LDAP user names (Bug #1187)
2106 - [Security] Harden Squid against HTTP request smuggling attacks
2107 - [Minor] Icon URLs fails in non-anonymous FTP directory listings is
2108 short_icon_urls is on (Bug #1203)
2109 - [Security] Harden Squid against HTTP response splitting attacks
2110 (Bug #1200)
2111 - [Medium security] Buffer overflow in WCCP recvfrom() call
2112 (Bug #1217)
2113 - [Security] Properly handle oversized reply headers (Bug #1216)
2114 - [Minor] LDAP helpers search fixed to properly ask for no attributes
2115 - [Minor] A sporadic segmentation fault when using ntlm authentication
2116 fixed (Bug #1127)
2117 - [Major] Segmentation fault on failed PUT/POST requests (Bug #1224)
2118 - [Medium] Persistent connection mismatch on failed PUT/POST request
2119 (Bug #1122)
2120 - [Minor] WCCP easily disturbed by forged packets (Bug #1225)
2121 - [Minor] Password management in ftp:// gatewaying improved (Bug #1226)
2122 - [Major] HTTP reply data corruption in certain situations involving
2123 reply headers split over multiple packets (Bug #1233)
2124
2125Changes to squid-2.5.STABLE7 (11 Oct 2004)
2126
2127 - [Medium] No objects cached in ufs cache_dir type in some
2128 configurations. Issue introduced in 2.5.STABLE6 by the patch for
2129 Bug #676. (Bug #1011)
2130 - [Minor] LDAP helpers update to correct LDAP connection management
2131 and add support for literal password compare instead of binding
2132 - [Minor] A large number of queued DNS lookups for the same domain
2133 (Bug #852)
2134 - [Cosmetic] request_header_max_size configuration partly ignored
2135 (Bug #899)
2136 - [Minor] Partial hit results in TCP_HIT, not TCP_MISS. (Bug #1001)
2137 - [Cosmetic] HEAD requests may return stale information
2138 (Bug #1012)
2139 - [Cosmetic] Warn if cache_dir ufs can not create files. (Bug #918)
2140 - [Minor] case insensitive authentication (Bug #431)
2141 - [Cosmetic] Add delay pools information to active_requests. (Bug
2142 #882)
2143 - [Minor] Apparent memory leak in client_db (Bug #833)
2144 - [Minor] NTLM authentication truncated causing failures. (Bug
2145 #1016)
2146 - [Cosmetic] Grammatical corrections in squid.conf.default
2147 - [Cosmetic] Unknown %X errorpage codes incorrectly quoted. (Bug
2148 #1030)
2149 - [Medium] Segfaults and other strange crashes when using heap
2150 policies. (Bug #1009)
2151 - [Minor] Supplementary group memberships not set (Bug #1021)
2152 - [Cosmetic] ERR_TOO_BIG Portuguese translation
2153 - [Minor] external_acl does not handle newlines (Bug #1038)
2154 - [Major] NTLM authentication denial of service when using msnt_auth
2155 or fake_auth (Bug #1045)
2156 - [Medium] Memory leaks when using NTLM authentication without
2157 challenge reuse. (Bug #994)
2158 - [Minor] Temporary NTLM memory leak with challenge reuse enabled
2159 (Bug #910)
2160 - [Minor] assertion failed: "n_ufs_dirs <=
2161 Config.cacheSwap.n_configured". (Bug #1053)
2162 - [Minor] Segfault in authenticateDigestHandleReply. (Bug #1031)
2163 - [Minor] acl time fails to parse multiple time specifications
2164 (Bug #1060)
2165 - [Minor] cachemgr config dumps mixed up Range and Request-Range
2166 headers in http_header_access & replace directives. (Bug #1056)
2167 - [Minor] Content-Disposition added as a well known header (Bug #961)
2168 - [Cosmetic] Don't warn about arp acls not being supported on FreeBSD
2169 (Bug #1074)
2170 - [Cosmetic] Limit internal send/receive buffer sizes (Bug #1075)
2171 - [Medium] New acl types to match arbitrary HTTP headers. In addition
2172 the http_header_access & replace directives now support arbitrary
2173 headers and not only the well known ones. (Bug #961)
2174 - [Cosmetic] ncsa_auth now accepts Window formatted password files
2175 (Bug #1078)
2176 - [Cosmetic] Support the --program-prefix/suffix options or other
2177 configure program name transforms (Bug #1019)
2178 - [Minor] Fix race condition in CONNECT and also handle aborts of
2179 CONNECT requests in a more graceful manner. (Bug #859)
2180 - [Minor] New balance_on_multiple_ip directive to work around certain
2181 broken load balancers and optimized ipcache on reload requests
2182 (Bug #1058)
2183 - [Medium] New reply_header_max_size directive
2184 (Bug #874)
2185 - [Minor] Suspected instability on aborted PUT/POST requests
2186 (Bug #1089)
2187 - [Security] SNMP Denial of Service fix (CAN-2004-0918)
2188
2189Changes to squid-2.5.STABLE6 (9 Jul 2004)
2190
2191 - Bug #937: NTLM assertion error "srv->flags.reserved"
2192 - Bug #935: squid_ldap_auth can be confused by the use of reserved
2193 characters
2194 - Helper queue warnings imprecise on the number of helpers required
2195 - squid_ldap_auth TLS mode works correctly again
2196 - Bug #940, #305: pkg-config support for finding correct OpenSSL
2197 compile flags
2198 - Bug #426: "Vary: *" is ignored
2199 - 100% CPU usage on Linux-2.2
2200 - Version number should not include -CVS if autoconf is run
2201 - Bug #947: deny_info redirection with requested URL escaped wrongly
2202 - Bug #495: CONNECT timeout should produce a 504 or 503
2203 - Bug #956: cache_swap_log documentation referred to swap.state by
2204 it's old swap.log name
2205 - ntlm/auth_ntlm.c(683): warning #187: use of "=" where "==" may
2206 have been intended
2207 - Bug #962: rfc1035NameUnpack: Assertion (*off) < sz failed
2208 - Bug #954: Segment violation when using a blank user name in digest
2209 authentication
2210 - Bug #943: assertion failed: errorpage.c:292: "mem->inmem_hi == 0"
2211 - Spelling corrections in configure and squid.conf.default
2212 - The meaning of ERR in digest helper protocol clarified in the
2213 squid.conf documentation
2214 - Bug #950: Spelling error in Turkish ERR_DNS_FAIL
2215 - Bug #616: Negative cached 404 replies with VARY header never matched
2216 - Bug #968: range_offset_limit -1 KB rejected as invalid syntax
2217 due to a shortcoming in the fix to bug #817
2218 - Bug #570: Very large cache_mem values reported wrongly in cache.log
2219 - Bug #676: store_dir_select_algorithm least-load doesn't work for
2220 ufs cache_dir type
2221 - Bug #946: cacheCurrentUnlinkRequests should be a counter, not gauge
2222 - Bug #948: Show client ip in cache.log debug output
2223 - Bug #960: compilation issue on OpenBSD/m88k
2224 - Bug #969: FTP directory listing HTML DOCTYPE misread by some tools
2225 - Bug #991: dns_servers should default to localhost if no resolv.conf
2226 - Bug #717: msnt_auth documentation update
2227 - Bug #753: Segfault in memBufVPrintf on certain architectures
2228 requiring va_copy
2229 - Bug #941: Negative size in access.log on long running CONNECT
2230 requests
2231 - Bug #972: Segmentation fault after "Likely proxy abuse detected"
2232 - Bug #981: sasl_auth updated to work with SALS2
2233 - Overflow bug in Squid's ntlm_auth helper used for transparent NTLM
2234 authentication to a NT domain without using Samba.
2235
2236Changes to squid-2.5.STABLE5 (1 Mar 2004):
2237
2238 - cache.log message on "squid -k reconfigure" was slightly confusing,
2239 claiming Squid restarted when it just reread the configuration.
2240 - Bug #787: digest auth never detects password changes
2241 - Bug #789: login with space confuses redirector helpers
2242 - Bug #791: FQDNcache discards negative responses when using
2243 internal DNS
2244 - pam_auth fails on Solaris when using pam_authtok_get. Persistent
2245 PAM connections are unsafe and now disabled by default.
2246 - auth_param documentation clarifications and added default realm
2247 values making only the helper program a required attribute
2248 - Bug #795: German ERR_DNS_FAIL correction
2249 - Bug #803: Lithuanian error messages update
2250 - Bug #806: Segfault if failing to load error page
2251 - Bug #812: Mozilla/Netscape plugins mime type defined (.xpi)
2252 - Bug #817: maximum_object_size too large causes squid not to cache
2253 - Bug #824: 100% CPU loop if external_acl combined with separate
2254 authentication acl in the same http_access line
2255 - squid_ldap_group updated to version 2.12 with support for ldaps://
2256 (LDAPv2 over SSL) and a numer of other improvements.
2257 - Bug #799: positive_dns_ttl ignored when using internal DNS.
2258 - Bug #690: Incorrect html on empty Gopher responses
2259 - Bug #729: --enable-arp-acl may give warning about net/route.h
2260 - Bug #14: attempts to establish connection may look like syn flood
2261 attack if the contacted server is refusing connections
2262 - errorpage README files included in the distribution again showing
2263 who contributed which translation
2264 - Bug #848: connect_timeout connect_timeout ends up twice the length.
2265 forward_timeout option added to address this.
2266 - Bug #849: DNS log error messages should report the failed query
2267 - Bug #851: DNS retransmits too often
2268 - Bug #862: Very frequently repeated POST requests may cause a
2269 filedescriptor shortage due to persitent connections building up
2270 - Bug #853: Sporatic segmentation faults on aborted FTP PUT requests
2271 - Bug #571: Need to limit use of persistent connections when
2272 filedescriptor usage is high
2273 - Bug #856: FTP/Gopher Icon URLs are unneededly complex and often
2274 does not work properly
2275 - Bug #860: redirector_access does not handle "slow" acls such as
2276 "dst" or "external" requiring a external lookup.
2277 - Bug #865: Persistent connection usage too high after sudden burst
2278 of traffic.
2279 - Bug #867: cache_peer max-conn=.. option does not work
2280 - Bug #868: refuses to start if pid_filename none is specified
2281 - Bug #887: LDAP helper -Z (TLS) option does not work
2282 - Bug #877: Squid doesn't follow telnet protocol on FTP control
2283 connections
2284 - Bug #908: Random auth popups and account lockouts when using ntlm
2285 - Support for NTLM_NEGOTIATE exchanges with ntlm helpers
2286 - Bug #585: cache_peer_access fails with NTLM authentication
2287 - Bug #592: always/never_direct fails with NTLM authentication
2288 - wbinfo_group update for Samba-3
2289 - Bug #892: helpers/ntlm_auth/SMB/ fails to compile on FreeBSD 5.0
2290 - Bug #924: miss_access restricts internal and cachemgr requests
2291 even if these are local
2292 - Bug #925: auth headers send by squidclient are mildly malformed
2293 - Bug #922: miss_access and delay_access and several other
2294 authentication related bug fixes.
2295 - Bug #909: Added ARP acl support for FreeBSD
2296 - Bug #926: deny_info with http_reply_access or miss_access
2297 - Bug #872: reply_body_max_size problems when using NTLM auth
2298 - Bug #825: random segmentation faults when using digest auth
2299 - Bug #910: Partial fix for temporary memory leaks when using NTLM
2300 auth. There is still problems if challenge reuse is enabled.
2301 - ftp://anonymous@host/ now accepted without requiring a password
2302 - Bug #594: several mime type updates (ftp:// related)
2303 - url_regex enhanced to allow matching of %00
2304
2305Changes to squid-2.5.STABLE4 (15 Sep 2003):
2306
2307 - Lithuanian error messages added to the distribution
2308 - Bug #660: segfauld if more than one custom deny_info line
2309 - cache_dir disd documentation cleanup
2310 - check open of /dev/null to avoid 100% CPU loop in badly
2311 configured chroot environments
2312 - documentation update on uri_whitespace to refer to the correct RFC
2313 - Bug #655: icmpRecv: recv: (11) Resource temporarily unavailable
2314 - Bug #683: external_acl does not wait for ident lookups to complete
2315 - aufs: Fix a minor use-after-free problem which could cause the
2316 count of opening filedescriptors to grow larger than it should
2317 - Syntax changes to make GCC-3.3 accept Squid without complaints
2318 - Warning if CARP server defined in incorrect load factor order
2319 - neighbor_type_domain documentation update
2320 - http_header_access now works when using cache peers
2321 - high_memory_warning now uses sbrk as fallback mechanism on
2322 platforms where neither mallinfo or mstats are available.
2323 - hosts_file now handles comments at the end of lines correcly
2324 - storeCheckCachable() Stats corrected for release_request and
2325 wrong_content_length.
2326 - cachePeerPingsSent MIB type corrected
2327 - unused minimum_retry_timeout directive removed
2328 - Bug #702: ERR_TO_BIG spanish translation
2329 - Bug #705: Memory leak on deny_info TCP_RESET
2330 - Code cleanup to fix compile error in httpHeaderDelById
2331 - Bug #699: Host header now forwarded exactly where it was in the
2332 original request to work around certain broken firewalls or
2333 load balancers which fail if this header is too far into the
2334 request headers.
2335 - Bug #704: Memory leak on reply_body_max_size
2336 - Bug #686: requests denied due to http_reply_access are now
2337 logged with TCP_DENIED (instead of TCP_MISS, etc).
2338 - Bug #708: ie_refresh now sends no-cache to have the reload
2339 request propagate properly in cache meshes
2340 - Bug #700: Crashes related to ftpTimeout: timeout in SENT_PASV state
2341 - Bug #709: cbdata.c:186: "c->valid" assertion due to peer
2342 digest not found
2343 - Bug #710: round-robin cache_dir selection incorrectly
2344 compares max-size.
2345 - Statistics corrections in HTTP header statitics
2346 - QUICKSTART cleanups
2347 - Bug #715: statCounter.syscalls.disk counters treated
2348 inconsistently. Now increment the counters in AUFS
2349 functions and for unlinkd.
2350 - Improvements to the (experimental) COSS storage scheme.
2351 - Bug #721: User name field in access.log sometimes blank
2352 - Bug #94: assertion failed: http.c: "-1 == cfd ||
2353 FD_SOCKET == fd_table[cfd].type"
2354 - Bug #716: assertion failed: client_side.c:1478: "size > 0"
2355 - Bug #732: aufs calculates number of threads and limits wrongly
2356 - Bug #663: Username not logged into access.log in case of /407
2357 - Bug #267: Form POSTing troubles with NTLM authentication
2358 and occationally in differen other error conditions.
2359 - Bug #736: ICP dynamic timeout algorithm ignores multicast.
2360 - Bug #733: No explicit error message when ncsa_auth can't access
2361 passwd file
2362 - Bug #267, #757: POST with NTLM stops after persistent connection
2363 timeout
2364 - Bug #742: Wrong status code on access denials if delay_access
2365 is used. Most notably 407 instead of 403 could be returned.
2366 - Bug #763: segfault if using ntlm in http_reply_access
2367 - Bug #638: assertion error if using proxy_auth in delay_access
2368 - Bug #756: segmentation fault if using ntlm proxy_auth in delay_access
2369 - The issue of reply_body_max_size limiting the size of error
2370 messages no longer applies.
2371 - external_acl_type concurrency= option renamed to children= to
2372 prepare for Squid-3 upgrades. Old syntax still accepted for the
2373 duration of the Squid-2.5 release.
2374 - number of filedescriptors rounded down to an even multiple of 64
2375 to work around issues in certain libc implementations.
2376 - winbind helpers less noisy in cache.log on restarts/shutdown.
2377 - Squid now automatically restarts helpers if too many of them
2378 have crashed.
2379
2380Changes to squid-2.5.STABLE3 (25 May 2003):
2381
2382 - Bug #573: Occational false negatives in external acl lookups
2383 - Bug #577: assertion failed: cbdata.c:224: "c->y == c" when
2384 external_acl helpers crashes
2385 - Bug #590: Squid may hang or behave oddly on shutdown while
2386 requests is being processed.
2387 - Bug #590: external acl lookups does not deal well with queue
2388 overload
2389 - cache_effective_user documentation update
2390 - cache_peer documentation update for htcp and carp
2391 - Bug #600: The example header_access paranoid setting is
2392 missing WWW-Authenticate
2393 - Bug #605: Segmentation fault in idnsGrokReply() on certain
2394 platforms
2395 - Fixes to build properly on AIX 5
2396 - Bug #574: wb_group updated to version 1.1 to make group names
2397 case insensitive and correct a segfault issue in the helper
2398 - SNMP mib updates to make cacheNumObjCount,
2399 cacheCurrentUnlinkRequests, cacheCurrentSwapSize and cacheClients
2400 correctly report as gauges (was reporting as counters).
2401 - Woraround for --enable-ssl Kerberos issue on RedHat 9
2402 - Bug #579: Close and repopen log files on "squid -k reconfigure"
2403 - Bug #598: squid_ldap_auth could segfault if LDAP server is
2404 unavailable
2405 - Bug #609,#612: msntauth helper fixes in dealing with large
2406 or non-existing allow/deny user files.
2407 - Bug #620: acl ident REQUIRED matches even if the ident lookup fails
2408 - Bug #432: reply_body_max_size fails with ident or proxy_auth acls
2409 and also fails to block large objects where the content-length
2410 is not known
2411 - Bug #606: Basic auth looping and gets stuck at high CPU usage when
2412 multiple proxy_auth ACLs combined in one line and login fails.
2413 - squid_ldap_auth updated with support for TLS and SSL
2414 - Bug #623: segfault if using negated external acls in certain
2415 configurations involving other acls later on the same http_access
2416 line.
2417 - Bug #622: wb_group helper update to version 1.2 to ass support for
2418 Domain-Qualified groups refering to groups in a specific domain
2419 - Bug #596: logic error in poll() error management
2420 - Bug #597: logic errors in error management
2421 - Bug #591: segmentation fault in authentication on "squid -k debug"
2422 - Bug #587: smb_auth fails on complex logins involving domain names
2423 or other odd characters
2424 - Bug #558, #587: smb_auth.pl fails on complex logins involving
2425 domain names or other odd characters
2426 - Bug #643: external_acl fails with ttl=0 due to a change introduced
2427 by the patch for Bug #553 in 2.5.STABLE2.
2428 - Bug #630: minor issues in digest authantication causing random
2429 authentication failures and incompability with many mainstream
2430 browser digest implementations due to browser qop bugs. To deal
2431 with those broken browser nonce_stricness now defaults to off,
2432 and two new digest options have been added (check_nonce_count
2433 and post_workaround) to allow workarounds to other quite bad
2434 browser bugs if needed.
2435 - Bug #644: digest authentication fails on requests with one
2436 or more comma in the requested URL
2437 - Bug #648: deny_info TCP_RESET not working. The fix for this also
2438 adds the ability to send redirects.
2439
2440Changes to squid-2.5.STABLE2 (Mars 17, 2003):
2441
2442 - Contrib files added back to the distribution
2443 - Several compiler warnings fixed when using --disable-ident or
2444 --disable-http-violations
2445 - authentication can now be used in most access controls, but
2446 must in most cases first be enforced in http_access to force
2447 the user to authenticate.
2448 - cleanups in the developer bootstrap.sh process when preparing
2449 the sources.
2450 - several squid.conf.default documentation updated to correctly
2451 refer to the current names when refering to other directives
2452 - authenticate_ip_ttl documentation updates
2453 - several assertion faults and segmentation violations corrected
2454 - the RunCache/RunAccel and squid.rc scripts updated to refer to
2455 the squid binary in sbin rather than the old bin location.
2456 - squid_ldap_auth command line processing fixes when specifying
2457 the LDAP server last on the line instead of -h option
2458 - aufs data corruption bugfix
2459 - aufs performance improvement for low traffic systems
2460 - aufs stability improvements
2461 - external_acl corrected to properly deal with quoted strings
2462 - WCCPv1 bugfix to make sure the router accepts the hash assignments
2463 - "Total accounted memory" now correctly reported in cachemgr
2464 - several small memory leaks (mostly reconfigure related)
2465 - new squid.conf option to allow GET/HEAD requests with a request
2466 entity
2467 - "make uninstall" no longer removes squid.conf
2468 - cachemgr.cgi now uses POST to avoid having the cachemgr password
2469 logged in the web server logs
2470 - authentication schemes which are known to not be proxyable are now
2471 filtered out from forwarded server replies to avoid that the clients
2472 tries to use such schemes when we know for a fact it won't work
2473 - spelling corrections in various error messages
2474 - now possible to define acl values with spaces in them
2475 by using the "include file" feature
2476 - squid_ldap_group updated to 2.10 to fix compilation issues with
2477 recent (and older) OpenLDAP libraries and to make the helper deal
2478 correctly with true LDAP groups by first looking up the user DN.
2479 - Some internal code cleanups
2480 - now verifies that programs etc exists iside the chroot directory
2481 when using chroot_dir. No longer neccesary to set up a split view
2482 environment where the same paths works both inside the chroot and
2483 outside just to convince Squid that the files is actually there..
2484 - improved memory usage reporting
2485 - --disable-hostname-checks configure option
2486 - no longer ignores double dots in host names. Any hostname with
2487 double dots is now rejected as invalid.
2488 - log_mime_hdrs no longer logs garbage if very long headers
2489 are seen.
2490 - 'select_fds_hist' object added to cachemgr 'histogram' output
2491 - pid file now unlinked when squid has really shut down, not
2492 immediately when the shutdown request is received. This allows
2493 the pid file to be monitored to determine when Squid has shut down
2494 properly
2495 - correct authentication scheme setups on some platforms or compilers
2496 - several squid.conf.default documentation updates to remove references
2497 to renamed or replaced directives by changing them to their current
2498 names.
2499 - the SSL reverse proxy support updated to allow building with
2500 OpenSSL 0.9.7 and and later.
2501 - Corrected a minor performance problem while processing HEAD replies
2502 from various broken web servers not sending a correct HTTP reply
2503 - time acls can now specify multiple times in the same acl name, like
2504 most other acl types.
2505 - winbind helpers updated to match Samba-2.2.7a and should
2506 work with Samba-2.2.6 or later (required). For compability with
2507 older Samba versions A new configure option --with-samba-sources=...
2508 has been added to allow you to specify which Samba version the
2509 helpers should be built for if different than the above versions.
2510 - Squid MIB definition syntax correction to work better with newer
2511 (and older) SNMP tools.
2512 - Fixed access.log format when logging "error:invalid-HTTP-ident" on
2513 requests where parsing the HTTP identifier (HTTP/1.0) failed.
2514 - "make distclean" no longer removes the icons, this avoids the
2515 dependency on "uudecode" to rebuild Squid after "make distclean"
2516 - User name returned by external acl lookups (external_acl_type)
2517 is now available as "ident" in later acl checks in addition to
2518 the logging in access.log.
2519 - Incorrect behaviour of Digest authentication partly corrected - it
2520 will not handle sessions, but will always enforce password
2521 correctness.. (patch submitted by Sean Burford).
2522 - Issue with persistent connections and PUT/POST request corrected
2523
2524Changes to squid-2.5.STABLE1 (September 25, 2002):
ddf1c0c4 2525
94439e4e 2526 - Major rewrite of proxy authentication to support other schemes
2527 than basic. First in the line is NTLM support but others can
a2794549 2528 easily be added (minimal digest is present). See Programmers Guide.
6437ac71 2529 (Robert Collins & Francesco Chemolli)
94439e4e 2530 - Reworked how request bodies are passed down to the protocols.
2531 Now all client side processing is inside client_side.c, and
2532 the pass and pump modules is no longer used.
3ff01c3e 2533 used by Squid.
722a4b40 2534 - Optimized searching in proxy_auth and ident ACL types. Squid should
2535 now handle large access lists a lot more efficiently.
05fbbc17 2536 (Francesco Chemolli)
e396d395 2537 - Fixed forwarding/peer loop detection code (Brian Degenhardt) -
2538 now a peer is ignored if it turns out to be us, rather than
2539 committing suicide
1224d740 2540 - Changed the internal URL code to obey appendDomain for internal
2541 objects if it needs appending. This fixes weirdnesses where
2542 a machine can think it is "foo.bar.com", and "foo" is requested.
2543 (Brian Degenhardt)
a2794549 2544 - Added the use of Automake to create the Makefile.in's in the squid
2545 source tree. This will allow libtool in the future, and immediately
2546 allows better dependency tracking - with or without gcc - as well
2547 as the dist-all and distcheck targets for developers which respectively
2548 build a tar.gz and a tar.bz2 distribution, and check that what will be
2549 distributed builds.
d6827718 2550 - Added TOS and source address selection based on ACLs,
2551 written by Roger Venning. This allows administrators to set
2552 the TOS precedence bits and/or the source IP from a set of
2553 available IPs based upon some ACLs, generally to map different
2554 users to different outgoing links and traffic profiles.
50821507 2555 - Added 'max-conn' option to 'cache_peer'
2556 - Added SSL gatewaying support, allowing Squid to act as a SSL server
2557 in accelerator setups.
4e2c57a0 2558 - SASL authentication helper by Ian Castle
6474667e 2559 - msntauth updated to v2.0.3
3e4057db 2560 - no_cache now applies to cache hits as well as cache misses
810118ab 2561 - the Gopher client in Squid has been significantly improved
05463204 2562 - Squid now sanity checks FTP data connections to ensure the
6474667e 2563 connection is from the requested server. Can be disabled if
05463204 2564 needed by turning off the ftp_sanitycheck option.
98858605 2565 - external acl support. A mechanism where flexible ACL checks
2566 can be driven by external helpers. See the external_acl_type
2567 and acl external directives.
3e4057db 2568 - Countless other small things and fixes
2d8d56b0 2569 - HTML pages generated by Squid or CacheMgr as well as the
2570 ERR documents now contain a doctype declaration so that
22567bb5 2571 browsers know which HTML specification the document uses.
2d8d56b0 2572 In addition to that they have a new look (background-color, font)
2573 and are valid according to the HTML standards at www.w3.org.
3ff01c3e 2574 (Clemens L ser)
9bbd1655 2575 - Login and password send to Basic auth helpers is now URL escaped
2576 to allow for spaces and other "odd" characters in logins and
2577 passwords
c90fbf46 2578 - Proxy Authentication is no longer blindly forwarded to peer
2579 caches if not used locally. If forwarding of proxy authentication
2580 is desired then it must now be configured with the login=PASS
2581 cache_peer option.
6474667e 2582 - Responses with Vary: in the header are now cached by squid.
1239cfea 2583 (Henrik Nordstrom).
3ff01c3e 2584 - Removed unused 'siteselect_timeout' directive.
c5bc64d3 2585
dde94193 2586Changes to Squid-2.4.STABLE7 (July 2, 2002):
2587
2588 - Squid now drops any requests using transfer-encoding.
2589 Squid is a HTTP/1.0 proxy and as such do not support
2590 the use of transfer-encoding.
2591 - The MSNT auth helper has been updated to v2.0.3+fixes for
2592 buffer overflow security issues found in this helper.
2593 - A security issue in how Squid forwards proxy authentication
2594 credentials has been fixed
2595 - Minor changes to support Apple MAC OS X and some other platforms
2596 more easily.
2597 - The client -T option has been implemented
2598 - HTCP related bugfixes in "squid -k reconfigure"
2599 - Several bugfixes and cleanup of the Gopher client, both
2600 to correct some security issues and to make Squid properly
2601 render certain Gopher menus.
2602 - FTP data channels are now sanity checked to match the address of
2603 the requested FTP server. This to prevent theft or injection of
2604 data. See the new ftp_sanitycheck directive if this is not desired.
2605 - Security fixes in how Squid parses FTP directory listings into HTML
2606
c5bc64d3 2607Changes to Squid-2.4.STABLE6 (March 19, 2002):
2608
722a4b40 2609 - The patch for 2.4.STABLE5 was insufficiently tested and
c5bc64d3 2610 introduced a bug that causes frequent assertions when
2611 handling DNS PTR answers.
2612
2613Changes to Squid-2.4.STABLE5 (March 15, 2002):
2614
2615 - Fixed an array bounds bug in lib/rfc1035.c. This bug
2616 could allow a malicious DNS server to send bogus replies
2617 and corrupt the heap memory.
2618
572b218d 2619Changes to Squid-2.4.STABLE4 (Feb 19, 2002)
08e8e4d0 2620
722a4b40 2621 - htcp_port 0 now properly disables htcp
6474667e 2622 - Fixed problem with certain non-anonymous ftp:// style URL's
08e8e4d0 2623 - SNMP bugfixes including several memory leaks
2624
2625Changes to Squid-2.4.STABLE3 (Nov 28, 2001):
2626
2627 - Fixed bug #255: core dump on SSL/CONNECT if access denied by
2628 miss_access
2629 - Fixed bug #246: corrupt on-disk meta information preventing
2630 rebuilds of lost swap.state files
2631 - Fixed bug #243: squid_ldap_auth now supports spaces in passwords
2632 - Fixed a coredump when creating FTP directories
2633 - Fixed a compile time problem with statHistDump prototype mistmatch,
2634 reported by some compilers
2635 - Fixed a potential coredump situation on snmpwalk in certain
2636 configurations
2637 - Fixed bug #229: filedescriptor leakage in the "aufs" cache_dir
2638 store implementation
2639 - Serbian error message translations
2640
50821507 2641Changes to Squid-2.4.STABLE2 (Aug 24, 2001):
2642
722a4b40 2643 - Expanded configure's GCC optimization disabling check to
50821507 2644 include GCC 2.95.3
2645 - avoid negative served_date in storeTimestampsSet().
2646 - Made 'diskd' pathnames more configurable
2647 - Make sure squid parent dies if child is killed with
2648 KILL signal
2649 - Changed diskd offset args to off_t instead of int
2650 - Fixed bugs #102, #101, #205: various problems with useragent
2651 log files
2652 - Fixed bug #116: Large Age: values still cause problems
2653 - Fixed bug #119: Floating point exception in
2654 storeDirUpdateSwapSize()
2655 - Fixed bug #114: usernames not logged with
2656 authenticate_ip_ttl_is_strict
722a4b40 2657 - Fixed bug #115: squid eating up resources (eventAdd args)
50821507 2658 - Fixed bug #125: garbage HTCP requests cause assertion
2659 - Fixed bug #134: 'virtual port' support ignores
2660 httpd_accel_port, causes a loop in httpd_accel mode
2661 - Fixed bug #135: assertion failed: logfile.c:135: "lf->offset
2662 <= lf->bufsz"
2663 - Fixed bug #137: Ranges on misses are over-done
2664 - Fixed bug #160: referer_log doesn't seem to work
2665 - Fixed bug #162: some memory leaks (SNMP, delay_pools,
2666 comm_dns_incoming histogram)
2667 - Fixed bug #165: "Store Mem Buffer" leaks badly
2668 - Fixed bug #172: Ident Based ACLs fail when applied to
2669 cache_peer_access
2670 - Fixed bug #177: LinuxPPC 2000 segfault bug due to varargs abuse
2671 - Fixed bug #182: 'config' cachemgr option dumps core with
2672 null storage
2673 - Fixed bug #185: storeDiskdDirParseQ[12]() use wrong number
2674 of args in debug/printf
2675 - Fixed bug #187: bugs in lib/base64.c
2676 - Fixed bug #184: storeDiskdShmGet() assertion; changed
2677 diskd to use bitmap instead of linked list
2678 - Fixed bug #194: Compilation fails on index() on some
722a4b40 2679 non-BSD platforms
50821507 2680 - Fixed bug #197: refreshIsCachable() incorrectly checks
2681 entry->mem_obj->reply
2682 - Fixed bug #215: NULL pointer access for proxy requests
2683 in accel-only mode
2684
2685Changes to Squid-2.4.STABLE1 (Mar 20, 2001):
2686
2687 - Fixed a bug in and cleaned up class 2/3 delay pools
2688 incrementing.
2689 - Fixed a coredump bug when using external dnsservers that
2690 become overloaded.
2691 - Fixed some NULL pointer bugs for NULL storage system
2692 when reconfiguring.
2693 - Fixed a bug with useragent logging that caused Squid to
2694 think the logfile never got opened.
2695 - Fixed a compiling bug with --disable-unlinkd.
2696 - Changed src/squid.h to always use O_NONBLOCK on Solaris
2697 if it is defined.
2698 - Fixed a bug with signed/unsigned bitfield flag variables
2699 that caused problems on Solaris.
2700 - Fixed a bug in clientBuildReplyHeader() that could add
2701 an Age: header with a negative value, causing an assertion
2702 later.
2703 - Fixed an SNMP reporting bug. cacheCurrentResFileDescrCnt
2704 was returning the number of FDs in use, rather than
2705 the number of reserved FDs.
2706 - Added the 'pipeline_prefetch' configuration option.
2707 - cache_dir syntax changed to use options instead of many
2708 arguments. This means that the max_objsize argument now
2709 is an optional option, and that the syntax for how to
722a4b40 2710 specify the diskd magics is slightly different.
50821507 2711 - Various fixes for CYGWIN
2712 - Upgraded MSNT auth module to version 2.0.
2713 - Fixed potential problems with HTML by making sure all
2714 HTML output is properly encoded.
2715 - Fixed a memory initialization problem with resource records in
2716 lib/rfc1035.c.
2717 - Rewrote date parsing in lib/rfc1123.c and made it a little
2718 more lenient.
2719 - Added Cache-control: max-stale support.
2720 - Fixed 'range_offset_limit' again. The problem this time
2721 is that client_side.c wouldn't set the we_dont_do_ranges
2722 flag for normal cache misses. It was only being set for
2723 requests that might have been hits, but we decided to
2724 change to a miss.
2725 - Added the Authenticate-Info and Proxy-Authenticate-Info
2726 headers from RFC 2617.
2727 - HTTP header lines longer than 64K could cause an assertion.
2728 Now they get ignored.
2729 - Fixed an IP address scanning bug that caused "123.foo.com"
2730 to be interpreted as an IP address.
2731 - Converted many structure allocations to use mem pools.
2732 - Changed proxy authentication to strip leading whitespace
2733 from usernames after decoding.
2734 - Prevented NULL pointer access in aclMatchAcl(). Some
2735 ACL types require checklist->request_t, but it won't be
2736 available in some cases (like snmp_access). Warn the
2737 admin that the ACL can't be checked and that we're denying
2738 it.
2739 - Allow zero-size disk caches.
2740 - The actual filesystem blocksize is now used to account
2741 for space overheads when calculating on-disk cache size.
2742 - Made the maximum memory cache object size configurable.
2743 - Added 'minimum_direct_rtt' configuration option.
2744 - Added 'ie_refresh' configuration option, which is a hack
2745 to turn IMS requests into no-cache requests.
58d1265f 2746 - Added support for netfilter in linux-2.4. This allows transparent
2747 proxy connections to function correctly in the absence of a Host:
2748 header. This requires --enable-linux-netfilter to be passed through
2749 to configure. (Evan Jones)
50821507 2750 - Fixed a bug with clientAccessCheck() that allowed proxy
2751 requests in accel mode.
2752 - Fixed a bug with 301/302 replies from redirectors. Now
2753 we force them to be cache misses.
2754 - Accommodated changes to the IP-Filter ioctl() interface
2755 for intercepted connections.
2756 - Fixed handling of client lifetime timeouts.
2757 - Fixed a buffer overflow bug with internal DNS replies
2758 by truncating received packets to 512 bytes, as per
2759 RFC 1035.
2760 - Added "forward.log" support, but its work in progress.
2761 - Rewrote much of the IP and FQDN cache implementation.
2762 This change gets rid of pending hits.
2763 - Changed peerWouldBePinged() to return false if our
2764 ICP/HTCP port is zero (i.e. disabled).
2765 - Changed src/net_db.c to use src/logfile.c routines,
2766 rather than stdio, because of solaris stdio filedescriptor
2767 limits.
2768 - Made netdbReloadState() more robust in case of corrupted
2769 data.
2770 - Rewrote some freshness/staleness functions in src/refresh.c,
2771 partially inspired to support cache-control max-stale.
2772 - Fixed status code logging for SSL/CONNECT requests.
2773 - Added a hack to subtract cache digest network traffic
2774 from statistics so that byte hit ratio stays positive
2775 and more closely reflects what people expect it to be.
2776 - Fixed a bug with storeCheckTooSmall() that caused
2777 internal icons and cache digests to always be released.
2778 - Added statfs(2) support for displaying actual filesystem
2779 usage in the cache manager 'storedir' output.
2780 - Changed status reporting for storage rebuilding. Now it
2781 prints percentage complete instead of number of entries
2782 parsed.
2783 - Use mkstemp() rather than problem-prone tempnam().
2784 - Changed urlParse() to condense multiple dots in hostnames.
2785 - Major rewrite of async-io (src/fs/aufs) to make it behave
2786 a bit more sane with substantially less overhead. Some
2787 tuning work still remains to make it perform optimal.
2788 See the start of store_asyncufs.h for all the knobs.
2789 - Fixed storage FS modules to use individual swap space
2790 high/low values rather than the global ones.
2791 - Fixed storage FS bugs with calling file_map_bit_reset()
2792 before checking the bit value. Calling with an invalid
2793 value caused memory corruption in random places.
2794 - Prevent NULL pointer access in store_repl_lru.c for
2795 entries that exist in the hash but not the LRU list.
2796
cab24814 2797Changes to Squid-2.4.DEVEL4 ():
ad445e36 2798
ddf1c0c4 2799 - Added --enable-auth-modules=... configure option
83b381d5 2800 - Improved ICP dead peer detection to also work when the workload
2801 is low
a8c926ff 2802 - Improved TCP dead peer detection and recovery
2803 - Squid is now a bit more persistent in trying to find a alive
2804 parent when never_direct is used.
2805 - nonhierarchical_direct squid.conf directive to make non-ICP
2806 peer selection behave a bit more like ICP selection with respect
2807 to hierarchy.
2808 - Bugfix where netdb selection could override never_direct
2809 - ICP timeout selection now prefers to use parents only when
2810 calculating the dynamic timeout to compensate for common RTT
2811 differences between parents and siblings.
c1fc651e 2812 - No longer starts to swap out objects which are known to be above
2813 the maximum allowed size.
987de783 2814 - allow-miss cache_peer option disabling the use of "only-if-cached".
2815 Meant to be used in conjunction with icp_hit_stale.
c8b40803 2816 - Delay pools tuned to allow large initial pool values
0343b99c 2817 - cachemgr filesystem space information changed to show useable space
2818 rather than raw space, and platform support somewhat extended.
890b0fa8 2819 - Logs destination IP in the hierarchy log tag when going direct.
2820 (can be disabled by turning log_ip_on_direct off)
ff21eb3e 2821 - Async-IO on linux now makes proper use of mutexes. This fixes some
2822 odd pthread segfaults on SMP Linux machines, at a slight performance
2823 penalty.
722a4b40 2824 - %s can now be used in cache_swap_log and will be substituted with
a80e50c7 2825 the last path component of cache_dir.
4d55827a 2826 - no_cache is now a full ACL check without, allowing most ACL types
2827 to be used.
f1003989 2828 - The CONNECT method now obeys miss_access requirements
145cf928 2829 - proxy_auth_regex and ident_regex ACL types
3cdb7cd0 2830 - Fixed a StoreEntry memory leak during "dirty" rebuild
2831 - Helper processes no longer hold unrelated filedescriptors open
e40aa8da 2832 - Helpers are now restarted when the logs are rotated
afc1e43f 2833 - Negatively cached DNS entries are now purged on "reload".
2834 - PURGE now also purges the DNS cache
722a4b40 2835 - HEAD on FTP objects no longer retrieves the whole object
aca95add 2836 - More cleanups of the dstdomain ACL type
288c06ce 2837 - Squid no longer tries to do Range internally if it is not supported
2838 by the origin server. Doing so could cause bandwidth spikes and/or
2839 negative hit ratio.
13c7936a 2840 - httpd_accel_single_host squid.conf directive
82056f1e 2841 - "round-robin" cache_peer counters are reset every 5 minutes to
2842 compensate previously dead peers
4fe0e1d0 2843 - DNS retransmit parameters
858783c9 2844 - Show all FTP server messages
6b53c392 2845 - squid.conf.default now indicates if a directive isn't enabled in
2846 the installed binary, and what configure option to use for enabling it
418cbe9f 2847 - Fixed a temporary memory leak on persistent POSTs
304d289e 2848 - Fixed a temporary memory leak when the server response headers
2849 includes NULL characters
ba2b31a8 2850 - authenticate_ip_ttl_is_strict squid.conf option
2851 - req_mime_type ACL type
afb87666 2852 - A reworked storage system that supports storage directories in
2853 a more modular fashion. The object replacement and IO is now
2854 responsibility of the storage directory, and not of the storage
2855 manager.
722a4b40 2856 - Fixed a bogus MD5 mismatch warning sometimes seen when using
e7407eb8 2857 aufs or diskd stores
ce3d30fb 2858 - Added --enable-stacktraces configure option to set PRINT_STACK_TRACE,
2859 and extended support for this to Linux/GNU libc.
af57a2e3 2860 - Disabled the "request timeout" error message sent if the user agent
2861 did not provide a request in a timely manner after opening the
2862 connection. Now the connection is silently closed. The error message
2863 was confusing user agents utilizing persistent connections.
cab24814 2864 - Fixed configure --enable descriptions to match the arg names.
2865 - Eliminated compile warnings from auth_modules/MSNT code.
2866 - Require first character of hostnames to be alphanumeric.
2867 - Made ARP ACL work for Solaris.
2868 - Removed storeClientListSearch().
2869 - Added counters to track diskd operation success and
2870 failures.
2871 - Fixed range_offset_limit.
2872 - Added code to retry ServFail replies for internal DNS
2873 lookups.
2874 - Added referer header logging (Jens-S. Voeckler).
2875 - Added "multi-domain-NTLM" authentication module, a Perl
2876 script from Thomas Jarosch.
2877 - Added configurable warning messages for high memory usage,
2878 high response time, and high page faults.
2879 - Made store dir selection algorithm configurable.
2880 - Added support for admin-definable extension methods,
2881 up to 20.
16689110 2882 - Added 'maximum_object_size_in_memory' as a configuration option -
2883 this defines the watermark where objects transit from being true
2884 hot objects to being in-transit objects in memory. It currently
2885 defaults to 8 KB.
5cd41d0d 2886 - Change to the fqdn code which changes how pending DNS requests
2887 are treated as private and only become public once they are
2888 completed. This can add extra load on DNS servers but prevents
2889 all the pending clients blocking if one of the queries got
2890 stuck. (Duane Wessels)
7e543177 2891 - Converted more code to use MemPools, from Andres Kroonmaa.
2892 - Added more CYGWIN patches from Robert Collins.
e7407eb8 2893
2894Changes to Squid-2.4.DEVEL3 ():
2895
2896 - Added Logfile module.
2897 - Added DISKD stats via cachemgr.
2898 - Added squid.conf options for DISKD magic constants.
ad445e36 2899
e7407eb8 2900Changes to Squid-2.4.DEVEL2 (Feb 29, 2000):
ad445e36 2901
2902Changes to Squid-2.4.DEVEL1 ():
2903
42b51993 2904Changes to Squid-2.3.STABLE4 (July 18, 2000):
2905
2906 - Fixed --localstatedir configure option (IKEDA Shigeru).
2907 - Fixed IPFilter headers on OpenBSD (Nic Bellamy, Brad
2908 Smith).
2909 - Added pthread_sigmask() check to configure (Daniel
2910 Ehrlich).
2911 - Added CYGWIN patches from Robert Collins.
2912 - Changed internal DNS lookups to retry queries that are
2913 returned with RCODE 2 (ServFail).
2914 - Added 'virtual port' support (Gregg Kellogg). If
2915 'httpd_accel_uses_host_header' is enabled, then we use
2916 the port number from the Host header. Otherwise, when
2917 'httpd_accel_port' is set to "0" we use the port number
2918 of the local end of the client socket.
2919 - Fixed a typo in carp.c (Nikolaj Yourgandjiev).
2920 - Made Squid accept GET requests that have a "content-length:
2921 0" header.
2922 - Added a sanity check on the NHttpSockets[] array index
2923 (Gregg Kellogg).
2924 - Added a friendlier message when Squid can't find any DNS
2925 nameserver addresses to use (Daniel Kiracofe).
2926 - Added nonstandard WEBDAV methods: BMOVE, BDELETE, BPROPFIND
2927 (Craig Whitmore).
2928 - Added missing '%c' token replacement in error page
2929 generation.
2930 - Fixed a bug with 'minimum_object_size' that prevented
2931 internal icons from being loaded.
2932 - Fixed "extra semicolon" bug in storeExpiredReferenceAge()
2933 that could prevent any objects from being replaced.
2934 - Make sure that storeDirDiskFull() doesn't actually
2935 *increase* the cache size.
2936 - Changed a storeSwapMetaUnpack() assertion to a recoverable
2937 error condition.
2938 - Removed "wccpHereIam" event check that could cause Squid
2939 to stop sending HERE_I_AM messages.
2940
d20b1cd0 2941Changes to Squid-2.3.STABLE3 (May 15, 2000):
2942
2943 - Fixed malloc linking problems on Solaris. The configure
2944 script incorrectly set options for dlmalloc.
2945 - Added a configure check to remove compiler optimization
2946 for GCC 2.95.x.
2947 - Updated MSNT authenticator module.
2948 - Updated Estonian error pages.
2949 - Updated Japanese error pages.
2950 - Fixed expires bug in httpReplyHdrCacheInit. It was
2951 incorrectly setting expires based on max-age. It was using
2952 the current time as a basis, instead of the response date.
2953 - Fixed "USE_DNSSERVER" typos.
2954 - Added a workaround for getpwnam() problems on Solaris.
2955 getpwnam() could fail if there are fewer than 256 FDs
2956 available. This causes root to own some disk files.
2957 - Added an 'offline_toggle' option via the cache manager.
2958 - Added a 'minimum_object_size' option. Files smaller than
2959 this size are not stored.
2960 - Added 'passive_ftp' option to disable passive FTP transfers.
2961 - Added 'wccp_version' option because some Cisco IOS versions
2962 require WCCP version 3.
2963 - The 'client' program in ping mode (-g) now prints transfer
2964 throughput.
2965 - Fixed logging of proxy auth username for redirected
2966 requests.
2967 - Fixed bogus Age values for IMS requests.
2968 - Fixed persistent connection timeout for client-side
2969 connections. It was hard-coded to 15 seconds, now uses
2970 the 'pconn_timeout' value.
2971 - Fixed up httpAcceptDefer. It wasn't being used properly
2972 and caused high CPU usage when Squid gets close to the FD
2973 limit.
2974 - Numerous delay_pools fixes and checks.
2975 - Fixed SNMP coredumps from running snmpwalk.
2976 - Added a check for errno == EPIPE in icmp.c when pinger uses
2977 a Unix socket instead of a UDP socket.
2978 - Fixed ACL checklist memory initialization bugs.
2979 - Cleaned up the MIB file. Replaced contact information and
2980 checked description fields.
2981 - Removed LRU reference_age hard-coded upper limit.
2982 - Fixed async I/O FD leak.
2983 - Made getMyHostname() more robust.
2984 - Fixed domain list matching bug. "x-foo.com" wasn't properly
2985 compared to ".foo.com" and confused splay tree ordering.
2986 - Added a check for whitespace in hostnames and optionally
2987 strip whitespace if 'uri_whitespace' setting allows.
2988 - Added status code and checking to ASN/whois queries.
2989
2990Changes to Squid-2.3.STABLE2 (Mar 2, 2000):
2991
2992 - Changed Copyright text.
2993 - Changed configure so that some IRIX-6.4 hacks apply to
2994 all IRIX-6.* versions.
2995 - Cleaned up HTML bugs in error pages.
2996 - Told configure to check for netinet/if_ether.h, which
2997 is used in ARP ACL code, but might not be required.
2998 - Added "Cookie" to known HTTP headers so it can be
2999 used in anonymizer configuration.
3000 - Added optional TCP_REDIRECT log code for logging
3001 of 301/302 responses returned by Squid.
3002 - Added a check for a currently running Squid process.
3003 If the pid file exists, and the pid is running,
3004 Squid complains and refuses to start another instance.
3005 - Changed async I/O scope to PTHREAD_SCOPE_PROCESS for
3006 IRIX.
3007 - Fixed a bug with the PURGE method. The purge enable
3008 flag was not getting cleared during reconfigure.
3009 Also required PURGE method to be used in http_access
3010 list before enabling.
3011 - Fixed async I/O assertions for file open errors.
3012 - Fixed internal DNS assertion when unpacking truncated
3013 messages.
3014 - Fixed anonymize_headers bug that caused all headers
3015 to be allowed after a reconfigure.
3016 - Fixed an access denied bug for accelerator-only installations.
3017 - Fixed internal DNS initialization so that it uses
3018 'dns_nameservers' settings in squid.conf if set.
3019 - Fixed 'maxconn' ACL bug that caused it to work backwards
3020 (Pedro Ribeiro).
3021 - Fixed syslog bug for daemon mode on Linux.
3022 - Fixed 'http_port' parsing bugs.
3023 - Fixed internal DNS byte ordering bugs for PTR queries.
3024 - Fixed internal DNS queue getting stuck during periods
3025 of low activity (Henrik).
3026 - Fixed byte ordering bugs for parsing EPLF FTP listings
3027 on 64-bit systems.
3028 - Fixed 'request_body_max_size' bug that caused all
3029 POST, PUT requests to be denied if max size is set
3030 to zero.
3031 - Fixed 'redirector_access' bug when using 'myport' ACLs.
3032 - Fixed CARP neighbor selection bugs for down peers.
3033 - Added 'client_persistent_connections' and
3034 'server_persistent_connections' flags to disable persistent
3035 connections for clients and servers.
3036 - Fixed access logging bug that caused many requests to be
3037 logged as TCP_MISS.
3038 - Added some bounds checking to delay pools code.
3039
ad445e36 3040Changes to Squid-2.3.STABLE1 (Jan 9, 2000):
3041
3042 - Updated PAM authentication module from Henrik Nordstrom.
3043 - Updated Bulgarian error messages from Svetlin Simeonov.
3044 - Changed ACL routines so that User-Agent (browser) string
3045 is always taken from compiled HTTP request headers
3046 instead of passed as an argument to aclCreateChecklist.
3047 - Added a 'strip' option to the 'uri_whitesace' configuration
3048 directive and made it the default behavior. Whitespace
3049 found in URI's is now stripped out by default.
3050 - Added chroot feature. The 'chroot_dir' config option enables
3051 it and specifies the directory.
3052 - Changed clientBuildReplyHeader so that the Age header is
3053 added only for cache hits, and only when we can calculate
3054 a valid, positive age value.
3055 - Changed clientWriteComplete and clientGotNotEnough so
3056 that they keep persistent connections open for more types
3057 of replies that don't have bodies.
3058 - Changed filemap.c routines to dynamically grow filemap
3059 space as needed.
3060 - Added a hack to ftp.c to deal with ftp.netscape.com, which
3061 sometimes doesn't acknowledge PASV commands.
3062 - Fixed FTP bug with ftpScheduleReadControlReply; there
3063 was not always a timeout handler on the control socket
3064 after the transfer completed.
3065 - Fixed FTP filedescriptor leak from invalid PASV replies.
3066 - Changed httpBuildRequestHeader so that it doesn't
3067 copy the Host header from the client request. Instead
3068 we should generate our own Host header which is known
3069 to be correct.
3070 - Changed storeTimestampsSet to adjust entry->timestamp
3071 if the response includes an Age header.
3072 - Removed size limit from storeKeyHashBuckets.
3073 - Changed fwdConnectStart from a "heavy" to a "light" event.
3074 - Fixed an 'anonymize_headers' bug that affects unknown
3075 HTTP headers. With the bug, if you list a header that
3076 Squid doesn't know about (such as "Charset"), it would
3077 add HDR_OTHER to the allow/deny mask. This caused all
3078 unknown headers to be allowed or denied (depending on
3079 the scheme you use). Now, with the bug fixed, an unknown
3080 header in the 'anonymize_headers' list is simply ignored.
3081
7e3ce7b9 3082Changes to Squid-2.3.DEVEL3 ():
3083
ad445e36 3084 - Added MSNT auth module from Antonino Iannella.
7e3ce7b9 3085 - Added --enable-underscores configure option. This allows
3086 Squid to accept hostnames with underscores in them. Your
3087 DNS resolver may still complain about them, however.
3088 - Added --heap-replacement configure option. This enables
3089 the alternative cache replacement policies, such as
3090 GDSF, and LFUDA.
3ff01c3e 3091 - WCCP establishes and registers with the router faster.
7e3ce7b9 3092 - Added 'maxconn' acl type to limit the number of established
3093 connections from a single client IP address. Submitted
3094 by Vadim Kolontsov.
3095 - Close FTP data socket as soon as transfer completes
3096 (Alexander V. Lukyanov).
3097 - Fixed ftpReadPass() to not clobber ctrl.message when
3098 the PASS command fails.
3099 - Added a redirect.c patch so squidGuard is able to do
3100 per-user access control (Antony T Curtis).
3101 - discard the pumpMethod() function, and instead use the
3102 fact that the request has a request entity (content-length
3103 present) (Henrik).
3104 - Reload the MIME icons at reconfigure time (Radu Greab).
3105 - Updated Richard Huveneers' SMB authentication module to
3106 his version 0.05 package.
3107 - Fixed lib/heap.c::heap_delete() bug when deleting the
3108 last node.
3109 - Fixed an integer conversion bug in
3110 lib/rfc1035.c::rfc1035AnswersUnpack().
3111 - Fixed lib/rfc1738 routines to encode reserved characters,
3112 in addition to encoding the unsafe characters (Henrik).
3113 - Changed the interface for splay compare and "walk"
3114 functions to take a void pointer, instead of a splayNode
3115 pointer (Henrik).
3116 - Changed numerous HTTP parsing routines to use ssize_t
3117 instead of size_t. This was done because size_t may be
3118 signed or unsigned. When it is unsigned, gcc emits
3119 numerous "comparison is always true" warnings. At least
3120 we know ssize_t is always signed.
3121 - Fixed src/HttpHeaderTools::httpHeaderHasConnDir() and
3122 friends so that it properly handles multi-value lists.
3123 - Added an "end" (ssize_t) parameter to
3124 src/HttpReply::httpReplyParse() so that we know exactly
3125 where to terminate the header buffer.
3126 - Changed src/access_log.c::log_quote() so that it only
3127 encodes whitespace characters, and not all URL-special
3128 characters (Henrik).
3129 - Added local port ACL type ("myport") (Henrik).
3130 - Added maximum number of connections per client ("maxconn")
3131 as an ACL type.
3132 - Fixed proxy authentication username/password parsing to
3133 be more robust (Henrik).
3134 - Fixed ACL domain/host and domain/domain comparison
3135 functions yet again. Eliminated duplicate code so that
3136 only src/url.c::matchDomainName() contains this mysterious
3137 code.
3138 - Changed the 'http_port' option to accept an IP address
3139 or hostname as well (Henrik).
3140 - Removed 'tcp_incoming_addr' option.
3141 - Added an access control list for the redirector
3142 ('redirector_access'). Requests which match are sent to
3143 the redirector. All requests. are redirected by default.
3144 - Added the 'authenticate_ip_ttl' option. It specifies
3145 how long a valid proxy authentication credential is
3146 bound to a specific address.
3147 - Added 280, 488, 591, and 777 to "Safe_ports" ACL.
3148 - Removed the unused and highly questionable 'forward_snmpd_port'
3149 option.
3150 - Added an option to accept DNS messages from unknown nameservers.
3151 This may be necessary if replies come from a different address
3152 than queries are sent to.
3153 - Added #includes for IP Filter files in netinet directory.
3154 - Fixed a bug with retrying forwarded IMS requests (Henrik).
3155 - Fixed a bug in src/client_side.c::clientInterpretRequestHeaders()
3156 where we were checking a cache-control bit before getting the
3157 mask from the HTTP headers (pallo@initio.no).
3158 - Fixed a bug with "no_cache" access list. If not defined,
3159 everything was uncachable by default.
3160 - Fixed a bug with timed-out client-side HTTP connections.
3161 We didn't cancel the read handler, which could lead to
3162 "rwstate != NULL" warnings.
3163 - Changed comm_open() to only call fdAdjustReserved() for
3164 specific errors (ENFILE, EMFILE);
3165 - Fixed NULL pointer bug in idnsParseResolvConf().
3166 - Split CACHE_DIGEST_HIT into CD_PARENT_HIT and CD_SIBLING_HIT.
3167 - Added DELETE request method.
3168 - Added RFC 2518 HTTP status codes.
3169 - Fixed handling of URL passwords when we need to rewrite a
3170 BASE HREF URL (Henrik).
3171 - Fixed a bug with FTP requests where a request gets aborted,
3172 but we try to complete it anyway. It would result in a
3173 "store_status != STORE_PENDING" assertion. The solution
3174 is to check for ENTRY_ABORTED before reading from
3175 the control channel too.
3176 - Changed FTP to retry a request if Squid fails to establish
3177 a PASV data connection (Henrik).
3178 - Fixed numerous HTCP memory leaks and an uninitialized memory
3179 bug.
3180 - Changed httpMaybeRemovePublic() with RFC 2518 and 2616 in
3181 mind (Henrik).
3182 - Minor fixes for Rhapsody systems.
3183 - Define _XOPEN_SOURCE_EXTENDED in squid.h so that AIX systems
3184 don't include varargs.h.
3185 - Changed src/store_client.c::storeClientType() so that
3186 an entry can have more than one STORE_MEM_CLIENT.
3187 - Changed src/store_client.c::storeClientReadHeader()
3188 to check swapfile metadata (Henrik).
3189 - Changed src/url.c::urlCheckRequest() to return FALSE for
3190 any "https://" URL. These should always be CONNECT
3191 instead. If Squid gets an "https://" URL, it is a browser
3192 bug.
3193 - Added numerous squid.conf options for controlling cache
3194 digests. Previously these were hard-coded in
3195 src/store_digest.c. (Martin Hamilton)
3196 - Added 'cache_peer' option called 'digest-url' that
3197 lets you specify the URL for a peer's digest.
3198 (Martin Hamilton)
3199 - Added DELAY_POOLS hacks to scan "slow" connections in
3200 a random order (David Luyer).
3201 - ARP_ACL fixes from Damien Miller. Linux 2.2.x uses a
3202 per-interface arp/neighbour cache, whereas 2.0.x uses a
3203 unified cache. Under 2.2.x you are required to specify
3204 a interface name when looking up ARP table entries with
3205 SIOCGARP.
3206 - If the process umask is not set (i.e. 0), then Squid
3207 changes it to 007.
3208
9bc73deb 3209Changes to Squid-2.3.DEVEL2 ():
3210
3211 - Added --enable-truncate configure option.
3212 - Updated Czech error messages ()
3213 - Updated French error messages ()
3214 - Updated Spanish error messages ()
3215 - Added xrename() function for better debugging.
3216 - Disallow empty ("") password in aclDecodeProxyAuth()
3217 (BoB Miorelli).
3218 - Fixed ACL SPLAY subdomain detection (again).
3219 - Increased default 'request_body_max_size' from 100KB
3220 to 1MB in cf.data.pre.
3221 - Added 'content_length' member to request_t structure
3222 so we don't have to use httpHdrGetInt() so often.
3223 - Fixed repeatedly calling memDataInit() for every reconfigure.
3224 - Cleaned up the case when fwdDispatch() cannot forward a
3225 request. Error messages used to report "[no URL]".
3226 - Added a check to return specific error messages for a
3227 "store_digest" request when the digest entry doesn't exist
3228 and we reach internalStart().
3229 - Changed the interface of storeSwapInStart() to avoid a bug
3230 where we closed "sc->swapin_sio" but couldn't set the
3231 pointer to NULL.
3232 - Changed storeDirClean() so that the rate it gets called
3233 depends on the number of objects deleted.
3234 - Some WCCP fixes.
3235 - Added 'hostname_aliases' option to detect internal requests
3236 (cache digests) when a cache has more than one hostname
3237 in use.
3238 - Async I/O NUMTHREADS now configurable with --enable-async-io=N
3239 (Henrik Nordstrom).
3240 - Added queue length to async I/O cachemgr stats (Henrik Nordstrom).
3241 - Added OPTIONS request method.
9bc73deb 3242
eb824054 3243Changes to Squid-2.3.DEVEL1 ():
3244
3245 - Added WCCP support. This adds the 'wccp_router' squid.conf
3246 option.
3247 - Added internal DNS queries; Most installations can run
3248 without the external dnsserver processes.
3249 - Rewrote much of the code that stores cache objects on
3250 disk. Developed a programming interface that should
3251 allow new storage systems to be added easily. This still
3252 is pretty ugly and needs a lot of work, however.
3253 - Replaced async_io.c "tags" with callback data locks.
3254 This probably breaks async IO in a bad way.
3255 - Tried to write an Async IO disk storage module.
3256 - Added code to replace the StoreEntry linked list with a
3257 heap structure. This allows for different replacement
3258 algorithms, instead of being stuck with LRU. This adds
3259 the 'replacement_policy' squid.conf option. (John Dilley
3260 et al).
3261 - Fixed HTCP queries by actually checking for freshness
3262 based on the HTCP header fields.
3263 - Fixed passing of redirector command line arguments.
3264 - Added 'request_header_max_size' squid.conf option.
3265 - Added 'request_body_max_size' squid.conf option.
3266 - Added 'reply_body_max_size' squid.conf option.
3267 - Added 'peer_connect_timeout' squid.conf option.
3268 - Added 'redirector_bypass' squid.conf option.
3269 - Added RFC 2518 (WEBDAV) request methods.
d20b1cd0 3270
6b8e7481 3271Changes to Squid-2.2 (April 19, 1999):
b93549f6 3272
98b093e7 3273 - Removed all SNMP specific ACL code
3274 SNMP now uses generic squid ACL's
3275 - Removed view-based access crontrol
00b7a8b6 3276 - Cleaned up and simplified SNMP section of squid.conf
98b093e7 3277 - Changed the SNMP code to use a tree stucture.
3ff01c3e 3278 - Added objects to MIB:
00b7a8b6 3279 Request Hit Ratio's
3280 Byte Hit Ratio's
3281 Number of Clients
61d53e64 3282 - Changed SNMP Agent to return object instances correctly.
b93549f6 3283 - Added our own assert() macro so we can use debug() instead of
3284 printing to stderr.
3285 - Added eventFreeMemory().
3286 - Fixed ipcCreate() bug when debug_log has FD <= 2.
3287 - Changed watchChild() and related code in main.c so that
3288 Squid can behave more like a proper daemon process.
3289 - Added 'prefer_direct' option (enabled by default) so that
3290 people can give parents higher preference than direct.
6703526b 3291 - Fixed ipc.c close() bug for async IO. On FreeBSD,
3292 comm_close() doesn't work for child processes when async IO is
3293 used.
3294 - Fixed setting the public key for large ``icons'' (Henrik
3295 Nordstrom).
68f87dc5 3296 - Rewrote peer digest module to fix memory leaks on reconfigure
3297 and clean the code. Increased "current" digest version to 5
6474667e 3298 ("required" version is still 3). Revised "Peer Select" cache
3299 manager stats.
68f87dc5 3300 - Added "-k parse" command line option: parses the config file
3301 but does not send a signal unlike other -k options.
1743c283 3302 - Revamped storeAbort() calling. Only store_client.c has all
3303 the right information to determine if the request should
3304 be aborted. Now client and server modules just storeUnregister
d81e3f33 3305 without ever needing to call storeAbort.
96aeb95d 3306 - Small change of Squid output for FTP (Andrew Filonov,
3307 Henrik Nordstrom).
3308 - clientGetsOldEntry() sends old entry if new request status
3309 is in the 500-range (Henrik Nordstrom).
3310 - Changed configure so it works with IRIX6.4 C compiler (broken?)
3311 option -OPT:fast_io=ON.
3312 - Fixed comm_connect_addr() non-blocking connections for
3313 SONY NEWSOS (Makoto MATSUSHITA).
3314 - Changed "#ifdef __STDC__" to "#if STDC_HEADERS" as recommended
3315 by autoconf documentation.
3316 - Fixed client-side cache-control max-age (Henrik Nordstrom).
3317 - Added a new error page: ERR_SHUTTING_DOWN. fwdStart() returns
3318 this error if it is called while squid is in the process of
3319 shutting down.
3320 - Added support for linuxthreads package under FreeBSD (Tony Finch).
3321 - Fixed HP-UX StatHist.c assertions by making the "hbase_f"
3322 functions non-static (Michael Pelletier).
3323 - Fixed logging of authenticated usernames even if the
3324 authorization is not cached (Dancer).
3325 - Fixed pconnPush() bug that prevented holding on to
3326 persistent connections (Manfred Bathelt).
2328711e 3327 - Pid file now rewritten on SIGHUP.
b4019ff7 3328 - Numerous Ident changes:
3329 - Ident lookups will now be done on demand if you use the
3330 'ident' ACL type.
3331 - The 'ident_lookup on|off' option has been replaced with
3332 an access list, so you can do lookups only for some
3333 client addresses.
3334 - Added an 'ident_timeout' option to specifiy the amount
3335 of time to wait for an ident lookup.
3336 - Added a (local) hit rate to mempool metering.
3337 - FTP Restarts (REST command) is now supported.
3338 - Check for libintl.a on SCO3.2.
3339 - Disable poll() on SCO3.2.
3340 - Numerous Async IO enhancements from Henrik.
3341 - Removed cache_mem_low and cache_mem_high options (Henrik
3342 Nordstrom).
3343 - Replaced 'persistent_client_posts' with 'broken_posts' access
3344 list.
97474590 3345 - Rewrote the anonymizer.
3346 - Removed the http_anonymizer option.
548b801c 3347 - Added the anonymize_headers option to allow individual
3348 referencing of headers for addition or removal. See
3349 'anonymize_headers' in squid.conf for additional
3350 configuration.
b3abf16c 3351 - Fixed config file parser's handing of optional directives.
3352 Some people might get new warnings about unknown config
3353 directives.
548b801c 3354 - Added 'myip' ACL type. This is the local IP address for
3355 connected sockets (Luyer).
3356 - Fixed parsing of FTP DOS directory listings with spaces
3357 (Nordstrom).
dd0b0295 3358 - Numerous DELAY_POOL changes/fixes from David Luyer:
3359 - Makes no-delay neighbors for DELAY_POOLS work by
3360 using a fd_set with the connections to no-delay
3361 peers marked in it.
3362 - Makes IP addresses ending in 0 and 255, and
3363 network number 255, work with individual and
3364 network delay pools (they were previously not
3365 permitted, and documented as such).
3366 - Massive overhaul of delay pools code - dynamically
3367 allocated delay pools, as many as required.
3368 - delayPoolsUpdate stops running if DELAY_POOLS is
3369 configured but no delay pools are configured.
3370 - Initial delay pool levels are now configurable
3371 as a percentage of the maximum for the pool in
3372 question (used to be all set to 1 second worth
3373 of traffic). Pools are restored to this level
3374 on reconfiguratoin.
242188c9 3375 - Changed storeClientCopy to give a swap-in failure if
3376 the number of open disk FD's is above the 'max_open_disk_fds'
3377 limit. Otherwise, a very loaded cache will end up with
3378 all disk files open for reading, and none for writing.
b6a2f15e 3379 - Added lib/inet_ntoa.c from BSD Unix for systems that have
3380 broken inet_ntoa(). (Erik Hofman).
3381 - Added more specific FTP error messages for "permission
3382 denied, "file not found," and "service unavailable."
3383 (Tony Finch)
3384 - Added xisspace(), xisdigit(), etc, macros to cast function
3385 args and eliminate compiler warnings.
3386 - Fixed case-sensitive comparisons of domain names (Henrik
3387 Nordstrom).
3388 - Added proxy-authentication to cachemgr.cgi's requests
3389 (Henrik Nordstrom).
3390 - Changed Squid to *truncate* rather than *unlink* purged
3391 swap files. Can be reversed by undefining
3392 USE_TRUNCATE_NOT_UNLINK in src/defines.h.
3393 - Changed internal icon headers to use Cache-control
3394 Max-age instead of Expires.
3395 - Changed storeMaintainSwapSpace behavior to be adjusted
3396 smoothly, instead of discretely, between store_swap_low
3397 and store_swap_high. This includes the number of
3398 objects to scan, number to remove, and time until the
3399 next storeMaintainSwapSpace event.
3400 - Fixed a quick_abort bug that incorrectly calculated
3401 content lengths.
3402 - Added getpwnam() auth module from Erik Hofman.
3403 - Added 'coredump_dir' option.
3404 - Fixed a peerDestroy() assertion that required peer->digest
3405 to be NULL at the end of peerDestroy().
3406 - configure script now automatically enables dlmalloc for
3407 Solaris/x86.
3408 - configure enables poll() on linux 2.2 and later (Henrik).
3409 - Icon files are now distributed in binary format, install
3410 will not need to run 'sh' and 'uudecode'.
3411 - Fixed some bugs with large responses (>READ_AHEAD_GAP) and
3412 re-forwarding requests and ENTRY_FWD_HDR_WAIT.
3413 fwdCheckDeferRead() will NOT defer reading if the
3414 ENTRY_FWD_HDR_WAIT bit is set.
3415 - Fixed a "F->flags.open" assertion for aborted FTP PUT's.
3416 - Fixed a (double) cast problem that caused statAvgTick()
3417 events to be added as fast as possible.
6b8e7481 3418 - Changed httpPacked304Reply() to not include the Content-Length
3419 header for 304 replies that Squid generates. We used to
3420 include the length of the cached object, and this broke
3421 persistent connections.
3422
3423 2.2.STABLE2:
3424
3425 - Fixed configure bug for statvfs() checks. Configure reports
3426 "test: =: unary operator expected" or similar because an
3427 unquoted variable is not defined.
3428 - Fixed aclDestroyAcls() assertion because some ACL types
3429 are not listed in the switch statement. Occurs for
3430 srcdom_regex and dstdom_regex ACL types during reconfigure.
3431 - Typo "applicatoin" in src/mime.conf
3432 - The unlinkd daemon never saw the USE_TRUNCATE_NOT_UNLINK
3433 #define because it didn't include squid.h.
3434 - Fixed commRetryFD() when bind() fails. commRetryFD was
3435 closing the filedescriptor, but it is the upper layer's
3436 job to close it.
3437 - Changed configure's "maximum number of filedescriptors"
3438 detection to only use getrlimit() for Linux. On AIX,
3439 getrlimit returns RLIM_INFINITY.
3440 - Fixed snmpInit() nesting bug.
3441 - Fixed a bug with peerGetSomeParent(). It was adding
3442 a parent to the FwdServers list, regardless of the
3443 ps->direct value. This could cause every request to
3444 go to a parent even when always_direct is used.
3445 - Changed fwdServerClosed() to rotate the "forward servers"
3446 list when a connection establishment fails. Otherwise
3447 it always kept trying to connect to the first server
3448 int the list.
b93549f6 3449
2be4e260 3450 2.2.STABLE3:
3451
3452 - Fixed preprocessor problems for HP-UX in lib/safe_inet_addr.c.
3453 - Avoid coredump in aclMatchAcl() if someone tries to use
3454 proxy authentication with a non-HTTP request (e.g. icp_access).
3455 - Moved 'ident_lookup_access' in squid.conf so it appears
3456 after the ACL section.
3457 - Fixed typo in squid.conf on "Config.Addrs.snmp_outgoing"
3458 - Fixed a case in clientCacheHit() where we thought it
3459 was a hit, but the reply status was not 200, so we
3460 had to perform a cache miss. We forgot to change the
3461 log_type and these were being recorded as TCP_HIT's.
3462 - Fixed a void pointer subtraction bug in delayIdPtrHashCmp().
3463 - Fixed delay_pools coredump and memory leak bugs from
3464 NULL delay_id values.
3465 - Fixed a SEGV bug with delay_pools when requesting
3466 'objects' or 'vm_objects' from the cachemgr.
3467 - Added a workaround for buggy FTP servers that return
3468 a size of zero for non-zero-sized objects.
3469 - Removed umask(0) call from main().
3470 - Fixed a peer selection bug that caused us to never select
3471 a neighbor based on ICP replies if the ICP timeout occurs.
3472 In conjunction with this, removed the PING_TIMEOUT state.
3473 - Fixed a store_rebuild bug that caused us to get stuck trying
3474 if a cache_dir subdirectory didn't exist.
3475 - Fixed a buffer overrun bug in gb_to_str().
3476
9bc73deb 3477 2.2.STABLE4:
3478
3479 - Fixed a dread_ctrl leak caused in store_client.c
3480 - Fixed a memory leak in eventRun().
3481 - Fixed a memory leak of ErrorState structures due to
3482 a bug in forward.c.
3483 - Fixed detection of subdomain collisions for SPLAY trees.
3484 - Fixed logging of hierarchy codes for SSL requests (Henrik
3485 Nordstrom).
3486 - Added some descriptions to mib.txt.
3487 - Fixed a bug with non-hierarchical requests (e.g. POST)
3488 and cache digests. We used to look up non-hierarchical
3489 requests in peer digests. A false hit may cause Squid
3490 to forward a request to a sibling. In combination with
3491 'Cache-control: only-if-cached, this generates 504 Gateway
3492 Timeout responses and the request may not be re-forwardable.
3493 - Fixed a filedescriptor leak for some aborted requests.
3494
3495
4d62b0af 3496Changes to Squid-2.1 (November 16, 1998):
8f897f34 3497
3498 - Changed delayPoolsUpdate() to be called as an event.
3499 - Replaced comm_select FD scanning loops with global fd_set
3500 structures. Inspired by Jeff Mogul's patch for squid 1.1.
9e1559ea 3501 - Moved functions common to dns.c, redirect.c, authenticate.c,
3502 ipcache.c, and fqdncache.c into helper.c.
0753aa46 3503 - Changed storeClientCopy2() so that it keeps sending the remainder
3504 of a STORE_ABORTED request, instead of cutting off the client as
3505 soon as the object becomes aborted.
f0538986 3506 - Fixed combined ipf-transparent proxy and a local http-accelerator
3507 operation (Quinton Dolan).
3508 - Rewrote base64_decode.c because of potential buffer overrun
3509 bugs.
912432d8 3510 - Configurable handling of whitespace in request URI's.
3511 See 'uri_whitespace' in squid.conf.
e33ec474 3512 - Added ability to generate HTTP redirect messages from
3513 the redirector output by prepending "301:" or "302:" to the
3514 new url. See FAQ 4.16 for more details.
829a9357 3515 - Eliminated refreshWhen() which was out-of-sync with refreshCheck()
3516 potentially causing under-utilized cache digests
3517 - Maintain refreshCheck statistics on per-protocol basis so we
3518 can tell why ICP or Digests return too many misses, etc.
c68e9c6b 3519 - Fixed delay_pools.c class2/class3 typo (Simon Woods).
3520 - Changed squid.conf's default access controls to deny all
3521 HTTP requests. Admins must write ACL rules to specifically
3522 allow their local clients.
3523 - Patched French error messages (Mathias HERBERTS).
3524 - NextStep porting fixes by Mike Laster:
3525 - use xstrdup() in cf_gen.c
3526 - check for putenv() in configure
3527 - #define S_ISDIR macro
3528 - Added --disable-poll configure option (Henrik Nordstrom).
3529 - Fixed internal URL hostname case bugs (Henrik Nordstrom).
3530 - Patched ftp.c so we never cache autenticated FTP requests
3531 (Henrik Nordstrom).
3532 - Fixed FTP authentication. We tried to unescape authentication
3533 given by basic authentication which is not URL escaped
3534 (Henrik Nordstrom).
3535 - Fixed HTTP version for common logfile format (Henrik Nordstrom).
3536 - Added 'redirect_rewrites_host_header' option to disable rewriting
3537 of Host header for redirector responses (Henrik Nordstrom).
3538 - Allow semi-customized error message signatures (Henrik Nordstrom).
3539 - Fixed bug with errors for unsupported requests (Henrik Nordstrom).
3540 - Fixed handling of blank lines in ACL input files (Henrik
3541 Nordstrom).
3542 - Changed proxy_auth ACL type to consist of a list of valid
3543 users. REQUIRED == any (same as ident ACL). ACL type user
3544 changed to ident since this is what it really is.
3545 (Henrik Nordstrom).
3546 - Fixed long URL bugs; make sure 'log_uri' never exceeds
3547 MAX_URL bytes.
3548 - Allow comments in external ACL files (Gerhard Wiesinger).
3549 - Added 'range_offset_limit' configuration option. Requests
3550 with ranges that start after this value will be passed
3551 on unmodified, and Squid will not cache the response
3552 (Henrik Nordstrom).
3553 - Added Client HTTP Hit byte counters to 'counters' output
3554 (Douglas Swarin).
3555 - Got Squid to compile with --enable-async-io on FreeBSD.
3556 - Fixed infinite loop bug for cachemgr 'config' option.
3557 - Fixed cachability bugs for replies with Pragma: no-cache.
3558 - Made content-type multipart/x-mixed-replace uncachable.
3559 - Y2K fix for parsing dates in "Wed Jun 9 01:29:59 1993 GMT"
3560 format (Richard Kettlewell).
3561 - Fixed passing -s option to dnsserver processes (Alvaro Jose
3562 Fernandez Lago).
3563 - Changed proxy_auth to work on internal objects and when in
3564 accelerator mode. (Henrik Nordstrom)
3565 - Added login=user:password option to cache_peer directive to
3566 be used from a dial-up cache where the parent requires proxy
3567 authentication. (Henrik Nordstrom)
3568 - If you want to "auto-login", then use a URL on the form
3569 http://username:password@server/.... Squid now picks this up
3570 when going direct, and turns it into basic WWW
3571 authentication. It is also possible to do automatic login to
3572 certain servers by using a redirector to add the needed
3573 authentication information. (Henrik Nordstrom)
04f0ba5c 3574 - Changed refreshCheck() so that objects with negative age
3575 are always stale.
4d62b0af 3576 - Fixed "plain" FTP listings (Henrik Nordstrom).
3577 - Fixed showing banner/logon message for top-level FTP
3578 directories (Henrik Nordstrom).
3579 * Changes below have been made to SQUID_2_1_PATCH1
3580 - Fixed pinger packet size assertion.
3581 - Fixed WAIS forwarding.
3582 - Fixed dnsserver coredump bug caused by using both -D and
3583 -s options.
e42d5181 3584 * Changes below have been made to SQUID_2_1_PATCH2
3585 - Fixed EBIT macro bugs when the bitmask is a 64-bit long.
3586 - Fixed proxy auth NULL password bug.
3587 - Fixed queueing of multiple peerRefreshDNS events.
3588 - Added a stack of StoreEntry objects to be released after
3589 store rebuild completes.
3590 - Fixed NULL pointer bugs with too-large requests (found by
3591 Martin Lathoud).
3592 - Fixed reading replies from buggy ident servers. Replies
3593 might not have terminating CR or LF (Henrik Nordstrom).
b4019ff7 3594 - Changed internal StoreEntry key so that the request method
3595 is encoded as a single octet. Encoding an enumerated type
3596 has size and byte-order incompatibilities, especially for
3597 cache digests.
3598 - Fixed storeEntryLocked so that SPECIAL, but PRIVATE entries
3599 are not always locked. This fixes having multiple
3600 store_digest's stuck in memory.
3601 - Fixed clientProcessOnlyIfCachedMiss so it unlocks and
3602 unregisters from "cache hit" entries.
3603 * Changes below have been made to SQUID_2_1_PATCH3
3604 - Fixed memory leak in clientHandleIMSReply for
3605 storeClientCopy failures.
8f897f34 3606
41587298 3607Changes to Squid-2.0 (October 2, 1998):
71d6dc56 3608
4c154d99 3609 - Added NAT/Transparent hijacking code from Quinton Dolan.
3610 - Added actual filesystem usage to cachemgr 'storedir' page.
41587298 3611 Only works for operating systems which support statvfs().
a79d724b 3612 - Fixed HTCP compile-time bugs.
3613 - Fixed quick_abort bugs. Configured values are stored as
3614 Kbytes, not bytes.
41587298 3615 - Removed fwdAbortFetch(). It breaks quick_abort and seems
3616 mostly useless.
0da7d807 3617 - Changed storeDirSelectSwapDir() to skip swap directories
3618 when their utilization is over the high water mark ratio.
9ca005ac 3619 - Fixed off-by-one bug for dead neighbor detection (Joe Ramey).
18cc143b 3620 - fixed bugs in Content-Range header generation
3621 - changed the way Range requests are handled:
71d6dc56 3622 - do not "advertise" our ability to process ranges at
3623 all
3624 - on hits, handle simple ranges and forward complex
3625 ones
3626 - on misses, fetch the whole document for simple ranges
3627 and forward range request for complex ranges
3628 The change is supposed to decrease the number of cases when
3629 clients such as Adobe acrobat reader get confused when we
3630 send a "200" response instead of "206" (because we cannot
3631 handle complex ranges, even for hits) Note: Support for
3632 complex ranges requires storage of partial objects.
41587298 3633 - Removed SNMP mib-2.system group from squid.
6474667e 3634 - Removed SNMP ability to iterate through ipcache and friends.
3635 - Added SNMP ipcache/fqdncache basic statistics.
3636 - Converted SQUID-MIB to SMIv2 (RFC 1902).
3637 - Moved SQUID-MIB to enterprises section of the tree in preparation
3638 of the split into PROXY-MIB & SQUID-MIB.
3639 - Corrected minor errors in SQUID-MIB.
3640 - Moved uptime into cacheSystem from cacheConfig.
3641 - Corrected a number of get-next-request bugs, snmpwalk should now
3642 return all objects and not skip some.
41587298 3643 - Fixed netdbClosestParent() so it won't return sibling
3644 peers.
3645 - Fixed a bug with secondary clients on entries with
3646 ENTRY_BAD_LENGTH set. We should release the
3647 bad entry to prevent secondary clients jumping on.
3648 - Changed MIB to prevent parse warnings at startup.
f0538986 3649 * Changes below have been made to SQUID_2_0_PATCH1
9689d97c 3650 - Fixed a forwarding loop bug. Even though we were detecting
3651 a loop, it was not being broken.
3652 - Try to prevent sibling forwarding loops by NOT forwarding a
3653 request to a sibling if we have a stale copy of the object.
3654 Validation requests should only be sent to parents (or
3655 direct).
3656 - Fixed ncsa_auth hash bugs when re-reading password file.
3657 - Changed clientHierarchical() so that by default SSL/CONNECT
3658 requests do NOT go to neighbor caches.
d87ebd78 3659 - Changed clientHandleIMSReply() to not call storeAbort()
3660 because there can be more than one client hanging on the
3661 StoreEntry. This hopefully fixes "store_status !=
3662 STORE_ABORTED" assertions.
f0538986 3663 - Added temporary fix to httpMakePublic() to prevent assertions
3664 (!EBIT_TEST(e->flags, RELEASE_REQUEST)) in storeSetPublicKey().
3665 * Changes below have been made to SQUID_2_0_PATCH2
3666 - PATCH1 introduced a seriously stupid bug which prevented ICP
3667 queries for all requests. Fixed by checking
3668 request->hierarchical in peerSelectFoo().
18cc143b 3669
4c154d99 3670Changes to squid-1.2.beta25 (September 21, 1998):
3671
4b66bfd3 3672 - Fixed async IO bugs from adding filedescriptor arg to AIOCB
3673 callbacks (Henrik Nordstrom).
3674 - Fixed store_swapout.c assertion. We were freeing object data
3675 past the swapout_done offset. This probably happens (only?)
3676 when an object changes from cachable to uncachable while
3677 it is being swapped out.
a260d877 3678 - Added MEM_CLIENT_SOCK_BUF type so we can change the size
3679 of the buffers used for writing data to the client sockets.
669d90e7 3680 - Added configure check for libbind.a. If found, it will be
3681 used instead of libresolv.a.
3682 - Changed fwdStart() to always allow internally generated
dddd5b55 3683 requests, such as for peer digests. These requests are
3684 known to fwdStart() because the address arg is set to
3685 'no_addr'.
669d90e7 3686 - Completed initial HTCP implementation. It works, but is not
3687 tested much.
2d5c8e74 3688 - Added counters for I/O syscalls.
3689 - Fixed httpMaybeRemovePublic. With broken ICP neighbors
3690 (netapp) Squid doesn't use private keys. This caused us
3691 to remove almost every object from the cache.
3692 - Added 'asndb' cachemgr stats to show AS Number tree.
dddd5b55 3693 - Fixed AS Number byte-order bug for netmasks.
2d5c8e74 3694 - Fixed comm_incoming calling rate for high loads (Stewart
3695 Forster).
426012d2 3696 - Give always_direct higher precedence than never_direct
3697 (Henrik Nordstrom).
dddd5b55 3698 - Changed PORT ACL type to accept ranges. Now you can easily
3699 deny, for example, all priveleged ports except 80, 70, 21,
3700 etc.
3701 - ARP ACL fixes for Linux (David Luyer).
3702 - Replaced various "EBIT" flags bitfileds with structures of
3703 "int:1" members.
3704 - Changed storeKeyPrivate and storeKeyPublic to be a bit more
3705 efficient by removing snprintf(). This causes an
3706 incompatibility with old cache keys, however. To transition,
3707 we will look up both the new and old style keys for about the
3708 next 30 days. After that, if you haven't run this (or a
3709 future) version, your cache contents will be lost.
3710 - Made the client-side write buffer size configurable with
3711 a #define in defines.h. By default it is still 4096 bytes.
3712 - Removed redirectUnregister(). It should be unnecessary
3713 because of cbdata locks.
3714 - Fixed multiple HEAD request brokennesses (Henrik Nordstrom).
3715 - Changed non-blocking connect(2) code to call getsockopt()
3716 instead of connect() again. This is the approach recommended
3717 by Stevens, and fixes bugs on BSD-ish systems when subsequent
3718 connect() calls loop with EAGAIN status.
3719 - Added MD5 cache keys to memory pool accounting.
3720 - Added code to track number of open DISK descriptors and stop
3721 swapping out objects if the number of disk descriptors becomes
3722 too large. For now the limit must be manually configured with
3723 the 'max_open_disk_fds'. By default, there is no limit.
3724 - Stopped encoding a request method in the high byte of the ICP
3725 reqnum field. Instead queried cache keys are copied to a
3726 static array, indexed by the reqnum, modulo the array size.
3727 Now we just use the request number to lookup a cache key,
3728 instead of rebuilding it from the ICP reply URL and method,
3729 unless we have netapp neighbors--they don't do reqnum
3730 properly.
3731 - Fixed reconfigure memory access bugs in redirect.c.
0753aa46 3732 - Ignore unreasonably large ICP RTT values which cause overflow
3733 bugs in calculating the average RTT (thanks Niall!)
4b66bfd3 3734
8e6a43e8 3735Changes to squid-1.2.beta24 (August 21, 1998):
3736
6c4067e5 3737 - Added Bulgarian error pages by Evgeny Gechev.
ceb79b2b 3738 - Changed StoreEntry->lock_count to a u_short.
c7d6216e 3739 - Replaced urlcmp with strcmp
3740 - Fixed pragma no-cache ejecting ENTRY_SPECIAL objects
3741 (Henrik Nordstrom).
3742 - Eliminated unneeded BASE HREF on "root" directories (Henrik
3743 Nordstrom).
3744 - Fixed peerDigestFetchFinish() assertion caused by forwarding
3745 failures (e.g. miss_access rules).
ada249f8 3746 - Changed signal handlers with ASYNC_IO and Linux so that
3747 -k command line options work (Miquel van Smoorenburg).
4616f9ea 3748 - Rewrote shutdown code to use events instead of setting
3749 FD timeouts.
903e21a0 3750 - Fixed cachemgr 'objects' (statObjects()) by adding a check
b6a76fb2 3751 for READ_AHEAD_GAP, and calling storeCheckSwapout() in
3752 storeBufferFlush(). Otherwise, the read-past pages would
3753 never be freed.
681979a2 3754 - Fixed DNSSERVER shutdown bugs. The re-opened dnsserver processes
3755 were being closed by the dnsServerShutdown event.
b6a76fb2 3756 - Modified storeHashInsert() to insert PRIVATE objects at
3757 the tail of the LRU list, and PUBLIC objects at the head.
3758 Thus, PRIVATE objects get kicked out quicker.
95e36d02 3759 - Added David Luyer's DELAY_POOLS code.
54b5b3e5 3760 - Fixed a bug due to HEAD replies which lack the end-of-headers
3761 line.
3762 - Made proxy-auth realm string configurable (Bob Franklin)
3763 - Changed default mime time to a viewable one (Henrik Nordstrom).
3764 - configure fixes for Sony's NEWS-OS 6.x (Makoto MATSUSHITA).
3765 - Fixed 'you are running out of filedescriptors' bug which
3766 could cause the HTTP incoming connection handler to not
3767 be reset.
e23fbf04 3768 - Changed syslog logging. Now squid debug levels 0 and 1 go
d737baa0 3769 to syslog. Level 0 gets LOG_WARNING and level 1 gets LOG_NOTICE
e23fbf04 3770 (this needs more work!)
2cb51fe0 3771 - Fixed memory access errors in statAvgTick().
abc1237e 3772 - Fixed duplicate requestUnlink() bug in forward.c
6c4067e5 3773 - Fixed possible memory access bugs from not setting e->mem_obj
3774 = NULL in destroy_MemObject().
3775 - Deleted TCP_IMS_MISS tag. Always use TCP_IMS_HIT instead.
3776 - Modified headersEnd and httpMsgIsolateHeaders to account
3777 for funky line terminations such as CRCRNL.
3778 (``but Netscape and IE _tolerate_ this'')
3779 - Fixed carp functions (Eric Stern).
3780 - Replaced internal proxy_auth code with extern authentication
3781 module (Arjan de Vet).
3782 - moved hash.c to libmiscutil.a.
e931f99a 3783 - Fixed handling of ICP queries with whitespace in URLs.
3784 Now we return ICP error and escape the URL before logging.
3a15a393 3785 - Added configure check for socklen_t (David Luyer).
3786 - Removed USE_SPLAY #defines; it is now standard.
3a76c002 3787 - Added FD arg to async IO callbacks (AIOCB) so we can eliminate
3788 temporary disk_ctrl_t structures.
3789 - Changed ENOSPC disk write errors to reduce specific cache_dir
3790 sizes, and not just the size of the cache as a whole.
f9cece6e 3791 - Added httpMaybeRemovePublic() to purge public objects for
3792 certain responses even though they are uncachable. This is
3793 needed, for example, when an initially cachable object
3794 later becomes uncachable.
8e6a43e8 3795 - Added refresh_pattern options to ignore client reloads
3796 (Henrik Nordstrom)
3797 - Relocated disk.c code which combines blocks for writing
3798 (Stewart Forster).
c7d6216e 3799
857703c6 3800Changes to squid-1.2.beta23 (June 22, 1998):
3801
cf7f704c 3802 - Added Turkish error pages by Tural KAPTAN.
66bbb757 3803 - Added basic support for Range requests. For most cachable
3804 requests, Squid replies with an "Accept-Ranges" header. Upon
3805 receiving a potentially cachable Range request for a not
3806 cached object, Squid requests the whole object from origin
3807 server and then replies with specified range(s) to the
3808 client. Multi-range requests are supported. Adjacent
3809 overlapping ranges are merged. If-Range requests are
3810 supported. Limitations: Multi-range requests with out of
3811 order ranges are not supported.
3812 - Made md5.c use standard memcpy and memset if they are
3813 avaliable.
3814 - Memory pools will now shrink if Squid is run-time
3815 reconfigured with smaller value of memory_pools_limit tag.
3816 - Added counter for number of clients (Tomi Hakala).
3817 - Changed neighbor UP/DOWN algorithm to require 10 failed TCP
3818 connections for UP->DOWN transition.
3819 - Added 'unique_hostname' configuration option when its
3820 necessary to have multiple machines with the same visible
3821 hostname.
222917b2 3822 - Fixed pumpReadFromClient() to not read too many bytes on
3823 persistent connections.
53856ebd 3824 - We can now cache HTTP replies with Set-Cookie. These evil
3825 headers are now filtered out for cache hits on the client
3826 side.
222917b2 3827 - Fixed SNMP bugs caused by using snmpwalk.
9089cc70 3828 - Fixed snmp system Group; all objects are now returned.
3829 - Fixed snmp system Group sysDescr and sysContact.
78dfab2a 3830 - Fixed snmp system Group sysObjectID it now returns a OBJECT
3831 IDENTIFIER.
7fce9c3e 3832 - Allocate FwdState from mem pools.
3833 - Minor HTCP progress.
222917b2 3834 - Moved 'miss_access' ACL check from client_side.c to forward.c
ed169eab 3835 - Fixed logging of usernames for requests which require
3836 proxy-authentication.
cf7f704c 3837 - Fixed HTTP request parser to accept lowercase HTTP identifier
3838 (Oskar Pearson).
3839 - Fixed FTP listings to always include links to the parent
3840 directory (Henrik Nordstrom).
3841 - Fixed FTP to show an "empty" listing instead of showing
3842 a "document contains no data" error (Henrik Nordstrom).
3843 - Fixed refreshCheck() bug. Often it was checking the
3844 refresh patterns against the string "[null_mem_obj]"
3845 because we moved URLs to MemObject.
3846 - Added CARP support by Eric Stern.
48382032 3847 - Fixed select-spin bug when an ICP reply actually gets queued
3848 and we failed to execute the write callback.
354b5fe1 3849 - Fixed a storeCheckSwapOut bug. We were freeing up to
3850 the queued offset instead of the done offset. This
3851 resulted in a small chunk of object data not being in
3852 memory and not yet written to disk. A client could
3853 recieve a partial object because file_read() unexpectedly
3854 returns EOF.
0aa791f8 3855 - Fixed proxy-authentication hangs (Henrik Nordstrom).
c2354a6b 3856 - Fixed request_t->flags bug causing authenticated, proxied
3857 responses to be cached (Arjan de Vet).
e0e32f36 3858 - Fixed MIME types for .tgz extension (Henrik Nordstrom).
3859 - Added view and download options to FTP listings (Henrik
3860 Nordstrom).
3861 - Modified configure to allow using pre-installed libdlmalloc.a
3862 (Masashi Fujita).
e8d8856c 3863 - Fixed cachemgr 'objects' implementation.
fecf98dc 3864 - Changed refreshCheck() algorithm. For cached objects, we
3865 now check, in the following order:
3866 * request max-age
3867 * response Expires (if present)
3868 * refresh_pattern max-age
3869 * response Last-Modified compared to refresh_pattern
3870 LM-factor (only if Last-Modified is present)
3871 * refresh_pattern min-age
3872 - Changed Copyrights.
d192d11f 3873
ee3a78d4 3874Changes to squid-1.2.beta22 (June 1, 1998):
3875
2246b732 3876 - do not cut off "; parameter" from "digitized" Content-Type
3877 http fields
3878 - Added X-Request-URI for persistent connection debugging
3879 (Henrik Nordstrom)
f4d83f6d 3880 - Added Polish error pages from Maciej Kozinski.
145f10f1 3881 - Fixed hash_first/hash_next bugs with **Current pointer.
3882 Replaced with *next pointer.
f4d83f6d 3883 - Fixed PUT/POST bugs in client (Henrik Nordstrom).
3884 - Deny forwarding loops in httpd accel mode (Henrik Nordstrom).
3885 - Fixed eventRun "spin" bug when event delta time == 0.
a9cc1935 3886 - Fixed setting Last Modified time on cached entries when
3887 receiving a 304 reply.
06e87923 3888 - Added while loop in httpAccept().
3889 - Added while loop in icpHandleUdp().
3890 - Fixed some small memory leaks.
3891 - Fixed single-bit-int flag checks (Henrik Nordstrom).
137ee196 3892 - Replaced "complex" (offset accounting) calls to snprintf with MemBuf
3893 - Do not send only-if-cached cc directive with requests
6474667e 3894 for peer's digests.
ee3a78d4 3895 - Added "automatic tuning" for incoming request rate, i.e.
3896 how often to check HTTP and ICP sockets. See comm.c
3897 comments for details.
145f10f1 3898
6ee40ea2 3899Changes to squid-1.2.beta21 (May 22, 1998):
3900
434b408f 3901 - Added Italian error pages by Alessio Bragadini.
a3f9588e 3902 - Added Estonian error pages by Toomas Soome.
06066bbc 3903 - Added Russian (koi-r) error pages by Andrew L. Davydov.
7b381d33 3904 - Added Czech error pages by Jakub Nantl.
8e866bb4 3905 - Fixed asnAclInitialize calling to prevent coredump.
3906 - Fixed FTP directory parsing again.
3907 - Made FTP directory listing "Generated" tagline like
3908 the one for error pages.
52f977aa 3909 - Fixed an assertion coredump in statHistCopy from
6474667e 3910 reconfiguring with different #peers in squid.conf
10202788 3911 - Ignore leading whitespace on requests (and replies). RFC
3912 2068 section 4.1, robustness (Henrik Nordstrom)
3913 - Fixed keep_alive bug. We did not always honour reply
3914 headers, but rather assumed connections could be persistent.
3915 - Fixed reading whois output for AS numbers, especially when
3916 they are longer than 4 KB.
3917 - Removed 'cache_stoplist_pattern' configuration option. This
3918 feature is now handled by 'no_cache'.
3919 - If a URN resolves to only one URL, just return it immediately
3920 instead of giving the user a "choice" (Andy Powell).
3921 - Fixed year-2000 bug in lib/iso3307.c (Henrik Nordstrom).
3922 - Changed squid-internal object names.
3923 - Added netdb exchange protocol.
3924 - Fixed wordlistDestroy() uninitialized pointer bug in
3925 ftpParseControlReply.
06066bbc 3926 - Fixed redirector subprocess to show real program name.
3927 - Changed URN menu output to be sorted.
3928 - Added fast select(2) timeouts when using ASYNC_IO.
3929 - Added ARP ACL support for Linux (David Luyer).
6474667e 3930 - Added binary http headers to requests
3931 - request_t objects are now created and destroyed in a consistent way
3932 - Fixed cache control printf bug
3933 - Added a lot of new http header ids
3934 - Improved Connection: header handling; now both Connection and
3935 Proxy-Connection headers are checked for connection directives
3936 - Connection request header is now handled correctly regardless
3937 of its position and the number of entries
2246b732 3938 - Only replies with valid Content-Length can be sent with keep-alive
3939 connection directive (Henrik Nordstrom)
6474667e 3940 - Better handling of persistent connection "clues" in HTTP headers;
2246b732 3941 the decision now depends on HTTP version (and User-Agent exceptions)
6474667e 3942 - Removed handling of "length=" directive in IMS headers;
3943 the directive is not in the HTTP/1.1 standard;
3944 standing by for objections
3945 - allowed/denied headers are now checked using bit masks instead of
3946 strcmp loops
3947 - removed Uri: from allowed headers; Uri is deprecated in RFC 2068
2246b732 3948 - removed processing of Request-Range header (not in specs?)
7b381d33 3949 - Fixed byte-order bugs in cacheDigestHashKey.
3950 - Changed hash_remove_link() to return void.
3951 - Changed ipcache_gethostbyname() to return NULL if
3952 i->addrs.count == 0.
6de5fa88 3953 - Added millisecond-timing to select/poll loops and event
3954 queue.
3955 - Changed 'peerPingTimeout' value to be twice the average
3956 of all the peer ICP RTT's.
3957 - Added 'half_closed_clients' option to force closing of
3958 client connections which might only be half-closed.
3959 - Fixed matchDomainName coredump bug.
3960 - Don't cache HTTP replies with Vary: headers until we
3961 get content negotiation working.
3962 - Fixed SSL proxying to forward full HTTP request headers.
c09459dd 3963 - Changed storeGetMemSpace(). Only purge down to the HIGH
3964 water mark; move locked entries to the head of the inmem
3965 list.
3966 - Changed clientReadRequest() to locally handle any
3967 "squid-internal-static" URL for any host.
52f977aa 3968 - Disable persistent connections for client connections
3969 from broken Netscape User-Agent, version 3.* (Stewart Forster)
434b408f 3970
901b8eaf 3971Changes to squid-1.2.beta20 (April 24, 1998):
3972
fd1bc012 3973 - Improved support for only-if-cached cache control directive.
3974 - Enabled 304 replies for ENTRY_SPECIAL objects (e.g., icons).
a1a62b14 3975 - Fixed 'quick_abort' percent calculation bug.
3976 - Fixed quick_abort FPE bug.
3977 - Changed more errno-checking functions to use ignoreErrno().
3978 - Added ERESTART to ignoreErrno() because of report from
3979 a Solaris system.
3980 - Fixed '#elsif' typo.
3981 - Fixed MemPool assertion by moving memInit() to before
3982 configuration parsing functions.
3983 - Fixed default 'announce_period' value (was 1 day, should
3984 be 0) (Joe Ramey).
3985 - Added configure warning for low filedescriptors and pointer
3986 to FAQ.
b0497a40 3987 - Fixed httpBodySet() bug causing URN related coredumps.
3988 - Changed ipcacheCycleAddr() to always cycle through all all
3989 available addresses, and not just advance when one of
3990 them goes BAD.
3991 - Fixed squid-internal bug for mixed-case hostnames (Henrik
3992 Nordstrom).
4e41d49f 3993 - Fixed ICP counting probelm. icpUdpSend() arg should be
3994 LOG_ICP_QUERY instead of LOG_TAG_NONE.
e4b71f74 3995 - Added some additional fault toleranse on FTP data channels
3996 (Henrik Nordstrom).
3997 - Corrected error reporting on FTP "hacks" (Henrik Nordstrom).
3998 - Added lock/unlock for StoreEntry during storeAbort().
3999 - Added filemap bit usage stats to cachemgr 'storedir' and
4000 'info'.
4001 - Replaced 'cache_stoplist' with 'no_cache' Access list.
4002 - Fixed (hopefully) remaining swapfile-open-at-exit bugs.
44745828 4003 - Fixed default hierarchy_stoplist to be ``default if none.''
4004 - Fixed 'fake a recent reply' hack for detecting DEAD
4005 and ALIVE neighbors (Joe Ramey).
e376562a 4006 - Fixed FTP directory parsing bugs (Joe Ramey).
4007 - Fixed ftpTraverseDirectory coredump for NULL ftpState->filepath
4008 (Joe Ramey).
dea17509 4009 - Fixed daylight savings time bug (again).
fd1bc012 4010 - A lot of Cache Digests additions, fixes, and tuning.
4011 Cache Digests are still "very experimental".
e376562a 4012 - Fixed snprintf() bug. When len == 1, snprintf() would treat
4013 the buffer as unknown size, emulating sprintf() behaviour.
4014 - Made Error page language configurable with configure script
4015 (Henrik Nordstrom).
4016 - Fixed squid-internal URLs when http_port == 80.
4017 - Remember the client address on redirected requests (Henrik
4018 Nordstrom).
4019 - Don't rebuild the request if the redirector returned the same
4020 URL (Henrik Nordstrom).
4021 - Rewrite Host: header on redirected requests (Henrik
4022 Nordstrom).
4023 - Include port (if non-standard) in generated Host: headers
4024 (Henrik Nordstrom).
4025 - Fixed rfc1123 timezone hacks for Windows NT
4026 (Henrik Nordstrom).
4027 - Added Russian Error pages by Ilia Zadorozhko.
4028 - Added totals for ICP and HTTP hits to cachemgr client_list
4029 output.
6cfa8966 4030 - Changed error message to 'Generated TIME by HOST (SQUID/VER)'
4031 because any string with an '@' must be an email address.
e376562a 4032 - Fixed POST for content-length == 0.
901b8eaf 4033 - Fixed "huge 304 reply" loop bug.
5e9ab945 4034 - Fixed --enable-splaytree compile bugs.
c93fbf13 4035 - Removed ASN lookup code in peer_select.c.
b6a2f15e 4036 - Added warnings if ACL code detects subdomains in SPLAY
4037 trees.
4038 - Rewrote some bits of httpRequestFree() to eliminate
4039 possible bugs that could cause an "e->lock_count" asseertion.
4040 - Added value/bounds checking to _db_init() when setting
4041 the debugLevels[] array.
fd1bc012 4042
005e5260 4043Changes to squid-1.2.beta19 (Apr 8, 1998):
4044
b0497a40 4045 - Squid-1.2.beta19 compiles and runs on Windows/NT with
4046 Cygnus Gnu-WIN32 b19 (Henrik Nordstrom).
447203a7 4047 - Added French Error pages by Frank DENIS.
4048 - Added Dutch Error pages by Mark Visser
901b8eaf 4049 - Added German Error pages by Bernd P. Ziller, Jens Frank,
4050 and Anke S.
f9f2be04 4051 - Added support for only-if-cached cache-control directive.
005e5260 4052 - Added RELAXED_HTTP_PARSER #define to allow requests which are
4053 missing the HTTP identifier on the request line (e.g. buggy
4054 SpyGame queries). RELAXED_HTTP_PARSER is undefined by default.
1f4d31f9 4055 - Fixed disk.c FD leak for delayed closes in
4056 diskHandleWriteComplete().
4057 - Fixed cache announcement feature.
20fe7191 4058 - Fixed httpReadReply() to retry failed HTTP requests on
4059 persistent connections when read() returns -1, not only
4060 when it returns 0.
805e5f70 4061 - Fixed cbdata memory counting leak. cbdataUnlock() always
4062 called free(), never memFree().
ff396fe6 4063 - Fixed storeDirWriteCleanLogs() malloc bug on Alphas.
005e5260 4064 - Fixed `++loopdetect < 10' assertion due to
4065 clientHandleIMSReply bug for invalid/partial HTTP
4066 replies.
4067 - Added preliminary code for HTCP.
4068 - Renamed 'aux' dir to 'cfgaux' for legacy DOS machines.
4069 - Added "snmp_community" as an ACL type.
4070 - Cleaned up proxy-auth acl implementation and removed
4071 memory leaks.
4072 - Added generic 'hashFreeItems()' function for efficiently
4073 freeing hash table pointers.
4074 - Added whoisTimeout() for ASN code.
447203a7 4075 - Removed BINARY TREE code.
005e5260 4076 - Fixed forgetting to reset Config.Swap.maxSize in
4077 configDoConfigure.
4078 - Fixed httpReplyUpdateOnNotModified() arguments-in-wrong-order
4079 bug which caused not modified replies to not get updated.
4080 - Fixed client_side.c bugs which could cause data to be written
4081 to the client in the wrong order for persistent connections.
4082 clientPurgeRequest() and clientHandleIMSComplete() must not
4083 call comm_write(). Instead they must create and write to
4084 StoreEntry's.
4085 - Fixed ICP query service time counting bug(s).
4086 - replaced 'char *mime_headers_end()' with 'size_t headersEnd()'
4087 to fix buffer overruns. This also requires adding 'buf_sz'
4088 args to some functions like clientBuildReplyHeader().
4089 But we can eliminate the need to NULL-terminate the
4090 buffer beforehand.
4091 - Changed commConnectCallback() to reset the FD timeout to
4092 zero before notifying about the connection. This requires
4093 commSetTimeout() calls in numerous places to reinstall
4094 timeouts.
4095 - Changed comm_poll_incoming() to be called less frequently
4096 (every 15 I/O's instead of every 7 FD's) (Michael O'Reilly).
4097 - Removed HAVE_SYSLOG case for debug() macro. Almost all
4098 systems do have syslog(), but more importatnly the
4099 _db_level value is needed for debugging to stderr.
4100 - Rewrote squid/dnsserver interface to use smaller, single-line
4101 messages.
4102 - Rewrote 'dns' cachemgr output to use a table format.
4103 - Rewrote a lot of dnsserver.c.
4104 - Added eventAddIsh() for semi-random event scheduling.
4105 - Fixed an ftpTimeout bug for sessions which use PORT
4106 commands.
4107 - Fixed ftp.c to recognized invalid PASV replies (e.g.
4108 port == 0).
4109 - Removed hash_insert(). All hasing uses hash_join() now.
4110 - Renamed hash_unlink() to hash_remove_link().
4111 - Added hashPrime() to find closes prime hash table size
4112 to a given value.
4113 - Fixed Keep-Alive ratio counting bug which prevented
4114 persistent connections from being used between cache
4115 peers.
4116 - Changed icmp.c to NOT queue messages sent from squid to
4117 the pinger program.
4118 - Changed icp_v2.c to NOT queue ICP messages by default.
4119 But they will be queued and resent once if the first
4120 send fails. Counters.icp.queued_replies counts the
4121 number of messaages queued.
4122 - Cleaned up ICP logging.
4123 - Added identTimeout().
4124 - Fixed ipcache reply counting bug. Overcounted dnsserver
4125 replies for partial replies.
4126 - Added urlInternal() for building internal Squid URLs.
4127 - Changed peerAllowedToUse() to check both 'cache_peer_domain'
4128 AND 'cache_peer_acl' configurations. This should be changed
4129 in the fugure to use ONLY cache_peer_acl.
4130 - Changed DEAD/REVIVED neighbor detection to avoid reporting
4131 so many false deaths. (Joe Ramey).
4132 - Added some preliminary code to support "cache digests."
4133 - Fixed pumpClose() coredumps (?).
4134 - Updated cachemgr 'info' output to show median service
4135 times for various categories.
4136 - Fixed ABW bug in storeDirWriteCleanLogs(). sizeof(off_t)
4137 != sizeof(int) for Alphas.
4138 - Fixed potential alignment problem in storeDirWriteCleanLogs().
4139 - Fixed store_rebuild.c to NOT replace current, but
4140 not-swapped-out StoreEntry's with on-disk entries.
4141 - Changed storeCleanup() to call storeRelease on invalid
4142 entries which don't have a swapfile (i.e. no unlink()
4143 penalty).
4144 - Fixed storeSwapInStart() to fail for unvalidated
4145 entries.
4146 - SNMP changes:
4147 . renovated mib and added descriptions and comments
4148 . added hit and byte counters to client_db , for
4149 cacheClientTable
4150 . cacheClientTable, netdbTable, cachePeerTable,
4151 cacheConnTable now indexed by ip address. hash_lookup was
4152 enhanced to allow for subsequent hash_next's similar to
4153 hash_first, to speed up getnext's in tables which refer to
4154 hash-table structures.
4155 . added generic (well, sorf of) table indexing functionality
4156 . added makefile dependencies for snmplib and cache_snmp.h
4157 . WaisHost, WaisPort, Timeouts removed
4158 . FdTable split into FdTable and ConnTable. FdTable simplified
4159 . PeerTable and PeerStat merged and put into new cacheMesh
4160 group
4161 . cacheClientTable added for client statistics and accounting
4162 (cacheMesh 2)
4163 . cacheSec and cacheAccounting groups removed
4164 . fixed acl bug when communities not defined
4165 . snmp_acl now survives bad configuration
81d0c856 4166
9a713ffb 4167Changes to squid-1.2.beta18 (Mar 23, 1998):
4168
275d9f2e 4169 - Added v1.1 'test_reachability' option.
4170 - Fixed hash4() len == 0 bug.
2c26197b 4171 - Fixed Config.Swap.maxSize reconfigure bug.
4172 - Fixed ICP query bug determining request method.
4173 - Moved ICP's storeGet() cache lookup into neighborsUdpAck()
4174 so that we know neighbors are alive even when they send
4175 us replies for unknown entries.
4176 - Changed configure script to add '-std1' for Digital Unix cc.
4177 - Fixed SNMP sizeof(int) / sizeof(long) bugs for 64-bit
4178 systems.
4179 - Added support for 'Cache-Control: Only-If-Cached' request header.
34ad1721 4180 - Fixed CheckQuickAbort() bugs for multiple clients on one
4181 StoreEntry. Also changed storePendingNClients() to return
4182 mem->nclients instead of counting the number of store_client
4183 entries with pending callback functions.
275d9f2e 4184
041b157e 4185Changes to squid-1.2.beta17 (Mar 17, 1998):
4186
df43fc93 4187 - SNMP MIB version check changed to non-rcs.
02922e76 4188 - Added memory pools for variable size objects (strings).
4189 There are three pools; for small, medium, and large objects.
4190 - Extended String object to use memory pools. Most fixed size char
4191 array fields will be replaced using string pools. Same for most
4192 malloc()-ed buffers.
5e14bf6d 4193 - Changed icon handling to use the hostname and port of the squid
9ed90c85 4194 server, instead of the special hostname "internal.squid"
4195 (Henrik Nordstrom).
5e14bf6d 4196 - All icons are now configured in mime.conf. No hardcoded icons,
f8360ee3 4197 including gohper icons (Henrik Nordstrom).
459f2559 4198 - Fixed ICP bug when we send queries, but expect zero
4199 replies.
ed9c0b33 4200 - Fixed alignment/casting bugs for ICP messages.
2b5b6324 4201 - A generic client-to-server "pump" was added to handle HTTP
4202 PUT as well as POST methods on the client-cache side. Based on
4203 "pump" PUT requests can be made to either HTTP or FTP url's.
4204 Code is still beta and interoperability with browsers etc has
4205 not been tested.
4206 - Put #ifdefs around 'source_ping' code.
5e14bf6d 4207 - Added missing typedef for _arp_ip_data (Wesha).
4208 - Added regular-expression-based ACLs for client and server
4209 domain names (Henrik Nordstrom).
4210 - Fixed ident-related coredumps from incorrect callback data.
4211 - Fixed parse_rfc1123() "space" bug.
4212 - Fixed xrealloc() XMALLOC_DEBUG bug (not calling check_free())..
4213 - Fixed some src/asn.c end-of-reply bugs and memory leaks.
4214 - Fixed some peer->options flag-setting bugs.
4215 - Fixed single-parent feature to work again
4216 - Removed 'single_parent_bypass' configuration option; instead
4217 just use 'no-query'.
4218 - Surrounded 'source_ping' code with #ifdefs.
4219 - Changed 'deny_info URL' to use a custom Error page.
4220 - Modified src/client.c for testing POST requests.
041b157e 4221 - Fixed hash4() for SCO (Vlado Potisk).
459f2559 4222
7ba777f2 4223Changes to squid-1.2.beta16 (Mar 4, 1998):
4224
447203a7 4225 - Added Spanish error messages from Javier Puche.
02922e76 4226 - Added Portuguese error messages from Pedro Lineu Orso
0965bd19 4227 - Added a simple but very effective hack to cachemgr.cgi that tries to
4228 interpret lines with '\t' as table records and formats them
4229 accordingly. With a few exceptions (see source code), first line
4230 becomes a table heading ("<th>" html tag) and the rest is formated
4231 with "<td>" tags.
7021844c 4232 - Added "mem_pools_limit" configuration option. Semantics of
4233 "mem_pools" option has also changed a bit to reflect new memory
4234 management policy.
7ba777f2 4235 - Reorganized memory pools. Squid now supports a global pool
4236 limit instead of individual pool limits. Per-pool limits can be
3a88d597 4237 implemented on top of the current scheme if needed, but it is
7ba777f2 4238 probably hard to guess their values. Squid distributes pool
4239 memory among "frequently allocated" objects. There is a
4240 configurable limit on the total amount of "idle" memory to be
4241 kept in reserve. All requests that exceed that amount are
4242 satisfied using malloc library. Support for variable size
4243 objects (mostly strings) will be enabled soon.
4244 - memAllocate() has now only one parameter. Objects are always
4245 reset with 0s. (We actually never used that parameter before;
4246 it was always set to "clear").
4247 - Added Squid "signature" to all ERR_ pages. The signature is
4248 hardcoded and is added on-the-fly. The signature may use
4249 %-escapes. Added interface to add more hard-coded responses if
4250 needed (see errorpage.c::error_hard_text).
4251 - Both default and configured directories are searched for ERR_
4252 pages now. Configured directory is, of course, searched first.
4253 This allows you to customize a subset of ERR_ pages (in a
4254 separate directory) without danger of getting other copies out
4255 of sync.
4256 - Security controls for the SNMP agent added. Besides
4257 communities (like password) and views (part of tree
4258 accessible), the snmp_acl config option can be used to do acl
4259 based access checks per community.
4260 - SNMP agent was heavily re-written, based on cmu-snmpV1.8. You
4261 can now walk through the whole mib tree. Several new variables
4262 added under cacheProtoAggregateStats
12cf1be2 4263 - Added rudimental statistics for HTTP headers.
7ba777f2 4264 - Adjusted StatLogHist to a more generic/flexible StatHist.
12cf1be2 4265 Moved StatHist implementation into a separate file.
178dbda2 4266 - Added FTP support for PORT if PASV fails, also try the
4267 default FTP data port (Henrik Nordstrom).
4268 - Fixed NULL pointer bug in clientGetHeadersForIMS when a
4269 request is cancelled for fails on the client side.
4270 - Filled in some squid.conf comments (never_direct,
4271 always_direct).
4272 - Added RES_DNSRCH to dnsserver's _res.options when the
4273 -D command line option is given.
4274 - Fixed repeated Detected DEAD/REVIVED Sibling messages when
4275 peer->tcp_up == 0 (Michael O'Reilly).
4276 - Fixed storeGetNextFile's incorrect "directory does not exist"
4277 errors (Michael O'Reilly).
4278 - Fixed aiops.c race condition (Michael O'Reilly, Stewart
4279 Forster).
4280 - Added 'dns_nameservers' config option to specify non-default
4281 DNS nameserver addresses (Maxim Krasnyansky).
4282 - Added lib/util.c code to show memory map as a tree
4283 (Henrik Nordstrom).
4284 - Added HTTP and ICP median service times to Counters and
4285 cachemgr average stats.
4286 - Changed "-d" command line option to take debugging level
4287 as argument. Debugging equal-to or less-than the argument
4288 will be written to stderr.
3ff01c3e 4289 - Removed unused urlClean() function from url.c.
adba4a64 4290 - Fixed a bug that allowed '?' parts of urls to be recorded in
ef65d6ca 4291 store.log. Logged urls are now "clean".
178dbda2 4292 - Cache Manager got new Web interface (cachemgr.cgi). New .cgi
4293 script forwards basic authentication from browser to squid.
4294 Authentication info is encoded within all dynamically generated
4295 pages so you do not have to type your password often.
4296 Authentication records expire after 3 hours (default) since
4297 last use. Cachemgr.cgi now recognizes "action protection" types
4298 described below.
4299 - Added better recognition of available protection for actions
4300 in Cache Manager. Actions are classified as "public" (no
4301 password needed), "protected" (must specify a valid password),
4302 "disabled" (those with a "disable" password in squid.conf), and
4303 "hidden" (actions that require a password, but do not have
4304 corresponding cachemgr_passwd entry). If you manage to request
4305 a hidden, disabled, or unknown action, squid replies with
4306 "Invalid URL" message. If a password is needed, and you failed
4307 to provide one, squid replies with "Access Denied" message and
4308 asks you to authenticate yourself.
4309 - Added "basic" authentication scheme for the Cache Manager.
4310 When a password protected function is accessed, Squid sends an
4311 HTTP_UNAUTHORIZED reply allowing the client to authorize itself
4312 by specifying "name" and "password" for the specified action.
4313 The user name is currently used for logging purposes only. The
4314 password must be an appropriate "cachemgr_passwd" entry from
4315 squid.conf. The old interface (appending @password to the url)
4316 is still supported but discouraged. Note: it is not possible
4317 to pass authentication information between squid and browser
4318 *via a web server*. The server will strip all authentication
4319 headers coming from the browser. A similar problem exists for
4320 Proxy-Authentication scheme.
4321 - Added ERR_CACHE_MGR_ACCESS_DENIED page to notify of
4322 authentication failures when accessing Cache Manager.
63259c34 4323 - Added "-v" (Verbose) and "-H" (extra Headers) options to client.c.
178dbda2 4324 - Added simple context-based debugging to debug.c. Currently,
4325 the context is defined as a constant string. Context reporting
4326 is triggered by debug() calls. Context debugging routines
4327 print minimal amount of information sufficient to describe
4328 current context. The interface will be enhanced in the future.
4329 - Replaced _http_reply with HttpReply. HttpReply is a
4330 stand-alone object that is responsible for parsing, swapping,
4331 and comm_writing of HTTP replies. Moved these functions from
4332 various modules into HttpReply module.
8bfcd557 4333 - Added HttpStatusLine, HttpHeader, HttpBody.
178dbda2 4334 - All HTTP headers are now parsed and stored in a "compiled"
4335 form in the HttpHeader object. This allows for a great
4336 flexibility in header processing and builds basis for support
4337 of yet unsupported HTTP headers.
4338 - Added Packer, a memory/store redirector with a printf
4339 interface. Packer allows to comm_write() or swap() an object
4340 using a single routine.
4341 - Added MemBuf, a auto-growing memory buffer with printf
4342 capabilities. MemBuf replaces most of old local buffers for
4343 compiling text messages.
4344 - Added MemPool that maintains a pre-allocated pool of opaque
4345 objects. Used to eliminate memory thrashing when allocating
4346 small objects (e.g. field-names and field-value in http
4347 headers).
8bfcd557 4348
3197e644 4349Changes to squid-1.2.beta15 (Feb 13, 1998):
4350
55647891 4351 NOTE: This version has changes which may cause all or part
4352 of your cache to be lost. However, you can problably
4353 save most of it by doing a slow restart. Specifically:
4354
4355 1. Kill the running squid-1.2.beta14 process; wait for it to
4356 fully exit.
4357 2. Remove all 'swap.state*' files, either in each cache_dir, or
4358 as defined in your squid.conf
4359 3. Start squid-1.2.beta15. The store will be rebuilt from the
4360 existing swap files, reading the directories and opening
4361 the files.
4362
bcfbdc11 4363 - Fixed some problems related to disk (and pipe) write error
4364 handling. file_close() doesn't always close the file
4365 immediately; i.e. when there are pending buffers to write.
4366 StoreEntry->lock_count could become zero while a write is
4367 pending, then bad things happen during the callback.
4368 - The file_write() callback data must now be in the callback
4369 database (cbdata). We now use the swapout_ctrl_t structure
4370 for the callback data; it stays around for as long as we are
4371 swapping out.
4372 - Changed the way write errors are handled by diskHandleWrite.
4373 If there is no callback function, now we exit with a fatal
4374 message under the assumption that the file in question is a
4375 log file or IPC pipe. Otherwise, we flush all the pending
4376 write buffers (so we don't see multiple repeated write errors
4377 from the same descriptor) and let the upper layer decide how
4378 to handle the failure.
4379 - Fixed storeDirWriteCleanLogs. A write failure was leaving
4380 some empty swap.state files, even though it tells us that its
4381 "not replacing the file." Don't flush/rename logs which we
4382 have prematurely closed due to write failures, indiciated by
4383 fd[dirn] == -1. Close these files LAST, not before
4384 renaming.
4385 - Fixed storeDirClean to clean directories in a more sensible
4386 order, instead of the new "MONOTONIC" order for swap files.
0465e406 4387 - Merged fdstat.c functions into fd.c.
4388 - Cleaned up some debugging sections. Some unrelated source
4389 files were using the same section.
4390 - Removed curly brackets from all cachemgr output.
4391 - Removed unused filemap->last_file_number_allocated member.
4392 - Removed unused fde->lifetime_data member.
4393 - Fixed incorrectly applying htonl() on icp_common_t->shostid.
4394 - Call setsid() before exec() in ipc.c so that child processes
4395 don't receive SIGINT (etc) when running squid on a tty.
2f2dd5ad 4396 - Changed StoreEntry->object_len to ->swap_file_sz so we
4397 can verify the disk file size at restart. Moved object_len
4398 to MemObject->object_sz. Note object_sz is initialized
4399 to -1. If object_sz < 0, then we need to open the swap
4400 file and read the swap metadata.
4401 - Changed store_client->mem to ->entry because we need
4402 e->swap_file_sz to set mem->object_sz at swapin.
2f2dd5ad 4403 - Renamed storeSwapData structure to storeSwapLogData.
4404 - Fixed storeGetNextFile to not increment d->dirn. Added
4405 check for opendir() failure.
4406 - Fixed storeRebuildStart to properly link the directory
4407 list for storeRebuildfromDirectory mode.
e157f97f 4408 - Added -S command line option to double-check store
4409 consistency with disk files in storeCleanup().
4410 - Fixed a problem with transactional logging. In many
4411 cases we were adding the public cache key and then
4412 logging a delete for the private key. This is worthless
4413 because during rebuild we could not locate the previous
4414 public-keyed entry. Now we assert that only public-keyed
4415 entries can be logged to swap.state. storeSetPublicKey()
4416 and storeSetPrivateKey() have been modified to log an
4417 ADD or DEL when the key changes.
4418 - Fixed storeDirClean bug. Needed to call
4419 storeDirProperFileno() so the "dirn bits" get set.
4420 - Fixed a storeRebuildFromDirectory bug. fullpath[] and
4421 fullfilename[] were static to that function and did
4422 not change when the "rebuild_dir" arg did. Moved these
4423 buffers to the rebuild_dir structure.
4424 - In storeRebuildFromSwapLog, we were calling storeRelease()
4425 for cache key collisions. This only set the RELEASE_REQUEST
4426 bit and did not clear the swap_file_number in the filemap or
4427 in the StoreEntry, so the swap file could get unlinked later
4428 when it was really released.
4e0f0471 4429 - Fixed FTP so that ';type=X' specifically sets the HTTP reply
4430 content-type and content-encoding (Henrik Nordstrom).
4431 - Removed 'icon_content_type' configuration option. Content
4432 types now taken from mime.conf (Henrik Nordstrom).
2a9b2b73 4433 - Added additional memory malloc tracing and memory leak
4434 detection. Use --enable-xmalloc-debug-trace configure
4435 option and -m command line option (Henrik Nordstrom).
bcfbdc11 4436
93169941 4437Changes to squid-1.2.beta14 (Feb 6, 1998):
4438
5471db88 4439 - Replaced snmplib free() calls with xfree().
4440 - Changed the 'net_db_name' hash table structure to
4441 make it easier to move names from one network to another
4442 (copied from 1.1 code).
93169941 4443 - Filled in some of the config dump routines (dump_acl,
4444 dump_acl_access).
4445 - Full memory debugging option (--enable-xmalloc-debug-trace)
4446 (Henrik Nordstrom).
4447 - Filled-in and clarified many squid.conf comments (Oskar
4448 Pearson).
4449 - Fixed up handling of SWAP_LOG_DEL swap.state entries.
5471db88 4450
f91834bf 4451Changes to squid-1.2.beta13 (Feb 4, 1998):
f577e074 4452
b4512acd 4453 - NOTE: With this version the "swap.state" file format has
4454 changed. Running this version for the first time will
4455 cause your current cache contents to be lost!
f91834bf 4456 - NOTE: this version still has the bug where we don't rewind
4457 a swapout file and rewrite the swap meta data. Objects
4458 larger than 8KB will be lost when rebuilding from the swap
4459 files.
d04dd4bf 4460 - Combined various interprocess communication setup functions
4461 into ipcCreate().
4462 - Removed some leftover ICP_HIT_OBJ things.
4463 - Removed cacheinfo and proto_count() and friends; these are to
4464 be replaced in functionality by StatCounters and 5/60 minute
4465 average views via cachemgr.
4466 - Fixed --enable-acltree configure message (Masashi Fujita).
4467 - Fixed no reference to @LIB_MALLOC@ in src/Makefile.in
4468 (Masashi Fujita).
4469 - Fixed building outside of source tree (Masashi Fujita).
dbfed404 4470 - FTP: Format NLST listings, and inform the user that the NLST
4471 (plain) format is available when we find a LIST listing that we
4472 don't understand (Henrik Nordstrom)
4473 - FTP: Use SIZE on Binary transfers, and not ASCII. The
4474 condition was inversed, making squid use SIZE on ASCII
4475 transfers (Henrik Nordstrom).
4476 - Enable virtual and Host: based acceleration in order to be
4477 able to use Squid as a transparent proxy without breaking
4478 either virtual servers or clients not sending Host: header
4479 the order of the virtual and Host: based acceleration needs
4480 to be swapped, giving Host: a higher precendence than virtual
4481 host (Henrik Nordstrom).
4482 - Use memmove/bcopy as detected by configure Some systems does
4483 not have memmove, but have the older bcopy implementation
4484 (Henrik Nordstrom).
6cf028ab 4485 - Completely rewritten aiops.c that creates and manages a pool
4486 of threads so thread creation overhead is eliminated (SLF).
4487 - Lots of mods to store.c to detect and cancel outstanding
4488 ASYNC ops. Code is not proven exhaustive and there are
4489 definately still cases to be found where outstanding disk ops
4490 aren't cancelled properly (SLF).
4491 - Changes to call interface to a few routines to support disk
4492 op `tagging', so operations can be cleanly cancelled on
4493 store_abort()s (SLF).
4494 - Implementation of swap.state files as transaction logs.
4495 Removed objects are now noted with a negative object size.
4496 This allows reliatively clean rebuilds from non-clean
4497 shutdowns (SLF).
4498 - Now that the swap.state files are transaction logs, there's
4499 now no need to validate by stat()ing. All the validation
4500 procedure does is now just set the valid bit AFTER all the
4501 swap.state files have been read, because by that time, only
4502 valid objects can be left. Object still need to be marked
4503 invalid when reading the swap.state file because there's no
4504 guarantee the file has been retaken or deleted (SLF).
4505 - An fstat() call is now added after every
4506 storeSwapInFileOpened() so object sizes can be checked. Added
4507 code to storeRelease() the object if the sizes don't match (SLF).
6474667e 4508 - #defining USE_ASYNC_IO now uses the async unlink() rather than
4509 unlinkd() (SLF).
6cf028ab 4510 - #defining MONOTONIC_STORE will support the creation of disk
4511 objects clustered into directories. This GREATLY improves disk
4512 performance (factor of 3) over old `write-over-old-object'
4513 method. If using the MONOTONIC_STORE, the
4514 {get/put}_unusedFileno stack stuff is disabled. This is
4515 actually a good thing and greatly reduces the risk of serving
4516 up bad objects (SLF).
4517 - Fixed unlink() in storeWriteCleanLogs to be real unlink()
4518 rather than ASYNC/unlinkd unlinks. swap.state.new files were
4519 being removed just after they were created due to delayed
4520 unlinks (SLF).
4521 - Disabled various assertions and made these into debug warning
4522 messages to make the code more stable until the bugs can be
4523 tracked down (SLF).
4524 - Added most of Michael O'Reilly's patches which included many
4525 bug fixes. Ask him for full details (SLF).
4526 - Moved aio_check_callbacks in comm_{poll|select}(). It was
4527 called after the fdset had been built which was wrong because
4528 the callbacks were changing the state of the read/write
4529 handlers prior to the poll/select() calls (SLF).
f09f5b26 4530 - Fixed ARP ACL memory leaks (Dale).
f577e074 4531 - Eliminated URL and SHA cache keys. Cache keys will always
4532 be MD5's now.
4533 - Fixed up store swap meta data.
4534 - Changed swap.state logs to a binary format.
f91834bf 4535 - The swap.state logs are written transaction-style.
d04dd4bf 4536
b5cfbd5b 4537Changes to squid-1.2.beta12 (Jan 30, 1998):
4538
b4512acd 4539 - Added metadata headers to cache swap files. This is an
4540 incompatible change with previous versions. Running this
4541 version for the first time will cause your current cache
4542 contents to be lost.
9fc0b4b8 4543 - -D_REENTRANT when linking with -lpthreads (Henrik Nordstrom)
4544 - Show symlink destinations as a hyperlink in FTP listings
4545 (Henrik Nordstrom)
3a4eaced 4546 - Fixed not allocating enough space for rewriting URLs with
4547 the Host: header (Eric Stern).
4548 - Year-2000 fixes (Arjan de Vet).
4549 - Fixed looping for cache hits on HEAD requests.
fc6dc767 4550 - Fixed parseHttpRequest() coredump for
6474667e 4551 "GET http://foo HTTP/1.0\r\n\r\n\r\n"
9fc0b4b8 4552
9f802cb1 4553Changes to squid-1.2.beta11 (Jan 6, 1998):
4554
fd82d0b0 4555 - Fixed fake 'struct rusage' definition which prevented compling
4556 on Solaris 2.4.
4557 - Fixed copy-by-ref bug for request->headers in
4558 clientRedirectDone() (Michael O'Reilly).
812db943 4559 - Workaround for Solaris pthreads closing FD 0 upon fork()
4560 (Michael O'Reilly).
05fd71a7 4561 - Fixed shutdown bug with outgoing UDP sockets; we need to
4562 disable their read handlers.
4563 - For comm_poll(), use the fast 50 msec timeout only when
4564 USE_ASYNC_IO is defined.
1fbc6de3 4565 - Fixed pointer bug when freeing AS# ACL entries.
4566 - Fixed forgetting to reset Config.npeers to zero in free_peer().
0f6bdbfa 4567 - Fixed ICP bug causing excessive TIMEOUTs with sibling
4568 neighbors. We must call the ICP reply callback even for
4569 sibling misses.
4570 - Fixed some dnsserver-related reconfigure bugs. Need to
4571 use cbdataLock, etc in fqdncache.c. Also don't want to
4572 use ipcacheQueueDrain() and fqdncacheQueueDrain().
4573 - Fixed persistent connection bug. We were incorrectly
4574 deciding that non-200 replies without content-length
4575 would not have a reply body.
4576 - Fixed intAverage() precedence bug.
4577 - Fixed memmove() 'len' arg bug.
4578 - Changed algorithm for determining alive/dead state of peers.
4579 Instead of using a fixed number of unacknowledged ICP
4580 replies, it is now based on timeouts. If there are no ICP
4581 replies received from a peer within 'dead_peer_timeout'
4582 seconds, then we call it dead.
4583 - Added calls to getCurrentTime() in
4584 comm_{select,poll}_incoming() when ALARM_UPDATES_TIME is not
4585 being used.
4586 - Fixed shutdown bug when the incoming and outgoing ICP socket
4587 is the same file descriptor.
e970f357 4588 - Added buffered writes for storeWriteCleanLogs() (Stewart
4589 Forster).
4590 - Patches for Qnx4 (Jean-Claude MICHOT).
4591 - Fixed returning void functions which seems to be a GCC-ism.
e5f4e1b0 4592 - New configure script options (Henrik Nordstrom):
4593 --enable-new-storekey=[sha|md5(|url)] (was --enable-hashkey)
4594 --enable-acltree
4595 --enable-icmp
4596 --enable-delay-hack
4597 --enable-useragent-log
4598 --enable-kill-parent (this should be named -hack)
4599 --enable-snmp
4600 --enable-time-hack
4601 --enable-cachemgr-hostname[=hostname] (new)
4602 --enable-arp-acl (new)
4603 - Added Doug Lea malloc-2.6.4 to the distribution, so that
4604 people easily can try a decent malloc package if they syspect
4605 their malloc is broken. --enable-dlmalloc (Henrik Nordstrom).
4606 - Made XMALLOC_DEBUG_COUNT working again. Requires a small stub
4607 function (Henrik Nordstrom).
4608 - Removed top-level Makefile. People must now run 'configure'
4609 before 'make'.
714ace98 4610 - Fixed checkFailureRatio() implementation.
82b3c7d9 4611 - Made 'squid -z' behave like the 1.1 version.
e5f4e1b0 4612
fd82d0b0 4613
ab9a3f7e 4614Changes to squid-1.2.beta10 (Jan 1, 1998):
4615
4616 - Fixed content-length bugs for 204 replies, 304 replies,
4617 and HEAD requests (Henrik Nordstrom).
4618 - Fixed errorAppendEntry() bug in gopherReadReply().
4619 - Basic support for FTP URL typecodes (;type=X).
9c965c1b 4620 - Support for access controls based on ethernet MAC addresses
ab9a3f7e 4621 (Dale).
4622 - Initial URN support; see
4623 http://squid.nlanr.net/Squid/urn-support.html
4624 - Fixed client-side persistent connections for objects with
4625 bad content lengths (Henrik Nordstrom).
4626 - Fixed bad call to storeDirUpdateSwapSize() for objects which
4627 never reach SWAPOUT_DONE state.
68e3a9df 4628 - Fixed up poll() #defines in squid.h (Stewart Forster).
4629 - Changed poll() timeout from 1000 msec to 50 msec for
4630 better performance under low load (Stewart Forster).
e7a1fde6 4631 - Changed storeWriteCleanLogs() to write objects in the LRU
4632 list order instead of the random hash table order.
109ff6af 4633 - Fixed FTP bug when data socket connections fail or timeout.
4634 - Reuse FTP data connection when possible (Henrik Nordstrom).
4635 - Added configure options (Henrik Nordstrom)
4636 --enable-store-key=sha|md5
4637 --enable-xmalloc-statistics
4638 --enable-xmalloc-debug
78743365 4639 --enable-xmalloc-debug-count
4640 --async-io
109203bf 4641 - Fixed confusing with the use/meaning of ERR_CANNOT_FORWARD
4642 by creating ERR_FORWARDING_DENIED and changing the
4643 content of the ERR_CANNOT_FORWARD text.
4e9c07c1 4644 - Fixed pipeline request bug from using strdup() (Henrik
4645 Nordstrom).
4646 - Call clientReadRequest() directly instead of commSetSelect()
4647 for pipelined requests (Henrik Nordstrom).
1b02b5be 4648 - Fixed 4k page leak in icpHandleIMSReply();
4649 - Renamed 'icp*' functions to 'client*' names in client_side.c.
e7a1fde6 4650
b90a0f8d 4651Changes to squid-1.2.beta8 (Dec 2, 1997):
4652
eae03fc8 4653 - Fixed accessLogLog() to log ident from Proxy-Authorization
4654 request header (BoB Miorelli).
226f9ba2 4655 - Fixed #includes, prototypes, etc. in SNMP source files.
4656 - Moved 'POLLRDNORM' and 'POLLWRNORM' macro checks from
4657 include/config.h.in to src/squid.h
4658 - Moved 'num32' typedefs from src/typedefs.h to
4659 include/config.h.in.
4660 - Moved snmplib/md5.c to lib/md5.c.
4661 - Added MD5 cache key support.
4662 - Removed xmalloc() return check in uudeocde.c
4663 - Added 'ifdef' support to cf_gen.c for optional code (e.g. SNMP)
4664 - Changed 'client' program to provide easier cache manager access,
3ff01c3e 4665 e.g.: 'client mgr:info'
226f9ba2 4666 - Fixed 'client' to send 'Connection' instead of 'Proxy-Connection'
4667 for simulated keep-alive requests.
4668 - Removed 'fd' arg from clientProcess* functions.
9e3468d5 4669 - Fixed bugs from using errorSend() on persistent/pipelined
226f9ba2 4670 client connections. A latter request should not be allowed to
4671 write to the client fd until the current request completes.
4672 Now use errorAppendEntry() for such situations.
4673 - Fixed content-length bugs. We were using content-length == 0
4674 to also indicate a lack of content-length reply header. But
4675 'content-length: 0' might appear in a reply, so now use -1 to
4676 indicate that no content length given.
4677 - Split up clientProcessRequest() into smaller chunks so it
4678 might be easier to follow.
4679 - renamed various client_side.c functions to start with 'client'
4680 instead of 'icp'.
4681 - Fixed a 'cbdata leak' from the comm.c close handlers.
4682 - Fixed a 'cbdata leak' from the comm.c connect routines.
4683 - Fixed comm_select() and comm_poll() to stop looping on the
4684 incoming HTTP/ICP sockets. If there are fewer than 7 FD's
4685 ready for I/O, the incoming sockets might not get service, so
4686 comm_select() would be called for up to 7 times until the
4687 'incoming_counter' was incremented enough to trigger a call
4688 to comm_select_incoming(). Now we make sure
4689 comm_select_incoming() gets called if select returns less
4690 than 7 ready FD's.
9e3468d5 4691 - Added errorpage '%B' token to generate FTP URLs with a '%2f'
4692 inserted at the start of the url-path. calls ftpUrlWith2f().
4693 (Henrik Nordstrom).
226f9ba2 4694 - Changed fqdncache.c to use LRU double-linked list instead of qsort()
4695 for replacement and cachemgr output.
4696 - Changed ipcache.c to use LRU double-linked list instead of qsort()
4697 - Changed hash_insert() and hash_join() to return void.
4698 for replacement and cachemgr output.
4699 - Moved StoreEntry->method member to MemObject->method.
4700 - Made StoreEntry->flags 16 bits.
4701 - Made StoreEntry->refcount 16 bits.
4702 - Changed URL-based public cache key to always include the request
4703 method.
eae03fc8 4704
95bc9f0b 4705Changes to squid-1.2.beta7 (Nov 24, 1997):
4706
6a11653c 4707 - Fixed poll() for Linux (David Luyer).
4708 - SHA optimizations (David Luyer).
4709 - Fixed errno clashes with macro on Linux (David Luyer).
4710 - Fixed storeDirCloseSwapLogs(); logs might not be open.
4711 - Fixed storeClientCopy2() bug. Detect when there is
4712 no more data to send for objects in STORE_OK state.
19ee64b1 4713 - Fixed FTP truncation bug when ftpState->size == 0, e.g.
4714 especially directory listings.
95bc9f0b 4715 - Mega FTP fix from Henrik Nordstrom. A better job of
4716 implementing the '%2f' hack.
4717 - Fixed some pipelined request bugs. storeClientCopy() was
4718 being given the wrong StoreEntry, and we had a race condition
4719 which is now handled by storeClientCopyPending().
99077fe6 4720 - Added initial SNMP support.
6a11653c 4721
2c9b45c9 4722Changes to squid-1.2.beta6 (Nov 13, 1997):
4723
1b5516d3 4724 - Fixed Authorized responses getting swapped out when they
4725 don't have Proxy-Revalidate reply header.
4726 - Fixed Proxy Authentication support. We never sent back
4727 a 407 reply, and were incorrectly incrementing the passwd
4728 before comparing it.
4729 - Fixed stat()ing pathnames for default values before parsing
4730 config file (Ron Gomes).
4731 - Fixed logging request and response headers on separate lines
4732 (Ron Gomes).
4733 - Fixed FTP Authentication message (Henrik Nordstrom).
4734 - Changed Proxy Authentication to trigger a reread of the passwd
4735 file if a password check fails (Henrik Nordstrom).
4736 - Changed FTP to retry the first CWD with a leading slash if it
4737 fails without one.
4738
8c17a569 4739Changes to squid-1.2.beta5 (Nov 6, 1997):
4740
90045285 4741 - Track the 'keep-alive ratio' for a peer as the ratio of
4742 the number of replies including 'Proxy-Connection: Keep-Alive'
4743 compared to the number of requests sent. If the peer does
4744 not support Persistent connections then this ratio will tend
4745 toward zero. If the ratio is less than 50% after 10 requests
4746 then we'll stop sending Keep-Alive.
8c3994aa 4747 - Proper support for %nn escapes in FTP, and numerous
4748 other fixes (Henrik Nordstrom).
4749 - Support for Secure Hash Algorithm and framework for other
4750 hash functions as cache keys.
4751 - Fixed SSL snprintf() bug which broke SSL proxying.
4752 - Fixed store_dir swap log bug from reconfigure (SIGHUP).
8c17a569 4753 - Fixed LRU Reference Age bug. The arg to pow() must be
8031bd43 4754 minutes, not seconds.
90045285 4755
9ddfb255 4756Changes to squid-1.2.beta4 (Oct 30, 1997):
4757
a493f974 4758 - Fixed DST bug in rfc1123.c
4759 - Changed default http_accel_port to 80.
4760 - added errorCon() as a ErrorState constructor function
4761 (Max Okumoto).
4762 - Added ERR_FTP_FAILURE message for ftpFail().
4763 - For FTP, the timeout callback must be moved to the 'data'
4764 descriptor when data transfer begins. Otherwise we are
4765 likely to get a timeout on the control descriptor.
4766 - Fixed double-free bug in httpRequestFree().
4767 - Fixed store_swap_size counting bug in storeSwapOutHandle().
4768
409a6aad 4769Changes to squid-1.2.beta3 (Oct 29, 1997):
4770
4771 - Initialize _res.options to RES_DEFAULT in dnsserver.c.
4772 - Fix assertions which assumed 4-byte pointers.
4773 - Fix missing % in fqdncache.c snprintf().
4774
5a2d610b 4775Changes to squid-1.2.beta2 (Oct 28, 1997):
4776
8c3994aa 4777 - Fixed aiops.c and async_io.c so that they actually compile
f5b8bbc4 4778 with USE_ASYNC_IO (Arjan de Vet).
4779 - Fixed errState->errno causing problems with some macros
4780 (Michael O'Reilly).
d287f51e 4781 - Fixed memory leaks in pconn.c (Max Okumoto).
0866009b 4782 - Enhanced 'client' program with 'ping' behaviour (Ron Gomes).
272547b5 4783 - Fixed InvokeHandlers() from calling memCopy() for ALL
4784 store_client's with callbacks. A store_client might be reading
4785 from disk.
5a2d610b 4786 - Rewrote storeMaintainSwapSpace(). No longer will we scan one
272547b5 4787 bucket at a time. Instead we'll maintain a single LRU
4788 list. When an object is 'touched' we move it to the
4789 top of this list. When we need disk space, we delete
4790 from the bottom.
5a2d610b 4791 - Removed storeGetSwapSpace().
f5b8bbc4 4792
871f0b8a 4793Changes to squid-1.2.beta1 ():
4794
4795 - Reworked storage manager to not keep objects in memory during
4796 transit. In other words, no separate NOVM distribution.
4797 - Lots of cleanup and debugging for beta release.
4798 - Use snprintf() everywhere instead of sprintf().
4799 - The 'in_memory' hash table has been replaced with a
4800 doubly-linked list. New objects are added to the head of
4801 the list. When memory space is needed, old objects are
4802 purged from the tail of the list.
4803
0edfe7a2 4804Changes to squid-1.2.alpha7 ():
4805
c4958532 4806 - fixes fixes fixes.
4807 - Made Arjan's PROXY_AUTH ACL patch standard.
0edfe7a2 4808
8905b90c 4809Changes to squid-1.2.alpha6 ():
4810
6684fec0 4811 - Simpler cacheobj implementation.
6605655c 4812 - persistent connection histogram
8872e1f8 4813 - SERVER-SIDE PERSISTENT CONNECTIONS:
6474667e 4814 - Added pconn.c
4815 - Addec Cofig.Timeout.pconn; default 120 seconds
4816 - Added httpState->flags
4817 - Added flags arg to httpBuildRequestHeader()
4818 - Added HTTP_PROXYING and HTTP_KEEPALIVE flags
4819 - Added 'Connection' to allowed HTTP headers (http-anon.c)
8872e1f8 4820 - Added 'Proxy-Connection' to allowed HTTP headers
4821 (http-anon.c)
a7736231 4822 - Merged proxyhttpStart() with httpStart() and created
8872e1f8 4823 new httpBuildState().
4824 - New httpPconnTransferDone() detects end-of-data on
4825 persistent connections.
6684fec0 4826
88738790 4827Changes to squid-1.2.alpha5 ():
4828
4829 - New configuration system. Everything is generated from
4830 'cf.data.pre', including the main parser, setting defaults,
4831 outputting current values, and freeing memory.
4832 This also involved moving some of the local data structures
4833 (e.g. struct _acl *AclList in acl.c) to the Config
4834 structure. (Max Okumoto)
4835 - No more '/i' for regular expressions. Now insert a '-i'
4836 to switch to case-insensitive. Use '+i' for case-sensitive.
4837 - When you have a variable named the same as its type, sizeof()
4838 gets the wrong one (fde).
4839 - Need to flush unbuffered logs before fork().
4840 - Added two fields swap log: refcount and e->flag.
4841 - Removed all the .h files for each .c file. Now #include stuff
4842 is in either: defines.h, enums.h, typedefs.h, structs.h,
4843 or protos.h, globals.h. This greatly reduces dependencies
4844 between the various source files.
4845 - globals.c is generated from globals.h by a Perl script.
8ee3ca2c 4846 - Started customizable error texts.
88738790 4847
97f674c8 4848Changes to squid-1.2.alpha4 ():
4849
ec973719 4850 - New MIME configuration, regular expression based
4851 - Added request_timeout config option
4852 - Multiple HTTP sockets (Lincoln Dale).
4853 - Moved 'fds_are_n_free' check to httpAccept().
4854 - s/USE_POLL/HAVE_POLL/; make poll() default if available.
7e49f700 4855 - Changed storeRegister to use offsets and make immediate
4856 callbacks if appropriate.
4857 - Removed icpDetectClientClose(). Some of that functionality
4858 goes into clientReadRequest() and the rest into
4859 httpRequestFree().
b1b387d1 4860 - Moved IP lookups to commConnect stuff.
4861 - Added support for retrying connect().
858164fc 4862 - New inline debug() macro (David Luyer).
e174e0fe 4863 - Replace frequent gettimeofday() calls with alarm(3) based
4864 clock. Need to add more gettimeofday() calls to get back
a59968c7 4865 high-resolution timestamp logging (Andres Kroonmaa).
0153d498 4866 - Added support for Cache-control: proxy-revalidate;
4867 based on squid-1.1 patch from Mike Mitchell.
ec973719 4868
3b08d32d 4869Changes to squid-1.2.alpha3 ():
4870
4871 - Implemented persistent connections between clients and squid.
4872 - Moved various FD tables (comm.c, fdstat.c, disk.c) to a single
4873 table in fd.c.
4874 - Removed use of FD as an identifier in certain callback
4875 operations (ipcache, fqdncache).
4876 - General code cleanup.
4877 - Fixed typedefs for callback functions.
4878 - Removed FD lifetime/timeout dichotomy. Now we only have
4879 timeouts, however the lifetime concept/keyword may still
4880 linger in certain places.
4881 - Change Makefile 'realclean' target to 'distclean'
4882 - Changed config file parsing of time specifications to use
4883 parseTimeLine().
4884 - Removed storetoString.c
4885
4886Changes to squid-1.2.alpha2 ():
74cebec0 4887
4888 - Merged squid-1.1.9, squid-1.1.10 changes
4889
7b41ec97 4890Changes to squid-1.2.alpha1 ():
4891
4892 - Unified peer selection algorithm.
75e88d56 4893 - aiops.c and aiops.h are a threaded implementation of
4894 asynchronous file operations (Stewart Forster).
4895 - async_io.c and async_io.h are complete rewrites of the old
4896 versions (Stewart Forster).
6ad85e8a 4897 - Rewrote all disk file operations of squid to support
75e88d56 4898 the idea of callbacks except where not required (Stewart
4899 Forster).
75e88d56 4900 - Background validation of 'tainted' swap log entries (Stewart
4901 Forster).
4902 - Modified storeWriteCleanLog to create the log file using the
4903 open/write rather than fopen/printf (Stewart Forster).
4904 - Added the EINTR error response to handle badly interrupted
4905 system calls (Stewart Forster).
6ad85e8a 4906 - UDP_HIT_OBJ not supported, removed.
4907 - Different sized 'cache_dirs' supported.
75e88d56 4908
e924600d 4909==============================================================================
Mirror of https://github.com/squid-cache/squid.git