]> git.ipfire.org Git - thirdparty/squid.git/blame - ChangeLog
projects / thirdparty / squid.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Source Format Enforcement (#1439)
[thirdparty/squid.git] / ChangeLog
CommitLineData
b3fa2bcb
AJ		 1Changes in squid-6.1 (06 Jul 2023):
2
3 - Bug 5278: Log %err_code for "early" request handling errors
4 - Do not cache (and do not serve cached) cache manager responses
5 - Fix key equality comparison in LookupTable map
6 - Honor DNS RR TTLs larger than negative_dns_ttl
7 - ... and some documentation changes
8
e23389df
FC		 9Changes in squid-6.0.3 (05 Jun 2023):
10
11 - Bug 5148: Log %Ss of failed tunnels as TCP_TUNNEL
12 - Do not leak Security::CertErrors created in X509_verify_cert()
13 - Do not erase aborted StoreMap entries that are still being read
14 - Fix build in environments lacking syslog
15 - Fix build failures in some environments due to time_t type conflicts in libdebug
16 - Remove obsolete caddr_t
17 - ... and some documentation changes
18
2519a7b6
FC		 19Changes in squid-6.0.2 (30 Apr 2023):
20
21 - Avoid excessive disk I/O in some environments
22 - ... and several build and portability fixes
23 - ... and all fixes from 5.9
24
49193367 25Changes in squid-6.0.1 (28 Feb 2023):
552d1774
AJ		 26
27 - Bug 5256: Intercepting port fails to accept
28 - Bug 5241: Block all non-localhost requests by default
29 - Bug 5241: Block to-localhost, to-link-local requests by default
30 - Bug 5232: Fix GCC v12 build [-Wuse-after-free]
31 - Bug 5211: support.cc:355: "!filledCheck->sslErrors" assertion
32 - Bug 5194: Remove all unused debug sections
33 - Bug 5162: mgr:index URL do not produce MGR_INDEX template
34 - Bug 5129 pt1: remove Lock use from HttpRequestMethod
35 - Bug 5128: Translation: Fix % i typo in es/ERR_FORWARDING_DENIED
36 - Bug 5021: Add a script to fix spelling error with codespell
37 - Bug 4946: client_side_request.cc: "request != newRequest"
38 - Bug 4832: '!schemeAccess' assertion on exit
5afcde4d 39 - Bug 4572: squidclient: Remove deprecated cache_object:// support
552d1774
AJ		 40 - Bug 4528: ICAP transactions quit on async DNS lookups
41 - Add scripts/trace-context.pl: a debugging tool
42 - Remove cache_diff tool
43 - Remove membanger tool
44 - Remove pconn-banger tool
45 - Remove recv-announce tool
46 - Remove send-announce tool
47 - Remove tcp-banger* tools
48 - Remove ufsdump tool
49 - Remove support for Gopher protocol
50 - Remove support for unused libbsd
51 - Remove bundled GnuRegex library
52 - Remove CPU profiler mechanism
53 - Remove leakfinder (--enable-leakfinder)
54 - Remove --enable-kill-parent-hack
55 - Remove --disable-loadable-modules
56 - Remove unused/disabled/broken LEAK_CHECK_MODE code
57 - Remove SCO 3.2 support
58 - Remove m88k-specific support
59 - Remove NeXTSTEP support
60 - Remove HPUX compiler support
61 - Remove CBDATA debugging
62 - Require C++17
193ed125 63 - cachemgr.cgi: Remove deprecated cache_object:// support
552d1774
AJ		 64 - ext_kerberos_ldap_group_acl: Support -b with -D
65 - ext_lm_group_acl: Improved username handling
66 - negotiate_wrapper: ensure null-termination of strings
67 - pinger: Fix MAX_PKT{4,6}_SZ to account for icmpEchoData padding
68 - HTTP: Replaced X-Cache and X-Cache-Lookup headers with Cache-Status
69 - HTTP: Update Host, Via, and other headers in-place when possible
70 - HTTP: Update status code 413 compliance
71 - RFC 9110: Reject different HTTP requests with unusual framing
72 - RFC 9111: Stop treating Warning specially
73 - RFC 9113: update documentation references
74 - RFC 9218: Priority header registration
75 - SSL-Bump: Remove step2+ stare-and-splice and peek-and-bump support
76 - TLS: Do not send more than one self-signed certificate
77 - TLS: Sort CA certificates in tls-cert=bundle
78 - TLS: Preserve configured order of intermediate CA certificate chain
79 - WCCP: Validate packets better
80 - CI: Support "negative" squid-conf-tests
81 - CI: Maintenance: Support custom astyle versions
82 - CI: test-builds.sh: in case of error dump full log
83 - CI: Add --progress option to test-builds.sh
84 - CI: Change time_units test to also work on 32bit systems
85 - CI: Maintenance: Update astyle version to 3.1
86 - Add cache_log_message directive
87 - Add paranoid_hit_validation directive
88 - Add tls_key_log to report TLS communication secrets
89 - Add %busy_time logformat code
90 - Add %transport::>connection_id logformat code
91 - Add %request_attempts logformat code
92 - Warn about some bad from-helper annotations
93 - Ban acl key changes in req_header, rep_header, and note ACLs
94 - Optimize ephemeral port reuse with IP_BIND_ADDRESS_NO_PORT
95 - Honor httpd_suppress_version_string in more contexts
96 - Honor ftp_port worker-queues option
97 - Log early level-0/1 debugs() messages to cache_log
98 - Support reliable zeroing of sensitive buffers
99 - Do not overwrite caching bans
100 - Do not blame cache_peer for 4xx CONNECT responses
101 - Mimic GET reforwarding decisions when our CONNECT fails
102 - Discarded connections do not contribute to forward_max_tries
103 - Honor assertions during shutdown
104 - Do not stop listening after "ERROR: NAT/TPROXY lookup failed..."
105 - Do not skip problematic regexes in ACLs
106 - Improve coredump_dir on FreeBSD and Solaris based OS
107 - Avoid reverse DNS lookups when logformat %>A is unused
108 - BUG: Unexpected state while connecting to ... server
109 - Properly track (and mark) truncated store entries
110 - Support "file" syntax for 'squid_error' and 'has' ACL parameters
111 - Allow sending "squid -k ..." signals to PID 1
112 - Remove bogus "found KEY_PRIVATE" WARNINGs
113 - Avoid "BUG #3329: Lost orphan ..." during accept problems
114 - Report SMP store queues state (mgr:store_queues)
115 - Remove 8K limit for single access.log line
116 - Rename ./configure option --with-libxml2 to --with-xml2
117 - Rename ./configure option --with-libcap to --with-cap
118 - Match ./configure --help parameter names with their defaults
193ed125 119 - Remove broken -sha1 option from server_cert_fingerprint
552d1774
AJ		 120 - Fix typo in manager ACL
121 - Fix milliseconds in certain cache.log messages
122 - Fix ignore-cc/act-as-origin in wildcard split-stack ports
123 - Fix comm.cc:644: "address.port() != 0" assertion
124 - Fix StoreMap.cc "anchorAt(anchorId).reading()" assertions
125 - Fix double-free segmentation fault on shutdown
126 - Fix client_side_request.cc:2028 "request->method.id()" assertion
127 - Fix reconfiguration leaking tls-cert=... memory
128 - Fix X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY handling
129 - Fix "mem_obj->inmem_lo == 0" assertion in StoreEntry::swapOut()
130 - Fix TCP keepalive
131 - Fix SslBump reconfiguration leaking public key memory
132 - Fix socket accounting for TCP accept()
133 - ... and many documentation changes
134 - ... and much code cleanup and polishing
135 - ... and all fixes from 5.8
136
4a7431df
FC		 137Changes in squid-5.9 (30 Apr 2023):
138
139 - Improve reply_body_max_size matching accuracy
140 - ... and some documentation changes
141 - ... and many portability fixes
142
49193367
AJ		 143Changes in squid-5.8 (28 Feb 2023):
144
145 - Bug 5162: mgr:index URL do not produce MGR_INDEX template
146 - Bug 5241: Block all non-localhost requests by default
147 - Bug 5241: Block to-localhost, to-link-local requests by default
148 - ext_kerberos_ldap_group_acl: Support -b with -D
149 - Fix ACL type typo in req_header, rep_header key-changing ERRORs
150 - ... and several compile fixes
151 - ... and some code cleanup and polishing
152
911833fc
AJ		 153Changes in squid-5.7 (05 Sep 2022):
154
155 - Regression Fix: Typo in manager ACL
156 - Bug 5186: noteDestinationsEnd check failed: transportWait
157 - Bug 5160: Test suite fails with -flto=auto
158 - Bug 3193 pt2: NTLM decoder truncating strings
159 - Bug 5133: OpenSSL 3.0 support
160 - ext_session_acl: fix TDB key lookup
161 - forward_max_tries: Do not count discarded connections
162 - ... and many compile and debugging fixes
163
6f4bee9d
AJ		 164Changes in squid-5.6 (06 Jun 2022):
165
166 - Bug 5208: Part 1: Restart kids killed by SIGKILL
167 - Fix SQUID-MIB smilint errors
168 - negotiate_kerberos_auth: Initialise default_keytab
169 - Improve handling of Gopher responses
170 - ... and some semi-automated code polish
171
c40111e8
AJ		 172Changes in squid-5.5 (12 Apr 2022):
173
174 - Regression Bug 5192: esi_parser default is incorrect
175 - Bug 5177: clientca certificates sent to https_port clients
176 - Bug 5090: Must(!request->pinnedConnection()) violation
177 - Kid restart leads to persistent queue overflows, delays/timeouts
178 - Fix build on Illumos
179 - ESI: Drop incorrect and unnecessary xmlSetFeature() call
180
181Changes in squid-5.4.1 (12 Feb 2022):
b62df37f
AJ		 182
183 - Bug 5055: FATAL FwdState::noteDestinationsEnd exception: opening
184 - Fix FATAL ServiceRep::putConnection exception: theBusyConns > 0
185 - Fix ConnOpener orphan connection warnings when requester ends early
186 - Fix ConnOpener connection handling when sending negative answers
187 - Fix Comm::ConnOpener::cleanFd() debugging
188 - Fix ConnOpener callback's syncWithComm()
189 - Fix FwdState::advanceDestination() losing ERR_GATEWAY_FAILURE details
190 - Fix Tunneler handling of last-resort callback on premature job ending
191 - Fix PeerConnector handling of last-resort callback on premature job ending
192 - Fix FreeBSD 14 build
193 - Fix OpenBSD 7.0 build
194 - Add Comm::Connection::cloneDestinationDetails() debugging
195 - Improve Security::PeerConnector::serverConn and Http::Tunneler::connection management
196 - Refactor ConnOpener users to stop relying on the answer providing Comm::Connection
197 - Refactor ICAP connection-establishing code
198 - Polish PeerPoolMgr code
199 - Polish IDENT code
200 - Polish Gopher code
201 - Polished AsyncJob::Start() API
202 - ... and update code documentation
203
c40111e8 204Changes in squid-5.4 (07 Feb 2022):
4f019e78
AJ		 205
206 - Bug 5190: Preserve configured order of intermediate CA certificate chain
207 - Bug 5188: Fix reconfiguration leaking tls-cert=... memory
208 - Bug 5187: Properly track (and mark) truncated store entries
209 - Bug 5134: assertion failed: Transients.cc:221: "old == e"
210 - Bug 5132: Close the tunnel if to-server conn closes after client
211 - langpack: Fix typo in Russian texts
212 - copyright years and CONTRIBUTORS update
213
3bdbb995
AJ		 214Changes in squid-5.3 (06 Dec 2021):
215
216 - Bug 5169: StoreMap.cc:517 "!s.reading()" assertion
217 - Bug 5158: AnyP::Uri::host() mishandles [escaped] IPv6 addresses
218 - Bug 5060: Parallel builds are not reliable
219 - Documentation updates for logformat directive
220
04add666
AJ		 221Changes in squid-5.2 (03 Oct 2021):
222
223 - Bug 5164: a copy-paste typo in HttpHdrCc::hasMinFresh()
224 - Bug 4922: Improve ftp://... filename extraction
225 - TLS: Fix X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY handling
226 - ... and all fixes from 4.17
227
0c6f7c33
AJ		 228Changes in squid-5.1 (01 Aug 2021):
229
230 - Bug 4696: Fix leaky String move assignment operator
231 - Fix ACL-related reconfiguration memory leak
232 - Fix SSL-Bump reconfiguration leaking public key memory
233 - Fix build on RISC-V
234 - Fix build on Ubuntu 21.04
235
5ea861f5
AJ		 236Changes in squid-5.0.7 (04 Jul 2021):
237
238 - Fix a helper logging issues
239 - Fix some helper connection issues
240 - Cleanup: remove much unused code
241 - ... and all fixes from 4.16
242
5297c853
AJ		 243Changes in squid-5.0.6 (10 May 2021):
244
245 - Bug 5057: Generated response lacks status code
246 - TLS: Handling missing issuer certificates for TLSv1.3
247 - TLS: Detail certificate validation errors during TLS handshake
248 - TLS: Detail client closures of CONNECT tunnels during TLS handshake
249 - TLS: %ssl::<negotiated_version and %ssl::>negotiated_version for TLS/1.3
250 - HTTP: Allow 1xx and 204 responses with Transfer-Encoding headers
251 - Maintenance: Start following Inclusive Naming Initiative advice
252 - Maintenance: Sort source file lists in Makefiles
253 - Maintenance: Support plugin-style scripts for source format enforcement
254 - Cleanup: Deduplicating IPC strand messages
255 - ... and some compile and debugging fixes
256 - ... and all fixes from 4.15
257
5f37a71a
AJ		 258Changes in squid-5.0.5 (02 Feb 2021):
259
260 - HTTP: Do not send Connection:keep-alive/close in HTTP Upgrade requests
261 - Translations: Add es-mx dialect translation of error pages
262 - Fix missing port in request-target of CONNECT requests to peers
263 - Fix some warnings about client_lifetime timeout
264 - ... and several documentation updates
265 - ... and some debug improvements
266 - ... and all fixes from 4.14
267
76b18386
AJ		 268Changes in squid-5.0.4 (23 Aug 2020):
269
270 - Bug 5054: mark dns_v4_first as obsolete in cf.data.pre
271 - Bug 5048: ResolvedPeers.cc:35: "found != paths_.end()" assertion
272 - Reforward CONNECT after TLS handshake failure with peer
273 - Do not send keep-alive in 101 (Switching Protocols) responses
274 - Add http_port sslflags=CONDITIONAL_AUTH
275 - ... and several documentation changes
276 - ... and some compile fixes
277 - ... and all fixes from 4.13
278
5b0fbc71
AJ		 279Changes in squid-5.0.3 (05 Jun 2020):
280
281 - Bug 5046: FreeBSD lacks open(2) O_DSYNC flag
282 - Happy Eyeballs: Do not discard viable reforwarding destinations
283 - Reduced startup time with large rock cache_dirs
284 - Fix the ABA problem with Ipc::Mem::PageStack::pop() in v5.0.1
285 - Fix sending of unknown validation errors to certificate validator
286 - ... and several debug improvements
287 - ... and all fixes from 4.12
288
51f07c98
AJ		 289Changes in squid-5.0.2 (18 Apr 2020):
290
291 - Bug 5030: Negative responses are never cached
292 - Bug 4796: comm.cc !isOpen(conn->fd) assertion when rotating logs
293 - Support worker-dedicated listening queues (SO_REUSEPORT)
294 - High precision time units
295 - Ban reserved annotations in "note", "adaptation_meta" directives
296 - ESI: convert parse exceptions into 500 status response
297 - Fix PURGE error responses
298 - ... and several documentation changes
299 - ... and some compile fixes
5b0fbc71 300 - ... and all fixes from 4.11
51f07c98 301
755eac94
AJ		 302Changes in squid-5.0.1 (14 Jan 2020):
303
304 - Bug 4989: Leaking StoreEntry objects on Cache Digest rebuilds
305 - Bug 4912: same-name notes being appended instead of replaced
306 - Bug 4864: !Comm::MonitorsRead assertion in maybeReadVirginBody()
307 - Bug 4579: cannot hit an entry being written by another worker
308 - ICAP: Initial support for trailers
309 - Add auth_schemes to control schemes presence and order in 401s/407s
310 - Make CONNECT ACL a built-in default
311 - Remove USE_CHUNKEDMEMPOOLS compiler flag
312 - Two new ACLs implemented: annotate_transaction and annotate_client
313 - Add response delay pools feature for Squid-to-client speed limiting
314 - QA: allow test-suite to be run without a full build
315 - Happy Eyeballs: Use each fully resolved forwarding destination ASAP
316 - Support selective CF: collapsed_forwarding_access
317 - Reworked packet/connection marking
318 - Add new deny_info %A macro
319 - Identify collapsed transactions
320 - Add sample Kerberos group authentication external_acl helper
321 - Optimization: Fewer memory (re)allocations for HTTP headers
322 - Add TrivialDB support
323 - Do not send Content-Length in 1xx or 204 responses
324 - negotiate_kerberos_auth: fix memory leaks
325 - ntlm_fake_auth: add ability to test delayed responses
326 - Add %ssl::<cert macro for logging server X.509 certificate
327 - Reuse reserved Negotiate and NTLM helpers after an idle timeout
328 - Log PROXY protocol v2 TLVs
329 - Support logformat %codes in error page templates
330 - Fix incremental parsing of chunked quoted extensions
331 - Peering support for SslBump
332 - RFC 8586: Loop Detection in Content Delivery Networks
333 - Prevent TLS transaction stalls by preserving flags.read_pending
334 - Fix "BUG: Lost previously bumped from-Squid connection"
335 - Add %master_xaction logformat code
336 - Log "-" instead of the made-up method "NONE"
337 - Add GeneratingCONNECT step for the existing at_step ACL
338 - Report context of level-0/1 cache.log messages
339 - Re-enabled updates of stored headers on HTTP 304 responses
340 - Translations: Fix grammatical error in French error pages
341 - Smarter auth_param utf8 handling, including CP1251 support
342 - Fix rock disk entry contamination related to aborted swapouts
343 - Send HTTP/500 (Internal Server Error) when lacking peers
344 - Fix prohibitively slow search for new SMP shm pages
345 - Centralized PagePool/PageStack ID generation
346 - ... and many documentation changes
347 - ... and much code cleanup and polishing
5b0fbc71
AJ		 348 - ... and all fixes from 4.10
349
04add666
AJ		 350Changes in squid-4.17 (03 Oct 2021):
351
352 - WCCP: Validate packets better
353
5ea861f5
AJ		 354Changes in squid-4.16 (04 Jul 2021):
355
356 - Regression Fix: --with-valgrind-debug build broken since 4.15
357 - Bug 5129 pt1: remove Lock use from HttpRequestMethod
358 - Bug 5128: Translation: Fix '% i' typo in es/ERR_FORWARDING_DENIED
359 - Bug 4528: ICAP transactions quit on async DNS lookups
360
5297c853
AJ		 361Changes in squid-4.15 (10 May 2021):
362
363 - Bug 5112: Excessively loud chunked reply parsing error reporting
364 - Bug 5106: Broken cache manager URL parsing
365 - Bug 5104: Memory leak in RFC 2169 response parsing
366 - Bug 3556: "FD ... is not an open socket" for accept() problems
367 - Profiling: CPU timing implemented for MAC non-x86
368 - Fix HttpHeaderStats definition to include hoErrorDetail
369 - Fix Squid-to-client write_timeout triggers client_lifetime timeout
370 - Limit HeaderLookupTable_t::lookup() to BadHdr and specific IDs
371 - Handle more Range requests
372 - Handle more partial responses
373 - Stop processing a response if the Store entry is gone
374 - ... and some portability fixes
375 - ... and some documentation updates
376
5f37a71a
AJ		 377Changes in squid-4.14 (02 Feb 2021):
378
379 - Regression Fix: support for non-lowercase Transfer-Encoding value
380 - Regression Fix: cachemgr.cgi wrong 403 response to authenticated menu URIs
381 - Bug 5076: WCCP Security Info incorrect
382 - Bug 5073: Compile error: index was not declared in this scope
383 - Bug 5065: url_rewrite_program documentation update
384 - Bug 3074 pt2: improved handling of URI paths implicit '/'
385 - Fix transactions exceeding client_lifetime logged as _ABORTED
386
76b18386
AJ		 387Changes to squid-4.13 (23 Aug 2020):
388
389 - Regression Fix: Support parsing GREASEd (and future) TLS handshakes
390 - Bug 5051: Some collapsed revalidation responses never expire
391 - HTTP: Enforce token characters for field-name
392 - HTTP: Forbid obs-fold and bare CR whitespace in framing header fields
393 - HTTP: Improve Transfer-Encoding handling
394 - WCCP: Fix GCC-10 -Wstringop-truncation failures
395 - Honor on_unsupported_protocol for intercepted https_port
396 - Fix livelocking in peerDigestHandleReply
397 - Do not stall while debugging a scan of an empty store_table
398
5b0fbc71
AJ		 399Changes to squid-4.12 (05 Jun 2020):
400
401 - Regression Fix: Revert to slow search for new SMP shm pages
402 - Bug 5045: ext_edirectory_userip_acl is missing include files
403 - Bug 5041: Missing Debug::Extra breaks build on hosts with systemd
404 - Bug 5030: Negative responses are never cached
405 - HTTP: validate Content-Length value prefix
406 - HTTP: add flexible RFC 3986 URI encoder
407 - SslBump: disable OpenSSL TLSv1.3 support for older TLS traffic
408 - Tests: Support passing a custom config.cache to test builds
409 - Fix IPFilter IPv6 detection, especially on NetBSD
410 - Fix stall if transaction overwrites a recently active cache entry
411 - ... and some compile fixes
755eac94 412
51f07c98
AJ		 413Changes to squid-4.11 (18 Apr 2020):
414
415 - Bug 5036: capital 'L's in logs when daemon queue overflows
416 - Bug 5022: Reconfigure kills Coordinator in SMP+ufs configurations
417 - Bug 5016: systemd thinks Squid is ready before Squid listens
418 - kerberos_ldap_group: fix encryption type for cross realm check
419 - HTTP: Ignore malformed Host header in intercept and reverse proxy mode
420 - Fix Digest authentication nonce handling
421 - Supply ALE to request_header_add/reply_header_add
422 - ... and some documentation updates
423 - ... and some compile fixes
424
755eac94
AJ		 425Changes to squid-4.10 (14 Jan 2020):
426
427 - Bug 5009: Build failure with older clang libc++
428 - Bug 5008: SIGBUS in PagePool::level() with custom rock slot size
429 - Bug 5007: Docs: Fix max_filedescriptors description
430 - Bug 4735: Truncated chunked responses cached as whole
431 - ext_lm_group_acl: Improved username handling
432 - Fix FTP buffers handling
433 - Fix shared memory size calculation on 64-bit systems
434 - Fix server_cert_fingerprint on cert validator-reported errors
435 - Fix request URL generation in reverse proxy configurations
436 - ... and several documentation updates
437 - ... and several compile fixes
438
47f1e147
AJ		 439Changes to squid-4.9 (05 Nov 2019):
440
441 - Bug 4978: eCAP crash after using MyHost().newRequest()
442 - Bug 4970: excessive gnutls_certificate_credentials debug msgs
443 - Bug 4969: GCC-9 build failure: stringop-truncation
444 - Bug 4966: Lower cache_peer hostname
445 - Bug 4918: Crashes when using OpenSSL prior to v1.0.2
446 - TLS: Fix parsing of certificate validator responses
447 - TLS: Fix parsing of TLS messages that span multiple records
448 - TLS: Fix on_unsupported_protocol tunnel action
449 - TLS: Fix expiration of self-signed generated certs to be 3 years
450 - HTTP: Ignore malformed Host header in intercept and reverse proxy mode
451 - HTTP: RFC 7230: server MUST reject messages with BWS after field-name
452 - HTTP: Fix URN response handling
453 - HTTP: Hash Digest noncedata
454 - Update URI parser to use SBuf parsing APIs
455 - Prevent truncation for large origin-relative domains
456 - Fix several rock cache_dir corruption issues
457 - Debug detail validation errors for loaded-from-file certificate chains
458 - smblib: Improve SMB server name maintenance
459 - cachemgr.cgi: Add validation for hostname parameter
460 - ... and several compile issues
461 - ... and some documentation updates
462
b339d00c
AJ		 463Changes to squid-4.8 (09 Jul 2019):
464
465 - Bug 4957: Multiple XSS issues in cachemgr.cgi
466 - Bug 4953: to_localhost does not include ::
467 - Bug 4937: cachemgr.cgi: unallocated memory access
468 - Bug 4936: terminating c-strings beyond BASE64_DECODE_LENGTH
469 - Bug 4889: Ignore ECONNABORTED in accept(2)
470 - Bug 4842: Memory leak when http_reply_access uses external_acl
471 - TLS: Fix tls-min-version= being ignored
472 - TLS: Add the NO_TLSv1_3 option to available tls-options values
473 - HTTP: RFC 7230 forbids generation of userinfo subcomponent of https URL
474 - HTTP: Remove userinfo support from old protocols
475 - HTTP: Fix Digest auth parameter parsing
476 - HTTP: Send Connection:close with the known-last request on a connection
477 - HTTP: Fix handling of tiny invalid responses
478 - Replace uudecode with libnettle base64 decoder
479 - Update HttpHeader::getAuth to SBuf
480 - ... and some compile issues
481
b3cc78d3
AJ		 482Changes to squid-4.7 (06 May 2019):
483
484 - Bug 4942: --with-filedescriptors does not do anything
485 - Bug 4928: Cannot convert non-IPv4 to IPv4
486 - Bug 4823: assertion failed: "lowestOffset () <= target_offset"
487 - Bug 4796: comm.cc !isOpen(conn->fd) assertion when rotating logs
488 - Fix squidclient authentication to origin servers
489 - Fix stack-based buffer-overflow when parsing SNMP messages
490 - Add support for buffer-size= to UDP logging
491 - TLS: When using OpenSSL, trust intermediate CAs from trusted store
492
b339d00c 493Changes to squid-4.6 (19 Feb 2019):
2e11c9c2
AJ		 494
495 - Bug 4915: Detect IPv6 loopback binding errors
496 - Bug 4914: Do not call setsid() in --foreground mode
497 - Bug 4875 pt2: GCC-8 compile errors with -O3 optimization
498 - Bug 4856: Exit when GoIntoBackground() fork() call fails
499 - basic_ldap_auth: Return BH on internal errors; polished messages
500 - Fix BodyPipe/Sink memory leaks associated with auto-consumption
501 - Fix OpenSSL builds that define OPENSSL_NO_ENGINE
502 - Fix several cases of rock cache corruption
503 - Add Georgian (ka) language translation
504
6f405e99
AJ		 505Changes to squid-4.5 (01 Jan 2019):
506
507 - Bug 4253: ssl_bump prevents access to some web contents
508 - TLS: add %>handshake logformat code
509 - Redesign forward_max_tries to count TCP connection attempts
510 - Fix client_connection_mark ACL handling of clientless transactions
511 - Fix netdb exchange with a TLS cache_peer
512 - Update netdb when tunneling requests
513 - Use pkg-config for detecting libxml2
514 - ... and some documentation updates
515 - ... and some code compile fixes
516
517Changes to squid-4.4 (28 Oct 2018):
011c7156
AJ		 518
519 - Bug 4893: Malformed %>ru URIs for CONNECT requests
520 - Fix %USER_CA_CERT_xx and %USER_CERT_xx crashes
521 - SSL: support compilation with minimal OpenSSL
522 - SSL: certificate fields injection via %D in ERR_SECURE_CONNECT_FAIL
523 - Fix netdb not saving to disk
524 - Fix memory leak when parsing SNMP packet
525 - ... and some compile issues
526
bc535d91
AJ		 527Changes to squid-4.3 (01 Oct 2018):
528
529 - Bug 4885: Excessive memory usage when running out of descriptors
530 - Bug 4877: Add missing text about external_acl_type %DATA changes
531 - Bug 4875 pt1: GCC-8 compile errors with -O3 optimization
532 - Bug 4716: Blank lines in cachemgr.conf are not skipped
533 - Bug 4691: balance_on_multiple_ip config option docs
534 - basic_pop3_auth: fix startup errors
535 - langpack: Add missing dialect aliases
536 - Fix range_offset_limit debugging
537 - Fix icc build errors
538 - Update systemd dependencies in squid.service
539
2c7246f7
AJ		 540Changes to squid-4.2 (04 Aug 2018):
541
542 - Regression fix: support for https_port clientca= option
543 - Regression Bug 4870: milliseconds logformats prepend 0s instead of spaces
544 - Bug 4861: HTTPMSGLOCK missing pointer safety
545 - Bug 4843 pt3: GCC-8 fixes and refactoring
546 - HTTP: Do not update stored headers on 304 responses
547 - Fix segmentation fault on -k parse
548 - Fix %>ru logging of huge URLs
549 - ... and several performance optimizations
550 - ... and some documentation updates
551 - ... and all fixes from 3.5.28
552
3cd71470
AJ		 553Changes to squid-4.1 (02 Jul 2018):
554
555 - Bug 4223: fixed retries of failed re-forwardable transactions
556 - Bug 4791: Build failure on MacOS
557 - Fix --with-netfilter-conntrack error message
558 - ... and many documentation updates
559
b5391492
AJ		 560Changes to squid-4.0.25 (11 Jun 2018):
561
562 - Regression Bug 4855: querying private entries for HTCP/ICP
563 - Regression Bug 4852: deny_info %R macro not being expanded
564 - Regression Bug 4847: proxy_auth ACL -i/+i flags not working
565 - Regression Bug 4831: filter chain certificates for validity when loading
566 - Regression fix: Transient reader locking broken in 4.0.24
567 - Bug 4845: NegotiateSsl crash on aborting transaction
568 - Bug 4843 pt1: ext_edirectory_userip_acl refactoring for GCC-8
569 - Bug 4843 pt2: squidclient refactoring for GCC-8
570 - Bug 4829: IPC shared memory leaks when disker queue overflows
571 - Bug 4828: Use feature detection for IPFilter API/ABI checks
572 - Bug 4816: update negotiate_kerberos_auth helper protocol to v3.4
573 - Bug 4811: supply AccessLogEntry (ALE) for more fast ACL checks
574 - Bug 4707: purge tool does not obey --sysconfdir= build option
575 - Bug 4171: checking for log_file_daemon despite disabling logging
576 - Bug 4042: ext_kerberos_ldap_group: add -P principal option
577 - TLS: avoid "ssl_crtd" assertions on reconfiguration
578 - Add timestamps to (most) FATAL messages
579 - Add "--kid role-ID" command line option
580 - ... and many documentation updates
581
2db9989c
AJ		 582Changes to squid-4.0.24 (07 Mar 2018):
583
584 - Bug 4822: Build failure (-Wformat) where time_t is not long int
585 - Bug 4505: SMP caches sometimes do not purge entries
586 - TLS: GnuTLS implementation for listening ports and client connections
587 - TPROXY: Fix clientside_mark and client port logging
588 - Native FTP: Fix "Cannot assign requested address" with TPROXY
589 - SSL-Bump: Fix authentication with types other than Basic
590 - ... and many small compile and stability fixes
591 - ... and some documentation fixes
592
f1dfef29 593Changes to squid-4.0.23 (19 Jan 2018):
594
595 - Bug 4715: security_file_certgen: Remove -g and -n options docs
596 - Bug 4679: User names not sent to url_rewrite_program
597 - Bug 4631: security_file_certgen helper without disk cache
598 - Bug 3911: clang -fsanitize warnings
599 - Bug 2378: Duplicates in selected peer destinations
600 - Nettle v3.4 support
601 - Fix Squid FTP server dying because of an unhandled exception
602 - Automatically revive hopeless kids on reconfigure and after a timeout
603 - Fix %<Hs, %<pt, %<tt, %<bs calculation bugs for error responses
604 - ... and many documentation updates
605 - ... and some stability fixes
606
96e628ec 607Changes to squid-4.0.22 (07 Dec 2017):
608
609 - Regression fix: Relay peer CONNECT error status line and headers to clients
610 - Bug 4767: SMP breaks IPv6 SNMP and cache manager queries
611 - Bug 4718: support filling raw buffer space of shared SBufs
612 - Bug 4648: object revalidation for HTTPS scheme
613 - Bug 4616: store_client.cc:92: "mem" assertion
614 - Bug 2821: ignore Content-Range in non-206 responses
615 - HTCP: Ignore packets with invalid URI
616 - TLS: Validate the shortest certificate chain
617 - TLS: Add checks for OpenSSL 1.1.0f API changes
618 - TLS: Fix reporting of validation errors for downloaded intermediate certs
619 - TLS: Fix SSL certificate cache refresh and collision handling
620 - Fix backwards compatibility for Squid-3.5 external_acl_type formats
621 - Fix invalid mime icon URLs in cache
622 - Do not die silently when dying early
623 - Docs: update translation files
624
b008ed2e
AJ		 625Changes to squid-4.0.21 (02 Jul 2017):
626
627 - Bug 4730: segfault while processing internal HTTP requests
628 - Bug 4492: Chunk extension parser is too pedantic
629 - Bug 1961: Redesign urlParse() API
630 - TLS: recognise tls:: namespace on logformat tokens
631 - SSL-Bump: tproxy does not spoof spliced connections
632 - security_file_certgen: collapse queued requests
633 - Add a basic apparmour profile
634 - Add transaction_initiator ACL for detecting various unusual transactions
635 - Add ssl::server_name options to control matching logic
636 - Support for --long-acl-options
637 - Do not die silently when dying via std::terminate()
638 - Fix option --foreground to implement expected behavior
639 - Translations: update .po and .pot to latest texts
640 - ... and some documentation updates
641 - ... and many code cleanup and stability fixes
642 - ... and all fixes from 3.5.27
643
ef396425
AJ		 644Changes to squid-4.0.20 (01 Jun 2017):
645
96e628ec 646 - Bug 4692: SslBump breaks intercepted IPv6 connections
647 - Bug 4682: ignoring http_access deny when client-first bumping mode is used
648 - Bug 4662: build errors with LibreSSL 2.4.4
649 - Bug 4659: sslproxy_foreign_intermediate_certs does not work
650 - Bug 4321: ssl_bump terminate does not terminate at step1
ef396425
AJ		 651 - Add 'has' ACL
652 - Do not forward HTTP requests to dead idle peers
653 - Do not unconditionally revive dead peers after a DNS refresh
654 - Make PID file check/creation atomic to avoid associated race conditions
655 - Count failures and use peer-specific connect timeouts when tunneling
656 - SSL-Bump: Fix crashes when server-first bumping mode is used with openSSL-1.1.0
657 - eCAP: Fix empty header handling in Ecap::HeaderRep::hasAny()
658 - SSL-Bump: Second adaptation missing for CONNECTs
659 - ext_session_acl: cope with new logformat inputs
660 - ... and some documentation updates
661 - ... and some code stability fixes
b008ed2e 662 - ... and all fixes from 3.5.26
ef396425 663
7b84ebcc
AJ		 664Changes to squid-4.0.19 (02 Apr 2017):
665
666 - Bug 4674: delay_parameters for class 3 and 4 assertion failed
667 - Bug 4671: GCC 7 compile errors
668 - Bug 4663: GCC 5+ compile errors with optimization level -O3
669 - Bug 4657: delay IDENT until after PROXY protocol handling
670 - Bug 4610: cleanup of BerkleyDB related checks
671 - squidclient: Fix missing error handling on PUT
672 - digest_ldap_auth: Add -r option to clamp the realm to a fixed value
673 - TLS: initial GnuTLS support for encrypted server connections
674 - Fix appending Http::HdrType::VIA code
675 - Fix URI scheme case-sensitivity treatment
676 - Fix two read-ahead problems related to delay pools (or lack thereof)
677 - Detail swapfile header inconsistencies
678 - ... and several build fixes
679 - ... and many code polishing updates
680 - ... and all fixes from 3.5.25
681
8527bed1
AJ		 682Changes to squid-4.0.18 (06 Feb 2017):
683
684 - Bug 4661: compile error 'warning: _XPG4_2 redefined' with GCC on Solaris 10
685 - Bug 4636: assertion 'byteCount > 0 && byteCount <= inBuf.length()'
686 - Bug 4610 partial: compile errors on Solaris 11.3 with Oracle Studio 12.5
687 - Bug 4599: support OpenSSL 1.1
688 - squidclient: link GnuTLS library debugs to -v level display
689 - Fix GCC6: unused local variable 'weInitiatedThisClosure'
690 - ... and some code polishing
691 - ... and some copyright updates
692 - ... and all fixes from 3.5.24
693
a2eb97b4 694Changes to squid-4.0.17 (16 Dec 2016):
6f4a12cf
AJ		 695
696 - Bug 4630: user credentials cache cleanup not re-scheduled
697 - Bug 4610 partial: compile errors on Solaris 11.3 with Oracle Studio 12.5
698 - Bug 4599 partial: initial support for OpenSSL v1.1
699 - TLS: Support tunneling of bumped non-HTTP traffic
700 - ... and many code polishing and performance updates
701 - ... and some documentation updates
702 - ... and some fixes from 3.5.23
703
6276f56c
AJ		 704Changes to squid-4.0.16 (30 Oct 2016):
705
706 - Avoid segfaults when lacking the server name for certificate validator
707 - HTTP: initial support for Cache-Control:immutable
708 - Fix ssl::server_name ACL
709 - ... and many code polishing updates
710 - ... and some fixes from 3.5.23
711
d710ff25
AJ		 712Changes to squid-4.0.15 (09 Oct 2016):
713
714 - Regression fix crash on reconfigure with TOS/DiffServ/MARK configured
715 - Bug 4610: compile errors on Solaris 11.3 with Oracle Studio 12.5
716 - Bug 4581: Secure ICAP segfault in checkForMissingCertificates
717 - Bug 4578: changes required to install squid.service
718 - Fix crash on shutdown while cleaning up idle ICAP connections
719 - Fix memory leak of Downloader-related objects
720 - HTTP/1.1: handle syntactically valid requests with unsupported HTTP versions
721 - Log TCP client port for error:transaction-end-before-headers and such
722 - ... and many portability and build fixes
723 - ... and some documentation updates
724 - ... and all fixes from 3.5.22
725
f6791433
AJ		 726Changes to squid-4.0.14 (08 Sep 2016):
727
728 - Regression Bug 4570: crash after rev.14755
729 - Regression Bug 4561: Replace use of default move operators with explicit implementation
730 - Bug 4503: Do not access-log SslBump-faked CONNECTs with _ABORTED suffixes
731 - Bug 4404: Do not access-log chunked non-persistent responses with _ABORTED suffix
732 - Fix crashes on shutdown while cleaning up idle ICAP connections
733 - Fix logformat unable to configure codes with /-escape
734 - HTTP: MUST respond with 414 (URI Too Long) when request-target exceeds limits
735 - HTTP: validate Content-Length header values
736 - Make Squid death due to overloaded helpers optional
737 - Better support for unknown URL schemes
738 - Do not log error:transaction-end-before-headers after invalid requests
739 - ... and many portability and build fixes
740 - ... and some documentation updates
d710ff25 741 - ... and all fixes from 3.5.21
f6791433 742
7566fb7e
AJ		 743Changes to squid-4.0.13 (05 Aug 2016):
744
745 - Regression Bug 4540: revert r14720 buffer update
746 - Bug 4555: Minor improvements to error pages CSS
747 - Bug 4551: fix exceptions in new chunked decoder
748 - Bug 4311: support collapse for internal revalidation requests (SMP-unaware caches)
749 - Fix Certificate Validator buffer-overflow crashes Squid
750 - Fix some failed transactions not being logged
751 - Fix segfault via Ftp::Client::readControlReply().
752 - basic_db_auth: add support for unsalted SHA1 passwords
753 - kerberos_ldap_group: add support for SSL/TLS connection to an LDAP server
754 - TLS: Add missing 'tls' option for cache_peer
755 - TLS: Do not hang when 'connector' fails
756 - TLS: Add support for fetching missing certificates
757 - Remove XSTD_USE_LIBLTDL, which has not been needed in a long while
758 - ... and many code polishing updates
759 - ... and some documentation updates
760
267a742e
AJ		 761Changes to squid-4.0.12 (01 Jul 2016):
762
763 - Regression Fix: shell issues with require_smblib definition
764 - Regression Bug 4532: pid_filename not working as documented
765 - Regression Bug 4504: Too many WARNING: Ignoring error setting CA certificate locations
766 - Bug 4516: security_file_certgen man page update
767 - Bug 4446: undefined reference to 'libecap::Name::Name'
768 - Bug 4376: clang cannot build Squid eCAP code
769 - HTTP/1.1: Update all stored headers on 304 revalidation
770 - TLS: Authority Key Identifier certificate extension
771 - Add a script to find kid-specific cache.log lines
772 - Cleanup cppunit detection and use
773 - ... and several performance improvements
774 - ... and some unit test updates
775 - ... and all fixes from 3.5.20
776
c17f835b
AJ		 777Changes to squid-4.0.11 (09 Jun 2016):
778
779 - Bug 4517: error: comparison between signed and unsigned integer
780 - Bug 4492: chunked parser needs to accept BWS after chunk size
781 - HTTP/1.1: allow chunking the last HTTP response on a connection
782 - HTTP/1.1: unfold mime header blocks
783 - TLS: fast SNI peek
784 - TLS: check for SSL_CIPHER_get_id() support required in adjustSSL()
785 - TLS: never enable OPENSSL_HELLO_OVERWRITE_HACK automatically
786 - squidclient: improve shell-escape support in -H option
787 - Do not allow low-level debugging to hide important/critical messages
788 - Replace new/delete operators using modern C++ rules
789 - Remove ie_refresh configuration option
790 - Deprecating SMB LanMan helpers
791 - Mark refresh-waiting transactions with REFRESH
792 - ... and some code cleanup and polishing
793
25e7b074
AJ		 794Changes to squid-4.0.10 (06 May 2016):
795
796 - Accumulate fewer unknown-size responses to avoid overwhelming disks.
797 - Fix shared memory corruption when storing multi-slot (>32KB) shm misses.
798 - ... and some documentation and code cleanup
799 - ... and all fixes from 3.5.18
800
2dae5986
AJ		 801Changes to squid-4.0.9 (20 Apr 2016):
802
25e7b074 803 - Bug 4405: assertion failed: comm.cc:554: "Comm::IsConnOpen(conn)"
2dae5986
AJ		 804 - Add a new error page token for unquoted external ACL messages.
805 - Stop parsing response prefix after discovering an "HTTP/0.9" response.
806 - ... and some documentation updates
807 - ... and some code polishing
808 - ... and all fixes from 3.5.17
809
b1e01a62
AJ		 810Changes to squid-4.0.8 (02 Apr 2016):
811
812 - Bug 4459: FHS compliance: move netdb.state and ssl_db to /var/cache/squid
813 - Bug 4458: Behaviour change with external ACL arguments
814 - Bug 4450: wait() related cleanup
815 - Bug 4438: SIGSEGV in memFreeString() destructing SBuf globals on shutdown/restart
816 - Bug 4312: Support disabling collapsed forwarding SMP cooperation
817 - Bug 3826: SMP compatibility with systemd and --foreground option
818 - Bug 1979: Add ACL-driven server_pconn_for_nonretriable squid.conf directive
819 - Bug 7 (partial): Update cached entries on 304 responses
820 - Add reply_header_add directive
821 - HTTP/1.1: Do not prohibit updating Last-Modified on 304 responses
822 - Fix memory leaks of lastAclData and AccessLogentry::url
823 - Fix clang -Winconsistent-missing-override warning
824 - Tests: update test suite for GnuTLS
825 - ... and some documentation updates
826 - ... and some code cleanup and polishing
97f9388a 827 - ... and all fixes from squid 3.5.16
b1e01a62 828
81bf66f8
AJ		 829Changes to squid-4.0.7 (23 Feb 2016):
830
831 - Regression Fix: external_acl parameters separated by %20 instead of space
832 - Bug 4432: assertion failed: store.cc:1919: "isEmpty()"
833 - Bug 4111: leave_suid() does not properly handle error codes returned by setuid
834 - Fix propagation of response status line parsing error details
835 - Fix memory leak when the cache of sslcrtvalidator_program is disabled via ttl=0
836 - ... and some code SourceLayout project cleaning
837 - ... and all fixes from squid 3.5.15
838
4e071e97
AJ		 839Changes to squid-4.0.6 (16 Feb 2016):
840
841 - Regression Bug 4436: Fix DEFAULT_SSL_CRTD
842 - Fix "dial: Ssl::PeerConnector::sslCrtvdHandleReply threw exception: callback != NULL"
4e071e97
AJ		 843 - ... and some documentation updates
844 - ... and all fixes from squid 3.5.14
845
ff87fda5
AJ		 846Changes to squid-4.0.5 (09 Feb 2016):
847
848 - Regression Bug 4429: http(s)_port options= error message missing characters
849 - Regression Bug 4410: 4.0.4 compile error in basic_ncsa_auth
850 - Regression Bug 4403: helper compile errors after 4.0.4 rev.14454
851 - Regression Bug 4401: compile error on Solaris
852 - Regression Fix: TLS/SSL flags parsing
853 - Regression Fix: cert validadator always disabled in 4.x
854 - Regression Fix: Name-only note ACL stopped matching after 4.0.4 rev.14465 (note -m)
855 - Regression Fix: external_acl problems after 4.0.1 rev.14351
856 - Bug 4409 (partial): compile error when two Heimdal libraries are installed
857 - Bug 4005: Dynamic certificate cache exceeds dynamic_cert_mem_cache_size
858 - SMP: Fix cleanup of a shared memory segment in an unusual configuration
859 - SSL-Bump: Fix step3 splicing.
860 - Add connections_encrypted ACL
861 - Make %<a and %<p details available to [eCAP] RESPMOD services
862 - Rename cert_valid.pl to security_fake_certverify
863 - Rename ssl_crtd helper to security_file_certgen
864 - ... and a lot of code SourceLayout project cleaning
865 - ... and some documentation updates
866 - ... and all fixes from squid 3.5.13 up to rev.13979
867
0461fde7
AJ		 868Changes to squid-4.0.4 (06 Jan 2016):
869
78121f9a
AJ		 870 - Regression Bug 4393: compile fails on OS X
871 - Bug 4392: assertion CbcPointer.h:159: 'c' via tunnelServerClosed or tunnelClientClosed
0461fde7
AJ		 872 - Support use of Kerberos credentials cache instead of keytab
873 - Support logging of TLS Cryptography Parameters
874 - Support substring matching in Note ACL
875 - ... and some code cleanup and polishing
876 - ... and all fixes from squid 3.5.13
877
bf7891f2
AJ		 878Changes to squid-4.0.3 (28 Nov 2015):
879
880 - Bug 4372: missing template files
881 - Bug 4371: compile errors: no such file or directory: DiskIO/*/*DiskIOModule.o
882 - Bug 4368: A simpler and more robust HTTP request line parser
883 - Fix compile erorr on clang undefined reference to '__atomic_load_8'
884 - ext_kerberos_ldap_group_acl: Add missing workarounds for Heimdal Kerberos
885 - ext_ldap_group_acl: Allow unlimited LDAP search filter
886 - ext_unix_group_acl: Support -r parameter to strip @REALM from usernames
887 - ... and much code cleanup and polishing
0461fde7 888 - ... and all fixes from squid 3.5.12
bf7891f2 889
0b475d3f
AJ		 890Changes to squid-4.0.2 (01 Nov 2015):
891
892 - Regression Bug 4351: compile errors when authentication modules disabled
893 - Regression fix: HTTP/1.1 Transfer-Encoding:chunked parsing
894 - Bug 4359: assertion failure 'Comm::IsConnOpen(conn)' within ConnStateData::requestTimeout
895 - Bug 4356: segmentation fault using proxy_auth ACL
896 - Bug 4352: compile errors in OS X 10.11
897 - Bug 4021: ext_user_regex does exact match
898 - Bug 3574: avoid crashes, prohibit reconfiguration during shutdown
899 - Support re-assigning delay pools based on HTTP reply details
900 - ... and all fixes from squid 3.5.11
901
1243ec71
AJ		 902Changes to squid-4.0.1 (14 Oct 2015):
903
904 - Bug 4329: GCC 5.2 no known conversion for argument
905 - Bug 4292: negotiate_wrapper: Unreleased Resources
906 - Bug 4269: ignore-must-revalidate broken
907 - Bug 4190: assertion 'hash_remove_link' from Auth::User::cacheCleanup
908 - Bug 3920: Splay::remove() reference counting inconsistent
909 - Bug 3069: CONNECT method bytes sent logging
910 - Bug 2741 partial: libsecurity API for GnuTLS support
911 - Bug 1961 partial: redesign of URL handling
912 - Fix crash when parsing invalid squid.conf
913 - Fix eCAP: Return 'unknown body size' for bodies with unknown body sizes
914 - Remove unused OS detection: Sun, SysV, Ultrix, BSDi
915 - Remove cache_peer_domain directive
916 - RFC 6176 compliance: Remove SSLv2 support
917 - HTTP/1.1: Remove refresh_pattern ignore-auth and ignore-must-revalidate
918 - Remove GCC 2.x and 3.x detection and support
919 - C++11 compiler support is now mandatory
920 - Enable flexible transport protocol
921 - Enable long (--foo) command line parameters on squid binary
922 - Add per-rule refresh_pattern matching statistics
923 - Replace sslversion=N with tls-min-version=1.N
924 - Replace sslproxy_* directives with tls_outgoing_options
925 - Replace GNU atomics and related hacks with C++11 std::atomic
926 - Replace external_acl_type format %macros with logformat codes
1243ec71
AJ		 927 - Support Secure ICAP services
928 - Support rotate=N option on access_log
929 - Support bypass for non-HTTP intercepted traffic (on_unsupported_protocol)
930 - Support lifetime timeout for persistent connections (pconn_lifetime)
931 - Support timeout for URL-rewrite helper lookups (url_rewrite_timeout)
932 - Support logging fast things (nanosecond log resolution)
933 - Support ICAP/eCAP adaptation for 100-continue responses
934 - Support configurable helper queue size, with consistent defaults
935 and better overflow handling.
936 - Support named service PID file by default (pid_filename)
937 - url_lfs_rewrite: Add URL-rewriter based on local file existence
938 - negotiate_kerberos_auth: output group= kv-pair
939 - helper-mux: add man(8) page
940 - purge: convert README to man(1) page
941 - basic_msnt_multi_domain_auth: Superceeded by basic_smb_lm_auth
942 - basic_sspi_auth: fix MinGW compile errors
943 - negotiate_sspi_auth: fix various build errors
944 - Crypto-NG: libnettle Base64 algorithm support
945 - Parser-NG: HTTP Parser structural redesign
946 - libltdl: copyright updated to LGPL version 2.1
947 - ... and several performance optimizations
948 - ... and many documentation changes
949 - ... and much code cleanup and polishing
950
1c8fc2a2
AJ		 951Changes to squid-3.5.28 (15 Jul 2018):
952
953 - SQUID-2018:1: crash processing SSL-Bumped traffic containing ESI
954 - SQUID-2018:2: crash handling responses to internally generated requests
955 - SQUID-2018:3 / CVE-2018-1172: crash in ESI Response processing
956 - Bug 4861: HTTPMSGLOCK missing pointer safety
957 - Bug 4829: IPC shared memory leaks when disker queue overflows
958 - Bug 4767: SMP breaks IPv6 SNMP and cache manager queries
959 - Bug 2821: Ignore Content-Range in non-206 responses
960 - HTCP: Ignore HTCP packets with invalid URI
961 - SSL-Bump: fix authentication with schemes other than Basic
962 - TPROXY: Fix clientside_mark and client port logging
963 - Fix "Cannot assign requested address" for to-origin TPROXY FTP data
964 - Fix --with-netfilter-conntrack error message
965 - Validate mime icon URL before allocating store entries
966 - ... and many documentation changes
967
b1268cb4 968Changes to squid-3.5.27 (20 Aug 2017):
969
970 - Regression Bug #4112: ssl_engine does not accept cryptodev
971 - Bug 4687: Wrong names of components in man page, section SEE ALSO
972 - Bug 4671: various GCC 7 compile errors
973 - Bug 4464: Reduce "!Comm::MonitorsRead(serverConnection->fd)" assertions
974 - Bug 2833: Collapse internal revalidation requests (SMP-unaware caches)
975 - Bug 2833: Do not respond with HTTP/304 to unconditional requests
976 - Fix message packing error handling in mgr and snmp SMP Forwarders
977 - Fix mgr query handoff from the original recipient to Coordinator.
978 - ... and some documentation updates
979
ef396425
AJ		 980Changes to squid-3.5.26 (01 Jun 2017):
981
982 - Bug 4711: SubjectAlternativeNames is missing in some generated certificates
983 - Bug 4695: squidpurge: GCC 7 build errors
984 - Bug 4682: ignoring http_access deny when client-first bumping mode is used
985 - Bug 4682: Fix ssl_bump "bump" action documentation
986 - Bug 4653: %st lies about tunneled traffic volumes
987 - Bug 4589: ssl_crtd: returning zero on failure
988 - Bug 3772: message from FTP server gets mangled
989 - Bug 3102: FTP directory listing drops fist character of file names
990 - Add OpenSSL library details to -v output
b1268cb4 991 - ... and some documentation updates
ef396425 992
7b84ebcc
AJ		 993Changes to squid-3.5.25 (02 Apr 2017):
994
995 - Bug 4688: various typo error(s) in man page(s)
996 - Bug 4508: Host forgery stalls intercepted being-spliced connections
997 - Native FTP relay: NAT and TPROXY interception fixes
998 - Fix missing CRLF on FTP timeout ABORT commands
999 - TLS: Bump client on errors encountered before ssl_bump evaluation
1000 - ext_kerberos_ldap_group_acl: fix unused value warnings
1001 - Fix crash when configuring with invalid delay_parameters restore value.
1002 - Check that -k argument is provided before trying to use it.
1003 - ... and some build fixes
1004
6c12d87e
AJ		 1005Changes to squid-3.5.24 (28 Jan 2017):
1006
1007 - Regression Bug 3940: Make 'cache deny' do what is documented
1008 - TLS: Fix SSLv2 records bumping despite a matching step2 peek rule
1009 - TLS: Mitigate DoS attacks that use client-initiated SSL/TLS renegotiation
1010 - Fix "Source and destination overlap in memcpy" Valgrind errors
1011 - Reduce crashes due to unexpected ClientHttpRequest termination
1012 - Update External ACL helpers error handling and caching
1013 - Detect HTTP header ACL issues
1014 - ... and some documentation fixes
1015
a2eb97b4 1016Changes to squid-3.5.23 (16 Dec 2016):
6f4a12cf
AJ		 1017
1018 - Bug 4627: fix generate-host-certificates and dynamic_cert_mem_cache_size docs
1019 - Bug 4620: NetBSD build error with --enable-ipf-transparent
1020 - Bug 4567: Strange IPv6 shown in access.log
1021 - Bug 4406: SIGSEV in TunnelStateData::handleConnectResponse() during reconfigure and restart
1022 - Bug 4174 partial: fix Write.cc:41 "!ccb->active()" assertion.
1023 - Bug 4169: HIT marked as MISS when If-None-Match does not match
1024 - Bug 4007: Hang on DNS query with dead-end CNAME
1025 - Bug 4004 partial: Fix segfault via Ftp::Client::readControlReply
1026 - Bug 3940 partial: hostHeaderVerify failures MISS when they should be HIT
1027 - Bug 3533: Cache still valid after HTTP/1.1 303 See Other
1028 - Bug 3379: Combination of If-Match and a Cache Hit result in TCP Connection Failure
1029 - Bug 3290: authenticate_ttl not working for digest authentication
1030 - Bug 2258: bypassing cache but not destroying cache entry
1031 - HTTP/1.1: make Vary:* objects cacheable
1032 - HTTP/1.1: Add registered codes entry for new 103 (Early Hints) status code
1033 - Support IPv6 NAT with PF for NetBSD and FreeBSD
1034 - TLS: Make key= before cert= an error instead of quietly hiding the issue
1035 - ... and some debug updates
1036 - ... and some build fixes
1037 - ... and several documentation updates
1038
d710ff25
AJ		 1039Changes to squid-3.5.22 (09 Oct 2016):
1040
1041 - Bug 4594: build failure with clang 3.9
1042 - Bug 4471: revalidation does not work when expired cached object lacks Last-Modified
1043 - Bug 4302 pt2: IPv6 support for IPFilter v5 transparent interception
1044 - Bug 4228: ./configure bug/typo in r14394
1045 - Bug 3819: "fd >= 0" assertion in file_write() during reconfiguration
1046 - Bug 2833: Collapse internal revalidation requests (SMP-unaware caches)
1047 - Fix logged request size (%http::>st) and other size-related %codes
1048 - Fix some memory leaks from putenv()
1049 - Fix memory leaks from url_rewrite_extras and store_id_extras on reconfigure/shutdown
1050 - Fix segfault crash when debugging section 4 at level 9
1051 - HTTP: MUST ignore a [revalidation] response with an older Date header
1052
f6791433
AJ		 1053Changes to squid-3.5.21 (08 Sep 2016):
1054
1055 - Bug 4563: duplicate code in httpMakeVaryMark
1056 - Bug 4542: authentication credentials IP TTL updated incorrectly
1057 - Bug 4534: assertion failure in xcalloc when using many cache_dir
1058 - Bug 4428: mal-formed Cache-Control:stale-if-error header
1059 - Bug 3025: Proxy-Authenticate problem using ICAP server
1060 - Fix segfault via Ftp::Client::readControlReply()
1061 - Fix SSL-Bump failure results in SEGFAULT
1062 - HTTP/1.1: MUST always revalidate Cache-Control:no-cache responses
1063 - HTTP/1.1: do not allow Proxy-Connection to override Connection header
1064 - SSL: CN wildcard must only match a single domain component [fragment]
1065
267a742e
AJ		 1066Changes to squid-3.5.20 (01 Jul 2016):
1067
1068 - Bug 4523: smblib compile fails on NetBSD
1069 - Bug 4485: off-by-one out-of-bounds Parser::Tokenizer::int64() read errors
1070 - Bug 3579: assertion failed 'MemPools[type]' from dst_as ACL
1071 - Fix icons loading speed
1072 - Fix OpenSSL detection on FreeBSD
1073 - Fix assertion failed: Write.cc:38: 'fd_table[conn->fd].flags.open'
1074 - Fix SEGFAULT parsing malformed adaptation service configuration
1075 - Fix ConnStateData::In::maybeMakeSpaceAvailable() logic
1076 - Do not override user defined -std option
1077 - Do not allow low-level debugging to hide important/critical messages
1078 - Do not make bogus recvmsg(2) calls when closing UDS sockets
1079 - Support unified EUI format code in external_acl_type
1080
1081Changes to squid-3.5.19 (09 May 2016):
1082
1083 - Regression Bug 4515: interception proxy hangs
1084
25e7b074
AJ		 1085Changes to squid-3.5.18 (06 May 2016):
1086
1087 - Bug 4510: stale comment about 32KB limit on shared memory cache entries
1088 - Bug 4509: EUI compile error on NetBSD
1089 - Bug 4501: HTTP/1.1: normalize Host header
1090 - Bug 4498: URL-unescape the login-info after extraction from URI
1091 - Bug 4455: SegFault from ESIInclude::Start
1092 - Prevent Squid forcing -b 2048 into the arguments for sslcrtd_program
1093 - Fix TLS/SSL server handshake alert handling
1094
2dae5986
AJ		 1095Changes to squid-3.5.17 (20 Apr 2016):
1096
1097 - Regression Bug 4480: logformat [.width_max]
1098 - Regression Bug 4481: varyEvaluateMatch: Oops. Not a Vary match on second attempt
1099 - Bug 4495: Unknown SSL option SSL_OP_NO_TICKET
1100 - Bug 4493: theObject->sharedMemorySize() == theSegment.size() exception
1101 - Bug 4483: ./configure garbles -Og option in CFLAGS
1102 - Bug 4482: Solaris GCC 5.2 warning in src/ip/Intercept.cc
1103 - Bug 4468: NotNode (!acl) naming: Terminate the name before strncat(name).
1104 - Bug 4465: Header forgery detection leads to crash
1105 - Bug 2460 partial: workaround deferred reads on shutdown and restart
1106 - cachemgr.cgi: use dynamic MemBuf for internal content generation
1107 - ESI: Fix several element construction issues
1108 - TLS: Fix Handshake Error: ccs received early
1109 - TLS: Add chained and signing cert to peek-then-bumped connections
1110 - Fix some startup/shutdown crashes
1111
b1e01a62
AJ		 1112Changes to squid-3.5.16 (02 Apr 2016):
1113
1114 - Bug 4476: Removed duplicated #include lines
1115 - Bug 4452: squid -z segfaults with ufs
1116 - Bug 4447:FwdState.cc:447 "serverConnection() == conn" assertion
1117 - Bug 4423: adding stdio: prefix to cache_log directive produces FATAL error
1118 - Bug 4409: compile error when two Heimdal libraries are installed
1119 - Bug 2831: Cache-control: max-age not sent on TCP_IMS_HIT/304
1120 - pinger: Fix buffer overflow in Icmp6::Recv
1121 - pinger: Fix select(2) to actually use max_fd
1122 - pinger: drop capabilities on Linux
1123 - Fix memory leak of HttpRequest objects
1124 - Fix memory leak when the cache of sslcrtvalidator_program is disabled via ttl=0
1125 - Fix assertion failed: Write.cc:41: "!ccb->active()"
1126 - Fix crash on shutdown while cleaning up idle ICAP connections
1127 - RFC 7725: Add registry entry for 451 status text
1128 - ... and some build issues
1129
81bf66f8
AJ		 1130Changes to squid-3.5.15 (23 Feb 2016):
1131
1132 - Bug 3870: assertion failed: String.cc: 'len_ + len <65536' in ESI::CustomParser
1133 - Fix multiple assertion on String overflows
1134 - Fix unit test errors on MacOS
1135 - Better handling of huge response headers. Fewer incorrect "Bug #3279" messages.
1136 - Log noise reduction for eCAP
1137
4e071e97
AJ		 1138Changes to squid-3.5.14 (16 Feb 2016):
1139
1140 - Bug 4437: Fix Segfault on Certain SSL Handshake Errors
1141 - Bug 4431: C code is not compiled with CFLAGS
1142 - Bug 4418: FlexibleArray compile error with GCC 6
1143 - Bug 4378: assertion failed: DestinationIp.cc:60:
1144 'checklist->conn() && checklist->conn()->clientConnection != NULL'
1145 - Fix invalid FTP connection handling on blocked content
1146 - Fix handling of shared memory left over by Squid crashes or bugs
1147 - Fix mgr:config report 'qos_flows mark' output
1148 - Fix compile error in CPU affinity
404063c5 1149 - Fix %un logging external ACL username
4e071e97 1150 - Avoid more certificate validation memory leaks
404063c5 1151 - ... and some documentation updates
4e071e97 1152
0461fde7
AJ		 1153Changes to squid-3.5.13 (06 Jan 2016):
1154
1155 - Bug 4397: DragonFly BSD, POSIX shared memory is implemented as filepath
1156 - Bug 4387: Kerberos build errors on Solaris
1157 - TLS: Support Ephemeral Elliptic Curve Diffie-Hellman (EECDH) key exchange
1158 - TLS: Complete certificate chains using external intermediate certificates
1159 - Avoid memory leaks when an X.509 certificate validator is used with SslBump
1160 - Fix connection retry and fallback after failed server TLS connections
1161 - Fix GnuTLS detection via pkg-config
1162 - Fix startup crash with a misconfigured (too-small) shared memory cache
1163 - ... and some documentation updates
1164
bf7891f2
AJ		 1165Changes to squid-3.5.12 (28 Nov 2015):
1166
1167 - Bug 4374: refresh_pattern config parser (%)
1168 - Bug 4373: assertion 'calloutContext->redirect_state == REDIRECT_NONE'
1169 - Bug 4228: links with krb5 libs despite --without options
1170 - Fix SSL_get_certificate() problem detection
1171 - Fix TLS handshake problem during Renegotiation
1172 - Fix cache_peer forceddomain= in CONNECT
1173 - Fix status code-based HTTP reason phrase for eCAP-generated messages
1174 - Fix build errors in cpuafinity.cc
1175 - ... and several documentation updates
1176
0b475d3f
AJ		 1177Changes to squid-3.5.11 (01 Nov 2015):
1178
1179 - Bug 3574: crashes on reconfigure and startup
1180 - Bug 4347: compile errors with LibreSSL 2.3
1181 - Bug 4281: copy-paste typos in src/tools.cc
1182 - Bug 4279: No response from proxy for FTP-download of non-existing file
1183 - Bug 4188: Bumping intercepted SSL connections does not work on Solaris
1184 - Fix incorrect authentication headers on cache digest requests
1185 - Fix connection stats, including %<lp, missing for persistent connections
1186 - Fix invalid memory access issues in SBuf
1187 - Avoid errors when parsing manager ACL in old squid.conf
1188
574e0f53
AJ		 1189Changes to squid-3.5.10 (01 Oct 2015):
1190
1191 - Regression Fix cache_peer login=PASS(THRU) after CVE-2015-5400
1192 - Regression Bug 4326: base64 binary encoder rejects data beginning with nil byte
1193 - Bug 4323: Netfilter broken cross-includes with Linux 4.2
1194 - Bug 4328: %un format code does not work for external ACLs in credentials-fetching rules
1195 - Bug 4208: more than one port in wccp2_service_info line causes error
1243ec71 1196 - Bug 4303: PeerConnector.cc:743 "!callback" assertion.
574e0f53
AJ		 1197 - Bug 4330: Do not use SSL_METHOD::put_cipher_by_char to determine size of SSL hello ciphers
1198 - Relicense ntlm_fake_auth.pl to GPLv2+
1199 - Relicense smb_lm auth helper to GPLv2+
1200 - Relicense SSPI helper to GPLv2+
1201 - ... and several minor performance optimizations
1202
3de58ac0
AJ		 1203Changes to squid-3.5.9 (17 Sep 2015):
1204
1205 - Regression Bug 3618: ntlm_smb_lm_auth rejects correct passwords
1206 - Bug 4309: incorrect extensions detection in SSL Hello messages
1207 - Bug 4309: crash during Skype login
1208 - Bug 4284: missing sanity checks for malloc
1209 - Regression Fix: CONNECT request debugging 11,2 traces
1210 - Regression Fix: Quieten UFS cache maintenance skipped warnings
1211 - TLS: Support SNI on generated CONNECT after peek
1212 - ... and some documentation updates
1213
4fff8fc1
AJ		 1214Changes to squid-3.5.8 (02 Sep 2015):
1215
1216 - Regression Bug 4306: build portability fix in Kerberos helpers
1217 - Bug 4302: IPFilter v5 transparent interception
1218 - Bug 4301: compile errors with IPFilter interception
1219 - Bug 4285 partial: %us is not supported in access.log
1220 - Bug 4278: Docs: typo in the refresh_pattern freshness algorithm
1221 - Bug 4242: compile errors with eCAP using clang-3.6
1222 - Bug 3696: crash when client delay pools are activated
1223 - Bug 3553: cache_swap_high ignored and maxCapacity used instead
1224 - Regression Fix: FtpServer.cc:1024: "reply != NULL" assertion
1225 - Fix ignore of impossible SSL bumping actions, as intended and documented
1226 - Fix memory leak in Surrogate-Capability header detection
1227 - Fix truncated body length when RESPMOD service aborts
1228 - Reject non-chunked HTTP messages with conflicting Content-Length values
1229 - Support splice for SSLv3 and TLSv1 sessions that start with an SSLv2 Hello
1230 - ... and several portability and compile fixes
1231 - ... and several documentation updates
1232
4df5649e
AJ		 1233Changes to squid-3.5.7 (01 Aug 2015):
1234
c52a4693 1235 - Bug 4293: wrong SNI sent to server after URL-rewrite
4df5649e
AJ		 1236 - Bug 4251: incorrect instance name for memory segments in /dev/shm
1237 - Bug 4227: invalid key in AuthUserHashPointer causing assertation failure
1238 - Bug 3345: support %un (any available user name) format code for external ACLs.
ab5bc97e 1239 - basic_smb_auth: Fix several old issues identified by Debian users
4df5649e
AJ		 1240 - Support ssl-bump splicing to origin cache_peer
1241 - Fix SSL errors relayed using invalid certificates
1242 - Fix crash in TcpAccepter with profiler enabled
1243 - Fix some cases of ssl_crtd SSL certificate DB corruption
1244 - Fix performance regression in SBuf::chop operations
1245 - Improve handling of client connections on shutdown
1246 - Handle exceptions during squid.conf parse
1247 - Make pod2man an optional dependency
1248 - ... and polishing for several cache.log notification messages
1249 - ... and all fixes from squid 3.4.14
1250
ab248038
AJ		 1251Changes to squid-3.5.6 (03 Jul 2015):
1252
1253 - Bug 4274: ssl_crtd.8 not being installed
1254 - Bug 4193: memory leak on FTP listings
1255 - Bug 4183: segfault when freeing https_port clientca on reconfigure or exit
1256 - Bug 3875: bad mimeLoadIconFile error handling
1257 - Bug 3483: assertion failed store.cc:1866: 'isEmpty()'
1258 - Bug 3329: pinned server connection is not closed properly
1259 - TLS: Disable client-initiated renegotiation
1260 - ext_edirectory_userip_acl: fix uninitialized variable
1261 - Support custom OIDs in *_cert ACLs
1262 - Fix CONNECT failover to IPv4 after trying broken IPv6 servers
1263 - Use relative-URL in errorpage.css for SN.png
1264 - Do not blindly forward cache peer CONNECT responses
1265 - Fix assertion String.cc:221: "str"
1266 - Fix assertion comm.cc:759: "Comm::IsConnOpen(conn)" in ConnStateData::getSslContextDone
1267 - Translations: add Spanish US dialect alias
1268
c75a7d0a
AJ		 1269Changes to squid-3.5.5 (28 May 2015):
1270
1271 - Regression Bug 4132: short_icon_urls with global_internal_static on
1272 - Bug 4238: assertion Read.cc:205: "params.data == data"
1273 - Bug 4236: SSL negotiation error of 'success'
1274 - Bug 3930: assertion 'connIsUsable(http->getConn())'
1275 - Fix assertion MemBuf.cc:380: "new_cap > (size_t) capacity" in SSL I/O buffer
1276 - Fix assertion errorpage.cc:600: "entry->isEmpty()"
1277 - Fix comm_connect_addr on failures returns Comm:OK
1278 - Fix missing external ACL helper notes
1279 - Fix "Not enough space to hold server hello message" error message
1280 - Fix segmentation fault inside Adaptation::Icap::Xaction::swanSong
1281 - Prevent unused ssl_crtd helpers being run
1282 - ... and some code cleanup and portability updates
1283 - ... and several documentation updates
1284
88e192b1
AJ		 1285Changes to squid-3.5.4 (01 May 2015):
1286
1287 - Bug 4234: comm_connect_addr uses errno incorrectly
1288 - Bug 4231: fd_open() not correctly handling UDS socket descriptions
1289 - Bug 4226: digest_edirectory_auth: found but cannot be built
1290 - Bug 4198: assertion failed: client_side.h:364: "sslServerBump == srvBump"
1291 - Bug 3775: Disable HTTP/1.1 pipeline feature for pinned connections
1292 - Fix require-proxy-header preventing HTTPS proxying and ssl-bump
1293 - Fix Negotiate/Kerberos authentication request size exceeds output buffer size
1294 - Fix SQUID_X509_V_ERR_DOMAIN_MISMATCH errors while accessing sites with valid certificates
1295 - Add server_name ACL matching server name(s) obtained from various sources
1296 - Add Kerberos support for MAC OS X 10.x
1297 - Support for resuming TLS sessions
1298 - ... and some portability and compile fixes
1299 - ... and several documentation updates
1300 - ... and all fixes from squid 3.4.13
1301
548362ff
AJ		 1302Changes to squid-3.5.3 (28 Mar 2015):
1303
1304 - Regression Bug 4213: negotiate_kerberos_auth: freeing non-dynamic memory
1305 - Regression Bug 4206: Incorrect connection close on expect:100-continue
1306 - Bug 4204: ./configure does not abort when required helpers cannot be built
1307 - Bug 3805: support shared memory on MacOS X in Mem::IPC::Segment
1308 - Bug 2907: high CPU usage on CONNECT when using delay pools
1309 - basic_getpwnam_auth: fail authentication on crypt() failures
1310 - basic_nis_auth: fail authentication on crypt() failures
1311 - ext_kerberos_ldap_group_acl: Heimdal support improvements
1312 - ext_wbinfo_group_acl: Perl 5.20 support
1313 - ... and several compile issues
1314
4d3be924
AJ		 1315Changes to squid-3.5.2 (18 Feb 2015):
1316
1317 - Regression Bug 4176: Digest auth too many helper lookups
1318 - Regression Bug 4180: not-fully-initialized data member in ACLUserData
1319 - Bug 4172: Solaris broken krb5-config
1320 - Bug 4073: Cygwin compile errors
1321 - Bug 3919: remove several never-true / never-false comparisons
1322 - HTTPS: Add missing root CAs when validating chains that passed internal checks
1323 - Fix some cbdataFree related memory leaks
1324 - Quieten CBDATA 'leak' messages
1325 - Set SNI information in transparent bumping mode
1326 - negotiate_kerberos_auth: fix krb5.conf backward compatibility
1327 - Fix memory leaks in cachemgr.cgi URL parser
1328 - Fix sslproxy_options in peek-and-splice mode
1329 - ... and fix several portability and build issues
1330 - ... and some documentation updates
1331 - ... and all fixes from squid 3.4.11
1332
aac5b91d
AJ		 1333Changes to squid-3.5.1 (13 Jan 2015):
1334
1335 - Fix handling of invalid SSL server certificates when splicing connections
1336 - basic_smb_lm_auth: Simplified MSNT basic auth helper
1337 - squidclient: Fix -A and -P options
1338 - ... and several portability fixes
1339 - ... and all fixes from squid 3.4.11
1340 - ... and a lot of documentation updates
1341
cf62b886
AJ		 1342Changes to squid-3.5.0.4 (21 Dec 2014):
1343
1344 - Bug 3826: pt 2: Provide a systemd .service file for Squid
1345 - Support http_access denials of SslBump "peeked" connections.
1346 - Fix DONT_VERIFY_DOMAIN ssl flag
1347 - Fix peek-and-splice mode: certificate validation for domain mismatched errors
1348 - negotiate_kerberos_auth: MEMORY keytab and replay cache support
1349 - ... and some documentation updates
1350 - ... and a large amount of code polishing (non-logic changes)
1351
4666bb8d
AJ		 1352Changes to squid-3.5.0.3 (09 Dec 2014):
1353
1354 - Bug 4146: workaround SSL Bump crash on Linux
1355 - Bug 4135: Support \-escaped characters in regex patterns
1356 - Bug 4131: SIGSEGV at store.cc:962 content_length > store_maxobjsize
1357 - Fix delay_parameters parsing
1358 - HTTP/2: handle 'PRI' method found in HTTP/1.x traffic
1359 - ... and all changes from squid 3.4.10
1360 - ... and a lot of documentation updates
1361
bf611e3a
AJ		 1362Changes to squid-3.5.0.2 (31 Oct 2014):
1363
1364 - Fix FTP socket opening during reconfigure
1365 - ... and all changes from 3.4.9
1366 - ... and some build errors in rarely used code
1367 - ... and several documentation updates
1368
e0dbeeb6
AJ		 1369Changes to squid-3.5.0.1 (17 Oct 2014):
1370
1371 - Port from 2.7: redirector and logging urlgroup feature
1372 - Bug 4093: source-maintenance.sh bad perl -i option
1373 - Bug 3608: per-service name for workers UDS sockets
1374 - Bug 2554: 32-bit wrap in AUFS counters
1375 - Bug 1961 pt1: URL handling redesign
1376 - Bug 1202 pt1: documentation for refresh_pattern algorithms
1377 - Update Squid boilerplate copyright/license
1378 - Update the http(s)_port directives protocol= parameter
1379 - Update forward_max_tries to permit 25 server paths
1380 - Update Kerberos library detection and build options
1381 - Support ACLs on ftp_epsv directive
1382 - Support >32KB objects in cache_dir rock storage
1383 - Support client connection annotation by helpers via clt_conn_tag=TAG
1384 - Support native FTP Relay
1385 - Support libgnugss Kerberos library
1386 - Support libecap v1.0
1387 - Support SSL Peek and Splice feature
1388 - Support receiving PROXY protocol version 1 and 2
1389 - Replace --enable-ssl build option with --with-openssl
1390 - Enable -n service name command line option for all Squid builds
1391 - Enable ICAP client by default
1392 - Fix configuration file parsing bugs, related to quoted strings
1393 - Fix Windows MinGW build errors
1394 - Fix multiple TCP outgoing TOS/DiffServ bugs
1395 - Fix Cygwin /etc/resolv.conf parsing
1396 - Fix crash when sending %ssl::cert_subject to external ACL w/o certificate
1397 - Fix crash reading malformed config files
1398 - Send selected SSL version and cipher to the certificate validation helper
1399 - Validate server certificates without bumping
1400 - Add zero-copy string buffer support
1401 - Add automated squid.conf parser testing with squid -k parse
1402 - Add adaptation_service ACL
1403 - Add logformat code %tS to log transaction start time
1404 - Add logformat code %>rd to log client URL domain name
1405 - Add key_extras to proxy authentication
1406 - Add url_rewrite_extras and store_id_extras directives
1407 - Add send_hit and store_miss directives
1408 - Add collapsed_forwarding directive
1409 - Add sslproxy_cert_sign_hash directive
1410 - Add SMP SSL session cache
1411 - Add cache_peer standby connections
1412 - Add helper ext_delayer_acl
1413 - Add TCP_TUNNEL log code for CONNECT tunnels which are not SSL-bumped
1414 - Add BUILDCXX and BUILDCXXFLAGS configure options for cross-compile
1415 - Remove COSS storage in favour of Rock storage
1416 - Remove dnsserver and external DNS helper API in favour of mDNS
1417 - Remove broken mallinfo() accounting and memory tracing
1418 - Remove hierarchy_stoplist in favour of always_direct
1419 - Deprecate tag ACL type in favour of note ACL type
1420 - Deprecate urlgroup feature in favour of note ACL type
1421 - HTTP/1.1: method names are case-sensitive
1422 - HTTP/1.1: register new headers from RFC 723x
1423 - squidclient: polish and update help display
1424 - squidclient: support TLS with GnuTLS 3.1.5+
1425 - squidclient: support verbosity levels
1426 - squidclient: --ping mode module support
1427 - url_fake_rewrite: support concurrency
1428 - storeid_file_rewrite: support concurrency
1429 - digest_file_auth: support concurrency
1430 - digest_edirectory_auth: support concurrency
1431 - digest_ldap_auth: support concurrency
1432 - ... and many error page translation updates
1433 - ... and much code cleanup and polishing
1434
4df5649e
AJ		 1435Changes to squid-3.4.14 (01 Aug 2015):
1436
1437 - Do not blindly forward cache peer CONNECT responses (CVE-2015-5400)
1438
88e192b1
AJ		 1439Changes to squid-3.4.13 (01 May 2015):
1440
1441 - Bug 4212: ssl_crtd crashes with corrupt database
1442 - ... and some documentation updates
1443 - ... and all fixes from squid 3.3.14
1444
4d3be924
AJ		 1445Changes to squid-3.4.12 (18 Feb 2015):
1446
1447 - Bug 4066: Digest auth nonce indefinite rollover
1448 - Bug 3997: Excessive NTLM or Negotiate auth helper annotations
1449 - Fix several crashes when debugging enabled
1450 - Fix silent SSL/TLS failure on split-stack operating systems
1451 - HTTP/1.1: Stop emitting (Proxy-)Authentication-Info for Negotiate
1452 - HTTPS: Add TLS/SSL option NO_TICKET to http[s]_port
1453 - Remove dst ACL dependency on HTTP request message existence
1454 - Set cap_net_admin when Squid sets TOS/Diffserv packet values
1455 - ... and some documentation updates
1456
aac5b91d
AJ		 1457Changes to squid-3.4.11 (13 Jan 2015):
1458
1459 - Bug 4164: SEGFAULT when %W formating code used in errorpages
1460 - Bug 4057: Avoid on-exit crashes when adaptation is enabled.
1461 - Bug 3760: squidclient ignores --disable-ipv6
1462 - Bug 3754: configure doesnt detect IPFilter 5.1.2 system headers
1463 - Bug 3664: ssl_crtd fails to build on OpenSolaris/OpenIndiana/Solaris 11
1464 - cachemgr.cgi: memory leak in request parser
1465 - Deleting first fs left psstate->servers pointing to uninitialized memory
1466 - ... and some build issues
1467
4666bb8d
AJ		 1468Changes to squid-3.4.10 (09 Dec 2014):
1469
1470 - Bug 4148: external_acl_type header format does not accept the new libformat syntax
1471 - Bug 4145: squid_endian.h compile errors with OpenBSD 5.6
1472 - Bug 4033: Rebuild corrupted ssl_db/size file
1473 - Bug 3902: Docs: external_acl_type cache hash key
1474 - Fix segmentation fault in ACL urlpath_regex
1475 - Fix bootstrap.sh dependency on SPONSORS.list
1476 - Alternate-Protocol is a hop-by-hop header
1477 - HTTP/2: Support 421 (Misdirected Request) status code
1478
bf611e3a
AJ		 1479Changes to squid-3.4.9 (31 Oct 2014):
1480
1481 - Regression fix: ext_kerberos_ldap_group_acl typo in 3.4.7 update
1482 - Bug 4102: sslbump cert contains only a dot character in key usage extension
1483 - Bug 4093: source-maintenance.sh errors and warnings due to wrong tools/options
1484 - Bug 4088: memory leak in external_acl_type helper with cache=0 or ttl=0
1485 - Bug 4024: Bad host/IP ::1 when using IPv4-only environment
1486 - Bug 3803: ident leaks memory on failure
1487 - kerberos_ldap_group/cert_tool: Remove ksh dependency
1488 - ... and some automated code style updates
1489 - ... and some documentation updates
1490
bd6c316a
AJ		 1491Changes to squid-3.4.8 (15 Sep 2014):
1492
1493 - Fix off by one in SNMP subsystem
1494 - pinger: Fix various ICMP handling issues
1495
abc809ce
AJ		 1496Changes to squid-3.4.7 (28 Aug 2014):
1497
1498 - Regression Fix: Kerberos LDAP authorizing groups with principle subdomain
1499 - Bug 4080: worker hangs when client identd is not responding
1500 - Bug 3966: Add KeyEncipherment when ssl-bump substitues RSA for EC
1501 - HTTP/1.1: Ignore Range headers with unidentifiable byte-range values
1502 - SSL-bump: Use v3 for fake certificate if we add _any_ certificate extension
1503 - Enable compile-time override for MAXTCPLISTENPORTS
1504 - ntlm_sspi_auth: Fix various build errors
1505 - negotiate_wrapper: Fix build issues with non-portable vfork()
1506 - negotiate_sspi_auth: Portability fixes for MinGW
1507 - ext_lm_group_acl: Portability fixes for MinGW
1508 - ... and several minor memory leaks
1509
7f089ae4
AJ		 1510Changes to squid-3.4.6 (25 Jun 2014):
1511
1512 - Regression: segmentation fault logging with %tg format specifier
1513 - Bug 4065: round-robin neighbor selection with unequal weights
1514 - Bug 4056: assertion MemPools[type] from netdbExchangeStart()
1515 - Bug 4050: segmentation fault in CommSelectEngine::checkEvents on helper response
1516 - Fix segmentation fault setting up server SSL connnection
1517 - Fix hanging Non-HTTPS connections on SSL-bump enabled port
1518 - Fix Cache Manager actions listed more than once
1519 - ... and many minor memory leaks
1520 - ... and several portability build issues
1521 - ... and some documentation updates
1522
51a22544
AJ		 1523Changes to squid-3.4.5 (02 May 2014):
1524
1525 - Regression Bug 4051: inverted test on CONNECT payload existence
1526 - Regression Fix: order dependency between cache_dir and maximum_object_size
1527 - Fix logformat %note display
1528 - Resolve 'dying from an unhandled exception: c'
1529
445d8733
AJ		 1530Changes to squid-3.4.4.2 (23 Apr 2014):
1531
51a22544 1532 - version bump for packaging re-build with altered toolchain
445d8733 1533
e6b41a35
AJ		 1534Changes to squid-3.4.4.1 (23 Apr 2014):
1535
1536 - Regression Bug 4019: Cache digest exchange segmentation fault
1537 - Regression Bug 3982: EUI logging and helpers show blank MAC address
1538 - Bug 4047: Support Android builds
1539 - Bug 4043: Remove XMALLOC_TRACE and references to sbrk(2)
1540 - Bug 4041: Missing files in compat/Makefile.am
1541 - Bug 4014: Build failure with --disable-optimizations --disable-auth
1542 - Bug 3986: (partial) assertion due to incorrect error page buffer size
1543 - Bug 3955: Solaris EUI-48 lookup leaks FDs
1544 - Bug 3371: CONNECT with data sent at once loses data
1545 - C++11: Upgrade auto-detection to use the formal -std=c++11
1546 - Crypto-NG: libnettle MD5 algorithm support
1547 - SSL-Bump: Fix Basic auth caching on bumped connections
1548 - Store-ID: Fix request URI when forwarding requests to peers
1549 - ... and fix several other build errors
1550 - ... and some documentation updates
1551
d3b930ff
AJ		 1552Changes to squid-3.4.4 (09 Mar 2014):
1553
1554 - Bug 4029: intercepted HTTPS requests bypass caching checks
1555 - Bug 4001: remove use of strsep()
1556 - Bug 3186 and 3628: Digest authentication always sending stale=false for nonce
1557 - Fix stalled concurrent rock store reads
1558 - Fix helper ID number assignment
1559 - Fix build failures from CMSG related definitions
1560 - Fix build failures from libcompat unsafe.h protections
1561 - Copyright: Relicense helpers by Treehouse Networks Ltd.
1562 - ... and all bug fixes from 3.3.12
1563
a01166da
AJ		 1564Changes to squid-3.4.3 (02 Feb 2014):
1565
1566 - Bug 4008: HttpHeader warnOnError should be an int not a bool
1567 - Bug 4002: clang 3.4 unable to compile
1568 - Bug 3996: Malformed DNS reply leads to crash
1569 - Bug 3995: compile error on CentOS 5 with GCC 4.1.2
1570 - Bug 3975: atomic detection cross-compilation failure
1571 - Bug 3971: "cannot aggregate mgr:client_list: cmd->profile != NULL" in SMP mode
1572 - Bug 3954: compile failure in CpuAffinity.cc
1573 - Bug 3927: tests/testRock fatal.cc required
1574 - Fix memory leak in peer Cache Digest exchange
1575 - Fix external_acl_type async loop failures
1576 - Fix destination IP address cycling
1577 - ... and a few polishing changes
1578
441842f0
AJ		 1579Changes to squid-3.4.2 (30 Dec 2013):
1580
1581 - Regression Bug 3980: FATAL ERROR due to max_user_ip -s option
1582 - Regression Fix: \-unescaping in quoted strings from helpers
1583 - Regression Fix: URL helper API bypassing on URL containing '=' character
1584 - Bug 3985: 60s limit introduced by balance_on_multiple_ip breaks bad IP recovery
1585 - Bug 3806: Caching responses with Vary header
1586 - Bug 3498: FTP PUT assertion
1587 - WCCPv2: Fix assertion 'Cannot convert non-IPv4 to IPv4' on FreeBSD
1588 - Enable concurrency by default for SSL certificate validator
1589 - ... and fix several build errors
1590
12f64d19
AJ		 1591Changes to squid-3.4.1 (09 Dec 2013):
1592
1593 - Bug 3935: Invalid pointer dereference when peeking at origin server certificate
1594 - Bug 3589: intercepted and ICAP modified request using a cache_peer
1595 - ... and several portability fixes
1596 - ... and some documentation updates
1597
277afc6e
AJ		 1598Changes to squid-3.4.0.3 (01 Dec 2013):
1599
1600 - Bug 3941: Release notes error
1601 - Receive annotations from authentication and external ACL helpers
1602 - basic_nis_auth: Improved portability
1603 - ... and several documentation updates
1604 - ... and all bug fixes from 3.3.9, 3.3.10, 3.3.11
1605
2d011f52 1606Changes to squid-3.4.0.2 (03 Oct 2013):
ae2b6fc9
AJ		 1607
1608 - Regression Bug 3891: squid.conf parser errors in 3.4.0.1
1609 - Regression Fix: re-disable MinGW C++11 support
1610 - Bug 3914: partial: make squidclient tool build cleanly with -Wconversion
1611 - Fix memory leak in refresh_pattern parsing
1612 - negotiate_kerberos_auth: upgrade to present group= keys
1613 - Handle NTLM helper returning OK without user= value
1614 - Add dns_multicast_local to control mDNS operation
1615 - Add --disable-arch-native build option
1616 - Display Build-Info in cache manager info report
1617 - ... and all changes from squid 3.3.9
1618 - ... and some code and debug output polishing
1619
14561e1c 1620Changes to squid-3.4.0.1 (29 Jul 2013):
13db7eef
AJ		 1621
1622 - Port from 2.7: StoreURL (renamed Store-ID) support
1623 - Bug 3795: fix several mistakes in the MIB file
1624 - Bug 3793: configure: improved helper detection
1625 - Bug 3722: Invalid markup in Armenian hy ERR_ONLY_IF_CACHED_MISS
1626 - Bug 3676: Support GCC 4.7 with -Wshadow option
1627 - Bug 3643: NTLM helpers stuck in reserved state by Safari
1628 - Bug 3389: Auto-reconnect for tcp access_log
1629 - Bug 2066: squid does not do chdir() after chroot()
1630 - Fix uninitialized fields in IcapLogEntry
1631 - Fix a number of minor issues detected by Coverity Scan
1632 - Fix some potential memory leaks detected by Coverity Scan
1633 - Fix 64-bit support for Intel compiler suite (ICC) and other similar compilers
1634 - Fix ACL matching algorithm to avoid repeating tests
1635 - basic_pam_auth: Add -r option to strip NTLM/Negotiate domain from username
1636 - squidpurge: fix META TLV parsing issues
1637 - squid.conf: enforce all the directive and option names are lower-case
1638 - Support EUI on HTTPS and FTP data connections
1639 - Support OK/ERR/BH response codes from any helper
1640 - Support No-lookup flag (-n) on DNS ACLs
1641 - Support -march=native compiler optimization by default
1642 - Support forwarding intercepted but not bumped connections to cache_peers
0bbaae54 1643 - Support IPv6 NAT interception on Linux and some BSD
13db7eef
AJ		 1644 - Deprecate log_icap and log_access configuration directives
1645 - HTTP/1.1: improved method invalidation and cacheability detection
1646 - HTTP/1.1: support length configuration for pipeline_prefetch queue
1647 - Improved TPROXY support for OpenBSD and FreeBSD
0bbaae54 1648 - Add storeid_file_rewrite helper to perform Store-ID rewrites from a rules file
13db7eef
AJ		 1649 - Add all-of and any-of ACL types for grouping sets of ACL tests
1650 - Add note directive for transaction annotations
1651 - Add %note log format for transaction annotation logging
1652 - Add note ACL type for matching annotated transactions with by annotation name or value
1653 - Add kv-pair support to URL-rewrite/redirector interface
1654 - Add SSL server certificate validator interface, helper and result cache
1655 - Add SSL server certificate fingerprint ACL type
1656 - Add spoof_client_ip access control
1657 - Add pt-bz (Belize Portuguese) dialect to translations
1658 - ... and many Windows portability changes (still incomplete)
1659 - ... and many documentation changes
1660 - ... and much code cleanup and polishing
988a7fba 1661
88e192b1
AJ		 1662Changes to squid-3.3.14 (01 May 2015):
1663
1664 - Bug 4093: source-maintenance.sh errors and warnings due to wrong tools/options
1665 - ... and some documentation updates
1666 - ... and all fixes from squid 3.2.14
1667
abc809ce
AJ		 1668Changes to squid-3.3.13 (28 Aug 2014):
1669
1670 - Fix segmentation fault setting up server SSL connnection
1671 - HTTP/1.1: Ignore Range headers with unidentifiable byte-range values
1672
d3b930ff
AJ		 1673Changes to squid-3.3.12 (09 Mar 2014):
1674
1675 - Regression Bug 3769: client_netmask not evaluated since Comm redesign
1676 - Bug 4026: Fix SSL and adaptation_access handling of aborted connections
1677 - Bug 3969: Fix credentials caching for Digest authentication
1678 - Bug 3806: Caching responses with Vary header
1679 - Fix umask default on crash report generated email
1680 - Fix pthread library detection on FreeBSD 10
1681 - Avoid assertions on Range requests that trigger Squid-generated errors.
1682
277afc6e
AJ		 1683Changes to squid-3.3.11 (01 Dec 2013):
1684
1685 - Regression Bug 3936: error-details.txt parse error with OpenSSL since 3.3.9
1686 - Bug 3972: Segfault when getting the deny_info page ID after a reconfigure
1687 - Bug 3970: max_filedescriptors disabled due to missing setrlimit
1688 - Bug 3967: ipc/Kid.cc compilation failure: 'time' was not declared in this scope
1689 - Bug 3960: DEAD cache_peer are not revived
1690 - Bug 3956: xstrndup: tried to dup a NULL pointer
1691 - Bug 3906: Filedescriptor leaks in SNMP
1692 - Bug 3782: Digest authentication not obeying nonce_max_count
1693 - HTTP/1.1: Make header parser obey relaxed_header_parser
1694 - HTTP/1.1: Re-compute Range response content offset after an FTP response was adapted
1695 - SMP: Replace blocking sleep(3) and close UDS socket on failures
1696 - Windows: fix several compile errors
1697
c663cc36
AJ		 1698Changes to squid-3.3.10 (03 Nov 2013):
1699
1700 - Bug 3929: request_header_add not working for tunnel requests
1701 - Bug 3923: cbdata and undefined behavior due to dynamic runtime enumeration
1702 - Bug 3918: Self Test Failures on Mac OS X 10.8
1703 - Bug 3887: tcp_outgoing_tos not working for IPv6
1704 - Bug 3836: Fix issues with automake 1.13+ and make check
1705 - Bug 3480: StoreEntry::kickProducer() segfaults in store_client::copy()
1706 - Fix pinning hierarchy log information
1707 - Fix close idle client connections associated with closed idle pinned connections.
1708 - Fix cbdata 'error: expression result unused' errors
1709 - Avoid "hot idle": A series of rapid select() calls with zero timeout.
1710 - Append Connection:close to OPTIONS requests when icap_persistent_connections is off
1711 - ntlm_fake_auth: pass DOMAIN data to Squid in original case
1712 - kerberos_ldap_group: fix LDAP string duplication
1713 - Use IPv6 localhost nameserver on DNS configuration errors
1714 - Add cache_miss_revalidate
1715 - ... and several portability improvements
1716
db01c30c
AJ		 1717Changes to squid-3.3.9 (11 Sep 2013):
1718
1719 - Regression Bug 3077: off-by-one error in Digest header decoding
1720 - Bug 3895: fix acl_uses_indirect_client and cache_peer_access
1721 - Bug 3879: assertion failed ConnStateData::validatePinnedConnection
1722 - Bug 3863: myportname acl causes segmentation fault
1723 - Bug 3849: Duplicate certificate sent when using https_port
1724 - Bug 2287: Better fix for unsupported HTTP version handling
1725 - Bug 2112: Reload into If-None-Match
1726 - Fix several assert with side effects in ICAP/eCAP response handling
1727 - Fix myportname ACL on ICAP/eCAP transactions
1728 - Fix external ACL user:pass detail logging after adaptation
1729 - Fix SMP mgr:info report 'Largest file desc currently in use'
1730 - Handle infinite certificate validation loops caused by OpenSSL Bug 3090.
1731 - Improved compatibility with gcc 4.8, clang and icc
1732 - Show number of available filedescriptors when reserved FD changes
1733 - Sync with newest OpenSSL error codes
1734 - Register Http2-Settings header
1735 - ... and many Windows portability fixes
1736
8dbafb10
AJ		 1737Changes to squid-3.3.8 (13 Jul 2013):
1738
1739 - Bug 3869: assertion failed: MemBuf.cc:272: size < capacity
1740 - Improved handling of port values in Host: header validation
1741
2fea9d2b
AJ		 1742Changes to squid-3.3.7 (11 Jul 2013):
1743
1744 - Bug 3297: Fix openSSL related build failures
1745 - Fix build on FreeBSD 9.x platform with clang
1746 - Protect against buffer overrun in DNS query generation
1747
1a39473b
AJ		 1748Changes to squid-3.3.6 (01 Jul 2013):
1749
1750 - Bug 3854: pt1: compile errors on AIX
1751 - Bug 3802: Fix wrong check inside Format::Format::assemble
13db7eef 1752 - Bug 3762: remove bogus WARNING in cache.log
1a39473b
AJ		 1753 - Bug 3717: assertion failed with dstdom_regex with IP based URL
1754 - Bug 1991: kqueue causes SSL to hang
1755 - Ask for SSL key password when started with -N but without sslpassword_program
1756 - Make sure %<tt includes all [failed] connection attempts
1757 - Support HTTP reply ACLs in icap_log and log_icap
1758 - Fix incorrect external_acl_type codes
1759 - Fix ICAP logging request headers and segmentation faults
1760 - ... and some documentation polish
1761
9c7aeeb8
AJ		 1762Changes to squid-3.3.5 (20 May 2013):
1763
1764 - Bug 3851: Delay Pool class 5 tag:levels displayed incorrectly in cache manager
1765 - Bug 3845: http_port tcpkeepalive= option fails parsing
1766 - Bug 3840: assertion failed 'sde' in UFS cache loading
1767 - Bug 3836: make check failures with automake-1.13
1768 - Bug 3827: Remove AccessLogEntry::cache.authuser
1769 - Bug 3816 pt2: SSL_get_certificate call inside Ssl::verifySslCertificate crashes
1770 - Bug 3780: cachemgr.cgi: output problem in HTTP Header Statistics
1771 - Bug 3759: OpenSSL compilation error on stock Fedora17, RHEL, CentOS 6 systems
1772 - Bug 3744: squid terminated: FATAL: Bungled (null) line 3: sslproxy_cert_sign signTrusted all
1773 - Port from 2.6: external acl %ACL and %DATA tags
1774 - Update copyright on SN.png
1775 - ... and several minor memory leaks
1776 - ... and some documentation polish
1777
988a7fba
AJ		 1778Changes to squid-3.3.4 (27 Apr 2013):
1779
1780 - Bug 3831: basic_ncsa_auth Blowfish and SHA support
1781 - Bug 3816: SSL_get_certificate call inside Ssl::verifySslCertificate crashes
1782 - Bug 3794: MacOS: workaround compiler errors and case-insensitivity
1783 - Bug 3781: Proxy Authentication not sent to cache_peer
1784 - Bug 3720 pt1: SourceLayout: shuffle fd_table definition into fde.h
1785 - Bug 3720 pt2: Add missing include in /dev/poll I/O module
1786 - Bug 3674: Improve compiler detection, better support warnings-as-errors on clang
1787 - Add support for TPROXY on BSD
1788 - Fix SSL Bump bypass for intercepted traffic
1789 - Fix memory leaks in ConnStateData pinning
1790 - Fix external_acl.cc "inBackground" assertion on queue overloads
1791 - CacheMgr: fix missing column separator in helper stats
1792 - OpenBSD: libpthreads requires OpenBSD 5.2 or later
1793 - ... and lots of documentation updates
1794 - ... and all changes from squid 3.2.10
1795
40c973aa
AJ		 1796Changes to squid-3.3.3 (12 Mar 2013):
1797
1798 - Bug 3720: Add missing include in /dev/poll I/O module (pt2)
1799 - ... and all changes from squid 3.2.9
1800
d4dc9eea
AJ		 1801Changes to squid-3.3.2 (02 Mar 2013):
1802
1803 - Bug 3781: Proxy Authentication not sent to cache_peer
1804 - Bug 3794: MacOS: workaround compiler errors
1805 - Bug 3720: Compile error in Solaris /OpenIndiana
1806 - ... and all changes from squid 3.2.8
1807
21744e8b
AJ		 1808Changes to squid-3.3.1 (09 Feb 2013):
1809
1810 - Bug 3726: build errors with --disable-ssl
1811 - Propigate pinned connection persistency and closures to the client.
1812 - Mimic SSL certificate Key Usage and Basic Constraints
1813 - Fix segmentation fault on missing squid.conf values
1814 - ext_sql_session_acl: Fix hex decoding on UID
1815 - ... and some code polish
1816 - ... and a lot of documentation polish
1817 - ... and all changes from squid 3.2.7
1818
56eea3f2
AJ		 1819Changes to squid-3.3.0.3 (09 Jan 2013):
1820
1821 - Bug 3729: 32-bit overflow in parsing 64-bit configuration values
1822 - Bug 3728: Improve debug for cache_dir
1823 - Additional fixes for CVE-2012-5643 / SQUID:2012-1
1824 - kerberos_ldap_group: support multiple groups in squid.conf ACL definition
1825 - kqueue: update status from experimental to fully available net I/O method
1826 - ... and many memory leaks and potential bugs detected by Coverity Scan
1827
bd4920ca
AJ		 1828Changes to squid-3.3.0.2 (03 Dec 2012):
1829
1830 - Support matching empty header field values using req_header and rep_header
1831 - ... and some minor code polish and input vaidations
1832 - ... and all changes from squid 3.2.4
1833
362d74b6
AJ		 1834Changes to squid-3.3.0.1 (21 Oct 2012):
1835
1836 - Bug 3610: Add peername_regex ACL
1837 - Bug 3239: rename myip/myport as localip/localport
1838 - Bug 3130: helpers are crashing too rapidly
1839 - Add log_db_daemon SQL Database Logging Daemon
1840 - Add ext_time_quota_acl helper managing sessions by bandwidth usage
1841 - Add request_header_add option
1842 - Support C++11 features where possible
1843 - Support bump-ssl-server-first
1844 - Support mimic SSL server certificates
1845 - Remove --enable-ntlm-fail-open
1846 - Fix TLS/SSL Options does not apply to the dynamically generated certificates
1847 - Fix SslBump stuck after error
1848 - Polish: display ACL enumeration text in debugs
1849 - ... and many portability fixes for MacOS X, Windows and others
1850 - ... and many compile error fixes
1851 - ... and a very large amount of code polish for faster compilation
1852
88e192b1
AJ		 1853Changes to squid-3.2.14 (01 May 2015):
1854
1855 - Fix 'access_log none' to prevent following logs being used
1856 - Fix X509 server certificate domain matching
1857 - ... some documentation updates
1858
8dbafb10
AJ		 1859Changes to squid-3.2.13 (13 Jul 2013):
1860
1861 - Bug 3869: assertion failed: MemBuf.cc:272: size < capacity
1862 - Improved handling of port values in Host: header validation
1863
2fea9d2b
AJ		 1864Changes to squid-3.2.12 (11 Jul 2013):
1865
1866 - Protect against buffer overrun in DNS query generation
1867 - Avoid !closing assertions when helpers call comm_read during reconfigure.
1868 - Fix several minor memory leaks during reconfigure
1869 - Remove origin_tries limiter on forwarding and permit large max_forward_tries values
1870
80c1bddb
AJ		 1871Changes to squid-3.2.11 (30 Apr 2013):
1872
1873 - Regression Bug 3839: build error: src/tools.h: No such file or directory
1874 - Update copyright on SN.png
1875
988a7fba
AJ		 1876Changes to squid-3.2.10 (27 Apr 2013):
1877
1878 - Bug 3833: squidclient: Option '-k' is not present in man(1) page
1879 - Bug 3825: basic_ncsa_auth: segfaulting with glibc-2.17
1880 - Bug 3822: Locate LDAP and SASL headers for BSD support
1881 - Bug 3817: Memory leak in SSL cert validate for alt_name peer certs
1882 - Bug 3774: 'squid -k reconfigure' drops rock cache
1883 - Bug 3565: Resuming postponed accept kills Squid
1884 - HTTP/1.1: partial support for no-cache and private controls with parameters
1885 - ssl_crtd: fix helpers dying during startup on ARM
1886 - GNU Hurd: define MAP_NORESERVE as no-op when missing
1887 - BSD: fix enter_suid/leave_suid build errors in ip/Intercept.cc
1888
40c973aa
AJ		 1889Changes to squid-3.2.9 (12 Mar 2013):
1890
1891 - Regression fix: Accept-Language header parse
1892 - Bug 3673: Silence 'Failed to select source' messages
1893 - Fix authentication headers sent on peer digest requests
1894 - Fix build error on Solaris, OpenIndiana, Omnios
1895
d4dc9eea
AJ		 1896Changes to squid-3.2.8 (02 Mar 2013):
1897
1898 - Bug 3767: tcp_outgoing_tos/mark ACLs do not obey acl_uses_indirect_client
1899 - Bug 3763: diskd Error: no filename in shm buffer
1900 - Bug 3752: objects that cannot be cached in memory are not cached on disk
1901 - Bug 3753: Removes the domain from the cache_peer server pconn key
1902 - Bug 3749: IDENT lookup using wrong ports to identify the user
1903 - Bug 3723: tcp_outgoing_tos/mark broken for CONNECT requests
1904 - Bug 3686: cache_dir max-size default fails
1905 - Bug 3515: crash in FtpStateData::ftpTimeout
1906 - Bug 3329: Quieten orphan Comm::Connection messages
1907 - Make squid -z for cache_dir rock preserve the rock DB
1908 - Fixed several server connect problems
02824360
AJ		 1909 - ... and some build issues on Solaris, OpenIndiana, MacOS X
1910 - ... and some documentation and debugs polishing
d4dc9eea 1911
54ccbeea
AJ		 1912Changes to squid-3.2.7 (01 Feb 2013):
1913
1914 - Bug 3736: Floating point exception due to divide by zero
1915 - Bug 3735: raw-IPv6 domain URLs crash if IPv6-disabled
1916 - Bug 3732: Fix ConnOpener IPv6 awareness
1917 - Bug 3729: 32-bit overflow in parsing 64-bit configuration values
1918 - Bug 3728: Improve debug for cache_dir
1919 - Bug 3687: unhandled exception: c when using interception and peers
1920 - Bug 3678: external acl grace period causes acl lookup failures
1921 - Bug 3567: Memory leak handling malformed requests
1922 - Bug 3111: Mid-term fix for the forward.cc "err" assertion
1923 - Support OpenSSL NO_Compression optio
1924 - Fix IPv6 enabled pinger on split-stack or IPv6-disabled systems
1925 - Fix "address.GetPort() != 0" assertion for helpers
1926 - ... and several minor memory leaks
1927 - ... and some cache.log message polishing
1928
56eea3f2
AJ		 1929Changes to squid-3.2.6 (09 Jan 2013):
1930
1931 - Regression Bug 3731: TOS setsockopt() requires int value
1932 - Regression Bug 3712: Rotating logs overwrites the previous log
1933 - Bug 3727: LLVM compile errors in kerberos_ldap_group
1934 - Bug 3650: Negotiate auth missing challenge token
1935 - Additional fixes for CVE-2012-5643 / SQUID:2012-1
1936
eeb80d48
AJ		 1937Changes to squid-3.2.5 (10 Dec 2012):
1938
1939 - Bug 3698: Add missing include of errno.h
1940
bd4920ca
AJ		 1941Changes to squid-3.2.4 (03 Dec 2012):
1942
1943 - Ported: urllogin ACL from squid 2.7
1944 - Bug 3688: Lots of Orphan Comm:Connections to ICAP server
1945 - Bug 3677: Port un-pinning logic changes from squid 3.3
1946 - Bug 3405: ssl_crtd crashes failing to remove certificate
1947 - ... and major bugs fixed in squid 3.1.22
1948 - Fix accept_filter on Linux
1949 - Remove 'Bungled' warning on missing component directives
1950 - ... and many buffer and memory leak issues in the bundled helpers
1951 - ... and a small amount of code polishing
1952
362d74b6
AJ		 1953Changes to squid-3.2.3 (21 Oct 2012):
1954
1955 - Regression: SMP crashes on startup with workers > 1
1956 - Bug 3655: pinning failure breaks NTLM and Negotiate authentication
1957 - SMP: Allow a UFS cache_dir entry to coexist with a shared memory cache entry
1958 - HTTP/1.1: honour Cache-Control before Pragma:no-cache
1959 - HTTP/1.1: Cache-Control compliance upgrade
1960 - Remove obsoleted refresh_pattern ignore-no-cache option
1961 - Fix IPv6 enabled squidclient
1962 - ... and several compile fixes
1963
1964Changes to squid-3.2.2 (06 Oct 2012):
a18ad4b5
AJ		 1965
1966 - Regression: Make login=PASS send no credentials when none available
1967 - Regression: Handle dstdomain duplicates and overlapping names better
1968 - Bug 3661: Segmentation fault when using more than 1 worker
1969 - Bug 3660: ACLFilledChecklist::fd set with wrong fd for sslproxy_cert_error
1970 - Bug 3658: ERR_ZERO_SIZE_OBJECT propagates out even after successful retry
1971 - Bug 3648: polish String class files
1972 - Bug 3647: parsing hier_code acl fails
1973 - Bug 3626: forwarding loops on intercepted traffic
1974 - Bug 3616: retrieve client connection for ACL checks from the related HttpRequest object
1975 - Bug 3609: several RADIUS helper improvements
1976 - Bug 3605: memory leak in Negotiate authentication
1977 - Fix small memory leak in src ACL parse
1978 - Fix maximum_single_addr_tries upgrade
1979 - Fix chunked encoding on responses carrying a Content-Range header.
1980 - Do not reuse persistent connections for PUTs to avoid ERR_ZERO_SIZE_OBJECT
1981 - ... and several compile errors
1982
c72a2049
AJ		 1983Changes to squid-3.2.1 (15 Aug 2012):
1984
1985 - Bug 3605: memory leak in peer selection
1986 - Bug 3478: better default handling without -DSTRICT_ORIGINAL_DST
1987 - ... and some documentation updates
1988
a9eec4aa
AJ		 1989Changes to squid-3.2.0.19 (02 Aug 2012):
1990
1991 - Regression Bug 3580: IDENT request makes squid crash
1992 - Regression Bug 3577: File Descriptors not properly closed
1993 - Regression Bug 3478: Allow peer selection and connection auth on intercepted traffic
1994 - Regression Fix: Restore memory caching ability
1995 - Bug 3556 Workaround: epoll assertion failed: comm.cc:1093: isOpen(fd)
1996 - Bug 3551: store_rebuild.cc:116: "store_errors == 0" assertion
1997 - Bug 3525: Do not resend nibbled PUTs and avoid "mustAutoConsume" assertion.
1998 - Avoid bogus "Disk space over limit" warnings when rebuidling dirty ufs index
1999 - Support custom headers in [request|reply]_header_* manglers
2000 - ... and much code polishing
2001
5cc53d80 2002Changes to squid-3.2.0.18 (29 Jun 2012):
f787354b
AJ		 2003
2004 - Bug 3576: ICY streams being Transfer-Encoding:chunked
2005 - Bug 3537: statistics histogram leaks memory
2006 - Bug 3526: digest authentication crash
2007 - Bug 3484: Docs: sslproxy_cert_error example flawed
2008 - Bug 3462: Delay Pools and ICAP
2009 - Bug 3405: ssl_crtd crashes failing to remove certificate
2010 - Bug 3380: Mac OSX compile errors with CMSG_SPACE
2011 - Bug 3258: Requests hang when Host forgery verify fails
2012 - Bug 3186: Digest auth caches failed state without revalidating
2013 - Bug 2976: ERR_INVALID_URL for transparently captured requests when reconfiguring
2014 - Bug 2885: AIX: check and set required compiler flags
2015 - Fix ssl_crtd compile issues with libsslutil
2016 - Fix build with GCC 4.7 (and probably other C++11 compilers).
2017 - Fix double-escape of %R on deny_info redirect responses
2018 - Support status 308 Permanent Redirect
2019 - Support for TLSv1.1 and TLSv1.2 options and methods
2020 - Support passing external_acl_type credentials on ICAP
2021 - Language Updates: fr, hy, pt_BR
2022 - ... and many compile issues on Windows
2023 - ... and some minor code polish
2024
5cc53d80 2025Changes to squid-3.2.0.17 (12 Apr 2012):
f949585d
AJ		 2026
2027 - Bug 3527: EUI compile errors on Mac OS X 10.5.8 PPC
2028 - Bug 3509: kQueue compile error
2029 - Bug 3505: crash in CbcPointer<Comm::ConnOpener> constructor
2030 - Bug 3441: Part 3: Replace corrupted v1 swap.state with new v2 format.
2031 - Bug 3397: do not mark connection as opened until after SYN-ACK
2032 - Bug 3193: NTLM decoder truncating strings
2033 - Windows FD handling polish and some fixes
2034 - Solaris 9/10 various build fixes
2035 - ... and some more code polish
2036
5cc53d80 2037Changes to squid-3.2.0.16 (07 Mar 2012):
488e6901
AJ		 2038
2039 - Bug 3508: Correct DNS timeout handling.
2040 - Bug 3503: DNS PTR queries timeout due to wrong QIDs.
2041 - Bug 3497: Bad ssl_crtd db size file causes infinite loop
2042 - Bug 3490: part 1: SegFault opening FTP active data connections
2043 - Bug 3490: Crash writing Apache Common and Referer/Useragent logs
c5426f8f 2044 - Bug 3458: Icon Serving (squid-internal-static) Broken
488e6901
AJ		 2045 - Bug 3457: Display TLS error details in ERR_SECURE_CONNECT_FAIL
2046 - Bug 3381: 32-bit overflow assertion in StatHist
2047 - Bug 3324: loadFromFile: parse error while reading template file
2048 - Support sslpassword_program for ssl-bump HTTP ports
2049 - Support CoAP protocol coap:// and coaps:// URL schemes in HTTP requests
2050 - Retry requests that failed due to a persistent connection race
2051 - Log '-' on requests with no Referer or User-Agent headers
2052 - ... and several fixes related to in-transit object performance
2053 - ... and some structural design changes for portability
2054
5cc53d80 2055Changes to squid-3.2.0.15 (06 Feb 2012):
f9329b54
AJ		 2056
2057 - Bug 3472: segfault with the message 'urlParse: URL too large'
2058 - Bug 3471: segfault when %la formating code used
2059 - Bug 3449: part 3: shm_open can fail with a mangled path
2060 - Bug 3449: part 4: shm_open failed (fixing memory_cache_shared defaults)
2061 - Bug 3448: 204 response problem in adaptation chains
2062 - Bug 3447: assertion failed: CommCalls.h:150: "dp"
2063 - Bug 3461: build regression in IPFilter NAT
2064 - Bug 3413: raise cbdata lock limits
2065 - Bug 3391: forwarded_for log functionality broken
2066 - Bug 3268: Squid cannot do anything else during ufs/diskd rebuild
2067 - Bug 3268: remove wrong 'Ready to serve requests.' message
2068 - Bug 2519: ssl_bump + Authentication (LDAP Digest) issues
2069 - Disable OpenSSL SSL/TLS bug workarounds by default
2070 - Send DNS A and AAAA queries in parallel
2071 - Cache Manager migration support
2072 - Allow service of internal requests over reverse-proxy ports
2073 - Fix trimMemory for unswappable objects
2074 - ... and several build and polish fixes
2075
902bc38b
AJ		 2076Changes to squid-3.2.0.14 (12 Dec 2011):
2077
2078 - Bug 3433: Segfault closing SNMP
2079 - Bug 3420: Request body consumption races and !theConsumer exception.
2080 - Bug 3406: SSL Log Error in debug
2081 - Bug 3383: store.cc:1631: "new_status != IN_MEMORY" assertion
2082 - Bug 3383: unhandled exception: theGroupBSize > 0
2083 - Bug 3377: assertion failed: store.cc:885: "store_status == STORE_PENDING"
2084 - Bug 3367: fix inverted check on host_strict_verify
2085 - Bug 3366: assertion comm.cc:1276: isOpen(fd) via CompositePoolNode::kickReads
2086 - Bug 3364: SNMP Orphans
2087 - Bug 3301: ERR_DNS_FAIL never shown
2088 - Bug 3150: do not start useless unlinkd
2089 - ext_session_acl: version 1.2
2090 - Add adaptation_meta option
2091 - Add a mask on the qos_flows miss configuration value
2092 - Support intermediate CA in ssl-bump traffic certificates
2093 - Support SSL certificate failure details on error page
2094 - Fix flags for NAT intercept and TPROXY not set correctly
2095 - Fix fastCheck() default result on multi-line actions
2096 - Fix missing SMP shared memory statistics
2097 - Fix Comm::Write closing() assertion when retrying a failed UDP DNS query
2098 - ... and several other TCP and SMP support behaviour fixes
2099 - ... and many code polishing cleanups and fixed build errors
2100 - ... and several documentation polishings
2101
8fe9e0a2
AJ		 2102Changes to squid-3.2.0.13 (14 Oct 2011):
2103
2104 - Regression Bug 3363: never_direct always 'unable to forward this request at this time'
2105 - Regression Bug 3351: FTP timeout causing "store_status == STORE_PENDING" assertion
2106 - Regression Bug 3336: reconfigure assertion 'hlp->childs.n_running > 0'
2107 - Regression fix: always_direct/never_direct failures
2108 - Regression fix: stop an SSL header file being included after --disable-ssl
2109 - Regression fix: parse HTTP list headers with embedded 8-bit characters
2110 - Bug 3355: configure setting --with-swapdir ignored
2111 - Bug 3325: option to selectively enable strict host verify checks
2112 - Bug 3337: HTTP status 200 is not accepted for deny_info
2113 - Bug 3077: '\' in url query strings cause Digest authentication to fail
2114 - Support SMP worker shared memory cache
2115 - Support SMP worker shared disk cache (rock)
2116 - ext_session_acl: version 1.1
2117 - Fix Host verify: do not pinn destination IP if URL re-write has been done
2118 - Fix IPF interception
2119 - Fix ssl_crtd "Cannot add certificate to db" when updating expired cert
2120 - Fix ssl_crtd CertificateDB locking scheme
2121 - ... and all changes from 3.1.16
2122 - ... and many compile and polishing fixes
2123
f96fd18d
AJ		 2124Changes to squid-3.2.0.12 (17 Sep 2011):
2125
2126 - Regression Bug 3335: ICAP service is down
2127 - Regression Bug 3322: adapt:: and icap:: format codes do not parse
2128 - Regression Bug 3303: Support for non-English usernames in log files
2129 - Regression Bug 3259: assertion failed: Connection.cc:29: 'fd<0' after REVIVED PARENT
2130 - Regression: %I shows hostname on SSL error page
2131 - Regression: FTP outgoing port always 'in use' on PASV connections
2132 - Bug 3337: (partial) status 200 is not accepted for deny_info
2133 - Bug 3319: Inconsistencies in error messages
2134 - Bug 3281: pconn in-use while closing assertion
2135 - Bug 3243: Fix cases: raw-IPv6, case variant FQDN, internal request
2136 - Fixed max-stale check. Entities not exceeding max-stale were marked as stale
2137 - Adjust format code %la for intercepted connections
2138 - Log ICAP_ERR_GONE ICAP transaction outcome when ICAP initiator disappears early
2139 - Send RST packet when closing an ICAP connection after a transaction error
2140 - Support maximum field width for string access.log fields
2141
2284b7f7
AJ		 2142Changes to squid-3.2.0.11 (28 Aug 2011):
2143
2144 - Bug 3243: CVE-2009-0801 Bypass of browser same-origin access control
2145 - Host: authority validation of intercepted destination IP
2146 - Host: authority validation of request URL
2147 - Host: authority validation of CONNECT tunnel destination
2148 - Preserve client destination IP in intercepted communication
2149 - Regression Bug 3316: Failed to connect to nameserver using TCP
2150 - Regression Bug 3311: segmentation fault in getMyPort() with only intercept port set
2151 - Regression Bug 3310: %<pt translates as %<p
2152 - Regression Bug 3301: ERR_DNS_FAIL never shown (partial)
2153 - Regression Bug 3288: %<la and %<lp not displaying
2154 - Bug 3289: cache manager parameters not parsed without password
2155 - Bug 2279: Log Format options to log server source IP and port
2156 - Bug 3211: ssl_crtd start even if no ssl-bump port is configured
2157 - Bug 3138: squidclient mgr:objects/mgr:vm_objects never ends
2158 - Bug 3118: ecap_enable on forces icap_enable on
2159 - Bug 3107: ncsa_auth DES silently truncates passwords to 8 bytes
2160 - Default to vhost for accelerator mode (reverse proxy)
2161 - Display HTTP protocol syntax at section 11 level 2
2162 - Support for using custom keys in CARP parents
2163 - Optimize regular expression ACLs
2164 - ... and a lot of code portability fixes
2165 - ... and all bugs and polish changes from 3.1.15
2166
3ff024ec
AJ		 2167Changes to squid-3.2.0.10 (24 Jul 2011):
2168
2169 - Port from 2.7: act-as-origin for reverse proxy ports
2170 - Regression fix: broken --disable-ipv6
2171 - Regression fix: negative cacheing on unknown or -1 expiry timestamp
2172 - Regression fix: vhost and defaultsite causing vport to be ignored
2173 - Regression fix: several errors in persistent connection handling
2174 - Regression Bug 3280: allow max-size unset and min-size=N for large objects
2175 - Regression Bug 3245: reconfigure assertion in MemPools[type]
2176 - Regression Bug 3274: assertion failed: CommCalls.h:144: "dp"
2177 - Regression Bug 3273: assertion comm.cc:775: Comm::IsConnOpen(conn)
2178 - Regression Bug 3269: cache.log applyQueryParams messages
2179 - Regression Bug 3264: Segmentation Fault in src/ipc/Strand.cc(54) receive: 3
2180 - Regression Bug 3246: assertion client_side.cc:1407 connIsUsable(http->getConn())
2181 - Bug 3267: workers IPC mount points disobey --localstatedir
2182 - Bug 3248: login=NEGOTIATE sends wrong auth header to origin peers
2183 - Bug 3247: Domain from URL Stripped when going through peers
2184 - Bug 3244: wrong port for peer relayed requests
2185 - Bug 3195: kerberos_ldap_group will not build without kerberos
2186 - Bug 2862: add http(s):// support to cache manager
2187 - kerberos_ldap_group: several fixes to -S option
2188 - ssl_crtd: Add man(8) file
2189 - ... and several pieces of code cleanup and polishing.
2190 - ... and most bug fixes and updates from 3.1.14 and 3.1.15
2191
6d44d1e9
AJ		 2192Changes to squid-3.2.0.9 (18 Jun 2011):
2193
2194 - Bug 3159: delay pools --disable-auth compile problems
2195 - HTTP/1.1: Support multiline quoted-string header fields
2196 - HTTP/1.1: Send 505 Unsupported Version on mangled version codes
2197 - Support configurable and translated SSL error details messages
2198 - Add log format codes for split client/server views of HTTP request line
2199 - Major upgrade of TCP connection handling
2200 - Support split-stack IPv6 to servers
2201 - Support persistent connections with tcp_outgoing_address/tcp_outgoing_tos
2202 - Optimized persistent connection handling
2203 - Optimized FTP data connection handling
2204 - Optimized TCP failure recovery
2205 - ... and all bug fixes and updates from 3.1.12.3
2206 - ... and many code polish, documentation and translation cleanups
2207
65f2789a
AJ		 2208Changes to squid-3.2.0.8 (30 May 2011):
2209
2210 - Bug 3214: "helperHandleRead: unexpected read from ssl_crtd" errors.
2211 - Bug 3043: Properly detect Iphlpapi.h on windows
2212 - Bug 2055: Honor ICAP Max-Connections
2213 - Fix NTLM/Negotiate reply auth PASSTHRU to peers
2214 - Support SSL SNI to origin servers
2215 - Add %EXT_LOG and %EXT_TAG external_acl_type format options
2216 - Add %b tag for proxy listening port display in error pages
2217 - Optimize base64 encoding/decoding
2218 - Require libcap before enabling netfilter MARK support
2219 - Require libtool 2.2
2220 - Bundle pkg.m4 from pkg-config 0.25 for OS without pkg-config
2221 - ... and all bug fixes and updates from 3.1.12.2
2222 - ... and some documentation and code polishing
2223
065f7779
AJ		 2224Changes to squid-3.2.0.7 (19 Apr 2011):
2225
2226 - Regression fix: NTLM and Negotiate auth assertion "RefCountCount() == 2"
2227 - Regression fix: icons/ FHS compliance
2228 - Regression fix: Startup aborts with URL error when --disable-htcp
2229 - Bug 3192: comm.cc:216: "fd_table[fd].halfClosedReader != NULL"
2230 - Add negotiate_wrapper_auth version 1.0.1
2231 - Fixed %dt logging in the presence of REQMOD
2232 - Fixed chunked request forwarding in ICAP REQMOD presence
2233 - ... all bug fixes and updates from 3.1.12.1
2234 - ... many code polishings and display cleanups
2235
7d9ce496
AJ		 2236Changes to squid-3.2.0.6 (04 Apr 2011):
2237
2238 - Regression fix: upgrade existing icons
61beade2 2239 - Regression fix: do not crash when accessing an SSL certificate with errors
7d9ce496
AJ		 2240 - Regression fix: prevent stdio log module segfaults on rotate
2241 - Regression fix: shutdown properly even if a worker process crashes on exit
2242 - Regression Bug 3159: (partial fix) ICAP and --disable-auth compile problems
2243 - Bug 3170: "Unsupported or unconfigured/inactive proxy-auth scheme" on shutdown
2244 - Bug 3105: malformed Proxy-Authorization leaks memory
2245 - Bug 3007: CONNECT to cache_peer returns 000 status code
2246 - Bug 2885: Compile errors on AIX
2247 - Support parameterized Cache Manager queries
2248 - Support libecap v0.2.0; fixed eCAP body handling and logging
2249 - Support dynamic adaptation plans that cover multiple vectoring points
2250 - Support %D details for documented OpenSSL errors
2251 - Support logging of all transactions including those with uncertain status or no sent response
2252 - Updrate negotiate_kerberos_auth to version 3.0.4sq
2253 - Update ext_kerberos_ldap_group_acl to version 1.3.0sq
2254 - Update ext_edirectory_userip_acl to version 2.1
2255 - Convert dns_timeout and dns_retransmit_interval directives to use millisecond resolution
2256 - Change the default dns_timeout value from 2 minutes to 30 seconds
2257 - Fix TCP log stream flushing on every line
2258 - ... all bug fixes and updates from 3.1.12
2259 - ... a great many compiler portability fixes
2260 - ... many code polishings and display cleanups
2261
850ff99f
AJ		 2262Changes to squid-3.2.0.5 (12 Feb 2011):
2263
2264 - Regression Fix: profiler should not be built by default
2265 - Regression Bug 3081: assertion failed: AsyncCallQueue
2266 - Regression Bug 2948: Requests for FTP active downloads cause failed assertion
2267 - Bug 3089: FTP command output overrides directory listing
2268 - Bug 2870: --disable-auth does not work
2269 - Bug 2586: multiple memory leaks during reconfigure
2270 - Bug 2581: FTP directory listing sometimes fails
2271 - Port from 2.7: maximum staleness limits
2272 - HTTP/1.1: Support RFC 5861 Cache-Control: stale-if-error option
2273 - HTTP/1.1: Support configurable status codes for deny_info
2274 - Support upcoming "fresh message creation" eCAP API
2275 - Aggregate SNMP responses when using SMP with multiple workers
2276 - Several more Solaris, Windows and ICC support fixes
2277 - ... all bug fixes and updates from 3.1.11
2278 - ... and more code cleanup shufflings
2279 - ... and several documentation updates
2280
834d2128
AJ		 2281Changes to squid-3.2.0.4 (22 Dec 2010):
2282
2283 - Port 2.x: cache_dir min-size setting
2284 - Bug 3059: Crash on digest auth headers with unknown nonce
2285 - Fix cachemgr reported HTTP/ICP requests/messages per minute when multiple workers used
2286 - Fix cachemgr mem-pools reporting
2287 - Add Dynamic SSL certificate generation
2288 - Add useragent, referer, combined built-in log formats
2289 - Obsolete log_fqdn directive
2290 - Obsolete useragent/referer/forward_log directives
2291 - HTTP/1.1: Send 1.1 on CONNECT responses
2292 - Updated Kerberos support for newer GSSAPI releases
2293 - Improve handling of adapted body delivery failures in REQMOD request satisfaction mode
2294 - Improve handling of early eCAP transaction failures
2295 - Various ext_edirectory_acl fixes
2296 - ... all bug and feature fixes included in 3.1.10 release
2297 - ... and a lot of code and documentation polishing
2298
1664edf4 2299Changes to squid-3.2.0.3 (07 Nov 2010):
b40d9a33
AJ		 2300
2301 - Regression fix: SMP broke ICP outgoing IP lookup if no udp_outgoing_addr set
2302 - Regression fix: ESI processing of Surrogate filter
1664edf4 2303 - Bug 3091: bypassed ICAP errors are not counted as service failures
b40d9a33 2304 - Bug 3048: "commio_has_callback(fd, IOCB_READ, ccb)" assertion.
1664edf4 2305 - Bug 3038: Detatch libmisc from libcompat
b40d9a33
AJ		 2306 - Bug 3028: Permit wbinfo_group.pl to authenticate Kerberos users with NT domain
2307 - Bug 3002: store initialization (-z) does not work with SMP configs
2308 - Bug 2999: v2.0 of ext_edirectory_userip_acl
2309 - Bug 2785: DNS needs to set EDNS options advertising Squid capabilities
2310 - Bug 595: Add %err_code and %err_detail logformat codes for transaction failures
2311 - HTTP/1.1: support If-Match and If-None-Match requests
2312 - HTTP/1.1: forward 1xx control messages to clients that support them
2313 - HTTP/1.1: send Age:0 header even if it may break IE5
2314 - HTTP/1.1: dechunk incoming requests and chunk outgoing requests
2315 - HTTP/1.1: entry is stale if request has max-age=0
2316 - HTTP/1.1: harden quoted-string parser
2317 - Add --enable-build-info for extra "squid -v" display
2318 - Add --with-swapdir=PATH to override default /var/cache/squid
2319 - Add cpu_affinity_map directive to bind workers to CPU cores
2320 - Add Netfilter MARK support for QoS
2321 - Add upgrade process for obsolete options
2322 - Add support for RFC 2965 Set-Cookie2 / Cookie2 headers
2323 - Add support for client send bandwidth limits (a.k.a., quota or delay pool)
2324 - Fixes Eui48 support on OpenBSD
2325 - Fixes cache manager support with SMP configs
2326 - ... several documentation updates
2327 - ... all bug and feature fixes included in 3.1.9 release.
2328 - ... many more code polishes and leak removals
2329
dee6a922
AJ		 2330Changes to squid-3.2.0.2 (04 Sep 2010):
2331
2332 - Bug 3015: assertion failed: comm.cc:143: "ccb->active()"
2333 - Support rotating logs from cachemgr and squidclient
2334 - Support Kerberos authentication in squidclient
2335 - Add manual page for negotiate_kerberos_auth
2336 - Add helper ext_kerberos_ldap_group_acl to lookup Kerberos/NTLM group via LDAP
2337 - Add tool 'purge' for management of UFS/AUFS/DiskD caches (experimental)
2338 - Added log options %http::<bs and %icap::<bs
2339 - Collapse HTCP cache_peer options into one setting
2340 - Improved request smuggling attack detection. Tolerating valid benign HTTP
2341 - ... and several HTTP/1.1 compliance improvements
2342 - ... and all improvements in 3.1.7 and 3.1.8
2343
6be4a9a8
AJ		 2344Changes to squid-3.2.0.1 (03 Aug 2010):
2345
2346 - Port from 2.7: Logging infrastructure updates
2347 - Port from 2.7: Unique sequence number per log line
2348 - Port from 2.6: STORE_META_OBJSIZE swapout storage type
2349 - Bug 2792: tcp_outgoing_addr does not work with TPROXY
2350 - Bug 2631: refresh_pattern store-stale option
2351 - Bug 2305: Multiple leaks and assertion crashes in authentication
2352 - Bug 1239: Much needed ACL type random
2353 - Bug 7: (partial): Migrate on-disk objects to cache_mem on hit/refresh and update
2354 - Support full Surrogate/1.0 protocol extensions to HTTP for reverse-proxies
2355 - Support SMP for essential non-caching functionality
2356 - Support logging over TCP
2357 - Support Solaris 10 pthreads (experimental)
2358 - Support Kerberos login to peers
2359 - Support EUI / MAC in more environments
2360 - Support format tags in deny_info URLs
2361 - Support running helpers on-demand instead of all at startup
2362 - Support fully transparent login=PASSTHRU of authentication headers to peers
2363 - Support multi-lingual localised FTP directory listings
2364 - Support TPROXYv4 spoofing of X-Forwarded-For client address
2365 - Support ICAP 206 Partial Content extension
2366 - Append the _ABORTED or _TIMEDOUT suffixes to the action access.log field
2367 - Add ACL support to range_offset_limit
2368 - Add helpers for url_rewrite
2369 - Add helper multiplexer for concurrency emulation with legacy helpers
2370 - Add Perl library which facilitates parsing access logfile entries.
2371 - Add a simple script to summarise traffic use per user
2372 - Add templates for captive portal proxy configuration instructions
2373 - Add logging of the local TCP port used by transactions with HTTP servers
2374 - Update mswin_check_ad_group to version 2.0
2375 - Update squid_kerb_auth helper to version 3.0.2
2376 - Remove double-language error page hack (replaced by locale auto-negotiation)
2377 - Remove TPROXYv2 support (replaced by TPROXYv4)
2378 - Remove no_check.pl NTLM helper (replaced by ntlm_fake_auth)
2379 - Re-work ./configure script for smarter auto-detect and early error checks
2380 - Auto-enable all features by default
2381 - Workaround com_err.h C++ brokenness triggered by OpenSSL includes
2382 - Helpers naming scheme
2383 - Add support for write timeouts
2384 - Modify icap_service_failure_limit option to forget old ICAP errors
2385 - Updated man(8) manuals including several additions and translations
2386 - ... and a great many code cleanups
2387 - ... and a great many testing improvements
2388 - ... and many documentation updates
2389
56eea3f2
AJ		 2390Changes to squid-3.1.23 (09 Jan 2013):
2391
2392 - Additional fixes for CVE-2012-5643 / SQUID:2012-1
2393
bd4920ca
AJ		 2394Changes to squid-3.1.22 (03 Dec 2012):
2395
2396 - Bug 3685: Squid hangs in Delay Pools ClassCBucket::update
2397 - Bug 3659: read_timeout problem with HTTPS
2398 - Bug 3654: Fix IPv6 enabled squidclient
2399 - Bug 3189: AIO thread race on pipe() initialization
2400 - cachemgr.cgi: Memory Leaks and DoS Vulnerability
2401
4c73ceb8
AJ		 2402Changes to squid-3.1.21 (23 Sep 2012):
2403
2404 - Bug 3622: peerClearRRStart scheduling multiple events
2405 - Bug 3615: configure check for default max number of FDs is broken
2406 - Bug 3607: --enable-auth documented default action incorrect
2407 - Bug 3593: socket failure: Address family not supported by protocol
2408 - Bug 3584: Detection of setresuid() is broken
2409 - Bug 3568: Consolidate external_acl_type config dumping and add missing %%
2410 - Bug 3564: eCAP not supporting CoAP URI schemes
2411 - Bug 3484: Docs: sslproxy_cert_error example flawed
2412 - Bug 3462: Delay Pools and ICAP
2413 - Bug 3133: better fix: Memory leak handling requests for sites that don't exist
2414 - Bug 2976: ERR_INVALID_URL for transparently captured requests when reconfiguring
2415 - Silence IOS 15.1 unknown capabilities messages.
2416 - Account for Store disk client quota when bandwidth-limiting the server.
2417 - ... and several documentation fixes
2418 - ... and several compile fixes
2419
5cc53d80 2420Changes to squid-3.1.20 (08 Jun 2012):
dd8d2619
AJ		 2421
2422 - Regression Bug 3545: FreeBSD dnsserver segfaults
2423 - Regression Bug 3504: clientside_tos fails to mark traffic
2424 - Bug 3539: CONNECT server connection not closed correctly on errors
2425 - Bug 3502: client timeout uses server-side read_timeout, not request_timeout
2426 - Bug 3466: Adaptation stuck on last single-byte body piece
2427 - Bug 3463: dnsserver fails to compile
2428 - Bug 3439: correct external_acl_type documented default for ipv4/ipv6 option
2429 - Bug 3390: Proxy auth data visible to scripts
2430 - Bug 3263: ssl_crtd: undefined references to squid_curtime
2431 - Bug 3233: Invalid URL accepted with url host is white spaces
2432 - Bug 3133: Memory leak handling requests for sites that don't exist
2433 - Bug 3074: Improper URL handling with empty path (RFC 3986)
2434 - Bug 3013: segmentation fault on shutdown commSetCloseOnExec at comm.cc:1889
2435 - Regression: snmp/udp address directives not resolving hostname
2436 - Better helper-to-Squid buffer size management.
2437 - Support CoAP over HTTP (coap:// and coaps:// URLs)
2438 - Support for 3.2 error template codes
2439
5cc53d80 2440Changes to squid-3.1.19 (06 Feb 2012):
f9329b54
AJ		 2441
2442 - Regression Bug 3441: part 2: Prevent further cache size corruption of swap.state
2443 - Bug 3473: erase last uses of obsolete auth_user_hash_pointer
2444 - Bug 3470: GCC 4.7
2445 - Bug 3442: assertion failed: external_acl.cc:908: ch->auth_user_request != NULL
2446 - Bug 3441: part 1: Minimize cache size corruption by malformed swap.state
2447 - Bug 3440: compile error in Adaptation
2448 - Bug 3420: Request body consumption races and !theConsumer exception
2449 - Bug 3370: external ACL sometimes skipping
2450 - Bug 3085: Crash when parsing esi:include
2451 - HTTP/1.1: do not add 110 and 111 Warnings to revalidated responses
2452 - Fix SSL library dependency fixes
2453
339383cc
AJ		 2454Changes to squid-3.1.18 (03 Dec 2011):
2455
2456 - Regression: compile error in FTP
2457
c218b24d
AJ		 2458Changes to squid-3.1.17 (03 Dec 2011):
2459
2460 - Bug 3432: Crash logging FTP errors
2461 - Bug 3428: Active FTP data channel accepted twice
2462 - Bug 3423: access violation in URL parser
2463 - Bug 3422: Buffer overflow in recv-announce
2464 - Bug 3412: External ACL Uses Invalid Cache Entry
2465 - Bug 3408: Wrong header length leads to EFAULTs when creating UFS swap.log.new
2466 - Bug 3398: persistent server connection closed after PUT/DELETE
2467 - Bug 3299: dnsserver: various undefined references
2468 - Bug 3077: '\' in url query strings cause Digest authentication to fail
2469 - Bug 2910: MemBuf may grow beyond max_capacity
2470 - Bug 2619: Excessive RAM growth due to unlimited adapted body data consumption
2471 - Bug 1243: Build overrides configured AR setting
2472 - Avoid crashes when processing bad X509 common names (CN).
2473 - Support %% in external ACL format
2474 - ... and several other compile error fixes
2475 - ... and several documentation fixes
2476
8fe9e0a2
AJ		 2477Changes to squid-3.1.16 (14 Oct 2011):
2478
2479 - Bug 3373: invalid URL in ERR_CACHE_ACCESS_DENIED
2480 - Bug 3368: Unhandled exceptions are not logged (workaround)
2481 - Bug 3326: miss_access incorrect default
2482 - Bug 3320: miss_access description confusing
2483 - Bug 3241: squid_kerb_auth cross compilation fix
2484 - Bug 3237: seq fault in free() from rfc1035RRDestroy
2485 - Bug 3190: Large HTTP POST stuck after early ICAP 400 error response
2486 - db_auth: display available DSN drivers on connect error
2487 - Updated OpenSSL 1.0.0 version checks
2488 - ... and several documentation fixes
2489
2f954743
AJ		 2490Changes to squid-3.1.15 (28 Aug 2011):
2491
2492 - Regression fix: vhost and defaultsite causing vport to be ignored
2284b7f7 2493 - Regression Bug 3295: broken escaping in rfc1738_do_escape
2f954743
AJ		 2494 - Bug #3232: fails to compile with OpenSSL v1.0.0
2495 - Bug #3222: cache_peer name is not logging on CONNECT
2496 - Bug #3131: fd_table[fd].closing() assert from ConnStateData::noteMoreBodySpaceAvailable()
2497 - Bug #3217: "!fd_table[fd].closing()" from ServerStateData::noteMoreBodySpaceAvailable
2498 - Bug #3213: https sites (CONNECT) not open when using NTLM
2499 - Bug #3114: Memory leak in SSL certificate verify code
2500 - Bug #3107: ncsa_auth DES silently truncates passwords to 8 bytes
2501 - Bug #2662: cf_gen failure when cross compiling
2502 - Bug #2655: passing wrong the username to the url_rewrite_program
2503 - Bug #2495: ignore whitespace prefix on config lines
2504 - Bug #2051: 'default' cache_peer option does not match documentation
2505 - Bug #1842: Optimize order of tests in peerWouldBePinged() and peerHTTPOkay()
2506 - Bug #1791: timestampsSet does not validate Date: if server sends very old date
2507 - Correct parsing of large Gopher indexes
2508 - Enable negative cacheing on unknown or -1 expiry timestamp
2284b7f7 2509 - Remove hierarchy_stoplist default value
2f954743
AJ		 2510 - Migrate cf_gen tool from C-style to C++
2511 - ... and several documentation and compiler warning fixes
2512
04f5e27a
AJ		 2513Changes to squid-3.1.14 (04 Jul 2011):
2514
2515 - Regression Bug 3261: Could not create a DNS socket and exit
2516
e074e5be
AJ		 2517Changes to squid-3.1.13 (01 Jul 2011):
2518
2519 - Regression Bug 3239: problems with myip/myport upgrade
2520 - Bug 3153: hung ICAP RESPMOD transactions
2521 - Update ssl_crtd to use 'OK' status inline with other helpers
2522
6d44d1e9
AJ		 2523Changes to squid-3.1.12.3 (18 Jun 2011):
2524
2525 - Bug 3236: Port of %oa, %<lp and %<lp and %<la log format options
2526 - Bug 3214: unexpected read from ssl_crtd
2527 - Bug 3153: Prevent ICAP RESPMOD transactions getting stuck with the adapted body
2528 - Fix RADIUS helper resource leak
2529 - Fix segfault parsing digest auth realm
2530 - Fix segfault in parse_eol()
2531 - Fixed bypass of SSL certificate validation errors
2532 - Warn about myip/myport problems on interception proxies
2533 - Polish: display easily grepped config lines on -k parse
2534 - Fix squidclient -V option and allow non-HTTP protocols to be tested
2535
65f2789a
AJ		 2536Changes to squid-3.1.12.2 (30 May 2011):
2537
2538 - Bug 3226: Tags from external ACLs do not correctly expire
2539 - Bug 3215: Malformed IPv6 DNS reverse lookup
2540 - Bug 3209: ssl-bumped requests forwarded unencrypted to the parent proxies/caches
2541 - Bug 3205: SSL-bump starts then hangs
2542 - Bug 3178: gcc-4.6 complains unused variables
2543 - Bug 3122: Unknown record type in WCCPv2 Packet (6)
2544 - Bug 2965 (partial): Compile errors on MinGW
2545 - Fix to only ssl-bump CONNECT requests if they are about to be tunneled
2546 - Fix cache manager display of -i/+i in regex ACL config display
2547 - Fix cache manager display of cache_peer options userhash and sourcehash
2548 - Fix URL re-writer loosing many transaction details
2549 - Fix always-true comparison in ICAP for some 32-bit platforms
2550 - Support for 'slow' group ACLs in ssl_bump access control
2551 - Support OpenSSL 1.0.0 built without SSLv2
2552 - Support GCC 4.6 and binutils-gold
2553 - Add CSS id attribute to BODY tag of generated error pages.
2554 - Display WARNING and ERROR when max_filedescriptors has failed
2555
065f7779
AJ		 2556Changes to squid-3.1.12.1 (19 Apr 2011):
2557
2558 - Port from 3.2: Dynamic SSL Certificate generation
2559 - Bug 3194: selinux may prevent ntlm_smb_lm_auth from using /tmp
2560 - Bug 3185: 3.1.11 fails to compile on OpenBSD 4.8 and 4.9
2561 - Bug 3183: Invalid URL accepted with url host part of only '@'
2562 - Display ERROR in cache.log for invalid configured paths
2563 - Cache Manager: send User-Agent header from cachemgr.cgi
2564 - ... and many portability compile fixes for non-GCC systems.
2565
7d9ce496
AJ		 2566Changes to squid-3.1.12 (04 Apr 2011):
2567
2568 - Regression fix: Use bigger buffer for server reads.
2569 - Regression fix: Add reply_header_replace directive for ability lost since 2.7
2570 - Bug 3181: /dev/poll fails to build on Solaris with GCC 4.5.0
2571 - Bug 3177: assertion failed: comm.cc:1583: "fd >= 0"
2572 - Bug 3175: IPv6 PTR lookup crashes on raw-IP URLs when IPv6 disabled
2573 - Bug 3173: Assertion bodyPipe!=NULL on SslBump CONNECT response writing failure
2574 - Bug 3164: Total memory info display 32-bit overflows
2575 - Bug 3155: Werror is hard-coded in libTrie build
2576 - Bug 3151: squid_kerb_auth: use autoconf LIBS instead of FLAGS for library linkage
f787354b 2577 - Bug 2976: invalid URL on intercepted requests during reconfigure (workaround)
7d9ce496
AJ		 2578 - Bug 2720: comment in same line as cache/mem_replacement_policy causes error
2579 - Bug 2621: Provide request headers to RESPMOD when using cache_peer.
2580 - Bug 2330: AuthUser objects are never unlocked
2581 - Prevent CONNECT request relaying to origin servers
2582 - squidclient HTTP/1.1 compliance updates (Pragma and User-Agent headers)
2583 - squidclient: send Cache Manager password using -w
2584 - eCAP: give full Request-URI to adapters
2585 - ... and several debug and error display cleanups
2586
d88ad4db
AJ		 2587Changes to squid-3.1.11 (08 Feb 2011):
2588
2589 - Bug 3149: not caching eCAP adapted body
2590 - Bug 3144: redirector program blocks while reading STDIN
2591 - Bug 3140: memory leak in error page generation
2592 - Bug 3137: RADIUS auth helper does not send identifier to RADIUS server
2593 - Bug 3115: logging segfaults if access_log is set to a directory
2594 - Bug 2968: Show the Vary: headers information in cachemgr objects report
2595 - Bug 2959: remove SAMBAPREFIX dependency
2596 - Bug 2868: icc doesn't like string literal in assert checks
2597 - HTTP/1.1: Send 307 status on deny_info redirection
2598 - HTTP/1.1: Support POST/PUT with no body
2599 - HTTP/1.1: Allow persistent connections for Mozilla/3.0 User-Agents
2600 - Support RFC 5861 Cache-Control: stale-if-error option
2601 - Add ftp_eprt directive to disable EPRT extensions in FTP
2602 - Fix external_acl_type grace=0 to obey TTL
2603 - Fix IP/FQDN cache accounting to avoid idle caches on busy servers
2604 - Prevent pipeline_prefetch misconfigurations breaking NTLM/Negotiate auth
2605 - ... and some documentation updates and corrections
2606 - ... and some portability and stability fixes
2607
834d2128
AJ		 2608Changes to squid-3.1.10 (22 Dec 2010):
2609
2610 - Bug 3121: memory leak in DigestAuth: AuthUser object is locked twice
2611 - Bug 3113: Consuming too much memory when uploading files
2612 - Bug 3110: 'reply_body_max_size none' does not work with x-forwarded-for
2613 - Bug 3096: Consuming too much memory when delaying traffic
2614 - Bug 3091: Bypassed ICAP errors are not counted as service failures
2615 - Bug 3090: Polish FTP login error handing
2616 - Bug 3068: cache_dir capacity and usage overflows
2617 - Bug 3028: Permit wbinfo_group.pl to authenticate Kerberos users with NT domain
2618 - Bug 427: HTTP Compliance: Support If-Match and If-None-Match requests
2619 - Fix memory leak in adaptation_access
2620 - Fix /dev/poll and poll() selection priority
2621 - Fix PREFIX/var/run creation during install
2622 - Fix cachemgr http_port config report display
2623 - Add upgrade help process for obsolete options
2624 - Accept RFC 2965 Set-Cookie2 / Cookie2 headers as 'known'
2625 - HTTP/1.1: entry is stale if request has max-age=0
2626 - HTTP/1.1: do not forward TRACE with Max-Forwards: 0 after REQMOD
2627 - Toolchain update to support newer auto-tools
2628 - ... and updated error page translations
2629 - ... and updated documentation
2630 - ... and some code optimization/simplification polish
2631
e2f4c66a
AJ		 2632Changes to squid-3.1.9 (25 Oct 2010):
2633
2634 - Bug 3088: dnsserver is segfaulting
2635 - Bug 3084: IPv6 without Host: header in request causes connection to hang
2636 - Bug 3082: Typo in error message
2637 - Bug 3073: tunnelStateFree memory leak of host member
2638 - Bug 3058: errorSend and ICY leak MemBuf object
2639 - Bug 3057: 64-bit Solaris 9 Squid unable to determine peer IP and port
2640 - Bug 3056: comm.cc "!fd_table[fd].closing()" assertion crash when a helper dies
2641 - Bug 3053: cache version 1 LFS support detection broken
2642 - Bug 3051: integer display overflow
2643 - Bug 3040: Lower-case domain entries from hosts and resolv.conf files
2644 - Bug 3036: adaptation_access acls cannot see myportname
2645 - Bug 3023: url_rewrite_program silently fails to rewrite on broken URLs
2646 - Bug 2964: Prevent memory leaks when ICAP transactions fail
2647 - Bug 2808: getRoundRobinParent not handling weights correctly
2648 - Bug 2793: memory statistics sometimes display wrong
2649 - Bug 2356: Port from 2.7: Solaris /dev/poll event ports support
2650 - Bug 2311: crashes with ICAP RESPMOD for HTTP body size greater than 100kb
2651 - Ensure /var/cache or jail equivalent exists on install
2652 - HTTP/1.1: delete Warnings that have warning-date different from Date
2653 - HTTP/1.1: do not remove ETag header from partial responses
2654 - HTTP/1.1: make date parser stricter to better handle malformed Expires
2655 - HTTP/1.1: improve age calculation
2656 - HTTP/1.1: reply with a 504 error if required validation fails
2657 - HTTP/1.1: add appropriate Warnings if serving a stale hit
2658 - HTTP/1.1: support requests with Cache-Control: min-fresh
2659 - HTTP/1.1: do not cache replies to requests with Cache-Control: no-store
2660 - squidclient: Display IP(s) connected to in verbose (-v) display
2661 - Fixes several issues with ICAP persistent connections
2662 - Fixes small leaks in Netdb, DNS, ICAP, ICY, HTTPS
2663 - ... and some cosmetic polishing
2664
dee6a922
AJ		 2665Changes to squid-3.1.8 (04 Sep 2010):
2666
2667 - Bug 3033: incorrect information regarding TOS
2668 - Bug 3020: Segmentation fault: nameservers[vc->ns].vc = NULL
2669 - Bug 3005,2972: Locate LTDL headers correctly (again)
2670 - Bug 2872: leaking file descriptors
2671 - Bug 2583: pure virtual method called
2672 - Hardened DNS client against packet queue attacks
2673 - Hardened HTTP request-line parser
2674 - Several HTTP/1.1 support improvements
2675 - Improved cross-compile support
2676 - .. and several internal pointer safety fixes
2677
c3fe2798 2678Changes to squid-3.1.7 (23 Aug 2010):
161ec538 2679
c3fe2798 2680 - Regression Bug 3021: Large DNS reply causes crash
161ec538 2681 - Regression Bug 3011: ICAP, HTTPS, cache_peer probe IPv4-only port fixes
c3fe2798 2682 - Regression Bug 2997: visible_hostname directive no longer matches docs
161ec538
AJ		 2683 - Bug 3012: deprecate sslBump and support ssl-bump spelling in http_port
2684 - Bug 3006: handle IPV6_V6ONLY definition missing
2685 - Bug 3004: Solaris 9 SunStudio 12 build failure
2686 - Bug 3003: inconsistent concepts in documentation of cache_dir
2687 - Bug 3001: dnsserver link issues
2688 - HTTP/1.1: default keep-alive for 1.1 clients (bug 3016)
2689 - HTTP/1.1: Improved Range header field validation
2690 - HTTP/1.1: Forward multiple unknown Cache-Control directives
2691 - HTTP/1.1: Stop sending Proxy-Connection header
2692 - Fix 32-bit wrap in refresh_pattern min/max values
2693 - ... and several documentation corrections.
2694
aa844a33
AJ		 2695Changes to squid-3.1.6 (02 Aug 2010):
2696
2697 - Bug 2994, 2995: IPv4-only regressions
2698 - Bug 2991: Wrong parameters to fcntl() in commSetCloseOnExec()
2699 - Bug 2975: chunked requests not supported after regular ones
2700 - Fix: 32-bit overflow in reported bytes received from next hop
2701 - Fix Libtool build regressions
2702 - Limited split-stack IPv6 support.
2703 - squid_db_auth support MD5 encrypted passwords
2704
f41d79ba
AJ		 2705Changes to squid-3.1.5.1 (28 Jul 2010):
2706
2707 - Update Libtool to 2.2.
2708 - Bug 2985: search scope for digest_ldap_auth didn't work
2709 - Bug 2972: LTDL 2.2.6b compile errors
2710 - Bug 2963: Stop ignoring --with-valgrind-debug failures
2711 - Bug 2885: AIX support: several fixes
2712 - Bug 2651: crash handling NULL write callback
2713 - Fixed several memory leaks related to Range requests
2714 - Fixed Joomla DB auth handling
2715 - Fixed SASL helper build checks
2716 - Fixed several IPv6 portability problems
2717 - Updated error page translations
2718
88aa2b05 2719Changes to squid-3.1.5 (02 Jul 2010):
0e87db68 2720
88aa2b05
AJ		 2721 - Bug 2967: raw-IPv6 address URL with append_domain broken
2722 - Bug 2950: HTTP responses with no Date, L-M or Expires can now be cached
2723 - Bug 2943: ICAP tokens not logged when using multiple access
2724 - Bug 2937: Fails to detect chunked encoding if not given in all lower case
2725 - Bug 2903: does not send indirect X-Client-Ip in ICAP respmod
7e6cdc23 2726 - Fix free memory corruption and off-by-one error when comparing SNMP OIDs
88aa2b05
AJ		 2727 - Port from 2.7: max_filedescriptor config option
2728 - Fix persistent_connection_after_error is meant to be on by default
2729 - ... and several build errors.
0e87db68 2730
2d94c829
AJ		 2731Changes to squid-3.1.4 (30 May 2010):
2732
2733 - Bug 2933: Verification of the max. port number for WCCP2 dynamic service
2734 - Bug 2924: RADIUS helper compile issues
2735 - Bug 2922: Fix assertion failed: HttpHeader.cc: "Headers[id].stat.aliveCount"
2736 - Bug 2919: tcp_outgoing_address ACLs not obeying acl_uses_indirect_client
2737 - Bug 2896: Fix assertion failed: comm.cc:2063: "!fd_table[fd].closing()"
2738 - Bug 2879: pt2: 3.0 regression in headers end finding
2739 - Bug 2877: pt2: only output zero-size warning on reverse-proxy requests
2740 - Bug 2876: FD_SETSIZE override not working on all linux distributions
2741 - Bug 2810: common log format generates 2 lines of syslog
2742 - Bug 2789: Optimize unlimited memory pools, and correctly handle limits over 2GB
2743 - Bug 2753: Fall back on IPv4 if IPv6 is not present
2744 - Bug 2697: Adaptation leaks and extra requests after reconfiguration
2745 - Bug 2633: Fix Ecap::HeaderRep::value(name) fails when there is no named header field
2746 - Change LDAP helpers to default to LDAP version 3 if available
2747 - Add Joomla and Salted Hash support to squid_db_auth helper
2748 - Fixed IpAddress port printing for ports higher than 9999
2749 - Disable chunked memory pooling by default.
2750 - ... and several build errors.
2751
6808dbda
AJ		 2752Changes to squid-3.1.3 (02 May 2010):
2753
7e6cdc23 2754 - Remove: Advertise 1.1 on replies to clients (broken chunked handling)
6808dbda
AJ		 2755 - Fix tag ACL type not working
2756
ca959baa
AJ		 2757Changes to squid-3.1.2 (01 May 2010):
2758
2759 - Bug 2913: Fix DB auth warning in new perl version
2760 - Bug 2904: Prevent automake creating incomplete files
2761 - Bug 2899: Regression: Restore lost rfc1738_unescape() data type
2762 - Bug 2895: Regression: TPROXY2 compile errors
2763 - Bug 2879: Regression: headers end-finding
2764 - Bug 2874: Accept literal IPv6 address in icap_service URL
2765 - Bug 2860: Regression: WCCPv1 handshake
2766 - Bug 2848: Pass TCP_RST to client on early disconnect
2767 - Debian Bug 578047: Correct behaviour of --enable-ipv6
7e6cdc23
AJ		 2768 - HTTP/1.1: Advertise 1.1 on requests to servers
2769 - HTTP/1.1: Advertise 1.1 on replies to clients
ca959baa
AJ		 2770 - AIX / UNIX build fixes
2771 - Cygwin build fixes
2772 - squidclient: -k option to test connection keep-alive or close
2773 - Improved helper build for wider compatibility
2774 - Ensure the PID file directory exists on install
2775
2ec34bd3
AJ		 2776Changes to squid-3.1.1 (29 Mar 2010):
2777
2778 - Bug 2873: undefined symbol
2779 - Bug 2827: assertion in authentication
2780 - Remove ufsdump binary from default builds
2781 - Remove pinger from default startups
2782 - ... and several documentation updates.
2783
e09692bd
AJ		 2784Changes to squid-3.1.0.18 (14 Mar 2010):
2785
2786 - Regression Fix: IPv4-mapped prefix, broken in 3.1.0.16
2787 - Bug 2869: Remove unused external reference
2788 - Bug 2866: Support OpenSSL 1.0
2789 - Bug 2813: Random unix_group crash at startup
2790 - Send HTTP1.1 compliant 417 responses
2791 - Associate external acl message with the request
2792 - Various Digest parser fixes
2793 - ... and all bug fixes from 3.0 up to 3.0.STABLE25
2794
365d894c
AJ		 2795Changes to squid-3.1.0.17 (24 Feb 2010):
2796
2797 - Regression Fix: Non-English error page UTF encoding
2798 - Bug 2616: reduce IdleConnList::removeFD messages
2799 - Bug 1843: multicast-siblings cache_peer option
2800 - Port from 2.7: X509 certificate alias-domain handling
2801 - Add adapted_http_access option
2802 - NTLMv2 support for fake NTLM helper
2803
011dea45
AJ		 2804Changes to squid-3.1.0.16 (01 Feb 2010):
2805
2806 - Regression Fix: Make Squid abort on all config parse failures.
2807 - Regression Bug 2811: SNMP client/peer table OID numbering
2808 - Bug 2851: Connection pinning fails when using a peer
2809 - Bug 2850: Mismatch in hier_code enum / hier_strings array
2810 - Bug 2731: Add follow_x_forwarded_for support to ICAP
2811 - Bug 2730: Regressions in follow_x_forwarded_for since Squid-2
2812 - Bug 2706: Set timestamps during ICAP request satisfaction.
2813 - Bug 2553: X-Forwarded-For with IPv6 address not handled correctly
2814 - Fix: WCCPv1 not connecting to router correctly
2815 - Remove obsolete RunCache/RunAccel scripts.
2816 - Add client_ip_max_connections
2817 - Add the http::>ha format code and make http::>h log original request headers
2818 - ... and all bug fixes from 3.0 up to 3.0.STABLE22
2819 - ... and many more minor build and display annoyances.
2820
ba641958
AJ		 2821Changes to squid-3.1.0.15 (23 Nov 2009):
2822
2823 - Regression Fix: myip ACL not accepted in config
2824 - Bug 2795: acl arp lookups including port
2825 - Bug 2794: ESI parsing fails on FreeBSD
2826 - Bug 2778: fix linking issues using SunCC
2827 - Bug 2724: eCAP build failure unless ICAP enabled
2828 - Bug 2628: Correct default PID location to PREFIX/var/run/squid.pid
2829 - Bug 2617: Performance degradation during processing list of dstdomain ACL's
2830 - Bug 2374: Support ICY / ICEcast / SHOUTcast streaming protocol.
2831 - Fix: 64-bit filesize issue in squidclient POST of large files
2832 - Fix: send correct Connection: header on intercepted replies
2833 - Support libtool 2.x
2834 - ESI libraries libexpat and libxml2 now optional
2835 - ESI support default enabled
2836 - Bump libcap minimum requirement to libcap 2.09+
2837 - ARP / MAC support fixes for IPv6-mode
2838 - Add outstanding IPv6 settings to squid.conf (localnet, localhost)
2839 - ... and many additions to the background testing structure
2840 - ... and very many minor build and code cleanups for non-GCC compilers.
2841
8f37469c
AJ		 2842Changes to squid-3.1.0.14 (27 Sep 2009):
2843
2844 - Bug 2777: Various build issues on OpenSolaris
2845 - Bug 2773: Segfault in RFC2069 Digest authentication
2846 - Bug 2747: Compile errors on Solaris 10
2847 - Bug 2735: Incomplete -fhuge-objects detection
2848 - Bug 2722: Fix http_port accel combined with CONNECT
2849 - Bug 2718: FTP sends EPSV2 on IPv4 connection
2850 - Bug 2648: stateful helpers stuck in reserved
2851 - Bug 2570: wccp2 "Here I Am" announcements not sent in memory-ony mode
2852 - Bug 2510: digest_ldap_auth uses incorrect logic with TLS
2853 - Bug 2483: bind() called before connect()
2854 - Bug 2215: config file line length limit (extended to 2 KB)
2855 - Support Accept-Language: * wildcard
2856 - Support autoconf 2.64
2857 - Support TPROXY for IPv6 traffic (requires kernel support)
2858 - Support TPROXY cache cluster behind WCCPv2
2859 - Correct ESI support to work in multi-mode Squid
2860 - Add 0.0.0.0 as an to_localhost address
2861 - DiskIO detection fixes and use optimal IO in default build.
2862 - Correct peer connect-fail-limit default of 10
2863 - Prevent squidclient sending two Accept: headers
2864 - ... all bug fixes from 3.0.STABLE19
2865 - ... and many more documentation fixes
2866
f49a1c9e
AJ		 2867Changes to squid-3.1.0.13 (04 Aug 2009):
2868
2869 - Bug 2723 regression: enable PURGE requests if PURGE method ACL is present.
2870 - Fix one more internal profiler error
2871 - Language Updates: Italian, Russian
2872 - Language Updates: Add many more aliases
2873 - Add Copyright document for errors/ content
2874 - ... all bug fixes from 3.0.STABLE18
2875 - ... and several code polishing cleanups
2876
e7b1c518
AJ		 2877Changes to squid-3.1.0.12 (27 Jul 2009):
2878
2879 - Bug 2716: Chunked request Signed/Unsigned build error
2880 - Bug 2674: Remove limit on HTTP headers read.
2881 - Bug 2620: Invalid HTTP response codes causes segfault
2882 - Fix FTP EPSV negotiation parser.
2883 - Fix Via string when leak checking is enabled (valgrind etc)
2884 - ... and several documentation and testing additions
2885
0b8d12da
AJ		 2886Changes to squid-3.1.0.11 (19 Jul 2009):
2887
2888 - Bug 2087: Support adaptation sets and chains
2889 - Bug 2459: dns error message broken when error handling delayed
2890 - Support ICAP Retry
2891 - Support ICAP retries based on the ICAP responses status code
2892 - Support logging ICAP
2893 - Support logging total DNS wait time
2894 - Support logging response times of adaptation transactions
2895 - General logging enhancements
2896 - Dynamically form chains based on ICAP X-Next-Services header
2897 - Support cross-transactional ICAP header exchange
2898 - ... and much adaptation polish and improvements
2899
ce460dc8
AJ		 2900Changes to squid-3.1.0.10 (18 Jul 2009):
2901
2902 - Bug 2680: Regression Crash after rotate with no helpers running
2903 - Bug 2695: Regression in WCCPv2 L2 mask assignment
2904 - Bug 2707: Regression in FTP anonymous auth
2905 - Bug 422, 2706: RFC 2616 Date header requirements
2906 - Bug 1087: ESI processor not quoting attributes correctly.
2907 - Bug 1338: File prefetches aborted despite range_offset
287dcde6 2908 - Bug 2080: wbinfo_group.pl - false positive under certain conditions
ce460dc8 2909 - Bug 2092: select loop 32-bit call counter overflows
287dcde6 2910 - Bug 2127: delay pools class 4 crashes with ntlm auth
ce460dc8
AJ		 2911 - Bug 2611: document fast/slow acl types
2912 - Bug 2614: Potential loss of adapted body data from eCAP adapters
2913 - Bug 2658: Missing TextException copy constructor
2914 - Bug 2659: String length overflows on append, leading to segfaults
2915 - Bug 2699: Build failure NTLM smb_lm helper
2916 - Bug 2709: TRANSLATIONS not installed
2917 - Bug 2710: squid_kerb_auth non-terminated string
2918 - Delay pools 64-bit buckets and IPv6-polish
2919 - Break forwarding loops for "transparent" or "intercept" http_ports.
2920 - Add --disable-translation option to detatch .po from error negotiation
2921 - Add squidclient man(1) page
2922 - Add localhost to default permitted networks
2923 - http_port allow-direct option to allow direct forwarding in accelerator mode
2924 - ... and many testing infrastructure updates
2925
5df6d596
AJ		 2926Changes to squid-3.1.0.9 (26 Jun 2009):
2927
2928 - Bug 2682: Add ftp_epsv control to disable EPSV support.
2929 - Bug 2665: Detach automake system from using -I.
2930 - Bug 2395: FTP auth errors not displayed
2931 - ... also several changes and bugs closed in 3.0.STABLE16
2932 - Port from 2.7: Show local address on listening sockets
2933 - Add "tag" type acl matching tags set by external acl helpers.
2934 - Adds Language alias linker/installer/upgrade scripts
2935 - Support for GCC 4.4
2936 - Fix false NAT lookup errors on Linux
2937 - Fix many Windows port issues
2938 - Fix squid_kerb_auth helepr install location
2939 - Better detection of IPv6 stack types
2940 - Updates Licensing information for Squid 3.1
2941 - ... and many packaging portability build and install issues
2942
a7b15245
AJ		 2943Changes to squid-3.1.0.8 (24 May 2009):
2944
2945 - Bug 2656: Pinger dies with general protection fault
2946 - Bug 2650: configure requires epoll_ctl in libepoll when --enable-epoll used
2947 - Bug 2648: Authentificator processes deferring and don't shutdown.
2948 - Bug 2645: allow squid to ignore must-revalidate
2949 - Bug 2644: auth scheme initialization is broken
2950 - Bug 2632: Make number of reforwarding tries configurable
2951 - Bug 2628: --with-pidfile=PATH option to override DEFAULT_PID_FILE
2952 - Bug 2627: HTCP Logging
2953 - Bug 2615: Call libecap::adapter::Service::start() when finalizing config.
2954 - Bug 2589: SNMP returning no data - wrong oid decoded
2955 - Bug 2571: Squid with IPv6 fails to start on kernel without IPv6
2956 - Bug 2559: Problem parsing /0 and /0.0.0.0
2957 - Bug 2404: WCCP in mask mode is broken
2958 - ... also all bugs closed by 3.0.STABLE14, 3.0.STABLE15, 3.0.STABLE16-RC1
2959 - Complete Interception multiple NAT support
2960 - Add Content-Disposition to the known headers list.
2961 - Make PEER_TCP_MAGIC_COUNT configurable
2962 - Fix pinger install location
2963 - Enable TPROXY v4 spoofing of CONNECT requests
2964 - ... and much documentation and code polishing
2965
e1e28561
AJ		 2966Changes to squid-3.1.0.7 (08 Apr 2009):
2967
2968 - Fix: several issues with ident
2969 - Add several language translations
2970 - Upgrade code testing infrastructure
2971 - Migrate much code to build as internal libraries
2972 - Support gcc 4.4
2973 - Support doxygen 1.5.8
2974 - ... and much code polish to make things read easier
2975
727cb127
AJ		 2976Changes to squid-3.1.0.6 (01 Mar 2009):
2977
e1e28561 2978 - Regression Fix: Support HTTP/0.9 in accelerator mode
727cb127
AJ		 2979 - Bug 2601: Hack. Convert IPv4 netmasks to CIDR in IPv6-enabled mode
2980 - Bug 2593: Compile errors on Solaris 10
2981 - Bug 2591: adaptation_access does not work
2982 - Bug 2588: coredump in rDNS lookup
2983 - Bug 2526: default ALLOW when no list specified.
2984 - Bug 2287: Send a 505 on requests with unsupported HTTP versions
2985 - Bug 419: Hop by Hop headers MUST NOT be forwarded
2986 - Fix external_acl_type handling of SSL certificate details
2987 - Obsolete: dependency on nss_common.h and nss.h
2988 - Support libtool2
2989 - ... and various documentation and code polish
2990
f636c996
AJ		 2991Changes to squid-3.1.0.5 (03 Feb 2009):
2992
2993 - Bug 2583: Fixed issue in content adaptation
2994 - Bug 2576: Make translate target obey --disable-auto-locale
2995 - Bug 2571: Add DNS failover to use IPv4-only listen when IPv6 fails.
2996 - Bug 2563: 99+% CPU Usage on FTP URL
2997 - Bug 2505, 2524, 2558: fixed several issues on connection handling
2998 - Fix several issues in request parsing
2999 - Fix memory leak from logformat parsing
3000 - Fix various ESI build errors
3001 - Make configure tests use C++ instead of C
3002 - Drop special localhost conversion RFC violation.
3003 - Add Language: Arabic
3004 - ... and various documentation and code polish
3005
3006Changes to squid-3.1.0.4 (23 Jan 2009):
3007
3008 - Regression Fix: Bug 2558: rollback bug 2395 fix.
3009 - Bug 2555: Fixes to SNMP-MIB
3010 - Bug 2550: assertion comm.cc:350 !fd_table[fd].closing()
3011 - Bug 2547,2548: OSX compile errors (duplicate symbols and IPv6)
3012 - Bug 2508: comm.cc:2035 assertion fd_table[fd].closing()
3013 - Bug 2330: allow keep-alive+chunked; don't add max-age for no-cache
3014 - Polish ZPH configuration interface
3015 - Several Language Conversions to new auto-negotiate
3016 - Port from 2.7: squidclient -V and -j options for HTTP/1.1 and 0.9 testing
3017 - Fix: Pconn not being used when they should.
3018 - Fix: Fix pinger immediate shutdowns
3019 - Fix: Untangle CacheManager reports from log_fqdn
3020 - ... and all bugs fixed for 3.0.STABLE12
3021 - ... and many code polish and optimization fixes.
3022
3023Changes to squid-3.1.0.3 (5 Dec 2008):
3024
3025 - Regression Fix: StoreIOBuffer patch removed.
3026 - Regression Fix: build issues with 3.1.0.2 bundle
3027 - Security Bug 2526: default ALLOW when no list specified
3028 - Bug 2525: encoding error on error pages
3029 - Bug 2424: slow file descriptor leak
3030 - Bug 2527: ICAP compile error on g++ 4.3.2
3031 - Bug 2523: bad assertion left in from debug
3032 - Bug 2395: FTP Auth errors and others not displayed
3033 - Update squid_kerb_auth to 1.0.5
3034 with better Squid integration.
3035 - Fix cache_peer forcedomainname= option
3036 - ... and many other minor fixes
3037
5e80e4ee
AJ		 3038Changes to squid-3.1.0.2 (9 Nov 2008):
3039
3040 - Bug 2516: error page templates not properly installed
3041 - Bug 2500: Solaris build issues
3042 - Fixes FreeBSD build issues
3043 - Release Notes completed
3044 - Languages: new Russian, Japanese, Chinese, and general updates
3045 - ... and other minor fixes
70c5dfb2 3046
af4cd9a0
AJ		 3047Changes to squid-3.1.0.1 (27 Oct 2008):
3048
3049 - Bundled ntlm_auth helper renamed (see Release Notes before changing anything)
7a6e2ecc
AJ		 3050 - peername ACL added for matching against a named peer destination
3051 - configure option --with-logdir= added to select log files location
3052 - squid_kerb_auth helper updated to 1.0.3 release
3053 - Bug #740: allow external acl's to use reply headers in format
3054 - Bug #2379: obsolete dns_testnames option
3055 - Code test infrastructure expanded to configuration testing
3056 - Policy changes to negative_ttl, cache deny QUERY, refresh_pattern
af4cd9a0 3057 to bring their defaults up to RFC 2616 requirements.
7a6e2ecc
AJ		 3058 - Large increase in RFC 2616 standard compliance (ongoing)
3059 - squid.conf cleanups for minimal config
3060 - Connection Pinning ported from 2.6 for NTLM passthru authentication
3061 - eCAP internal adaptation module support
af4cd9a0 3062 - Localization and CSS display control of error pages
7a6e2ecc
AJ		 3063 - Added semi-automatic documentation of source code
3064 - Added TE chunked encoding decoder to workaround broken HTTP/1.1 servers
3065 - HTCP improvements ported from 2.7 adding HTCP CLR requests
70c5dfb2 3066 - IPv6 (Internet Protocol version 6) support
3067 - ICMPv6 (Internet Control Message Protocol version 6) support
f1233d8c 3068 - FTP agent now supports EPSV/EPRT commands
70c5dfb2 3069 - DNS internal resolver now supports AAAA and CNAME records
3070 - SNMP peer and client tables now support IPv6
3071 - SNMP peer table supports named peers with multiple entries per IP
4aa8e49c 3072 - SslBump: Squid-in-the-middle decryption and encryption of straight
3073 CONNECT and transparently redirected SSL traffic, using configurable
3074 client- and server-side certificates. While decrypted, the traffic
7a6e2ecc 3075 can be inspected using ICAP.
af4cd9a0 3076 - TPROXY version 4.1 support
a13b3732 3077 - IPFW and Netfilter interception methods may now both be built in one binary.
f1233d8c
AJ		 3078 - ZPH Quality of Service patch now integrated
3079 - Null store now fully obsoleted and removed
3080 - Unknown request methods all supported
3081 - Follow_x_forwarder_for ported from 2.6
7a6e2ecc 3082 - Bug #2223: Follow XFF extensions added
af4cd9a0 3083 - ... and many code and documentation cleanups
7a6e2ecc 3084
2f954743
AJ		 3085Changes to squid-3.0.STABLE26 (28 Aug 2011):
3086
3087 - Regression: header_replace for reply headers
3088 - Bug 3183: Invalid URL accepted with url host part of only '@'.
3089 - Bug 3107: ncsa_auth DES silently truncates passwords to 8 bytes
3090 - Bug 3056: comm.cc "!fd_table[fd].closing()" assertion from helperServerFree
3091 - Bug 2991: Wrong parameters to fcntl() in commSetCloseOnExec()
3092 - Bug 2933: Verification of the max. port number for WCCP2 dynamic service
3093 - Bug 2922: Fix assertion failed: HttpHeader.cc: "Headers[id].stat.aliveCount"
3094 - Regression Bug 2899: Restore lost rfc1738_unescape() data type
3095 - Regression Bug 2879: headers end finding
3096 - Bug 2876: FD_SETSIZE override not working on all linux distributions
3097 - Check for NULL and empty strings before calling str*cmp().
3098 - Correct parsing of large Gopher indexes
3099
1a10a7e5
AJ		 3100Changes to squid-3.0.STABLE25 (14 Mar 2010):
3101
3102 - Bug 2845: Rework the http digest auth parser
3103 - Bug 2787: unknown/unexpected status code messages
3104 - Bug 2507: squid_ldap_group: Strip Domain name separated by +
3105 - Bug 2367: stale=true on digest requests with unknown nonce
3106 - ... and several other minor corrections
3107
6add0585
AJ		 3108Changes to squid-3.0.STABLE24 (13 Feb 2010):
3109
3110 - Bug 2858: Segment violation in HTCP
3111 - Updated refresh pattern for dynamic pages
3112
bcd1f03d
AJ		 3113Changes to squid-3.0.STABLE23 (02 Feb 2010):
3114
3115 - Bug 2856: removing assert() required for 3.0 patch for SQUID-2010:1
3116 - Regression Fix: Build error in Kerberos helper after library removal.
3117
61544616
AJ		 3118Changes to squid-3.0.STABLE22 (01 Feb 2010):
3119
3120 - Regression Fix: Make Squid abort on all config parse failures.
3121 - Bug 2787: Reduce unexpected http status to non-critical warnings.
3122 - Bug 2496: Downloading some variants in full before relaying
3123 - Bug 2452: Add upper limit to external_acl_type entries.
3124 - Removed optional kerberos/spnegohelp/ library due to licensing issues
3125 - Add client_ip_max_connections
3126 - Handle DNS header-only packets as invalid.
3127
06d0f369
AJ		 3128Changes to squid-3.0.STABLE21 (22 Dec 2009):
3129
3130 - Bug 2830: Clarify where NULL byte is in headers.
3131 - Bug 2778: Linking issues using SunCC
3132 - Bug 2395: FTP errors not displayed
3133 - Bug 2155: Assertion failures on malformed Content-Range response headers
3134 - Fix parsing and a few bugs in ACL time type
3135 - Fix RFC keep-alive compliance on intercepted replies
3136 - Improved security hardening on %nn parser
3137 - Replace several GCC-specific code snippets.
3138
91228e4e
AJ		 3139Changes to squid-3.0.STABLE20 (29 Oct 2009):
3140
3141 - Bug 2794: ESI parsing on FreeBSD
3142 - Bug 2791: assertion failed: MemBuf.cc:400: new_cap > (size_t) capacity
3143 - Bug 2779: Support GNU/kFreeBSD
3144 - Bug 2773: Segfault in RFC2069 Digest authantication
3145 - Bug 2768: squid_ldap_group argument parsing error
3146 - Bug 2761: Gopher and double HTTP response header
3147 - Bug 2735: Incomplete -fhuge-objects detection
3148 - Bug 2722: prevent CONNECT via http_port with accel
3149 - Bug 2624: Invalid response for IMS request
3150 - Bug 2510: digest_ldap_auth TLS support
3151 - Correct LINUX_CAPABILITY actions on non-Linux
3152
98df01e3
AJ		 3153Changes to squid-3.0.STABLE19 (06 Sep 2009):
3154
3155 - Bug 2745: Invalid Response error on small reads
3156 - Bug 2739: DNS resolver option ndots can't be parsed from resolv.conf
3157 - Bug 2734: some compile errors on Solaris
3158 - Bug 2648: stateful helpers stuck in reserved if client disconnects while helper busy
3159 - Bug 2541: Hang in 100% CPU loop while extacting header details using a delimiter other than comma
3160 - Bug 2362: Remove support for deferred state in stateful helpers
3161 - Add 0.0.0.0 as a to_localhost address
3162 - Docs: Improve chroot directive documentation slightly
3163 - Fixup libxml2 include magics, was failing when a configure cache was used
3164 - ... and some minor testing improvements.
3165
b7a1ea6b
AJ		 3166Changes to squid-3.0.STABLE18 (04 Aug 2009):
3167
3168 - Bug 2728: regression: assertion failed: !eof
3169 - Bug 2732: reply_body_max_size smaller than error page loops
3170 infinitely until out of memory
3171 - Bug 2725: pconn failure if domain or client_address are unset
3172 - Bug 2648: reserved helpers not shut down after reconfigure/rotate
3173 - Bug 2462: make check should tell when cppunit is missing
3174 - Remove excess messages about headers < minimum size
3175 - Support Libtool 2.2.6
3176
e7b1c518 3177Changes to squid-3.0.STABLE17 (27 Jul 2009):
68c19036
AJ		 3178
3179 - Bug 2680 regression: Crash after rotate with no helpers running
3180 - Bug 2710: squid_kerb_auth non-terminated string
3181 - Bug 2679: strsep and strtoll detection failure
3182 - Bug 2674: Remove limit on HTTP headers read.
3183 - Bug 2659: String length overflows on append, leading to segfaults
3184 - Bug 2620: Invalid HTTP response codes causes segfault
3185 - Bug 2080: wbinfo_group.pl - false positive under certain conditions
3186 - Bug 1087: ESI processor not quoting attributes correctly.
3187 - Fix: issue with AUFS/UFS/DiskD writing objects to disk cache
3188 - Several small build issues with previous release.
3189
950b7d55
AJ		 3190Changes to squid-3.0.STABLE16 (15 Jun 2009):
3191
3192 - Bug 2672: cacheMemMaxSize 32-bit overflow during snmpwalk
3193 - Bug 2481: Don't set expires: now in generated error responses
3194 - Bug 2387: The calculation of the number of hash buckets correctly
3195 - Fix infinite loop in MSNT auth helper
3196 - Fix FD_SETSIZE on FreeBSD
3197 - Fix stripping NT domain in squid_ldap_group
3198 - Fix RADIUS auth helper build
3199 - Add Translate: and Unless-Modified-Since: headers to known list
3200 - Make fakeauth handle NTLMv2 better
3201 - Better Kerberos support detection
3202 - Several Widows port fixes
3203
6e4fa9b4
AJ		 3204Changes to squid-3.0.STABLE16-RC1 (16 May 2009):
3205
950b7d55 3206 - Bug 1148: Ported from 3.1: Chunked Transfer Encoding
6e4fa9b4
AJ		 3207 - Bug 2648: NTLM helpers not shutting down when deferred
3208
79200081
AJ		 3209Changes to squid-3.0.STABLE15 (06 May 2009):
3210
3211 - Regression Bug 2635: Incorrect Max-Forwards header type
3212 - Bug 2652: 'Success' error on CONNECT requests
3213 - Bug 2625: IDENT receiving errors
3214 - Bug 2610: ipfilter support detection
3215 - Bug 2578: FTP download resume failure
3216 - Bug 2536: %H on HTTPS error pages
3217 - Bug 2491: assertion "age >= 0"
3218 - Bug 2276: too many NTLM helpers running
3219 - Endian system and compiler fixes provided by the NetBSD project
3220 - documentation fixes provided by the Debian project
3221
6c2e5932
AJ		 3222Changes to squid-3.0.STABLE14 (11 Apr 2009):
3223
3224 - Regression Fix: HTTP/0.9 in accelerator mode
3225 - Bug 1232: cache_dir parameter limited to only 63 entries
3226 - Bug 1868: support HTTP 207 status
3227 - Bug 2518: assertion failure on restart/reconfigure
3228 - Bug 2588: coredump in rDNS lookup
3229 - Bug 2595: Out of bounds memory write in squid_kerb_auth
3230 - Bug 2599: Idempotent start
3231 - Bug 2605: Prevent setsid() on helpers in daemon mode
3232 - Fix external_acl_type option parsing
3233 - Fix delay pools counters on FTP
3234 - Fix several issues with ident (some remain)
3235 - Fix performance issues with persistent connections
3236 - Fix performance issues with delay pools
3237 - Fix forwarding of OPTIONS requests
3238 - Add support for HTTP 1.1 Content-Disposition header
3239 - Add support for Windows 7, Windows Server 2008 R2 and later
3240 - ... and many small documentation updates
3241
f636c996
AJ		 3242Changes to squid-3.0.STABLE13 (03 Feb 2009):
3243
3244 - Fix several issues in request parsing
3245 - Fix memory leak from logformat parsing
3246 - Fix various ESI build errors
3247 - ... and some documentation updates
3248
3249Changes to squid-3.0.STABLE12 (21 Jan 2009):
3250
3251 - Bug 2533: Solaris (sparc) 64-bit build breaks with gcc/g++
3252 - Bug 2542: ICAP filters break download resume
3253 - Bug 2556: HTCP fails without icp_port
3254 - Bug 2564: logformat '%tl' field not working as advertised
3255 - Port from 3.1: TestBed basic build consistency checks
3256 - Policy: Change half_closed_clients default to off
3257 - Policy: Removed -V command line option, deprecated by 2.6
3258 - ... and several other minor code cleanups
3259
3260Changes to squid-3.0.STABLE11 (24 Dec 2008):
3261
3262 - Bug 2424: filedescriptors being left unnecessary opened
3263 - Bug 2545: fault passing ICAP filtered traffic to peers
3264 - Bug 2227: Sefgaults in MemBuf::reset during idnsSendQuery
3265 - ... and some minor admin and debug cleanups.
3266
3267Changes to squid-3.0.STABLE11-RC1 (3 Dec 2008):
3268
3269 - Removes patch causing cache of bad objects
3270 - Bug 2526: bad security default in ACLChecklist
3271 - Fixes regression: access.log request size tag
3272 - Fixes cache_peer forceddomainname=X option
3273 - ... and many minor documentation cleanups
3274
7a6e2ecc
AJ		 3275Changes to squid-3.0.STABLE10 (14 Oct 2008):
3276
3277 - Bug 2391: Regression: bad assert in forwarding
3278 - Bug 2447: Segfault on failed TCP DNS query
3279 - Bug 2393: DNS requests getting stuck in idns queue
3280 - Bug 2433: FTP PUT gives bad gateway
3281 - Bug 2465: Limited DragonflyBSD support
3282 - ... and other minor bugs and documentation
3283
3284Changes to squid-3.0.STABLE9 (9 Sep 2008):
3285
3286 - Policy Enforcement: COSS is unusable in 3.0
3287 - Port from 3.1: Language Pack compatibility
3288 - Port from 2.6: Windows Support Notes
3289 - Fix several minor regressions:
3290 HTCP stats reporting
3291 cachemgr delay pool config
3292 CARP build error
3293 - Bug 2340: uudecode dependency for icons removed
3294 - Bug 2352: no_check.pl ntlm challenge fix
3295 - Bug 2426: buffer increase for kerberos auth fields
3296 - Bug 2427: squid_ldap_group codes fix
3297 - Bug 2437: peer name now shown in access.log
3298 - Add sane display of unsupported method errors
3299 - ... and various other code cleanups
3300
3301Changes to squid-3.0.STABLE8 (18 Jul 2008):
3302
3303 - Port from 2.6: Support for cachemgr sub-actions
3304 - Port from 2.6: userhash peer selection method
3305 - Port from 2.6: sourcehash peer selection method
3306 - Bug 2376: round-robin balancing fixes
3307 - Bug 2388: acl documentation cleanup
3308 - Bug 2365: cachemgr.cgi HTML output encoding
3309 - Bug 2301: Regression: Log format size options
3310 - Bug 2396: Correct the opening of PF device file.
3311 - Bug 2400: ICAP accept mechanism
3312 - Bug 2411: Regression: fakeauth_auth crashes
3313 - Many fixes to the Windows support (not complete yet).
3314 - Boost error pages HTML standards.
3315 - Fixes several issues on 64-bit systems
3316 - Fixes several issues on older or stricter compilers
3317 - Linux-2.6.24/2.6.25 netfilter_ipv4.h __u32 workaround
3318 - Update Release Notes: 'all' ACL is built-in since 3.0.STABLE1
3319
3320Changes to squid-3.0.STABLE7 (22 Jun 2008):
3321
3322 - Fix several ASN issues
3323 - Fix SNMP reporting of counters
3324 - Fix round-robin algorithms
3325 - GCC 4.3 support
3326 - Netfilter v1.4.0 bug workaround
3327 - Bugs 2350 and 2323: memory issues
3328 - Bugs 2384, 951, 1566: ESI assertions
3329 - Various minor debug and documentation cleanups
f1233d8c
AJ		 3330
3331Changes to squid-3.0.STABLE6 (20 May 2008):
3332
3333 - Bug 2254: umask Feature from 2.6 added
3334 - cachemgr.cgi default config file added
3335 - Several authentication bug fixes
3336 - Improved Windows Support
3337 - better DNS lookup methods for unqualified hostames
3338 - better support for 64-bit environments
3339 - Bug 2332: Crash when tunnelling
3340 - Removed the advertisement clause from BSD licenses
3341 according to the GPLv2+ changes in BSD
3342 - ... and other bugs and minor cleanups
3343
3344Changes to squid-3.0.STABLE5 (28 Apr 2008):
3345
3346 - Support for resolv.conf 'domain' option
3347 - Improved URI support, including
3348 longer URI up to 8192 bytes accepted
3349 better handling of intercepted URI
3350 better port for non-FQDN URI lookups
3351 - Improved logging, including
3352 Bug 3210 fixed: incorrect timestamp format in earlier 3.0 releases.
3353 Fixed 'log_ip_on_direct' option behaviour
3354 - Support for profiling on x86 64-bit systems
3355 - .. and other bugs and minor code cleanups.
3356
3357Changes to squid-3.0.STABLE4 (2 Apr 2008):
3358
3359 - Bug 2288: compile error slipped into STABLE3.
3360
3361Changes to squid-3.0.STABLE3 (31 Mar 2008):
3362
3363 - Improved HTTP 1.1 support.
3364 - Improved MacOSX (Leopard) support
3365 - Bug 2206: Proxy-Authentication regression in STABLE2.
3366 - Strip Domain from NTLM usernames for use in class 4 Delay Pools
3367 - ... and other bugs and minor code cleanup
3368
3369Changes to squid-3.0.STABLE2 (1 Mar 2008):
3370
3371 - Add myportname ACL for matching the accepting port name (see release notes)
3372 - Add include directive for squid.conf (see release notes)
3373 - Add ability to strip kerberos realm from usernames during Auth
3374 - License cleanup to comply with GPLv2 or later
3375 - Updated Error Pages and Translations
3376 - Updated configuration examples
3377 - Updated valgrind support for valgrind-3.3.0
3378 - Improved support for Windows and MacOS X Leopard
3379 - Improved support for files larger than 2GB
3380 - Improved support for CARP arrays and WCCPv2
3381 - Improved cachmgr, SNMP, and log reporting
3382 - ... and as usual Many bug fixes since STABLE 1
70c5dfb2 3383
284237d4 3384Changes to squid-3.0.STABLE1 (13 Dec 2007):
3ff01c3e 3385
3386 - Major rewrite translating the code to C++, originally based on
3387 Squid-2.5.STABLE1
3388 - Internal client streams concept for content adaptation
3389 - ICAP (Internet Content Adaptation Protocol) client support
3390 - ESI (Edge Side Includes) support added
284237d4 3391 - Improved support for files larger than 2GB.
3ff01c3e 3392 - And a lot more. Most features from Squid-2.6 is supported, but not
3393 all. See the release notes for details.
3394
9ae33c59
AJ		 3395
3396Squid-2 ChangeLog of versions fully ported to Squid-3 follows.
3397
3398Changes to squid-2.6.STABLE22 (19 October 2008)
3399
3400 - Bug #2396: Correct the opening of the PF device file.
3401 - Make --with-large-files and --with-build-envirnment=default play
3402 nice together
3403 - Workaround for Linux-2.6.24 & 2.6.25 netfiler_ipv4.h include header
3404 __u32 problem
3405 - Make dns_nameserver work when using --disable-internal-dns on glibc
3406 based systems
3407 - Bug #2426: Increase negotiate auth token buffer size
3408 - Bug #2427: squid_ldap_group -h reports the old % codes for -f
3409 - Bug #2477: swap.state permission issues if crashing during "squid -k
3410 reconfigure"
3411 - Windows port: Fix build error using latest MinGW runtime.
3412
3413
3414
3ff01c3e 3415Older ChangeLog follows. The sections relating to Squid-2.6 is not entirely
3416authorative for this release and mirrored here for reference only.
f1233d8c 3417
467c94d1 3418 - CARP now plays well with the other peering algorithms,
3419 and support for CARP peerings is compiled by default. Can be
3420 disabled by --disable-carp
1741cbad 3421 - Configuration file can be read from an external program
3422 or preprocessor. See squid.8 man page.
52f772de 3423 - http_port is now optional, allowing for SSL only operation
4ca261f2 3424 - Satellite and other high latency peering relations enhancements
3425 (Robert Cohren)
a9245686 3426 - Nuked num32 types, and made type detection more robust by the
3427 use of typedefs rather than #defines.
b5fb34f1 3428 - the mailto links on Squid's ERR pages now contain data about the
3429 occurred error by default, so that the email will contain this data in
3430 its body. This feature can be disabled via the email_err_data directive.
9ae33c59 3431 (Clemens L?ser)
c8f4eac4 3432 - COSS now uses a file called stripe and the path in squid.conf is the
3433 directory this is placed in. Additionally squid -z will create the
3434 COSS swapfile.
14f5b6c3 3435 - WCCPv2 support, including mask assignment support
5401aa8d 3436 - HTCP support for access control and the CRL operation for
3437 purgeing of cache content
14f5b6c3 3438 - ICAP related fixes
3439 - Windows-related fixes, including Vista and Longhorn identification
3440 - Client-side parsing and some string use optimisations
3441 - Lots of off-by-one and memory leaks in corner cases have been fixed
3442 thanks to valgrind
3443 - Improved high-resolution profiling
3444 - Windows overlapped-IO and thread support added to the Async IO disk code
3445 - Improvements for handling large DNS replies
a7c8cce0 3446
3ff01c3e 3447Changes to squid-2.6.STABLE15 (31 Aug 2007)
3448
3449 - The select() I/O loop got broken by the /dev/poll addition
3450 (2.6.STABLE14)
3451 - Bug #2017: Fails to work around broken servers sending just the HTTP
3452 headers
3453 - Bug #2023: Compile error with old GCC 2.x or other ANSI-C compilers
3454 before C99
3455 - squid.conf.default updated and reorganised in more sensible groups
3456 - correct and document the syslog access_log format
3457 - Armenian error pages translation
3458 - digest_ldap_helper usage help updated
3459 - Bug #1560: ftpSendPasv: getsockname(-1,..): (9) Bad file descriptor
3460 - Improve delay pools in low traffic environment by checking timeouts
3461 at a steady 1 second interval even when there is not much activity
3462 - Don't request authentication on transparently intercepted
3463 connections
3464 - Cleanup linux capabilities for tproxy
3465 - Bug #2003: 'via' config directive doesn't affect response headers
3466 - Bug #1902: Adds Numeric Hit and invalid request counters to IP Cache
3467 - Add missing $|=1 to squid_db_auth
3468 - Bug #2050: Persistent connection dropped if cache has no
3469 Content-Length
3470 - Verify the URL on memory cache hits
3471 - Bug #2057: NTLM stop work in messengers after upgrade to 2.6.STABLE14
3472 - Bug #1972: Squid sets peers to down state when they are in fact
3473 working.
3474 - potential segmentation fault in storeLocateVary()
3475 - Bug #2066: chdir after chroot
3476 - Windows port: Fix compiler warnings when building Squid as
3477 application (not Windows service mode)
3478 - Spelling correction of received
3479
3480Changes to squid-2.6.STABLE14 (15 Jul 2007)
3481
3482 - squid.conf.default cleanup to have options in their proper sections.
3483 - documentation correction in the refresh_pattern ignore-auth option
3484 - URI-escaping not uses the recommended upper-case hex codes
3485 - refresh_pattern min-age 0 correted to really mean 0, and not 1 second
3486 - Always use xisxxxx() Squid defined macros instead of ctype
3487 functions.
3488 - Kerberos SPNEGO/Negotiate helper for the negotiate scheme
3489 - Database basic auth helper using Perl DBI to connect to most SQL DBs
3490 - Solaris /dev/poll network I/O support
3491 - configure fixes to make cross compilation somewhat easier
3492 - Removed incorrect -a reference from http_port documentation
3493 - Bug #1900: Double "squid -k shutdown" makes Squid restart again
3494 - Bug #1968: Squid hangs occasionally when using DNS search paths
3495 - Novell eDirectory digest auth helper (digest_edir_auth)
3496 - Bug #1130: min-size option for cache_dir
3497 - POP3 basic auth helper querying a POP3 server
3498 - Cosmetic squid_ldap_auth fixes from Squid-3
3499 - Bug #1085: Add no-wrap to cache manager HTML tables
3500 - Automatically restart if number of available filedescriptors becomes
3501 alarmingly low, preventing a situation where Squid would otherwise
3502 permanently stop processing requests.
3503 - Bug #2010: snmp_core.cc:828: warning: array subscript is above
3504 array bounds
3505 - Deal better with forwarding loops
3506
3507Changes to squid-2.6.STABLE13 (11 May 2007)
3508
3509 - Make sure reply headers gets sent even if there is no body available
3510 yet, fixing RealMedia streaming over HTTP issues.
3511 - Undo an accidental name change of storeUnregisterAbort.
3512 - Kill an ancient malplaced storeUnregisterAbort call from ftp.c
3513 - Bug #1814: SSL memory leak on persistent SSL connections
3514 - Don't log ECONNREFUSED/ECONNABORTED accept failures in cache.log
3515 - Cosmetic fix: added missing newline in WCCPv2 configuration dump.
3516 - Ukrainan error messages
3517 - Convert various error pages from DOS to UNIX text format
3518 - Bug #1820: COSS assertion failure t->length == MD5_DIGEST_CHARS
3519 - Clarify the max-conn=n cache_peer option syntax slightly
3520 - Bug #1892: COSS segfault on shutdown
3521 - Windows port: fix undefined ECONNABORTED
3522 - Make refreshIsCachable handle ETag as a cache validator, not
3523 only last-modified
3524 - in_port_t is not portable, use unsigned short instead
3525 - Fix fs / auth / snmp dependencies
3526 - Portability: statfs() may reqire #include <sys/statfs.h>
3527
3528Changes to squid-2.6.STABLE12 (20 Mar 2007)
3529
3530 - Assertion error on TRACE
3531
3532Changes to squid-2.6.STABLE11 (17 Mar 2007)
3533
3534 - Bug #1915: assertion failed: client_side.c:4055: "buf != NULL ||
3535 !conn->body.request"
3536 - Handle garbage helper responses better in concurrent protocol format
3537 - Fix kqueue when overflowing the changes queue
3538 - Make sure the child worker process commits suicide if it could
3539 not start up
3540 - Don't log short responses at debug level 1
3541 - Fix bswap16 & bwsap32 error on NetBSD
3542 - Fix collapsed_forwarding for non-GET requests
3543
3544Changes to squid-2.6.STABLE10 (4 Mar 2007)
3545
3546 - Upgrade HTTP/0.9 responses to our HTTP version (HTTP/1.0)
3547 - various diskd bugfixes
3548 - In the access.log hierarchy field log the unique peer name
3549 instead of the host name
3550 - unlinkdClose() should be called after (not before) storeDirSync()
3551 - CLEAN_BUF_SZ was defined, but never used anywhere
3552 - logging HTTP-request size
3553 - Fix icmp pinger communication on FreeBSD and other not supporing
3554 large dgram AF_UNIX sockets
3555 - Release objects on swapin failure
3556 - Bug #1787: Objects stuck in cache if origin server clock in future
3557 - Bug #1420: 302 responses with an Expires header is always cached
3558 - Primitive support for HTTP/1.1 chunked encoding, working around
3559 broken servers
3560 - Clean up relations between TCP probing and DNS checks of peers with
3561 no known addresses.
3562 - Fix a minor HTML coding error in ftp directory listings with // in
3563 the path
3564 - Bug #1875, #1420. Cleanup of refresh logics when dealing with
3565 non-refreshable content
3566 - Gopher cleanups and bugfixes
3567 - Negotiate authentication fixed again. Broken since STABLE7 by the
3568 patch for Bug #1792.
3569 - Bug #1892: COSS tries to shut down the same directory twice on exit
3570 - Bug #1908: store*DirRebuildFromSwapLog() ignores some SWAP_LOG_DEL
3571 entries
3572 - Added support for Subversion HTTP request methods MKACTIVITY,
3573 CHECKOUT and MERGE.
3574
3575Changes to squid-2.6.STABLE9 (24 Jan 2007)
3576
3577 - Bug #1878: If-Modified-Since broken in 2.6.STABLE8
3578 - Bug #1877 diskd bug in storeDiskdIOCallback()
3579
3580Changes to squid-2.6.STABLE8 (21 Jan 2007)
3581
3582 - Bug #1873: authenticateNTLMFixErrorHeader: state 4.
3583 - Document the https_port vhost option, useful in combination with
3584 a wildcard certificate
3585 - Document the existence of connection pinning / forwarding of NTLM
3586 auth and a few other features overlooked in the release notes.
3587 - Spelling correction of the ssl cache_peer option
3588 - Add back the optional "accel" http_port option. Makes accelerator
3589 mode configurations easier to read.
3590 - Bug #1872: Date parsing error causing objects to get unexpectedly
3591 cached.
3592 - Cleanup to have the access.log tags autogenerated from enums.h
3593 - Bug #1783: STALE: Entry's timestamp greater than check time. Clock
3594 going backwards?
3595 - Don't update object timestamps on a failed revalidation.
3596 - Fix how ftp://user@host URLs is rendered when Squid is built with
3597 leak checking enabled
3598
3599Changes to squid-2.6.STABLE7 (13 Jan 2007)
3600
3601 - Windows port: Fix intermittent build error using Visual Studio
3602 - Add missing tproxy info from the dump of http port configuration
3603 - Bug #1853: Support for ARP ACL on NetBSD
3604 - clientNatLookup(): fix wrong function name in debug messages
3605 - Convert ncsa_auth man page from DOS to Unix text format.
3606 - Bug #1858: digest_ldap_auth had some remains of old hash format
3607 - Correct the select_loops counter when using select(). Was counted twice
3608 - Clarify the http_port vhost option a bit
3609 - Fix cache-control: max-stale without value or bad value
3610 - Bug #1857: Segmentation fault on certain types of ftp:// requests
3611 - Bug #1848: external_acl crashes with an infinite loop under high load
3612 - Bug #1792: max_user_ip not working with NTLM authentication
3613 - Bug #1865: deny_info redirection with authentication related acls
3614 - Small example on how to use the squid_session helper
3615 - Bug #1863: cache_peer monitorurl, monitorsize and monitorinterval not working properly
3616 - Clarify the transparent http_port option a bit more
3617 - Bug #1828: squid.conf docutemtation error for proxy_auth digest
3618 - Bug #1867: squid.pid isn't removed on shutdown
3619
3620Changes to squid-2.6.STABLE6 (12 Dec 2006)
3621
3622 - Bug #1817: Assertion failure assert(buflen >= copy_sz) in htcp.c htcpBuildAuth()
3623 - Add client source port logformat tag >p
3624 - Cleanup of transparent & accelerator mode request parsing to untangle the firewall dependencies a bit
3625 - Bug #1799: Harmless 1 byte buffer overflow on long host names in /etc/hosts
3626 - automake no longer recommends mkinstalldirs. Removed.
3627 - Only use crypt() if it's available, allowing ncsa_auth to be built
3628 on platofms without crypt() support.
3629 - Windows port documentation updates
3630 - Bug #1818: Assertion failure assert(e->swap_dirn >= 0) in fs/coss/store_dir_coss.c storeCoss_DeleteStoreEntry
3631 - Bug #1117: assertion failed: aufs/store_dir_aufs.c:642: "rb->flags.need_to_validate"
3632 - Remove extra newline in redirect message sent by deny_info http://... aclname
3633 - Bug #1805: assertion failed: StatHist.c:195: "D[i] >= 0"
3634 - Clarify the external_acl_type helper format specification and some defaults
3635 - Add support for the weight= parameter to round-robin peers
3636 - Bug #1832: Error building squid-2.6.STABLE5 using --enable-truncate
3637 - Convert snmpDebugOid to use a temporary String object instead of strcat
3638 - Document that proxy_auth also accepts -i for case-insensitive operation
3639 - Remove malloc/free of temporary buffer in time parsing routines.
3640 - Reduce memory allocator pressure by not continually allocating client-side read buffers
3641 - Accept large dates >2^31 on 64-bit platformst. Seen for example in the Google logo.
3642 - Convert the connStateData->chr single link list to a normal dlink_list for clarity.
3643 - Bug #1584: Unable to register with multiple WCCP2 routers
3644 - Fix the WCCPv2 mask assignment code to not crash as the value assignments are built.
3645 - Bug #439: Multicast ICP peering is unstable and considers most peers dead
3646 - Bug #1801: NTLM authentication ends up in a loop if the server responds with a retriable error
3647 - Bug #1839: Cosmetic debug message cleanup in peerHandleHtcpReply.
3648 - Bug #1840: Disable digest and netdb queries to multicast peers
3649 - Bug #1641: assertion failed: stmem.c:149: "size > 0" while processing certain Vary objects
3650 - Fix build errors when using latest MinGW Windows environment
3651
3652Changes to squid-2.6.STABLE5 (3 Now 2006)
3653
3654 - Bug #1776: 2.6.STABLE4 aufs fails to compile if coss isn't enabled
3655 - COSS improvements and cleanups
3656 - SNMP linking issue resolved, enabling SNMP support to be build in all platforms
3657 - Bug #1784: access_log syslog results in blanks syslog lines between every entry
3658 - Bug #1719: Incorrect error message on invalid cache_peer specifications
3659 - Bug #1785: Memory leak in handling of negatively cached objects
3660 - Bug #1780: Incorrect Vary processing in combination with collapsed_forwarding
3661 - Bug #1782: Memory leak in ncsa_auth on password changes
3662 - Suppress some annoying coss startup messages raising the debug level to 2.
3663 - Clarify the external_acl_helper concurrency= change.
3664 - aioDone() could be called twice from aufs and from coss (when using AIOPS) during shutdown.
3665 - Bug #1794: Accept 00:00-24:00 as a valid time specification even if redundand and the same as 00:00-23:59
3666 - Bug #1795: Theoretical memory leak in storeSetPublicKey
3667 - Removing port 563 from the default SSL_ports and Safe_ports ACLs
3668 - Bug #1724: Automatically enable Linux Netfilter support with --enable-linux-tproxy.
3669 - Bug #1800: squid -k reconfigure crash when using req/rep_header acls
3670 - Clarify the select/poll/kqueue/epoll configure --enable/disable options
3671 - Bug #1779: Delay pools fairness when multiple connections compete for bandwidth
3672 - Bug #1802: Crash on exit in certain conditions where cache.log is not writeable
3673 - Bug #1796: Assertion error HttpHeader.c:914: "str"
3674 - Bug #1790: Crash on wccp2 + mask assignement + standard wccp service
3675 - Silence harmless gcc compile warning.
3676 - Clean up poll memory on shutdown
3677 - Ported select, poll and win32 to new comm event framework
3678 - Windows port: Correctly identify Windows Vista and Windows Server Longhorn
3679 - Added a basic comm_select_simple comm loop only requiring minimal POSIX compliance.
3680 - Safeguard from kb_t counter overflows on 32-bit platforms
3681
3682Changes to squid-2.6.STABLE4 (23 Sep 2006)
3683
3684 - Bug #1736: Missing Italian translation of ERR_TOO_BIG error page
3685 - Windows port enhancement: added native exception handler with signal emulation
3686 - Fix the %un log_format tag again. Got broken in 2.6.STABLE2
3687 - Fix Squid crash when using %a in ERR_INVALID_REQ and ERR_INVALID_URL error messages.
3688 - Bug #212: variable %i always 0.0.0.0 in many error pages
3689 - Bug #1708: Ports in ACL accepts characters and out of range
3690 - Bug #1706: Squid time acl accepts invalid time range.
3691 - Fix another harmless fake_auth compiler warning on gcc 4.1.1 x86
3692 - Fix an harmless snmp_core.c compiler warning on gcc 4.1.1 x86
3693 - Bug #1744: squid-2.6.STABLE3 - fakeauth_auth crashing on certain requests
3694 - Bug #1746: Harmless off by one overrun in ncsa_auth md5 password validation
3695 - Bug #1598: start_announce cannot be disabled
3696 - Periodically flush cache.log to disk when "buffered_logs on" is set
3697 - Numerous COSS improvements and fixes
3698 - Windows port: merge of MinGW support
3699 - Windows port: Merged Windows threads support into aufs
3700 - Bug #1759: Windows port cachemgr.cgi attempts to write to file system root directory
3701 - Numerous portability fixes
3702 - Various minor statistics cleanup on 64-bit hosts with more than 4GB of memory
3703 - Bug #1758: HEAD on ftp:// URLs always returned 200 OK.
3704 - Bug #1760: FTP related memory leak
3705 - Bug #1770: WCCP2 weighted assignment
3706 - Bug #1768: Redundant DNS PTR lookups
3707 - Bug #1696: Add support for wccpv2 mask assignment
3708 - Bug #1774: ncsa_auth support for cramfs timestamps
3709 - Bug #1769: near-hit and filedescriptor usage missing in SNMP MIB
3710 - Bug #1725: cache_peer login=PASS documentation somewhat confusing
3711 - Bug #1590: Silence those ETag loop warnings
3712 - Bug #1740: Squid crashes on certain malformed HTTP responses
3713 - Bug #1699: assertion failed: authenticate.c:836: "auth_user_request != NULL"
3714 - Improve error reporting on unexpected CONNECT requests in accelerator mode
3715 - Cosmetic change to increase cache.log detail level on invalid requests
3716 - Bug #1229: http_port and other directives accept invalid ports
3717 - Reject http_port specifications using both transparent and accelerator options
3718 - Cosmetic cleanup to not dump stacktraces on configuration errors
3719
3720
3721Changes to squid-2.6.STABLE3 (18 Aug 2006)
3722
3723 - Bug #1577: assertion failed "fm->max_n_files <= (1 << 24)" on
3724 very large cache_dir. Limit number of objects stored to slightly
3725 less to avoid this.
3726 - Bug #1705: Correct error message on invalid time weekday specification
3727 - Don't attempt to guess netmask in src/dst acl specifications
3728 if none was provided. Assume it's an IP even if it ends in 0
3729 - Bug #1665: log_format %ue, %us tags for external or ssl user id
3730 - Bug #1707: delay pools often ignored the set limit
3731 - Bug #1716: Support for recent OpenSSL 0.9.7 versions
3732 (0.9.8 always worked)
3733 - COSS fixes and performance improvements
3734 - Memory leak when reading configuration files with overlapping
3735 ACL data where squid -k parse complains.
3736 - Memory leak related to pinned connections
3737 - Show include acls unexpanded in cachemgr configuration dumps
3738 - Fixed WARNING defer handler for HTTP Socket does not call commDeferFD
3739 - Bug #1304: Downloads may hang when using the cache_dir max-size option
3740 - Optimization of network I/O
3741 - Bug #1730: make problem with --enable-follow-x-forwarded-for on Solaris
3742 - Fixed a memory leak on certain invalid requests
3743 - Bug #1733: ERR_CANNOT_FORWARD Portuguese translation update
3744 - Bug #582: ntlm fake_auth not handles non-ascii login names
3745 - New startup message indicating the type of event loop used
3746 - Bug #1602: TCP fallback on truncated DNS responses
3747 - Bug #1667: assertion failed: store.c:1081: "e->store_status == STORE_PENDING"
3748 - Bug #1723: cachemgr now works in accelerator mode
3749
3750Changes to squid-2.6.STABLE2 (31 Jul 2006)
3751
3752 - WCCP2 doesn't update statCounter.syscalls.sock.sendtos counter.
3753 - Releasenotes Table of contents should use relative links without
3754 filename.
3755 - Reject HTTP/0.9 formatted CONNECT requests.
3756 - Cosmetic cleanup to use safe_free instead of xfree + manual
3757 assign to NULL
3758 - Bug #1650: transparent interception "Unable to forward this
3759 request at this time"
3760 - Bug #1658: Memory corruption when using client-side SSL certificates
3761 - Add storeRecycle; a storeIO method to delete a StoreEntry w/out
3762 deleting the underlying object.
3763 - Many COSS fixes and new coss data dumper utility for diagnostics
3764 - Bug #1669: SEGV in storeAddVaryReadOld
3765 - Many fixes in debug sections and spelling of debug messages
3766 - Don't keep client connection persistent if there was a mismatch in
3767 the response size.
3768 - Move eventCleanup debug messages to debug level 2 (was 0)
3769 - Add the missing concurrency parameters to basic and digest auth
3770 schemes
3771 - Bug #1670: assertion failure: i->prefix_size > 0 in client_side.c:2509
3772 - Log SSL user id in the custom log User name format (%un)
3773 - Bug #1653: Username info not logged into Cachemgr active_requests
3774 statistics
3775 - Added to the redirectors interface the support for SSL client
3776 certificate
3777 - squid.conf.default cleanup to remove references to old options
3778 - Fix many filedescriptors in combination with TPROXY
3779 - Fix connection pinning in transparently intercepted connections
3780 - Bug #1679: LDFLAGS not honored in some programs.
3781 - Minor cleanup of port numbers in transparent interception or
3782 vhost + vport
3783 - Bug #1671: transparent interception fails with FreeBSD ipfw or
3784 Linux-2.2 ipchains
3785 - Bug #1660: Accept-Encoding related memory corruption
3786 - Bug #1651: Odd results if url_rewriter defined multiple times
3787 - Bug #1655: Squid does not produce coredumps under linux when
3788 started as root
3789 - Bug #1673: cache digests not served to other caches
3790 - Cleanup of Linux capability code used by tproxy
3791 - Bug #1684: xstrdup: tried to dup a NULL pointer!
3792 - Bug #1668: unchecked vsnprintf() return code could lead to log
3793 corruption
3794 - Bug #1688: Assertion failure in HttpHeader.c in some header_access
3795 configurations
3796 - Cygwin support fir --disable-internal-dns
3797 - Silence those annoying sslReadServer: Connection reset by peer
3798 errors.
3799 - Bug #1693: persistent connections broken in transparent
3800 interception mode
3801 - Bug #1691: multicast peering issues
3802 - Bug #1696: Correct WCCP2 processing of router capability info
3803 segments
3804 - Bug #1694: Assertion failure in mgr:config if using
3805 access_log_format %<h
3806 - Bug #1677: Duplicate etags in the If-None-Match header
3807 - Bug #1665: access_log_format codes for login names from external
3808 acl or ssl
3809 - Bug #1681: All ntlmauthenticator processes are busy
3810 - Added ARP acl support for OpenBSD and ARP fixes for Windows
3811 - Bug #1700: WCCP fails on FreeBSD (Unable to disconnect WCCP out
3812 socket)
3813 - WCCP2 correct dampening of assign buckets when there it lots of
3814 changes
3815 - minimum_expiry_time to tune the magic 60 seconds limit of what
3816 is considered cachable when the object doesn't have any cache
3817 validators.
3818 - Bug #1703: wrong path to diskd helper corrected, and config
3819 parser extended to trap incorrect paths early
3820 - Bug #1703: COSS failed to initialize async-io threads
3821 - Bug #1703: should abort if diskd helper exits unexpectedly
3822 - Bug #1702: Warn if acl name is too long
3823 - Bug #1685: Crashes or other odd results after storeSwapMetaUnpack: errors
3824 - wccp2_rebuild_wait directive to delay registering with WCCP until the
3825 - Bug #1662: Infinite loop in external acl with grace period if the
3826 same http_access line had multiple external acls
3827
3828Changes to squid-2.6.STABLE1 (1 Jul 2006)
3829
3830 - New --enable-default-hostsfile configure option
3831 - Added username info to active_requests cachemgr stats
3832 - Modified squid MIB to incorporate squid.conf visible_hostname
3833 - Added multi-line capability in squid.conf
3834 - Added new httpd_suppress_version_string configuration directive
3835 - WCCPv2 support
3836 - Negotiate authentication scheme support
3837 - NTLM authentication scheme rewritten
3838 - Customizable access log formats
3839 - Selective access logging
3840 - Access logging via syslog
3841 - Reverse proxy enhancements, with new cache_peer based forwarding
3842 model.
3843 - LDAP based Digest helper (Note: not true LDAP integration, just using
3844 LDAP for storage of the Digest hashes)
3845 - Improved helper communication protocol
3846 - External ACL improvements. %PATH, log=, grace=, and more..
3847 - Improved SSL support with hardware offload, client certificate
3848 support (primitive), chained certificates and numerous bug fixes
3849 - DNS lookups now use the search path from /etc/resolv.conf or
3850 the Windows registry
3851 - Linux epoll support
3852 - collapsed forwarding to optimize reverse proxies or other
3853 setups having very many clients going to the same URL
3854 - New improved COSS implementation
3855 - Optional support for blank passwords
3856 - The old and obsolete Samba-2.2.X winbind helpers have been removed
3857 - external acls now uses the simplified URL-escaped protol "3.0" by
3858 default.
3859 - Linux TPROXY support
3860 - Support for proxying of Microsoft Integrated Login by adding
3861 support for the deviations from the HTTP protocol required
3862 to support these authentication mechanisms
3863 - Added the capability to run as a Windows service under Cygwin
3864 - CARP now plays well with the other peering algorithms
3865 - read_ahead_gap option to read ahead more than 16KB of the reply
3866 - check_hostnames and allow_underscore squid.conf options
3867 - http_port is now optional, allowing for SSL only operation
3868 - Full ETag/Vary support, caching responses which varies with
3869 request details (browser, language etc).
3870 - umask now defaults to 027 to protect the content of cache and
3871 log files from local users
3872 - HTCP support for access control and the CRL operation for
3873 purgeing of cache content
3874 - Optionally follow X-Forwarded-For headers to determine the original
3875 client IP behind sedond level proxies
3876 - FreeBSD kqueue support
3877
3878Changes to squid-2.5.STABLE14 (20 May 2006)
3879 - [Minor] icons not displayed when visible_hostname is a
3880 short hostname (without domain). (Bug #1532)
3881 - [Medium] Memleak in HTCP client code (default disabled)
3882 (Bug #1553)
3883 - [Major] memory leak in ident processing (Bug #1557)
3884 - [Medium] Memory leak in header processing related to external_acl
3885 header detail format tag (Bug #1564)
3886
3887Changes to squid-2.5.STABLE13 (12 Mar 2006)
3888 - [Minor] Fails to compile on Solaris and some other platforms
3889 with undefined reference to setenv (Bug #1435)
3890 - [Cosmetic] Added WebDAV REPORT method to know HTTP methods list
3891 - [Minor] Squid ntlm_auth (not the Samba provided one) giving
3892 odd results if --enable-ntlm-fail-open is used (Bug #1022)
3893 - [Minor] wbinfo_group.pl doesn't work with Samba 3.0.21 and later
3894 (Bug #1472)
3895 - [Minor] Squid crash when asyncio function counters url accessed
3896 from Cachemgr CGI (Bug #1464)
3897 - [Cosmetic] Linux compile warning about prctl called with too few
3898 arguments (Bug #1483)
3899 - [Minor] Wrong timezone declaration for 64 bit Irix (Bug #1479)
3900 - [Minor] Some 206 responses logged incorrectly (Bug #1511)
3901 - [Minor] Issues in processing ranges on objects >2GB (Bug #437)
3902 - [Cosmetic] Segmentation fault on empty proxy_auth ACLs (Bug #1414)
3903 - [Minor] Ident access lists don't work in delay_access statements
3904 (Bug #1428)
3905 - [Minor] Some clients support NTLM even if not initially negotiating
3906 persistent connections (Bug #1447)
3907 - [Medium] 504 Gateway Time-out on FTP uploads (Bug #1459)
3908 - [Medium] delay pools given too much bandwidht after "-k reconfigure"
3909 (Bug #1481)
3910 - [Cosmetic] New persistent_connection_after_error configuration
3911 directive (Bug #1482)
3912 - [Cosmetic] Hangs at 100% CPU if /dev/null is not accessible (Bug
3913 #1484)
3914 - [Minor] Fails to compile on Fedora Core 5 test 2 x86_64 (Bug #1492)
3915 - [Cosmetic] Typo in ftp.c (Bug #1507)
3916 - [Cosmetic] Error in FTP listings of files with -> in their name
3917 (Bug #1508)
3918 - [Cosmetic] With Squid-2.5 there is no more the DUPLICATE IP logging
3919 in cache.log (Bug #779)
3920 - [Minor] Fails to process long host names (Bug #1434)
3921 - [Cosmetic] Azerbaijani errors translation (Bug #1454)
3922 - [Cosmetic] misleading error message message for bad/unresolveable
3923 cache_peer name (Bug #1504)
3924 - [Cosmetic] confusing statistics on stateful helpers (NTLM auth)
3925 (Bug #1506)
3926 - [Major] connstate memory leak (Bug #1522)
3927
3928Changes to squid-2.5.STABLE12 (22 Oct 2005)
3929
3930 - [Major] Error introduced in 2.5.STABLE11 causing truncated responses
3931 when using delay pools (Bug #1405)
3932 - [Cosmetic] Document that tcp_outgoing_* works badly in combination
3933 with server_persistent_connections (Bug #454)
3934 - [Cosmetic] Add additinal tracing to squid_ldap_auth making
3935 diagnostics easier on squid_ldap_auth configuration errors
3936 (Bug #1395)
3937 - [Minor] $HOME not set when started as root (Bug #1401)
3938 - [Minor] httpd_accel_single_host breaks in combination with
3939 server_persistent_connections (Bug #1402)
3940 - [Cosmetic] Setting CACHE_HTTP_PORT to configure was only partially
3941 implemented, effectively ignored. (Bug #1403)
3942 - [Minor] CNAME based DNS addresses could get cached for longer
3943 than intended (Bug #1404)
3944 - [Minor] Incorrect handling of squid-internal-dynamic/netdb exchanges
3945 in transparently intercepting proxies (Bug #1410).
3946 - [Minor] Cache revalidations on HEAD requests causing poor cache
3947 hit ratio (Bug #1411).
3948 - [Minor] Not possible to send 302 redirects via a redirector in
3949 response to CONNECT requests (bug #1412)
3950 - [Minor] Incorrect handling of Set-Cookie on cache refreshes (Bug
3951 #1419)
3952 - [Major] Segmentation fault crash in rfc1738_do_escape (Bug #1426)
3953 - [Minor] Delay pools class 3 fails on clients in network 255
3954 (Bug #1431)
3955
3956Changes to squid-2.5.STABLE11 (22 Sep 2005)
3957
3958 - [Minor] Workaround for servers sending double content-length headers
3959 (Bug #1305)
3960 - [Cosmetic] Updated Spanish error messages by Nicolas Ruiz
3961 - [Cosmetic] Date header corrected on internal objects (icons etc)
3962 (Bug #1275)
3963 - [Minor] squid -k fails in combination with chroot after patch for
3964 bug 1157 (Bug #1307)
3965 - [Cosmetic] Segmentation fault if compiled with
3966 --enable-ipf-transparent but denied access to the NAT device.
3967 (Bug #1313)
3968 - [Minor] httpd_accel_signle_host incompatible with redireection
3969 (Bug #1314)
3970 - [Minor] squid -k reconfigure internal corruption if the type of
3971 a cache_dir is changed (Bug #1308)
3972 - [Minor] SNMP GETNEXT fails if the given OID is outside the Squid MIB
3973 (Bug #1317)
3974 - [Minor] Title in FTP listings somewhat messed up after previous
3975 patch for bug 1220 (Bug #1220)
3976 - [Minor] FTP listings uses "BASE HREF" much more than it needs to,
3977 confusing authentication. (Bug #1204)
3978 - [Minor] winfo_group.pl only looked for the first group if multiple
3979 groups were defined in the same acl. (Bug #1333)
3980 - [Cosmetic] Compiler warnings on some 64-bit platforms (Bug #1316)
3981 - [Cosmetic] Removed some debug output from wb_ntlm_atuh (Bug #518)
3982 - [Cosmetic] The new --with-build-environment=... option doesn't work
3983 - [Cosmetic] New 'mail_program' configuration option in squid.conf
3984 - [Minor] Fails to compile with ip-filter and ARP support on Solaris
3985 x86 (Bug #199)
3986 - [Major] Segmentation fault in sslConnectTimeout (Bug #1355)
3987 - [Medium] assertion failed in StatHist.c:93 (Bug #1325)
3988 - [Minor] More chroot_dir and squid -k reconfigure issues (Bug #1331)
3989 - [Cosmetic] Invalid URLs in error messages when failing to connect
3990 to peer, and a few other inconsistent error messages (Bug #1342)
3991 - [Cosmetic] Fails to compile with glibc -D_FORTIFY_SOURCE=2
3992 (Bug #1344)
3993 - [Minor] Some odd FTP servers respond with 250 where 226 is expected
3994 (Bug #1348)
3995 - [Cosmetic] Greek translation of error messages (Bug #1351)
3996 - [Major] Assertion failed store_status == STORE_PENDING (Bug #1368)
3997 - [Minor] squid_ldap_auth -U does not work (Bug #1370)
3998 - [Minor] SNMP cacheClientTable fails on "long" IP addresses
3999 (Bug #1375)
4000 - [Minor] Solaris Sparc + IP-Filter compile error (Bug #1374)
4001 - [Minor] E-mail sent when cache dies is blocked from many antispam
4002 rules (Bug #1380)
4003 - [Minor] LDAP helpers does not work with TLS (-Z option) (Bug #1389)
4004 - [Cosmetic] Incorrect store dir selection debug message on objects
4005 larger than 2Gigabyte (Bug #1343)
4006 - [Cosmetic] header_id enum misused as an signed integer (Bug #1343)
4007 - [Cosmetic] Allow leaving core dumps when started as root (Bug #1335)
4008 - [Medium] Clients could bypass delay_pool settings by faking a cache
4009 hit request (Bug #500)
4010 - [Minor] IP-Filter 4.X support (Bug #1378)
4011 - [Medium] Odd results on pipelined CONNECT requests
4012 - [Major] Squid crashing with "FATAL: Incorrect scheme in auth header"
4013 when using NTLM authentication.
4014 - [Cosmetic] Odd results when pipeline_prefetch is combined with NTLM
4015 authentication (bug #1396)
4016 - [Minor] invalid host was processed as IP 255.255.255.255 in dst acl
4017 (Bug #1394)
4018 - [Cosmetic] New --with-maxfd=N configure option to override build
4019 time filedescriptor limit test
4020 - [Minor] Added support for Windows code name "Longhorn" on Cygwin.
4021
4022Changes to squid-2.5.STABLE10 (17 May 2005)
4023
4024 - [Minor Security] Fix race condition in relation to old Netscape
4025 Set-Cookie specifications
4026 - [Minor] Fails to parse D.J. Bernstein's FTP EPLF ftp listing
4027 format and PASV resposes (Bug #1252)
4028 - [Medium] BASE HREF missing on ftp directory URLs without /
4029 (Bug #1253)
4030 - [Minor security] confusing http_access results on configuration
4031 error (Bug #1255)
4032 - [Cosmetic] More robust Date parser (Bug #321)
4033 - [Minor] reload_with_ims fails to refresh negatively cached objects
4034 (Bug #1159)
4035 - [Cosmetic] delay_access description clarification (Bug #1245)
4036 - [Cosmetic] Check for integer overflow in size specifications in
4037 squid.conf (Bug #1247)
4038 - [Cosmetic] bzero is a non-standard function not available on all
4039 platforms (Bug #1256)
4040 - [Cosmetic] Compiler warnings if pid_t is not an int (Bug #1257)
4041 - [Cosmetic] Incorrect use of ctype functions (Bug #1259)
4042 - [Cosmetic] Defer digest fetch if the peer is not allowed to be used
4043 (Bug #1261)
4044 - [Minor] Duplicate content-length headers logged incorrectly or
4045 not cleaned up properly (Bug #1262)
4046 - [Cosmetic] Extend relaxed_header_parser to work around "excess
4047 data from" errors from many major web servers. (Bug #1265)
4048 - [Minor] Add HTTP headers to a netdb error messages
4049 - [Minor] Multiple minor aufs issues (Bug #671)
4050 - [Minor] Basic authentication fails with very long logins or
4051 password (Bug #1171)
4052 - [Minor] CONNECT requests truncated if client side disconnects first
4053 (Bug #1269)
4054 - [Minor] --disable-hostname-checks configure option did not work
4055 - [Cosmetic] LDAP helpers adjusted to compile with SUN LDAP SDK
4056 - [Cosmetic] aufs warning about open event filedescriptors on shutdown
4057 - [Medium] Failed to process requests for files larger than 2GB in size
4058 - [Cosmetic] rename() related cleanup
4059 - [Cosmetic] New cachemgr pending_objects and client_objects actions
4060 - [Cosmetic] external acls requiring authentication did not request
4061 new credentials on access denials like proxy_auth does.
4062 - [Cosmetic] Syslog facility now configurable via command line options.
4063 - [Cosmetic] New %a error page template code expanding into the
4064 authenticated user name. (Bug #798)
4065 - [Minor] IP-Filter 4.0 support in --enable-ipf-transparent
4066 - [Minor] Support interception of multiple ports
4067 - [Cosmetic] Allow "squid -k ..." to run even if the local hostname
4068 can not be determined (Bug #1196)
4069 - [Cosmetic] Configuration file parser now handles DOS/Windows formatted
4070 configuration files with CRLF lineendings proper.
4071 - [Minor] Unrecognized Cache-Control directives now forwarded properly
4072 (Bug #414)
4073 - [Minor] Authentication helpers now returns useable information
4074 in the %m error page macro on failed authentication (Bug #1223)
4075 - [Minor] pid file management corrected in chroot use (Bug #1157)
4076 - [Minor Security] Fix for CVE-1999-0710: cachemgr malicouse use.
4077 cachemgr.cgi now reads a config file telling which proxy servers
4078 it can administer.
4079 - [Minor] aufs statistics improvements
4080 - [Minor] SNMP bugfixes and support for SNMPv2(c) (Bug #1288, #1299)
4081 - [Minor] ARP acl documentation and cachemgr config dump corrections
4082 - [Minor] dstdomain/dstdom_regex acls now allow matching of numeric
4083 hostnames in addition to the reverse lookup of the domain name.
4084 - [Security] Internal DNS client hardened against spoofing
4085
4086Changes to squid-2.5.STABLE9 (24 Feb 2005)
4087
4088 - [Medium] Don't retry requests on 403 errors (Bug #1210)
4089 - [Minor] Ignore invalid FQDN DNS responses (Bug #1222)
4090 - [Minor] cache_peer related memory leaks on reconfigure (Bug #1246)
4091 - [Cosmetic] Adjusted to build cleanly with GCC-4 (Bug #1211)
4092 - [Minor] relaxed_header_parser extended to work around even more
4093 broken web servers (Bug #1242)
4094 - [Minor] FTP gatewaying URLs cleaned up slightly, mainly to work
4095 better with Mozilla but also to improve security slightly on
4096 non-anonymous FTP.
4097 - [Minor] High characters allowed un-encoded in FTP and Gopher
4098 listings to allow the user-agent to display data in non-iso8859-1
4099 charsets. (Bug #1220)
4100 - [Cosmetic] format fixes to silence compiler warnings on many
4101 platforms.
4102 - [Major] Assertion failures on certain odd DNS responses (Bug #1234)
4103
4104Changes to squid-2.5.STABLE8 (11 Feb 2005)
4105
4106 - [Minor] 100% CPU usage on half-closed PUT/POST requests (Bug #354,
4107 #1096)
4108 - [Cosmetic] Document -v (protocol version) option to LDAP helpers
4109 - [Minor] The new req_header and resp_header acls segfaults
4110 immediately on parse of squid.conf (Bug #961)
4111 - [Minor] Failure to shut down busy helpers on -k rotate/reconfigure
4112 (Bug #1118)
4113 - [Minor] Don't use O_NONBLOCK on disk files. (Bug #1102)
4114 - [Minor] Squid fails to close TCP connection after blank HTTP
4115 response (Bug #1116)
4116 - [Minor security] Random error messages in response to malformed
4117 host name (Bug #1143)
4118 - [Minor] PURGE should not be able to delete internal objects
4119 (Bug #1112)
4120 - [Minor] httpd_accel_port 0 (virtual) not working correctly (Bug
4121 #1121)
4122 - [Minor] cachemgr vm_objects segfault (Bug #1149)
4123 - [Minor security] Confusing results on empty acl declarations (Bug
4124 #1166)
4125 - [Minor] Don't close all "other" filedescriptors on startup (Bug
4126 #1177)
4127 - [Minor] fakeauth_auth memory leak and NULL pointer access (Bug
4128 #1183)
4129 - [Security] buffer overflow bug in gopherToHTML() (Bug #1189)
4130 - [Medium security] Denial of service with forged WCCP messages
4131 (Bug #1190)
4132 - [Minor] DNS related memory leak on certain malformed DNS responses
4133 (Bug #1197)
4134 - [Minor] Internal DNS sometimes truncates host names in reverse
4135 (PTR) lookups (Bug #1136)
4136 - [Minor Security] Add sanity checks on LDAP user names (Bug #1187)
4137 - [Security] Harden Squid against HTTP request smuggling attacks
4138 - [Minor] Icon URLs fails in non-anonymous FTP directory listings is
4139 short_icon_urls is on (Bug #1203)
4140 - [Security] Harden Squid against HTTP response splitting attacks
4141 (Bug #1200)
4142 - [Medium security] Buffer overflow in WCCP recvfrom() call
4143 (Bug #1217)
4144 - [Security] Properly handle oversized reply headers (Bug #1216)
4145 - [Minor] LDAP helpers search fixed to properly ask for no attributes
4146 - [Minor] A sporadic segmentation fault when using ntlm authentication
4147 fixed (Bug #1127)
4148 - [Major] Segmentation fault on failed PUT/POST requests (Bug #1224)
4149 - [Medium] Persistent connection mismatch on failed PUT/POST request
4150 (Bug #1122)
4151 - [Minor] WCCP easily disturbed by forged packets (Bug #1225)
4152 - [Minor] Password management in ftp:// gatewaying improved (Bug #1226)
4153 - [Major] HTTP reply data corruption in certain situations involving
4154 reply headers split over multiple packets (Bug #1233)
4155
4156Changes to squid-2.5.STABLE7 (11 Oct 2004)
4157
4158 - [Medium] No objects cached in ufs cache_dir type in some
4159 configurations. Issue introduced in 2.5.STABLE6 by the patch for
4160 Bug #676. (Bug #1011)
4161 - [Minor] LDAP helpers update to correct LDAP connection management
4162 and add support for literal password compare instead of binding
4163 - [Minor] A large number of queued DNS lookups for the same domain
4164 (Bug #852)
4165 - [Cosmetic] request_header_max_size configuration partly ignored
4166 (Bug #899)
4167 - [Minor] Partial hit results in TCP_HIT, not TCP_MISS. (Bug #1001)
4168 - [Cosmetic] HEAD requests may return stale information
4169 (Bug #1012)
4170 - [Cosmetic] Warn if cache_dir ufs can not create files. (Bug #918)
4171 - [Minor] case insensitive authentication (Bug #431)
4172 - [Cosmetic] Add delay pools information to active_requests. (Bug
4173 #882)
4174 - [Minor] Apparent memory leak in client_db (Bug #833)
4175 - [Minor] NTLM authentication truncated causing failures. (Bug
4176 #1016)
4177 - [Cosmetic] Grammatical corrections in squid.conf.default
4178 - [Cosmetic] Unknown %X errorpage codes incorrectly quoted. (Bug
4179 #1030)
4180 - [Medium] Segfaults and other strange crashes when using heap
4181 policies. (Bug #1009)
4182 - [Minor] Supplementary group memberships not set (Bug #1021)
4183 - [Cosmetic] ERR_TOO_BIG Portuguese translation
4184 - [Minor] external_acl does not handle newlines (Bug #1038)
4185 - [Major] NTLM authentication denial of service when using msnt_auth
4186 or fake_auth (Bug #1045)
4187 - [Medium] Memory leaks when using NTLM authentication without
4188 challenge reuse. (Bug #994)
4189 - [Minor] Temporary NTLM memory leak with challenge reuse enabled
4190 (Bug #910)
4191 - [Minor] assertion failed: "n_ufs_dirs <=
4192 Config.cacheSwap.n_configured". (Bug #1053)
4193 - [Minor] Segfault in authenticateDigestHandleReply. (Bug #1031)
4194 - [Minor] acl time fails to parse multiple time specifications
4195 (Bug #1060)
4196 - [Minor] cachemgr config dumps mixed up Range and Request-Range
4197 headers in http_header_access & replace directives. (Bug #1056)
4198 - [Minor] Content-Disposition added as a well known header (Bug #961)
4199 - [Cosmetic] Don't warn about arp acls not being supported on FreeBSD
4200 (Bug #1074)
4201 - [Cosmetic] Limit internal send/receive buffer sizes (Bug #1075)
4202 - [Medium] New acl types to match arbitrary HTTP headers. In addition
4203 the http_header_access & replace directives now support arbitrary
4204 headers and not only the well known ones. (Bug #961)
4205 - [Cosmetic] ncsa_auth now accepts Window formatted password files
4206 (Bug #1078)
4207 - [Cosmetic] Support the --program-prefix/suffix options or other
4208 configure program name transforms (Bug #1019)
4209 - [Minor] Fix race condition in CONNECT and also handle aborts of
4210 CONNECT requests in a more graceful manner. (Bug #859)
4211 - [Minor] New balance_on_multiple_ip directive to work around certain
4212 broken load balancers and optimized ipcache on reload requests
4213 (Bug #1058)
4214 - [Medium] New reply_header_max_size directive
4215 (Bug #874)
4216 - [Minor] Suspected instability on aborted PUT/POST requests
4217 (Bug #1089)
4218 - [Security] SNMP Denial of Service fix (CAN-2004-0918)
4219
4220Changes to squid-2.5.STABLE6 (9 Jul 2004)
4221
4222 - Bug #937: NTLM assertion error "srv->flags.reserved"
4223 - Bug #935: squid_ldap_auth can be confused by the use of reserved
4224 characters
4225 - Helper queue warnings imprecise on the number of helpers required
4226 - squid_ldap_auth TLS mode works correctly again
4227 - Bug #940, #305: pkg-config support for finding correct OpenSSL
4228 compile flags
4229 - Bug #426: "Vary: *" is ignored
4230 - 100% CPU usage on Linux-2.2
4231 - Version number should not include -CVS if autoconf is run
4232 - Bug #947: deny_info redirection with requested URL escaped wrongly
4233 - Bug #495: CONNECT timeout should produce a 504 or 503
4234 - Bug #956: cache_swap_log documentation referred to swap.state by
4235 it's old swap.log name
4236 - ntlm/auth_ntlm.c(683): warning #187: use of "=" where "==" may
4237 have been intended
4238 - Bug #962: rfc1035NameUnpack: Assertion (*off) < sz failed
4239 - Bug #954: Segment violation when using a blank user name in digest
4240 authentication
4241 - Bug #943: assertion failed: errorpage.c:292: "mem->inmem_hi == 0"
4242 - Spelling corrections in configure and squid.conf.default
4243 - The meaning of ERR in digest helper protocol clarified in the
4244 squid.conf documentation
4245 - Bug #950: Spelling error in Turkish ERR_DNS_FAIL
4246 - Bug #616: Negative cached 404 replies with VARY header never matched
4247 - Bug #968: range_offset_limit -1 KB rejected as invalid syntax
4248 due to a shortcoming in the fix to bug #817
4249 - Bug #570: Very large cache_mem values reported wrongly in cache.log
4250 - Bug #676: store_dir_select_algorithm least-load doesn't work for
4251 ufs cache_dir type
4252 - Bug #946: cacheCurrentUnlinkRequests should be a counter, not gauge
4253 - Bug #948: Show client ip in cache.log debug output
4254 - Bug #960: compilation issue on OpenBSD/m88k
4255 - Bug #969: FTP directory listing HTML DOCTYPE misread by some tools
4256 - Bug #991: dns_servers should default to localhost if no resolv.conf
4257 - Bug #717: msnt_auth documentation update
4258 - Bug #753: Segfault in memBufVPrintf on certain architectures
4259 requiring va_copy
4260 - Bug #941: Negative size in access.log on long running CONNECT
4261 requests
4262 - Bug #972: Segmentation fault after "Likely proxy abuse detected"
4263 - Bug #981: sasl_auth updated to work with SALS2
4264 - Overflow bug in Squid's ntlm_auth helper used for transparent NTLM
4265 authentication to a NT domain without using Samba.
4266
4267Changes to squid-2.5.STABLE5 (1 Mar 2004):
4268
4269 - cache.log message on "squid -k reconfigure" was slightly confusing,
4270 claiming Squid restarted when it just reread the configuration.
4271 - Bug #787: digest auth never detects password changes
4272 - Bug #789: login with space confuses redirector helpers
4273 - Bug #791: FQDNcache discards negative responses when using
4274 internal DNS
4275 - pam_auth fails on Solaris when using pam_authtok_get. Persistent
4276 PAM connections are unsafe and now disabled by default.
4277 - auth_param documentation clarifications and added default realm
4278 values making only the helper program a required attribute
4279 - Bug #795: German ERR_DNS_FAIL correction
4280 - Bug #803: Lithuanian error messages update
4281 - Bug #806: Segfault if failing to load error page
4282 - Bug #812: Mozilla/Netscape plugins mime type defined (.xpi)
4283 - Bug #817: maximum_object_size too large causes squid not to cache
4284 - Bug #824: 100% CPU loop if external_acl combined with separate
4285 authentication acl in the same http_access line
4286 - squid_ldap_group updated to version 2.12 with support for ldaps://
4287 (LDAPv2 over SSL) and a numer of other improvements.
4288 - Bug #799: positive_dns_ttl ignored when using internal DNS.
4289 - Bug #690: Incorrect html on empty Gopher responses
4290 - Bug #729: --enable-arp-acl may give warning about net/route.h
4291 - Bug #14: attempts to establish connection may look like syn flood
4292 attack if the contacted server is refusing connections
4293 - errorpage README files included in the distribution again showing
4294 who contributed which translation
4295 - Bug #848: connect_timeout connect_timeout ends up twice the length.
4296 forward_timeout option added to address this.
4297 - Bug #849: DNS log error messages should report the failed query
4298 - Bug #851: DNS retransmits too often
4299 - Bug #862: Very frequently repeated POST requests may cause a
4300 filedescriptor shortage due to persitent connections building up
4301 - Bug #853: Sporatic segmentation faults on aborted FTP PUT requests
4302 - Bug #571: Need to limit use of persistent connections when
4303 filedescriptor usage is high
4304 - Bug #856: FTP/Gopher Icon URLs are unneededly complex and often
4305 does not work properly
4306 - Bug #860: redirector_access does not handle "slow" acls such as
4307 "dst" or "external" requiring a external lookup.
4308 - Bug #865: Persistent connection usage too high after sudden burst
4309 of traffic.
4310 - Bug #867: cache_peer max-conn=.. option does not work
4311 - Bug #868: refuses to start if pid_filename none is specified
4312 - Bug #887: LDAP helper -Z (TLS) option does not work
4313 - Bug #877: Squid doesn't follow telnet protocol on FTP control
4314 connections
4315 - Bug #908: Random auth popups and account lockouts when using ntlm
4316 - Support for NTLM_NEGOTIATE exchanges with ntlm helpers
4317 - Bug #585: cache_peer_access fails with NTLM authentication
4318 - Bug #592: always/never_direct fails with NTLM authentication
4319 - wbinfo_group update for Samba-3
4320 - Bug #892: helpers/ntlm_auth/SMB/ fails to compile on FreeBSD 5.0
4321 - Bug #924: miss_access restricts internal and cachemgr requests
4322 even if these are local
4323 - Bug #925: auth headers send by squidclient are mildly malformed
4324 - Bug #922: miss_access and delay_access and several other
4325 authentication related bug fixes.
4326 - Bug #909: Added ARP acl support for FreeBSD
4327 - Bug #926: deny_info with http_reply_access or miss_access
4328 - Bug #872: reply_body_max_size problems when using NTLM auth
4329 - Bug #825: random segmentation faults when using digest auth
4330 - Bug #910: Partial fix for temporary memory leaks when using NTLM
4331 auth. There is still problems if challenge reuse is enabled.
4332 - ftp://anonymous@host/ now accepted without requiring a password
4333 - Bug #594: several mime type updates (ftp:// related)
4334 - url_regex enhanced to allow matching of %00
4335
4336Changes to squid-2.5.STABLE4 (15 Sep 2003):
4337
4338 - Lithuanian error messages added to the distribution
4339 - Bug #660: segfauld if more than one custom deny_info line
4340 - cache_dir disd documentation cleanup
4341 - check open of /dev/null to avoid 100% CPU loop in badly
4342 configured chroot environments
4343 - documentation update on uri_whitespace to refer to the correct RFC
4344 - Bug #655: icmpRecv: recv: (11) Resource temporarily unavailable
4345 - Bug #683: external_acl does not wait for ident lookups to complete
4346 - aufs: Fix a minor use-after-free problem which could cause the
4347 count of opening filedescriptors to grow larger than it should
4348 - Syntax changes to make GCC-3.3 accept Squid without complaints
4349 - Warning if CARP server defined in incorrect load factor order
4350 - neighbor_type_domain documentation update
4351 - http_header_access now works when using cache peers
4352 - high_memory_warning now uses sbrk as fallback mechanism on
4353 platforms where neither mallinfo or mstats are available.
4354 - hosts_file now handles comments at the end of lines correcly
4355 - storeCheckCachable() Stats corrected for release_request and
4356 wrong_content_length.
4357 - cachePeerPingsSent MIB type corrected
4358 - unused minimum_retry_timeout directive removed
4359 - Bug #702: ERR_TO_BIG spanish translation
4360 - Bug #705: Memory leak on deny_info TCP_RESET
4361 - Code cleanup to fix compile error in httpHeaderDelById
4362 - Bug #699: Host header now forwarded exactly where it was in the
4363 original request to work around certain broken firewalls or
4364 load balancers which fail if this header is too far into the
4365 request headers.
4366 - Bug #704: Memory leak on reply_body_max_size
4367 - Bug #686: requests denied due to http_reply_access are now
4368 logged with TCP_DENIED (instead of TCP_MISS, etc).
4369 - Bug #708: ie_refresh now sends no-cache to have the reload
4370 request propagate properly in cache meshes
4371 - Bug #700: Crashes related to ftpTimeout: timeout in SENT_PASV state
4372 - Bug #709: cbdata.c:186: "c->valid" assertion due to peer
4373 digest not found
4374 - Bug #710: round-robin cache_dir selection incorrectly
4375 compares max-size.
4376 - Statistics corrections in HTTP header statitics
4377 - QUICKSTART cleanups
4378 - Bug #715: statCounter.syscalls.disk counters treated
4379 inconsistently. Now increment the counters in AUFS
4380 functions and for unlinkd.
4381 - Improvements to the (experimental) COSS storage scheme.
4382 - Bug #721: User name field in access.log sometimes blank
4383 - Bug #94: assertion failed: http.c: "-1 == cfd ||
4384 FD_SOCKET == fd_table[cfd].type"
4385 - Bug #716: assertion failed: client_side.c:1478: "size > 0"
4386 - Bug #732: aufs calculates number of threads and limits wrongly
4387 - Bug #663: Username not logged into access.log in case of /407
4388 - Bug #267: Form POSTing troubles with NTLM authentication
4389 and occationally in differen other error conditions.
4390 - Bug #736: ICP dynamic timeout algorithm ignores multicast.
4391 - Bug #733: No explicit error message when ncsa_auth can't access
4392 passwd file
4393 - Bug #267, #757: POST with NTLM stops after persistent connection
4394 timeout
4395 - Bug #742: Wrong status code on access denials if delay_access
4396 is used. Most notably 407 instead of 403 could be returned.
4397 - Bug #763: segfault if using ntlm in http_reply_access
4398 - Bug #638: assertion error if using proxy_auth in delay_access
4399 - Bug #756: segmentation fault if using ntlm proxy_auth in delay_access
4400 - The issue of reply_body_max_size limiting the size of error
4401 messages no longer applies.
4402 - external_acl_type concurrency= option renamed to children= to
4403 prepare for Squid-3 upgrades. Old syntax still accepted for the
4404 duration of the Squid-2.5 release.
4405 - number of filedescriptors rounded down to an even multiple of 64
4406 to work around issues in certain libc implementations.
4407 - winbind helpers less noisy in cache.log on restarts/shutdown.
4408 - Squid now automatically restarts helpers if too many of them
4409 have crashed.
4410
4411Changes to squid-2.5.STABLE3 (25 May 2003):
4412
4413 - Bug #573: Occational false negatives in external acl lookups
4414 - Bug #577: assertion failed: cbdata.c:224: "c->y == c" when
4415 external_acl helpers crashes
4416 - Bug #590: Squid may hang or behave oddly on shutdown while
4417 requests is being processed.
4418 - Bug #590: external acl lookups does not deal well with queue
4419 overload
4420 - cache_effective_user documentation update
4421 - cache_peer documentation update for htcp and carp
4422 - Bug #600: The example header_access paranoid setting is
4423 missing WWW-Authenticate
4424 - Bug #605: Segmentation fault in idnsGrokReply() on certain
4425 platforms
4426 - Fixes to build properly on AIX 5
4427 - Bug #574: wb_group updated to version 1.1 to make group names
4428 case insensitive and correct a segfault issue in the helper
4429 - SNMP mib updates to make cacheNumObjCount,
4430 cacheCurrentUnlinkRequests, cacheCurrentSwapSize and cacheClients
4431 correctly report as gauges (was reporting as counters).
4432 - Woraround for --enable-ssl Kerberos issue on RedHat 9
4433 - Bug #579: Close and repopen log files on "squid -k reconfigure"
4434 - Bug #598: squid_ldap_auth could segfault if LDAP server is
4435 unavailable
4436 - Bug #609,#612: msntauth helper fixes in dealing with large
4437 or non-existing allow/deny user files.
4438 - Bug #620: acl ident REQUIRED matches even if the ident lookup fails
4439 - Bug #432: reply_body_max_size fails with ident or proxy_auth acls
4440 and also fails to block large objects where the content-length
4441 is not known
4442 - Bug #606: Basic auth looping and gets stuck at high CPU usage when
4443 multiple proxy_auth ACLs combined in one line and login fails.
4444 - squid_ldap_auth updated with support for TLS and SSL
4445 - Bug #623: segfault if using negated external acls in certain
4446 configurations involving other acls later on the same http_access
4447 line.
4448 - Bug #622: wb_group helper update to version 1.2 to ass support for
4449 Domain-Qualified groups refering to groups in a specific domain
4450 - Bug #596: logic error in poll() error management
4451 - Bug #597: logic errors in error management
4452 - Bug #591: segmentation fault in authentication on "squid -k debug"
4453 - Bug #587: smb_auth fails on complex logins involving domain names
4454 or other odd characters
4455 - Bug #558, #587: smb_auth.pl fails on complex logins involving
4456 domain names or other odd characters
4457 - Bug #643: external_acl fails with ttl=0 due to a change introduced
4458 by the patch for Bug #553 in 2.5.STABLE2.
4459 - Bug #630: minor issues in digest authantication causing random
4460 authentication failures and incompability with many mainstream
4461 browser digest implementations due to browser qop bugs. To deal
4462 with those broken browser nonce_stricness now defaults to off,
4463 and two new digest options have been added (check_nonce_count
4464 and post_workaround) to allow workarounds to other quite bad
4465 browser bugs if needed.
4466 - Bug #644: digest authentication fails on requests with one
4467 or more comma in the requested URL
4468 - Bug #648: deny_info TCP_RESET not working. The fix for this also
4469 adds the ability to send redirects.
4470
4471Changes to squid-2.5.STABLE2 (Mars 17, 2003):
4472
4473 - Contrib files added back to the distribution
4474 - Several compiler warnings fixed when using --disable-ident or
4475 --disable-http-violations
4476 - authentication can now be used in most access controls, but
4477 must in most cases first be enforced in http_access to force
4478 the user to authenticate.
4479 - cleanups in the developer bootstrap.sh process when preparing
4480 the sources.
4481 - several squid.conf.default documentation updated to correctly
4482 refer to the current names when refering to other directives
4483 - authenticate_ip_ttl documentation updates
4484 - several assertion faults and segmentation violations corrected
4485 - the RunCache/RunAccel and squid.rc scripts updated to refer to
4486 the squid binary in sbin rather than the old bin location.
4487 - squid_ldap_auth command line processing fixes when specifying
4488 the LDAP server last on the line instead of -h option
4489 - aufs data corruption bugfix
4490 - aufs performance improvement for low traffic systems
4491 - aufs stability improvements
4492 - external_acl corrected to properly deal with quoted strings
4493 - WCCPv1 bugfix to make sure the router accepts the hash assignments
4494 - "Total accounted memory" now correctly reported in cachemgr
4495 - several small memory leaks (mostly reconfigure related)
4496 - new squid.conf option to allow GET/HEAD requests with a request
4497 entity
4498 - "make uninstall" no longer removes squid.conf
4499 - cachemgr.cgi now uses POST to avoid having the cachemgr password
4500 logged in the web server logs
4501 - authentication schemes which are known to not be proxyable are now
4502 filtered out from forwarded server replies to avoid that the clients
4503 tries to use such schemes when we know for a fact it won't work
4504 - spelling corrections in various error messages
4505 - now possible to define acl values with spaces in them
4506 by using the "include file" feature
4507 - squid_ldap_group updated to 2.10 to fix compilation issues with
4508 recent (and older) OpenLDAP libraries and to make the helper deal
4509 correctly with true LDAP groups by first looking up the user DN.
4510 - Some internal code cleanups
4511 - now verifies that programs etc exists iside the chroot directory
4512 when using chroot_dir. No longer neccesary to set up a split view
4513 environment where the same paths works both inside the chroot and
4514 outside just to convince Squid that the files is actually there..
4515 - improved memory usage reporting
4516 - --disable-hostname-checks configure option
4517 - no longer ignores double dots in host names. Any hostname with
4518 double dots is now rejected as invalid.
4519 - log_mime_hdrs no longer logs garbage if very long headers
4520 are seen.
4521 - 'select_fds_hist' object added to cachemgr 'histogram' output
4522 - pid file now unlinked when squid has really shut down, not
4523 immediately when the shutdown request is received. This allows
4524 the pid file to be monitored to determine when Squid has shut down
4525 properly
4526 - correct authentication scheme setups on some platforms or compilers
4527 - several squid.conf.default documentation updates to remove references
4528 to renamed or replaced directives by changing them to their current
4529 names.
4530 - the SSL reverse proxy support updated to allow building with
4531 OpenSSL 0.9.7 and and later.
4532 - Corrected a minor performance problem while processing HEAD replies
4533 from various broken web servers not sending a correct HTTP reply
4534 - time acls can now specify multiple times in the same acl name, like
4535 most other acl types.
4536 - winbind helpers updated to match Samba-2.2.7a and should
4537 work with Samba-2.2.6 or later (required). For compability with
4538 older Samba versions A new configure option --with-samba-sources=...
4539 has been added to allow you to specify which Samba version the
4540 helpers should be built for if different than the above versions.
4541 - Squid MIB definition syntax correction to work better with newer
4542 (and older) SNMP tools.
4543 - Fixed access.log format when logging "error:invalid-HTTP-ident" on
4544 requests where parsing the HTTP identifier (HTTP/1.0) failed.
4545 - "make distclean" no longer removes the icons, this avoids the
4546 dependency on "uudecode" to rebuild Squid after "make distclean"
4547 - User name returned by external acl lookups (external_acl_type)
4548 is now available as "ident" in later acl checks in addition to
4549 the logging in access.log.
4550 - Incorrect behaviour of Digest authentication partly corrected - it
4551 will not handle sessions, but will always enforce password
4552 correctness.. (patch submitted by Sean Burford).
4553 - Issue with persistent connections and PUT/POST request corrected
4554
4555Changes to squid-2.5.STABLE1 (September 25, 2002):
ddf1c0c4 4556
94439e4e 4557 - Major rewrite of proxy authentication to support other schemes
4558 than basic. First in the line is NTLM support but others can
a2794549 4559 easily be added (minimal digest is present). See Programmers Guide.
6437ac71 4560 (Robert Collins & Francesco Chemolli)
94439e4e 4561 - Reworked how request bodies are passed down to the protocols.
4562 Now all client side processing is inside client_side.c, and
4563 the pass and pump modules is no longer used.
3ff01c3e 4564 used by Squid.
722a4b40 4565 - Optimized searching in proxy_auth and ident ACL types. Squid should
4566 now handle large access lists a lot more efficiently.
05fbbc17 4567 (Francesco Chemolli)
e396d395 4568 - Fixed forwarding/peer loop detection code (Brian Degenhardt) -
4569 now a peer is ignored if it turns out to be us, rather than
4570 committing suicide
1224d740 4571 - Changed the internal URL code to obey appendDomain for internal
4572 objects if it needs appending. This fixes weirdnesses where
4573 a machine can think it is "foo.bar.com", and "foo" is requested.
4574 (Brian Degenhardt)
a2794549 4575 - Added the use of Automake to create the Makefile.in's in the squid
4576 source tree. This will allow libtool in the future, and immediately
4577 allows better dependency tracking - with or without gcc - as well
4578 as the dist-all and distcheck targets for developers which respectively
4579 build a tar.gz and a tar.bz2 distribution, and check that what will be
4580 distributed builds.
d6827718 4581 - Added TOS and source address selection based on ACLs,
4582 written by Roger Venning. This allows administrators to set
4583 the TOS precedence bits and/or the source IP from a set of
4584 available IPs based upon some ACLs, generally to map different
4585 users to different outgoing links and traffic profiles.
50821507 4586 - Added 'max-conn' option to 'cache_peer'
4587 - Added SSL gatewaying support, allowing Squid to act as a SSL server
4588 in accelerator setups.
4e2c57a0 4589 - SASL authentication helper by Ian Castle
6474667e 4590 - msntauth updated to v2.0.3
3e4057db 4591 - no_cache now applies to cache hits as well as cache misses
810118ab 4592 - the Gopher client in Squid has been significantly improved
05463204 4593 - Squid now sanity checks FTP data connections to ensure the
6474667e 4594 connection is from the requested server. Can be disabled if
05463204 4595 needed by turning off the ftp_sanitycheck option.
98858605 4596 - external acl support. A mechanism where flexible ACL checks
4597 can be driven by external helpers. See the external_acl_type
4598 and acl external directives.
3e4057db 4599 - Countless other small things and fixes
2d8d56b0 4600 - HTML pages generated by Squid or CacheMgr as well as the
4601 ERR documents now contain a doctype declaration so that
22567bb5 4602 browsers know which HTML specification the document uses.
2d8d56b0 4603 In addition to that they have a new look (background-color, font)
4604 and are valid according to the HTML standards at www.w3.org.
3ff01c3e 4605 (Clemens L ser)
9bbd1655 4606 - Login and password send to Basic auth helpers is now URL escaped
4607 to allow for spaces and other "odd" characters in logins and
4608 passwords
c90fbf46 4609 - Proxy Authentication is no longer blindly forwarded to peer
4610 caches if not used locally. If forwarding of proxy authentication
4611 is desired then it must now be configured with the login=PASS
4612 cache_peer option.
6474667e 4613 - Responses with Vary: in the header are now cached by squid.
1239cfea 4614 (Henrik Nordstrom).
3ff01c3e 4615 - Removed unused 'siteselect_timeout' directive.
c5bc64d3 4616
dde94193 4617Changes to Squid-2.4.STABLE7 (July 2, 2002):
4618
4619 - Squid now drops any requests using transfer-encoding.
4620 Squid is a HTTP/1.0 proxy and as such do not support
4621 the use of transfer-encoding.
4622 - The MSNT auth helper has been updated to v2.0.3+fixes for
4623 buffer overflow security issues found in this helper.
4624 - A security issue in how Squid forwards proxy authentication
4625 credentials has been fixed
4626 - Minor changes to support Apple MAC OS X and some other platforms
4627 more easily.
4628 - The client -T option has been implemented
4629 - HTCP related bugfixes in "squid -k reconfigure"
4630 - Several bugfixes and cleanup of the Gopher client, both
4631 to correct some security issues and to make Squid properly
4632 render certain Gopher menus.
4633 - FTP data channels are now sanity checked to match the address of
4634 the requested FTP server. This to prevent theft or injection of
4635 data. See the new ftp_sanitycheck directive if this is not desired.
4636 - Security fixes in how Squid parses FTP directory listings into HTML
4637
c5bc64d3 4638Changes to Squid-2.4.STABLE6 (March 19, 2002):
4639
722a4b40 4640 - The patch for 2.4.STABLE5 was insufficiently tested and
c5bc64d3 4641 introduced a bug that causes frequent assertions when
4642 handling DNS PTR answers.
4643
4644Changes to Squid-2.4.STABLE5 (March 15, 2002):
4645
4646 - Fixed an array bounds bug in lib/rfc1035.c. This bug
4647 could allow a malicious DNS server to send bogus replies
4648 and corrupt the heap memory.
4649
572b218d 4650Changes to Squid-2.4.STABLE4 (Feb 19, 2002)
08e8e4d0 4651
722a4b40 4652 - htcp_port 0 now properly disables htcp
6474667e 4653 - Fixed problem with certain non-anonymous ftp:// style URL's
08e8e4d0 4654 - SNMP bugfixes including several memory leaks
4655
4656Changes to Squid-2.4.STABLE3 (Nov 28, 2001):
4657
4658 - Fixed bug #255: core dump on SSL/CONNECT if access denied by
4659 miss_access
4660 - Fixed bug #246: corrupt on-disk meta information preventing
4661 rebuilds of lost swap.state files
4662 - Fixed bug #243: squid_ldap_auth now supports spaces in passwords
4663 - Fixed a coredump when creating FTP directories
4664 - Fixed a compile time problem with statHistDump prototype mistmatch,
4665 reported by some compilers
4666 - Fixed a potential coredump situation on snmpwalk in certain
4667 configurations
4668 - Fixed bug #229: filedescriptor leakage in the "aufs" cache_dir
4669 store implementation
4670 - Serbian error message translations
4671
50821507 4672Changes to Squid-2.4.STABLE2 (Aug 24, 2001):
4673
722a4b40 4674 - Expanded configure's GCC optimization disabling check to
50821507 4675 include GCC 2.95.3
4676 - avoid negative served_date in storeTimestampsSet().
4677 - Made 'diskd' pathnames more configurable
4678 - Make sure squid parent dies if child is killed with
4679 KILL signal
4680 - Changed diskd offset args to off_t instead of int
4681 - Fixed bugs #102, #101, #205: various problems with useragent
4682 log files
4683 - Fixed bug #116: Large Age: values still cause problems
4684 - Fixed bug #119: Floating point exception in
4685 storeDirUpdateSwapSize()
4686 - Fixed bug #114: usernames not logged with
4687 authenticate_ip_ttl_is_strict
722a4b40 4688 - Fixed bug #115: squid eating up resources (eventAdd args)
50821507 4689 - Fixed bug #125: garbage HTCP requests cause assertion
4690 - Fixed bug #134: 'virtual port' support ignores
4691 httpd_accel_port, causes a loop in httpd_accel mode
4692 - Fixed bug #135: assertion failed: logfile.c:135: "lf->offset
4693 <= lf->bufsz"
4694 - Fixed bug #137: Ranges on misses are over-done
4695 - Fixed bug #160: referer_log doesn't seem to work
4696 - Fixed bug #162: some memory leaks (SNMP, delay_pools,
4697 comm_dns_incoming histogram)
4698 - Fixed bug #165: "Store Mem Buffer" leaks badly
4699 - Fixed bug #172: Ident Based ACLs fail when applied to
4700 cache_peer_access
4701 - Fixed bug #177: LinuxPPC 2000 segfault bug due to varargs abuse
4702 - Fixed bug #182: 'config' cachemgr option dumps core with
4703 null storage
4704 - Fixed bug #185: storeDiskdDirParseQ[12]() use wrong number
4705 of args in debug/printf
4706 - Fixed bug #187: bugs in lib/base64.c
4707 - Fixed bug #184: storeDiskdShmGet() assertion; changed
4708 diskd to use bitmap instead of linked list
4709 - Fixed bug #194: Compilation fails on index() on some
722a4b40 4710 non-BSD platforms
50821507 4711 - Fixed bug #197: refreshIsCachable() incorrectly checks
4712 entry->mem_obj->reply
4713 - Fixed bug #215: NULL pointer access for proxy requests
4714 in accel-only mode
4715
4716Changes to Squid-2.4.STABLE1 (Mar 20, 2001):
4717
4718 - Fixed a bug in and cleaned up class 2/3 delay pools
4719 incrementing.
4720 - Fixed a coredump bug when using external dnsservers that
4721 become overloaded.
4722 - Fixed some NULL pointer bugs for NULL storage system
4723 when reconfiguring.
4724 - Fixed a bug with useragent logging that caused Squid to
4725 think the logfile never got opened.
4726 - Fixed a compiling bug with --disable-unlinkd.
4727 - Changed src/squid.h to always use O_NONBLOCK on Solaris
4728 if it is defined.
4729 - Fixed a bug with signed/unsigned bitfield flag variables
4730 that caused problems on Solaris.
4731 - Fixed a bug in clientBuildReplyHeader() that could add
4732 an Age: header with a negative value, causing an assertion
4733 later.
4734 - Fixed an SNMP reporting bug. cacheCurrentResFileDescrCnt
4735 was returning the number of FDs in use, rather than
4736 the number of reserved FDs.
4737 - Added the 'pipeline_prefetch' configuration option.
4738 - cache_dir syntax changed to use options instead of many
4739 arguments. This means that the max_objsize argument now
4740 is an optional option, and that the syntax for how to
722a4b40 4741 specify the diskd magics is slightly different.
50821507 4742 - Various fixes for CYGWIN
4743 - Upgraded MSNT auth module to version 2.0.
4744 - Fixed potential problems with HTML by making sure all
4745 HTML output is properly encoded.
4746 - Fixed a memory initialization problem with resource records in
4747 lib/rfc1035.c.
4748 - Rewrote date parsing in lib/rfc1123.c and made it a little
4749 more lenient.
4750 - Added Cache-control: max-stale support.
4751 - Fixed 'range_offset_limit' again. The problem this time
4752 is that client_side.c wouldn't set the we_dont_do_ranges
4753 flag for normal cache misses. It was only being set for
4754 requests that might have been hits, but we decided to
4755 change to a miss.
4756 - Added the Authenticate-Info and Proxy-Authenticate-Info
4757 headers from RFC 2617.
4758 - HTTP header lines longer than 64K could cause an assertion.
4759 Now they get ignored.
4760 - Fixed an IP address scanning bug that caused "123.foo.com"
4761 to be interpreted as an IP address.
4762 - Converted many structure allocations to use mem pools.
4763 - Changed proxy authentication to strip leading whitespace
4764 from usernames after decoding.
4765 - Prevented NULL pointer access in aclMatchAcl(). Some
4766 ACL types require checklist->request_t, but it won't be
4767 available in some cases (like snmp_access). Warn the
4768 admin that the ACL can't be checked and that we're denying
4769 it.
4770 - Allow zero-size disk caches.
4771 - The actual filesystem blocksize is now used to account
4772 for space overheads when calculating on-disk cache size.
4773 - Made the maximum memory cache object size configurable.
4774 - Added 'minimum_direct_rtt' configuration option.
4775 - Added 'ie_refresh' configuration option, which is a hack
4776 to turn IMS requests into no-cache requests.
58d1265f 4777 - Added support for netfilter in linux-2.4. This allows transparent
4778 proxy connections to function correctly in the absence of a Host:
4779 header. This requires --enable-linux-netfilter to be passed through
4780 to configure. (Evan Jones)
50821507 4781 - Fixed a bug with clientAccessCheck() that allowed proxy
4782 requests in accel mode.
4783 - Fixed a bug with 301/302 replies from redirectors. Now
4784 we force them to be cache misses.
4785 - Accommodated changes to the IP-Filter ioctl() interface
4786 for intercepted connections.
4787 - Fixed handling of client lifetime timeouts.
4788 - Fixed a buffer overflow bug with internal DNS replies
4789 by truncating received packets to 512 bytes, as per
4790 RFC 1035.
4791 - Added "forward.log" support, but its work in progress.
4792 - Rewrote much of the IP and FQDN cache implementation.
4793 This change gets rid of pending hits.
4794 - Changed peerWouldBePinged() to return false if our
4795 ICP/HTCP port is zero (i.e. disabled).
4796 - Changed src/net_db.c to use src/logfile.c routines,
4797 rather than stdio, because of solaris stdio filedescriptor
4798 limits.
4799 - Made netdbReloadState() more robust in case of corrupted
4800 data.
4801 - Rewrote some freshness/staleness functions in src/refresh.c,
4802 partially inspired to support cache-control max-stale.
4803 - Fixed status code logging for SSL/CONNECT requests.
4804 - Added a hack to subtract cache digest network traffic
4805 from statistics so that byte hit ratio stays positive
4806 and more closely reflects what people expect it to be.
4807 - Fixed a bug with storeCheckTooSmall() that caused
4808 internal icons and cache digests to always be released.
4809 - Added statfs(2) support for displaying actual filesystem
4810 usage in the cache manager 'storedir' output.
4811 - Changed status reporting for storage rebuilding. Now it
4812 prints percentage complete instead of number of entries
4813 parsed.
4814 - Use mkstemp() rather than problem-prone tempnam().
4815 - Changed urlParse() to condense multiple dots in hostnames.
4816 - Major rewrite of async-io (src/fs/aufs) to make it behave
4817 a bit more sane with substantially less overhead. Some
4818 tuning work still remains to make it perform optimal.
4819 See the start of store_asyncufs.h for all the knobs.
4820 - Fixed storage FS modules to use individual swap space
4821 high/low values rather than the global ones.
4822 - Fixed storage FS bugs with calling file_map_bit_reset()
4823 before checking the bit value. Calling with an invalid
4824 value caused memory corruption in random places.
4825 - Prevent NULL pointer access in store_repl_lru.c for
4826 entries that exist in the hash but not the LRU list.
4827
cab24814 4828Changes to Squid-2.4.DEVEL4 ():
ad445e36 4829
ddf1c0c4 4830 - Added --enable-auth-modules=... configure option
83b381d5 4831 - Improved ICP dead peer detection to also work when the workload
4832 is low
a8c926ff 4833 - Improved TCP dead peer detection and recovery
4834 - Squid is now a bit more persistent in trying to find a alive
4835 parent when never_direct is used.
4836 - nonhierarchical_direct squid.conf directive to make non-ICP
4837 peer selection behave a bit more like ICP selection with respect
4838 to hierarchy.
4839 - Bugfix where netdb selection could override never_direct
4840 - ICP timeout selection now prefers to use parents only when
4841 calculating the dynamic timeout to compensate for common RTT
4842 differences between parents and siblings.
c1fc651e 4843 - No longer starts to swap out objects which are known to be above
4844 the maximum allowed size.
987de783 4845 - allow-miss cache_peer option disabling the use of "only-if-cached".
4846 Meant to be used in conjunction with icp_hit_stale.
c8b40803 4847 - Delay pools tuned to allow large initial pool values
0343b99c 4848 - cachemgr filesystem space information changed to show useable space
4849 rather than raw space, and platform support somewhat extended.
890b0fa8 4850 - Logs destination IP in the hierarchy log tag when going direct.
4851 (can be disabled by turning log_ip_on_direct off)
ff21eb3e 4852 - Async-IO on linux now makes proper use of mutexes. This fixes some
4853 odd pthread segfaults on SMP Linux machines, at a slight performance
4854 penalty.
722a4b40 4855 - %s can now be used in cache_swap_log and will be substituted with
a80e50c7 4856 the last path component of cache_dir.
4d55827a 4857 - no_cache is now a full ACL check without, allowing most ACL types
4858 to be used.
f1003989 4859 - The CONNECT method now obeys miss_access requirements
145cf928 4860 - proxy_auth_regex and ident_regex ACL types
3cdb7cd0 4861 - Fixed a StoreEntry memory leak during "dirty" rebuild
4862 - Helper processes no longer hold unrelated filedescriptors open
e40aa8da 4863 - Helpers are now restarted when the logs are rotated
afc1e43f 4864 - Negatively cached DNS entries are now purged on "reload".
4865 - PURGE now also purges the DNS cache
722a4b40 4866 - HEAD on FTP objects no longer retrieves the whole object
aca95add 4867 - More cleanups of the dstdomain ACL type
288c06ce 4868 - Squid no longer tries to do Range internally if it is not supported
4869 by the origin server. Doing so could cause bandwidth spikes and/or
4870 negative hit ratio.
13c7936a 4871 - httpd_accel_single_host squid.conf directive
82056f1e 4872 - "round-robin" cache_peer counters are reset every 5 minutes to
4873 compensate previously dead peers
4fe0e1d0 4874 - DNS retransmit parameters
858783c9 4875 - Show all FTP server messages
6b53c392 4876 - squid.conf.default now indicates if a directive isn't enabled in
4877 the installed binary, and what configure option to use for enabling it
418cbe9f 4878 - Fixed a temporary memory leak on persistent POSTs
304d289e 4879 - Fixed a temporary memory leak when the server response headers
4880 includes NULL characters
ba2b31a8 4881 - authenticate_ip_ttl_is_strict squid.conf option
4882 - req_mime_type ACL type
afb87666 4883 - A reworked storage system that supports storage directories in
4884 a more modular fashion. The object replacement and IO is now
4885 responsibility of the storage directory, and not of the storage
4886 manager.
722a4b40 4887 - Fixed a bogus MD5 mismatch warning sometimes seen when using
e7407eb8 4888 aufs or diskd stores
ce3d30fb 4889 - Added --enable-stacktraces configure option to set PRINT_STACK_TRACE,
4890 and extended support for this to Linux/GNU libc.
af57a2e3 4891 - Disabled the "request timeout" error message sent if the user agent
4892 did not provide a request in a timely manner after opening the
4893 connection. Now the connection is silently closed. The error message
4894 was confusing user agents utilizing persistent connections.
cab24814 4895 - Fixed configure --enable descriptions to match the arg names.
4896 - Eliminated compile warnings from auth_modules/MSNT code.
4897 - Require first character of hostnames to be alphanumeric.
4898 - Made ARP ACL work for Solaris.
4899 - Removed storeClientListSearch().
4900 - Added counters to track diskd operation success and
4901 failures.
4902 - Fixed range_offset_limit.
4903 - Added code to retry ServFail replies for internal DNS
4904 lookups.
4905 - Added referer header logging (Jens-S. Voeckler).
4906 - Added "multi-domain-NTLM" authentication module, a Perl
4907 script from Thomas Jarosch.
4908 - Added configurable warning messages for high memory usage,
4909 high response time, and high page faults.
4910 - Made store dir selection algorithm configurable.
4911 - Added support for admin-definable extension methods,
4912 up to 20.
16689110 4913 - Added 'maximum_object_size_in_memory' as a configuration option -
4914 this defines the watermark where objects transit from being true
4915 hot objects to being in-transit objects in memory. It currently
4916 defaults to 8 KB.
5cd41d0d 4917 - Change to the fqdn code which changes how pending DNS requests
4918 are treated as private and only become public once they are
4919 completed. This can add extra load on DNS servers but prevents
4920 all the pending clients blocking if one of the queries got
4921 stuck. (Duane Wessels)
7e543177 4922 - Converted more code to use MemPools, from Andres Kroonmaa.
4923 - Added more CYGWIN patches from Robert Collins.
e7407eb8 4924
4925Changes to Squid-2.4.DEVEL3 ():
4926
4927 - Added Logfile module.
4928 - Added DISKD stats via cachemgr.
4929 - Added squid.conf options for DISKD magic constants.
ad445e36 4930
e7407eb8 4931Changes to Squid-2.4.DEVEL2 (Feb 29, 2000):
ad445e36 4932
4933Changes to Squid-2.4.DEVEL1 ():
4934
42b51993 4935Changes to Squid-2.3.STABLE4 (July 18, 2000):
4936
4937 - Fixed --localstatedir configure option (IKEDA Shigeru).
4938 - Fixed IPFilter headers on OpenBSD (Nic Bellamy, Brad
4939 Smith).
4940 - Added pthread_sigmask() check to configure (Daniel
4941 Ehrlich).
4942 - Added CYGWIN patches from Robert Collins.
4943 - Changed internal DNS lookups to retry queries that are
4944 returned with RCODE 2 (ServFail).
4945 - Added 'virtual port' support (Gregg Kellogg). If
4946 'httpd_accel_uses_host_header' is enabled, then we use
4947 the port number from the Host header. Otherwise, when
4948 'httpd_accel_port' is set to "0" we use the port number
4949 of the local end of the client socket.
4950 - Fixed a typo in carp.c (Nikolaj Yourgandjiev).
4951 - Made Squid accept GET requests that have a "content-length:
4952 0" header.
4953 - Added a sanity check on the NHttpSockets[] array index
4954 (Gregg Kellogg).
4955 - Added a friendlier message when Squid can't find any DNS
4956 nameserver addresses to use (Daniel Kiracofe).
4957 - Added nonstandard WEBDAV methods: BMOVE, BDELETE, BPROPFIND
4958 (Craig Whitmore).
4959 - Added missing '%c' token replacement in error page
4960 generation.
4961 - Fixed a bug with 'minimum_object_size' that prevented
4962 internal icons from being loaded.
4963 - Fixed "extra semicolon" bug in storeExpiredReferenceAge()
4964 that could prevent any objects from being replaced.
4965 - Make sure that storeDirDiskFull() doesn't actually
4966 *increase* the cache size.
4967 - Changed a storeSwapMetaUnpack() assertion to a recoverable
4968 error condition.
4969 - Removed "wccpHereIam" event check that could cause Squid
4970 to stop sending HERE_I_AM messages.
4971
d20b1cd0 4972Changes to Squid-2.3.STABLE3 (May 15, 2000):
4973
4974 - Fixed malloc linking problems on Solaris. The configure
4975 script incorrectly set options for dlmalloc.
4976 - Added a configure check to remove compiler optimization
4977 for GCC 2.95.x.
4978 - Updated MSNT authenticator module.
4979 - Updated Estonian error pages.
4980 - Updated Japanese error pages.
4981 - Fixed expires bug in httpReplyHdrCacheInit. It was
4982 incorrectly setting expires based on max-age. It was using
4983 the current time as a basis, instead of the response date.
4984 - Fixed "USE_DNSSERVER" typos.
4985 - Added a workaround for getpwnam() problems on Solaris.
4986 getpwnam() could fail if there are fewer than 256 FDs
4987 available. This causes root to own some disk files.
4988 - Added an 'offline_toggle' option via the cache manager.
4989 - Added a 'minimum_object_size' option. Files smaller than
4990 this size are not stored.
4991 - Added 'passive_ftp' option to disable passive FTP transfers.
4992 - Added 'wccp_version' option because some Cisco IOS versions
4993 require WCCP version 3.
4994 - The 'client' program in ping mode (-g) now prints transfer
4995 throughput.
4996 - Fixed logging of proxy auth username for redirected
4997 requests.
4998 - Fixed bogus Age values for IMS requests.
4999 - Fixed persistent connection timeout for client-side
5000 connections. It was hard-coded to 15 seconds, now uses
5001 the 'pconn_timeout' value.
5002 - Fixed up httpAcceptDefer. It wasn't being used properly
5003 and caused high CPU usage when Squid gets close to the FD
5004 limit.
5005 - Numerous delay_pools fixes and checks.
5006 - Fixed SNMP coredumps from running snmpwalk.
5007 - Added a check for errno == EPIPE in icmp.c when pinger uses
5008 a Unix socket instead of a UDP socket.
5009 - Fixed ACL checklist memory initialization bugs.
5010 - Cleaned up the MIB file. Replaced contact information and
5011 checked description fields.
5012 - Removed LRU reference_age hard-coded upper limit.
5013 - Fixed async I/O FD leak.
5014 - Made getMyHostname() more robust.
5015 - Fixed domain list matching bug. "x-foo.com" wasn't properly
5016 compared to ".foo.com" and confused splay tree ordering.
5017 - Added a check for whitespace in hostnames and optionally
5018 strip whitespace if 'uri_whitespace' setting allows.
5019 - Added status code and checking to ASN/whois queries.
5020
5021Changes to Squid-2.3.STABLE2 (Mar 2, 2000):
5022
5023 - Changed Copyright text.
5024 - Changed configure so that some IRIX-6.4 hacks apply to
5025 all IRIX-6.* versions.
5026 - Cleaned up HTML bugs in error pages.
5027 - Told configure to check for netinet/if_ether.h, which
5028 is used in ARP ACL code, but might not be required.
5029 - Added "Cookie" to known HTTP headers so it can be
5030 used in anonymizer configuration.
5031 - Added optional TCP_REDIRECT log code for logging
5032 of 301/302 responses returned by Squid.
5033 - Added a check for a currently running Squid process.
5034 If the pid file exists, and the pid is running,
5035 Squid complains and refuses to start another instance.
5036 - Changed async I/O scope to PTHREAD_SCOPE_PROCESS for
5037 IRIX.
5038 - Fixed a bug with the PURGE method. The purge enable
5039 flag was not getting cleared during reconfigure.
5040 Also required PURGE method to be used in http_access
5041 list before enabling.
5042 - Fixed async I/O assertions for file open errors.
5043 - Fixed internal DNS assertion when unpacking truncated
5044 messages.
5045 - Fixed anonymize_headers bug that caused all headers
5046 to be allowed after a reconfigure.
5047 - Fixed an access denied bug for accelerator-only installations.
5048 - Fixed internal DNS initialization so that it uses
5049 'dns_nameservers' settings in squid.conf if set.
5050 - Fixed 'maxconn' ACL bug that caused it to work backwards
5051 (Pedro Ribeiro).
5052 - Fixed syslog bug for daemon mode on Linux.
5053 - Fixed 'http_port' parsing bugs.
5054 - Fixed internal DNS byte ordering bugs for PTR queries.
5055 - Fixed internal DNS queue getting stuck during periods
5056 of low activity (Henrik).
5057 - Fixed byte ordering bugs for parsing EPLF FTP listings
5058 on 64-bit systems.
5059 - Fixed 'request_body_max_size' bug that caused all
5060 POST, PUT requests to be denied if max size is set
5061 to zero.
5062 - Fixed 'redirector_access' bug when using 'myport' ACLs.
5063 - Fixed CARP neighbor selection bugs for down peers.
5064 - Added 'client_persistent_connections' and
5065 'server_persistent_connections' flags to disable persistent
5066 connections for clients and servers.
5067 - Fixed access logging bug that caused many requests to be
5068 logged as TCP_MISS.
5069 - Added some bounds checking to delay pools code.
5070
ad445e36 5071Changes to Squid-2.3.STABLE1 (Jan 9, 2000):
5072
5073 - Updated PAM authentication module from Henrik Nordstrom.
5074 - Updated Bulgarian error messages from Svetlin Simeonov.
5075 - Changed ACL routines so that User-Agent (browser) string
5076 is always taken from compiled HTTP request headers
5077 instead of passed as an argument to aclCreateChecklist.
5078 - Added a 'strip' option to the 'uri_whitesace' configuration
5079 directive and made it the default behavior. Whitespace
5080 found in URI's is now stripped out by default.
5081 - Added chroot feature. The 'chroot_dir' config option enables
5082 it and specifies the directory.
5083 - Changed clientBuildReplyHeader so that the Age header is
5084 added only for cache hits, and only when we can calculate
5085 a valid, positive age value.
5086 - Changed clientWriteComplete and clientGotNotEnough so
5087 that they keep persistent connections open for more types
5088 of replies that don't have bodies.
5089 - Changed filemap.c routines to dynamically grow filemap
5090 space as needed.
5091 - Added a hack to ftp.c to deal with ftp.netscape.com, which
5092 sometimes doesn't acknowledge PASV commands.
5093 - Fixed FTP bug with ftpScheduleReadControlReply; there
5094 was not always a timeout handler on the control socket
5095 after the transfer completed.
5096 - Fixed FTP filedescriptor leak from invalid PASV replies.
5097 - Changed httpBuildRequestHeader so that it doesn't
5098 copy the Host header from the client request. Instead
5099 we should generate our own Host header which is known
5100 to be correct.
5101 - Changed storeTimestampsSet to adjust entry->timestamp
5102 if the response includes an Age header.
5103 - Removed size limit from storeKeyHashBuckets.
5104 - Changed fwdConnectStart from a "heavy" to a "light" event.
5105 - Fixed an 'anonymize_headers' bug that affects unknown
5106 HTTP headers. With the bug, if you list a header that
5107 Squid doesn't know about (such as "Charset"), it would
5108 add HDR_OTHER to the allow/deny mask. This caused all
5109 unknown headers to be allowed or denied (depending on
5110 the scheme you use). Now, with the bug fixed, an unknown
5111 header in the 'anonymize_headers' list is simply ignored.
5112
7e3ce7b9 5113Changes to Squid-2.3.DEVEL3 ():
5114
ad445e36 5115 - Added MSNT auth module from Antonino Iannella.
7e3ce7b9 5116 - Added --enable-underscores configure option. This allows
5117 Squid to accept hostnames with underscores in them. Your
5118 DNS resolver may still complain about them, however.
5119 - Added --heap-replacement configure option. This enables
5120 the alternative cache replacement policies, such as
5121 GDSF, and LFUDA.
3ff01c3e 5122 - WCCP establishes and registers with the router faster.
7e3ce7b9 5123 - Added 'maxconn' acl type to limit the number of established
5124 connections from a single client IP address. Submitted
5125 by Vadim Kolontsov.
5126 - Close FTP data socket as soon as transfer completes
5127 (Alexander V. Lukyanov).
5128 - Fixed ftpReadPass() to not clobber ctrl.message when
5129 the PASS command fails.
5130 - Added a redirect.c patch so squidGuard is able to do
5131 per-user access control (Antony T Curtis).
5132 - discard the pumpMethod() function, and instead use the
5133 fact that the request has a request entity (content-length
5134 present) (Henrik).
5135 - Reload the MIME icons at reconfigure time (Radu Greab).
5136 - Updated Richard Huveneers' SMB authentication module to
5137 his version 0.05 package.
5138 - Fixed lib/heap.c::heap_delete() bug when deleting the
5139 last node.
5140 - Fixed an integer conversion bug in
5141 lib/rfc1035.c::rfc1035AnswersUnpack().
5142 - Fixed lib/rfc1738 routines to encode reserved characters,
5143 in addition to encoding the unsafe characters (Henrik).
5144 - Changed the interface for splay compare and "walk"
5145 functions to take a void pointer, instead of a splayNode
5146 pointer (Henrik).
5147 - Changed numerous HTTP parsing routines to use ssize_t
5148 instead of size_t. This was done because size_t may be
5149 signed or unsigned. When it is unsigned, gcc emits
5150 numerous "comparison is always true" warnings. At least
5151 we know ssize_t is always signed.
5152 - Fixed src/HttpHeaderTools::httpHeaderHasConnDir() and
5153 friends so that it properly handles multi-value lists.
5154 - Added an "end" (ssize_t) parameter to
5155 src/HttpReply::httpReplyParse() so that we know exactly
5156 where to terminate the header buffer.
5157 - Changed src/access_log.c::log_quote() so that it only
5158 encodes whitespace characters, and not all URL-special
5159 characters (Henrik).
5160 - Added local port ACL type ("myport") (Henrik).
5161 - Added maximum number of connections per client ("maxconn")
5162 as an ACL type.
5163 - Fixed proxy authentication username/password parsing to
5164 be more robust (Henrik).
5165 - Fixed ACL domain/host and domain/domain comparison
5166 functions yet again. Eliminated duplicate code so that
5167 only src/url.c::matchDomainName() contains this mysterious
5168 code.
5169 - Changed the 'http_port' option to accept an IP address
5170 or hostname as well (Henrik).
5171 - Removed 'tcp_incoming_addr' option.
5172 - Added an access control list for the redirector
5173 ('redirector_access'). Requests which match are sent to
5174 the redirector. All requests. are redirected by default.
5175 - Added the 'authenticate_ip_ttl' option. It specifies
5176 how long a valid proxy authentication credential is
5177 bound to a specific address.
5178 - Added 280, 488, 591, and 777 to "Safe_ports" ACL.
5179 - Removed the unused and highly questionable 'forward_snmpd_port'
5180 option.
5181 - Added an option to accept DNS messages from unknown nameservers.
5182 This may be necessary if replies come from a different address
5183 than queries are sent to.
5184 - Added #includes for IP Filter files in netinet directory.
5185 - Fixed a bug with retrying forwarded IMS requests (Henrik).
5186 - Fixed a bug in src/client_side.c::clientInterpretRequestHeaders()
5187 where we were checking a cache-control bit before getting the
5188 mask from the HTTP headers (pallo@initio.no).
5189 - Fixed a bug with "no_cache" access list. If not defined,
5190 everything was uncachable by default.
5191 - Fixed a bug with timed-out client-side HTTP connections.
5192 We didn't cancel the read handler, which could lead to
5193 "rwstate != NULL" warnings.
5194 - Changed comm_open() to only call fdAdjustReserved() for
5195 specific errors (ENFILE, EMFILE);
5196 - Fixed NULL pointer bug in idnsParseResolvConf().
5197 - Split CACHE_DIGEST_HIT into CD_PARENT_HIT and CD_SIBLING_HIT.
5198 - Added DELETE request method.
5199 - Added RFC 2518 HTTP status codes.
5200 - Fixed handling of URL passwords when we need to rewrite a
5201 BASE HREF URL (Henrik).
5202 - Fixed a bug with FTP requests where a request gets aborted,
5203 but we try to complete it anyway. It would result in a
5204 "store_status != STORE_PENDING" assertion. The solution
5205 is to check for ENTRY_ABORTED before reading from
5206 the control channel too.
5207 - Changed FTP to retry a request if Squid fails to establish
5208 a PASV data connection (Henrik).
5209 - Fixed numerous HTCP memory leaks and an uninitialized memory
5210 bug.
5211 - Changed httpMaybeRemovePublic() with RFC 2518 and 2616 in
5212 mind (Henrik).
5213 - Minor fixes for Rhapsody systems.
5214 - Define _XOPEN_SOURCE_EXTENDED in squid.h so that AIX systems
5215 don't include varargs.h.
5216 - Changed src/store_client.c::storeClientType() so that
5217 an entry can have more than one STORE_MEM_CLIENT.
5218 - Changed src/store_client.c::storeClientReadHeader()
5219 to check swapfile metadata (Henrik).
5220 - Changed src/url.c::urlCheckRequest() to return FALSE for
5221 any "https://" URL. These should always be CONNECT
5222 instead. If Squid gets an "https://" URL, it is a browser
5223 bug.
5224 - Added numerous squid.conf options for controlling cache
5225 digests. Previously these were hard-coded in
5226 src/store_digest.c. (Martin Hamilton)
5227 - Added 'cache_peer' option called 'digest-url' that
5228 lets you specify the URL for a peer's digest.
5229 (Martin Hamilton)
5230 - Added DELAY_POOLS hacks to scan "slow" connections in
5231 a random order (David Luyer).
5232 - ARP_ACL fixes from Damien Miller. Linux 2.2.x uses a
5233 per-interface arp/neighbour cache, whereas 2.0.x uses a
5234 unified cache. Under 2.2.x you are required to specify
5235 a interface name when looking up ARP table entries with
5236 SIOCGARP.
5237 - If the process umask is not set (i.e. 0), then Squid
5238 changes it to 007.
5239
9bc73deb 5240Changes to Squid-2.3.DEVEL2 ():
5241
5242 - Added --enable-truncate configure option.
5243 - Updated Czech error messages ()
5244 - Updated French error messages ()
5245 - Updated Spanish error messages ()
5246 - Added xrename() function for better debugging.
5247 - Disallow empty ("") password in aclDecodeProxyAuth()
5248 (BoB Miorelli).
5249 - Fixed ACL SPLAY subdomain detection (again).
5250 - Increased default 'request_body_max_size' from 100KB
5251 to 1MB in cf.data.pre.
5252 - Added 'content_length' member to request_t structure
5253 so we don't have to use httpHdrGetInt() so often.
5254 - Fixed repeatedly calling memDataInit() for every reconfigure.
5255 - Cleaned up the case when fwdDispatch() cannot forward a
5256 request. Error messages used to report "[no URL]".
5257 - Added a check to return specific error messages for a
5258 "store_digest" request when the digest entry doesn't exist
5259 and we reach internalStart().
5260 - Changed the interface of storeSwapInStart() to avoid a bug
5261 where we closed "sc->swapin_sio" but couldn't set the
5262 pointer to NULL.
5263 - Changed storeDirClean() so that the rate it gets called
5264 depends on the number of objects deleted.
5265 - Some WCCP fixes.
5266 - Added 'hostname_aliases' option to detect internal requests
5267 (cache digests) when a cache has more than one hostname
5268 in use.
5269 - Async I/O NUMTHREADS now configurable with --enable-async-io=N
5270 (Henrik Nordstrom).
5271 - Added queue length to async I/O cachemgr stats (Henrik Nordstrom).
5272 - Added OPTIONS request method.
9bc73deb 5273
eb824054 5274Changes to Squid-2.3.DEVEL1 ():
5275
5276 - Added WCCP support. This adds the 'wccp_router' squid.conf
5277 option.
5278 - Added internal DNS queries; Most installations can run
5279 without the external dnsserver processes.
5280 - Rewrote much of the code that stores cache objects on
5281 disk. Developed a programming interface that should
5282 allow new storage systems to be added easily. This still
5283 is pretty ugly and needs a lot of work, however.
5284 - Replaced async_io.c "tags" with callback data locks.
5285 This probably breaks async IO in a bad way.
5286 - Tried to write an Async IO disk storage module.
5287 - Added code to replace the StoreEntry linked list with a
5288 heap structure. This allows for different replacement
5289 algorithms, instead of being stuck with LRU. This adds
5290 the 'replacement_policy' squid.conf option. (John Dilley
5291 et al).
5292 - Fixed HTCP queries by actually checking for freshness
5293 based on the HTCP header fields.
5294 - Fixed passing of redirector command line arguments.
5295 - Added 'request_header_max_size' squid.conf option.
5296 - Added 'request_body_max_size' squid.conf option.
5297 - Added 'reply_body_max_size' squid.conf option.
5298 - Added 'peer_connect_timeout' squid.conf option.
5299 - Added 'redirector_bypass' squid.conf option.
5300 - Added RFC 2518 (WEBDAV) request methods.
d20b1cd0 5301
6b8e7481 5302Changes to Squid-2.2 (April 19, 1999):
b93549f6 5303
98b093e7 5304 - Removed all SNMP specific ACL code
5305 SNMP now uses generic squid ACL's
5306 - Removed view-based access crontrol
00b7a8b6 5307 - Cleaned up and simplified SNMP section of squid.conf
98b093e7 5308 - Changed the SNMP code to use a tree stucture.
3ff01c3e 5309 - Added objects to MIB:
00b7a8b6 5310 Request Hit Ratio's
5311 Byte Hit Ratio's
5312 Number of Clients
61d53e64 5313 - Changed SNMP Agent to return object instances correctly.
b93549f6 5314 - Added our own assert() macro so we can use debug() instead of
5315 printing to stderr.
5316 - Added eventFreeMemory().
5317 - Fixed ipcCreate() bug when debug_log has FD <= 2.
5318 - Changed watchChild() and related code in main.c so that
5319 Squid can behave more like a proper daemon process.
5320 - Added 'prefer_direct' option (enabled by default) so that
5321 people can give parents higher preference than direct.
6703526b 5322 - Fixed ipc.c close() bug for async IO. On FreeBSD,
5323 comm_close() doesn't work for child processes when async IO is
5324 used.
5325 - Fixed setting the public key for large ``icons'' (Henrik
5326 Nordstrom).
68f87dc5 5327 - Rewrote peer digest module to fix memory leaks on reconfigure
5328 and clean the code. Increased "current" digest version to 5
6474667e 5329 ("required" version is still 3). Revised "Peer Select" cache
5330 manager stats.
68f87dc5 5331 - Added "-k parse" command line option: parses the config file
5332 but does not send a signal unlike other -k options.
1743c283 5333 - Revamped storeAbort() calling. Only store_client.c has all
5334 the right information to determine if the request should
5335 be aborted. Now client and server modules just storeUnregister
d81e3f33 5336 without ever needing to call storeAbort.
96aeb95d 5337 - Small change of Squid output for FTP (Andrew Filonov,
5338 Henrik Nordstrom).
5339 - clientGetsOldEntry() sends old entry if new request status
5340 is in the 500-range (Henrik Nordstrom).
5341 - Changed configure so it works with IRIX6.4 C compiler (broken?)
5342 option -OPT:fast_io=ON.
5343 - Fixed comm_connect_addr() non-blocking connections for
5344 SONY NEWSOS (Makoto MATSUSHITA).
5345 - Changed "#ifdef __STDC__" to "#if STDC_HEADERS" as recommended
5346 by autoconf documentation.
5347 - Fixed client-side cache-control max-age (Henrik Nordstrom).
5348 - Added a new error page: ERR_SHUTTING_DOWN. fwdStart() returns
5349 this error if it is called while squid is in the process of
5350 shutting down.
5351 - Added support for linuxthreads package under FreeBSD (Tony Finch).
5352 - Fixed HP-UX StatHist.c assertions by making the "hbase_f"
5353 functions non-static (Michael Pelletier).
5354 - Fixed logging of authenticated usernames even if the
5355 authorization is not cached (Dancer).
5356 - Fixed pconnPush() bug that prevented holding on to
5357 persistent connections (Manfred Bathelt).
2328711e 5358 - Pid file now rewritten on SIGHUP.
b4019ff7 5359 - Numerous Ident changes:
5360 - Ident lookups will now be done on demand if you use the
5361 'ident' ACL type.
5362 - The 'ident_lookup on|off' option has been replaced with
5363 an access list, so you can do lookups only for some
5364 client addresses.
5365 - Added an 'ident_timeout' option to specifiy the amount
5366 of time to wait for an ident lookup.
5367 - Added a (local) hit rate to mempool metering.
5368 - FTP Restarts (REST command) is now supported.
5369 - Check for libintl.a on SCO3.2.
5370 - Disable poll() on SCO3.2.
5371 - Numerous Async IO enhancements from Henrik.
5372 - Removed cache_mem_low and cache_mem_high options (Henrik
5373 Nordstrom).
5374 - Replaced 'persistent_client_posts' with 'broken_posts' access
5375 list.
97474590 5376 - Rewrote the anonymizer.
5377 - Removed the http_anonymizer option.
548b801c 5378 - Added the anonymize_headers option to allow individual
5379 referencing of headers for addition or removal. See
5380 'anonymize_headers' in squid.conf for additional
5381 configuration.
b3abf16c 5382 - Fixed config file parser's handing of optional directives.
5383 Some people might get new warnings about unknown config
5384 directives.
548b801c 5385 - Added 'myip' ACL type. This is the local IP address for
5386 connected sockets (Luyer).
5387 - Fixed parsing of FTP DOS directory listings with spaces
5388 (Nordstrom).
dd0b0295 5389 - Numerous DELAY_POOL changes/fixes from David Luyer:
5390 - Makes no-delay neighbors for DELAY_POOLS work by
5391 using a fd_set with the connections to no-delay
5392 peers marked in it.
5393 - Makes IP addresses ending in 0 and 255, and
5394 network number 255, work with individual and
5395 network delay pools (they were previously not
5396 permitted, and documented as such).
5397 - Massive overhaul of delay pools code - dynamically
5398 allocated delay pools, as many as required.
5399 - delayPoolsUpdate stops running if DELAY_POOLS is
5400 configured but no delay pools are configured.
5401 - Initial delay pool levels are now configurable
5402 as a percentage of the maximum for the pool in
5403 question (used to be all set to 1 second worth
5404 of traffic). Pools are restored to this level
5405 on reconfiguratoin.
242188c9 5406 - Changed storeClientCopy to give a swap-in failure if
5407 the number of open disk FD's is above the 'max_open_disk_fds'
5408 limit. Otherwise, a very loaded cache will end up with
5409 all disk files open for reading, and none for writing.
b6a2f15e 5410 - Added lib/inet_ntoa.c from BSD Unix for systems that have
5411 broken inet_ntoa(). (Erik Hofman).
5412 - Added more specific FTP error messages for "permission
5413 denied, "file not found," and "service unavailable."
5414 (Tony Finch)
5415 - Added xisspace(), xisdigit(), etc, macros to cast function
5416 args and eliminate compiler warnings.
5417 - Fixed case-sensitive comparisons of domain names (Henrik
5418 Nordstrom).
5419 - Added proxy-authentication to cachemgr.cgi's requests
5420 (Henrik Nordstrom).
5421 - Changed Squid to *truncate* rather than *unlink* purged
5422 swap files. Can be reversed by undefining
5423 USE_TRUNCATE_NOT_UNLINK in src/defines.h.
5424 - Changed internal icon headers to use Cache-control
5425 Max-age instead of Expires.
5426 - Changed storeMaintainSwapSpace behavior to be adjusted
5427 smoothly, instead of discretely, between store_swap_low
5428 and store_swap_high. This includes the number of
5429 objects to scan, number to remove, and time until the
5430 next storeMaintainSwapSpace event.
5431 - Fixed a quick_abort bug that incorrectly calculated
5432 content lengths.
5433 - Added getpwnam() auth module from Erik Hofman.
5434 - Added 'coredump_dir' option.
5435 - Fixed a peerDestroy() assertion that required peer->digest
5436 to be NULL at the end of peerDestroy().
5437 - configure script now automatically enables dlmalloc for
5438 Solaris/x86.
5439 - configure enables poll() on linux 2.2 and later (Henrik).
5440 - Icon files are now distributed in binary format, install
5441 will not need to run 'sh' and 'uudecode'.
5442 - Fixed some bugs with large responses (>READ_AHEAD_GAP) and
5443 re-forwarding requests and ENTRY_FWD_HDR_WAIT.
5444 fwdCheckDeferRead() will NOT defer reading if the
5445 ENTRY_FWD_HDR_WAIT bit is set.
5446 - Fixed a "F->flags.open" assertion for aborted FTP PUT's.
5447 - Fixed a (double) cast problem that caused statAvgTick()
5448 events to be added as fast as possible.
6b8e7481 5449 - Changed httpPacked304Reply() to not include the Content-Length
5450 header for 304 replies that Squid generates. We used to
5451 include the length of the cached object, and this broke
5452 persistent connections.
5453
5454 2.2.STABLE2:
5455
5456 - Fixed configure bug for statvfs() checks. Configure reports
5457 "test: =: unary operator expected" or similar because an
5458 unquoted variable is not defined.
5459 - Fixed aclDestroyAcls() assertion because some ACL types
5460 are not listed in the switch statement. Occurs for
5461 srcdom_regex and dstdom_regex ACL types during reconfigure.
5462 - Typo "applicatoin" in src/mime.conf
5463 - The unlinkd daemon never saw the USE_TRUNCATE_NOT_UNLINK
5464 #define because it didn't include squid.h.
5465 - Fixed commRetryFD() when bind() fails. commRetryFD was
5466 closing the filedescriptor, but it is the upper layer's
5467 job to close it.
5468 - Changed configure's "maximum number of filedescriptors"
5469 detection to only use getrlimit() for Linux. On AIX,
5470 getrlimit returns RLIM_INFINITY.
5471 - Fixed snmpInit() nesting bug.
5472 - Fixed a bug with peerGetSomeParent(). It was adding
5473 a parent to the FwdServers list, regardless of the
5474 ps->direct value. This could cause every request to
5475 go to a parent even when always_direct is used.
5476 - Changed fwdServerClosed() to rotate the "forward servers"
5477 list when a connection establishment fails. Otherwise
5478 it always kept trying to connect to the first server
5479 int the list.
b93549f6 5480
2be4e260 5481 2.2.STABLE3:
5482
5483 - Fixed preprocessor problems for HP-UX in lib/safe_inet_addr.c.
5484 - Avoid coredump in aclMatchAcl() if someone tries to use
5485 proxy authentication with a non-HTTP request (e.g. icp_access).
5486 - Moved 'ident_lookup_access' in squid.conf so it appears
5487 after the ACL section.
5488 - Fixed typo in squid.conf on "Config.Addrs.snmp_outgoing"
5489 - Fixed a case in clientCacheHit() where we thought it
5490 was a hit, but the reply status was not 200, so we
5491 had to perform a cache miss. We forgot to change the
5492 log_type and these were being recorded as TCP_HIT's.
5493 - Fixed a void pointer subtraction bug in delayIdPtrHashCmp().
5494 - Fixed delay_pools coredump and memory leak bugs from
5495 NULL delay_id values.
5496 - Fixed a SEGV bug with delay_pools when requesting
5497 'objects' or 'vm_objects' from the cachemgr.
5498 - Added a workaround for buggy FTP servers that return
5499 a size of zero for non-zero-sized objects.
5500 - Removed umask(0) call from main().
5501 - Fixed a peer selection bug that caused us to never select
5502 a neighbor based on ICP replies if the ICP timeout occurs.
5503 In conjunction with this, removed the PING_TIMEOUT state.
5504 - Fixed a store_rebuild bug that caused us to get stuck trying
5505 if a cache_dir subdirectory didn't exist.
5506 - Fixed a buffer overrun bug in gb_to_str().
5507
9bc73deb 5508 2.2.STABLE4:
5509
5510 - Fixed a dread_ctrl leak caused in store_client.c
5511 - Fixed a memory leak in eventRun().
5512 - Fixed a memory leak of ErrorState structures due to
5513 a bug in forward.c.
5514 - Fixed detection of subdomain collisions for SPLAY trees.
5515 - Fixed logging of hierarchy codes for SSL requests (Henrik
5516 Nordstrom).
5517 - Added some descriptions to mib.txt.
5518 - Fixed a bug with non-hierarchical requests (e.g. POST)
5519 and cache digests. We used to look up non-hierarchical
5520 requests in peer digests. A false hit may cause Squid
5521 to forward a request to a sibling. In combination with
5522 'Cache-control: only-if-cached, this generates 504 Gateway
5523 Timeout responses and the request may not be re-forwardable.
5524 - Fixed a filedescriptor leak for some aborted requests.
5525
5526
4d62b0af 5527Changes to Squid-2.1 (November 16, 1998):
8f897f34 5528
5529 - Changed delayPoolsUpdate() to be called as an event.
5530 - Replaced comm_select FD scanning loops with global fd_set
5531 structures. Inspired by Jeff Mogul's patch for squid 1.1.
9e1559ea 5532 - Moved functions common to dns.c, redirect.c, authenticate.c,
5533 ipcache.c, and fqdncache.c into helper.c.
0753aa46 5534 - Changed storeClientCopy2() so that it keeps sending the remainder
5535 of a STORE_ABORTED request, instead of cutting off the client as
5536 soon as the object becomes aborted.
f0538986 5537 - Fixed combined ipf-transparent proxy and a local http-accelerator
5538 operation (Quinton Dolan).
5539 - Rewrote base64_decode.c because of potential buffer overrun
5540 bugs.
912432d8 5541 - Configurable handling of whitespace in request URI's.
5542 See 'uri_whitespace' in squid.conf.
e33ec474 5543 - Added ability to generate HTTP redirect messages from
5544 the redirector output by prepending "301:" or "302:" to the
5545 new url. See FAQ 4.16 for more details.
829a9357 5546 - Eliminated refreshWhen() which was out-of-sync with refreshCheck()
5547 potentially causing under-utilized cache digests
5548 - Maintain refreshCheck statistics on per-protocol basis so we
5549 can tell why ICP or Digests return too many misses, etc.
c68e9c6b 5550 - Fixed delay_pools.c class2/class3 typo (Simon Woods).
5551 - Changed squid.conf's default access controls to deny all
5552 HTTP requests. Admins must write ACL rules to specifically
5553 allow their local clients.
5554 - Patched French error messages (Mathias HERBERTS).
5555 - NextStep porting fixes by Mike Laster:
5556 - use xstrdup() in cf_gen.c
5557 - check for putenv() in configure
5558 - #define S_ISDIR macro
5559 - Added --disable-poll configure option (Henrik Nordstrom).
5560 - Fixed internal URL hostname case bugs (Henrik Nordstrom).
5561 - Patched ftp.c so we never cache autenticated FTP requests
5562 (Henrik Nordstrom).
5563 - Fixed FTP authentication. We tried to unescape authentication
5564 given by basic authentication which is not URL escaped
5565 (Henrik Nordstrom).
5566 - Fixed HTTP version for common logfile format (Henrik Nordstrom).
5567 - Added 'redirect_rewrites_host_header' option to disable rewriting
5568 of Host header for redirector responses (Henrik Nordstrom).
5569 - Allow semi-customized error message signatures (Henrik Nordstrom).
5570 - Fixed bug with errors for unsupported requests (Henrik Nordstrom).
5571 - Fixed handling of blank lines in ACL input files (Henrik
5572 Nordstrom).
5573 - Changed proxy_auth ACL type to consist of a list of valid
5574 users. REQUIRED == any (same as ident ACL). ACL type user
5575 changed to ident since this is what it really is.
5576 (Henrik Nordstrom).
5577 - Fixed long URL bugs; make sure 'log_uri' never exceeds
5578 MAX_URL bytes.
5579 - Allow comments in external ACL files (Gerhard Wiesinger).
5580 - Added 'range_offset_limit' configuration option. Requests
5581 with ranges that start after this value will be passed
5582 on unmodified, and Squid will not cache the response
5583 (Henrik Nordstrom).
5584 - Added Client HTTP Hit byte counters to 'counters' output
5585 (Douglas Swarin).
5586 - Got Squid to compile with --enable-async-io on FreeBSD.
5587 - Fixed infinite loop bug for cachemgr 'config' option.
5588 - Fixed cachability bugs for replies with Pragma: no-cache.
5589 - Made content-type multipart/x-mixed-replace uncachable.
5590 - Y2K fix for parsing dates in "Wed Jun 9 01:29:59 1993 GMT"
5591 format (Richard Kettlewell).
5592 - Fixed passing -s option to dnsserver processes (Alvaro Jose
5593 Fernandez Lago).
5594 - Changed proxy_auth to work on internal objects and when in
5595 accelerator mode. (Henrik Nordstrom)
5596 - Added login=user:password option to cache_peer directive to
5597 be used from a dial-up cache where the parent requires proxy
5598 authentication. (Henrik Nordstrom)
5599 - If you want to "auto-login", then use a URL on the form
5600 http://username:password@server/.... Squid now picks this up
5601 when going direct, and turns it into basic WWW
5602 authentication. It is also possible to do automatic login to
5603 certain servers by using a redirector to add the needed
5604 authentication information. (Henrik Nordstrom)
04f0ba5c 5605 - Changed refreshCheck() so that objects with negative age
5606 are always stale.
4d62b0af 5607 - Fixed "plain" FTP listings (Henrik Nordstrom).
5608 - Fixed showing banner/logon message for top-level FTP
5609 directories (Henrik Nordstrom).
5610 * Changes below have been made to SQUID_2_1_PATCH1
5611 - Fixed pinger packet size assertion.
5612 - Fixed WAIS forwarding.
5613 - Fixed dnsserver coredump bug caused by using both -D and
5614 -s options.
e42d5181 5615 * Changes below have been made to SQUID_2_1_PATCH2
5616 - Fixed EBIT macro bugs when the bitmask is a 64-bit long.
5617 - Fixed proxy auth NULL password bug.
5618 - Fixed queueing of multiple peerRefreshDNS events.
5619 - Added a stack of StoreEntry objects to be released after
5620 store rebuild completes.
5621 - Fixed NULL pointer bugs with too-large requests (found by
5622 Martin Lathoud).
5623 - Fixed reading replies from buggy ident servers. Replies
5624 might not have terminating CR or LF (Henrik Nordstrom).
b4019ff7 5625 - Changed internal StoreEntry key so that the request method
5626 is encoded as a single octet. Encoding an enumerated type
5627 has size and byte-order incompatibilities, especially for
5628 cache digests.
5629 - Fixed storeEntryLocked so that SPECIAL, but PRIVATE entries
5630 are not always locked. This fixes having multiple
5631 store_digest's stuck in memory.
5632 - Fixed clientProcessOnlyIfCachedMiss so it unlocks and
5633 unregisters from "cache hit" entries.
5634 * Changes below have been made to SQUID_2_1_PATCH3
5635 - Fixed memory leak in clientHandleIMSReply for
5636 storeClientCopy failures.
8f897f34 5637
41587298 5638Changes to Squid-2.0 (October 2, 1998):
71d6dc56 5639
4c154d99 5640 - Added NAT/Transparent hijacking code from Quinton Dolan.
5641 - Added actual filesystem usage to cachemgr 'storedir' page.
41587298 5642 Only works for operating systems which support statvfs().
a79d724b 5643 - Fixed HTCP compile-time bugs.
5644 - Fixed quick_abort bugs. Configured values are stored as
5645 Kbytes, not bytes.
41587298 5646 - Removed fwdAbortFetch(). It breaks quick_abort and seems
5647 mostly useless.
0da7d807 5648 - Changed storeDirSelectSwapDir() to skip swap directories
5649 when their utilization is over the high water mark ratio.
9ca005ac 5650 - Fixed off-by-one bug for dead neighbor detection (Joe Ramey).
18cc143b 5651 - fixed bugs in Content-Range header generation
5652 - changed the way Range requests are handled:
71d6dc56 5653 - do not "advertise" our ability to process ranges at
5654 all
5655 - on hits, handle simple ranges and forward complex
5656 ones
5657 - on misses, fetch the whole document for simple ranges
5658 and forward range request for complex ranges
5659 The change is supposed to decrease the number of cases when
5660 clients such as Adobe acrobat reader get confused when we
5661 send a "200" response instead of "206" (because we cannot
5662 handle complex ranges, even for hits) Note: Support for
5663 complex ranges requires storage of partial objects.
41587298 5664 - Removed SNMP mib-2.system group from squid.
6474667e 5665 - Removed SNMP ability to iterate through ipcache and friends.
5666 - Added SNMP ipcache/fqdncache basic statistics.
5667 - Converted SQUID-MIB to SMIv2 (RFC 1902).
5668 - Moved SQUID-MIB to enterprises section of the tree in preparation
5669 of the split into PROXY-MIB & SQUID-MIB.
5670 - Corrected minor errors in SQUID-MIB.
5671 - Moved uptime into cacheSystem from cacheConfig.
5672 - Corrected a number of get-next-request bugs, snmpwalk should now
5673 return all objects and not skip some.
41587298 5674 - Fixed netdbClosestParent() so it won't return sibling
5675 peers.
5676 - Fixed a bug with secondary clients on entries with
5677 ENTRY_BAD_LENGTH set. We should release the
5678 bad entry to prevent secondary clients jumping on.
5679 - Changed MIB to prevent parse warnings at startup.
f0538986 5680 * Changes below have been made to SQUID_2_0_PATCH1
9689d97c 5681 - Fixed a forwarding loop bug. Even though we were detecting
5682 a loop, it was not being broken.
5683 - Try to prevent sibling forwarding loops by NOT forwarding a
5684 request to a sibling if we have a stale copy of the object.
5685 Validation requests should only be sent to parents (or
5686 direct).
5687 - Fixed ncsa_auth hash bugs when re-reading password file.
5688 - Changed clientHierarchical() so that by default SSL/CONNECT
5689 requests do NOT go to neighbor caches.
d87ebd78 5690 - Changed clientHandleIMSReply() to not call storeAbort()
5691 because there can be more than one client hanging on the
5692 StoreEntry. This hopefully fixes "store_status !=
5693 STORE_ABORTED" assertions.
f0538986 5694 - Added temporary fix to httpMakePublic() to prevent assertions
5695 (!EBIT_TEST(e->flags, RELEASE_REQUEST)) in storeSetPublicKey().
5696 * Changes below have been made to SQUID_2_0_PATCH2
5697 - PATCH1 introduced a seriously stupid bug which prevented ICP
5698 queries for all requests. Fixed by checking
5699 request->hierarchical in peerSelectFoo().
18cc143b 5700
4c154d99 5701Changes to squid-1.2.beta25 (September 21, 1998):
5702
4b66bfd3 5703 - Fixed async IO bugs from adding filedescriptor arg to AIOCB
5704 callbacks (Henrik Nordstrom).
5705 - Fixed store_swapout.c assertion. We were freeing object data
5706 past the swapout_done offset. This probably happens (only?)
5707 when an object changes from cachable to uncachable while
5708 it is being swapped out.
a260d877 5709 - Added MEM_CLIENT_SOCK_BUF type so we can change the size
5710 of the buffers used for writing data to the client sockets.
669d90e7 5711 - Added configure check for libbind.a. If found, it will be
5712 used instead of libresolv.a.
5713 - Changed fwdStart() to always allow internally generated
dddd5b55 5714 requests, such as for peer digests. These requests are
5715 known to fwdStart() because the address arg is set to
5716 'no_addr'.
669d90e7 5717 - Completed initial HTCP implementation. It works, but is not
5718 tested much.
2d5c8e74 5719 - Added counters for I/O syscalls.
5720 - Fixed httpMaybeRemovePublic. With broken ICP neighbors
5721 (netapp) Squid doesn't use private keys. This caused us
5722 to remove almost every object from the cache.
5723 - Added 'asndb' cachemgr stats to show AS Number tree.
dddd5b55 5724 - Fixed AS Number byte-order bug for netmasks.
2d5c8e74 5725 - Fixed comm_incoming calling rate for high loads (Stewart
5726 Forster).
426012d2 5727 - Give always_direct higher precedence than never_direct
5728 (Henrik Nordstrom).
dddd5b55 5729 - Changed PORT ACL type to accept ranges. Now you can easily
5730 deny, for example, all priveleged ports except 80, 70, 21,
5731 etc.
5732 - ARP ACL fixes for Linux (David Luyer).
5733 - Replaced various "EBIT" flags bitfileds with structures of
5734 "int:1" members.
5735 - Changed storeKeyPrivate and storeKeyPublic to be a bit more
5736 efficient by removing snprintf(). This causes an
5737 incompatibility with old cache keys, however. To transition,
5738 we will look up both the new and old style keys for about the
5739 next 30 days. After that, if you haven't run this (or a
5740 future) version, your cache contents will be lost.
5741 - Made the client-side write buffer size configurable with
5742 a #define in defines.h. By default it is still 4096 bytes.
5743 - Removed redirectUnregister(). It should be unnecessary
5744 because of cbdata locks.
5745 - Fixed multiple HEAD request brokennesses (Henrik Nordstrom).
5746 - Changed non-blocking connect(2) code to call getsockopt()
5747 instead of connect() again. This is the approach recommended
5748 by Stevens, and fixes bugs on BSD-ish systems when subsequent
5749 connect() calls loop with EAGAIN status.
5750 - Added MD5 cache keys to memory pool accounting.
5751 - Added code to track number of open DISK descriptors and stop
5752 swapping out objects if the number of disk descriptors becomes
5753 too large. For now the limit must be manually configured with
5754 the 'max_open_disk_fds'. By default, there is no limit.
5755 - Stopped encoding a request method in the high byte of the ICP
5756 reqnum field. Instead queried cache keys are copied to a
5757 static array, indexed by the reqnum, modulo the array size.
5758 Now we just use the request number to lookup a cache key,
5759 instead of rebuilding it from the ICP reply URL and method,
5760 unless we have netapp neighbors--they don't do reqnum
5761 properly.
5762 - Fixed reconfigure memory access bugs in redirect.c.
0753aa46 5763 - Ignore unreasonably large ICP RTT values which cause overflow
5764 bugs in calculating the average RTT (thanks Niall!)
4b66bfd3 5765
8e6a43e8 5766Changes to squid-1.2.beta24 (August 21, 1998):
5767
6c4067e5 5768 - Added Bulgarian error pages by Evgeny Gechev.
ceb79b2b 5769 - Changed StoreEntry->lock_count to a u_short.
c7d6216e 5770 - Replaced urlcmp with strcmp
5771 - Fixed pragma no-cache ejecting ENTRY_SPECIAL objects
5772 (Henrik Nordstrom).
5773 - Eliminated unneeded BASE HREF on "root" directories (Henrik
5774 Nordstrom).
5775 - Fixed peerDigestFetchFinish() assertion caused by forwarding
5776 failures (e.g. miss_access rules).
ada249f8 5777 - Changed signal handlers with ASYNC_IO and Linux so that
5778 -k command line options work (Miquel van Smoorenburg).
4616f9ea 5779 - Rewrote shutdown code to use events instead of setting
5780 FD timeouts.
903e21a0 5781 - Fixed cachemgr 'objects' (statObjects()) by adding a check
b6a76fb2 5782 for READ_AHEAD_GAP, and calling storeCheckSwapout() in
5783 storeBufferFlush(). Otherwise, the read-past pages would
5784 never be freed.
681979a2 5785 - Fixed DNSSERVER shutdown bugs. The re-opened dnsserver processes
5786 were being closed by the dnsServerShutdown event.
b6a76fb2 5787 - Modified storeHashInsert() to insert PRIVATE objects at
5788 the tail of the LRU list, and PUBLIC objects at the head.
5789 Thus, PRIVATE objects get kicked out quicker.
95e36d02 5790 - Added David Luyer's DELAY_POOLS code.
54b5b3e5 5791 - Fixed a bug due to HEAD replies which lack the end-of-headers
5792 line.
5793 - Made proxy-auth realm string configurable (Bob Franklin)
5794 - Changed default mime time to a viewable one (Henrik Nordstrom).
5795 - configure fixes for Sony's NEWS-OS 6.x (Makoto MATSUSHITA).
5796 - Fixed 'you are running out of filedescriptors' bug which
5797 could cause the HTTP incoming connection handler to not
5798 be reset.
e23fbf04 5799 - Changed syslog logging. Now squid debug levels 0 and 1 go
d737baa0 5800 to syslog. Level 0 gets LOG_WARNING and level 1 gets LOG_NOTICE
e23fbf04 5801 (this needs more work!)
2cb51fe0 5802 - Fixed memory access errors in statAvgTick().
abc1237e 5803 - Fixed duplicate requestUnlink() bug in forward.c
6c4067e5 5804 - Fixed possible memory access bugs from not setting e->mem_obj
5805 = NULL in destroy_MemObject().
5806 - Deleted TCP_IMS_MISS tag. Always use TCP_IMS_HIT instead.
5807 - Modified headersEnd and httpMsgIsolateHeaders to account
5808 for funky line terminations such as CRCRNL.
5809 (``but Netscape and IE _tolerate_ this'')
5810 - Fixed carp functions (Eric Stern).
5811 - Replaced internal proxy_auth code with extern authentication
5812 module (Arjan de Vet).
5813 - moved hash.c to libmiscutil.a.
e931f99a 5814 - Fixed handling of ICP queries with whitespace in URLs.
5815 Now we return ICP error and escape the URL before logging.
3a15a393 5816 - Added configure check for socklen_t (David Luyer).
5817 - Removed USE_SPLAY #defines; it is now standard.
3a76c002 5818 - Added FD arg to async IO callbacks (AIOCB) so we can eliminate
5819 temporary disk_ctrl_t structures.
5820 - Changed ENOSPC disk write errors to reduce specific cache_dir
5821 sizes, and not just the size of the cache as a whole.
f9cece6e 5822 - Added httpMaybeRemovePublic() to purge public objects for
5823 certain responses even though they are uncachable. This is
5824 needed, for example, when an initially cachable object
5825 later becomes uncachable.
8e6a43e8 5826 - Added refresh_pattern options to ignore client reloads
5827 (Henrik Nordstrom)
5828 - Relocated disk.c code which combines blocks for writing
5829 (Stewart Forster).
c7d6216e 5830
857703c6 5831Changes to squid-1.2.beta23 (June 22, 1998):
5832
cf7f704c 5833 - Added Turkish error pages by Tural KAPTAN.
66bbb757 5834 - Added basic support for Range requests. For most cachable
5835 requests, Squid replies with an "Accept-Ranges" header. Upon
5836 receiving a potentially cachable Range request for a not
5837 cached object, Squid requests the whole object from origin
5838 server and then replies with specified range(s) to the
5839 client. Multi-range requests are supported. Adjacent
5840 overlapping ranges are merged. If-Range requests are
5841 supported. Limitations: Multi-range requests with out of
5842 order ranges are not supported.
5843 - Made md5.c use standard memcpy and memset if they are
5844 avaliable.
5845 - Memory pools will now shrink if Squid is run-time
5846 reconfigured with smaller value of memory_pools_limit tag.
5847 - Added counter for number of clients (Tomi Hakala).
5848 - Changed neighbor UP/DOWN algorithm to require 10 failed TCP
5849 connections for UP->DOWN transition.
5850 - Added 'unique_hostname' configuration option when its
5851 necessary to have multiple machines with the same visible
5852 hostname.
222917b2 5853 - Fixed pumpReadFromClient() to not read too many bytes on
5854 persistent connections.
53856ebd 5855 - We can now cache HTTP replies with Set-Cookie. These evil
5856 headers are now filtered out for cache hits on the client
5857 side.
222917b2 5858 - Fixed SNMP bugs caused by using snmpwalk.
9089cc70 5859 - Fixed snmp system Group; all objects are now returned.
5860 - Fixed snmp system Group sysDescr and sysContact.
78dfab2a 5861 - Fixed snmp system Group sysObjectID it now returns a OBJECT
5862 IDENTIFIER.
7fce9c3e 5863 - Allocate FwdState from mem pools.
5864 - Minor HTCP progress.
222917b2 5865 - Moved 'miss_access' ACL check from client_side.c to forward.c
ed169eab 5866 - Fixed logging of usernames for requests which require
5867 proxy-authentication.
cf7f704c 5868 - Fixed HTTP request parser to accept lowercase HTTP identifier
5869 (Oskar Pearson).
5870 - Fixed FTP listings to always include links to the parent
5871 directory (Henrik Nordstrom).
5872 - Fixed FTP to show an "empty" listing instead of showing
5873 a "document contains no data" error (Henrik Nordstrom).
5874 - Fixed refreshCheck() bug. Often it was checking the
5875 refresh patterns against the string "[null_mem_obj]"
5876 because we moved URLs to MemObject.
5877 - Added CARP support by Eric Stern.
48382032 5878 - Fixed select-spin bug when an ICP reply actually gets queued
5879 and we failed to execute the write callback.
354b5fe1 5880 - Fixed a storeCheckSwapOut bug. We were freeing up to
5881 the queued offset instead of the done offset. This
5882 resulted in a small chunk of object data not being in
5883 memory and not yet written to disk. A client could
5884 recieve a partial object because file_read() unexpectedly
5885 returns EOF.
0aa791f8 5886 - Fixed proxy-authentication hangs (Henrik Nordstrom).
c2354a6b 5887 - Fixed request_t->flags bug causing authenticated, proxied
5888 responses to be cached (Arjan de Vet).
e0e32f36 5889 - Fixed MIME types for .tgz extension (Henrik Nordstrom).
5890 - Added view and download options to FTP listings (Henrik
5891 Nordstrom).
5892 - Modified configure to allow using pre-installed libdlmalloc.a
5893 (Masashi Fujita).
e8d8856c 5894 - Fixed cachemgr 'objects' implementation.
fecf98dc 5895 - Changed refreshCheck() algorithm. For cached objects, we
5896 now check, in the following order:
5897 * request max-age
5898 * response Expires (if present)
5899 * refresh_pattern max-age
5900 * response Last-Modified compared to refresh_pattern
5901 LM-factor (only if Last-Modified is present)
5902 * refresh_pattern min-age
5903 - Changed Copyrights.
d192d11f 5904
ee3a78d4 5905Changes to squid-1.2.beta22 (June 1, 1998):
5906
2246b732 5907 - do not cut off "; parameter" from "digitized" Content-Type
5908 http fields
5909 - Added X-Request-URI for persistent connection debugging
5910 (Henrik Nordstrom)
f4d83f6d 5911 - Added Polish error pages from Maciej Kozinski.
145f10f1 5912 - Fixed hash_first/hash_next bugs with **Current pointer.
5913 Replaced with *next pointer.
f4d83f6d 5914 - Fixed PUT/POST bugs in client (Henrik Nordstrom).
5915 - Deny forwarding loops in httpd accel mode (Henrik Nordstrom).
5916 - Fixed eventRun "spin" bug when event delta time == 0.
a9cc1935 5917 - Fixed setting Last Modified time on cached entries when
5918 receiving a 304 reply.
06e87923 5919 - Added while loop in httpAccept().
5920 - Added while loop in icpHandleUdp().
5921 - Fixed some small memory leaks.
5922 - Fixed single-bit-int flag checks (Henrik Nordstrom).
137ee196 5923 - Replaced "complex" (offset accounting) calls to snprintf with MemBuf
5924 - Do not send only-if-cached cc directive with requests
6474667e 5925 for peer's digests.
ee3a78d4 5926 - Added "automatic tuning" for incoming request rate, i.e.
5927 how often to check HTTP and ICP sockets. See comm.c
5928 comments for details.
145f10f1 5929
6ee40ea2 5930Changes to squid-1.2.beta21 (May 22, 1998):
5931
434b408f 5932 - Added Italian error pages by Alessio Bragadini.
a3f9588e 5933 - Added Estonian error pages by Toomas Soome.
06066bbc 5934 - Added Russian (koi-r) error pages by Andrew L. Davydov.
7b381d33 5935 - Added Czech error pages by Jakub Nantl.
8e866bb4 5936 - Fixed asnAclInitialize calling to prevent coredump.
5937 - Fixed FTP directory parsing again.
5938 - Made FTP directory listing "Generated" tagline like
5939 the one for error pages.
52f977aa 5940 - Fixed an assertion coredump in statHistCopy from
6474667e 5941 reconfiguring with different #peers in squid.conf
10202788 5942 - Ignore leading whitespace on requests (and replies). RFC
5943 2068 section 4.1, robustness (Henrik Nordstrom)
5944 - Fixed keep_alive bug. We did not always honour reply
5945 headers, but rather assumed connections could be persistent.
5946 - Fixed reading whois output for AS numbers, especially when
5947 they are longer than 4 KB.
5948 - Removed 'cache_stoplist_pattern' configuration option. This
5949 feature is now handled by 'no_cache'.
5950 - If a URN resolves to only one URL, just return it immediately
5951 instead of giving the user a "choice" (Andy Powell).
5952 - Fixed year-2000 bug in lib/iso3307.c (Henrik Nordstrom).
5953 - Changed squid-internal object names.
5954 - Added netdb exchange protocol.
5955 - Fixed wordlistDestroy() uninitialized pointer bug in
5956 ftpParseControlReply.
06066bbc 5957 - Fixed redirector subprocess to show real program name.
5958 - Changed URN menu output to be sorted.
5959 - Added fast select(2) timeouts when using ASYNC_IO.
5960 - Added ARP ACL support for Linux (David Luyer).
6474667e 5961 - Added binary http headers to requests
5962 - request_t objects are now created and destroyed in a consistent way
5963 - Fixed cache control printf bug
5964 - Added a lot of new http header ids
5965 - Improved Connection: header handling; now both Connection and
5966 Proxy-Connection headers are checked for connection directives
5967 - Connection request header is now handled correctly regardless
5968 of its position and the number of entries
2246b732 5969 - Only replies with valid Content-Length can be sent with keep-alive
5970 connection directive (Henrik Nordstrom)
6474667e 5971 - Better handling of persistent connection "clues" in HTTP headers;
2246b732 5972 the decision now depends on HTTP version (and User-Agent exceptions)
6474667e 5973 - Removed handling of "length=" directive in IMS headers;
5974 the directive is not in the HTTP/1.1 standard;
5975 standing by for objections
5976 - allowed/denied headers are now checked using bit masks instead of
5977 strcmp loops
5978 - removed Uri: from allowed headers; Uri is deprecated in RFC 2068
2246b732 5979 - removed processing of Request-Range header (not in specs?)
7b381d33 5980 - Fixed byte-order bugs in cacheDigestHashKey.
5981 - Changed hash_remove_link() to return void.
5982 - Changed ipcache_gethostbyname() to return NULL if
5983 i->addrs.count == 0.
6de5fa88 5984 - Added millisecond-timing to select/poll loops and event
5985 queue.
5986 - Changed 'peerPingTimeout' value to be twice the average
5987 of all the peer ICP RTT's.
5988 - Added 'half_closed_clients' option to force closing of
5989 client connections which might only be half-closed.
5990 - Fixed matchDomainName coredump bug.
5991 - Don't cache HTTP replies with Vary: headers until we
5992 get content negotiation working.
5993 - Fixed SSL proxying to forward full HTTP request headers.
c09459dd 5994 - Changed storeGetMemSpace(). Only purge down to the HIGH
5995 water mark; move locked entries to the head of the inmem
5996 list.
5997 - Changed clientReadRequest() to locally handle any
5998 "squid-internal-static" URL for any host.
52f977aa 5999 - Disable persistent connections for client connections
6000 from broken Netscape User-Agent, version 3.* (Stewart Forster)
434b408f 6001
901b8eaf 6002Changes to squid-1.2.beta20 (April 24, 1998):
6003
fd1bc012 6004 - Improved support for only-if-cached cache control directive.
6005 - Enabled 304 replies for ENTRY_SPECIAL objects (e.g., icons).
a1a62b14 6006 - Fixed 'quick_abort' percent calculation bug.
6007 - Fixed quick_abort FPE bug.
6008 - Changed more errno-checking functions to use ignoreErrno().
6009 - Added ERESTART to ignoreErrno() because of report from
6010 a Solaris system.
6011 - Fixed '#elsif' typo.
6012 - Fixed MemPool assertion by moving memInit() to before
6013 configuration parsing functions.
6014 - Fixed default 'announce_period' value (was 1 day, should
6015 be 0) (Joe Ramey).
6016 - Added configure warning for low filedescriptors and pointer
6017 to FAQ.
b0497a40 6018 - Fixed httpBodySet() bug causing URN related coredumps.
6019 - Changed ipcacheCycleAddr() to always cycle through all all
6020 available addresses, and not just advance when one of
6021 them goes BAD.
6022 - Fixed squid-internal bug for mixed-case hostnames (Henrik
6023 Nordstrom).
4e41d49f 6024 - Fixed ICP counting probelm. icpUdpSend() arg should be
6025 LOG_ICP_QUERY instead of LOG_TAG_NONE.
e4b71f74 6026 - Added some additional fault toleranse on FTP data channels
6027 (Henrik Nordstrom).
6028 - Corrected error reporting on FTP "hacks" (Henrik Nordstrom).
6029 - Added lock/unlock for StoreEntry during storeAbort().
6030 - Added filemap bit usage stats to cachemgr 'storedir' and
6031 'info'.
6032 - Replaced 'cache_stoplist' with 'no_cache' Access list.
6033 - Fixed (hopefully) remaining swapfile-open-at-exit bugs.
44745828 6034 - Fixed default hierarchy_stoplist to be ``default if none.''
6035 - Fixed 'fake a recent reply' hack for detecting DEAD
6036 and ALIVE neighbors (Joe Ramey).
e376562a 6037 - Fixed FTP directory parsing bugs (Joe Ramey).
6038 - Fixed ftpTraverseDirectory coredump for NULL ftpState->filepath
6039 (Joe Ramey).
dea17509 6040 - Fixed daylight savings time bug (again).
fd1bc012 6041 - A lot of Cache Digests additions, fixes, and tuning.
6042 Cache Digests are still "very experimental".
e376562a 6043 - Fixed snprintf() bug. When len == 1, snprintf() would treat
6044 the buffer as unknown size, emulating sprintf() behaviour.
6045 - Made Error page language configurable with configure script
6046 (Henrik Nordstrom).
6047 - Fixed squid-internal URLs when http_port == 80.
6048 - Remember the client address on redirected requests (Henrik
6049 Nordstrom).
6050 - Don't rebuild the request if the redirector returned the same
6051 URL (Henrik Nordstrom).
6052 - Rewrite Host: header on redirected requests (Henrik
6053 Nordstrom).
6054 - Include port (if non-standard) in generated Host: headers
6055 (Henrik Nordstrom).
6056 - Fixed rfc1123 timezone hacks for Windows NT
6057 (Henrik Nordstrom).
6058 - Added Russian Error pages by Ilia Zadorozhko.
6059 - Added totals for ICP and HTTP hits to cachemgr client_list
6060 output.
6cfa8966 6061 - Changed error message to 'Generated TIME by HOST (SQUID/VER)'
6062 because any string with an '@' must be an email address.
e376562a 6063 - Fixed POST for content-length == 0.
901b8eaf 6064 - Fixed "huge 304 reply" loop bug.
5e9ab945 6065 - Fixed --enable-splaytree compile bugs.
c93fbf13 6066 - Removed ASN lookup code in peer_select.c.
b6a2f15e 6067 - Added warnings if ACL code detects subdomains in SPLAY
6068 trees.
6069 - Rewrote some bits of httpRequestFree() to eliminate
6070 possible bugs that could cause an "e->lock_count" asseertion.
6071 - Added value/bounds checking to _db_init() when setting
6072 the debugLevels[] array.
fd1bc012 6073
005e5260 6074Changes to squid-1.2.beta19 (Apr 8, 1998):
6075
b0497a40 6076 - Squid-1.2.beta19 compiles and runs on Windows/NT with
6077 Cygnus Gnu-WIN32 b19 (Henrik Nordstrom).
447203a7 6078 - Added French Error pages by Frank DENIS.
6079 - Added Dutch Error pages by Mark Visser
901b8eaf 6080 - Added German Error pages by Bernd P. Ziller, Jens Frank,
6081 and Anke S.
f9f2be04 6082 - Added support for only-if-cached cache-control directive.
005e5260 6083 - Added RELAXED_HTTP_PARSER #define to allow requests which are
6084 missing the HTTP identifier on the request line (e.g. buggy
6085 SpyGame queries). RELAXED_HTTP_PARSER is undefined by default.
1f4d31f9 6086 - Fixed disk.c FD leak for delayed closes in
6087 diskHandleWriteComplete().
6088 - Fixed cache announcement feature.
20fe7191 6089 - Fixed httpReadReply() to retry failed HTTP requests on
6090 persistent connections when read() returns -1, not only
6091 when it returns 0.
805e5f70 6092 - Fixed cbdata memory counting leak. cbdataUnlock() always
6093 called free(), never memFree().
ff396fe6 6094 - Fixed storeDirWriteCleanLogs() malloc bug on Alphas.
005e5260 6095 - Fixed `++loopdetect < 10' assertion due to
6096 clientHandleIMSReply bug for invalid/partial HTTP
6097 replies.
6098 - Added preliminary code for HTCP.
6099 - Renamed 'aux' dir to 'cfgaux' for legacy DOS machines.
6100 - Added "snmp_community" as an ACL type.
6101 - Cleaned up proxy-auth acl implementation and removed
6102 memory leaks.
6103 - Added generic 'hashFreeItems()' function for efficiently
6104 freeing hash table pointers.
6105 - Added whoisTimeout() for ASN code.
447203a7 6106 - Removed BINARY TREE code.
005e5260 6107 - Fixed forgetting to reset Config.Swap.maxSize in
6108 configDoConfigure.
6109 - Fixed httpReplyUpdateOnNotModified() arguments-in-wrong-order
6110 bug which caused not modified replies to not get updated.
6111 - Fixed client_side.c bugs which could cause data to be written
6112 to the client in the wrong order for persistent connections.
6113 clientPurgeRequest() and clientHandleIMSComplete() must not
6114 call comm_write(). Instead they must create and write to
6115 StoreEntry's.
6116 - Fixed ICP query service time counting bug(s).
6117 - replaced 'char *mime_headers_end()' with 'size_t headersEnd()'
6118 to fix buffer overruns. This also requires adding 'buf_sz'
6119 args to some functions like clientBuildReplyHeader().
6120 But we can eliminate the need to NULL-terminate the
6121 buffer beforehand.
6122 - Changed commConnectCallback() to reset the FD timeout to
6123 zero before notifying about the connection. This requires
6124 commSetTimeout() calls in numerous places to reinstall
6125 timeouts.
6126 - Changed comm_poll_incoming() to be called less frequently
6127 (every 15 I/O's instead of every 7 FD's) (Michael O'Reilly).
6128 - Removed HAVE_SYSLOG case for debug() macro. Almost all
6129 systems do have syslog(), but more importatnly the
6130 _db_level value is needed for debugging to stderr.
6131 - Rewrote squid/dnsserver interface to use smaller, single-line
6132 messages.
6133 - Rewrote 'dns' cachemgr output to use a table format.
6134 - Rewrote a lot of dnsserver.c.
6135 - Added eventAddIsh() for semi-random event scheduling.
6136 - Fixed an ftpTimeout bug for sessions which use PORT
6137 commands.
6138 - Fixed ftp.c to recognized invalid PASV replies (e.g.
6139 port == 0).
6140 - Removed hash_insert(). All hasing uses hash_join() now.
6141 - Renamed hash_unlink() to hash_remove_link().
6142 - Added hashPrime() to find closes prime hash table size
6143 to a given value.
6144 - Fixed Keep-Alive ratio counting bug which prevented
6145 persistent connections from being used between cache
6146 peers.
6147 - Changed icmp.c to NOT queue messages sent from squid to
6148 the pinger program.
6149 - Changed icp_v2.c to NOT queue ICP messages by default.
6150 But they will be queued and resent once if the first
6151 send fails. Counters.icp.queued_replies counts the
6152 number of messaages queued.
6153 - Cleaned up ICP logging.
6154 - Added identTimeout().
6155 - Fixed ipcache reply counting bug. Overcounted dnsserver
6156 replies for partial replies.
6157 - Added urlInternal() for building internal Squid URLs.
6158 - Changed peerAllowedToUse() to check both 'cache_peer_domain'
6159 AND 'cache_peer_acl' configurations. This should be changed
6160 in the fugure to use ONLY cache_peer_acl.
6161 - Changed DEAD/REVIVED neighbor detection to avoid reporting
6162 so many false deaths. (Joe Ramey).
6163 - Added some preliminary code to support "cache digests."
6164 - Fixed pumpClose() coredumps (?).
6165 - Updated cachemgr 'info' output to show median service
6166 times for various categories.
6167 - Fixed ABW bug in storeDirWriteCleanLogs(). sizeof(off_t)
6168 != sizeof(int) for Alphas.
6169 - Fixed potential alignment problem in storeDirWriteCleanLogs().
6170 - Fixed store_rebuild.c to NOT replace current, but
6171 not-swapped-out StoreEntry's with on-disk entries.
6172 - Changed storeCleanup() to call storeRelease on invalid
6173 entries which don't have a swapfile (i.e. no unlink()
6174 penalty).
6175 - Fixed storeSwapInStart() to fail for unvalidated
6176 entries.
6177 - SNMP changes:
6178 . renovated mib and added descriptions and comments
6179 . added hit and byte counters to client_db , for
6180 cacheClientTable
6181 . cacheClientTable, netdbTable, cachePeerTable,
6182 cacheConnTable now indexed by ip address. hash_lookup was
6183 enhanced to allow for subsequent hash_next's similar to
6184 hash_first, to speed up getnext's in tables which refer to
6185 hash-table structures.
6186 . added generic (well, sorf of) table indexing functionality
6187 . added makefile dependencies for snmplib and cache_snmp.h
6188 . WaisHost, WaisPort, Timeouts removed
6189 . FdTable split into FdTable and ConnTable. FdTable simplified
6190 . PeerTable and PeerStat merged and put into new cacheMesh
6191 group
6192 . cacheClientTable added for client statistics and accounting
6193 (cacheMesh 2)
6194 . cacheSec and cacheAccounting groups removed
6195 . fixed acl bug when communities not defined
6196 . snmp_acl now survives bad configuration
81d0c856 6197
9a713ffb 6198Changes to squid-1.2.beta18 (Mar 23, 1998):
6199
275d9f2e 6200 - Added v1.1 'test_reachability' option.
6201 - Fixed hash4() len == 0 bug.
2c26197b 6202 - Fixed Config.Swap.maxSize reconfigure bug.
6203 - Fixed ICP query bug determining request method.
6204 - Moved ICP's storeGet() cache lookup into neighborsUdpAck()
6205 so that we know neighbors are alive even when they send
6206 us replies for unknown entries.
6207 - Changed configure script to add '-std1' for Digital Unix cc.
6208 - Fixed SNMP sizeof(int) / sizeof(long) bugs for 64-bit
6209 systems.
6210 - Added support for 'Cache-Control: Only-If-Cached' request header.
34ad1721 6211 - Fixed CheckQuickAbort() bugs for multiple clients on one
6212 StoreEntry. Also changed storePendingNClients() to return
6213 mem->nclients instead of counting the number of store_client
6214 entries with pending callback functions.
275d9f2e 6215
041b157e 6216Changes to squid-1.2.beta17 (Mar 17, 1998):
6217
df43fc93 6218 - SNMP MIB version check changed to non-rcs.
02922e76 6219 - Added memory pools for variable size objects (strings).
6220 There are three pools; for small, medium, and large objects.
6221 - Extended String object to use memory pools. Most fixed size char
6222 array fields will be replaced using string pools. Same for most
6223 malloc()-ed buffers.
5e14bf6d 6224 - Changed icon handling to use the hostname and port of the squid
9ed90c85 6225 server, instead of the special hostname "internal.squid"
6226 (Henrik Nordstrom).
5e14bf6d 6227 - All icons are now configured in mime.conf. No hardcoded icons,
f8360ee3 6228 including gohper icons (Henrik Nordstrom).
459f2559 6229 - Fixed ICP bug when we send queries, but expect zero
6230 replies.
ed9c0b33 6231 - Fixed alignment/casting bugs for ICP messages.
2b5b6324 6232 - A generic client-to-server "pump" was added to handle HTTP
6233 PUT as well as POST methods on the client-cache side. Based on
6234 "pump" PUT requests can be made to either HTTP or FTP url's.
6235 Code is still beta and interoperability with browsers etc has
6236 not been tested.
6237 - Put #ifdefs around 'source_ping' code.
5e14bf6d 6238 - Added missing typedef for _arp_ip_data (Wesha).
6239 - Added regular-expression-based ACLs for client and server
6240 domain names (Henrik Nordstrom).
6241 - Fixed ident-related coredumps from incorrect callback data.
6242 - Fixed parse_rfc1123() "space" bug.
6243 - Fixed xrealloc() XMALLOC_DEBUG bug (not calling check_free())..
6244 - Fixed some src/asn.c end-of-reply bugs and memory leaks.
6245 - Fixed some peer->options flag-setting bugs.
6246 - Fixed single-parent feature to work again
6247 - Removed 'single_parent_bypass' configuration option; instead
6248 just use 'no-query'.
6249 - Surrounded 'source_ping' code with #ifdefs.
6250 - Changed 'deny_info URL' to use a custom Error page.
6251 - Modified src/client.c for testing POST requests.
041b157e 6252 - Fixed hash4() for SCO (Vlado Potisk).
459f2559 6253
7ba777f2 6254Changes to squid-1.2.beta16 (Mar 4, 1998):
6255
447203a7 6256 - Added Spanish error messages from Javier Puche.
02922e76 6257 - Added Portuguese error messages from Pedro Lineu Orso
0965bd19 6258 - Added a simple but very effective hack to cachemgr.cgi that tries to
6259 interpret lines with '\t' as table records and formats them
6260 accordingly. With a few exceptions (see source code), first line
6261 becomes a table heading ("<th>" html tag) and the rest is formated
6262 with "<td>" tags.
7021844c 6263 - Added "mem_pools_limit" configuration option. Semantics of
6264 "mem_pools" option has also changed a bit to reflect new memory
6265 management policy.
7ba777f2 6266 - Reorganized memory pools. Squid now supports a global pool
6267 limit instead of individual pool limits. Per-pool limits can be
3a88d597 6268 implemented on top of the current scheme if needed, but it is
7ba777f2 6269 probably hard to guess their values. Squid distributes pool
6270 memory among "frequently allocated" objects. There is a
6271 configurable limit on the total amount of "idle" memory to be
6272 kept in reserve. All requests that exceed that amount are
6273 satisfied using malloc library. Support for variable size
6274 objects (mostly strings) will be enabled soon.
6275 - memAllocate() has now only one parameter. Objects are always
6276 reset with 0s. (We actually never used that parameter before;
6277 it was always set to "clear").
6278 - Added Squid "signature" to all ERR_ pages. The signature is
6279 hardcoded and is added on-the-fly. The signature may use
6280 %-escapes. Added interface to add more hard-coded responses if
6281 needed (see errorpage.c::error_hard_text).
6282 - Both default and configured directories are searched for ERR_
6283 pages now. Configured directory is, of course, searched first.
6284 This allows you to customize a subset of ERR_ pages (in a
6285 separate directory) without danger of getting other copies out
6286 of sync.
6287 - Security controls for the SNMP agent added. Besides
6288 communities (like password) and views (part of tree
6289 accessible), the snmp_acl config option can be used to do acl
6290 based access checks per community.
6291 - SNMP agent was heavily re-written, based on cmu-snmpV1.8. You
6292 can now walk through the whole mib tree. Several new variables
6293 added under cacheProtoAggregateStats
12cf1be2 6294 - Added rudimental statistics for HTTP headers.
7ba777f2 6295 - Adjusted StatLogHist to a more generic/flexible StatHist.
12cf1be2 6296 Moved StatHist implementation into a separate file.
178dbda2 6297 - Added FTP support for PORT if PASV fails, also try the
6298 default FTP data port (Henrik Nordstrom).
6299 - Fixed NULL pointer bug in clientGetHeadersForIMS when a
6300 request is cancelled for fails on the client side.
6301 - Filled in some squid.conf comments (never_direct,
6302 always_direct).
6303 - Added RES_DNSRCH to dnsserver's _res.options when the
6304 -D command line option is given.
6305 - Fixed repeated Detected DEAD/REVIVED Sibling messages when
6306 peer->tcp_up == 0 (Michael O'Reilly).
6307 - Fixed storeGetNextFile's incorrect "directory does not exist"
6308 errors (Michael O'Reilly).
6309 - Fixed aiops.c race condition (Michael O'Reilly, Stewart
6310 Forster).
6311 - Added 'dns_nameservers' config option to specify non-default
6312 DNS nameserver addresses (Maxim Krasnyansky).
6313 - Added lib/util.c code to show memory map as a tree
6314 (Henrik Nordstrom).
6315 - Added HTTP and ICP median service times to Counters and
6316 cachemgr average stats.
6317 - Changed "-d" command line option to take debugging level
6318 as argument. Debugging equal-to or less-than the argument
6319 will be written to stderr.
3ff01c3e 6320 - Removed unused urlClean() function from url.c.
adba4a64 6321 - Fixed a bug that allowed '?' parts of urls to be recorded in
ef65d6ca 6322 store.log. Logged urls are now "clean".
178dbda2 6323 - Cache Manager got new Web interface (cachemgr.cgi). New .cgi
6324 script forwards basic authentication from browser to squid.
6325 Authentication info is encoded within all dynamically generated
6326 pages so you do not have to type your password often.
6327 Authentication records expire after 3 hours (default) since
6328 last use. Cachemgr.cgi now recognizes "action protection" types
6329 described below.
6330 - Added better recognition of available protection for actions
6331 in Cache Manager. Actions are classified as "public" (no
6332 password needed), "protected" (must specify a valid password),
6333 "disabled" (those with a "disable" password in squid.conf), and
6334 "hidden" (actions that require a password, but do not have
6335 corresponding cachemgr_passwd entry). If you manage to request
6336 a hidden, disabled, or unknown action, squid replies with
6337 "Invalid URL" message. If a password is needed, and you failed
6338 to provide one, squid replies with "Access Denied" message and
6339 asks you to authenticate yourself.
6340 - Added "basic" authentication scheme for the Cache Manager.
6341 When a password protected function is accessed, Squid sends an
6342 HTTP_UNAUTHORIZED reply allowing the client to authorize itself
6343 by specifying "name" and "password" for the specified action.
6344 The user name is currently used for logging purposes only. The
6345 password must be an appropriate "cachemgr_passwd" entry from
6346 squid.conf. The old interface (appending @password to the url)
6347 is still supported but discouraged. Note: it is not possible
6348 to pass authentication information between squid and browser
6349 *via a web server*. The server will strip all authentication
6350 headers coming from the browser. A similar problem exists for
6351 Proxy-Authentication scheme.
6352 - Added ERR_CACHE_MGR_ACCESS_DENIED page to notify of
6353 authentication failures when accessing Cache Manager.
63259c34 6354 - Added "-v" (Verbose) and "-H" (extra Headers) options to client.c.
178dbda2 6355 - Added simple context-based debugging to debug.c. Currently,
6356 the context is defined as a constant string. Context reporting
6357 is triggered by debug() calls. Context debugging routines
6358 print minimal amount of information sufficient to describe
6359 current context. The interface will be enhanced in the future.
6360 - Replaced _http_reply with HttpReply. HttpReply is a
6361 stand-alone object that is responsible for parsing, swapping,
6362 and comm_writing of HTTP replies. Moved these functions from
6363 various modules into HttpReply module.
8bfcd557 6364 - Added HttpStatusLine, HttpHeader, HttpBody.
178dbda2 6365 - All HTTP headers are now parsed and stored in a "compiled"
6366 form in the HttpHeader object. This allows for a great
6367 flexibility in header processing and builds basis for support
6368 of yet unsupported HTTP headers.
6369 - Added Packer, a memory/store redirector with a printf
6370 interface. Packer allows to comm_write() or swap() an object
6371 using a single routine.
6372 - Added MemBuf, a auto-growing memory buffer with printf
6373 capabilities. MemBuf replaces most of old local buffers for
6374 compiling text messages.
6375 - Added MemPool that maintains a pre-allocated pool of opaque
6376 objects. Used to eliminate memory thrashing when allocating
6377 small objects (e.g. field-names and field-value in http
6378 headers).
8bfcd557 6379
3197e644 6380Changes to squid-1.2.beta15 (Feb 13, 1998):
6381
55647891 6382 NOTE: This version has changes which may cause all or part
6383 of your cache to be lost. However, you can problably
6384 save most of it by doing a slow restart. Specifically:
6385
6386 1. Kill the running squid-1.2.beta14 process; wait for it to
6387 fully exit.
6388 2. Remove all 'swap.state*' files, either in each cache_dir, or
6389 as defined in your squid.conf
6390 3. Start squid-1.2.beta15. The store will be rebuilt from the
6391 existing swap files, reading the directories and opening
6392 the files.
6393
bcfbdc11 6394 - Fixed some problems related to disk (and pipe) write error
6395 handling. file_close() doesn't always close the file
6396 immediately; i.e. when there are pending buffers to write.
6397 StoreEntry->lock_count could become zero while a write is
6398 pending, then bad things happen during the callback.
6399 - The file_write() callback data must now be in the callback
6400 database (cbdata). We now use the swapout_ctrl_t structure
6401 for the callback data; it stays around for as long as we are
6402 swapping out.
6403 - Changed the way write errors are handled by diskHandleWrite.
6404 If there is no callback function, now we exit with a fatal
6405 message under the assumption that the file in question is a
6406 log file or IPC pipe. Otherwise, we flush all the pending
6407 write buffers (so we don't see multiple repeated write errors
6408 from the same descriptor) and let the upper layer decide how
6409 to handle the failure.
6410 - Fixed storeDirWriteCleanLogs. A write failure was leaving
6411 some empty swap.state files, even though it tells us that its
6412 "not replacing the file." Don't flush/rename logs which we
6413 have prematurely closed due to write failures, indiciated by
6414 fd[dirn] == -1. Close these files LAST, not before
6415 renaming.
6416 - Fixed storeDirClean to clean directories in a more sensible
6417 order, instead of the new "MONOTONIC" order for swap files.
0465e406 6418 - Merged fdstat.c functions into fd.c.
6419 - Cleaned up some debugging sections. Some unrelated source
6420 files were using the same section.
6421 - Removed curly brackets from all cachemgr output.
6422 - Removed unused filemap->last_file_number_allocated member.
6423 - Removed unused fde->lifetime_data member.
6424 - Fixed incorrectly applying htonl() on icp_common_t->shostid.
6425 - Call setsid() before exec() in ipc.c so that child processes
6426 don't receive SIGINT (etc) when running squid on a tty.
2f2dd5ad 6427 - Changed StoreEntry->object_len to ->swap_file_sz so we
6428 can verify the disk file size at restart. Moved object_len
6429 to MemObject->object_sz. Note object_sz is initialized
6430 to -1. If object_sz < 0, then we need to open the swap
6431 file and read the swap metadata.
6432 - Changed store_client->mem to ->entry because we need
6433 e->swap_file_sz to set mem->object_sz at swapin.
2f2dd5ad 6434 - Renamed storeSwapData structure to storeSwapLogData.
6435 - Fixed storeGetNextFile to not increment d->dirn. Added
6436 check for opendir() failure.
6437 - Fixed storeRebuildStart to properly link the directory
6438 list for storeRebuildfromDirectory mode.
e157f97f 6439 - Added -S command line option to double-check store
6440 consistency with disk files in storeCleanup().
6441 - Fixed a problem with transactional logging. In many
6442 cases we were adding the public cache key and then
6443 logging a delete for the private key. This is worthless
6444 because during rebuild we could not locate the previous
6445 public-keyed entry. Now we assert that only public-keyed
6446 entries can be logged to swap.state. storeSetPublicKey()
6447 and storeSetPrivateKey() have been modified to log an
6448 ADD or DEL when the key changes.
6449 - Fixed storeDirClean bug. Needed to call
6450 storeDirProperFileno() so the "dirn bits" get set.
6451 - Fixed a storeRebuildFromDirectory bug. fullpath[] and
6452 fullfilename[] were static to that function and did
6453 not change when the "rebuild_dir" arg did. Moved these
6454 buffers to the rebuild_dir structure.
6455 - In storeRebuildFromSwapLog, we were calling storeRelease()
6456 for cache key collisions. This only set the RELEASE_REQUEST
6457 bit and did not clear the swap_file_number in the filemap or
6458 in the StoreEntry, so the swap file could get unlinked later
6459 when it was really released.
4e0f0471 6460 - Fixed FTP so that ';type=X' specifically sets the HTTP reply
6461 content-type and content-encoding (Henrik Nordstrom).
6462 - Removed 'icon_content_type' configuration option. Content
6463 types now taken from mime.conf (Henrik Nordstrom).
2a9b2b73 6464 - Added additional memory malloc tracing and memory leak
6465 detection. Use --enable-xmalloc-debug-trace configure
6466 option and -m command line option (Henrik Nordstrom).
bcfbdc11 6467
93169941 6468Changes to squid-1.2.beta14 (Feb 6, 1998):
6469
5471db88 6470 - Replaced snmplib free() calls with xfree().
6471 - Changed the 'net_db_name' hash table structure to
6472 make it easier to move names from one network to another
6473 (copied from 1.1 code).
93169941 6474 - Filled in some of the config dump routines (dump_acl,
6475 dump_acl_access).
6476 - Full memory debugging option (--enable-xmalloc-debug-trace)
6477 (Henrik Nordstrom).
6478 - Filled-in and clarified many squid.conf comments (Oskar
6479 Pearson).
6480 - Fixed up handling of SWAP_LOG_DEL swap.state entries.
5471db88 6481
f91834bf 6482Changes to squid-1.2.beta13 (Feb 4, 1998):
f577e074 6483
b4512acd 6484 - NOTE: With this version the "swap.state" file format has
6485 changed. Running this version for the first time will
6486 cause your current cache contents to be lost!
f91834bf 6487 - NOTE: this version still has the bug where we don't rewind
6488 a swapout file and rewrite the swap meta data. Objects
6489 larger than 8KB will be lost when rebuilding from the swap
6490 files.
d04dd4bf 6491 - Combined various interprocess communication setup functions
6492 into ipcCreate().
6493 - Removed some leftover ICP_HIT_OBJ things.
6494 - Removed cacheinfo and proto_count() and friends; these are to
6495 be replaced in functionality by StatCounters and 5/60 minute
6496 average views via cachemgr.
6497 - Fixed --enable-acltree configure message (Masashi Fujita).
6498 - Fixed no reference to @LIB_MALLOC@ in src/Makefile.in
6499 (Masashi Fujita).
6500 - Fixed building outside of source tree (Masashi Fujita).
dbfed404 6501 - FTP: Format NLST listings, and inform the user that the NLST
6502 (plain) format is available when we find a LIST listing that we
6503 don't understand (Henrik Nordstrom)
6504 - FTP: Use SIZE on Binary transfers, and not ASCII. The
6505 condition was inversed, making squid use SIZE on ASCII
6506 transfers (Henrik Nordstrom).
6507 - Enable virtual and Host: based acceleration in order to be
6508 able to use Squid as a transparent proxy without breaking
6509 either virtual servers or clients not sending Host: header
6510 the order of the virtual and Host: based acceleration needs
6511 to be swapped, giving Host: a higher precendence than virtual
6512 host (Henrik Nordstrom).
6513 - Use memmove/bcopy as detected by configure Some systems does
6514 not have memmove, but have the older bcopy implementation
6515 (Henrik Nordstrom).
6cf028ab 6516 - Completely rewritten aiops.c that creates and manages a pool
6517 of threads so thread creation overhead is eliminated (SLF).
6518 - Lots of mods to store.c to detect and cancel outstanding
6519 ASYNC ops. Code is not proven exhaustive and there are
6520 definately still cases to be found where outstanding disk ops
6521 aren't cancelled properly (SLF).
6522 - Changes to call interface to a few routines to support disk
6523 op `tagging', so operations can be cleanly cancelled on
6524 store_abort()s (SLF).
6525 - Implementation of swap.state files as transaction logs.
6526 Removed objects are now noted with a negative object size.
6527 This allows reliatively clean rebuilds from non-clean
6528 shutdowns (SLF).
6529 - Now that the swap.state files are transaction logs, there's
6530 now no need to validate by stat()ing. All the validation
6531 procedure does is now just set the valid bit AFTER all the
6532 swap.state files have been read, because by that time, only
6533 valid objects can be left. Object still need to be marked
6534 invalid when reading the swap.state file because there's no
6535 guarantee the file has been retaken or deleted (SLF).
6536 - An fstat() call is now added after every
6537 storeSwapInFileOpened() so object sizes can be checked. Added
6538 code to storeRelease() the object if the sizes don't match (SLF).
6474667e 6539 - #defining USE_ASYNC_IO now uses the async unlink() rather than
6540 unlinkd() (SLF).
6cf028ab 6541 - #defining MONOTONIC_STORE will support the creation of disk
6542 objects clustered into directories. This GREATLY improves disk
6543 performance (factor of 3) over old `write-over-old-object'
6544 method. If using the MONOTONIC_STORE, the
6545 {get/put}_unusedFileno stack stuff is disabled. This is
6546 actually a good thing and greatly reduces the risk of serving
6547 up bad objects (SLF).
6548 - Fixed unlink() in storeWriteCleanLogs to be real unlink()
6549 rather than ASYNC/unlinkd unlinks. swap.state.new files were
6550 being removed just after they were created due to delayed
6551 unlinks (SLF).
6552 - Disabled various assertions and made these into debug warning
6553 messages to make the code more stable until the bugs can be
6554 tracked down (SLF).
6555 - Added most of Michael O'Reilly's patches which included many
6556 bug fixes. Ask him for full details (SLF).
6557 - Moved aio_check_callbacks in comm_{poll|select}(). It was
6558 called after the fdset had been built which was wrong because
6559 the callbacks were changing the state of the read/write
6560 handlers prior to the poll/select() calls (SLF).
f09f5b26 6561 - Fixed ARP ACL memory leaks (Dale).
f577e074 6562 - Eliminated URL and SHA cache keys. Cache keys will always
6563 be MD5's now.
6564 - Fixed up store swap meta data.
6565 - Changed swap.state logs to a binary format.
f91834bf 6566 - The swap.state logs are written transaction-style.
d04dd4bf 6567
b5cfbd5b 6568Changes to squid-1.2.beta12 (Jan 30, 1998):
6569
b4512acd 6570 - Added metadata headers to cache swap files. This is an
6571 incompatible change with previous versions. Running this
6572 version for the first time will cause your current cache
6573 contents to be lost.
9fc0b4b8 6574 - -D_REENTRANT when linking with -lpthreads (Henrik Nordstrom)
6575 - Show symlink destinations as a hyperlink in FTP listings
6576 (Henrik Nordstrom)
3a4eaced 6577 - Fixed not allocating enough space for rewriting URLs with
6578 the Host: header (Eric Stern).
6579 - Year-2000 fixes (Arjan de Vet).
6580 - Fixed looping for cache hits on HEAD requests.
fc6dc767 6581 - Fixed parseHttpRequest() coredump for
6474667e 6582 "GET http://foo HTTP/1.0\r\n\r\n\r\n"
9fc0b4b8 6583
9f802cb1 6584Changes to squid-1.2.beta11 (Jan 6, 1998):
6585
fd82d0b0 6586 - Fixed fake 'struct rusage' definition which prevented compling
6587 on Solaris 2.4.
6588 - Fixed copy-by-ref bug for request->headers in
6589 clientRedirectDone() (Michael O'Reilly).
812db943 6590 - Workaround for Solaris pthreads closing FD 0 upon fork()
6591 (Michael O'Reilly).
05fd71a7 6592 - Fixed shutdown bug with outgoing UDP sockets; we need to
6593 disable their read handlers.
6594 - For comm_poll(), use the fast 50 msec timeout only when
6595 USE_ASYNC_IO is defined.
1fbc6de3 6596 - Fixed pointer bug when freeing AS# ACL entries.
6597 - Fixed forgetting to reset Config.npeers to zero in free_peer().
0f6bdbfa 6598 - Fixed ICP bug causing excessive TIMEOUTs with sibling
6599 neighbors. We must call the ICP reply callback even for
6600 sibling misses.
6601 - Fixed some dnsserver-related reconfigure bugs. Need to
6602 use cbdataLock, etc in fqdncache.c. Also don't want to
6603 use ipcacheQueueDrain() and fqdncacheQueueDrain().
6604 - Fixed persistent connection bug. We were incorrectly
6605 deciding that non-200 replies without content-length
6606 would not have a reply body.
6607 - Fixed intAverage() precedence bug.
6608 - Fixed memmove() 'len' arg bug.
6609 - Changed algorithm for determining alive/dead state of peers.
6610 Instead of using a fixed number of unacknowledged ICP
6611 replies, it is now based on timeouts. If there are no ICP
6612 replies received from a peer within 'dead_peer_timeout'
6613 seconds, then we call it dead.
6614 - Added calls to getCurrentTime() in
6615 comm_{select,poll}_incoming() when ALARM_UPDATES_TIME is not
6616 being used.
6617 - Fixed shutdown bug when the incoming and outgoing ICP socket
6618 is the same file descriptor.
e970f357 6619 - Added buffered writes for storeWriteCleanLogs() (Stewart
6620 Forster).
6621 - Patches for Qnx4 (Jean-Claude MICHOT).
6622 - Fixed returning void functions which seems to be a GCC-ism.
e5f4e1b0 6623 - New configure script options (Henrik Nordstrom):
6624 --enable-new-storekey=[sha|md5(|url)] (was --enable-hashkey)
6625 --enable-acltree
6626 --enable-icmp
6627 --enable-delay-hack
6628 --enable-useragent-log
6629 --enable-kill-parent (this should be named -hack)
6630 --enable-snmp
6631 --enable-time-hack
6632 --enable-cachemgr-hostname[=hostname] (new)
6633 --enable-arp-acl (new)
6634 - Added Doug Lea malloc-2.6.4 to the distribution, so that
6635 people easily can try a decent malloc package if they syspect
6636 their malloc is broken. --enable-dlmalloc (Henrik Nordstrom).
6637 - Made XMALLOC_DEBUG_COUNT working again. Requires a small stub
6638 function (Henrik Nordstrom).
6639 - Removed top-level Makefile. People must now run 'configure'
6640 before 'make'.
714ace98 6641 - Fixed checkFailureRatio() implementation.
82b3c7d9 6642 - Made 'squid -z' behave like the 1.1 version.
e5f4e1b0 6643
fd82d0b0 6644
ab9a3f7e 6645Changes to squid-1.2.beta10 (Jan 1, 1998):
6646
6647 - Fixed content-length bugs for 204 replies, 304 replies,
6648 and HEAD requests (Henrik Nordstrom).
6649 - Fixed errorAppendEntry() bug in gopherReadReply().
6650 - Basic support for FTP URL typecodes (;type=X).
9c965c1b 6651 - Support for access controls based on ethernet MAC addresses
ab9a3f7e 6652 (Dale).
6653 - Initial URN support; see
6654 http://squid.nlanr.net/Squid/urn-support.html
6655 - Fixed client-side persistent connections for objects with
6656 bad content lengths (Henrik Nordstrom).
6657 - Fixed bad call to storeDirUpdateSwapSize() for objects which
6658 never reach SWAPOUT_DONE state.
68e3a9df 6659 - Fixed up poll() #defines in squid.h (Stewart Forster).
6660 - Changed poll() timeout from 1000 msec to 50 msec for
6661 better performance under low load (Stewart Forster).
e7a1fde6 6662 - Changed storeWriteCleanLogs() to write objects in the LRU
6663 list order instead of the random hash table order.
109ff6af 6664 - Fixed FTP bug when data socket connections fail or timeout.
6665 - Reuse FTP data connection when possible (Henrik Nordstrom).
6666 - Added configure options (Henrik Nordstrom)
6667 --enable-store-key=sha|md5
6668 --enable-xmalloc-statistics
6669 --enable-xmalloc-debug
78743365 6670 --enable-xmalloc-debug-count
6671 --async-io
109203bf 6672 - Fixed confusing with the use/meaning of ERR_CANNOT_FORWARD
6673 by creating ERR_FORWARDING_DENIED and changing the
6674 content of the ERR_CANNOT_FORWARD text.
4e9c07c1 6675 - Fixed pipeline request bug from using strdup() (Henrik
6676 Nordstrom).
6677 - Call clientReadRequest() directly instead of commSetSelect()
6678 for pipelined requests (Henrik Nordstrom).
1b02b5be 6679 - Fixed 4k page leak in icpHandleIMSReply();
6680 - Renamed 'icp*' functions to 'client*' names in client_side.c.
e7a1fde6 6681
b90a0f8d 6682Changes to squid-1.2.beta8 (Dec 2, 1997):
6683
eae03fc8 6684 - Fixed accessLogLog() to log ident from Proxy-Authorization
6685 request header (BoB Miorelli).
226f9ba2 6686 - Fixed #includes, prototypes, etc. in SNMP source files.
6687 - Moved 'POLLRDNORM' and 'POLLWRNORM' macro checks from
6688 include/config.h.in to src/squid.h
6689 - Moved 'num32' typedefs from src/typedefs.h to
6690 include/config.h.in.
6691 - Moved snmplib/md5.c to lib/md5.c.
6692 - Added MD5 cache key support.
6693 - Removed xmalloc() return check in uudeocde.c
6694 - Added 'ifdef' support to cf_gen.c for optional code (e.g. SNMP)
6695 - Changed 'client' program to provide easier cache manager access,
3ff01c3e 6696 e.g.: 'client mgr:info'
226f9ba2 6697 - Fixed 'client' to send 'Connection' instead of 'Proxy-Connection'
6698 for simulated keep-alive requests.
6699 - Removed 'fd' arg from clientProcess* functions.
9e3468d5 6700 - Fixed bugs from using errorSend() on persistent/pipelined
226f9ba2 6701 client connections. A latter request should not be allowed to
6702 write to the client fd until the current request completes.
6703 Now use errorAppendEntry() for such situations.
6704 - Fixed content-length bugs. We were using content-length == 0
6705 to also indicate a lack of content-length reply header. But
6706 'content-length: 0' might appear in a reply, so now use -1 to
6707 indicate that no content length given.
6708 - Split up clientProcessRequest() into smaller chunks so it
6709 might be easier to follow.
6710 - renamed various client_side.c functions to start with 'client'
6711 instead of 'icp'.
6712 - Fixed a 'cbdata leak' from the comm.c close handlers.
6713 - Fixed a 'cbdata leak' from the comm.c connect routines.
6714 - Fixed comm_select() and comm_poll() to stop looping on the
6715 incoming HTTP/ICP sockets. If there are fewer than 7 FD's
6716 ready for I/O, the incoming sockets might not get service, so
6717 comm_select() would be called for up to 7 times until the
6718 'incoming_counter' was incremented enough to trigger a call
6719 to comm_select_incoming(). Now we make sure
6720 comm_select_incoming() gets called if select returns less
6721 than 7 ready FD's.
9e3468d5 6722 - Added errorpage '%B' token to generate FTP URLs with a '%2f'
6723 inserted at the start of the url-path. calls ftpUrlWith2f().
6724 (Henrik Nordstrom).
226f9ba2 6725 - Changed fqdncache.c to use LRU double-linked list instead of qsort()
6726 for replacement and cachemgr output.
6727 - Changed ipcache.c to use LRU double-linked list instead of qsort()
6728 - Changed hash_insert() and hash_join() to return void.
6729 for replacement and cachemgr output.
6730 - Moved StoreEntry->method member to MemObject->method.
6731 - Made StoreEntry->flags 16 bits.
6732 - Made StoreEntry->refcount 16 bits.
6733 - Changed URL-based public cache key to always include the request
6734 method.
eae03fc8 6735
95bc9f0b 6736Changes to squid-1.2.beta7 (Nov 24, 1997):
6737
6a11653c 6738 - Fixed poll() for Linux (David Luyer).
6739 - SHA optimizations (David Luyer).
6740 - Fixed errno clashes with macro on Linux (David Luyer).
6741 - Fixed storeDirCloseSwapLogs(); logs might not be open.
6742 - Fixed storeClientCopy2() bug. Detect when there is
6743 no more data to send for objects in STORE_OK state.
19ee64b1 6744 - Fixed FTP truncation bug when ftpState->size == 0, e.g.
6745 especially directory listings.
95bc9f0b 6746 - Mega FTP fix from Henrik Nordstrom. A better job of
6747 implementing the '%2f' hack.
6748 - Fixed some pipelined request bugs. storeClientCopy() was
6749 being given the wrong StoreEntry, and we had a race condition
6750 which is now handled by storeClientCopyPending().
99077fe6 6751 - Added initial SNMP support.
6a11653c 6752
2c9b45c9 6753Changes to squid-1.2.beta6 (Nov 13, 1997):
6754
1b5516d3 6755 - Fixed Authorized responses getting swapped out when they
6756 don't have Proxy-Revalidate reply header.
6757 - Fixed Proxy Authentication support. We never sent back
6758 a 407 reply, and were incorrectly incrementing the passwd
6759 before comparing it.
6760 - Fixed stat()ing pathnames for default values before parsing
6761 config file (Ron Gomes).
6762 - Fixed logging request and response headers on separate lines
6763 (Ron Gomes).
6764 - Fixed FTP Authentication message (Henrik Nordstrom).
6765 - Changed Proxy Authentication to trigger a reread of the passwd
6766 file if a password check fails (Henrik Nordstrom).
6767 - Changed FTP to retry the first CWD with a leading slash if it
6768 fails without one.
6769
8c17a569 6770Changes to squid-1.2.beta5 (Nov 6, 1997):
6771
90045285 6772 - Track the 'keep-alive ratio' for a peer as the ratio of
6773 the number of replies including 'Proxy-Connection: Keep-Alive'
6774 compared to the number of requests sent. If the peer does
6775 not support Persistent connections then this ratio will tend
6776 toward zero. If the ratio is less than 50% after 10 requests
6777 then we'll stop sending Keep-Alive.
8c3994aa 6778 - Proper support for %nn escapes in FTP, and numerous
6779 other fixes (Henrik Nordstrom).
6780 - Support for Secure Hash Algorithm and framework for other
6781 hash functions as cache keys.
6782 - Fixed SSL snprintf() bug which broke SSL proxying.
6783 - Fixed store_dir swap log bug from reconfigure (SIGHUP).
8c17a569 6784 - Fixed LRU Reference Age bug. The arg to pow() must be
8031bd43 6785 minutes, not seconds.
90045285 6786
9ddfb255 6787Changes to squid-1.2.beta4 (Oct 30, 1997):
6788
a493f974 6789 - Fixed DST bug in rfc1123.c
6790 - Changed default http_accel_port to 80.
6791 - added errorCon() as a ErrorState constructor function
6792 (Max Okumoto).
6793 - Added ERR_FTP_FAILURE message for ftpFail().
6794 - For FTP, the timeout callback must be moved to the 'data'
6795 descriptor when data transfer begins. Otherwise we are
6796 likely to get a timeout on the control descriptor.
6797 - Fixed double-free bug in httpRequestFree().
6798 - Fixed store_swap_size counting bug in storeSwapOutHandle().
6799
409a6aad 6800Changes to squid-1.2.beta3 (Oct 29, 1997):
6801
6802 - Initialize _res.options to RES_DEFAULT in dnsserver.c.
6803 - Fix assertions which assumed 4-byte pointers.
6804 - Fix missing % in fqdncache.c snprintf().
6805
5a2d610b 6806Changes to squid-1.2.beta2 (Oct 28, 1997):
6807
8c3994aa 6808 - Fixed aiops.c and async_io.c so that they actually compile
f5b8bbc4 6809 with USE_ASYNC_IO (Arjan de Vet).
6810 - Fixed errState->errno causing problems with some macros
6811 (Michael O'Reilly).
d287f51e 6812 - Fixed memory leaks in pconn.c (Max Okumoto).
0866009b 6813 - Enhanced 'client' program with 'ping' behaviour (Ron Gomes).
272547b5 6814 - Fixed InvokeHandlers() from calling memCopy() for ALL
6815 store_client's with callbacks. A store_client might be reading
6816 from disk.
5a2d610b 6817 - Rewrote storeMaintainSwapSpace(). No longer will we scan one
272547b5 6818 bucket at a time. Instead we'll maintain a single LRU
6819 list. When an object is 'touched' we move it to the
6820 top of this list. When we need disk space, we delete
6821 from the bottom.
5a2d610b 6822 - Removed storeGetSwapSpace().
f5b8bbc4 6823
871f0b8a 6824Changes to squid-1.2.beta1 ():
6825
6826 - Reworked storage manager to not keep objects in memory during
6827 transit. In other words, no separate NOVM distribution.
6828 - Lots of cleanup and debugging for beta release.
6829 - Use snprintf() everywhere instead of sprintf().
6830 - The 'in_memory' hash table has been replaced with a
6831 doubly-linked list. New objects are added to the head of
6832 the list. When memory space is needed, old objects are
6833 purged from the tail of the list.
6834
0edfe7a2 6835Changes to squid-1.2.alpha7 ():
6836
c4958532 6837 - fixes fixes fixes.
6838 - Made Arjan's PROXY_AUTH ACL patch standard.
0edfe7a2 6839
8905b90c 6840Changes to squid-1.2.alpha6 ():
6841
6684fec0 6842 - Simpler cacheobj implementation.
6605655c 6843 - persistent connection histogram
8872e1f8 6844 - SERVER-SIDE PERSISTENT CONNECTIONS:
6474667e 6845 - Added pconn.c
6846 - Addec Cofig.Timeout.pconn; default 120 seconds
6847 - Added httpState->flags
6848 - Added flags arg to httpBuildRequestHeader()
6849 - Added HTTP_PROXYING and HTTP_KEEPALIVE flags
6850 - Added 'Connection' to allowed HTTP headers (http-anon.c)
8872e1f8 6851 - Added 'Proxy-Connection' to allowed HTTP headers
6852 (http-anon.c)
a7736231 6853 - Merged proxyhttpStart() with httpStart() and created
8872e1f8 6854 new httpBuildState().
6855 - New httpPconnTransferDone() detects end-of-data on
6856 persistent connections.
6684fec0 6857
88738790 6858Changes to squid-1.2.alpha5 ():
6859
6860 - New configuration system. Everything is generated from
6861 'cf.data.pre', including the main parser, setting defaults,
6862 outputting current values, and freeing memory.
6863 This also involved moving some of the local data structures
6864 (e.g. struct _acl *AclList in acl.c) to the Config
6865 structure. (Max Okumoto)
6866 - No more '/i' for regular expressions. Now insert a '-i'
6867 to switch to case-insensitive. Use '+i' for case-sensitive.
6868 - When you have a variable named the same as its type, sizeof()
6869 gets the wrong one (fde).
6870 - Need to flush unbuffered logs before fork().
6871 - Added two fields swap log: refcount and e->flag.
6872 - Removed all the .h files for each .c file. Now #include stuff
6873 is in either: defines.h, enums.h, typedefs.h, structs.h,
6874 or protos.h, globals.h. This greatly reduces dependencies
6875 between the various source files.
6876 - globals.c is generated from globals.h by a Perl script.
8ee3ca2c 6877 - Started customizable error texts.
88738790 6878
97f674c8 6879Changes to squid-1.2.alpha4 ():
6880
ec973719 6881 - New MIME configuration, regular expression based
6882 - Added request_timeout config option
6883 - Multiple HTTP sockets (Lincoln Dale).
6884 - Moved 'fds_are_n_free' check to httpAccept().
6885 - s/USE_POLL/HAVE_POLL/; make poll() default if available.
7e49f700 6886 - Changed storeRegister to use offsets and make immediate
6887 callbacks if appropriate.
6888 - Removed icpDetectClientClose(). Some of that functionality
6889 goes into clientReadRequest() and the rest into
6890 httpRequestFree().
b1b387d1 6891 - Moved IP lookups to commConnect stuff.
6892 - Added support for retrying connect().
858164fc 6893 - New inline debug() macro (David Luyer).
e174e0fe 6894 - Replace frequent gettimeofday() calls with alarm(3) based
6895 clock. Need to add more gettimeofday() calls to get back
a59968c7 6896 high-resolution timestamp logging (Andres Kroonmaa).
0153d498 6897 - Added support for Cache-control: proxy-revalidate;
6898 based on squid-1.1 patch from Mike Mitchell.
ec973719 6899
3b08d32d 6900Changes to squid-1.2.alpha3 ():
6901
6902 - Implemented persistent connections between clients and squid.
6903 - Moved various FD tables (comm.c, fdstat.c, disk.c) to a single
6904 table in fd.c.
6905 - Removed use of FD as an identifier in certain callback
6906 operations (ipcache, fqdncache).
6907 - General code cleanup.
6908 - Fixed typedefs for callback functions.
6909 - Removed FD lifetime/timeout dichotomy. Now we only have
6910 timeouts, however the lifetime concept/keyword may still
6911 linger in certain places.
6912 - Change Makefile 'realclean' target to 'distclean'
6913 - Changed config file parsing of time specifications to use
6914 parseTimeLine().
6915 - Removed storetoString.c
6916
6917Changes to squid-1.2.alpha2 ():
74cebec0 6918
6919 - Merged squid-1.1.9, squid-1.1.10 changes
6920
7b41ec97 6921Changes to squid-1.2.alpha1 ():
6922
6923 - Unified peer selection algorithm.
75e88d56 6924 - aiops.c and aiops.h are a threaded implementation of
6925 asynchronous file operations (Stewart Forster).
6926 - async_io.c and async_io.h are complete rewrites of the old
6927 versions (Stewart Forster).
6ad85e8a 6928 - Rewrote all disk file operations of squid to support
75e88d56 6929 the idea of callbacks except where not required (Stewart
6930 Forster).
75e88d56 6931 - Background validation of 'tainted' swap log entries (Stewart
6932 Forster).
6933 - Modified storeWriteCleanLog to create the log file using the
6934 open/write rather than fopen/printf (Stewart Forster).
6935 - Added the EINTR error response to handle badly interrupted
6936 system calls (Stewart Forster).
6ad85e8a 6937 - UDP_HIT_OBJ not supported, removed.
6938 - Different sized 'cache_dirs' supported.
75e88d56 6939
e924600d 6940==============================================================================
Mirror of https://github.com/squid-cache/squid.git