]> git.ipfire.org Git - thirdparty/squid.git/blame - ChangeLog
projects / thirdparty / squid.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Fix compile error in CPU affinity
[thirdparty/squid.git] / ChangeLog
CommitLineData
ff87fda5
AJ		 1Changes to squid-4.0.5 (09 Feb 2016):
2
3 - Regression Bug 4429: http(s)_port options= error message missing characters
4 - Regression Bug 4410: 4.0.4 compile error in basic_ncsa_auth
5 - Regression Bug 4403: helper compile errors after 4.0.4 rev.14454
6 - Regression Bug 4401: compile error on Solaris
7 - Regression Fix: TLS/SSL flags parsing
8 - Regression Fix: cert validadator always disabled in 4.x
9 - Regression Fix: Name-only note ACL stopped matching after 4.0.4 rev.14465 (note -m)
10 - Regression Fix: external_acl problems after 4.0.1 rev.14351
11 - Bug 4409 (partial): compile error when two Heimdal libraries are installed
12 - Bug 4005: Dynamic certificate cache exceeds dynamic_cert_mem_cache_size
13 - SMP: Fix cleanup of a shared memory segment in an unusual configuration
14 - SSL-Bump: Fix step3 splicing.
15 - Add connections_encrypted ACL
16 - Make %<a and %<p details available to [eCAP] RESPMOD services
17 - Rename cert_valid.pl to security_fake_certverify
18 - Rename ssl_crtd helper to security_file_certgen
19 - ... and a lot of code SourceLayout project cleaning
20 - ... and some documentation updates
21 - ... and all fixes from squid 3.5.13 up to rev.13979
22
0461fde7
AJ		 23Changes to squid-4.0.4 (06 Jan 2016):
24
78121f9a
AJ		 25 - Regression Bug 4393: compile fails on OS X
26 - Bug 4392: assertion CbcPointer.h:159: 'c' via tunnelServerClosed or tunnelClientClosed
0461fde7
AJ		 27 - Support use of Kerberos credentials cache instead of keytab
28 - Support logging of TLS Cryptography Parameters
29 - Support substring matching in Note ACL
30 - ... and some code cleanup and polishing
31 - ... and all fixes from squid 3.5.13
32
bf7891f2
AJ		 33Changes to squid-4.0.3 (28 Nov 2015):
34
35 - Bug 4372: missing template files
36 - Bug 4371: compile errors: no such file or directory: DiskIO/*/*DiskIOModule.o
37 - Bug 4368: A simpler and more robust HTTP request line parser
38 - Fix compile erorr on clang undefined reference to '__atomic_load_8'
39 - ext_kerberos_ldap_group_acl: Add missing workarounds for Heimdal Kerberos
40 - ext_ldap_group_acl: Allow unlimited LDAP search filter
41 - ext_unix_group_acl: Support -r parameter to strip @REALM from usernames
42 - ... and much code cleanup and polishing
0461fde7 43 - ... and all fixes from squid 3.5.12
bf7891f2 44
0b475d3f
AJ		 45Changes to squid-4.0.2 (01 Nov 2015):
46
47 - Regression Bug 4351: compile errors when authentication modules disabled
48 - Regression fix: HTTP/1.1 Transfer-Encoding:chunked parsing
49 - Bug 4359: assertion failure 'Comm::IsConnOpen(conn)' within ConnStateData::requestTimeout
50 - Bug 4356: segmentation fault using proxy_auth ACL
51 - Bug 4352: compile errors in OS X 10.11
52 - Bug 4021: ext_user_regex does exact match
53 - Bug 3574: avoid crashes, prohibit reconfiguration during shutdown
54 - Support re-assigning delay pools based on HTTP reply details
55 - ... and all fixes from squid 3.5.11
56
1243ec71
AJ		 57Changes to squid-4.0.1 (14 Oct 2015):
58
59 - Bug 4329: GCC 5.2 no known conversion for argument
60 - Bug 4292: negotiate_wrapper: Unreleased Resources
61 - Bug 4269: ignore-must-revalidate broken
62 - Bug 4190: assertion 'hash_remove_link' from Auth::User::cacheCleanup
63 - Bug 3920: Splay::remove() reference counting inconsistent
64 - Bug 3069: CONNECT method bytes sent logging
65 - Bug 2741 partial: libsecurity API for GnuTLS support
66 - Bug 1961 partial: redesign of URL handling
67 - Fix crash when parsing invalid squid.conf
68 - Fix eCAP: Return 'unknown body size' for bodies with unknown body sizes
69 - Remove unused OS detection: Sun, SysV, Ultrix, BSDi
70 - Remove cache_peer_domain directive
71 - RFC 6176 compliance: Remove SSLv2 support
72 - HTTP/1.1: Remove refresh_pattern ignore-auth and ignore-must-revalidate
73 - Remove GCC 2.x and 3.x detection and support
74 - C++11 compiler support is now mandatory
75 - Enable flexible transport protocol
76 - Enable long (--foo) command line parameters on squid binary
77 - Add per-rule refresh_pattern matching statistics
78 - Replace sslversion=N with tls-min-version=1.N
79 - Replace sslproxy_* directives with tls_outgoing_options
80 - Replace GNU atomics and related hacks with C++11 std::atomic
81 - Replace external_acl_type format %macros with logformat codes
1243ec71
AJ		 82 - Support Secure ICAP services
83 - Support rotate=N option on access_log
84 - Support bypass for non-HTTP intercepted traffic (on_unsupported_protocol)
85 - Support lifetime timeout for persistent connections (pconn_lifetime)
86 - Support timeout for URL-rewrite helper lookups (url_rewrite_timeout)
87 - Support logging fast things (nanosecond log resolution)
88 - Support ICAP/eCAP adaptation for 100-continue responses
89 - Support configurable helper queue size, with consistent defaults
90 and better overflow handling.
91 - Support named service PID file by default (pid_filename)
92 - url_lfs_rewrite: Add URL-rewriter based on local file existence
93 - negotiate_kerberos_auth: output group= kv-pair
94 - helper-mux: add man(8) page
95 - purge: convert README to man(1) page
96 - basic_msnt_multi_domain_auth: Superceeded by basic_smb_lm_auth
97 - basic_sspi_auth: fix MinGW compile errors
98 - negotiate_sspi_auth: fix various build errors
99 - Crypto-NG: libnettle Base64 algorithm support
100 - Parser-NG: HTTP Parser structural redesign
101 - libltdl: copyright updated to LGPL version 2.1
102 - ... and several performance optimizations
103 - ... and many documentation changes
104 - ... and much code cleanup and polishing
105
0461fde7
AJ		 106Changes to squid-3.5.13 (06 Jan 2016):
107
108 - Bug 4397: DragonFly BSD, POSIX shared memory is implemented as filepath
109 - Bug 4387: Kerberos build errors on Solaris
110 - TLS: Support Ephemeral Elliptic Curve Diffie-Hellman (EECDH) key exchange
111 - TLS: Complete certificate chains using external intermediate certificates
112 - Avoid memory leaks when an X.509 certificate validator is used with SslBump
113 - Fix connection retry and fallback after failed server TLS connections
114 - Fix GnuTLS detection via pkg-config
115 - Fix startup crash with a misconfigured (too-small) shared memory cache
116 - ... and some documentation updates
117
bf7891f2
AJ		 118Changes to squid-3.5.12 (28 Nov 2015):
119
120 - Bug 4374: refresh_pattern config parser (%)
121 - Bug 4373: assertion 'calloutContext->redirect_state == REDIRECT_NONE'
122 - Bug 4228: links with krb5 libs despite --without options
123 - Fix SSL_get_certificate() problem detection
124 - Fix TLS handshake problem during Renegotiation
125 - Fix cache_peer forceddomain= in CONNECT
126 - Fix status code-based HTTP reason phrase for eCAP-generated messages
127 - Fix build errors in cpuafinity.cc
128 - ... and several documentation updates
129
0b475d3f
AJ		 130Changes to squid-3.5.11 (01 Nov 2015):
131
132 - Bug 3574: crashes on reconfigure and startup
133 - Bug 4347: compile errors with LibreSSL 2.3
134 - Bug 4281: copy-paste typos in src/tools.cc
135 - Bug 4279: No response from proxy for FTP-download of non-existing file
136 - Bug 4188: Bumping intercepted SSL connections does not work on Solaris
137 - Fix incorrect authentication headers on cache digest requests
138 - Fix connection stats, including %<lp, missing for persistent connections
139 - Fix invalid memory access issues in SBuf
140 - Avoid errors when parsing manager ACL in old squid.conf
141
574e0f53
AJ		 142Changes to squid-3.5.10 (01 Oct 2015):
143
144 - Regression Fix cache_peer login=PASS(THRU) after CVE-2015-5400
145 - Regression Bug 4326: base64 binary encoder rejects data beginning with nil byte
146 - Bug 4323: Netfilter broken cross-includes with Linux 4.2
147 - Bug 4328: %un format code does not work for external ACLs in credentials-fetching rules
148 - Bug 4208: more than one port in wccp2_service_info line causes error
1243ec71 149 - Bug 4303: PeerConnector.cc:743 "!callback" assertion.
574e0f53
AJ		 150 - Bug 4330: Do not use SSL_METHOD::put_cipher_by_char to determine size of SSL hello ciphers
151 - Relicense ntlm_fake_auth.pl to GPLv2+
152 - Relicense smb_lm auth helper to GPLv2+
153 - Relicense SSPI helper to GPLv2+
154 - ... and several minor performance optimizations
155
3de58ac0
AJ		 156Changes to squid-3.5.9 (17 Sep 2015):
157
158 - Regression Bug 3618: ntlm_smb_lm_auth rejects correct passwords
159 - Bug 4309: incorrect extensions detection in SSL Hello messages
160 - Bug 4309: crash during Skype login
161 - Bug 4284: missing sanity checks for malloc
162 - Regression Fix: CONNECT request debugging 11,2 traces
163 - Regression Fix: Quieten UFS cache maintenance skipped warnings
164 - TLS: Support SNI on generated CONNECT after peek
165 - ... and some documentation updates
166
4fff8fc1
AJ		 167Changes to squid-3.5.8 (02 Sep 2015):
168
169 - Regression Bug 4306: build portability fix in Kerberos helpers
170 - Bug 4302: IPFilter v5 transparent interception
171 - Bug 4301: compile errors with IPFilter interception
172 - Bug 4285 partial: %us is not supported in access.log
173 - Bug 4278: Docs: typo in the refresh_pattern freshness algorithm
174 - Bug 4242: compile errors with eCAP using clang-3.6
175 - Bug 3696: crash when client delay pools are activated
176 - Bug 3553: cache_swap_high ignored and maxCapacity used instead
177 - Regression Fix: FtpServer.cc:1024: "reply != NULL" assertion
178 - Fix ignore of impossible SSL bumping actions, as intended and documented
179 - Fix memory leak in Surrogate-Capability header detection
180 - Fix truncated body length when RESPMOD service aborts
181 - Reject non-chunked HTTP messages with conflicting Content-Length values
182 - Support splice for SSLv3 and TLSv1 sessions that start with an SSLv2 Hello
183 - ... and several portability and compile fixes
184 - ... and several documentation updates
185
4df5649e
AJ		 186Changes to squid-3.5.7 (01 Aug 2015):
187
c52a4693 188 - Bug 4293: wrong SNI sent to server after URL-rewrite
4df5649e
AJ		 189 - Bug 4251: incorrect instance name for memory segments in /dev/shm
190 - Bug 4227: invalid key in AuthUserHashPointer causing assertation failure
191 - Bug 3345: support %un (any available user name) format code for external ACLs.
ab5bc97e 192 - basic_smb_auth: Fix several old issues identified by Debian users
4df5649e
AJ		 193 - Support ssl-bump splicing to origin cache_peer
194 - Fix SSL errors relayed using invalid certificates
195 - Fix crash in TcpAccepter with profiler enabled
196 - Fix some cases of ssl_crtd SSL certificate DB corruption
197 - Fix performance regression in SBuf::chop operations
198 - Improve handling of client connections on shutdown
199 - Handle exceptions during squid.conf parse
200 - Make pod2man an optional dependency
201 - ... and polishing for several cache.log notification messages
202 - ... and all fixes from squid 3.4.14
203
ab248038
AJ		 204Changes to squid-3.5.6 (03 Jul 2015):
205
206 - Bug 4274: ssl_crtd.8 not being installed
207 - Bug 4193: memory leak on FTP listings
208 - Bug 4183: segfault when freeing https_port clientca on reconfigure or exit
209 - Bug 3875: bad mimeLoadIconFile error handling
210 - Bug 3483: assertion failed store.cc:1866: 'isEmpty()'
211 - Bug 3329: pinned server connection is not closed properly
212 - TLS: Disable client-initiated renegotiation
213 - ext_edirectory_userip_acl: fix uninitialized variable
214 - Support custom OIDs in *_cert ACLs
215 - Fix CONNECT failover to IPv4 after trying broken IPv6 servers
216 - Use relative-URL in errorpage.css for SN.png
217 - Do not blindly forward cache peer CONNECT responses
218 - Fix assertion String.cc:221: "str"
219 - Fix assertion comm.cc:759: "Comm::IsConnOpen(conn)" in ConnStateData::getSslContextDone
220 - Translations: add Spanish US dialect alias
221
c75a7d0a
AJ		 222Changes to squid-3.5.5 (28 May 2015):
223
224 - Regression Bug 4132: short_icon_urls with global_internal_static on
225 - Bug 4238: assertion Read.cc:205: "params.data == data"
226 - Bug 4236: SSL negotiation error of 'success'
227 - Bug 3930: assertion 'connIsUsable(http->getConn())'
228 - Fix assertion MemBuf.cc:380: "new_cap > (size_t) capacity" in SSL I/O buffer
229 - Fix assertion errorpage.cc:600: "entry->isEmpty()"
230 - Fix comm_connect_addr on failures returns Comm:OK
231 - Fix missing external ACL helper notes
232 - Fix "Not enough space to hold server hello message" error message
233 - Fix segmentation fault inside Adaptation::Icap::Xaction::swanSong
234 - Prevent unused ssl_crtd helpers being run
235 - ... and some code cleanup and portability updates
236 - ... and several documentation updates
237
88e192b1
AJ		 238Changes to squid-3.5.4 (01 May 2015):
239
240 - Bug 4234: comm_connect_addr uses errno incorrectly
241 - Bug 4231: fd_open() not correctly handling UDS socket descriptions
242 - Bug 4226: digest_edirectory_auth: found but cannot be built
243 - Bug 4198: assertion failed: client_side.h:364: "sslServerBump == srvBump"
244 - Bug 3775: Disable HTTP/1.1 pipeline feature for pinned connections
245 - Fix require-proxy-header preventing HTTPS proxying and ssl-bump
246 - Fix Negotiate/Kerberos authentication request size exceeds output buffer size
247 - Fix SQUID_X509_V_ERR_DOMAIN_MISMATCH errors while accessing sites with valid certificates
248 - Add server_name ACL matching server name(s) obtained from various sources
249 - Add Kerberos support for MAC OS X 10.x
250 - Support for resuming TLS sessions
251 - ... and some portability and compile fixes
252 - ... and several documentation updates
253 - ... and all fixes from squid 3.4.13
254
548362ff
AJ		 255Changes to squid-3.5.3 (28 Mar 2015):
256
257 - Regression Bug 4213: negotiate_kerberos_auth: freeing non-dynamic memory
258 - Regression Bug 4206: Incorrect connection close on expect:100-continue
259 - Bug 4204: ./configure does not abort when required helpers cannot be built
260 - Bug 3805: support shared memory on MacOS X in Mem::IPC::Segment
261 - Bug 2907: high CPU usage on CONNECT when using delay pools
262 - basic_getpwnam_auth: fail authentication on crypt() failures
263 - basic_nis_auth: fail authentication on crypt() failures
264 - ext_kerberos_ldap_group_acl: Heimdal support improvements
265 - ext_wbinfo_group_acl: Perl 5.20 support
266 - ... and several compile issues
267
4d3be924
AJ		 268Changes to squid-3.5.2 (18 Feb 2015):
269
270 - Regression Bug 4176: Digest auth too many helper lookups
271 - Regression Bug 4180: not-fully-initialized data member in ACLUserData
272 - Bug 4172: Solaris broken krb5-config
273 - Bug 4073: Cygwin compile errors
274 - Bug 3919: remove several never-true / never-false comparisons
275 - HTTPS: Add missing root CAs when validating chains that passed internal checks
276 - Fix some cbdataFree related memory leaks
277 - Quieten CBDATA 'leak' messages
278 - Set SNI information in transparent bumping mode
279 - negotiate_kerberos_auth: fix krb5.conf backward compatibility
280 - Fix memory leaks in cachemgr.cgi URL parser
281 - Fix sslproxy_options in peek-and-splice mode
282 - ... and fix several portability and build issues
283 - ... and some documentation updates
284 - ... and all fixes from squid 3.4.11
285
aac5b91d
AJ		 286Changes to squid-3.5.1 (13 Jan 2015):
287
288 - Fix handling of invalid SSL server certificates when splicing connections
289 - basic_smb_lm_auth: Simplified MSNT basic auth helper
290 - squidclient: Fix -A and -P options
291 - ... and several portability fixes
292 - ... and all fixes from squid 3.4.11
293 - ... and a lot of documentation updates
294
cf62b886
AJ		 295Changes to squid-3.5.0.4 (21 Dec 2014):
296
297 - Bug 3826: pt 2: Provide a systemd .service file for Squid
298 - Support http_access denials of SslBump "peeked" connections.
299 - Fix DONT_VERIFY_DOMAIN ssl flag
300 - Fix peek-and-splice mode: certificate validation for domain mismatched errors
301 - negotiate_kerberos_auth: MEMORY keytab and replay cache support
302 - ... and some documentation updates
303 - ... and a large amount of code polishing (non-logic changes)
304
4666bb8d
AJ		 305Changes to squid-3.5.0.3 (09 Dec 2014):
306
307 - Bug 4146: workaround SSL Bump crash on Linux
308 - Bug 4135: Support \-escaped characters in regex patterns
309 - Bug 4131: SIGSEGV at store.cc:962 content_length > store_maxobjsize
310 - Fix delay_parameters parsing
311 - HTTP/2: handle 'PRI' method found in HTTP/1.x traffic
312 - ... and all changes from squid 3.4.10
313 - ... and a lot of documentation updates
314
bf611e3a
AJ		 315Changes to squid-3.5.0.2 (31 Oct 2014):
316
317 - Fix FTP socket opening during reconfigure
318 - ... and all changes from 3.4.9
319 - ... and some build errors in rarely used code
320 - ... and several documentation updates
321
e0dbeeb6
AJ		 322Changes to squid-3.5.0.1 (17 Oct 2014):
323
324 - Port from 2.7: redirector and logging urlgroup feature
325 - Bug 4093: source-maintenance.sh bad perl -i option
326 - Bug 3608: per-service name for workers UDS sockets
327 - Bug 2554: 32-bit wrap in AUFS counters
328 - Bug 1961 pt1: URL handling redesign
329 - Bug 1202 pt1: documentation for refresh_pattern algorithms
330 - Update Squid boilerplate copyright/license
331 - Update the http(s)_port directives protocol= parameter
332 - Update forward_max_tries to permit 25 server paths
333 - Update Kerberos library detection and build options
334 - Support ACLs on ftp_epsv directive
335 - Support >32KB objects in cache_dir rock storage
336 - Support client connection annotation by helpers via clt_conn_tag=TAG
337 - Support native FTP Relay
338 - Support libgnugss Kerberos library
339 - Support libecap v1.0
340 - Support SSL Peek and Splice feature
341 - Support receiving PROXY protocol version 1 and 2
342 - Replace --enable-ssl build option with --with-openssl
343 - Enable -n service name command line option for all Squid builds
344 - Enable ICAP client by default
345 - Fix configuration file parsing bugs, related to quoted strings
346 - Fix Windows MinGW build errors
347 - Fix multiple TCP outgoing TOS/DiffServ bugs
348 - Fix Cygwin /etc/resolv.conf parsing
349 - Fix crash when sending %ssl::cert_subject to external ACL w/o certificate
350 - Fix crash reading malformed config files
351 - Send selected SSL version and cipher to the certificate validation helper
352 - Validate server certificates without bumping
353 - Add zero-copy string buffer support
354 - Add automated squid.conf parser testing with squid -k parse
355 - Add adaptation_service ACL
356 - Add logformat code %tS to log transaction start time
357 - Add logformat code %>rd to log client URL domain name
358 - Add key_extras to proxy authentication
359 - Add url_rewrite_extras and store_id_extras directives
360 - Add send_hit and store_miss directives
361 - Add collapsed_forwarding directive
362 - Add sslproxy_cert_sign_hash directive
363 - Add SMP SSL session cache
364 - Add cache_peer standby connections
365 - Add helper ext_delayer_acl
366 - Add TCP_TUNNEL log code for CONNECT tunnels which are not SSL-bumped
367 - Add BUILDCXX and BUILDCXXFLAGS configure options for cross-compile
368 - Remove COSS storage in favour of Rock storage
369 - Remove dnsserver and external DNS helper API in favour of mDNS
370 - Remove broken mallinfo() accounting and memory tracing
371 - Remove hierarchy_stoplist in favour of always_direct
372 - Deprecate tag ACL type in favour of note ACL type
373 - Deprecate urlgroup feature in favour of note ACL type
374 - HTTP/1.1: method names are case-sensitive
375 - HTTP/1.1: register new headers from RFC 723x
376 - squidclient: polish and update help display
377 - squidclient: support TLS with GnuTLS 3.1.5+
378 - squidclient: support verbosity levels
379 - squidclient: --ping mode module support
380 - url_fake_rewrite: support concurrency
381 - storeid_file_rewrite: support concurrency
382 - digest_file_auth: support concurrency
383 - digest_edirectory_auth: support concurrency
384 - digest_ldap_auth: support concurrency
385 - ... and many error page translation updates
386 - ... and much code cleanup and polishing
387
4df5649e
AJ		 388Changes to squid-3.4.14 (01 Aug 2015):
389
390 - Do not blindly forward cache peer CONNECT responses (CVE-2015-5400)
391
88e192b1
AJ		 392Changes to squid-3.4.13 (01 May 2015):
393
394 - Bug 4212: ssl_crtd crashes with corrupt database
395 - ... and some documentation updates
396 - ... and all fixes from squid 3.3.14
397
4d3be924
AJ		 398Changes to squid-3.4.12 (18 Feb 2015):
399
400 - Bug 4066: Digest auth nonce indefinite rollover
401 - Bug 3997: Excessive NTLM or Negotiate auth helper annotations
402 - Fix several crashes when debugging enabled
403 - Fix silent SSL/TLS failure on split-stack operating systems
404 - HTTP/1.1: Stop emitting (Proxy-)Authentication-Info for Negotiate
405 - HTTPS: Add TLS/SSL option NO_TICKET to http[s]_port
406 - Remove dst ACL dependency on HTTP request message existence
407 - Set cap_net_admin when Squid sets TOS/Diffserv packet values
408 - ... and some documentation updates
409
aac5b91d
AJ		 410Changes to squid-3.4.11 (13 Jan 2015):
411
412 - Bug 4164: SEGFAULT when %W formating code used in errorpages
413 - Bug 4057: Avoid on-exit crashes when adaptation is enabled.
414 - Bug 3760: squidclient ignores --disable-ipv6
415 - Bug 3754: configure doesnt detect IPFilter 5.1.2 system headers
416 - Bug 3664: ssl_crtd fails to build on OpenSolaris/OpenIndiana/Solaris 11
417 - cachemgr.cgi: memory leak in request parser
418 - Deleting first fs left psstate->servers pointing to uninitialized memory
419 - ... and some build issues
420
4666bb8d
AJ		 421Changes to squid-3.4.10 (09 Dec 2014):
422
423 - Bug 4148: external_acl_type header format does not accept the new libformat syntax
424 - Bug 4145: squid_endian.h compile errors with OpenBSD 5.6
425 - Bug 4033: Rebuild corrupted ssl_db/size file
426 - Bug 3902: Docs: external_acl_type cache hash key
427 - Fix segmentation fault in ACL urlpath_regex
428 - Fix bootstrap.sh dependency on SPONSORS.list
429 - Alternate-Protocol is a hop-by-hop header
430 - HTTP/2: Support 421 (Misdirected Request) status code
431
bf611e3a
AJ		 432Changes to squid-3.4.9 (31 Oct 2014):
433
434 - Regression fix: ext_kerberos_ldap_group_acl typo in 3.4.7 update
435 - Bug 4102: sslbump cert contains only a dot character in key usage extension
436 - Bug 4093: source-maintenance.sh errors and warnings due to wrong tools/options
437 - Bug 4088: memory leak in external_acl_type helper with cache=0 or ttl=0
438 - Bug 4024: Bad host/IP ::1 when using IPv4-only environment
439 - Bug 3803: ident leaks memory on failure
440 - kerberos_ldap_group/cert_tool: Remove ksh dependency
441 - ... and some automated code style updates
442 - ... and some documentation updates
443
bd6c316a
AJ		 444Changes to squid-3.4.8 (15 Sep 2014):
445
446 - Fix off by one in SNMP subsystem
447 - pinger: Fix various ICMP handling issues
448
abc809ce
AJ		 449Changes to squid-3.4.7 (28 Aug 2014):
450
451 - Regression Fix: Kerberos LDAP authorizing groups with principle subdomain
452 - Bug 4080: worker hangs when client identd is not responding
453 - Bug 3966: Add KeyEncipherment when ssl-bump substitues RSA for EC
454 - HTTP/1.1: Ignore Range headers with unidentifiable byte-range values
455 - SSL-bump: Use v3 for fake certificate if we add _any_ certificate extension
456 - Enable compile-time override for MAXTCPLISTENPORTS
457 - ntlm_sspi_auth: Fix various build errors
458 - negotiate_wrapper: Fix build issues with non-portable vfork()
459 - negotiate_sspi_auth: Portability fixes for MinGW
460 - ext_lm_group_acl: Portability fixes for MinGW
461 - ... and several minor memory leaks
462
7f089ae4
AJ		 463Changes to squid-3.4.6 (25 Jun 2014):
464
465 - Regression: segmentation fault logging with %tg format specifier
466 - Bug 4065: round-robin neighbor selection with unequal weights
467 - Bug 4056: assertion MemPools[type] from netdbExchangeStart()
468 - Bug 4050: segmentation fault in CommSelectEngine::checkEvents on helper response
469 - Fix segmentation fault setting up server SSL connnection
470 - Fix hanging Non-HTTPS connections on SSL-bump enabled port
471 - Fix Cache Manager actions listed more than once
472 - ... and many minor memory leaks
473 - ... and several portability build issues
474 - ... and some documentation updates
475
51a22544
AJ		 476Changes to squid-3.4.5 (02 May 2014):
477
478 - Regression Bug 4051: inverted test on CONNECT payload existence
479 - Regression Fix: order dependency between cache_dir and maximum_object_size
480 - Fix logformat %note display
481 - Resolve 'dying from an unhandled exception: c'
482
445d8733
AJ		 483Changes to squid-3.4.4.2 (23 Apr 2014):
484
51a22544 485 - version bump for packaging re-build with altered toolchain
445d8733 486
e6b41a35
AJ		 487Changes to squid-3.4.4.1 (23 Apr 2014):
488
489 - Regression Bug 4019: Cache digest exchange segmentation fault
490 - Regression Bug 3982: EUI logging and helpers show blank MAC address
491 - Bug 4047: Support Android builds
492 - Bug 4043: Remove XMALLOC_TRACE and references to sbrk(2)
493 - Bug 4041: Missing files in compat/Makefile.am
494 - Bug 4014: Build failure with --disable-optimizations --disable-auth
495 - Bug 3986: (partial) assertion due to incorrect error page buffer size
496 - Bug 3955: Solaris EUI-48 lookup leaks FDs
497 - Bug 3371: CONNECT with data sent at once loses data
498 - C++11: Upgrade auto-detection to use the formal -std=c++11
499 - Crypto-NG: libnettle MD5 algorithm support
500 - SSL-Bump: Fix Basic auth caching on bumped connections
501 - Store-ID: Fix request URI when forwarding requests to peers
502 - ... and fix several other build errors
503 - ... and some documentation updates
504
d3b930ff
AJ		 505Changes to squid-3.4.4 (09 Mar 2014):
506
507 - Bug 4029: intercepted HTTPS requests bypass caching checks
508 - Bug 4001: remove use of strsep()
509 - Bug 3186 and 3628: Digest authentication always sending stale=false for nonce
510 - Fix stalled concurrent rock store reads
511 - Fix helper ID number assignment
512 - Fix build failures from CMSG related definitions
513 - Fix build failures from libcompat unsafe.h protections
514 - Copyright: Relicense helpers by Treehouse Networks Ltd.
515 - ... and all bug fixes from 3.3.12
516
a01166da
AJ		 517Changes to squid-3.4.3 (02 Feb 2014):
518
519 - Bug 4008: HttpHeader warnOnError should be an int not a bool
520 - Bug 4002: clang 3.4 unable to compile
521 - Bug 3996: Malformed DNS reply leads to crash
522 - Bug 3995: compile error on CentOS 5 with GCC 4.1.2
523 - Bug 3975: atomic detection cross-compilation failure
524 - Bug 3971: "cannot aggregate mgr:client_list: cmd->profile != NULL" in SMP mode
525 - Bug 3954: compile failure in CpuAffinity.cc
526 - Bug 3927: tests/testRock fatal.cc required
527 - Fix memory leak in peer Cache Digest exchange
528 - Fix external_acl_type async loop failures
529 - Fix destination IP address cycling
530 - ... and a few polishing changes
531
441842f0
AJ		 532Changes to squid-3.4.2 (30 Dec 2013):
533
534 - Regression Bug 3980: FATAL ERROR due to max_user_ip -s option
535 - Regression Fix: \-unescaping in quoted strings from helpers
536 - Regression Fix: URL helper API bypassing on URL containing '=' character
537 - Bug 3985: 60s limit introduced by balance_on_multiple_ip breaks bad IP recovery
538 - Bug 3806: Caching responses with Vary header
539 - Bug 3498: FTP PUT assertion
540 - WCCPv2: Fix assertion 'Cannot convert non-IPv4 to IPv4' on FreeBSD
541 - Enable concurrency by default for SSL certificate validator
542 - ... and fix several build errors
543
12f64d19
AJ		 544Changes to squid-3.4.1 (09 Dec 2013):
545
546 - Bug 3935: Invalid pointer dereference when peeking at origin server certificate
547 - Bug 3589: intercepted and ICAP modified request using a cache_peer
548 - ... and several portability fixes
549 - ... and some documentation updates
550
277afc6e
AJ		 551Changes to squid-3.4.0.3 (01 Dec 2013):
552
553 - Bug 3941: Release notes error
554 - Receive annotations from authentication and external ACL helpers
555 - basic_nis_auth: Improved portability
556 - ... and several documentation updates
557 - ... and all bug fixes from 3.3.9, 3.3.10, 3.3.11
558
2d011f52 559Changes to squid-3.4.0.2 (03 Oct 2013):
ae2b6fc9
AJ		 560
561 - Regression Bug 3891: squid.conf parser errors in 3.4.0.1
562 - Regression Fix: re-disable MinGW C++11 support
563 - Bug 3914: partial: make squidclient tool build cleanly with -Wconversion
564 - Fix memory leak in refresh_pattern parsing
565 - negotiate_kerberos_auth: upgrade to present group= keys
566 - Handle NTLM helper returning OK without user= value
567 - Add dns_multicast_local to control mDNS operation
568 - Add --disable-arch-native build option
569 - Display Build-Info in cache manager info report
570 - ... and all changes from squid 3.3.9
571 - ... and some code and debug output polishing
572
14561e1c 573Changes to squid-3.4.0.1 (29 Jul 2013):
13db7eef
AJ		 574
575 - Port from 2.7: StoreURL (renamed Store-ID) support
576 - Bug 3795: fix several mistakes in the MIB file
577 - Bug 3793: configure: improved helper detection
578 - Bug 3722: Invalid markup in Armenian hy ERR_ONLY_IF_CACHED_MISS
579 - Bug 3676: Support GCC 4.7 with -Wshadow option
580 - Bug 3643: NTLM helpers stuck in reserved state by Safari
581 - Bug 3389: Auto-reconnect for tcp access_log
582 - Bug 2066: squid does not do chdir() after chroot()
583 - Fix uninitialized fields in IcapLogEntry
584 - Fix a number of minor issues detected by Coverity Scan
585 - Fix some potential memory leaks detected by Coverity Scan
586 - Fix 64-bit support for Intel compiler suite (ICC) and other similar compilers
587 - Fix ACL matching algorithm to avoid repeating tests
588 - basic_pam_auth: Add -r option to strip NTLM/Negotiate domain from username
589 - squidpurge: fix META TLV parsing issues
590 - squid.conf: enforce all the directive and option names are lower-case
591 - Support EUI on HTTPS and FTP data connections
592 - Support OK/ERR/BH response codes from any helper
593 - Support No-lookup flag (-n) on DNS ACLs
594 - Support -march=native compiler optimization by default
595 - Support forwarding intercepted but not bumped connections to cache_peers
0bbaae54 596 - Support IPv6 NAT interception on Linux and some BSD
13db7eef
AJ		 597 - Deprecate log_icap and log_access configuration directives
598 - HTTP/1.1: improved method invalidation and cacheability detection
599 - HTTP/1.1: support length configuration for pipeline_prefetch queue
600 - Improved TPROXY support for OpenBSD and FreeBSD
0bbaae54 601 - Add storeid_file_rewrite helper to perform Store-ID rewrites from a rules file
13db7eef
AJ		 602 - Add all-of and any-of ACL types for grouping sets of ACL tests
603 - Add note directive for transaction annotations
604 - Add %note log format for transaction annotation logging
605 - Add note ACL type for matching annotated transactions with by annotation name or value
606 - Add kv-pair support to URL-rewrite/redirector interface
607 - Add SSL server certificate validator interface, helper and result cache
608 - Add SSL server certificate fingerprint ACL type
609 - Add spoof_client_ip access control
610 - Add pt-bz (Belize Portuguese) dialect to translations
611 - ... and many Windows portability changes (still incomplete)
612 - ... and many documentation changes
613 - ... and much code cleanup and polishing
988a7fba 614
88e192b1
AJ		 615Changes to squid-3.3.14 (01 May 2015):
616
617 - Bug 4093: source-maintenance.sh errors and warnings due to wrong tools/options
618 - ... and some documentation updates
619 - ... and all fixes from squid 3.2.14
620
abc809ce
AJ		 621Changes to squid-3.3.13 (28 Aug 2014):
622
623 - Fix segmentation fault setting up server SSL connnection
624 - HTTP/1.1: Ignore Range headers with unidentifiable byte-range values
625
d3b930ff
AJ		 626Changes to squid-3.3.12 (09 Mar 2014):
627
628 - Regression Bug 3769: client_netmask not evaluated since Comm redesign
629 - Bug 4026: Fix SSL and adaptation_access handling of aborted connections
630 - Bug 3969: Fix credentials caching for Digest authentication
631 - Bug 3806: Caching responses with Vary header
632 - Fix umask default on crash report generated email
633 - Fix pthread library detection on FreeBSD 10
634 - Avoid assertions on Range requests that trigger Squid-generated errors.
635
277afc6e
AJ		 636Changes to squid-3.3.11 (01 Dec 2013):
637
638 - Regression Bug 3936: error-details.txt parse error with OpenSSL since 3.3.9
639 - Bug 3972: Segfault when getting the deny_info page ID after a reconfigure
640 - Bug 3970: max_filedescriptors disabled due to missing setrlimit
641 - Bug 3967: ipc/Kid.cc compilation failure: 'time' was not declared in this scope
642 - Bug 3960: DEAD cache_peer are not revived
643 - Bug 3956: xstrndup: tried to dup a NULL pointer
644 - Bug 3906: Filedescriptor leaks in SNMP
645 - Bug 3782: Digest authentication not obeying nonce_max_count
646 - HTTP/1.1: Make header parser obey relaxed_header_parser
647 - HTTP/1.1: Re-compute Range response content offset after an FTP response was adapted
648 - SMP: Replace blocking sleep(3) and close UDS socket on failures
649 - Windows: fix several compile errors
650
c663cc36
AJ		 651Changes to squid-3.3.10 (03 Nov 2013):
652
653 - Bug 3929: request_header_add not working for tunnel requests
654 - Bug 3923: cbdata and undefined behavior due to dynamic runtime enumeration
655 - Bug 3918: Self Test Failures on Mac OS X 10.8
656 - Bug 3887: tcp_outgoing_tos not working for IPv6
657 - Bug 3836: Fix issues with automake 1.13+ and make check
658 - Bug 3480: StoreEntry::kickProducer() segfaults in store_client::copy()
659 - Fix pinning hierarchy log information
660 - Fix close idle client connections associated with closed idle pinned connections.
661 - Fix cbdata 'error: expression result unused' errors
662 - Avoid "hot idle": A series of rapid select() calls with zero timeout.
663 - Append Connection:close to OPTIONS requests when icap_persistent_connections is off
664 - ntlm_fake_auth: pass DOMAIN data to Squid in original case
665 - kerberos_ldap_group: fix LDAP string duplication
666 - Use IPv6 localhost nameserver on DNS configuration errors
667 - Add cache_miss_revalidate
668 - ... and several portability improvements
669
db01c30c
AJ		 670Changes to squid-3.3.9 (11 Sep 2013):
671
672 - Regression Bug 3077: off-by-one error in Digest header decoding
673 - Bug 3895: fix acl_uses_indirect_client and cache_peer_access
674 - Bug 3879: assertion failed ConnStateData::validatePinnedConnection
675 - Bug 3863: myportname acl causes segmentation fault
676 - Bug 3849: Duplicate certificate sent when using https_port
677 - Bug 2287: Better fix for unsupported HTTP version handling
678 - Bug 2112: Reload into If-None-Match
679 - Fix several assert with side effects in ICAP/eCAP response handling
680 - Fix myportname ACL on ICAP/eCAP transactions
681 - Fix external ACL user:pass detail logging after adaptation
682 - Fix SMP mgr:info report 'Largest file desc currently in use'
683 - Handle infinite certificate validation loops caused by OpenSSL Bug 3090.
684 - Improved compatibility with gcc 4.8, clang and icc
685 - Show number of available filedescriptors when reserved FD changes
686 - Sync with newest OpenSSL error codes
687 - Register Http2-Settings header
688 - ... and many Windows portability fixes
689
8dbafb10
AJ		 690Changes to squid-3.3.8 (13 Jul 2013):
691
692 - Bug 3869: assertion failed: MemBuf.cc:272: size < capacity
693 - Improved handling of port values in Host: header validation
694
2fea9d2b
AJ		 695Changes to squid-3.3.7 (11 Jul 2013):
696
697 - Bug 3297: Fix openSSL related build failures
698 - Fix build on FreeBSD 9.x platform with clang
699 - Protect against buffer overrun in DNS query generation
700
1a39473b
AJ		 701Changes to squid-3.3.6 (01 Jul 2013):
702
703 - Bug 3854: pt1: compile errors on AIX
704 - Bug 3802: Fix wrong check inside Format::Format::assemble
13db7eef 705 - Bug 3762: remove bogus WARNING in cache.log
1a39473b
AJ		 706 - Bug 3717: assertion failed with dstdom_regex with IP based URL
707 - Bug 1991: kqueue causes SSL to hang
708 - Ask for SSL key password when started with -N but without sslpassword_program
709 - Make sure %<tt includes all [failed] connection attempts
710 - Support HTTP reply ACLs in icap_log and log_icap
711 - Fix incorrect external_acl_type codes
712 - Fix ICAP logging request headers and segmentation faults
713 - ... and some documentation polish
714
9c7aeeb8
AJ		 715Changes to squid-3.3.5 (20 May 2013):
716
717 - Bug 3851: Delay Pool class 5 tag:levels displayed incorrectly in cache manager
718 - Bug 3845: http_port tcpkeepalive= option fails parsing
719 - Bug 3840: assertion failed 'sde' in UFS cache loading
720 - Bug 3836: make check failures with automake-1.13
721 - Bug 3827: Remove AccessLogEntry::cache.authuser
722 - Bug 3816 pt2: SSL_get_certificate call inside Ssl::verifySslCertificate crashes
723 - Bug 3780: cachemgr.cgi: output problem in HTTP Header Statistics
724 - Bug 3759: OpenSSL compilation error on stock Fedora17, RHEL, CentOS 6 systems
725 - Bug 3744: squid terminated: FATAL: Bungled (null) line 3: sslproxy_cert_sign signTrusted all
726 - Port from 2.6: external acl %ACL and %DATA tags
727 - Update copyright on SN.png
728 - ... and several minor memory leaks
729 - ... and some documentation polish
730
988a7fba
AJ		 731Changes to squid-3.3.4 (27 Apr 2013):
732
733 - Bug 3831: basic_ncsa_auth Blowfish and SHA support
734 - Bug 3816: SSL_get_certificate call inside Ssl::verifySslCertificate crashes
735 - Bug 3794: MacOS: workaround compiler errors and case-insensitivity
736 - Bug 3781: Proxy Authentication not sent to cache_peer
737 - Bug 3720 pt1: SourceLayout: shuffle fd_table definition into fde.h
738 - Bug 3720 pt2: Add missing include in /dev/poll I/O module
739 - Bug 3674: Improve compiler detection, better support warnings-as-errors on clang
740 - Add support for TPROXY on BSD
741 - Fix SSL Bump bypass for intercepted traffic
742 - Fix memory leaks in ConnStateData pinning
743 - Fix external_acl.cc "inBackground" assertion on queue overloads
744 - CacheMgr: fix missing column separator in helper stats
745 - OpenBSD: libpthreads requires OpenBSD 5.2 or later
746 - ... and lots of documentation updates
747 - ... and all changes from squid 3.2.10
748
40c973aa
AJ		 749Changes to squid-3.3.3 (12 Mar 2013):
750
751 - Bug 3720: Add missing include in /dev/poll I/O module (pt2)
752 - ... and all changes from squid 3.2.9
753
d4dc9eea
AJ		 754Changes to squid-3.3.2 (02 Mar 2013):
755
756 - Bug 3781: Proxy Authentication not sent to cache_peer
757 - Bug 3794: MacOS: workaround compiler errors
758 - Bug 3720: Compile error in Solaris /OpenIndiana
759 - ... and all changes from squid 3.2.8
760
21744e8b
AJ		 761Changes to squid-3.3.1 (09 Feb 2013):
762
763 - Bug 3726: build errors with --disable-ssl
764 - Propigate pinned connection persistency and closures to the client.
765 - Mimic SSL certificate Key Usage and Basic Constraints
766 - Fix segmentation fault on missing squid.conf values
767 - ext_sql_session_acl: Fix hex decoding on UID
768 - ... and some code polish
769 - ... and a lot of documentation polish
770 - ... and all changes from squid 3.2.7
771
56eea3f2
AJ		 772Changes to squid-3.3.0.3 (09 Jan 2013):
773
774 - Bug 3729: 32-bit overflow in parsing 64-bit configuration values
775 - Bug 3728: Improve debug for cache_dir
776 - Additional fixes for CVE-2012-5643 / SQUID:2012-1
777 - kerberos_ldap_group: support multiple groups in squid.conf ACL definition
778 - kqueue: update status from experimental to fully available net I/O method
779 - ... and many memory leaks and potential bugs detected by Coverity Scan
780
bd4920ca
AJ		 781Changes to squid-3.3.0.2 (03 Dec 2012):
782
783 - Support matching empty header field values using req_header and rep_header
784 - ... and some minor code polish and input vaidations
785 - ... and all changes from squid 3.2.4
786
362d74b6
AJ		 787Changes to squid-3.3.0.1 (21 Oct 2012):
788
789 - Bug 3610: Add peername_regex ACL
790 - Bug 3239: rename myip/myport as localip/localport
791 - Bug 3130: helpers are crashing too rapidly
792 - Add log_db_daemon SQL Database Logging Daemon
793 - Add ext_time_quota_acl helper managing sessions by bandwidth usage
794 - Add request_header_add option
795 - Support C++11 features where possible
796 - Support bump-ssl-server-first
797 - Support mimic SSL server certificates
798 - Remove --enable-ntlm-fail-open
799 - Fix TLS/SSL Options does not apply to the dynamically generated certificates
800 - Fix SslBump stuck after error
801 - Polish: display ACL enumeration text in debugs
802 - ... and many portability fixes for MacOS X, Windows and others
803 - ... and many compile error fixes
804 - ... and a very large amount of code polish for faster compilation
805
88e192b1
AJ		 806Changes to squid-3.2.14 (01 May 2015):
807
808 - Fix 'access_log none' to prevent following logs being used
809 - Fix X509 server certificate domain matching
810 - ... some documentation updates
811
8dbafb10
AJ		 812Changes to squid-3.2.13 (13 Jul 2013):
813
814 - Bug 3869: assertion failed: MemBuf.cc:272: size < capacity
815 - Improved handling of port values in Host: header validation
816
2fea9d2b
AJ		 817Changes to squid-3.2.12 (11 Jul 2013):
818
819 - Protect against buffer overrun in DNS query generation
820 - Avoid !closing assertions when helpers call comm_read during reconfigure.
821 - Fix several minor memory leaks during reconfigure
822 - Remove origin_tries limiter on forwarding and permit large max_forward_tries values
823
80c1bddb
AJ		 824Changes to squid-3.2.11 (30 Apr 2013):
825
826 - Regression Bug 3839: build error: src/tools.h: No such file or directory
827 - Update copyright on SN.png
828
988a7fba
AJ		 829Changes to squid-3.2.10 (27 Apr 2013):
830
831 - Bug 3833: squidclient: Option '-k' is not present in man(1) page
832 - Bug 3825: basic_ncsa_auth: segfaulting with glibc-2.17
833 - Bug 3822: Locate LDAP and SASL headers for BSD support
834 - Bug 3817: Memory leak in SSL cert validate for alt_name peer certs
835 - Bug 3774: 'squid -k reconfigure' drops rock cache
836 - Bug 3565: Resuming postponed accept kills Squid
837 - HTTP/1.1: partial support for no-cache and private controls with parameters
838 - ssl_crtd: fix helpers dying during startup on ARM
839 - GNU Hurd: define MAP_NORESERVE as no-op when missing
840 - BSD: fix enter_suid/leave_suid build errors in ip/Intercept.cc
841
40c973aa
AJ		 842Changes to squid-3.2.9 (12 Mar 2013):
843
844 - Regression fix: Accept-Language header parse
845 - Bug 3673: Silence 'Failed to select source' messages
846 - Fix authentication headers sent on peer digest requests
847 - Fix build error on Solaris, OpenIndiana, Omnios
848
d4dc9eea
AJ		 849Changes to squid-3.2.8 (02 Mar 2013):
850
851 - Bug 3767: tcp_outgoing_tos/mark ACLs do not obey acl_uses_indirect_client
852 - Bug 3763: diskd Error: no filename in shm buffer
853 - Bug 3752: objects that cannot be cached in memory are not cached on disk
854 - Bug 3753: Removes the domain from the cache_peer server pconn key
855 - Bug 3749: IDENT lookup using wrong ports to identify the user
856 - Bug 3723: tcp_outgoing_tos/mark broken for CONNECT requests
857 - Bug 3686: cache_dir max-size default fails
858 - Bug 3515: crash in FtpStateData::ftpTimeout
859 - Bug 3329: Quieten orphan Comm::Connection messages
860 - Make squid -z for cache_dir rock preserve the rock DB
861 - Fixed several server connect problems
02824360
AJ		 862 - ... and some build issues on Solaris, OpenIndiana, MacOS X
863 - ... and some documentation and debugs polishing
d4dc9eea 864
54ccbeea
AJ		 865Changes to squid-3.2.7 (01 Feb 2013):
866
867 - Bug 3736: Floating point exception due to divide by zero
868 - Bug 3735: raw-IPv6 domain URLs crash if IPv6-disabled
869 - Bug 3732: Fix ConnOpener IPv6 awareness
870 - Bug 3729: 32-bit overflow in parsing 64-bit configuration values
871 - Bug 3728: Improve debug for cache_dir
872 - Bug 3687: unhandled exception: c when using interception and peers
873 - Bug 3678: external acl grace period causes acl lookup failures
874 - Bug 3567: Memory leak handling malformed requests
875 - Bug 3111: Mid-term fix for the forward.cc "err" assertion
876 - Support OpenSSL NO_Compression optio
877 - Fix IPv6 enabled pinger on split-stack or IPv6-disabled systems
878 - Fix "address.GetPort() != 0" assertion for helpers
879 - ... and several minor memory leaks
880 - ... and some cache.log message polishing
881
56eea3f2
AJ		 882Changes to squid-3.2.6 (09 Jan 2013):
883
884 - Regression Bug 3731: TOS setsockopt() requires int value
885 - Regression Bug 3712: Rotating logs overwrites the previous log
886 - Bug 3727: LLVM compile errors in kerberos_ldap_group
887 - Bug 3650: Negotiate auth missing challenge token
888 - Additional fixes for CVE-2012-5643 / SQUID:2012-1
889
eeb80d48
AJ		 890Changes to squid-3.2.5 (10 Dec 2012):
891
892 - Bug 3698: Add missing include of errno.h
893
bd4920ca
AJ		 894Changes to squid-3.2.4 (03 Dec 2012):
895
896 - Ported: urllogin ACL from squid 2.7
897 - Bug 3688: Lots of Orphan Comm:Connections to ICAP server
898 - Bug 3677: Port un-pinning logic changes from squid 3.3
899 - Bug 3405: ssl_crtd crashes failing to remove certificate
900 - ... and major bugs fixed in squid 3.1.22
901 - Fix accept_filter on Linux
902 - Remove 'Bungled' warning on missing component directives
903 - ... and many buffer and memory leak issues in the bundled helpers
904 - ... and a small amount of code polishing
905
362d74b6
AJ		 906Changes to squid-3.2.3 (21 Oct 2012):
907
908 - Regression: SMP crashes on startup with workers > 1
909 - Bug 3655: pinning failure breaks NTLM and Negotiate authentication
910 - SMP: Allow a UFS cache_dir entry to coexist with a shared memory cache entry
911 - HTTP/1.1: honour Cache-Control before Pragma:no-cache
912 - HTTP/1.1: Cache-Control compliance upgrade
913 - Remove obsoleted refresh_pattern ignore-no-cache option
914 - Fix IPv6 enabled squidclient
915 - ... and several compile fixes
916
917Changes to squid-3.2.2 (06 Oct 2012):
a18ad4b5
AJ		 918
919 - Regression: Make login=PASS send no credentials when none available
920 - Regression: Handle dstdomain duplicates and overlapping names better
921 - Bug 3661: Segmentation fault when using more than 1 worker
922 - Bug 3660: ACLFilledChecklist::fd set with wrong fd for sslproxy_cert_error
923 - Bug 3658: ERR_ZERO_SIZE_OBJECT propagates out even after successful retry
924 - Bug 3648: polish String class files
925 - Bug 3647: parsing hier_code acl fails
926 - Bug 3626: forwarding loops on intercepted traffic
927 - Bug 3616: retrieve client connection for ACL checks from the related HttpRequest object
928 - Bug 3609: several RADIUS helper improvements
929 - Bug 3605: memory leak in Negotiate authentication
930 - Fix small memory leak in src ACL parse
931 - Fix maximum_single_addr_tries upgrade
932 - Fix chunked encoding on responses carrying a Content-Range header.
933 - Do not reuse persistent connections for PUTs to avoid ERR_ZERO_SIZE_OBJECT
934 - ... and several compile errors
935
c72a2049
AJ		 936Changes to squid-3.2.1 (15 Aug 2012):
937
938 - Bug 3605: memory leak in peer selection
939 - Bug 3478: better default handling without -DSTRICT_ORIGINAL_DST
940 - ... and some documentation updates
941
a9eec4aa
AJ		 942Changes to squid-3.2.0.19 (02 Aug 2012):
943
944 - Regression Bug 3580: IDENT request makes squid crash
945 - Regression Bug 3577: File Descriptors not properly closed
946 - Regression Bug 3478: Allow peer selection and connection auth on intercepted traffic
947 - Regression Fix: Restore memory caching ability
948 - Bug 3556 Workaround: epoll assertion failed: comm.cc:1093: isOpen(fd)
949 - Bug 3551: store_rebuild.cc:116: "store_errors == 0" assertion
950 - Bug 3525: Do not resend nibbled PUTs and avoid "mustAutoConsume" assertion.
951 - Avoid bogus "Disk space over limit" warnings when rebuidling dirty ufs index
952 - Support custom headers in [request|reply]_header_* manglers
953 - ... and much code polishing
954
5cc53d80 955Changes to squid-3.2.0.18 (29 Jun 2012):
f787354b
AJ		 956
957 - Bug 3576: ICY streams being Transfer-Encoding:chunked
958 - Bug 3537: statistics histogram leaks memory
959 - Bug 3526: digest authentication crash
960 - Bug 3484: Docs: sslproxy_cert_error example flawed
961 - Bug 3462: Delay Pools and ICAP
962 - Bug 3405: ssl_crtd crashes failing to remove certificate
963 - Bug 3380: Mac OSX compile errors with CMSG_SPACE
964 - Bug 3258: Requests hang when Host forgery verify fails
965 - Bug 3186: Digest auth caches failed state without revalidating
966 - Bug 2976: ERR_INVALID_URL for transparently captured requests when reconfiguring
967 - Bug 2885: AIX: check and set required compiler flags
968 - Fix ssl_crtd compile issues with libsslutil
969 - Fix build with GCC 4.7 (and probably other C++11 compilers).
970 - Fix double-escape of %R on deny_info redirect responses
971 - Support status 308 Permanent Redirect
972 - Support for TLSv1.1 and TLSv1.2 options and methods
973 - Support passing external_acl_type credentials on ICAP
974 - Language Updates: fr, hy, pt_BR
975 - ... and many compile issues on Windows
976 - ... and some minor code polish
977
5cc53d80 978Changes to squid-3.2.0.17 (12 Apr 2012):
f949585d
AJ		 979
980 - Bug 3527: EUI compile errors on Mac OS X 10.5.8 PPC
981 - Bug 3509: kQueue compile error
982 - Bug 3505: crash in CbcPointer<Comm::ConnOpener> constructor
983 - Bug 3441: Part 3: Replace corrupted v1 swap.state with new v2 format.
984 - Bug 3397: do not mark connection as opened until after SYN-ACK
985 - Bug 3193: NTLM decoder truncating strings
986 - Windows FD handling polish and some fixes
987 - Solaris 9/10 various build fixes
988 - ... and some more code polish
989
5cc53d80 990Changes to squid-3.2.0.16 (07 Mar 2012):
488e6901
AJ		 991
992 - Bug 3508: Correct DNS timeout handling.
993 - Bug 3503: DNS PTR queries timeout due to wrong QIDs.
994 - Bug 3497: Bad ssl_crtd db size file causes infinite loop
995 - Bug 3490: part 1: SegFault opening FTP active data connections
996 - Bug 3490: Crash writing Apache Common and Referer/Useragent logs
c5426f8f 997 - Bug 3458: Icon Serving (squid-internal-static) Broken
488e6901
AJ		 998 - Bug 3457: Display TLS error details in ERR_SECURE_CONNECT_FAIL
999 - Bug 3381: 32-bit overflow assertion in StatHist
1000 - Bug 3324: loadFromFile: parse error while reading template file
1001 - Support sslpassword_program for ssl-bump HTTP ports
1002 - Support CoAP protocol coap:// and coaps:// URL schemes in HTTP requests
1003 - Retry requests that failed due to a persistent connection race
1004 - Log '-' on requests with no Referer or User-Agent headers
1005 - ... and several fixes related to in-transit object performance
1006 - ... and some structural design changes for portability
1007
5cc53d80 1008Changes to squid-3.2.0.15 (06 Feb 2012):
f9329b54
AJ		 1009
1010 - Bug 3472: segfault with the message 'urlParse: URL too large'
1011 - Bug 3471: segfault when %la formating code used
1012 - Bug 3449: part 3: shm_open can fail with a mangled path
1013 - Bug 3449: part 4: shm_open failed (fixing memory_cache_shared defaults)
1014 - Bug 3448: 204 response problem in adaptation chains
1015 - Bug 3447: assertion failed: CommCalls.h:150: "dp"
1016 - Bug 3461: build regression in IPFilter NAT
1017 - Bug 3413: raise cbdata lock limits
1018 - Bug 3391: forwarded_for log functionality broken
1019 - Bug 3268: Squid cannot do anything else during ufs/diskd rebuild
1020 - Bug 3268: remove wrong 'Ready to serve requests.' message
1021 - Bug 2519: ssl_bump + Authentication (LDAP Digest) issues
1022 - Disable OpenSSL SSL/TLS bug workarounds by default
1023 - Send DNS A and AAAA queries in parallel
1024 - Cache Manager migration support
1025 - Allow service of internal requests over reverse-proxy ports
1026 - Fix trimMemory for unswappable objects
1027 - ... and several build and polish fixes
1028
902bc38b
AJ		 1029Changes to squid-3.2.0.14 (12 Dec 2011):
1030
1031 - Bug 3433: Segfault closing SNMP
1032 - Bug 3420: Request body consumption races and !theConsumer exception.
1033 - Bug 3406: SSL Log Error in debug
1034 - Bug 3383: store.cc:1631: "new_status != IN_MEMORY" assertion
1035 - Bug 3383: unhandled exception: theGroupBSize > 0
1036 - Bug 3377: assertion failed: store.cc:885: "store_status == STORE_PENDING"
1037 - Bug 3367: fix inverted check on host_strict_verify
1038 - Bug 3366: assertion comm.cc:1276: isOpen(fd) via CompositePoolNode::kickReads
1039 - Bug 3364: SNMP Orphans
1040 - Bug 3301: ERR_DNS_FAIL never shown
1041 - Bug 3150: do not start useless unlinkd
1042 - ext_session_acl: version 1.2
1043 - Add adaptation_meta option
1044 - Add a mask on the qos_flows miss configuration value
1045 - Support intermediate CA in ssl-bump traffic certificates
1046 - Support SSL certificate failure details on error page
1047 - Fix flags for NAT intercept and TPROXY not set correctly
1048 - Fix fastCheck() default result on multi-line actions
1049 - Fix missing SMP shared memory statistics
1050 - Fix Comm::Write closing() assertion when retrying a failed UDP DNS query
1051 - ... and several other TCP and SMP support behaviour fixes
1052 - ... and many code polishing cleanups and fixed build errors
1053 - ... and several documentation polishings
1054
8fe9e0a2
AJ		 1055Changes to squid-3.2.0.13 (14 Oct 2011):
1056
1057 - Regression Bug 3363: never_direct always 'unable to forward this request at this time'
1058 - Regression Bug 3351: FTP timeout causing "store_status == STORE_PENDING" assertion
1059 - Regression Bug 3336: reconfigure assertion 'hlp->childs.n_running > 0'
1060 - Regression fix: always_direct/never_direct failures
1061 - Regression fix: stop an SSL header file being included after --disable-ssl
1062 - Regression fix: parse HTTP list headers with embedded 8-bit characters
1063 - Bug 3355: configure setting --with-swapdir ignored
1064 - Bug 3325: option to selectively enable strict host verify checks
1065 - Bug 3337: HTTP status 200 is not accepted for deny_info
1066 - Bug 3077: '\' in url query strings cause Digest authentication to fail
1067 - Support SMP worker shared memory cache
1068 - Support SMP worker shared disk cache (rock)
1069 - ext_session_acl: version 1.1
1070 - Fix Host verify: do not pinn destination IP if URL re-write has been done
1071 - Fix IPF interception
1072 - Fix ssl_crtd "Cannot add certificate to db" when updating expired cert
1073 - Fix ssl_crtd CertificateDB locking scheme
1074 - ... and all changes from 3.1.16
1075 - ... and many compile and polishing fixes
1076
f96fd18d
AJ		 1077Changes to squid-3.2.0.12 (17 Sep 2011):
1078
1079 - Regression Bug 3335: ICAP service is down
1080 - Regression Bug 3322: adapt:: and icap:: format codes do not parse
1081 - Regression Bug 3303: Support for non-English usernames in log files
1082 - Regression Bug 3259: assertion failed: Connection.cc:29: 'fd<0' after REVIVED PARENT
1083 - Regression: %I shows hostname on SSL error page
1084 - Regression: FTP outgoing port always 'in use' on PASV connections
1085 - Bug 3337: (partial) status 200 is not accepted for deny_info
1086 - Bug 3319: Inconsistencies in error messages
1087 - Bug 3281: pconn in-use while closing assertion
1088 - Bug 3243: Fix cases: raw-IPv6, case variant FQDN, internal request
1089 - Fixed max-stale check. Entities not exceeding max-stale were marked as stale
1090 - Adjust format code %la for intercepted connections
1091 - Log ICAP_ERR_GONE ICAP transaction outcome when ICAP initiator disappears early
1092 - Send RST packet when closing an ICAP connection after a transaction error
1093 - Support maximum field width for string access.log fields
1094
2284b7f7
AJ		 1095Changes to squid-3.2.0.11 (28 Aug 2011):
1096
1097 - Bug 3243: CVE-2009-0801 Bypass of browser same-origin access control
1098 - Host: authority validation of intercepted destination IP
1099 - Host: authority validation of request URL
1100 - Host: authority validation of CONNECT tunnel destination
1101 - Preserve client destination IP in intercepted communication
1102 - Regression Bug 3316: Failed to connect to nameserver using TCP
1103 - Regression Bug 3311: segmentation fault in getMyPort() with only intercept port set
1104 - Regression Bug 3310: %<pt translates as %<p
1105 - Regression Bug 3301: ERR_DNS_FAIL never shown (partial)
1106 - Regression Bug 3288: %<la and %<lp not displaying
1107 - Bug 3289: cache manager parameters not parsed without password
1108 - Bug 2279: Log Format options to log server source IP and port
1109 - Bug 3211: ssl_crtd start even if no ssl-bump port is configured
1110 - Bug 3138: squidclient mgr:objects/mgr:vm_objects never ends
1111 - Bug 3118: ecap_enable on forces icap_enable on
1112 - Bug 3107: ncsa_auth DES silently truncates passwords to 8 bytes
1113 - Default to vhost for accelerator mode (reverse proxy)
1114 - Display HTTP protocol syntax at section 11 level 2
1115 - Support for using custom keys in CARP parents
1116 - Optimize regular expression ACLs
1117 - ... and a lot of code portability fixes
1118 - ... and all bugs and polish changes from 3.1.15
1119
3ff024ec
AJ		 1120Changes to squid-3.2.0.10 (24 Jul 2011):
1121
1122 - Port from 2.7: act-as-origin for reverse proxy ports
1123 - Regression fix: broken --disable-ipv6
1124 - Regression fix: negative cacheing on unknown or -1 expiry timestamp
1125 - Regression fix: vhost and defaultsite causing vport to be ignored
1126 - Regression fix: several errors in persistent connection handling
1127 - Regression Bug 3280: allow max-size unset and min-size=N for large objects
1128 - Regression Bug 3245: reconfigure assertion in MemPools[type]
1129 - Regression Bug 3274: assertion failed: CommCalls.h:144: "dp"
1130 - Regression Bug 3273: assertion comm.cc:775: Comm::IsConnOpen(conn)
1131 - Regression Bug 3269: cache.log applyQueryParams messages
1132 - Regression Bug 3264: Segmentation Fault in src/ipc/Strand.cc(54) receive: 3
1133 - Regression Bug 3246: assertion client_side.cc:1407 connIsUsable(http->getConn())
1134 - Bug 3267: workers IPC mount points disobey --localstatedir
1135 - Bug 3248: login=NEGOTIATE sends wrong auth header to origin peers
1136 - Bug 3247: Domain from URL Stripped when going through peers
1137 - Bug 3244: wrong port for peer relayed requests
1138 - Bug 3195: kerberos_ldap_group will not build without kerberos
1139 - Bug 2862: add http(s):// support to cache manager
1140 - kerberos_ldap_group: several fixes to -S option
1141 - ssl_crtd: Add man(8) file
1142 - ... and several pieces of code cleanup and polishing.
1143 - ... and most bug fixes and updates from 3.1.14 and 3.1.15
1144
6d44d1e9
AJ		 1145Changes to squid-3.2.0.9 (18 Jun 2011):
1146
1147 - Bug 3159: delay pools --disable-auth compile problems
1148 - HTTP/1.1: Support multiline quoted-string header fields
1149 - HTTP/1.1: Send 505 Unsupported Version on mangled version codes
1150 - Support configurable and translated SSL error details messages
1151 - Add log format codes for split client/server views of HTTP request line
1152 - Major upgrade of TCP connection handling
1153 - Support split-stack IPv6 to servers
1154 - Support persistent connections with tcp_outgoing_address/tcp_outgoing_tos
1155 - Optimized persistent connection handling
1156 - Optimized FTP data connection handling
1157 - Optimized TCP failure recovery
1158 - ... and all bug fixes and updates from 3.1.12.3
1159 - ... and many code polish, documentation and translation cleanups
1160
65f2789a
AJ		 1161Changes to squid-3.2.0.8 (30 May 2011):
1162
1163 - Bug 3214: "helperHandleRead: unexpected read from ssl_crtd" errors.
1164 - Bug 3043: Properly detect Iphlpapi.h on windows
1165 - Bug 2055: Honor ICAP Max-Connections
1166 - Fix NTLM/Negotiate reply auth PASSTHRU to peers
1167 - Support SSL SNI to origin servers
1168 - Add %EXT_LOG and %EXT_TAG external_acl_type format options
1169 - Add %b tag for proxy listening port display in error pages
1170 - Optimize base64 encoding/decoding
1171 - Require libcap before enabling netfilter MARK support
1172 - Require libtool 2.2
1173 - Bundle pkg.m4 from pkg-config 0.25 for OS without pkg-config
1174 - ... and all bug fixes and updates from 3.1.12.2
1175 - ... and some documentation and code polishing
1176
065f7779
AJ		 1177Changes to squid-3.2.0.7 (19 Apr 2011):
1178
1179 - Regression fix: NTLM and Negotiate auth assertion "RefCountCount() == 2"
1180 - Regression fix: icons/ FHS compliance
1181 - Regression fix: Startup aborts with URL error when --disable-htcp
1182 - Bug 3192: comm.cc:216: "fd_table[fd].halfClosedReader != NULL"
1183 - Add negotiate_wrapper_auth version 1.0.1
1184 - Fixed %dt logging in the presence of REQMOD
1185 - Fixed chunked request forwarding in ICAP REQMOD presence
1186 - ... all bug fixes and updates from 3.1.12.1
1187 - ... many code polishings and display cleanups
1188
7d9ce496
AJ		 1189Changes to squid-3.2.0.6 (04 Apr 2011):
1190
1191 - Regression fix: upgrade existing icons
1192 - Regression fix: dont crash when accessing an SSL certificate with errors
1193 - Regression fix: prevent stdio log module segfaults on rotate
1194 - Regression fix: shutdown properly even if a worker process crashes on exit
1195 - Regression Bug 3159: (partial fix) ICAP and --disable-auth compile problems
1196 - Bug 3170: "Unsupported or unconfigured/inactive proxy-auth scheme" on shutdown
1197 - Bug 3105: malformed Proxy-Authorization leaks memory
1198 - Bug 3007: CONNECT to cache_peer returns 000 status code
1199 - Bug 2885: Compile errors on AIX
1200 - Support parameterized Cache Manager queries
1201 - Support libecap v0.2.0; fixed eCAP body handling and logging
1202 - Support dynamic adaptation plans that cover multiple vectoring points
1203 - Support %D details for documented OpenSSL errors
1204 - Support logging of all transactions including those with uncertain status or no sent response
1205 - Updrate negotiate_kerberos_auth to version 3.0.4sq
1206 - Update ext_kerberos_ldap_group_acl to version 1.3.0sq
1207 - Update ext_edirectory_userip_acl to version 2.1
1208 - Convert dns_timeout and dns_retransmit_interval directives to use millisecond resolution
1209 - Change the default dns_timeout value from 2 minutes to 30 seconds
1210 - Fix TCP log stream flushing on every line
1211 - ... all bug fixes and updates from 3.1.12
1212 - ... a great many compiler portability fixes
1213 - ... many code polishings and display cleanups
1214
850ff99f
AJ		 1215Changes to squid-3.2.0.5 (12 Feb 2011):
1216
1217 - Regression Fix: profiler should not be built by default
1218 - Regression Bug 3081: assertion failed: AsyncCallQueue
1219 - Regression Bug 2948: Requests for FTP active downloads cause failed assertion
1220 - Bug 3089: FTP command output overrides directory listing
1221 - Bug 2870: --disable-auth does not work
1222 - Bug 2586: multiple memory leaks during reconfigure
1223 - Bug 2581: FTP directory listing sometimes fails
1224 - Port from 2.7: maximum staleness limits
1225 - HTTP/1.1: Support RFC 5861 Cache-Control: stale-if-error option
1226 - HTTP/1.1: Support configurable status codes for deny_info
1227 - Support upcoming "fresh message creation" eCAP API
1228 - Aggregate SNMP responses when using SMP with multiple workers
1229 - Several more Solaris, Windows and ICC support fixes
1230 - ... all bug fixes and updates from 3.1.11
1231 - ... and more code cleanup shufflings
1232 - ... and several documentation updates
1233
834d2128
AJ		 1234Changes to squid-3.2.0.4 (22 Dec 2010):
1235
1236 - Port 2.x: cache_dir min-size setting
1237 - Bug 3059: Crash on digest auth headers with unknown nonce
1238 - Fix cachemgr reported HTTP/ICP requests/messages per minute when multiple workers used
1239 - Fix cachemgr mem-pools reporting
1240 - Add Dynamic SSL certificate generation
1241 - Add useragent, referer, combined built-in log formats
1242 - Obsolete log_fqdn directive
1243 - Obsolete useragent/referer/forward_log directives
1244 - HTTP/1.1: Send 1.1 on CONNECT responses
1245 - Updated Kerberos support for newer GSSAPI releases
1246 - Improve handling of adapted body delivery failures in REQMOD request satisfaction mode
1247 - Improve handling of early eCAP transaction failures
1248 - Various ext_edirectory_acl fixes
1249 - ... all bug and feature fixes included in 3.1.10 release
1250 - ... and a lot of code and documentation polishing
1251
1664edf4 1252Changes to squid-3.2.0.3 (07 Nov 2010):
b40d9a33
AJ		 1253
1254 - Regression fix: SMP broke ICP outgoing IP lookup if no udp_outgoing_addr set
1255 - Regression fix: ESI processing of Surrogate filter
1664edf4 1256 - Bug 3091: bypassed ICAP errors are not counted as service failures
b40d9a33 1257 - Bug 3048: "commio_has_callback(fd, IOCB_READ, ccb)" assertion.
1664edf4 1258 - Bug 3038: Detatch libmisc from libcompat
b40d9a33
AJ		 1259 - Bug 3028: Permit wbinfo_group.pl to authenticate Kerberos users with NT domain
1260 - Bug 3002: store initialization (-z) does not work with SMP configs
1261 - Bug 2999: v2.0 of ext_edirectory_userip_acl
1262 - Bug 2785: DNS needs to set EDNS options advertising Squid capabilities
1263 - Bug 595: Add %err_code and %err_detail logformat codes for transaction failures
1264 - HTTP/1.1: support If-Match and If-None-Match requests
1265 - HTTP/1.1: forward 1xx control messages to clients that support them
1266 - HTTP/1.1: send Age:0 header even if it may break IE5
1267 - HTTP/1.1: dechunk incoming requests and chunk outgoing requests
1268 - HTTP/1.1: entry is stale if request has max-age=0
1269 - HTTP/1.1: harden quoted-string parser
1270 - Add --enable-build-info for extra "squid -v" display
1271 - Add --with-swapdir=PATH to override default /var/cache/squid
1272 - Add cpu_affinity_map directive to bind workers to CPU cores
1273 - Add Netfilter MARK support for QoS
1274 - Add upgrade process for obsolete options
1275 - Add support for RFC 2965 Set-Cookie2 / Cookie2 headers
1276 - Add support for client send bandwidth limits (a.k.a., quota or delay pool)
1277 - Fixes Eui48 support on OpenBSD
1278 - Fixes cache manager support with SMP configs
1279 - ... several documentation updates
1280 - ... all bug and feature fixes included in 3.1.9 release.
1281 - ... many more code polishes and leak removals
1282
dee6a922
AJ		 1283Changes to squid-3.2.0.2 (04 Sep 2010):
1284
1285 - Bug 3015: assertion failed: comm.cc:143: "ccb->active()"
1286 - Support rotating logs from cachemgr and squidclient
1287 - Support Kerberos authentication in squidclient
1288 - Add manual page for negotiate_kerberos_auth
1289 - Add helper ext_kerberos_ldap_group_acl to lookup Kerberos/NTLM group via LDAP
1290 - Add tool 'purge' for management of UFS/AUFS/DiskD caches (experimental)
1291 - Added log options %http::<bs and %icap::<bs
1292 - Collapse HTCP cache_peer options into one setting
1293 - Improved request smuggling attack detection. Tolerating valid benign HTTP
1294 - ... and several HTTP/1.1 compliance improvements
1295 - ... and all improvements in 3.1.7 and 3.1.8
1296
6be4a9a8
AJ		 1297Changes to squid-3.2.0.1 (03 Aug 2010):
1298
1299 - Port from 2.7: Logging infrastructure updates
1300 - Port from 2.7: Unique sequence number per log line
1301 - Port from 2.6: STORE_META_OBJSIZE swapout storage type
1302 - Bug 2792: tcp_outgoing_addr does not work with TPROXY
1303 - Bug 2631: refresh_pattern store-stale option
1304 - Bug 2305: Multiple leaks and assertion crashes in authentication
1305 - Bug 1239: Much needed ACL type random
1306 - Bug 7: (partial): Migrate on-disk objects to cache_mem on hit/refresh and update
1307 - Support full Surrogate/1.0 protocol extensions to HTTP for reverse-proxies
1308 - Support SMP for essential non-caching functionality
1309 - Support logging over TCP
1310 - Support Solaris 10 pthreads (experimental)
1311 - Support Kerberos login to peers
1312 - Support EUI / MAC in more environments
1313 - Support format tags in deny_info URLs
1314 - Support running helpers on-demand instead of all at startup
1315 - Support fully transparent login=PASSTHRU of authentication headers to peers
1316 - Support multi-lingual localised FTP directory listings
1317 - Support TPROXYv4 spoofing of X-Forwarded-For client address
1318 - Support ICAP 206 Partial Content extension
1319 - Append the _ABORTED or _TIMEDOUT suffixes to the action access.log field
1320 - Add ACL support to range_offset_limit
1321 - Add helpers for url_rewrite
1322 - Add helper multiplexer for concurrency emulation with legacy helpers
1323 - Add Perl library which facilitates parsing access logfile entries.
1324 - Add a simple script to summarise traffic use per user
1325 - Add templates for captive portal proxy configuration instructions
1326 - Add logging of the local TCP port used by transactions with HTTP servers
1327 - Update mswin_check_ad_group to version 2.0
1328 - Update squid_kerb_auth helper to version 3.0.2
1329 - Remove double-language error page hack (replaced by locale auto-negotiation)
1330 - Remove TPROXYv2 support (replaced by TPROXYv4)
1331 - Remove no_check.pl NTLM helper (replaced by ntlm_fake_auth)
1332 - Re-work ./configure script for smarter auto-detect and early error checks
1333 - Auto-enable all features by default
1334 - Workaround com_err.h C++ brokenness triggered by OpenSSL includes
1335 - Helpers naming scheme
1336 - Add support for write timeouts
1337 - Modify icap_service_failure_limit option to forget old ICAP errors
1338 - Updated man(8) manuals including several additions and translations
1339 - ... and a great many code cleanups
1340 - ... and a great many testing improvements
1341 - ... and many documentation updates
1342
56eea3f2
AJ		 1343Changes to squid-3.1.23 (09 Jan 2013):
1344
1345 - Additional fixes for CVE-2012-5643 / SQUID:2012-1
1346
bd4920ca
AJ		 1347Changes to squid-3.1.22 (03 Dec 2012):
1348
1349 - Bug 3685: Squid hangs in Delay Pools ClassCBucket::update
1350 - Bug 3659: read_timeout problem with HTTPS
1351 - Bug 3654: Fix IPv6 enabled squidclient
1352 - Bug 3189: AIO thread race on pipe() initialization
1353 - cachemgr.cgi: Memory Leaks and DoS Vulnerability
1354
4c73ceb8
AJ		 1355Changes to squid-3.1.21 (23 Sep 2012):
1356
1357 - Bug 3622: peerClearRRStart scheduling multiple events
1358 - Bug 3615: configure check for default max number of FDs is broken
1359 - Bug 3607: --enable-auth documented default action incorrect
1360 - Bug 3593: socket failure: Address family not supported by protocol
1361 - Bug 3584: Detection of setresuid() is broken
1362 - Bug 3568: Consolidate external_acl_type config dumping and add missing %%
1363 - Bug 3564: eCAP not supporting CoAP URI schemes
1364 - Bug 3484: Docs: sslproxy_cert_error example flawed
1365 - Bug 3462: Delay Pools and ICAP
1366 - Bug 3133: better fix: Memory leak handling requests for sites that don't exist
1367 - Bug 2976: ERR_INVALID_URL for transparently captured requests when reconfiguring
1368 - Silence IOS 15.1 unknown capabilities messages.
1369 - Account for Store disk client quota when bandwidth-limiting the server.
1370 - ... and several documentation fixes
1371 - ... and several compile fixes
1372
5cc53d80 1373Changes to squid-3.1.20 (08 Jun 2012):
dd8d2619
AJ		 1374
1375 - Regression Bug 3545: FreeBSD dnsserver segfaults
1376 - Regression Bug 3504: clientside_tos fails to mark traffic
1377 - Bug 3539: CONNECT server connection not closed correctly on errors
1378 - Bug 3502: client timeout uses server-side read_timeout, not request_timeout
1379 - Bug 3466: Adaptation stuck on last single-byte body piece
1380 - Bug 3463: dnsserver fails to compile
1381 - Bug 3439: correct external_acl_type documented default for ipv4/ipv6 option
1382 - Bug 3390: Proxy auth data visible to scripts
1383 - Bug 3263: ssl_crtd: undefined references to squid_curtime
1384 - Bug 3233: Invalid URL accepted with url host is white spaces
1385 - Bug 3133: Memory leak handling requests for sites that don't exist
1386 - Bug 3074: Improper URL handling with empty path (RFC 3986)
1387 - Bug 3013: segmentation fault on shutdown commSetCloseOnExec at comm.cc:1889
1388 - Regression: snmp/udp address directives not resolving hostname
1389 - Better helper-to-Squid buffer size management.
1390 - Support CoAP over HTTP (coap:// and coaps:// URLs)
1391 - Support for 3.2 error template codes
1392
5cc53d80 1393Changes to squid-3.1.19 (06 Feb 2012):
f9329b54
AJ		 1394
1395 - Regression Bug 3441: part 2: Prevent further cache size corruption of swap.state
1396 - Bug 3473: erase last uses of obsolete auth_user_hash_pointer
1397 - Bug 3470: GCC 4.7
1398 - Bug 3442: assertion failed: external_acl.cc:908: ch->auth_user_request != NULL
1399 - Bug 3441: part 1: Minimize cache size corruption by malformed swap.state
1400 - Bug 3440: compile error in Adaptation
1401 - Bug 3420: Request body consumption races and !theConsumer exception
1402 - Bug 3370: external ACL sometimes skipping
1403 - Bug 3085: Crash when parsing esi:include
1404 - HTTP/1.1: do not add 110 and 111 Warnings to revalidated responses
1405 - Fix SSL library dependency fixes
1406
339383cc
AJ		 1407Changes to squid-3.1.18 (03 Dec 2011):
1408
1409 - Regression: compile error in FTP
1410
c218b24d
AJ		 1411Changes to squid-3.1.17 (03 Dec 2011):
1412
1413 - Bug 3432: Crash logging FTP errors
1414 - Bug 3428: Active FTP data channel accepted twice
1415 - Bug 3423: access violation in URL parser
1416 - Bug 3422: Buffer overflow in recv-announce
1417 - Bug 3412: External ACL Uses Invalid Cache Entry
1418 - Bug 3408: Wrong header length leads to EFAULTs when creating UFS swap.log.new
1419 - Bug 3398: persistent server connection closed after PUT/DELETE
1420 - Bug 3299: dnsserver: various undefined references
1421 - Bug 3077: '\' in url query strings cause Digest authentication to fail
1422 - Bug 2910: MemBuf may grow beyond max_capacity
1423 - Bug 2619: Excessive RAM growth due to unlimited adapted body data consumption
1424 - Bug 1243: Build overrides configured AR setting
1425 - Avoid crashes when processing bad X509 common names (CN).
1426 - Support %% in external ACL format
1427 - ... and several other compile error fixes
1428 - ... and several documentation fixes
1429
8fe9e0a2
AJ		 1430Changes to squid-3.1.16 (14 Oct 2011):
1431
1432 - Bug 3373: invalid URL in ERR_CACHE_ACCESS_DENIED
1433 - Bug 3368: Unhandled exceptions are not logged (workaround)
1434 - Bug 3326: miss_access incorrect default
1435 - Bug 3320: miss_access description confusing
1436 - Bug 3241: squid_kerb_auth cross compilation fix
1437 - Bug 3237: seq fault in free() from rfc1035RRDestroy
1438 - Bug 3190: Large HTTP POST stuck after early ICAP 400 error response
1439 - db_auth: display available DSN drivers on connect error
1440 - Updated OpenSSL 1.0.0 version checks
1441 - ... and several documentation fixes
1442
2f954743
AJ		 1443Changes to squid-3.1.15 (28 Aug 2011):
1444
1445 - Regression fix: vhost and defaultsite causing vport to be ignored
2284b7f7 1446 - Regression Bug 3295: broken escaping in rfc1738_do_escape
2f954743
AJ		 1447 - Bug #3232: fails to compile with OpenSSL v1.0.0
1448 - Bug #3222: cache_peer name is not logging on CONNECT
1449 - Bug #3131: fd_table[fd].closing() assert from ConnStateData::noteMoreBodySpaceAvailable()
1450 - Bug #3217: "!fd_table[fd].closing()" from ServerStateData::noteMoreBodySpaceAvailable
1451 - Bug #3213: https sites (CONNECT) not open when using NTLM
1452 - Bug #3114: Memory leak in SSL certificate verify code
1453 - Bug #3107: ncsa_auth DES silently truncates passwords to 8 bytes
1454 - Bug #2662: cf_gen failure when cross compiling
1455 - Bug #2655: passing wrong the username to the url_rewrite_program
1456 - Bug #2495: ignore whitespace prefix on config lines
1457 - Bug #2051: 'default' cache_peer option does not match documentation
1458 - Bug #1842: Optimize order of tests in peerWouldBePinged() and peerHTTPOkay()
1459 - Bug #1791: timestampsSet does not validate Date: if server sends very old date
1460 - Correct parsing of large Gopher indexes
1461 - Enable negative cacheing on unknown or -1 expiry timestamp
2284b7f7 1462 - Remove hierarchy_stoplist default value
2f954743
AJ		 1463 - Migrate cf_gen tool from C-style to C++
1464 - ... and several documentation and compiler warning fixes
1465
04f5e27a
AJ		 1466Changes to squid-3.1.14 (04 Jul 2011):
1467
1468 - Regression Bug 3261: Could not create a DNS socket and exit
1469
e074e5be
AJ		 1470Changes to squid-3.1.13 (01 Jul 2011):
1471
1472 - Regression Bug 3239: problems with myip/myport upgrade
1473 - Bug 3153: hung ICAP RESPMOD transactions
1474 - Update ssl_crtd to use 'OK' status inline with other helpers
1475
6d44d1e9
AJ		 1476Changes to squid-3.1.12.3 (18 Jun 2011):
1477
1478 - Bug 3236: Port of %oa, %<lp and %<lp and %<la log format options
1479 - Bug 3214: unexpected read from ssl_crtd
1480 - Bug 3153: Prevent ICAP RESPMOD transactions getting stuck with the adapted body
1481 - Fix RADIUS helper resource leak
1482 - Fix segfault parsing digest auth realm
1483 - Fix segfault in parse_eol()
1484 - Fixed bypass of SSL certificate validation errors
1485 - Warn about myip/myport problems on interception proxies
1486 - Polish: display easily grepped config lines on -k parse
1487 - Fix squidclient -V option and allow non-HTTP protocols to be tested
1488
65f2789a
AJ		 1489Changes to squid-3.1.12.2 (30 May 2011):
1490
1491 - Bug 3226: Tags from external ACLs do not correctly expire
1492 - Bug 3215: Malformed IPv6 DNS reverse lookup
1493 - Bug 3209: ssl-bumped requests forwarded unencrypted to the parent proxies/caches
1494 - Bug 3205: SSL-bump starts then hangs
1495 - Bug 3178: gcc-4.6 complains unused variables
1496 - Bug 3122: Unknown record type in WCCPv2 Packet (6)
1497 - Bug 2965 (partial): Compile errors on MinGW
1498 - Fix to only ssl-bump CONNECT requests if they are about to be tunneled
1499 - Fix cache manager display of -i/+i in regex ACL config display
1500 - Fix cache manager display of cache_peer options userhash and sourcehash
1501 - Fix URL re-writer loosing many transaction details
1502 - Fix always-true comparison in ICAP for some 32-bit platforms
1503 - Support for 'slow' group ACLs in ssl_bump access control
1504 - Support OpenSSL 1.0.0 built without SSLv2
1505 - Support GCC 4.6 and binutils-gold
1506 - Add CSS id attribute to BODY tag of generated error pages.
1507 - Display WARNING and ERROR when max_filedescriptors has failed
1508
065f7779
AJ		 1509Changes to squid-3.1.12.1 (19 Apr 2011):
1510
1511 - Port from 3.2: Dynamic SSL Certificate generation
1512 - Bug 3194: selinux may prevent ntlm_smb_lm_auth from using /tmp
1513 - Bug 3185: 3.1.11 fails to compile on OpenBSD 4.8 and 4.9
1514 - Bug 3183: Invalid URL accepted with url host part of only '@'
1515 - Display ERROR in cache.log for invalid configured paths
1516 - Cache Manager: send User-Agent header from cachemgr.cgi
1517 - ... and many portability compile fixes for non-GCC systems.
1518
7d9ce496
AJ		 1519Changes to squid-3.1.12 (04 Apr 2011):
1520
1521 - Regression fix: Use bigger buffer for server reads.
1522 - Regression fix: Add reply_header_replace directive for ability lost since 2.7
1523 - Bug 3181: /dev/poll fails to build on Solaris with GCC 4.5.0
1524 - Bug 3177: assertion failed: comm.cc:1583: "fd >= 0"
1525 - Bug 3175: IPv6 PTR lookup crashes on raw-IP URLs when IPv6 disabled
1526 - Bug 3173: Assertion bodyPipe!=NULL on SslBump CONNECT response writing failure
1527 - Bug 3164: Total memory info display 32-bit overflows
1528 - Bug 3155: Werror is hard-coded in libTrie build
1529 - Bug 3151: squid_kerb_auth: use autoconf LIBS instead of FLAGS for library linkage
f787354b 1530 - Bug 2976: invalid URL on intercepted requests during reconfigure (workaround)
7d9ce496
AJ		 1531 - Bug 2720: comment in same line as cache/mem_replacement_policy causes error
1532 - Bug 2621: Provide request headers to RESPMOD when using cache_peer.
1533 - Bug 2330: AuthUser objects are never unlocked
1534 - Prevent CONNECT request relaying to origin servers
1535 - squidclient HTTP/1.1 compliance updates (Pragma and User-Agent headers)
1536 - squidclient: send Cache Manager password using -w
1537 - eCAP: give full Request-URI to adapters
1538 - ... and several debug and error display cleanups
1539
d88ad4db
AJ		 1540Changes to squid-3.1.11 (08 Feb 2011):
1541
1542 - Bug 3149: not caching eCAP adapted body
1543 - Bug 3144: redirector program blocks while reading STDIN
1544 - Bug 3140: memory leak in error page generation
1545 - Bug 3137: RADIUS auth helper does not send identifier to RADIUS server
1546 - Bug 3115: logging segfaults if access_log is set to a directory
1547 - Bug 2968: Show the Vary: headers information in cachemgr objects report
1548 - Bug 2959: remove SAMBAPREFIX dependency
1549 - Bug 2868: icc doesn't like string literal in assert checks
1550 - HTTP/1.1: Send 307 status on deny_info redirection
1551 - HTTP/1.1: Support POST/PUT with no body
1552 - HTTP/1.1: Allow persistent connections for Mozilla/3.0 User-Agents
1553 - Support RFC 5861 Cache-Control: stale-if-error option
1554 - Add ftp_eprt directive to disable EPRT extensions in FTP
1555 - Fix external_acl_type grace=0 to obey TTL
1556 - Fix IP/FQDN cache accounting to avoid idle caches on busy servers
1557 - Prevent pipeline_prefetch misconfigurations breaking NTLM/Negotiate auth
1558 - ... and some documentation updates and corrections
1559 - ... and some portability and stability fixes
1560
834d2128
AJ		 1561Changes to squid-3.1.10 (22 Dec 2010):
1562
1563 - Bug 3121: memory leak in DigestAuth: AuthUser object is locked twice
1564 - Bug 3113: Consuming too much memory when uploading files
1565 - Bug 3110: 'reply_body_max_size none' does not work with x-forwarded-for
1566 - Bug 3096: Consuming too much memory when delaying traffic
1567 - Bug 3091: Bypassed ICAP errors are not counted as service failures
1568 - Bug 3090: Polish FTP login error handing
1569 - Bug 3068: cache_dir capacity and usage overflows
1570 - Bug 3028: Permit wbinfo_group.pl to authenticate Kerberos users with NT domain
1571 - Bug 427: HTTP Compliance: Support If-Match and If-None-Match requests
1572 - Fix memory leak in adaptation_access
1573 - Fix /dev/poll and poll() selection priority
1574 - Fix PREFIX/var/run creation during install
1575 - Fix cachemgr http_port config report display
1576 - Add upgrade help process for obsolete options
1577 - Accept RFC 2965 Set-Cookie2 / Cookie2 headers as 'known'
1578 - HTTP/1.1: entry is stale if request has max-age=0
1579 - HTTP/1.1: do not forward TRACE with Max-Forwards: 0 after REQMOD
1580 - Toolchain update to support newer auto-tools
1581 - ... and updated error page translations
1582 - ... and updated documentation
1583 - ... and some code optimization/simplification polish
1584
e2f4c66a
AJ		 1585Changes to squid-3.1.9 (25 Oct 2010):
1586
1587 - Bug 3088: dnsserver is segfaulting
1588 - Bug 3084: IPv6 without Host: header in request causes connection to hang
1589 - Bug 3082: Typo in error message
1590 - Bug 3073: tunnelStateFree memory leak of host member
1591 - Bug 3058: errorSend and ICY leak MemBuf object
1592 - Bug 3057: 64-bit Solaris 9 Squid unable to determine peer IP and port
1593 - Bug 3056: comm.cc "!fd_table[fd].closing()" assertion crash when a helper dies
1594 - Bug 3053: cache version 1 LFS support detection broken
1595 - Bug 3051: integer display overflow
1596 - Bug 3040: Lower-case domain entries from hosts and resolv.conf files
1597 - Bug 3036: adaptation_access acls cannot see myportname
1598 - Bug 3023: url_rewrite_program silently fails to rewrite on broken URLs
1599 - Bug 2964: Prevent memory leaks when ICAP transactions fail
1600 - Bug 2808: getRoundRobinParent not handling weights correctly
1601 - Bug 2793: memory statistics sometimes display wrong
1602 - Bug 2356: Port from 2.7: Solaris /dev/poll event ports support
1603 - Bug 2311: crashes with ICAP RESPMOD for HTTP body size greater than 100kb
1604 - Ensure /var/cache or jail equivalent exists on install
1605 - HTTP/1.1: delete Warnings that have warning-date different from Date
1606 - HTTP/1.1: do not remove ETag header from partial responses
1607 - HTTP/1.1: make date parser stricter to better handle malformed Expires
1608 - HTTP/1.1: improve age calculation
1609 - HTTP/1.1: reply with a 504 error if required validation fails
1610 - HTTP/1.1: add appropriate Warnings if serving a stale hit
1611 - HTTP/1.1: support requests with Cache-Control: min-fresh
1612 - HTTP/1.1: do not cache replies to requests with Cache-Control: no-store
1613 - squidclient: Display IP(s) connected to in verbose (-v) display
1614 - Fixes several issues with ICAP persistent connections
1615 - Fixes small leaks in Netdb, DNS, ICAP, ICY, HTTPS
1616 - ... and some cosmetic polishing
1617
dee6a922
AJ		 1618Changes to squid-3.1.8 (04 Sep 2010):
1619
1620 - Bug 3033: incorrect information regarding TOS
1621 - Bug 3020: Segmentation fault: nameservers[vc->ns].vc = NULL
1622 - Bug 3005,2972: Locate LTDL headers correctly (again)
1623 - Bug 2872: leaking file descriptors
1624 - Bug 2583: pure virtual method called
1625 - Hardened DNS client against packet queue attacks
1626 - Hardened HTTP request-line parser
1627 - Several HTTP/1.1 support improvements
1628 - Improved cross-compile support
1629 - .. and several internal pointer safety fixes
1630
c3fe2798 1631Changes to squid-3.1.7 (23 Aug 2010):
161ec538 1632
c3fe2798 1633 - Regression Bug 3021: Large DNS reply causes crash
161ec538 1634 - Regression Bug 3011: ICAP, HTTPS, cache_peer probe IPv4-only port fixes
c3fe2798 1635 - Regression Bug 2997: visible_hostname directive no longer matches docs
161ec538
AJ		 1636 - Bug 3012: deprecate sslBump and support ssl-bump spelling in http_port
1637 - Bug 3006: handle IPV6_V6ONLY definition missing
1638 - Bug 3004: Solaris 9 SunStudio 12 build failure
1639 - Bug 3003: inconsistent concepts in documentation of cache_dir
1640 - Bug 3001: dnsserver link issues
1641 - HTTP/1.1: default keep-alive for 1.1 clients (bug 3016)
1642 - HTTP/1.1: Improved Range header field validation
1643 - HTTP/1.1: Forward multiple unknown Cache-Control directives
1644 - HTTP/1.1: Stop sending Proxy-Connection header
1645 - Fix 32-bit wrap in refresh_pattern min/max values
1646 - ... and several documentation corrections.
1647
aa844a33
AJ		 1648Changes to squid-3.1.6 (02 Aug 2010):
1649
1650 - Bug 2994, 2995: IPv4-only regressions
1651 - Bug 2991: Wrong parameters to fcntl() in commSetCloseOnExec()
1652 - Bug 2975: chunked requests not supported after regular ones
1653 - Fix: 32-bit overflow in reported bytes received from next hop
1654 - Fix Libtool build regressions
1655 - Limited split-stack IPv6 support.
1656 - squid_db_auth support MD5 encrypted passwords
1657
f41d79ba
AJ		 1658Changes to squid-3.1.5.1 (28 Jul 2010):
1659
1660 - Update Libtool to 2.2.
1661 - Bug 2985: search scope for digest_ldap_auth didn't work
1662 - Bug 2972: LTDL 2.2.6b compile errors
1663 - Bug 2963: Stop ignoring --with-valgrind-debug failures
1664 - Bug 2885: AIX support: several fixes
1665 - Bug 2651: crash handling NULL write callback
1666 - Fixed several memory leaks related to Range requests
1667 - Fixed Joomla DB auth handling
1668 - Fixed SASL helper build checks
1669 - Fixed several IPv6 portability problems
1670 - Updated error page translations
1671
88aa2b05 1672Changes to squid-3.1.5 (02 Jul 2010):
0e87db68 1673
88aa2b05
AJ		 1674 - Bug 2967: raw-IPv6 address URL with append_domain broken
1675 - Bug 2950: HTTP responses with no Date, L-M or Expires can now be cached
1676 - Bug 2943: ICAP tokens not logged when using multiple access
1677 - Bug 2937: Fails to detect chunked encoding if not given in all lower case
1678 - Bug 2903: does not send indirect X-Client-Ip in ICAP respmod
7e6cdc23 1679 - Fix free memory corruption and off-by-one error when comparing SNMP OIDs
88aa2b05
AJ		 1680 - Port from 2.7: max_filedescriptor config option
1681 - Fix persistent_connection_after_error is meant to be on by default
1682 - ... and several build errors.
0e87db68 1683
2d94c829
AJ		 1684Changes to squid-3.1.4 (30 May 2010):
1685
1686 - Bug 2933: Verification of the max. port number for WCCP2 dynamic service
1687 - Bug 2924: RADIUS helper compile issues
1688 - Bug 2922: Fix assertion failed: HttpHeader.cc: "Headers[id].stat.aliveCount"
1689 - Bug 2919: tcp_outgoing_address ACLs not obeying acl_uses_indirect_client
1690 - Bug 2896: Fix assertion failed: comm.cc:2063: "!fd_table[fd].closing()"
1691 - Bug 2879: pt2: 3.0 regression in headers end finding
1692 - Bug 2877: pt2: only output zero-size warning on reverse-proxy requests
1693 - Bug 2876: FD_SETSIZE override not working on all linux distributions
1694 - Bug 2810: common log format generates 2 lines of syslog
1695 - Bug 2789: Optimize unlimited memory pools, and correctly handle limits over 2GB
1696 - Bug 2753: Fall back on IPv4 if IPv6 is not present
1697 - Bug 2697: Adaptation leaks and extra requests after reconfiguration
1698 - Bug 2633: Fix Ecap::HeaderRep::value(name) fails when there is no named header field
1699 - Change LDAP helpers to default to LDAP version 3 if available
1700 - Add Joomla and Salted Hash support to squid_db_auth helper
1701 - Fixed IpAddress port printing for ports higher than 9999
1702 - Disable chunked memory pooling by default.
1703 - ... and several build errors.
1704
6808dbda
AJ		 1705Changes to squid-3.1.3 (02 May 2010):
1706
7e6cdc23 1707 - Remove: Advertise 1.1 on replies to clients (broken chunked handling)
6808dbda
AJ		 1708 - Fix tag ACL type not working
1709
ca959baa
AJ		 1710Changes to squid-3.1.2 (01 May 2010):
1711
1712 - Bug 2913: Fix DB auth warning in new perl version
1713 - Bug 2904: Prevent automake creating incomplete files
1714 - Bug 2899: Regression: Restore lost rfc1738_unescape() data type
1715 - Bug 2895: Regression: TPROXY2 compile errors
1716 - Bug 2879: Regression: headers end-finding
1717 - Bug 2874: Accept literal IPv6 address in icap_service URL
1718 - Bug 2860: Regression: WCCPv1 handshake
1719 - Bug 2848: Pass TCP_RST to client on early disconnect
1720 - Debian Bug 578047: Correct behaviour of --enable-ipv6
7e6cdc23
AJ		 1721 - HTTP/1.1: Advertise 1.1 on requests to servers
1722 - HTTP/1.1: Advertise 1.1 on replies to clients
ca959baa
AJ		 1723 - AIX / UNIX build fixes
1724 - Cygwin build fixes
1725 - squidclient: -k option to test connection keep-alive or close
1726 - Improved helper build for wider compatibility
1727 - Ensure the PID file directory exists on install
1728
2ec34bd3
AJ		 1729Changes to squid-3.1.1 (29 Mar 2010):
1730
1731 - Bug 2873: undefined symbol
1732 - Bug 2827: assertion in authentication
1733 - Remove ufsdump binary from default builds
1734 - Remove pinger from default startups
1735 - ... and several documentation updates.
1736
e09692bd
AJ		 1737Changes to squid-3.1.0.18 (14 Mar 2010):
1738
1739 - Regression Fix: IPv4-mapped prefix, broken in 3.1.0.16
1740 - Bug 2869: Remove unused external reference
1741 - Bug 2866: Support OpenSSL 1.0
1742 - Bug 2813: Random unix_group crash at startup
1743 - Send HTTP1.1 compliant 417 responses
1744 - Associate external acl message with the request
1745 - Various Digest parser fixes
1746 - ... and all bug fixes from 3.0 up to 3.0.STABLE25
1747
365d894c
AJ		 1748Changes to squid-3.1.0.17 (24 Feb 2010):
1749
1750 - Regression Fix: Non-English error page UTF encoding
1751 - Bug 2616: reduce IdleConnList::removeFD messages
1752 - Bug 1843: multicast-siblings cache_peer option
1753 - Port from 2.7: X509 certificate alias-domain handling
1754 - Add adapted_http_access option
1755 - NTLMv2 support for fake NTLM helper
1756
011dea45
AJ		 1757Changes to squid-3.1.0.16 (01 Feb 2010):
1758
1759 - Regression Fix: Make Squid abort on all config parse failures.
1760 - Regression Bug 2811: SNMP client/peer table OID numbering
1761 - Bug 2851: Connection pinning fails when using a peer
1762 - Bug 2850: Mismatch in hier_code enum / hier_strings array
1763 - Bug 2731: Add follow_x_forwarded_for support to ICAP
1764 - Bug 2730: Regressions in follow_x_forwarded_for since Squid-2
1765 - Bug 2706: Set timestamps during ICAP request satisfaction.
1766 - Bug 2553: X-Forwarded-For with IPv6 address not handled correctly
1767 - Fix: WCCPv1 not connecting to router correctly
1768 - Remove obsolete RunCache/RunAccel scripts.
1769 - Add client_ip_max_connections
1770 - Add the http::>ha format code and make http::>h log original request headers
1771 - ... and all bug fixes from 3.0 up to 3.0.STABLE22
1772 - ... and many more minor build and display annoyances.
1773
ba641958
AJ		 1774Changes to squid-3.1.0.15 (23 Nov 2009):
1775
1776 - Regression Fix: myip ACL not accepted in config
1777 - Bug 2795: acl arp lookups including port
1778 - Bug 2794: ESI parsing fails on FreeBSD
1779 - Bug 2778: fix linking issues using SunCC
1780 - Bug 2724: eCAP build failure unless ICAP enabled
1781 - Bug 2628: Correct default PID location to PREFIX/var/run/squid.pid
1782 - Bug 2617: Performance degradation during processing list of dstdomain ACL's
1783 - Bug 2374: Support ICY / ICEcast / SHOUTcast streaming protocol.
1784 - Fix: 64-bit filesize issue in squidclient POST of large files
1785 - Fix: send correct Connection: header on intercepted replies
1786 - Support libtool 2.x
1787 - ESI libraries libexpat and libxml2 now optional
1788 - ESI support default enabled
1789 - Bump libcap minimum requirement to libcap 2.09+
1790 - ARP / MAC support fixes for IPv6-mode
1791 - Add outstanding IPv6 settings to squid.conf (localnet, localhost)
1792 - ... and many additions to the background testing structure
1793 - ... and very many minor build and code cleanups for non-GCC compilers.
1794
8f37469c
AJ		 1795Changes to squid-3.1.0.14 (27 Sep 2009):
1796
1797 - Bug 2777: Various build issues on OpenSolaris
1798 - Bug 2773: Segfault in RFC2069 Digest authentication
1799 - Bug 2747: Compile errors on Solaris 10
1800 - Bug 2735: Incomplete -fhuge-objects detection
1801 - Bug 2722: Fix http_port accel combined with CONNECT
1802 - Bug 2718: FTP sends EPSV2 on IPv4 connection
1803 - Bug 2648: stateful helpers stuck in reserved
1804 - Bug 2570: wccp2 "Here I Am" announcements not sent in memory-ony mode
1805 - Bug 2510: digest_ldap_auth uses incorrect logic with TLS
1806 - Bug 2483: bind() called before connect()
1807 - Bug 2215: config file line length limit (extended to 2 KB)
1808 - Support Accept-Language: * wildcard
1809 - Support autoconf 2.64
1810 - Support TPROXY for IPv6 traffic (requires kernel support)
1811 - Support TPROXY cache cluster behind WCCPv2
1812 - Correct ESI support to work in multi-mode Squid
1813 - Add 0.0.0.0 as an to_localhost address
1814 - DiskIO detection fixes and use optimal IO in default build.
1815 - Correct peer connect-fail-limit default of 10
1816 - Prevent squidclient sending two Accept: headers
1817 - ... all bug fixes from 3.0.STABLE19
1818 - ... and many more documentation fixes
1819
f49a1c9e
AJ		 1820Changes to squid-3.1.0.13 (04 Aug 2009):
1821
1822 - Bug 2723 regression: enable PURGE requests if PURGE method ACL is present.
1823 - Fix one more internal profiler error
1824 - Language Updates: Italian, Russian
1825 - Language Updates: Add many more aliases
1826 - Add Copyright document for errors/ content
1827 - ... all bug fixes from 3.0.STABLE18
1828 - ... and several code polishing cleanups
1829
e7b1c518
AJ		 1830Changes to squid-3.1.0.12 (27 Jul 2009):
1831
1832 - Bug 2716: Chunked request Signed/Unsigned build error
1833 - Bug 2674: Remove limit on HTTP headers read.
1834 - Bug 2620: Invalid HTTP response codes causes segfault
1835 - Fix FTP EPSV negotiation parser.
1836 - Fix Via string when leak checking is enabled (valgrind etc)
1837 - ... and several documentation and testing additions
1838
0b8d12da
AJ		 1839Changes to squid-3.1.0.11 (19 Jul 2009):
1840
1841 - Bug 2087: Support adaptation sets and chains
1842 - Bug 2459: dns error message broken when error handling delayed
1843 - Support ICAP Retry
1844 - Support ICAP retries based on the ICAP responses status code
1845 - Support logging ICAP
1846 - Support logging total DNS wait time
1847 - Support logging response times of adaptation transactions
1848 - General logging enhancements
1849 - Dynamically form chains based on ICAP X-Next-Services header
1850 - Support cross-transactional ICAP header exchange
1851 - ... and much adaptation polish and improvements
1852
ce460dc8
AJ		 1853Changes to squid-3.1.0.10 (18 Jul 2009):
1854
1855 - Bug 2680: Regression Crash after rotate with no helpers running
1856 - Bug 2695: Regression in WCCPv2 L2 mask assignment
1857 - Bug 2707: Regression in FTP anonymous auth
1858 - Bug 422, 2706: RFC 2616 Date header requirements
1859 - Bug 1087: ESI processor not quoting attributes correctly.
1860 - Bug 1338: File prefetches aborted despite range_offset
287dcde6 1861 - Bug 2080: wbinfo_group.pl - false positive under certain conditions
ce460dc8 1862 - Bug 2092: select loop 32-bit call counter overflows
287dcde6 1863 - Bug 2127: delay pools class 4 crashes with ntlm auth
ce460dc8
AJ		 1864 - Bug 2611: document fast/slow acl types
1865 - Bug 2614: Potential loss of adapted body data from eCAP adapters
1866 - Bug 2658: Missing TextException copy constructor
1867 - Bug 2659: String length overflows on append, leading to segfaults
1868 - Bug 2699: Build failure NTLM smb_lm helper
1869 - Bug 2709: TRANSLATIONS not installed
1870 - Bug 2710: squid_kerb_auth non-terminated string
1871 - Delay pools 64-bit buckets and IPv6-polish
1872 - Break forwarding loops for "transparent" or "intercept" http_ports.
1873 - Add --disable-translation option to detatch .po from error negotiation
1874 - Add squidclient man(1) page
1875 - Add localhost to default permitted networks
1876 - http_port allow-direct option to allow direct forwarding in accelerator mode
1877 - ... and many testing infrastructure updates
1878
5df6d596
AJ		 1879Changes to squid-3.1.0.9 (26 Jun 2009):
1880
1881 - Bug 2682: Add ftp_epsv control to disable EPSV support.
1882 - Bug 2665: Detach automake system from using -I.
1883 - Bug 2395: FTP auth errors not displayed
1884 - ... also several changes and bugs closed in 3.0.STABLE16
1885 - Port from 2.7: Show local address on listening sockets
1886 - Add "tag" type acl matching tags set by external acl helpers.
1887 - Adds Language alias linker/installer/upgrade scripts
1888 - Support for GCC 4.4
1889 - Fix false NAT lookup errors on Linux
1890 - Fix many Windows port issues
1891 - Fix squid_kerb_auth helepr install location
1892 - Better detection of IPv6 stack types
1893 - Updates Licensing information for Squid 3.1
1894 - ... and many packaging portability build and install issues
1895
a7b15245
AJ		 1896Changes to squid-3.1.0.8 (24 May 2009):
1897
1898 - Bug 2656: Pinger dies with general protection fault
1899 - Bug 2650: configure requires epoll_ctl in libepoll when --enable-epoll used
1900 - Bug 2648: Authentificator processes deferring and don't shutdown.
1901 - Bug 2645: allow squid to ignore must-revalidate
1902 - Bug 2644: auth scheme initialization is broken
1903 - Bug 2632: Make number of reforwarding tries configurable
1904 - Bug 2628: --with-pidfile=PATH option to override DEFAULT_PID_FILE
1905 - Bug 2627: HTCP Logging
1906 - Bug 2615: Call libecap::adapter::Service::start() when finalizing config.
1907 - Bug 2589: SNMP returning no data - wrong oid decoded
1908 - Bug 2571: Squid with IPv6 fails to start on kernel without IPv6
1909 - Bug 2559: Problem parsing /0 and /0.0.0.0
1910 - Bug 2404: WCCP in mask mode is broken
1911 - ... also all bugs closed by 3.0.STABLE14, 3.0.STABLE15, 3.0.STABLE16-RC1
1912 - Complete Interception multiple NAT support
1913 - Add Content-Disposition to the known headers list.
1914 - Make PEER_TCP_MAGIC_COUNT configurable
1915 - Fix pinger install location
1916 - Enable TPROXY v4 spoofing of CONNECT requests
1917 - ... and much documentation and code polishing
1918
e1e28561
AJ		 1919Changes to squid-3.1.0.7 (08 Apr 2009):
1920
1921 - Fix: several issues with ident
1922 - Add several language translations
1923 - Upgrade code testing infrastructure
1924 - Migrate much code to build as internal libraries
1925 - Support gcc 4.4
1926 - Support doxygen 1.5.8
1927 - ... and much code polish to make things read easier
1928
727cb127
AJ		 1929Changes to squid-3.1.0.6 (01 Mar 2009):
1930
e1e28561 1931 - Regression Fix: Support HTTP/0.9 in accelerator mode
727cb127
AJ		 1932 - Bug 2601: Hack. Convert IPv4 netmasks to CIDR in IPv6-enabled mode
1933 - Bug 2593: Compile errors on Solaris 10
1934 - Bug 2591: adaptation_access does not work
1935 - Bug 2588: coredump in rDNS lookup
1936 - Bug 2526: default ALLOW when no list specified.
1937 - Bug 2287: Send a 505 on requests with unsupported HTTP versions
1938 - Bug 419: Hop by Hop headers MUST NOT be forwarded
1939 - Fix external_acl_type handling of SSL certificate details
1940 - Obsolete: dependency on nss_common.h and nss.h
1941 - Support libtool2
1942 - ... and various documentation and code polish
1943
f636c996
AJ		 1944Changes to squid-3.1.0.5 (03 Feb 2009):
1945
1946 - Bug 2583: Fixed issue in content adaptation
1947 - Bug 2576: Make translate target obey --disable-auto-locale
1948 - Bug 2571: Add DNS failover to use IPv4-only listen when IPv6 fails.
1949 - Bug 2563: 99+% CPU Usage on FTP URL
1950 - Bug 2505, 2524, 2558: fixed several issues on connection handling
1951 - Fix several issues in request parsing
1952 - Fix memory leak from logformat parsing
1953 - Fix various ESI build errors
1954 - Make configure tests use C++ instead of C
1955 - Drop special localhost conversion RFC violation.
1956 - Add Language: Arabic
1957 - ... and various documentation and code polish
1958
1959Changes to squid-3.1.0.4 (23 Jan 2009):
1960
1961 - Regression Fix: Bug 2558: rollback bug 2395 fix.
1962 - Bug 2555: Fixes to SNMP-MIB
1963 - Bug 2550: assertion comm.cc:350 !fd_table[fd].closing()
1964 - Bug 2547,2548: OSX compile errors (duplicate symbols and IPv6)
1965 - Bug 2508: comm.cc:2035 assertion fd_table[fd].closing()
1966 - Bug 2330: allow keep-alive+chunked; don't add max-age for no-cache
1967 - Polish ZPH configuration interface
1968 - Several Language Conversions to new auto-negotiate
1969 - Port from 2.7: squidclient -V and -j options for HTTP/1.1 and 0.9 testing
1970 - Fix: Pconn not being used when they should.
1971 - Fix: Fix pinger immediate shutdowns
1972 - Fix: Untangle CacheManager reports from log_fqdn
1973 - ... and all bugs fixed for 3.0.STABLE12
1974 - ... and many code polish and optimization fixes.
1975
1976Changes to squid-3.1.0.3 (5 Dec 2008):
1977
1978 - Regression Fix: StoreIOBuffer patch removed.
1979 - Regression Fix: build issues with 3.1.0.2 bundle
1980 - Security Bug 2526: default ALLOW when no list specified
1981 - Bug 2525: encoding error on error pages
1982 - Bug 2424: slow file descriptor leak
1983 - Bug 2527: ICAP compile error on g++ 4.3.2
1984 - Bug 2523: bad assertion left in from debug
1985 - Bug 2395: FTP Auth errors and others not displayed
1986 - Update squid_kerb_auth to 1.0.5
1987 with better Squid integration.
1988 - Fix cache_peer forcedomainname= option
1989 - ... and many other minor fixes
1990
5e80e4ee
AJ		 1991Changes to squid-3.1.0.2 (9 Nov 2008):
1992
1993 - Bug 2516: error page templates not properly installed
1994 - Bug 2500: Solaris build issues
1995 - Fixes FreeBSD build issues
1996 - Release Notes completed
1997 - Languages: new Russian, Japanese, Chinese, and general updates
1998 - ... and other minor fixes
70c5dfb2 1999
af4cd9a0
AJ		 2000Changes to squid-3.1.0.1 (27 Oct 2008):
2001
2002 - Bundled ntlm_auth helper renamed (see Release Notes before changing anything)
7a6e2ecc
AJ		 2003 - peername ACL added for matching against a named peer destination
2004 - configure option --with-logdir= added to select log files location
2005 - squid_kerb_auth helper updated to 1.0.3 release
2006 - Bug #740: allow external acl's to use reply headers in format
2007 - Bug #2379: obsolete dns_testnames option
2008 - Code test infrastructure expanded to configuration testing
2009 - Policy changes to negative_ttl, cache deny QUERY, refresh_pattern
af4cd9a0 2010 to bring their defaults up to RFC 2616 requirements.
7a6e2ecc
AJ		 2011 - Large increase in RFC 2616 standard compliance (ongoing)
2012 - squid.conf cleanups for minimal config
2013 - Connection Pinning ported from 2.6 for NTLM passthru authentication
2014 - eCAP internal adaptation module support
af4cd9a0 2015 - Localization and CSS display control of error pages
7a6e2ecc
AJ		 2016 - Added semi-automatic documentation of source code
2017 - Added TE chunked encoding decoder to workaround broken HTTP/1.1 servers
2018 - HTCP improvements ported from 2.7 adding HTCP CLR requests
70c5dfb2 2019 - IPv6 (Internet Protocol version 6) support
2020 - ICMPv6 (Internet Control Message Protocol version 6) support
f1233d8c 2021 - FTP agent now supports EPSV/EPRT commands
70c5dfb2 2022 - DNS internal resolver now supports AAAA and CNAME records
2023 - SNMP peer and client tables now support IPv6
2024 - SNMP peer table supports named peers with multiple entries per IP
4aa8e49c 2025 - SslBump: Squid-in-the-middle decryption and encryption of straight
2026 CONNECT and transparently redirected SSL traffic, using configurable
2027 client- and server-side certificates. While decrypted, the traffic
7a6e2ecc 2028 can be inspected using ICAP.
af4cd9a0 2029 - TPROXY version 4.1 support
a13b3732 2030 - IPFW and Netfilter interception methods may now both be built in one binary.
f1233d8c
AJ		 2031 - ZPH Quality of Service patch now integrated
2032 - Null store now fully obsoleted and removed
2033 - Unknown request methods all supported
2034 - Follow_x_forwarder_for ported from 2.6
7a6e2ecc 2035 - Bug #2223: Follow XFF extensions added
af4cd9a0 2036 - ... and many code and documentation cleanups
7a6e2ecc 2037
2f954743
AJ		 2038Changes to squid-3.0.STABLE26 (28 Aug 2011):
2039
2040 - Regression: header_replace for reply headers
2041 - Bug 3183: Invalid URL accepted with url host part of only '@'.
2042 - Bug 3107: ncsa_auth DES silently truncates passwords to 8 bytes
2043 - Bug 3056: comm.cc "!fd_table[fd].closing()" assertion from helperServerFree
2044 - Bug 2991: Wrong parameters to fcntl() in commSetCloseOnExec()
2045 - Bug 2933: Verification of the max. port number for WCCP2 dynamic service
2046 - Bug 2922: Fix assertion failed: HttpHeader.cc: "Headers[id].stat.aliveCount"
2047 - Regression Bug 2899: Restore lost rfc1738_unescape() data type
2048 - Regression Bug 2879: headers end finding
2049 - Bug 2876: FD_SETSIZE override not working on all linux distributions
2050 - Check for NULL and empty strings before calling str*cmp().
2051 - Correct parsing of large Gopher indexes
2052
1a10a7e5
AJ		 2053Changes to squid-3.0.STABLE25 (14 Mar 2010):
2054
2055 - Bug 2845: Rework the http digest auth parser
2056 - Bug 2787: unknown/unexpected status code messages
2057 - Bug 2507: squid_ldap_group: Strip Domain name separated by +
2058 - Bug 2367: stale=true on digest requests with unknown nonce
2059 - ... and several other minor corrections
2060
6add0585
AJ		 2061Changes to squid-3.0.STABLE24 (13 Feb 2010):
2062
2063 - Bug 2858: Segment violation in HTCP
2064 - Updated refresh pattern for dynamic pages
2065
bcd1f03d
AJ		 2066Changes to squid-3.0.STABLE23 (02 Feb 2010):
2067
2068 - Bug 2856: removing assert() required for 3.0 patch for SQUID-2010:1
2069 - Regression Fix: Build error in Kerberos helper after library removal.
2070
61544616
AJ		 2071Changes to squid-3.0.STABLE22 (01 Feb 2010):
2072
2073 - Regression Fix: Make Squid abort on all config parse failures.
2074 - Bug 2787: Reduce unexpected http status to non-critical warnings.
2075 - Bug 2496: Downloading some variants in full before relaying
2076 - Bug 2452: Add upper limit to external_acl_type entries.
2077 - Removed optional kerberos/spnegohelp/ library due to licensing issues
2078 - Add client_ip_max_connections
2079 - Handle DNS header-only packets as invalid.
2080
06d0f369
AJ		 2081Changes to squid-3.0.STABLE21 (22 Dec 2009):
2082
2083 - Bug 2830: Clarify where NULL byte is in headers.
2084 - Bug 2778: Linking issues using SunCC
2085 - Bug 2395: FTP errors not displayed
2086 - Bug 2155: Assertion failures on malformed Content-Range response headers
2087 - Fix parsing and a few bugs in ACL time type
2088 - Fix RFC keep-alive compliance on intercepted replies
2089 - Improved security hardening on %nn parser
2090 - Replace several GCC-specific code snippets.
2091
91228e4e
AJ		 2092Changes to squid-3.0.STABLE20 (29 Oct 2009):
2093
2094 - Bug 2794: ESI parsing on FreeBSD
2095 - Bug 2791: assertion failed: MemBuf.cc:400: new_cap > (size_t) capacity
2096 - Bug 2779: Support GNU/kFreeBSD
2097 - Bug 2773: Segfault in RFC2069 Digest authantication
2098 - Bug 2768: squid_ldap_group argument parsing error
2099 - Bug 2761: Gopher and double HTTP response header
2100 - Bug 2735: Incomplete -fhuge-objects detection
2101 - Bug 2722: prevent CONNECT via http_port with accel
2102 - Bug 2624: Invalid response for IMS request
2103 - Bug 2510: digest_ldap_auth TLS support
2104 - Correct LINUX_CAPABILITY actions on non-Linux
2105
98df01e3
AJ		 2106Changes to squid-3.0.STABLE19 (06 Sep 2009):
2107
2108 - Bug 2745: Invalid Response error on small reads
2109 - Bug 2739: DNS resolver option ndots can't be parsed from resolv.conf
2110 - Bug 2734: some compile errors on Solaris
2111 - Bug 2648: stateful helpers stuck in reserved if client disconnects while helper busy
2112 - Bug 2541: Hang in 100% CPU loop while extacting header details using a delimiter other than comma
2113 - Bug 2362: Remove support for deferred state in stateful helpers
2114 - Add 0.0.0.0 as a to_localhost address
2115 - Docs: Improve chroot directive documentation slightly
2116 - Fixup libxml2 include magics, was failing when a configure cache was used
2117 - ... and some minor testing improvements.
2118
b7a1ea6b
AJ		 2119Changes to squid-3.0.STABLE18 (04 Aug 2009):
2120
2121 - Bug 2728: regression: assertion failed: !eof
2122 - Bug 2732: reply_body_max_size smaller than error page loops
2123 infinitely until out of memory
2124 - Bug 2725: pconn failure if domain or client_address are unset
2125 - Bug 2648: reserved helpers not shut down after reconfigure/rotate
2126 - Bug 2462: make check should tell when cppunit is missing
2127 - Remove excess messages about headers < minimum size
2128 - Support Libtool 2.2.6
2129
e7b1c518 2130Changes to squid-3.0.STABLE17 (27 Jul 2009):
68c19036
AJ		 2131
2132 - Bug 2680 regression: Crash after rotate with no helpers running
2133 - Bug 2710: squid_kerb_auth non-terminated string
2134 - Bug 2679: strsep and strtoll detection failure
2135 - Bug 2674: Remove limit on HTTP headers read.
2136 - Bug 2659: String length overflows on append, leading to segfaults
2137 - Bug 2620: Invalid HTTP response codes causes segfault
2138 - Bug 2080: wbinfo_group.pl - false positive under certain conditions
2139 - Bug 1087: ESI processor not quoting attributes correctly.
2140 - Fix: issue with AUFS/UFS/DiskD writing objects to disk cache
2141 - Several small build issues with previous release.
2142
950b7d55
AJ		 2143Changes to squid-3.0.STABLE16 (15 Jun 2009):
2144
2145 - Bug 2672: cacheMemMaxSize 32-bit overflow during snmpwalk
2146 - Bug 2481: Don't set expires: now in generated error responses
2147 - Bug 2387: The calculation of the number of hash buckets correctly
2148 - Fix infinite loop in MSNT auth helper
2149 - Fix FD_SETSIZE on FreeBSD
2150 - Fix stripping NT domain in squid_ldap_group
2151 - Fix RADIUS auth helper build
2152 - Add Translate: and Unless-Modified-Since: headers to known list
2153 - Make fakeauth handle NTLMv2 better
2154 - Better Kerberos support detection
2155 - Several Widows port fixes
2156
6e4fa9b4
AJ		 2157Changes to squid-3.0.STABLE16-RC1 (16 May 2009):
2158
950b7d55 2159 - Bug 1148: Ported from 3.1: Chunked Transfer Encoding
6e4fa9b4
AJ		 2160 - Bug 2648: NTLM helpers not shutting down when deferred
2161
79200081
AJ		 2162Changes to squid-3.0.STABLE15 (06 May 2009):
2163
2164 - Regression Bug 2635: Incorrect Max-Forwards header type
2165 - Bug 2652: 'Success' error on CONNECT requests
2166 - Bug 2625: IDENT receiving errors
2167 - Bug 2610: ipfilter support detection
2168 - Bug 2578: FTP download resume failure
2169 - Bug 2536: %H on HTTPS error pages
2170 - Bug 2491: assertion "age >= 0"
2171 - Bug 2276: too many NTLM helpers running
2172 - Endian system and compiler fixes provided by the NetBSD project
2173 - documentation fixes provided by the Debian project
2174
6c2e5932
AJ		 2175Changes to squid-3.0.STABLE14 (11 Apr 2009):
2176
2177 - Regression Fix: HTTP/0.9 in accelerator mode
2178 - Bug 1232: cache_dir parameter limited to only 63 entries
2179 - Bug 1868: support HTTP 207 status
2180 - Bug 2518: assertion failure on restart/reconfigure
2181 - Bug 2588: coredump in rDNS lookup
2182 - Bug 2595: Out of bounds memory write in squid_kerb_auth
2183 - Bug 2599: Idempotent start
2184 - Bug 2605: Prevent setsid() on helpers in daemon mode
2185 - Fix external_acl_type option parsing
2186 - Fix delay pools counters on FTP
2187 - Fix several issues with ident (some remain)
2188 - Fix performance issues with persistent connections
2189 - Fix performance issues with delay pools
2190 - Fix forwarding of OPTIONS requests
2191 - Add support for HTTP 1.1 Content-Disposition header
2192 - Add support for Windows 7, Windows Server 2008 R2 and later
2193 - ... and many small documentation updates
2194
f636c996
AJ		 2195Changes to squid-3.0.STABLE13 (03 Feb 2009):
2196
2197 - Fix several issues in request parsing
2198 - Fix memory leak from logformat parsing
2199 - Fix various ESI build errors
2200 - ... and some documentation updates
2201
2202Changes to squid-3.0.STABLE12 (21 Jan 2009):
2203
2204 - Bug 2533: Solaris (sparc) 64-bit build breaks with gcc/g++
2205 - Bug 2542: ICAP filters break download resume
2206 - Bug 2556: HTCP fails without icp_port
2207 - Bug 2564: logformat '%tl' field not working as advertised
2208 - Port from 3.1: TestBed basic build consistency checks
2209 - Policy: Change half_closed_clients default to off
2210 - Policy: Removed -V command line option, deprecated by 2.6
2211 - ... and several other minor code cleanups
2212
2213Changes to squid-3.0.STABLE11 (24 Dec 2008):
2214
2215 - Bug 2424: filedescriptors being left unnecessary opened
2216 - Bug 2545: fault passing ICAP filtered traffic to peers
2217 - Bug 2227: Sefgaults in MemBuf::reset during idnsSendQuery
2218 - ... and some minor admin and debug cleanups.
2219
2220Changes to squid-3.0.STABLE11-RC1 (3 Dec 2008):
2221
2222 - Removes patch causing cache of bad objects
2223 - Bug 2526: bad security default in ACLChecklist
2224 - Fixes regression: access.log request size tag
2225 - Fixes cache_peer forceddomainname=X option
2226 - ... and many minor documentation cleanups
2227
7a6e2ecc
AJ		 2228Changes to squid-3.0.STABLE10 (14 Oct 2008):
2229
2230 - Bug 2391: Regression: bad assert in forwarding
2231 - Bug 2447: Segfault on failed TCP DNS query
2232 - Bug 2393: DNS requests getting stuck in idns queue
2233 - Bug 2433: FTP PUT gives bad gateway
2234 - Bug 2465: Limited DragonflyBSD support
2235 - ... and other minor bugs and documentation
2236
2237Changes to squid-3.0.STABLE9 (9 Sep 2008):
2238
2239 - Policy Enforcement: COSS is unusable in 3.0
2240 - Port from 3.1: Language Pack compatibility
2241 - Port from 2.6: Windows Support Notes
2242 - Fix several minor regressions:
2243 HTCP stats reporting
2244 cachemgr delay pool config
2245 CARP build error
2246 - Bug 2340: uudecode dependency for icons removed
2247 - Bug 2352: no_check.pl ntlm challenge fix
2248 - Bug 2426: buffer increase for kerberos auth fields
2249 - Bug 2427: squid_ldap_group codes fix
2250 - Bug 2437: peer name now shown in access.log
2251 - Add sane display of unsupported method errors
2252 - ... and various other code cleanups
2253
2254Changes to squid-3.0.STABLE8 (18 Jul 2008):
2255
2256 - Port from 2.6: Support for cachemgr sub-actions
2257 - Port from 2.6: userhash peer selection method
2258 - Port from 2.6: sourcehash peer selection method
2259 - Bug 2376: round-robin balancing fixes
2260 - Bug 2388: acl documentation cleanup
2261 - Bug 2365: cachemgr.cgi HTML output encoding
2262 - Bug 2301: Regression: Log format size options
2263 - Bug 2396: Correct the opening of PF device file.
2264 - Bug 2400: ICAP accept mechanism
2265 - Bug 2411: Regression: fakeauth_auth crashes
2266 - Many fixes to the Windows support (not complete yet).
2267 - Boost error pages HTML standards.
2268 - Fixes several issues on 64-bit systems
2269 - Fixes several issues on older or stricter compilers
2270 - Linux-2.6.24/2.6.25 netfilter_ipv4.h __u32 workaround
2271 - Update Release Notes: 'all' ACL is built-in since 3.0.STABLE1
2272
2273Changes to squid-3.0.STABLE7 (22 Jun 2008):
2274
2275 - Fix several ASN issues
2276 - Fix SNMP reporting of counters
2277 - Fix round-robin algorithms
2278 - GCC 4.3 support
2279 - Netfilter v1.4.0 bug workaround
2280 - Bugs 2350 and 2323: memory issues
2281 - Bugs 2384, 951, 1566: ESI assertions
2282 - Various minor debug and documentation cleanups
f1233d8c
AJ		 2283
2284Changes to squid-3.0.STABLE6 (20 May 2008):
2285
2286 - Bug 2254: umask Feature from 2.6 added
2287 - cachemgr.cgi default config file added
2288 - Several authentication bug fixes
2289 - Improved Windows Support
2290 - better DNS lookup methods for unqualified hostames
2291 - better support for 64-bit environments
2292 - Bug 2332: Crash when tunnelling
2293 - Removed the advertisement clause from BSD licenses
2294 according to the GPLv2+ changes in BSD
2295 - ... and other bugs and minor cleanups
2296
2297Changes to squid-3.0.STABLE5 (28 Apr 2008):
2298
2299 - Support for resolv.conf 'domain' option
2300 - Improved URI support, including
2301 longer URI up to 8192 bytes accepted
2302 better handling of intercepted URI
2303 better port for non-FQDN URI lookups
2304 - Improved logging, including
2305 Bug 3210 fixed: incorrect timestamp format in earlier 3.0 releases.
2306 Fixed 'log_ip_on_direct' option behaviour
2307 - Support for profiling on x86 64-bit systems
2308 - .. and other bugs and minor code cleanups.
2309
2310Changes to squid-3.0.STABLE4 (2 Apr 2008):
2311
2312 - Bug 2288: compile error slipped into STABLE3.
2313
2314Changes to squid-3.0.STABLE3 (31 Mar 2008):
2315
2316 - Improved HTTP 1.1 support.
2317 - Improved MacOSX (Leopard) support
2318 - Bug 2206: Proxy-Authentication regression in STABLE2.
2319 - Strip Domain from NTLM usernames for use in class 4 Delay Pools
2320 - ... and other bugs and minor code cleanup
2321
2322Changes to squid-3.0.STABLE2 (1 Mar 2008):
2323
2324 - Add myportname ACL for matching the accepting port name (see release notes)
2325 - Add include directive for squid.conf (see release notes)
2326 - Add ability to strip kerberos realm from usernames during Auth
2327 - License cleanup to comply with GPLv2 or later
2328 - Updated Error Pages and Translations
2329 - Updated configuration examples
2330 - Updated valgrind support for valgrind-3.3.0
2331 - Improved support for Windows and MacOS X Leopard
2332 - Improved support for files larger than 2GB
2333 - Improved support for CARP arrays and WCCPv2
2334 - Improved cachmgr, SNMP, and log reporting
2335 - ... and as usual Many bug fixes since STABLE 1
70c5dfb2 2336
284237d4 2337Changes to squid-3.0.STABLE1 (13 Dec 2007):
3ff01c3e 2338
2339 - Major rewrite translating the code to C++, originally based on
2340 Squid-2.5.STABLE1
2341 - Internal client streams concept for content adaptation
2342 - ICAP (Internet Content Adaptation Protocol) client support
2343 - ESI (Edge Side Includes) support added
284237d4 2344 - Improved support for files larger than 2GB.
3ff01c3e 2345 - And a lot more. Most features from Squid-2.6 is supported, but not
2346 all. See the release notes for details.
2347
9ae33c59
AJ		 2348
2349Squid-2 ChangeLog of versions fully ported to Squid-3 follows.
2350
2351Changes to squid-2.6.STABLE22 (19 October 2008)
2352
2353 - Bug #2396: Correct the opening of the PF device file.
2354 - Make --with-large-files and --with-build-envirnment=default play
2355 nice together
2356 - Workaround for Linux-2.6.24 & 2.6.25 netfiler_ipv4.h include header
2357 __u32 problem
2358 - Make dns_nameserver work when using --disable-internal-dns on glibc
2359 based systems
2360 - Bug #2426: Increase negotiate auth token buffer size
2361 - Bug #2427: squid_ldap_group -h reports the old % codes for -f
2362 - Bug #2477: swap.state permission issues if crashing during "squid -k
2363 reconfigure"
2364 - Windows port: Fix build error using latest MinGW runtime.
2365
2366
2367
3ff01c3e 2368Older ChangeLog follows. The sections relating to Squid-2.6 is not entirely
2369authorative for this release and mirrored here for reference only.
f1233d8c 2370
467c94d1 2371 - CARP now plays well with the other peering algorithms,
2372 and support for CARP peerings is compiled by default. Can be
2373 disabled by --disable-carp
1741cbad 2374 - Configuration file can be read from an external program
2375 or preprocessor. See squid.8 man page.
52f772de 2376 - http_port is now optional, allowing for SSL only operation
4ca261f2 2377 - Satellite and other high latency peering relations enhancements
2378 (Robert Cohren)
a9245686 2379 - Nuked num32 types, and made type detection more robust by the
2380 use of typedefs rather than #defines.
b5fb34f1 2381 - the mailto links on Squid's ERR pages now contain data about the
2382 occurred error by default, so that the email will contain this data in
2383 its body. This feature can be disabled via the email_err_data directive.
9ae33c59 2384 (Clemens L?ser)
c8f4eac4 2385 - COSS now uses a file called stripe and the path in squid.conf is the
2386 directory this is placed in. Additionally squid -z will create the
2387 COSS swapfile.
14f5b6c3 2388 - WCCPv2 support, including mask assignment support
5401aa8d 2389 - HTCP support for access control and the CRL operation for
2390 purgeing of cache content
14f5b6c3 2391 - ICAP related fixes
2392 - Windows-related fixes, including Vista and Longhorn identification
2393 - Client-side parsing and some string use optimisations
2394 - Lots of off-by-one and memory leaks in corner cases have been fixed
2395 thanks to valgrind
2396 - Improved high-resolution profiling
2397 - Windows overlapped-IO and thread support added to the Async IO disk code
2398 - Improvements for handling large DNS replies
a7c8cce0 2399
3ff01c3e 2400Changes to squid-2.6.STABLE15 (31 Aug 2007)
2401
2402 - The select() I/O loop got broken by the /dev/poll addition
2403 (2.6.STABLE14)
2404 - Bug #2017: Fails to work around broken servers sending just the HTTP
2405 headers
2406 - Bug #2023: Compile error with old GCC 2.x or other ANSI-C compilers
2407 before C99
2408 - squid.conf.default updated and reorganised in more sensible groups
2409 - correct and document the syslog access_log format
2410 - Armenian error pages translation
2411 - digest_ldap_helper usage help updated
2412 - Bug #1560: ftpSendPasv: getsockname(-1,..): (9) Bad file descriptor
2413 - Improve delay pools in low traffic environment by checking timeouts
2414 at a steady 1 second interval even when there is not much activity
2415 - Don't request authentication on transparently intercepted
2416 connections
2417 - Cleanup linux capabilities for tproxy
2418 - Bug #2003: 'via' config directive doesn't affect response headers
2419 - Bug #1902: Adds Numeric Hit and invalid request counters to IP Cache
2420 - Add missing $|=1 to squid_db_auth
2421 - Bug #2050: Persistent connection dropped if cache has no
2422 Content-Length
2423 - Verify the URL on memory cache hits
2424 - Bug #2057: NTLM stop work in messengers after upgrade to 2.6.STABLE14
2425 - Bug #1972: Squid sets peers to down state when they are in fact
2426 working.
2427 - potential segmentation fault in storeLocateVary()
2428 - Bug #2066: chdir after chroot
2429 - Windows port: Fix compiler warnings when building Squid as
2430 application (not Windows service mode)
2431 - Spelling correction of received
2432
2433Changes to squid-2.6.STABLE14 (15 Jul 2007)
2434
2435 - squid.conf.default cleanup to have options in their proper sections.
2436 - documentation correction in the refresh_pattern ignore-auth option
2437 - URI-escaping not uses the recommended upper-case hex codes
2438 - refresh_pattern min-age 0 correted to really mean 0, and not 1 second
2439 - Always use xisxxxx() Squid defined macros instead of ctype
2440 functions.
2441 - Kerberos SPNEGO/Negotiate helper for the negotiate scheme
2442 - Database basic auth helper using Perl DBI to connect to most SQL DBs
2443 - Solaris /dev/poll network I/O support
2444 - configure fixes to make cross compilation somewhat easier
2445 - Removed incorrect -a reference from http_port documentation
2446 - Bug #1900: Double "squid -k shutdown" makes Squid restart again
2447 - Bug #1968: Squid hangs occasionally when using DNS search paths
2448 - Novell eDirectory digest auth helper (digest_edir_auth)
2449 - Bug #1130: min-size option for cache_dir
2450 - POP3 basic auth helper querying a POP3 server
2451 - Cosmetic squid_ldap_auth fixes from Squid-3
2452 - Bug #1085: Add no-wrap to cache manager HTML tables
2453 - Automatically restart if number of available filedescriptors becomes
2454 alarmingly low, preventing a situation where Squid would otherwise
2455 permanently stop processing requests.
2456 - Bug #2010: snmp_core.cc:828: warning: array subscript is above
2457 array bounds
2458 - Deal better with forwarding loops
2459
2460Changes to squid-2.6.STABLE13 (11 May 2007)
2461
2462 - Make sure reply headers gets sent even if there is no body available
2463 yet, fixing RealMedia streaming over HTTP issues.
2464 - Undo an accidental name change of storeUnregisterAbort.
2465 - Kill an ancient malplaced storeUnregisterAbort call from ftp.c
2466 - Bug #1814: SSL memory leak on persistent SSL connections
2467 - Don't log ECONNREFUSED/ECONNABORTED accept failures in cache.log
2468 - Cosmetic fix: added missing newline in WCCPv2 configuration dump.
2469 - Ukrainan error messages
2470 - Convert various error pages from DOS to UNIX text format
2471 - Bug #1820: COSS assertion failure t->length == MD5_DIGEST_CHARS
2472 - Clarify the max-conn=n cache_peer option syntax slightly
2473 - Bug #1892: COSS segfault on shutdown
2474 - Windows port: fix undefined ECONNABORTED
2475 - Make refreshIsCachable handle ETag as a cache validator, not
2476 only last-modified
2477 - in_port_t is not portable, use unsigned short instead
2478 - Fix fs / auth / snmp dependencies
2479 - Portability: statfs() may reqire #include <sys/statfs.h>
2480
2481Changes to squid-2.6.STABLE12 (20 Mar 2007)
2482
2483 - Assertion error on TRACE
2484
2485Changes to squid-2.6.STABLE11 (17 Mar 2007)
2486
2487 - Bug #1915: assertion failed: client_side.c:4055: "buf != NULL ||
2488 !conn->body.request"
2489 - Handle garbage helper responses better in concurrent protocol format
2490 - Fix kqueue when overflowing the changes queue
2491 - Make sure the child worker process commits suicide if it could
2492 not start up
2493 - Don't log short responses at debug level 1
2494 - Fix bswap16 & bwsap32 error on NetBSD
2495 - Fix collapsed_forwarding for non-GET requests
2496
2497Changes to squid-2.6.STABLE10 (4 Mar 2007)
2498
2499 - Upgrade HTTP/0.9 responses to our HTTP version (HTTP/1.0)
2500 - various diskd bugfixes
2501 - In the access.log hierarchy field log the unique peer name
2502 instead of the host name
2503 - unlinkdClose() should be called after (not before) storeDirSync()
2504 - CLEAN_BUF_SZ was defined, but never used anywhere
2505 - logging HTTP-request size
2506 - Fix icmp pinger communication on FreeBSD and other not supporing
2507 large dgram AF_UNIX sockets
2508 - Release objects on swapin failure
2509 - Bug #1787: Objects stuck in cache if origin server clock in future
2510 - Bug #1420: 302 responses with an Expires header is always cached
2511 - Primitive support for HTTP/1.1 chunked encoding, working around
2512 broken servers
2513 - Clean up relations between TCP probing and DNS checks of peers with
2514 no known addresses.
2515 - Fix a minor HTML coding error in ftp directory listings with // in
2516 the path
2517 - Bug #1875, #1420. Cleanup of refresh logics when dealing with
2518 non-refreshable content
2519 - Gopher cleanups and bugfixes
2520 - Negotiate authentication fixed again. Broken since STABLE7 by the
2521 patch for Bug #1792.
2522 - Bug #1892: COSS tries to shut down the same directory twice on exit
2523 - Bug #1908: store*DirRebuildFromSwapLog() ignores some SWAP_LOG_DEL
2524 entries
2525 - Added support for Subversion HTTP request methods MKACTIVITY,
2526 CHECKOUT and MERGE.
2527
2528Changes to squid-2.6.STABLE9 (24 Jan 2007)
2529
2530 - Bug #1878: If-Modified-Since broken in 2.6.STABLE8
2531 - Bug #1877 diskd bug in storeDiskdIOCallback()
2532
2533Changes to squid-2.6.STABLE8 (21 Jan 2007)
2534
2535 - Bug #1873: authenticateNTLMFixErrorHeader: state 4.
2536 - Document the https_port vhost option, useful in combination with
2537 a wildcard certificate
2538 - Document the existence of connection pinning / forwarding of NTLM
2539 auth and a few other features overlooked in the release notes.
2540 - Spelling correction of the ssl cache_peer option
2541 - Add back the optional "accel" http_port option. Makes accelerator
2542 mode configurations easier to read.
2543 - Bug #1872: Date parsing error causing objects to get unexpectedly
2544 cached.
2545 - Cleanup to have the access.log tags autogenerated from enums.h
2546 - Bug #1783: STALE: Entry's timestamp greater than check time. Clock
2547 going backwards?
2548 - Don't update object timestamps on a failed revalidation.
2549 - Fix how ftp://user@host URLs is rendered when Squid is built with
2550 leak checking enabled
2551
2552Changes to squid-2.6.STABLE7 (13 Jan 2007)
2553
2554 - Windows port: Fix intermittent build error using Visual Studio
2555 - Add missing tproxy info from the dump of http port configuration
2556 - Bug #1853: Support for ARP ACL on NetBSD
2557 - clientNatLookup(): fix wrong function name in debug messages
2558 - Convert ncsa_auth man page from DOS to Unix text format.
2559 - Bug #1858: digest_ldap_auth had some remains of old hash format
2560 - Correct the select_loops counter when using select(). Was counted twice
2561 - Clarify the http_port vhost option a bit
2562 - Fix cache-control: max-stale without value or bad value
2563 - Bug #1857: Segmentation fault on certain types of ftp:// requests
2564 - Bug #1848: external_acl crashes with an infinite loop under high load
2565 - Bug #1792: max_user_ip not working with NTLM authentication
2566 - Bug #1865: deny_info redirection with authentication related acls
2567 - Small example on how to use the squid_session helper
2568 - Bug #1863: cache_peer monitorurl, monitorsize and monitorinterval not working properly
2569 - Clarify the transparent http_port option a bit more
2570 - Bug #1828: squid.conf docutemtation error for proxy_auth digest
2571 - Bug #1867: squid.pid isn't removed on shutdown
2572
2573Changes to squid-2.6.STABLE6 (12 Dec 2006)
2574
2575 - Bug #1817: Assertion failure assert(buflen >= copy_sz) in htcp.c htcpBuildAuth()
2576 - Add client source port logformat tag >p
2577 - Cleanup of transparent & accelerator mode request parsing to untangle the firewall dependencies a bit
2578 - Bug #1799: Harmless 1 byte buffer overflow on long host names in /etc/hosts
2579 - automake no longer recommends mkinstalldirs. Removed.
2580 - Only use crypt() if it's available, allowing ncsa_auth to be built
2581 on platofms without crypt() support.
2582 - Windows port documentation updates
2583 - Bug #1818: Assertion failure assert(e->swap_dirn >= 0) in fs/coss/store_dir_coss.c storeCoss_DeleteStoreEntry
2584 - Bug #1117: assertion failed: aufs/store_dir_aufs.c:642: "rb->flags.need_to_validate"
2585 - Remove extra newline in redirect message sent by deny_info http://... aclname
2586 - Bug #1805: assertion failed: StatHist.c:195: "D[i] >= 0"
2587 - Clarify the external_acl_type helper format specification and some defaults
2588 - Add support for the weight= parameter to round-robin peers
2589 - Bug #1832: Error building squid-2.6.STABLE5 using --enable-truncate
2590 - Convert snmpDebugOid to use a temporary String object instead of strcat
2591 - Document that proxy_auth also accepts -i for case-insensitive operation
2592 - Remove malloc/free of temporary buffer in time parsing routines.
2593 - Reduce memory allocator pressure by not continually allocating client-side read buffers
2594 - Accept large dates >2^31 on 64-bit platformst. Seen for example in the Google logo.
2595 - Convert the connStateData->chr single link list to a normal dlink_list for clarity.
2596 - Bug #1584: Unable to register with multiple WCCP2 routers
2597 - Fix the WCCPv2 mask assignment code to not crash as the value assignments are built.
2598 - Bug #439: Multicast ICP peering is unstable and considers most peers dead
2599 - Bug #1801: NTLM authentication ends up in a loop if the server responds with a retriable error
2600 - Bug #1839: Cosmetic debug message cleanup in peerHandleHtcpReply.
2601 - Bug #1840: Disable digest and netdb queries to multicast peers
2602 - Bug #1641: assertion failed: stmem.c:149: "size > 0" while processing certain Vary objects
2603 - Fix build errors when using latest MinGW Windows environment
2604
2605Changes to squid-2.6.STABLE5 (3 Now 2006)
2606
2607 - Bug #1776: 2.6.STABLE4 aufs fails to compile if coss isn't enabled
2608 - COSS improvements and cleanups
2609 - SNMP linking issue resolved, enabling SNMP support to be build in all platforms
2610 - Bug #1784: access_log syslog results in blanks syslog lines between every entry
2611 - Bug #1719: Incorrect error message on invalid cache_peer specifications
2612 - Bug #1785: Memory leak in handling of negatively cached objects
2613 - Bug #1780: Incorrect Vary processing in combination with collapsed_forwarding
2614 - Bug #1782: Memory leak in ncsa_auth on password changes
2615 - Suppress some annoying coss startup messages raising the debug level to 2.
2616 - Clarify the external_acl_helper concurrency= change.
2617 - aioDone() could be called twice from aufs and from coss (when using AIOPS) during shutdown.
2618 - Bug #1794: Accept 00:00-24:00 as a valid time specification even if redundand and the same as 00:00-23:59
2619 - Bug #1795: Theoretical memory leak in storeSetPublicKey
2620 - Removing port 563 from the default SSL_ports and Safe_ports ACLs
2621 - Bug #1724: Automatically enable Linux Netfilter support with --enable-linux-tproxy.
2622 - Bug #1800: squid -k reconfigure crash when using req/rep_header acls
2623 - Clarify the select/poll/kqueue/epoll configure --enable/disable options
2624 - Bug #1779: Delay pools fairness when multiple connections compete for bandwidth
2625 - Bug #1802: Crash on exit in certain conditions where cache.log is not writeable
2626 - Bug #1796: Assertion error HttpHeader.c:914: "str"
2627 - Bug #1790: Crash on wccp2 + mask assignement + standard wccp service
2628 - Silence harmless gcc compile warning.
2629 - Clean up poll memory on shutdown
2630 - Ported select, poll and win32 to new comm event framework
2631 - Windows port: Correctly identify Windows Vista and Windows Server Longhorn
2632 - Added a basic comm_select_simple comm loop only requiring minimal POSIX compliance.
2633 - Safeguard from kb_t counter overflows on 32-bit platforms
2634
2635Changes to squid-2.6.STABLE4 (23 Sep 2006)
2636
2637 - Bug #1736: Missing Italian translation of ERR_TOO_BIG error page
2638 - Windows port enhancement: added native exception handler with signal emulation
2639 - Fix the %un log_format tag again. Got broken in 2.6.STABLE2
2640 - Fix Squid crash when using %a in ERR_INVALID_REQ and ERR_INVALID_URL error messages.
2641 - Bug #212: variable %i always 0.0.0.0 in many error pages
2642 - Bug #1708: Ports in ACL accepts characters and out of range
2643 - Bug #1706: Squid time acl accepts invalid time range.
2644 - Fix another harmless fake_auth compiler warning on gcc 4.1.1 x86
2645 - Fix an harmless snmp_core.c compiler warning on gcc 4.1.1 x86
2646 - Bug #1744: squid-2.6.STABLE3 - fakeauth_auth crashing on certain requests
2647 - Bug #1746: Harmless off by one overrun in ncsa_auth md5 password validation
2648 - Bug #1598: start_announce cannot be disabled
2649 - Periodically flush cache.log to disk when "buffered_logs on" is set
2650 - Numerous COSS improvements and fixes
2651 - Windows port: merge of MinGW support
2652 - Windows port: Merged Windows threads support into aufs
2653 - Bug #1759: Windows port cachemgr.cgi attempts to write to file system root directory
2654 - Numerous portability fixes
2655 - Various minor statistics cleanup on 64-bit hosts with more than 4GB of memory
2656 - Bug #1758: HEAD on ftp:// URLs always returned 200 OK.
2657 - Bug #1760: FTP related memory leak
2658 - Bug #1770: WCCP2 weighted assignment
2659 - Bug #1768: Redundant DNS PTR lookups
2660 - Bug #1696: Add support for wccpv2 mask assignment
2661 - Bug #1774: ncsa_auth support for cramfs timestamps
2662 - Bug #1769: near-hit and filedescriptor usage missing in SNMP MIB
2663 - Bug #1725: cache_peer login=PASS documentation somewhat confusing
2664 - Bug #1590: Silence those ETag loop warnings
2665 - Bug #1740: Squid crashes on certain malformed HTTP responses
2666 - Bug #1699: assertion failed: authenticate.c:836: "auth_user_request != NULL"
2667 - Improve error reporting on unexpected CONNECT requests in accelerator mode
2668 - Cosmetic change to increase cache.log detail level on invalid requests
2669 - Bug #1229: http_port and other directives accept invalid ports
2670 - Reject http_port specifications using both transparent and accelerator options
2671 - Cosmetic cleanup to not dump stacktraces on configuration errors
2672
2673
2674Changes to squid-2.6.STABLE3 (18 Aug 2006)
2675
2676 - Bug #1577: assertion failed "fm->max_n_files <= (1 << 24)" on
2677 very large cache_dir. Limit number of objects stored to slightly
2678 less to avoid this.
2679 - Bug #1705: Correct error message on invalid time weekday specification
2680 - Don't attempt to guess netmask in src/dst acl specifications
2681 if none was provided. Assume it's an IP even if it ends in 0
2682 - Bug #1665: log_format %ue, %us tags for external or ssl user id
2683 - Bug #1707: delay pools often ignored the set limit
2684 - Bug #1716: Support for recent OpenSSL 0.9.7 versions
2685 (0.9.8 always worked)
2686 - COSS fixes and performance improvements
2687 - Memory leak when reading configuration files with overlapping
2688 ACL data where squid -k parse complains.
2689 - Memory leak related to pinned connections
2690 - Show include acls unexpanded in cachemgr configuration dumps
2691 - Fixed WARNING defer handler for HTTP Socket does not call commDeferFD
2692 - Bug #1304: Downloads may hang when using the cache_dir max-size option
2693 - Optimization of network I/O
2694 - Bug #1730: make problem with --enable-follow-x-forwarded-for on Solaris
2695 - Fixed a memory leak on certain invalid requests
2696 - Bug #1733: ERR_CANNOT_FORWARD Portuguese translation update
2697 - Bug #582: ntlm fake_auth not handles non-ascii login names
2698 - New startup message indicating the type of event loop used
2699 - Bug #1602: TCP fallback on truncated DNS responses
2700 - Bug #1667: assertion failed: store.c:1081: "e->store_status == STORE_PENDING"
2701 - Bug #1723: cachemgr now works in accelerator mode
2702
2703Changes to squid-2.6.STABLE2 (31 Jul 2006)
2704
2705 - WCCP2 doesn't update statCounter.syscalls.sock.sendtos counter.
2706 - Releasenotes Table of contents should use relative links without
2707 filename.
2708 - Reject HTTP/0.9 formatted CONNECT requests.
2709 - Cosmetic cleanup to use safe_free instead of xfree + manual
2710 assign to NULL
2711 - Bug #1650: transparent interception "Unable to forward this
2712 request at this time"
2713 - Bug #1658: Memory corruption when using client-side SSL certificates
2714 - Add storeRecycle; a storeIO method to delete a StoreEntry w/out
2715 deleting the underlying object.
2716 - Many COSS fixes and new coss data dumper utility for diagnostics
2717 - Bug #1669: SEGV in storeAddVaryReadOld
2718 - Many fixes in debug sections and spelling of debug messages
2719 - Don't keep client connection persistent if there was a mismatch in
2720 the response size.
2721 - Move eventCleanup debug messages to debug level 2 (was 0)
2722 - Add the missing concurrency parameters to basic and digest auth
2723 schemes
2724 - Bug #1670: assertion failure: i->prefix_size > 0 in client_side.c:2509
2725 - Log SSL user id in the custom log User name format (%un)
2726 - Bug #1653: Username info not logged into Cachemgr active_requests
2727 statistics
2728 - Added to the redirectors interface the support for SSL client
2729 certificate
2730 - squid.conf.default cleanup to remove references to old options
2731 - Fix many filedescriptors in combination with TPROXY
2732 - Fix connection pinning in transparently intercepted connections
2733 - Bug #1679: LDFLAGS not honored in some programs.
2734 - Minor cleanup of port numbers in transparent interception or
2735 vhost + vport
2736 - Bug #1671: transparent interception fails with FreeBSD ipfw or
2737 Linux-2.2 ipchains
2738 - Bug #1660: Accept-Encoding related memory corruption
2739 - Bug #1651: Odd results if url_rewriter defined multiple times
2740 - Bug #1655: Squid does not produce coredumps under linux when
2741 started as root
2742 - Bug #1673: cache digests not served to other caches
2743 - Cleanup of Linux capability code used by tproxy
2744 - Bug #1684: xstrdup: tried to dup a NULL pointer!
2745 - Bug #1668: unchecked vsnprintf() return code could lead to log
2746 corruption
2747 - Bug #1688: Assertion failure in HttpHeader.c in some header_access
2748 configurations
2749 - Cygwin support fir --disable-internal-dns
2750 - Silence those annoying sslReadServer: Connection reset by peer
2751 errors.
2752 - Bug #1693: persistent connections broken in transparent
2753 interception mode
2754 - Bug #1691: multicast peering issues
2755 - Bug #1696: Correct WCCP2 processing of router capability info
2756 segments
2757 - Bug #1694: Assertion failure in mgr:config if using
2758 access_log_format %<h
2759 - Bug #1677: Duplicate etags in the If-None-Match header
2760 - Bug #1665: access_log_format codes for login names from external
2761 acl or ssl
2762 - Bug #1681: All ntlmauthenticator processes are busy
2763 - Added ARP acl support for OpenBSD and ARP fixes for Windows
2764 - Bug #1700: WCCP fails on FreeBSD (Unable to disconnect WCCP out
2765 socket)
2766 - WCCP2 correct dampening of assign buckets when there it lots of
2767 changes
2768 - minimum_expiry_time to tune the magic 60 seconds limit of what
2769 is considered cachable when the object doesn't have any cache
2770 validators.
2771 - Bug #1703: wrong path to diskd helper corrected, and config
2772 parser extended to trap incorrect paths early
2773 - Bug #1703: COSS failed to initialize async-io threads
2774 - Bug #1703: should abort if diskd helper exits unexpectedly
2775 - Bug #1702: Warn if acl name is too long
2776 - Bug #1685: Crashes or other odd results after storeSwapMetaUnpack: errors
2777 - wccp2_rebuild_wait directive to delay registering with WCCP until the
2778 - Bug #1662: Infinite loop in external acl with grace period if the
2779 same http_access line had multiple external acls
2780
2781Changes to squid-2.6.STABLE1 (1 Jul 2006)
2782
2783 - New --enable-default-hostsfile configure option
2784 - Added username info to active_requests cachemgr stats
2785 - Modified squid MIB to incorporate squid.conf visible_hostname
2786 - Added multi-line capability in squid.conf
2787 - Added new httpd_suppress_version_string configuration directive
2788 - WCCPv2 support
2789 - Negotiate authentication scheme support
2790 - NTLM authentication scheme rewritten
2791 - Customizable access log formats
2792 - Selective access logging
2793 - Access logging via syslog
2794 - Reverse proxy enhancements, with new cache_peer based forwarding
2795 model.
2796 - LDAP based Digest helper (Note: not true LDAP integration, just using
2797 LDAP for storage of the Digest hashes)
2798 - Improved helper communication protocol
2799 - External ACL improvements. %PATH, log=, grace=, and more..
2800 - Improved SSL support with hardware offload, client certificate
2801 support (primitive), chained certificates and numerous bug fixes
2802 - DNS lookups now use the search path from /etc/resolv.conf or
2803 the Windows registry
2804 - Linux epoll support
2805 - collapsed forwarding to optimize reverse proxies or other
2806 setups having very many clients going to the same URL
2807 - New improved COSS implementation
2808 - Optional support for blank passwords
2809 - The old and obsolete Samba-2.2.X winbind helpers have been removed
2810 - external acls now uses the simplified URL-escaped protol "3.0" by
2811 default.
2812 - Linux TPROXY support
2813 - Support for proxying of Microsoft Integrated Login by adding
2814 support for the deviations from the HTTP protocol required
2815 to support these authentication mechanisms
2816 - Added the capability to run as a Windows service under Cygwin
2817 - CARP now plays well with the other peering algorithms
2818 - read_ahead_gap option to read ahead more than 16KB of the reply
2819 - check_hostnames and allow_underscore squid.conf options
2820 - http_port is now optional, allowing for SSL only operation
2821 - Full ETag/Vary support, caching responses which varies with
2822 request details (browser, language etc).
2823 - umask now defaults to 027 to protect the content of cache and
2824 log files from local users
2825 - HTCP support for access control and the CRL operation for
2826 purgeing of cache content
2827 - Optionally follow X-Forwarded-For headers to determine the original
2828 client IP behind sedond level proxies
2829 - FreeBSD kqueue support
2830
2831Changes to squid-2.5.STABLE14 (20 May 2006)
2832 - [Minor] icons not displayed when visible_hostname is a
2833 short hostname (without domain). (Bug #1532)
2834 - [Medium] Memleak in HTCP client code (default disabled)
2835 (Bug #1553)
2836 - [Major] memory leak in ident processing (Bug #1557)
2837 - [Medium] Memory leak in header processing related to external_acl
2838 header detail format tag (Bug #1564)
2839
2840Changes to squid-2.5.STABLE13 (12 Mar 2006)
2841 - [Minor] Fails to compile on Solaris and some other platforms
2842 with undefined reference to setenv (Bug #1435)
2843 - [Cosmetic] Added WebDAV REPORT method to know HTTP methods list
2844 - [Minor] Squid ntlm_auth (not the Samba provided one) giving
2845 odd results if --enable-ntlm-fail-open is used (Bug #1022)
2846 - [Minor] wbinfo_group.pl doesn't work with Samba 3.0.21 and later
2847 (Bug #1472)
2848 - [Minor] Squid crash when asyncio function counters url accessed
2849 from Cachemgr CGI (Bug #1464)
2850 - [Cosmetic] Linux compile warning about prctl called with too few
2851 arguments (Bug #1483)
2852 - [Minor] Wrong timezone declaration for 64 bit Irix (Bug #1479)
2853 - [Minor] Some 206 responses logged incorrectly (Bug #1511)
2854 - [Minor] Issues in processing ranges on objects >2GB (Bug #437)
2855 - [Cosmetic] Segmentation fault on empty proxy_auth ACLs (Bug #1414)
2856 - [Minor] Ident access lists don't work in delay_access statements
2857 (Bug #1428)
2858 - [Minor] Some clients support NTLM even if not initially negotiating
2859 persistent connections (Bug #1447)
2860 - [Medium] 504 Gateway Time-out on FTP uploads (Bug #1459)
2861 - [Medium] delay pools given too much bandwidht after "-k reconfigure"
2862 (Bug #1481)
2863 - [Cosmetic] New persistent_connection_after_error configuration
2864 directive (Bug #1482)
2865 - [Cosmetic] Hangs at 100% CPU if /dev/null is not accessible (Bug
2866 #1484)
2867 - [Minor] Fails to compile on Fedora Core 5 test 2 x86_64 (Bug #1492)
2868 - [Cosmetic] Typo in ftp.c (Bug #1507)
2869 - [Cosmetic] Error in FTP listings of files with -> in their name
2870 (Bug #1508)
2871 - [Cosmetic] With Squid-2.5 there is no more the DUPLICATE IP logging
2872 in cache.log (Bug #779)
2873 - [Minor] Fails to process long host names (Bug #1434)
2874 - [Cosmetic] Azerbaijani errors translation (Bug #1454)
2875 - [Cosmetic] misleading error message message for bad/unresolveable
2876 cache_peer name (Bug #1504)
2877 - [Cosmetic] confusing statistics on stateful helpers (NTLM auth)
2878 (Bug #1506)
2879 - [Major] connstate memory leak (Bug #1522)
2880
2881Changes to squid-2.5.STABLE12 (22 Oct 2005)
2882
2883 - [Major] Error introduced in 2.5.STABLE11 causing truncated responses
2884 when using delay pools (Bug #1405)
2885 - [Cosmetic] Document that tcp_outgoing_* works badly in combination
2886 with server_persistent_connections (Bug #454)
2887 - [Cosmetic] Add additinal tracing to squid_ldap_auth making
2888 diagnostics easier on squid_ldap_auth configuration errors
2889 (Bug #1395)
2890 - [Minor] $HOME not set when started as root (Bug #1401)
2891 - [Minor] httpd_accel_single_host breaks in combination with
2892 server_persistent_connections (Bug #1402)
2893 - [Cosmetic] Setting CACHE_HTTP_PORT to configure was only partially
2894 implemented, effectively ignored. (Bug #1403)
2895 - [Minor] CNAME based DNS addresses could get cached for longer
2896 than intended (Bug #1404)
2897 - [Minor] Incorrect handling of squid-internal-dynamic/netdb exchanges
2898 in transparently intercepting proxies (Bug #1410).
2899 - [Minor] Cache revalidations on HEAD requests causing poor cache
2900 hit ratio (Bug #1411).
2901 - [Minor] Not possible to send 302 redirects via a redirector in
2902 response to CONNECT requests (bug #1412)
2903 - [Minor] Incorrect handling of Set-Cookie on cache refreshes (Bug
2904 #1419)
2905 - [Major] Segmentation fault crash in rfc1738_do_escape (Bug #1426)
2906 - [Minor] Delay pools class 3 fails on clients in network 255
2907 (Bug #1431)
2908
2909Changes to squid-2.5.STABLE11 (22 Sep 2005)
2910
2911 - [Minor] Workaround for servers sending double content-length headers
2912 (Bug #1305)
2913 - [Cosmetic] Updated Spanish error messages by Nicolas Ruiz
2914 - [Cosmetic] Date header corrected on internal objects (icons etc)
2915 (Bug #1275)
2916 - [Minor] squid -k fails in combination with chroot after patch for
2917 bug 1157 (Bug #1307)
2918 - [Cosmetic] Segmentation fault if compiled with
2919 --enable-ipf-transparent but denied access to the NAT device.
2920 (Bug #1313)
2921 - [Minor] httpd_accel_signle_host incompatible with redireection
2922 (Bug #1314)
2923 - [Minor] squid -k reconfigure internal corruption if the type of
2924 a cache_dir is changed (Bug #1308)
2925 - [Minor] SNMP GETNEXT fails if the given OID is outside the Squid MIB
2926 (Bug #1317)
2927 - [Minor] Title in FTP listings somewhat messed up after previous
2928 patch for bug 1220 (Bug #1220)
2929 - [Minor] FTP listings uses "BASE HREF" much more than it needs to,
2930 confusing authentication. (Bug #1204)
2931 - [Minor] winfo_group.pl only looked for the first group if multiple
2932 groups were defined in the same acl. (Bug #1333)
2933 - [Cosmetic] Compiler warnings on some 64-bit platforms (Bug #1316)
2934 - [Cosmetic] Removed some debug output from wb_ntlm_atuh (Bug #518)
2935 - [Cosmetic] The new --with-build-environment=... option doesn't work
2936 - [Cosmetic] New 'mail_program' configuration option in squid.conf
2937 - [Minor] Fails to compile with ip-filter and ARP support on Solaris
2938 x86 (Bug #199)
2939 - [Major] Segmentation fault in sslConnectTimeout (Bug #1355)
2940 - [Medium] assertion failed in StatHist.c:93 (Bug #1325)
2941 - [Minor] More chroot_dir and squid -k reconfigure issues (Bug #1331)
2942 - [Cosmetic] Invalid URLs in error messages when failing to connect
2943 to peer, and a few other inconsistent error messages (Bug #1342)
2944 - [Cosmetic] Fails to compile with glibc -D_FORTIFY_SOURCE=2
2945 (Bug #1344)
2946 - [Minor] Some odd FTP servers respond with 250 where 226 is expected
2947 (Bug #1348)
2948 - [Cosmetic] Greek translation of error messages (Bug #1351)
2949 - [Major] Assertion failed store_status == STORE_PENDING (Bug #1368)
2950 - [Minor] squid_ldap_auth -U does not work (Bug #1370)
2951 - [Minor] SNMP cacheClientTable fails on "long" IP addresses
2952 (Bug #1375)
2953 - [Minor] Solaris Sparc + IP-Filter compile error (Bug #1374)
2954 - [Minor] E-mail sent when cache dies is blocked from many antispam
2955 rules (Bug #1380)
2956 - [Minor] LDAP helpers does not work with TLS (-Z option) (Bug #1389)
2957 - [Cosmetic] Incorrect store dir selection debug message on objects
2958 larger than 2Gigabyte (Bug #1343)
2959 - [Cosmetic] header_id enum misused as an signed integer (Bug #1343)
2960 - [Cosmetic] Allow leaving core dumps when started as root (Bug #1335)
2961 - [Medium] Clients could bypass delay_pool settings by faking a cache
2962 hit request (Bug #500)
2963 - [Minor] IP-Filter 4.X support (Bug #1378)
2964 - [Medium] Odd results on pipelined CONNECT requests
2965 - [Major] Squid crashing with "FATAL: Incorrect scheme in auth header"
2966 when using NTLM authentication.
2967 - [Cosmetic] Odd results when pipeline_prefetch is combined with NTLM
2968 authentication (bug #1396)
2969 - [Minor] invalid host was processed as IP 255.255.255.255 in dst acl
2970 (Bug #1394)
2971 - [Cosmetic] New --with-maxfd=N configure option to override build
2972 time filedescriptor limit test
2973 - [Minor] Added support for Windows code name "Longhorn" on Cygwin.
2974
2975Changes to squid-2.5.STABLE10 (17 May 2005)
2976
2977 - [Minor Security] Fix race condition in relation to old Netscape
2978 Set-Cookie specifications
2979 - [Minor] Fails to parse D.J. Bernstein's FTP EPLF ftp listing
2980 format and PASV resposes (Bug #1252)
2981 - [Medium] BASE HREF missing on ftp directory URLs without /
2982 (Bug #1253)
2983 - [Minor security] confusing http_access results on configuration
2984 error (Bug #1255)
2985 - [Cosmetic] More robust Date parser (Bug #321)
2986 - [Minor] reload_with_ims fails to refresh negatively cached objects
2987 (Bug #1159)
2988 - [Cosmetic] delay_access description clarification (Bug #1245)
2989 - [Cosmetic] Check for integer overflow in size specifications in
2990 squid.conf (Bug #1247)
2991 - [Cosmetic] bzero is a non-standard function not available on all
2992 platforms (Bug #1256)
2993 - [Cosmetic] Compiler warnings if pid_t is not an int (Bug #1257)
2994 - [Cosmetic] Incorrect use of ctype functions (Bug #1259)
2995 - [Cosmetic] Defer digest fetch if the peer is not allowed to be used
2996 (Bug #1261)
2997 - [Minor] Duplicate content-length headers logged incorrectly or
2998 not cleaned up properly (Bug #1262)
2999 - [Cosmetic] Extend relaxed_header_parser to work around "excess
3000 data from" errors from many major web servers. (Bug #1265)
3001 - [Minor] Add HTTP headers to a netdb error messages
3002 - [Minor] Multiple minor aufs issues (Bug #671)
3003 - [Minor] Basic authentication fails with very long logins or
3004 password (Bug #1171)
3005 - [Minor] CONNECT requests truncated if client side disconnects first
3006 (Bug #1269)
3007 - [Minor] --disable-hostname-checks configure option did not work
3008 - [Cosmetic] LDAP helpers adjusted to compile with SUN LDAP SDK
3009 - [Cosmetic] aufs warning about open event filedescriptors on shutdown
3010 - [Medium] Failed to process requests for files larger than 2GB in size
3011 - [Cosmetic] rename() related cleanup
3012 - [Cosmetic] New cachemgr pending_objects and client_objects actions
3013 - [Cosmetic] external acls requiring authentication did not request
3014 new credentials on access denials like proxy_auth does.
3015 - [Cosmetic] Syslog facility now configurable via command line options.
3016 - [Cosmetic] New %a error page template code expanding into the
3017 authenticated user name. (Bug #798)
3018 - [Minor] IP-Filter 4.0 support in --enable-ipf-transparent
3019 - [Minor] Support interception of multiple ports
3020 - [Cosmetic] Allow "squid -k ..." to run even if the local hostname
3021 can not be determined (Bug #1196)
3022 - [Cosmetic] Configuration file parser now handles DOS/Windows formatted
3023 configuration files with CRLF lineendings proper.
3024 - [Minor] Unrecognized Cache-Control directives now forwarded properly
3025 (Bug #414)
3026 - [Minor] Authentication helpers now returns useable information
3027 in the %m error page macro on failed authentication (Bug #1223)
3028 - [Minor] pid file management corrected in chroot use (Bug #1157)
3029 - [Minor Security] Fix for CVE-1999-0710: cachemgr malicouse use.
3030 cachemgr.cgi now reads a config file telling which proxy servers
3031 it can administer.
3032 - [Minor] aufs statistics improvements
3033 - [Minor] SNMP bugfixes and support for SNMPv2(c) (Bug #1288, #1299)
3034 - [Minor] ARP acl documentation and cachemgr config dump corrections
3035 - [Minor] dstdomain/dstdom_regex acls now allow matching of numeric
3036 hostnames in addition to the reverse lookup of the domain name.
3037 - [Security] Internal DNS client hardened against spoofing
3038
3039Changes to squid-2.5.STABLE9 (24 Feb 2005)
3040
3041 - [Medium] Don't retry requests on 403 errors (Bug #1210)
3042 - [Minor] Ignore invalid FQDN DNS responses (Bug #1222)
3043 - [Minor] cache_peer related memory leaks on reconfigure (Bug #1246)
3044 - [Cosmetic] Adjusted to build cleanly with GCC-4 (Bug #1211)
3045 - [Minor] relaxed_header_parser extended to work around even more
3046 broken web servers (Bug #1242)
3047 - [Minor] FTP gatewaying URLs cleaned up slightly, mainly to work
3048 better with Mozilla but also to improve security slightly on
3049 non-anonymous FTP.
3050 - [Minor] High characters allowed un-encoded in FTP and Gopher
3051 listings to allow the user-agent to display data in non-iso8859-1
3052 charsets. (Bug #1220)
3053 - [Cosmetic] format fixes to silence compiler warnings on many
3054 platforms.
3055 - [Major] Assertion failures on certain odd DNS responses (Bug #1234)
3056
3057Changes to squid-2.5.STABLE8 (11 Feb 2005)
3058
3059 - [Minor] 100% CPU usage on half-closed PUT/POST requests (Bug #354,
3060 #1096)
3061 - [Cosmetic] Document -v (protocol version) option to LDAP helpers
3062 - [Minor] The new req_header and resp_header acls segfaults
3063 immediately on parse of squid.conf (Bug #961)
3064 - [Minor] Failure to shut down busy helpers on -k rotate/reconfigure
3065 (Bug #1118)
3066 - [Minor] Don't use O_NONBLOCK on disk files. (Bug #1102)
3067 - [Minor] Squid fails to close TCP connection after blank HTTP
3068 response (Bug #1116)
3069 - [Minor security] Random error messages in response to malformed
3070 host name (Bug #1143)
3071 - [Minor] PURGE should not be able to delete internal objects
3072 (Bug #1112)
3073 - [Minor] httpd_accel_port 0 (virtual) not working correctly (Bug
3074 #1121)
3075 - [Minor] cachemgr vm_objects segfault (Bug #1149)
3076 - [Minor security] Confusing results on empty acl declarations (Bug
3077 #1166)
3078 - [Minor] Don't close all "other" filedescriptors on startup (Bug
3079 #1177)
3080 - [Minor] fakeauth_auth memory leak and NULL pointer access (Bug
3081 #1183)
3082 - [Security] buffer overflow bug in gopherToHTML() (Bug #1189)
3083 - [Medium security] Denial of service with forged WCCP messages
3084 (Bug #1190)
3085 - [Minor] DNS related memory leak on certain malformed DNS responses
3086 (Bug #1197)
3087 - [Minor] Internal DNS sometimes truncates host names in reverse
3088 (PTR) lookups (Bug #1136)
3089 - [Minor Security] Add sanity checks on LDAP user names (Bug #1187)
3090 - [Security] Harden Squid against HTTP request smuggling attacks
3091 - [Minor] Icon URLs fails in non-anonymous FTP directory listings is
3092 short_icon_urls is on (Bug #1203)
3093 - [Security] Harden Squid against HTTP response splitting attacks
3094 (Bug #1200)
3095 - [Medium security] Buffer overflow in WCCP recvfrom() call
3096 (Bug #1217)
3097 - [Security] Properly handle oversized reply headers (Bug #1216)
3098 - [Minor] LDAP helpers search fixed to properly ask for no attributes
3099 - [Minor] A sporadic segmentation fault when using ntlm authentication
3100 fixed (Bug #1127)
3101 - [Major] Segmentation fault on failed PUT/POST requests (Bug #1224)
3102 - [Medium] Persistent connection mismatch on failed PUT/POST request
3103 (Bug #1122)
3104 - [Minor] WCCP easily disturbed by forged packets (Bug #1225)
3105 - [Minor] Password management in ftp:// gatewaying improved (Bug #1226)
3106 - [Major] HTTP reply data corruption in certain situations involving
3107 reply headers split over multiple packets (Bug #1233)
3108
3109Changes to squid-2.5.STABLE7 (11 Oct 2004)
3110
3111 - [Medium] No objects cached in ufs cache_dir type in some
3112 configurations. Issue introduced in 2.5.STABLE6 by the patch for
3113 Bug #676. (Bug #1011)
3114 - [Minor] LDAP helpers update to correct LDAP connection management
3115 and add support for literal password compare instead of binding
3116 - [Minor] A large number of queued DNS lookups for the same domain
3117 (Bug #852)
3118 - [Cosmetic] request_header_max_size configuration partly ignored
3119 (Bug #899)
3120 - [Minor] Partial hit results in TCP_HIT, not TCP_MISS. (Bug #1001)
3121 - [Cosmetic] HEAD requests may return stale information
3122 (Bug #1012)
3123 - [Cosmetic] Warn if cache_dir ufs can not create files. (Bug #918)
3124 - [Minor] case insensitive authentication (Bug #431)
3125 - [Cosmetic] Add delay pools information to active_requests. (Bug
3126 #882)
3127 - [Minor] Apparent memory leak in client_db (Bug #833)
3128 - [Minor] NTLM authentication truncated causing failures. (Bug
3129 #1016)
3130 - [Cosmetic] Grammatical corrections in squid.conf.default
3131 - [Cosmetic] Unknown %X errorpage codes incorrectly quoted. (Bug
3132 #1030)
3133 - [Medium] Segfaults and other strange crashes when using heap
3134 policies. (Bug #1009)
3135 - [Minor] Supplementary group memberships not set (Bug #1021)
3136 - [Cosmetic] ERR_TOO_BIG Portuguese translation
3137 - [Minor] external_acl does not handle newlines (Bug #1038)
3138 - [Major] NTLM authentication denial of service when using msnt_auth
3139 or fake_auth (Bug #1045)
3140 - [Medium] Memory leaks when using NTLM authentication without
3141 challenge reuse. (Bug #994)
3142 - [Minor] Temporary NTLM memory leak with challenge reuse enabled
3143 (Bug #910)
3144 - [Minor] assertion failed: "n_ufs_dirs <=
3145 Config.cacheSwap.n_configured". (Bug #1053)
3146 - [Minor] Segfault in authenticateDigestHandleReply. (Bug #1031)
3147 - [Minor] acl time fails to parse multiple time specifications
3148 (Bug #1060)
3149 - [Minor] cachemgr config dumps mixed up Range and Request-Range
3150 headers in http_header_access & replace directives. (Bug #1056)
3151 - [Minor] Content-Disposition added as a well known header (Bug #961)
3152 - [Cosmetic] Don't warn about arp acls not being supported on FreeBSD
3153 (Bug #1074)
3154 - [Cosmetic] Limit internal send/receive buffer sizes (Bug #1075)
3155 - [Medium] New acl types to match arbitrary HTTP headers. In addition
3156 the http_header_access & replace directives now support arbitrary
3157 headers and not only the well known ones. (Bug #961)
3158 - [Cosmetic] ncsa_auth now accepts Window formatted password files
3159 (Bug #1078)
3160 - [Cosmetic] Support the --program-prefix/suffix options or other
3161 configure program name transforms (Bug #1019)
3162 - [Minor] Fix race condition in CONNECT and also handle aborts of
3163 CONNECT requests in a more graceful manner. (Bug #859)
3164 - [Minor] New balance_on_multiple_ip directive to work around certain
3165 broken load balancers and optimized ipcache on reload requests
3166 (Bug #1058)
3167 - [Medium] New reply_header_max_size directive
3168 (Bug #874)
3169 - [Minor] Suspected instability on aborted PUT/POST requests
3170 (Bug #1089)
3171 - [Security] SNMP Denial of Service fix (CAN-2004-0918)
3172
3173Changes to squid-2.5.STABLE6 (9 Jul 2004)
3174
3175 - Bug #937: NTLM assertion error "srv->flags.reserved"
3176 - Bug #935: squid_ldap_auth can be confused by the use of reserved
3177 characters
3178 - Helper queue warnings imprecise on the number of helpers required
3179 - squid_ldap_auth TLS mode works correctly again
3180 - Bug #940, #305: pkg-config support for finding correct OpenSSL
3181 compile flags
3182 - Bug #426: "Vary: *" is ignored
3183 - 100% CPU usage on Linux-2.2
3184 - Version number should not include -CVS if autoconf is run
3185 - Bug #947: deny_info redirection with requested URL escaped wrongly
3186 - Bug #495: CONNECT timeout should produce a 504 or 503
3187 - Bug #956: cache_swap_log documentation referred to swap.state by
3188 it's old swap.log name
3189 - ntlm/auth_ntlm.c(683): warning #187: use of "=" where "==" may
3190 have been intended
3191 - Bug #962: rfc1035NameUnpack: Assertion (*off) < sz failed
3192 - Bug #954: Segment violation when using a blank user name in digest
3193 authentication
3194 - Bug #943: assertion failed: errorpage.c:292: "mem->inmem_hi == 0"
3195 - Spelling corrections in configure and squid.conf.default
3196 - The meaning of ERR in digest helper protocol clarified in the
3197 squid.conf documentation
3198 - Bug #950: Spelling error in Turkish ERR_DNS_FAIL
3199 - Bug #616: Negative cached 404 replies with VARY header never matched
3200 - Bug #968: range_offset_limit -1 KB rejected as invalid syntax
3201 due to a shortcoming in the fix to bug #817
3202 - Bug #570: Very large cache_mem values reported wrongly in cache.log
3203 - Bug #676: store_dir_select_algorithm least-load doesn't work for
3204 ufs cache_dir type
3205 - Bug #946: cacheCurrentUnlinkRequests should be a counter, not gauge
3206 - Bug #948: Show client ip in cache.log debug output
3207 - Bug #960: compilation issue on OpenBSD/m88k
3208 - Bug #969: FTP directory listing HTML DOCTYPE misread by some tools
3209 - Bug #991: dns_servers should default to localhost if no resolv.conf
3210 - Bug #717: msnt_auth documentation update
3211 - Bug #753: Segfault in memBufVPrintf on certain architectures
3212 requiring va_copy
3213 - Bug #941: Negative size in access.log on long running CONNECT
3214 requests
3215 - Bug #972: Segmentation fault after "Likely proxy abuse detected"
3216 - Bug #981: sasl_auth updated to work with SALS2
3217 - Overflow bug in Squid's ntlm_auth helper used for transparent NTLM
3218 authentication to a NT domain without using Samba.
3219
3220Changes to squid-2.5.STABLE5 (1 Mar 2004):
3221
3222 - cache.log message on "squid -k reconfigure" was slightly confusing,
3223 claiming Squid restarted when it just reread the configuration.
3224 - Bug #787: digest auth never detects password changes
3225 - Bug #789: login with space confuses redirector helpers
3226 - Bug #791: FQDNcache discards negative responses when using
3227 internal DNS
3228 - pam_auth fails on Solaris when using pam_authtok_get. Persistent
3229 PAM connections are unsafe and now disabled by default.
3230 - auth_param documentation clarifications and added default realm
3231 values making only the helper program a required attribute
3232 - Bug #795: German ERR_DNS_FAIL correction
3233 - Bug #803: Lithuanian error messages update
3234 - Bug #806: Segfault if failing to load error page
3235 - Bug #812: Mozilla/Netscape plugins mime type defined (.xpi)
3236 - Bug #817: maximum_object_size too large causes squid not to cache
3237 - Bug #824: 100% CPU loop if external_acl combined with separate
3238 authentication acl in the same http_access line
3239 - squid_ldap_group updated to version 2.12 with support for ldaps://
3240 (LDAPv2 over SSL) and a numer of other improvements.
3241 - Bug #799: positive_dns_ttl ignored when using internal DNS.
3242 - Bug #690: Incorrect html on empty Gopher responses
3243 - Bug #729: --enable-arp-acl may give warning about net/route.h
3244 - Bug #14: attempts to establish connection may look like syn flood
3245 attack if the contacted server is refusing connections
3246 - errorpage README files included in the distribution again showing
3247 who contributed which translation
3248 - Bug #848: connect_timeout connect_timeout ends up twice the length.
3249 forward_timeout option added to address this.
3250 - Bug #849: DNS log error messages should report the failed query
3251 - Bug #851: DNS retransmits too often
3252 - Bug #862: Very frequently repeated POST requests may cause a
3253 filedescriptor shortage due to persitent connections building up
3254 - Bug #853: Sporatic segmentation faults on aborted FTP PUT requests
3255 - Bug #571: Need to limit use of persistent connections when
3256 filedescriptor usage is high
3257 - Bug #856: FTP/Gopher Icon URLs are unneededly complex and often
3258 does not work properly
3259 - Bug #860: redirector_access does not handle "slow" acls such as
3260 "dst" or "external" requiring a external lookup.
3261 - Bug #865: Persistent connection usage too high after sudden burst
3262 of traffic.
3263 - Bug #867: cache_peer max-conn=.. option does not work
3264 - Bug #868: refuses to start if pid_filename none is specified
3265 - Bug #887: LDAP helper -Z (TLS) option does not work
3266 - Bug #877: Squid doesn't follow telnet protocol on FTP control
3267 connections
3268 - Bug #908: Random auth popups and account lockouts when using ntlm
3269 - Support for NTLM_NEGOTIATE exchanges with ntlm helpers
3270 - Bug #585: cache_peer_access fails with NTLM authentication
3271 - Bug #592: always/never_direct fails with NTLM authentication
3272 - wbinfo_group update for Samba-3
3273 - Bug #892: helpers/ntlm_auth/SMB/ fails to compile on FreeBSD 5.0
3274 - Bug #924: miss_access restricts internal and cachemgr requests
3275 even if these are local
3276 - Bug #925: auth headers send by squidclient are mildly malformed
3277 - Bug #922: miss_access and delay_access and several other
3278 authentication related bug fixes.
3279 - Bug #909: Added ARP acl support for FreeBSD
3280 - Bug #926: deny_info with http_reply_access or miss_access
3281 - Bug #872: reply_body_max_size problems when using NTLM auth
3282 - Bug #825: random segmentation faults when using digest auth
3283 - Bug #910: Partial fix for temporary memory leaks when using NTLM
3284 auth. There is still problems if challenge reuse is enabled.
3285 - ftp://anonymous@host/ now accepted without requiring a password
3286 - Bug #594: several mime type updates (ftp:// related)
3287 - url_regex enhanced to allow matching of %00
3288
3289Changes to squid-2.5.STABLE4 (15 Sep 2003):
3290
3291 - Lithuanian error messages added to the distribution
3292 - Bug #660: segfauld if more than one custom deny_info line
3293 - cache_dir disd documentation cleanup
3294 - check open of /dev/null to avoid 100% CPU loop in badly
3295 configured chroot environments
3296 - documentation update on uri_whitespace to refer to the correct RFC
3297 - Bug #655: icmpRecv: recv: (11) Resource temporarily unavailable
3298 - Bug #683: external_acl does not wait for ident lookups to complete
3299 - aufs: Fix a minor use-after-free problem which could cause the
3300 count of opening filedescriptors to grow larger than it should
3301 - Syntax changes to make GCC-3.3 accept Squid without complaints
3302 - Warning if CARP server defined in incorrect load factor order
3303 - neighbor_type_domain documentation update
3304 - http_header_access now works when using cache peers
3305 - high_memory_warning now uses sbrk as fallback mechanism on
3306 platforms where neither mallinfo or mstats are available.
3307 - hosts_file now handles comments at the end of lines correcly
3308 - storeCheckCachable() Stats corrected for release_request and
3309 wrong_content_length.
3310 - cachePeerPingsSent MIB type corrected
3311 - unused minimum_retry_timeout directive removed
3312 - Bug #702: ERR_TO_BIG spanish translation
3313 - Bug #705: Memory leak on deny_info TCP_RESET
3314 - Code cleanup to fix compile error in httpHeaderDelById
3315 - Bug #699: Host header now forwarded exactly where it was in the
3316 original request to work around certain broken firewalls or
3317 load balancers which fail if this header is too far into the
3318 request headers.
3319 - Bug #704: Memory leak on reply_body_max_size
3320 - Bug #686: requests denied due to http_reply_access are now
3321 logged with TCP_DENIED (instead of TCP_MISS, etc).
3322 - Bug #708: ie_refresh now sends no-cache to have the reload
3323 request propagate properly in cache meshes
3324 - Bug #700: Crashes related to ftpTimeout: timeout in SENT_PASV state
3325 - Bug #709: cbdata.c:186: "c->valid" assertion due to peer
3326 digest not found
3327 - Bug #710: round-robin cache_dir selection incorrectly
3328 compares max-size.
3329 - Statistics corrections in HTTP header statitics
3330 - QUICKSTART cleanups
3331 - Bug #715: statCounter.syscalls.disk counters treated
3332 inconsistently. Now increment the counters in AUFS
3333 functions and for unlinkd.
3334 - Improvements to the (experimental) COSS storage scheme.
3335 - Bug #721: User name field in access.log sometimes blank
3336 - Bug #94: assertion failed: http.c: "-1 == cfd ||
3337 FD_SOCKET == fd_table[cfd].type"
3338 - Bug #716: assertion failed: client_side.c:1478: "size > 0"
3339 - Bug #732: aufs calculates number of threads and limits wrongly
3340 - Bug #663: Username not logged into access.log in case of /407
3341 - Bug #267: Form POSTing troubles with NTLM authentication
3342 and occationally in differen other error conditions.
3343 - Bug #736: ICP dynamic timeout algorithm ignores multicast.
3344 - Bug #733: No explicit error message when ncsa_auth can't access
3345 passwd file
3346 - Bug #267, #757: POST with NTLM stops after persistent connection
3347 timeout
3348 - Bug #742: Wrong status code on access denials if delay_access
3349 is used. Most notably 407 instead of 403 could be returned.
3350 - Bug #763: segfault if using ntlm in http_reply_access
3351 - Bug #638: assertion error if using proxy_auth in delay_access
3352 - Bug #756: segmentation fault if using ntlm proxy_auth in delay_access
3353 - The issue of reply_body_max_size limiting the size of error
3354 messages no longer applies.
3355 - external_acl_type concurrency= option renamed to children= to
3356 prepare for Squid-3 upgrades. Old syntax still accepted for the
3357 duration of the Squid-2.5 release.
3358 - number of filedescriptors rounded down to an even multiple of 64
3359 to work around issues in certain libc implementations.
3360 - winbind helpers less noisy in cache.log on restarts/shutdown.
3361 - Squid now automatically restarts helpers if too many of them
3362 have crashed.
3363
3364Changes to squid-2.5.STABLE3 (25 May 2003):
3365
3366 - Bug #573: Occational false negatives in external acl lookups
3367 - Bug #577: assertion failed: cbdata.c:224: "c->y == c" when
3368 external_acl helpers crashes
3369 - Bug #590: Squid may hang or behave oddly on shutdown while
3370 requests is being processed.
3371 - Bug #590: external acl lookups does not deal well with queue
3372 overload
3373 - cache_effective_user documentation update
3374 - cache_peer documentation update for htcp and carp
3375 - Bug #600: The example header_access paranoid setting is
3376 missing WWW-Authenticate
3377 - Bug #605: Segmentation fault in idnsGrokReply() on certain
3378 platforms
3379 - Fixes to build properly on AIX 5
3380 - Bug #574: wb_group updated to version 1.1 to make group names
3381 case insensitive and correct a segfault issue in the helper
3382 - SNMP mib updates to make cacheNumObjCount,
3383 cacheCurrentUnlinkRequests, cacheCurrentSwapSize and cacheClients
3384 correctly report as gauges (was reporting as counters).
3385 - Woraround for --enable-ssl Kerberos issue on RedHat 9
3386 - Bug #579: Close and repopen log files on "squid -k reconfigure"
3387 - Bug #598: squid_ldap_auth could segfault if LDAP server is
3388 unavailable
3389 - Bug #609,#612: msntauth helper fixes in dealing with large
3390 or non-existing allow/deny user files.
3391 - Bug #620: acl ident REQUIRED matches even if the ident lookup fails
3392 - Bug #432: reply_body_max_size fails with ident or proxy_auth acls
3393 and also fails to block large objects where the content-length
3394 is not known
3395 - Bug #606: Basic auth looping and gets stuck at high CPU usage when
3396 multiple proxy_auth ACLs combined in one line and login fails.
3397 - squid_ldap_auth updated with support for TLS and SSL
3398 - Bug #623: segfault if using negated external acls in certain
3399 configurations involving other acls later on the same http_access
3400 line.
3401 - Bug #622: wb_group helper update to version 1.2 to ass support for
3402 Domain-Qualified groups refering to groups in a specific domain
3403 - Bug #596: logic error in poll() error management
3404 - Bug #597: logic errors in error management
3405 - Bug #591: segmentation fault in authentication on "squid -k debug"
3406 - Bug #587: smb_auth fails on complex logins involving domain names
3407 or other odd characters
3408 - Bug #558, #587: smb_auth.pl fails on complex logins involving
3409 domain names or other odd characters
3410 - Bug #643: external_acl fails with ttl=0 due to a change introduced
3411 by the patch for Bug #553 in 2.5.STABLE2.
3412 - Bug #630: minor issues in digest authantication causing random
3413 authentication failures and incompability with many mainstream
3414 browser digest implementations due to browser qop bugs. To deal
3415 with those broken browser nonce_stricness now defaults to off,
3416 and two new digest options have been added (check_nonce_count
3417 and post_workaround) to allow workarounds to other quite bad
3418 browser bugs if needed.
3419 - Bug #644: digest authentication fails on requests with one
3420 or more comma in the requested URL
3421 - Bug #648: deny_info TCP_RESET not working. The fix for this also
3422 adds the ability to send redirects.
3423
3424Changes to squid-2.5.STABLE2 (Mars 17, 2003):
3425
3426 - Contrib files added back to the distribution
3427 - Several compiler warnings fixed when using --disable-ident or
3428 --disable-http-violations
3429 - authentication can now be used in most access controls, but
3430 must in most cases first be enforced in http_access to force
3431 the user to authenticate.
3432 - cleanups in the developer bootstrap.sh process when preparing
3433 the sources.
3434 - several squid.conf.default documentation updated to correctly
3435 refer to the current names when refering to other directives
3436 - authenticate_ip_ttl documentation updates
3437 - several assertion faults and segmentation violations corrected
3438 - the RunCache/RunAccel and squid.rc scripts updated to refer to
3439 the squid binary in sbin rather than the old bin location.
3440 - squid_ldap_auth command line processing fixes when specifying
3441 the LDAP server last on the line instead of -h option
3442 - aufs data corruption bugfix
3443 - aufs performance improvement for low traffic systems
3444 - aufs stability improvements
3445 - external_acl corrected to properly deal with quoted strings
3446 - WCCPv1 bugfix to make sure the router accepts the hash assignments
3447 - "Total accounted memory" now correctly reported in cachemgr
3448 - several small memory leaks (mostly reconfigure related)
3449 - new squid.conf option to allow GET/HEAD requests with a request
3450 entity
3451 - "make uninstall" no longer removes squid.conf
3452 - cachemgr.cgi now uses POST to avoid having the cachemgr password
3453 logged in the web server logs
3454 - authentication schemes which are known to not be proxyable are now
3455 filtered out from forwarded server replies to avoid that the clients
3456 tries to use such schemes when we know for a fact it won't work
3457 - spelling corrections in various error messages
3458 - now possible to define acl values with spaces in them
3459 by using the "include file" feature
3460 - squid_ldap_group updated to 2.10 to fix compilation issues with
3461 recent (and older) OpenLDAP libraries and to make the helper deal
3462 correctly with true LDAP groups by first looking up the user DN.
3463 - Some internal code cleanups
3464 - now verifies that programs etc exists iside the chroot directory
3465 when using chroot_dir. No longer neccesary to set up a split view
3466 environment where the same paths works both inside the chroot and
3467 outside just to convince Squid that the files is actually there..
3468 - improved memory usage reporting
3469 - --disable-hostname-checks configure option
3470 - no longer ignores double dots in host names. Any hostname with
3471 double dots is now rejected as invalid.
3472 - log_mime_hdrs no longer logs garbage if very long headers
3473 are seen.
3474 - 'select_fds_hist' object added to cachemgr 'histogram' output
3475 - pid file now unlinked when squid has really shut down, not
3476 immediately when the shutdown request is received. This allows
3477 the pid file to be monitored to determine when Squid has shut down
3478 properly
3479 - correct authentication scheme setups on some platforms or compilers
3480 - several squid.conf.default documentation updates to remove references
3481 to renamed or replaced directives by changing them to their current
3482 names.
3483 - the SSL reverse proxy support updated to allow building with
3484 OpenSSL 0.9.7 and and later.
3485 - Corrected a minor performance problem while processing HEAD replies
3486 from various broken web servers not sending a correct HTTP reply
3487 - time acls can now specify multiple times in the same acl name, like
3488 most other acl types.
3489 - winbind helpers updated to match Samba-2.2.7a and should
3490 work with Samba-2.2.6 or later (required). For compability with
3491 older Samba versions A new configure option --with-samba-sources=...
3492 has been added to allow you to specify which Samba version the
3493 helpers should be built for if different than the above versions.
3494 - Squid MIB definition syntax correction to work better with newer
3495 (and older) SNMP tools.
3496 - Fixed access.log format when logging "error:invalid-HTTP-ident" on
3497 requests where parsing the HTTP identifier (HTTP/1.0) failed.
3498 - "make distclean" no longer removes the icons, this avoids the
3499 dependency on "uudecode" to rebuild Squid after "make distclean"
3500 - User name returned by external acl lookups (external_acl_type)
3501 is now available as "ident" in later acl checks in addition to
3502 the logging in access.log.
3503 - Incorrect behaviour of Digest authentication partly corrected - it
3504 will not handle sessions, but will always enforce password
3505 correctness.. (patch submitted by Sean Burford).
3506 - Issue with persistent connections and PUT/POST request corrected
3507
3508Changes to squid-2.5.STABLE1 (September 25, 2002):
ddf1c0c4 3509
94439e4e 3510 - Major rewrite of proxy authentication to support other schemes
3511 than basic. First in the line is NTLM support but others can
a2794549 3512 easily be added (minimal digest is present). See Programmers Guide.
6437ac71 3513 (Robert Collins & Francesco Chemolli)
94439e4e 3514 - Reworked how request bodies are passed down to the protocols.
3515 Now all client side processing is inside client_side.c, and
3516 the pass and pump modules is no longer used.
3ff01c3e 3517 used by Squid.
722a4b40 3518 - Optimized searching in proxy_auth and ident ACL types. Squid should
3519 now handle large access lists a lot more efficiently.
05fbbc17 3520 (Francesco Chemolli)
e396d395 3521 - Fixed forwarding/peer loop detection code (Brian Degenhardt) -
3522 now a peer is ignored if it turns out to be us, rather than
3523 committing suicide
1224d740 3524 - Changed the internal URL code to obey appendDomain for internal
3525 objects if it needs appending. This fixes weirdnesses where
3526 a machine can think it is "foo.bar.com", and "foo" is requested.
3527 (Brian Degenhardt)
a2794549 3528 - Added the use of Automake to create the Makefile.in's in the squid
3529 source tree. This will allow libtool in the future, and immediately
3530 allows better dependency tracking - with or without gcc - as well
3531 as the dist-all and distcheck targets for developers which respectively
3532 build a tar.gz and a tar.bz2 distribution, and check that what will be
3533 distributed builds.
d6827718 3534 - Added TOS and source address selection based on ACLs,
3535 written by Roger Venning. This allows administrators to set
3536 the TOS precedence bits and/or the source IP from a set of
3537 available IPs based upon some ACLs, generally to map different
3538 users to different outgoing links and traffic profiles.
50821507 3539 - Added 'max-conn' option to 'cache_peer'
3540 - Added SSL gatewaying support, allowing Squid to act as a SSL server
3541 in accelerator setups.
4e2c57a0 3542 - SASL authentication helper by Ian Castle
6474667e 3543 - msntauth updated to v2.0.3
3e4057db 3544 - no_cache now applies to cache hits as well as cache misses
810118ab 3545 - the Gopher client in Squid has been significantly improved
05463204 3546 - Squid now sanity checks FTP data connections to ensure the
6474667e 3547 connection is from the requested server. Can be disabled if
05463204 3548 needed by turning off the ftp_sanitycheck option.
98858605 3549 - external acl support. A mechanism where flexible ACL checks
3550 can be driven by external helpers. See the external_acl_type
3551 and acl external directives.
3e4057db 3552 - Countless other small things and fixes
2d8d56b0 3553 - HTML pages generated by Squid or CacheMgr as well as the
3554 ERR documents now contain a doctype declaration so that
22567bb5 3555 browsers know which HTML specification the document uses.
2d8d56b0 3556 In addition to that they have a new look (background-color, font)
3557 and are valid according to the HTML standards at www.w3.org.
3ff01c3e 3558 (Clemens L ser)
9bbd1655 3559 - Login and password send to Basic auth helpers is now URL escaped
3560 to allow for spaces and other "odd" characters in logins and
3561 passwords
c90fbf46 3562 - Proxy Authentication is no longer blindly forwarded to peer
3563 caches if not used locally. If forwarding of proxy authentication
3564 is desired then it must now be configured with the login=PASS
3565 cache_peer option.
6474667e 3566 - Responses with Vary: in the header are now cached by squid.
1239cfea 3567 (Henrik Nordstrom).
3ff01c3e 3568 - Removed unused 'siteselect_timeout' directive.
c5bc64d3 3569
dde94193 3570Changes to Squid-2.4.STABLE7 (July 2, 2002):
3571
3572 - Squid now drops any requests using transfer-encoding.
3573 Squid is a HTTP/1.0 proxy and as such do not support
3574 the use of transfer-encoding.
3575 - The MSNT auth helper has been updated to v2.0.3+fixes for
3576 buffer overflow security issues found in this helper.
3577 - A security issue in how Squid forwards proxy authentication
3578 credentials has been fixed
3579 - Minor changes to support Apple MAC OS X and some other platforms
3580 more easily.
3581 - The client -T option has been implemented
3582 - HTCP related bugfixes in "squid -k reconfigure"
3583 - Several bugfixes and cleanup of the Gopher client, both
3584 to correct some security issues and to make Squid properly
3585 render certain Gopher menus.
3586 - FTP data channels are now sanity checked to match the address of
3587 the requested FTP server. This to prevent theft or injection of
3588 data. See the new ftp_sanitycheck directive if this is not desired.
3589 - Security fixes in how Squid parses FTP directory listings into HTML
3590
c5bc64d3 3591Changes to Squid-2.4.STABLE6 (March 19, 2002):
3592
722a4b40 3593 - The patch for 2.4.STABLE5 was insufficiently tested and
c5bc64d3 3594 introduced a bug that causes frequent assertions when
3595 handling DNS PTR answers.
3596
3597Changes to Squid-2.4.STABLE5 (March 15, 2002):
3598
3599 - Fixed an array bounds bug in lib/rfc1035.c. This bug
3600 could allow a malicious DNS server to send bogus replies
3601 and corrupt the heap memory.
3602
572b218d 3603Changes to Squid-2.4.STABLE4 (Feb 19, 2002)
08e8e4d0 3604
722a4b40 3605 - htcp_port 0 now properly disables htcp
6474667e 3606 - Fixed problem with certain non-anonymous ftp:// style URL's
08e8e4d0 3607 - SNMP bugfixes including several memory leaks
3608
3609Changes to Squid-2.4.STABLE3 (Nov 28, 2001):
3610
3611 - Fixed bug #255: core dump on SSL/CONNECT if access denied by
3612 miss_access
3613 - Fixed bug #246: corrupt on-disk meta information preventing
3614 rebuilds of lost swap.state files
3615 - Fixed bug #243: squid_ldap_auth now supports spaces in passwords
3616 - Fixed a coredump when creating FTP directories
3617 - Fixed a compile time problem with statHistDump prototype mistmatch,
3618 reported by some compilers
3619 - Fixed a potential coredump situation on snmpwalk in certain
3620 configurations
3621 - Fixed bug #229: filedescriptor leakage in the "aufs" cache_dir
3622 store implementation
3623 - Serbian error message translations
3624
50821507 3625Changes to Squid-2.4.STABLE2 (Aug 24, 2001):
3626
722a4b40 3627 - Expanded configure's GCC optimization disabling check to
50821507 3628 include GCC 2.95.3
3629 - avoid negative served_date in storeTimestampsSet().
3630 - Made 'diskd' pathnames more configurable
3631 - Make sure squid parent dies if child is killed with
3632 KILL signal
3633 - Changed diskd offset args to off_t instead of int
3634 - Fixed bugs #102, #101, #205: various problems with useragent
3635 log files
3636 - Fixed bug #116: Large Age: values still cause problems
3637 - Fixed bug #119: Floating point exception in
3638 storeDirUpdateSwapSize()
3639 - Fixed bug #114: usernames not logged with
3640 authenticate_ip_ttl_is_strict
722a4b40 3641 - Fixed bug #115: squid eating up resources (eventAdd args)
50821507 3642 - Fixed bug #125: garbage HTCP requests cause assertion
3643 - Fixed bug #134: 'virtual port' support ignores
3644 httpd_accel_port, causes a loop in httpd_accel mode
3645 - Fixed bug #135: assertion failed: logfile.c:135: "lf->offset
3646 <= lf->bufsz"
3647 - Fixed bug #137: Ranges on misses are over-done
3648 - Fixed bug #160: referer_log doesn't seem to work
3649 - Fixed bug #162: some memory leaks (SNMP, delay_pools,
3650 comm_dns_incoming histogram)
3651 - Fixed bug #165: "Store Mem Buffer" leaks badly
3652 - Fixed bug #172: Ident Based ACLs fail when applied to
3653 cache_peer_access
3654 - Fixed bug #177: LinuxPPC 2000 segfault bug due to varargs abuse
3655 - Fixed bug #182: 'config' cachemgr option dumps core with
3656 null storage
3657 - Fixed bug #185: storeDiskdDirParseQ[12]() use wrong number
3658 of args in debug/printf
3659 - Fixed bug #187: bugs in lib/base64.c
3660 - Fixed bug #184: storeDiskdShmGet() assertion; changed
3661 diskd to use bitmap instead of linked list
3662 - Fixed bug #194: Compilation fails on index() on some
722a4b40 3663 non-BSD platforms
50821507 3664 - Fixed bug #197: refreshIsCachable() incorrectly checks
3665 entry->mem_obj->reply
3666 - Fixed bug #215: NULL pointer access for proxy requests
3667 in accel-only mode
3668
3669Changes to Squid-2.4.STABLE1 (Mar 20, 2001):
3670
3671 - Fixed a bug in and cleaned up class 2/3 delay pools
3672 incrementing.
3673 - Fixed a coredump bug when using external dnsservers that
3674 become overloaded.
3675 - Fixed some NULL pointer bugs for NULL storage system
3676 when reconfiguring.
3677 - Fixed a bug with useragent logging that caused Squid to
3678 think the logfile never got opened.
3679 - Fixed a compiling bug with --disable-unlinkd.
3680 - Changed src/squid.h to always use O_NONBLOCK on Solaris
3681 if it is defined.
3682 - Fixed a bug with signed/unsigned bitfield flag variables
3683 that caused problems on Solaris.
3684 - Fixed a bug in clientBuildReplyHeader() that could add
3685 an Age: header with a negative value, causing an assertion
3686 later.
3687 - Fixed an SNMP reporting bug. cacheCurrentResFileDescrCnt
3688 was returning the number of FDs in use, rather than
3689 the number of reserved FDs.
3690 - Added the 'pipeline_prefetch' configuration option.
3691 - cache_dir syntax changed to use options instead of many
3692 arguments. This means that the max_objsize argument now
3693 is an optional option, and that the syntax for how to
722a4b40 3694 specify the diskd magics is slightly different.
50821507 3695 - Various fixes for CYGWIN
3696 - Upgraded MSNT auth module to version 2.0.
3697 - Fixed potential problems with HTML by making sure all
3698 HTML output is properly encoded.
3699 - Fixed a memory initialization problem with resource records in
3700 lib/rfc1035.c.
3701 - Rewrote date parsing in lib/rfc1123.c and made it a little
3702 more lenient.
3703 - Added Cache-control: max-stale support.
3704 - Fixed 'range_offset_limit' again. The problem this time
3705 is that client_side.c wouldn't set the we_dont_do_ranges
3706 flag for normal cache misses. It was only being set for
3707 requests that might have been hits, but we decided to
3708 change to a miss.
3709 - Added the Authenticate-Info and Proxy-Authenticate-Info
3710 headers from RFC 2617.
3711 - HTTP header lines longer than 64K could cause an assertion.
3712 Now they get ignored.
3713 - Fixed an IP address scanning bug that caused "123.foo.com"
3714 to be interpreted as an IP address.
3715 - Converted many structure allocations to use mem pools.
3716 - Changed proxy authentication to strip leading whitespace
3717 from usernames after decoding.
3718 - Prevented NULL pointer access in aclMatchAcl(). Some
3719 ACL types require checklist->request_t, but it won't be
3720 available in some cases (like snmp_access). Warn the
3721 admin that the ACL can't be checked and that we're denying
3722 it.
3723 - Allow zero-size disk caches.
3724 - The actual filesystem blocksize is now used to account
3725 for space overheads when calculating on-disk cache size.
3726 - Made the maximum memory cache object size configurable.
3727 - Added 'minimum_direct_rtt' configuration option.
3728 - Added 'ie_refresh' configuration option, which is a hack
3729 to turn IMS requests into no-cache requests.
58d1265f 3730 - Added support for netfilter in linux-2.4. This allows transparent
3731 proxy connections to function correctly in the absence of a Host:
3732 header. This requires --enable-linux-netfilter to be passed through
3733 to configure. (Evan Jones)
50821507 3734 - Fixed a bug with clientAccessCheck() that allowed proxy
3735 requests in accel mode.
3736 - Fixed a bug with 301/302 replies from redirectors. Now
3737 we force them to be cache misses.
3738 - Accommodated changes to the IP-Filter ioctl() interface
3739 for intercepted connections.
3740 - Fixed handling of client lifetime timeouts.
3741 - Fixed a buffer overflow bug with internal DNS replies
3742 by truncating received packets to 512 bytes, as per
3743 RFC 1035.
3744 - Added "forward.log" support, but its work in progress.
3745 - Rewrote much of the IP and FQDN cache implementation.
3746 This change gets rid of pending hits.
3747 - Changed peerWouldBePinged() to return false if our
3748 ICP/HTCP port is zero (i.e. disabled).
3749 - Changed src/net_db.c to use src/logfile.c routines,
3750 rather than stdio, because of solaris stdio filedescriptor
3751 limits.
3752 - Made netdbReloadState() more robust in case of corrupted
3753 data.
3754 - Rewrote some freshness/staleness functions in src/refresh.c,
3755 partially inspired to support cache-control max-stale.
3756 - Fixed status code logging for SSL/CONNECT requests.
3757 - Added a hack to subtract cache digest network traffic
3758 from statistics so that byte hit ratio stays positive
3759 and more closely reflects what people expect it to be.
3760 - Fixed a bug with storeCheckTooSmall() that caused
3761 internal icons and cache digests to always be released.
3762 - Added statfs(2) support for displaying actual filesystem
3763 usage in the cache manager 'storedir' output.
3764 - Changed status reporting for storage rebuilding. Now it
3765 prints percentage complete instead of number of entries
3766 parsed.
3767 - Use mkstemp() rather than problem-prone tempnam().
3768 - Changed urlParse() to condense multiple dots in hostnames.
3769 - Major rewrite of async-io (src/fs/aufs) to make it behave
3770 a bit more sane with substantially less overhead. Some
3771 tuning work still remains to make it perform optimal.
3772 See the start of store_asyncufs.h for all the knobs.
3773 - Fixed storage FS modules to use individual swap space
3774 high/low values rather than the global ones.
3775 - Fixed storage FS bugs with calling file_map_bit_reset()
3776 before checking the bit value. Calling with an invalid
3777 value caused memory corruption in random places.
3778 - Prevent NULL pointer access in store_repl_lru.c for
3779 entries that exist in the hash but not the LRU list.
3780
cab24814 3781Changes to Squid-2.4.DEVEL4 ():
ad445e36 3782
ddf1c0c4 3783 - Added --enable-auth-modules=... configure option
83b381d5 3784 - Improved ICP dead peer detection to also work when the workload
3785 is low
a8c926ff 3786 - Improved TCP dead peer detection and recovery
3787 - Squid is now a bit more persistent in trying to find a alive
3788 parent when never_direct is used.
3789 - nonhierarchical_direct squid.conf directive to make non-ICP
3790 peer selection behave a bit more like ICP selection with respect
3791 to hierarchy.
3792 - Bugfix where netdb selection could override never_direct
3793 - ICP timeout selection now prefers to use parents only when
3794 calculating the dynamic timeout to compensate for common RTT
3795 differences between parents and siblings.
c1fc651e 3796 - No longer starts to swap out objects which are known to be above
3797 the maximum allowed size.
987de783 3798 - allow-miss cache_peer option disabling the use of "only-if-cached".
3799 Meant to be used in conjunction with icp_hit_stale.
c8b40803 3800 - Delay pools tuned to allow large initial pool values
0343b99c 3801 - cachemgr filesystem space information changed to show useable space
3802 rather than raw space, and platform support somewhat extended.
890b0fa8 3803 - Logs destination IP in the hierarchy log tag when going direct.
3804 (can be disabled by turning log_ip_on_direct off)
ff21eb3e 3805 - Async-IO on linux now makes proper use of mutexes. This fixes some
3806 odd pthread segfaults on SMP Linux machines, at a slight performance
3807 penalty.
722a4b40 3808 - %s can now be used in cache_swap_log and will be substituted with
a80e50c7 3809 the last path component of cache_dir.
4d55827a 3810 - no_cache is now a full ACL check without, allowing most ACL types
3811 to be used.
f1003989 3812 - The CONNECT method now obeys miss_access requirements
145cf928 3813 - proxy_auth_regex and ident_regex ACL types
3cdb7cd0 3814 - Fixed a StoreEntry memory leak during "dirty" rebuild
3815 - Helper processes no longer hold unrelated filedescriptors open
e40aa8da 3816 - Helpers are now restarted when the logs are rotated
afc1e43f 3817 - Negatively cached DNS entries are now purged on "reload".
3818 - PURGE now also purges the DNS cache
722a4b40 3819 - HEAD on FTP objects no longer retrieves the whole object
aca95add 3820 - More cleanups of the dstdomain ACL type
288c06ce 3821 - Squid no longer tries to do Range internally if it is not supported
3822 by the origin server. Doing so could cause bandwidth spikes and/or
3823 negative hit ratio.
13c7936a 3824 - httpd_accel_single_host squid.conf directive
82056f1e 3825 - "round-robin" cache_peer counters are reset every 5 minutes to
3826 compensate previously dead peers
4fe0e1d0 3827 - DNS retransmit parameters
858783c9 3828 - Show all FTP server messages
6b53c392 3829 - squid.conf.default now indicates if a directive isn't enabled in
3830 the installed binary, and what configure option to use for enabling it
418cbe9f 3831 - Fixed a temporary memory leak on persistent POSTs
304d289e 3832 - Fixed a temporary memory leak when the server response headers
3833 includes NULL characters
ba2b31a8 3834 - authenticate_ip_ttl_is_strict squid.conf option
3835 - req_mime_type ACL type
afb87666 3836 - A reworked storage system that supports storage directories in
3837 a more modular fashion. The object replacement and IO is now
3838 responsibility of the storage directory, and not of the storage
3839 manager.
722a4b40 3840 - Fixed a bogus MD5 mismatch warning sometimes seen when using
e7407eb8 3841 aufs or diskd stores
ce3d30fb 3842 - Added --enable-stacktraces configure option to set PRINT_STACK_TRACE,
3843 and extended support for this to Linux/GNU libc.
af57a2e3 3844 - Disabled the "request timeout" error message sent if the user agent
3845 did not provide a request in a timely manner after opening the
3846 connection. Now the connection is silently closed. The error message
3847 was confusing user agents utilizing persistent connections.
cab24814 3848 - Fixed configure --enable descriptions to match the arg names.
3849 - Eliminated compile warnings from auth_modules/MSNT code.
3850 - Require first character of hostnames to be alphanumeric.
3851 - Made ARP ACL work for Solaris.
3852 - Removed storeClientListSearch().
3853 - Added counters to track diskd operation success and
3854 failures.
3855 - Fixed range_offset_limit.
3856 - Added code to retry ServFail replies for internal DNS
3857 lookups.
3858 - Added referer header logging (Jens-S. Voeckler).
3859 - Added "multi-domain-NTLM" authentication module, a Perl
3860 script from Thomas Jarosch.
3861 - Added configurable warning messages for high memory usage,
3862 high response time, and high page faults.
3863 - Made store dir selection algorithm configurable.
3864 - Added support for admin-definable extension methods,
3865 up to 20.
16689110 3866 - Added 'maximum_object_size_in_memory' as a configuration option -
3867 this defines the watermark where objects transit from being true
3868 hot objects to being in-transit objects in memory. It currently
3869 defaults to 8 KB.
5cd41d0d 3870 - Change to the fqdn code which changes how pending DNS requests
3871 are treated as private and only become public once they are
3872 completed. This can add extra load on DNS servers but prevents
3873 all the pending clients blocking if one of the queries got
3874 stuck. (Duane Wessels)
7e543177 3875 - Converted more code to use MemPools, from Andres Kroonmaa.
3876 - Added more CYGWIN patches from Robert Collins.
e7407eb8 3877
3878Changes to Squid-2.4.DEVEL3 ():
3879
3880 - Added Logfile module.
3881 - Added DISKD stats via cachemgr.
3882 - Added squid.conf options for DISKD magic constants.
ad445e36 3883
e7407eb8 3884Changes to Squid-2.4.DEVEL2 (Feb 29, 2000):
ad445e36 3885
3886Changes to Squid-2.4.DEVEL1 ():
3887
42b51993 3888Changes to Squid-2.3.STABLE4 (July 18, 2000):
3889
3890 - Fixed --localstatedir configure option (IKEDA Shigeru).
3891 - Fixed IPFilter headers on OpenBSD (Nic Bellamy, Brad
3892 Smith).
3893 - Added pthread_sigmask() check to configure (Daniel
3894 Ehrlich).
3895 - Added CYGWIN patches from Robert Collins.
3896 - Changed internal DNS lookups to retry queries that are
3897 returned with RCODE 2 (ServFail).
3898 - Added 'virtual port' support (Gregg Kellogg). If
3899 'httpd_accel_uses_host_header' is enabled, then we use
3900 the port number from the Host header. Otherwise, when
3901 'httpd_accel_port' is set to "0" we use the port number
3902 of the local end of the client socket.
3903 - Fixed a typo in carp.c (Nikolaj Yourgandjiev).
3904 - Made Squid accept GET requests that have a "content-length:
3905 0" header.
3906 - Added a sanity check on the NHttpSockets[] array index
3907 (Gregg Kellogg).
3908 - Added a friendlier message when Squid can't find any DNS
3909 nameserver addresses to use (Daniel Kiracofe).
3910 - Added nonstandard WEBDAV methods: BMOVE, BDELETE, BPROPFIND
3911 (Craig Whitmore).
3912 - Added missing '%c' token replacement in error page
3913 generation.
3914 - Fixed a bug with 'minimum_object_size' that prevented
3915 internal icons from being loaded.
3916 - Fixed "extra semicolon" bug in storeExpiredReferenceAge()
3917 that could prevent any objects from being replaced.
3918 - Make sure that storeDirDiskFull() doesn't actually
3919 *increase* the cache size.
3920 - Changed a storeSwapMetaUnpack() assertion to a recoverable
3921 error condition.
3922 - Removed "wccpHereIam" event check that could cause Squid
3923 to stop sending HERE_I_AM messages.
3924
d20b1cd0 3925Changes to Squid-2.3.STABLE3 (May 15, 2000):
3926
3927 - Fixed malloc linking problems on Solaris. The configure
3928 script incorrectly set options for dlmalloc.
3929 - Added a configure check to remove compiler optimization
3930 for GCC 2.95.x.
3931 - Updated MSNT authenticator module.
3932 - Updated Estonian error pages.
3933 - Updated Japanese error pages.
3934 - Fixed expires bug in httpReplyHdrCacheInit. It was
3935 incorrectly setting expires based on max-age. It was using
3936 the current time as a basis, instead of the response date.
3937 - Fixed "USE_DNSSERVER" typos.
3938 - Added a workaround for getpwnam() problems on Solaris.
3939 getpwnam() could fail if there are fewer than 256 FDs
3940 available. This causes root to own some disk files.
3941 - Added an 'offline_toggle' option via the cache manager.
3942 - Added a 'minimum_object_size' option. Files smaller than
3943 this size are not stored.
3944 - Added 'passive_ftp' option to disable passive FTP transfers.
3945 - Added 'wccp_version' option because some Cisco IOS versions
3946 require WCCP version 3.
3947 - The 'client' program in ping mode (-g) now prints transfer
3948 throughput.
3949 - Fixed logging of proxy auth username for redirected
3950 requests.
3951 - Fixed bogus Age values for IMS requests.
3952 - Fixed persistent connection timeout for client-side
3953 connections. It was hard-coded to 15 seconds, now uses
3954 the 'pconn_timeout' value.
3955 - Fixed up httpAcceptDefer. It wasn't being used properly
3956 and caused high CPU usage when Squid gets close to the FD
3957 limit.
3958 - Numerous delay_pools fixes and checks.
3959 - Fixed SNMP coredumps from running snmpwalk.
3960 - Added a check for errno == EPIPE in icmp.c when pinger uses
3961 a Unix socket instead of a UDP socket.
3962 - Fixed ACL checklist memory initialization bugs.
3963 - Cleaned up the MIB file. Replaced contact information and
3964 checked description fields.
3965 - Removed LRU reference_age hard-coded upper limit.
3966 - Fixed async I/O FD leak.
3967 - Made getMyHostname() more robust.
3968 - Fixed domain list matching bug. "x-foo.com" wasn't properly
3969 compared to ".foo.com" and confused splay tree ordering.
3970 - Added a check for whitespace in hostnames and optionally
3971 strip whitespace if 'uri_whitespace' setting allows.
3972 - Added status code and checking to ASN/whois queries.
3973
3974Changes to Squid-2.3.STABLE2 (Mar 2, 2000):
3975
3976 - Changed Copyright text.
3977 - Changed configure so that some IRIX-6.4 hacks apply to
3978 all IRIX-6.* versions.
3979 - Cleaned up HTML bugs in error pages.
3980 - Told configure to check for netinet/if_ether.h, which
3981 is used in ARP ACL code, but might not be required.
3982 - Added "Cookie" to known HTTP headers so it can be
3983 used in anonymizer configuration.
3984 - Added optional TCP_REDIRECT log code for logging
3985 of 301/302 responses returned by Squid.
3986 - Added a check for a currently running Squid process.
3987 If the pid file exists, and the pid is running,
3988 Squid complains and refuses to start another instance.
3989 - Changed async I/O scope to PTHREAD_SCOPE_PROCESS for
3990 IRIX.
3991 - Fixed a bug with the PURGE method. The purge enable
3992 flag was not getting cleared during reconfigure.
3993 Also required PURGE method to be used in http_access
3994 list before enabling.
3995 - Fixed async I/O assertions for file open errors.
3996 - Fixed internal DNS assertion when unpacking truncated
3997 messages.
3998 - Fixed anonymize_headers bug that caused all headers
3999 to be allowed after a reconfigure.
4000 - Fixed an access denied bug for accelerator-only installations.
4001 - Fixed internal DNS initialization so that it uses
4002 'dns_nameservers' settings in squid.conf if set.
4003 - Fixed 'maxconn' ACL bug that caused it to work backwards
4004 (Pedro Ribeiro).
4005 - Fixed syslog bug for daemon mode on Linux.
4006 - Fixed 'http_port' parsing bugs.
4007 - Fixed internal DNS byte ordering bugs for PTR queries.
4008 - Fixed internal DNS queue getting stuck during periods
4009 of low activity (Henrik).
4010 - Fixed byte ordering bugs for parsing EPLF FTP listings
4011 on 64-bit systems.
4012 - Fixed 'request_body_max_size' bug that caused all
4013 POST, PUT requests to be denied if max size is set
4014 to zero.
4015 - Fixed 'redirector_access' bug when using 'myport' ACLs.
4016 - Fixed CARP neighbor selection bugs for down peers.
4017 - Added 'client_persistent_connections' and
4018 'server_persistent_connections' flags to disable persistent
4019 connections for clients and servers.
4020 - Fixed access logging bug that caused many requests to be
4021 logged as TCP_MISS.
4022 - Added some bounds checking to delay pools code.
4023
ad445e36 4024Changes to Squid-2.3.STABLE1 (Jan 9, 2000):
4025
4026 - Updated PAM authentication module from Henrik Nordstrom.
4027 - Updated Bulgarian error messages from Svetlin Simeonov.
4028 - Changed ACL routines so that User-Agent (browser) string
4029 is always taken from compiled HTTP request headers
4030 instead of passed as an argument to aclCreateChecklist.
4031 - Added a 'strip' option to the 'uri_whitesace' configuration
4032 directive and made it the default behavior. Whitespace
4033 found in URI's is now stripped out by default.
4034 - Added chroot feature. The 'chroot_dir' config option enables
4035 it and specifies the directory.
4036 - Changed clientBuildReplyHeader so that the Age header is
4037 added only for cache hits, and only when we can calculate
4038 a valid, positive age value.
4039 - Changed clientWriteComplete and clientGotNotEnough so
4040 that they keep persistent connections open for more types
4041 of replies that don't have bodies.
4042 - Changed filemap.c routines to dynamically grow filemap
4043 space as needed.
4044 - Added a hack to ftp.c to deal with ftp.netscape.com, which
4045 sometimes doesn't acknowledge PASV commands.
4046 - Fixed FTP bug with ftpScheduleReadControlReply; there
4047 was not always a timeout handler on the control socket
4048 after the transfer completed.
4049 - Fixed FTP filedescriptor leak from invalid PASV replies.
4050 - Changed httpBuildRequestHeader so that it doesn't
4051 copy the Host header from the client request. Instead
4052 we should generate our own Host header which is known
4053 to be correct.
4054 - Changed storeTimestampsSet to adjust entry->timestamp
4055 if the response includes an Age header.
4056 - Removed size limit from storeKeyHashBuckets.
4057 - Changed fwdConnectStart from a "heavy" to a "light" event.
4058 - Fixed an 'anonymize_headers' bug that affects unknown
4059 HTTP headers. With the bug, if you list a header that
4060 Squid doesn't know about (such as "Charset"), it would
4061 add HDR_OTHER to the allow/deny mask. This caused all
4062 unknown headers to be allowed or denied (depending on
4063 the scheme you use). Now, with the bug fixed, an unknown
4064 header in the 'anonymize_headers' list is simply ignored.
4065
7e3ce7b9 4066Changes to Squid-2.3.DEVEL3 ():
4067
ad445e36 4068 - Added MSNT auth module from Antonino Iannella.
7e3ce7b9 4069 - Added --enable-underscores configure option. This allows
4070 Squid to accept hostnames with underscores in them. Your
4071 DNS resolver may still complain about them, however.
4072 - Added --heap-replacement configure option. This enables
4073 the alternative cache replacement policies, such as
4074 GDSF, and LFUDA.
3ff01c3e 4075 - WCCP establishes and registers with the router faster.
7e3ce7b9 4076 - Added 'maxconn' acl type to limit the number of established
4077 connections from a single client IP address. Submitted
4078 by Vadim Kolontsov.
4079 - Close FTP data socket as soon as transfer completes
4080 (Alexander V. Lukyanov).
4081 - Fixed ftpReadPass() to not clobber ctrl.message when
4082 the PASS command fails.
4083 - Added a redirect.c patch so squidGuard is able to do
4084 per-user access control (Antony T Curtis).
4085 - discard the pumpMethod() function, and instead use the
4086 fact that the request has a request entity (content-length
4087 present) (Henrik).
4088 - Reload the MIME icons at reconfigure time (Radu Greab).
4089 - Updated Richard Huveneers' SMB authentication module to
4090 his version 0.05 package.
4091 - Fixed lib/heap.c::heap_delete() bug when deleting the
4092 last node.
4093 - Fixed an integer conversion bug in
4094 lib/rfc1035.c::rfc1035AnswersUnpack().
4095 - Fixed lib/rfc1738 routines to encode reserved characters,
4096 in addition to encoding the unsafe characters (Henrik).
4097 - Changed the interface for splay compare and "walk"
4098 functions to take a void pointer, instead of a splayNode
4099 pointer (Henrik).
4100 - Changed numerous HTTP parsing routines to use ssize_t
4101 instead of size_t. This was done because size_t may be
4102 signed or unsigned. When it is unsigned, gcc emits
4103 numerous "comparison is always true" warnings. At least
4104 we know ssize_t is always signed.
4105 - Fixed src/HttpHeaderTools::httpHeaderHasConnDir() and
4106 friends so that it properly handles multi-value lists.
4107 - Added an "end" (ssize_t) parameter to
4108 src/HttpReply::httpReplyParse() so that we know exactly
4109 where to terminate the header buffer.
4110 - Changed src/access_log.c::log_quote() so that it only
4111 encodes whitespace characters, and not all URL-special
4112 characters (Henrik).
4113 - Added local port ACL type ("myport") (Henrik).
4114 - Added maximum number of connections per client ("maxconn")
4115 as an ACL type.
4116 - Fixed proxy authentication username/password parsing to
4117 be more robust (Henrik).
4118 - Fixed ACL domain/host and domain/domain comparison
4119 functions yet again. Eliminated duplicate code so that
4120 only src/url.c::matchDomainName() contains this mysterious
4121 code.
4122 - Changed the 'http_port' option to accept an IP address
4123 or hostname as well (Henrik).
4124 - Removed 'tcp_incoming_addr' option.
4125 - Added an access control list for the redirector
4126 ('redirector_access'). Requests which match are sent to
4127 the redirector. All requests. are redirected by default.
4128 - Added the 'authenticate_ip_ttl' option. It specifies
4129 how long a valid proxy authentication credential is
4130 bound to a specific address.
4131 - Added 280, 488, 591, and 777 to "Safe_ports" ACL.
4132 - Removed the unused and highly questionable 'forward_snmpd_port'
4133 option.
4134 - Added an option to accept DNS messages from unknown nameservers.
4135 This may be necessary if replies come from a different address
4136 than queries are sent to.
4137 - Added #includes for IP Filter files in netinet directory.
4138 - Fixed a bug with retrying forwarded IMS requests (Henrik).
4139 - Fixed a bug in src/client_side.c::clientInterpretRequestHeaders()
4140 where we were checking a cache-control bit before getting the
4141 mask from the HTTP headers (pallo@initio.no).
4142 - Fixed a bug with "no_cache" access list. If not defined,
4143 everything was uncachable by default.
4144 - Fixed a bug with timed-out client-side HTTP connections.
4145 We didn't cancel the read handler, which could lead to
4146 "rwstate != NULL" warnings.
4147 - Changed comm_open() to only call fdAdjustReserved() for
4148 specific errors (ENFILE, EMFILE);
4149 - Fixed NULL pointer bug in idnsParseResolvConf().
4150 - Split CACHE_DIGEST_HIT into CD_PARENT_HIT and CD_SIBLING_HIT.
4151 - Added DELETE request method.
4152 - Added RFC 2518 HTTP status codes.
4153 - Fixed handling of URL passwords when we need to rewrite a
4154 BASE HREF URL (Henrik).
4155 - Fixed a bug with FTP requests where a request gets aborted,
4156 but we try to complete it anyway. It would result in a
4157 "store_status != STORE_PENDING" assertion. The solution
4158 is to check for ENTRY_ABORTED before reading from
4159 the control channel too.
4160 - Changed FTP to retry a request if Squid fails to establish
4161 a PASV data connection (Henrik).
4162 - Fixed numerous HTCP memory leaks and an uninitialized memory
4163 bug.
4164 - Changed httpMaybeRemovePublic() with RFC 2518 and 2616 in
4165 mind (Henrik).
4166 - Minor fixes for Rhapsody systems.
4167 - Define _XOPEN_SOURCE_EXTENDED in squid.h so that AIX systems
4168 don't include varargs.h.
4169 - Changed src/store_client.c::storeClientType() so that
4170 an entry can have more than one STORE_MEM_CLIENT.
4171 - Changed src/store_client.c::storeClientReadHeader()
4172 to check swapfile metadata (Henrik).
4173 - Changed src/url.c::urlCheckRequest() to return FALSE for
4174 any "https://" URL. These should always be CONNECT
4175 instead. If Squid gets an "https://" URL, it is a browser
4176 bug.
4177 - Added numerous squid.conf options for controlling cache
4178 digests. Previously these were hard-coded in
4179 src/store_digest.c. (Martin Hamilton)
4180 - Added 'cache_peer' option called 'digest-url' that
4181 lets you specify the URL for a peer's digest.
4182 (Martin Hamilton)
4183 - Added DELAY_POOLS hacks to scan "slow" connections in
4184 a random order (David Luyer).
4185 - ARP_ACL fixes from Damien Miller. Linux 2.2.x uses a
4186 per-interface arp/neighbour cache, whereas 2.0.x uses a
4187 unified cache. Under 2.2.x you are required to specify
4188 a interface name when looking up ARP table entries with
4189 SIOCGARP.
4190 - If the process umask is not set (i.e. 0), then Squid
4191 changes it to 007.
4192
9bc73deb 4193Changes to Squid-2.3.DEVEL2 ():
4194
4195 - Added --enable-truncate configure option.
4196 - Updated Czech error messages ()
4197 - Updated French error messages ()
4198 - Updated Spanish error messages ()
4199 - Added xrename() function for better debugging.
4200 - Disallow empty ("") password in aclDecodeProxyAuth()
4201 (BoB Miorelli).
4202 - Fixed ACL SPLAY subdomain detection (again).
4203 - Increased default 'request_body_max_size' from 100KB
4204 to 1MB in cf.data.pre.
4205 - Added 'content_length' member to request_t structure
4206 so we don't have to use httpHdrGetInt() so often.
4207 - Fixed repeatedly calling memDataInit() for every reconfigure.
4208 - Cleaned up the case when fwdDispatch() cannot forward a
4209 request. Error messages used to report "[no URL]".
4210 - Added a check to return specific error messages for a
4211 "store_digest" request when the digest entry doesn't exist
4212 and we reach internalStart().
4213 - Changed the interface of storeSwapInStart() to avoid a bug
4214 where we closed "sc->swapin_sio" but couldn't set the
4215 pointer to NULL.
4216 - Changed storeDirClean() so that the rate it gets called
4217 depends on the number of objects deleted.
4218 - Some WCCP fixes.
4219 - Added 'hostname_aliases' option to detect internal requests
4220 (cache digests) when a cache has more than one hostname
4221 in use.
4222 - Async I/O NUMTHREADS now configurable with --enable-async-io=N
4223 (Henrik Nordstrom).
4224 - Added queue length to async I/O cachemgr stats (Henrik Nordstrom).
4225 - Added OPTIONS request method.
9bc73deb 4226
eb824054 4227Changes to Squid-2.3.DEVEL1 ():
4228
4229 - Added WCCP support. This adds the 'wccp_router' squid.conf
4230 option.
4231 - Added internal DNS queries; Most installations can run
4232 without the external dnsserver processes.
4233 - Rewrote much of the code that stores cache objects on
4234 disk. Developed a programming interface that should
4235 allow new storage systems to be added easily. This still
4236 is pretty ugly and needs a lot of work, however.
4237 - Replaced async_io.c "tags" with callback data locks.
4238 This probably breaks async IO in a bad way.
4239 - Tried to write an Async IO disk storage module.
4240 - Added code to replace the StoreEntry linked list with a
4241 heap structure. This allows for different replacement
4242 algorithms, instead of being stuck with LRU. This adds
4243 the 'replacement_policy' squid.conf option. (John Dilley
4244 et al).
4245 - Fixed HTCP queries by actually checking for freshness
4246 based on the HTCP header fields.
4247 - Fixed passing of redirector command line arguments.
4248 - Added 'request_header_max_size' squid.conf option.
4249 - Added 'request_body_max_size' squid.conf option.
4250 - Added 'reply_body_max_size' squid.conf option.
4251 - Added 'peer_connect_timeout' squid.conf option.
4252 - Added 'redirector_bypass' squid.conf option.
4253 - Added RFC 2518 (WEBDAV) request methods.
d20b1cd0 4254
6b8e7481 4255Changes to Squid-2.2 (April 19, 1999):
b93549f6 4256
98b093e7 4257 - Removed all SNMP specific ACL code
4258 SNMP now uses generic squid ACL's
4259 - Removed view-based access crontrol
00b7a8b6 4260 - Cleaned up and simplified SNMP section of squid.conf
98b093e7 4261 - Changed the SNMP code to use a tree stucture.
3ff01c3e 4262 - Added objects to MIB:
00b7a8b6 4263 Request Hit Ratio's
4264 Byte Hit Ratio's
4265 Number of Clients
61d53e64 4266 - Changed SNMP Agent to return object instances correctly.
b93549f6 4267 - Added our own assert() macro so we can use debug() instead of
4268 printing to stderr.
4269 - Added eventFreeMemory().
4270 - Fixed ipcCreate() bug when debug_log has FD <= 2.
4271 - Changed watchChild() and related code in main.c so that
4272 Squid can behave more like a proper daemon process.
4273 - Added 'prefer_direct' option (enabled by default) so that
4274 people can give parents higher preference than direct.
6703526b 4275 - Fixed ipc.c close() bug for async IO. On FreeBSD,
4276 comm_close() doesn't work for child processes when async IO is
4277 used.
4278 - Fixed setting the public key for large ``icons'' (Henrik
4279 Nordstrom).
68f87dc5 4280 - Rewrote peer digest module to fix memory leaks on reconfigure
4281 and clean the code. Increased "current" digest version to 5
6474667e 4282 ("required" version is still 3). Revised "Peer Select" cache
4283 manager stats.
68f87dc5 4284 - Added "-k parse" command line option: parses the config file
4285 but does not send a signal unlike other -k options.
1743c283 4286 - Revamped storeAbort() calling. Only store_client.c has all
4287 the right information to determine if the request should
4288 be aborted. Now client and server modules just storeUnregister
d81e3f33 4289 without ever needing to call storeAbort.
96aeb95d 4290 - Small change of Squid output for FTP (Andrew Filonov,
4291 Henrik Nordstrom).
4292 - clientGetsOldEntry() sends old entry if new request status
4293 is in the 500-range (Henrik Nordstrom).
4294 - Changed configure so it works with IRIX6.4 C compiler (broken?)
4295 option -OPT:fast_io=ON.
4296 - Fixed comm_connect_addr() non-blocking connections for
4297 SONY NEWSOS (Makoto MATSUSHITA).
4298 - Changed "#ifdef __STDC__" to "#if STDC_HEADERS" as recommended
4299 by autoconf documentation.
4300 - Fixed client-side cache-control max-age (Henrik Nordstrom).
4301 - Added a new error page: ERR_SHUTTING_DOWN. fwdStart() returns
4302 this error if it is called while squid is in the process of
4303 shutting down.
4304 - Added support for linuxthreads package under FreeBSD (Tony Finch).
4305 - Fixed HP-UX StatHist.c assertions by making the "hbase_f"
4306 functions non-static (Michael Pelletier).
4307 - Fixed logging of authenticated usernames even if the
4308 authorization is not cached (Dancer).
4309 - Fixed pconnPush() bug that prevented holding on to
4310 persistent connections (Manfred Bathelt).
2328711e 4311 - Pid file now rewritten on SIGHUP.
b4019ff7 4312 - Numerous Ident changes:
4313 - Ident lookups will now be done on demand if you use the
4314 'ident' ACL type.
4315 - The 'ident_lookup on|off' option has been replaced with
4316 an access list, so you can do lookups only for some
4317 client addresses.
4318 - Added an 'ident_timeout' option to specifiy the amount
4319 of time to wait for an ident lookup.
4320 - Added a (local) hit rate to mempool metering.
4321 - FTP Restarts (REST command) is now supported.
4322 - Check for libintl.a on SCO3.2.
4323 - Disable poll() on SCO3.2.
4324 - Numerous Async IO enhancements from Henrik.
4325 - Removed cache_mem_low and cache_mem_high options (Henrik
4326 Nordstrom).
4327 - Replaced 'persistent_client_posts' with 'broken_posts' access
4328 list.
97474590 4329 - Rewrote the anonymizer.
4330 - Removed the http_anonymizer option.
548b801c 4331 - Added the anonymize_headers option to allow individual
4332 referencing of headers for addition or removal. See
4333 'anonymize_headers' in squid.conf for additional
4334 configuration.
b3abf16c 4335 - Fixed config file parser's handing of optional directives.
4336 Some people might get new warnings about unknown config
4337 directives.
548b801c 4338 - Added 'myip' ACL type. This is the local IP address for
4339 connected sockets (Luyer).
4340 - Fixed parsing of FTP DOS directory listings with spaces
4341 (Nordstrom).
dd0b0295 4342 - Numerous DELAY_POOL changes/fixes from David Luyer:
4343 - Makes no-delay neighbors for DELAY_POOLS work by
4344 using a fd_set with the connections to no-delay
4345 peers marked in it.
4346 - Makes IP addresses ending in 0 and 255, and
4347 network number 255, work with individual and
4348 network delay pools (they were previously not
4349 permitted, and documented as such).
4350 - Massive overhaul of delay pools code - dynamically
4351 allocated delay pools, as many as required.
4352 - delayPoolsUpdate stops running if DELAY_POOLS is
4353 configured but no delay pools are configured.
4354 - Initial delay pool levels are now configurable
4355 as a percentage of the maximum for the pool in
4356 question (used to be all set to 1 second worth
4357 of traffic). Pools are restored to this level
4358 on reconfiguratoin.
242188c9 4359 - Changed storeClientCopy to give a swap-in failure if
4360 the number of open disk FD's is above the 'max_open_disk_fds'
4361 limit. Otherwise, a very loaded cache will end up with
4362 all disk files open for reading, and none for writing.
b6a2f15e 4363 - Added lib/inet_ntoa.c from BSD Unix for systems that have
4364 broken inet_ntoa(). (Erik Hofman).
4365 - Added more specific FTP error messages for "permission
4366 denied, "file not found," and "service unavailable."
4367 (Tony Finch)
4368 - Added xisspace(), xisdigit(), etc, macros to cast function
4369 args and eliminate compiler warnings.
4370 - Fixed case-sensitive comparisons of domain names (Henrik
4371 Nordstrom).
4372 - Added proxy-authentication to cachemgr.cgi's requests
4373 (Henrik Nordstrom).
4374 - Changed Squid to *truncate* rather than *unlink* purged
4375 swap files. Can be reversed by undefining
4376 USE_TRUNCATE_NOT_UNLINK in src/defines.h.
4377 - Changed internal icon headers to use Cache-control
4378 Max-age instead of Expires.
4379 - Changed storeMaintainSwapSpace behavior to be adjusted
4380 smoothly, instead of discretely, between store_swap_low
4381 and store_swap_high. This includes the number of
4382 objects to scan, number to remove, and time until the
4383 next storeMaintainSwapSpace event.
4384 - Fixed a quick_abort bug that incorrectly calculated
4385 content lengths.
4386 - Added getpwnam() auth module from Erik Hofman.
4387 - Added 'coredump_dir' option.
4388 - Fixed a peerDestroy() assertion that required peer->digest
4389 to be NULL at the end of peerDestroy().
4390 - configure script now automatically enables dlmalloc for
4391 Solaris/x86.
4392 - configure enables poll() on linux 2.2 and later (Henrik).
4393 - Icon files are now distributed in binary format, install
4394 will not need to run 'sh' and 'uudecode'.
4395 - Fixed some bugs with large responses (>READ_AHEAD_GAP) and
4396 re-forwarding requests and ENTRY_FWD_HDR_WAIT.
4397 fwdCheckDeferRead() will NOT defer reading if the
4398 ENTRY_FWD_HDR_WAIT bit is set.
4399 - Fixed a "F->flags.open" assertion for aborted FTP PUT's.
4400 - Fixed a (double) cast problem that caused statAvgTick()
4401 events to be added as fast as possible.
6b8e7481 4402 - Changed httpPacked304Reply() to not include the Content-Length
4403 header for 304 replies that Squid generates. We used to
4404 include the length of the cached object, and this broke
4405 persistent connections.
4406
4407 2.2.STABLE2:
4408
4409 - Fixed configure bug for statvfs() checks. Configure reports
4410 "test: =: unary operator expected" or similar because an
4411 unquoted variable is not defined.
4412 - Fixed aclDestroyAcls() assertion because some ACL types
4413 are not listed in the switch statement. Occurs for
4414 srcdom_regex and dstdom_regex ACL types during reconfigure.
4415 - Typo "applicatoin" in src/mime.conf
4416 - The unlinkd daemon never saw the USE_TRUNCATE_NOT_UNLINK
4417 #define because it didn't include squid.h.
4418 - Fixed commRetryFD() when bind() fails. commRetryFD was
4419 closing the filedescriptor, but it is the upper layer's
4420 job to close it.
4421 - Changed configure's "maximum number of filedescriptors"
4422 detection to only use getrlimit() for Linux. On AIX,
4423 getrlimit returns RLIM_INFINITY.
4424 - Fixed snmpInit() nesting bug.
4425 - Fixed a bug with peerGetSomeParent(). It was adding
4426 a parent to the FwdServers list, regardless of the
4427 ps->direct value. This could cause every request to
4428 go to a parent even when always_direct is used.
4429 - Changed fwdServerClosed() to rotate the "forward servers"
4430 list when a connection establishment fails. Otherwise
4431 it always kept trying to connect to the first server
4432 int the list.
b93549f6 4433
2be4e260 4434 2.2.STABLE3:
4435
4436 - Fixed preprocessor problems for HP-UX in lib/safe_inet_addr.c.
4437 - Avoid coredump in aclMatchAcl() if someone tries to use
4438 proxy authentication with a non-HTTP request (e.g. icp_access).
4439 - Moved 'ident_lookup_access' in squid.conf so it appears
4440 after the ACL section.
4441 - Fixed typo in squid.conf on "Config.Addrs.snmp_outgoing"
4442 - Fixed a case in clientCacheHit() where we thought it
4443 was a hit, but the reply status was not 200, so we
4444 had to perform a cache miss. We forgot to change the
4445 log_type and these were being recorded as TCP_HIT's.
4446 - Fixed a void pointer subtraction bug in delayIdPtrHashCmp().
4447 - Fixed delay_pools coredump and memory leak bugs from
4448 NULL delay_id values.
4449 - Fixed a SEGV bug with delay_pools when requesting
4450 'objects' or 'vm_objects' from the cachemgr.
4451 - Added a workaround for buggy FTP servers that return
4452 a size of zero for non-zero-sized objects.
4453 - Removed umask(0) call from main().
4454 - Fixed a peer selection bug that caused us to never select
4455 a neighbor based on ICP replies if the ICP timeout occurs.
4456 In conjunction with this, removed the PING_TIMEOUT state.
4457 - Fixed a store_rebuild bug that caused us to get stuck trying
4458 if a cache_dir subdirectory didn't exist.
4459 - Fixed a buffer overrun bug in gb_to_str().
4460
9bc73deb 4461 2.2.STABLE4:
4462
4463 - Fixed a dread_ctrl leak caused in store_client.c
4464 - Fixed a memory leak in eventRun().
4465 - Fixed a memory leak of ErrorState structures due to
4466 a bug in forward.c.
4467 - Fixed detection of subdomain collisions for SPLAY trees.
4468 - Fixed logging of hierarchy codes for SSL requests (Henrik
4469 Nordstrom).
4470 - Added some descriptions to mib.txt.
4471 - Fixed a bug with non-hierarchical requests (e.g. POST)
4472 and cache digests. We used to look up non-hierarchical
4473 requests in peer digests. A false hit may cause Squid
4474 to forward a request to a sibling. In combination with
4475 'Cache-control: only-if-cached, this generates 504 Gateway
4476 Timeout responses and the request may not be re-forwardable.
4477 - Fixed a filedescriptor leak for some aborted requests.
4478
4479
4d62b0af 4480Changes to Squid-2.1 (November 16, 1998):
8f897f34 4481
4482 - Changed delayPoolsUpdate() to be called as an event.
4483 - Replaced comm_select FD scanning loops with global fd_set
4484 structures. Inspired by Jeff Mogul's patch for squid 1.1.
9e1559ea 4485 - Moved functions common to dns.c, redirect.c, authenticate.c,
4486 ipcache.c, and fqdncache.c into helper.c.
0753aa46 4487 - Changed storeClientCopy2() so that it keeps sending the remainder
4488 of a STORE_ABORTED request, instead of cutting off the client as
4489 soon as the object becomes aborted.
f0538986 4490 - Fixed combined ipf-transparent proxy and a local http-accelerator
4491 operation (Quinton Dolan).
4492 - Rewrote base64_decode.c because of potential buffer overrun
4493 bugs.
912432d8 4494 - Configurable handling of whitespace in request URI's.
4495 See 'uri_whitespace' in squid.conf.
e33ec474 4496 - Added ability to generate HTTP redirect messages from
4497 the redirector output by prepending "301:" or "302:" to the
4498 new url. See FAQ 4.16 for more details.
829a9357 4499 - Eliminated refreshWhen() which was out-of-sync with refreshCheck()
4500 potentially causing under-utilized cache digests
4501 - Maintain refreshCheck statistics on per-protocol basis so we
4502 can tell why ICP or Digests return too many misses, etc.
c68e9c6b 4503 - Fixed delay_pools.c class2/class3 typo (Simon Woods).
4504 - Changed squid.conf's default access controls to deny all
4505 HTTP requests. Admins must write ACL rules to specifically
4506 allow their local clients.
4507 - Patched French error messages (Mathias HERBERTS).
4508 - NextStep porting fixes by Mike Laster:
4509 - use xstrdup() in cf_gen.c
4510 - check for putenv() in configure
4511 - #define S_ISDIR macro
4512 - Added --disable-poll configure option (Henrik Nordstrom).
4513 - Fixed internal URL hostname case bugs (Henrik Nordstrom).
4514 - Patched ftp.c so we never cache autenticated FTP requests
4515 (Henrik Nordstrom).
4516 - Fixed FTP authentication. We tried to unescape authentication
4517 given by basic authentication which is not URL escaped
4518 (Henrik Nordstrom).
4519 - Fixed HTTP version for common logfile format (Henrik Nordstrom).
4520 - Added 'redirect_rewrites_host_header' option to disable rewriting
4521 of Host header for redirector responses (Henrik Nordstrom).
4522 - Allow semi-customized error message signatures (Henrik Nordstrom).
4523 - Fixed bug with errors for unsupported requests (Henrik Nordstrom).
4524 - Fixed handling of blank lines in ACL input files (Henrik
4525 Nordstrom).
4526 - Changed proxy_auth ACL type to consist of a list of valid
4527 users. REQUIRED == any (same as ident ACL). ACL type user
4528 changed to ident since this is what it really is.
4529 (Henrik Nordstrom).
4530 - Fixed long URL bugs; make sure 'log_uri' never exceeds
4531 MAX_URL bytes.
4532 - Allow comments in external ACL files (Gerhard Wiesinger).
4533 - Added 'range_offset_limit' configuration option. Requests
4534 with ranges that start after this value will be passed
4535 on unmodified, and Squid will not cache the response
4536 (Henrik Nordstrom).
4537 - Added Client HTTP Hit byte counters to 'counters' output
4538 (Douglas Swarin).
4539 - Got Squid to compile with --enable-async-io on FreeBSD.
4540 - Fixed infinite loop bug for cachemgr 'config' option.
4541 - Fixed cachability bugs for replies with Pragma: no-cache.
4542 - Made content-type multipart/x-mixed-replace uncachable.
4543 - Y2K fix for parsing dates in "Wed Jun 9 01:29:59 1993 GMT"
4544 format (Richard Kettlewell).
4545 - Fixed passing -s option to dnsserver processes (Alvaro Jose
4546 Fernandez Lago).
4547 - Changed proxy_auth to work on internal objects and when in
4548 accelerator mode. (Henrik Nordstrom)
4549 - Added login=user:password option to cache_peer directive to
4550 be used from a dial-up cache where the parent requires proxy
4551 authentication. (Henrik Nordstrom)
4552 - If you want to "auto-login", then use a URL on the form
4553 http://username:password@server/.... Squid now picks this up
4554 when going direct, and turns it into basic WWW
4555 authentication. It is also possible to do automatic login to
4556 certain servers by using a redirector to add the needed
4557 authentication information. (Henrik Nordstrom)
04f0ba5c 4558 - Changed refreshCheck() so that objects with negative age
4559 are always stale.
4d62b0af 4560 - Fixed "plain" FTP listings (Henrik Nordstrom).
4561 - Fixed showing banner/logon message for top-level FTP
4562 directories (Henrik Nordstrom).
4563 * Changes below have been made to SQUID_2_1_PATCH1
4564 - Fixed pinger packet size assertion.
4565 - Fixed WAIS forwarding.
4566 - Fixed dnsserver coredump bug caused by using both -D and
4567 -s options.
e42d5181 4568 * Changes below have been made to SQUID_2_1_PATCH2
4569 - Fixed EBIT macro bugs when the bitmask is a 64-bit long.
4570 - Fixed proxy auth NULL password bug.
4571 - Fixed queueing of multiple peerRefreshDNS events.
4572 - Added a stack of StoreEntry objects to be released after
4573 store rebuild completes.
4574 - Fixed NULL pointer bugs with too-large requests (found by
4575 Martin Lathoud).
4576 - Fixed reading replies from buggy ident servers. Replies
4577 might not have terminating CR or LF (Henrik Nordstrom).
b4019ff7 4578 - Changed internal StoreEntry key so that the request method
4579 is encoded as a single octet. Encoding an enumerated type
4580 has size and byte-order incompatibilities, especially for
4581 cache digests.
4582 - Fixed storeEntryLocked so that SPECIAL, but PRIVATE entries
4583 are not always locked. This fixes having multiple
4584 store_digest's stuck in memory.
4585 - Fixed clientProcessOnlyIfCachedMiss so it unlocks and
4586 unregisters from "cache hit" entries.
4587 * Changes below have been made to SQUID_2_1_PATCH3
4588 - Fixed memory leak in clientHandleIMSReply for
4589 storeClientCopy failures.
8f897f34 4590
41587298 4591Changes to Squid-2.0 (October 2, 1998):
71d6dc56 4592
4c154d99 4593 - Added NAT/Transparent hijacking code from Quinton Dolan.
4594 - Added actual filesystem usage to cachemgr 'storedir' page.
41587298 4595 Only works for operating systems which support statvfs().
a79d724b 4596 - Fixed HTCP compile-time bugs.
4597 - Fixed quick_abort bugs. Configured values are stored as
4598 Kbytes, not bytes.
41587298 4599 - Removed fwdAbortFetch(). It breaks quick_abort and seems
4600 mostly useless.
0da7d807 4601 - Changed storeDirSelectSwapDir() to skip swap directories
4602 when their utilization is over the high water mark ratio.
9ca005ac 4603 - Fixed off-by-one bug for dead neighbor detection (Joe Ramey).
18cc143b 4604 - fixed bugs in Content-Range header generation
4605 - changed the way Range requests are handled:
71d6dc56 4606 - do not "advertise" our ability to process ranges at
4607 all
4608 - on hits, handle simple ranges and forward complex
4609 ones
4610 - on misses, fetch the whole document for simple ranges
4611 and forward range request for complex ranges
4612 The change is supposed to decrease the number of cases when
4613 clients such as Adobe acrobat reader get confused when we
4614 send a "200" response instead of "206" (because we cannot
4615 handle complex ranges, even for hits) Note: Support for
4616 complex ranges requires storage of partial objects.
41587298 4617 - Removed SNMP mib-2.system group from squid.
6474667e 4618 - Removed SNMP ability to iterate through ipcache and friends.
4619 - Added SNMP ipcache/fqdncache basic statistics.
4620 - Converted SQUID-MIB to SMIv2 (RFC 1902).
4621 - Moved SQUID-MIB to enterprises section of the tree in preparation
4622 of the split into PROXY-MIB & SQUID-MIB.
4623 - Corrected minor errors in SQUID-MIB.
4624 - Moved uptime into cacheSystem from cacheConfig.
4625 - Corrected a number of get-next-request bugs, snmpwalk should now
4626 return all objects and not skip some.
41587298 4627 - Fixed netdbClosestParent() so it won't return sibling
4628 peers.
4629 - Fixed a bug with secondary clients on entries with
4630 ENTRY_BAD_LENGTH set. We should release the
4631 bad entry to prevent secondary clients jumping on.
4632 - Changed MIB to prevent parse warnings at startup.
f0538986 4633 * Changes below have been made to SQUID_2_0_PATCH1
9689d97c 4634 - Fixed a forwarding loop bug. Even though we were detecting
4635 a loop, it was not being broken.
4636 - Try to prevent sibling forwarding loops by NOT forwarding a
4637 request to a sibling if we have a stale copy of the object.
4638 Validation requests should only be sent to parents (or
4639 direct).
4640 - Fixed ncsa_auth hash bugs when re-reading password file.
4641 - Changed clientHierarchical() so that by default SSL/CONNECT
4642 requests do NOT go to neighbor caches.
d87ebd78 4643 - Changed clientHandleIMSReply() to not call storeAbort()
4644 because there can be more than one client hanging on the
4645 StoreEntry. This hopefully fixes "store_status !=
4646 STORE_ABORTED" assertions.
f0538986 4647 - Added temporary fix to httpMakePublic() to prevent assertions
4648 (!EBIT_TEST(e->flags, RELEASE_REQUEST)) in storeSetPublicKey().
4649 * Changes below have been made to SQUID_2_0_PATCH2
4650 - PATCH1 introduced a seriously stupid bug which prevented ICP
4651 queries for all requests. Fixed by checking
4652 request->hierarchical in peerSelectFoo().
18cc143b 4653
4c154d99 4654Changes to squid-1.2.beta25 (September 21, 1998):
4655
4b66bfd3 4656 - Fixed async IO bugs from adding filedescriptor arg to AIOCB
4657 callbacks (Henrik Nordstrom).
4658 - Fixed store_swapout.c assertion. We were freeing object data
4659 past the swapout_done offset. This probably happens (only?)
4660 when an object changes from cachable to uncachable while
4661 it is being swapped out.
a260d877 4662 - Added MEM_CLIENT_SOCK_BUF type so we can change the size
4663 of the buffers used for writing data to the client sockets.
669d90e7 4664 - Added configure check for libbind.a. If found, it will be
4665 used instead of libresolv.a.
4666 - Changed fwdStart() to always allow internally generated
dddd5b55 4667 requests, such as for peer digests. These requests are
4668 known to fwdStart() because the address arg is set to
4669 'no_addr'.
669d90e7 4670 - Completed initial HTCP implementation. It works, but is not
4671 tested much.
2d5c8e74 4672 - Added counters for I/O syscalls.
4673 - Fixed httpMaybeRemovePublic. With broken ICP neighbors
4674 (netapp) Squid doesn't use private keys. This caused us
4675 to remove almost every object from the cache.
4676 - Added 'asndb' cachemgr stats to show AS Number tree.
dddd5b55 4677 - Fixed AS Number byte-order bug for netmasks.
2d5c8e74 4678 - Fixed comm_incoming calling rate for high loads (Stewart
4679 Forster).
426012d2 4680 - Give always_direct higher precedence than never_direct
4681 (Henrik Nordstrom).
dddd5b55 4682 - Changed PORT ACL type to accept ranges. Now you can easily
4683 deny, for example, all priveleged ports except 80, 70, 21,
4684 etc.
4685 - ARP ACL fixes for Linux (David Luyer).
4686 - Replaced various "EBIT" flags bitfileds with structures of
4687 "int:1" members.
4688 - Changed storeKeyPrivate and storeKeyPublic to be a bit more
4689 efficient by removing snprintf(). This causes an
4690 incompatibility with old cache keys, however. To transition,
4691 we will look up both the new and old style keys for about the
4692 next 30 days. After that, if you haven't run this (or a
4693 future) version, your cache contents will be lost.
4694 - Made the client-side write buffer size configurable with
4695 a #define in defines.h. By default it is still 4096 bytes.
4696 - Removed redirectUnregister(). It should be unnecessary
4697 because of cbdata locks.
4698 - Fixed multiple HEAD request brokennesses (Henrik Nordstrom).
4699 - Changed non-blocking connect(2) code to call getsockopt()
4700 instead of connect() again. This is the approach recommended
4701 by Stevens, and fixes bugs on BSD-ish systems when subsequent
4702 connect() calls loop with EAGAIN status.
4703 - Added MD5 cache keys to memory pool accounting.
4704 - Added code to track number of open DISK descriptors and stop
4705 swapping out objects if the number of disk descriptors becomes
4706 too large. For now the limit must be manually configured with
4707 the 'max_open_disk_fds'. By default, there is no limit.
4708 - Stopped encoding a request method in the high byte of the ICP
4709 reqnum field. Instead queried cache keys are copied to a
4710 static array, indexed by the reqnum, modulo the array size.
4711 Now we just use the request number to lookup a cache key,
4712 instead of rebuilding it from the ICP reply URL and method,
4713 unless we have netapp neighbors--they don't do reqnum
4714 properly.
4715 - Fixed reconfigure memory access bugs in redirect.c.
0753aa46 4716 - Ignore unreasonably large ICP RTT values which cause overflow
4717 bugs in calculating the average RTT (thanks Niall!)
4b66bfd3 4718
8e6a43e8 4719Changes to squid-1.2.beta24 (August 21, 1998):
4720
6c4067e5 4721 - Added Bulgarian error pages by Evgeny Gechev.
ceb79b2b 4722 - Changed StoreEntry->lock_count to a u_short.
c7d6216e 4723 - Replaced urlcmp with strcmp
4724 - Fixed pragma no-cache ejecting ENTRY_SPECIAL objects
4725 (Henrik Nordstrom).
4726 - Eliminated unneeded BASE HREF on "root" directories (Henrik
4727 Nordstrom).
4728 - Fixed peerDigestFetchFinish() assertion caused by forwarding
4729 failures (e.g. miss_access rules).
ada249f8 4730 - Changed signal handlers with ASYNC_IO and Linux so that
4731 -k command line options work (Miquel van Smoorenburg).
4616f9ea 4732 - Rewrote shutdown code to use events instead of setting
4733 FD timeouts.
903e21a0 4734 - Fixed cachemgr 'objects' (statObjects()) by adding a check
b6a76fb2 4735 for READ_AHEAD_GAP, and calling storeCheckSwapout() in
4736 storeBufferFlush(). Otherwise, the read-past pages would
4737 never be freed.
681979a2 4738 - Fixed DNSSERVER shutdown bugs. The re-opened dnsserver processes
4739 were being closed by the dnsServerShutdown event.
b6a76fb2 4740 - Modified storeHashInsert() to insert PRIVATE objects at
4741 the tail of the LRU list, and PUBLIC objects at the head.
4742 Thus, PRIVATE objects get kicked out quicker.
95e36d02 4743 - Added David Luyer's DELAY_POOLS code.
54b5b3e5 4744 - Fixed a bug due to HEAD replies which lack the end-of-headers
4745 line.
4746 - Made proxy-auth realm string configurable (Bob Franklin)
4747 - Changed default mime time to a viewable one (Henrik Nordstrom).
4748 - configure fixes for Sony's NEWS-OS 6.x (Makoto MATSUSHITA).
4749 - Fixed 'you are running out of filedescriptors' bug which
4750 could cause the HTTP incoming connection handler to not
4751 be reset.
e23fbf04 4752 - Changed syslog logging. Now squid debug levels 0 and 1 go
d737baa0 4753 to syslog. Level 0 gets LOG_WARNING and level 1 gets LOG_NOTICE
e23fbf04 4754 (this needs more work!)
2cb51fe0 4755 - Fixed memory access errors in statAvgTick().
abc1237e 4756 - Fixed duplicate requestUnlink() bug in forward.c
6c4067e5 4757 - Fixed possible memory access bugs from not setting e->mem_obj
4758 = NULL in destroy_MemObject().
4759 - Deleted TCP_IMS_MISS tag. Always use TCP_IMS_HIT instead.
4760 - Modified headersEnd and httpMsgIsolateHeaders to account
4761 for funky line terminations such as CRCRNL.
4762 (``but Netscape and IE _tolerate_ this'')
4763 - Fixed carp functions (Eric Stern).
4764 - Replaced internal proxy_auth code with extern authentication
4765 module (Arjan de Vet).
4766 - moved hash.c to libmiscutil.a.
e931f99a 4767 - Fixed handling of ICP queries with whitespace in URLs.
4768 Now we return ICP error and escape the URL before logging.
3a15a393 4769 - Added configure check for socklen_t (David Luyer).
4770 - Removed USE_SPLAY #defines; it is now standard.
3a76c002 4771 - Added FD arg to async IO callbacks (AIOCB) so we can eliminate
4772 temporary disk_ctrl_t structures.
4773 - Changed ENOSPC disk write errors to reduce specific cache_dir
4774 sizes, and not just the size of the cache as a whole.
f9cece6e 4775 - Added httpMaybeRemovePublic() to purge public objects for
4776 certain responses even though they are uncachable. This is
4777 needed, for example, when an initially cachable object
4778 later becomes uncachable.
8e6a43e8 4779 - Added refresh_pattern options to ignore client reloads
4780 (Henrik Nordstrom)
4781 - Relocated disk.c code which combines blocks for writing
4782 (Stewart Forster).
c7d6216e 4783
857703c6 4784Changes to squid-1.2.beta23 (June 22, 1998):
4785
cf7f704c 4786 - Added Turkish error pages by Tural KAPTAN.
66bbb757 4787 - Added basic support for Range requests. For most cachable
4788 requests, Squid replies with an "Accept-Ranges" header. Upon
4789 receiving a potentially cachable Range request for a not
4790 cached object, Squid requests the whole object from origin
4791 server and then replies with specified range(s) to the
4792 client. Multi-range requests are supported. Adjacent
4793 overlapping ranges are merged. If-Range requests are
4794 supported. Limitations: Multi-range requests with out of
4795 order ranges are not supported.
4796 - Made md5.c use standard memcpy and memset if they are
4797 avaliable.
4798 - Memory pools will now shrink if Squid is run-time
4799 reconfigured with smaller value of memory_pools_limit tag.
4800 - Added counter for number of clients (Tomi Hakala).
4801 - Changed neighbor UP/DOWN algorithm to require 10 failed TCP
4802 connections for UP->DOWN transition.
4803 - Added 'unique_hostname' configuration option when its
4804 necessary to have multiple machines with the same visible
4805 hostname.
222917b2 4806 - Fixed pumpReadFromClient() to not read too many bytes on
4807 persistent connections.
53856ebd 4808 - We can now cache HTTP replies with Set-Cookie. These evil
4809 headers are now filtered out for cache hits on the client
4810 side.
222917b2 4811 - Fixed SNMP bugs caused by using snmpwalk.
9089cc70 4812 - Fixed snmp system Group; all objects are now returned.
4813 - Fixed snmp system Group sysDescr and sysContact.
78dfab2a 4814 - Fixed snmp system Group sysObjectID it now returns a OBJECT
4815 IDENTIFIER.
7fce9c3e 4816 - Allocate FwdState from mem pools.
4817 - Minor HTCP progress.
222917b2 4818 - Moved 'miss_access' ACL check from client_side.c to forward.c
ed169eab 4819 - Fixed logging of usernames for requests which require
4820 proxy-authentication.
cf7f704c 4821 - Fixed HTTP request parser to accept lowercase HTTP identifier
4822 (Oskar Pearson).
4823 - Fixed FTP listings to always include links to the parent
4824 directory (Henrik Nordstrom).
4825 - Fixed FTP to show an "empty" listing instead of showing
4826 a "document contains no data" error (Henrik Nordstrom).
4827 - Fixed refreshCheck() bug. Often it was checking the
4828 refresh patterns against the string "[null_mem_obj]"
4829 because we moved URLs to MemObject.
4830 - Added CARP support by Eric Stern.
48382032 4831 - Fixed select-spin bug when an ICP reply actually gets queued
4832 and we failed to execute the write callback.
354b5fe1 4833 - Fixed a storeCheckSwapOut bug. We were freeing up to
4834 the queued offset instead of the done offset. This
4835 resulted in a small chunk of object data not being in
4836 memory and not yet written to disk. A client could
4837 recieve a partial object because file_read() unexpectedly
4838 returns EOF.
0aa791f8 4839 - Fixed proxy-authentication hangs (Henrik Nordstrom).
c2354a6b 4840 - Fixed request_t->flags bug causing authenticated, proxied
4841 responses to be cached (Arjan de Vet).
e0e32f36 4842 - Fixed MIME types for .tgz extension (Henrik Nordstrom).
4843 - Added view and download options to FTP listings (Henrik
4844 Nordstrom).
4845 - Modified configure to allow using pre-installed libdlmalloc.a
4846 (Masashi Fujita).
e8d8856c 4847 - Fixed cachemgr 'objects' implementation.
fecf98dc 4848 - Changed refreshCheck() algorithm. For cached objects, we
4849 now check, in the following order:
4850 * request max-age
4851 * response Expires (if present)
4852 * refresh_pattern max-age
4853 * response Last-Modified compared to refresh_pattern
4854 LM-factor (only if Last-Modified is present)
4855 * refresh_pattern min-age
4856 - Changed Copyrights.
d192d11f 4857
ee3a78d4 4858Changes to squid-1.2.beta22 (June 1, 1998):
4859
2246b732 4860 - do not cut off "; parameter" from "digitized" Content-Type
4861 http fields
4862 - Added X-Request-URI for persistent connection debugging
4863 (Henrik Nordstrom)
f4d83f6d 4864 - Added Polish error pages from Maciej Kozinski.
145f10f1 4865 - Fixed hash_first/hash_next bugs with **Current pointer.
4866 Replaced with *next pointer.
f4d83f6d 4867 - Fixed PUT/POST bugs in client (Henrik Nordstrom).
4868 - Deny forwarding loops in httpd accel mode (Henrik Nordstrom).
4869 - Fixed eventRun "spin" bug when event delta time == 0.
a9cc1935 4870 - Fixed setting Last Modified time on cached entries when
4871 receiving a 304 reply.
06e87923 4872 - Added while loop in httpAccept().
4873 - Added while loop in icpHandleUdp().
4874 - Fixed some small memory leaks.
4875 - Fixed single-bit-int flag checks (Henrik Nordstrom).
137ee196 4876 - Replaced "complex" (offset accounting) calls to snprintf with MemBuf
4877 - Do not send only-if-cached cc directive with requests
6474667e 4878 for peer's digests.
ee3a78d4 4879 - Added "automatic tuning" for incoming request rate, i.e.
4880 how often to check HTTP and ICP sockets. See comm.c
4881 comments for details.
145f10f1 4882
6ee40ea2 4883Changes to squid-1.2.beta21 (May 22, 1998):
4884
434b408f 4885 - Added Italian error pages by Alessio Bragadini.
a3f9588e 4886 - Added Estonian error pages by Toomas Soome.
06066bbc 4887 - Added Russian (koi-r) error pages by Andrew L. Davydov.
7b381d33 4888 - Added Czech error pages by Jakub Nantl.
8e866bb4 4889 - Fixed asnAclInitialize calling to prevent coredump.
4890 - Fixed FTP directory parsing again.
4891 - Made FTP directory listing "Generated" tagline like
4892 the one for error pages.
52f977aa 4893 - Fixed an assertion coredump in statHistCopy from
6474667e 4894 reconfiguring with different #peers in squid.conf
10202788 4895 - Ignore leading whitespace on requests (and replies). RFC
4896 2068 section 4.1, robustness (Henrik Nordstrom)
4897 - Fixed keep_alive bug. We did not always honour reply
4898 headers, but rather assumed connections could be persistent.
4899 - Fixed reading whois output for AS numbers, especially when
4900 they are longer than 4 KB.
4901 - Removed 'cache_stoplist_pattern' configuration option. This
4902 feature is now handled by 'no_cache'.
4903 - If a URN resolves to only one URL, just return it immediately
4904 instead of giving the user a "choice" (Andy Powell).
4905 - Fixed year-2000 bug in lib/iso3307.c (Henrik Nordstrom).
4906 - Changed squid-internal object names.
4907 - Added netdb exchange protocol.
4908 - Fixed wordlistDestroy() uninitialized pointer bug in
4909 ftpParseControlReply.
06066bbc 4910 - Fixed redirector subprocess to show real program name.
4911 - Changed URN menu output to be sorted.
4912 - Added fast select(2) timeouts when using ASYNC_IO.
4913 - Added ARP ACL support for Linux (David Luyer).
6474667e 4914 - Added binary http headers to requests
4915 - request_t objects are now created and destroyed in a consistent way
4916 - Fixed cache control printf bug
4917 - Added a lot of new http header ids
4918 - Improved Connection: header handling; now both Connection and
4919 Proxy-Connection headers are checked for connection directives
4920 - Connection request header is now handled correctly regardless
4921 of its position and the number of entries
2246b732 4922 - Only replies with valid Content-Length can be sent with keep-alive
4923 connection directive (Henrik Nordstrom)
6474667e 4924 - Better handling of persistent connection "clues" in HTTP headers;
2246b732 4925 the decision now depends on HTTP version (and User-Agent exceptions)
6474667e 4926 - Removed handling of "length=" directive in IMS headers;
4927 the directive is not in the HTTP/1.1 standard;
4928 standing by for objections
4929 - allowed/denied headers are now checked using bit masks instead of
4930 strcmp loops
4931 - removed Uri: from allowed headers; Uri is deprecated in RFC 2068
2246b732 4932 - removed processing of Request-Range header (not in specs?)
7b381d33 4933 - Fixed byte-order bugs in cacheDigestHashKey.
4934 - Changed hash_remove_link() to return void.
4935 - Changed ipcache_gethostbyname() to return NULL if
4936 i->addrs.count == 0.
6de5fa88 4937 - Added millisecond-timing to select/poll loops and event
4938 queue.
4939 - Changed 'peerPingTimeout' value to be twice the average
4940 of all the peer ICP RTT's.
4941 - Added 'half_closed_clients' option to force closing of
4942 client connections which might only be half-closed.
4943 - Fixed matchDomainName coredump bug.
4944 - Don't cache HTTP replies with Vary: headers until we
4945 get content negotiation working.
4946 - Fixed SSL proxying to forward full HTTP request headers.
c09459dd 4947 - Changed storeGetMemSpace(). Only purge down to the HIGH
4948 water mark; move locked entries to the head of the inmem
4949 list.
4950 - Changed clientReadRequest() to locally handle any
4951 "squid-internal-static" URL for any host.
52f977aa 4952 - Disable persistent connections for client connections
4953 from broken Netscape User-Agent, version 3.* (Stewart Forster)
434b408f 4954
901b8eaf 4955Changes to squid-1.2.beta20 (April 24, 1998):
4956
fd1bc012 4957 - Improved support for only-if-cached cache control directive.
4958 - Enabled 304 replies for ENTRY_SPECIAL objects (e.g., icons).
a1a62b14 4959 - Fixed 'quick_abort' percent calculation bug.
4960 - Fixed quick_abort FPE bug.
4961 - Changed more errno-checking functions to use ignoreErrno().
4962 - Added ERESTART to ignoreErrno() because of report from
4963 a Solaris system.
4964 - Fixed '#elsif' typo.
4965 - Fixed MemPool assertion by moving memInit() to before
4966 configuration parsing functions.
4967 - Fixed default 'announce_period' value (was 1 day, should
4968 be 0) (Joe Ramey).
4969 - Added configure warning for low filedescriptors and pointer
4970 to FAQ.
b0497a40 4971 - Fixed httpBodySet() bug causing URN related coredumps.
4972 - Changed ipcacheCycleAddr() to always cycle through all all
4973 available addresses, and not just advance when one of
4974 them goes BAD.
4975 - Fixed squid-internal bug for mixed-case hostnames (Henrik
4976 Nordstrom).
4e41d49f 4977 - Fixed ICP counting probelm. icpUdpSend() arg should be
4978 LOG_ICP_QUERY instead of LOG_TAG_NONE.
e4b71f74 4979 - Added some additional fault toleranse on FTP data channels
4980 (Henrik Nordstrom).
4981 - Corrected error reporting on FTP "hacks" (Henrik Nordstrom).
4982 - Added lock/unlock for StoreEntry during storeAbort().
4983 - Added filemap bit usage stats to cachemgr 'storedir' and
4984 'info'.
4985 - Replaced 'cache_stoplist' with 'no_cache' Access list.
4986 - Fixed (hopefully) remaining swapfile-open-at-exit bugs.
44745828 4987 - Fixed default hierarchy_stoplist to be ``default if none.''
4988 - Fixed 'fake a recent reply' hack for detecting DEAD
4989 and ALIVE neighbors (Joe Ramey).
e376562a 4990 - Fixed FTP directory parsing bugs (Joe Ramey).
4991 - Fixed ftpTraverseDirectory coredump for NULL ftpState->filepath
4992 (Joe Ramey).
dea17509 4993 - Fixed daylight savings time bug (again).
fd1bc012 4994 - A lot of Cache Digests additions, fixes, and tuning.
4995 Cache Digests are still "very experimental".
e376562a 4996 - Fixed snprintf() bug. When len == 1, snprintf() would treat
4997 the buffer as unknown size, emulating sprintf() behaviour.
4998 - Made Error page language configurable with configure script
4999 (Henrik Nordstrom).
5000 - Fixed squid-internal URLs when http_port == 80.
5001 - Remember the client address on redirected requests (Henrik
5002 Nordstrom).
5003 - Don't rebuild the request if the redirector returned the same
5004 URL (Henrik Nordstrom).
5005 - Rewrite Host: header on redirected requests (Henrik
5006 Nordstrom).
5007 - Include port (if non-standard) in generated Host: headers
5008 (Henrik Nordstrom).
5009 - Fixed rfc1123 timezone hacks for Windows NT
5010 (Henrik Nordstrom).
5011 - Added Russian Error pages by Ilia Zadorozhko.
5012 - Added totals for ICP and HTTP hits to cachemgr client_list
5013 output.
6cfa8966 5014 - Changed error message to 'Generated TIME by HOST (SQUID/VER)'
5015 because any string with an '@' must be an email address.
e376562a 5016 - Fixed POST for content-length == 0.
901b8eaf 5017 - Fixed "huge 304 reply" loop bug.
5e9ab945 5018 - Fixed --enable-splaytree compile bugs.
c93fbf13 5019 - Removed ASN lookup code in peer_select.c.
b6a2f15e 5020 - Added warnings if ACL code detects subdomains in SPLAY
5021 trees.
5022 - Rewrote some bits of httpRequestFree() to eliminate
5023 possible bugs that could cause an "e->lock_count" asseertion.
5024 - Added value/bounds checking to _db_init() when setting
5025 the debugLevels[] array.
fd1bc012 5026
005e5260 5027Changes to squid-1.2.beta19 (Apr 8, 1998):
5028
b0497a40 5029 - Squid-1.2.beta19 compiles and runs on Windows/NT with
5030 Cygnus Gnu-WIN32 b19 (Henrik Nordstrom).
447203a7 5031 - Added French Error pages by Frank DENIS.
5032 - Added Dutch Error pages by Mark Visser
901b8eaf 5033 - Added German Error pages by Bernd P. Ziller, Jens Frank,
5034 and Anke S.
f9f2be04 5035 - Added support for only-if-cached cache-control directive.
005e5260 5036 - Added RELAXED_HTTP_PARSER #define to allow requests which are
5037 missing the HTTP identifier on the request line (e.g. buggy
5038 SpyGame queries). RELAXED_HTTP_PARSER is undefined by default.
1f4d31f9 5039 - Fixed disk.c FD leak for delayed closes in
5040 diskHandleWriteComplete().
5041 - Fixed cache announcement feature.
20fe7191 5042 - Fixed httpReadReply() to retry failed HTTP requests on
5043 persistent connections when read() returns -1, not only
5044 when it returns 0.
805e5f70 5045 - Fixed cbdata memory counting leak. cbdataUnlock() always
5046 called free(), never memFree().
ff396fe6 5047 - Fixed storeDirWriteCleanLogs() malloc bug on Alphas.
005e5260 5048 - Fixed `++loopdetect < 10' assertion due to
5049 clientHandleIMSReply bug for invalid/partial HTTP
5050 replies.
5051 - Added preliminary code for HTCP.
5052 - Renamed 'aux' dir to 'cfgaux' for legacy DOS machines.
5053 - Added "snmp_community" as an ACL type.
5054 - Cleaned up proxy-auth acl implementation and removed
5055 memory leaks.
5056 - Added generic 'hashFreeItems()' function for efficiently
5057 freeing hash table pointers.
5058 - Added whoisTimeout() for ASN code.
447203a7 5059 - Removed BINARY TREE code.
005e5260 5060 - Fixed forgetting to reset Config.Swap.maxSize in
5061 configDoConfigure.
5062 - Fixed httpReplyUpdateOnNotModified() arguments-in-wrong-order
5063 bug which caused not modified replies to not get updated.
5064 - Fixed client_side.c bugs which could cause data to be written
5065 to the client in the wrong order for persistent connections.
5066 clientPurgeRequest() and clientHandleIMSComplete() must not
5067 call comm_write(). Instead they must create and write to
5068 StoreEntry's.
5069 - Fixed ICP query service time counting bug(s).
5070 - replaced 'char *mime_headers_end()' with 'size_t headersEnd()'
5071 to fix buffer overruns. This also requires adding 'buf_sz'
5072 args to some functions like clientBuildReplyHeader().
5073 But we can eliminate the need to NULL-terminate the
5074 buffer beforehand.
5075 - Changed commConnectCallback() to reset the FD timeout to
5076 zero before notifying about the connection. This requires
5077 commSetTimeout() calls in numerous places to reinstall
5078 timeouts.
5079 - Changed comm_poll_incoming() to be called less frequently
5080 (every 15 I/O's instead of every 7 FD's) (Michael O'Reilly).
5081 - Removed HAVE_SYSLOG case for debug() macro. Almost all
5082 systems do have syslog(), but more importatnly the
5083 _db_level value is needed for debugging to stderr.
5084 - Rewrote squid/dnsserver interface to use smaller, single-line
5085 messages.
5086 - Rewrote 'dns' cachemgr output to use a table format.
5087 - Rewrote a lot of dnsserver.c.
5088 - Added eventAddIsh() for semi-random event scheduling.
5089 - Fixed an ftpTimeout bug for sessions which use PORT
5090 commands.
5091 - Fixed ftp.c to recognized invalid PASV replies (e.g.
5092 port == 0).
5093 - Removed hash_insert(). All hasing uses hash_join() now.
5094 - Renamed hash_unlink() to hash_remove_link().
5095 - Added hashPrime() to find closes prime hash table size
5096 to a given value.
5097 - Fixed Keep-Alive ratio counting bug which prevented
5098 persistent connections from being used between cache
5099 peers.
5100 - Changed icmp.c to NOT queue messages sent from squid to
5101 the pinger program.
5102 - Changed icp_v2.c to NOT queue ICP messages by default.
5103 But they will be queued and resent once if the first
5104 send fails. Counters.icp.queued_replies counts the
5105 number of messaages queued.
5106 - Cleaned up ICP logging.
5107 - Added identTimeout().
5108 - Fixed ipcache reply counting bug. Overcounted dnsserver
5109 replies for partial replies.
5110 - Added urlInternal() for building internal Squid URLs.
5111 - Changed peerAllowedToUse() to check both 'cache_peer_domain'
5112 AND 'cache_peer_acl' configurations. This should be changed
5113 in the fugure to use ONLY cache_peer_acl.
5114 - Changed DEAD/REVIVED neighbor detection to avoid reporting
5115 so many false deaths. (Joe Ramey).
5116 - Added some preliminary code to support "cache digests."
5117 - Fixed pumpClose() coredumps (?).
5118 - Updated cachemgr 'info' output to show median service
5119 times for various categories.
5120 - Fixed ABW bug in storeDirWriteCleanLogs(). sizeof(off_t)
5121 != sizeof(int) for Alphas.
5122 - Fixed potential alignment problem in storeDirWriteCleanLogs().
5123 - Fixed store_rebuild.c to NOT replace current, but
5124 not-swapped-out StoreEntry's with on-disk entries.
5125 - Changed storeCleanup() to call storeRelease on invalid
5126 entries which don't have a swapfile (i.e. no unlink()
5127 penalty).
5128 - Fixed storeSwapInStart() to fail for unvalidated
5129 entries.
5130 - SNMP changes:
5131 . renovated mib and added descriptions and comments
5132 . added hit and byte counters to client_db , for
5133 cacheClientTable
5134 . cacheClientTable, netdbTable, cachePeerTable,
5135 cacheConnTable now indexed by ip address. hash_lookup was
5136 enhanced to allow for subsequent hash_next's similar to
5137 hash_first, to speed up getnext's in tables which refer to
5138 hash-table structures.
5139 . added generic (well, sorf of) table indexing functionality
5140 . added makefile dependencies for snmplib and cache_snmp.h
5141 . WaisHost, WaisPort, Timeouts removed
5142 . FdTable split into FdTable and ConnTable. FdTable simplified
5143 . PeerTable and PeerStat merged and put into new cacheMesh
5144 group
5145 . cacheClientTable added for client statistics and accounting
5146 (cacheMesh 2)
5147 . cacheSec and cacheAccounting groups removed
5148 . fixed acl bug when communities not defined
5149 . snmp_acl now survives bad configuration
81d0c856 5150
9a713ffb 5151Changes to squid-1.2.beta18 (Mar 23, 1998):
5152
275d9f2e 5153 - Added v1.1 'test_reachability' option.
5154 - Fixed hash4() len == 0 bug.
2c26197b 5155 - Fixed Config.Swap.maxSize reconfigure bug.
5156 - Fixed ICP query bug determining request method.
5157 - Moved ICP's storeGet() cache lookup into neighborsUdpAck()
5158 so that we know neighbors are alive even when they send
5159 us replies for unknown entries.
5160 - Changed configure script to add '-std1' for Digital Unix cc.
5161 - Fixed SNMP sizeof(int) / sizeof(long) bugs for 64-bit
5162 systems.
5163 - Added support for 'Cache-Control: Only-If-Cached' request header.
34ad1721 5164 - Fixed CheckQuickAbort() bugs for multiple clients on one
5165 StoreEntry. Also changed storePendingNClients() to return
5166 mem->nclients instead of counting the number of store_client
5167 entries with pending callback functions.
275d9f2e 5168
041b157e 5169Changes to squid-1.2.beta17 (Mar 17, 1998):
5170
df43fc93 5171 - SNMP MIB version check changed to non-rcs.
02922e76 5172 - Added memory pools for variable size objects (strings).
5173 There are three pools; for small, medium, and large objects.
5174 - Extended String object to use memory pools. Most fixed size char
5175 array fields will be replaced using string pools. Same for most
5176 malloc()-ed buffers.
5e14bf6d 5177 - Changed icon handling to use the hostname and port of the squid
9ed90c85 5178 server, instead of the special hostname "internal.squid"
5179 (Henrik Nordstrom).
5e14bf6d 5180 - All icons are now configured in mime.conf. No hardcoded icons,
f8360ee3 5181 including gohper icons (Henrik Nordstrom).
459f2559 5182 - Fixed ICP bug when we send queries, but expect zero
5183 replies.
ed9c0b33 5184 - Fixed alignment/casting bugs for ICP messages.
2b5b6324 5185 - A generic client-to-server "pump" was added to handle HTTP
5186 PUT as well as POST methods on the client-cache side. Based on
5187 "pump" PUT requests can be made to either HTTP or FTP url's.
5188 Code is still beta and interoperability with browsers etc has
5189 not been tested.
5190 - Put #ifdefs around 'source_ping' code.
5e14bf6d 5191 - Added missing typedef for _arp_ip_data (Wesha).
5192 - Added regular-expression-based ACLs for client and server
5193 domain names (Henrik Nordstrom).
5194 - Fixed ident-related coredumps from incorrect callback data.
5195 - Fixed parse_rfc1123() "space" bug.
5196 - Fixed xrealloc() XMALLOC_DEBUG bug (not calling check_free())..
5197 - Fixed some src/asn.c end-of-reply bugs and memory leaks.
5198 - Fixed some peer->options flag-setting bugs.
5199 - Fixed single-parent feature to work again
5200 - Removed 'single_parent_bypass' configuration option; instead
5201 just use 'no-query'.
5202 - Surrounded 'source_ping' code with #ifdefs.
5203 - Changed 'deny_info URL' to use a custom Error page.
5204 - Modified src/client.c for testing POST requests.
041b157e 5205 - Fixed hash4() for SCO (Vlado Potisk).
459f2559 5206
7ba777f2 5207Changes to squid-1.2.beta16 (Mar 4, 1998):
5208
447203a7 5209 - Added Spanish error messages from Javier Puche.
02922e76 5210 - Added Portuguese error messages from Pedro Lineu Orso
0965bd19 5211 - Added a simple but very effective hack to cachemgr.cgi that tries to
5212 interpret lines with '\t' as table records and formats them
5213 accordingly. With a few exceptions (see source code), first line
5214 becomes a table heading ("<th>" html tag) and the rest is formated
5215 with "<td>" tags.
7021844c 5216 - Added "mem_pools_limit" configuration option. Semantics of
5217 "mem_pools" option has also changed a bit to reflect new memory
5218 management policy.
7ba777f2 5219 - Reorganized memory pools. Squid now supports a global pool
5220 limit instead of individual pool limits. Per-pool limits can be
3a88d597 5221 implemented on top of the current scheme if needed, but it is
7ba777f2 5222 probably hard to guess their values. Squid distributes pool
5223 memory among "frequently allocated" objects. There is a
5224 configurable limit on the total amount of "idle" memory to be
5225 kept in reserve. All requests that exceed that amount are
5226 satisfied using malloc library. Support for variable size
5227 objects (mostly strings) will be enabled soon.
5228 - memAllocate() has now only one parameter. Objects are always
5229 reset with 0s. (We actually never used that parameter before;
5230 it was always set to "clear").
5231 - Added Squid "signature" to all ERR_ pages. The signature is
5232 hardcoded and is added on-the-fly. The signature may use
5233 %-escapes. Added interface to add more hard-coded responses if
5234 needed (see errorpage.c::error_hard_text).
5235 - Both default and configured directories are searched for ERR_
5236 pages now. Configured directory is, of course, searched first.
5237 This allows you to customize a subset of ERR_ pages (in a
5238 separate directory) without danger of getting other copies out
5239 of sync.
5240 - Security controls for the SNMP agent added. Besides
5241 communities (like password) and views (part of tree
5242 accessible), the snmp_acl config option can be used to do acl
5243 based access checks per community.
5244 - SNMP agent was heavily re-written, based on cmu-snmpV1.8. You
5245 can now walk through the whole mib tree. Several new variables
5246 added under cacheProtoAggregateStats
12cf1be2 5247 - Added rudimental statistics for HTTP headers.
7ba777f2 5248 - Adjusted StatLogHist to a more generic/flexible StatHist.
12cf1be2 5249 Moved StatHist implementation into a separate file.
178dbda2 5250 - Added FTP support for PORT if PASV fails, also try the
5251 default FTP data port (Henrik Nordstrom).
5252 - Fixed NULL pointer bug in clientGetHeadersForIMS when a
5253 request is cancelled for fails on the client side.
5254 - Filled in some squid.conf comments (never_direct,
5255 always_direct).
5256 - Added RES_DNSRCH to dnsserver's _res.options when the
5257 -D command line option is given.
5258 - Fixed repeated Detected DEAD/REVIVED Sibling messages when
5259 peer->tcp_up == 0 (Michael O'Reilly).
5260 - Fixed storeGetNextFile's incorrect "directory does not exist"
5261 errors (Michael O'Reilly).
5262 - Fixed aiops.c race condition (Michael O'Reilly, Stewart
5263 Forster).
5264 - Added 'dns_nameservers' config option to specify non-default
5265 DNS nameserver addresses (Maxim Krasnyansky).
5266 - Added lib/util.c code to show memory map as a tree
5267 (Henrik Nordstrom).
5268 - Added HTTP and ICP median service times to Counters and
5269 cachemgr average stats.
5270 - Changed "-d" command line option to take debugging level
5271 as argument. Debugging equal-to or less-than the argument
5272 will be written to stderr.
3ff01c3e 5273 - Removed unused urlClean() function from url.c.
adba4a64 5274 - Fixed a bug that allowed '?' parts of urls to be recorded in
ef65d6ca 5275 store.log. Logged urls are now "clean".
178dbda2 5276 - Cache Manager got new Web interface (cachemgr.cgi). New .cgi
5277 script forwards basic authentication from browser to squid.
5278 Authentication info is encoded within all dynamically generated
5279 pages so you do not have to type your password often.
5280 Authentication records expire after 3 hours (default) since
5281 last use. Cachemgr.cgi now recognizes "action protection" types
5282 described below.
5283 - Added better recognition of available protection for actions
5284 in Cache Manager. Actions are classified as "public" (no
5285 password needed), "protected" (must specify a valid password),
5286 "disabled" (those with a "disable" password in squid.conf), and
5287 "hidden" (actions that require a password, but do not have
5288 corresponding cachemgr_passwd entry). If you manage to request
5289 a hidden, disabled, or unknown action, squid replies with
5290 "Invalid URL" message. If a password is needed, and you failed
5291 to provide one, squid replies with "Access Denied" message and
5292 asks you to authenticate yourself.
5293 - Added "basic" authentication scheme for the Cache Manager.
5294 When a password protected function is accessed, Squid sends an
5295 HTTP_UNAUTHORIZED reply allowing the client to authorize itself
5296 by specifying "name" and "password" for the specified action.
5297 The user name is currently used for logging purposes only. The
5298 password must be an appropriate "cachemgr_passwd" entry from
5299 squid.conf. The old interface (appending @password to the url)
5300 is still supported but discouraged. Note: it is not possible
5301 to pass authentication information between squid and browser
5302 *via a web server*. The server will strip all authentication
5303 headers coming from the browser. A similar problem exists for
5304 Proxy-Authentication scheme.
5305 - Added ERR_CACHE_MGR_ACCESS_DENIED page to notify of
5306 authentication failures when accessing Cache Manager.
63259c34 5307 - Added "-v" (Verbose) and "-H" (extra Headers) options to client.c.
178dbda2 5308 - Added simple context-based debugging to debug.c. Currently,
5309 the context is defined as a constant string. Context reporting
5310 is triggered by debug() calls. Context debugging routines
5311 print minimal amount of information sufficient to describe
5312 current context. The interface will be enhanced in the future.
5313 - Replaced _http_reply with HttpReply. HttpReply is a
5314 stand-alone object that is responsible for parsing, swapping,
5315 and comm_writing of HTTP replies. Moved these functions from
5316 various modules into HttpReply module.
8bfcd557 5317 - Added HttpStatusLine, HttpHeader, HttpBody.
178dbda2 5318 - All HTTP headers are now parsed and stored in a "compiled"
5319 form in the HttpHeader object. This allows for a great
5320 flexibility in header processing and builds basis for support
5321 of yet unsupported HTTP headers.
5322 - Added Packer, a memory/store redirector with a printf
5323 interface. Packer allows to comm_write() or swap() an object
5324 using a single routine.
5325 - Added MemBuf, a auto-growing memory buffer with printf
5326 capabilities. MemBuf replaces most of old local buffers for
5327 compiling text messages.
5328 - Added MemPool that maintains a pre-allocated pool of opaque
5329 objects. Used to eliminate memory thrashing when allocating
5330 small objects (e.g. field-names and field-value in http
5331 headers).
8bfcd557 5332
3197e644 5333Changes to squid-1.2.beta15 (Feb 13, 1998):
5334
55647891 5335 NOTE: This version has changes which may cause all or part
5336 of your cache to be lost. However, you can problably
5337 save most of it by doing a slow restart. Specifically:
5338
5339 1. Kill the running squid-1.2.beta14 process; wait for it to
5340 fully exit.
5341 2. Remove all 'swap.state*' files, either in each cache_dir, or
5342 as defined in your squid.conf
5343 3. Start squid-1.2.beta15. The store will be rebuilt from the
5344 existing swap files, reading the directories and opening
5345 the files.
5346
bcfbdc11 5347 - Fixed some problems related to disk (and pipe) write error
5348 handling. file_close() doesn't always close the file
5349 immediately; i.e. when there are pending buffers to write.
5350 StoreEntry->lock_count could become zero while a write is
5351 pending, then bad things happen during the callback.
5352 - The file_write() callback data must now be in the callback
5353 database (cbdata). We now use the swapout_ctrl_t structure
5354 for the callback data; it stays around for as long as we are
5355 swapping out.
5356 - Changed the way write errors are handled by diskHandleWrite.
5357 If there is no callback function, now we exit with a fatal
5358 message under the assumption that the file in question is a
5359 log file or IPC pipe. Otherwise, we flush all the pending
5360 write buffers (so we don't see multiple repeated write errors
5361 from the same descriptor) and let the upper layer decide how
5362 to handle the failure.
5363 - Fixed storeDirWriteCleanLogs. A write failure was leaving
5364 some empty swap.state files, even though it tells us that its
5365 "not replacing the file." Don't flush/rename logs which we
5366 have prematurely closed due to write failures, indiciated by
5367 fd[dirn] == -1. Close these files LAST, not before
5368 renaming.
5369 - Fixed storeDirClean to clean directories in a more sensible
5370 order, instead of the new "MONOTONIC" order for swap files.
0465e406 5371 - Merged fdstat.c functions into fd.c.
5372 - Cleaned up some debugging sections. Some unrelated source
5373 files were using the same section.
5374 - Removed curly brackets from all cachemgr output.
5375 - Removed unused filemap->last_file_number_allocated member.
5376 - Removed unused fde->lifetime_data member.
5377 - Fixed incorrectly applying htonl() on icp_common_t->shostid.
5378 - Call setsid() before exec() in ipc.c so that child processes
5379 don't receive SIGINT (etc) when running squid on a tty.
2f2dd5ad 5380 - Changed StoreEntry->object_len to ->swap_file_sz so we
5381 can verify the disk file size at restart. Moved object_len
5382 to MemObject->object_sz. Note object_sz is initialized
5383 to -1. If object_sz < 0, then we need to open the swap
5384 file and read the swap metadata.
5385 - Changed store_client->mem to ->entry because we need
5386 e->swap_file_sz to set mem->object_sz at swapin.
2f2dd5ad 5387 - Renamed storeSwapData structure to storeSwapLogData.
5388 - Fixed storeGetNextFile to not increment d->dirn. Added
5389 check for opendir() failure.
5390 - Fixed storeRebuildStart to properly link the directory
5391 list for storeRebuildfromDirectory mode.
e157f97f 5392 - Added -S command line option to double-check store
5393 consistency with disk files in storeCleanup().
5394 - Fixed a problem with transactional logging. In many
5395 cases we were adding the public cache key and then
5396 logging a delete for the private key. This is worthless
5397 because during rebuild we could not locate the previous
5398 public-keyed entry. Now we assert that only public-keyed
5399 entries can be logged to swap.state. storeSetPublicKey()
5400 and storeSetPrivateKey() have been modified to log an
5401 ADD or DEL when the key changes.
5402 - Fixed storeDirClean bug. Needed to call
5403 storeDirProperFileno() so the "dirn bits" get set.
5404 - Fixed a storeRebuildFromDirectory bug. fullpath[] and
5405 fullfilename[] were static to that function and did
5406 not change when the "rebuild_dir" arg did. Moved these
5407 buffers to the rebuild_dir structure.
5408 - In storeRebuildFromSwapLog, we were calling storeRelease()
5409 for cache key collisions. This only set the RELEASE_REQUEST
5410 bit and did not clear the swap_file_number in the filemap or
5411 in the StoreEntry, so the swap file could get unlinked later
5412 when it was really released.
4e0f0471 5413 - Fixed FTP so that ';type=X' specifically sets the HTTP reply
5414 content-type and content-encoding (Henrik Nordstrom).
5415 - Removed 'icon_content_type' configuration option. Content
5416 types now taken from mime.conf (Henrik Nordstrom).
2a9b2b73 5417 - Added additional memory malloc tracing and memory leak
5418 detection. Use --enable-xmalloc-debug-trace configure
5419 option and -m command line option (Henrik Nordstrom).
bcfbdc11 5420
93169941 5421Changes to squid-1.2.beta14 (Feb 6, 1998):
5422
5471db88 5423 - Replaced snmplib free() calls with xfree().
5424 - Changed the 'net_db_name' hash table structure to
5425 make it easier to move names from one network to another
5426 (copied from 1.1 code).
93169941 5427 - Filled in some of the config dump routines (dump_acl,
5428 dump_acl_access).
5429 - Full memory debugging option (--enable-xmalloc-debug-trace)
5430 (Henrik Nordstrom).
5431 - Filled-in and clarified many squid.conf comments (Oskar
5432 Pearson).
5433 - Fixed up handling of SWAP_LOG_DEL swap.state entries.
5471db88 5434
f91834bf 5435Changes to squid-1.2.beta13 (Feb 4, 1998):
f577e074 5436
b4512acd 5437 - NOTE: With this version the "swap.state" file format has
5438 changed. Running this version for the first time will
5439 cause your current cache contents to be lost!
f91834bf 5440 - NOTE: this version still has the bug where we don't rewind
5441 a swapout file and rewrite the swap meta data. Objects
5442 larger than 8KB will be lost when rebuilding from the swap
5443 files.
d04dd4bf 5444 - Combined various interprocess communication setup functions
5445 into ipcCreate().
5446 - Removed some leftover ICP_HIT_OBJ things.
5447 - Removed cacheinfo and proto_count() and friends; these are to
5448 be replaced in functionality by StatCounters and 5/60 minute
5449 average views via cachemgr.
5450 - Fixed --enable-acltree configure message (Masashi Fujita).
5451 - Fixed no reference to @LIB_MALLOC@ in src/Makefile.in
5452 (Masashi Fujita).
5453 - Fixed building outside of source tree (Masashi Fujita).
dbfed404 5454 - FTP: Format NLST listings, and inform the user that the NLST
5455 (plain) format is available when we find a LIST listing that we
5456 don't understand (Henrik Nordstrom)
5457 - FTP: Use SIZE on Binary transfers, and not ASCII. The
5458 condition was inversed, making squid use SIZE on ASCII
5459 transfers (Henrik Nordstrom).
5460 - Enable virtual and Host: based acceleration in order to be
5461 able to use Squid as a transparent proxy without breaking
5462 either virtual servers or clients not sending Host: header
5463 the order of the virtual and Host: based acceleration needs
5464 to be swapped, giving Host: a higher precendence than virtual
5465 host (Henrik Nordstrom).
5466 - Use memmove/bcopy as detected by configure Some systems does
5467 not have memmove, but have the older bcopy implementation
5468 (Henrik Nordstrom).
6cf028ab 5469 - Completely rewritten aiops.c that creates and manages a pool
5470 of threads so thread creation overhead is eliminated (SLF).
5471 - Lots of mods to store.c to detect and cancel outstanding
5472 ASYNC ops. Code is not proven exhaustive and there are
5473 definately still cases to be found where outstanding disk ops
5474 aren't cancelled properly (SLF).
5475 - Changes to call interface to a few routines to support disk
5476 op `tagging', so operations can be cleanly cancelled on
5477 store_abort()s (SLF).
5478 - Implementation of swap.state files as transaction logs.
5479 Removed objects are now noted with a negative object size.
5480 This allows reliatively clean rebuilds from non-clean
5481 shutdowns (SLF).
5482 - Now that the swap.state files are transaction logs, there's
5483 now no need to validate by stat()ing. All the validation
5484 procedure does is now just set the valid bit AFTER all the
5485 swap.state files have been read, because by that time, only
5486 valid objects can be left. Object still need to be marked
5487 invalid when reading the swap.state file because there's no
5488 guarantee the file has been retaken or deleted (SLF).
5489 - An fstat() call is now added after every
5490 storeSwapInFileOpened() so object sizes can be checked. Added
5491 code to storeRelease() the object if the sizes don't match (SLF).
6474667e 5492 - #defining USE_ASYNC_IO now uses the async unlink() rather than
5493 unlinkd() (SLF).
6cf028ab 5494 - #defining MONOTONIC_STORE will support the creation of disk
5495 objects clustered into directories. This GREATLY improves disk
5496 performance (factor of 3) over old `write-over-old-object'
5497 method. If using the MONOTONIC_STORE, the
5498 {get/put}_unusedFileno stack stuff is disabled. This is
5499 actually a good thing and greatly reduces the risk of serving
5500 up bad objects (SLF).
5501 - Fixed unlink() in storeWriteCleanLogs to be real unlink()
5502 rather than ASYNC/unlinkd unlinks. swap.state.new files were
5503 being removed just after they were created due to delayed
5504 unlinks (SLF).
5505 - Disabled various assertions and made these into debug warning
5506 messages to make the code more stable until the bugs can be
5507 tracked down (SLF).
5508 - Added most of Michael O'Reilly's patches which included many
5509 bug fixes. Ask him for full details (SLF).
5510 - Moved aio_check_callbacks in comm_{poll|select}(). It was
5511 called after the fdset had been built which was wrong because
5512 the callbacks were changing the state of the read/write
5513 handlers prior to the poll/select() calls (SLF).
f09f5b26 5514 - Fixed ARP ACL memory leaks (Dale).
f577e074 5515 - Eliminated URL and SHA cache keys. Cache keys will always
5516 be MD5's now.
5517 - Fixed up store swap meta data.
5518 - Changed swap.state logs to a binary format.
f91834bf 5519 - The swap.state logs are written transaction-style.
d04dd4bf 5520
b5cfbd5b 5521Changes to squid-1.2.beta12 (Jan 30, 1998):
5522
b4512acd 5523 - Added metadata headers to cache swap files. This is an
5524 incompatible change with previous versions. Running this
5525 version for the first time will cause your current cache
5526 contents to be lost.
9fc0b4b8 5527 - -D_REENTRANT when linking with -lpthreads (Henrik Nordstrom)
5528 - Show symlink destinations as a hyperlink in FTP listings
5529 (Henrik Nordstrom)
3a4eaced 5530 - Fixed not allocating enough space for rewriting URLs with
5531 the Host: header (Eric Stern).
5532 - Year-2000 fixes (Arjan de Vet).
5533 - Fixed looping for cache hits on HEAD requests.
fc6dc767 5534 - Fixed parseHttpRequest() coredump for
6474667e 5535 "GET http://foo HTTP/1.0\r\n\r\n\r\n"
9fc0b4b8 5536
9f802cb1 5537Changes to squid-1.2.beta11 (Jan 6, 1998):
5538
fd82d0b0 5539 - Fixed fake 'struct rusage' definition which prevented compling
5540 on Solaris 2.4.
5541 - Fixed copy-by-ref bug for request->headers in
5542 clientRedirectDone() (Michael O'Reilly).
812db943 5543 - Workaround for Solaris pthreads closing FD 0 upon fork()
5544 (Michael O'Reilly).
05fd71a7 5545 - Fixed shutdown bug with outgoing UDP sockets; we need to
5546 disable their read handlers.
5547 - For comm_poll(), use the fast 50 msec timeout only when
5548 USE_ASYNC_IO is defined.
1fbc6de3 5549 - Fixed pointer bug when freeing AS# ACL entries.
5550 - Fixed forgetting to reset Config.npeers to zero in free_peer().
0f6bdbfa 5551 - Fixed ICP bug causing excessive TIMEOUTs with sibling
5552 neighbors. We must call the ICP reply callback even for
5553 sibling misses.
5554 - Fixed some dnsserver-related reconfigure bugs. Need to
5555 use cbdataLock, etc in fqdncache.c. Also don't want to
5556 use ipcacheQueueDrain() and fqdncacheQueueDrain().
5557 - Fixed persistent connection bug. We were incorrectly
5558 deciding that non-200 replies without content-length
5559 would not have a reply body.
5560 - Fixed intAverage() precedence bug.
5561 - Fixed memmove() 'len' arg bug.
5562 - Changed algorithm for determining alive/dead state of peers.
5563 Instead of using a fixed number of unacknowledged ICP
5564 replies, it is now based on timeouts. If there are no ICP
5565 replies received from a peer within 'dead_peer_timeout'
5566 seconds, then we call it dead.
5567 - Added calls to getCurrentTime() in
5568 comm_{select,poll}_incoming() when ALARM_UPDATES_TIME is not
5569 being used.
5570 - Fixed shutdown bug when the incoming and outgoing ICP socket
5571 is the same file descriptor.
e970f357 5572 - Added buffered writes for storeWriteCleanLogs() (Stewart
5573 Forster).
5574 - Patches for Qnx4 (Jean-Claude MICHOT).
5575 - Fixed returning void functions which seems to be a GCC-ism.
e5f4e1b0 5576 - New configure script options (Henrik Nordstrom):
5577 --enable-new-storekey=[sha|md5(|url)] (was --enable-hashkey)
5578 --enable-acltree
5579 --enable-icmp
5580 --enable-delay-hack
5581 --enable-useragent-log
5582 --enable-kill-parent (this should be named -hack)
5583 --enable-snmp
5584 --enable-time-hack
5585 --enable-cachemgr-hostname[=hostname] (new)
5586 --enable-arp-acl (new)
5587 - Added Doug Lea malloc-2.6.4 to the distribution, so that
5588 people easily can try a decent malloc package if they syspect
5589 their malloc is broken. --enable-dlmalloc (Henrik Nordstrom).
5590 - Made XMALLOC_DEBUG_COUNT working again. Requires a small stub
5591 function (Henrik Nordstrom).
5592 - Removed top-level Makefile. People must now run 'configure'
5593 before 'make'.
714ace98 5594 - Fixed checkFailureRatio() implementation.
82b3c7d9 5595 - Made 'squid -z' behave like the 1.1 version.
e5f4e1b0 5596
fd82d0b0 5597
ab9a3f7e 5598Changes to squid-1.2.beta10 (Jan 1, 1998):
5599
5600 - Fixed content-length bugs for 204 replies, 304 replies,
5601 and HEAD requests (Henrik Nordstrom).
5602 - Fixed errorAppendEntry() bug in gopherReadReply().
5603 - Basic support for FTP URL typecodes (;type=X).
9c965c1b 5604 - Support for access controls based on ethernet MAC addresses
ab9a3f7e 5605 (Dale).
5606 - Initial URN support; see
5607 http://squid.nlanr.net/Squid/urn-support.html
5608 - Fixed client-side persistent connections for objects with
5609 bad content lengths (Henrik Nordstrom).
5610 - Fixed bad call to storeDirUpdateSwapSize() for objects which
5611 never reach SWAPOUT_DONE state.
68e3a9df 5612 - Fixed up poll() #defines in squid.h (Stewart Forster).
5613 - Changed poll() timeout from 1000 msec to 50 msec for
5614 better performance under low load (Stewart Forster).
e7a1fde6 5615 - Changed storeWriteCleanLogs() to write objects in the LRU
5616 list order instead of the random hash table order.
109ff6af 5617 - Fixed FTP bug when data socket connections fail or timeout.
5618 - Reuse FTP data connection when possible (Henrik Nordstrom).
5619 - Added configure options (Henrik Nordstrom)
5620 --enable-store-key=sha|md5
5621 --enable-xmalloc-statistics
5622 --enable-xmalloc-debug
78743365 5623 --enable-xmalloc-debug-count
5624 --async-io
109203bf 5625 - Fixed confusing with the use/meaning of ERR_CANNOT_FORWARD
5626 by creating ERR_FORWARDING_DENIED and changing the
5627 content of the ERR_CANNOT_FORWARD text.
4e9c07c1 5628 - Fixed pipeline request bug from using strdup() (Henrik
5629 Nordstrom).
5630 - Call clientReadRequest() directly instead of commSetSelect()
5631 for pipelined requests (Henrik Nordstrom).
1b02b5be 5632 - Fixed 4k page leak in icpHandleIMSReply();
5633 - Renamed 'icp*' functions to 'client*' names in client_side.c.
e7a1fde6 5634
b90a0f8d 5635Changes to squid-1.2.beta8 (Dec 2, 1997):
5636
eae03fc8 5637 - Fixed accessLogLog() to log ident from Proxy-Authorization
5638 request header (BoB Miorelli).
226f9ba2 5639 - Fixed #includes, prototypes, etc. in SNMP source files.
5640 - Moved 'POLLRDNORM' and 'POLLWRNORM' macro checks from
5641 include/config.h.in to src/squid.h
5642 - Moved 'num32' typedefs from src/typedefs.h to
5643 include/config.h.in.
5644 - Moved snmplib/md5.c to lib/md5.c.
5645 - Added MD5 cache key support.
5646 - Removed xmalloc() return check in uudeocde.c
5647 - Added 'ifdef' support to cf_gen.c for optional code (e.g. SNMP)
5648 - Changed 'client' program to provide easier cache manager access,
3ff01c3e 5649 e.g.: 'client mgr:info'
226f9ba2 5650 - Fixed 'client' to send 'Connection' instead of 'Proxy-Connection'
5651 for simulated keep-alive requests.
5652 - Removed 'fd' arg from clientProcess* functions.
9e3468d5 5653 - Fixed bugs from using errorSend() on persistent/pipelined
226f9ba2 5654 client connections. A latter request should not be allowed to
5655 write to the client fd until the current request completes.
5656 Now use errorAppendEntry() for such situations.
5657 - Fixed content-length bugs. We were using content-length == 0
5658 to also indicate a lack of content-length reply header. But
5659 'content-length: 0' might appear in a reply, so now use -1 to
5660 indicate that no content length given.
5661 - Split up clientProcessRequest() into smaller chunks so it
5662 might be easier to follow.
5663 - renamed various client_side.c functions to start with 'client'
5664 instead of 'icp'.
5665 - Fixed a 'cbdata leak' from the comm.c close handlers.
5666 - Fixed a 'cbdata leak' from the comm.c connect routines.
5667 - Fixed comm_select() and comm_poll() to stop looping on the
5668 incoming HTTP/ICP sockets. If there are fewer than 7 FD's
5669 ready for I/O, the incoming sockets might not get service, so
5670 comm_select() would be called for up to 7 times until the
5671 'incoming_counter' was incremented enough to trigger a call
5672 to comm_select_incoming(). Now we make sure
5673 comm_select_incoming() gets called if select returns less
5674 than 7 ready FD's.
9e3468d5 5675 - Added errorpage '%B' token to generate FTP URLs with a '%2f'
5676 inserted at the start of the url-path. calls ftpUrlWith2f().
5677 (Henrik Nordstrom).
226f9ba2 5678 - Changed fqdncache.c to use LRU double-linked list instead of qsort()
5679 for replacement and cachemgr output.
5680 - Changed ipcache.c to use LRU double-linked list instead of qsort()
5681 - Changed hash_insert() and hash_join() to return void.
5682 for replacement and cachemgr output.
5683 - Moved StoreEntry->method member to MemObject->method.
5684 - Made StoreEntry->flags 16 bits.
5685 - Made StoreEntry->refcount 16 bits.
5686 - Changed URL-based public cache key to always include the request
5687 method.
eae03fc8 5688
95bc9f0b 5689Changes to squid-1.2.beta7 (Nov 24, 1997):
5690
6a11653c 5691 - Fixed poll() for Linux (David Luyer).
5692 - SHA optimizations (David Luyer).
5693 - Fixed errno clashes with macro on Linux (David Luyer).
5694 - Fixed storeDirCloseSwapLogs(); logs might not be open.
5695 - Fixed storeClientCopy2() bug. Detect when there is
5696 no more data to send for objects in STORE_OK state.
19ee64b1 5697 - Fixed FTP truncation bug when ftpState->size == 0, e.g.
5698 especially directory listings.
95bc9f0b 5699 - Mega FTP fix from Henrik Nordstrom. A better job of
5700 implementing the '%2f' hack.
5701 - Fixed some pipelined request bugs. storeClientCopy() was
5702 being given the wrong StoreEntry, and we had a race condition
5703 which is now handled by storeClientCopyPending().
99077fe6 5704 - Added initial SNMP support.
6a11653c 5705
2c9b45c9 5706Changes to squid-1.2.beta6 (Nov 13, 1997):
5707
1b5516d3 5708 - Fixed Authorized responses getting swapped out when they
5709 don't have Proxy-Revalidate reply header.
5710 - Fixed Proxy Authentication support. We never sent back
5711 a 407 reply, and were incorrectly incrementing the passwd
5712 before comparing it.
5713 - Fixed stat()ing pathnames for default values before parsing
5714 config file (Ron Gomes).
5715 - Fixed logging request and response headers on separate lines
5716 (Ron Gomes).
5717 - Fixed FTP Authentication message (Henrik Nordstrom).
5718 - Changed Proxy Authentication to trigger a reread of the passwd
5719 file if a password check fails (Henrik Nordstrom).
5720 - Changed FTP to retry the first CWD with a leading slash if it
5721 fails without one.
5722
8c17a569 5723Changes to squid-1.2.beta5 (Nov 6, 1997):
5724
90045285 5725 - Track the 'keep-alive ratio' for a peer as the ratio of
5726 the number of replies including 'Proxy-Connection: Keep-Alive'
5727 compared to the number of requests sent. If the peer does
5728 not support Persistent connections then this ratio will tend
5729 toward zero. If the ratio is less than 50% after 10 requests
5730 then we'll stop sending Keep-Alive.
8c3994aa 5731 - Proper support for %nn escapes in FTP, and numerous
5732 other fixes (Henrik Nordstrom).
5733 - Support for Secure Hash Algorithm and framework for other
5734 hash functions as cache keys.
5735 - Fixed SSL snprintf() bug which broke SSL proxying.
5736 - Fixed store_dir swap log bug from reconfigure (SIGHUP).
8c17a569 5737 - Fixed LRU Reference Age bug. The arg to pow() must be
8031bd43 5738 minutes, not seconds.
90045285 5739
9ddfb255 5740Changes to squid-1.2.beta4 (Oct 30, 1997):
5741
a493f974 5742 - Fixed DST bug in rfc1123.c
5743 - Changed default http_accel_port to 80.
5744 - added errorCon() as a ErrorState constructor function
5745 (Max Okumoto).
5746 - Added ERR_FTP_FAILURE message for ftpFail().
5747 - For FTP, the timeout callback must be moved to the 'data'
5748 descriptor when data transfer begins. Otherwise we are
5749 likely to get a timeout on the control descriptor.
5750 - Fixed double-free bug in httpRequestFree().
5751 - Fixed store_swap_size counting bug in storeSwapOutHandle().
5752
409a6aad 5753Changes to squid-1.2.beta3 (Oct 29, 1997):
5754
5755 - Initialize _res.options to RES_DEFAULT in dnsserver.c.
5756 - Fix assertions which assumed 4-byte pointers.
5757 - Fix missing % in fqdncache.c snprintf().
5758
5a2d610b 5759Changes to squid-1.2.beta2 (Oct 28, 1997):
5760
8c3994aa 5761 - Fixed aiops.c and async_io.c so that they actually compile
f5b8bbc4 5762 with USE_ASYNC_IO (Arjan de Vet).
5763 - Fixed errState->errno causing problems with some macros
5764 (Michael O'Reilly).
d287f51e 5765 - Fixed memory leaks in pconn.c (Max Okumoto).
0866009b 5766 - Enhanced 'client' program with 'ping' behaviour (Ron Gomes).
272547b5 5767 - Fixed InvokeHandlers() from calling memCopy() for ALL
5768 store_client's with callbacks. A store_client might be reading
5769 from disk.
5a2d610b 5770 - Rewrote storeMaintainSwapSpace(). No longer will we scan one
272547b5 5771 bucket at a time. Instead we'll maintain a single LRU
5772 list. When an object is 'touched' we move it to the
5773 top of this list. When we need disk space, we delete
5774 from the bottom.
5a2d610b 5775 - Removed storeGetSwapSpace().
f5b8bbc4 5776
871f0b8a 5777Changes to squid-1.2.beta1 ():
5778
5779 - Reworked storage manager to not keep objects in memory during
5780 transit. In other words, no separate NOVM distribution.
5781 - Lots of cleanup and debugging for beta release.
5782 - Use snprintf() everywhere instead of sprintf().
5783 - The 'in_memory' hash table has been replaced with a
5784 doubly-linked list. New objects are added to the head of
5785 the list. When memory space is needed, old objects are
5786 purged from the tail of the list.
5787
0edfe7a2 5788Changes to squid-1.2.alpha7 ():
5789
c4958532 5790 - fixes fixes fixes.
5791 - Made Arjan's PROXY_AUTH ACL patch standard.
0edfe7a2 5792
8905b90c 5793Changes to squid-1.2.alpha6 ():
5794
6684fec0 5795 - Simpler cacheobj implementation.
6605655c 5796 - persistent connection histogram
8872e1f8 5797 - SERVER-SIDE PERSISTENT CONNECTIONS:
6474667e 5798 - Added pconn.c
5799 - Addec Cofig.Timeout.pconn; default 120 seconds
5800 - Added httpState->flags
5801 - Added flags arg to httpBuildRequestHeader()
5802 - Added HTTP_PROXYING and HTTP_KEEPALIVE flags
5803 - Added 'Connection' to allowed HTTP headers (http-anon.c)
8872e1f8 5804 - Added 'Proxy-Connection' to allowed HTTP headers
5805 (http-anon.c)
a7736231 5806 - Merged proxyhttpStart() with httpStart() and created
8872e1f8 5807 new httpBuildState().
5808 - New httpPconnTransferDone() detects end-of-data on
5809 persistent connections.
6684fec0 5810
88738790 5811Changes to squid-1.2.alpha5 ():
5812
5813 - New configuration system. Everything is generated from
5814 'cf.data.pre', including the main parser, setting defaults,
5815 outputting current values, and freeing memory.
5816 This also involved moving some of the local data structures
5817 (e.g. struct _acl *AclList in acl.c) to the Config
5818 structure. (Max Okumoto)
5819 - No more '/i' for regular expressions. Now insert a '-i'
5820 to switch to case-insensitive. Use '+i' for case-sensitive.
5821 - When you have a variable named the same as its type, sizeof()
5822 gets the wrong one (fde).
5823 - Need to flush unbuffered logs before fork().
5824 - Added two fields swap log: refcount and e->flag.
5825 - Removed all the .h files for each .c file. Now #include stuff
5826 is in either: defines.h, enums.h, typedefs.h, structs.h,
5827 or protos.h, globals.h. This greatly reduces dependencies
5828 between the various source files.
5829 - globals.c is generated from globals.h by a Perl script.
8ee3ca2c 5830 - Started customizable error texts.
88738790 5831
97f674c8 5832Changes to squid-1.2.alpha4 ():
5833
ec973719 5834 - New MIME configuration, regular expression based
5835 - Added request_timeout config option
5836 - Multiple HTTP sockets (Lincoln Dale).
5837 - Moved 'fds_are_n_free' check to httpAccept().
5838 - s/USE_POLL/HAVE_POLL/; make poll() default if available.
7e49f700 5839 - Changed storeRegister to use offsets and make immediate
5840 callbacks if appropriate.
5841 - Removed icpDetectClientClose(). Some of that functionality
5842 goes into clientReadRequest() and the rest into
5843 httpRequestFree().
b1b387d1 5844 - Moved IP lookups to commConnect stuff.
5845 - Added support for retrying connect().
858164fc 5846 - New inline debug() macro (David Luyer).
e174e0fe 5847 - Replace frequent gettimeofday() calls with alarm(3) based
5848 clock. Need to add more gettimeofday() calls to get back
a59968c7 5849 high-resolution timestamp logging (Andres Kroonmaa).
0153d498 5850 - Added support for Cache-control: proxy-revalidate;
5851 based on squid-1.1 patch from Mike Mitchell.
ec973719 5852
3b08d32d 5853Changes to squid-1.2.alpha3 ():
5854
5855 - Implemented persistent connections between clients and squid.
5856 - Moved various FD tables (comm.c, fdstat.c, disk.c) to a single
5857 table in fd.c.
5858 - Removed use of FD as an identifier in certain callback
5859 operations (ipcache, fqdncache).
5860 - General code cleanup.
5861 - Fixed typedefs for callback functions.
5862 - Removed FD lifetime/timeout dichotomy. Now we only have
5863 timeouts, however the lifetime concept/keyword may still
5864 linger in certain places.
5865 - Change Makefile 'realclean' target to 'distclean'
5866 - Changed config file parsing of time specifications to use
5867 parseTimeLine().
5868 - Removed storetoString.c
5869
5870Changes to squid-1.2.alpha2 ():
74cebec0 5871
5872 - Merged squid-1.1.9, squid-1.1.10 changes
5873
7b41ec97 5874Changes to squid-1.2.alpha1 ():
5875
5876 - Unified peer selection algorithm.
75e88d56 5877 - aiops.c and aiops.h are a threaded implementation of
5878 asynchronous file operations (Stewart Forster).
5879 - async_io.c and async_io.h are complete rewrites of the old
5880 versions (Stewart Forster).
6ad85e8a 5881 - Rewrote all disk file operations of squid to support
75e88d56 5882 the idea of callbacks except where not required (Stewart
5883 Forster).
75e88d56 5884 - Background validation of 'tainted' swap log entries (Stewart
5885 Forster).
5886 - Modified storeWriteCleanLog to create the log file using the
5887 open/write rather than fopen/printf (Stewart Forster).
5888 - Added the EINTR error response to handle badly interrupted
5889 system calls (Stewart Forster).
6ad85e8a 5890 - UDP_HIT_OBJ not supported, removed.
5891 - Different sized 'cache_dirs' supported.
75e88d56 5892
e924600d 5893==============================================================================
Mirror of https://github.com/squid-cache/squid.git