Prep for 3.1.19

[thirdparty/squid.git] / ChangeLog

Changes to squid-3.1.19 (06 Feb 2011):

        - Regression Bug 3441: part 2: Prevent further cache size corruption of swap.state
        - Bug 3473: erase last uses of obsolete auth_user_hash_pointer
        - Bug 3470: GCC 4.7
        - Bug 3442: assertion failed: external_acl.cc:908: ch->auth_user_request != NULL
        - Bug 3441: part 1: Minimize cache size corruption by malformed swap.state
        - Bug 3440: compile error in Adaptation
        - Bug 3420: Request body consumption races and !theConsumer exception
        - Bug 3370: external ACL sometimes skipping
        - Bug 3085: Crash when parsing esi:include
        - HTTP/1.1: do not add 110 and 111 Warnings to revalidated responses
        - Fix SSL library dependency fixes

Changes to squid-3.1.18 (03 Dec 2011):

        - Regression: compile error in FTP

Changes to squid-3.1.17 (03 Dec 2011):

        - Bug 3432: Crash logging FTP errors
        - Bug 3428: Active FTP data channel accepted twice
        - Bug 3423: access violation in URL parser
        - Bug 3422: Buffer overflow in recv-announce
        - Bug 3412: External ACL Uses Invalid Cache Entry
        - Bug 3408: Wrong header length leads to EFAULTs when creating UFS swap.log.new
        - Bug 3398: persistent server connection closed after PUT/DELETE
        - Bug 3299: dnsserver: various undefined references
        - Bug 3077: '\' in url query strings cause Digest authentication to fail
        - Bug 2910: MemBuf may grow beyond max_capacity
        - Bug 2619: Excessive RAM growth due to unlimited adapted body data consumption
        - Bug 1243: Build overrides configured AR setting
        - Avoid crashes when processing bad X509 common names (CN).
        - Support %% in external ACL format
        - ... and several other compile error fixes
        - ... and several documentation fixes

Changes to squid-3.1.16 (14 Oct 2011):

        - Bug 3373: invalid URL in ERR_CACHE_ACCESS_DENIED
        - Bug 3368: Unhandled exceptions are not logged (workaround)
        - Bug 3326: miss_access incorrect default
        - Bug 3320: miss_access description confusing
        - Bug 3241: squid_kerb_auth cross compilation fix
        - Bug 3237: seq fault in free() from rfc1035RRDestroy
        - Bug 3190: Large HTTP POST stuck after early ICAP 400 error response 
        - db_auth: display available DSN drivers on connect error
        - Updated OpenSSL 1.0.0 version checks
        - ... and several documentation fixes

Changes to squid-3.1.15 (28 Aug 2011):

        - Regression fix: vhost and defaultsite causing vport to be ignored
        - Regression Bug 3295: broken escaping in rfc1738_do_escape
        - Bug #3232: fails to compile with OpenSSL v1.0.0
        - Bug #3222: cache_peer name is not logging on CONNECT
        - Bug #3131: fd_table[fd].closing() assert from ConnStateData::noteMoreBodySpaceAvailable()
        - Bug #3217: "!fd_table[fd].closing()" from ServerStateData::noteMoreBodySpaceAvailable
        - Bug #3213: https sites (CONNECT) not open when using NTLM
        - Bug #3114: Memory leak in SSL certificate verify code
        - Bug #3107: ncsa_auth DES silently truncates passwords to 8 bytes
        - Bug #2662: cf_gen failure when cross compiling
        - Bug #2655: passing wrong the username to the url_rewrite_program
        - Bug #2495: ignore whitespace prefix on config lines
        - Bug #2051: 'default' cache_peer option does not match documentation
        - Bug #1842: Optimize order of tests in peerWouldBePinged() and peerHTTPOkay()
        - Bug #1791: timestampsSet does not validate Date: if server sends very old date
        - Correct parsing of large Gopher indexes
        - Enable negative cacheing on unknown or -1 expiry timestamp
        - Remove hierarchy_stoplist default value
        - Migrate cf_gen tool from C-style to C++
        - ... and several documentation and compiler warning fixes

Changes to squid-3.1.14 (04 Jul 2011):

        - Regression Bug 3261: Could not create a DNS socket and exit

Changes to squid-3.1.13 (01 Jul 2011):

        - Regression Bug 3239: problems with myip/myport upgrade
        - Bug 3153: hung ICAP RESPMOD transactions
        - Update ssl_crtd to use 'OK' status inline with other helpers

Changes to squid-3.1.12.3 (18 Jun 2011):

        - Bug 3236: Port of %oa, %<lp and %<lp and %<la log format options
        - Bug 3214: unexpected read from ssl_crtd
        - Bug 3153: Prevent ICAP RESPMOD transactions getting stuck with the adapted body
        - Fix RADIUS helper resource leak
        - Fix segfault parsing digest auth realm
        - Fix segfault in parse_eol()
        - Fixed bypass of SSL certificate validation errors
        - Warn about myip/myport problems on interception proxies
        - Polish: display easily grepped config lines on -k parse
        - Fix squidclient -V option and allow non-HTTP protocols to be tested

Changes to squid-3.1.12.2 (30 May 2011):

        - Bug 3226: Tags from external ACLs do not correctly expire
        - Bug 3215: Malformed IPv6 DNS reverse lookup
        - Bug 3209: ssl-bumped requests forwarded unencrypted to the parent proxies/caches
        - Bug 3205: SSL-bump starts then hangs
        - Bug 3178: gcc-4.6 complains unused variables
        - Bug 3122: Unknown record type in WCCPv2 Packet (6)
        - Bug 2965 (partial): Compile errors on MinGW
        - Fix to only ssl-bump CONNECT requests if they are about to be tunneled
        - Fix cache manager display of -i/+i in regex ACL config display
        - Fix cache manager display of cache_peer options userhash and sourcehash 
        - Fix URL re-writer loosing many transaction details
        - Fix always-true comparison in ICAP for some 32-bit platforms
        - Support for 'slow' group ACLs in ssl_bump access control
        - Support OpenSSL 1.0.0 built without SSLv2
        - Support GCC 4.6 and binutils-gold
        - Add CSS id attribute to BODY tag of generated error pages.
        - Display WARNING and ERROR when max_filedescriptors has failed

Changes to squid-3.1.12.1 (19 Apr 2011):

        - Port from 3.2: Dynamic SSL Certificate generation
        - Bug 3194: selinux may prevent ntlm_smb_lm_auth from using /tmp
        - Bug 3185: 3.1.11 fails to compile on OpenBSD 4.8 and 4.9
        - Bug 3183: Invalid URL accepted with url host part of only '@'
        - Display ERROR in cache.log for invalid configured paths
        - Cache Manager: send User-Agent header from cachemgr.cgi
        - ... and many portability compile fixes for non-GCC systems.

Changes to squid-3.1.12 (04 Apr 2011):

        - Regression fix: Use bigger buffer for server reads.
        - Regression fix: Add reply_header_replace directive for ability lost since 2.7
        - Bug 3181: /dev/poll fails to build on Solaris with GCC 4.5.0
        - Bug 3177: assertion failed: comm.cc:1583: "fd >= 0"
        - Bug 3175: IPv6 PTR lookup crashes on raw-IP URLs when IPv6 disabled
        - Bug 3173: Assertion bodyPipe!=NULL on SslBump CONNECT response writing failure
        - Bug 3164: Total memory info display 32-bit overflows
        - Bug 3155: Werror is hard-coded in libTrie build
        - Bug 3151: squid_kerb_auth: use autoconf LIBS instead of FLAGS for library linkage
        - Bug 2976: invalid URL on intercepted requests during reconfigure
        - Bug 2720: comment in same line as cache/mem_replacement_policy causes error
        - Bug 2621: Provide request headers to RESPMOD when using cache_peer.
        - Bug 2330: AuthUser objects are never unlocked
        - Prevent CONNECT request relaying to origin servers
        - squidclient HTTP/1.1 compliance updates (Pragma and User-Agent headers)
        - squidclient: send Cache Manager password using -w
        - eCAP: give full Request-URI to adapters
        - ... and several debug and error display cleanups

Changes to squid-3.1.11 (08 Feb 2011):

        - Bug 3149: not caching eCAP adapted body
        - Bug 3144: redirector program blocks while reading STDIN
        - Bug 3140: memory leak in error page generation
        - Bug 3137: RADIUS auth helper does not send identifier to RADIUS server
        - Bug 3115: logging segfaults if access_log is set to a directory
        - Bug 2968: Show the Vary: headers information in cachemgr objects report
        - Bug 2959: remove SAMBAPREFIX dependency
        - Bug 2868: icc doesn't like string literal in assert checks
        - HTTP/1.1: Send 307 status on deny_info redirection
        - HTTP/1.1: Support POST/PUT with no body
        - HTTP/1.1: Allow persistent connections for Mozilla/3.0 User-Agents
        - Support RFC 5861 Cache-Control: stale-if-error option
        - Add ftp_eprt directive to disable EPRT extensions in FTP
        - Fix external_acl_type grace=0 to obey TTL
        - Fix IP/FQDN cache accounting to avoid idle caches on busy servers
        - Prevent pipeline_prefetch misconfigurations breaking NTLM/Negotiate auth
        - ... and some documentation updates and corrections
        - ... and some portability and stability fixes

Changes to squid-3.1.10 (22 Dec 2010):

        - Bug 3121: memory leak in DigestAuth: AuthUser object is locked twice
        - Bug 3113: Consuming too much memory when uploading files
        - Bug 3110: 'reply_body_max_size none' does not work with x-forwarded-for
        - Bug 3096: Consuming too much memory when delaying traffic
        - Bug 3091: Bypassed ICAP errors are not counted as service failures
        - Bug 3090: Polish FTP login error handing
        - Bug 3068: cache_dir capacity and usage overflows
        - Bug 3028: Permit wbinfo_group.pl to authenticate Kerberos users with NT domain
        - Bug  427: HTTP Compliance: Support If-Match and If-None-Match requests
        - Fix memory leak in adaptation_access
        - Fix /dev/poll and poll() selection priority
        - Fix PREFIX/var/run creation during install
        - Fix cachemgr http_port config report display
        - Add upgrade help process for obsolete options
        - Accept RFC 2965 Set-Cookie2 / Cookie2 headers as 'known'
        - HTTP/1.1: entry is stale if request has max-age=0
        - HTTP/1.1: do not forward TRACE with Max-Forwards: 0 after REQMOD
        - Toolchain update to support newer auto-tools
        - ... and updated error page translations
        - ... and updated documentation
        - ... and some code optimization/simplification polish

Changes to squid-3.1.9 (25 Oct 2010):

        - Bug 3088: dnsserver is segfaulting
        - Bug 3084: IPv6 without Host: header in request causes connection to hang
        - Bug 3082: Typo in error message
        - Bug 3073: tunnelStateFree memory leak of host member
        - Bug 3058: errorSend and ICY leak MemBuf object
        - Bug 3057: 64-bit Solaris 9 Squid unable to determine peer IP and port
        - Bug 3056: comm.cc "!fd_table[fd].closing()" assertion crash when a helper dies
        - Bug 3053: cache version 1 LFS support detection broken
        - Bug 3051: integer display overflow
        - Bug 3040: Lower-case domain entries from hosts and resolv.conf files
        - Bug 3036: adaptation_access acls cannot see myportname
        - Bug 3023: url_rewrite_program silently fails to rewrite on broken URLs
        - Bug 2964: Prevent memory leaks when ICAP transactions fail
        - Bug 2808: getRoundRobinParent not handling weights correctly
        - Bug 2793: memory statistics sometimes display wrong
        - Bug 2356: Port from 2.7: Solaris /dev/poll event ports support
        - Bug 2311: crashes with ICAP RESPMOD for HTTP body size greater than 100kb
        - Ensure /var/cache or jail equivalent exists on install
        - HTTP/1.1: delete Warnings that have warning-date different from Date
        - HTTP/1.1: do not remove ETag header from partial responses
        - HTTP/1.1: make date parser stricter to better handle malformed Expires
        - HTTP/1.1: improve age calculation
        - HTTP/1.1: reply with a 504 error if required validation fails
        - HTTP/1.1: add appropriate Warnings if serving a stale hit
        - HTTP/1.1: support requests with Cache-Control: min-fresh
        - HTTP/1.1: do not cache replies to requests with Cache-Control: no-store
        - squidclient: Display IP(s) connected to in verbose (-v) display
        - Fixes several issues with ICAP persistent connections
        - Fixes small leaks in Netdb, DNS, ICAP, ICY, HTTPS
        - ... and some cosmetic polishing

Changes to squid-3.1.8 (04 Sep 2010):

        - Bug 3033: incorrect information regarding TOS
        - Bug 3020: Segmentation fault: nameservers[vc->ns].vc = NULL
        - Bug 3005,2972: Locate LTDL headers correctly (again)
        - Bug 2872: leaking file descriptors
        - Bug 2583: pure virtual method called
        - Hardened DNS client against packet queue attacks
        - Hardened HTTP request-line parser
        - Several HTTP/1.1 support improvements
        - Improved cross-compile support
        - .. and several internal pointer safety fixes

Changes to squid-3.1.7 (23 Aug 2010):

        - Regression Bug 3021: Large DNS reply causes crash
        - Regression Bug 3011: ICAP, HTTPS, cache_peer probe IPv4-only port fixes
        - Regression Bug 2997: visible_hostname directive no longer matches docs
        - Bug 3012: deprecate sslBump and support ssl-bump spelling in http_port
        - Bug 3006: handle IPV6_V6ONLY definition missing
        - Bug 3004: Solaris 9 SunStudio 12 build failure
        - Bug 3003: inconsistent concepts in documentation of cache_dir
        - Bug 3001: dnsserver link issues
        - HTTP/1.1: default keep-alive for 1.1 clients (bug 3016)
        - HTTP/1.1: Improved Range header field validation
        - HTTP/1.1: Forward multiple unknown Cache-Control directives
        - HTTP/1.1: Stop sending Proxy-Connection header
        - Fix 32-bit wrap in refresh_pattern min/max values
        - ... and several documentation corrections.

Changes to squid-3.1.6 (02 Aug 2010):

        - Bug 2994, 2995: IPv4-only regressions
        - Bug 2991: Wrong parameters to fcntl() in commSetCloseOnExec()
        - Bug 2975: chunked requests not supported after regular ones
        - Fix: 32-bit overflow in reported bytes received from next hop
        - Fix Libtool build regressions
        - Limited split-stack IPv6 support.
        - squid_db_auth support MD5 encrypted passwords

Changes to squid-3.1.5.1 (28 Jul 2010):

        - Update Libtool to 2.2.
        - Bug 2985: search scope for digest_ldap_auth didn't work
        - Bug 2972: LTDL 2.2.6b compile errors
        - Bug 2963: Stop ignoring --with-valgrind-debug failures
        - Bug 2885: AIX support: several fixes
        - Bug 2651: crash handling NULL write callback
        - Fixed several memory leaks related to Range requests
        - Fixed Joomla DB auth handling
        - Fixed SASL helper build checks
        - Fixed several IPv6 portability problems
        - Updated error page translations

Changes to squid-3.1.5 (02 Jul 2010):

        - Bug 2967: raw-IPv6 address URL with append_domain broken
        - Bug 2950: HTTP responses with no Date, L-M or Expires can now be cached
        - Bug 2943: ICAP tokens not logged when using multiple access
        - Bug 2937: Fails to detect chunked encoding if not given in all lower case
        - Bug 2903: does not send indirect X-Client-Ip in ICAP respmod
        - Fix free memory corruption and off-by-one error when comparing SNMP OIDs
        - Port from 2.7: max_filedescriptor config option
        - Fix persistent_connection_after_error is meant to be on by default
        - ... and several build errors.

Changes to squid-3.1.4 (30 May 2010):

        - Bug 2933: Verification of the max. port number for WCCP2 dynamic service
        - Bug 2924: RADIUS helper compile issues
        - Bug 2922: Fix assertion failed: HttpHeader.cc: "Headers[id].stat.aliveCount"
        - Bug 2919: tcp_outgoing_address ACLs not obeying acl_uses_indirect_client
        - Bug 2896: Fix assertion failed: comm.cc:2063: "!fd_table[fd].closing()"
        - Bug 2879: pt2: 3.0 regression in headers end finding
        - Bug 2877: pt2: only output zero-size warning on reverse-proxy requests
        - Bug 2876: FD_SETSIZE override not working on all linux distributions
        - Bug 2810: common log format generates 2 lines of syslog
        - Bug 2789: Optimize unlimited memory pools, and correctly handle limits over 2GB
        - Bug 2753: Fall back on IPv4 if IPv6 is not present
        - Bug 2697: Adaptation leaks and extra requests after reconfiguration
        - Bug 2633: Fix Ecap::HeaderRep::value(name) fails when there is no named header field
        - Change LDAP helpers to default to LDAP version 3 if available
        - Add Joomla and Salted Hash support to squid_db_auth helper
        - Fixed IpAddress port printing for ports higher than 9999
        - Disable chunked memory pooling by default.
        - ... and several build errors.

Changes to squid-3.1.3 (02 May 2010):

        - Remove: Advertise 1.1 on replies to clients (broken chunked handling)
        - Fix tag ACL type not working

Changes to squid-3.1.2 (01 May 2010):

        - Bug 2913: Fix DB auth warning in new perl version
        - Bug 2904: Prevent automake creating incomplete files
        - Bug 2899: Regression: Restore lost rfc1738_unescape() data type
        - Bug 2895: Regression: TPROXY2 compile errors
        - Bug 2879: Regression: headers end-finding
        - Bug 2874: Accept literal IPv6 address in icap_service URL
        - Bug 2860: Regression: WCCPv1 handshake
        - Bug 2848: Pass TCP_RST to client on early disconnect
        - Debian Bug 578047: Correct behaviour of --enable-ipv6
        - HTTP/1.1: Advertise 1.1 on requests to servers
        - HTTP/1.1: Advertise 1.1 on replies to clients
        - AIX / UNIX build fixes
        - Cygwin build fixes
        - squidclient: -k option to test connection keep-alive or close
        - Improved helper build for wider compatibility
        - Ensure the PID file directory exists on install

Changes to squid-3.1.1 (29 Mar 2010):

        - Bug 2873: undefined symbol
        - Bug 2827: assertion in authentication
        - Remove ufsdump binary from default builds
        - Remove pinger from default startups
        - ... and several documentation updates.

Changes to squid-3.1.0.18 (14 Mar 2010):

        - Regression Fix: IPv4-mapped prefix, broken in 3.1.0.16
        - Bug 2869: Remove unused external reference
        - Bug 2866: Support OpenSSL 1.0
        - Bug 2813: Random unix_group crash at startup
        - Send HTTP1.1 compliant 417 responses
        - Associate external acl message with the request
        - Various Digest parser fixes
        - ... and all bug fixes from 3.0 up to 3.0.STABLE25

Changes to squid-3.1.0.17 (24 Feb 2010):

        - Regression Fix: Non-English error page UTF encoding
        - Bug 2616: reduce IdleConnList::removeFD messages
        - Bug 1843: multicast-siblings cache_peer option
        - Port from 2.7: X509 certificate alias-domain handling
        - Add adapted_http_access option
        - NTLMv2 support for fake NTLM helper

Changes to squid-3.1.0.16 (01 Feb 2010):

        - Regression Fix: Make Squid abort on all config parse failures.
        - Regression Bug 2811: SNMP client/peer table OID numbering
        - Bug 2851: Connection pinning fails when using a peer
        - Bug 2850: Mismatch in hier_code enum / hier_strings array
        - Bug 2731: Add follow_x_forwarded_for support to ICAP
        - Bug 2730: Regressions in follow_x_forwarded_for since Squid-2
        - Bug 2706: Set timestamps during ICAP request satisfaction.
        - Bug 2553: X-Forwarded-For with IPv6 address not handled correctly
        - Fix: WCCPv1 not connecting to router correctly
        - Remove obsolete RunCache/RunAccel scripts.
        - Add client_ip_max_connections
        - Add the http::>ha format code and make http::>h log original request headers
        - ... and all bug fixes from 3.0 up to 3.0.STABLE22
        - ... and many more minor build and display annoyances.

Changes to squid-3.1.0.15 (23 Nov 2009):

        - Regression Fix: myip ACL not accepted in config
        - Bug 2795: acl arp lookups including port
        - Bug 2794: ESI parsing fails on FreeBSD
        - Bug 2778: fix linking issues using SunCC
        - Bug 2724: eCAP build failure unless ICAP enabled
        - Bug 2628: Correct default PID location to PREFIX/var/run/squid.pid
        - Bug 2617: Performance degradation during processing list of dstdomain ACL's
        - Bug 2374: Support ICY / ICEcast / SHOUTcast streaming protocol.
        - Fix: 64-bit filesize issue in squidclient POST of large files
        - Fix: send correct Connection: header on intercepted replies
        - Support libtool 2.x
        - ESI libraries libexpat and libxml2 now optional
        - ESI support default enabled
        - Bump libcap minimum requirement to libcap 2.09+
        - ARP / MAC support fixes for IPv6-mode
        - Add outstanding IPv6 settings to squid.conf (localnet, localhost)
        - ... and many additions to the background testing structure
        - ... and very many minor build and code cleanups for non-GCC compilers.

Changes to squid-3.1.0.14 (27 Sep 2009):

        - Bug 2777: Various build issues on OpenSolaris
        - Bug 2773: Segfault in RFC2069 Digest authentication
        - Bug 2747: Compile errors on Solaris 10
        - Bug 2735: Incomplete -fhuge-objects detection
        - Bug 2722: Fix http_port accel combined with CONNECT
        - Bug 2718: FTP sends EPSV2 on IPv4 connection
        - Bug 2648: stateful helpers stuck in reserved
        - Bug 2570: wccp2 "Here I Am" announcements not sent in memory-ony mode
        - Bug 2510: digest_ldap_auth uses incorrect logic with TLS
        - Bug 2483: bind() called before connect()
        - Bug 2215: config file line length limit (extended to 2 KB)
        - Support Accept-Language: * wildcard
        - Support autoconf 2.64
        - Support TPROXY for IPv6 traffic (requires kernel support)
        - Support TPROXY cache cluster behind WCCPv2
        - Correct ESI support to work in multi-mode Squid
        - Add 0.0.0.0 as an to_localhost address
        - DiskIO detection fixes and use optimal IO in default build.
        - Correct peer connect-fail-limit default of 10
        - Prevent squidclient sending two Accept: headers
        - ... all bug fixes from 3.0.STABLE19
        - ... and many more documentation fixes

Changes to squid-3.1.0.13 (04 Aug 2009):

        - Bug 2723 regression: enable PURGE requests if PURGE method ACL is present.
        - Fix one more internal profiler error
        - Language Updates: Italian, Russian
        - Language Updates: Add many more aliases
        - Add Copyright document for errors/ content
        - ... all bug fixes from 3.0.STABLE18
        - ... and several code polishing cleanups

Changes to squid-3.1.0.12 (27 Jul 2009):

        - Bug 2716: Chunked request Signed/Unsigned build error
        - Bug 2674: Remove limit on HTTP headers read.
        - Bug 2620: Invalid HTTP response codes causes segfault
        - Fix FTP EPSV negotiation parser.
        - Fix Via string when leak checking is enabled (valgrind etc)
        - ... and several documentation and testing additions

Changes to squid-3.1.0.11 (19 Jul 2009):

        - Bug 2087: Support adaptation sets and chains
        - Bug 2459: dns error message broken when error handling delayed
        - Support ICAP Retry
        - Support ICAP retries based on the ICAP responses status code
        - Support logging ICAP
        - Support logging total DNS wait time
        - Support logging response times of adaptation transactions
        - General logging enhancements
        - Dynamically form chains based on ICAP X-Next-Services header
        - Support cross-transactional ICAP header exchange
        - ... and much adaptation polish and improvements

Changes to squid-3.1.0.10 (18 Jul 2009):

        - Bug 2680: Regression Crash after rotate with no helpers running
        - Bug 2695: Regression in WCCPv2 L2 mask assignment
        - Bug 2707: Regression in FTP anonymous auth
        - Bug 422, 2706: RFC 2616 Date header requirements
        - Bug 1087: ESI processor not quoting attributes correctly.
        - Bug 1338: File prefetches aborted despite range_offset
        - Bug 2080: wbinfo_group.pl - false positive under certain conditions
        - Bug 2092: select loop 32-bit call counter overflows
        - Bug 2127: delay pools class 4 crashes with ntlm auth
        - Bug 2611: document fast/slow acl types
        - Bug 2614: Potential loss of adapted body data from eCAP adapters
        - Bug 2658: Missing TextException copy constructor
        - Bug 2659: String length overflows on append, leading to segfaults
        - Bug 2699: Build failure NTLM smb_lm helper
        - Bug 2709: TRANSLATIONS not installed
        - Bug 2710: squid_kerb_auth non-terminated string
        - Delay pools 64-bit buckets and IPv6-polish
        - Break forwarding loops for "transparent" or "intercept" http_ports.
        - Add --disable-translation option to detatch .po from error negotiation
        - Add squidclient man(1) page
        - Add localhost to default permitted networks
        - http_port allow-direct option to allow direct forwarding in accelerator mode
        - ... and many testing infrastructure updates

Changes to squid-3.1.0.9 (26 Jun 2009):

        - Bug 2682: Add ftp_epsv control to disable EPSV support.
        - Bug 2665: Detach automake system from using -I.
        - Bug 2395: FTP auth errors not displayed
        - ... also several changes and bugs closed in 3.0.STABLE16
        - Port from 2.7: Show local address on listening sockets
        - Add "tag" type acl matching tags set by external acl helpers.
        - Adds Language alias linker/installer/upgrade scripts
        - Support for GCC 4.4
        - Fix false NAT lookup errors on Linux
        - Fix many Windows port issues
        - Fix squid_kerb_auth helepr install location
        - Better detection of IPv6 stack types
        - Updates Licensing information for Squid 3.1
        - ... and many packaging portability build and install issues

Changes to squid-3.1.0.8 (24 May 2009):

        - Bug 2656: Pinger dies with general protection fault
        - Bug 2650: configure requires epoll_ctl in libepoll when --enable-epoll used
        - Bug 2648: Authentificator processes deferring and don't shutdown.
        - Bug 2645: allow squid to ignore must-revalidate
        - Bug 2644: auth scheme initialization is broken
        - Bug 2632: Make number of reforwarding tries configurable
        - Bug 2628: --with-pidfile=PATH option to override DEFAULT_PID_FILE
        - Bug 2627: HTCP Logging
        - Bug 2615: Call libecap::adapter::Service::start() when finalizing config.
        - Bug 2589: SNMP returning no data - wrong oid decoded
        - Bug 2571: Squid with IPv6 fails to start on kernel without IPv6
        - Bug 2559: Problem parsing /0 and /0.0.0.0
        - Bug 2404: WCCP in mask mode is broken
        - ... also all bugs closed by 3.0.STABLE14, 3.0.STABLE15, 3.0.STABLE16-RC1
        - Complete Interception multiple NAT support
        - Add Content-Disposition to the known headers list.
        - Make PEER_TCP_MAGIC_COUNT configurable
        - Fix pinger install location
        - Enable TPROXY v4 spoofing of CONNECT requests
        - ... and much documentation and code polishing

Changes to squid-3.1.0.7 (08 Apr 2009):

        - Fix: several issues with ident
        - Add several language translations
        - Upgrade code testing infrastructure
        - Migrate much code to build as internal libraries
        - Support gcc 4.4
        - Support doxygen 1.5.8
        - ... and much code polish to make things read easier

Changes to squid-3.1.0.6 (02 Mar 2009):

        - Regression Fix: Support HTTP/0.9 in accelerator mode
        - Regression bug 2608: Build broken by Linux basename() implementation.
        - Bug 2601: Hack. Convert IPv4 netmasks to CIDR in IPv6-enabled mode
        - Bug 2593: Compile errors on Solaris 10
        - Bug 2591: adaptation_access does not work
        - Bug 2588: coredump in rDNS lookup
        - Bug 2526: default ALLOW when no list specified.
        - Bug 2287: Send a 505 on requests with unsupported HTTP versions
        - Bug 419: Hop by Hop headers MUST NOT be forwarded
        - Fix external_acl_type handling of SSL certificate details
        - Obsolete: dependency on nss_common.h and nss.h
        - Support libtool2
        - ... and various documentation and code polish

Changes to squid-3.1.0.5 (03 Feb 2009):

        - Bug 2583: Fixed issue in content adaptation
        - Bug 2576: Make translate target obey --disable-auto-locale
        - Bug 2571: Add DNS failover to use IPv4-only listen when IPv6 fails.
        - Bug 2563: 99+% CPU Usage on FTP URL
        - Bug 2505, 2524, 2558: fixed several issues on connection handling
        - Fix several issues in request parsing
        - Fix memory leak from logformat parsing
        - Fix various ESI build errors
        - Make configure tests use C++ instead of C
        - Drop special localhost conversion RFC violation.
        - Add Language: Arabic
        - ... and various documentation and code polish

Changes to squid-3.1.0.4 (23 Jan 2009):

        - Regression Fix: Bug 2558: rollback bug 2395 fix.
        - Bug 2555: Fixes to SNMP-MIB
        - Bug 2550: assertion comm.cc:350 !fd_table[fd].closing()
        - Bug 2547,2548: OSX compile errors (duplicate symbols and IPv6)
        - Bug 2508: comm.cc:2035 assertion fd_table[fd].closing()
        - Bug 2330: allow keep-alive+chunked; don't add max-age for no-cache
        - Polish ZPH configuration interface
        - Several Language Conversions to new auto-negotiate
        - Port from 2.7: squidclient -V and -j options for HTTP/1.1 and 0.9 testing
        - Fix: Pconn not being used when they should.
        - Fix: Fix pinger immediate shutdowns
        - Fix: Untangle CacheManager reports from log_fqdn
        - ... and all bugs fixed for 3.0.STABLE12
        - ... and many code polish and optimization fixes.

Changes to squid-3.1.0.3 (5 Dec 2008):

        - Regression Fix: StoreIOBuffer patch removed.
        - Regression Fix: build issues with 3.1.0.2 bundle
        - Security Bug 2526: default ALLOW when no list specified
        - Bug 2525: encoding error on error pages
        - Bug 2424: slow file descriptor leak
        - Bug 2527: ICAP compile error on g++ 4.3.2
        - Bug 2523: bad assertion left in from debug
        - Bug 2395: FTP Auth errors and others not displayed
        - Update squid_kerb_auth to 1.0.5
          with better Squid integration.
        - Fix cache_peer forcedomainname= option
        - ... and many other minor fixes

Changes to squid-3.1.0.2 (9 Nov 2008):

        - Bug 2516: error page templates not properly installed
        - Bug 2500: Solaris build issues
        - Fixes FreeBSD build issues
        - Release Notes completed
        - Languages: new Russian, Japanese, Chinese, and general updates
        - ... and other minor fixes

Changes to squid-3.1.0.1 (27 Oct 2008):

        - Bundled ntlm_auth helper renamed (see Release Notes before changing anything)
        - peername ACL added for matching against a named peer destination
        - configure option --with-logdir= added to select log files location
        - squid_kerb_auth helper updated to 1.0.3 release
        - Bug #740: allow external acl's to use reply headers in format
        - Bug #2379: obsolete dns_testnames option
        - Code test infrastructure expanded to configuration testing
        - Policy changes to negative_ttl, cache deny QUERY, refresh_pattern
          to bring their defaults up to RFC 2616 requirements.
        - Large increase in RFC 2616 standard compliance (ongoing)
        - squid.conf cleanups for minimal config
        - Connection Pinning ported from 2.6 for NTLM passthru authentication
        - eCAP internal adaptation module support
        - Localization and CSS display control of error pages
        - Added semi-automatic documentation of source code
        - Added TE chunked encoding decoder to workaround broken HTTP/1.1 servers
        - HTCP improvements ported from 2.7 adding HTCP CLR requests
        - IPv6 (Internet Protocol version 6) support
        - ICMPv6 (Internet Control Message Protocol version 6) support
        - FTP agent now supports EPSV/EPRT commands
        - DNS internal resolver now supports AAAA and CNAME records
        - SNMP peer and client tables now support IPv6
        - SNMP peer table supports named peers with multiple entries per IP
        - SslBump: Squid-in-the-middle decryption and encryption of straight
          CONNECT and transparently redirected SSL traffic, using configurable
          client- and server-side certificates. While decrypted, the traffic
          can be inspected using ICAP.
        - TPROXY version 4.1 support
        - IPFW and Netfilter interception methods may now both be built in one binary.
        - ZPH Quality of Service patch now integrated
        - Null store now fully obsoleted and removed
        - Unknown request methods all supported
        - Follow_x_forwarder_for ported from 2.6
        - Bug #2223: Follow XFF extensions added
        - ... and many code and documentation cleanups

Changes to squid-3.0.STABLE26 (28 Aug 2011):

        - Regression: header_replace for reply headers
        - Bug 3183: Invalid URL accepted with url host part of only '@'.
        - Bug 3107: ncsa_auth DES silently truncates passwords to 8 bytes
        - Bug 3056: comm.cc "!fd_table[fd].closing()" assertion from helperServerFree
        - Bug 2991: Wrong parameters to fcntl() in commSetCloseOnExec()
        - Bug 2933: Verification of the max. port number for WCCP2 dynamic service
        - Bug 2922: Fix assertion failed: HttpHeader.cc: "Headers[id].stat.aliveCount"
        - Regression Bug 2899: Restore lost rfc1738_unescape() data type
        - Regression Bug 2879: headers end finding
        - Bug 2876: FD_SETSIZE override not working on all linux distributions
        - Check for NULL and empty strings before calling str*cmp().
        - Correct parsing of large Gopher indexes

Changes to squid-3.0.STABLE25 (14 Mar 2010):

        - Bug 2845: Rework the http digest auth parser
        - Bug 2787: unknown/unexpected status code messages
        - Bug 2507: squid_ldap_group: Strip Domain name separated by +
        - Bug 2367: stale=true on digest requests with unknown nonce
        - ... and several other minor corrections

Changes to squid-3.0.STABLE24 (13 Feb 2010):

        - Bug 2858: Segment violation in HTCP
        - Updated refresh pattern for dynamic pages

Changes to squid-3.0.STABLE23 (02 Feb 2010):

        - Bug 2856: removing assert() required for 3.0 patch for SQUID-2010:1
        - Regression Fix: Build error in Kerberos helper after library removal.

Changes to squid-3.0.STABLE22 (01 Feb 2010):

        - Regression Fix: Make Squid abort on all config parse failures.
        - Bug 2787: Reduce unexpected http status to non-critical warnings.
        - Bug 2496: Downloading some variants in full before relaying
        - Bug 2452: Add upper limit to external_acl_type entries.
        - Removed optional kerberos/spnegohelp/ library due to licensing issues
        - Add client_ip_max_connections
        - Handle DNS header-only packets as invalid.

Changes to squid-3.0.STABLE21 (22 Dec 2009):

        - Bug 2830: Clarify where NULL byte is in headers.
        - Bug 2778: Linking issues using SunCC
        - Bug 2395: FTP errors not displayed
        - Bug 2155: Assertion failures on malformed Content-Range response headers
        - Fix parsing and a few bugs in ACL time type
        - Fix RFC keep-alive compliance on intercepted replies
        - Improved security hardening on %nn parser
        - Replace several GCC-specific code snippets.

Changes to squid-3.0.STABLE20 (29 Oct 2009):

        - Bug 2794: ESI parsing on FreeBSD
        - Bug 2791: assertion failed: MemBuf.cc:400: new_cap > (size_t) capacity
        - Bug 2779: Support GNU/kFreeBSD
        - Bug 2773: Segfault in RFC2069 Digest authantication
        - Bug 2768: squid_ldap_group argument parsing error
        - Bug 2761: Gopher and double HTTP response header
        - Bug 2735: Incomplete -fhuge-objects detection
        - Bug 2722: prevent CONNECT via http_port with accel
        - Bug 2624: Invalid response for IMS request
        - Bug 2510: digest_ldap_auth TLS support
        - Correct LINUX_CAPABILITY actions on non-Linux

Changes to squid-3.0.STABLE19 (06 Sep 2009):

        - Bug 2745: Invalid Response error on small reads
        - Bug 2739: DNS resolver option ndots can't be parsed from resolv.conf
        - Bug 2734: some compile errors on Solaris
        - Bug 2648: stateful helpers stuck in reserved if client disconnects while helper busy
        - Bug 2541: Hang in 100% CPU loop while extacting header details using a delimiter other than comma
        - Bug 2362: Remove support for deferred state in stateful helpers
        - Add 0.0.0.0 as a to_localhost address
        - Docs: Improve chroot directive documentation slightly
        - Fixup libxml2 include magics, was failing when a configure cache was used
        - ... and some minor testing improvements.

Changes to squid-3.0.STABLE18 (04 Aug 2009):

        - Bug 2728: regression: assertion failed: !eof
        - Bug 2732: reply_body_max_size smaller than error page loops
                    infinitely until out of memory
        - Bug 2725: pconn failure if domain or client_address are unset
        - Bug 2648: reserved helpers not shut down after reconfigure/rotate
        - Bug 2462: make check should tell when cppunit is missing
        - Remove excess messages about headers < minimum size
        - Support Libtool 2.2.6

Changes to squid-3.0.STABLE17 (27 Jul 2009):

        - Bug 2680 regression: Crash after rotate with no helpers running
        - Bug 2710: squid_kerb_auth non-terminated string
        - Bug 2679: strsep and strtoll detection failure
        - Bug 2674: Remove limit on HTTP headers read.
        - Bug 2659: String length overflows on append, leading to segfaults
        - Bug 2620: Invalid HTTP response codes causes segfault
        - Bug 2080: wbinfo_group.pl - false positive under certain conditions
        - Bug 1087: ESI processor not quoting attributes correctly.
        - Fix: issue with AUFS/UFS/DiskD writing objects to disk cache
        - Several small build issues with previous release.

Changes to squid-3.0.STABLE16 (15 Jun 2009):

        - Bug 2672: cacheMemMaxSize 32-bit overflow during snmpwalk
        - Bug 2481: Don't set expires: now in generated error responses
        - Bug 2387: The calculation of the number of hash buckets correctly
        - Fix infinite loop in MSNT auth helper
        - Fix FD_SETSIZE on FreeBSD
        - Fix stripping NT domain in squid_ldap_group
        - Fix RADIUS auth helper build
        - Add Translate: and Unless-Modified-Since: headers to known list
        - Make fakeauth handle NTLMv2 better
        - Better Kerberos support detection
        - Several Widows port fixes

Changes to squid-3.0.STABLE16-RC1 (16 May 2009):

        - Bug 1148: Ported from 3.1: Chunked Transfer Encoding
        - Bug 2648: NTLM helpers not shutting down when deferred

Changes to squid-3.0.STABLE15 (06 May 2009):

        - Regression Bug 2635: Incorrect Max-Forwards header type
        - Bug 2652: 'Success' error on CONNECT requests
        - Bug 2625: IDENT receiving errors
        - Bug 2610: ipfilter support detection
        - Bug 2578: FTP download resume failure
        - Bug 2536: %H on HTTPS error pages
        - Bug 2491: assertion "age >= 0"
        - Bug 2276: too many NTLM helpers running
        - Endian system and compiler fixes provided by the NetBSD project
        - documentation fixes provided by the Debian project

Changes to squid-3.0.STABLE14 (11 Apr 2009):

        - Regression Fix: HTTP/0.9 in accelerator mode
        - Bug 1232: cache_dir parameter limited to only 63 entries
        - Bug 1868: support HTTP 207 status
        - Bug 2518: assertion failure on restart/reconfigure
        - Bug 2588: coredump in rDNS lookup
        - Bug 2595: Out of bounds memory write in squid_kerb_auth
        - Bug 2599: Idempotent start
        - Bug 2605: Prevent setsid() on helpers in daemon mode
        - Fix external_acl_type option parsing
        - Fix delay pools counters on FTP
        - Fix several issues with ident (some remain)
        - Fix performance issues with persistent connections
        - Fix performance issues with delay pools
        - Fix forwarding of OPTIONS requests
        - Add support for HTTP 1.1 Content-Disposition header
        - Add support for Windows 7, Windows Server 2008 R2 and later
        - ... and many small documentation updates

Changes to squid-3.0.STABLE13 (03 Feb 2009):

        - Fix several issues in request parsing
        - Fix memory leak from logformat parsing
        - Fix various ESI build errors
        - ... and some documentation updates

Changes to squid-3.0.STABLE12 (21 Jan 2009):

       - Bug 2533: Solaris (sparc) 64-bit build breaks with gcc/g++
       - Bug 2542: ICAP filters break download resume
       - Bug 2556: HTCP fails without icp_port
       - Bug 2564: logformat '%tl' field not working as advertised
       - Port from 3.1: TestBed basic build consistency checks
       - Policy: Change half_closed_clients default to off
       - Policy: Removed -V command line option, deprecated by 2.6
       - ... and several other minor code cleanups

Changes to squid-3.0.STABLE11 (24 Dec 2008):

       - Bug 2424: filedescriptors being left unnecessary opened
       - Bug 2545: fault passing ICAP filtered traffic to peers
       - Bug 2227: Sefgaults in MemBuf::reset during idnsSendQuery
       - ... and some minor admin and debug cleanups.

Changes to squid-3.0.STABLE11-RC1 (3 Dec 2008):

        - Removes patch causing cache of bad objects
        - Bug 2526: bad security default in ACLChecklist
        - Fixes regression: access.log request size tag
        - Fixes cache_peer forceddomainname=X option
        - ... and many minor documentation cleanups

Changes to squid-3.0.STABLE10 (14 Oct 2008):

        - Bug 2391: Regression: bad assert in forwarding
        - Bug 2447: Segfault on failed TCP DNS query
        - Bug 2393: DNS requests getting stuck in idns queue
        - Bug 2433: FTP PUT gives bad gateway
        - Bug 2465: Limited DragonflyBSD support
        - ... and other minor bugs and documentation

Changes to squid-3.0.STABLE9 (9 Sep 2008):

        - Policy Enforcement: COSS is unusable in 3.0
        - Port from 3.1: Language Pack compatibility
        - Port from 2.6: Windows Support Notes
        - Fix several minor regressions:
            HTCP stats reporting
            cachemgr delay pool config
            CARP build error
        - Bug 2340: uudecode dependency for icons removed
        - Bug 2352: no_check.pl ntlm challenge fix
        - Bug 2426: buffer increase for kerberos auth fields
        - Bug 2427: squid_ldap_group codes fix
        - Bug 2437: peer name now shown in access.log
        - Add sane display of unsupported method errors
        - ... and various other code cleanups

Changes to squid-3.0.STABLE8 (18 Jul 2008):

        - Port from 2.6: Support for cachemgr sub-actions
        - Port from 2.6: userhash peer selection method
        - Port from 2.6: sourcehash peer selection method
        - Bug 2376: round-robin balancing fixes
        - Bug 2388: acl documentation cleanup
        - Bug 2365: cachemgr.cgi HTML output encoding
        - Bug 2301: Regression: Log format size options
        - Bug 2396: Correct the opening of PF device file.
        - Bug 2400: ICAP accept mechanism
        - Bug 2411: Regression: fakeauth_auth crashes
        - Many fixes to the Windows support (not complete yet).
        - Boost error pages HTML standards.
        - Fixes several issues on 64-bit systems
        - Fixes several issues on older or stricter compilers
        - Linux-2.6.24/2.6.25 netfilter_ipv4.h __u32 workaround
        - Update Release Notes: 'all' ACL is built-in since 3.0.STABLE1

Changes to squid-3.0.STABLE7 (22 Jun 2008):

        - Fix several ASN issues
        - Fix SNMP reporting of counters
        - Fix round-robin algorithms
        - GCC 4.3 support
        - Netfilter v1.4.0 bug workaround
        - Bugs 2350 and 2323: memory issues
        - Bugs 2384, 951, 1566: ESI assertions
        - Various minor debug and documentation cleanups

Changes to squid-3.0.STABLE6 (20 May 2008):
 
        - Bug 2254: umask Feature from 2.6 added
        - cachemgr.cgi default config file added
        - Several authentication bug fixes
        - Improved Windows Support
        - better DNS lookup methods for unqualified hostames
        - better support for 64-bit environments
        - Bug 2332: Crash when tunnelling
        - Removed the advertisement clause from BSD licenses
          according to the GPLv2+ changes in BSD
        - ... and other bugs and minor cleanups

Changes to squid-3.0.STABLE5 (28 Apr 2008):

        - Support for resolv.conf 'domain' option
        - Improved URI support, including
                longer URI up to 8192 bytes accepted
                better handling of intercepted URI
                better port for non-FQDN URI lookups
        - Improved logging, including
                Bug 3210 fixed: incorrect timestamp format in earlier 3.0 releases.
                Fixed 'log_ip_on_direct' option behaviour
        - Support for profiling on x86 64-bit systems
        - .. and other bugs and minor code cleanups.

Changes to squid-3.0.STABLE4 (2 Apr 2008):

        - Bug 2288: compile error slipped into STABLE3.

Changes to squid-3.0.STABLE3 (31 Mar 2008):

        - Improved HTTP 1.1 support.
        - Improved MacOSX (Leopard) support
        - Bug 2206: Proxy-Authentication regression in STABLE2.
        - Strip Domain from NTLM usernames for use in class 4 Delay Pools
        - ... and other bugs and minor code cleanup

Changes to squid-3.0.STABLE2 (1 Mar 2008):

        - Add myportname ACL for matching the accepting port name (see release notes)
        - Add include directive for squid.conf (see release notes)
        - Add ability to strip kerberos realm from usernames during Auth
        - License cleanup to comply with GPLv2 or later
        - Updated Error Pages and Translations
        - Updated configuration examples
        - Updated valgrind support for valgrind-3.3.0
        - Improved support for Windows and MacOS X Leopard
        - Improved support for files larger than 2GB
        - Improved support for CARP arrays and WCCPv2
        - Improved cachmgr, SNMP, and log reporting
        - ... and as usual Many bug fixes since STABLE 1

Changes to squid-3.0.STABLE1 (13 Dec 2007):

        - Major rewrite translating the code to C++, originally based on
          Squid-2.5.STABLE1
        - Internal client streams concept for content adaptation
        - ICAP (Internet Content Adaptation Protocol) client support
        - ESI (Edge Side Includes) support added
        - Improved support for files larger than 2GB.
        - And a lot more. Most features from Squid-2.6 is supported, but not
          all. See the release notes for details.

Older ChangeLog follows. The sections relating to Squid-2.6 is not entirely
authorative for this release and mirrored here for reference only.

        - CARP now plays well with the other peering algorithms,
          and support for CARP peerings is compiled by default. Can be
          disabled by --disable-carp
        - Configuration file can be read from an external program
          or preprocessor. See squid.8 man page.
        - http_port is now optional, allowing for SSL only operation
        - Satellite and other high latency peering relations enhancements
          (Robert Cohren)
        - Nuked num32 types, and made type detection more robust by the
          use of typedefs rather than #defines.
        - the mailto links on Squid's ERR pages now contain data about the
          occurred error by default, so that the email will contain this data in
          its body. This feature can be disabled via the email_err_data directive.
          (Clemens L?ser)
        - COSS now uses a file called stripe and the path in squid.conf is the
          directory this is placed in. Additionally squid -z will create the
          COSS swapfile.
        - WCCPv2 support, including mask assignment support
        - HTCP support for access control and the CRL operation for
          purgeing of cache content
        - ICAP related fixes
        - Windows-related fixes, including Vista and Longhorn identification
        - Client-side parsing and some string use optimisations
        - Lots of off-by-one and memory leaks in corner cases have been fixed
          thanks to valgrind
        - Improved high-resolution profiling
        - Windows overlapped-IO and thread support added to the Async IO disk code
        - Improvements for handling large DNS replies

Changes to squid-2.6.STABLE15 (31 Aug 2007)

        - The select() I/O loop got broken by the /dev/poll addition
          (2.6.STABLE14)
        - Bug #2017: Fails to work around broken servers sending just the HTTP
          headers
        - Bug #2023: Compile error with old GCC 2.x or other ANSI-C compilers
          before C99
        - squid.conf.default updated and reorganised in more sensible groups
        - correct and document the syslog access_log format
        - Armenian error pages translation
        - digest_ldap_helper usage help updated
        - Bug #1560: ftpSendPasv: getsockname(-1,..): (9) Bad file descriptor
        - Improve delay pools in low traffic environment by checking timeouts
          at a steady 1 second interval even when there is not much activity
        - Don't request authentication on transparently intercepted
          connections
        - Cleanup linux capabilities for tproxy
        - Bug #2003: 'via' config directive doesn't affect response headers
        - Bug #1902: Adds Numeric Hit and invalid request counters to IP Cache
        - Add missing $|=1 to squid_db_auth
        - Bug #2050: Persistent connection dropped if cache has no
          Content-Length
        - Verify the URL on memory cache hits
        - Bug #2057: NTLM stop work in messengers after upgrade to 2.6.STABLE14
        - Bug #1972: Squid sets peers to down state when they are in fact
          working.
        - potential segmentation fault in storeLocateVary()
        - Bug #2066: chdir after chroot
        - Windows port: Fix compiler warnings when building Squid as
          application (not Windows service mode)
        - Spelling correction of received

Changes to squid-2.6.STABLE14 (15 Jul 2007)

        - squid.conf.default cleanup to have options in their proper sections.
        - documentation correction in the refresh_pattern ignore-auth option
        - URI-escaping not uses the recommended upper-case hex codes
        - refresh_pattern min-age 0 correted to really mean 0, and not 1 second
        - Always use xisxxxx() Squid defined macros instead of ctype
          functions.
        - Kerberos SPNEGO/Negotiate helper for the negotiate scheme
        - Database basic auth helper using Perl DBI to connect to most SQL DBs
        - Solaris /dev/poll network I/O support
        - configure fixes to make cross compilation somewhat easier
        - Removed incorrect -a reference from http_port documentation
        - Bug #1900: Double "squid -k shutdown" makes Squid restart again
        - Bug #1968: Squid hangs occasionally when using DNS search paths
        - Novell eDirectory digest auth helper (digest_edir_auth)
        - Bug #1130: min-size option for cache_dir
        - POP3 basic auth helper querying a POP3 server
        - Cosmetic squid_ldap_auth fixes from Squid-3
        - Bug #1085: Add no-wrap to cache manager HTML tables
        - Automatically restart if number of available filedescriptors becomes
          alarmingly low, preventing a situation where Squid would otherwise
          permanently stop processing requests.
        - Bug #2010: snmp_core.cc:828: warning: array subscript is above
          array bounds
        - Deal better with forwarding loops

Changes to squid-2.6.STABLE13 (11 May 2007)

        - Make sure reply headers gets sent even if there is no body available
          yet, fixing RealMedia streaming over HTTP issues.
        - Undo an accidental name change of storeUnregisterAbort.
        - Kill an ancient malplaced storeUnregisterAbort call from ftp.c
        - Bug #1814: SSL memory leak on persistent SSL connections
        - Don't log ECONNREFUSED/ECONNABORTED accept failures in cache.log
        - Cosmetic fix: added missing newline in WCCPv2 configuration dump.
        - Ukrainan error messages
        - Convert various error pages from DOS to UNIX text format
        - Bug #1820: COSS assertion failure t->length == MD5_DIGEST_CHARS
        - Clarify the max-conn=n cache_peer option syntax slightly
        - Bug #1892: COSS segfault on shutdown
        - Windows port: fix undefined ECONNABORTED
        - Make refreshIsCachable handle ETag as a cache validator, not
          only last-modified
        - in_port_t is not portable, use unsigned short instead
        - Fix fs / auth / snmp dependencies
        - Portability: statfs() may reqire #include <sys/statfs.h>

Changes to squid-2.6.STABLE12 (20 Mar 2007)

        - Assertion error on TRACE

Changes to squid-2.6.STABLE11 (17 Mar 2007)

        - Bug #1915: assertion failed: client_side.c:4055: "buf != NULL ||
          !conn->body.request"
        - Handle garbage helper responses better in concurrent protocol format
        - Fix kqueue when overflowing the changes queue
        - Make sure the child worker process commits suicide if it could
          not start up
        - Don't log short responses at debug level 1
        - Fix bswap16 & bwsap32 error on NetBSD
        - Fix collapsed_forwarding for non-GET requests

Changes to squid-2.6.STABLE10 (4 Mar 2007)

        - Upgrade HTTP/0.9 responses to our HTTP version (HTTP/1.0)
        - various diskd bugfixes
        - In the access.log hierarchy field log the unique peer name
          instead of the host name
        - unlinkdClose() should be called after (not before) storeDirSync()
        - CLEAN_BUF_SZ was defined, but never used anywhere
        - logging HTTP-request size
        - Fix icmp pinger communication on FreeBSD and other not supporing
          large dgram AF_UNIX sockets
        - Release objects on swapin failure
        - Bug #1787: Objects stuck in cache if origin server clock in future
        - Bug #1420: 302 responses with an Expires header is always cached
        - Primitive support for HTTP/1.1 chunked encoding, working around
          broken servers
        - Clean up relations between TCP probing and DNS checks of peers with
          no known addresses.
        - Fix a minor HTML coding error in ftp directory listings with // in
          the path
        - Bug #1875, #1420. Cleanup of refresh logics when dealing with
          non-refreshable content
        - Gopher cleanups and bugfixes
        - Negotiate authentication fixed again. Broken since STABLE7 by the
          patch for Bug #1792.
        - Bug #1892: COSS tries to shut down the same directory twice on exit
        - Bug #1908: store*DirRebuildFromSwapLog() ignores some SWAP_LOG_DEL
          entries
        - Added support for Subversion HTTP request methods MKACTIVITY,
          CHECKOUT and MERGE.

Changes to squid-2.6.STABLE9 (24 Jan 2007)

        - Bug #1878: If-Modified-Since broken in 2.6.STABLE8
        - Bug #1877 diskd bug in storeDiskdIOCallback()

Changes to squid-2.6.STABLE8 (21 Jan 2007)

        - Bug #1873: authenticateNTLMFixErrorHeader: state 4.
        - Document the https_port vhost option, useful in combination with
          a wildcard certificate
        - Document the existence of connection pinning / forwarding of NTLM
          auth and a few other features overlooked in the release notes.
        - Spelling correction of the ssl cache_peer option
        - Add back the optional "accel" http_port option. Makes accelerator
          mode configurations easier to read.
        - Bug #1872: Date parsing error causing objects to get unexpectedly
          cached.
        - Cleanup to have the access.log tags autogenerated from enums.h
        - Bug #1783: STALE: Entry's timestamp greater than check time. Clock
          going backwards?
        - Don't update object timestamps on a failed revalidation.
        - Fix how ftp://user@host URLs is rendered when Squid is built with
          leak checking enabled

Changes to squid-2.6.STABLE7 (13 Jan 2007)

        - Windows port: Fix intermittent build error using Visual Studio
        - Add missing tproxy info from the dump of http port configuration
        - Bug #1853: Support for ARP ACL on NetBSD
        - clientNatLookup(): fix wrong function name in debug messages
        - Convert ncsa_auth man page from DOS to Unix text format.
        - Bug #1858: digest_ldap_auth had some remains of old hash format
        - Correct the select_loops counter when using select(). Was counted twice
        - Clarify the http_port vhost option a bit
        - Fix cache-control: max-stale without value or bad value
        - Bug #1857: Segmentation fault on certain types of ftp:// requests
        - Bug #1848: external_acl crashes with an infinite loop under high load
        - Bug #1792: max_user_ip not working with NTLM authentication
        - Bug #1865: deny_info redirection with authentication related acls
        - Small example on how to use the squid_session helper
        - Bug #1863: cache_peer monitorurl, monitorsize and monitorinterval not working properly
        - Clarify the transparent http_port option a bit more
        - Bug #1828: squid.conf docutemtation error for proxy_auth digest
        - Bug #1867: squid.pid isn't removed on shutdown

Changes to squid-2.6.STABLE6 (12 Dec 2006)

        - Bug #1817: Assertion failure assert(buflen >= copy_sz) in htcp.c htcpBuildAuth()
        - Add client source port logformat tag >p
        - Cleanup of transparent & accelerator mode request parsing to untangle the firewall dependencies a bit
        - Bug #1799: Harmless 1 byte buffer overflow on long host names in /etc/hosts
        - automake no longer recommends mkinstalldirs. Removed.
        - Only use crypt() if it's available, allowing ncsa_auth to be built
          on platofms without crypt() support.
        - Windows port documentation updates
        - Bug #1818: Assertion failure assert(e->swap_dirn >= 0) in fs/coss/store_dir_coss.c storeCoss_DeleteStoreEntry
        - Bug #1117: assertion failed: aufs/store_dir_aufs.c:642: "rb->flags.need_to_validate"
        - Remove extra newline in redirect message sent by deny_info http://... aclname
        - Bug #1805: assertion failed: StatHist.c:195: "D[i] >= 0"
        - Clarify the external_acl_type helper format specification and some defaults
        - Add support for the weight= parameter to round-robin peers
        - Bug #1832: Error building squid-2.6.STABLE5 using --enable-truncate
        - Convert snmpDebugOid to use a temporary String object instead of strcat
        - Document that proxy_auth also accepts -i for case-insensitive operation
        - Remove malloc/free of temporary buffer in time parsing routines.
        - Reduce memory allocator pressure by not continually allocating client-side read buffers
        - Accept large dates >2^31 on 64-bit platformst. Seen for example in the Google logo.
        - Convert the connStateData->chr single link list to a normal dlink_list for clarity.
        - Bug #1584: Unable to register with multiple WCCP2 routers
        - Fix the WCCPv2 mask assignment code to not crash as the value assignments are built.
        - Bug #439: Multicast ICP peering is unstable and considers most peers dead
        - Bug #1801: NTLM authentication ends up in a loop if the server responds with a retriable error
        - Bug #1839: Cosmetic debug message cleanup in peerHandleHtcpReply.
        - Bug #1840: Disable digest and netdb queries to multicast peers
        - Bug #1641: assertion failed: stmem.c:149: "size > 0" while processing certain Vary objects
        - Fix build errors when using latest MinGW Windows environment

Changes to squid-2.6.STABLE5 (3 Now 2006)

        - Bug #1776: 2.6.STABLE4 aufs fails to compile if coss isn't enabled
        - COSS improvements and cleanups
        - SNMP linking issue resolved, enabling SNMP support to be build in all platforms
        - Bug #1784: access_log syslog results in blanks syslog lines between every entry
        - Bug #1719: Incorrect error message on invalid cache_peer specifications
        - Bug #1785: Memory leak in handling of negatively cached objects
        - Bug #1780: Incorrect Vary processing in combination with collapsed_forwarding
        - Bug #1782: Memory leak in ncsa_auth on password changes
        - Suppress some annoying coss startup messages raising the debug level to 2.
        - Clarify the external_acl_helper concurrency= change.
        - aioDone() could be called twice from aufs and from coss (when using AIOPS) during shutdown.
        - Bug #1794: Accept 00:00-24:00 as a valid time specification even if redundand and the same as 00:00-23:59
        - Bug #1795: Theoretical memory leak in storeSetPublicKey
        - Removing port 563 from the default SSL_ports and Safe_ports ACLs
        - Bug #1724: Automatically enable Linux Netfilter support with --enable-linux-tproxy.
        - Bug #1800: squid -k reconfigure crash when using req/rep_header acls
        - Clarify the select/poll/kqueue/epoll configure --enable/disable options
        - Bug #1779: Delay pools fairness when multiple connections compete for bandwidth
        - Bug #1802: Crash on exit in certain conditions where cache.log is not writeable
        - Bug #1796: Assertion error HttpHeader.c:914: "str"
        - Bug #1790: Crash on wccp2 + mask assignement + standard wccp service
        - Silence harmless gcc compile warning.
        - Clean up poll memory on shutdown
        - Ported select, poll and win32 to new comm event framework
        - Windows port: Correctly identify Windows Vista and Windows Server Longhorn
        - Added a basic comm_select_simple comm loop only requiring minimal POSIX compliance.
        - Safeguard from kb_t counter overflows on 32-bit platforms

Changes to squid-2.6.STABLE4 (23 Sep 2006)

        - Bug #1736: Missing Italian translation of ERR_TOO_BIG error page
        - Windows port enhancement: added native exception handler with signal emulation
        - Fix the %un log_format tag again. Got broken in 2.6.STABLE2
        - Fix Squid crash when using %a in ERR_INVALID_REQ and ERR_INVALID_URL error messages.
        - Bug #212: variable %i always 0.0.0.0 in many error pages
        - Bug #1708: Ports in ACL accepts characters and out of range
        - Bug #1706: Squid time acl accepts invalid time range.
        - Fix another harmless fake_auth compiler warning on gcc 4.1.1 x86
        - Fix an harmless snmp_core.c compiler warning on gcc 4.1.1 x86
        - Bug #1744: squid-2.6.STABLE3 - fakeauth_auth crashing on certain requests
        - Bug #1746: Harmless off by one overrun in ncsa_auth md5 password validation
        - Bug #1598: start_announce cannot be disabled
        - Periodically flush cache.log to disk when "buffered_logs on" is set
        - Numerous COSS improvements and fixes
        - Windows port: merge of MinGW support
        - Windows port: Merged Windows threads support into aufs
        - Bug #1759: Windows port cachemgr.cgi attempts to write to file system root directory
        - Numerous portability fixes
        - Various minor statistics cleanup on 64-bit hosts with more than 4GB of memory
        - Bug #1758: HEAD on ftp:// URLs always returned 200 OK.
        - Bug #1760: FTP related memory leak
        - Bug #1770: WCCP2 weighted assignment
        - Bug #1768: Redundant DNS PTR lookups
        - Bug #1696: Add support for wccpv2 mask assignment
        - Bug #1774: ncsa_auth support for cramfs timestamps
        - Bug #1769: near-hit and filedescriptor usage missing in SNMP MIB
        - Bug #1725: cache_peer login=PASS documentation somewhat confusing
        - Bug #1590: Silence those ETag loop warnings
        - Bug #1740: Squid crashes on certain malformed HTTP responses
        - Bug #1699: assertion failed: authenticate.c:836: "auth_user_request != NULL"
        - Improve error reporting on unexpected CONNECT requests in accelerator mode
        - Cosmetic change to increase cache.log detail level on invalid requests
        - Bug #1229: http_port and other directives accept invalid ports
        - Reject http_port specifications using both transparent and accelerator options
        - Cosmetic cleanup to not dump stacktraces on configuration errors


Changes to squid-2.6.STABLE3 (18 Aug 2006)

        - Bug #1577: assertion failed "fm->max_n_files <= (1 << 24)" on
          very large cache_dir.  Limit number of objects stored to slightly
          less to avoid this.
        - Bug #1705: Correct error message on invalid time weekday specification
        - Don't attempt to guess netmask in src/dst acl specifications
          if none was provided. Assume it's an IP even if it ends in 0
        - Bug #1665: log_format %ue, %us tags for external or ssl user id
        - Bug #1707: delay pools often ignored the set limit
        - Bug #1716: Support for recent OpenSSL 0.9.7 versions
          (0.9.8 always worked)
        - COSS fixes and performance improvements
        - Memory leak when reading configuration files with overlapping
          ACL data where squid -k parse complains.
        - Memory leak related to pinned connections
        - Show include acls unexpanded in cachemgr configuration dumps
        - Fixed WARNING defer handler for HTTP Socket does not call commDeferFD
        - Bug #1304: Downloads may hang when using the cache_dir max-size option
        - Optimization of network I/O
        - Bug #1730: make problem with --enable-follow-x-forwarded-for on Solaris
        - Fixed a memory leak on certain invalid requests
        - Bug #1733: ERR_CANNOT_FORWARD Portuguese translation update
        - Bug #582: ntlm fake_auth not handles non-ascii login names
        - New startup message indicating the type of event loop used
        - Bug #1602: TCP fallback on truncated DNS responses
        - Bug #1667: assertion failed: store.c:1081: "e->store_status == STORE_PENDING"
        - Bug #1723: cachemgr now works in accelerator mode

Changes to squid-2.6.STABLE2 (31 Jul 2006)

        - WCCP2 doesn't update statCounter.syscalls.sock.sendtos counter.
        - Releasenotes Table of contents should use relative links without
          filename.
        - Reject HTTP/0.9 formatted CONNECT requests. 
        - Cosmetic cleanup to use safe_free instead of xfree + manual
          assign to NULL
        - Bug #1650: transparent interception "Unable to forward this
          request at this time"
        - Bug #1658: Memory corruption when using client-side SSL certificates
        - Add storeRecycle; a storeIO method to delete a StoreEntry w/out
          deleting the underlying object.
        - Many COSS fixes and new coss data dumper utility for diagnostics
        - Bug #1669: SEGV in storeAddVaryReadOld
        - Many fixes in debug sections and spelling of debug messages
        - Don't keep client connection persistent if there was a mismatch in
          the response size.
        - Move eventCleanup debug messages to debug level 2 (was 0)
        - Add the missing concurrency parameters to basic and digest auth
          schemes
        - Bug #1670: assertion failure: i->prefix_size > 0 in client_side.c:2509
        - Log SSL user id in the custom log User name format (%un)
        - Bug #1653: Username info not logged into Cachemgr active_requests
          statistics
        - Added to the redirectors interface the support for SSL client
          certificate
        - squid.conf.default cleanup to remove references to old options
        - Fix many filedescriptors in combination with TPROXY
        - Fix connection pinning in transparently intercepted connections
        - Bug #1679: LDFLAGS not honored in some programs.
        - Minor cleanup of port numbers in transparent interception or
          vhost + vport
        - Bug #1671: transparent interception fails with FreeBSD ipfw or
          Linux-2.2 ipchains
        - Bug #1660: Accept-Encoding related memory corruption
        - Bug #1651: Odd results if url_rewriter defined multiple times
        - Bug #1655: Squid does not produce coredumps under linux when
          started as root
        - Bug #1673: cache digests not served to other caches
        - Cleanup of Linux capability code used by tproxy
        - Bug #1684: xstrdup: tried to dup a NULL pointer!
        - Bug #1668: unchecked vsnprintf() return code could lead to log
          corruption
        - Bug #1688: Assertion failure in HttpHeader.c in some header_access
          configurations
        - Cygwin support fir --disable-internal-dns
        - Silence those annoying sslReadServer: Connection reset by peer
          errors.
        - Bug #1693: persistent connections broken in transparent
          interception mode
        - Bug #1691: multicast peering issues
        - Bug #1696: Correct WCCP2 processing of router capability info
          segments
        - Bug #1694: Assertion failure in mgr:config if using
          access_log_format %<h
        - Bug #1677: Duplicate etags in the If-None-Match header
        - Bug #1665: access_log_format codes for login names from external
          acl or ssl
        - Bug #1681: All ntlmauthenticator processes are busy
        - Added ARP acl support for OpenBSD and ARP fixes for Windows
        - Bug #1700: WCCP fails on FreeBSD (Unable to disconnect WCCP out
          socket)
        - WCCP2 correct dampening of assign buckets when there it lots of
          changes
        - minimum_expiry_time to tune the magic 60 seconds limit of what
          is considered cachable when the object doesn't have any cache
          validators.
        - Bug #1703: wrong path to diskd helper corrected, and config
          parser extended to trap incorrect paths early
        - Bug #1703: COSS failed to initialize async-io threads
        - Bug #1703: should abort if diskd helper exits unexpectedly
        - Bug #1702: Warn if acl name is too long
        - Bug #1685: Crashes or other odd results after storeSwapMetaUnpack: errors
        - wccp2_rebuild_wait directive to delay registering with WCCP until the
        - Bug #1662: Infinite loop in external acl with grace period if the
          same http_access line had multiple external acls

Changes to squid-2.6.STABLE1 (1 Jul 2006)
        
        - New --enable-default-hostsfile configure option
        - Added username info to active_requests cachemgr stats
        - Modified squid MIB to incorporate squid.conf visible_hostname
        - Added multi-line capability in squid.conf
        - Added new httpd_suppress_version_string configuration directive
        - WCCPv2 support
        - Negotiate authentication scheme support
        - NTLM authentication scheme rewritten
        - Customizable access log formats
        - Selective access logging
        - Access logging via syslog
        - Reverse proxy enhancements, with new cache_peer based forwarding
          model.
        - LDAP based Digest helper (Note: not true LDAP integration, just using
          LDAP for storage of the Digest hashes)
        - Improved helper communication protocol
        - External ACL improvements. %PATH, log=, grace=, and more..
        - Improved SSL support with hardware offload, client certificate
          support (primitive), chained certificates and numerous bug fixes
        - DNS lookups now use the search path from /etc/resolv.conf or
          the Windows registry
        - Linux epoll support
        - collapsed forwarding to optimize reverse proxies or other
          setups having very many clients going to the same URL
        - New improved COSS implementation
        - Optional support for blank passwords
        - The old and obsolete Samba-2.2.X winbind helpers have been removed
        - external acls now uses the simplified URL-escaped protol "3.0" by
          default.
        - Linux TPROXY support
        - Support for proxying of Microsoft Integrated Login by adding
          support for the deviations from the HTTP protocol required
          to support these authentication mechanisms
        - Added the capability to run as a Windows service under Cygwin
        - CARP now plays well with the other peering algorithms
        - read_ahead_gap option to read ahead more than 16KB of the reply
        - check_hostnames and allow_underscore squid.conf options
        - http_port is now optional, allowing for SSL only operation
        - Full ETag/Vary support, caching responses which varies with
          request details (browser, language etc).
        - umask now defaults to 027 to protect the content of cache and
          log files from local users
        - HTCP support for access control and the CRL operation for
          purgeing of cache content
        - Optionally follow X-Forwarded-For headers to determine the original
          client IP behind sedond level proxies
        - FreeBSD kqueue support

Changes to squid-2.5.STABLE14 (20 May 2006)
        - [Minor] icons not displayed when visible_hostname is a
          short hostname (without domain). (Bug #1532)
        - [Medium] Memleak in HTCP client code (default disabled)
          (Bug #1553)
        - [Major] memory leak in ident processing (Bug #1557)
        - [Medium] Memory leak in header processing related to external_acl
          header detail format tag (Bug #1564)

Changes to squid-2.5.STABLE13 (12 Mar 2006)
        - [Minor] Fails to compile on Solaris and some other platforms
          with undefined reference to setenv (Bug #1435)
        - [Cosmetic] Added WebDAV REPORT method to know HTTP methods list
        - [Minor] Squid ntlm_auth (not the Samba provided one) giving
          odd results if --enable-ntlm-fail-open is used (Bug #1022)
        - [Minor] wbinfo_group.pl doesn't work with Samba 3.0.21 and later
          (Bug #1472)
        - [Minor] Squid crash when asyncio function counters url accessed
          from Cachemgr CGI (Bug #1464)
        - [Cosmetic] Linux compile warning about prctl called with too few
          arguments (Bug #1483)
        - [Minor] Wrong timezone declaration for 64 bit Irix (Bug #1479)
        - [Minor] Some 206 responses logged incorrectly (Bug #1511)
        - [Minor] Issues in processing ranges on objects >2GB (Bug #437)
        - [Cosmetic] Segmentation fault on empty proxy_auth ACLs (Bug #1414)
        - [Minor] Ident access lists don't work in delay_access statements
          (Bug #1428)
        - [Minor] Some clients support NTLM even if not initially negotiating
          persistent connections (Bug #1447)
        - [Medium] 504 Gateway Time-out on FTP uploads (Bug #1459)
        - [Medium] delay pools given too much bandwidht after "-k reconfigure"
          (Bug #1481)
        - [Cosmetic] New persistent_connection_after_error configuration
          directive (Bug #1482)
        - [Cosmetic] Hangs at 100% CPU if /dev/null is not accessible (Bug
          #1484)
        - [Minor] Fails to compile on Fedora Core 5 test 2 x86_64 (Bug #1492)
        - [Cosmetic] Typo in ftp.c (Bug #1507)
        - [Cosmetic] Error in FTP listings of files with -> in their name
          (Bug #1508)
        - [Cosmetic] With Squid-2.5 there is no more the DUPLICATE IP logging
          in cache.log (Bug #779)
        - [Minor] Fails to process long host names (Bug #1434)
        - [Cosmetic] Azerbaijani errors translation (Bug #1454)
        - [Cosmetic] misleading error message message for bad/unresolveable
          cache_peer name (Bug #1504)
        - [Cosmetic] confusing statistics on stateful helpers (NTLM auth)
          (Bug #1506)
        - [Major] connstate memory leak (Bug #1522)

Changes to squid-2.5.STABLE12 (22 Oct 2005)

        - [Major] Error introduced in 2.5.STABLE11 causing truncated responses
          when using delay pools (Bug #1405)
        - [Cosmetic] Document that tcp_outgoing_* works badly in combination
          with server_persistent_connections (Bug #454)
        - [Cosmetic] Add additinal tracing to squid_ldap_auth making
          diagnostics easier on squid_ldap_auth configuration errors
          (Bug #1395)
        - [Minor] $HOME not set when started as root (Bug #1401)
        - [Minor] httpd_accel_single_host breaks in combination with
          server_persistent_connections (Bug #1402)
        - [Cosmetic] Setting CACHE_HTTP_PORT to configure was only partially
          implemented, effectively ignored. (Bug #1403)
        - [Minor] CNAME based DNS addresses could get cached for longer
          than intended (Bug #1404)
        - [Minor] Incorrect handling of squid-internal-dynamic/netdb exchanges
          in transparently intercepting proxies (Bug #1410).
        - [Minor] Cache revalidations on HEAD requests causing poor cache
          hit ratio (Bug #1411).
        - [Minor] Not possible to send 302 redirects via a redirector in
          response to CONNECT requests (bug #1412)
        - [Minor] Incorrect handling of Set-Cookie on cache refreshes (Bug
          #1419)
        - [Major] Segmentation fault crash in rfc1738_do_escape (Bug #1426)
        - [Minor] Delay pools class 3 fails on clients in network 255
          (Bug #1431)
        
Changes to squid-2.5.STABLE11 (22 Sep 2005)

        - [Minor] Workaround for servers sending double content-length headers
          (Bug #1305)
        - [Cosmetic] Updated Spanish error messages by Nicolas Ruiz
        - [Cosmetic] Date header corrected on internal objects (icons etc)
          (Bug #1275)
        - [Minor] squid -k fails in combination with chroot after patch for
          bug 1157 (Bug #1307)
        - [Cosmetic] Segmentation fault if compiled with
          --enable-ipf-transparent but denied access to the NAT device.
          (Bug #1313)
        - [Minor] httpd_accel_signle_host incompatible with redireection
          (Bug #1314)
        - [Minor] squid -k reconfigure internal corruption if the type of
          a cache_dir is changed (Bug #1308)
        - [Minor] SNMP GETNEXT fails if the given OID is outside the Squid MIB
          (Bug #1317)
        - [Minor] Title in FTP listings somewhat messed up after previous
          patch for bug 1220 (Bug #1220)
        - [Minor] FTP listings uses "BASE HREF" much more than it needs to,
          confusing authentication. (Bug #1204)
        - [Minor] winfo_group.pl only looked for the first group if multiple
          groups were defined in the same acl. (Bug #1333)
        - [Cosmetic] Compiler warnings on some 64-bit platforms (Bug #1316)
        - [Cosmetic] Removed some debug output from wb_ntlm_atuh (Bug #518)
        - [Cosmetic] The new --with-build-environment=... option doesn't work
        - [Cosmetic] New 'mail_program' configuration option in squid.conf
        - [Minor] Fails to compile with ip-filter and ARP support on Solaris
          x86 (Bug #199)
        - [Major] Segmentation fault in sslConnectTimeout (Bug #1355)
        - [Medium] assertion failed in StatHist.c:93  (Bug #1325)
        - [Minor] More chroot_dir and squid -k reconfigure issues (Bug #1331)
        - [Cosmetic] Invalid URLs in error messages when failing to connect
          to peer, and a few other inconsistent error messages (Bug #1342)
        - [Cosmetic] Fails to compile with glibc -D_FORTIFY_SOURCE=2
          (Bug #1344)
        - [Minor] Some odd FTP servers respond with 250 where 226 is expected
          (Bug #1348)
        - [Cosmetic] Greek translation of error messages (Bug #1351)
        - [Major] Assertion failed store_status == STORE_PENDING (Bug #1368)
        - [Minor] squid_ldap_auth -U does not work (Bug #1370)
        - [Minor] SNMP cacheClientTable fails on "long" IP addresses
          (Bug #1375)
        - [Minor] Solaris Sparc + IP-Filter compile error (Bug #1374)
        - [Minor] E-mail sent when cache dies is blocked from many antispam
          rules (Bug #1380)
        - [Minor] LDAP helpers does not work with TLS (-Z option) (Bug #1389)
        - [Cosmetic] Incorrect store dir selection debug message on objects
          larger than 2Gigabyte (Bug #1343)
        - [Cosmetic] header_id enum misused as an signed integer (Bug #1343)
        - [Cosmetic] Allow leaving core dumps when started as root (Bug #1335)
        - [Medium] Clients could bypass delay_pool settings by faking a cache
          hit request (Bug #500)
        - [Minor] IP-Filter 4.X support (Bug #1378)
        - [Medium] Odd results on pipelined CONNECT requests
        - [Major] Squid crashing with "FATAL: Incorrect scheme in auth header"
          when using NTLM authentication.
        - [Cosmetic] Odd results when pipeline_prefetch is combined with NTLM
          authentication (bug #1396)
        - [Minor] invalid host was processed as IP 255.255.255.255 in dst acl
          (Bug #1394)
        - [Cosmetic] New --with-maxfd=N configure option to override build
          time filedescriptor limit test
        - [Minor] Added support for Windows code name "Longhorn" on Cygwin.

Changes to squid-2.5.STABLE10 (17 May 2005)

        - [Minor Security] Fix race condition in relation to old Netscape
          Set-Cookie specifications
        - [Minor] Fails to parse D.J.  Bernstein's FTP EPLF ftp listing
          format and PASV resposes (Bug #1252)
        - [Medium] BASE HREF missing on ftp directory URLs without /
          (Bug #1253)
        - [Minor security] confusing http_access results on configuration
          error (Bug #1255)
        - [Cosmetic] More robust Date parser (Bug #321)
        - [Minor] reload_with_ims fails to refresh negatively cached objects
          (Bug #1159)
        - [Cosmetic] delay_access description clarification (Bug #1245)
        - [Cosmetic] Check for integer overflow in size specifications in
          squid.conf (Bug #1247)
        - [Cosmetic] bzero is a non-standard function not available on all
          platforms (Bug #1256)
        - [Cosmetic] Compiler warnings if pid_t is not an int (Bug #1257)
        - [Cosmetic] Incorrect use of ctype functions (Bug #1259)
        - [Cosmetic] Defer digest fetch if the peer is not allowed to be used
          (Bug #1261)
        - [Minor] Duplicate content-length headers logged incorrectly or
          not cleaned up properly (Bug #1262)
        - [Cosmetic] Extend relaxed_header_parser to work around "excess
          data from" errors from many major web servers. (Bug #1265)
        - [Minor] Add HTTP headers to a netdb error messages
        - [Minor] Multiple minor aufs issues (Bug #671)
        - [Minor] Basic authentication fails with very long logins or
          password (Bug #1171)
        - [Minor] CONNECT requests truncated if client side disconnects first
          (Bug #1269)
        - [Minor] --disable-hostname-checks configure option did not work
        - [Cosmetic] LDAP helpers adjusted to compile with SUN LDAP SDK
        - [Cosmetic] aufs warning about open event filedescriptors on shutdown
        - [Medium] Failed to process requests for files larger than 2GB in size
        - [Cosmetic] rename() related cleanup
        - [Cosmetic] New cachemgr pending_objects and client_objects actions
        - [Cosmetic] external acls requiring authentication did not request
          new credentials on access denials like proxy_auth does.
        - [Cosmetic] Syslog facility now configurable via command line options.
        - [Cosmetic] New %a error page template code expanding into the
          authenticated user name. (Bug #798)
        - [Minor] IP-Filter 4.0 support in --enable-ipf-transparent
        - [Minor] Support interception of multiple ports
        - [Cosmetic] Allow "squid -k ..." to run even if the local hostname
          can not be determined (Bug #1196)
        - [Cosmetic] Configuration file parser now handles DOS/Windows formatted
          configuration files with CRLF lineendings proper.
        - [Minor] Unrecognized Cache-Control directives now forwarded properly
          (Bug #414)
        - [Minor] Authentication helpers now returns useable information
          in the %m error page macro on failed authentication (Bug #1223)
        - [Minor] pid file management corrected in chroot use (Bug #1157)
        - [Minor Security] Fix for CVE-1999-0710: cachemgr malicouse use.
          cachemgr.cgi now reads a config file telling which proxy servers
          it can administer.
        - [Minor] aufs statistics improvements
        - [Minor] SNMP bugfixes and support for SNMPv2(c) (Bug #1288, #1299)
        - [Minor] ARP acl documentation and cachemgr config dump corrections
        - [Minor] dstdomain/dstdom_regex acls now allow matching of numeric
          hostnames in addition to the reverse lookup of the domain name.
        - [Security] Internal DNS client hardened against spoofing
        
Changes to squid-2.5.STABLE9 (24 Feb 2005)

        - [Medium] Don't retry requests on 403 errors (Bug #1210)
        - [Minor] Ignore invalid FQDN DNS responses (Bug #1222)
        - [Minor] cache_peer related memory leaks on reconfigure (Bug #1246)
        - [Cosmetic] Adjusted to build cleanly with GCC-4 (Bug #1211)
        - [Minor] relaxed_header_parser extended to work around even more
          broken web servers (Bug #1242)
        - [Minor] FTP gatewaying URLs cleaned up slightly, mainly to work
          better with Mozilla but also to improve security slightly on
          non-anonymous FTP.
        - [Minor] High characters allowed un-encoded in FTP and Gopher
          listings to allow the user-agent to display data in non-iso8859-1
          charsets. (Bug #1220)
        - [Cosmetic] format fixes to silence compiler warnings on many
          platforms.
        - [Major] Assertion failures on certain odd DNS responses (Bug #1234)

Changes to squid-2.5.STABLE8 (11 Feb 2005)

        - [Minor] 100% CPU usage on half-closed PUT/POST requests (Bug #354,
          #1096)
        - [Cosmetic] Document -v (protocol version) option to LDAP helpers
        - [Minor] The new req_header and resp_header acls segfaults
          immediately on parse of squid.conf (Bug #961)
        - [Minor] Failure to shut down busy helpers on -k rotate/reconfigure
          (Bug #1118)
        - [Minor] Don't use O_NONBLOCK on disk files. (Bug #1102)
        - [Minor] Squid fails to close TCP connection after blank HTTP
          response (Bug #1116)
        - [Minor security] Random error messages in response to malformed
          host name (Bug #1143)
        - [Minor] PURGE should not be able to delete internal objects
          (Bug #1112)
        - [Minor] httpd_accel_port 0 (virtual) not working correctly (Bug
          #1121)
        - [Minor] cachemgr vm_objects segfault (Bug #1149)
        - [Minor security] Confusing results on empty acl declarations (Bug
          #1166)
        - [Minor] Don't close all "other" filedescriptors on startup (Bug
          #1177)
        - [Minor] fakeauth_auth memory leak and NULL pointer access (Bug
          #1183)
        - [Security] buffer overflow bug in gopherToHTML() (Bug #1189)
        - [Medium security] Denial of service with forged WCCP messages
          (Bug #1190)
        - [Minor] DNS related memory leak on certain malformed DNS responses
          (Bug #1197)
        - [Minor] Internal DNS sometimes truncates host names in reverse
          (PTR) lookups (Bug #1136)
        - [Minor Security] Add sanity checks on LDAP user names (Bug #1187)
        - [Security] Harden Squid against HTTP request smuggling attacks
        - [Minor] Icon URLs fails in non-anonymous FTP directory listings is
          short_icon_urls is on (Bug #1203)
        - [Security] Harden Squid against HTTP response splitting attacks
          (Bug #1200)
        - [Medium security] Buffer overflow in WCCP recvfrom() call
          (Bug #1217)
        - [Security] Properly handle oversized reply headers (Bug #1216)
        - [Minor] LDAP helpers search fixed to properly ask for no attributes
        - [Minor] A sporadic segmentation fault when using ntlm authentication
          fixed (Bug #1127)
        - [Major] Segmentation fault on failed PUT/POST requests (Bug #1224)
        - [Medium] Persistent connection mismatch on failed PUT/POST request
          (Bug #1122)
        - [Minor] WCCP easily disturbed by forged packets (Bug #1225)
        - [Minor] Password management in ftp:// gatewaying improved (Bug #1226)
        - [Major] HTTP reply data corruption in certain situations involving
          reply headers split over multiple packets (Bug #1233)

Changes to squid-2.5.STABLE7 (11 Oct 2004)

        - [Medium] No objects cached in ufs cache_dir type in some
          configurations. Issue introduced in 2.5.STABLE6 by the patch for
          Bug #676. (Bug #1011)
        - [Minor] LDAP helpers update to correct LDAP connection management
          and add support for literal password compare instead of binding
        - [Minor] A large number of queued DNS lookups for the same domain
          (Bug #852)
        - [Cosmetic] request_header_max_size configuration partly ignored
          (Bug #899)
        - [Minor] Partial hit results in TCP_HIT, not TCP_MISS. (Bug #1001)
        - [Cosmetic] HEAD requests may return stale information
          (Bug #1012)
        - [Cosmetic] Warn if cache_dir ufs can not create files. (Bug #918)
        - [Minor] case insensitive authentication (Bug #431)
        - [Cosmetic] Add delay pools information to active_requests. (Bug
          #882)
        - [Minor] Apparent memory leak in client_db (Bug #833)
        - [Minor] NTLM authentication truncated causing failures. (Bug
          #1016)
        - [Cosmetic] Grammatical corrections in squid.conf.default
        - [Cosmetic] Unknown %X errorpage codes incorrectly quoted. (Bug
          #1030)
        - [Medium] Segfaults and other strange crashes when using heap
          policies. (Bug #1009)
        - [Minor] Supplementary group memberships not set (Bug #1021)
        - [Cosmetic] ERR_TOO_BIG Portuguese translation
        - [Minor] external_acl does not handle newlines (Bug #1038)
        - [Major] NTLM authentication denial of service when using msnt_auth
          or fake_auth (Bug #1045)
        - [Medium] Memory leaks when using NTLM authentication without
          challenge reuse. (Bug #994)
        - [Minor] Temporary NTLM memory leak with challenge reuse enabled
          (Bug #910)
        - [Minor] assertion failed: "n_ufs_dirs <=
          Config.cacheSwap.n_configured". (Bug #1053)
        - [Minor] Segfault in authenticateDigestHandleReply. (Bug #1031)
        - [Minor] acl time fails to parse multiple time specifications
          (Bug #1060)
        - [Minor] cachemgr config dumps mixed up Range and Request-Range 
          headers in http_header_access & replace directives. (Bug #1056)
        - [Minor] Content-Disposition added as a well known header (Bug #961)
        - [Cosmetic] Don't warn about arp acls not being supported on FreeBSD
          (Bug #1074)
        - [Cosmetic] Limit internal send/receive buffer sizes (Bug #1075)
        - [Medium] New acl types to match arbitrary HTTP headers. In addition
          the http_header_access & replace directives now support arbitrary
          headers and not only the well known ones. (Bug #961)
        - [Cosmetic] ncsa_auth now accepts Window formatted password files
          (Bug #1078)
        - [Cosmetic] Support the --program-prefix/suffix options or other
          configure program name transforms (Bug #1019)
        - [Minor] Fix race condition in CONNECT and also handle aborts of
          CONNECT requests in a more graceful manner. (Bug #859)
        - [Minor] New balance_on_multiple_ip directive to work around certain
          broken load balancers and optimized ipcache on reload requests
          (Bug #1058)
        - [Medium] New reply_header_max_size directive
          (Bug #874)
        - [Minor] Suspected instability on aborted PUT/POST requests
          (Bug #1089)
        - [Security] SNMP Denial of Service fix (CAN-2004-0918)

Changes to squid-2.5.STABLE6 (9 Jul 2004)

        - Bug #937: NTLM assertion error "srv->flags.reserved"
        - Bug #935: squid_ldap_auth can be confused by the use of reserved
          characters
        - Helper queue warnings imprecise on the number of helpers required
        - squid_ldap_auth TLS mode works correctly again
        - Bug #940, #305: pkg-config support for finding correct OpenSSL
          compile flags
        - Bug #426: "Vary: *" is ignored
        - 100% CPU usage on Linux-2.2
        - Version number should not include -CVS if autoconf is run
        - Bug #947: deny_info redirection with requested URL escaped wrongly
        - Bug #495: CONNECT timeout should produce a 504 or 503
        - Bug #956: cache_swap_log documentation referred to swap.state by
          it's old swap.log name
        - ntlm/auth_ntlm.c(683): warning #187: use of "=" where "==" may
          have been intended
        - Bug #962: rfc1035NameUnpack: Assertion (*off) < sz failed
        - Bug #954: Segment violation when using a blank user name in digest
          authentication
        - Bug #943: assertion failed: errorpage.c:292: "mem->inmem_hi == 0"
        - Spelling corrections in configure and squid.conf.default
        - The meaning of ERR in digest helper protocol clarified in the
          squid.conf documentation
        - Bug #950: Spelling error in Turkish ERR_DNS_FAIL
        - Bug #616: Negative cached 404 replies with VARY header never matched
        - Bug #968: range_offset_limit -1 KB rejected as invalid syntax
          due to a shortcoming in the fix to bug #817
        - Bug #570: Very large cache_mem values reported wrongly in cache.log
        - Bug #676: store_dir_select_algorithm least-load doesn't work for
          ufs cache_dir type
        - Bug #946: cacheCurrentUnlinkRequests should be a counter, not gauge
        - Bug #948: Show client ip in cache.log debug output
        - Bug #960: compilation issue on OpenBSD/m88k
        - Bug #969: FTP directory listing HTML DOCTYPE misread by some tools
        - Bug #991: dns_servers should default to localhost if no resolv.conf
        - Bug #717: msnt_auth documentation update
        - Bug #753: Segfault in memBufVPrintf on certain architectures
          requiring va_copy
        - Bug #941: Negative size in access.log on long running CONNECT
          requests
        - Bug #972: Segmentation fault after "Likely proxy abuse detected"
        - Bug #981: sasl_auth updated to work with SALS2
        - Overflow bug in Squid's ntlm_auth helper used for transparent NTLM
          authentication to a NT domain without using Samba.

Changes to squid-2.5.STABLE5 (1 Mar 2004):

        - cache.log message on "squid -k reconfigure" was slightly confusing,
          claiming Squid restarted when it just reread the configuration.
        - Bug #787: digest auth never detects password changes
        - Bug #789: login with space confuses redirector helpers
        - Bug #791: FQDNcache discards negative responses when using
          internal DNS
        - pam_auth fails on Solaris when using pam_authtok_get. Persistent
          PAM connections are unsafe and now disabled by default.
        - auth_param documentation clarifications and added default realm
          values making only the helper program a required attribute
        - Bug #795: German ERR_DNS_FAIL correction
        - Bug #803: Lithuanian error messages update
        - Bug #806: Segfault if failing to load error page
        - Bug #812: Mozilla/Netscape plugins mime type defined (.xpi)
        - Bug #817: maximum_object_size too large causes squid not to cache
        - Bug #824: 100% CPU loop if external_acl combined with separate
          authentication acl in the same http_access line
        - squid_ldap_group updated to version 2.12 with support for ldaps://
          (LDAPv2 over SSL) and a numer of other improvements.
        - Bug #799: positive_dns_ttl ignored when using internal DNS.
        - Bug #690: Incorrect html on empty Gopher responses
        - Bug #729: --enable-arp-acl may give warning about net/route.h
        - Bug #14: attempts to establish connection may look like syn flood
          attack if the contacted server is refusing connections
        - errorpage README files included in the distribution again showing
          who contributed which translation
        - Bug #848: connect_timeout connect_timeout ends up twice the length.
          forward_timeout option added to address this.
        - Bug #849: DNS log error messages should report the failed query
        - Bug #851: DNS retransmits too often
        - Bug #862: Very frequently repeated POST requests may cause a
          filedescriptor shortage due to persitent connections building up
        - Bug #853: Sporatic segmentation faults on aborted FTP PUT requests
        - Bug #571: Need to limit use of persistent connections when
          filedescriptor usage is high
        - Bug #856: FTP/Gopher Icon URLs are unneededly complex and often
          does not work properly
        - Bug #860: redirector_access does not handle "slow" acls such as
          "dst" or "external" requiring a external lookup.
        - Bug #865: Persistent connection usage too high after sudden burst
          of traffic.
        - Bug #867: cache_peer max-conn=.. option does not work
        - Bug #868: refuses to start if pid_filename none is specified
        - Bug #887: LDAP helper -Z (TLS) option does not work
        - Bug #877: Squid doesn't follow telnet protocol on FTP control
          connections
        - Bug #908: Random auth popups and account lockouts when using ntlm
        - Support for NTLM_NEGOTIATE exchanges with ntlm helpers
        - Bug #585: cache_peer_access fails with NTLM authentication
        - Bug #592: always/never_direct fails with NTLM authentication
        - wbinfo_group update for Samba-3
        - Bug #892: helpers/ntlm_auth/SMB/ fails to compile on FreeBSD 5.0
        - Bug #924: miss_access restricts internal and cachemgr requests
          even if these are local
        - Bug #925: auth headers send by squidclient are mildly malformed
        - Bug #922: miss_access and delay_access and several other
          authentication related bug fixes.
        - Bug #909: Added ARP acl support for FreeBSD
        - Bug #926: deny_info with http_reply_access or miss_access
        - Bug #872: reply_body_max_size problems when using NTLM auth
        - Bug #825: random segmentation faults when using digest auth
        - Bug #910: Partial fix for temporary memory leaks when using NTLM
          auth. There is still problems if challenge reuse is enabled.
        - ftp://anonymous@host/ now accepted without requiring a password
        - Bug #594: several mime type updates (ftp:// related)
        - url_regex enhanced to allow matching of %00

Changes to squid-2.5.STABLE4 (15 Sep 2003):

        - Lithuanian error messages added to the distribution
        - Bug #660: segfauld if more than one custom deny_info line
        - cache_dir disd documentation cleanup
        - check open of /dev/null to avoid 100% CPU loop in badly
          configured chroot environments
        - documentation update on uri_whitespace to refer to the correct RFC
        - Bug #655: icmpRecv: recv: (11) Resource temporarily unavailable
        - Bug #683: external_acl does not wait for ident lookups to complete
        - aufs: Fix a minor use-after-free problem which could cause the
          count of opening filedescriptors to grow larger than it should
        - Syntax changes to make GCC-3.3 accept Squid without complaints
        - Warning if CARP server defined in incorrect load factor order
        - neighbor_type_domain documentation update
        - http_header_access now works when using cache peers
        - high_memory_warning now uses sbrk as fallback mechanism on
          platforms where neither mallinfo or mstats are available.
        - hosts_file now handles comments at the end of lines correcly
        - storeCheckCachable() Stats corrected for release_request and
          wrong_content_length.
        - cachePeerPingsSent MIB type corrected
        - unused minimum_retry_timeout directive removed
        - Bug #702: ERR_TO_BIG spanish translation
        - Bug #705: Memory leak on deny_info TCP_RESET
        - Code cleanup to fix compile error in httpHeaderDelById
        - Bug #699: Host header now forwarded exactly where it was in the
          original request to work around certain broken firewalls or
          load balancers which fail if this header is too far into the
          request headers.
        - Bug #704: Memory leak on reply_body_max_size
        - Bug #686: requests denied due to http_reply_access are now
          logged with TCP_DENIED (instead of TCP_MISS, etc).
        - Bug #708: ie_refresh now sends no-cache to have the reload
          request propagate properly in cache meshes
        - Bug #700: Crashes related to ftpTimeout: timeout in SENT_PASV state
        - Bug #709: cbdata.c:186: "c->valid" assertion due to peer
          digest not found
        - Bug #710: round-robin cache_dir selection incorrectly
          compares max-size.
        - Statistics corrections in HTTP header statitics
        - QUICKSTART cleanups
        - Bug #715: statCounter.syscalls.disk counters treated
          inconsistently.  Now increment the counters in AUFS
          functions and for unlinkd.
        - Improvements to the (experimental) COSS storage scheme.
        - Bug #721: User name field in access.log sometimes blank
        - Bug #94: assertion failed: http.c: "-1 == cfd ||
          FD_SOCKET == fd_table[cfd].type"
        - Bug #716: assertion failed: client_side.c:1478: "size > 0"
        - Bug #732: aufs calculates number of threads and limits wrongly
        - Bug #663: Username not logged into access.log in case of /407
        - Bug #267: Form POSTing troubles with NTLM authentication
          and occationally in differen other error conditions.
        - Bug #736: ICP dynamic timeout algorithm ignores multicast.
        - Bug #733: No explicit error message when ncsa_auth can't access
          passwd file
        - Bug #267, #757: POST with NTLM stops after persistent connection
          timeout
        - Bug #742: Wrong status code on access denials if delay_access
          is used. Most notably 407 instead of 403 could be returned.
        - Bug #763: segfault if using ntlm in http_reply_access
        - Bug #638: assertion error if using proxy_auth in delay_access
        - Bug #756: segmentation fault if using ntlm proxy_auth in delay_access
        - The issue of reply_body_max_size limiting the size of error
          messages no longer applies.
        - external_acl_type concurrency= option renamed to children= to
          prepare for Squid-3 upgrades. Old syntax still accepted for the
          duration of the Squid-2.5 release.
        - number of filedescriptors rounded down to an even multiple of 64
          to work around issues in certain libc implementations.
        - winbind helpers less noisy in cache.log on restarts/shutdown.
        - Squid now automatically restarts helpers if too many of them
          have crashed.

Changes to squid-2.5.STABLE3 (25 May 2003):

        - Bug #573: Occational false negatives in external acl lookups
        - Bug #577: assertion failed: cbdata.c:224: "c->y == c" when
          external_acl helpers crashes
        - Bug #590: Squid may hang or behave oddly on shutdown while
          requests is being processed.
        - Bug #590: external acl lookups does not deal well with queue
          overload
        - cache_effective_user documentation update
        - cache_peer documentation update for htcp and carp
        - Bug #600: The example header_access paranoid setting is
          missing WWW-Authenticate
        - Bug #605: Segmentation fault in idnsGrokReply() on certain
          platforms
        - Fixes to build properly on AIX 5
        - Bug #574: wb_group updated to version 1.1 to make group names
          case insensitive and correct a segfault issue in the helper
        - SNMP mib updates to make cacheNumObjCount,
          cacheCurrentUnlinkRequests, cacheCurrentSwapSize and cacheClients
          correctly report as gauges (was reporting as counters).
        - Woraround for --enable-ssl Kerberos issue on RedHat 9
        - Bug #579: Close and repopen log files on "squid -k reconfigure"
        - Bug #598: squid_ldap_auth could segfault if LDAP server is
          unavailable
        - Bug #609,#612: msntauth helper fixes in dealing with large
          or non-existing allow/deny user files.
        - Bug #620: acl ident REQUIRED matches even if the ident lookup fails
        - Bug #432: reply_body_max_size fails with ident or proxy_auth acls
          and also fails to block large objects where the content-length
          is not known
        - Bug #606: Basic auth looping and gets stuck at high CPU usage when
          multiple proxy_auth ACLs combined in one line and login fails.
        - squid_ldap_auth updated with support for TLS and SSL
        - Bug #623: segfault if using negated external acls in certain
          configurations involving other acls later on the same http_access
          line.
        - Bug #622: wb_group helper update to version 1.2 to ass support for
          Domain-Qualified groups refering to groups in a specific domain
        - Bug #596: logic error in poll() error management
        - Bug #597: logic errors in error management
        - Bug #591: segmentation fault in authentication on "squid -k debug"
        - Bug #587: smb_auth fails on complex logins involving domain names
          or other odd characters
        - Bug #558, #587: smb_auth.pl fails on complex logins involving
          domain names or other odd characters
        - Bug #643: external_acl fails with ttl=0 due to a change introduced
          by the patch for Bug #553 in 2.5.STABLE2.
        - Bug #630: minor issues in digest authantication causing random
          authentication failures and incompability with many mainstream
          browser digest implementations due to browser qop bugs. To deal
          with those broken browser nonce_stricness now defaults to off,
          and two new digest options have been added (check_nonce_count
          and post_workaround) to allow workarounds to other quite bad
          browser bugs if needed.
        - Bug #644: digest authentication fails on requests with one
          or more comma in the requested URL
        - Bug #648: deny_info TCP_RESET not working. The fix for this also
          adds the ability to send redirects.

Changes to squid-2.5.STABLE2 (Mars 17, 2003):

        - Contrib files added back to the distribution
        - Several compiler warnings fixed when using --disable-ident or
          --disable-http-violations
        - authentication can now be used in most access controls, but
          must in most cases first be enforced in http_access to force
          the user to authenticate.
        - cleanups in the developer bootstrap.sh process when preparing
          the sources.
        - several squid.conf.default documentation updated to correctly
          refer to the current names when refering to other directives
        - authenticate_ip_ttl documentation updates
        - several assertion faults and segmentation violations corrected
        - the RunCache/RunAccel and squid.rc scripts updated to refer to
          the squid binary in sbin rather than the old bin location.
        - squid_ldap_auth command line processing fixes when specifying
          the LDAP server last on the line instead of -h option
        - aufs data corruption bugfix
        - aufs performance improvement for low traffic systems
        - aufs stability improvements
        - external_acl corrected to properly deal with quoted strings
        - WCCPv1 bugfix to make sure the router accepts the hash assignments
        - "Total accounted memory" now correctly reported in cachemgr
        - several small memory leaks (mostly reconfigure related)
        - new squid.conf option to allow GET/HEAD requests with a request
          entity
        - "make uninstall" no longer removes squid.conf
        - cachemgr.cgi now uses POST to avoid having the cachemgr password
          logged in the web server logs
        - authentication schemes which are known to not be proxyable are now
          filtered out from forwarded server replies to avoid that the clients
          tries to use such schemes when we know for a fact it won't work
        - spelling corrections in various error messages
        - now possible to define acl values with spaces in them
          by using the "include file" feature
        - squid_ldap_group updated to 2.10 to fix compilation issues with
          recent (and older) OpenLDAP libraries and to make the helper deal
          correctly with true LDAP groups by first looking up the user DN.
        - Some internal code cleanups
        - now verifies that programs etc exists iside the chroot directory
          when using chroot_dir. No longer neccesary to set up a split view
          environment where the same paths works both inside the chroot and
          outside just to convince Squid that the files is actually there..
        - improved memory usage reporting
        - --disable-hostname-checks configure option
        - no longer ignores double dots in host names. Any hostname with
          double dots is now rejected as invalid.
        - log_mime_hdrs no longer logs garbage if very long headers
          are seen.
        - 'select_fds_hist' object added to cachemgr 'histogram' output
        - pid file now unlinked when squid has really shut down, not
          immediately when the shutdown request is received. This allows
          the pid file to be monitored to determine when Squid has shut down
          properly
        - correct authentication scheme setups on some platforms or compilers
        - several squid.conf.default documentation updates to remove references
          to renamed or replaced directives by changing them to their current
          names.
        - the SSL reverse proxy support updated to allow building with
          OpenSSL 0.9.7 and and later.
        - Corrected a minor performance problem while processing HEAD replies
          from various broken web servers not sending a correct HTTP reply
        - time acls can now specify multiple times in the same acl name, like
          most other acl types.
        - winbind helpers updated to match Samba-2.2.7a and should
          work with Samba-2.2.6 or later (required). For compability with
          older Samba versions A new configure option --with-samba-sources=...
          has been added to allow you to specify which Samba version the
          helpers should be built for if different than the above versions.
        - Squid MIB definition syntax correction to work better with newer
          (and older) SNMP tools.
        - Fixed access.log format when logging "error:invalid-HTTP-ident" on
          requests where parsing the HTTP identifier (HTTP/1.0) failed.
        - "make distclean" no longer removes the icons, this avoids the
          dependency on "uudecode" to rebuild Squid after "make distclean"
        - User name returned by external acl lookups (external_acl_type)
          is now available as "ident" in later acl checks in addition to
          the logging in access.log.
        - Incorrect behaviour of Digest authentication partly corrected - it
          will not handle sessions, but will always enforce password
          correctness.. (patch submitted by Sean Burford).
        - Issue with persistent connections and PUT/POST request corrected
          
Changes to squid-2.5.STABLE1 (September 25, 2002):

        - Major rewrite of proxy authentication to support other schemes
          than basic. First in the line is NTLM support but others can
          easily be added (minimal digest is present). See Programmers Guide.
          (Robert Collins & Francesco Chemolli)
        - Reworked how request bodies are passed down to the protocols.
          Now all client side processing is inside client_side.c, and
          the pass and pump modules is no longer used.
          used by Squid.
        - Optimized searching in proxy_auth and ident ACL types. Squid should
          now handle large access lists a lot more efficiently.
          (Francesco Chemolli)
        - Fixed forwarding/peer loop detection code (Brian Degenhardt) -
          now a peer is ignored if it turns out to be us, rather than
          committing suicide
        - Changed the internal URL code to obey appendDomain for internal
          objects if it needs appending. This fixes weirdnesses where
          a machine can think it is "foo.bar.com", and "foo" is requested.
          (Brian Degenhardt)
        - Added the use of Automake to create the Makefile.in's in the squid
          source tree. This will allow libtool in the future, and immediately
          allows better dependency tracking - with or without gcc - as well
          as the dist-all and distcheck targets for developers which respectively
          build a tar.gz and a tar.bz2 distribution, and check that what will be
          distributed builds.
        - Added TOS and source address selection based on ACLs,
          written by Roger Venning. This allows administrators to set
          the TOS precedence bits and/or the source IP from a set of
          available IPs based upon some ACLs, generally to map different
          users to different outgoing links and traffic profiles.
        - Added 'max-conn' option to 'cache_peer'
        - Added SSL gatewaying support, allowing Squid to act as a SSL server
          in accelerator setups.
        - SASL authentication helper by Ian Castle
        - msntauth updated to v2.0.3
        - no_cache now applies to cache hits as well as cache misses
        - the Gopher client in Squid has been significantly improved
        - Squid now sanity checks FTP data connections to ensure the
          connection is from the requested server. Can be disabled if
          needed by turning off the ftp_sanitycheck option.
        - external acl support. A mechanism where flexible ACL checks
          can be driven by external helpers. See the external_acl_type
          and acl external directives.
        - Countless other small things and fixes
        - HTML pages generated by Squid or CacheMgr as well as the
          ERR documents now contain a doctype declaration so that
          browsers know which HTML specification the document uses.
          In addition to that they have a new look (background-color, font)
          and are valid according to the HTML standards at www.w3.org.
          (Clemens L ser)
        - Login and password send to Basic auth helpers is now URL escaped
          to allow for spaces and other "odd" characters in logins and
          passwords
        - Proxy Authentication is no longer blindly forwarded to peer
          caches if not used locally. If forwarding of proxy authentication
          is desired then it must now be configured with the login=PASS
          cache_peer option.
        - Responses with Vary: in the header are now cached by squid.
          (Henrik Nordstrom).
        - Removed unused 'siteselect_timeout' directive.

Changes to Squid-2.4.STABLE7 (July 2, 2002):

        - Squid now drops any requests using transfer-encoding.
          Squid is a HTTP/1.0 proxy and as such do not support
          the use of transfer-encoding.
        - The MSNT auth helper has been updated to v2.0.3+fixes for
          buffer overflow security issues found in this helper.
        - A security issue in how Squid forwards proxy authentication
          credentials has been fixed
        - Minor changes to support Apple MAC OS X and some other platforms
          more easily.
        - The client -T option has been implemented
        - HTCP related bugfixes in "squid -k reconfigure"
        - Several bugfixes and cleanup of the Gopher client, both
          to correct some security issues and to make Squid properly
          render certain Gopher menus.
        - FTP data channels are now sanity checked to match the address of
          the requested FTP server. This to prevent theft or injection of
          data. See the new ftp_sanitycheck directive if this is not desired.
        - Security fixes in how Squid parses FTP directory listings into HTML

Changes to Squid-2.4.STABLE6 (March 19, 2002):

        - The patch for 2.4.STABLE5 was insufficiently tested and
          introduced a bug that causes frequent assertions when
          handling DNS PTR answers.

Changes to Squid-2.4.STABLE5 (March 15, 2002):

        - Fixed an array bounds bug in lib/rfc1035.c.  This bug
          could allow a malicious DNS server to send bogus replies
          and corrupt the heap memory.

Changes to Squid-2.4.STABLE4 (Feb 19, 2002)

        - htcp_port 0 now properly disables htcp
        - Fixed problem with certain non-anonymous ftp:// style URL's
        - SNMP bugfixes including several memory leaks

Changes to Squid-2.4.STABLE3 (Nov 28, 2001):

        - Fixed bug #255: core dump on SSL/CONNECT if access denied by
          miss_access
        - Fixed bug #246: corrupt on-disk meta information preventing
          rebuilds of lost swap.state files
        - Fixed bug #243: squid_ldap_auth now supports spaces in passwords
        - Fixed a coredump when creating FTP directories
        - Fixed a compile time problem with statHistDump prototype mistmatch,
          reported by some compilers
        - Fixed a potential coredump situation on snmpwalk in certain
          configurations
        - Fixed bug #229: filedescriptor leakage in the "aufs" cache_dir
          store implementation
        - Serbian error message translations

Changes to Squid-2.4.STABLE2 (Aug 24, 2001):

        - Expanded configure's GCC optimization disabling check to
          include GCC 2.95.3
        - avoid negative served_date in storeTimestampsSet().
        - Made 'diskd' pathnames more configurable
        - Make sure squid parent dies if child is killed with
          KILL signal
        - Changed diskd offset args to off_t instead of int
        - Fixed bugs #102, #101, #205: various problems with useragent
          log files
        - Fixed bug #116: Large Age: values still cause problems
        - Fixed bug #119: Floating point exception in
          storeDirUpdateSwapSize()
        - Fixed bug #114: usernames not logged with
          authenticate_ip_ttl_is_strict
        - Fixed bug #115: squid eating up resources (eventAdd args)
        - Fixed bug #125: garbage HTCP requests cause assertion
        - Fixed bug #134: 'virtual port' support ignores
          httpd_accel_port, causes a loop in httpd_accel mode
        - Fixed bug #135: assertion failed: logfile.c:135: "lf->offset
          <= lf->bufsz"
        - Fixed bug #137: Ranges on misses are over-done
        - Fixed bug #160: referer_log doesn't seem to work
        - Fixed bug #162: some memory leaks (SNMP, delay_pools,
          comm_dns_incoming histogram)
        - Fixed bug #165: "Store Mem Buffer" leaks badly
        - Fixed bug #172: Ident Based ACLs fail when applied to
          cache_peer_access
        - Fixed bug #177: LinuxPPC 2000 segfault bug due to varargs abuse
        - Fixed bug #182: 'config' cachemgr option dumps core with
          null storage
        - Fixed bug #185: storeDiskdDirParseQ[12]() use wrong number
          of args in debug/printf
        - Fixed bug #187: bugs in lib/base64.c
        - Fixed bug #184: storeDiskdShmGet() assertion; changed
          diskd to use bitmap instead of linked list
        - Fixed bug #194: Compilation fails on index() on some
          non-BSD platforms
        - Fixed bug #197: refreshIsCachable() incorrectly checks
          entry->mem_obj->reply
        - Fixed bug #215: NULL pointer access for proxy requests
          in accel-only mode

Changes to Squid-2.4.STABLE1 (Mar 20, 2001):

        - Fixed a bug in and cleaned up class 2/3 delay pools
          incrementing.
        - Fixed a coredump bug when using external dnsservers that
          become overloaded.
        - Fixed some NULL pointer bugs for NULL storage system
          when reconfiguring.
        - Fixed a bug with useragent logging that caused Squid to
          think the logfile never got opened.
        - Fixed a compiling bug with --disable-unlinkd.
        - Changed src/squid.h to always use O_NONBLOCK on Solaris
          if it is defined.
        - Fixed a bug with signed/unsigned bitfield flag variables
          that caused problems on Solaris.
        - Fixed a bug in clientBuildReplyHeader() that could add
          an Age: header with a negative value, causing an assertion
          later.
        - Fixed an SNMP reporting bug.   cacheCurrentResFileDescrCnt
          was returning the number of FDs in use, rather than
          the number of reserved FDs.
        - Added the 'pipeline_prefetch' configuration option.
        - cache_dir syntax changed to use options instead of many
          arguments. This means that the max_objsize argument now
          is an optional option, and that the syntax for how to
          specify the diskd magics is slightly different.
        - Various fixes for CYGWIN
        - Upgraded MSNT auth module to version 2.0.
        - Fixed potential problems with HTML by making sure all
          HTML output is properly encoded.
        - Fixed a memory initialization problem with resource records in
          lib/rfc1035.c.
        - Rewrote date parsing in lib/rfc1123.c and made it a little
          more lenient.
        - Added Cache-control: max-stale support.
        - Fixed 'range_offset_limit' again.  The problem this time
          is that client_side.c wouldn't set the we_dont_do_ranges
          flag for normal cache misses.  It was only being set for
          requests that might have been hits, but we decided to
          change to a miss.
        - Added the Authenticate-Info and Proxy-Authenticate-Info
          headers from RFC 2617.
        - HTTP header lines longer than 64K could cause an assertion.
          Now they get ignored.
        - Fixed an IP address scanning bug that caused "123.foo.com"
          to be interpreted as an IP address.
        - Converted many structure allocations to use mem pools.
        - Changed proxy authentication to strip leading whitespace
          from usernames after decoding.
        - Prevented NULL pointer access in aclMatchAcl().  Some
          ACL types require checklist->request_t, but it won't be
          available in some cases (like snmp_access).  Warn the
          admin that the ACL can't be checked and that we're denying
          it.
        - Allow zero-size disk caches.
        - The actual filesystem blocksize is now used to account
          for space overheads when calculating on-disk cache size.
        - Made the maximum memory cache object size configurable.
        - Added 'minimum_direct_rtt' configuration option.
        - Added 'ie_refresh' configuration option, which is a hack
          to turn IMS requests into no-cache requests.
        - Added support for netfilter in linux-2.4. This allows transparent
          proxy connections to function correctly in the absence of a Host:
          header. This requires --enable-linux-netfilter to be passed through
          to configure. (Evan Jones)
        - Fixed a bug with clientAccessCheck() that allowed proxy
          requests in accel mode.
        - Fixed a bug with 301/302 replies from redirectors.  Now
          we force them to be cache misses.
        - Accommodated changes to the IP-Filter ioctl() interface
          for intercepted connections.
        - Fixed handling of client lifetime timeouts.
        - Fixed a buffer overflow bug with internal DNS replies
          by truncating received packets to 512 bytes, as per
          RFC 1035.
        - Added "forward.log" support, but its work in progress.
        - Rewrote much of the IP and FQDN cache implementation.
          This change gets rid of pending hits.
        - Changed peerWouldBePinged() to return false if our 
          ICP/HTCP port is zero (i.e. disabled).
        - Changed src/net_db.c to use src/logfile.c routines,
          rather than stdio, because of solaris stdio filedescriptor
          limits.
        - Made netdbReloadState() more robust in case of corrupted
          data.
        - Rewrote some freshness/staleness functions in src/refresh.c,
          partially inspired to support cache-control max-stale.
        - Fixed status code logging for SSL/CONNECT requests.
        - Added a hack to subtract cache digest network traffic
          from statistics so that byte hit ratio stays positive
          and more closely reflects what people expect it to be.
        - Fixed a bug with storeCheckTooSmall() that caused
          internal icons and cache digests to always be released.
        - Added statfs(2) support for displaying actual filesystem
          usage in the cache manager 'storedir' output.
        - Changed status reporting for storage rebuilding.  Now it
          prints percentage complete instead of number of entries
          parsed.
        - Use mkstemp() rather than problem-prone tempnam().
        - Changed urlParse() to condense multiple dots in hostnames.
        - Major rewrite of async-io (src/fs/aufs) to make it behave
          a bit more sane with substantially less overhead.  Some
          tuning work still remains to make it perform optimal.
          See the start of store_asyncufs.h for all the knobs.
        - Fixed storage FS modules to use individual swap space 
          high/low values rather than the global ones.
        - Fixed storage FS bugs with calling file_map_bit_reset()
          before checking the bit value.  Calling with an invalid
          value caused memory corruption in random places.
        - Prevent NULL pointer access in store_repl_lru.c for
          entries that exist in the hash but not the LRU list.

Changes to Squid-2.4.DEVEL4 ():

        - Added --enable-auth-modules=... configure option
        - Improved ICP dead peer detection to also work when the workload
          is low
        - Improved TCP dead peer detection and recovery
        - Squid is now a bit more persistent in trying to find a alive
          parent when never_direct is used.
        - nonhierarchical_direct squid.conf directive to make non-ICP
          peer selection behave a bit more like ICP selection with respect
          to hierarchy.
        - Bugfix where netdb selection could override never_direct
        - ICP timeout selection now prefers to use parents only when
          calculating the dynamic timeout to compensate for common RTT
          differences between parents and siblings.
        - No longer starts to swap out objects which are known to be above
          the maximum allowed size.
        - allow-miss cache_peer option disabling the use of "only-if-cached".
          Meant to be used in conjunction with icp_hit_stale.
        - Delay pools tuned to allow large initial pool values
        - cachemgr filesystem space information changed to show useable space
          rather than raw space, and platform support somewhat extended.
        - Logs destination IP in the hierarchy log tag when going direct.
          (can be disabled by turning log_ip_on_direct off)
        - Async-IO on linux now makes proper use of mutexes. This fixes some
          odd pthread segfaults on SMP Linux machines, at a slight performance
          penalty.
        - %s can now be used in cache_swap_log and will be substituted with
          the last path component of cache_dir.
        - no_cache is now a full ACL check without, allowing most ACL types
          to be used.
        - The CONNECT method now obeys miss_access requirements
        - proxy_auth_regex and ident_regex ACL types
        - Fixed a StoreEntry memory leak during "dirty" rebuild
        - Helper processes no longer hold unrelated filedescriptors open
        - Helpers are now restarted when the logs are rotated
        - Negatively cached DNS entries are now purged on "reload".
        - PURGE now also purges the DNS cache
        - HEAD on FTP objects no longer retrieves the whole object
        - More cleanups of the dstdomain ACL type
        - Squid no longer tries to do Range internally if it is not supported
          by the origin server. Doing so could cause bandwidth spikes and/or
          negative hit ratio.
        - httpd_accel_single_host squid.conf directive
        - "round-robin" cache_peer counters are reset every 5 minutes to
          compensate previously dead peers
        - DNS retransmit parameters
        - Show all FTP server messages
        - squid.conf.default now indicates if a directive isn't enabled in
          the installed binary, and what configure option to use for enabling it
        - Fixed a temporary memory leak on persistent POSTs
        - Fixed a temporary memory leak when the server response headers
          includes NULL characters
        - authenticate_ip_ttl_is_strict squid.conf option
        - req_mime_type ACL type
        - A reworked storage system that supports storage directories in
          a more modular fashion. The object replacement and IO is now
          responsibility of the storage directory, and not of the storage
          manager.
        - Fixed a bogus MD5 mismatch warning sometimes seen when using
          aufs or diskd stores
        - Added --enable-stacktraces configure option to set PRINT_STACK_TRACE,
          and extended support for this to Linux/GNU libc.
        - Disabled the "request timeout" error message sent if the user agent
          did not provide a request in a timely manner after opening the
          connection. Now the connection is silently closed. The error message
          was confusing user agents utilizing persistent connections.
        - Fixed configure --enable descriptions to match the arg names.
        - Eliminated compile warnings from auth_modules/MSNT code.
        - Require first character of hostnames to be alphanumeric.
        - Made ARP ACL work for Solaris.
        - Removed storeClientListSearch().
        - Added counters to track diskd operation success and
          failures.
        - Fixed range_offset_limit.
        - Added code to retry ServFail replies for internal DNS
          lookups.
        - Added referer header logging (Jens-S. Voeckler).
        - Added "multi-domain-NTLM" authentication module, a Perl
          script from Thomas Jarosch.
        - Added configurable warning messages for high memory usage,
          high response time, and high page faults.
        - Made store dir selection algorithm configurable.
        - Added support for admin-definable extension methods,
          up to 20.
        - Added 'maximum_object_size_in_memory' as a configuration option -
          this defines the watermark where objects transit from being true
          hot objects to being in-transit objects in memory. It currently
          defaults to 8 KB.
        - Change to the fqdn code which changes how pending DNS requests
          are treated as private and only become public once they are
          completed. This can add extra load on DNS servers but prevents
          all the pending clients blocking if one of the queries got
          stuck. (Duane Wessels)
        - Converted more code to use MemPools, from Andres Kroonmaa.
        - Added more CYGWIN patches from Robert Collins.

Changes to Squid-2.4.DEVEL3 ():

        - Added Logfile module.
        - Added DISKD stats via cachemgr.
        - Added squid.conf options for DISKD magic constants.

Changes to Squid-2.4.DEVEL2 (Feb 29, 2000):

Changes to Squid-2.4.DEVEL1 ():

Changes to Squid-2.3.STABLE4 (July 18, 2000):

        - Fixed --localstatedir configure option (IKEDA Shigeru).
        - Fixed IPFilter headers on OpenBSD (Nic Bellamy, Brad
          Smith).
        - Added pthread_sigmask() check to configure (Daniel
          Ehrlich).
        - Added CYGWIN patches from Robert Collins.
        - Changed internal DNS lookups to retry queries that are
          returned with RCODE 2 (ServFail).
        - Added 'virtual port' support (Gregg Kellogg).  If
          'httpd_accel_uses_host_header' is enabled, then we use
          the port number from the Host header.  Otherwise, when
          'httpd_accel_port' is set to "0" we use the port number
          of the local end of the client socket.
        - Fixed a typo in carp.c (Nikolaj Yourgandjiev).
        - Made Squid accept GET requests that have a "content-length:
          0" header.
        - Added a sanity check on the NHttpSockets[] array index
          (Gregg Kellogg).
        - Added a friendlier message when Squid can't find any DNS
          nameserver addresses to use (Daniel Kiracofe).
        - Added nonstandard WEBDAV methods: BMOVE, BDELETE, BPROPFIND
          (Craig Whitmore).
        - Added missing '%c' token replacement in error page
          generation.
        - Fixed a bug with 'minimum_object_size' that prevented
          internal icons from being loaded.
        - Fixed "extra semicolon" bug in storeExpiredReferenceAge()
          that could prevent any objects from being replaced.
        - Make sure that storeDirDiskFull() doesn't actually
          *increase* the cache size.
        - Changed a storeSwapMetaUnpack() assertion to a recoverable
          error condition.
        - Removed "wccpHereIam" event check that could cause Squid
          to stop sending HERE_I_AM messages.

Changes to Squid-2.3.STABLE3 (May 15, 2000):

        - Fixed malloc linking problems on Solaris.  The configure
          script incorrectly set options for dlmalloc.
        - Added a configure check to remove compiler optimization
          for GCC 2.95.x.
        - Updated MSNT authenticator module.
        - Updated Estonian error pages.
        - Updated Japanese error pages.
        - Fixed expires bug in httpReplyHdrCacheInit.  It was
          incorrectly setting expires based on max-age.  It was using
          the current time as a basis, instead of the response date.
        - Fixed "USE_DNSSERVER" typos.
        - Added a workaround for getpwnam() problems on Solaris.
          getpwnam() could fail if there are fewer than 256 FDs
          available.  This causes root to own some disk files.
        - Added an 'offline_toggle' option via the cache manager.
        - Added a 'minimum_object_size' option.  Files smaller than
          this size are not stored.
        - Added 'passive_ftp' option to disable passive FTP transfers.
        - Added 'wccp_version' option because some Cisco IOS versions
          require WCCP version 3.
        - The 'client' program in ping mode (-g) now prints transfer
          throughput.
        - Fixed logging of proxy auth username for redirected
          requests.
        - Fixed bogus Age values for IMS requests.
        - Fixed persistent connection timeout for client-side
          connections.  It was hard-coded to 15 seconds, now uses
          the 'pconn_timeout' value.
        - Fixed up httpAcceptDefer.  It wasn't being used properly
          and caused high CPU usage when Squid gets close to the FD
          limit.
        - Numerous delay_pools fixes and checks.
        - Fixed SNMP coredumps from running snmpwalk.
        - Added a check for errno == EPIPE in icmp.c when pinger uses
          a Unix socket instead of a UDP socket.
        - Fixed ACL checklist memory initialization bugs.
        - Cleaned up the MIB file.  Replaced contact information and
          checked description fields.
        - Removed LRU reference_age hard-coded upper limit.
        - Fixed async I/O FD leak.
        - Made getMyHostname() more robust.
        - Fixed domain list matching bug.  "x-foo.com" wasn't properly
          compared to ".foo.com" and confused splay tree ordering.
        - Added a check for whitespace in hostnames and optionally
          strip whitespace if 'uri_whitespace' setting allows.
        - Added status code and checking to ASN/whois queries.

Changes to Squid-2.3.STABLE2 (Mar 2, 2000):

        - Changed Copyright text.
        - Changed configure so that some IRIX-6.4 hacks apply to
          all IRIX-6.* versions.
        - Cleaned up HTML bugs in error pages.
        - Told configure to check for netinet/if_ether.h, which
          is used in ARP ACL code, but might not be required.
        - Added "Cookie" to known HTTP headers so it can be
          used in anonymizer configuration.
        - Added optional TCP_REDIRECT log code for logging
          of 301/302 responses returned by Squid.
        - Added a check for a currently running Squid process.
          If the pid file exists, and the pid is running,
          Squid complains and refuses to start another instance.
        - Changed async I/O scope to PTHREAD_SCOPE_PROCESS for
          IRIX.
        - Fixed a bug with the PURGE method.  The purge enable
          flag was not getting cleared during reconfigure.
          Also required PURGE method to be used in http_access
          list before enabling.
        - Fixed async I/O assertions for file open errors.
        - Fixed internal DNS assertion when unpacking truncated
          messages.
        - Fixed anonymize_headers bug that caused all headers
          to be allowed after a reconfigure.
        - Fixed an access denied bug for accelerator-only installations.
        - Fixed internal DNS initialization so that it uses
          'dns_nameservers' settings in squid.conf if set.
        - Fixed 'maxconn' ACL bug that caused it to work backwards
          (Pedro Ribeiro).
        - Fixed syslog bug for daemon mode on Linux.
        - Fixed 'http_port' parsing bugs.
        - Fixed internal DNS byte ordering bugs for PTR queries.
        - Fixed internal DNS queue getting stuck during periods
          of low activity (Henrik).
        - Fixed byte ordering bugs for parsing EPLF FTP listings
          on 64-bit systems.
        - Fixed 'request_body_max_size' bug that caused all
          POST, PUT requests to be denied if max size is set
          to zero.
        - Fixed 'redirector_access' bug when using 'myport' ACLs.
        - Fixed CARP neighbor selection bugs for down peers.
        - Added 'client_persistent_connections' and
          'server_persistent_connections' flags to disable persistent
          connections for clients and servers.
        - Fixed access logging bug that caused many requests to be
          logged as TCP_MISS.
        - Added some bounds checking to delay pools code.

Changes to Squid-2.3.STABLE1 (Jan 9, 2000):

        - Updated PAM authentication module from Henrik Nordstrom.
        - Updated Bulgarian error messages from Svetlin Simeonov.
        - Changed ACL routines so that User-Agent (browser) string
          is always taken from compiled HTTP request headers
          instead of passed as an argument to aclCreateChecklist.
        - Added a 'strip' option to the 'uri_whitesace' configuration
          directive and made it the default behavior.  Whitespace
          found in URI's is now stripped out by default.
        - Added chroot feature.  The 'chroot_dir' config option enables
          it and specifies the directory.
        - Changed clientBuildReplyHeader so that the Age header is
          added only for cache hits, and only when we can calculate
          a valid, positive age value.
        - Changed clientWriteComplete and clientGotNotEnough so
          that they keep persistent connections open for more types
          of replies that don't have bodies.
        - Changed filemap.c routines to dynamically grow filemap
          space as needed.
        - Added a hack to ftp.c to deal with ftp.netscape.com, which
          sometimes doesn't acknowledge PASV commands.
        - Fixed FTP bug with ftpScheduleReadControlReply; there
          was not always a timeout handler on the control socket
          after the transfer completed.
        - Fixed FTP filedescriptor leak from invalid PASV replies.
        - Changed httpBuildRequestHeader so that it doesn't
          copy the Host header from the client request.  Instead
          we should generate our own Host header which is known
          to be correct.
        - Changed storeTimestampsSet to adjust entry->timestamp
          if the response includes an Age header.
        - Removed size limit from storeKeyHashBuckets.
        - Changed fwdConnectStart from a "heavy" to a "light" event.
        - Fixed an 'anonymize_headers' bug that affects unknown
          HTTP headers.  With the bug, if you list a header that
          Squid doesn't know about (such as "Charset"), it would
          add HDR_OTHER to the allow/deny mask.  This caused all
          unknown headers to be allowed or denied (depending on
          the scheme you use).  Now, with the bug fixed, an unknown
          header in the 'anonymize_headers' list is simply ignored.

Changes to Squid-2.3.DEVEL3 ():

        - Added MSNT auth module from Antonino Iannella.
        - Added --enable-underscores configure option.  This allows
          Squid to accept hostnames with underscores in them.  Your
          DNS resolver may still complain about them, however.
        - Added --heap-replacement configure option.  This enables
          the alternative cache replacement policies, such as
          GDSF, and LFUDA.
        - WCCP establishes and registers with the router faster.        
        - Added 'maxconn' acl type to limit the number of established
          connections from a single client IP address.  Submitted
          by Vadim Kolontsov.
        - Close FTP data socket as soon as transfer completes
          (Alexander V. Lukyanov).
        - Fixed ftpReadPass() to not clobber ctrl.message when
          the PASS command fails.
        - Added a redirect.c patch so squidGuard is able to do
          per-user access control (Antony T Curtis).
        - discard the pumpMethod() function, and instead use the
          fact that the request has a request entity (content-length
          present) (Henrik).
        - Reload the MIME icons at reconfigure time (Radu Greab).
        - Updated Richard Huveneers' SMB authentication module to
          his version 0.05 package.
        - Fixed lib/heap.c::heap_delete() bug when deleting the
          last node.
        - Fixed an integer conversion bug in
          lib/rfc1035.c::rfc1035AnswersUnpack().
        - Fixed lib/rfc1738 routines to encode reserved characters,
          in addition to encoding the unsafe characters (Henrik).
        - Changed the interface for splay compare and "walk"
          functions to take a void pointer, instead of a splayNode
          pointer (Henrik).
        - Changed numerous HTTP parsing routines to use ssize_t
          instead of size_t.  This was done because size_t may be
          signed or unsigned.  When it is unsigned, gcc emits
          numerous "comparison is always true" warnings.  At least
          we know ssize_t is always signed.
        - Fixed src/HttpHeaderTools::httpHeaderHasConnDir() and
          friends so that it properly handles multi-value lists.
        - Added an "end" (ssize_t) parameter to
          src/HttpReply::httpReplyParse() so that we know exactly
          where to terminate the header buffer.
        - Changed src/access_log.c::log_quote() so that it only
          encodes whitespace characters, and not all URL-special
          characters (Henrik).
        - Added local port ACL type ("myport") (Henrik).
        - Added maximum number of connections per client ("maxconn")
          as an ACL type.
        - Fixed proxy authentication username/password parsing to
          be more robust (Henrik).
        - Fixed ACL domain/host and domain/domain comparison
          functions yet again.  Eliminated duplicate code so that
          only src/url.c::matchDomainName() contains this mysterious
          code.
        - Changed the 'http_port' option to accept an IP address
          or hostname as well (Henrik).
        - Removed 'tcp_incoming_addr' option.
        - Added an access control list for the redirector
          ('redirector_access').  Requests which match are sent to
          the redirector.  All requests. are redirected by default.
        - Added the 'authenticate_ip_ttl' option.  It specifies
          how long a valid proxy authentication credential is
          bound to a specific address.
        - Added 280, 488, 591, and 777 to "Safe_ports" ACL.
        - Removed the unused and highly questionable 'forward_snmpd_port'
          option.
        - Added an option to accept DNS messages from unknown nameservers.
          This may be necessary if replies come from a different address
          than queries are sent to.
        - Added #includes for IP Filter files in netinet directory.
        - Fixed a bug with retrying forwarded IMS requests (Henrik).
        - Fixed a bug in src/client_side.c::clientInterpretRequestHeaders()
          where we were checking a cache-control bit before getting the
          mask from the HTTP headers (pallo@initio.no).
        - Fixed a bug with "no_cache" access list.  If not defined,
          everything was uncachable by default.
        - Fixed a bug with timed-out client-side HTTP connections.
          We didn't cancel the read handler, which could lead to 
          "rwstate != NULL" warnings.
        - Changed comm_open() to only call fdAdjustReserved() for
          specific errors (ENFILE, EMFILE);
        - Fixed NULL pointer bug in idnsParseResolvConf().
        - Split CACHE_DIGEST_HIT into CD_PARENT_HIT and CD_SIBLING_HIT.
        - Added DELETE request method.
        - Added RFC 2518 HTTP status codes.
        - Fixed handling of URL passwords when we need to rewrite a
          BASE HREF URL (Henrik).
        - Fixed a bug with FTP requests where a request gets aborted,
          but we try to complete it anyway.  It would result in a
          "store_status != STORE_PENDING" assertion.  The solution
          is to check for ENTRY_ABORTED before reading from
          the control channel too.
        - Changed FTP to retry a request if Squid fails to establish
          a PASV data connection (Henrik).
        - Fixed numerous HTCP memory leaks and an uninitialized memory
          bug.
        - Changed httpMaybeRemovePublic() with RFC 2518 and 2616 in
          mind (Henrik).
        - Minor fixes for Rhapsody systems.
        - Define _XOPEN_SOURCE_EXTENDED in squid.h so that AIX systems
          don't include varargs.h.
        - Changed src/store_client.c::storeClientType() so that
          an entry can have more than one STORE_MEM_CLIENT.
        - Changed src/store_client.c::storeClientReadHeader()
          to check swapfile metadata (Henrik).
        - Changed src/url.c::urlCheckRequest() to return FALSE for
          any "https://" URL.  These should always be CONNECT
          instead.  If Squid gets an "https://" URL, it is a browser
          bug.
        - Added numerous squid.conf options for controlling cache
          digests.   Previously these were hard-coded in
          src/store_digest.c.  (Martin Hamilton)
        - Added 'cache_peer' option called 'digest-url' that
          lets you specify the URL for a peer's digest.
          (Martin Hamilton)
        - Added DELAY_POOLS hacks to scan "slow" connections in
          a random order (David Luyer).
        - ARP_ACL fixes from Damien Miller.  Linux 2.2.x uses a
          per-interface arp/neighbour cache, whereas 2.0.x uses a
          unified cache. Under 2.2.x you are required to specify
          a interface name when looking up ARP table entries with
          SIOCGARP.
        - If the process umask is not set (i.e. 0), then Squid
          changes it to 007.

Changes to Squid-2.3.DEVEL2 ():

        - Added --enable-truncate configure option.
        - Updated Czech error messages ()
        - Updated French error messages ()
        - Updated Spanish error messages ()
        - Added xrename() function for better debugging.
        - Disallow empty ("") password in aclDecodeProxyAuth()
          (BoB Miorelli).
        - Fixed ACL SPLAY subdomain detection (again).
        - Increased default 'request_body_max_size' from 100KB
          to 1MB in cf.data.pre.
        - Added 'content_length' member to request_t structure
          so we don't have to use httpHdrGetInt() so often.
        - Fixed repeatedly calling memDataInit() for every reconfigure.
        - Cleaned up the case when fwdDispatch() cannot forward a
          request.  Error messages used to report "[no URL]".
        - Added a check to return specific error messages for a
          "store_digest" request when the digest entry doesn't exist
          and we reach internalStart().
        - Changed the interface of storeSwapInStart() to avoid a bug
          where we closed "sc->swapin_sio" but couldn't set the
          pointer to NULL.
        - Changed storeDirClean() so that the rate it gets called
          depends on the number of objects deleted.
        - Some WCCP fixes.
        - Added 'hostname_aliases' option to detect internal requests
          (cache digests) when a cache has more than one hostname
          in use.
        - Async I/O NUMTHREADS now configurable with --enable-async-io=N
          (Henrik Nordstrom).
        - Added queue length to async I/O cachemgr stats (Henrik Nordstrom).
        - Added OPTIONS request method.

Changes to Squid-2.3.DEVEL1 ():

        - Added WCCP support.  This adds the 'wccp_router' squid.conf
          option.
        - Added internal DNS queries; Most installations can run
          without the external dnsserver processes.
        - Rewrote much of the code that stores cache objects on
          disk.  Developed a programming interface that should
          allow new storage systems to be added easily.  This still
          is pretty ugly and needs a lot of work, however.
        - Replaced async_io.c "tags" with callback data locks.
          This probably breaks async IO in a bad way.
        - Tried to write an Async IO disk storage module.
        - Added code to replace the StoreEntry linked list with a
          heap structure.  This allows for different replacement
          algorithms, instead of being stuck with LRU.  This adds
          the 'replacement_policy' squid.conf option. (John Dilley
          et al).
        - Fixed HTCP queries by actually checking for freshness
          based on the HTCP header fields.
        - Fixed passing of redirector command line arguments.
        - Added 'request_header_max_size' squid.conf option.
        - Added 'request_body_max_size' squid.conf option.
        - Added 'reply_body_max_size' squid.conf option.
        - Added 'peer_connect_timeout' squid.conf option.
        - Added 'redirector_bypass' squid.conf option.
        - Added RFC 2518 (WEBDAV) request methods.
        
Changes to Squid-2.2 (April 19, 1999):

        - Removed all SNMP specific ACL code
          SNMP now uses generic squid ACL's
        - Removed view-based access crontrol
        - Cleaned up and simplified SNMP section of squid.conf
        - Changed the SNMP code to use a tree stucture.
        - Added objects to MIB: 
                Request Hit Ratio's
                Byte Hit Ratio's
                Number of Clients
        - Changed SNMP Agent to return object instances correctly.
        - Added our own assert() macro so we can use debug() instead of
          printing to stderr.
        - Added eventFreeMemory().
        - Fixed ipcCreate() bug when debug_log has FD <= 2.
        - Changed watchChild() and related code in main.c so that
          Squid can behave more like a proper daemon process.
        - Added 'prefer_direct' option (enabled by default) so that
          people can give parents higher preference than direct.
        - Fixed ipc.c close() bug for async IO.  On FreeBSD,
          comm_close() doesn't work for child processes when async IO is
          used.
        - Fixed setting the public key for large ``icons'' (Henrik
          Nordstrom).
        - Rewrote peer digest module to fix memory leaks on reconfigure
          and clean the code. Increased "current" digest version to 5
          ("required" version is still 3). Revised "Peer Select" cache 
          manager stats.
        - Added "-k parse" command line option: parses the config file
          but does not send a signal unlike other -k options.
        - Revamped storeAbort() calling.  Only store_client.c has all
          the right information to determine if the request should
          be aborted.  Now client and server modules just storeUnregister
          without ever needing to call storeAbort.
        - Small change of Squid output for FTP (Andrew Filonov,
          Henrik Nordstrom).
        - clientGetsOldEntry() sends old entry if new request status
          is in the 500-range (Henrik Nordstrom).
        - Changed configure so it works with IRIX6.4 C compiler (broken?)
          option -OPT:fast_io=ON.
        - Fixed comm_connect_addr() non-blocking connections for
          SONY NEWSOS (Makoto MATSUSHITA).
        - Changed "#ifdef __STDC__" to "#if STDC_HEADERS" as recommended
          by autoconf documentation.
        - Fixed client-side cache-control max-age (Henrik Nordstrom).
        - Added a new error page: ERR_SHUTTING_DOWN.  fwdStart() returns
          this error if it is called while squid is in the process of
          shutting down.
        - Added support for linuxthreads package under FreeBSD (Tony Finch).
        - Fixed HP-UX StatHist.c assertions by making the "hbase_f"
          functions non-static (Michael Pelletier).
        - Fixed logging of authenticated usernames even if the
          authorization is not cached (Dancer).
        - Fixed pconnPush() bug that prevented holding on to
          persistent connections (Manfred Bathelt).
        - Pid file now rewritten on SIGHUP.
        - Numerous Ident changes:
                - Ident lookups will now be done on demand if you use the
                  'ident' ACL type.
                - The 'ident_lookup on|off' option has been replaced with
                  an access list, so you can do lookups only for some
                  client addresses.
                - Added an 'ident_timeout' option to specifiy the amount
                  of time to wait for an ident lookup.
        - Added a (local) hit rate to mempool metering.
        - FTP Restarts (REST command) is now supported.
        - Check for libintl.a on SCO3.2.
        - Disable poll() on SCO3.2.
        - Numerous Async IO enhancements from Henrik.
        - Removed cache_mem_low and cache_mem_high options (Henrik
          Nordstrom).
        - Replaced 'persistent_client_posts' with 'broken_posts' access
          list.
        - Rewrote the anonymizer.
        - Removed the http_anonymizer option.
        - Added the anonymize_headers option to allow individual
          referencing of headers for addition or removal. See
          'anonymize_headers' in squid.conf for additional
          configuration.
        - Fixed config file parser's handing of optional directives.
          Some people might get new warnings about unknown config
          directives.
        - Added 'myip' ACL type.  This is the local IP address for
          connected sockets (Luyer).
        - Fixed parsing of FTP DOS directory listings with spaces
          (Nordstrom).
        - Numerous DELAY_POOL changes/fixes from David Luyer:
                - Makes no-delay neighbors for DELAY_POOLS work by
                  using a fd_set with the connections to no-delay
                  peers marked in it.
                - Makes IP addresses ending in 0 and 255, and
                  network number 255, work with individual and
                  network delay pools (they were previously not
                  permitted, and documented as such).
                - Massive overhaul of delay pools code - dynamically
                  allocated delay pools, as many as required.
                - delayPoolsUpdate stops running if DELAY_POOLS is
                  configured but no delay pools are configured.
                - Initial delay pool levels are now configurable
                  as a percentage of the maximum for the pool in
                  question (used to be all set to 1 second worth
                  of traffic).  Pools are restored to this level
                  on reconfiguratoin.
        - Changed storeClientCopy to give a swap-in failure if 
          the number of open disk FD's is above the 'max_open_disk_fds'
          limit.  Otherwise, a very loaded cache will end up with
          all disk files open for reading, and none for writing.
        - Added lib/inet_ntoa.c from BSD Unix for systems that have
          broken inet_ntoa().  (Erik Hofman).
        - Added more specific FTP error messages for "permission
          denied, "file not found," and "service unavailable."
          (Tony Finch)
        - Added xisspace(), xisdigit(), etc, macros to cast function
          args and eliminate compiler warnings.
        - Fixed case-sensitive comparisons of domain names (Henrik
          Nordstrom).
        - Added proxy-authentication to cachemgr.cgi's requests
          (Henrik Nordstrom).
        - Changed Squid to *truncate* rather than *unlink* purged
          swap files.  Can be reversed by undefining 
          USE_TRUNCATE_NOT_UNLINK in src/defines.h.
        - Changed internal icon headers to use Cache-control
          Max-age instead of Expires.
        - Changed storeMaintainSwapSpace behavior to be adjusted
          smoothly, instead of discretely, between store_swap_low
          and store_swap_high.  This includes the number of
          objects to scan, number to remove, and time until the
          next storeMaintainSwapSpace event.
        - Fixed a quick_abort bug that incorrectly calculated
          content lengths.
        - Added getpwnam() auth module from Erik Hofman.
        - Added 'coredump_dir' option.
        - Fixed a peerDestroy() assertion that required peer->digest
          to be NULL at the end of peerDestroy().
        - configure script now automatically enables dlmalloc for
          Solaris/x86.
        - configure enables poll() on linux 2.2 and later (Henrik).
        - Icon files are now distributed in binary format, install
          will not need to run 'sh' and 'uudecode'.
        - Fixed some bugs with large responses (>READ_AHEAD_GAP) and
          re-forwarding requests and ENTRY_FWD_HDR_WAIT.
          fwdCheckDeferRead() will NOT defer reading if the
          ENTRY_FWD_HDR_WAIT bit is set.
        - Fixed a "F->flags.open" assertion for aborted FTP PUT's.
        - Fixed a (double) cast problem that caused statAvgTick()
          events to be added as fast as possible.
        - Changed httpPacked304Reply() to not include the Content-Length
          header for 304 replies that Squid generates.  We used to
          include the length of the cached object, and this broke
          persistent connections.

        2.2.STABLE2:

        - Fixed configure bug for statvfs() checks.  Configure reports
          "test: =: unary operator expected" or similar because an
          unquoted variable is not defined.
        - Fixed aclDestroyAcls() assertion because some ACL types
          are not listed in the switch statement.  Occurs for
          srcdom_regex and dstdom_regex ACL types during reconfigure.
        - Typo "applicatoin" in src/mime.conf
        - The unlinkd daemon never saw the USE_TRUNCATE_NOT_UNLINK
          #define because it didn't include squid.h.
        - Fixed commRetryFD() when bind() fails.   commRetryFD was
          closing the filedescriptor, but it is the upper layer's
          job to close it.
        - Changed configure's "maximum number of filedescriptors"
          detection to only use getrlimit() for Linux.  On AIX,
          getrlimit returns RLIM_INFINITY.
        - Fixed snmpInit() nesting bug.
        - Fixed a bug with peerGetSomeParent().  It was adding
          a parent to the FwdServers list, regardless of the
          ps->direct value.  This could cause every request to
          go to a parent even when always_direct is used.
        - Changed fwdServerClosed() to rotate the "forward servers"
          list when a connection establishment fails.  Otherwise
          it always kept trying to connect to the first server
          int the list.

        2.2.STABLE3:

        - Fixed preprocessor problems for HP-UX in lib/safe_inet_addr.c.
        - Avoid coredump in aclMatchAcl() if someone tries to use
          proxy authentication with a non-HTTP request (e.g. icp_access).
        - Moved 'ident_lookup_access' in squid.conf so it appears
          after the ACL section.
        - Fixed typo in squid.conf on "Config.Addrs.snmp_outgoing"
        - Fixed a case in clientCacheHit() where we thought it
          was a hit, but the reply status was not 200, so we
          had to perform a cache miss.  We forgot to change the
          log_type and these were being recorded as TCP_HIT's.
        - Fixed a void pointer subtraction bug in delayIdPtrHashCmp().
        - Fixed delay_pools coredump and memory leak bugs from
          NULL delay_id values.
        - Fixed a SEGV bug with delay_pools when requesting
          'objects' or 'vm_objects' from the cachemgr.
        - Added a workaround for buggy FTP servers that return
          a size of zero for non-zero-sized objects.
        - Removed umask(0) call from main().
        - Fixed a peer selection bug that caused us to never select
          a neighbor based on ICP replies if the ICP timeout occurs.
          In conjunction with this, removed the PING_TIMEOUT state.
        - Fixed a store_rebuild bug that caused us to get stuck trying
          if a cache_dir subdirectory didn't exist.
        - Fixed a buffer overrun bug in gb_to_str().

        2.2.STABLE4:

        - Fixed a dread_ctrl leak caused in store_client.c
        - Fixed a memory leak in eventRun().
        - Fixed a memory leak of ErrorState structures due to
          a bug in forward.c.
        - Fixed detection of subdomain collisions for SPLAY trees.
        - Fixed logging of hierarchy codes for SSL requests (Henrik
          Nordstrom).
        - Added some descriptions to mib.txt.
        - Fixed a bug with non-hierarchical requests (e.g. POST) 
          and cache digests.  We used to look up non-hierarchical
          requests in peer digests.  A false hit may cause Squid
          to forward a request to a sibling.  In combination with
          'Cache-control: only-if-cached, this generates 504 Gateway
          Timeout responses and the request may not be re-forwardable.
        - Fixed a filedescriptor leak for some aborted requests.  


Changes to Squid-2.1 (November 16, 1998):

        - Changed delayPoolsUpdate() to be called as an event.
        - Replaced comm_select FD scanning loops with global fd_set
          structures.  Inspired by Jeff Mogul's patch for squid 1.1.
        - Moved functions common to dns.c, redirect.c, authenticate.c,
          ipcache.c, and fqdncache.c into helper.c.
        - Changed storeClientCopy2() so that it keeps sending the remainder
          of a STORE_ABORTED request, instead of cutting off the client as
          soon as the object becomes aborted.
        - Fixed combined ipf-transparent proxy and a local http-accelerator
          operation (Quinton Dolan).
        - Rewrote base64_decode.c because of potential buffer overrun
          bugs.
        - Configurable handling of whitespace in request URI's.
          See 'uri_whitespace' in squid.conf.
        - Added ability to generate HTTP redirect messages from
          the redirector output by prepending "301:" or "302:" to the
          new url.  See FAQ 4.16 for more details.
        - Eliminated refreshWhen() which was out-of-sync with refreshCheck()
          potentially causing under-utilized cache digests
        - Maintain refreshCheck statistics on per-protocol basis so we
          can tell why ICP or Digests return too many misses, etc.
        - Fixed delay_pools.c class2/class3 typo (Simon Woods).
        - Changed squid.conf's default access controls to deny all
          HTTP requests.  Admins must write ACL rules to specifically
          allow their local clients.
        - Patched French error messages (Mathias HERBERTS).
        - NextStep porting fixes by Mike Laster:
                - use xstrdup() in cf_gen.c
                - check for putenv() in configure
                - #define S_ISDIR macro
        - Added --disable-poll configure option (Henrik Nordstrom).
        - Fixed internal URL hostname case bugs (Henrik Nordstrom).
        - Patched ftp.c so we never cache autenticated FTP requests
          (Henrik Nordstrom).
        - Fixed FTP authentication. We tried to unescape authentication
          given by basic authentication which is not URL escaped
          (Henrik Nordstrom).
        - Fixed HTTP version for common logfile format (Henrik Nordstrom).
        - Added 'redirect_rewrites_host_header' option to disable rewriting
          of Host header for redirector responses (Henrik Nordstrom).
        - Allow semi-customized error message signatures (Henrik Nordstrom).
        - Fixed bug with errors for unsupported requests (Henrik Nordstrom).
        - Fixed handling of blank lines in ACL input files (Henrik
          Nordstrom).
        - Changed proxy_auth ACL type to consist of a list of valid
          users. REQUIRED == any (same as ident ACL). ACL type user
          changed to ident since this is what it really is.
          (Henrik Nordstrom).
        - Fixed long URL bugs; make sure 'log_uri' never exceeds
          MAX_URL bytes.
        - Allow comments in external ACL files (Gerhard Wiesinger).
        - Added 'range_offset_limit' configuration option.  Requests
          with ranges that start after this value will be passed
          on unmodified, and Squid will not cache the response
          (Henrik Nordstrom).
        - Added Client HTTP Hit byte counters to 'counters' output
          (Douglas Swarin).
        - Got Squid to compile with --enable-async-io on FreeBSD.
        - Fixed infinite loop bug for cachemgr 'config' option.
        - Fixed cachability bugs for replies with Pragma: no-cache.
        - Made content-type multipart/x-mixed-replace uncachable.
        - Y2K fix for parsing dates in "Wed Jun  9 01:29:59 1993 GMT"
          format (Richard Kettlewell).
        - Fixed passing -s option to dnsserver processes (Alvaro Jose
          Fernandez Lago).
        - Changed proxy_auth to work on internal objects and when in
          accelerator mode. (Henrik Nordstrom)
        - Added login=user:password option to cache_peer directive to
          be used from a dial-up cache where the parent requires proxy
          authentication. (Henrik Nordstrom)
        - If you want to "auto-login", then use a URL on the form
          http://username:password@server/.... Squid now picks this up
          when going direct, and turns it into basic WWW
          authentication.  It is also possible to do automatic login to
          certain servers by using a redirector to add the needed
          authentication information.  (Henrik Nordstrom)
        - Changed refreshCheck() so that objects with negative age
          are always stale.
        - Fixed "plain" FTP listings (Henrik Nordstrom).
        - Fixed showing banner/logon message for top-level FTP
          directories (Henrik Nordstrom).
        * Changes below have been made to SQUID_2_1_PATCH1
        - Fixed pinger packet size assertion.
        - Fixed WAIS forwarding.
        - Fixed dnsserver coredump bug caused by using both -D and
          -s options.
        * Changes below have been made to SQUID_2_1_PATCH2
        - Fixed EBIT macro bugs when the bitmask is a 64-bit long.
        - Fixed proxy auth NULL password bug.
        - Fixed queueing of multiple peerRefreshDNS events.
        - Added a stack of StoreEntry objects to be released after
          store rebuild completes.
        - Fixed NULL pointer bugs with too-large requests (found by
          Martin Lathoud).
        - Fixed reading replies from buggy ident servers.  Replies
          might not have terminating CR or LF (Henrik Nordstrom).
        - Changed internal StoreEntry key so that the request method
          is encoded as a single octet.  Encoding an enumerated type
          has size and byte-order incompatibilities, especially for
          cache digests.
        - Fixed storeEntryLocked so that SPECIAL, but PRIVATE entries
          are not always locked.  This fixes having multiple
          store_digest's stuck in memory.
        - Fixed clientProcessOnlyIfCachedMiss so it unlocks and
          unregisters from "cache hit" entries.
        * Changes below have been made to SQUID_2_1_PATCH3
        - Fixed memory leak in clientHandleIMSReply for
          storeClientCopy failures.

Changes to Squid-2.0 (October 2, 1998):

        - Added NAT/Transparent hijacking code from Quinton Dolan.
        - Added actual filesystem usage to cachemgr 'storedir' page.
          Only works for operating systems which support statvfs().
        - Fixed HTCP compile-time bugs.
        - Fixed quick_abort bugs.  Configured values are stored as
          Kbytes, not bytes.
        - Removed fwdAbortFetch().  It breaks quick_abort and seems
          mostly useless.
        - Changed storeDirSelectSwapDir() to skip swap directories
          when their utilization is over the high water mark ratio.
        - Fixed off-by-one bug for dead neighbor detection (Joe Ramey).
        - fixed bugs in Content-Range header generation
        - changed the way Range requests are handled:
                - do not "advertise" our ability to process ranges at
                  all
                - on hits, handle simple ranges and forward complex
                  ones
                - on misses, fetch the whole document for simple ranges
                  and forward range request for complex ranges
          The change is supposed to decrease the number of cases when
          clients such as Adobe acrobat reader get confused when we
          send a "200" response instead of "206" (because we cannot
          handle complex ranges, even for hits) Note: Support for
          complex ranges requires storage of partial objects.
        - Removed SNMP mib-2.system group from squid.
        - Removed SNMP ability to iterate through ipcache and friends.
        - Added SNMP ipcache/fqdncache basic statistics.
        - Converted SQUID-MIB to SMIv2 (RFC 1902).
        - Moved SQUID-MIB to enterprises section of the tree in preparation
          of the split into PROXY-MIB & SQUID-MIB.
        - Corrected minor errors in SQUID-MIB.
        - Moved uptime into cacheSystem from cacheConfig.
        - Corrected a number of get-next-request bugs, snmpwalk should now
          return all objects and not skip some.
        - Fixed netdbClosestParent() so it won't return sibling
          peers.
        - Fixed a bug with secondary clients on entries with
          ENTRY_BAD_LENGTH set.  We should release the
          bad entry to prevent secondary clients jumping on.
        - Changed MIB to prevent parse warnings at startup.
        * Changes below have been made to SQUID_2_0_PATCH1
        - Fixed a forwarding loop bug.  Even though we were detecting
          a loop, it was not being broken.
        - Try to prevent sibling forwarding loops by NOT forwarding a
          request to a sibling if we have a stale copy of the object.
          Validation requests should only be sent to parents (or
          direct).
        - Fixed ncsa_auth hash bugs when re-reading password file.
        - Changed clientHierarchical() so that by default SSL/CONNECT
          requests do NOT go to neighbor caches.
        - Changed clientHandleIMSReply() to not call storeAbort()
          because there can be more than one client hanging on the
          StoreEntry.  This hopefully fixes "store_status !=
          STORE_ABORTED" assertions.
        - Added temporary fix to httpMakePublic() to prevent assertions
          (!EBIT_TEST(e->flags, RELEASE_REQUEST)) in storeSetPublicKey().
        * Changes below have been made to SQUID_2_0_PATCH2
        - PATCH1 introduced a seriously stupid bug which prevented ICP
          queries for all requests.  Fixed by checking
          request->hierarchical in peerSelectFoo().

Changes to squid-1.2.beta25 (September 21, 1998):

        - Fixed async IO bugs from adding filedescriptor arg to AIOCB
          callbacks (Henrik Nordstrom).
        - Fixed store_swapout.c assertion.  We were freeing object data
          past the swapout_done offset.  This probably happens (only?)
          when an object changes from cachable to uncachable while
          it is being swapped out.
        - Added MEM_CLIENT_SOCK_BUF type so we can change the size
          of the buffers used for writing data to the client sockets.
        - Added configure check for libbind.a.  If found, it will be
          used instead of libresolv.a.
        - Changed fwdStart() to always allow internally generated
          requests, such as for peer digests.  These requests are
          known to fwdStart() because the address arg is set to
          'no_addr'.
        - Completed initial HTCP implementation.  It works, but is not
          tested much.
        - Added counters for I/O syscalls.
        - Fixed httpMaybeRemovePublic.  With broken ICP neighbors
          (netapp) Squid doesn't use private keys.  This caused us
          to remove almost every object from the cache.
        - Added 'asndb' cachemgr stats to show AS Number tree.
        - Fixed AS Number byte-order bug for netmasks.
        - Fixed comm_incoming calling rate for high loads (Stewart
          Forster).
        - Give always_direct higher precedence than never_direct
          (Henrik Nordstrom).
        - Changed PORT ACL type to accept ranges.  Now you can easily
           deny, for example, all priveleged ports except 80, 70, 21,
           etc.
        - ARP ACL fixes for Linux (David Luyer).
        - Replaced various "EBIT" flags bitfileds with structures of
          "int:1" members.
        - Changed storeKeyPrivate and storeKeyPublic to be a bit more
          efficient by removing snprintf().  This causes an
          incompatibility with old cache keys, however.  To transition,
          we will look up both the new and old style keys for about the
          next 30 days.  After that, if you haven't run this (or a
          future) version, your cache contents will be lost.
        - Made the client-side write buffer size configurable with
          a #define in defines.h.  By default it is still 4096 bytes.
        - Removed redirectUnregister().  It should be unnecessary
          because of cbdata locks.
        - Fixed multiple HEAD request brokennesses (Henrik Nordstrom).
        - Changed non-blocking connect(2) code to call getsockopt()
          instead of connect() again.  This is the approach recommended
          by Stevens, and fixes bugs on BSD-ish systems when subsequent
          connect() calls loop with EAGAIN status.
        - Added MD5 cache keys to memory pool accounting.
        - Added code to track number of open DISK descriptors and stop
          swapping out objects if the number of disk descriptors becomes
          too large.  For now the limit must be manually configured with
          the 'max_open_disk_fds'.  By default, there is no limit.
        - Stopped encoding a request method in the high byte of the ICP
          reqnum field.  Instead queried cache keys are copied to a
          static array, indexed by the reqnum, modulo the array size.
          Now we just use the request number to lookup a cache key,
          instead of rebuilding it from the ICP reply URL and method,
          unless we have netapp neighbors--they don't do reqnum
          properly.
        - Fixed reconfigure memory access bugs in redirect.c.
        - Ignore unreasonably large ICP RTT values which cause overflow
          bugs in calculating the average RTT (thanks Niall!)

Changes to squid-1.2.beta24 (August 21, 1998):

        - Added Bulgarian error pages by Evgeny Gechev.
        - Changed StoreEntry->lock_count to a u_short.
        - Replaced urlcmp with strcmp
        - Fixed pragma no-cache ejecting ENTRY_SPECIAL objects
          (Henrik Nordstrom).
        - Eliminated unneeded BASE HREF on "root" directories (Henrik
          Nordstrom).
        - Fixed peerDigestFetchFinish() assertion caused by forwarding
          failures (e.g. miss_access rules).
        - Changed signal handlers with ASYNC_IO and Linux so that
          -k command line options work (Miquel van Smoorenburg).
        - Rewrote shutdown code to use events instead of setting 
          FD timeouts.
        - Fixed cachemgr 'objects' (statObjects()) by adding a check
          for READ_AHEAD_GAP, and calling storeCheckSwapout() in
          storeBufferFlush().  Otherwise, the read-past pages would
          never be freed.
        - Fixed DNSSERVER shutdown bugs.  The re-opened dnsserver processes
          were being closed by the dnsServerShutdown event.
        - Modified storeHashInsert() to insert PRIVATE objects at
          the tail of the LRU list, and PUBLIC objects at the head.
          Thus, PRIVATE objects get kicked out quicker.
        - Added David Luyer's DELAY_POOLS code.
        - Fixed a bug due to HEAD replies which lack the end-of-headers
          line.
        - Made proxy-auth realm string configurable (Bob Franklin)
        - Changed default mime time to a viewable one (Henrik Nordstrom).
        - configure fixes for Sony's NEWS-OS 6.x (Makoto MATSUSHITA).
        - Fixed 'you are running out of filedescriptors' bug which
          could cause the HTTP incoming connection handler to not
          be reset.
        - Changed syslog logging.  Now squid debug levels 0 and 1 go
          to syslog.  Level 0 gets LOG_WARNING and level 1 gets LOG_NOTICE
          (this needs more work!)
        - Fixed memory access errors in statAvgTick().
        - Fixed duplicate requestUnlink() bug in forward.c
        - Fixed possible memory access bugs from not setting e->mem_obj
          = NULL in destroy_MemObject().
        - Deleted TCP_IMS_MISS tag.  Always use TCP_IMS_HIT instead.
        - Modified headersEnd and httpMsgIsolateHeaders to account
          for funky line terminations such as CRCRNL.
          (``but Netscape and IE _tolerate_ this'')
        - Fixed carp functions (Eric Stern).
        - Replaced internal proxy_auth code with extern authentication
          module (Arjan de Vet).
        - moved hash.c to libmiscutil.a.
        - Fixed handling of ICP queries with whitespace in URLs.
          Now we return ICP error and escape the URL before logging.
        - Added configure check for socklen_t (David Luyer).
        - Removed USE_SPLAY #defines; it is now standard.
        - Added FD arg to async IO callbacks (AIOCB) so we can eliminate
          temporary disk_ctrl_t structures.
        - Changed ENOSPC disk write errors to reduce specific cache_dir
          sizes, and not just the size of the cache as a whole.
        - Added httpMaybeRemovePublic() to purge public objects for
          certain responses even though they are uncachable.  This is
          needed, for example, when an initially cachable object
          later becomes uncachable.
        - Added refresh_pattern options to ignore client reloads
          (Henrik Nordstrom)
        - Relocated disk.c code which combines blocks for writing
          (Stewart Forster).

Changes to squid-1.2.beta23 (June 22, 1998):

        - Added Turkish error pages by Tural KAPTAN.
        - Added basic support for Range requests. For most cachable
          requests, Squid replies with an "Accept-Ranges" header. Upon
          receiving a potentially cachable Range request for a not
          cached object, Squid requests the whole object from origin
          server and then replies with specified range(s) to the
          client. Multi-range requests are supported. Adjacent
          overlapping ranges are merged. If-Range requests are
          supported.  Limitations:  Multi-range requests with out of
          order ranges are not supported.
        - Made md5.c use standard memcpy and memset if they are
          avaliable.
        - Memory pools will now shrink if Squid is run-time
          reconfigured with smaller value of memory_pools_limit tag.
        - Added counter for number of clients (Tomi Hakala).
        - Changed neighbor UP/DOWN algorithm to require 10 failed TCP
          connections for UP->DOWN transition.
        - Added 'unique_hostname' configuration option when its
          necessary to have multiple machines with the same visible
          hostname.
        - Fixed pumpReadFromClient() to not read too many bytes on
          persistent connections.
        - We can now cache HTTP replies with Set-Cookie.  These evil
          headers are now filtered out for cache hits on the client
          side.
        - Fixed SNMP bugs caused by using snmpwalk.
        - Fixed snmp system Group; all objects are now returned.
        - Fixed snmp system Group sysDescr and sysContact.
        - Fixed snmp system Group sysObjectID it now returns a OBJECT
          IDENTIFIER.
        - Allocate FwdState from mem pools.
        - Minor HTCP progress.
        - Moved 'miss_access' ACL check from client_side.c to forward.c
        - Fixed logging of usernames for requests which require
          proxy-authentication.
        - Fixed HTTP request parser to accept lowercase HTTP identifier
          (Oskar Pearson).
        - Fixed FTP listings to always include links to the parent
          directory (Henrik Nordstrom).
        - Fixed FTP to show an "empty" listing instead of showing
          a "document contains no data" error (Henrik Nordstrom).
        - Fixed refreshCheck() bug.  Often it was checking the
          refresh patterns against the string "[null_mem_obj]"
          because we moved URLs to MemObject.
        - Added CARP support by Eric Stern.
        - Fixed select-spin bug when an ICP reply actually gets queued
          and we failed to execute the write callback.
        - Fixed a storeCheckSwapOut bug.  We were freeing up to
          the queued offset instead of the done offset.  This
          resulted in a small chunk of object data not being in
          memory and not yet written to disk.  A client could
          recieve a partial object because file_read() unexpectedly
          returns EOF.
        - Fixed proxy-authentication hangs (Henrik Nordstrom).
        - Fixed request_t->flags bug causing authenticated, proxied
          responses to be cached (Arjan de Vet).
        - Fixed MIME types for .tgz extension (Henrik Nordstrom).
        - Added view and download options to FTP listings (Henrik
          Nordstrom).
        - Modified configure to allow using pre-installed libdlmalloc.a
          (Masashi Fujita).
        - Fixed cachemgr 'objects' implementation.
        - Changed refreshCheck() algorithm.   For cached objects, we
          now check, in the following order:
                * request max-age
                * response Expires (if present)
                * refresh_pattern max-age
                * response Last-Modified compared to refresh_pattern
                  LM-factor (only if Last-Modified is present)
                * refresh_pattern min-age
        - Changed Copyrights.

Changes to squid-1.2.beta22 (June 1, 1998):

        - do not cut off "; parameter" from "digitized" Content-Type 
          http fields
        - Added X-Request-URI for persistent connection debugging 
          (Henrik Nordstrom)
        - Added Polish error pages from Maciej Kozinski.
        - Fixed hash_first/hash_next bugs with **Current pointer.
          Replaced with *next pointer.
        - Fixed PUT/POST bugs in client (Henrik Nordstrom).
        - Deny forwarding loops in httpd accel mode (Henrik Nordstrom).
        - Fixed eventRun "spin" bug when event delta time == 0.
        - Fixed setting Last Modified time on cached entries when
          receiving a 304 reply.
        - Added while loop in httpAccept().
        - Added while loop in icpHandleUdp().
        - Fixed some small memory leaks.
        - Fixed single-bit-int flag checks (Henrik Nordstrom).
        - Replaced "complex" (offset accounting) calls to snprintf with MemBuf
        - Do not send only-if-cached cc directive with requests 
          for peer's digests.
        - Added "automatic tuning" for incoming request rate, i.e.
          how often to check HTTP and ICP sockets.  See comm.c
          comments for details.

Changes to squid-1.2.beta21 (May 22, 1998):

        - Added Italian error pages by Alessio Bragadini.
        - Added Estonian error pages by Toomas Soome.
        - Added Russian (koi-r) error pages by Andrew L. Davydov.
        - Added Czech error pages by Jakub Nantl.
        - Fixed asnAclInitialize calling to prevent coredump.
        - Fixed FTP directory parsing again.
        - Made FTP directory listing "Generated" tagline like
          the one for error pages.
        - Fixed an assertion coredump in statHistCopy from 
          reconfiguring with different #peers in squid.conf
        - Ignore leading whitespace on requests (and replies).  RFC
          2068 section 4.1, robustness (Henrik Nordstrom)
        - Fixed keep_alive bug.  We did not always honour reply
          headers, but rather assumed connections could be persistent.
        - Fixed reading whois output for AS numbers, especially when
          they are longer than 4 KB.
        - Removed 'cache_stoplist_pattern' configuration option.  This
          feature is now handled by 'no_cache'.
        - If a URN resolves to only one URL, just return it immediately
          instead of giving the user a "choice" (Andy Powell).
        - Fixed year-2000 bug in lib/iso3307.c (Henrik Nordstrom).
        - Changed squid-internal object names.
        - Added netdb exchange protocol.
        - Fixed wordlistDestroy() uninitialized pointer bug in
          ftpParseControlReply.
        - Fixed redirector subprocess to show real program name.
        - Changed URN menu output to be sorted.
        - Added fast select(2) timeouts when using ASYNC_IO.
        - Added ARP ACL support for Linux (David Luyer).
        - Added binary http headers to requests
        - request_t objects are now created and destroyed in a consistent way
        - Fixed cache control printf bug
        - Added a lot of new http header ids
        - Improved Connection: header handling; now both Connection and
          Proxy-Connection headers are checked for connection directives
        - Connection request header is now handled correctly regardless
          of its position and the number of entries
        - Only replies with valid Content-Length can be sent with keep-alive
          connection directive (Henrik Nordstrom)
        - Better handling of persistent connection "clues" in HTTP headers;
          the decision now depends on HTTP version (and User-Agent exceptions)
        - Removed handling of "length=" directive in IMS headers;
          the directive is not in the HTTP/1.1 standard;
          standing by for objections
        - allowed/denied headers are now checked using bit masks instead of
          strcmp loops
        - removed Uri: from allowed headers; Uri is deprecated in RFC 2068
        - removed processing of Request-Range header (not in specs?)
        - Fixed byte-order bugs in cacheDigestHashKey.
        - Changed hash_remove_link() to return void.
        - Changed ipcache_gethostbyname() to return NULL if
          i->addrs.count == 0.
        - Added millisecond-timing to select/poll loops and event
          queue.
        - Changed 'peerPingTimeout' value to be twice the average
          of all the peer ICP RTT's.
        - Added 'half_closed_clients' option to force closing of
          client connections which might only be half-closed.
        - Fixed matchDomainName coredump bug.
        - Don't cache HTTP replies with Vary: headers until we
          get content negotiation working.
        - Fixed SSL proxying to forward full HTTP request headers.
        - Changed storeGetMemSpace().  Only purge down to the HIGH
          water mark; move locked entries to the head of the inmem
          list.
        - Changed clientReadRequest() to locally handle any
          "squid-internal-static" URL for any host.
        - Disable persistent connections for client connections
          from broken Netscape User-Agent, version 3.* (Stewart Forster)

Changes to squid-1.2.beta20 (April 24, 1998):

        - Improved support for only-if-cached cache control directive.
        - Enabled 304 replies for ENTRY_SPECIAL objects (e.g., icons).
        - Fixed 'quick_abort' percent calculation bug.
        - Fixed quick_abort FPE bug.
        - Changed more errno-checking functions to use ignoreErrno().
        - Added ERESTART to ignoreErrno() because of report from
          a Solaris system.
        - Fixed '#elsif' typo.
        - Fixed MemPool assertion by moving memInit() to before
          configuration parsing functions.
        - Fixed default 'announce_period' value (was 1 day, should
          be 0) (Joe Ramey).
        - Added configure warning for low filedescriptors and pointer
          to FAQ.
        - Fixed httpBodySet() bug causing URN related coredumps.
        - Changed ipcacheCycleAddr() to always cycle through all all
          available addresses, and not just advance when one of
          them goes BAD.
        - Fixed squid-internal bug for mixed-case hostnames (Henrik
          Nordstrom).
        - Fixed ICP counting probelm.  icpUdpSend() arg should be
          LOG_ICP_QUERY instead of LOG_TAG_NONE.
        - Added some additional fault toleranse on FTP data channels
          (Henrik Nordstrom).
        - Corrected error reporting on FTP "hacks" (Henrik Nordstrom).
        - Added lock/unlock for StoreEntry during storeAbort().
        - Added filemap bit usage stats to cachemgr 'storedir' and
          'info'.
        - Replaced 'cache_stoplist' with 'no_cache' Access list.
        - Fixed (hopefully) remaining swapfile-open-at-exit bugs.
        - Fixed default hierarchy_stoplist to be ``default if none.''
        - Fixed 'fake a recent reply' hack for detecting DEAD
          and ALIVE neighbors (Joe Ramey).
        - Fixed FTP directory parsing bugs (Joe Ramey).
        - Fixed ftpTraverseDirectory coredump for NULL ftpState->filepath
          (Joe Ramey).
        - Fixed daylight savings time bug (again).
        - A lot of Cache Digests additions, fixes, and tuning. 
          Cache Digests are still "very experimental".
        - Fixed snprintf() bug.  When len == 1, snprintf() would treat
          the buffer as unknown size, emulating sprintf() behaviour.
        - Made Error page language configurable with configure script
          (Henrik Nordstrom).
        - Fixed squid-internal URLs when http_port == 80.
        - Remember the client address on redirected requests (Henrik
          Nordstrom).
        - Don't rebuild the request if the redirector returned the same
          URL (Henrik Nordstrom).
        - Rewrite Host: header on redirected requests (Henrik
          Nordstrom).
        - Include port (if non-standard) in generated Host: headers
          (Henrik Nordstrom).
        - Fixed rfc1123 timezone hacks for Windows NT
          (Henrik Nordstrom).
        - Added Russian Error pages by Ilia Zadorozhko.
        - Added totals for ICP and HTTP hits to cachemgr client_list
          output.
        - Changed error message to 'Generated TIME by HOST (SQUID/VER)'
          because any string with an '@' must be an email address.
        - Fixed POST for content-length == 0.
        - Fixed "huge 304 reply" loop bug.
        - Fixed --enable-splaytree compile bugs.
        - Removed ASN lookup code in peer_select.c.
        - Added warnings if ACL code detects subdomains in SPLAY
          trees.
        - Rewrote some bits of httpRequestFree() to eliminate
          possible bugs that could cause an "e->lock_count" asseertion.
        - Added value/bounds checking to _db_init() when setting
          the debugLevels[] array.

Changes to squid-1.2.beta19 (Apr 8, 1998):

        - Squid-1.2.beta19 compiles and runs on Windows/NT with
          Cygnus Gnu-WIN32 b19 (Henrik Nordstrom).
        - Added French Error pages by Frank DENIS.
        - Added Dutch Error pages by Mark Visser
        - Added German Error pages by Bernd P. Ziller, Jens Frank,
          and Anke S.
        - Added support for only-if-cached cache-control directive.
        - Added RELAXED_HTTP_PARSER #define to allow requests which are
          missing the HTTP identifier on the request line (e.g. buggy
          SpyGame queries).  RELAXED_HTTP_PARSER is undefined by default.
        - Fixed disk.c FD leak for delayed closes in
          diskHandleWriteComplete().
        - Fixed cache announcement feature.
        - Fixed httpReadReply() to retry failed HTTP requests on
          persistent connections when read() returns -1, not only
          when it returns 0.
        - Fixed cbdata memory counting leak.  cbdataUnlock() always
          called free(), never memFree().
        - Fixed storeDirWriteCleanLogs() malloc bug on Alphas.
        - Fixed `++loopdetect < 10' assertion due to
          clientHandleIMSReply bug for invalid/partial HTTP
          replies.
        - Added preliminary code for HTCP.
        - Renamed 'aux' dir to 'cfgaux' for legacy DOS machines.
        - Added "snmp_community" as an ACL type.
        - Cleaned up proxy-auth acl implementation and removed
          memory leaks.
        - Added generic 'hashFreeItems()' function for efficiently
          freeing hash table pointers.
        - Added whoisTimeout() for ASN code.
        - Removed BINARY TREE code.
        - Fixed forgetting to reset Config.Swap.maxSize in
          configDoConfigure.
        - Fixed httpReplyUpdateOnNotModified() arguments-in-wrong-order
          bug which caused not modified replies to not get updated.
        - Fixed client_side.c bugs which could cause data to be written
          to the client in the wrong order for persistent connections.
          clientPurgeRequest() and clientHandleIMSComplete() must not
          call comm_write().  Instead they must create and write to
          StoreEntry's.
        - Fixed ICP query service time counting bug(s).
        - replaced 'char *mime_headers_end()' with 'size_t headersEnd()'
          to fix buffer overruns.  This also requires adding 'buf_sz'
          args to some functions like clientBuildReplyHeader().
          But we can eliminate the need to NULL-terminate the
          buffer beforehand.
        - Changed commConnectCallback() to reset the FD timeout to
          zero before notifying about the connection.  This requires
          commSetTimeout() calls in numerous places to reinstall
          timeouts.
        - Changed comm_poll_incoming() to be called less frequently
          (every 15 I/O's instead of every 7 FD's) (Michael O'Reilly).
        - Removed HAVE_SYSLOG case for debug() macro.  Almost all
          systems do have syslog(), but more importatnly the
          _db_level value is needed for debugging to stderr.
        - Rewrote squid/dnsserver interface to use smaller, single-line
          messages.
        - Rewrote 'dns' cachemgr output to use a table format.
        - Rewrote a lot of dnsserver.c.
        - Added eventAddIsh() for semi-random event scheduling.
        - Fixed an ftpTimeout bug for sessions which use PORT
          commands.
        - Fixed ftp.c to recognized invalid PASV replies (e.g.
          port == 0).
        - Removed hash_insert().  All hasing uses hash_join() now.
        - Renamed hash_unlink() to hash_remove_link().
        - Added hashPrime() to find closes prime hash table size
          to a given value.
        - Fixed Keep-Alive ratio counting bug which prevented
          persistent connections from being used between cache
          peers.
        - Changed icmp.c to NOT queue messages sent from squid to
          the pinger program.
        - Changed icp_v2.c to NOT queue ICP messages by default.
          But they will be queued and resent once if the first
          send fails.  Counters.icp.queued_replies counts the
          number of messaages queued.
        - Cleaned up ICP logging.
        - Added identTimeout().
        - Fixed ipcache reply counting bug.  Overcounted dnsserver
          replies for partial replies.
        - Added urlInternal() for building internal Squid URLs.
        - Changed peerAllowedToUse() to check both 'cache_peer_domain'
          AND 'cache_peer_acl' configurations.  This should be changed
          in the fugure to use ONLY cache_peer_acl.
        - Changed DEAD/REVIVED neighbor detection to avoid reporting
          so many false deaths.  (Joe Ramey).
        - Added some preliminary code to support "cache digests."
        - Fixed pumpClose() coredumps (?).
        - Updated cachemgr 'info' output to show median service
          times for various categories.
        - Fixed ABW bug in storeDirWriteCleanLogs().  sizeof(off_t)
          != sizeof(int) for Alphas.
        - Fixed potential alignment problem in storeDirWriteCleanLogs().
        - Fixed store_rebuild.c to NOT replace current, but
          not-swapped-out StoreEntry's with on-disk entries.
        - Changed storeCleanup() to call storeRelease on invalid
          entries which don't have a swapfile (i.e. no unlink()
          penalty).
        - Fixed storeSwapInStart() to fail for unvalidated
          entries.
        - SNMP changes:
          .  renovated mib and added descriptions and comments
          .  added hit and byte counters to client_db , for
             cacheClientTable
          .  cacheClientTable, netdbTable, cachePeerTable,
             cacheConnTable now indexed by ip address. hash_lookup was
             enhanced to allow for subsequent hash_next's similar to
             hash_first, to speed up getnext's in tables which refer to
             hash-table structures.
          .  added generic (well, sorf of) table indexing functionality
          .  added makefile dependencies for snmplib and cache_snmp.h
          .  WaisHost, WaisPort, Timeouts removed
          .  FdTable split into FdTable and ConnTable. FdTable simplified
          .  PeerTable and PeerStat merged and put into new cacheMesh
             group
          .  cacheClientTable added for client statistics and accounting 
             (cacheMesh 2)
          .  cacheSec and cacheAccounting groups removed 
          .  fixed acl bug when communities not defined
          .  snmp_acl now survives bad configuration

Changes to squid-1.2.beta18 (Mar 23, 1998):

        - Added v1.1 'test_reachability' option.
        - Fixed hash4() len == 0 bug.
        - Fixed Config.Swap.maxSize reconfigure bug.
        - Fixed ICP query bug determining request method.
        - Moved ICP's storeGet() cache lookup into neighborsUdpAck()
          so that we know neighbors are alive even when they send
          us replies for unknown entries.
        - Changed configure script to add '-std1' for Digital Unix cc.
        - Fixed SNMP sizeof(int) / sizeof(long) bugs for 64-bit
          systems.
        - Added support for 'Cache-Control: Only-If-Cached' request header.
        - Fixed CheckQuickAbort() bugs for multiple clients on one
          StoreEntry.  Also changed storePendingNClients() to return
          mem->nclients instead of counting the number of store_client
          entries with pending callback functions.

Changes to squid-1.2.beta17 (Mar 17, 1998):

        - SNMP MIB version check changed to non-rcs.
        - Added memory pools for variable size objects (strings).
          There are three pools; for small, medium, and large objects.  
        - Extended String object to use memory pools.  Most fixed size char
          array fields will be replaced using string pools. Same for most
          malloc()-ed buffers.
        - Changed icon handling to use the hostname and port of the squid
          server, instead of the special hostname "internal.squid"
          (Henrik Nordstrom).
        - All icons are now configured in mime.conf. No hardcoded icons,
          including gohper icons (Henrik Nordstrom).
        - Fixed ICP bug when we send queries, but expect zero
          replies.
        - Fixed alignment/casting bugs for ICP messages.
        - A generic client-to-server "pump" was added to handle HTTP
          PUT as well as POST methods on the client-cache side. Based on
          "pump" PUT requests can be made to either HTTP or FTP url's.
          Code is still beta and interoperability with browsers etc has
          not been tested.
        - Put #ifdefs around 'source_ping' code.
        - Added missing typedef for _arp_ip_data (Wesha).
        - Added regular-expression-based ACLs for client and server
          domain names (Henrik Nordstrom).
        - Fixed ident-related coredumps from incorrect callback data.
        - Fixed parse_rfc1123() "space" bug.
        - Fixed xrealloc() XMALLOC_DEBUG bug (not calling check_free())..
        - Fixed some src/asn.c end-of-reply bugs and memory leaks.
        - Fixed some peer->options flag-setting bugs.
        - Fixed single-parent feature to work again
        - Removed 'single_parent_bypass' configuration option; instead
          just use 'no-query'.
        - Surrounded 'source_ping' code with #ifdefs.
        - Changed 'deny_info URL' to use a custom Error page.
        - Modified src/client.c for testing POST requests.
        - Fixed hash4() for SCO (Vlado Potisk).

Changes to squid-1.2.beta16 (Mar 4, 1998):

        - Added Spanish error messages from Javier Puche.
        - Added Portuguese error messages from Pedro Lineu Orso
        - Added a simple but very effective hack to cachemgr.cgi that tries to
          interpret lines with '\t' as table records and formats them
          accordingly. With a few exceptions (see source code), first line
          becomes a table heading ("<th>" html tag) and the rest is formated
          with "<td>" tags.
        - Added "mem_pools_limit" configuration option. Semantics of
          "mem_pools" option has also changed a bit to reflect new memory
          management policy.
        - Reorganized memory pools. Squid now supports a global pool
          limit instead of individual pool limits. Per-pool limits can be
          implemented on top of the current scheme if needed, but it is
          probably hard to guess their values.  Squid distributes pool
          memory among "frequently allocated" objects.  There is a
          configurable limit on the total amount of "idle" memory to be
          kept in reserve. All requests that exceed that amount are
          satisfied using malloc library.  Support for variable size
          objects (mostly strings) will be enabled soon.
        - memAllocate() has now only one parameter. Objects are always
          reset with 0s. (We actually never used that parameter before;
          it was always set to "clear").
        - Added Squid "signature" to all ERR_ pages. The signature is
          hardcoded and is added on-the-fly. The signature may use
          %-escapes.  Added interface to add more hard-coded responses if
          needed (see errorpage.c::error_hard_text).
        - Both default and configured directories are searched for ERR_
          pages now. Configured directory is, of course, searched first.
          This allows you to customize a subset of ERR_ pages (in a
          separate directory) without danger of getting other copies out
          of sync.
        - Security controls for the SNMP agent added. Besides
          communities (like password) and views (part of tree
          accessible), the snmp_acl config option can be used to do acl
          based access checks per community.
        - SNMP agent was heavily re-written, based on cmu-snmpV1.8. You
          can now walk through the whole mib tree. Several new variables
          added under cacheProtoAggregateStats
        - Added rudimental statistics for HTTP headers.
        - Adjusted StatLogHist to a more generic/flexible StatHist.
          Moved StatHist implementation into a separate file.
        - Added FTP support for PORT if PASV fails, also try the
          default FTP data port (Henrik Nordstrom).
        - Fixed NULL pointer bug in clientGetHeadersForIMS when a
          request is cancelled for fails on the client side.
        - Filled in some squid.conf comments (never_direct,
          always_direct).
        - Added RES_DNSRCH to dnsserver's _res.options when the 
          -D command line option is given.
        - Fixed repeated Detected DEAD/REVIVED Sibling messages when
          peer->tcp_up == 0 (Michael O'Reilly).
        - Fixed storeGetNextFile's incorrect "directory does not exist"
          errors (Michael O'Reilly).
        - Fixed aiops.c race condition (Michael O'Reilly, Stewart
          Forster).
        - Added 'dns_nameservers' config option to specify non-default
          DNS nameserver addresses (Maxim Krasnyansky).
        - Added lib/util.c code to show memory map as a tree
          (Henrik Nordstrom).
        - Added HTTP and ICP median service times to Counters and
          cachemgr average stats.
        - Changed "-d" command line option to take debugging level
          as argument.  Debugging equal-to or less-than the argument
          will be written to stderr.
        - Removed unused urlClean() function from url.c.        
        - Fixed a bug that allowed '?' parts of urls to be recorded in
          store.log.  Logged urls are now "clean".
        - Cache Manager got new Web interface (cachemgr.cgi). New .cgi
          script forwards basic authentication from browser to squid.
          Authentication info is encoded within all dynamically generated
          pages so you do not have to type your password often.
          Authentication records expire after 3 hours (default) since
          last use. Cachemgr.cgi now recognizes "action protection" types
          described below.
        - Added better recognition of available protection for actions
          in Cache Manager. Actions are classified as "public" (no
          password needed), "protected" (must specify a valid password),
          "disabled" (those with a "disable" password in squid.conf), and
          "hidden" (actions that require a password, but do not have
          corresponding cachemgr_passwd entry). If you manage to request
          a hidden, disabled, or unknown action, squid replies with
          "Invalid URL" message. If a password is needed, and you failed
          to provide one, squid replies with "Access Denied" message and
          asks you to authenticate yourself.
        - Added "basic" authentication scheme for the Cache Manager.
          When a password protected function is accessed, Squid sends an
          HTTP_UNAUTHORIZED reply allowing the client to authorize itself
          by specifying "name" and "password" for the specified action.
          The user name is currently used for logging purposes only.  The
          password must be an appropriate "cachemgr_passwd" entry from
          squid.conf. The old interface (appending @password to the url)
          is still supported but discouraged.  Note: it is not possible
          to pass authentication information between squid and browser
          *via a web server*. The server will strip all authentication
          headers coming from the browser. A similar problem exists for
          Proxy-Authentication scheme.
        - Added ERR_CACHE_MGR_ACCESS_DENIED page to notify of
          authentication failures when accessing Cache Manager.
        - Added "-v" (Verbose) and "-H" (extra Headers) options to client.c.
        - Added simple context-based debugging to debug.c. Currently,
          the context is defined as a constant string. Context reporting
          is triggered by debug() calls.  Context debugging routines
          print minimal amount of information sufficient to describe
          current context. The interface will be enhanced in the future.
        - Replaced _http_reply with HttpReply. HttpReply is a
          stand-alone object that is responsible for parsing, swapping,
          and comm_writing of HTTP replies. Moved these functions from
          various modules into HttpReply module.
        - Added HttpStatusLine, HttpHeader, HttpBody.
        - All HTTP headers are now parsed and stored in a "compiled"
          form in the HttpHeader object.  This allows for a great
          flexibility in header processing and builds basis for support
          of yet unsupported HTTP headers.
        - Added Packer, a memory/store redirector with a printf
          interface.  Packer allows to comm_write() or swap() an object
          using a single routine.
        - Added MemBuf, a auto-growing memory buffer with printf
          capabilities.  MemBuf replaces most of old local buffers for
          compiling text messages.
        - Added MemPool that maintains a pre-allocated pool of opaque
          objects.  Used to eliminate memory thrashing when allocating
          small objects (e.g.  field-names and field-value in http
          headers).

Changes to squid-1.2.beta15 (Feb 13, 1998):

        NOTE: This version has changes which may cause all or part
              of your cache to be lost.  However, you can problably
              save most of it by doing a slow restart.  Specifically:

        1. Kill the running squid-1.2.beta14 process; wait for it to
           fully exit.
        2. Remove all 'swap.state*' files, either in each cache_dir, or
           as defined in your squid.conf
        3. Start squid-1.2.beta15.   The store will be rebuilt from the
           existing swap files, reading the directories and opening
           the files.

        - Fixed some problems related to disk (and pipe) write error
          handling.  file_close() doesn't always close the file
          immediately; i.e. when there are pending buffers to write.
          StoreEntry->lock_count could become zero while a write is
          pending, then bad things happen during the callback.
        - The file_write() callback data must now be in the callback
          database (cbdata).  We now use the swapout_ctrl_t structure
          for the callback data; it stays around for as long as we are
          swapping out.
        - Changed the way write errors are handled by diskHandleWrite.
          If there is no callback function, now we exit with a fatal
          message under the assumption that the file in question is a
          log file or IPC pipe.  Otherwise, we flush all the pending
          write buffers (so we don't see multiple repeated write errors
          from the same descriptor) and let the upper layer decide how
          to handle the failure.
        - Fixed storeDirWriteCleanLogs.  A write failure was leaving
          some empty swap.state files, even though it tells us that its
          "not replacing the file."  Don't flush/rename logs which we
          have prematurely closed due to write failures, indiciated by
          fd[dirn] == -1.  Close these files LAST, not before
          renaming.
        - Fixed storeDirClean to clean directories in a more sensible
          order, instead of the new "MONOTONIC" order for swap files.
        - Merged fdstat.c functions into fd.c.
        - Cleaned up some debugging sections.  Some unrelated source
          files were using the same section.
        - Removed curly brackets from all cachemgr output.
        - Removed unused filemap->last_file_number_allocated member.
        - Removed unused fde->lifetime_data member.
        - Fixed incorrectly applying htonl() on icp_common_t->shostid.
        - Call setsid() before exec() in ipc.c so that child processes
          don't receive SIGINT (etc) when running squid on a tty.
        - Changed StoreEntry->object_len to ->swap_file_sz so we
          can verify the disk file size at restart.  Moved object_len
          to MemObject->object_sz.  Note object_sz is initialized
          to -1.  If object_sz < 0, then we need to open the swap
          file and read the swap metadata.
        - Changed store_client->mem to ->entry because we need
          e->swap_file_sz to set mem->object_sz at swapin.
        - Renamed storeSwapData structure to storeSwapLogData.
        - Fixed storeGetNextFile to not increment d->dirn.  Added
          check for opendir() failure.
        - Fixed storeRebuildStart to properly link the directory
          list for storeRebuildfromDirectory mode.
        - Added -S command line option to double-check store
          consistency with disk files in storeCleanup().
        - Fixed a problem with transactional logging.  In many
          cases we were adding the public cache key and then
          logging a delete for the private key.  This is worthless
          because during rebuild we could not locate the previous
          public-keyed entry.  Now we assert that only public-keyed
          entries can be logged to swap.state.  storeSetPublicKey()
          and storeSetPrivateKey() have been modified to log an
          ADD or DEL when the key changes.
        - Fixed storeDirClean bug.  Needed to call
          storeDirProperFileno() so the "dirn bits" get set.
        - Fixed a storeRebuildFromDirectory bug.  fullpath[] and
          fullfilename[] were static to that function and did
          not change when the "rebuild_dir" arg did.  Moved these
          buffers to the rebuild_dir structure.
        - In storeRebuildFromSwapLog, we were calling storeRelease()
          for cache key collisions.  This only set the RELEASE_REQUEST
          bit and did not clear the swap_file_number in the filemap or
          in the StoreEntry, so the swap file could get unlinked later
          when it was really released.
        - Fixed FTP so that ';type=X' specifically sets the HTTP reply
          content-type and content-encoding (Henrik Nordstrom).
        - Removed 'icon_content_type' configuration option.  Content
          types now taken from mime.conf (Henrik Nordstrom).
        - Added additional memory malloc tracing and memory leak
          detection.  Use --enable-xmalloc-debug-trace configure
          option and -m command line option  (Henrik Nordstrom).

Changes to squid-1.2.beta14 (Feb 6, 1998):

        - Replaced snmplib free() calls with xfree().
        - Changed the 'net_db_name' hash table structure to
          make it easier to move names from one network to another
          (copied from 1.1 code).
        - Filled in some of the config dump routines (dump_acl,
          dump_acl_access).
        - Full memory debugging option (--enable-xmalloc-debug-trace)
          (Henrik Nordstrom).
        - Filled-in and clarified many squid.conf comments (Oskar
          Pearson).
        - Fixed up handling of SWAP_LOG_DEL swap.state entries.

Changes to squid-1.2.beta13 (Feb 4, 1998):

        - NOTE: With this version the "swap.state" file format has
          changed.  Running this version for the first time will
          cause your current cache contents to be lost!
        - NOTE: this version still has the bug where we don't rewind
          a swapout file and rewrite the swap meta data.  Objects
          larger than 8KB will be lost when rebuilding from the swap
          files.
        - Combined various interprocess communication setup functions
          into ipcCreate().
        - Removed some leftover ICP_HIT_OBJ things.
        - Removed cacheinfo and proto_count() and friends; these are to
          be replaced in functionality by StatCounters and 5/60 minute
          average views via cachemgr.
        - Fixed --enable-acltree configure message (Masashi Fujita).
        - Fixed no reference to @LIB_MALLOC@ in src/Makefile.in
          (Masashi Fujita).
        - Fixed building outside of source tree (Masashi Fujita).
        - FTP: Format NLST listings, and inform the user that the NLST
          (plain) format is available when we find a LIST listing that we
          don't understand (Henrik Nordstrom)
        - FTP: Use SIZE on Binary transfers, and not ASCII. The
          condition was inversed, making squid use SIZE on ASCII
          transfers (Henrik Nordstrom).
        - Enable virtual and Host: based acceleration in order to be
          able to use Squid as a transparent proxy without breaking
          either virtual servers or clients not sending Host: header
          the order of the virtual and Host: based acceleration needs
          to be swapped, giving Host: a higher precendence than virtual
          host (Henrik Nordstrom).
        - Use memmove/bcopy as detected by configure Some systems does
          not have memmove, but have the older bcopy implementation
          (Henrik Nordstrom).
        - Completely rewritten aiops.c that creates and manages a pool
          of threads so thread creation overhead is eliminated (SLF).
        - Lots of mods to store.c to detect and cancel outstanding
          ASYNC ops.  Code is not proven exhaustive and there are
          definately still cases to be found where outstanding disk ops
          aren't cancelled properly (SLF).
        - Changes to call interface to a few routines to support disk
          op `tagging', so operations can be cleanly cancelled on
          store_abort()s (SLF).
        - Implementation of swap.state files as transaction logs.
          Removed objects are now noted with a negative object size.
          This allows reliatively clean rebuilds from non-clean
          shutdowns (SLF).
        - Now that the swap.state files are transaction logs, there's
          now no need to validate by stat()ing.  All the validation
          procedure does is now just set the valid bit AFTER all the
          swap.state files have been read, because by that time, only
          valid objects can be left.  Object still need to be marked
          invalid when reading the swap.state file because there's no
          guarantee the file has been retaken or deleted (SLF).
        - An fstat() call is now added after every
          storeSwapInFileOpened() so object sizes can be checked.   Added
          code to storeRelease() the object if the sizes don't match (SLF).
        - #defining USE_ASYNC_IO now uses the async unlink() rather than
          unlinkd() (SLF).
        - #defining MONOTONIC_STORE will support the creation of disk
          objects clustered into directories.  This GREATLY improves disk
          performance (factor of 3) over old `write-over-old-object'
          method.  If using the MONOTONIC_STORE, the
          {get/put}_unusedFileno stack stuff is disabled.  This is
          actually a good thing and greatly reduces the risk of serving
          up bad objects (SLF).
        - Fixed unlink() in storeWriteCleanLogs to be real unlink()
          rather than ASYNC/unlinkd unlinks.  swap.state.new files were
          being removed just after they were created due to delayed
          unlinks (SLF).
        - Disabled various assertions and made these into debug warning
          messages to make the code more stable until the bugs can be
          tracked down (SLF).
        - Added most of Michael O'Reilly's patches which included many
          bug fixes.  Ask him for full details (SLF).
        - Moved aio_check_callbacks in comm_{poll|select}().  It was
          called after the fdset had been built which was wrong because
          the callbacks were changing the state of the read/write
          handlers prior to the poll/select() calls (SLF).
        - Fixed ARP ACL memory leaks (Dale).
        - Eliminated URL and SHA cache keys.  Cache keys will always
          be MD5's now.
        - Fixed up store swap meta data.
        - Changed swap.state logs to a binary format.
        - The swap.state logs are written transaction-style.

Changes to squid-1.2.beta12 (Jan 30, 1998):

        - Added metadata headers to cache swap files.  This is an
          incompatible change with previous versions.  Running this
          version for the first time will cause your current cache
          contents to be lost.
        - -D_REENTRANT when linking with -lpthreads (Henrik Nordstrom)
        - Show symlink destinations as a hyperlink in FTP listings
          (Henrik Nordstrom)
        - Fixed not allocating enough space for rewriting URLs with
          the Host: header (Eric Stern).
        - Year-2000 fixes (Arjan de Vet).
        - Fixed looping for cache hits on HEAD requests.
        - Fixed parseHttpRequest() coredump for 
          "GET http://foo HTTP/1.0\r\n\r\n\r\n"

Changes to squid-1.2.beta11 (Jan 6, 1998):

        - Fixed fake 'struct rusage' definition which prevented compling
          on Solaris 2.4.
        - Fixed copy-by-ref bug for request->headers in
          clientRedirectDone() (Michael O'Reilly).
        - Workaround for Solaris pthreads closing FD 0 upon fork()
          (Michael O'Reilly).
        - Fixed shutdown bug with outgoing UDP sockets; we need to
          disable their read handlers.
        - For comm_poll(), use the fast 50 msec timeout only when
          USE_ASYNC_IO is defined.
        - Fixed pointer bug when freeing AS# ACL entries.
        - Fixed forgetting to reset Config.npeers to zero in free_peer().
        - Fixed ICP bug causing excessive TIMEOUTs with sibling
          neighbors.  We must call the ICP reply callback even for
          sibling misses.
        - Fixed some dnsserver-related reconfigure bugs. Need to 
          use cbdataLock, etc in fqdncache.c.  Also don't want to
          use ipcacheQueueDrain() and fqdncacheQueueDrain().
        - Fixed persistent connection bug.  We were incorrectly
          deciding that non-200 replies without content-length
          would not have a reply body.
        - Fixed intAverage() precedence bug.
        - Fixed memmove() 'len' arg bug.
        - Changed algorithm for determining alive/dead state of peers.
          Instead of using a fixed number of unacknowledged ICP
          replies, it is now based on timeouts.  If there are no ICP
          replies received from a peer within 'dead_peer_timeout'
          seconds, then we call it dead.
        - Added calls to getCurrentTime() in
          comm_{select,poll}_incoming() when ALARM_UPDATES_TIME is not
          being used.
        - Fixed shutdown bug when the incoming and outgoing ICP socket
          is the same file descriptor.
        - Added buffered writes for storeWriteCleanLogs() (Stewart
          Forster).
        - Patches for Qnx4 (Jean-Claude MICHOT).
        - Fixed returning void functions which seems to be a GCC-ism.
        - New configure script options (Henrik Nordstrom):
                --enable-new-storekey=[sha|md5(|url)] (was --enable-hashkey)
                --enable-acltree
                --enable-icmp
                --enable-delay-hack
                --enable-useragent-log
                --enable-kill-parent  (this should be named -hack)
                --enable-snmp
                --enable-time-hack
                --enable-cachemgr-hostname[=hostname]   (new)
                --enable-arp-acl  (new)
        - Added Doug Lea malloc-2.6.4 to the distribution, so that
          people easily can try a decent malloc package if they syspect
          their malloc is broken.  --enable-dlmalloc (Henrik Nordstrom).
        - Made XMALLOC_DEBUG_COUNT working again. Requires a small stub
          function (Henrik Nordstrom).
        - Removed top-level Makefile.  People must now run 'configure'
          before 'make'.
        - Fixed checkFailureRatio() implementation.
        - Made 'squid -z' behave like the 1.1 version.


Changes to squid-1.2.beta10 (Jan 1, 1998):

        - Fixed content-length bugs for 204 replies, 304 replies,
          and HEAD requests (Henrik Nordstrom).
        - Fixed errorAppendEntry() bug in gopherReadReply().
        - Basic support for FTP URL typecodes (;type=X).
        - Support for access controls based on ethernet MAC addresses
          (Dale).
        - Initial URN support; see
          http://squid.nlanr.net/Squid/urn-support.html
        - Fixed client-side persistent connections for objects with
          bad content lengths (Henrik Nordstrom).
        - Fixed bad call to storeDirUpdateSwapSize() for objects which
          never reach SWAPOUT_DONE state.
        - Fixed up poll() #defines in squid.h (Stewart Forster).
        - Changed poll() timeout from 1000 msec to 50 msec for
          better performance under low load (Stewart Forster).
        - Changed storeWriteCleanLogs() to write objects in the LRU
          list order instead of the random hash table order.
        - Fixed FTP bug when data socket connections fail or timeout.
        - Reuse FTP data connection when possible (Henrik Nordstrom).
        - Added configure options (Henrik Nordstrom)
                --enable-store-key=sha|md5
                --enable-xmalloc-statistics
                --enable-xmalloc-debug
                --enable-xmalloc-debug-count 
                --async-io 
        - Fixed confusing with the use/meaning of ERR_CANNOT_FORWARD
          by creating ERR_FORWARDING_DENIED and changing the
          content of the ERR_CANNOT_FORWARD text.
        - Fixed pipeline request bug from using strdup() (Henrik
          Nordstrom).
        - Call clientReadRequest() directly instead of commSetSelect()
          for pipelined requests (Henrik Nordstrom).
        - Fixed 4k page leak in icpHandleIMSReply();
        - Renamed 'icp*' functions to 'client*' names in client_side.c.

Changes to squid-1.2.beta8 (Dec 2, 1997):

        - Fixed accessLogLog() to log ident from Proxy-Authorization
          request header (BoB Miorelli).
        - Fixed #includes, prototypes, etc. in SNMP source files.
        - Moved 'POLLRDNORM' and 'POLLWRNORM' macro checks from
          include/config.h.in to src/squid.h
        - Moved 'num32' typedefs from src/typedefs.h to
          include/config.h.in.
        - Moved snmplib/md5.c to lib/md5.c.
        - Added MD5 cache key support.
        - Removed xmalloc() return check in uudeocde.c
        - Added 'ifdef' support to cf_gen.c for optional code (e.g. SNMP)
        - Changed 'client' program to provide easier cache manager access,
          e.g.: 'client mgr:info'
        - Fixed 'client' to send 'Connection' instead of 'Proxy-Connection'
          for simulated keep-alive requests.
        - Removed 'fd' arg from clientProcess* functions.
        - Fixed bugs from using errorSend() on persistent/pipelined
          client connections.  A latter request should not be allowed to
          write to the client fd until the current request completes.
          Now use errorAppendEntry() for such situations.
        - Fixed content-length bugs.  We were using content-length == 0
          to also indicate a lack of content-length reply header.  But
          'content-length: 0' might appear in a reply, so now use -1 to
          indicate that no content length given.
        - Split up clientProcessRequest() into smaller chunks so it
          might be easier to follow.
        - renamed various client_side.c functions to start with 'client'
          instead of 'icp'.
        - Fixed a 'cbdata leak' from the comm.c close handlers.
        - Fixed a 'cbdata leak' from the comm.c connect routines.
        - Fixed comm_select() and comm_poll() to stop looping on the
          incoming HTTP/ICP sockets.  If there are fewer than 7 FD's
          ready for I/O, the incoming sockets might not get service, so
          comm_select() would be called for up to 7 times until the
          'incoming_counter' was incremented enough to trigger a call
          to comm_select_incoming().  Now we make sure
          comm_select_incoming() gets called if select returns less
          than 7 ready FD's.
        - Added errorpage '%B' token to generate FTP URLs with a '%2f'
          inserted at the start of the url-path.  calls ftpUrlWith2f().
          (Henrik Nordstrom).
        - Changed fqdncache.c to use LRU double-linked list instead of qsort()
          for replacement and cachemgr output.
        - Changed ipcache.c to use LRU double-linked list instead of qsort()
        - Changed hash_insert() and hash_join() to return void.
          for replacement and cachemgr output.
        - Moved StoreEntry->method member to MemObject->method.
        - Made StoreEntry->flags 16 bits.
        - Made StoreEntry->refcount 16 bits.
        - Changed URL-based public cache key to always include the request
          method.

Changes to squid-1.2.beta7 (Nov 24, 1997):

        - Fixed poll() for Linux (David Luyer).
        - SHA optimizations (David Luyer).
        - Fixed errno clashes with macro on Linux (David Luyer).
        - Fixed storeDirCloseSwapLogs(); logs might not be open.
        - Fixed storeClientCopy2() bug.  Detect when there is
          no more data to send for objects in STORE_OK state.
        - Fixed FTP truncation bug when ftpState->size == 0, e.g.
          especially directory listings.
        - Mega FTP fix from Henrik Nordstrom.  A better job of
          implementing the '%2f' hack.
        - Fixed some pipelined request bugs.  storeClientCopy() was
          being given the wrong StoreEntry, and we had a race condition
          which is now handled by storeClientCopyPending().
        - Added initial SNMP support.

Changes to squid-1.2.beta6 (Nov 13, 1997):

        - Fixed Authorized responses getting swapped out when they
          don't have Proxy-Revalidate reply header.
        - Fixed Proxy Authentication support.  We never sent back
          a 407 reply, and were incorrectly incrementing the passwd
          before comparing it.
        - Fixed stat()ing pathnames for default values before parsing
          config file (Ron Gomes).
        - Fixed logging request and response headers on separate lines
          (Ron Gomes).
        - Fixed FTP Authentication message (Henrik Nordstrom).
        - Changed Proxy Authentication to trigger a reread of the passwd
          file if a password check fails (Henrik Nordstrom).
        - Changed FTP to retry the first CWD with a leading slash if it
          fails without one.

Changes to squid-1.2.beta5 (Nov 6, 1997):

        - Track the 'keep-alive ratio' for a peer as the ratio of
          the number of replies including 'Proxy-Connection: Keep-Alive'
          compared to the number of requests sent.  If the peer does
          not support Persistent connections then this ratio will tend
          toward zero.  If the ratio is less than 50% after 10 requests
          then we'll stop sending Keep-Alive.
        - Proper support for %nn escapes in FTP, and numerous
          other fixes (Henrik Nordstrom).
        - Support for Secure Hash Algorithm and framework for other
          hash functions as cache keys.
        - Fixed SSL snprintf() bug which broke SSL proxying.
        - Fixed store_dir swap log bug from reconfigure (SIGHUP).
        - Fixed LRU Reference Age bug.  The arg to pow() must be
          minutes, not seconds.

Changes to squid-1.2.beta4 (Oct 30, 1997):

        - Fixed DST bug in rfc1123.c
        - Changed default http_accel_port to 80.
        - added errorCon() as a ErrorState constructor function
          (Max Okumoto).
        - Added ERR_FTP_FAILURE message for ftpFail().
        - For FTP, the timeout callback must be moved to the 'data'
          descriptor when data transfer begins.  Otherwise we are
          likely to get a timeout on the control descriptor.
        - Fixed double-free bug in httpRequestFree().
        - Fixed store_swap_size counting bug in storeSwapOutHandle().

Changes to squid-1.2.beta3 (Oct 29, 1997):

        - Initialize _res.options to RES_DEFAULT in dnsserver.c.
        - Fix assertions which assumed 4-byte pointers.
        - Fix missing % in fqdncache.c snprintf().
        
Changes to squid-1.2.beta2 (Oct 28, 1997):

        - Fixed aiops.c and async_io.c so that they actually compile
          with USE_ASYNC_IO (Arjan de Vet).
        - Fixed errState->errno causing problems with some macros
          (Michael O'Reilly).
        - Fixed memory leaks in pconn.c (Max Okumoto).
        - Enhanced 'client' program with 'ping' behaviour (Ron Gomes).
        - Fixed InvokeHandlers() from calling memCopy() for ALL
          store_client's with callbacks.  A store_client might be reading
          from disk.
        - Rewrote storeMaintainSwapSpace().  No longer will we scan one
          bucket at a time.  Instead we'll maintain a single LRU
          list.  When an object is 'touched' we move it to the
          top of this list.  When we need disk space, we delete
          from the bottom.
        - Removed storeGetSwapSpace().
        
Changes to squid-1.2.beta1 ():

        - Reworked storage manager to not keep objects in memory during
          transit.  In other words, no separate NOVM distribution.
        - Lots of cleanup and debugging for beta release.
        - Use snprintf() everywhere instead of sprintf().
        - The 'in_memory' hash table has been replaced with a
          doubly-linked list.  New objects are added to the head of
          the list.  When memory space is needed, old objects are
          purged from the tail of the list.

Changes to squid-1.2.alpha7 ():

        - fixes fixes fixes.
        - Made Arjan's PROXY_AUTH ACL patch standard.

Changes to squid-1.2.alpha6 ():

        - Simpler cacheobj implementation.
        - persistent connection histogram
        - SERVER-SIDE PERSISTENT CONNECTIONS:
                - Added pconn.c 
                - Addec Cofig.Timeout.pconn; default 120 seconds
                - Added httpState->flags
                - Added flags arg to httpBuildRequestHeader()
                - Added HTTP_PROXYING and HTTP_KEEPALIVE flags
                - Added 'Connection' to allowed HTTP headers (http-anon.c)
                - Added 'Proxy-Connection' to allowed HTTP headers
                  (http-anon.c)
                - Merged proxyhttpStart() with httpStart() and created
                  new httpBuildState().
                - New httpPconnTransferDone() detects end-of-data on
                  persistent connections.

Changes to squid-1.2.alpha5 ():

        - New configuration system.  Everything is generated from
          'cf.data.pre', including the main parser, setting defaults,
          outputting current values, and freeing memory.  
          This also involved moving some of the local data structures
          (e.g. struct _acl *AclList in acl.c) to the Config
          structure.  (Max Okumoto)
        - No more '/i' for regular expressions.  Now insert a '-i'
          to switch to case-insensitive.  Use '+i' for case-sensitive.
        - When you have a variable named the same as its type, sizeof()
          gets the wrong one (fde).
        - Need to flush unbuffered logs before fork().
        - Added two fields swap log: refcount and e->flag.
        - Removed all the .h files for each .c file.  Now #include stuff
          is in either: defines.h, enums.h, typedefs.h, structs.h,
          or protos.h, globals.h.  This greatly reduces dependencies
          between the various source files.
        - globals.c is generated from globals.h by a Perl script.
        - Started customizable error texts.

Changes to squid-1.2.alpha4 ():

        - New MIME configuration, regular expression based
        - Added request_timeout config option
        - Multiple HTTP sockets (Lincoln Dale).
        - Moved 'fds_are_n_free' check to httpAccept().
        - s/USE_POLL/HAVE_POLL/; make poll() default if available.
        - Changed storeRegister to use offsets and make immediate
          callbacks if appropriate.
        - Removed icpDetectClientClose().  Some of that functionality
          goes into clientReadRequest() and the rest into
          httpRequestFree().
        - Moved IP lookups to commConnect stuff.
        - Added support for retrying connect().
        - New inline debug() macro (David Luyer).
        - Replace frequent gettimeofday() calls with alarm(3) based
          clock.  Need to add more gettimeofday() calls to get back
          high-resolution timestamp logging (Andres Kroonmaa).
        - Added support for Cache-control: proxy-revalidate;
          based on squid-1.1 patch from Mike Mitchell.

Changes to squid-1.2.alpha3 ():

        - Implemented persistent connections between clients and squid.
        - Moved various FD tables (comm.c, fdstat.c, disk.c) to a single
          table in fd.c.
        - Removed use of FD as an identifier in certain callback
          operations (ipcache, fqdncache).
        - General code cleanup.
        - Fixed typedefs for callback functions.
        - Removed FD lifetime/timeout dichotomy.  Now we only have
          timeouts, however the lifetime concept/keyword may still
          linger in certain places.
        - Change Makefile 'realclean' target to 'distclean'
        - Changed config file parsing of time specifications to use
          parseTimeLine().
        - Removed storetoString.c

Changes to squid-1.2.alpha2 ():

        - Merged squid-1.1.9, squid-1.1.10 changes

Changes to squid-1.2.alpha1 ():

        - Unified peer selection algorithm.
        - aiops.c and aiops.h are a threaded implementation of
          asynchronous file operations (Stewart Forster).
        - async_io.c and async_io.h are complete rewrites of the old
          versions (Stewart Forster).
        - Rewrote all disk file operations of squid to support
          the idea of callbacks except where not required (Stewart
          Forster).
        - Background validation of 'tainted' swap log entries (Stewart
          Forster).
        - Modified storeWriteCleanLog to create the log file using the
          open/write rather than fopen/printf (Stewart Forster).
        - Added the EINTR error response to handle badly interrupted
          system calls (Stewart Forster).
        - UDP_HIT_OBJ not supported, removed.
        - Different sized 'cache_dirs' supported.

==============================================================================