Prep for 4.0.22

diff --git a/ChangeLog b/ChangeLog
index a939f13f05ff47b421dfd3787a4cd5d247fe81f6..4c1e50e822bcbe59d373d798c981cbb5eb4c71b2 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,21 @@
+Changes to squid-4.0.22 (07 Dec 2017):
+
+       - Regression fix: Relay peer CONNECT error status line and headers to clients
+       - Bug 4767: SMP breaks IPv6 SNMP and cache manager queries
+       - Bug 4718: support filling raw buffer space of shared SBufs
+       - Bug 4648: object revalidation for HTTPS scheme
+       - Bug 4616: store_client.cc:92: "mem" assertion
+       - Bug 2821: ignore Content-Range in non-206 responses
+       - HTCP: Ignore packets with invalid URI
+       - TLS: Validate the shortest certificate chain
+       - TLS: Add checks for OpenSSL 1.1.0f API changes
+       - TLS: Fix reporting of validation errors for downloaded intermediate certs
+       - TLS: Fix SSL certificate cache refresh and collision handling
+       - Fix backwards compatibility for Squid-3.5 external_acl_type formats
+       - Fix invalid mime icon URLs in cache
+       - Do not die silently when dying early
+       - Docs: update translation files
+
 Changes to squid-4.0.21 (02 Jul 2017):
 
        - Bug 4730: segfault while processing internal HTTP requests
@@ -19,11 +37,11 @@ Changes to squid-4.0.21 (02 Jul 2017):
 
 Changes to squid-4.0.20 (01 Jun 2017):
 
-       - Bug #4692: SslBump breaks intercepted IPv6 connections
-       - Bug #4682: ignoring http_access deny when client-first bumping mode is used
-       - Bug #4662: build errors with LibreSSL 2.4.4
-       - Bug #4659: sslproxy_foreign_intermediate_certs does not work
-       - Bug #4321: ssl_bump terminate does not terminate at step1
+       - Bug 4692: SslBump breaks intercepted IPv6 connections
+       - Bug 4682: ignoring http_access deny when client-first bumping mode is used
+       - Bug 4662: build errors with LibreSSL 2.4.4
+       - Bug 4659: sslproxy_foreign_intermediate_certs does not work
+       - Bug 4321: ssl_bump terminate does not terminate at step1
        - Add 'has' ACL
        - Do not forward HTTP requests to dead idle peers
        - Do not unconditionally revive dead peers after a DNS refresh

diff --git a/doc/release-notes/release-4.sgml b/doc/release-notes/release-4.sgml
index c53a8a9646356f2f276ace826811e7a44bb73a98..7d0135854ec1b0698892323ef502fe18ff503d21 100644 (file)
--- a/doc/release-notes/release-4.sgml
+++ b/doc/release-notes/release-4.sgml
@@ -1,6 +1,6 @@
 <!doctype linuxdoc system>
 <article>
-<title>Squid 4.0.21 release notes</title>
+<title>Squid 4.0.22 release notes</title>
 <author>Squid Developers</author>
 
 <abstract>
@@ -12,7 +12,7 @@ for Applied Network Research and members of the Web Caching community.
 <toc>
 
 <sect>Notice
-<p>The Squid Team are pleased to announce the release of Squid-4.0.21 for testing.
+<p>The Squid Team are pleased to announce the release of Squid-4.0.22 for testing.
 
 This new release is available for download from <url url="http://www.squid-cache.org/Versions/v4/"> or the
  <url url="http://www.squid-cache.org/Download/http-mirrors.html" name="mirrors">.

diff --git a/src/ssl/support.cc b/src/ssl/support.cc
index b23006dca8cb8b265a06cd568d4257ab7f37eb75..78374ce032d63ce9eb284b4ef53b8980463cf2ef 100644 (file)
--- a/src/ssl/support.cc
+++ b/src/ssl/support.cc
@@ -1086,7 +1086,7 @@ Ssl::uriOfIssuerIfMissing(X509 *cert, Security::CertList const &serverCertificat
         if (const char *issuerUri = hasAuthorityInfoAccessCaIssuers(cert)) {
             // There is a URI where we can download a certificate.
             if (!findCertIssuerFast(SquidUntrustedCerts, cert) &&
-                !issuerExistInCaDb(cert, context)) {
+                    !issuerExistInCaDb(cert, context)) {
                 // and issuer not found in local databases containing
                 // untrusted certificates and trusted CA certificates
                 return issuerUri;