]>
Commit | Line | Data |
---|---|---|
755eac94 AJ |
1 | Changes in squid-5.0.1 (14 Jan 2020): |
2 | ||
3 | - Bug 4989: Leaking StoreEntry objects on Cache Digest rebuilds | |
4 | - Bug 4912: same-name notes being appended instead of replaced | |
5 | - Bug 4864: !Comm::MonitorsRead assertion in maybeReadVirginBody() | |
6 | - Bug 4579: cannot hit an entry being written by another worker | |
7 | - ICAP: Initial support for trailers | |
8 | - Add auth_schemes to control schemes presence and order in 401s/407s | |
9 | - Make CONNECT ACL a built-in default | |
10 | - Remove USE_CHUNKEDMEMPOOLS compiler flag | |
11 | - Two new ACLs implemented: annotate_transaction and annotate_client | |
12 | - Add response delay pools feature for Squid-to-client speed limiting | |
13 | - QA: allow test-suite to be run without a full build | |
14 | - Happy Eyeballs: Use each fully resolved forwarding destination ASAP | |
15 | - Support selective CF: collapsed_forwarding_access | |
16 | - Reworked packet/connection marking | |
17 | - Add new deny_info %A macro | |
18 | - Identify collapsed transactions | |
19 | - Add sample Kerberos group authentication external_acl helper | |
20 | - Optimization: Fewer memory (re)allocations for HTTP headers | |
21 | - Add TrivialDB support | |
22 | - Do not send Content-Length in 1xx or 204 responses | |
23 | - negotiate_kerberos_auth: fix memory leaks | |
24 | - ntlm_fake_auth: add ability to test delayed responses | |
25 | - Add %ssl::<cert macro for logging server X.509 certificate | |
26 | - Reuse reserved Negotiate and NTLM helpers after an idle timeout | |
27 | - Log PROXY protocol v2 TLVs | |
28 | - Support logformat %codes in error page templates | |
29 | - Fix incremental parsing of chunked quoted extensions | |
30 | - Peering support for SslBump | |
31 | - RFC 8586: Loop Detection in Content Delivery Networks | |
32 | - Prevent TLS transaction stalls by preserving flags.read_pending | |
33 | - Fix "BUG: Lost previously bumped from-Squid connection" | |
34 | - Add %master_xaction logformat code | |
35 | - Log "-" instead of the made-up method "NONE" | |
36 | - Add GeneratingCONNECT step for the existing at_step ACL | |
37 | - Report context of level-0/1 cache.log messages | |
38 | - Re-enabled updates of stored headers on HTTP 304 responses | |
39 | - Translations: Fix grammatical error in French error pages | |
40 | - Smarter auth_param utf8 handling, including CP1251 support | |
41 | - Fix rock disk entry contamination related to aborted swapouts | |
42 | - Send HTTP/500 (Internal Server Error) when lacking peers | |
43 | - Fix prohibitively slow search for new SMP shm pages | |
44 | - Centralized PagePool/PageStack ID generation | |
45 | - ... and many documentation changes | |
46 | - ... and much code cleanup and polishing | |
47 | ||
48 | Changes to squid-4.10 (14 Jan 2020): | |
49 | ||
50 | - Bug 5009: Build failure with older clang libc++ | |
51 | - Bug 5008: SIGBUS in PagePool::level() with custom rock slot size | |
52 | - Bug 5007: Docs: Fix max_filedescriptors description | |
53 | - Bug 4735: Truncated chunked responses cached as whole | |
54 | - ext_lm_group_acl: Improved username handling | |
55 | - Fix FTP buffers handling | |
56 | - Fix shared memory size calculation on 64-bit systems | |
57 | - Fix server_cert_fingerprint on cert validator-reported errors | |
58 | - Fix request URL generation in reverse proxy configurations | |
59 | - ... and several documentation updates | |
60 | - ... and several compile fixes | |
61 | ||
47f1e147 AJ |
62 | Changes to squid-4.9 (05 Nov 2019): |
63 | ||
64 | - Bug 4978: eCAP crash after using MyHost().newRequest() | |
65 | - Bug 4970: excessive gnutls_certificate_credentials debug msgs | |
66 | - Bug 4969: GCC-9 build failure: stringop-truncation | |
67 | - Bug 4966: Lower cache_peer hostname | |
68 | - Bug 4918: Crashes when using OpenSSL prior to v1.0.2 | |
69 | - TLS: Fix parsing of certificate validator responses | |
70 | - TLS: Fix parsing of TLS messages that span multiple records | |
71 | - TLS: Fix on_unsupported_protocol tunnel action | |
72 | - TLS: Fix expiration of self-signed generated certs to be 3 years | |
73 | - HTTP: Ignore malformed Host header in intercept and reverse proxy mode | |
74 | - HTTP: RFC 7230: server MUST reject messages with BWS after field-name | |
75 | - HTTP: Fix URN response handling | |
76 | - HTTP: Hash Digest noncedata | |
77 | - Update URI parser to use SBuf parsing APIs | |
78 | - Prevent truncation for large origin-relative domains | |
79 | - Fix several rock cache_dir corruption issues | |
80 | - Debug detail validation errors for loaded-from-file certificate chains | |
81 | - smblib: Improve SMB server name maintenance | |
82 | - cachemgr.cgi: Add validation for hostname parameter | |
83 | - ... and several compile issues | |
84 | - ... and some documentation updates | |
85 | ||
b339d00c AJ |
86 | Changes to squid-4.8 (09 Jul 2019): |
87 | ||
88 | - Bug 4957: Multiple XSS issues in cachemgr.cgi | |
89 | - Bug 4953: to_localhost does not include :: | |
90 | - Bug 4937: cachemgr.cgi: unallocated memory access | |
91 | - Bug 4936: terminating c-strings beyond BASE64_DECODE_LENGTH | |
92 | - Bug 4889: Ignore ECONNABORTED in accept(2) | |
93 | - Bug 4842: Memory leak when http_reply_access uses external_acl | |
94 | - TLS: Fix tls-min-version= being ignored | |
95 | - TLS: Add the NO_TLSv1_3 option to available tls-options values | |
96 | - HTTP: RFC 7230 forbids generation of userinfo subcomponent of https URL | |
97 | - HTTP: Remove userinfo support from old protocols | |
98 | - HTTP: Fix Digest auth parameter parsing | |
99 | - HTTP: Send Connection:close with the known-last request on a connection | |
100 | - HTTP: Fix handling of tiny invalid responses | |
101 | - Replace uudecode with libnettle base64 decoder | |
102 | - Update HttpHeader::getAuth to SBuf | |
103 | - ... and some compile issues | |
104 | ||
b3cc78d3 AJ |
105 | Changes to squid-4.7 (06 May 2019): |
106 | ||
107 | - Bug 4942: --with-filedescriptors does not do anything | |
108 | - Bug 4928: Cannot convert non-IPv4 to IPv4 | |
109 | - Bug 4823: assertion failed: "lowestOffset () <= target_offset" | |
110 | - Bug 4796: comm.cc !isOpen(conn->fd) assertion when rotating logs | |
111 | - Fix squidclient authentication to origin servers | |
112 | - Fix stack-based buffer-overflow when parsing SNMP messages | |
113 | - Add support for buffer-size= to UDP logging | |
114 | - TLS: When using OpenSSL, trust intermediate CAs from trusted store | |
115 | ||
b339d00c | 116 | Changes to squid-4.6 (19 Feb 2019): |
2e11c9c2 AJ |
117 | |
118 | - Bug 4915: Detect IPv6 loopback binding errors | |
119 | - Bug 4914: Do not call setsid() in --foreground mode | |
120 | - Bug 4875 pt2: GCC-8 compile errors with -O3 optimization | |
121 | - Bug 4856: Exit when GoIntoBackground() fork() call fails | |
122 | - basic_ldap_auth: Return BH on internal errors; polished messages | |
123 | - Fix BodyPipe/Sink memory leaks associated with auto-consumption | |
124 | - Fix OpenSSL builds that define OPENSSL_NO_ENGINE | |
125 | - Fix several cases of rock cache corruption | |
126 | - Add Georgian (ka) language translation | |
127 | ||
6f405e99 AJ |
128 | Changes to squid-4.5 (01 Jan 2019): |
129 | ||
130 | - Bug 4253: ssl_bump prevents access to some web contents | |
131 | - TLS: add %>handshake logformat code | |
132 | - Redesign forward_max_tries to count TCP connection attempts | |
133 | - Fix client_connection_mark ACL handling of clientless transactions | |
134 | - Fix netdb exchange with a TLS cache_peer | |
135 | - Update netdb when tunneling requests | |
136 | - Use pkg-config for detecting libxml2 | |
137 | - ... and some documentation updates | |
138 | - ... and some code compile fixes | |
139 | ||
140 | Changes to squid-4.4 (28 Oct 2018): | |
011c7156 AJ |
141 | |
142 | - Bug 4893: Malformed %>ru URIs for CONNECT requests | |
143 | - Fix %USER_CA_CERT_xx and %USER_CERT_xx crashes | |
144 | - SSL: support compilation with minimal OpenSSL | |
145 | - SSL: certificate fields injection via %D in ERR_SECURE_CONNECT_FAIL | |
146 | - Fix netdb not saving to disk | |
147 | - Fix memory leak when parsing SNMP packet | |
148 | - ... and some compile issues | |
149 | ||
bc535d91 AJ |
150 | Changes to squid-4.3 (01 Oct 2018): |
151 | ||
152 | - Bug 4885: Excessive memory usage when running out of descriptors | |
153 | - Bug 4877: Add missing text about external_acl_type %DATA changes | |
154 | - Bug 4875 pt1: GCC-8 compile errors with -O3 optimization | |
155 | - Bug 4716: Blank lines in cachemgr.conf are not skipped | |
156 | - Bug 4691: balance_on_multiple_ip config option docs | |
157 | - basic_pop3_auth: fix startup errors | |
158 | - langpack: Add missing dialect aliases | |
159 | - Fix range_offset_limit debugging | |
160 | - Fix icc build errors | |
161 | - Update systemd dependencies in squid.service | |
162 | ||
2c7246f7 AJ |
163 | Changes to squid-4.2 (04 Aug 2018): |
164 | ||
165 | - Regression fix: support for https_port clientca= option | |
166 | - Regression Bug 4870: milliseconds logformats prepend 0s instead of spaces | |
167 | - Bug 4861: HTTPMSGLOCK missing pointer safety | |
168 | - Bug 4843 pt3: GCC-8 fixes and refactoring | |
169 | - HTTP: Do not update stored headers on 304 responses | |
170 | - Fix segmentation fault on -k parse | |
171 | - Fix %>ru logging of huge URLs | |
172 | - ... and several performance optimizations | |
173 | - ... and some documentation updates | |
174 | - ... and all fixes from 3.5.28 | |
175 | ||
3cd71470 AJ |
176 | Changes to squid-4.1 (02 Jul 2018): |
177 | ||
178 | - Bug 4223: fixed retries of failed re-forwardable transactions | |
179 | - Bug 4791: Build failure on MacOS | |
180 | - Fix --with-netfilter-conntrack error message | |
181 | - ... and many documentation updates | |
182 | ||
b5391492 AJ |
183 | Changes to squid-4.0.25 (11 Jun 2018): |
184 | ||
185 | - Regression Bug 4855: querying private entries for HTCP/ICP | |
186 | - Regression Bug 4852: deny_info %R macro not being expanded | |
187 | - Regression Bug 4847: proxy_auth ACL -i/+i flags not working | |
188 | - Regression Bug 4831: filter chain certificates for validity when loading | |
189 | - Regression fix: Transient reader locking broken in 4.0.24 | |
190 | - Bug 4845: NegotiateSsl crash on aborting transaction | |
191 | - Bug 4843 pt1: ext_edirectory_userip_acl refactoring for GCC-8 | |
192 | - Bug 4843 pt2: squidclient refactoring for GCC-8 | |
193 | - Bug 4829: IPC shared memory leaks when disker queue overflows | |
194 | - Bug 4828: Use feature detection for IPFilter API/ABI checks | |
195 | - Bug 4816: update negotiate_kerberos_auth helper protocol to v3.4 | |
196 | - Bug 4811: supply AccessLogEntry (ALE) for more fast ACL checks | |
197 | - Bug 4707: purge tool does not obey --sysconfdir= build option | |
198 | - Bug 4171: checking for log_file_daemon despite disabling logging | |
199 | - Bug 4042: ext_kerberos_ldap_group: add -P principal option | |
200 | - TLS: avoid "ssl_crtd" assertions on reconfiguration | |
201 | - Add timestamps to (most) FATAL messages | |
202 | - Add "--kid role-ID" command line option | |
203 | - ... and many documentation updates | |
204 | ||
2db9989c AJ |
205 | Changes to squid-4.0.24 (07 Mar 2018): |
206 | ||
207 | - Bug 4822: Build failure (-Wformat) where time_t is not long int | |
208 | - Bug 4505: SMP caches sometimes do not purge entries | |
209 | - TLS: GnuTLS implementation for listening ports and client connections | |
210 | - TPROXY: Fix clientside_mark and client port logging | |
211 | - Native FTP: Fix "Cannot assign requested address" with TPROXY | |
212 | - SSL-Bump: Fix authentication with types other than Basic | |
213 | - ... and many small compile and stability fixes | |
214 | - ... and some documentation fixes | |
215 | ||
f1dfef29 | 216 | Changes to squid-4.0.23 (19 Jan 2018): |
217 | ||
218 | - Bug 4715: security_file_certgen: Remove -g and -n options docs | |
219 | - Bug 4679: User names not sent to url_rewrite_program | |
220 | - Bug 4631: security_file_certgen helper without disk cache | |
221 | - Bug 3911: clang -fsanitize warnings | |
222 | - Bug 2378: Duplicates in selected peer destinations | |
223 | - Nettle v3.4 support | |
224 | - Fix Squid FTP server dying because of an unhandled exception | |
225 | - Automatically revive hopeless kids on reconfigure and after a timeout | |
226 | - Fix %<Hs, %<pt, %<tt, %<bs calculation bugs for error responses | |
227 | - ... and many documentation updates | |
228 | - ... and some stability fixes | |
229 | ||
96e628ec | 230 | Changes to squid-4.0.22 (07 Dec 2017): |
231 | ||
232 | - Regression fix: Relay peer CONNECT error status line and headers to clients | |
233 | - Bug 4767: SMP breaks IPv6 SNMP and cache manager queries | |
234 | - Bug 4718: support filling raw buffer space of shared SBufs | |
235 | - Bug 4648: object revalidation for HTTPS scheme | |
236 | - Bug 4616: store_client.cc:92: "mem" assertion | |
237 | - Bug 2821: ignore Content-Range in non-206 responses | |
238 | - HTCP: Ignore packets with invalid URI | |
239 | - TLS: Validate the shortest certificate chain | |
240 | - TLS: Add checks for OpenSSL 1.1.0f API changes | |
241 | - TLS: Fix reporting of validation errors for downloaded intermediate certs | |
242 | - TLS: Fix SSL certificate cache refresh and collision handling | |
243 | - Fix backwards compatibility for Squid-3.5 external_acl_type formats | |
244 | - Fix invalid mime icon URLs in cache | |
245 | - Do not die silently when dying early | |
246 | - Docs: update translation files | |
247 | ||
b008ed2e AJ |
248 | Changes to squid-4.0.21 (02 Jul 2017): |
249 | ||
250 | - Bug 4730: segfault while processing internal HTTP requests | |
251 | - Bug 4492: Chunk extension parser is too pedantic | |
252 | - Bug 1961: Redesign urlParse() API | |
253 | - TLS: recognise tls:: namespace on logformat tokens | |
254 | - SSL-Bump: tproxy does not spoof spliced connections | |
255 | - security_file_certgen: collapse queued requests | |
256 | - Add a basic apparmour profile | |
257 | - Add transaction_initiator ACL for detecting various unusual transactions | |
258 | - Add ssl::server_name options to control matching logic | |
259 | - Support for --long-acl-options | |
260 | - Do not die silently when dying via std::terminate() | |
261 | - Fix option --foreground to implement expected behavior | |
262 | - Translations: update .po and .pot to latest texts | |
263 | - ... and some documentation updates | |
264 | - ... and many code cleanup and stability fixes | |
265 | - ... and all fixes from 3.5.27 | |
266 | ||
ef396425 AJ |
267 | Changes to squid-4.0.20 (01 Jun 2017): |
268 | ||
96e628ec | 269 | - Bug 4692: SslBump breaks intercepted IPv6 connections |
270 | - Bug 4682: ignoring http_access deny when client-first bumping mode is used | |
271 | - Bug 4662: build errors with LibreSSL 2.4.4 | |
272 | - Bug 4659: sslproxy_foreign_intermediate_certs does not work | |
273 | - Bug 4321: ssl_bump terminate does not terminate at step1 | |
ef396425 AJ |
274 | - Add 'has' ACL |
275 | - Do not forward HTTP requests to dead idle peers | |
276 | - Do not unconditionally revive dead peers after a DNS refresh | |
277 | - Make PID file check/creation atomic to avoid associated race conditions | |
278 | - Count failures and use peer-specific connect timeouts when tunneling | |
279 | - SSL-Bump: Fix crashes when server-first bumping mode is used with openSSL-1.1.0 | |
280 | - eCAP: Fix empty header handling in Ecap::HeaderRep::hasAny() | |
281 | - SSL-Bump: Second adaptation missing for CONNECTs | |
282 | - ext_session_acl: cope with new logformat inputs | |
283 | - ... and some documentation updates | |
284 | - ... and some code stability fixes | |
b008ed2e | 285 | - ... and all fixes from 3.5.26 |
ef396425 | 286 | |
7b84ebcc AJ |
287 | Changes to squid-4.0.19 (02 Apr 2017): |
288 | ||
289 | - Bug 4674: delay_parameters for class 3 and 4 assertion failed | |
290 | - Bug 4671: GCC 7 compile errors | |
291 | - Bug 4663: GCC 5+ compile errors with optimization level -O3 | |
292 | - Bug 4657: delay IDENT until after PROXY protocol handling | |
293 | - Bug 4610: cleanup of BerkleyDB related checks | |
294 | - squidclient: Fix missing error handling on PUT | |
295 | - digest_ldap_auth: Add -r option to clamp the realm to a fixed value | |
296 | - TLS: initial GnuTLS support for encrypted server connections | |
297 | - Fix appending Http::HdrType::VIA code | |
298 | - Fix URI scheme case-sensitivity treatment | |
299 | - Fix two read-ahead problems related to delay pools (or lack thereof) | |
300 | - Detail swapfile header inconsistencies | |
301 | - ... and several build fixes | |
302 | - ... and many code polishing updates | |
303 | - ... and all fixes from 3.5.25 | |
304 | ||
8527bed1 AJ |
305 | Changes to squid-4.0.18 (06 Feb 2017): |
306 | ||
307 | - Bug 4661: compile error 'warning: _XPG4_2 redefined' with GCC on Solaris 10 | |
308 | - Bug 4636: assertion 'byteCount > 0 && byteCount <= inBuf.length()' | |
309 | - Bug 4610 partial: compile errors on Solaris 11.3 with Oracle Studio 12.5 | |
310 | - Bug 4599: support OpenSSL 1.1 | |
311 | - squidclient: link GnuTLS library debugs to -v level display | |
312 | - Fix GCC6: unused local variable 'weInitiatedThisClosure' | |
313 | - ... and some code polishing | |
314 | - ... and some copyright updates | |
315 | - ... and all fixes from 3.5.24 | |
316 | ||
a2eb97b4 | 317 | Changes to squid-4.0.17 (16 Dec 2016): |
6f4a12cf AJ |
318 | |
319 | - Bug 4630: user credentials cache cleanup not re-scheduled | |
320 | - Bug 4610 partial: compile errors on Solaris 11.3 with Oracle Studio 12.5 | |
321 | - Bug 4599 partial: initial support for OpenSSL v1.1 | |
322 | - TLS: Support tunneling of bumped non-HTTP traffic | |
323 | - ... and many code polishing and performance updates | |
324 | - ... and some documentation updates | |
325 | - ... and some fixes from 3.5.23 | |
326 | ||
6276f56c AJ |
327 | Changes to squid-4.0.16 (30 Oct 2016): |
328 | ||
329 | - Avoid segfaults when lacking the server name for certificate validator | |
330 | - HTTP: initial support for Cache-Control:immutable | |
331 | - Fix ssl::server_name ACL | |
332 | - ... and many code polishing updates | |
333 | - ... and some fixes from 3.5.23 | |
334 | ||
d710ff25 AJ |
335 | Changes to squid-4.0.15 (09 Oct 2016): |
336 | ||
337 | - Regression fix crash on reconfigure with TOS/DiffServ/MARK configured | |
338 | - Bug 4610: compile errors on Solaris 11.3 with Oracle Studio 12.5 | |
339 | - Bug 4581: Secure ICAP segfault in checkForMissingCertificates | |
340 | - Bug 4578: changes required to install squid.service | |
341 | - Fix crash on shutdown while cleaning up idle ICAP connections | |
342 | - Fix memory leak of Downloader-related objects | |
343 | - HTTP/1.1: handle syntactically valid requests with unsupported HTTP versions | |
344 | - Log TCP client port for error:transaction-end-before-headers and such | |
345 | - ... and many portability and build fixes | |
346 | - ... and some documentation updates | |
347 | - ... and all fixes from 3.5.22 | |
348 | ||
f6791433 AJ |
349 | Changes to squid-4.0.14 (08 Sep 2016): |
350 | ||
351 | - Regression Bug 4570: crash after rev.14755 | |
352 | - Regression Bug 4561: Replace use of default move operators with explicit implementation | |
353 | - Bug 4503: Do not access-log SslBump-faked CONNECTs with _ABORTED suffixes | |
354 | - Bug 4404: Do not access-log chunked non-persistent responses with _ABORTED suffix | |
355 | - Fix crashes on shutdown while cleaning up idle ICAP connections | |
356 | - Fix logformat unable to configure codes with /-escape | |
357 | - HTTP: MUST respond with 414 (URI Too Long) when request-target exceeds limits | |
358 | - HTTP: validate Content-Length header values | |
359 | - Make Squid death due to overloaded helpers optional | |
360 | - Better support for unknown URL schemes | |
361 | - Do not log error:transaction-end-before-headers after invalid requests | |
362 | - ... and many portability and build fixes | |
363 | - ... and some documentation updates | |
d710ff25 | 364 | - ... and all fixes from 3.5.21 |
f6791433 | 365 | |
7566fb7e AJ |
366 | Changes to squid-4.0.13 (05 Aug 2016): |
367 | ||
368 | - Regression Bug 4540: revert r14720 buffer update | |
369 | - Bug 4555: Minor improvements to error pages CSS | |
370 | - Bug 4551: fix exceptions in new chunked decoder | |
371 | - Bug 4311: support collapse for internal revalidation requests (SMP-unaware caches) | |
372 | - Fix Certificate Validator buffer-overflow crashes Squid | |
373 | - Fix some failed transactions not being logged | |
374 | - Fix segfault via Ftp::Client::readControlReply(). | |
375 | - basic_db_auth: add support for unsalted SHA1 passwords | |
376 | - kerberos_ldap_group: add support for SSL/TLS connection to an LDAP server | |
377 | - TLS: Add missing 'tls' option for cache_peer | |
378 | - TLS: Do not hang when 'connector' fails | |
379 | - TLS: Add support for fetching missing certificates | |
380 | - Remove XSTD_USE_LIBLTDL, which has not been needed in a long while | |
381 | - ... and many code polishing updates | |
382 | - ... and some documentation updates | |
383 | ||
267a742e AJ |
384 | Changes to squid-4.0.12 (01 Jul 2016): |
385 | ||
386 | - Regression Fix: shell issues with require_smblib definition | |
387 | - Regression Bug 4532: pid_filename not working as documented | |
388 | - Regression Bug 4504: Too many WARNING: Ignoring error setting CA certificate locations | |
389 | - Bug 4516: security_file_certgen man page update | |
390 | - Bug 4446: undefined reference to 'libecap::Name::Name' | |
391 | - Bug 4376: clang cannot build Squid eCAP code | |
392 | - HTTP/1.1: Update all stored headers on 304 revalidation | |
393 | - TLS: Authority Key Identifier certificate extension | |
394 | - Add a script to find kid-specific cache.log lines | |
395 | - Cleanup cppunit detection and use | |
396 | - ... and several performance improvements | |
397 | - ... and some unit test updates | |
398 | - ... and all fixes from 3.5.20 | |
399 | ||
c17f835b AJ |
400 | Changes to squid-4.0.11 (09 Jun 2016): |
401 | ||
402 | - Bug 4517: error: comparison between signed and unsigned integer | |
403 | - Bug 4492: chunked parser needs to accept BWS after chunk size | |
404 | - HTTP/1.1: allow chunking the last HTTP response on a connection | |
405 | - HTTP/1.1: unfold mime header blocks | |
406 | - TLS: fast SNI peek | |
407 | - TLS: check for SSL_CIPHER_get_id() support required in adjustSSL() | |
408 | - TLS: never enable OPENSSL_HELLO_OVERWRITE_HACK automatically | |
409 | - squidclient: improve shell-escape support in -H option | |
410 | - Do not allow low-level debugging to hide important/critical messages | |
411 | - Replace new/delete operators using modern C++ rules | |
412 | - Remove ie_refresh configuration option | |
413 | - Deprecating SMB LanMan helpers | |
414 | - Mark refresh-waiting transactions with REFRESH | |
415 | - ... and some code cleanup and polishing | |
416 | ||
25e7b074 AJ |
417 | Changes to squid-4.0.10 (06 May 2016): |
418 | ||
419 | - Accumulate fewer unknown-size responses to avoid overwhelming disks. | |
420 | - Fix shared memory corruption when storing multi-slot (>32KB) shm misses. | |
421 | - ... and some documentation and code cleanup | |
422 | - ... and all fixes from 3.5.18 | |
423 | ||
2dae5986 AJ |
424 | Changes to squid-4.0.9 (20 Apr 2016): |
425 | ||
25e7b074 | 426 | - Bug 4405: assertion failed: comm.cc:554: "Comm::IsConnOpen(conn)" |
2dae5986 AJ |
427 | - Add a new error page token for unquoted external ACL messages. |
428 | - Stop parsing response prefix after discovering an "HTTP/0.9" response. | |
429 | - ... and some documentation updates | |
430 | - ... and some code polishing | |
431 | - ... and all fixes from 3.5.17 | |
432 | ||
b1e01a62 AJ |
433 | Changes to squid-4.0.8 (02 Apr 2016): |
434 | ||
435 | - Bug 4459: FHS compliance: move netdb.state and ssl_db to /var/cache/squid | |
436 | - Bug 4458: Behaviour change with external ACL arguments | |
437 | - Bug 4450: wait() related cleanup | |
438 | - Bug 4438: SIGSEGV in memFreeString() destructing SBuf globals on shutdown/restart | |
439 | - Bug 4312: Support disabling collapsed forwarding SMP cooperation | |
440 | - Bug 3826: SMP compatibility with systemd and --foreground option | |
441 | - Bug 1979: Add ACL-driven server_pconn_for_nonretriable squid.conf directive | |
442 | - Bug 7 (partial): Update cached entries on 304 responses | |
443 | - Add reply_header_add directive | |
444 | - HTTP/1.1: Do not prohibit updating Last-Modified on 304 responses | |
445 | - Fix memory leaks of lastAclData and AccessLogentry::url | |
446 | - Fix clang -Winconsistent-missing-override warning | |
447 | - Tests: update test suite for GnuTLS | |
448 | - ... and some documentation updates | |
449 | - ... and some code cleanup and polishing | |
97f9388a | 450 | - ... and all fixes from squid 3.5.16 |
b1e01a62 | 451 | |
81bf66f8 AJ |
452 | Changes to squid-4.0.7 (23 Feb 2016): |
453 | ||
454 | - Regression Fix: external_acl parameters separated by %20 instead of space | |
455 | - Bug 4432: assertion failed: store.cc:1919: "isEmpty()" | |
456 | - Bug 4111: leave_suid() does not properly handle error codes returned by setuid | |
457 | - Fix propagation of response status line parsing error details | |
458 | - Fix memory leak when the cache of sslcrtvalidator_program is disabled via ttl=0 | |
459 | - ... and some code SourceLayout project cleaning | |
460 | - ... and all fixes from squid 3.5.15 | |
461 | ||
4e071e97 AJ |
462 | Changes to squid-4.0.6 (16 Feb 2016): |
463 | ||
464 | - Regression Bug 4436: Fix DEFAULT_SSL_CRTD | |
465 | - Fix "dial: Ssl::PeerConnector::sslCrtvdHandleReply threw exception: callback != NULL" | |
4e071e97 AJ |
466 | - ... and some documentation updates |
467 | - ... and all fixes from squid 3.5.14 | |
468 | ||
ff87fda5 AJ |
469 | Changes to squid-4.0.5 (09 Feb 2016): |
470 | ||
471 | - Regression Bug 4429: http(s)_port options= error message missing characters | |
472 | - Regression Bug 4410: 4.0.4 compile error in basic_ncsa_auth | |
473 | - Regression Bug 4403: helper compile errors after 4.0.4 rev.14454 | |
474 | - Regression Bug 4401: compile error on Solaris | |
475 | - Regression Fix: TLS/SSL flags parsing | |
476 | - Regression Fix: cert validadator always disabled in 4.x | |
477 | - Regression Fix: Name-only note ACL stopped matching after 4.0.4 rev.14465 (note -m) | |
478 | - Regression Fix: external_acl problems after 4.0.1 rev.14351 | |
479 | - Bug 4409 (partial): compile error when two Heimdal libraries are installed | |
480 | - Bug 4005: Dynamic certificate cache exceeds dynamic_cert_mem_cache_size | |
481 | - SMP: Fix cleanup of a shared memory segment in an unusual configuration | |
482 | - SSL-Bump: Fix step3 splicing. | |
483 | - Add connections_encrypted ACL | |
484 | - Make %<a and %<p details available to [eCAP] RESPMOD services | |
485 | - Rename cert_valid.pl to security_fake_certverify | |
486 | - Rename ssl_crtd helper to security_file_certgen | |
487 | - ... and a lot of code SourceLayout project cleaning | |
488 | - ... and some documentation updates | |
489 | - ... and all fixes from squid 3.5.13 up to rev.13979 | |
490 | ||
0461fde7 AJ |
491 | Changes to squid-4.0.4 (06 Jan 2016): |
492 | ||
78121f9a AJ |
493 | - Regression Bug 4393: compile fails on OS X |
494 | - Bug 4392: assertion CbcPointer.h:159: 'c' via tunnelServerClosed or tunnelClientClosed | |
0461fde7 AJ |
495 | - Support use of Kerberos credentials cache instead of keytab |
496 | - Support logging of TLS Cryptography Parameters | |
497 | - Support substring matching in Note ACL | |
498 | - ... and some code cleanup and polishing | |
499 | - ... and all fixes from squid 3.5.13 | |
500 | ||
bf7891f2 AJ |
501 | Changes to squid-4.0.3 (28 Nov 2015): |
502 | ||
503 | - Bug 4372: missing template files | |
504 | - Bug 4371: compile errors: no such file or directory: DiskIO/*/*DiskIOModule.o | |
505 | - Bug 4368: A simpler and more robust HTTP request line parser | |
506 | - Fix compile erorr on clang undefined reference to '__atomic_load_8' | |
507 | - ext_kerberos_ldap_group_acl: Add missing workarounds for Heimdal Kerberos | |
508 | - ext_ldap_group_acl: Allow unlimited LDAP search filter | |
509 | - ext_unix_group_acl: Support -r parameter to strip @REALM from usernames | |
510 | - ... and much code cleanup and polishing | |
0461fde7 | 511 | - ... and all fixes from squid 3.5.12 |
bf7891f2 | 512 | |
0b475d3f AJ |
513 | Changes to squid-4.0.2 (01 Nov 2015): |
514 | ||
515 | - Regression Bug 4351: compile errors when authentication modules disabled | |
516 | - Regression fix: HTTP/1.1 Transfer-Encoding:chunked parsing | |
517 | - Bug 4359: assertion failure 'Comm::IsConnOpen(conn)' within ConnStateData::requestTimeout | |
518 | - Bug 4356: segmentation fault using proxy_auth ACL | |
519 | - Bug 4352: compile errors in OS X 10.11 | |
520 | - Bug 4021: ext_user_regex does exact match | |
521 | - Bug 3574: avoid crashes, prohibit reconfiguration during shutdown | |
522 | - Support re-assigning delay pools based on HTTP reply details | |
523 | - ... and all fixes from squid 3.5.11 | |
524 | ||
1243ec71 AJ |
525 | Changes to squid-4.0.1 (14 Oct 2015): |
526 | ||
527 | - Bug 4329: GCC 5.2 no known conversion for argument | |
528 | - Bug 4292: negotiate_wrapper: Unreleased Resources | |
529 | - Bug 4269: ignore-must-revalidate broken | |
530 | - Bug 4190: assertion 'hash_remove_link' from Auth::User::cacheCleanup | |
531 | - Bug 3920: Splay::remove() reference counting inconsistent | |
532 | - Bug 3069: CONNECT method bytes sent logging | |
533 | - Bug 2741 partial: libsecurity API for GnuTLS support | |
534 | - Bug 1961 partial: redesign of URL handling | |
535 | - Fix crash when parsing invalid squid.conf | |
536 | - Fix eCAP: Return 'unknown body size' for bodies with unknown body sizes | |
537 | - Remove unused OS detection: Sun, SysV, Ultrix, BSDi | |
538 | - Remove cache_peer_domain directive | |
539 | - RFC 6176 compliance: Remove SSLv2 support | |
540 | - HTTP/1.1: Remove refresh_pattern ignore-auth and ignore-must-revalidate | |
541 | - Remove GCC 2.x and 3.x detection and support | |
542 | - C++11 compiler support is now mandatory | |
543 | - Enable flexible transport protocol | |
544 | - Enable long (--foo) command line parameters on squid binary | |
545 | - Add per-rule refresh_pattern matching statistics | |
546 | - Replace sslversion=N with tls-min-version=1.N | |
547 | - Replace sslproxy_* directives with tls_outgoing_options | |
548 | - Replace GNU atomics and related hacks with C++11 std::atomic | |
549 | - Replace external_acl_type format %macros with logformat codes | |
1243ec71 AJ |
550 | - Support Secure ICAP services |
551 | - Support rotate=N option on access_log | |
552 | - Support bypass for non-HTTP intercepted traffic (on_unsupported_protocol) | |
553 | - Support lifetime timeout for persistent connections (pconn_lifetime) | |
554 | - Support timeout for URL-rewrite helper lookups (url_rewrite_timeout) | |
555 | - Support logging fast things (nanosecond log resolution) | |
556 | - Support ICAP/eCAP adaptation for 100-continue responses | |
557 | - Support configurable helper queue size, with consistent defaults | |
558 | and better overflow handling. | |
559 | - Support named service PID file by default (pid_filename) | |
560 | - url_lfs_rewrite: Add URL-rewriter based on local file existence | |
561 | - negotiate_kerberos_auth: output group= kv-pair | |
562 | - helper-mux: add man(8) page | |
563 | - purge: convert README to man(1) page | |
564 | - basic_msnt_multi_domain_auth: Superceeded by basic_smb_lm_auth | |
565 | - basic_sspi_auth: fix MinGW compile errors | |
566 | - negotiate_sspi_auth: fix various build errors | |
567 | - Crypto-NG: libnettle Base64 algorithm support | |
568 | - Parser-NG: HTTP Parser structural redesign | |
569 | - libltdl: copyright updated to LGPL version 2.1 | |
570 | - ... and several performance optimizations | |
571 | - ... and many documentation changes | |
572 | - ... and much code cleanup and polishing | |
573 | ||
1c8fc2a2 AJ |
574 | Changes to squid-3.5.28 (15 Jul 2018): |
575 | ||
576 | - SQUID-2018:1: crash processing SSL-Bumped traffic containing ESI | |
577 | - SQUID-2018:2: crash handling responses to internally generated requests | |
578 | - SQUID-2018:3 / CVE-2018-1172: crash in ESI Response processing | |
579 | - Bug 4861: HTTPMSGLOCK missing pointer safety | |
580 | - Bug 4829: IPC shared memory leaks when disker queue overflows | |
581 | - Bug 4767: SMP breaks IPv6 SNMP and cache manager queries | |
582 | - Bug 2821: Ignore Content-Range in non-206 responses | |
583 | - HTCP: Ignore HTCP packets with invalid URI | |
584 | - SSL-Bump: fix authentication with schemes other than Basic | |
585 | - TPROXY: Fix clientside_mark and client port logging | |
586 | - Fix "Cannot assign requested address" for to-origin TPROXY FTP data | |
587 | - Fix --with-netfilter-conntrack error message | |
588 | - Validate mime icon URL before allocating store entries | |
589 | - ... and many documentation changes | |
590 | ||
b1268cb4 | 591 | Changes to squid-3.5.27 (20 Aug 2017): |
592 | ||
593 | - Regression Bug #4112: ssl_engine does not accept cryptodev | |
594 | - Bug 4687: Wrong names of components in man page, section SEE ALSO | |
595 | - Bug 4671: various GCC 7 compile errors | |
596 | - Bug 4464: Reduce "!Comm::MonitorsRead(serverConnection->fd)" assertions | |
597 | - Bug 2833: Collapse internal revalidation requests (SMP-unaware caches) | |
598 | - Bug 2833: Do not respond with HTTP/304 to unconditional requests | |
599 | - Fix message packing error handling in mgr and snmp SMP Forwarders | |
600 | - Fix mgr query handoff from the original recipient to Coordinator. | |
601 | - ... and some documentation updates | |
602 | ||
ef396425 AJ |
603 | Changes to squid-3.5.26 (01 Jun 2017): |
604 | ||
605 | - Bug 4711: SubjectAlternativeNames is missing in some generated certificates | |
606 | - Bug 4695: squidpurge: GCC 7 build errors | |
607 | - Bug 4682: ignoring http_access deny when client-first bumping mode is used | |
608 | - Bug 4682: Fix ssl_bump "bump" action documentation | |
609 | - Bug 4653: %st lies about tunneled traffic volumes | |
610 | - Bug 4589: ssl_crtd: returning zero on failure | |
611 | - Bug 3772: message from FTP server gets mangled | |
612 | - Bug 3102: FTP directory listing drops fist character of file names | |
613 | - Add OpenSSL library details to -v output | |
b1268cb4 | 614 | - ... and some documentation updates |
ef396425 | 615 | |
7b84ebcc AJ |
616 | Changes to squid-3.5.25 (02 Apr 2017): |
617 | ||
618 | - Bug 4688: various typo error(s) in man page(s) | |
619 | - Bug 4508: Host forgery stalls intercepted being-spliced connections | |
620 | - Native FTP relay: NAT and TPROXY interception fixes | |
621 | - Fix missing CRLF on FTP timeout ABORT commands | |
622 | - TLS: Bump client on errors encountered before ssl_bump evaluation | |
623 | - ext_kerberos_ldap_group_acl: fix unused value warnings | |
624 | - Fix crash when configuring with invalid delay_parameters restore value. | |
625 | - Check that -k argument is provided before trying to use it. | |
626 | - ... and some build fixes | |
627 | ||
6c12d87e AJ |
628 | Changes to squid-3.5.24 (28 Jan 2017): |
629 | ||
630 | - Regression Bug 3940: Make 'cache deny' do what is documented | |
631 | - TLS: Fix SSLv2 records bumping despite a matching step2 peek rule | |
632 | - TLS: Mitigate DoS attacks that use client-initiated SSL/TLS renegotiation | |
633 | - Fix "Source and destination overlap in memcpy" Valgrind errors | |
634 | - Reduce crashes due to unexpected ClientHttpRequest termination | |
635 | - Update External ACL helpers error handling and caching | |
636 | - Detect HTTP header ACL issues | |
637 | - ... and some documentation fixes | |
638 | ||
a2eb97b4 | 639 | Changes to squid-3.5.23 (16 Dec 2016): |
6f4a12cf AJ |
640 | |
641 | - Bug 4627: fix generate-host-certificates and dynamic_cert_mem_cache_size docs | |
642 | - Bug 4620: NetBSD build error with --enable-ipf-transparent | |
643 | - Bug 4567: Strange IPv6 shown in access.log | |
644 | - Bug 4406: SIGSEV in TunnelStateData::handleConnectResponse() during reconfigure and restart | |
645 | - Bug 4174 partial: fix Write.cc:41 "!ccb->active()" assertion. | |
646 | - Bug 4169: HIT marked as MISS when If-None-Match does not match | |
647 | - Bug 4007: Hang on DNS query with dead-end CNAME | |
648 | - Bug 4004 partial: Fix segfault via Ftp::Client::readControlReply | |
649 | - Bug 3940 partial: hostHeaderVerify failures MISS when they should be HIT | |
650 | - Bug 3533: Cache still valid after HTTP/1.1 303 See Other | |
651 | - Bug 3379: Combination of If-Match and a Cache Hit result in TCP Connection Failure | |
652 | - Bug 3290: authenticate_ttl not working for digest authentication | |
653 | - Bug 2258: bypassing cache but not destroying cache entry | |
654 | - HTTP/1.1: make Vary:* objects cacheable | |
655 | - HTTP/1.1: Add registered codes entry for new 103 (Early Hints) status code | |
656 | - Support IPv6 NAT with PF for NetBSD and FreeBSD | |
657 | - TLS: Make key= before cert= an error instead of quietly hiding the issue | |
658 | - ... and some debug updates | |
659 | - ... and some build fixes | |
660 | - ... and several documentation updates | |
661 | ||
d710ff25 AJ |
662 | Changes to squid-3.5.22 (09 Oct 2016): |
663 | ||
664 | - Bug 4594: build failure with clang 3.9 | |
665 | - Bug 4471: revalidation does not work when expired cached object lacks Last-Modified | |
666 | - Bug 4302 pt2: IPv6 support for IPFilter v5 transparent interception | |
667 | - Bug 4228: ./configure bug/typo in r14394 | |
668 | - Bug 3819: "fd >= 0" assertion in file_write() during reconfiguration | |
669 | - Bug 2833: Collapse internal revalidation requests (SMP-unaware caches) | |
670 | - Fix logged request size (%http::>st) and other size-related %codes | |
671 | - Fix some memory leaks from putenv() | |
672 | - Fix memory leaks from url_rewrite_extras and store_id_extras on reconfigure/shutdown | |
673 | - Fix segfault crash when debugging section 4 at level 9 | |
674 | - HTTP: MUST ignore a [revalidation] response with an older Date header | |
675 | ||
f6791433 AJ |
676 | Changes to squid-3.5.21 (08 Sep 2016): |
677 | ||
678 | - Bug 4563: duplicate code in httpMakeVaryMark | |
679 | - Bug 4542: authentication credentials IP TTL updated incorrectly | |
680 | - Bug 4534: assertion failure in xcalloc when using many cache_dir | |
681 | - Bug 4428: mal-formed Cache-Control:stale-if-error header | |
682 | - Bug 3025: Proxy-Authenticate problem using ICAP server | |
683 | - Fix segfault via Ftp::Client::readControlReply() | |
684 | - Fix SSL-Bump failure results in SEGFAULT | |
685 | - HTTP/1.1: MUST always revalidate Cache-Control:no-cache responses | |
686 | - HTTP/1.1: do not allow Proxy-Connection to override Connection header | |
687 | - SSL: CN wildcard must only match a single domain component [fragment] | |
688 | ||
267a742e AJ |
689 | Changes to squid-3.5.20 (01 Jul 2016): |
690 | ||
691 | - Bug 4523: smblib compile fails on NetBSD | |
692 | - Bug 4485: off-by-one out-of-bounds Parser::Tokenizer::int64() read errors | |
693 | - Bug 3579: assertion failed 'MemPools[type]' from dst_as ACL | |
694 | - Fix icons loading speed | |
695 | - Fix OpenSSL detection on FreeBSD | |
696 | - Fix assertion failed: Write.cc:38: 'fd_table[conn->fd].flags.open' | |
697 | - Fix SEGFAULT parsing malformed adaptation service configuration | |
698 | - Fix ConnStateData::In::maybeMakeSpaceAvailable() logic | |
699 | - Do not override user defined -std option | |
700 | - Do not allow low-level debugging to hide important/critical messages | |
701 | - Do not make bogus recvmsg(2) calls when closing UDS sockets | |
702 | - Support unified EUI format code in external_acl_type | |
703 | ||
704 | Changes to squid-3.5.19 (09 May 2016): | |
705 | ||
706 | - Regression Bug 4515: interception proxy hangs | |
707 | ||
25e7b074 AJ |
708 | Changes to squid-3.5.18 (06 May 2016): |
709 | ||
710 | - Bug 4510: stale comment about 32KB limit on shared memory cache entries | |
711 | - Bug 4509: EUI compile error on NetBSD | |
712 | - Bug 4501: HTTP/1.1: normalize Host header | |
713 | - Bug 4498: URL-unescape the login-info after extraction from URI | |
714 | - Bug 4455: SegFault from ESIInclude::Start | |
715 | - Prevent Squid forcing -b 2048 into the arguments for sslcrtd_program | |
716 | - Fix TLS/SSL server handshake alert handling | |
717 | ||
2dae5986 AJ |
718 | Changes to squid-3.5.17 (20 Apr 2016): |
719 | ||
720 | - Regression Bug 4480: logformat [.width_max] | |
721 | - Regression Bug 4481: varyEvaluateMatch: Oops. Not a Vary match on second attempt | |
722 | - Bug 4495: Unknown SSL option SSL_OP_NO_TICKET | |
723 | - Bug 4493: theObject->sharedMemorySize() == theSegment.size() exception | |
724 | - Bug 4483: ./configure garbles -Og option in CFLAGS | |
725 | - Bug 4482: Solaris GCC 5.2 warning in src/ip/Intercept.cc | |
726 | - Bug 4468: NotNode (!acl) naming: Terminate the name before strncat(name). | |
727 | - Bug 4465: Header forgery detection leads to crash | |
728 | - Bug 2460 partial: workaround deferred reads on shutdown and restart | |
729 | - cachemgr.cgi: use dynamic MemBuf for internal content generation | |
730 | - ESI: Fix several element construction issues | |
731 | - TLS: Fix Handshake Error: ccs received early | |
732 | - TLS: Add chained and signing cert to peek-then-bumped connections | |
733 | - Fix some startup/shutdown crashes | |
734 | ||
b1e01a62 AJ |
735 | Changes to squid-3.5.16 (02 Apr 2016): |
736 | ||
737 | - Bug 4476: Removed duplicated #include lines | |
738 | - Bug 4452: squid -z segfaults with ufs | |
739 | - Bug 4447:FwdState.cc:447 "serverConnection() == conn" assertion | |
740 | - Bug 4423: adding stdio: prefix to cache_log directive produces FATAL error | |
741 | - Bug 4409: compile error when two Heimdal libraries are installed | |
742 | - Bug 2831: Cache-control: max-age not sent on TCP_IMS_HIT/304 | |
743 | - pinger: Fix buffer overflow in Icmp6::Recv | |
744 | - pinger: Fix select(2) to actually use max_fd | |
745 | - pinger: drop capabilities on Linux | |
746 | - Fix memory leak of HttpRequest objects | |
747 | - Fix memory leak when the cache of sslcrtvalidator_program is disabled via ttl=0 | |
748 | - Fix assertion failed: Write.cc:41: "!ccb->active()" | |
749 | - Fix crash on shutdown while cleaning up idle ICAP connections | |
750 | - RFC 7725: Add registry entry for 451 status text | |
751 | - ... and some build issues | |
752 | ||
81bf66f8 AJ |
753 | Changes to squid-3.5.15 (23 Feb 2016): |
754 | ||
755 | - Bug 3870: assertion failed: String.cc: 'len_ + len <65536' in ESI::CustomParser | |
756 | - Fix multiple assertion on String overflows | |
757 | - Fix unit test errors on MacOS | |
758 | - Better handling of huge response headers. Fewer incorrect "Bug #3279" messages. | |
759 | - Log noise reduction for eCAP | |
760 | ||
4e071e97 AJ |
761 | Changes to squid-3.5.14 (16 Feb 2016): |
762 | ||
763 | - Bug 4437: Fix Segfault on Certain SSL Handshake Errors | |
764 | - Bug 4431: C code is not compiled with CFLAGS | |
765 | - Bug 4418: FlexibleArray compile error with GCC 6 | |
766 | - Bug 4378: assertion failed: DestinationIp.cc:60: | |
767 | 'checklist->conn() && checklist->conn()->clientConnection != NULL' | |
768 | - Fix invalid FTP connection handling on blocked content | |
769 | - Fix handling of shared memory left over by Squid crashes or bugs | |
770 | - Fix mgr:config report 'qos_flows mark' output | |
771 | - Fix compile error in CPU affinity | |
404063c5 | 772 | - Fix %un logging external ACL username |
4e071e97 | 773 | - Avoid more certificate validation memory leaks |
404063c5 | 774 | - ... and some documentation updates |
4e071e97 | 775 | |
0461fde7 AJ |
776 | Changes to squid-3.5.13 (06 Jan 2016): |
777 | ||
778 | - Bug 4397: DragonFly BSD, POSIX shared memory is implemented as filepath | |
779 | - Bug 4387: Kerberos build errors on Solaris | |
780 | - TLS: Support Ephemeral Elliptic Curve Diffie-Hellman (EECDH) key exchange | |
781 | - TLS: Complete certificate chains using external intermediate certificates | |
782 | - Avoid memory leaks when an X.509 certificate validator is used with SslBump | |
783 | - Fix connection retry and fallback after failed server TLS connections | |
784 | - Fix GnuTLS detection via pkg-config | |
785 | - Fix startup crash with a misconfigured (too-small) shared memory cache | |
786 | - ... and some documentation updates | |
787 | ||
bf7891f2 AJ |
788 | Changes to squid-3.5.12 (28 Nov 2015): |
789 | ||
790 | - Bug 4374: refresh_pattern config parser (%) | |
791 | - Bug 4373: assertion 'calloutContext->redirect_state == REDIRECT_NONE' | |
792 | - Bug 4228: links with krb5 libs despite --without options | |
793 | - Fix SSL_get_certificate() problem detection | |
794 | - Fix TLS handshake problem during Renegotiation | |
795 | - Fix cache_peer forceddomain= in CONNECT | |
796 | - Fix status code-based HTTP reason phrase for eCAP-generated messages | |
797 | - Fix build errors in cpuafinity.cc | |
798 | - ... and several documentation updates | |
799 | ||
0b475d3f AJ |
800 | Changes to squid-3.5.11 (01 Nov 2015): |
801 | ||
802 | - Bug 3574: crashes on reconfigure and startup | |
803 | - Bug 4347: compile errors with LibreSSL 2.3 | |
804 | - Bug 4281: copy-paste typos in src/tools.cc | |
805 | - Bug 4279: No response from proxy for FTP-download of non-existing file | |
806 | - Bug 4188: Bumping intercepted SSL connections does not work on Solaris | |
807 | - Fix incorrect authentication headers on cache digest requests | |
808 | - Fix connection stats, including %<lp, missing for persistent connections | |
809 | - Fix invalid memory access issues in SBuf | |
810 | - Avoid errors when parsing manager ACL in old squid.conf | |
811 | ||
574e0f53 AJ |
812 | Changes to squid-3.5.10 (01 Oct 2015): |
813 | ||
814 | - Regression Fix cache_peer login=PASS(THRU) after CVE-2015-5400 | |
815 | - Regression Bug 4326: base64 binary encoder rejects data beginning with nil byte | |
816 | - Bug 4323: Netfilter broken cross-includes with Linux 4.2 | |
817 | - Bug 4328: %un format code does not work for external ACLs in credentials-fetching rules | |
818 | - Bug 4208: more than one port in wccp2_service_info line causes error | |
1243ec71 | 819 | - Bug 4303: PeerConnector.cc:743 "!callback" assertion. |
574e0f53 AJ |
820 | - Bug 4330: Do not use SSL_METHOD::put_cipher_by_char to determine size of SSL hello ciphers |
821 | - Relicense ntlm_fake_auth.pl to GPLv2+ | |
822 | - Relicense smb_lm auth helper to GPLv2+ | |
823 | - Relicense SSPI helper to GPLv2+ | |
824 | - ... and several minor performance optimizations | |
825 | ||
3de58ac0 AJ |
826 | Changes to squid-3.5.9 (17 Sep 2015): |
827 | ||
828 | - Regression Bug 3618: ntlm_smb_lm_auth rejects correct passwords | |
829 | - Bug 4309: incorrect extensions detection in SSL Hello messages | |
830 | - Bug 4309: crash during Skype login | |
831 | - Bug 4284: missing sanity checks for malloc | |
832 | - Regression Fix: CONNECT request debugging 11,2 traces | |
833 | - Regression Fix: Quieten UFS cache maintenance skipped warnings | |
834 | - TLS: Support SNI on generated CONNECT after peek | |
835 | - ... and some documentation updates | |
836 | ||
4fff8fc1 AJ |
837 | Changes to squid-3.5.8 (02 Sep 2015): |
838 | ||
839 | - Regression Bug 4306: build portability fix in Kerberos helpers | |
840 | - Bug 4302: IPFilter v5 transparent interception | |
841 | - Bug 4301: compile errors with IPFilter interception | |
842 | - Bug 4285 partial: %us is not supported in access.log | |
843 | - Bug 4278: Docs: typo in the refresh_pattern freshness algorithm | |
844 | - Bug 4242: compile errors with eCAP using clang-3.6 | |
845 | - Bug 3696: crash when client delay pools are activated | |
846 | - Bug 3553: cache_swap_high ignored and maxCapacity used instead | |
847 | - Regression Fix: FtpServer.cc:1024: "reply != NULL" assertion | |
848 | - Fix ignore of impossible SSL bumping actions, as intended and documented | |
849 | - Fix memory leak in Surrogate-Capability header detection | |
850 | - Fix truncated body length when RESPMOD service aborts | |
851 | - Reject non-chunked HTTP messages with conflicting Content-Length values | |
852 | - Support splice for SSLv3 and TLSv1 sessions that start with an SSLv2 Hello | |
853 | - ... and several portability and compile fixes | |
854 | - ... and several documentation updates | |
855 | ||
4df5649e AJ |
856 | Changes to squid-3.5.7 (01 Aug 2015): |
857 | ||
c52a4693 | 858 | - Bug 4293: wrong SNI sent to server after URL-rewrite |
4df5649e AJ |
859 | - Bug 4251: incorrect instance name for memory segments in /dev/shm |
860 | - Bug 4227: invalid key in AuthUserHashPointer causing assertation failure | |
861 | - Bug 3345: support %un (any available user name) format code for external ACLs. | |
ab5bc97e | 862 | - basic_smb_auth: Fix several old issues identified by Debian users |
4df5649e AJ |
863 | - Support ssl-bump splicing to origin cache_peer |
864 | - Fix SSL errors relayed using invalid certificates | |
865 | - Fix crash in TcpAccepter with profiler enabled | |
866 | - Fix some cases of ssl_crtd SSL certificate DB corruption | |
867 | - Fix performance regression in SBuf::chop operations | |
868 | - Improve handling of client connections on shutdown | |
869 | - Handle exceptions during squid.conf parse | |
870 | - Make pod2man an optional dependency | |
871 | - ... and polishing for several cache.log notification messages | |
872 | - ... and all fixes from squid 3.4.14 | |
873 | ||
ab248038 AJ |
874 | Changes to squid-3.5.6 (03 Jul 2015): |
875 | ||
876 | - Bug 4274: ssl_crtd.8 not being installed | |
877 | - Bug 4193: memory leak on FTP listings | |
878 | - Bug 4183: segfault when freeing https_port clientca on reconfigure or exit | |
879 | - Bug 3875: bad mimeLoadIconFile error handling | |
880 | - Bug 3483: assertion failed store.cc:1866: 'isEmpty()' | |
881 | - Bug 3329: pinned server connection is not closed properly | |
882 | - TLS: Disable client-initiated renegotiation | |
883 | - ext_edirectory_userip_acl: fix uninitialized variable | |
884 | - Support custom OIDs in *_cert ACLs | |
885 | - Fix CONNECT failover to IPv4 after trying broken IPv6 servers | |
886 | - Use relative-URL in errorpage.css for SN.png | |
887 | - Do not blindly forward cache peer CONNECT responses | |
888 | - Fix assertion String.cc:221: "str" | |
889 | - Fix assertion comm.cc:759: "Comm::IsConnOpen(conn)" in ConnStateData::getSslContextDone | |
890 | - Translations: add Spanish US dialect alias | |
891 | ||
c75a7d0a AJ |
892 | Changes to squid-3.5.5 (28 May 2015): |
893 | ||
894 | - Regression Bug 4132: short_icon_urls with global_internal_static on | |
895 | - Bug 4238: assertion Read.cc:205: "params.data == data" | |
896 | - Bug 4236: SSL negotiation error of 'success' | |
897 | - Bug 3930: assertion 'connIsUsable(http->getConn())' | |
898 | - Fix assertion MemBuf.cc:380: "new_cap > (size_t) capacity" in SSL I/O buffer | |
899 | - Fix assertion errorpage.cc:600: "entry->isEmpty()" | |
900 | - Fix comm_connect_addr on failures returns Comm:OK | |
901 | - Fix missing external ACL helper notes | |
902 | - Fix "Not enough space to hold server hello message" error message | |
903 | - Fix segmentation fault inside Adaptation::Icap::Xaction::swanSong | |
904 | - Prevent unused ssl_crtd helpers being run | |
905 | - ... and some code cleanup and portability updates | |
906 | - ... and several documentation updates | |
907 | ||
88e192b1 AJ |
908 | Changes to squid-3.5.4 (01 May 2015): |
909 | ||
910 | - Bug 4234: comm_connect_addr uses errno incorrectly | |
911 | - Bug 4231: fd_open() not correctly handling UDS socket descriptions | |
912 | - Bug 4226: digest_edirectory_auth: found but cannot be built | |
913 | - Bug 4198: assertion failed: client_side.h:364: "sslServerBump == srvBump" | |
914 | - Bug 3775: Disable HTTP/1.1 pipeline feature for pinned connections | |
915 | - Fix require-proxy-header preventing HTTPS proxying and ssl-bump | |
916 | - Fix Negotiate/Kerberos authentication request size exceeds output buffer size | |
917 | - Fix SQUID_X509_V_ERR_DOMAIN_MISMATCH errors while accessing sites with valid certificates | |
918 | - Add server_name ACL matching server name(s) obtained from various sources | |
919 | - Add Kerberos support for MAC OS X 10.x | |
920 | - Support for resuming TLS sessions | |
921 | - ... and some portability and compile fixes | |
922 | - ... and several documentation updates | |
923 | - ... and all fixes from squid 3.4.13 | |
924 | ||
548362ff AJ |
925 | Changes to squid-3.5.3 (28 Mar 2015): |
926 | ||
927 | - Regression Bug 4213: negotiate_kerberos_auth: freeing non-dynamic memory | |
928 | - Regression Bug 4206: Incorrect connection close on expect:100-continue | |
929 | - Bug 4204: ./configure does not abort when required helpers cannot be built | |
930 | - Bug 3805: support shared memory on MacOS X in Mem::IPC::Segment | |
931 | - Bug 2907: high CPU usage on CONNECT when using delay pools | |
932 | - basic_getpwnam_auth: fail authentication on crypt() failures | |
933 | - basic_nis_auth: fail authentication on crypt() failures | |
934 | - ext_kerberos_ldap_group_acl: Heimdal support improvements | |
935 | - ext_wbinfo_group_acl: Perl 5.20 support | |
936 | - ... and several compile issues | |
937 | ||
4d3be924 AJ |
938 | Changes to squid-3.5.2 (18 Feb 2015): |
939 | ||
940 | - Regression Bug 4176: Digest auth too many helper lookups | |
941 | - Regression Bug 4180: not-fully-initialized data member in ACLUserData | |
942 | - Bug 4172: Solaris broken krb5-config | |
943 | - Bug 4073: Cygwin compile errors | |
944 | - Bug 3919: remove several never-true / never-false comparisons | |
945 | - HTTPS: Add missing root CAs when validating chains that passed internal checks | |
946 | - Fix some cbdataFree related memory leaks | |
947 | - Quieten CBDATA 'leak' messages | |
948 | - Set SNI information in transparent bumping mode | |
949 | - negotiate_kerberos_auth: fix krb5.conf backward compatibility | |
950 | - Fix memory leaks in cachemgr.cgi URL parser | |
951 | - Fix sslproxy_options in peek-and-splice mode | |
952 | - ... and fix several portability and build issues | |
953 | - ... and some documentation updates | |
954 | - ... and all fixes from squid 3.4.11 | |
955 | ||
aac5b91d AJ |
956 | Changes to squid-3.5.1 (13 Jan 2015): |
957 | ||
958 | - Fix handling of invalid SSL server certificates when splicing connections | |
959 | - basic_smb_lm_auth: Simplified MSNT basic auth helper | |
960 | - squidclient: Fix -A and -P options | |
961 | - ... and several portability fixes | |
962 | - ... and all fixes from squid 3.4.11 | |
963 | - ... and a lot of documentation updates | |
964 | ||
cf62b886 AJ |
965 | Changes to squid-3.5.0.4 (21 Dec 2014): |
966 | ||
967 | - Bug 3826: pt 2: Provide a systemd .service file for Squid | |
968 | - Support http_access denials of SslBump "peeked" connections. | |
969 | - Fix DONT_VERIFY_DOMAIN ssl flag | |
970 | - Fix peek-and-splice mode: certificate validation for domain mismatched errors | |
971 | - negotiate_kerberos_auth: MEMORY keytab and replay cache support | |
972 | - ... and some documentation updates | |
973 | - ... and a large amount of code polishing (non-logic changes) | |
974 | ||
4666bb8d AJ |
975 | Changes to squid-3.5.0.3 (09 Dec 2014): |
976 | ||
977 | - Bug 4146: workaround SSL Bump crash on Linux | |
978 | - Bug 4135: Support \-escaped characters in regex patterns | |
979 | - Bug 4131: SIGSEGV at store.cc:962 content_length > store_maxobjsize | |
980 | - Fix delay_parameters parsing | |
981 | - HTTP/2: handle 'PRI' method found in HTTP/1.x traffic | |
982 | - ... and all changes from squid 3.4.10 | |
983 | - ... and a lot of documentation updates | |
984 | ||
bf611e3a AJ |
985 | Changes to squid-3.5.0.2 (31 Oct 2014): |
986 | ||
987 | - Fix FTP socket opening during reconfigure | |
988 | - ... and all changes from 3.4.9 | |
989 | - ... and some build errors in rarely used code | |
990 | - ... and several documentation updates | |
991 | ||
e0dbeeb6 AJ |
992 | Changes to squid-3.5.0.1 (17 Oct 2014): |
993 | ||
994 | - Port from 2.7: redirector and logging urlgroup feature | |
995 | - Bug 4093: source-maintenance.sh bad perl -i option | |
996 | - Bug 3608: per-service name for workers UDS sockets | |
997 | - Bug 2554: 32-bit wrap in AUFS counters | |
998 | - Bug 1961 pt1: URL handling redesign | |
999 | - Bug 1202 pt1: documentation for refresh_pattern algorithms | |
1000 | - Update Squid boilerplate copyright/license | |
1001 | - Update the http(s)_port directives protocol= parameter | |
1002 | - Update forward_max_tries to permit 25 server paths | |
1003 | - Update Kerberos library detection and build options | |
1004 | - Support ACLs on ftp_epsv directive | |
1005 | - Support >32KB objects in cache_dir rock storage | |
1006 | - Support client connection annotation by helpers via clt_conn_tag=TAG | |
1007 | - Support native FTP Relay | |
1008 | - Support libgnugss Kerberos library | |
1009 | - Support libecap v1.0 | |
1010 | - Support SSL Peek and Splice feature | |
1011 | - Support receiving PROXY protocol version 1 and 2 | |
1012 | - Replace --enable-ssl build option with --with-openssl | |
1013 | - Enable -n service name command line option for all Squid builds | |
1014 | - Enable ICAP client by default | |
1015 | - Fix configuration file parsing bugs, related to quoted strings | |
1016 | - Fix Windows MinGW build errors | |
1017 | - Fix multiple TCP outgoing TOS/DiffServ bugs | |
1018 | - Fix Cygwin /etc/resolv.conf parsing | |
1019 | - Fix crash when sending %ssl::cert_subject to external ACL w/o certificate | |
1020 | - Fix crash reading malformed config files | |
1021 | - Send selected SSL version and cipher to the certificate validation helper | |
1022 | - Validate server certificates without bumping | |
1023 | - Add zero-copy string buffer support | |
1024 | - Add automated squid.conf parser testing with squid -k parse | |
1025 | - Add adaptation_service ACL | |
1026 | - Add logformat code %tS to log transaction start time | |
1027 | - Add logformat code %>rd to log client URL domain name | |
1028 | - Add key_extras to proxy authentication | |
1029 | - Add url_rewrite_extras and store_id_extras directives | |
1030 | - Add send_hit and store_miss directives | |
1031 | - Add collapsed_forwarding directive | |
1032 | - Add sslproxy_cert_sign_hash directive | |
1033 | - Add SMP SSL session cache | |
1034 | - Add cache_peer standby connections | |
1035 | - Add helper ext_delayer_acl | |
1036 | - Add TCP_TUNNEL log code for CONNECT tunnels which are not SSL-bumped | |
1037 | - Add BUILDCXX and BUILDCXXFLAGS configure options for cross-compile | |
1038 | - Remove COSS storage in favour of Rock storage | |
1039 | - Remove dnsserver and external DNS helper API in favour of mDNS | |
1040 | - Remove broken mallinfo() accounting and memory tracing | |
1041 | - Remove hierarchy_stoplist in favour of always_direct | |
1042 | - Deprecate tag ACL type in favour of note ACL type | |
1043 | - Deprecate urlgroup feature in favour of note ACL type | |
1044 | - HTTP/1.1: method names are case-sensitive | |
1045 | - HTTP/1.1: register new headers from RFC 723x | |
1046 | - squidclient: polish and update help display | |
1047 | - squidclient: support TLS with GnuTLS 3.1.5+ | |
1048 | - squidclient: support verbosity levels | |
1049 | - squidclient: --ping mode module support | |
1050 | - url_fake_rewrite: support concurrency | |
1051 | - storeid_file_rewrite: support concurrency | |
1052 | - digest_file_auth: support concurrency | |
1053 | - digest_edirectory_auth: support concurrency | |
1054 | - digest_ldap_auth: support concurrency | |
1055 | - ... and many error page translation updates | |
1056 | - ... and much code cleanup and polishing | |
1057 | ||
4df5649e AJ |
1058 | Changes to squid-3.4.14 (01 Aug 2015): |
1059 | ||
1060 | - Do not blindly forward cache peer CONNECT responses (CVE-2015-5400) | |
1061 | ||
88e192b1 AJ |
1062 | Changes to squid-3.4.13 (01 May 2015): |
1063 | ||
1064 | - Bug 4212: ssl_crtd crashes with corrupt database | |
1065 | - ... and some documentation updates | |
1066 | - ... and all fixes from squid 3.3.14 | |
1067 | ||
4d3be924 AJ |
1068 | Changes to squid-3.4.12 (18 Feb 2015): |
1069 | ||
1070 | - Bug 4066: Digest auth nonce indefinite rollover | |
1071 | - Bug 3997: Excessive NTLM or Negotiate auth helper annotations | |
1072 | - Fix several crashes when debugging enabled | |
1073 | - Fix silent SSL/TLS failure on split-stack operating systems | |
1074 | - HTTP/1.1: Stop emitting (Proxy-)Authentication-Info for Negotiate | |
1075 | - HTTPS: Add TLS/SSL option NO_TICKET to http[s]_port | |
1076 | - Remove dst ACL dependency on HTTP request message existence | |
1077 | - Set cap_net_admin when Squid sets TOS/Diffserv packet values | |
1078 | - ... and some documentation updates | |
1079 | ||
aac5b91d AJ |
1080 | Changes to squid-3.4.11 (13 Jan 2015): |
1081 | ||
1082 | - Bug 4164: SEGFAULT when %W formating code used in errorpages | |
1083 | - Bug 4057: Avoid on-exit crashes when adaptation is enabled. | |
1084 | - Bug 3760: squidclient ignores --disable-ipv6 | |
1085 | - Bug 3754: configure doesnt detect IPFilter 5.1.2 system headers | |
1086 | - Bug 3664: ssl_crtd fails to build on OpenSolaris/OpenIndiana/Solaris 11 | |
1087 | - cachemgr.cgi: memory leak in request parser | |
1088 | - Deleting first fs left psstate->servers pointing to uninitialized memory | |
1089 | - ... and some build issues | |
1090 | ||
4666bb8d AJ |
1091 | Changes to squid-3.4.10 (09 Dec 2014): |
1092 | ||
1093 | - Bug 4148: external_acl_type header format does not accept the new libformat syntax | |
1094 | - Bug 4145: squid_endian.h compile errors with OpenBSD 5.6 | |
1095 | - Bug 4033: Rebuild corrupted ssl_db/size file | |
1096 | - Bug 3902: Docs: external_acl_type cache hash key | |
1097 | - Fix segmentation fault in ACL urlpath_regex | |
1098 | - Fix bootstrap.sh dependency on SPONSORS.list | |
1099 | - Alternate-Protocol is a hop-by-hop header | |
1100 | - HTTP/2: Support 421 (Misdirected Request) status code | |
1101 | ||
bf611e3a AJ |
1102 | Changes to squid-3.4.9 (31 Oct 2014): |
1103 | ||
1104 | - Regression fix: ext_kerberos_ldap_group_acl typo in 3.4.7 update | |
1105 | - Bug 4102: sslbump cert contains only a dot character in key usage extension | |
1106 | - Bug 4093: source-maintenance.sh errors and warnings due to wrong tools/options | |
1107 | - Bug 4088: memory leak in external_acl_type helper with cache=0 or ttl=0 | |
1108 | - Bug 4024: Bad host/IP ::1 when using IPv4-only environment | |
1109 | - Bug 3803: ident leaks memory on failure | |
1110 | - kerberos_ldap_group/cert_tool: Remove ksh dependency | |
1111 | - ... and some automated code style updates | |
1112 | - ... and some documentation updates | |
1113 | ||
bd6c316a AJ |
1114 | Changes to squid-3.4.8 (15 Sep 2014): |
1115 | ||
1116 | - Fix off by one in SNMP subsystem | |
1117 | - pinger: Fix various ICMP handling issues | |
1118 | ||
abc809ce AJ |
1119 | Changes to squid-3.4.7 (28 Aug 2014): |
1120 | ||
1121 | - Regression Fix: Kerberos LDAP authorizing groups with principle subdomain | |
1122 | - Bug 4080: worker hangs when client identd is not responding | |
1123 | - Bug 3966: Add KeyEncipherment when ssl-bump substitues RSA for EC | |
1124 | - HTTP/1.1: Ignore Range headers with unidentifiable byte-range values | |
1125 | - SSL-bump: Use v3 for fake certificate if we add _any_ certificate extension | |
1126 | - Enable compile-time override for MAXTCPLISTENPORTS | |
1127 | - ntlm_sspi_auth: Fix various build errors | |
1128 | - negotiate_wrapper: Fix build issues with non-portable vfork() | |
1129 | - negotiate_sspi_auth: Portability fixes for MinGW | |
1130 | - ext_lm_group_acl: Portability fixes for MinGW | |
1131 | - ... and several minor memory leaks | |
1132 | ||
7f089ae4 AJ |
1133 | Changes to squid-3.4.6 (25 Jun 2014): |
1134 | ||
1135 | - Regression: segmentation fault logging with %tg format specifier | |
1136 | - Bug 4065: round-robin neighbor selection with unequal weights | |
1137 | - Bug 4056: assertion MemPools[type] from netdbExchangeStart() | |
1138 | - Bug 4050: segmentation fault in CommSelectEngine::checkEvents on helper response | |
1139 | - Fix segmentation fault setting up server SSL connnection | |
1140 | - Fix hanging Non-HTTPS connections on SSL-bump enabled port | |
1141 | - Fix Cache Manager actions listed more than once | |
1142 | - ... and many minor memory leaks | |
1143 | - ... and several portability build issues | |
1144 | - ... and some documentation updates | |
1145 | ||
51a22544 AJ |
1146 | Changes to squid-3.4.5 (02 May 2014): |
1147 | ||
1148 | - Regression Bug 4051: inverted test on CONNECT payload existence | |
1149 | - Regression Fix: order dependency between cache_dir and maximum_object_size | |
1150 | - Fix logformat %note display | |
1151 | - Resolve 'dying from an unhandled exception: c' | |
1152 | ||
445d8733 AJ |
1153 | Changes to squid-3.4.4.2 (23 Apr 2014): |
1154 | ||
51a22544 | 1155 | - version bump for packaging re-build with altered toolchain |
445d8733 | 1156 | |
e6b41a35 AJ |
1157 | Changes to squid-3.4.4.1 (23 Apr 2014): |
1158 | ||
1159 | - Regression Bug 4019: Cache digest exchange segmentation fault | |
1160 | - Regression Bug 3982: EUI logging and helpers show blank MAC address | |
1161 | - Bug 4047: Support Android builds | |
1162 | - Bug 4043: Remove XMALLOC_TRACE and references to sbrk(2) | |
1163 | - Bug 4041: Missing files in compat/Makefile.am | |
1164 | - Bug 4014: Build failure with --disable-optimizations --disable-auth | |
1165 | - Bug 3986: (partial) assertion due to incorrect error page buffer size | |
1166 | - Bug 3955: Solaris EUI-48 lookup leaks FDs | |
1167 | - Bug 3371: CONNECT with data sent at once loses data | |
1168 | - C++11: Upgrade auto-detection to use the formal -std=c++11 | |
1169 | - Crypto-NG: libnettle MD5 algorithm support | |
1170 | - SSL-Bump: Fix Basic auth caching on bumped connections | |
1171 | - Store-ID: Fix request URI when forwarding requests to peers | |
1172 | - ... and fix several other build errors | |
1173 | - ... and some documentation updates | |
1174 | ||
d3b930ff AJ |
1175 | Changes to squid-3.4.4 (09 Mar 2014): |
1176 | ||
1177 | - Bug 4029: intercepted HTTPS requests bypass caching checks | |
1178 | - Bug 4001: remove use of strsep() | |
1179 | - Bug 3186 and 3628: Digest authentication always sending stale=false for nonce | |
1180 | - Fix stalled concurrent rock store reads | |
1181 | - Fix helper ID number assignment | |
1182 | - Fix build failures from CMSG related definitions | |
1183 | - Fix build failures from libcompat unsafe.h protections | |
1184 | - Copyright: Relicense helpers by Treehouse Networks Ltd. | |
1185 | - ... and all bug fixes from 3.3.12 | |
1186 | ||
a01166da AJ |
1187 | Changes to squid-3.4.3 (02 Feb 2014): |
1188 | ||
1189 | - Bug 4008: HttpHeader warnOnError should be an int not a bool | |
1190 | - Bug 4002: clang 3.4 unable to compile | |
1191 | - Bug 3996: Malformed DNS reply leads to crash | |
1192 | - Bug 3995: compile error on CentOS 5 with GCC 4.1.2 | |
1193 | - Bug 3975: atomic detection cross-compilation failure | |
1194 | - Bug 3971: "cannot aggregate mgr:client_list: cmd->profile != NULL" in SMP mode | |
1195 | - Bug 3954: compile failure in CpuAffinity.cc | |
1196 | - Bug 3927: tests/testRock fatal.cc required | |
1197 | - Fix memory leak in peer Cache Digest exchange | |
1198 | - Fix external_acl_type async loop failures | |
1199 | - Fix destination IP address cycling | |
1200 | - ... and a few polishing changes | |
1201 | ||
441842f0 AJ |
1202 | Changes to squid-3.4.2 (30 Dec 2013): |
1203 | ||
1204 | - Regression Bug 3980: FATAL ERROR due to max_user_ip -s option | |
1205 | - Regression Fix: \-unescaping in quoted strings from helpers | |
1206 | - Regression Fix: URL helper API bypassing on URL containing '=' character | |
1207 | - Bug 3985: 60s limit introduced by balance_on_multiple_ip breaks bad IP recovery | |
1208 | - Bug 3806: Caching responses with Vary header | |
1209 | - Bug 3498: FTP PUT assertion | |
1210 | - WCCPv2: Fix assertion 'Cannot convert non-IPv4 to IPv4' on FreeBSD | |
1211 | - Enable concurrency by default for SSL certificate validator | |
1212 | - ... and fix several build errors | |
1213 | ||
12f64d19 AJ |
1214 | Changes to squid-3.4.1 (09 Dec 2013): |
1215 | ||
1216 | - Bug 3935: Invalid pointer dereference when peeking at origin server certificate | |
1217 | - Bug 3589: intercepted and ICAP modified request using a cache_peer | |
1218 | - ... and several portability fixes | |
1219 | - ... and some documentation updates | |
1220 | ||
277afc6e AJ |
1221 | Changes to squid-3.4.0.3 (01 Dec 2013): |
1222 | ||
1223 | - Bug 3941: Release notes error | |
1224 | - Receive annotations from authentication and external ACL helpers | |
1225 | - basic_nis_auth: Improved portability | |
1226 | - ... and several documentation updates | |
1227 | - ... and all bug fixes from 3.3.9, 3.3.10, 3.3.11 | |
1228 | ||
2d011f52 | 1229 | Changes to squid-3.4.0.2 (03 Oct 2013): |
ae2b6fc9 AJ |
1230 | |
1231 | - Regression Bug 3891: squid.conf parser errors in 3.4.0.1 | |
1232 | - Regression Fix: re-disable MinGW C++11 support | |
1233 | - Bug 3914: partial: make squidclient tool build cleanly with -Wconversion | |
1234 | - Fix memory leak in refresh_pattern parsing | |
1235 | - negotiate_kerberos_auth: upgrade to present group= keys | |
1236 | - Handle NTLM helper returning OK without user= value | |
1237 | - Add dns_multicast_local to control mDNS operation | |
1238 | - Add --disable-arch-native build option | |
1239 | - Display Build-Info in cache manager info report | |
1240 | - ... and all changes from squid 3.3.9 | |
1241 | - ... and some code and debug output polishing | |
1242 | ||
14561e1c | 1243 | Changes to squid-3.4.0.1 (29 Jul 2013): |
13db7eef AJ |
1244 | |
1245 | - Port from 2.7: StoreURL (renamed Store-ID) support | |
1246 | - Bug 3795: fix several mistakes in the MIB file | |
1247 | - Bug 3793: configure: improved helper detection | |
1248 | - Bug 3722: Invalid markup in Armenian hy ERR_ONLY_IF_CACHED_MISS | |
1249 | - Bug 3676: Support GCC 4.7 with -Wshadow option | |
1250 | - Bug 3643: NTLM helpers stuck in reserved state by Safari | |
1251 | - Bug 3389: Auto-reconnect for tcp access_log | |
1252 | - Bug 2066: squid does not do chdir() after chroot() | |
1253 | - Fix uninitialized fields in IcapLogEntry | |
1254 | - Fix a number of minor issues detected by Coverity Scan | |
1255 | - Fix some potential memory leaks detected by Coverity Scan | |
1256 | - Fix 64-bit support for Intel compiler suite (ICC) and other similar compilers | |
1257 | - Fix ACL matching algorithm to avoid repeating tests | |
1258 | - basic_pam_auth: Add -r option to strip NTLM/Negotiate domain from username | |
1259 | - squidpurge: fix META TLV parsing issues | |
1260 | - squid.conf: enforce all the directive and option names are lower-case | |
1261 | - Support EUI on HTTPS and FTP data connections | |
1262 | - Support OK/ERR/BH response codes from any helper | |
1263 | - Support No-lookup flag (-n) on DNS ACLs | |
1264 | - Support -march=native compiler optimization by default | |
1265 | - Support forwarding intercepted but not bumped connections to cache_peers | |
0bbaae54 | 1266 | - Support IPv6 NAT interception on Linux and some BSD |
13db7eef AJ |
1267 | - Deprecate log_icap and log_access configuration directives |
1268 | - HTTP/1.1: improved method invalidation and cacheability detection | |
1269 | - HTTP/1.1: support length configuration for pipeline_prefetch queue | |
1270 | - Improved TPROXY support for OpenBSD and FreeBSD | |
0bbaae54 | 1271 | - Add storeid_file_rewrite helper to perform Store-ID rewrites from a rules file |
13db7eef AJ |
1272 | - Add all-of and any-of ACL types for grouping sets of ACL tests |
1273 | - Add note directive for transaction annotations | |
1274 | - Add %note log format for transaction annotation logging | |
1275 | - Add note ACL type for matching annotated transactions with by annotation name or value | |
1276 | - Add kv-pair support to URL-rewrite/redirector interface | |
1277 | - Add SSL server certificate validator interface, helper and result cache | |
1278 | - Add SSL server certificate fingerprint ACL type | |
1279 | - Add spoof_client_ip access control | |
1280 | - Add pt-bz (Belize Portuguese) dialect to translations | |
1281 | - ... and many Windows portability changes (still incomplete) | |
1282 | - ... and many documentation changes | |
1283 | - ... and much code cleanup and polishing | |
988a7fba | 1284 | |
88e192b1 AJ |
1285 | Changes to squid-3.3.14 (01 May 2015): |
1286 | ||
1287 | - Bug 4093: source-maintenance.sh errors and warnings due to wrong tools/options | |
1288 | - ... and some documentation updates | |
1289 | - ... and all fixes from squid 3.2.14 | |
1290 | ||
abc809ce AJ |
1291 | Changes to squid-3.3.13 (28 Aug 2014): |
1292 | ||
1293 | - Fix segmentation fault setting up server SSL connnection | |
1294 | - HTTP/1.1: Ignore Range headers with unidentifiable byte-range values | |
1295 | ||
d3b930ff AJ |
1296 | Changes to squid-3.3.12 (09 Mar 2014): |
1297 | ||
1298 | - Regression Bug 3769: client_netmask not evaluated since Comm redesign | |
1299 | - Bug 4026: Fix SSL and adaptation_access handling of aborted connections | |
1300 | - Bug 3969: Fix credentials caching for Digest authentication | |
1301 | - Bug 3806: Caching responses with Vary header | |
1302 | - Fix umask default on crash report generated email | |
1303 | - Fix pthread library detection on FreeBSD 10 | |
1304 | - Avoid assertions on Range requests that trigger Squid-generated errors. | |
1305 | ||
277afc6e AJ |
1306 | Changes to squid-3.3.11 (01 Dec 2013): |
1307 | ||
1308 | - Regression Bug 3936: error-details.txt parse error with OpenSSL since 3.3.9 | |
1309 | - Bug 3972: Segfault when getting the deny_info page ID after a reconfigure | |
1310 | - Bug 3970: max_filedescriptors disabled due to missing setrlimit | |
1311 | - Bug 3967: ipc/Kid.cc compilation failure: 'time' was not declared in this scope | |
1312 | - Bug 3960: DEAD cache_peer are not revived | |
1313 | - Bug 3956: xstrndup: tried to dup a NULL pointer | |
1314 | - Bug 3906: Filedescriptor leaks in SNMP | |
1315 | - Bug 3782: Digest authentication not obeying nonce_max_count | |
1316 | - HTTP/1.1: Make header parser obey relaxed_header_parser | |
1317 | - HTTP/1.1: Re-compute Range response content offset after an FTP response was adapted | |
1318 | - SMP: Replace blocking sleep(3) and close UDS socket on failures | |
1319 | - Windows: fix several compile errors | |
1320 | ||
c663cc36 AJ |
1321 | Changes to squid-3.3.10 (03 Nov 2013): |
1322 | ||
1323 | - Bug 3929: request_header_add not working for tunnel requests | |
1324 | - Bug 3923: cbdata and undefined behavior due to dynamic runtime enumeration | |
1325 | - Bug 3918: Self Test Failures on Mac OS X 10.8 | |
1326 | - Bug 3887: tcp_outgoing_tos not working for IPv6 | |
1327 | - Bug 3836: Fix issues with automake 1.13+ and make check | |
1328 | - Bug 3480: StoreEntry::kickProducer() segfaults in store_client::copy() | |
1329 | - Fix pinning hierarchy log information | |
1330 | - Fix close idle client connections associated with closed idle pinned connections. | |
1331 | - Fix cbdata 'error: expression result unused' errors | |
1332 | - Avoid "hot idle": A series of rapid select() calls with zero timeout. | |
1333 | - Append Connection:close to OPTIONS requests when icap_persistent_connections is off | |
1334 | - ntlm_fake_auth: pass DOMAIN data to Squid in original case | |
1335 | - kerberos_ldap_group: fix LDAP string duplication | |
1336 | - Use IPv6 localhost nameserver on DNS configuration errors | |
1337 | - Add cache_miss_revalidate | |
1338 | - ... and several portability improvements | |
1339 | ||
db01c30c AJ |
1340 | Changes to squid-3.3.9 (11 Sep 2013): |
1341 | ||
1342 | - Regression Bug 3077: off-by-one error in Digest header decoding | |
1343 | - Bug 3895: fix acl_uses_indirect_client and cache_peer_access | |
1344 | - Bug 3879: assertion failed ConnStateData::validatePinnedConnection | |
1345 | - Bug 3863: myportname acl causes segmentation fault | |
1346 | - Bug 3849: Duplicate certificate sent when using https_port | |
1347 | - Bug 2287: Better fix for unsupported HTTP version handling | |
1348 | - Bug 2112: Reload into If-None-Match | |
1349 | - Fix several assert with side effects in ICAP/eCAP response handling | |
1350 | - Fix myportname ACL on ICAP/eCAP transactions | |
1351 | - Fix external ACL user:pass detail logging after adaptation | |
1352 | - Fix SMP mgr:info report 'Largest file desc currently in use' | |
1353 | - Handle infinite certificate validation loops caused by OpenSSL Bug 3090. | |
1354 | - Improved compatibility with gcc 4.8, clang and icc | |
1355 | - Show number of available filedescriptors when reserved FD changes | |
1356 | - Sync with newest OpenSSL error codes | |
1357 | - Register Http2-Settings header | |
1358 | - ... and many Windows portability fixes | |
1359 | ||
8dbafb10 AJ |
1360 | Changes to squid-3.3.8 (13 Jul 2013): |
1361 | ||
1362 | - Bug 3869: assertion failed: MemBuf.cc:272: size < capacity | |
1363 | - Improved handling of port values in Host: header validation | |
1364 | ||
2fea9d2b AJ |
1365 | Changes to squid-3.3.7 (11 Jul 2013): |
1366 | ||
1367 | - Bug 3297: Fix openSSL related build failures | |
1368 | - Fix build on FreeBSD 9.x platform with clang | |
1369 | - Protect against buffer overrun in DNS query generation | |
1370 | ||
1a39473b AJ |
1371 | Changes to squid-3.3.6 (01 Jul 2013): |
1372 | ||
1373 | - Bug 3854: pt1: compile errors on AIX | |
1374 | - Bug 3802: Fix wrong check inside Format::Format::assemble | |
13db7eef | 1375 | - Bug 3762: remove bogus WARNING in cache.log |
1a39473b AJ |
1376 | - Bug 3717: assertion failed with dstdom_regex with IP based URL |
1377 | - Bug 1991: kqueue causes SSL to hang | |
1378 | - Ask for SSL key password when started with -N but without sslpassword_program | |
1379 | - Make sure %<tt includes all [failed] connection attempts | |
1380 | - Support HTTP reply ACLs in icap_log and log_icap | |
1381 | - Fix incorrect external_acl_type codes | |
1382 | - Fix ICAP logging request headers and segmentation faults | |
1383 | - ... and some documentation polish | |
1384 | ||
9c7aeeb8 AJ |
1385 | Changes to squid-3.3.5 (20 May 2013): |
1386 | ||
1387 | - Bug 3851: Delay Pool class 5 tag:levels displayed incorrectly in cache manager | |
1388 | - Bug 3845: http_port tcpkeepalive= option fails parsing | |
1389 | - Bug 3840: assertion failed 'sde' in UFS cache loading | |
1390 | - Bug 3836: make check failures with automake-1.13 | |
1391 | - Bug 3827: Remove AccessLogEntry::cache.authuser | |
1392 | - Bug 3816 pt2: SSL_get_certificate call inside Ssl::verifySslCertificate crashes | |
1393 | - Bug 3780: cachemgr.cgi: output problem in HTTP Header Statistics | |
1394 | - Bug 3759: OpenSSL compilation error on stock Fedora17, RHEL, CentOS 6 systems | |
1395 | - Bug 3744: squid terminated: FATAL: Bungled (null) line 3: sslproxy_cert_sign signTrusted all | |
1396 | - Port from 2.6: external acl %ACL and %DATA tags | |
1397 | - Update copyright on SN.png | |
1398 | - ... and several minor memory leaks | |
1399 | - ... and some documentation polish | |
1400 | ||
988a7fba AJ |
1401 | Changes to squid-3.3.4 (27 Apr 2013): |
1402 | ||
1403 | - Bug 3831: basic_ncsa_auth Blowfish and SHA support | |
1404 | - Bug 3816: SSL_get_certificate call inside Ssl::verifySslCertificate crashes | |
1405 | - Bug 3794: MacOS: workaround compiler errors and case-insensitivity | |
1406 | - Bug 3781: Proxy Authentication not sent to cache_peer | |
1407 | - Bug 3720 pt1: SourceLayout: shuffle fd_table definition into fde.h | |
1408 | - Bug 3720 pt2: Add missing include in /dev/poll I/O module | |
1409 | - Bug 3674: Improve compiler detection, better support warnings-as-errors on clang | |
1410 | - Add support for TPROXY on BSD | |
1411 | - Fix SSL Bump bypass for intercepted traffic | |
1412 | - Fix memory leaks in ConnStateData pinning | |
1413 | - Fix external_acl.cc "inBackground" assertion on queue overloads | |
1414 | - CacheMgr: fix missing column separator in helper stats | |
1415 | - OpenBSD: libpthreads requires OpenBSD 5.2 or later | |
1416 | - ... and lots of documentation updates | |
1417 | - ... and all changes from squid 3.2.10 | |
1418 | ||
40c973aa AJ |
1419 | Changes to squid-3.3.3 (12 Mar 2013): |
1420 | ||
1421 | - Bug 3720: Add missing include in /dev/poll I/O module (pt2) | |
1422 | - ... and all changes from squid 3.2.9 | |
1423 | ||
d4dc9eea AJ |
1424 | Changes to squid-3.3.2 (02 Mar 2013): |
1425 | ||
1426 | - Bug 3781: Proxy Authentication not sent to cache_peer | |
1427 | - Bug 3794: MacOS: workaround compiler errors | |
1428 | - Bug 3720: Compile error in Solaris /OpenIndiana | |
1429 | - ... and all changes from squid 3.2.8 | |
1430 | ||
21744e8b AJ |
1431 | Changes to squid-3.3.1 (09 Feb 2013): |
1432 | ||
1433 | - Bug 3726: build errors with --disable-ssl | |
1434 | - Propigate pinned connection persistency and closures to the client. | |
1435 | - Mimic SSL certificate Key Usage and Basic Constraints | |
1436 | - Fix segmentation fault on missing squid.conf values | |
1437 | - ext_sql_session_acl: Fix hex decoding on UID | |
1438 | - ... and some code polish | |
1439 | - ... and a lot of documentation polish | |
1440 | - ... and all changes from squid 3.2.7 | |
1441 | ||
56eea3f2 AJ |
1442 | Changes to squid-3.3.0.3 (09 Jan 2013): |
1443 | ||
1444 | - Bug 3729: 32-bit overflow in parsing 64-bit configuration values | |
1445 | - Bug 3728: Improve debug for cache_dir | |
1446 | - Additional fixes for CVE-2012-5643 / SQUID:2012-1 | |
1447 | - kerberos_ldap_group: support multiple groups in squid.conf ACL definition | |
1448 | - kqueue: update status from experimental to fully available net I/O method | |
1449 | - ... and many memory leaks and potential bugs detected by Coverity Scan | |
1450 | ||
bd4920ca AJ |
1451 | Changes to squid-3.3.0.2 (03 Dec 2012): |
1452 | ||
1453 | - Support matching empty header field values using req_header and rep_header | |
1454 | - ... and some minor code polish and input vaidations | |
1455 | - ... and all changes from squid 3.2.4 | |
1456 | ||
362d74b6 AJ |
1457 | Changes to squid-3.3.0.1 (21 Oct 2012): |
1458 | ||
1459 | - Bug 3610: Add peername_regex ACL | |
1460 | - Bug 3239: rename myip/myport as localip/localport | |
1461 | - Bug 3130: helpers are crashing too rapidly | |
1462 | - Add log_db_daemon SQL Database Logging Daemon | |
1463 | - Add ext_time_quota_acl helper managing sessions by bandwidth usage | |
1464 | - Add request_header_add option | |
1465 | - Support C++11 features where possible | |
1466 | - Support bump-ssl-server-first | |
1467 | - Support mimic SSL server certificates | |
1468 | - Remove --enable-ntlm-fail-open | |
1469 | - Fix TLS/SSL Options does not apply to the dynamically generated certificates | |
1470 | - Fix SslBump stuck after error | |
1471 | - Polish: display ACL enumeration text in debugs | |
1472 | - ... and many portability fixes for MacOS X, Windows and others | |
1473 | - ... and many compile error fixes | |
1474 | - ... and a very large amount of code polish for faster compilation | |
1475 | ||
88e192b1 AJ |
1476 | Changes to squid-3.2.14 (01 May 2015): |
1477 | ||
1478 | - Fix 'access_log none' to prevent following logs being used | |
1479 | - Fix X509 server certificate domain matching | |
1480 | - ... some documentation updates | |
1481 | ||
8dbafb10 AJ |
1482 | Changes to squid-3.2.13 (13 Jul 2013): |
1483 | ||
1484 | - Bug 3869: assertion failed: MemBuf.cc:272: size < capacity | |
1485 | - Improved handling of port values in Host: header validation | |
1486 | ||
2fea9d2b AJ |
1487 | Changes to squid-3.2.12 (11 Jul 2013): |
1488 | ||
1489 | - Protect against buffer overrun in DNS query generation | |
1490 | - Avoid !closing assertions when helpers call comm_read during reconfigure. | |
1491 | - Fix several minor memory leaks during reconfigure | |
1492 | - Remove origin_tries limiter on forwarding and permit large max_forward_tries values | |
1493 | ||
80c1bddb AJ |
1494 | Changes to squid-3.2.11 (30 Apr 2013): |
1495 | ||
1496 | - Regression Bug 3839: build error: src/tools.h: No such file or directory | |
1497 | - Update copyright on SN.png | |
1498 | ||
988a7fba AJ |
1499 | Changes to squid-3.2.10 (27 Apr 2013): |
1500 | ||
1501 | - Bug 3833: squidclient: Option '-k' is not present in man(1) page | |
1502 | - Bug 3825: basic_ncsa_auth: segfaulting with glibc-2.17 | |
1503 | - Bug 3822: Locate LDAP and SASL headers for BSD support | |
1504 | - Bug 3817: Memory leak in SSL cert validate for alt_name peer certs | |
1505 | - Bug 3774: 'squid -k reconfigure' drops rock cache | |
1506 | - Bug 3565: Resuming postponed accept kills Squid | |
1507 | - HTTP/1.1: partial support for no-cache and private controls with parameters | |
1508 | - ssl_crtd: fix helpers dying during startup on ARM | |
1509 | - GNU Hurd: define MAP_NORESERVE as no-op when missing | |
1510 | - BSD: fix enter_suid/leave_suid build errors in ip/Intercept.cc | |
1511 | ||
40c973aa AJ |
1512 | Changes to squid-3.2.9 (12 Mar 2013): |
1513 | ||
1514 | - Regression fix: Accept-Language header parse | |
1515 | - Bug 3673: Silence 'Failed to select source' messages | |
1516 | - Fix authentication headers sent on peer digest requests | |
1517 | - Fix build error on Solaris, OpenIndiana, Omnios | |
1518 | ||
d4dc9eea AJ |
1519 | Changes to squid-3.2.8 (02 Mar 2013): |
1520 | ||
1521 | - Bug 3767: tcp_outgoing_tos/mark ACLs do not obey acl_uses_indirect_client | |
1522 | - Bug 3763: diskd Error: no filename in shm buffer | |
1523 | - Bug 3752: objects that cannot be cached in memory are not cached on disk | |
1524 | - Bug 3753: Removes the domain from the cache_peer server pconn key | |
1525 | - Bug 3749: IDENT lookup using wrong ports to identify the user | |
1526 | - Bug 3723: tcp_outgoing_tos/mark broken for CONNECT requests | |
1527 | - Bug 3686: cache_dir max-size default fails | |
1528 | - Bug 3515: crash in FtpStateData::ftpTimeout | |
1529 | - Bug 3329: Quieten orphan Comm::Connection messages | |
1530 | - Make squid -z for cache_dir rock preserve the rock DB | |
1531 | - Fixed several server connect problems | |
02824360 AJ |
1532 | - ... and some build issues on Solaris, OpenIndiana, MacOS X |
1533 | - ... and some documentation and debugs polishing | |
d4dc9eea | 1534 | |
54ccbeea AJ |
1535 | Changes to squid-3.2.7 (01 Feb 2013): |
1536 | ||
1537 | - Bug 3736: Floating point exception due to divide by zero | |
1538 | - Bug 3735: raw-IPv6 domain URLs crash if IPv6-disabled | |
1539 | - Bug 3732: Fix ConnOpener IPv6 awareness | |
1540 | - Bug 3729: 32-bit overflow in parsing 64-bit configuration values | |
1541 | - Bug 3728: Improve debug for cache_dir | |
1542 | - Bug 3687: unhandled exception: c when using interception and peers | |
1543 | - Bug 3678: external acl grace period causes acl lookup failures | |
1544 | - Bug 3567: Memory leak handling malformed requests | |
1545 | - Bug 3111: Mid-term fix for the forward.cc "err" assertion | |
1546 | - Support OpenSSL NO_Compression optio | |
1547 | - Fix IPv6 enabled pinger on split-stack or IPv6-disabled systems | |
1548 | - Fix "address.GetPort() != 0" assertion for helpers | |
1549 | - ... and several minor memory leaks | |
1550 | - ... and some cache.log message polishing | |
1551 | ||
56eea3f2 AJ |
1552 | Changes to squid-3.2.6 (09 Jan 2013): |
1553 | ||
1554 | - Regression Bug 3731: TOS setsockopt() requires int value | |
1555 | - Regression Bug 3712: Rotating logs overwrites the previous log | |
1556 | - Bug 3727: LLVM compile errors in kerberos_ldap_group | |
1557 | - Bug 3650: Negotiate auth missing challenge token | |
1558 | - Additional fixes for CVE-2012-5643 / SQUID:2012-1 | |
1559 | ||
eeb80d48 AJ |
1560 | Changes to squid-3.2.5 (10 Dec 2012): |
1561 | ||
1562 | - Bug 3698: Add missing include of errno.h | |
1563 | ||
bd4920ca AJ |
1564 | Changes to squid-3.2.4 (03 Dec 2012): |
1565 | ||
1566 | - Ported: urllogin ACL from squid 2.7 | |
1567 | - Bug 3688: Lots of Orphan Comm:Connections to ICAP server | |
1568 | - Bug 3677: Port un-pinning logic changes from squid 3.3 | |
1569 | - Bug 3405: ssl_crtd crashes failing to remove certificate | |
1570 | - ... and major bugs fixed in squid 3.1.22 | |
1571 | - Fix accept_filter on Linux | |
1572 | - Remove 'Bungled' warning on missing component directives | |
1573 | - ... and many buffer and memory leak issues in the bundled helpers | |
1574 | - ... and a small amount of code polishing | |
1575 | ||
362d74b6 AJ |
1576 | Changes to squid-3.2.3 (21 Oct 2012): |
1577 | ||
1578 | - Regression: SMP crashes on startup with workers > 1 | |
1579 | - Bug 3655: pinning failure breaks NTLM and Negotiate authentication | |
1580 | - SMP: Allow a UFS cache_dir entry to coexist with a shared memory cache entry | |
1581 | - HTTP/1.1: honour Cache-Control before Pragma:no-cache | |
1582 | - HTTP/1.1: Cache-Control compliance upgrade | |
1583 | - Remove obsoleted refresh_pattern ignore-no-cache option | |
1584 | - Fix IPv6 enabled squidclient | |
1585 | - ... and several compile fixes | |
1586 | ||
1587 | Changes to squid-3.2.2 (06 Oct 2012): | |
a18ad4b5 AJ |
1588 | |
1589 | - Regression: Make login=PASS send no credentials when none available | |
1590 | - Regression: Handle dstdomain duplicates and overlapping names better | |
1591 | - Bug 3661: Segmentation fault when using more than 1 worker | |
1592 | - Bug 3660: ACLFilledChecklist::fd set with wrong fd for sslproxy_cert_error | |
1593 | - Bug 3658: ERR_ZERO_SIZE_OBJECT propagates out even after successful retry | |
1594 | - Bug 3648: polish String class files | |
1595 | - Bug 3647: parsing hier_code acl fails | |
1596 | - Bug 3626: forwarding loops on intercepted traffic | |
1597 | - Bug 3616: retrieve client connection for ACL checks from the related HttpRequest object | |
1598 | - Bug 3609: several RADIUS helper improvements | |
1599 | - Bug 3605: memory leak in Negotiate authentication | |
1600 | - Fix small memory leak in src ACL parse | |
1601 | - Fix maximum_single_addr_tries upgrade | |
1602 | - Fix chunked encoding on responses carrying a Content-Range header. | |
1603 | - Do not reuse persistent connections for PUTs to avoid ERR_ZERO_SIZE_OBJECT | |
1604 | - ... and several compile errors | |
1605 | ||
c72a2049 AJ |
1606 | Changes to squid-3.2.1 (15 Aug 2012): |
1607 | ||
1608 | - Bug 3605: memory leak in peer selection | |
1609 | - Bug 3478: better default handling without -DSTRICT_ORIGINAL_DST | |
1610 | - ... and some documentation updates | |
1611 | ||
a9eec4aa AJ |
1612 | Changes to squid-3.2.0.19 (02 Aug 2012): |
1613 | ||
1614 | - Regression Bug 3580: IDENT request makes squid crash | |
1615 | - Regression Bug 3577: File Descriptors not properly closed | |
1616 | - Regression Bug 3478: Allow peer selection and connection auth on intercepted traffic | |
1617 | - Regression Fix: Restore memory caching ability | |
1618 | - Bug 3556 Workaround: epoll assertion failed: comm.cc:1093: isOpen(fd) | |
1619 | - Bug 3551: store_rebuild.cc:116: "store_errors == 0" assertion | |
1620 | - Bug 3525: Do not resend nibbled PUTs and avoid "mustAutoConsume" assertion. | |
1621 | - Avoid bogus "Disk space over limit" warnings when rebuidling dirty ufs index | |
1622 | - Support custom headers in [request|reply]_header_* manglers | |
1623 | - ... and much code polishing | |
1624 | ||
5cc53d80 | 1625 | Changes to squid-3.2.0.18 (29 Jun 2012): |
f787354b AJ |
1626 | |
1627 | - Bug 3576: ICY streams being Transfer-Encoding:chunked | |
1628 | - Bug 3537: statistics histogram leaks memory | |
1629 | - Bug 3526: digest authentication crash | |
1630 | - Bug 3484: Docs: sslproxy_cert_error example flawed | |
1631 | - Bug 3462: Delay Pools and ICAP | |
1632 | - Bug 3405: ssl_crtd crashes failing to remove certificate | |
1633 | - Bug 3380: Mac OSX compile errors with CMSG_SPACE | |
1634 | - Bug 3258: Requests hang when Host forgery verify fails | |
1635 | - Bug 3186: Digest auth caches failed state without revalidating | |
1636 | - Bug 2976: ERR_INVALID_URL for transparently captured requests when reconfiguring | |
1637 | - Bug 2885: AIX: check and set required compiler flags | |
1638 | - Fix ssl_crtd compile issues with libsslutil | |
1639 | - Fix build with GCC 4.7 (and probably other C++11 compilers). | |
1640 | - Fix double-escape of %R on deny_info redirect responses | |
1641 | - Support status 308 Permanent Redirect | |
1642 | - Support for TLSv1.1 and TLSv1.2 options and methods | |
1643 | - Support passing external_acl_type credentials on ICAP | |
1644 | - Language Updates: fr, hy, pt_BR | |
1645 | - ... and many compile issues on Windows | |
1646 | - ... and some minor code polish | |
1647 | ||
5cc53d80 | 1648 | Changes to squid-3.2.0.17 (12 Apr 2012): |
f949585d AJ |
1649 | |
1650 | - Bug 3527: EUI compile errors on Mac OS X 10.5.8 PPC | |
1651 | - Bug 3509: kQueue compile error | |
1652 | - Bug 3505: crash in CbcPointer<Comm::ConnOpener> constructor | |
1653 | - Bug 3441: Part 3: Replace corrupted v1 swap.state with new v2 format. | |
1654 | - Bug 3397: do not mark connection as opened until after SYN-ACK | |
1655 | - Bug 3193: NTLM decoder truncating strings | |
1656 | - Windows FD handling polish and some fixes | |
1657 | - Solaris 9/10 various build fixes | |
1658 | - ... and some more code polish | |
1659 | ||
5cc53d80 | 1660 | Changes to squid-3.2.0.16 (07 Mar 2012): |
488e6901 AJ |
1661 | |
1662 | - Bug 3508: Correct DNS timeout handling. | |
1663 | - Bug 3503: DNS PTR queries timeout due to wrong QIDs. | |
1664 | - Bug 3497: Bad ssl_crtd db size file causes infinite loop | |
1665 | - Bug 3490: part 1: SegFault opening FTP active data connections | |
1666 | - Bug 3490: Crash writing Apache Common and Referer/Useragent logs | |
c5426f8f | 1667 | - Bug 3458: Icon Serving (squid-internal-static) Broken |
488e6901 AJ |
1668 | - Bug 3457: Display TLS error details in ERR_SECURE_CONNECT_FAIL |
1669 | - Bug 3381: 32-bit overflow assertion in StatHist | |
1670 | - Bug 3324: loadFromFile: parse error while reading template file | |
1671 | - Support sslpassword_program for ssl-bump HTTP ports | |
1672 | - Support CoAP protocol coap:// and coaps:// URL schemes in HTTP requests | |
1673 | - Retry requests that failed due to a persistent connection race | |
1674 | - Log '-' on requests with no Referer or User-Agent headers | |
1675 | - ... and several fixes related to in-transit object performance | |
1676 | - ... and some structural design changes for portability | |
1677 | ||
5cc53d80 | 1678 | Changes to squid-3.2.0.15 (06 Feb 2012): |
f9329b54 AJ |
1679 | |
1680 | - Bug 3472: segfault with the message 'urlParse: URL too large' | |
1681 | - Bug 3471: segfault when %la formating code used | |
1682 | - Bug 3449: part 3: shm_open can fail with a mangled path | |
1683 | - Bug 3449: part 4: shm_open failed (fixing memory_cache_shared defaults) | |
1684 | - Bug 3448: 204 response problem in adaptation chains | |
1685 | - Bug 3447: assertion failed: CommCalls.h:150: "dp" | |
1686 | - Bug 3461: build regression in IPFilter NAT | |
1687 | - Bug 3413: raise cbdata lock limits | |
1688 | - Bug 3391: forwarded_for log functionality broken | |
1689 | - Bug 3268: Squid cannot do anything else during ufs/diskd rebuild | |
1690 | - Bug 3268: remove wrong 'Ready to serve requests.' message | |
1691 | - Bug 2519: ssl_bump + Authentication (LDAP Digest) issues | |
1692 | - Disable OpenSSL SSL/TLS bug workarounds by default | |
1693 | - Send DNS A and AAAA queries in parallel | |
1694 | - Cache Manager migration support | |
1695 | - Allow service of internal requests over reverse-proxy ports | |
1696 | - Fix trimMemory for unswappable objects | |
1697 | - ... and several build and polish fixes | |
1698 | ||
902bc38b AJ |
1699 | Changes to squid-3.2.0.14 (12 Dec 2011): |
1700 | ||
1701 | - Bug 3433: Segfault closing SNMP | |
1702 | - Bug 3420: Request body consumption races and !theConsumer exception. | |
1703 | - Bug 3406: SSL Log Error in debug | |
1704 | - Bug 3383: store.cc:1631: "new_status != IN_MEMORY" assertion | |
1705 | - Bug 3383: unhandled exception: theGroupBSize > 0 | |
1706 | - Bug 3377: assertion failed: store.cc:885: "store_status == STORE_PENDING" | |
1707 | - Bug 3367: fix inverted check on host_strict_verify | |
1708 | - Bug 3366: assertion comm.cc:1276: isOpen(fd) via CompositePoolNode::kickReads | |
1709 | - Bug 3364: SNMP Orphans | |
1710 | - Bug 3301: ERR_DNS_FAIL never shown | |
1711 | - Bug 3150: do not start useless unlinkd | |
1712 | - ext_session_acl: version 1.2 | |
1713 | - Add adaptation_meta option | |
1714 | - Add a mask on the qos_flows miss configuration value | |
1715 | - Support intermediate CA in ssl-bump traffic certificates | |
1716 | - Support SSL certificate failure details on error page | |
1717 | - Fix flags for NAT intercept and TPROXY not set correctly | |
1718 | - Fix fastCheck() default result on multi-line actions | |
1719 | - Fix missing SMP shared memory statistics | |
1720 | - Fix Comm::Write closing() assertion when retrying a failed UDP DNS query | |
1721 | - ... and several other TCP and SMP support behaviour fixes | |
1722 | - ... and many code polishing cleanups and fixed build errors | |
1723 | - ... and several documentation polishings | |
1724 | ||
8fe9e0a2 AJ |
1725 | Changes to squid-3.2.0.13 (14 Oct 2011): |
1726 | ||
1727 | - Regression Bug 3363: never_direct always 'unable to forward this request at this time' | |
1728 | - Regression Bug 3351: FTP timeout causing "store_status == STORE_PENDING" assertion | |
1729 | - Regression Bug 3336: reconfigure assertion 'hlp->childs.n_running > 0' | |
1730 | - Regression fix: always_direct/never_direct failures | |
1731 | - Regression fix: stop an SSL header file being included after --disable-ssl | |
1732 | - Regression fix: parse HTTP list headers with embedded 8-bit characters | |
1733 | - Bug 3355: configure setting --with-swapdir ignored | |
1734 | - Bug 3325: option to selectively enable strict host verify checks | |
1735 | - Bug 3337: HTTP status 200 is not accepted for deny_info | |
1736 | - Bug 3077: '\' in url query strings cause Digest authentication to fail | |
1737 | - Support SMP worker shared memory cache | |
1738 | - Support SMP worker shared disk cache (rock) | |
1739 | - ext_session_acl: version 1.1 | |
1740 | - Fix Host verify: do not pinn destination IP if URL re-write has been done | |
1741 | - Fix IPF interception | |
1742 | - Fix ssl_crtd "Cannot add certificate to db" when updating expired cert | |
1743 | - Fix ssl_crtd CertificateDB locking scheme | |
1744 | - ... and all changes from 3.1.16 | |
1745 | - ... and many compile and polishing fixes | |
1746 | ||
f96fd18d AJ |
1747 | Changes to squid-3.2.0.12 (17 Sep 2011): |
1748 | ||
1749 | - Regression Bug 3335: ICAP service is down | |
1750 | - Regression Bug 3322: adapt:: and icap:: format codes do not parse | |
1751 | - Regression Bug 3303: Support for non-English usernames in log files | |
1752 | - Regression Bug 3259: assertion failed: Connection.cc:29: 'fd<0' after REVIVED PARENT | |
1753 | - Regression: %I shows hostname on SSL error page | |
1754 | - Regression: FTP outgoing port always 'in use' on PASV connections | |
1755 | - Bug 3337: (partial) status 200 is not accepted for deny_info | |
1756 | - Bug 3319: Inconsistencies in error messages | |
1757 | - Bug 3281: pconn in-use while closing assertion | |
1758 | - Bug 3243: Fix cases: raw-IPv6, case variant FQDN, internal request | |
1759 | - Fixed max-stale check. Entities not exceeding max-stale were marked as stale | |
1760 | - Adjust format code %la for intercepted connections | |
1761 | - Log ICAP_ERR_GONE ICAP transaction outcome when ICAP initiator disappears early | |
1762 | - Send RST packet when closing an ICAP connection after a transaction error | |
1763 | - Support maximum field width for string access.log fields | |
1764 | ||
2284b7f7 AJ |
1765 | Changes to squid-3.2.0.11 (28 Aug 2011): |
1766 | ||
1767 | - Bug 3243: CVE-2009-0801 Bypass of browser same-origin access control | |
1768 | - Host: authority validation of intercepted destination IP | |
1769 | - Host: authority validation of request URL | |
1770 | - Host: authority validation of CONNECT tunnel destination | |
1771 | - Preserve client destination IP in intercepted communication | |
1772 | - Regression Bug 3316: Failed to connect to nameserver using TCP | |
1773 | - Regression Bug 3311: segmentation fault in getMyPort() with only intercept port set | |
1774 | - Regression Bug 3310: %<pt translates as %<p | |
1775 | - Regression Bug 3301: ERR_DNS_FAIL never shown (partial) | |
1776 | - Regression Bug 3288: %<la and %<lp not displaying | |
1777 | - Bug 3289: cache manager parameters not parsed without password | |
1778 | - Bug 2279: Log Format options to log server source IP and port | |
1779 | - Bug 3211: ssl_crtd start even if no ssl-bump port is configured | |
1780 | - Bug 3138: squidclient mgr:objects/mgr:vm_objects never ends | |
1781 | - Bug 3118: ecap_enable on forces icap_enable on | |
1782 | - Bug 3107: ncsa_auth DES silently truncates passwords to 8 bytes | |
1783 | - Default to vhost for accelerator mode (reverse proxy) | |
1784 | - Display HTTP protocol syntax at section 11 level 2 | |
1785 | - Support for using custom keys in CARP parents | |
1786 | - Optimize regular expression ACLs | |
1787 | - ... and a lot of code portability fixes | |
1788 | - ... and all bugs and polish changes from 3.1.15 | |
1789 | ||
3ff024ec AJ |
1790 | Changes to squid-3.2.0.10 (24 Jul 2011): |
1791 | ||
1792 | - Port from 2.7: act-as-origin for reverse proxy ports | |
1793 | - Regression fix: broken --disable-ipv6 | |
1794 | - Regression fix: negative cacheing on unknown or -1 expiry timestamp | |
1795 | - Regression fix: vhost and defaultsite causing vport to be ignored | |
1796 | - Regression fix: several errors in persistent connection handling | |
1797 | - Regression Bug 3280: allow max-size unset and min-size=N for large objects | |
1798 | - Regression Bug 3245: reconfigure assertion in MemPools[type] | |
1799 | - Regression Bug 3274: assertion failed: CommCalls.h:144: "dp" | |
1800 | - Regression Bug 3273: assertion comm.cc:775: Comm::IsConnOpen(conn) | |
1801 | - Regression Bug 3269: cache.log applyQueryParams messages | |
1802 | - Regression Bug 3264: Segmentation Fault in src/ipc/Strand.cc(54) receive: 3 | |
1803 | - Regression Bug 3246: assertion client_side.cc:1407 connIsUsable(http->getConn()) | |
1804 | - Bug 3267: workers IPC mount points disobey --localstatedir | |
1805 | - Bug 3248: login=NEGOTIATE sends wrong auth header to origin peers | |
1806 | - Bug 3247: Domain from URL Stripped when going through peers | |
1807 | - Bug 3244: wrong port for peer relayed requests | |
1808 | - Bug 3195: kerberos_ldap_group will not build without kerberos | |
1809 | - Bug 2862: add http(s):// support to cache manager | |
1810 | - kerberos_ldap_group: several fixes to -S option | |
1811 | - ssl_crtd: Add man(8) file | |
1812 | - ... and several pieces of code cleanup and polishing. | |
1813 | - ... and most bug fixes and updates from 3.1.14 and 3.1.15 | |
1814 | ||
6d44d1e9 AJ |
1815 | Changes to squid-3.2.0.9 (18 Jun 2011): |
1816 | ||
1817 | - Bug 3159: delay pools --disable-auth compile problems | |
1818 | - HTTP/1.1: Support multiline quoted-string header fields | |
1819 | - HTTP/1.1: Send 505 Unsupported Version on mangled version codes | |
1820 | - Support configurable and translated SSL error details messages | |
1821 | - Add log format codes for split client/server views of HTTP request line | |
1822 | - Major upgrade of TCP connection handling | |
1823 | - Support split-stack IPv6 to servers | |
1824 | - Support persistent connections with tcp_outgoing_address/tcp_outgoing_tos | |
1825 | - Optimized persistent connection handling | |
1826 | - Optimized FTP data connection handling | |
1827 | - Optimized TCP failure recovery | |
1828 | - ... and all bug fixes and updates from 3.1.12.3 | |
1829 | - ... and many code polish, documentation and translation cleanups | |
1830 | ||
65f2789a AJ |
1831 | Changes to squid-3.2.0.8 (30 May 2011): |
1832 | ||
1833 | - Bug 3214: "helperHandleRead: unexpected read from ssl_crtd" errors. | |
1834 | - Bug 3043: Properly detect Iphlpapi.h on windows | |
1835 | - Bug 2055: Honor ICAP Max-Connections | |
1836 | - Fix NTLM/Negotiate reply auth PASSTHRU to peers | |
1837 | - Support SSL SNI to origin servers | |
1838 | - Add %EXT_LOG and %EXT_TAG external_acl_type format options | |
1839 | - Add %b tag for proxy listening port display in error pages | |
1840 | - Optimize base64 encoding/decoding | |
1841 | - Require libcap before enabling netfilter MARK support | |
1842 | - Require libtool 2.2 | |
1843 | - Bundle pkg.m4 from pkg-config 0.25 for OS without pkg-config | |
1844 | - ... and all bug fixes and updates from 3.1.12.2 | |
1845 | - ... and some documentation and code polishing | |
1846 | ||
065f7779 AJ |
1847 | Changes to squid-3.2.0.7 (19 Apr 2011): |
1848 | ||
1849 | - Regression fix: NTLM and Negotiate auth assertion "RefCountCount() == 2" | |
1850 | - Regression fix: icons/ FHS compliance | |
1851 | - Regression fix: Startup aborts with URL error when --disable-htcp | |
1852 | - Bug 3192: comm.cc:216: "fd_table[fd].halfClosedReader != NULL" | |
1853 | - Add negotiate_wrapper_auth version 1.0.1 | |
1854 | - Fixed %dt logging in the presence of REQMOD | |
1855 | - Fixed chunked request forwarding in ICAP REQMOD presence | |
1856 | - ... all bug fixes and updates from 3.1.12.1 | |
1857 | - ... many code polishings and display cleanups | |
1858 | ||
7d9ce496 AJ |
1859 | Changes to squid-3.2.0.6 (04 Apr 2011): |
1860 | ||
1861 | - Regression fix: upgrade existing icons | |
61beade2 | 1862 | - Regression fix: do not crash when accessing an SSL certificate with errors |
7d9ce496 AJ |
1863 | - Regression fix: prevent stdio log module segfaults on rotate |
1864 | - Regression fix: shutdown properly even if a worker process crashes on exit | |
1865 | - Regression Bug 3159: (partial fix) ICAP and --disable-auth compile problems | |
1866 | - Bug 3170: "Unsupported or unconfigured/inactive proxy-auth scheme" on shutdown | |
1867 | - Bug 3105: malformed Proxy-Authorization leaks memory | |
1868 | - Bug 3007: CONNECT to cache_peer returns 000 status code | |
1869 | - Bug 2885: Compile errors on AIX | |
1870 | - Support parameterized Cache Manager queries | |
1871 | - Support libecap v0.2.0; fixed eCAP body handling and logging | |
1872 | - Support dynamic adaptation plans that cover multiple vectoring points | |
1873 | - Support %D details for documented OpenSSL errors | |
1874 | - Support logging of all transactions including those with uncertain status or no sent response | |
1875 | - Updrate negotiate_kerberos_auth to version 3.0.4sq | |
1876 | - Update ext_kerberos_ldap_group_acl to version 1.3.0sq | |
1877 | - Update ext_edirectory_userip_acl to version 2.1 | |
1878 | - Convert dns_timeout and dns_retransmit_interval directives to use millisecond resolution | |
1879 | - Change the default dns_timeout value from 2 minutes to 30 seconds | |
1880 | - Fix TCP log stream flushing on every line | |
1881 | - ... all bug fixes and updates from 3.1.12 | |
1882 | - ... a great many compiler portability fixes | |
1883 | - ... many code polishings and display cleanups | |
1884 | ||
850ff99f AJ |
1885 | Changes to squid-3.2.0.5 (12 Feb 2011): |
1886 | ||
1887 | - Regression Fix: profiler should not be built by default | |
1888 | - Regression Bug 3081: assertion failed: AsyncCallQueue | |
1889 | - Regression Bug 2948: Requests for FTP active downloads cause failed assertion | |
1890 | - Bug 3089: FTP command output overrides directory listing | |
1891 | - Bug 2870: --disable-auth does not work | |
1892 | - Bug 2586: multiple memory leaks during reconfigure | |
1893 | - Bug 2581: FTP directory listing sometimes fails | |
1894 | - Port from 2.7: maximum staleness limits | |
1895 | - HTTP/1.1: Support RFC 5861 Cache-Control: stale-if-error option | |
1896 | - HTTP/1.1: Support configurable status codes for deny_info | |
1897 | - Support upcoming "fresh message creation" eCAP API | |
1898 | - Aggregate SNMP responses when using SMP with multiple workers | |
1899 | - Several more Solaris, Windows and ICC support fixes | |
1900 | - ... all bug fixes and updates from 3.1.11 | |
1901 | - ... and more code cleanup shufflings | |
1902 | - ... and several documentation updates | |
1903 | ||
834d2128 AJ |
1904 | Changes to squid-3.2.0.4 (22 Dec 2010): |
1905 | ||
1906 | - Port 2.x: cache_dir min-size setting | |
1907 | - Bug 3059: Crash on digest auth headers with unknown nonce | |
1908 | - Fix cachemgr reported HTTP/ICP requests/messages per minute when multiple workers used | |
1909 | - Fix cachemgr mem-pools reporting | |
1910 | - Add Dynamic SSL certificate generation | |
1911 | - Add useragent, referer, combined built-in log formats | |
1912 | - Obsolete log_fqdn directive | |
1913 | - Obsolete useragent/referer/forward_log directives | |
1914 | - HTTP/1.1: Send 1.1 on CONNECT responses | |
1915 | - Updated Kerberos support for newer GSSAPI releases | |
1916 | - Improve handling of adapted body delivery failures in REQMOD request satisfaction mode | |
1917 | - Improve handling of early eCAP transaction failures | |
1918 | - Various ext_edirectory_acl fixes | |
1919 | - ... all bug and feature fixes included in 3.1.10 release | |
1920 | - ... and a lot of code and documentation polishing | |
1921 | ||
1664edf4 | 1922 | Changes to squid-3.2.0.3 (07 Nov 2010): |
b40d9a33 AJ |
1923 | |
1924 | - Regression fix: SMP broke ICP outgoing IP lookup if no udp_outgoing_addr set | |
1925 | - Regression fix: ESI processing of Surrogate filter | |
1664edf4 | 1926 | - Bug 3091: bypassed ICAP errors are not counted as service failures |
b40d9a33 | 1927 | - Bug 3048: "commio_has_callback(fd, IOCB_READ, ccb)" assertion. |
1664edf4 | 1928 | - Bug 3038: Detatch libmisc from libcompat |
b40d9a33 AJ |
1929 | - Bug 3028: Permit wbinfo_group.pl to authenticate Kerberos users with NT domain |
1930 | - Bug 3002: store initialization (-z) does not work with SMP configs | |
1931 | - Bug 2999: v2.0 of ext_edirectory_userip_acl | |
1932 | - Bug 2785: DNS needs to set EDNS options advertising Squid capabilities | |
1933 | - Bug 595: Add %err_code and %err_detail logformat codes for transaction failures | |
1934 | - HTTP/1.1: support If-Match and If-None-Match requests | |
1935 | - HTTP/1.1: forward 1xx control messages to clients that support them | |
1936 | - HTTP/1.1: send Age:0 header even if it may break IE5 | |
1937 | - HTTP/1.1: dechunk incoming requests and chunk outgoing requests | |
1938 | - HTTP/1.1: entry is stale if request has max-age=0 | |
1939 | - HTTP/1.1: harden quoted-string parser | |
1940 | - Add --enable-build-info for extra "squid -v" display | |
1941 | - Add --with-swapdir=PATH to override default /var/cache/squid | |
1942 | - Add cpu_affinity_map directive to bind workers to CPU cores | |
1943 | - Add Netfilter MARK support for QoS | |
1944 | - Add upgrade process for obsolete options | |
1945 | - Add support for RFC 2965 Set-Cookie2 / Cookie2 headers | |
1946 | - Add support for client send bandwidth limits (a.k.a., quota or delay pool) | |
1947 | - Fixes Eui48 support on OpenBSD | |
1948 | - Fixes cache manager support with SMP configs | |
1949 | - ... several documentation updates | |
1950 | - ... all bug and feature fixes included in 3.1.9 release. | |
1951 | - ... many more code polishes and leak removals | |
1952 | ||
dee6a922 AJ |
1953 | Changes to squid-3.2.0.2 (04 Sep 2010): |
1954 | ||
1955 | - Bug 3015: assertion failed: comm.cc:143: "ccb->active()" | |
1956 | - Support rotating logs from cachemgr and squidclient | |
1957 | - Support Kerberos authentication in squidclient | |
1958 | - Add manual page for negotiate_kerberos_auth | |
1959 | - Add helper ext_kerberos_ldap_group_acl to lookup Kerberos/NTLM group via LDAP | |
1960 | - Add tool 'purge' for management of UFS/AUFS/DiskD caches (experimental) | |
1961 | - Added log options %http::<bs and %icap::<bs | |
1962 | - Collapse HTCP cache_peer options into one setting | |
1963 | - Improved request smuggling attack detection. Tolerating valid benign HTTP | |
1964 | - ... and several HTTP/1.1 compliance improvements | |
1965 | - ... and all improvements in 3.1.7 and 3.1.8 | |
1966 | ||
6be4a9a8 AJ |
1967 | Changes to squid-3.2.0.1 (03 Aug 2010): |
1968 | ||
1969 | - Port from 2.7: Logging infrastructure updates | |
1970 | - Port from 2.7: Unique sequence number per log line | |
1971 | - Port from 2.6: STORE_META_OBJSIZE swapout storage type | |
1972 | - Bug 2792: tcp_outgoing_addr does not work with TPROXY | |
1973 | - Bug 2631: refresh_pattern store-stale option | |
1974 | - Bug 2305: Multiple leaks and assertion crashes in authentication | |
1975 | - Bug 1239: Much needed ACL type random | |
1976 | - Bug 7: (partial): Migrate on-disk objects to cache_mem on hit/refresh and update | |
1977 | - Support full Surrogate/1.0 protocol extensions to HTTP for reverse-proxies | |
1978 | - Support SMP for essential non-caching functionality | |
1979 | - Support logging over TCP | |
1980 | - Support Solaris 10 pthreads (experimental) | |
1981 | - Support Kerberos login to peers | |
1982 | - Support EUI / MAC in more environments | |
1983 | - Support format tags in deny_info URLs | |
1984 | - Support running helpers on-demand instead of all at startup | |
1985 | - Support fully transparent login=PASSTHRU of authentication headers to peers | |
1986 | - Support multi-lingual localised FTP directory listings | |
1987 | - Support TPROXYv4 spoofing of X-Forwarded-For client address | |
1988 | - Support ICAP 206 Partial Content extension | |
1989 | - Append the _ABORTED or _TIMEDOUT suffixes to the action access.log field | |
1990 | - Add ACL support to range_offset_limit | |
1991 | - Add helpers for url_rewrite | |
1992 | - Add helper multiplexer for concurrency emulation with legacy helpers | |
1993 | - Add Perl library which facilitates parsing access logfile entries. | |
1994 | - Add a simple script to summarise traffic use per user | |
1995 | - Add templates for captive portal proxy configuration instructions | |
1996 | - Add logging of the local TCP port used by transactions with HTTP servers | |
1997 | - Update mswin_check_ad_group to version 2.0 | |
1998 | - Update squid_kerb_auth helper to version 3.0.2 | |
1999 | - Remove double-language error page hack (replaced by locale auto-negotiation) | |
2000 | - Remove TPROXYv2 support (replaced by TPROXYv4) | |
2001 | - Remove no_check.pl NTLM helper (replaced by ntlm_fake_auth) | |
2002 | - Re-work ./configure script for smarter auto-detect and early error checks | |
2003 | - Auto-enable all features by default | |
2004 | - Workaround com_err.h C++ brokenness triggered by OpenSSL includes | |
2005 | - Helpers naming scheme | |
2006 | - Add support for write timeouts | |
2007 | - Modify icap_service_failure_limit option to forget old ICAP errors | |
2008 | - Updated man(8) manuals including several additions and translations | |
2009 | - ... and a great many code cleanups | |
2010 | - ... and a great many testing improvements | |
2011 | - ... and many documentation updates | |
2012 | ||
56eea3f2 AJ |
2013 | Changes to squid-3.1.23 (09 Jan 2013): |
2014 | ||
2015 | - Additional fixes for CVE-2012-5643 / SQUID:2012-1 | |
2016 | ||
bd4920ca AJ |
2017 | Changes to squid-3.1.22 (03 Dec 2012): |
2018 | ||
2019 | - Bug 3685: Squid hangs in Delay Pools ClassCBucket::update | |
2020 | - Bug 3659: read_timeout problem with HTTPS | |
2021 | - Bug 3654: Fix IPv6 enabled squidclient | |
2022 | - Bug 3189: AIO thread race on pipe() initialization | |
2023 | - cachemgr.cgi: Memory Leaks and DoS Vulnerability | |
2024 | ||
4c73ceb8 AJ |
2025 | Changes to squid-3.1.21 (23 Sep 2012): |
2026 | ||
2027 | - Bug 3622: peerClearRRStart scheduling multiple events | |
2028 | - Bug 3615: configure check for default max number of FDs is broken | |
2029 | - Bug 3607: --enable-auth documented default action incorrect | |
2030 | - Bug 3593: socket failure: Address family not supported by protocol | |
2031 | - Bug 3584: Detection of setresuid() is broken | |
2032 | - Bug 3568: Consolidate external_acl_type config dumping and add missing %% | |
2033 | - Bug 3564: eCAP not supporting CoAP URI schemes | |
2034 | - Bug 3484: Docs: sslproxy_cert_error example flawed | |
2035 | - Bug 3462: Delay Pools and ICAP | |
2036 | - Bug 3133: better fix: Memory leak handling requests for sites that don't exist | |
2037 | - Bug 2976: ERR_INVALID_URL for transparently captured requests when reconfiguring | |
2038 | - Silence IOS 15.1 unknown capabilities messages. | |
2039 | - Account for Store disk client quota when bandwidth-limiting the server. | |
2040 | - ... and several documentation fixes | |
2041 | - ... and several compile fixes | |
2042 | ||
5cc53d80 | 2043 | Changes to squid-3.1.20 (08 Jun 2012): |
dd8d2619 AJ |
2044 | |
2045 | - Regression Bug 3545: FreeBSD dnsserver segfaults | |
2046 | - Regression Bug 3504: clientside_tos fails to mark traffic | |
2047 | - Bug 3539: CONNECT server connection not closed correctly on errors | |
2048 | - Bug 3502: client timeout uses server-side read_timeout, not request_timeout | |
2049 | - Bug 3466: Adaptation stuck on last single-byte body piece | |
2050 | - Bug 3463: dnsserver fails to compile | |
2051 | - Bug 3439: correct external_acl_type documented default for ipv4/ipv6 option | |
2052 | - Bug 3390: Proxy auth data visible to scripts | |
2053 | - Bug 3263: ssl_crtd: undefined references to squid_curtime | |
2054 | - Bug 3233: Invalid URL accepted with url host is white spaces | |
2055 | - Bug 3133: Memory leak handling requests for sites that don't exist | |
2056 | - Bug 3074: Improper URL handling with empty path (RFC 3986) | |
2057 | - Bug 3013: segmentation fault on shutdown commSetCloseOnExec at comm.cc:1889 | |
2058 | - Regression: snmp/udp address directives not resolving hostname | |
2059 | - Better helper-to-Squid buffer size management. | |
2060 | - Support CoAP over HTTP (coap:// and coaps:// URLs) | |
2061 | - Support for 3.2 error template codes | |
2062 | ||
5cc53d80 | 2063 | Changes to squid-3.1.19 (06 Feb 2012): |
f9329b54 AJ |
2064 | |
2065 | - Regression Bug 3441: part 2: Prevent further cache size corruption of swap.state | |
2066 | - Bug 3473: erase last uses of obsolete auth_user_hash_pointer | |
2067 | - Bug 3470: GCC 4.7 | |
2068 | - Bug 3442: assertion failed: external_acl.cc:908: ch->auth_user_request != NULL | |
2069 | - Bug 3441: part 1: Minimize cache size corruption by malformed swap.state | |
2070 | - Bug 3440: compile error in Adaptation | |
2071 | - Bug 3420: Request body consumption races and !theConsumer exception | |
2072 | - Bug 3370: external ACL sometimes skipping | |
2073 | - Bug 3085: Crash when parsing esi:include | |
2074 | - HTTP/1.1: do not add 110 and 111 Warnings to revalidated responses | |
2075 | - Fix SSL library dependency fixes | |
2076 | ||
339383cc AJ |
2077 | Changes to squid-3.1.18 (03 Dec 2011): |
2078 | ||
2079 | - Regression: compile error in FTP | |
2080 | ||
c218b24d AJ |
2081 | Changes to squid-3.1.17 (03 Dec 2011): |
2082 | ||
2083 | - Bug 3432: Crash logging FTP errors | |
2084 | - Bug 3428: Active FTP data channel accepted twice | |
2085 | - Bug 3423: access violation in URL parser | |
2086 | - Bug 3422: Buffer overflow in recv-announce | |
2087 | - Bug 3412: External ACL Uses Invalid Cache Entry | |
2088 | - Bug 3408: Wrong header length leads to EFAULTs when creating UFS swap.log.new | |
2089 | - Bug 3398: persistent server connection closed after PUT/DELETE | |
2090 | - Bug 3299: dnsserver: various undefined references | |
2091 | - Bug 3077: '\' in url query strings cause Digest authentication to fail | |
2092 | - Bug 2910: MemBuf may grow beyond max_capacity | |
2093 | - Bug 2619: Excessive RAM growth due to unlimited adapted body data consumption | |
2094 | - Bug 1243: Build overrides configured AR setting | |
2095 | - Avoid crashes when processing bad X509 common names (CN). | |
2096 | - Support %% in external ACL format | |
2097 | - ... and several other compile error fixes | |
2098 | - ... and several documentation fixes | |
2099 | ||
8fe9e0a2 AJ |
2100 | Changes to squid-3.1.16 (14 Oct 2011): |
2101 | ||
2102 | - Bug 3373: invalid URL in ERR_CACHE_ACCESS_DENIED | |
2103 | - Bug 3368: Unhandled exceptions are not logged (workaround) | |
2104 | - Bug 3326: miss_access incorrect default | |
2105 | - Bug 3320: miss_access description confusing | |
2106 | - Bug 3241: squid_kerb_auth cross compilation fix | |
2107 | - Bug 3237: seq fault in free() from rfc1035RRDestroy | |
2108 | - Bug 3190: Large HTTP POST stuck after early ICAP 400 error response | |
2109 | - db_auth: display available DSN drivers on connect error | |
2110 | - Updated OpenSSL 1.0.0 version checks | |
2111 | - ... and several documentation fixes | |
2112 | ||
2f954743 AJ |
2113 | Changes to squid-3.1.15 (28 Aug 2011): |
2114 | ||
2115 | - Regression fix: vhost and defaultsite causing vport to be ignored | |
2284b7f7 | 2116 | - Regression Bug 3295: broken escaping in rfc1738_do_escape |
2f954743 AJ |
2117 | - Bug #3232: fails to compile with OpenSSL v1.0.0 |
2118 | - Bug #3222: cache_peer name is not logging on CONNECT | |
2119 | - Bug #3131: fd_table[fd].closing() assert from ConnStateData::noteMoreBodySpaceAvailable() | |
2120 | - Bug #3217: "!fd_table[fd].closing()" from ServerStateData::noteMoreBodySpaceAvailable | |
2121 | - Bug #3213: https sites (CONNECT) not open when using NTLM | |
2122 | - Bug #3114: Memory leak in SSL certificate verify code | |
2123 | - Bug #3107: ncsa_auth DES silently truncates passwords to 8 bytes | |
2124 | - Bug #2662: cf_gen failure when cross compiling | |
2125 | - Bug #2655: passing wrong the username to the url_rewrite_program | |
2126 | - Bug #2495: ignore whitespace prefix on config lines | |
2127 | - Bug #2051: 'default' cache_peer option does not match documentation | |
2128 | - Bug #1842: Optimize order of tests in peerWouldBePinged() and peerHTTPOkay() | |
2129 | - Bug #1791: timestampsSet does not validate Date: if server sends very old date | |
2130 | - Correct parsing of large Gopher indexes | |
2131 | - Enable negative cacheing on unknown or -1 expiry timestamp | |
2284b7f7 | 2132 | - Remove hierarchy_stoplist default value |
2f954743 AJ |
2133 | - Migrate cf_gen tool from C-style to C++ |
2134 | - ... and several documentation and compiler warning fixes | |
2135 | ||
04f5e27a AJ |
2136 | Changes to squid-3.1.14 (04 Jul 2011): |
2137 | ||
2138 | - Regression Bug 3261: Could not create a DNS socket and exit | |
2139 | ||
e074e5be AJ |
2140 | Changes to squid-3.1.13 (01 Jul 2011): |
2141 | ||
2142 | - Regression Bug 3239: problems with myip/myport upgrade | |
2143 | - Bug 3153: hung ICAP RESPMOD transactions | |
2144 | - Update ssl_crtd to use 'OK' status inline with other helpers | |
2145 | ||
6d44d1e9 AJ |
2146 | Changes to squid-3.1.12.3 (18 Jun 2011): |
2147 | ||
2148 | - Bug 3236: Port of %oa, %<lp and %<lp and %<la log format options | |
2149 | - Bug 3214: unexpected read from ssl_crtd | |
2150 | - Bug 3153: Prevent ICAP RESPMOD transactions getting stuck with the adapted body | |
2151 | - Fix RADIUS helper resource leak | |
2152 | - Fix segfault parsing digest auth realm | |
2153 | - Fix segfault in parse_eol() | |
2154 | - Fixed bypass of SSL certificate validation errors | |
2155 | - Warn about myip/myport problems on interception proxies | |
2156 | - Polish: display easily grepped config lines on -k parse | |
2157 | - Fix squidclient -V option and allow non-HTTP protocols to be tested | |
2158 | ||
65f2789a AJ |
2159 | Changes to squid-3.1.12.2 (30 May 2011): |
2160 | ||
2161 | - Bug 3226: Tags from external ACLs do not correctly expire | |
2162 | - Bug 3215: Malformed IPv6 DNS reverse lookup | |
2163 | - Bug 3209: ssl-bumped requests forwarded unencrypted to the parent proxies/caches | |
2164 | - Bug 3205: SSL-bump starts then hangs | |
2165 | - Bug 3178: gcc-4.6 complains unused variables | |
2166 | - Bug 3122: Unknown record type in WCCPv2 Packet (6) | |
2167 | - Bug 2965 (partial): Compile errors on MinGW | |
2168 | - Fix to only ssl-bump CONNECT requests if they are about to be tunneled | |
2169 | - Fix cache manager display of -i/+i in regex ACL config display | |
2170 | - Fix cache manager display of cache_peer options userhash and sourcehash | |
2171 | - Fix URL re-writer loosing many transaction details | |
2172 | - Fix always-true comparison in ICAP for some 32-bit platforms | |
2173 | - Support for 'slow' group ACLs in ssl_bump access control | |
2174 | - Support OpenSSL 1.0.0 built without SSLv2 | |
2175 | - Support GCC 4.6 and binutils-gold | |
2176 | - Add CSS id attribute to BODY tag of generated error pages. | |
2177 | - Display WARNING and ERROR when max_filedescriptors has failed | |
2178 | ||
065f7779 AJ |
2179 | Changes to squid-3.1.12.1 (19 Apr 2011): |
2180 | ||
2181 | - Port from 3.2: Dynamic SSL Certificate generation | |
2182 | - Bug 3194: selinux may prevent ntlm_smb_lm_auth from using /tmp | |
2183 | - Bug 3185: 3.1.11 fails to compile on OpenBSD 4.8 and 4.9 | |
2184 | - Bug 3183: Invalid URL accepted with url host part of only '@' | |
2185 | - Display ERROR in cache.log for invalid configured paths | |
2186 | - Cache Manager: send User-Agent header from cachemgr.cgi | |
2187 | - ... and many portability compile fixes for non-GCC systems. | |
2188 | ||
7d9ce496 AJ |
2189 | Changes to squid-3.1.12 (04 Apr 2011): |
2190 | ||
2191 | - Regression fix: Use bigger buffer for server reads. | |
2192 | - Regression fix: Add reply_header_replace directive for ability lost since 2.7 | |
2193 | - Bug 3181: /dev/poll fails to build on Solaris with GCC 4.5.0 | |
2194 | - Bug 3177: assertion failed: comm.cc:1583: "fd >= 0" | |
2195 | - Bug 3175: IPv6 PTR lookup crashes on raw-IP URLs when IPv6 disabled | |
2196 | - Bug 3173: Assertion bodyPipe!=NULL on SslBump CONNECT response writing failure | |
2197 | - Bug 3164: Total memory info display 32-bit overflows | |
2198 | - Bug 3155: Werror is hard-coded in libTrie build | |
2199 | - Bug 3151: squid_kerb_auth: use autoconf LIBS instead of FLAGS for library linkage | |
f787354b | 2200 | - Bug 2976: invalid URL on intercepted requests during reconfigure (workaround) |
7d9ce496 AJ |
2201 | - Bug 2720: comment in same line as cache/mem_replacement_policy causes error |
2202 | - Bug 2621: Provide request headers to RESPMOD when using cache_peer. | |
2203 | - Bug 2330: AuthUser objects are never unlocked | |
2204 | - Prevent CONNECT request relaying to origin servers | |
2205 | - squidclient HTTP/1.1 compliance updates (Pragma and User-Agent headers) | |
2206 | - squidclient: send Cache Manager password using -w | |
2207 | - eCAP: give full Request-URI to adapters | |
2208 | - ... and several debug and error display cleanups | |
2209 | ||
d88ad4db AJ |
2210 | Changes to squid-3.1.11 (08 Feb 2011): |
2211 | ||
2212 | - Bug 3149: not caching eCAP adapted body | |
2213 | - Bug 3144: redirector program blocks while reading STDIN | |
2214 | - Bug 3140: memory leak in error page generation | |
2215 | - Bug 3137: RADIUS auth helper does not send identifier to RADIUS server | |
2216 | - Bug 3115: logging segfaults if access_log is set to a directory | |
2217 | - Bug 2968: Show the Vary: headers information in cachemgr objects report | |
2218 | - Bug 2959: remove SAMBAPREFIX dependency | |
2219 | - Bug 2868: icc doesn't like string literal in assert checks | |
2220 | - HTTP/1.1: Send 307 status on deny_info redirection | |
2221 | - HTTP/1.1: Support POST/PUT with no body | |
2222 | - HTTP/1.1: Allow persistent connections for Mozilla/3.0 User-Agents | |
2223 | - Support RFC 5861 Cache-Control: stale-if-error option | |
2224 | - Add ftp_eprt directive to disable EPRT extensions in FTP | |
2225 | - Fix external_acl_type grace=0 to obey TTL | |
2226 | - Fix IP/FQDN cache accounting to avoid idle caches on busy servers | |
2227 | - Prevent pipeline_prefetch misconfigurations breaking NTLM/Negotiate auth | |
2228 | - ... and some documentation updates and corrections | |
2229 | - ... and some portability and stability fixes | |
2230 | ||
834d2128 AJ |
2231 | Changes to squid-3.1.10 (22 Dec 2010): |
2232 | ||
2233 | - Bug 3121: memory leak in DigestAuth: AuthUser object is locked twice | |
2234 | - Bug 3113: Consuming too much memory when uploading files | |
2235 | - Bug 3110: 'reply_body_max_size none' does not work with x-forwarded-for | |
2236 | - Bug 3096: Consuming too much memory when delaying traffic | |
2237 | - Bug 3091: Bypassed ICAP errors are not counted as service failures | |
2238 | - Bug 3090: Polish FTP login error handing | |
2239 | - Bug 3068: cache_dir capacity and usage overflows | |
2240 | - Bug 3028: Permit wbinfo_group.pl to authenticate Kerberos users with NT domain | |
2241 | - Bug 427: HTTP Compliance: Support If-Match and If-None-Match requests | |
2242 | - Fix memory leak in adaptation_access | |
2243 | - Fix /dev/poll and poll() selection priority | |
2244 | - Fix PREFIX/var/run creation during install | |
2245 | - Fix cachemgr http_port config report display | |
2246 | - Add upgrade help process for obsolete options | |
2247 | - Accept RFC 2965 Set-Cookie2 / Cookie2 headers as 'known' | |
2248 | - HTTP/1.1: entry is stale if request has max-age=0 | |
2249 | - HTTP/1.1: do not forward TRACE with Max-Forwards: 0 after REQMOD | |
2250 | - Toolchain update to support newer auto-tools | |
2251 | - ... and updated error page translations | |
2252 | - ... and updated documentation | |
2253 | - ... and some code optimization/simplification polish | |
2254 | ||
e2f4c66a AJ |
2255 | Changes to squid-3.1.9 (25 Oct 2010): |
2256 | ||
2257 | - Bug 3088: dnsserver is segfaulting | |
2258 | - Bug 3084: IPv6 without Host: header in request causes connection to hang | |
2259 | - Bug 3082: Typo in error message | |
2260 | - Bug 3073: tunnelStateFree memory leak of host member | |
2261 | - Bug 3058: errorSend and ICY leak MemBuf object | |
2262 | - Bug 3057: 64-bit Solaris 9 Squid unable to determine peer IP and port | |
2263 | - Bug 3056: comm.cc "!fd_table[fd].closing()" assertion crash when a helper dies | |
2264 | - Bug 3053: cache version 1 LFS support detection broken | |
2265 | - Bug 3051: integer display overflow | |
2266 | - Bug 3040: Lower-case domain entries from hosts and resolv.conf files | |
2267 | - Bug 3036: adaptation_access acls cannot see myportname | |
2268 | - Bug 3023: url_rewrite_program silently fails to rewrite on broken URLs | |
2269 | - Bug 2964: Prevent memory leaks when ICAP transactions fail | |
2270 | - Bug 2808: getRoundRobinParent not handling weights correctly | |
2271 | - Bug 2793: memory statistics sometimes display wrong | |
2272 | - Bug 2356: Port from 2.7: Solaris /dev/poll event ports support | |
2273 | - Bug 2311: crashes with ICAP RESPMOD for HTTP body size greater than 100kb | |
2274 | - Ensure /var/cache or jail equivalent exists on install | |
2275 | - HTTP/1.1: delete Warnings that have warning-date different from Date | |
2276 | - HTTP/1.1: do not remove ETag header from partial responses | |
2277 | - HTTP/1.1: make date parser stricter to better handle malformed Expires | |
2278 | - HTTP/1.1: improve age calculation | |
2279 | - HTTP/1.1: reply with a 504 error if required validation fails | |
2280 | - HTTP/1.1: add appropriate Warnings if serving a stale hit | |
2281 | - HTTP/1.1: support requests with Cache-Control: min-fresh | |
2282 | - HTTP/1.1: do not cache replies to requests with Cache-Control: no-store | |
2283 | - squidclient: Display IP(s) connected to in verbose (-v) display | |
2284 | - Fixes several issues with ICAP persistent connections | |
2285 | - Fixes small leaks in Netdb, DNS, ICAP, ICY, HTTPS | |
2286 | - ... and some cosmetic polishing | |
2287 | ||
dee6a922 AJ |
2288 | Changes to squid-3.1.8 (04 Sep 2010): |
2289 | ||
2290 | - Bug 3033: incorrect information regarding TOS | |
2291 | - Bug 3020: Segmentation fault: nameservers[vc->ns].vc = NULL | |
2292 | - Bug 3005,2972: Locate LTDL headers correctly (again) | |
2293 | - Bug 2872: leaking file descriptors | |
2294 | - Bug 2583: pure virtual method called | |
2295 | - Hardened DNS client against packet queue attacks | |
2296 | - Hardened HTTP request-line parser | |
2297 | - Several HTTP/1.1 support improvements | |
2298 | - Improved cross-compile support | |
2299 | - .. and several internal pointer safety fixes | |
2300 | ||
c3fe2798 | 2301 | Changes to squid-3.1.7 (23 Aug 2010): |
161ec538 | 2302 | |
c3fe2798 | 2303 | - Regression Bug 3021: Large DNS reply causes crash |
161ec538 | 2304 | - Regression Bug 3011: ICAP, HTTPS, cache_peer probe IPv4-only port fixes |
c3fe2798 | 2305 | - Regression Bug 2997: visible_hostname directive no longer matches docs |
161ec538 AJ |
2306 | - Bug 3012: deprecate sslBump and support ssl-bump spelling in http_port |
2307 | - Bug 3006: handle IPV6_V6ONLY definition missing | |
2308 | - Bug 3004: Solaris 9 SunStudio 12 build failure | |
2309 | - Bug 3003: inconsistent concepts in documentation of cache_dir | |
2310 | - Bug 3001: dnsserver link issues | |
2311 | - HTTP/1.1: default keep-alive for 1.1 clients (bug 3016) | |
2312 | - HTTP/1.1: Improved Range header field validation | |
2313 | - HTTP/1.1: Forward multiple unknown Cache-Control directives | |
2314 | - HTTP/1.1: Stop sending Proxy-Connection header | |
2315 | - Fix 32-bit wrap in refresh_pattern min/max values | |
2316 | - ... and several documentation corrections. | |
2317 | ||
aa844a33 AJ |
2318 | Changes to squid-3.1.6 (02 Aug 2010): |
2319 | ||
2320 | - Bug 2994, 2995: IPv4-only regressions | |
2321 | - Bug 2991: Wrong parameters to fcntl() in commSetCloseOnExec() | |
2322 | - Bug 2975: chunked requests not supported after regular ones | |
2323 | - Fix: 32-bit overflow in reported bytes received from next hop | |
2324 | - Fix Libtool build regressions | |
2325 | - Limited split-stack IPv6 support. | |
2326 | - squid_db_auth support MD5 encrypted passwords | |
2327 | ||
f41d79ba AJ |
2328 | Changes to squid-3.1.5.1 (28 Jul 2010): |
2329 | ||
2330 | - Update Libtool to 2.2. | |
2331 | - Bug 2985: search scope for digest_ldap_auth didn't work | |
2332 | - Bug 2972: LTDL 2.2.6b compile errors | |
2333 | - Bug 2963: Stop ignoring --with-valgrind-debug failures | |
2334 | - Bug 2885: AIX support: several fixes | |
2335 | - Bug 2651: crash handling NULL write callback | |
2336 | - Fixed several memory leaks related to Range requests | |
2337 | - Fixed Joomla DB auth handling | |
2338 | - Fixed SASL helper build checks | |
2339 | - Fixed several IPv6 portability problems | |
2340 | - Updated error page translations | |
2341 | ||
88aa2b05 | 2342 | Changes to squid-3.1.5 (02 Jul 2010): |
0e87db68 | 2343 | |
88aa2b05 AJ |
2344 | - Bug 2967: raw-IPv6 address URL with append_domain broken |
2345 | - Bug 2950: HTTP responses with no Date, L-M or Expires can now be cached | |
2346 | - Bug 2943: ICAP tokens not logged when using multiple access | |
2347 | - Bug 2937: Fails to detect chunked encoding if not given in all lower case | |
2348 | - Bug 2903: does not send indirect X-Client-Ip in ICAP respmod | |
7e6cdc23 | 2349 | - Fix free memory corruption and off-by-one error when comparing SNMP OIDs |
88aa2b05 AJ |
2350 | - Port from 2.7: max_filedescriptor config option |
2351 | - Fix persistent_connection_after_error is meant to be on by default | |
2352 | - ... and several build errors. | |
0e87db68 | 2353 | |
2d94c829 AJ |
2354 | Changes to squid-3.1.4 (30 May 2010): |
2355 | ||
2356 | - Bug 2933: Verification of the max. port number for WCCP2 dynamic service | |
2357 | - Bug 2924: RADIUS helper compile issues | |
2358 | - Bug 2922: Fix assertion failed: HttpHeader.cc: "Headers[id].stat.aliveCount" | |
2359 | - Bug 2919: tcp_outgoing_address ACLs not obeying acl_uses_indirect_client | |
2360 | - Bug 2896: Fix assertion failed: comm.cc:2063: "!fd_table[fd].closing()" | |
2361 | - Bug 2879: pt2: 3.0 regression in headers end finding | |
2362 | - Bug 2877: pt2: only output zero-size warning on reverse-proxy requests | |
2363 | - Bug 2876: FD_SETSIZE override not working on all linux distributions | |
2364 | - Bug 2810: common log format generates 2 lines of syslog | |
2365 | - Bug 2789: Optimize unlimited memory pools, and correctly handle limits over 2GB | |
2366 | - Bug 2753: Fall back on IPv4 if IPv6 is not present | |
2367 | - Bug 2697: Adaptation leaks and extra requests after reconfiguration | |
2368 | - Bug 2633: Fix Ecap::HeaderRep::value(name) fails when there is no named header field | |
2369 | - Change LDAP helpers to default to LDAP version 3 if available | |
2370 | - Add Joomla and Salted Hash support to squid_db_auth helper | |
2371 | - Fixed IpAddress port printing for ports higher than 9999 | |
2372 | - Disable chunked memory pooling by default. | |
2373 | - ... and several build errors. | |
2374 | ||
6808dbda AJ |
2375 | Changes to squid-3.1.3 (02 May 2010): |
2376 | ||
7e6cdc23 | 2377 | - Remove: Advertise 1.1 on replies to clients (broken chunked handling) |
6808dbda AJ |
2378 | - Fix tag ACL type not working |
2379 | ||
ca959baa AJ |
2380 | Changes to squid-3.1.2 (01 May 2010): |
2381 | ||
2382 | - Bug 2913: Fix DB auth warning in new perl version | |
2383 | - Bug 2904: Prevent automake creating incomplete files | |
2384 | - Bug 2899: Regression: Restore lost rfc1738_unescape() data type | |
2385 | - Bug 2895: Regression: TPROXY2 compile errors | |
2386 | - Bug 2879: Regression: headers end-finding | |
2387 | - Bug 2874: Accept literal IPv6 address in icap_service URL | |
2388 | - Bug 2860: Regression: WCCPv1 handshake | |
2389 | - Bug 2848: Pass TCP_RST to client on early disconnect | |
2390 | - Debian Bug 578047: Correct behaviour of --enable-ipv6 | |
7e6cdc23 AJ |
2391 | - HTTP/1.1: Advertise 1.1 on requests to servers |
2392 | - HTTP/1.1: Advertise 1.1 on replies to clients | |
ca959baa AJ |
2393 | - AIX / UNIX build fixes |
2394 | - Cygwin build fixes | |
2395 | - squidclient: -k option to test connection keep-alive or close | |
2396 | - Improved helper build for wider compatibility | |
2397 | - Ensure the PID file directory exists on install | |
2398 | ||
2ec34bd3 AJ |
2399 | Changes to squid-3.1.1 (29 Mar 2010): |
2400 | ||
2401 | - Bug 2873: undefined symbol | |
2402 | - Bug 2827: assertion in authentication | |
2403 | - Remove ufsdump binary from default builds | |
2404 | - Remove pinger from default startups | |
2405 | - ... and several documentation updates. | |
2406 | ||
e09692bd AJ |
2407 | Changes to squid-3.1.0.18 (14 Mar 2010): |
2408 | ||
2409 | - Regression Fix: IPv4-mapped prefix, broken in 3.1.0.16 | |
2410 | - Bug 2869: Remove unused external reference | |
2411 | - Bug 2866: Support OpenSSL 1.0 | |
2412 | - Bug 2813: Random unix_group crash at startup | |
2413 | - Send HTTP1.1 compliant 417 responses | |
2414 | - Associate external acl message with the request | |
2415 | - Various Digest parser fixes | |
2416 | - ... and all bug fixes from 3.0 up to 3.0.STABLE25 | |
2417 | ||
365d894c AJ |
2418 | Changes to squid-3.1.0.17 (24 Feb 2010): |
2419 | ||
2420 | - Regression Fix: Non-English error page UTF encoding | |
2421 | - Bug 2616: reduce IdleConnList::removeFD messages | |
2422 | - Bug 1843: multicast-siblings cache_peer option | |
2423 | - Port from 2.7: X509 certificate alias-domain handling | |
2424 | - Add adapted_http_access option | |
2425 | - NTLMv2 support for fake NTLM helper | |
2426 | ||
011dea45 AJ |
2427 | Changes to squid-3.1.0.16 (01 Feb 2010): |
2428 | ||
2429 | - Regression Fix: Make Squid abort on all config parse failures. | |
2430 | - Regression Bug 2811: SNMP client/peer table OID numbering | |
2431 | - Bug 2851: Connection pinning fails when using a peer | |
2432 | - Bug 2850: Mismatch in hier_code enum / hier_strings array | |
2433 | - Bug 2731: Add follow_x_forwarded_for support to ICAP | |
2434 | - Bug 2730: Regressions in follow_x_forwarded_for since Squid-2 | |
2435 | - Bug 2706: Set timestamps during ICAP request satisfaction. | |
2436 | - Bug 2553: X-Forwarded-For with IPv6 address not handled correctly | |
2437 | - Fix: WCCPv1 not connecting to router correctly | |
2438 | - Remove obsolete RunCache/RunAccel scripts. | |
2439 | - Add client_ip_max_connections | |
2440 | - Add the http::>ha format code and make http::>h log original request headers | |
2441 | - ... and all bug fixes from 3.0 up to 3.0.STABLE22 | |
2442 | - ... and many more minor build and display annoyances. | |
2443 | ||
ba641958 AJ |
2444 | Changes to squid-3.1.0.15 (23 Nov 2009): |
2445 | ||
2446 | - Regression Fix: myip ACL not accepted in config | |
2447 | - Bug 2795: acl arp lookups including port | |
2448 | - Bug 2794: ESI parsing fails on FreeBSD | |
2449 | - Bug 2778: fix linking issues using SunCC | |
2450 | - Bug 2724: eCAP build failure unless ICAP enabled | |
2451 | - Bug 2628: Correct default PID location to PREFIX/var/run/squid.pid | |
2452 | - Bug 2617: Performance degradation during processing list of dstdomain ACL's | |
2453 | - Bug 2374: Support ICY / ICEcast / SHOUTcast streaming protocol. | |
2454 | - Fix: 64-bit filesize issue in squidclient POST of large files | |
2455 | - Fix: send correct Connection: header on intercepted replies | |
2456 | - Support libtool 2.x | |
2457 | - ESI libraries libexpat and libxml2 now optional | |
2458 | - ESI support default enabled | |
2459 | - Bump libcap minimum requirement to libcap 2.09+ | |
2460 | - ARP / MAC support fixes for IPv6-mode | |
2461 | - Add outstanding IPv6 settings to squid.conf (localnet, localhost) | |
2462 | - ... and many additions to the background testing structure | |
2463 | - ... and very many minor build and code cleanups for non-GCC compilers. | |
2464 | ||
8f37469c AJ |
2465 | Changes to squid-3.1.0.14 (27 Sep 2009): |
2466 | ||
2467 | - Bug 2777: Various build issues on OpenSolaris | |
2468 | - Bug 2773: Segfault in RFC2069 Digest authentication | |
2469 | - Bug 2747: Compile errors on Solaris 10 | |
2470 | - Bug 2735: Incomplete -fhuge-objects detection | |
2471 | - Bug 2722: Fix http_port accel combined with CONNECT | |
2472 | - Bug 2718: FTP sends EPSV2 on IPv4 connection | |
2473 | - Bug 2648: stateful helpers stuck in reserved | |
2474 | - Bug 2570: wccp2 "Here I Am" announcements not sent in memory-ony mode | |
2475 | - Bug 2510: digest_ldap_auth uses incorrect logic with TLS | |
2476 | - Bug 2483: bind() called before connect() | |
2477 | - Bug 2215: config file line length limit (extended to 2 KB) | |
2478 | - Support Accept-Language: * wildcard | |
2479 | - Support autoconf 2.64 | |
2480 | - Support TPROXY for IPv6 traffic (requires kernel support) | |
2481 | - Support TPROXY cache cluster behind WCCPv2 | |
2482 | - Correct ESI support to work in multi-mode Squid | |
2483 | - Add 0.0.0.0 as an to_localhost address | |
2484 | - DiskIO detection fixes and use optimal IO in default build. | |
2485 | - Correct peer connect-fail-limit default of 10 | |
2486 | - Prevent squidclient sending two Accept: headers | |
2487 | - ... all bug fixes from 3.0.STABLE19 | |
2488 | - ... and many more documentation fixes | |
2489 | ||
f49a1c9e AJ |
2490 | Changes to squid-3.1.0.13 (04 Aug 2009): |
2491 | ||
2492 | - Bug 2723 regression: enable PURGE requests if PURGE method ACL is present. | |
2493 | - Fix one more internal profiler error | |
2494 | - Language Updates: Italian, Russian | |
2495 | - Language Updates: Add many more aliases | |
2496 | - Add Copyright document for errors/ content | |
2497 | - ... all bug fixes from 3.0.STABLE18 | |
2498 | - ... and several code polishing cleanups | |
2499 | ||
e7b1c518 AJ |
2500 | Changes to squid-3.1.0.12 (27 Jul 2009): |
2501 | ||
2502 | - Bug 2716: Chunked request Signed/Unsigned build error | |
2503 | - Bug 2674: Remove limit on HTTP headers read. | |
2504 | - Bug 2620: Invalid HTTP response codes causes segfault | |
2505 | - Fix FTP EPSV negotiation parser. | |
2506 | - Fix Via string when leak checking is enabled (valgrind etc) | |
2507 | - ... and several documentation and testing additions | |
2508 | ||
0b8d12da AJ |
2509 | Changes to squid-3.1.0.11 (19 Jul 2009): |
2510 | ||
2511 | - Bug 2087: Support adaptation sets and chains | |
2512 | - Bug 2459: dns error message broken when error handling delayed | |
2513 | - Support ICAP Retry | |
2514 | - Support ICAP retries based on the ICAP responses status code | |
2515 | - Support logging ICAP | |
2516 | - Support logging total DNS wait time | |
2517 | - Support logging response times of adaptation transactions | |
2518 | - General logging enhancements | |
2519 | - Dynamically form chains based on ICAP X-Next-Services header | |
2520 | - Support cross-transactional ICAP header exchange | |
2521 | - ... and much adaptation polish and improvements | |
2522 | ||
ce460dc8 AJ |
2523 | Changes to squid-3.1.0.10 (18 Jul 2009): |
2524 | ||
2525 | - Bug 2680: Regression Crash after rotate with no helpers running | |
2526 | - Bug 2695: Regression in WCCPv2 L2 mask assignment | |
2527 | - Bug 2707: Regression in FTP anonymous auth | |
2528 | - Bug 422, 2706: RFC 2616 Date header requirements | |
2529 | - Bug 1087: ESI processor not quoting attributes correctly. | |
2530 | - Bug 1338: File prefetches aborted despite range_offset | |
287dcde6 | 2531 | - Bug 2080: wbinfo_group.pl - false positive under certain conditions |
ce460dc8 | 2532 | - Bug 2092: select loop 32-bit call counter overflows |
287dcde6 | 2533 | - Bug 2127: delay pools class 4 crashes with ntlm auth |
ce460dc8 AJ |
2534 | - Bug 2611: document fast/slow acl types |
2535 | - Bug 2614: Potential loss of adapted body data from eCAP adapters | |
2536 | - Bug 2658: Missing TextException copy constructor | |
2537 | - Bug 2659: String length overflows on append, leading to segfaults | |
2538 | - Bug 2699: Build failure NTLM smb_lm helper | |
2539 | - Bug 2709: TRANSLATIONS not installed | |
2540 | - Bug 2710: squid_kerb_auth non-terminated string | |
2541 | - Delay pools 64-bit buckets and IPv6-polish | |
2542 | - Break forwarding loops for "transparent" or "intercept" http_ports. | |
2543 | - Add --disable-translation option to detatch .po from error negotiation | |
2544 | - Add squidclient man(1) page | |
2545 | - Add localhost to default permitted networks | |
2546 | - http_port allow-direct option to allow direct forwarding in accelerator mode | |
2547 | - ... and many testing infrastructure updates | |
2548 | ||
5df6d596 AJ |
2549 | Changes to squid-3.1.0.9 (26 Jun 2009): |
2550 | ||
2551 | - Bug 2682: Add ftp_epsv control to disable EPSV support. | |
2552 | - Bug 2665: Detach automake system from using -I. | |
2553 | - Bug 2395: FTP auth errors not displayed | |
2554 | - ... also several changes and bugs closed in 3.0.STABLE16 | |
2555 | - Port from 2.7: Show local address on listening sockets | |
2556 | - Add "tag" type acl matching tags set by external acl helpers. | |
2557 | - Adds Language alias linker/installer/upgrade scripts | |
2558 | - Support for GCC 4.4 | |
2559 | - Fix false NAT lookup errors on Linux | |
2560 | - Fix many Windows port issues | |
2561 | - Fix squid_kerb_auth helepr install location | |
2562 | - Better detection of IPv6 stack types | |
2563 | - Updates Licensing information for Squid 3.1 | |
2564 | - ... and many packaging portability build and install issues | |
2565 | ||
a7b15245 AJ |
2566 | Changes to squid-3.1.0.8 (24 May 2009): |
2567 | ||
2568 | - Bug 2656: Pinger dies with general protection fault | |
2569 | - Bug 2650: configure requires epoll_ctl in libepoll when --enable-epoll used | |
2570 | - Bug 2648: Authentificator processes deferring and don't shutdown. | |
2571 | - Bug 2645: allow squid to ignore must-revalidate | |
2572 | - Bug 2644: auth scheme initialization is broken | |
2573 | - Bug 2632: Make number of reforwarding tries configurable | |
2574 | - Bug 2628: --with-pidfile=PATH option to override DEFAULT_PID_FILE | |
2575 | - Bug 2627: HTCP Logging | |
2576 | - Bug 2615: Call libecap::adapter::Service::start() when finalizing config. | |
2577 | - Bug 2589: SNMP returning no data - wrong oid decoded | |
2578 | - Bug 2571: Squid with IPv6 fails to start on kernel without IPv6 | |
2579 | - Bug 2559: Problem parsing /0 and /0.0.0.0 | |
2580 | - Bug 2404: WCCP in mask mode is broken | |
2581 | - ... also all bugs closed by 3.0.STABLE14, 3.0.STABLE15, 3.0.STABLE16-RC1 | |
2582 | - Complete Interception multiple NAT support | |
2583 | - Add Content-Disposition to the known headers list. | |
2584 | - Make PEER_TCP_MAGIC_COUNT configurable | |
2585 | - Fix pinger install location | |
2586 | - Enable TPROXY v4 spoofing of CONNECT requests | |
2587 | - ... and much documentation and code polishing | |
2588 | ||
e1e28561 AJ |
2589 | Changes to squid-3.1.0.7 (08 Apr 2009): |
2590 | ||
2591 | - Fix: several issues with ident | |
2592 | - Add several language translations | |
2593 | - Upgrade code testing infrastructure | |
2594 | - Migrate much code to build as internal libraries | |
2595 | - Support gcc 4.4 | |
2596 | - Support doxygen 1.5.8 | |
2597 | - ... and much code polish to make things read easier | |
2598 | ||
727cb127 AJ |
2599 | Changes to squid-3.1.0.6 (01 Mar 2009): |
2600 | ||
e1e28561 | 2601 | - Regression Fix: Support HTTP/0.9 in accelerator mode |
727cb127 AJ |
2602 | - Bug 2601: Hack. Convert IPv4 netmasks to CIDR in IPv6-enabled mode |
2603 | - Bug 2593: Compile errors on Solaris 10 | |
2604 | - Bug 2591: adaptation_access does not work | |
2605 | - Bug 2588: coredump in rDNS lookup | |
2606 | - Bug 2526: default ALLOW when no list specified. | |
2607 | - Bug 2287: Send a 505 on requests with unsupported HTTP versions | |
2608 | - Bug 419: Hop by Hop headers MUST NOT be forwarded | |
2609 | - Fix external_acl_type handling of SSL certificate details | |
2610 | - Obsolete: dependency on nss_common.h and nss.h | |
2611 | - Support libtool2 | |
2612 | - ... and various documentation and code polish | |
2613 | ||
f636c996 AJ |
2614 | Changes to squid-3.1.0.5 (03 Feb 2009): |
2615 | ||
2616 | - Bug 2583: Fixed issue in content adaptation | |
2617 | - Bug 2576: Make translate target obey --disable-auto-locale | |
2618 | - Bug 2571: Add DNS failover to use IPv4-only listen when IPv6 fails. | |
2619 | - Bug 2563: 99+% CPU Usage on FTP URL | |
2620 | - Bug 2505, 2524, 2558: fixed several issues on connection handling | |
2621 | - Fix several issues in request parsing | |
2622 | - Fix memory leak from logformat parsing | |
2623 | - Fix various ESI build errors | |
2624 | - Make configure tests use C++ instead of C | |
2625 | - Drop special localhost conversion RFC violation. | |
2626 | - Add Language: Arabic | |
2627 | - ... and various documentation and code polish | |
2628 | ||
2629 | Changes to squid-3.1.0.4 (23 Jan 2009): | |
2630 | ||
2631 | - Regression Fix: Bug 2558: rollback bug 2395 fix. | |
2632 | - Bug 2555: Fixes to SNMP-MIB | |
2633 | - Bug 2550: assertion comm.cc:350 !fd_table[fd].closing() | |
2634 | - Bug 2547,2548: OSX compile errors (duplicate symbols and IPv6) | |
2635 | - Bug 2508: comm.cc:2035 assertion fd_table[fd].closing() | |
2636 | - Bug 2330: allow keep-alive+chunked; don't add max-age for no-cache | |
2637 | - Polish ZPH configuration interface | |
2638 | - Several Language Conversions to new auto-negotiate | |
2639 | - Port from 2.7: squidclient -V and -j options for HTTP/1.1 and 0.9 testing | |
2640 | - Fix: Pconn not being used when they should. | |
2641 | - Fix: Fix pinger immediate shutdowns | |
2642 | - Fix: Untangle CacheManager reports from log_fqdn | |
2643 | - ... and all bugs fixed for 3.0.STABLE12 | |
2644 | - ... and many code polish and optimization fixes. | |
2645 | ||
2646 | Changes to squid-3.1.0.3 (5 Dec 2008): | |
2647 | ||
2648 | - Regression Fix: StoreIOBuffer patch removed. | |
2649 | - Regression Fix: build issues with 3.1.0.2 bundle | |
2650 | - Security Bug 2526: default ALLOW when no list specified | |
2651 | - Bug 2525: encoding error on error pages | |
2652 | - Bug 2424: slow file descriptor leak | |
2653 | - Bug 2527: ICAP compile error on g++ 4.3.2 | |
2654 | - Bug 2523: bad assertion left in from debug | |
2655 | - Bug 2395: FTP Auth errors and others not displayed | |
2656 | - Update squid_kerb_auth to 1.0.5 | |
2657 | with better Squid integration. | |
2658 | - Fix cache_peer forcedomainname= option | |
2659 | - ... and many other minor fixes | |
2660 | ||
5e80e4ee AJ |
2661 | Changes to squid-3.1.0.2 (9 Nov 2008): |
2662 | ||
2663 | - Bug 2516: error page templates not properly installed | |
2664 | - Bug 2500: Solaris build issues | |
2665 | - Fixes FreeBSD build issues | |
2666 | - Release Notes completed | |
2667 | - Languages: new Russian, Japanese, Chinese, and general updates | |
2668 | - ... and other minor fixes | |
70c5dfb2 | 2669 | |
af4cd9a0 AJ |
2670 | Changes to squid-3.1.0.1 (27 Oct 2008): |
2671 | ||
2672 | - Bundled ntlm_auth helper renamed (see Release Notes before changing anything) | |
7a6e2ecc AJ |
2673 | - peername ACL added for matching against a named peer destination |
2674 | - configure option --with-logdir= added to select log files location | |
2675 | - squid_kerb_auth helper updated to 1.0.3 release | |
2676 | - Bug #740: allow external acl's to use reply headers in format | |
2677 | - Bug #2379: obsolete dns_testnames option | |
2678 | - Code test infrastructure expanded to configuration testing | |
2679 | - Policy changes to negative_ttl, cache deny QUERY, refresh_pattern | |
af4cd9a0 | 2680 | to bring their defaults up to RFC 2616 requirements. |
7a6e2ecc AJ |
2681 | - Large increase in RFC 2616 standard compliance (ongoing) |
2682 | - squid.conf cleanups for minimal config | |
2683 | - Connection Pinning ported from 2.6 for NTLM passthru authentication | |
2684 | - eCAP internal adaptation module support | |
af4cd9a0 | 2685 | - Localization and CSS display control of error pages |
7a6e2ecc AJ |
2686 | - Added semi-automatic documentation of source code |
2687 | - Added TE chunked encoding decoder to workaround broken HTTP/1.1 servers | |
2688 | - HTCP improvements ported from 2.7 adding HTCP CLR requests | |
70c5dfb2 | 2689 | - IPv6 (Internet Protocol version 6) support |
2690 | - ICMPv6 (Internet Control Message Protocol version 6) support | |
f1233d8c | 2691 | - FTP agent now supports EPSV/EPRT commands |
70c5dfb2 | 2692 | - DNS internal resolver now supports AAAA and CNAME records |
2693 | - SNMP peer and client tables now support IPv6 | |
2694 | - SNMP peer table supports named peers with multiple entries per IP | |
4aa8e49c | 2695 | - SslBump: Squid-in-the-middle decryption and encryption of straight |
2696 | CONNECT and transparently redirected SSL traffic, using configurable | |
2697 | client- and server-side certificates. While decrypted, the traffic | |
7a6e2ecc | 2698 | can be inspected using ICAP. |
af4cd9a0 | 2699 | - TPROXY version 4.1 support |
a13b3732 | 2700 | - IPFW and Netfilter interception methods may now both be built in one binary. |
f1233d8c AJ |
2701 | - ZPH Quality of Service patch now integrated |
2702 | - Null store now fully obsoleted and removed | |
2703 | - Unknown request methods all supported | |
2704 | - Follow_x_forwarder_for ported from 2.6 | |
7a6e2ecc | 2705 | - Bug #2223: Follow XFF extensions added |
af4cd9a0 | 2706 | - ... and many code and documentation cleanups |
7a6e2ecc | 2707 | |
2f954743 AJ |
2708 | Changes to squid-3.0.STABLE26 (28 Aug 2011): |
2709 | ||
2710 | - Regression: header_replace for reply headers | |
2711 | - Bug 3183: Invalid URL accepted with url host part of only '@'. | |
2712 | - Bug 3107: ncsa_auth DES silently truncates passwords to 8 bytes | |
2713 | - Bug 3056: comm.cc "!fd_table[fd].closing()" assertion from helperServerFree | |
2714 | - Bug 2991: Wrong parameters to fcntl() in commSetCloseOnExec() | |
2715 | - Bug 2933: Verification of the max. port number for WCCP2 dynamic service | |
2716 | - Bug 2922: Fix assertion failed: HttpHeader.cc: "Headers[id].stat.aliveCount" | |
2717 | - Regression Bug 2899: Restore lost rfc1738_unescape() data type | |
2718 | - Regression Bug 2879: headers end finding | |
2719 | - Bug 2876: FD_SETSIZE override not working on all linux distributions | |
2720 | - Check for NULL and empty strings before calling str*cmp(). | |
2721 | - Correct parsing of large Gopher indexes | |
2722 | ||
1a10a7e5 AJ |
2723 | Changes to squid-3.0.STABLE25 (14 Mar 2010): |
2724 | ||
2725 | - Bug 2845: Rework the http digest auth parser | |
2726 | - Bug 2787: unknown/unexpected status code messages | |
2727 | - Bug 2507: squid_ldap_group: Strip Domain name separated by + | |
2728 | - Bug 2367: stale=true on digest requests with unknown nonce | |
2729 | - ... and several other minor corrections | |
2730 | ||
6add0585 AJ |
2731 | Changes to squid-3.0.STABLE24 (13 Feb 2010): |
2732 | ||
2733 | - Bug 2858: Segment violation in HTCP | |
2734 | - Updated refresh pattern for dynamic pages | |
2735 | ||
bcd1f03d AJ |
2736 | Changes to squid-3.0.STABLE23 (02 Feb 2010): |
2737 | ||
2738 | - Bug 2856: removing assert() required for 3.0 patch for SQUID-2010:1 | |
2739 | - Regression Fix: Build error in Kerberos helper after library removal. | |
2740 | ||
61544616 AJ |
2741 | Changes to squid-3.0.STABLE22 (01 Feb 2010): |
2742 | ||
2743 | - Regression Fix: Make Squid abort on all config parse failures. | |
2744 | - Bug 2787: Reduce unexpected http status to non-critical warnings. | |
2745 | - Bug 2496: Downloading some variants in full before relaying | |
2746 | - Bug 2452: Add upper limit to external_acl_type entries. | |
2747 | - Removed optional kerberos/spnegohelp/ library due to licensing issues | |
2748 | - Add client_ip_max_connections | |
2749 | - Handle DNS header-only packets as invalid. | |
2750 | ||
06d0f369 AJ |
2751 | Changes to squid-3.0.STABLE21 (22 Dec 2009): |
2752 | ||
2753 | - Bug 2830: Clarify where NULL byte is in headers. | |
2754 | - Bug 2778: Linking issues using SunCC | |
2755 | - Bug 2395: FTP errors not displayed | |
2756 | - Bug 2155: Assertion failures on malformed Content-Range response headers | |
2757 | - Fix parsing and a few bugs in ACL time type | |
2758 | - Fix RFC keep-alive compliance on intercepted replies | |
2759 | - Improved security hardening on %nn parser | |
2760 | - Replace several GCC-specific code snippets. | |
2761 | ||
91228e4e AJ |
2762 | Changes to squid-3.0.STABLE20 (29 Oct 2009): |
2763 | ||
2764 | - Bug 2794: ESI parsing on FreeBSD | |
2765 | - Bug 2791: assertion failed: MemBuf.cc:400: new_cap > (size_t) capacity | |
2766 | - Bug 2779: Support GNU/kFreeBSD | |
2767 | - Bug 2773: Segfault in RFC2069 Digest authantication | |
2768 | - Bug 2768: squid_ldap_group argument parsing error | |
2769 | - Bug 2761: Gopher and double HTTP response header | |
2770 | - Bug 2735: Incomplete -fhuge-objects detection | |
2771 | - Bug 2722: prevent CONNECT via http_port with accel | |
2772 | - Bug 2624: Invalid response for IMS request | |
2773 | - Bug 2510: digest_ldap_auth TLS support | |
2774 | - Correct LINUX_CAPABILITY actions on non-Linux | |
2775 | ||
98df01e3 AJ |
2776 | Changes to squid-3.0.STABLE19 (06 Sep 2009): |
2777 | ||
2778 | - Bug 2745: Invalid Response error on small reads | |
2779 | - Bug 2739: DNS resolver option ndots can't be parsed from resolv.conf | |
2780 | - Bug 2734: some compile errors on Solaris | |
2781 | - Bug 2648: stateful helpers stuck in reserved if client disconnects while helper busy | |
2782 | - Bug 2541: Hang in 100% CPU loop while extacting header details using a delimiter other than comma | |
2783 | - Bug 2362: Remove support for deferred state in stateful helpers | |
2784 | - Add 0.0.0.0 as a to_localhost address | |
2785 | - Docs: Improve chroot directive documentation slightly | |
2786 | - Fixup libxml2 include magics, was failing when a configure cache was used | |
2787 | - ... and some minor testing improvements. | |
2788 | ||
b7a1ea6b AJ |
2789 | Changes to squid-3.0.STABLE18 (04 Aug 2009): |
2790 | ||
2791 | - Bug 2728: regression: assertion failed: !eof | |
2792 | - Bug 2732: reply_body_max_size smaller than error page loops | |
2793 | infinitely until out of memory | |
2794 | - Bug 2725: pconn failure if domain or client_address are unset | |
2795 | - Bug 2648: reserved helpers not shut down after reconfigure/rotate | |
2796 | - Bug 2462: make check should tell when cppunit is missing | |
2797 | - Remove excess messages about headers < minimum size | |
2798 | - Support Libtool 2.2.6 | |
2799 | ||
e7b1c518 | 2800 | Changes to squid-3.0.STABLE17 (27 Jul 2009): |
68c19036 AJ |
2801 | |
2802 | - Bug 2680 regression: Crash after rotate with no helpers running | |
2803 | - Bug 2710: squid_kerb_auth non-terminated string | |
2804 | - Bug 2679: strsep and strtoll detection failure | |
2805 | - Bug 2674: Remove limit on HTTP headers read. | |
2806 | - Bug 2659: String length overflows on append, leading to segfaults | |
2807 | - Bug 2620: Invalid HTTP response codes causes segfault | |
2808 | - Bug 2080: wbinfo_group.pl - false positive under certain conditions | |
2809 | - Bug 1087: ESI processor not quoting attributes correctly. | |
2810 | - Fix: issue with AUFS/UFS/DiskD writing objects to disk cache | |
2811 | - Several small build issues with previous release. | |
2812 | ||
950b7d55 AJ |
2813 | Changes to squid-3.0.STABLE16 (15 Jun 2009): |
2814 | ||
2815 | - Bug 2672: cacheMemMaxSize 32-bit overflow during snmpwalk | |
2816 | - Bug 2481: Don't set expires: now in generated error responses | |
2817 | - Bug 2387: The calculation of the number of hash buckets correctly | |
2818 | - Fix infinite loop in MSNT auth helper | |
2819 | - Fix FD_SETSIZE on FreeBSD | |
2820 | - Fix stripping NT domain in squid_ldap_group | |
2821 | - Fix RADIUS auth helper build | |
2822 | - Add Translate: and Unless-Modified-Since: headers to known list | |
2823 | - Make fakeauth handle NTLMv2 better | |
2824 | - Better Kerberos support detection | |
2825 | - Several Widows port fixes | |
2826 | ||
6e4fa9b4 AJ |
2827 | Changes to squid-3.0.STABLE16-RC1 (16 May 2009): |
2828 | ||
950b7d55 | 2829 | - Bug 1148: Ported from 3.1: Chunked Transfer Encoding |
6e4fa9b4 AJ |
2830 | - Bug 2648: NTLM helpers not shutting down when deferred |
2831 | ||
79200081 AJ |
2832 | Changes to squid-3.0.STABLE15 (06 May 2009): |
2833 | ||
2834 | - Regression Bug 2635: Incorrect Max-Forwards header type | |
2835 | - Bug 2652: 'Success' error on CONNECT requests | |
2836 | - Bug 2625: IDENT receiving errors | |
2837 | - Bug 2610: ipfilter support detection | |
2838 | - Bug 2578: FTP download resume failure | |
2839 | - Bug 2536: %H on HTTPS error pages | |
2840 | - Bug 2491: assertion "age >= 0" | |
2841 | - Bug 2276: too many NTLM helpers running | |
2842 | - Endian system and compiler fixes provided by the NetBSD project | |
2843 | - documentation fixes provided by the Debian project | |
2844 | ||
6c2e5932 AJ |
2845 | Changes to squid-3.0.STABLE14 (11 Apr 2009): |
2846 | ||
2847 | - Regression Fix: HTTP/0.9 in accelerator mode | |
2848 | - Bug 1232: cache_dir parameter limited to only 63 entries | |
2849 | - Bug 1868: support HTTP 207 status | |
2850 | - Bug 2518: assertion failure on restart/reconfigure | |
2851 | - Bug 2588: coredump in rDNS lookup | |
2852 | - Bug 2595: Out of bounds memory write in squid_kerb_auth | |
2853 | - Bug 2599: Idempotent start | |
2854 | - Bug 2605: Prevent setsid() on helpers in daemon mode | |
2855 | - Fix external_acl_type option parsing | |
2856 | - Fix delay pools counters on FTP | |
2857 | - Fix several issues with ident (some remain) | |
2858 | - Fix performance issues with persistent connections | |
2859 | - Fix performance issues with delay pools | |
2860 | - Fix forwarding of OPTIONS requests | |
2861 | - Add support for HTTP 1.1 Content-Disposition header | |
2862 | - Add support for Windows 7, Windows Server 2008 R2 and later | |
2863 | - ... and many small documentation updates | |
2864 | ||
f636c996 AJ |
2865 | Changes to squid-3.0.STABLE13 (03 Feb 2009): |
2866 | ||
2867 | - Fix several issues in request parsing | |
2868 | - Fix memory leak from logformat parsing | |
2869 | - Fix various ESI build errors | |
2870 | - ... and some documentation updates | |
2871 | ||
2872 | Changes to squid-3.0.STABLE12 (21 Jan 2009): | |
2873 | ||
2874 | - Bug 2533: Solaris (sparc) 64-bit build breaks with gcc/g++ | |
2875 | - Bug 2542: ICAP filters break download resume | |
2876 | - Bug 2556: HTCP fails without icp_port | |
2877 | - Bug 2564: logformat '%tl' field not working as advertised | |
2878 | - Port from 3.1: TestBed basic build consistency checks | |
2879 | - Policy: Change half_closed_clients default to off | |
2880 | - Policy: Removed -V command line option, deprecated by 2.6 | |
2881 | - ... and several other minor code cleanups | |
2882 | ||
2883 | Changes to squid-3.0.STABLE11 (24 Dec 2008): | |
2884 | ||
2885 | - Bug 2424: filedescriptors being left unnecessary opened | |
2886 | - Bug 2545: fault passing ICAP filtered traffic to peers | |
2887 | - Bug 2227: Sefgaults in MemBuf::reset during idnsSendQuery | |
2888 | - ... and some minor admin and debug cleanups. | |
2889 | ||
2890 | Changes to squid-3.0.STABLE11-RC1 (3 Dec 2008): | |
2891 | ||
2892 | - Removes patch causing cache of bad objects | |
2893 | - Bug 2526: bad security default in ACLChecklist | |
2894 | - Fixes regression: access.log request size tag | |
2895 | - Fixes cache_peer forceddomainname=X option | |
2896 | - ... and many minor documentation cleanups | |
2897 | ||
7a6e2ecc AJ |
2898 | Changes to squid-3.0.STABLE10 (14 Oct 2008): |
2899 | ||
2900 | - Bug 2391: Regression: bad assert in forwarding | |
2901 | - Bug 2447: Segfault on failed TCP DNS query | |
2902 | - Bug 2393: DNS requests getting stuck in idns queue | |
2903 | - Bug 2433: FTP PUT gives bad gateway | |
2904 | - Bug 2465: Limited DragonflyBSD support | |
2905 | - ... and other minor bugs and documentation | |
2906 | ||
2907 | Changes to squid-3.0.STABLE9 (9 Sep 2008): | |
2908 | ||
2909 | - Policy Enforcement: COSS is unusable in 3.0 | |
2910 | - Port from 3.1: Language Pack compatibility | |
2911 | - Port from 2.6: Windows Support Notes | |
2912 | - Fix several minor regressions: | |
2913 | HTCP stats reporting | |
2914 | cachemgr delay pool config | |
2915 | CARP build error | |
2916 | - Bug 2340: uudecode dependency for icons removed | |
2917 | - Bug 2352: no_check.pl ntlm challenge fix | |
2918 | - Bug 2426: buffer increase for kerberos auth fields | |
2919 | - Bug 2427: squid_ldap_group codes fix | |
2920 | - Bug 2437: peer name now shown in access.log | |
2921 | - Add sane display of unsupported method errors | |
2922 | - ... and various other code cleanups | |
2923 | ||
2924 | Changes to squid-3.0.STABLE8 (18 Jul 2008): | |
2925 | ||
2926 | - Port from 2.6: Support for cachemgr sub-actions | |
2927 | - Port from 2.6: userhash peer selection method | |
2928 | - Port from 2.6: sourcehash peer selection method | |
2929 | - Bug 2376: round-robin balancing fixes | |
2930 | - Bug 2388: acl documentation cleanup | |
2931 | - Bug 2365: cachemgr.cgi HTML output encoding | |
2932 | - Bug 2301: Regression: Log format size options | |
2933 | - Bug 2396: Correct the opening of PF device file. | |
2934 | - Bug 2400: ICAP accept mechanism | |
2935 | - Bug 2411: Regression: fakeauth_auth crashes | |
2936 | - Many fixes to the Windows support (not complete yet). | |
2937 | - Boost error pages HTML standards. | |
2938 | - Fixes several issues on 64-bit systems | |
2939 | - Fixes several issues on older or stricter compilers | |
2940 | - Linux-2.6.24/2.6.25 netfilter_ipv4.h __u32 workaround | |
2941 | - Update Release Notes: 'all' ACL is built-in since 3.0.STABLE1 | |
2942 | ||
2943 | Changes to squid-3.0.STABLE7 (22 Jun 2008): | |
2944 | ||
2945 | - Fix several ASN issues | |
2946 | - Fix SNMP reporting of counters | |
2947 | - Fix round-robin algorithms | |
2948 | - GCC 4.3 support | |
2949 | - Netfilter v1.4.0 bug workaround | |
2950 | - Bugs 2350 and 2323: memory issues | |
2951 | - Bugs 2384, 951, 1566: ESI assertions | |
2952 | - Various minor debug and documentation cleanups | |
f1233d8c AJ |
2953 | |
2954 | Changes to squid-3.0.STABLE6 (20 May 2008): | |
2955 | ||
2956 | - Bug 2254: umask Feature from 2.6 added | |
2957 | - cachemgr.cgi default config file added | |
2958 | - Several authentication bug fixes | |
2959 | - Improved Windows Support | |
2960 | - better DNS lookup methods for unqualified hostames | |
2961 | - better support for 64-bit environments | |
2962 | - Bug 2332: Crash when tunnelling | |
2963 | - Removed the advertisement clause from BSD licenses | |
2964 | according to the GPLv2+ changes in BSD | |
2965 | - ... and other bugs and minor cleanups | |
2966 | ||
2967 | Changes to squid-3.0.STABLE5 (28 Apr 2008): | |
2968 | ||
2969 | - Support for resolv.conf 'domain' option | |
2970 | - Improved URI support, including | |
2971 | longer URI up to 8192 bytes accepted | |
2972 | better handling of intercepted URI | |
2973 | better port for non-FQDN URI lookups | |
2974 | - Improved logging, including | |
2975 | Bug 3210 fixed: incorrect timestamp format in earlier 3.0 releases. | |
2976 | Fixed 'log_ip_on_direct' option behaviour | |
2977 | - Support for profiling on x86 64-bit systems | |
2978 | - .. and other bugs and minor code cleanups. | |
2979 | ||
2980 | Changes to squid-3.0.STABLE4 (2 Apr 2008): | |
2981 | ||
2982 | - Bug 2288: compile error slipped into STABLE3. | |
2983 | ||
2984 | Changes to squid-3.0.STABLE3 (31 Mar 2008): | |
2985 | ||
2986 | - Improved HTTP 1.1 support. | |
2987 | - Improved MacOSX (Leopard) support | |
2988 | - Bug 2206: Proxy-Authentication regression in STABLE2. | |
2989 | - Strip Domain from NTLM usernames for use in class 4 Delay Pools | |
2990 | - ... and other bugs and minor code cleanup | |
2991 | ||
2992 | Changes to squid-3.0.STABLE2 (1 Mar 2008): | |
2993 | ||
2994 | - Add myportname ACL for matching the accepting port name (see release notes) | |
2995 | - Add include directive for squid.conf (see release notes) | |
2996 | - Add ability to strip kerberos realm from usernames during Auth | |
2997 | - License cleanup to comply with GPLv2 or later | |
2998 | - Updated Error Pages and Translations | |
2999 | - Updated configuration examples | |
3000 | - Updated valgrind support for valgrind-3.3.0 | |
3001 | - Improved support for Windows and MacOS X Leopard | |
3002 | - Improved support for files larger than 2GB | |
3003 | - Improved support for CARP arrays and WCCPv2 | |
3004 | - Improved cachmgr, SNMP, and log reporting | |
3005 | - ... and as usual Many bug fixes since STABLE 1 | |
70c5dfb2 | 3006 | |
284237d4 | 3007 | Changes to squid-3.0.STABLE1 (13 Dec 2007): |
3ff01c3e | 3008 | |
3009 | - Major rewrite translating the code to C++, originally based on | |
3010 | Squid-2.5.STABLE1 | |
3011 | - Internal client streams concept for content adaptation | |
3012 | - ICAP (Internet Content Adaptation Protocol) client support | |
3013 | - ESI (Edge Side Includes) support added | |
284237d4 | 3014 | - Improved support for files larger than 2GB. |
3ff01c3e | 3015 | - And a lot more. Most features from Squid-2.6 is supported, but not |
3016 | all. See the release notes for details. | |
3017 | ||
9ae33c59 AJ |
3018 | |
3019 | Squid-2 ChangeLog of versions fully ported to Squid-3 follows. | |
3020 | ||
3021 | Changes to squid-2.6.STABLE22 (19 October 2008) | |
3022 | ||
3023 | - Bug #2396: Correct the opening of the PF device file. | |
3024 | - Make --with-large-files and --with-build-envirnment=default play | |
3025 | nice together | |
3026 | - Workaround for Linux-2.6.24 & 2.6.25 netfiler_ipv4.h include header | |
3027 | __u32 problem | |
3028 | - Make dns_nameserver work when using --disable-internal-dns on glibc | |
3029 | based systems | |
3030 | - Bug #2426: Increase negotiate auth token buffer size | |
3031 | - Bug #2427: squid_ldap_group -h reports the old % codes for -f | |
3032 | - Bug #2477: swap.state permission issues if crashing during "squid -k | |
3033 | reconfigure" | |
3034 | - Windows port: Fix build error using latest MinGW runtime. | |
3035 | ||
3036 | ||
3037 | ||
3ff01c3e | 3038 | Older ChangeLog follows. The sections relating to Squid-2.6 is not entirely |
3039 | authorative for this release and mirrored here for reference only. | |
f1233d8c | 3040 | |
467c94d1 | 3041 | - CARP now plays well with the other peering algorithms, |
3042 | and support for CARP peerings is compiled by default. Can be | |
3043 | disabled by --disable-carp | |
1741cbad | 3044 | - Configuration file can be read from an external program |
3045 | or preprocessor. See squid.8 man page. | |
52f772de | 3046 | - http_port is now optional, allowing for SSL only operation |
4ca261f2 | 3047 | - Satellite and other high latency peering relations enhancements |
3048 | (Robert Cohren) | |
a9245686 | 3049 | - Nuked num32 types, and made type detection more robust by the |
3050 | use of typedefs rather than #defines. | |
b5fb34f1 | 3051 | - the mailto links on Squid's ERR pages now contain data about the |
3052 | occurred error by default, so that the email will contain this data in | |
3053 | its body. This feature can be disabled via the email_err_data directive. | |
9ae33c59 | 3054 | (Clemens L?ser) |
c8f4eac4 | 3055 | - COSS now uses a file called stripe and the path in squid.conf is the |
3056 | directory this is placed in. Additionally squid -z will create the | |
3057 | COSS swapfile. | |
14f5b6c3 | 3058 | - WCCPv2 support, including mask assignment support |
5401aa8d | 3059 | - HTCP support for access control and the CRL operation for |
3060 | purgeing of cache content | |
14f5b6c3 | 3061 | - ICAP related fixes |
3062 | - Windows-related fixes, including Vista and Longhorn identification | |
3063 | - Client-side parsing and some string use optimisations | |
3064 | - Lots of off-by-one and memory leaks in corner cases have been fixed | |
3065 | thanks to valgrind | |
3066 | - Improved high-resolution profiling | |
3067 | - Windows overlapped-IO and thread support added to the Async IO disk code | |
3068 | - Improvements for handling large DNS replies | |
a7c8cce0 | 3069 | |
3ff01c3e | 3070 | Changes to squid-2.6.STABLE15 (31 Aug 2007) |
3071 | ||
3072 | - The select() I/O loop got broken by the /dev/poll addition | |
3073 | (2.6.STABLE14) | |
3074 | - Bug #2017: Fails to work around broken servers sending just the HTTP | |
3075 | headers | |
3076 | - Bug #2023: Compile error with old GCC 2.x or other ANSI-C compilers | |
3077 | before C99 | |
3078 | - squid.conf.default updated and reorganised in more sensible groups | |
3079 | - correct and document the syslog access_log format | |
3080 | - Armenian error pages translation | |
3081 | - digest_ldap_helper usage help updated | |
3082 | - Bug #1560: ftpSendPasv: getsockname(-1,..): (9) Bad file descriptor | |
3083 | - Improve delay pools in low traffic environment by checking timeouts | |
3084 | at a steady 1 second interval even when there is not much activity | |
3085 | - Don't request authentication on transparently intercepted | |
3086 | connections | |
3087 | - Cleanup linux capabilities for tproxy | |
3088 | - Bug #2003: 'via' config directive doesn't affect response headers | |
3089 | - Bug #1902: Adds Numeric Hit and invalid request counters to IP Cache | |
3090 | - Add missing $|=1 to squid_db_auth | |
3091 | - Bug #2050: Persistent connection dropped if cache has no | |
3092 | Content-Length | |
3093 | - Verify the URL on memory cache hits | |
3094 | - Bug #2057: NTLM stop work in messengers after upgrade to 2.6.STABLE14 | |
3095 | - Bug #1972: Squid sets peers to down state when they are in fact | |
3096 | working. | |
3097 | - potential segmentation fault in storeLocateVary() | |
3098 | - Bug #2066: chdir after chroot | |
3099 | - Windows port: Fix compiler warnings when building Squid as | |
3100 | application (not Windows service mode) | |
3101 | - Spelling correction of received | |
3102 | ||
3103 | Changes to squid-2.6.STABLE14 (15 Jul 2007) | |
3104 | ||
3105 | - squid.conf.default cleanup to have options in their proper sections. | |
3106 | - documentation correction in the refresh_pattern ignore-auth option | |
3107 | - URI-escaping not uses the recommended upper-case hex codes | |
3108 | - refresh_pattern min-age 0 correted to really mean 0, and not 1 second | |
3109 | - Always use xisxxxx() Squid defined macros instead of ctype | |
3110 | functions. | |
3111 | - Kerberos SPNEGO/Negotiate helper for the negotiate scheme | |
3112 | - Database basic auth helper using Perl DBI to connect to most SQL DBs | |
3113 | - Solaris /dev/poll network I/O support | |
3114 | - configure fixes to make cross compilation somewhat easier | |
3115 | - Removed incorrect -a reference from http_port documentation | |
3116 | - Bug #1900: Double "squid -k shutdown" makes Squid restart again | |
3117 | - Bug #1968: Squid hangs occasionally when using DNS search paths | |
3118 | - Novell eDirectory digest auth helper (digest_edir_auth) | |
3119 | - Bug #1130: min-size option for cache_dir | |
3120 | - POP3 basic auth helper querying a POP3 server | |
3121 | - Cosmetic squid_ldap_auth fixes from Squid-3 | |
3122 | - Bug #1085: Add no-wrap to cache manager HTML tables | |
3123 | - Automatically restart if number of available filedescriptors becomes | |
3124 | alarmingly low, preventing a situation where Squid would otherwise | |
3125 | permanently stop processing requests. | |
3126 | - Bug #2010: snmp_core.cc:828: warning: array subscript is above | |
3127 | array bounds | |
3128 | - Deal better with forwarding loops | |
3129 | ||
3130 | Changes to squid-2.6.STABLE13 (11 May 2007) | |
3131 | ||
3132 | - Make sure reply headers gets sent even if there is no body available | |
3133 | yet, fixing RealMedia streaming over HTTP issues. | |
3134 | - Undo an accidental name change of storeUnregisterAbort. | |
3135 | - Kill an ancient malplaced storeUnregisterAbort call from ftp.c | |
3136 | - Bug #1814: SSL memory leak on persistent SSL connections | |
3137 | - Don't log ECONNREFUSED/ECONNABORTED accept failures in cache.log | |
3138 | - Cosmetic fix: added missing newline in WCCPv2 configuration dump. | |
3139 | - Ukrainan error messages | |
3140 | - Convert various error pages from DOS to UNIX text format | |
3141 | - Bug #1820: COSS assertion failure t->length == MD5_DIGEST_CHARS | |
3142 | - Clarify the max-conn=n cache_peer option syntax slightly | |
3143 | - Bug #1892: COSS segfault on shutdown | |
3144 | - Windows port: fix undefined ECONNABORTED | |
3145 | - Make refreshIsCachable handle ETag as a cache validator, not | |
3146 | only last-modified | |
3147 | - in_port_t is not portable, use unsigned short instead | |
3148 | - Fix fs / auth / snmp dependencies | |
3149 | - Portability: statfs() may reqire #include <sys/statfs.h> | |
3150 | ||
3151 | Changes to squid-2.6.STABLE12 (20 Mar 2007) | |
3152 | ||
3153 | - Assertion error on TRACE | |
3154 | ||
3155 | Changes to squid-2.6.STABLE11 (17 Mar 2007) | |
3156 | ||
3157 | - Bug #1915: assertion failed: client_side.c:4055: "buf != NULL || | |
3158 | !conn->body.request" | |
3159 | - Handle garbage helper responses better in concurrent protocol format | |
3160 | - Fix kqueue when overflowing the changes queue | |
3161 | - Make sure the child worker process commits suicide if it could | |
3162 | not start up | |
3163 | - Don't log short responses at debug level 1 | |
3164 | - Fix bswap16 & bwsap32 error on NetBSD | |
3165 | - Fix collapsed_forwarding for non-GET requests | |
3166 | ||
3167 | Changes to squid-2.6.STABLE10 (4 Mar 2007) | |
3168 | ||
3169 | - Upgrade HTTP/0.9 responses to our HTTP version (HTTP/1.0) | |
3170 | - various diskd bugfixes | |
3171 | - In the access.log hierarchy field log the unique peer name | |
3172 | instead of the host name | |
3173 | - unlinkdClose() should be called after (not before) storeDirSync() | |
3174 | - CLEAN_BUF_SZ was defined, but never used anywhere | |
3175 | - logging HTTP-request size | |
3176 | - Fix icmp pinger communication on FreeBSD and other not supporing | |
3177 | large dgram AF_UNIX sockets | |
3178 | - Release objects on swapin failure | |
3179 | - Bug #1787: Objects stuck in cache if origin server clock in future | |
3180 | - Bug #1420: 302 responses with an Expires header is always cached | |
3181 | - Primitive support for HTTP/1.1 chunked encoding, working around | |
3182 | broken servers | |
3183 | - Clean up relations between TCP probing and DNS checks of peers with | |
3184 | no known addresses. | |
3185 | - Fix a minor HTML coding error in ftp directory listings with // in | |
3186 | the path | |
3187 | - Bug #1875, #1420. Cleanup of refresh logics when dealing with | |
3188 | non-refreshable content | |
3189 | - Gopher cleanups and bugfixes | |
3190 | - Negotiate authentication fixed again. Broken since STABLE7 by the | |
3191 | patch for Bug #1792. | |
3192 | - Bug #1892: COSS tries to shut down the same directory twice on exit | |
3193 | - Bug #1908: store*DirRebuildFromSwapLog() ignores some SWAP_LOG_DEL | |
3194 | entries | |
3195 | - Added support for Subversion HTTP request methods MKACTIVITY, | |
3196 | CHECKOUT and MERGE. | |
3197 | ||
3198 | Changes to squid-2.6.STABLE9 (24 Jan 2007) | |
3199 | ||
3200 | - Bug #1878: If-Modified-Since broken in 2.6.STABLE8 | |
3201 | - Bug #1877 diskd bug in storeDiskdIOCallback() | |
3202 | ||
3203 | Changes to squid-2.6.STABLE8 (21 Jan 2007) | |
3204 | ||
3205 | - Bug #1873: authenticateNTLMFixErrorHeader: state 4. | |
3206 | - Document the https_port vhost option, useful in combination with | |
3207 | a wildcard certificate | |
3208 | - Document the existence of connection pinning / forwarding of NTLM | |
3209 | auth and a few other features overlooked in the release notes. | |
3210 | - Spelling correction of the ssl cache_peer option | |
3211 | - Add back the optional "accel" http_port option. Makes accelerator | |
3212 | mode configurations easier to read. | |
3213 | - Bug #1872: Date parsing error causing objects to get unexpectedly | |
3214 | cached. | |
3215 | - Cleanup to have the access.log tags autogenerated from enums.h | |
3216 | - Bug #1783: STALE: Entry's timestamp greater than check time. Clock | |
3217 | going backwards? | |
3218 | - Don't update object timestamps on a failed revalidation. | |
3219 | - Fix how ftp://user@host URLs is rendered when Squid is built with | |
3220 | leak checking enabled | |
3221 | ||
3222 | Changes to squid-2.6.STABLE7 (13 Jan 2007) | |
3223 | ||
3224 | - Windows port: Fix intermittent build error using Visual Studio | |
3225 | - Add missing tproxy info from the dump of http port configuration | |
3226 | - Bug #1853: Support for ARP ACL on NetBSD | |
3227 | - clientNatLookup(): fix wrong function name in debug messages | |
3228 | - Convert ncsa_auth man page from DOS to Unix text format. | |
3229 | - Bug #1858: digest_ldap_auth had some remains of old hash format | |
3230 | - Correct the select_loops counter when using select(). Was counted twice | |
3231 | - Clarify the http_port vhost option a bit | |
3232 | - Fix cache-control: max-stale without value or bad value | |
3233 | - Bug #1857: Segmentation fault on certain types of ftp:// requests | |
3234 | - Bug #1848: external_acl crashes with an infinite loop under high load | |
3235 | - Bug #1792: max_user_ip not working with NTLM authentication | |
3236 | - Bug #1865: deny_info redirection with authentication related acls | |
3237 | - Small example on how to use the squid_session helper | |
3238 | - Bug #1863: cache_peer monitorurl, monitorsize and monitorinterval not working properly | |
3239 | - Clarify the transparent http_port option a bit more | |
3240 | - Bug #1828: squid.conf docutemtation error for proxy_auth digest | |
3241 | - Bug #1867: squid.pid isn't removed on shutdown | |
3242 | ||
3243 | Changes to squid-2.6.STABLE6 (12 Dec 2006) | |
3244 | ||
3245 | - Bug #1817: Assertion failure assert(buflen >= copy_sz) in htcp.c htcpBuildAuth() | |
3246 | - Add client source port logformat tag >p | |
3247 | - Cleanup of transparent & accelerator mode request parsing to untangle the firewall dependencies a bit | |
3248 | - Bug #1799: Harmless 1 byte buffer overflow on long host names in /etc/hosts | |
3249 | - automake no longer recommends mkinstalldirs. Removed. | |
3250 | - Only use crypt() if it's available, allowing ncsa_auth to be built | |
3251 | on platofms without crypt() support. | |
3252 | - Windows port documentation updates | |
3253 | - Bug #1818: Assertion failure assert(e->swap_dirn >= 0) in fs/coss/store_dir_coss.c storeCoss_DeleteStoreEntry | |
3254 | - Bug #1117: assertion failed: aufs/store_dir_aufs.c:642: "rb->flags.need_to_validate" | |
3255 | - Remove extra newline in redirect message sent by deny_info http://... aclname | |
3256 | - Bug #1805: assertion failed: StatHist.c:195: "D[i] >= 0" | |
3257 | - Clarify the external_acl_type helper format specification and some defaults | |
3258 | - Add support for the weight= parameter to round-robin peers | |
3259 | - Bug #1832: Error building squid-2.6.STABLE5 using --enable-truncate | |
3260 | - Convert snmpDebugOid to use a temporary String object instead of strcat | |
3261 | - Document that proxy_auth also accepts -i for case-insensitive operation | |
3262 | - Remove malloc/free of temporary buffer in time parsing routines. | |
3263 | - Reduce memory allocator pressure by not continually allocating client-side read buffers | |
3264 | - Accept large dates >2^31 on 64-bit platformst. Seen for example in the Google logo. | |
3265 | - Convert the connStateData->chr single link list to a normal dlink_list for clarity. | |
3266 | - Bug #1584: Unable to register with multiple WCCP2 routers | |
3267 | - Fix the WCCPv2 mask assignment code to not crash as the value assignments are built. | |
3268 | - Bug #439: Multicast ICP peering is unstable and considers most peers dead | |
3269 | - Bug #1801: NTLM authentication ends up in a loop if the server responds with a retriable error | |
3270 | - Bug #1839: Cosmetic debug message cleanup in peerHandleHtcpReply. | |
3271 | - Bug #1840: Disable digest and netdb queries to multicast peers | |
3272 | - Bug #1641: assertion failed: stmem.c:149: "size > 0" while processing certain Vary objects | |
3273 | - Fix build errors when using latest MinGW Windows environment | |
3274 | ||
3275 | Changes to squid-2.6.STABLE5 (3 Now 2006) | |
3276 | ||
3277 | - Bug #1776: 2.6.STABLE4 aufs fails to compile if coss isn't enabled | |
3278 | - COSS improvements and cleanups | |
3279 | - SNMP linking issue resolved, enabling SNMP support to be build in all platforms | |
3280 | - Bug #1784: access_log syslog results in blanks syslog lines between every entry | |
3281 | - Bug #1719: Incorrect error message on invalid cache_peer specifications | |
3282 | - Bug #1785: Memory leak in handling of negatively cached objects | |
3283 | - Bug #1780: Incorrect Vary processing in combination with collapsed_forwarding | |
3284 | - Bug #1782: Memory leak in ncsa_auth on password changes | |
3285 | - Suppress some annoying coss startup messages raising the debug level to 2. | |
3286 | - Clarify the external_acl_helper concurrency= change. | |
3287 | - aioDone() could be called twice from aufs and from coss (when using AIOPS) during shutdown. | |
3288 | - Bug #1794: Accept 00:00-24:00 as a valid time specification even if redundand and the same as 00:00-23:59 | |
3289 | - Bug #1795: Theoretical memory leak in storeSetPublicKey | |
3290 | - Removing port 563 from the default SSL_ports and Safe_ports ACLs | |
3291 | - Bug #1724: Automatically enable Linux Netfilter support with --enable-linux-tproxy. | |
3292 | - Bug #1800: squid -k reconfigure crash when using req/rep_header acls | |
3293 | - Clarify the select/poll/kqueue/epoll configure --enable/disable options | |
3294 | - Bug #1779: Delay pools fairness when multiple connections compete for bandwidth | |
3295 | - Bug #1802: Crash on exit in certain conditions where cache.log is not writeable | |
3296 | - Bug #1796: Assertion error HttpHeader.c:914: "str" | |
3297 | - Bug #1790: Crash on wccp2 + mask assignement + standard wccp service | |
3298 | - Silence harmless gcc compile warning. | |
3299 | - Clean up poll memory on shutdown | |
3300 | - Ported select, poll and win32 to new comm event framework | |
3301 | - Windows port: Correctly identify Windows Vista and Windows Server Longhorn | |
3302 | - Added a basic comm_select_simple comm loop only requiring minimal POSIX compliance. | |
3303 | - Safeguard from kb_t counter overflows on 32-bit platforms | |
3304 | ||
3305 | Changes to squid-2.6.STABLE4 (23 Sep 2006) | |
3306 | ||
3307 | - Bug #1736: Missing Italian translation of ERR_TOO_BIG error page | |
3308 | - Windows port enhancement: added native exception handler with signal emulation | |
3309 | - Fix the %un log_format tag again. Got broken in 2.6.STABLE2 | |
3310 | - Fix Squid crash when using %a in ERR_INVALID_REQ and ERR_INVALID_URL error messages. | |
3311 | - Bug #212: variable %i always 0.0.0.0 in many error pages | |
3312 | - Bug #1708: Ports in ACL accepts characters and out of range | |
3313 | - Bug #1706: Squid time acl accepts invalid time range. | |
3314 | - Fix another harmless fake_auth compiler warning on gcc 4.1.1 x86 | |
3315 | - Fix an harmless snmp_core.c compiler warning on gcc 4.1.1 x86 | |
3316 | - Bug #1744: squid-2.6.STABLE3 - fakeauth_auth crashing on certain requests | |
3317 | - Bug #1746: Harmless off by one overrun in ncsa_auth md5 password validation | |
3318 | - Bug #1598: start_announce cannot be disabled | |
3319 | - Periodically flush cache.log to disk when "buffered_logs on" is set | |
3320 | - Numerous COSS improvements and fixes | |
3321 | - Windows port: merge of MinGW support | |
3322 | - Windows port: Merged Windows threads support into aufs | |
3323 | - Bug #1759: Windows port cachemgr.cgi attempts to write to file system root directory | |
3324 | - Numerous portability fixes | |
3325 | - Various minor statistics cleanup on 64-bit hosts with more than 4GB of memory | |
3326 | - Bug #1758: HEAD on ftp:// URLs always returned 200 OK. | |
3327 | - Bug #1760: FTP related memory leak | |
3328 | - Bug #1770: WCCP2 weighted assignment | |
3329 | - Bug #1768: Redundant DNS PTR lookups | |
3330 | - Bug #1696: Add support for wccpv2 mask assignment | |
3331 | - Bug #1774: ncsa_auth support for cramfs timestamps | |
3332 | - Bug #1769: near-hit and filedescriptor usage missing in SNMP MIB | |
3333 | - Bug #1725: cache_peer login=PASS documentation somewhat confusing | |
3334 | - Bug #1590: Silence those ETag loop warnings | |
3335 | - Bug #1740: Squid crashes on certain malformed HTTP responses | |
3336 | - Bug #1699: assertion failed: authenticate.c:836: "auth_user_request != NULL" | |
3337 | - Improve error reporting on unexpected CONNECT requests in accelerator mode | |
3338 | - Cosmetic change to increase cache.log detail level on invalid requests | |
3339 | - Bug #1229: http_port and other directives accept invalid ports | |
3340 | - Reject http_port specifications using both transparent and accelerator options | |
3341 | - Cosmetic cleanup to not dump stacktraces on configuration errors | |
3342 | ||
3343 | ||
3344 | Changes to squid-2.6.STABLE3 (18 Aug 2006) | |
3345 | ||
3346 | - Bug #1577: assertion failed "fm->max_n_files <= (1 << 24)" on | |
3347 | very large cache_dir. Limit number of objects stored to slightly | |
3348 | less to avoid this. | |
3349 | - Bug #1705: Correct error message on invalid time weekday specification | |
3350 | - Don't attempt to guess netmask in src/dst acl specifications | |
3351 | if none was provided. Assume it's an IP even if it ends in 0 | |
3352 | - Bug #1665: log_format %ue, %us tags for external or ssl user id | |
3353 | - Bug #1707: delay pools often ignored the set limit | |
3354 | - Bug #1716: Support for recent OpenSSL 0.9.7 versions | |
3355 | (0.9.8 always worked) | |
3356 | - COSS fixes and performance improvements | |
3357 | - Memory leak when reading configuration files with overlapping | |
3358 | ACL data where squid -k parse complains. | |
3359 | - Memory leak related to pinned connections | |
3360 | - Show include acls unexpanded in cachemgr configuration dumps | |
3361 | - Fixed WARNING defer handler for HTTP Socket does not call commDeferFD | |
3362 | - Bug #1304: Downloads may hang when using the cache_dir max-size option | |
3363 | - Optimization of network I/O | |
3364 | - Bug #1730: make problem with --enable-follow-x-forwarded-for on Solaris | |
3365 | - Fixed a memory leak on certain invalid requests | |
3366 | - Bug #1733: ERR_CANNOT_FORWARD Portuguese translation update | |
3367 | - Bug #582: ntlm fake_auth not handles non-ascii login names | |
3368 | - New startup message indicating the type of event loop used | |
3369 | - Bug #1602: TCP fallback on truncated DNS responses | |
3370 | - Bug #1667: assertion failed: store.c:1081: "e->store_status == STORE_PENDING" | |
3371 | - Bug #1723: cachemgr now works in accelerator mode | |
3372 | ||
3373 | Changes to squid-2.6.STABLE2 (31 Jul 2006) | |
3374 | ||
3375 | - WCCP2 doesn't update statCounter.syscalls.sock.sendtos counter. | |
3376 | - Releasenotes Table of contents should use relative links without | |
3377 | filename. | |
3378 | - Reject HTTP/0.9 formatted CONNECT requests. | |
3379 | - Cosmetic cleanup to use safe_free instead of xfree + manual | |
3380 | assign to NULL | |
3381 | - Bug #1650: transparent interception "Unable to forward this | |
3382 | request at this time" | |
3383 | - Bug #1658: Memory corruption when using client-side SSL certificates | |
3384 | - Add storeRecycle; a storeIO method to delete a StoreEntry w/out | |
3385 | deleting the underlying object. | |
3386 | - Many COSS fixes and new coss data dumper utility for diagnostics | |
3387 | - Bug #1669: SEGV in storeAddVaryReadOld | |
3388 | - Many fixes in debug sections and spelling of debug messages | |
3389 | - Don't keep client connection persistent if there was a mismatch in | |
3390 | the response size. | |
3391 | - Move eventCleanup debug messages to debug level 2 (was 0) | |
3392 | - Add the missing concurrency parameters to basic and digest auth | |
3393 | schemes | |
3394 | - Bug #1670: assertion failure: i->prefix_size > 0 in client_side.c:2509 | |
3395 | - Log SSL user id in the custom log User name format (%un) | |
3396 | - Bug #1653: Username info not logged into Cachemgr active_requests | |
3397 | statistics | |
3398 | - Added to the redirectors interface the support for SSL client | |
3399 | certificate | |
3400 | - squid.conf.default cleanup to remove references to old options | |
3401 | - Fix many filedescriptors in combination with TPROXY | |
3402 | - Fix connection pinning in transparently intercepted connections | |
3403 | - Bug #1679: LDFLAGS not honored in some programs. | |
3404 | - Minor cleanup of port numbers in transparent interception or | |
3405 | vhost + vport | |
3406 | - Bug #1671: transparent interception fails with FreeBSD ipfw or | |
3407 | Linux-2.2 ipchains | |
3408 | - Bug #1660: Accept-Encoding related memory corruption | |
3409 | - Bug #1651: Odd results if url_rewriter defined multiple times | |
3410 | - Bug #1655: Squid does not produce coredumps under linux when | |
3411 | started as root | |
3412 | - Bug #1673: cache digests not served to other caches | |
3413 | - Cleanup of Linux capability code used by tproxy | |
3414 | - Bug #1684: xstrdup: tried to dup a NULL pointer! | |
3415 | - Bug #1668: unchecked vsnprintf() return code could lead to log | |
3416 | corruption | |
3417 | - Bug #1688: Assertion failure in HttpHeader.c in some header_access | |
3418 | configurations | |
3419 | - Cygwin support fir --disable-internal-dns | |
3420 | - Silence those annoying sslReadServer: Connection reset by peer | |
3421 | errors. | |
3422 | - Bug #1693: persistent connections broken in transparent | |
3423 | interception mode | |
3424 | - Bug #1691: multicast peering issues | |
3425 | - Bug #1696: Correct WCCP2 processing of router capability info | |
3426 | segments | |
3427 | - Bug #1694: Assertion failure in mgr:config if using | |
3428 | access_log_format %<h | |
3429 | - Bug #1677: Duplicate etags in the If-None-Match header | |
3430 | - Bug #1665: access_log_format codes for login names from external | |
3431 | acl or ssl | |
3432 | - Bug #1681: All ntlmauthenticator processes are busy | |
3433 | - Added ARP acl support for OpenBSD and ARP fixes for Windows | |
3434 | - Bug #1700: WCCP fails on FreeBSD (Unable to disconnect WCCP out | |
3435 | socket) | |
3436 | - WCCP2 correct dampening of assign buckets when there it lots of | |
3437 | changes | |
3438 | - minimum_expiry_time to tune the magic 60 seconds limit of what | |
3439 | is considered cachable when the object doesn't have any cache | |
3440 | validators. | |
3441 | - Bug #1703: wrong path to diskd helper corrected, and config | |
3442 | parser extended to trap incorrect paths early | |
3443 | - Bug #1703: COSS failed to initialize async-io threads | |
3444 | - Bug #1703: should abort if diskd helper exits unexpectedly | |
3445 | - Bug #1702: Warn if acl name is too long | |
3446 | - Bug #1685: Crashes or other odd results after storeSwapMetaUnpack: errors | |
3447 | - wccp2_rebuild_wait directive to delay registering with WCCP until the | |
3448 | - Bug #1662: Infinite loop in external acl with grace period if the | |
3449 | same http_access line had multiple external acls | |
3450 | ||
3451 | Changes to squid-2.6.STABLE1 (1 Jul 2006) | |
3452 | ||
3453 | - New --enable-default-hostsfile configure option | |
3454 | - Added username info to active_requests cachemgr stats | |
3455 | - Modified squid MIB to incorporate squid.conf visible_hostname | |
3456 | - Added multi-line capability in squid.conf | |
3457 | - Added new httpd_suppress_version_string configuration directive | |
3458 | - WCCPv2 support | |
3459 | - Negotiate authentication scheme support | |
3460 | - NTLM authentication scheme rewritten | |
3461 | - Customizable access log formats | |
3462 | - Selective access logging | |
3463 | - Access logging via syslog | |
3464 | - Reverse proxy enhancements, with new cache_peer based forwarding | |
3465 | model. | |
3466 | - LDAP based Digest helper (Note: not true LDAP integration, just using | |
3467 | LDAP for storage of the Digest hashes) | |
3468 | - Improved helper communication protocol | |
3469 | - External ACL improvements. %PATH, log=, grace=, and more.. | |
3470 | - Improved SSL support with hardware offload, client certificate | |
3471 | support (primitive), chained certificates and numerous bug fixes | |
3472 | - DNS lookups now use the search path from /etc/resolv.conf or | |
3473 | the Windows registry | |
3474 | - Linux epoll support | |
3475 | - collapsed forwarding to optimize reverse proxies or other | |
3476 | setups having very many clients going to the same URL | |
3477 | - New improved COSS implementation | |
3478 | - Optional support for blank passwords | |
3479 | - The old and obsolete Samba-2.2.X winbind helpers have been removed | |
3480 | - external acls now uses the simplified URL-escaped protol "3.0" by | |
3481 | default. | |
3482 | - Linux TPROXY support | |
3483 | - Support for proxying of Microsoft Integrated Login by adding | |
3484 | support for the deviations from the HTTP protocol required | |
3485 | to support these authentication mechanisms | |
3486 | - Added the capability to run as a Windows service under Cygwin | |
3487 | - CARP now plays well with the other peering algorithms | |
3488 | - read_ahead_gap option to read ahead more than 16KB of the reply | |
3489 | - check_hostnames and allow_underscore squid.conf options | |
3490 | - http_port is now optional, allowing for SSL only operation | |
3491 | - Full ETag/Vary support, caching responses which varies with | |
3492 | request details (browser, language etc). | |
3493 | - umask now defaults to 027 to protect the content of cache and | |
3494 | log files from local users | |
3495 | - HTCP support for access control and the CRL operation for | |
3496 | purgeing of cache content | |
3497 | - Optionally follow X-Forwarded-For headers to determine the original | |
3498 | client IP behind sedond level proxies | |
3499 | - FreeBSD kqueue support | |
3500 | ||
3501 | Changes to squid-2.5.STABLE14 (20 May 2006) | |
3502 | - [Minor] icons not displayed when visible_hostname is a | |
3503 | short hostname (without domain). (Bug #1532) | |
3504 | - [Medium] Memleak in HTCP client code (default disabled) | |
3505 | (Bug #1553) | |
3506 | - [Major] memory leak in ident processing (Bug #1557) | |
3507 | - [Medium] Memory leak in header processing related to external_acl | |
3508 | header detail format tag (Bug #1564) | |
3509 | ||
3510 | Changes to squid-2.5.STABLE13 (12 Mar 2006) | |
3511 | - [Minor] Fails to compile on Solaris and some other platforms | |
3512 | with undefined reference to setenv (Bug #1435) | |
3513 | - [Cosmetic] Added WebDAV REPORT method to know HTTP methods list | |
3514 | - [Minor] Squid ntlm_auth (not the Samba provided one) giving | |
3515 | odd results if --enable-ntlm-fail-open is used (Bug #1022) | |
3516 | - [Minor] wbinfo_group.pl doesn't work with Samba 3.0.21 and later | |
3517 | (Bug #1472) | |
3518 | - [Minor] Squid crash when asyncio function counters url accessed | |
3519 | from Cachemgr CGI (Bug #1464) | |
3520 | - [Cosmetic] Linux compile warning about prctl called with too few | |
3521 | arguments (Bug #1483) | |
3522 | - [Minor] Wrong timezone declaration for 64 bit Irix (Bug #1479) | |
3523 | - [Minor] Some 206 responses logged incorrectly (Bug #1511) | |
3524 | - [Minor] Issues in processing ranges on objects >2GB (Bug #437) | |
3525 | - [Cosmetic] Segmentation fault on empty proxy_auth ACLs (Bug #1414) | |
3526 | - [Minor] Ident access lists don't work in delay_access statements | |
3527 | (Bug #1428) | |
3528 | - [Minor] Some clients support NTLM even if not initially negotiating | |
3529 | persistent connections (Bug #1447) | |
3530 | - [Medium] 504 Gateway Time-out on FTP uploads (Bug #1459) | |
3531 | - [Medium] delay pools given too much bandwidht after "-k reconfigure" | |
3532 | (Bug #1481) | |
3533 | - [Cosmetic] New persistent_connection_after_error configuration | |
3534 | directive (Bug #1482) | |
3535 | - [Cosmetic] Hangs at 100% CPU if /dev/null is not accessible (Bug | |
3536 | #1484) | |
3537 | - [Minor] Fails to compile on Fedora Core 5 test 2 x86_64 (Bug #1492) | |
3538 | - [Cosmetic] Typo in ftp.c (Bug #1507) | |
3539 | - [Cosmetic] Error in FTP listings of files with -> in their name | |
3540 | (Bug #1508) | |
3541 | - [Cosmetic] With Squid-2.5 there is no more the DUPLICATE IP logging | |
3542 | in cache.log (Bug #779) | |
3543 | - [Minor] Fails to process long host names (Bug #1434) | |
3544 | - [Cosmetic] Azerbaijani errors translation (Bug #1454) | |
3545 | - [Cosmetic] misleading error message message for bad/unresolveable | |
3546 | cache_peer name (Bug #1504) | |
3547 | - [Cosmetic] confusing statistics on stateful helpers (NTLM auth) | |
3548 | (Bug #1506) | |
3549 | - [Major] connstate memory leak (Bug #1522) | |
3550 | ||
3551 | Changes to squid-2.5.STABLE12 (22 Oct 2005) | |
3552 | ||
3553 | - [Major] Error introduced in 2.5.STABLE11 causing truncated responses | |
3554 | when using delay pools (Bug #1405) | |
3555 | - [Cosmetic] Document that tcp_outgoing_* works badly in combination | |
3556 | with server_persistent_connections (Bug #454) | |
3557 | - [Cosmetic] Add additinal tracing to squid_ldap_auth making | |
3558 | diagnostics easier on squid_ldap_auth configuration errors | |
3559 | (Bug #1395) | |
3560 | - [Minor] $HOME not set when started as root (Bug #1401) | |
3561 | - [Minor] httpd_accel_single_host breaks in combination with | |
3562 | server_persistent_connections (Bug #1402) | |
3563 | - [Cosmetic] Setting CACHE_HTTP_PORT to configure was only partially | |
3564 | implemented, effectively ignored. (Bug #1403) | |
3565 | - [Minor] CNAME based DNS addresses could get cached for longer | |
3566 | than intended (Bug #1404) | |
3567 | - [Minor] Incorrect handling of squid-internal-dynamic/netdb exchanges | |
3568 | in transparently intercepting proxies (Bug #1410). | |
3569 | - [Minor] Cache revalidations on HEAD requests causing poor cache | |
3570 | hit ratio (Bug #1411). | |
3571 | - [Minor] Not possible to send 302 redirects via a redirector in | |
3572 | response to CONNECT requests (bug #1412) | |
3573 | - [Minor] Incorrect handling of Set-Cookie on cache refreshes (Bug | |
3574 | #1419) | |
3575 | - [Major] Segmentation fault crash in rfc1738_do_escape (Bug #1426) | |
3576 | - [Minor] Delay pools class 3 fails on clients in network 255 | |
3577 | (Bug #1431) | |
3578 | ||
3579 | Changes to squid-2.5.STABLE11 (22 Sep 2005) | |
3580 | ||
3581 | - [Minor] Workaround for servers sending double content-length headers | |
3582 | (Bug #1305) | |
3583 | - [Cosmetic] Updated Spanish error messages by Nicolas Ruiz | |
3584 | - [Cosmetic] Date header corrected on internal objects (icons etc) | |
3585 | (Bug #1275) | |
3586 | - [Minor] squid -k fails in combination with chroot after patch for | |
3587 | bug 1157 (Bug #1307) | |
3588 | - [Cosmetic] Segmentation fault if compiled with | |
3589 | --enable-ipf-transparent but denied access to the NAT device. | |
3590 | (Bug #1313) | |
3591 | - [Minor] httpd_accel_signle_host incompatible with redireection | |
3592 | (Bug #1314) | |
3593 | - [Minor] squid -k reconfigure internal corruption if the type of | |
3594 | a cache_dir is changed (Bug #1308) | |
3595 | - [Minor] SNMP GETNEXT fails if the given OID is outside the Squid MIB | |
3596 | (Bug #1317) | |
3597 | - [Minor] Title in FTP listings somewhat messed up after previous | |
3598 | patch for bug 1220 (Bug #1220) | |
3599 | - [Minor] FTP listings uses "BASE HREF" much more than it needs to, | |
3600 | confusing authentication. (Bug #1204) | |
3601 | - [Minor] winfo_group.pl only looked for the first group if multiple | |
3602 | groups were defined in the same acl. (Bug #1333) | |
3603 | - [Cosmetic] Compiler warnings on some 64-bit platforms (Bug #1316) | |
3604 | - [Cosmetic] Removed some debug output from wb_ntlm_atuh (Bug #518) | |
3605 | - [Cosmetic] The new --with-build-environment=... option doesn't work | |
3606 | - [Cosmetic] New 'mail_program' configuration option in squid.conf | |
3607 | - [Minor] Fails to compile with ip-filter and ARP support on Solaris | |
3608 | x86 (Bug #199) | |
3609 | - [Major] Segmentation fault in sslConnectTimeout (Bug #1355) | |
3610 | - [Medium] assertion failed in StatHist.c:93 (Bug #1325) | |
3611 | - [Minor] More chroot_dir and squid -k reconfigure issues (Bug #1331) | |
3612 | - [Cosmetic] Invalid URLs in error messages when failing to connect | |
3613 | to peer, and a few other inconsistent error messages (Bug #1342) | |
3614 | - [Cosmetic] Fails to compile with glibc -D_FORTIFY_SOURCE=2 | |
3615 | (Bug #1344) | |
3616 | - [Minor] Some odd FTP servers respond with 250 where 226 is expected | |
3617 | (Bug #1348) | |
3618 | - [Cosmetic] Greek translation of error messages (Bug #1351) | |
3619 | - [Major] Assertion failed store_status == STORE_PENDING (Bug #1368) | |
3620 | - [Minor] squid_ldap_auth -U does not work (Bug #1370) | |
3621 | - [Minor] SNMP cacheClientTable fails on "long" IP addresses | |
3622 | (Bug #1375) | |
3623 | - [Minor] Solaris Sparc + IP-Filter compile error (Bug #1374) | |
3624 | - [Minor] E-mail sent when cache dies is blocked from many antispam | |
3625 | rules (Bug #1380) | |
3626 | - [Minor] LDAP helpers does not work with TLS (-Z option) (Bug #1389) | |
3627 | - [Cosmetic] Incorrect store dir selection debug message on objects | |
3628 | larger than 2Gigabyte (Bug #1343) | |
3629 | - [Cosmetic] header_id enum misused as an signed integer (Bug #1343) | |
3630 | - [Cosmetic] Allow leaving core dumps when started as root (Bug #1335) | |
3631 | - [Medium] Clients could bypass delay_pool settings by faking a cache | |
3632 | hit request (Bug #500) | |
3633 | - [Minor] IP-Filter 4.X support (Bug #1378) | |
3634 | - [Medium] Odd results on pipelined CONNECT requests | |
3635 | - [Major] Squid crashing with "FATAL: Incorrect scheme in auth header" | |
3636 | when using NTLM authentication. | |
3637 | - [Cosmetic] Odd results when pipeline_prefetch is combined with NTLM | |
3638 | authentication (bug #1396) | |
3639 | - [Minor] invalid host was processed as IP 255.255.255.255 in dst acl | |
3640 | (Bug #1394) | |
3641 | - [Cosmetic] New --with-maxfd=N configure option to override build | |
3642 | time filedescriptor limit test | |
3643 | - [Minor] Added support for Windows code name "Longhorn" on Cygwin. | |
3644 | ||
3645 | Changes to squid-2.5.STABLE10 (17 May 2005) | |
3646 | ||
3647 | - [Minor Security] Fix race condition in relation to old Netscape | |
3648 | Set-Cookie specifications | |
3649 | - [Minor] Fails to parse D.J. Bernstein's FTP EPLF ftp listing | |
3650 | format and PASV resposes (Bug #1252) | |
3651 | - [Medium] BASE HREF missing on ftp directory URLs without / | |
3652 | (Bug #1253) | |
3653 | - [Minor security] confusing http_access results on configuration | |
3654 | error (Bug #1255) | |
3655 | - [Cosmetic] More robust Date parser (Bug #321) | |
3656 | - [Minor] reload_with_ims fails to refresh negatively cached objects | |
3657 | (Bug #1159) | |
3658 | - [Cosmetic] delay_access description clarification (Bug #1245) | |
3659 | - [Cosmetic] Check for integer overflow in size specifications in | |
3660 | squid.conf (Bug #1247) | |
3661 | - [Cosmetic] bzero is a non-standard function not available on all | |
3662 | platforms (Bug #1256) | |
3663 | - [Cosmetic] Compiler warnings if pid_t is not an int (Bug #1257) | |
3664 | - [Cosmetic] Incorrect use of ctype functions (Bug #1259) | |
3665 | - [Cosmetic] Defer digest fetch if the peer is not allowed to be used | |
3666 | (Bug #1261) | |
3667 | - [Minor] Duplicate content-length headers logged incorrectly or | |
3668 | not cleaned up properly (Bug #1262) | |
3669 | - [Cosmetic] Extend relaxed_header_parser to work around "excess | |
3670 | data from" errors from many major web servers. (Bug #1265) | |
3671 | - [Minor] Add HTTP headers to a netdb error messages | |
3672 | - [Minor] Multiple minor aufs issues (Bug #671) | |
3673 | - [Minor] Basic authentication fails with very long logins or | |
3674 | password (Bug #1171) | |
3675 | - [Minor] CONNECT requests truncated if client side disconnects first | |
3676 | (Bug #1269) | |
3677 | - [Minor] --disable-hostname-checks configure option did not work | |
3678 | - [Cosmetic] LDAP helpers adjusted to compile with SUN LDAP SDK | |
3679 | - [Cosmetic] aufs warning about open event filedescriptors on shutdown | |
3680 | - [Medium] Failed to process requests for files larger than 2GB in size | |
3681 | - [Cosmetic] rename() related cleanup | |
3682 | - [Cosmetic] New cachemgr pending_objects and client_objects actions | |
3683 | - [Cosmetic] external acls requiring authentication did not request | |
3684 | new credentials on access denials like proxy_auth does. | |
3685 | - [Cosmetic] Syslog facility now configurable via command line options. | |
3686 | - [Cosmetic] New %a error page template code expanding into the | |
3687 | authenticated user name. (Bug #798) | |
3688 | - [Minor] IP-Filter 4.0 support in --enable-ipf-transparent | |
3689 | - [Minor] Support interception of multiple ports | |
3690 | - [Cosmetic] Allow "squid -k ..." to run even if the local hostname | |
3691 | can not be determined (Bug #1196) | |
3692 | - [Cosmetic] Configuration file parser now handles DOS/Windows formatted | |
3693 | configuration files with CRLF lineendings proper. | |
3694 | - [Minor] Unrecognized Cache-Control directives now forwarded properly | |
3695 | (Bug #414) | |
3696 | - [Minor] Authentication helpers now returns useable information | |
3697 | in the %m error page macro on failed authentication (Bug #1223) | |
3698 | - [Minor] pid file management corrected in chroot use (Bug #1157) | |
3699 | - [Minor Security] Fix for CVE-1999-0710: cachemgr malicouse use. | |
3700 | cachemgr.cgi now reads a config file telling which proxy servers | |
3701 | it can administer. | |
3702 | - [Minor] aufs statistics improvements | |
3703 | - [Minor] SNMP bugfixes and support for SNMPv2(c) (Bug #1288, #1299) | |
3704 | - [Minor] ARP acl documentation and cachemgr config dump corrections | |
3705 | - [Minor] dstdomain/dstdom_regex acls now allow matching of numeric | |
3706 | hostnames in addition to the reverse lookup of the domain name. | |
3707 | - [Security] Internal DNS client hardened against spoofing | |
3708 | ||
3709 | Changes to squid-2.5.STABLE9 (24 Feb 2005) | |
3710 | ||
3711 | - [Medium] Don't retry requests on 403 errors (Bug #1210) | |
3712 | - [Minor] Ignore invalid FQDN DNS responses (Bug #1222) | |
3713 | - [Minor] cache_peer related memory leaks on reconfigure (Bug #1246) | |
3714 | - [Cosmetic] Adjusted to build cleanly with GCC-4 (Bug #1211) | |
3715 | - [Minor] relaxed_header_parser extended to work around even more | |
3716 | broken web servers (Bug #1242) | |
3717 | - [Minor] FTP gatewaying URLs cleaned up slightly, mainly to work | |
3718 | better with Mozilla but also to improve security slightly on | |
3719 | non-anonymous FTP. | |
3720 | - [Minor] High characters allowed un-encoded in FTP and Gopher | |
3721 | listings to allow the user-agent to display data in non-iso8859-1 | |
3722 | charsets. (Bug #1220) | |
3723 | - [Cosmetic] format fixes to silence compiler warnings on many | |
3724 | platforms. | |
3725 | - [Major] Assertion failures on certain odd DNS responses (Bug #1234) | |
3726 | ||
3727 | Changes to squid-2.5.STABLE8 (11 Feb 2005) | |
3728 | ||
3729 | - [Minor] 100% CPU usage on half-closed PUT/POST requests (Bug #354, | |
3730 | #1096) | |
3731 | - [Cosmetic] Document -v (protocol version) option to LDAP helpers | |
3732 | - [Minor] The new req_header and resp_header acls segfaults | |
3733 | immediately on parse of squid.conf (Bug #961) | |
3734 | - [Minor] Failure to shut down busy helpers on -k rotate/reconfigure | |
3735 | (Bug #1118) | |
3736 | - [Minor] Don't use O_NONBLOCK on disk files. (Bug #1102) | |
3737 | - [Minor] Squid fails to close TCP connection after blank HTTP | |
3738 | response (Bug #1116) | |
3739 | - [Minor security] Random error messages in response to malformed | |
3740 | host name (Bug #1143) | |
3741 | - [Minor] PURGE should not be able to delete internal objects | |
3742 | (Bug #1112) | |
3743 | - [Minor] httpd_accel_port 0 (virtual) not working correctly (Bug | |
3744 | #1121) | |
3745 | - [Minor] cachemgr vm_objects segfault (Bug #1149) | |
3746 | - [Minor security] Confusing results on empty acl declarations (Bug | |
3747 | #1166) | |
3748 | - [Minor] Don't close all "other" filedescriptors on startup (Bug | |
3749 | #1177) | |
3750 | - [Minor] fakeauth_auth memory leak and NULL pointer access (Bug | |
3751 | #1183) | |
3752 | - [Security] buffer overflow bug in gopherToHTML() (Bug #1189) | |
3753 | - [Medium security] Denial of service with forged WCCP messages | |
3754 | (Bug #1190) | |
3755 | - [Minor] DNS related memory leak on certain malformed DNS responses | |
3756 | (Bug #1197) | |
3757 | - [Minor] Internal DNS sometimes truncates host names in reverse | |
3758 | (PTR) lookups (Bug #1136) | |
3759 | - [Minor Security] Add sanity checks on LDAP user names (Bug #1187) | |
3760 | - [Security] Harden Squid against HTTP request smuggling attacks | |
3761 | - [Minor] Icon URLs fails in non-anonymous FTP directory listings is | |
3762 | short_icon_urls is on (Bug #1203) | |
3763 | - [Security] Harden Squid against HTTP response splitting attacks | |
3764 | (Bug #1200) | |
3765 | - [Medium security] Buffer overflow in WCCP recvfrom() call | |
3766 | (Bug #1217) | |
3767 | - [Security] Properly handle oversized reply headers (Bug #1216) | |
3768 | - [Minor] LDAP helpers search fixed to properly ask for no attributes | |
3769 | - [Minor] A sporadic segmentation fault when using ntlm authentication | |
3770 | fixed (Bug #1127) | |
3771 | - [Major] Segmentation fault on failed PUT/POST requests (Bug #1224) | |
3772 | - [Medium] Persistent connection mismatch on failed PUT/POST request | |
3773 | (Bug #1122) | |
3774 | - [Minor] WCCP easily disturbed by forged packets (Bug #1225) | |
3775 | - [Minor] Password management in ftp:// gatewaying improved (Bug #1226) | |
3776 | - [Major] HTTP reply data corruption in certain situations involving | |
3777 | reply headers split over multiple packets (Bug #1233) | |
3778 | ||
3779 | Changes to squid-2.5.STABLE7 (11 Oct 2004) | |
3780 | ||
3781 | - [Medium] No objects cached in ufs cache_dir type in some | |
3782 | configurations. Issue introduced in 2.5.STABLE6 by the patch for | |
3783 | Bug #676. (Bug #1011) | |
3784 | - [Minor] LDAP helpers update to correct LDAP connection management | |
3785 | and add support for literal password compare instead of binding | |
3786 | - [Minor] A large number of queued DNS lookups for the same domain | |
3787 | (Bug #852) | |
3788 | - [Cosmetic] request_header_max_size configuration partly ignored | |
3789 | (Bug #899) | |
3790 | - [Minor] Partial hit results in TCP_HIT, not TCP_MISS. (Bug #1001) | |
3791 | - [Cosmetic] HEAD requests may return stale information | |
3792 | (Bug #1012) | |
3793 | - [Cosmetic] Warn if cache_dir ufs can not create files. (Bug #918) | |
3794 | - [Minor] case insensitive authentication (Bug #431) | |
3795 | - [Cosmetic] Add delay pools information to active_requests. (Bug | |
3796 | #882) | |
3797 | - [Minor] Apparent memory leak in client_db (Bug #833) | |
3798 | - [Minor] NTLM authentication truncated causing failures. (Bug | |
3799 | #1016) | |
3800 | - [Cosmetic] Grammatical corrections in squid.conf.default | |
3801 | - [Cosmetic] Unknown %X errorpage codes incorrectly quoted. (Bug | |
3802 | #1030) | |
3803 | - [Medium] Segfaults and other strange crashes when using heap | |
3804 | policies. (Bug #1009) | |
3805 | - [Minor] Supplementary group memberships not set (Bug #1021) | |
3806 | - [Cosmetic] ERR_TOO_BIG Portuguese translation | |
3807 | - [Minor] external_acl does not handle newlines (Bug #1038) | |
3808 | - [Major] NTLM authentication denial of service when using msnt_auth | |
3809 | or fake_auth (Bug #1045) | |
3810 | - [Medium] Memory leaks when using NTLM authentication without | |
3811 | challenge reuse. (Bug #994) | |
3812 | - [Minor] Temporary NTLM memory leak with challenge reuse enabled | |
3813 | (Bug #910) | |
3814 | - [Minor] assertion failed: "n_ufs_dirs <= | |
3815 | Config.cacheSwap.n_configured". (Bug #1053) | |
3816 | - [Minor] Segfault in authenticateDigestHandleReply. (Bug #1031) | |
3817 | - [Minor] acl time fails to parse multiple time specifications | |
3818 | (Bug #1060) | |
3819 | - [Minor] cachemgr config dumps mixed up Range and Request-Range | |
3820 | headers in http_header_access & replace directives. (Bug #1056) | |
3821 | - [Minor] Content-Disposition added as a well known header (Bug #961) | |
3822 | - [Cosmetic] Don't warn about arp acls not being supported on FreeBSD | |
3823 | (Bug #1074) | |
3824 | - [Cosmetic] Limit internal send/receive buffer sizes (Bug #1075) | |
3825 | - [Medium] New acl types to match arbitrary HTTP headers. In addition | |
3826 | the http_header_access & replace directives now support arbitrary | |
3827 | headers and not only the well known ones. (Bug #961) | |
3828 | - [Cosmetic] ncsa_auth now accepts Window formatted password files | |
3829 | (Bug #1078) | |
3830 | - [Cosmetic] Support the --program-prefix/suffix options or other | |
3831 | configure program name transforms (Bug #1019) | |
3832 | - [Minor] Fix race condition in CONNECT and also handle aborts of | |
3833 | CONNECT requests in a more graceful manner. (Bug #859) | |
3834 | - [Minor] New balance_on_multiple_ip directive to work around certain | |
3835 | broken load balancers and optimized ipcache on reload requests | |
3836 | (Bug #1058) | |
3837 | - [Medium] New reply_header_max_size directive | |
3838 | (Bug #874) | |
3839 | - [Minor] Suspected instability on aborted PUT/POST requests | |
3840 | (Bug #1089) | |
3841 | - [Security] SNMP Denial of Service fix (CAN-2004-0918) | |
3842 | ||
3843 | Changes to squid-2.5.STABLE6 (9 Jul 2004) | |
3844 | ||
3845 | - Bug #937: NTLM assertion error "srv->flags.reserved" | |
3846 | - Bug #935: squid_ldap_auth can be confused by the use of reserved | |
3847 | characters | |
3848 | - Helper queue warnings imprecise on the number of helpers required | |
3849 | - squid_ldap_auth TLS mode works correctly again | |
3850 | - Bug #940, #305: pkg-config support for finding correct OpenSSL | |
3851 | compile flags | |
3852 | - Bug #426: "Vary: *" is ignored | |
3853 | - 100% CPU usage on Linux-2.2 | |
3854 | - Version number should not include -CVS if autoconf is run | |
3855 | - Bug #947: deny_info redirection with requested URL escaped wrongly | |
3856 | - Bug #495: CONNECT timeout should produce a 504 or 503 | |
3857 | - Bug #956: cache_swap_log documentation referred to swap.state by | |
3858 | it's old swap.log name | |
3859 | - ntlm/auth_ntlm.c(683): warning #187: use of "=" where "==" may | |
3860 | have been intended | |
3861 | - Bug #962: rfc1035NameUnpack: Assertion (*off) < sz failed | |
3862 | - Bug #954: Segment violation when using a blank user name in digest | |
3863 | authentication | |
3864 | - Bug #943: assertion failed: errorpage.c:292: "mem->inmem_hi == 0" | |
3865 | - Spelling corrections in configure and squid.conf.default | |
3866 | - The meaning of ERR in digest helper protocol clarified in the | |
3867 | squid.conf documentation | |
3868 | - Bug #950: Spelling error in Turkish ERR_DNS_FAIL | |
3869 | - Bug #616: Negative cached 404 replies with VARY header never matched | |
3870 | - Bug #968: range_offset_limit -1 KB rejected as invalid syntax | |
3871 | due to a shortcoming in the fix to bug #817 | |
3872 | - Bug #570: Very large cache_mem values reported wrongly in cache.log | |
3873 | - Bug #676: store_dir_select_algorithm least-load doesn't work for | |
3874 | ufs cache_dir type | |
3875 | - Bug #946: cacheCurrentUnlinkRequests should be a counter, not gauge | |
3876 | - Bug #948: Show client ip in cache.log debug output | |
3877 | - Bug #960: compilation issue on OpenBSD/m88k | |
3878 | - Bug #969: FTP directory listing HTML DOCTYPE misread by some tools | |
3879 | - Bug #991: dns_servers should default to localhost if no resolv.conf | |
3880 | - Bug #717: msnt_auth documentation update | |
3881 | - Bug #753: Segfault in memBufVPrintf on certain architectures | |
3882 | requiring va_copy | |
3883 | - Bug #941: Negative size in access.log on long running CONNECT | |
3884 | requests | |
3885 | - Bug #972: Segmentation fault after "Likely proxy abuse detected" | |
3886 | - Bug #981: sasl_auth updated to work with SALS2 | |
3887 | - Overflow bug in Squid's ntlm_auth helper used for transparent NTLM | |
3888 | authentication to a NT domain without using Samba. | |
3889 | ||
3890 | Changes to squid-2.5.STABLE5 (1 Mar 2004): | |
3891 | ||
3892 | - cache.log message on "squid -k reconfigure" was slightly confusing, | |
3893 | claiming Squid restarted when it just reread the configuration. | |
3894 | - Bug #787: digest auth never detects password changes | |
3895 | - Bug #789: login with space confuses redirector helpers | |
3896 | - Bug #791: FQDNcache discards negative responses when using | |
3897 | internal DNS | |
3898 | - pam_auth fails on Solaris when using pam_authtok_get. Persistent | |
3899 | PAM connections are unsafe and now disabled by default. | |
3900 | - auth_param documentation clarifications and added default realm | |
3901 | values making only the helper program a required attribute | |
3902 | - Bug #795: German ERR_DNS_FAIL correction | |
3903 | - Bug #803: Lithuanian error messages update | |
3904 | - Bug #806: Segfault if failing to load error page | |
3905 | - Bug #812: Mozilla/Netscape plugins mime type defined (.xpi) | |
3906 | - Bug #817: maximum_object_size too large causes squid not to cache | |
3907 | - Bug #824: 100% CPU loop if external_acl combined with separate | |
3908 | authentication acl in the same http_access line | |
3909 | - squid_ldap_group updated to version 2.12 with support for ldaps:// | |
3910 | (LDAPv2 over SSL) and a numer of other improvements. | |
3911 | - Bug #799: positive_dns_ttl ignored when using internal DNS. | |
3912 | - Bug #690: Incorrect html on empty Gopher responses | |
3913 | - Bug #729: --enable-arp-acl may give warning about net/route.h | |
3914 | - Bug #14: attempts to establish connection may look like syn flood | |
3915 | attack if the contacted server is refusing connections | |
3916 | - errorpage README files included in the distribution again showing | |
3917 | who contributed which translation | |
3918 | - Bug #848: connect_timeout connect_timeout ends up twice the length. | |
3919 | forward_timeout option added to address this. | |
3920 | - Bug #849: DNS log error messages should report the failed query | |
3921 | - Bug #851: DNS retransmits too often | |
3922 | - Bug #862: Very frequently repeated POST requests may cause a | |
3923 | filedescriptor shortage due to persitent connections building up | |
3924 | - Bug #853: Sporatic segmentation faults on aborted FTP PUT requests | |
3925 | - Bug #571: Need to limit use of persistent connections when | |
3926 | filedescriptor usage is high | |
3927 | - Bug #856: FTP/Gopher Icon URLs are unneededly complex and often | |
3928 | does not work properly | |
3929 | - Bug #860: redirector_access does not handle "slow" acls such as | |
3930 | "dst" or "external" requiring a external lookup. | |
3931 | - Bug #865: Persistent connection usage too high after sudden burst | |
3932 | of traffic. | |
3933 | - Bug #867: cache_peer max-conn=.. option does not work | |
3934 | - Bug #868: refuses to start if pid_filename none is specified | |
3935 | - Bug #887: LDAP helper -Z (TLS) option does not work | |
3936 | - Bug #877: Squid doesn't follow telnet protocol on FTP control | |
3937 | connections | |
3938 | - Bug #908: Random auth popups and account lockouts when using ntlm | |
3939 | - Support for NTLM_NEGOTIATE exchanges with ntlm helpers | |
3940 | - Bug #585: cache_peer_access fails with NTLM authentication | |
3941 | - Bug #592: always/never_direct fails with NTLM authentication | |
3942 | - wbinfo_group update for Samba-3 | |
3943 | - Bug #892: helpers/ntlm_auth/SMB/ fails to compile on FreeBSD 5.0 | |
3944 | - Bug #924: miss_access restricts internal and cachemgr requests | |
3945 | even if these are local | |
3946 | - Bug #925: auth headers send by squidclient are mildly malformed | |
3947 | - Bug #922: miss_access and delay_access and several other | |
3948 | authentication related bug fixes. | |
3949 | - Bug #909: Added ARP acl support for FreeBSD | |
3950 | - Bug #926: deny_info with http_reply_access or miss_access | |
3951 | - Bug #872: reply_body_max_size problems when using NTLM auth | |
3952 | - Bug #825: random segmentation faults when using digest auth | |
3953 | - Bug #910: Partial fix for temporary memory leaks when using NTLM | |
3954 | auth. There is still problems if challenge reuse is enabled. | |
3955 | - ftp://anonymous@host/ now accepted without requiring a password | |
3956 | - Bug #594: several mime type updates (ftp:// related) | |
3957 | - url_regex enhanced to allow matching of %00 | |
3958 | ||
3959 | Changes to squid-2.5.STABLE4 (15 Sep 2003): | |
3960 | ||
3961 | - Lithuanian error messages added to the distribution | |
3962 | - Bug #660: segfauld if more than one custom deny_info line | |
3963 | - cache_dir disd documentation cleanup | |
3964 | - check open of /dev/null to avoid 100% CPU loop in badly | |
3965 | configured chroot environments | |
3966 | - documentation update on uri_whitespace to refer to the correct RFC | |
3967 | - Bug #655: icmpRecv: recv: (11) Resource temporarily unavailable | |
3968 | - Bug #683: external_acl does not wait for ident lookups to complete | |
3969 | - aufs: Fix a minor use-after-free problem which could cause the | |
3970 | count of opening filedescriptors to grow larger than it should | |
3971 | - Syntax changes to make GCC-3.3 accept Squid without complaints | |
3972 | - Warning if CARP server defined in incorrect load factor order | |
3973 | - neighbor_type_domain documentation update | |
3974 | - http_header_access now works when using cache peers | |
3975 | - high_memory_warning now uses sbrk as fallback mechanism on | |
3976 | platforms where neither mallinfo or mstats are available. | |
3977 | - hosts_file now handles comments at the end of lines correcly | |
3978 | - storeCheckCachable() Stats corrected for release_request and | |
3979 | wrong_content_length. | |
3980 | - cachePeerPingsSent MIB type corrected | |
3981 | - unused minimum_retry_timeout directive removed | |
3982 | - Bug #702: ERR_TO_BIG spanish translation | |
3983 | - Bug #705: Memory leak on deny_info TCP_RESET | |
3984 | - Code cleanup to fix compile error in httpHeaderDelById | |
3985 | - Bug #699: Host header now forwarded exactly where it was in the | |
3986 | original request to work around certain broken firewalls or | |
3987 | load balancers which fail if this header is too far into the | |
3988 | request headers. | |
3989 | - Bug #704: Memory leak on reply_body_max_size | |
3990 | - Bug #686: requests denied due to http_reply_access are now | |
3991 | logged with TCP_DENIED (instead of TCP_MISS, etc). | |
3992 | - Bug #708: ie_refresh now sends no-cache to have the reload | |
3993 | request propagate properly in cache meshes | |
3994 | - Bug #700: Crashes related to ftpTimeout: timeout in SENT_PASV state | |
3995 | - Bug #709: cbdata.c:186: "c->valid" assertion due to peer | |
3996 | digest not found | |
3997 | - Bug #710: round-robin cache_dir selection incorrectly | |
3998 | compares max-size. | |
3999 | - Statistics corrections in HTTP header statitics | |
4000 | - QUICKSTART cleanups | |
4001 | - Bug #715: statCounter.syscalls.disk counters treated | |
4002 | inconsistently. Now increment the counters in AUFS | |
4003 | functions and for unlinkd. | |
4004 | - Improvements to the (experimental) COSS storage scheme. | |
4005 | - Bug #721: User name field in access.log sometimes blank | |
4006 | - Bug #94: assertion failed: http.c: "-1 == cfd || | |
4007 | FD_SOCKET == fd_table[cfd].type" | |
4008 | - Bug #716: assertion failed: client_side.c:1478: "size > 0" | |
4009 | - Bug #732: aufs calculates number of threads and limits wrongly | |
4010 | - Bug #663: Username not logged into access.log in case of /407 | |
4011 | - Bug #267: Form POSTing troubles with NTLM authentication | |
4012 | and occationally in differen other error conditions. | |
4013 | - Bug #736: ICP dynamic timeout algorithm ignores multicast. | |
4014 | - Bug #733: No explicit error message when ncsa_auth can't access | |
4015 | passwd file | |
4016 | - Bug #267, #757: POST with NTLM stops after persistent connection | |
4017 | timeout | |
4018 | - Bug #742: Wrong status code on access denials if delay_access | |
4019 | is used. Most notably 407 instead of 403 could be returned. | |
4020 | - Bug #763: segfault if using ntlm in http_reply_access | |
4021 | - Bug #638: assertion error if using proxy_auth in delay_access | |
4022 | - Bug #756: segmentation fault if using ntlm proxy_auth in delay_access | |
4023 | - The issue of reply_body_max_size limiting the size of error | |
4024 | messages no longer applies. | |
4025 | - external_acl_type concurrency= option renamed to children= to | |
4026 | prepare for Squid-3 upgrades. Old syntax still accepted for the | |
4027 | duration of the Squid-2.5 release. | |
4028 | - number of filedescriptors rounded down to an even multiple of 64 | |
4029 | to work around issues in certain libc implementations. | |
4030 | - winbind helpers less noisy in cache.log on restarts/shutdown. | |
4031 | - Squid now automatically restarts helpers if too many of them | |
4032 | have crashed. | |
4033 | ||
4034 | Changes to squid-2.5.STABLE3 (25 May 2003): | |
4035 | ||
4036 | - Bug #573: Occational false negatives in external acl lookups | |
4037 | - Bug #577: assertion failed: cbdata.c:224: "c->y == c" when | |
4038 | external_acl helpers crashes | |
4039 | - Bug #590: Squid may hang or behave oddly on shutdown while | |
4040 | requests is being processed. | |
4041 | - Bug #590: external acl lookups does not deal well with queue | |
4042 | overload | |
4043 | - cache_effective_user documentation update | |
4044 | - cache_peer documentation update for htcp and carp | |
4045 | - Bug #600: The example header_access paranoid setting is | |
4046 | missing WWW-Authenticate | |
4047 | - Bug #605: Segmentation fault in idnsGrokReply() on certain | |
4048 | platforms | |
4049 | - Fixes to build properly on AIX 5 | |
4050 | - Bug #574: wb_group updated to version 1.1 to make group names | |
4051 | case insensitive and correct a segfault issue in the helper | |
4052 | - SNMP mib updates to make cacheNumObjCount, | |
4053 | cacheCurrentUnlinkRequests, cacheCurrentSwapSize and cacheClients | |
4054 | correctly report as gauges (was reporting as counters). | |
4055 | - Woraround for --enable-ssl Kerberos issue on RedHat 9 | |
4056 | - Bug #579: Close and repopen log files on "squid -k reconfigure" | |
4057 | - Bug #598: squid_ldap_auth could segfault if LDAP server is | |
4058 | unavailable | |
4059 | - Bug #609,#612: msntauth helper fixes in dealing with large | |
4060 | or non-existing allow/deny user files. | |
4061 | - Bug #620: acl ident REQUIRED matches even if the ident lookup fails | |
4062 | - Bug #432: reply_body_max_size fails with ident or proxy_auth acls | |
4063 | and also fails to block large objects where the content-length | |
4064 | is not known | |
4065 | - Bug #606: Basic auth looping and gets stuck at high CPU usage when | |
4066 | multiple proxy_auth ACLs combined in one line and login fails. | |
4067 | - squid_ldap_auth updated with support for TLS and SSL | |
4068 | - Bug #623: segfault if using negated external acls in certain | |
4069 | configurations involving other acls later on the same http_access | |
4070 | line. | |
4071 | - Bug #622: wb_group helper update to version 1.2 to ass support for | |
4072 | Domain-Qualified groups refering to groups in a specific domain | |
4073 | - Bug #596: logic error in poll() error management | |
4074 | - Bug #597: logic errors in error management | |
4075 | - Bug #591: segmentation fault in authentication on "squid -k debug" | |
4076 | - Bug #587: smb_auth fails on complex logins involving domain names | |
4077 | or other odd characters | |
4078 | - Bug #558, #587: smb_auth.pl fails on complex logins involving | |
4079 | domain names or other odd characters | |
4080 | - Bug #643: external_acl fails with ttl=0 due to a change introduced | |
4081 | by the patch for Bug #553 in 2.5.STABLE2. | |
4082 | - Bug #630: minor issues in digest authantication causing random | |
4083 | authentication failures and incompability with many mainstream | |
4084 | browser digest implementations due to browser qop bugs. To deal | |
4085 | with those broken browser nonce_stricness now defaults to off, | |
4086 | and two new digest options have been added (check_nonce_count | |
4087 | and post_workaround) to allow workarounds to other quite bad | |
4088 | browser bugs if needed. | |
4089 | - Bug #644: digest authentication fails on requests with one | |
4090 | or more comma in the requested URL | |
4091 | - Bug #648: deny_info TCP_RESET not working. The fix for this also | |
4092 | adds the ability to send redirects. | |
4093 | ||
4094 | Changes to squid-2.5.STABLE2 (Mars 17, 2003): | |
4095 | ||
4096 | - Contrib files added back to the distribution | |
4097 | - Several compiler warnings fixed when using --disable-ident or | |
4098 | --disable-http-violations | |
4099 | - authentication can now be used in most access controls, but | |
4100 | must in most cases first be enforced in http_access to force | |
4101 | the user to authenticate. | |
4102 | - cleanups in the developer bootstrap.sh process when preparing | |
4103 | the sources. | |
4104 | - several squid.conf.default documentation updated to correctly | |
4105 | refer to the current names when refering to other directives | |
4106 | - authenticate_ip_ttl documentation updates | |
4107 | - several assertion faults and segmentation violations corrected | |
4108 | - the RunCache/RunAccel and squid.rc scripts updated to refer to | |
4109 | the squid binary in sbin rather than the old bin location. | |
4110 | - squid_ldap_auth command line processing fixes when specifying | |
4111 | the LDAP server last on the line instead of -h option | |
4112 | - aufs data corruption bugfix | |
4113 | - aufs performance improvement for low traffic systems | |
4114 | - aufs stability improvements | |
4115 | - external_acl corrected to properly deal with quoted strings | |
4116 | - WCCPv1 bugfix to make sure the router accepts the hash assignments | |
4117 | - "Total accounted memory" now correctly reported in cachemgr | |
4118 | - several small memory leaks (mostly reconfigure related) | |
4119 | - new squid.conf option to allow GET/HEAD requests with a request | |
4120 | entity | |
4121 | - "make uninstall" no longer removes squid.conf | |
4122 | - cachemgr.cgi now uses POST to avoid having the cachemgr password | |
4123 | logged in the web server logs | |
4124 | - authentication schemes which are known to not be proxyable are now | |
4125 | filtered out from forwarded server replies to avoid that the clients | |
4126 | tries to use such schemes when we know for a fact it won't work | |
4127 | - spelling corrections in various error messages | |
4128 | - now possible to define acl values with spaces in them | |
4129 | by using the "include file" feature | |
4130 | - squid_ldap_group updated to 2.10 to fix compilation issues with | |
4131 | recent (and older) OpenLDAP libraries and to make the helper deal | |
4132 | correctly with true LDAP groups by first looking up the user DN. | |
4133 | - Some internal code cleanups | |
4134 | - now verifies that programs etc exists iside the chroot directory | |
4135 | when using chroot_dir. No longer neccesary to set up a split view | |
4136 | environment where the same paths works both inside the chroot and | |
4137 | outside just to convince Squid that the files is actually there.. | |
4138 | - improved memory usage reporting | |
4139 | - --disable-hostname-checks configure option | |
4140 | - no longer ignores double dots in host names. Any hostname with | |
4141 | double dots is now rejected as invalid. | |
4142 | - log_mime_hdrs no longer logs garbage if very long headers | |
4143 | are seen. | |
4144 | - 'select_fds_hist' object added to cachemgr 'histogram' output | |
4145 | - pid file now unlinked when squid has really shut down, not | |
4146 | immediately when the shutdown request is received. This allows | |
4147 | the pid file to be monitored to determine when Squid has shut down | |
4148 | properly | |
4149 | - correct authentication scheme setups on some platforms or compilers | |
4150 | - several squid.conf.default documentation updates to remove references | |
4151 | to renamed or replaced directives by changing them to their current | |
4152 | names. | |
4153 | - the SSL reverse proxy support updated to allow building with | |
4154 | OpenSSL 0.9.7 and and later. | |
4155 | - Corrected a minor performance problem while processing HEAD replies | |
4156 | from various broken web servers not sending a correct HTTP reply | |
4157 | - time acls can now specify multiple times in the same acl name, like | |
4158 | most other acl types. | |
4159 | - winbind helpers updated to match Samba-2.2.7a and should | |
4160 | work with Samba-2.2.6 or later (required). For compability with | |
4161 | older Samba versions A new configure option --with-samba-sources=... | |
4162 | has been added to allow you to specify which Samba version the | |
4163 | helpers should be built for if different than the above versions. | |
4164 | - Squid MIB definition syntax correction to work better with newer | |
4165 | (and older) SNMP tools. | |
4166 | - Fixed access.log format when logging "error:invalid-HTTP-ident" on | |
4167 | requests where parsing the HTTP identifier (HTTP/1.0) failed. | |
4168 | - "make distclean" no longer removes the icons, this avoids the | |
4169 | dependency on "uudecode" to rebuild Squid after "make distclean" | |
4170 | - User name returned by external acl lookups (external_acl_type) | |
4171 | is now available as "ident" in later acl checks in addition to | |
4172 | the logging in access.log. | |
4173 | - Incorrect behaviour of Digest authentication partly corrected - it | |
4174 | will not handle sessions, but will always enforce password | |
4175 | correctness.. (patch submitted by Sean Burford). | |
4176 | - Issue with persistent connections and PUT/POST request corrected | |
4177 | ||
4178 | Changes to squid-2.5.STABLE1 (September 25, 2002): | |
ddf1c0c4 | 4179 | |
94439e4e | 4180 | - Major rewrite of proxy authentication to support other schemes |
4181 | than basic. First in the line is NTLM support but others can | |
a2794549 | 4182 | easily be added (minimal digest is present). See Programmers Guide. |
6437ac71 | 4183 | (Robert Collins & Francesco Chemolli) |
94439e4e | 4184 | - Reworked how request bodies are passed down to the protocols. |
4185 | Now all client side processing is inside client_side.c, and | |
4186 | the pass and pump modules is no longer used. | |
3ff01c3e | 4187 | used by Squid. |
722a4b40 | 4188 | - Optimized searching in proxy_auth and ident ACL types. Squid should |
4189 | now handle large access lists a lot more efficiently. | |
05fbbc17 | 4190 | (Francesco Chemolli) |
e396d395 | 4191 | - Fixed forwarding/peer loop detection code (Brian Degenhardt) - |
4192 | now a peer is ignored if it turns out to be us, rather than | |
4193 | committing suicide | |
1224d740 | 4194 | - Changed the internal URL code to obey appendDomain for internal |
4195 | objects if it needs appending. This fixes weirdnesses where | |
4196 | a machine can think it is "foo.bar.com", and "foo" is requested. | |
4197 | (Brian Degenhardt) | |
a2794549 | 4198 | - Added the use of Automake to create the Makefile.in's in the squid |
4199 | source tree. This will allow libtool in the future, and immediately | |
4200 | allows better dependency tracking - with or without gcc - as well | |
4201 | as the dist-all and distcheck targets for developers which respectively | |
4202 | build a tar.gz and a tar.bz2 distribution, and check that what will be | |
4203 | distributed builds. | |
d6827718 | 4204 | - Added TOS and source address selection based on ACLs, |
4205 | written by Roger Venning. This allows administrators to set | |
4206 | the TOS precedence bits and/or the source IP from a set of | |
4207 | available IPs based upon some ACLs, generally to map different | |
4208 | users to different outgoing links and traffic profiles. | |
50821507 | 4209 | - Added 'max-conn' option to 'cache_peer' |
4210 | - Added SSL gatewaying support, allowing Squid to act as a SSL server | |
4211 | in accelerator setups. | |
4e2c57a0 | 4212 | - SASL authentication helper by Ian Castle |
6474667e | 4213 | - msntauth updated to v2.0.3 |
3e4057db | 4214 | - no_cache now applies to cache hits as well as cache misses |
810118ab | 4215 | - the Gopher client in Squid has been significantly improved |
05463204 | 4216 | - Squid now sanity checks FTP data connections to ensure the |
6474667e | 4217 | connection is from the requested server. Can be disabled if |
05463204 | 4218 | needed by turning off the ftp_sanitycheck option. |
98858605 | 4219 | - external acl support. A mechanism where flexible ACL checks |
4220 | can be driven by external helpers. See the external_acl_type | |
4221 | and acl external directives. | |
3e4057db | 4222 | - Countless other small things and fixes |
2d8d56b0 | 4223 | - HTML pages generated by Squid or CacheMgr as well as the |
4224 | ERR documents now contain a doctype declaration so that | |
22567bb5 | 4225 | browsers know which HTML specification the document uses. |
2d8d56b0 | 4226 | In addition to that they have a new look (background-color, font) |
4227 | and are valid according to the HTML standards at www.w3.org. | |
3ff01c3e | 4228 | (Clemens L ser) |
9bbd1655 | 4229 | - Login and password send to Basic auth helpers is now URL escaped |
4230 | to allow for spaces and other "odd" characters in logins and | |
4231 | passwords | |
c90fbf46 | 4232 | - Proxy Authentication is no longer blindly forwarded to peer |
4233 | caches if not used locally. If forwarding of proxy authentication | |
4234 | is desired then it must now be configured with the login=PASS | |
4235 | cache_peer option. | |
6474667e | 4236 | - Responses with Vary: in the header are now cached by squid. |
1239cfea | 4237 | (Henrik Nordstrom). |
3ff01c3e | 4238 | - Removed unused 'siteselect_timeout' directive. |
c5bc64d3 | 4239 | |
dde94193 | 4240 | Changes to Squid-2.4.STABLE7 (July 2, 2002): |
4241 | ||
4242 | - Squid now drops any requests using transfer-encoding. | |
4243 | Squid is a HTTP/1.0 proxy and as such do not support | |
4244 | the use of transfer-encoding. | |
4245 | - The MSNT auth helper has been updated to v2.0.3+fixes for | |
4246 | buffer overflow security issues found in this helper. | |
4247 | - A security issue in how Squid forwards proxy authentication | |
4248 | credentials has been fixed | |
4249 | - Minor changes to support Apple MAC OS X and some other platforms | |
4250 | more easily. | |
4251 | - The client -T option has been implemented | |
4252 | - HTCP related bugfixes in "squid -k reconfigure" | |
4253 | - Several bugfixes and cleanup of the Gopher client, both | |
4254 | to correct some security issues and to make Squid properly | |
4255 | render certain Gopher menus. | |
4256 | - FTP data channels are now sanity checked to match the address of | |
4257 | the requested FTP server. This to prevent theft or injection of | |
4258 | data. See the new ftp_sanitycheck directive if this is not desired. | |
4259 | - Security fixes in how Squid parses FTP directory listings into HTML | |
4260 | ||
c5bc64d3 | 4261 | Changes to Squid-2.4.STABLE6 (March 19, 2002): |
4262 | ||
722a4b40 | 4263 | - The patch for 2.4.STABLE5 was insufficiently tested and |
c5bc64d3 | 4264 | introduced a bug that causes frequent assertions when |
4265 | handling DNS PTR answers. | |
4266 | ||
4267 | Changes to Squid-2.4.STABLE5 (March 15, 2002): | |
4268 | ||
4269 | - Fixed an array bounds bug in lib/rfc1035.c. This bug | |
4270 | could allow a malicious DNS server to send bogus replies | |
4271 | and corrupt the heap memory. | |
4272 | ||
572b218d | 4273 | Changes to Squid-2.4.STABLE4 (Feb 19, 2002) |
08e8e4d0 | 4274 | |
722a4b40 | 4275 | - htcp_port 0 now properly disables htcp |
6474667e | 4276 | - Fixed problem with certain non-anonymous ftp:// style URL's |
08e8e4d0 | 4277 | - SNMP bugfixes including several memory leaks |
4278 | ||
4279 | Changes to Squid-2.4.STABLE3 (Nov 28, 2001): | |
4280 | ||
4281 | - Fixed bug #255: core dump on SSL/CONNECT if access denied by | |
4282 | miss_access | |
4283 | - Fixed bug #246: corrupt on-disk meta information preventing | |
4284 | rebuilds of lost swap.state files | |
4285 | - Fixed bug #243: squid_ldap_auth now supports spaces in passwords | |
4286 | - Fixed a coredump when creating FTP directories | |
4287 | - Fixed a compile time problem with statHistDump prototype mistmatch, | |
4288 | reported by some compilers | |
4289 | - Fixed a potential coredump situation on snmpwalk in certain | |
4290 | configurations | |
4291 | - Fixed bug #229: filedescriptor leakage in the "aufs" cache_dir | |
4292 | store implementation | |
4293 | - Serbian error message translations | |
4294 | ||
50821507 | 4295 | Changes to Squid-2.4.STABLE2 (Aug 24, 2001): |
4296 | ||
722a4b40 | 4297 | - Expanded configure's GCC optimization disabling check to |
50821507 | 4298 | include GCC 2.95.3 |
4299 | - avoid negative served_date in storeTimestampsSet(). | |
4300 | - Made 'diskd' pathnames more configurable | |
4301 | - Make sure squid parent dies if child is killed with | |
4302 | KILL signal | |
4303 | - Changed diskd offset args to off_t instead of int | |
4304 | - Fixed bugs #102, #101, #205: various problems with useragent | |
4305 | log files | |
4306 | - Fixed bug #116: Large Age: values still cause problems | |
4307 | - Fixed bug #119: Floating point exception in | |
4308 | storeDirUpdateSwapSize() | |
4309 | - Fixed bug #114: usernames not logged with | |
4310 | authenticate_ip_ttl_is_strict | |
722a4b40 | 4311 | - Fixed bug #115: squid eating up resources (eventAdd args) |
50821507 | 4312 | - Fixed bug #125: garbage HTCP requests cause assertion |
4313 | - Fixed bug #134: 'virtual port' support ignores | |
4314 | httpd_accel_port, causes a loop in httpd_accel mode | |
4315 | - Fixed bug #135: assertion failed: logfile.c:135: "lf->offset | |
4316 | <= lf->bufsz" | |
4317 | - Fixed bug #137: Ranges on misses are over-done | |
4318 | - Fixed bug #160: referer_log doesn't seem to work | |
4319 | - Fixed bug #162: some memory leaks (SNMP, delay_pools, | |
4320 | comm_dns_incoming histogram) | |
4321 | - Fixed bug #165: "Store Mem Buffer" leaks badly | |
4322 | - Fixed bug #172: Ident Based ACLs fail when applied to | |
4323 | cache_peer_access | |
4324 | - Fixed bug #177: LinuxPPC 2000 segfault bug due to varargs abuse | |
4325 | - Fixed bug #182: 'config' cachemgr option dumps core with | |
4326 | null storage | |
4327 | - Fixed bug #185: storeDiskdDirParseQ[12]() use wrong number | |
4328 | of args in debug/printf | |
4329 | - Fixed bug #187: bugs in lib/base64.c | |
4330 | - Fixed bug #184: storeDiskdShmGet() assertion; changed | |
4331 | diskd to use bitmap instead of linked list | |
4332 | - Fixed bug #194: Compilation fails on index() on some | |
722a4b40 | 4333 | non-BSD platforms |
50821507 | 4334 | - Fixed bug #197: refreshIsCachable() incorrectly checks |
4335 | entry->mem_obj->reply | |
4336 | - Fixed bug #215: NULL pointer access for proxy requests | |
4337 | in accel-only mode | |
4338 | ||
4339 | Changes to Squid-2.4.STABLE1 (Mar 20, 2001): | |
4340 | ||
4341 | - Fixed a bug in and cleaned up class 2/3 delay pools | |
4342 | incrementing. | |
4343 | - Fixed a coredump bug when using external dnsservers that | |
4344 | become overloaded. | |
4345 | - Fixed some NULL pointer bugs for NULL storage system | |
4346 | when reconfiguring. | |
4347 | - Fixed a bug with useragent logging that caused Squid to | |
4348 | think the logfile never got opened. | |
4349 | - Fixed a compiling bug with --disable-unlinkd. | |
4350 | - Changed src/squid.h to always use O_NONBLOCK on Solaris | |
4351 | if it is defined. | |
4352 | - Fixed a bug with signed/unsigned bitfield flag variables | |
4353 | that caused problems on Solaris. | |
4354 | - Fixed a bug in clientBuildReplyHeader() that could add | |
4355 | an Age: header with a negative value, causing an assertion | |
4356 | later. | |
4357 | - Fixed an SNMP reporting bug. cacheCurrentResFileDescrCnt | |
4358 | was returning the number of FDs in use, rather than | |
4359 | the number of reserved FDs. | |
4360 | - Added the 'pipeline_prefetch' configuration option. | |
4361 | - cache_dir syntax changed to use options instead of many | |
4362 | arguments. This means that the max_objsize argument now | |
4363 | is an optional option, and that the syntax for how to | |
722a4b40 | 4364 | specify the diskd magics is slightly different. |
50821507 | 4365 | - Various fixes for CYGWIN |
4366 | - Upgraded MSNT auth module to version 2.0. | |
4367 | - Fixed potential problems with HTML by making sure all | |
4368 | HTML output is properly encoded. | |
4369 | - Fixed a memory initialization problem with resource records in | |
4370 | lib/rfc1035.c. | |
4371 | - Rewrote date parsing in lib/rfc1123.c and made it a little | |
4372 | more lenient. | |
4373 | - Added Cache-control: max-stale support. | |
4374 | - Fixed 'range_offset_limit' again. The problem this time | |
4375 | is that client_side.c wouldn't set the we_dont_do_ranges | |
4376 | flag for normal cache misses. It was only being set for | |
4377 | requests that might have been hits, but we decided to | |
4378 | change to a miss. | |
4379 | - Added the Authenticate-Info and Proxy-Authenticate-Info | |
4380 | headers from RFC 2617. | |
4381 | - HTTP header lines longer than 64K could cause an assertion. | |
4382 | Now they get ignored. | |
4383 | - Fixed an IP address scanning bug that caused "123.foo.com" | |
4384 | to be interpreted as an IP address. | |
4385 | - Converted many structure allocations to use mem pools. | |
4386 | - Changed proxy authentication to strip leading whitespace | |
4387 | from usernames after decoding. | |
4388 | - Prevented NULL pointer access in aclMatchAcl(). Some | |
4389 | ACL types require checklist->request_t, but it won't be | |
4390 | available in some cases (like snmp_access). Warn the | |
4391 | admin that the ACL can't be checked and that we're denying | |
4392 | it. | |
4393 | - Allow zero-size disk caches. | |
4394 | - The actual filesystem blocksize is now used to account | |
4395 | for space overheads when calculating on-disk cache size. | |
4396 | - Made the maximum memory cache object size configurable. | |
4397 | - Added 'minimum_direct_rtt' configuration option. | |
4398 | - Added 'ie_refresh' configuration option, which is a hack | |
4399 | to turn IMS requests into no-cache requests. | |
58d1265f | 4400 | - Added support for netfilter in linux-2.4. This allows transparent |
4401 | proxy connections to function correctly in the absence of a Host: | |
4402 | header. This requires --enable-linux-netfilter to be passed through | |
4403 | to configure. (Evan Jones) | |
50821507 | 4404 | - Fixed a bug with clientAccessCheck() that allowed proxy |
4405 | requests in accel mode. | |
4406 | - Fixed a bug with 301/302 replies from redirectors. Now | |
4407 | we force them to be cache misses. | |
4408 | - Accommodated changes to the IP-Filter ioctl() interface | |
4409 | for intercepted connections. | |
4410 | - Fixed handling of client lifetime timeouts. | |
4411 | - Fixed a buffer overflow bug with internal DNS replies | |
4412 | by truncating received packets to 512 bytes, as per | |
4413 | RFC 1035. | |
4414 | - Added "forward.log" support, but its work in progress. | |
4415 | - Rewrote much of the IP and FQDN cache implementation. | |
4416 | This change gets rid of pending hits. | |
4417 | - Changed peerWouldBePinged() to return false if our | |
4418 | ICP/HTCP port is zero (i.e. disabled). | |
4419 | - Changed src/net_db.c to use src/logfile.c routines, | |
4420 | rather than stdio, because of solaris stdio filedescriptor | |
4421 | limits. | |
4422 | - Made netdbReloadState() more robust in case of corrupted | |
4423 | data. | |
4424 | - Rewrote some freshness/staleness functions in src/refresh.c, | |
4425 | partially inspired to support cache-control max-stale. | |
4426 | - Fixed status code logging for SSL/CONNECT requests. | |
4427 | - Added a hack to subtract cache digest network traffic | |
4428 | from statistics so that byte hit ratio stays positive | |
4429 | and more closely reflects what people expect it to be. | |
4430 | - Fixed a bug with storeCheckTooSmall() that caused | |
4431 | internal icons and cache digests to always be released. | |
4432 | - Added statfs(2) support for displaying actual filesystem | |
4433 | usage in the cache manager 'storedir' output. | |
4434 | - Changed status reporting for storage rebuilding. Now it | |
4435 | prints percentage complete instead of number of entries | |
4436 | parsed. | |
4437 | - Use mkstemp() rather than problem-prone tempnam(). | |
4438 | - Changed urlParse() to condense multiple dots in hostnames. | |
4439 | - Major rewrite of async-io (src/fs/aufs) to make it behave | |
4440 | a bit more sane with substantially less overhead. Some | |
4441 | tuning work still remains to make it perform optimal. | |
4442 | See the start of store_asyncufs.h for all the knobs. | |
4443 | - Fixed storage FS modules to use individual swap space | |
4444 | high/low values rather than the global ones. | |
4445 | - Fixed storage FS bugs with calling file_map_bit_reset() | |
4446 | before checking the bit value. Calling with an invalid | |
4447 | value caused memory corruption in random places. | |
4448 | - Prevent NULL pointer access in store_repl_lru.c for | |
4449 | entries that exist in the hash but not the LRU list. | |
4450 | ||
cab24814 | 4451 | Changes to Squid-2.4.DEVEL4 (): |
ad445e36 | 4452 | |
ddf1c0c4 | 4453 | - Added --enable-auth-modules=... configure option |
83b381d5 | 4454 | - Improved ICP dead peer detection to also work when the workload |
4455 | is low | |
a8c926ff | 4456 | - Improved TCP dead peer detection and recovery |
4457 | - Squid is now a bit more persistent in trying to find a alive | |
4458 | parent when never_direct is used. | |
4459 | - nonhierarchical_direct squid.conf directive to make non-ICP | |
4460 | peer selection behave a bit more like ICP selection with respect | |
4461 | to hierarchy. | |
4462 | - Bugfix where netdb selection could override never_direct | |
4463 | - ICP timeout selection now prefers to use parents only when | |
4464 | calculating the dynamic timeout to compensate for common RTT | |
4465 | differences between parents and siblings. | |
c1fc651e | 4466 | - No longer starts to swap out objects which are known to be above |
4467 | the maximum allowed size. | |
987de783 | 4468 | - allow-miss cache_peer option disabling the use of "only-if-cached". |
4469 | Meant to be used in conjunction with icp_hit_stale. | |
c8b40803 | 4470 | - Delay pools tuned to allow large initial pool values |
0343b99c | 4471 | - cachemgr filesystem space information changed to show useable space |
4472 | rather than raw space, and platform support somewhat extended. | |
890b0fa8 | 4473 | - Logs destination IP in the hierarchy log tag when going direct. |
4474 | (can be disabled by turning log_ip_on_direct off) | |
ff21eb3e | 4475 | - Async-IO on linux now makes proper use of mutexes. This fixes some |
4476 | odd pthread segfaults on SMP Linux machines, at a slight performance | |
4477 | penalty. | |
722a4b40 | 4478 | - %s can now be used in cache_swap_log and will be substituted with |
a80e50c7 | 4479 | the last path component of cache_dir. |
4d55827a | 4480 | - no_cache is now a full ACL check without, allowing most ACL types |
4481 | to be used. | |
f1003989 | 4482 | - The CONNECT method now obeys miss_access requirements |
145cf928 | 4483 | - proxy_auth_regex and ident_regex ACL types |
3cdb7cd0 | 4484 | - Fixed a StoreEntry memory leak during "dirty" rebuild |
4485 | - Helper processes no longer hold unrelated filedescriptors open | |
e40aa8da | 4486 | - Helpers are now restarted when the logs are rotated |
afc1e43f | 4487 | - Negatively cached DNS entries are now purged on "reload". |
4488 | - PURGE now also purges the DNS cache | |
722a4b40 | 4489 | - HEAD on FTP objects no longer retrieves the whole object |
aca95add | 4490 | - More cleanups of the dstdomain ACL type |
288c06ce | 4491 | - Squid no longer tries to do Range internally if it is not supported |
4492 | by the origin server. Doing so could cause bandwidth spikes and/or | |
4493 | negative hit ratio. | |
13c7936a | 4494 | - httpd_accel_single_host squid.conf directive |
82056f1e | 4495 | - "round-robin" cache_peer counters are reset every 5 minutes to |
4496 | compensate previously dead peers | |
4fe0e1d0 | 4497 | - DNS retransmit parameters |
858783c9 | 4498 | - Show all FTP server messages |
6b53c392 | 4499 | - squid.conf.default now indicates if a directive isn't enabled in |
4500 | the installed binary, and what configure option to use for enabling it | |
418cbe9f | 4501 | - Fixed a temporary memory leak on persistent POSTs |
304d289e | 4502 | - Fixed a temporary memory leak when the server response headers |
4503 | includes NULL characters | |
ba2b31a8 | 4504 | - authenticate_ip_ttl_is_strict squid.conf option |
4505 | - req_mime_type ACL type | |
afb87666 | 4506 | - A reworked storage system that supports storage directories in |
4507 | a more modular fashion. The object replacement and IO is now | |
4508 | responsibility of the storage directory, and not of the storage | |
4509 | manager. | |
722a4b40 | 4510 | - Fixed a bogus MD5 mismatch warning sometimes seen when using |
e7407eb8 | 4511 | aufs or diskd stores |
ce3d30fb | 4512 | - Added --enable-stacktraces configure option to set PRINT_STACK_TRACE, |
4513 | and extended support for this to Linux/GNU libc. | |
af57a2e3 | 4514 | - Disabled the "request timeout" error message sent if the user agent |
4515 | did not provide a request in a timely manner after opening the | |
4516 | connection. Now the connection is silently closed. The error message | |
4517 | was confusing user agents utilizing persistent connections. | |
cab24814 | 4518 | - Fixed configure --enable descriptions to match the arg names. |
4519 | - Eliminated compile warnings from auth_modules/MSNT code. | |
4520 | - Require first character of hostnames to be alphanumeric. | |
4521 | - Made ARP ACL work for Solaris. | |
4522 | - Removed storeClientListSearch(). | |
4523 | - Added counters to track diskd operation success and | |
4524 | failures. | |
4525 | - Fixed range_offset_limit. | |
4526 | - Added code to retry ServFail replies for internal DNS | |
4527 | lookups. | |
4528 | - Added referer header logging (Jens-S. Voeckler). | |
4529 | - Added "multi-domain-NTLM" authentication module, a Perl | |
4530 | script from Thomas Jarosch. | |
4531 | - Added configurable warning messages for high memory usage, | |
4532 | high response time, and high page faults. | |
4533 | - Made store dir selection algorithm configurable. | |
4534 | - Added support for admin-definable extension methods, | |
4535 | up to 20. | |
16689110 | 4536 | - Added 'maximum_object_size_in_memory' as a configuration option - |
4537 | this defines the watermark where objects transit from being true | |
4538 | hot objects to being in-transit objects in memory. It currently | |
4539 | defaults to 8 KB. | |
5cd41d0d | 4540 | - Change to the fqdn code which changes how pending DNS requests |
4541 | are treated as private and only become public once they are | |
4542 | completed. This can add extra load on DNS servers but prevents | |
4543 | all the pending clients blocking if one of the queries got | |
4544 | stuck. (Duane Wessels) | |
7e543177 | 4545 | - Converted more code to use MemPools, from Andres Kroonmaa. |
4546 | - Added more CYGWIN patches from Robert Collins. | |
e7407eb8 | 4547 | |
4548 | Changes to Squid-2.4.DEVEL3 (): | |
4549 | ||
4550 | - Added Logfile module. | |
4551 | - Added DISKD stats via cachemgr. | |
4552 | - Added squid.conf options for DISKD magic constants. | |
ad445e36 | 4553 | |
e7407eb8 | 4554 | Changes to Squid-2.4.DEVEL2 (Feb 29, 2000): |
ad445e36 | 4555 | |
4556 | Changes to Squid-2.4.DEVEL1 (): | |
4557 | ||
42b51993 | 4558 | Changes to Squid-2.3.STABLE4 (July 18, 2000): |
4559 | ||
4560 | - Fixed --localstatedir configure option (IKEDA Shigeru). | |
4561 | - Fixed IPFilter headers on OpenBSD (Nic Bellamy, Brad | |
4562 | Smith). | |
4563 | - Added pthread_sigmask() check to configure (Daniel | |
4564 | Ehrlich). | |
4565 | - Added CYGWIN patches from Robert Collins. | |
4566 | - Changed internal DNS lookups to retry queries that are | |
4567 | returned with RCODE 2 (ServFail). | |
4568 | - Added 'virtual port' support (Gregg Kellogg). If | |
4569 | 'httpd_accel_uses_host_header' is enabled, then we use | |
4570 | the port number from the Host header. Otherwise, when | |
4571 | 'httpd_accel_port' is set to "0" we use the port number | |
4572 | of the local end of the client socket. | |
4573 | - Fixed a typo in carp.c (Nikolaj Yourgandjiev). | |
4574 | - Made Squid accept GET requests that have a "content-length: | |
4575 | 0" header. | |
4576 | - Added a sanity check on the NHttpSockets[] array index | |
4577 | (Gregg Kellogg). | |
4578 | - Added a friendlier message when Squid can't find any DNS | |
4579 | nameserver addresses to use (Daniel Kiracofe). | |
4580 | - Added nonstandard WEBDAV methods: BMOVE, BDELETE, BPROPFIND | |
4581 | (Craig Whitmore). | |
4582 | - Added missing '%c' token replacement in error page | |
4583 | generation. | |
4584 | - Fixed a bug with 'minimum_object_size' that prevented | |
4585 | internal icons from being loaded. | |
4586 | - Fixed "extra semicolon" bug in storeExpiredReferenceAge() | |
4587 | that could prevent any objects from being replaced. | |
4588 | - Make sure that storeDirDiskFull() doesn't actually | |
4589 | *increase* the cache size. | |
4590 | - Changed a storeSwapMetaUnpack() assertion to a recoverable | |
4591 | error condition. | |
4592 | - Removed "wccpHereIam" event check that could cause Squid | |
4593 | to stop sending HERE_I_AM messages. | |
4594 | ||
d20b1cd0 | 4595 | Changes to Squid-2.3.STABLE3 (May 15, 2000): |
4596 | ||
4597 | - Fixed malloc linking problems on Solaris. The configure | |
4598 | script incorrectly set options for dlmalloc. | |
4599 | - Added a configure check to remove compiler optimization | |
4600 | for GCC 2.95.x. | |
4601 | - Updated MSNT authenticator module. | |
4602 | - Updated Estonian error pages. | |
4603 | - Updated Japanese error pages. | |
4604 | - Fixed expires bug in httpReplyHdrCacheInit. It was | |
4605 | incorrectly setting expires based on max-age. It was using | |
4606 | the current time as a basis, instead of the response date. | |
4607 | - Fixed "USE_DNSSERVER" typos. | |
4608 | - Added a workaround for getpwnam() problems on Solaris. | |
4609 | getpwnam() could fail if there are fewer than 256 FDs | |
4610 | available. This causes root to own some disk files. | |
4611 | - Added an 'offline_toggle' option via the cache manager. | |
4612 | - Added a 'minimum_object_size' option. Files smaller than | |
4613 | this size are not stored. | |
4614 | - Added 'passive_ftp' option to disable passive FTP transfers. | |
4615 | - Added 'wccp_version' option because some Cisco IOS versions | |
4616 | require WCCP version 3. | |
4617 | - The 'client' program in ping mode (-g) now prints transfer | |
4618 | throughput. | |
4619 | - Fixed logging of proxy auth username for redirected | |
4620 | requests. | |
4621 | - Fixed bogus Age values for IMS requests. | |
4622 | - Fixed persistent connection timeout for client-side | |
4623 | connections. It was hard-coded to 15 seconds, now uses | |
4624 | the 'pconn_timeout' value. | |
4625 | - Fixed up httpAcceptDefer. It wasn't being used properly | |
4626 | and caused high CPU usage when Squid gets close to the FD | |
4627 | limit. | |
4628 | - Numerous delay_pools fixes and checks. | |
4629 | - Fixed SNMP coredumps from running snmpwalk. | |
4630 | - Added a check for errno == EPIPE in icmp.c when pinger uses | |
4631 | a Unix socket instead of a UDP socket. | |
4632 | - Fixed ACL checklist memory initialization bugs. | |
4633 | - Cleaned up the MIB file. Replaced contact information and | |
4634 | checked description fields. | |
4635 | - Removed LRU reference_age hard-coded upper limit. | |
4636 | - Fixed async I/O FD leak. | |
4637 | - Made getMyHostname() more robust. | |
4638 | - Fixed domain list matching bug. "x-foo.com" wasn't properly | |
4639 | compared to ".foo.com" and confused splay tree ordering. | |
4640 | - Added a check for whitespace in hostnames and optionally | |
4641 | strip whitespace if 'uri_whitespace' setting allows. | |
4642 | - Added status code and checking to ASN/whois queries. | |
4643 | ||
4644 | Changes to Squid-2.3.STABLE2 (Mar 2, 2000): | |
4645 | ||
4646 | - Changed Copyright text. | |
4647 | - Changed configure so that some IRIX-6.4 hacks apply to | |
4648 | all IRIX-6.* versions. | |
4649 | - Cleaned up HTML bugs in error pages. | |
4650 | - Told configure to check for netinet/if_ether.h, which | |
4651 | is used in ARP ACL code, but might not be required. | |
4652 | - Added "Cookie" to known HTTP headers so it can be | |
4653 | used in anonymizer configuration. | |
4654 | - Added optional TCP_REDIRECT log code for logging | |
4655 | of 301/302 responses returned by Squid. | |
4656 | - Added a check for a currently running Squid process. | |
4657 | If the pid file exists, and the pid is running, | |
4658 | Squid complains and refuses to start another instance. | |
4659 | - Changed async I/O scope to PTHREAD_SCOPE_PROCESS for | |
4660 | IRIX. | |
4661 | - Fixed a bug with the PURGE method. The purge enable | |
4662 | flag was not getting cleared during reconfigure. | |
4663 | Also required PURGE method to be used in http_access | |
4664 | list before enabling. | |
4665 | - Fixed async I/O assertions for file open errors. | |
4666 | - Fixed internal DNS assertion when unpacking truncated | |
4667 | messages. | |
4668 | - Fixed anonymize_headers bug that caused all headers | |
4669 | to be allowed after a reconfigure. | |
4670 | - Fixed an access denied bug for accelerator-only installations. | |
4671 | - Fixed internal DNS initialization so that it uses | |
4672 | 'dns_nameservers' settings in squid.conf if set. | |
4673 | - Fixed 'maxconn' ACL bug that caused it to work backwards | |
4674 | (Pedro Ribeiro). | |
4675 | - Fixed syslog bug for daemon mode on Linux. | |
4676 | - Fixed 'http_port' parsing bugs. | |
4677 | - Fixed internal DNS byte ordering bugs for PTR queries. | |
4678 | - Fixed internal DNS queue getting stuck during periods | |
4679 | of low activity (Henrik). | |
4680 | - Fixed byte ordering bugs for parsing EPLF FTP listings | |
4681 | on 64-bit systems. | |
4682 | - Fixed 'request_body_max_size' bug that caused all | |
4683 | POST, PUT requests to be denied if max size is set | |
4684 | to zero. | |
4685 | - Fixed 'redirector_access' bug when using 'myport' ACLs. | |
4686 | - Fixed CARP neighbor selection bugs for down peers. | |
4687 | - Added 'client_persistent_connections' and | |
4688 | 'server_persistent_connections' flags to disable persistent | |
4689 | connections for clients and servers. | |
4690 | - Fixed access logging bug that caused many requests to be | |
4691 | logged as TCP_MISS. | |
4692 | - Added some bounds checking to delay pools code. | |
4693 | ||
ad445e36 | 4694 | Changes to Squid-2.3.STABLE1 (Jan 9, 2000): |
4695 | ||
4696 | - Updated PAM authentication module from Henrik Nordstrom. | |
4697 | - Updated Bulgarian error messages from Svetlin Simeonov. | |
4698 | - Changed ACL routines so that User-Agent (browser) string | |
4699 | is always taken from compiled HTTP request headers | |
4700 | instead of passed as an argument to aclCreateChecklist. | |
4701 | - Added a 'strip' option to the 'uri_whitesace' configuration | |
4702 | directive and made it the default behavior. Whitespace | |
4703 | found in URI's is now stripped out by default. | |
4704 | - Added chroot feature. The 'chroot_dir' config option enables | |
4705 | it and specifies the directory. | |
4706 | - Changed clientBuildReplyHeader so that the Age header is | |
4707 | added only for cache hits, and only when we can calculate | |
4708 | a valid, positive age value. | |
4709 | - Changed clientWriteComplete and clientGotNotEnough so | |
4710 | that they keep persistent connections open for more types | |
4711 | of replies that don't have bodies. | |
4712 | - Changed filemap.c routines to dynamically grow filemap | |
4713 | space as needed. | |
4714 | - Added a hack to ftp.c to deal with ftp.netscape.com, which | |
4715 | sometimes doesn't acknowledge PASV commands. | |
4716 | - Fixed FTP bug with ftpScheduleReadControlReply; there | |
4717 | was not always a timeout handler on the control socket | |
4718 | after the transfer completed. | |
4719 | - Fixed FTP filedescriptor leak from invalid PASV replies. | |
4720 | - Changed httpBuildRequestHeader so that it doesn't | |
4721 | copy the Host header from the client request. Instead | |
4722 | we should generate our own Host header which is known | |
4723 | to be correct. | |
4724 | - Changed storeTimestampsSet to adjust entry->timestamp | |
4725 | if the response includes an Age header. | |
4726 | - Removed size limit from storeKeyHashBuckets. | |
4727 | - Changed fwdConnectStart from a "heavy" to a "light" event. | |
4728 | - Fixed an 'anonymize_headers' bug that affects unknown | |
4729 | HTTP headers. With the bug, if you list a header that | |
4730 | Squid doesn't know about (such as "Charset"), it would | |
4731 | add HDR_OTHER to the allow/deny mask. This caused all | |
4732 | unknown headers to be allowed or denied (depending on | |
4733 | the scheme you use). Now, with the bug fixed, an unknown | |
4734 | header in the 'anonymize_headers' list is simply ignored. | |
4735 | ||
7e3ce7b9 | 4736 | Changes to Squid-2.3.DEVEL3 (): |
4737 | ||
ad445e36 | 4738 | - Added MSNT auth module from Antonino Iannella. |
7e3ce7b9 | 4739 | - Added --enable-underscores configure option. This allows |
4740 | Squid to accept hostnames with underscores in them. Your | |
4741 | DNS resolver may still complain about them, however. | |
4742 | - Added --heap-replacement configure option. This enables | |
4743 | the alternative cache replacement policies, such as | |
4744 | GDSF, and LFUDA. | |
3ff01c3e | 4745 | - WCCP establishes and registers with the router faster. |
7e3ce7b9 | 4746 | - Added 'maxconn' acl type to limit the number of established |
4747 | connections from a single client IP address. Submitted | |
4748 | by Vadim Kolontsov. | |
4749 | - Close FTP data socket as soon as transfer completes | |
4750 | (Alexander V. Lukyanov). | |
4751 | - Fixed ftpReadPass() to not clobber ctrl.message when | |
4752 | the PASS command fails. | |
4753 | - Added a redirect.c patch so squidGuard is able to do | |
4754 | per-user access control (Antony T Curtis). | |
4755 | - discard the pumpMethod() function, and instead use the | |
4756 | fact that the request has a request entity (content-length | |
4757 | present) (Henrik). | |
4758 | - Reload the MIME icons at reconfigure time (Radu Greab). | |
4759 | - Updated Richard Huveneers' SMB authentication module to | |
4760 | his version 0.05 package. | |
4761 | - Fixed lib/heap.c::heap_delete() bug when deleting the | |
4762 | last node. | |
4763 | - Fixed an integer conversion bug in | |
4764 | lib/rfc1035.c::rfc1035AnswersUnpack(). | |
4765 | - Fixed lib/rfc1738 routines to encode reserved characters, | |
4766 | in addition to encoding the unsafe characters (Henrik). | |
4767 | - Changed the interface for splay compare and "walk" | |
4768 | functions to take a void pointer, instead of a splayNode | |
4769 | pointer (Henrik). | |
4770 | - Changed numerous HTTP parsing routines to use ssize_t | |
4771 | instead of size_t. This was done because size_t may be | |
4772 | signed or unsigned. When it is unsigned, gcc emits | |
4773 | numerous "comparison is always true" warnings. At least | |
4774 | we know ssize_t is always signed. | |
4775 | - Fixed src/HttpHeaderTools::httpHeaderHasConnDir() and | |
4776 | friends so that it properly handles multi-value lists. | |
4777 | - Added an "end" (ssize_t) parameter to | |
4778 | src/HttpReply::httpReplyParse() so that we know exactly | |
4779 | where to terminate the header buffer. | |
4780 | - Changed src/access_log.c::log_quote() so that it only | |
4781 | encodes whitespace characters, and not all URL-special | |
4782 | characters (Henrik). | |
4783 | - Added local port ACL type ("myport") (Henrik). | |
4784 | - Added maximum number of connections per client ("maxconn") | |
4785 | as an ACL type. | |
4786 | - Fixed proxy authentication username/password parsing to | |
4787 | be more robust (Henrik). | |
4788 | - Fixed ACL domain/host and domain/domain comparison | |
4789 | functions yet again. Eliminated duplicate code so that | |
4790 | only src/url.c::matchDomainName() contains this mysterious | |
4791 | code. | |
4792 | - Changed the 'http_port' option to accept an IP address | |
4793 | or hostname as well (Henrik). | |
4794 | - Removed 'tcp_incoming_addr' option. | |
4795 | - Added an access control list for the redirector | |
4796 | ('redirector_access'). Requests which match are sent to | |
4797 | the redirector. All requests. are redirected by default. | |
4798 | - Added the 'authenticate_ip_ttl' option. It specifies | |
4799 | how long a valid proxy authentication credential is | |
4800 | bound to a specific address. | |
4801 | - Added 280, 488, 591, and 777 to "Safe_ports" ACL. | |
4802 | - Removed the unused and highly questionable 'forward_snmpd_port' | |
4803 | option. | |
4804 | - Added an option to accept DNS messages from unknown nameservers. | |
4805 | This may be necessary if replies come from a different address | |
4806 | than queries are sent to. | |
4807 | - Added #includes for IP Filter files in netinet directory. | |
4808 | - Fixed a bug with retrying forwarded IMS requests (Henrik). | |
4809 | - Fixed a bug in src/client_side.c::clientInterpretRequestHeaders() | |
4810 | where we were checking a cache-control bit before getting the | |
4811 | mask from the HTTP headers (pallo@initio.no). | |
4812 | - Fixed a bug with "no_cache" access list. If not defined, | |
4813 | everything was uncachable by default. | |
4814 | - Fixed a bug with timed-out client-side HTTP connections. | |
4815 | We didn't cancel the read handler, which could lead to | |
4816 | "rwstate != NULL" warnings. | |
4817 | - Changed comm_open() to only call fdAdjustReserved() for | |
4818 | specific errors (ENFILE, EMFILE); | |
4819 | - Fixed NULL pointer bug in idnsParseResolvConf(). | |
4820 | - Split CACHE_DIGEST_HIT into CD_PARENT_HIT and CD_SIBLING_HIT. | |
4821 | - Added DELETE request method. | |
4822 | - Added RFC 2518 HTTP status codes. | |
4823 | - Fixed handling of URL passwords when we need to rewrite a | |
4824 | BASE HREF URL (Henrik). | |
4825 | - Fixed a bug with FTP requests where a request gets aborted, | |
4826 | but we try to complete it anyway. It would result in a | |
4827 | "store_status != STORE_PENDING" assertion. The solution | |
4828 | is to check for ENTRY_ABORTED before reading from | |
4829 | the control channel too. | |
4830 | - Changed FTP to retry a request if Squid fails to establish | |
4831 | a PASV data connection (Henrik). | |
4832 | - Fixed numerous HTCP memory leaks and an uninitialized memory | |
4833 | bug. | |
4834 | - Changed httpMaybeRemovePublic() with RFC 2518 and 2616 in | |
4835 | mind (Henrik). | |
4836 | - Minor fixes for Rhapsody systems. | |
4837 | - Define _XOPEN_SOURCE_EXTENDED in squid.h so that AIX systems | |
4838 | don't include varargs.h. | |
4839 | - Changed src/store_client.c::storeClientType() so that | |
4840 | an entry can have more than one STORE_MEM_CLIENT. | |
4841 | - Changed src/store_client.c::storeClientReadHeader() | |
4842 | to check swapfile metadata (Henrik). | |
4843 | - Changed src/url.c::urlCheckRequest() to return FALSE for | |
4844 | any "https://" URL. These should always be CONNECT | |
4845 | instead. If Squid gets an "https://" URL, it is a browser | |
4846 | bug. | |
4847 | - Added numerous squid.conf options for controlling cache | |
4848 | digests. Previously these were hard-coded in | |
4849 | src/store_digest.c. (Martin Hamilton) | |
4850 | - Added 'cache_peer' option called 'digest-url' that | |
4851 | lets you specify the URL for a peer's digest. | |
4852 | (Martin Hamilton) | |
4853 | - Added DELAY_POOLS hacks to scan "slow" connections in | |
4854 | a random order (David Luyer). | |
4855 | - ARP_ACL fixes from Damien Miller. Linux 2.2.x uses a | |
4856 | per-interface arp/neighbour cache, whereas 2.0.x uses a | |
4857 | unified cache. Under 2.2.x you are required to specify | |
4858 | a interface name when looking up ARP table entries with | |
4859 | SIOCGARP. | |
4860 | - If the process umask is not set (i.e. 0), then Squid | |
4861 | changes it to 007. | |
4862 | ||
9bc73deb | 4863 | Changes to Squid-2.3.DEVEL2 (): |
4864 | ||
4865 | - Added --enable-truncate configure option. | |
4866 | - Updated Czech error messages () | |
4867 | - Updated French error messages () | |
4868 | - Updated Spanish error messages () | |
4869 | - Added xrename() function for better debugging. | |
4870 | - Disallow empty ("") password in aclDecodeProxyAuth() | |
4871 | (BoB Miorelli). | |
4872 | - Fixed ACL SPLAY subdomain detection (again). | |
4873 | - Increased default 'request_body_max_size' from 100KB | |
4874 | to 1MB in cf.data.pre. | |
4875 | - Added 'content_length' member to request_t structure | |
4876 | so we don't have to use httpHdrGetInt() so often. | |
4877 | - Fixed repeatedly calling memDataInit() for every reconfigure. | |
4878 | - Cleaned up the case when fwdDispatch() cannot forward a | |
4879 | request. Error messages used to report "[no URL]". | |
4880 | - Added a check to return specific error messages for a | |
4881 | "store_digest" request when the digest entry doesn't exist | |
4882 | and we reach internalStart(). | |
4883 | - Changed the interface of storeSwapInStart() to avoid a bug | |
4884 | where we closed "sc->swapin_sio" but couldn't set the | |
4885 | pointer to NULL. | |
4886 | - Changed storeDirClean() so that the rate it gets called | |
4887 | depends on the number of objects deleted. | |
4888 | - Some WCCP fixes. | |
4889 | - Added 'hostname_aliases' option to detect internal requests | |
4890 | (cache digests) when a cache has more than one hostname | |
4891 | in use. | |
4892 | - Async I/O NUMTHREADS now configurable with --enable-async-io=N | |
4893 | (Henrik Nordstrom). | |
4894 | - Added queue length to async I/O cachemgr stats (Henrik Nordstrom). | |
4895 | - Added OPTIONS request method. | |
9bc73deb | 4896 | |
eb824054 | 4897 | Changes to Squid-2.3.DEVEL1 (): |
4898 | ||
4899 | - Added WCCP support. This adds the 'wccp_router' squid.conf | |
4900 | option. | |
4901 | - Added internal DNS queries; Most installations can run | |
4902 | without the external dnsserver processes. | |
4903 | - Rewrote much of the code that stores cache objects on | |
4904 | disk. Developed a programming interface that should | |
4905 | allow new storage systems to be added easily. This still | |
4906 | is pretty ugly and needs a lot of work, however. | |
4907 | - Replaced async_io.c "tags" with callback data locks. | |
4908 | This probably breaks async IO in a bad way. | |
4909 | - Tried to write an Async IO disk storage module. | |
4910 | - Added code to replace the StoreEntry linked list with a | |
4911 | heap structure. This allows for different replacement | |
4912 | algorithms, instead of being stuck with LRU. This adds | |
4913 | the 'replacement_policy' squid.conf option. (John Dilley | |
4914 | et al). | |
4915 | - Fixed HTCP queries by actually checking for freshness | |
4916 | based on the HTCP header fields. | |
4917 | - Fixed passing of redirector command line arguments. | |
4918 | - Added 'request_header_max_size' squid.conf option. | |
4919 | - Added 'request_body_max_size' squid.conf option. | |
4920 | - Added 'reply_body_max_size' squid.conf option. | |
4921 | - Added 'peer_connect_timeout' squid.conf option. | |
4922 | - Added 'redirector_bypass' squid.conf option. | |
4923 | - Added RFC 2518 (WEBDAV) request methods. | |
d20b1cd0 | 4924 | |
6b8e7481 | 4925 | Changes to Squid-2.2 (April 19, 1999): |
b93549f6 | 4926 | |
98b093e7 | 4927 | - Removed all SNMP specific ACL code |
4928 | SNMP now uses generic squid ACL's | |
4929 | - Removed view-based access crontrol | |
00b7a8b6 | 4930 | - Cleaned up and simplified SNMP section of squid.conf |
98b093e7 | 4931 | - Changed the SNMP code to use a tree stucture. |
3ff01c3e | 4932 | - Added objects to MIB: |
00b7a8b6 | 4933 | Request Hit Ratio's |
4934 | Byte Hit Ratio's | |
4935 | Number of Clients | |
61d53e64 | 4936 | - Changed SNMP Agent to return object instances correctly. |
b93549f6 | 4937 | - Added our own assert() macro so we can use debug() instead of |
4938 | printing to stderr. | |
4939 | - Added eventFreeMemory(). | |
4940 | - Fixed ipcCreate() bug when debug_log has FD <= 2. | |
4941 | - Changed watchChild() and related code in main.c so that | |
4942 | Squid can behave more like a proper daemon process. | |
4943 | - Added 'prefer_direct' option (enabled by default) so that | |
4944 | people can give parents higher preference than direct. | |
6703526b | 4945 | - Fixed ipc.c close() bug for async IO. On FreeBSD, |
4946 | comm_close() doesn't work for child processes when async IO is | |
4947 | used. | |
4948 | - Fixed setting the public key for large ``icons'' (Henrik | |
4949 | Nordstrom). | |
68f87dc5 | 4950 | - Rewrote peer digest module to fix memory leaks on reconfigure |
4951 | and clean the code. Increased "current" digest version to 5 | |
6474667e | 4952 | ("required" version is still 3). Revised "Peer Select" cache |
4953 | manager stats. | |
68f87dc5 | 4954 | - Added "-k parse" command line option: parses the config file |
4955 | but does not send a signal unlike other -k options. | |
1743c283 | 4956 | - Revamped storeAbort() calling. Only store_client.c has all |
4957 | the right information to determine if the request should | |
4958 | be aborted. Now client and server modules just storeUnregister | |
d81e3f33 | 4959 | without ever needing to call storeAbort. |
96aeb95d | 4960 | - Small change of Squid output for FTP (Andrew Filonov, |
4961 | Henrik Nordstrom). | |
4962 | - clientGetsOldEntry() sends old entry if new request status | |
4963 | is in the 500-range (Henrik Nordstrom). | |
4964 | - Changed configure so it works with IRIX6.4 C compiler (broken?) | |
4965 | option -OPT:fast_io=ON. | |
4966 | - Fixed comm_connect_addr() non-blocking connections for | |
4967 | SONY NEWSOS (Makoto MATSUSHITA). | |
4968 | - Changed "#ifdef __STDC__" to "#if STDC_HEADERS" as recommended | |
4969 | by autoconf documentation. | |
4970 | - Fixed client-side cache-control max-age (Henrik Nordstrom). | |
4971 | - Added a new error page: ERR_SHUTTING_DOWN. fwdStart() returns | |
4972 | this error if it is called while squid is in the process of | |
4973 | shutting down. | |
4974 | - Added support for linuxthreads package under FreeBSD (Tony Finch). | |
4975 | - Fixed HP-UX StatHist.c assertions by making the "hbase_f" | |
4976 | functions non-static (Michael Pelletier). | |
4977 | - Fixed logging of authenticated usernames even if the | |
4978 | authorization is not cached (Dancer). | |
4979 | - Fixed pconnPush() bug that prevented holding on to | |
4980 | persistent connections (Manfred Bathelt). | |
2328711e | 4981 | - Pid file now rewritten on SIGHUP. |
b4019ff7 | 4982 | - Numerous Ident changes: |
4983 | - Ident lookups will now be done on demand if you use the | |
4984 | 'ident' ACL type. | |
4985 | - The 'ident_lookup on|off' option has been replaced with | |
4986 | an access list, so you can do lookups only for some | |
4987 | client addresses. | |
4988 | - Added an 'ident_timeout' option to specifiy the amount | |
4989 | of time to wait for an ident lookup. | |
4990 | - Added a (local) hit rate to mempool metering. | |
4991 | - FTP Restarts (REST command) is now supported. | |
4992 | - Check for libintl.a on SCO3.2. | |
4993 | - Disable poll() on SCO3.2. | |
4994 | - Numerous Async IO enhancements from Henrik. | |
4995 | - Removed cache_mem_low and cache_mem_high options (Henrik | |
4996 | Nordstrom). | |
4997 | - Replaced 'persistent_client_posts' with 'broken_posts' access | |
4998 | list. | |
97474590 | 4999 | - Rewrote the anonymizer. |
5000 | - Removed the http_anonymizer option. | |
548b801c | 5001 | - Added the anonymize_headers option to allow individual |
5002 | referencing of headers for addition or removal. See | |
5003 | 'anonymize_headers' in squid.conf for additional | |
5004 | configuration. | |
b3abf16c | 5005 | - Fixed config file parser's handing of optional directives. |
5006 | Some people might get new warnings about unknown config | |
5007 | directives. | |
548b801c | 5008 | - Added 'myip' ACL type. This is the local IP address for |
5009 | connected sockets (Luyer). | |
5010 | - Fixed parsing of FTP DOS directory listings with spaces | |
5011 | (Nordstrom). | |
dd0b0295 | 5012 | - Numerous DELAY_POOL changes/fixes from David Luyer: |
5013 | - Makes no-delay neighbors for DELAY_POOLS work by | |
5014 | using a fd_set with the connections to no-delay | |
5015 | peers marked in it. | |
5016 | - Makes IP addresses ending in 0 and 255, and | |
5017 | network number 255, work with individual and | |
5018 | network delay pools (they were previously not | |
5019 | permitted, and documented as such). | |
5020 | - Massive overhaul of delay pools code - dynamically | |
5021 | allocated delay pools, as many as required. | |
5022 | - delayPoolsUpdate stops running if DELAY_POOLS is | |
5023 | configured but no delay pools are configured. | |
5024 | - Initial delay pool levels are now configurable | |
5025 | as a percentage of the maximum for the pool in | |
5026 | question (used to be all set to 1 second worth | |
5027 | of traffic). Pools are restored to this level | |
5028 | on reconfiguratoin. | |
242188c9 | 5029 | - Changed storeClientCopy to give a swap-in failure if |
5030 | the number of open disk FD's is above the 'max_open_disk_fds' | |
5031 | limit. Otherwise, a very loaded cache will end up with | |
5032 | all disk files open for reading, and none for writing. | |
b6a2f15e | 5033 | - Added lib/inet_ntoa.c from BSD Unix for systems that have |
5034 | broken inet_ntoa(). (Erik Hofman). | |
5035 | - Added more specific FTP error messages for "permission | |
5036 | denied, "file not found," and "service unavailable." | |
5037 | (Tony Finch) | |
5038 | - Added xisspace(), xisdigit(), etc, macros to cast function | |
5039 | args and eliminate compiler warnings. | |
5040 | - Fixed case-sensitive comparisons of domain names (Henrik | |
5041 | Nordstrom). | |
5042 | - Added proxy-authentication to cachemgr.cgi's requests | |
5043 | (Henrik Nordstrom). | |
5044 | - Changed Squid to *truncate* rather than *unlink* purged | |
5045 | swap files. Can be reversed by undefining | |
5046 | USE_TRUNCATE_NOT_UNLINK in src/defines.h. | |
5047 | - Changed internal icon headers to use Cache-control | |
5048 | Max-age instead of Expires. | |
5049 | - Changed storeMaintainSwapSpace behavior to be adjusted | |
5050 | smoothly, instead of discretely, between store_swap_low | |
5051 | and store_swap_high. This includes the number of | |
5052 | objects to scan, number to remove, and time until the | |
5053 | next storeMaintainSwapSpace event. | |
5054 | - Fixed a quick_abort bug that incorrectly calculated | |
5055 | content lengths. | |
5056 | - Added getpwnam() auth module from Erik Hofman. | |
5057 | - Added 'coredump_dir' option. | |
5058 | - Fixed a peerDestroy() assertion that required peer->digest | |
5059 | to be NULL at the end of peerDestroy(). | |
5060 | - configure script now automatically enables dlmalloc for | |
5061 | Solaris/x86. | |
5062 | - configure enables poll() on linux 2.2 and later (Henrik). | |
5063 | - Icon files are now distributed in binary format, install | |
5064 | will not need to run 'sh' and 'uudecode'. | |
5065 | - Fixed some bugs with large responses (>READ_AHEAD_GAP) and | |
5066 | re-forwarding requests and ENTRY_FWD_HDR_WAIT. | |
5067 | fwdCheckDeferRead() will NOT defer reading if the | |
5068 | ENTRY_FWD_HDR_WAIT bit is set. | |
5069 | - Fixed a "F->flags.open" assertion for aborted FTP PUT's. | |
5070 | - Fixed a (double) cast problem that caused statAvgTick() | |
5071 | events to be added as fast as possible. | |
6b8e7481 | 5072 | - Changed httpPacked304Reply() to not include the Content-Length |
5073 | header for 304 replies that Squid generates. We used to | |
5074 | include the length of the cached object, and this broke | |
5075 | persistent connections. | |
5076 | ||
5077 | 2.2.STABLE2: | |
5078 | ||
5079 | - Fixed configure bug for statvfs() checks. Configure reports | |
5080 | "test: =: unary operator expected" or similar because an | |
5081 | unquoted variable is not defined. | |
5082 | - Fixed aclDestroyAcls() assertion because some ACL types | |
5083 | are not listed in the switch statement. Occurs for | |
5084 | srcdom_regex and dstdom_regex ACL types during reconfigure. | |
5085 | - Typo "applicatoin" in src/mime.conf | |
5086 | - The unlinkd daemon never saw the USE_TRUNCATE_NOT_UNLINK | |
5087 | #define because it didn't include squid.h. | |
5088 | - Fixed commRetryFD() when bind() fails. commRetryFD was | |
5089 | closing the filedescriptor, but it is the upper layer's | |
5090 | job to close it. | |
5091 | - Changed configure's "maximum number of filedescriptors" | |
5092 | detection to only use getrlimit() for Linux. On AIX, | |
5093 | getrlimit returns RLIM_INFINITY. | |
5094 | - Fixed snmpInit() nesting bug. | |
5095 | - Fixed a bug with peerGetSomeParent(). It was adding | |
5096 | a parent to the FwdServers list, regardless of the | |
5097 | ps->direct value. This could cause every request to | |
5098 | go to a parent even when always_direct is used. | |
5099 | - Changed fwdServerClosed() to rotate the "forward servers" | |
5100 | list when a connection establishment fails. Otherwise | |
5101 | it always kept trying to connect to the first server | |
5102 | int the list. | |
b93549f6 | 5103 | |
2be4e260 | 5104 | 2.2.STABLE3: |
5105 | ||
5106 | - Fixed preprocessor problems for HP-UX in lib/safe_inet_addr.c. | |
5107 | - Avoid coredump in aclMatchAcl() if someone tries to use | |
5108 | proxy authentication with a non-HTTP request (e.g. icp_access). | |
5109 | - Moved 'ident_lookup_access' in squid.conf so it appears | |
5110 | after the ACL section. | |
5111 | - Fixed typo in squid.conf on "Config.Addrs.snmp_outgoing" | |
5112 | - Fixed a case in clientCacheHit() where we thought it | |
5113 | was a hit, but the reply status was not 200, so we | |
5114 | had to perform a cache miss. We forgot to change the | |
5115 | log_type and these were being recorded as TCP_HIT's. | |
5116 | - Fixed a void pointer subtraction bug in delayIdPtrHashCmp(). | |
5117 | - Fixed delay_pools coredump and memory leak bugs from | |
5118 | NULL delay_id values. | |
5119 | - Fixed a SEGV bug with delay_pools when requesting | |
5120 | 'objects' or 'vm_objects' from the cachemgr. | |
5121 | - Added a workaround for buggy FTP servers that return | |
5122 | a size of zero for non-zero-sized objects. | |
5123 | - Removed umask(0) call from main(). | |
5124 | - Fixed a peer selection bug that caused us to never select | |
5125 | a neighbor based on ICP replies if the ICP timeout occurs. | |
5126 | In conjunction with this, removed the PING_TIMEOUT state. | |
5127 | - Fixed a store_rebuild bug that caused us to get stuck trying | |
5128 | if a cache_dir subdirectory didn't exist. | |
5129 | - Fixed a buffer overrun bug in gb_to_str(). | |
5130 | ||
9bc73deb | 5131 | 2.2.STABLE4: |
5132 | ||
5133 | - Fixed a dread_ctrl leak caused in store_client.c | |
5134 | - Fixed a memory leak in eventRun(). | |
5135 | - Fixed a memory leak of ErrorState structures due to | |
5136 | a bug in forward.c. | |
5137 | - Fixed detection of subdomain collisions for SPLAY trees. | |
5138 | - Fixed logging of hierarchy codes for SSL requests (Henrik | |
5139 | Nordstrom). | |
5140 | - Added some descriptions to mib.txt. | |
5141 | - Fixed a bug with non-hierarchical requests (e.g. POST) | |
5142 | and cache digests. We used to look up non-hierarchical | |
5143 | requests in peer digests. A false hit may cause Squid | |
5144 | to forward a request to a sibling. In combination with | |
5145 | 'Cache-control: only-if-cached, this generates 504 Gateway | |
5146 | Timeout responses and the request may not be re-forwardable. | |
5147 | - Fixed a filedescriptor leak for some aborted requests. | |
5148 | ||
5149 | ||
4d62b0af | 5150 | Changes to Squid-2.1 (November 16, 1998): |
8f897f34 | 5151 | |
5152 | - Changed delayPoolsUpdate() to be called as an event. | |
5153 | - Replaced comm_select FD scanning loops with global fd_set | |
5154 | structures. Inspired by Jeff Mogul's patch for squid 1.1. | |
9e1559ea | 5155 | - Moved functions common to dns.c, redirect.c, authenticate.c, |
5156 | ipcache.c, and fqdncache.c into helper.c. | |
0753aa46 | 5157 | - Changed storeClientCopy2() so that it keeps sending the remainder |
5158 | of a STORE_ABORTED request, instead of cutting off the client as | |
5159 | soon as the object becomes aborted. | |
f0538986 | 5160 | - Fixed combined ipf-transparent proxy and a local http-accelerator |
5161 | operation (Quinton Dolan). | |
5162 | - Rewrote base64_decode.c because of potential buffer overrun | |
5163 | bugs. | |
912432d8 | 5164 | - Configurable handling of whitespace in request URI's. |
5165 | See 'uri_whitespace' in squid.conf. | |
e33ec474 | 5166 | - Added ability to generate HTTP redirect messages from |
5167 | the redirector output by prepending "301:" or "302:" to the | |
5168 | new url. See FAQ 4.16 for more details. | |
829a9357 | 5169 | - Eliminated refreshWhen() which was out-of-sync with refreshCheck() |
5170 | potentially causing under-utilized cache digests | |
5171 | - Maintain refreshCheck statistics on per-protocol basis so we | |
5172 | can tell why ICP or Digests return too many misses, etc. | |
c68e9c6b | 5173 | - Fixed delay_pools.c class2/class3 typo (Simon Woods). |
5174 | - Changed squid.conf's default access controls to deny all | |
5175 | HTTP requests. Admins must write ACL rules to specifically | |
5176 | allow their local clients. | |
5177 | - Patched French error messages (Mathias HERBERTS). | |
5178 | - NextStep porting fixes by Mike Laster: | |
5179 | - use xstrdup() in cf_gen.c | |
5180 | - check for putenv() in configure | |
5181 | - #define S_ISDIR macro | |
5182 | - Added --disable-poll configure option (Henrik Nordstrom). | |
5183 | - Fixed internal URL hostname case bugs (Henrik Nordstrom). | |
5184 | - Patched ftp.c so we never cache autenticated FTP requests | |
5185 | (Henrik Nordstrom). | |
5186 | - Fixed FTP authentication. We tried to unescape authentication | |
5187 | given by basic authentication which is not URL escaped | |
5188 | (Henrik Nordstrom). | |
5189 | - Fixed HTTP version for common logfile format (Henrik Nordstrom). | |
5190 | - Added 'redirect_rewrites_host_header' option to disable rewriting | |
5191 | of Host header for redirector responses (Henrik Nordstrom). | |
5192 | - Allow semi-customized error message signatures (Henrik Nordstrom). | |
5193 | - Fixed bug with errors for unsupported requests (Henrik Nordstrom). | |
5194 | - Fixed handling of blank lines in ACL input files (Henrik | |
5195 | Nordstrom). | |
5196 | - Changed proxy_auth ACL type to consist of a list of valid | |
5197 | users. REQUIRED == any (same as ident ACL). ACL type user | |
5198 | changed to ident since this is what it really is. | |
5199 | (Henrik Nordstrom). | |
5200 | - Fixed long URL bugs; make sure 'log_uri' never exceeds | |
5201 | MAX_URL bytes. | |
5202 | - Allow comments in external ACL files (Gerhard Wiesinger). | |
5203 | - Added 'range_offset_limit' configuration option. Requests | |
5204 | with ranges that start after this value will be passed | |
5205 | on unmodified, and Squid will not cache the response | |
5206 | (Henrik Nordstrom). | |
5207 | - Added Client HTTP Hit byte counters to 'counters' output | |
5208 | (Douglas Swarin). | |
5209 | - Got Squid to compile with --enable-async-io on FreeBSD. | |
5210 | - Fixed infinite loop bug for cachemgr 'config' option. | |
5211 | - Fixed cachability bugs for replies with Pragma: no-cache. | |
5212 | - Made content-type multipart/x-mixed-replace uncachable. | |
5213 | - Y2K fix for parsing dates in "Wed Jun 9 01:29:59 1993 GMT" | |
5214 | format (Richard Kettlewell). | |
5215 | - Fixed passing -s option to dnsserver processes (Alvaro Jose | |
5216 | Fernandez Lago). | |
5217 | - Changed proxy_auth to work on internal objects and when in | |
5218 | accelerator mode. (Henrik Nordstrom) | |
5219 | - Added login=user:password option to cache_peer directive to | |
5220 | be used from a dial-up cache where the parent requires proxy | |
5221 | authentication. (Henrik Nordstrom) | |
5222 | - If you want to "auto-login", then use a URL on the form | |
5223 | http://username:password@server/.... Squid now picks this up | |
5224 | when going direct, and turns it into basic WWW | |
5225 | authentication. It is also possible to do automatic login to | |
5226 | certain servers by using a redirector to add the needed | |
5227 | authentication information. (Henrik Nordstrom) | |
04f0ba5c | 5228 | - Changed refreshCheck() so that objects with negative age |
5229 | are always stale. | |
4d62b0af | 5230 | - Fixed "plain" FTP listings (Henrik Nordstrom). |
5231 | - Fixed showing banner/logon message for top-level FTP | |
5232 | directories (Henrik Nordstrom). | |
5233 | * Changes below have been made to SQUID_2_1_PATCH1 | |
5234 | - Fixed pinger packet size assertion. | |
5235 | - Fixed WAIS forwarding. | |
5236 | - Fixed dnsserver coredump bug caused by using both -D and | |
5237 | -s options. | |
e42d5181 | 5238 | * Changes below have been made to SQUID_2_1_PATCH2 |
5239 | - Fixed EBIT macro bugs when the bitmask is a 64-bit long. | |
5240 | - Fixed proxy auth NULL password bug. | |
5241 | - Fixed queueing of multiple peerRefreshDNS events. | |
5242 | - Added a stack of StoreEntry objects to be released after | |
5243 | store rebuild completes. | |
5244 | - Fixed NULL pointer bugs with too-large requests (found by | |
5245 | Martin Lathoud). | |
5246 | - Fixed reading replies from buggy ident servers. Replies | |
5247 | might not have terminating CR or LF (Henrik Nordstrom). | |
b4019ff7 | 5248 | - Changed internal StoreEntry key so that the request method |
5249 | is encoded as a single octet. Encoding an enumerated type | |
5250 | has size and byte-order incompatibilities, especially for | |
5251 | cache digests. | |
5252 | - Fixed storeEntryLocked so that SPECIAL, but PRIVATE entries | |
5253 | are not always locked. This fixes having multiple | |
5254 | store_digest's stuck in memory. | |
5255 | - Fixed clientProcessOnlyIfCachedMiss so it unlocks and | |
5256 | unregisters from "cache hit" entries. | |
5257 | * Changes below have been made to SQUID_2_1_PATCH3 | |
5258 | - Fixed memory leak in clientHandleIMSReply for | |
5259 | storeClientCopy failures. | |
8f897f34 | 5260 | |
41587298 | 5261 | Changes to Squid-2.0 (October 2, 1998): |
71d6dc56 | 5262 | |
4c154d99 | 5263 | - Added NAT/Transparent hijacking code from Quinton Dolan. |
5264 | - Added actual filesystem usage to cachemgr 'storedir' page. | |
41587298 | 5265 | Only works for operating systems which support statvfs(). |
a79d724b | 5266 | - Fixed HTCP compile-time bugs. |
5267 | - Fixed quick_abort bugs. Configured values are stored as | |
5268 | Kbytes, not bytes. | |
41587298 | 5269 | - Removed fwdAbortFetch(). It breaks quick_abort and seems |
5270 | mostly useless. | |
0da7d807 | 5271 | - Changed storeDirSelectSwapDir() to skip swap directories |
5272 | when their utilization is over the high water mark ratio. | |
9ca005ac | 5273 | - Fixed off-by-one bug for dead neighbor detection (Joe Ramey). |
18cc143b | 5274 | - fixed bugs in Content-Range header generation |
5275 | - changed the way Range requests are handled: | |
71d6dc56 | 5276 | - do not "advertise" our ability to process ranges at |
5277 | all | |
5278 | - on hits, handle simple ranges and forward complex | |
5279 | ones | |
5280 | - on misses, fetch the whole document for simple ranges | |
5281 | and forward range request for complex ranges | |
5282 | The change is supposed to decrease the number of cases when | |
5283 | clients such as Adobe acrobat reader get confused when we | |
5284 | send a "200" response instead of "206" (because we cannot | |
5285 | handle complex ranges, even for hits) Note: Support for | |
5286 | complex ranges requires storage of partial objects. | |
41587298 | 5287 | - Removed SNMP mib-2.system group from squid. |
6474667e | 5288 | - Removed SNMP ability to iterate through ipcache and friends. |
5289 | - Added SNMP ipcache/fqdncache basic statistics. | |
5290 | - Converted SQUID-MIB to SMIv2 (RFC 1902). | |
5291 | - Moved SQUID-MIB to enterprises section of the tree in preparation | |
5292 | of the split into PROXY-MIB & SQUID-MIB. | |
5293 | - Corrected minor errors in SQUID-MIB. | |
5294 | - Moved uptime into cacheSystem from cacheConfig. | |
5295 | - Corrected a number of get-next-request bugs, snmpwalk should now | |
5296 | return all objects and not skip some. | |
41587298 | 5297 | - Fixed netdbClosestParent() so it won't return sibling |
5298 | peers. | |
5299 | - Fixed a bug with secondary clients on entries with | |
5300 | ENTRY_BAD_LENGTH set. We should release the | |
5301 | bad entry to prevent secondary clients jumping on. | |
5302 | - Changed MIB to prevent parse warnings at startup. | |
f0538986 | 5303 | * Changes below have been made to SQUID_2_0_PATCH1 |
9689d97c | 5304 | - Fixed a forwarding loop bug. Even though we were detecting |
5305 | a loop, it was not being broken. | |
5306 | - Try to prevent sibling forwarding loops by NOT forwarding a | |
5307 | request to a sibling if we have a stale copy of the object. | |
5308 | Validation requests should only be sent to parents (or | |
5309 | direct). | |
5310 | - Fixed ncsa_auth hash bugs when re-reading password file. | |
5311 | - Changed clientHierarchical() so that by default SSL/CONNECT | |
5312 | requests do NOT go to neighbor caches. | |
d87ebd78 | 5313 | - Changed clientHandleIMSReply() to not call storeAbort() |
5314 | because there can be more than one client hanging on the | |
5315 | StoreEntry. This hopefully fixes "store_status != | |
5316 | STORE_ABORTED" assertions. | |
f0538986 | 5317 | - Added temporary fix to httpMakePublic() to prevent assertions |
5318 | (!EBIT_TEST(e->flags, RELEASE_REQUEST)) in storeSetPublicKey(). | |
5319 | * Changes below have been made to SQUID_2_0_PATCH2 | |
5320 | - PATCH1 introduced a seriously stupid bug which prevented ICP | |
5321 | queries for all requests. Fixed by checking | |
5322 | request->hierarchical in peerSelectFoo(). | |
18cc143b | 5323 | |
4c154d99 | 5324 | Changes to squid-1.2.beta25 (September 21, 1998): |
5325 | ||
4b66bfd3 | 5326 | - Fixed async IO bugs from adding filedescriptor arg to AIOCB |
5327 | callbacks (Henrik Nordstrom). | |
5328 | - Fixed store_swapout.c assertion. We were freeing object data | |
5329 | past the swapout_done offset. This probably happens (only?) | |
5330 | when an object changes from cachable to uncachable while | |
5331 | it is being swapped out. | |
a260d877 | 5332 | - Added MEM_CLIENT_SOCK_BUF type so we can change the size |
5333 | of the buffers used for writing data to the client sockets. | |
669d90e7 | 5334 | - Added configure check for libbind.a. If found, it will be |
5335 | used instead of libresolv.a. | |
5336 | - Changed fwdStart() to always allow internally generated | |
dddd5b55 | 5337 | requests, such as for peer digests. These requests are |
5338 | known to fwdStart() because the address arg is set to | |
5339 | 'no_addr'. | |
669d90e7 | 5340 | - Completed initial HTCP implementation. It works, but is not |
5341 | tested much. | |
2d5c8e74 | 5342 | - Added counters for I/O syscalls. |
5343 | - Fixed httpMaybeRemovePublic. With broken ICP neighbors | |
5344 | (netapp) Squid doesn't use private keys. This caused us | |
5345 | to remove almost every object from the cache. | |
5346 | - Added 'asndb' cachemgr stats to show AS Number tree. | |
dddd5b55 | 5347 | - Fixed AS Number byte-order bug for netmasks. |
2d5c8e74 | 5348 | - Fixed comm_incoming calling rate for high loads (Stewart |
5349 | Forster). | |
426012d2 | 5350 | - Give always_direct higher precedence than never_direct |
5351 | (Henrik Nordstrom). | |
dddd5b55 | 5352 | - Changed PORT ACL type to accept ranges. Now you can easily |
5353 | deny, for example, all priveleged ports except 80, 70, 21, | |
5354 | etc. | |
5355 | - ARP ACL fixes for Linux (David Luyer). | |
5356 | - Replaced various "EBIT" flags bitfileds with structures of | |
5357 | "int:1" members. | |
5358 | - Changed storeKeyPrivate and storeKeyPublic to be a bit more | |
5359 | efficient by removing snprintf(). This causes an | |
5360 | incompatibility with old cache keys, however. To transition, | |
5361 | we will look up both the new and old style keys for about the | |
5362 | next 30 days. After that, if you haven't run this (or a | |
5363 | future) version, your cache contents will be lost. | |
5364 | - Made the client-side write buffer size configurable with | |
5365 | a #define in defines.h. By default it is still 4096 bytes. | |
5366 | - Removed redirectUnregister(). It should be unnecessary | |
5367 | because of cbdata locks. | |
5368 | - Fixed multiple HEAD request brokennesses (Henrik Nordstrom). | |
5369 | - Changed non-blocking connect(2) code to call getsockopt() | |
5370 | instead of connect() again. This is the approach recommended | |
5371 | by Stevens, and fixes bugs on BSD-ish systems when subsequent | |
5372 | connect() calls loop with EAGAIN status. | |
5373 | - Added MD5 cache keys to memory pool accounting. | |
5374 | - Added code to track number of open DISK descriptors and stop | |
5375 | swapping out objects if the number of disk descriptors becomes | |
5376 | too large. For now the limit must be manually configured with | |
5377 | the 'max_open_disk_fds'. By default, there is no limit. | |
5378 | - Stopped encoding a request method in the high byte of the ICP | |
5379 | reqnum field. Instead queried cache keys are copied to a | |
5380 | static array, indexed by the reqnum, modulo the array size. | |
5381 | Now we just use the request number to lookup a cache key, | |
5382 | instead of rebuilding it from the ICP reply URL and method, | |
5383 | unless we have netapp neighbors--they don't do reqnum | |
5384 | properly. | |
5385 | - Fixed reconfigure memory access bugs in redirect.c. | |
0753aa46 | 5386 | - Ignore unreasonably large ICP RTT values which cause overflow |
5387 | bugs in calculating the average RTT (thanks Niall!) | |
4b66bfd3 | 5388 | |
8e6a43e8 | 5389 | Changes to squid-1.2.beta24 (August 21, 1998): |
5390 | ||
6c4067e5 | 5391 | - Added Bulgarian error pages by Evgeny Gechev. |
ceb79b2b | 5392 | - Changed StoreEntry->lock_count to a u_short. |
c7d6216e | 5393 | - Replaced urlcmp with strcmp |
5394 | - Fixed pragma no-cache ejecting ENTRY_SPECIAL objects | |
5395 | (Henrik Nordstrom). | |
5396 | - Eliminated unneeded BASE HREF on "root" directories (Henrik | |
5397 | Nordstrom). | |
5398 | - Fixed peerDigestFetchFinish() assertion caused by forwarding | |
5399 | failures (e.g. miss_access rules). | |
ada249f8 | 5400 | - Changed signal handlers with ASYNC_IO and Linux so that |
5401 | -k command line options work (Miquel van Smoorenburg). | |
4616f9ea | 5402 | - Rewrote shutdown code to use events instead of setting |
5403 | FD timeouts. | |
903e21a0 | 5404 | - Fixed cachemgr 'objects' (statObjects()) by adding a check |
b6a76fb2 | 5405 | for READ_AHEAD_GAP, and calling storeCheckSwapout() in |
5406 | storeBufferFlush(). Otherwise, the read-past pages would | |
5407 | never be freed. | |
681979a2 | 5408 | - Fixed DNSSERVER shutdown bugs. The re-opened dnsserver processes |
5409 | were being closed by the dnsServerShutdown event. | |
b6a76fb2 | 5410 | - Modified storeHashInsert() to insert PRIVATE objects at |
5411 | the tail of the LRU list, and PUBLIC objects at the head. | |
5412 | Thus, PRIVATE objects get kicked out quicker. | |
95e36d02 | 5413 | - Added David Luyer's DELAY_POOLS code. |
54b5b3e5 | 5414 | - Fixed a bug due to HEAD replies which lack the end-of-headers |
5415 | line. | |
5416 | - Made proxy-auth realm string configurable (Bob Franklin) | |
5417 | - Changed default mime time to a viewable one (Henrik Nordstrom). | |
5418 | - configure fixes for Sony's NEWS-OS 6.x (Makoto MATSUSHITA). | |
5419 | - Fixed 'you are running out of filedescriptors' bug which | |
5420 | could cause the HTTP incoming connection handler to not | |
5421 | be reset. | |
e23fbf04 | 5422 | - Changed syslog logging. Now squid debug levels 0 and 1 go |
d737baa0 | 5423 | to syslog. Level 0 gets LOG_WARNING and level 1 gets LOG_NOTICE |
e23fbf04 | 5424 | (this needs more work!) |
2cb51fe0 | 5425 | - Fixed memory access errors in statAvgTick(). |
abc1237e | 5426 | - Fixed duplicate requestUnlink() bug in forward.c |
6c4067e5 | 5427 | - Fixed possible memory access bugs from not setting e->mem_obj |
5428 | = NULL in destroy_MemObject(). | |
5429 | - Deleted TCP_IMS_MISS tag. Always use TCP_IMS_HIT instead. | |
5430 | - Modified headersEnd and httpMsgIsolateHeaders to account | |
5431 | for funky line terminations such as CRCRNL. | |
5432 | (``but Netscape and IE _tolerate_ this'') | |
5433 | - Fixed carp functions (Eric Stern). | |
5434 | - Replaced internal proxy_auth code with extern authentication | |
5435 | module (Arjan de Vet). | |
5436 | - moved hash.c to libmiscutil.a. | |
e931f99a | 5437 | - Fixed handling of ICP queries with whitespace in URLs. |
5438 | Now we return ICP error and escape the URL before logging. | |
3a15a393 | 5439 | - Added configure check for socklen_t (David Luyer). |
5440 | - Removed USE_SPLAY #defines; it is now standard. | |
3a76c002 | 5441 | - Added FD arg to async IO callbacks (AIOCB) so we can eliminate |
5442 | temporary disk_ctrl_t structures. | |
5443 | - Changed ENOSPC disk write errors to reduce specific cache_dir | |
5444 | sizes, and not just the size of the cache as a whole. | |
f9cece6e | 5445 | - Added httpMaybeRemovePublic() to purge public objects for |
5446 | certain responses even though they are uncachable. This is | |
5447 | needed, for example, when an initially cachable object | |
5448 | later becomes uncachable. | |
8e6a43e8 | 5449 | - Added refresh_pattern options to ignore client reloads |
5450 | (Henrik Nordstrom) | |
5451 | - Relocated disk.c code which combines blocks for writing | |
5452 | (Stewart Forster). | |
c7d6216e | 5453 | |
857703c6 | 5454 | Changes to squid-1.2.beta23 (June 22, 1998): |
5455 | ||
cf7f704c | 5456 | - Added Turkish error pages by Tural KAPTAN. |
66bbb757 | 5457 | - Added basic support for Range requests. For most cachable |
5458 | requests, Squid replies with an "Accept-Ranges" header. Upon | |
5459 | receiving a potentially cachable Range request for a not | |
5460 | cached object, Squid requests the whole object from origin | |
5461 | server and then replies with specified range(s) to the | |
5462 | client. Multi-range requests are supported. Adjacent | |
5463 | overlapping ranges are merged. If-Range requests are | |
5464 | supported. Limitations: Multi-range requests with out of | |
5465 | order ranges are not supported. | |
5466 | - Made md5.c use standard memcpy and memset if they are | |
5467 | avaliable. | |
5468 | - Memory pools will now shrink if Squid is run-time | |
5469 | reconfigured with smaller value of memory_pools_limit tag. | |
5470 | - Added counter for number of clients (Tomi Hakala). | |
5471 | - Changed neighbor UP/DOWN algorithm to require 10 failed TCP | |
5472 | connections for UP->DOWN transition. | |
5473 | - Added 'unique_hostname' configuration option when its | |
5474 | necessary to have multiple machines with the same visible | |
5475 | hostname. | |
222917b2 | 5476 | - Fixed pumpReadFromClient() to not read too many bytes on |
5477 | persistent connections. | |
53856ebd | 5478 | - We can now cache HTTP replies with Set-Cookie. These evil |
5479 | headers are now filtered out for cache hits on the client | |
5480 | side. | |
222917b2 | 5481 | - Fixed SNMP bugs caused by using snmpwalk. |
9089cc70 | 5482 | - Fixed snmp system Group; all objects are now returned. |
5483 | - Fixed snmp system Group sysDescr and sysContact. | |
78dfab2a | 5484 | - Fixed snmp system Group sysObjectID it now returns a OBJECT |
5485 | IDENTIFIER. | |
7fce9c3e | 5486 | - Allocate FwdState from mem pools. |
5487 | - Minor HTCP progress. | |
222917b2 | 5488 | - Moved 'miss_access' ACL check from client_side.c to forward.c |
ed169eab | 5489 | - Fixed logging of usernames for requests which require |
5490 | proxy-authentication. | |
cf7f704c | 5491 | - Fixed HTTP request parser to accept lowercase HTTP identifier |
5492 | (Oskar Pearson). | |
5493 | - Fixed FTP listings to always include links to the parent | |
5494 | directory (Henrik Nordstrom). | |
5495 | - Fixed FTP to show an "empty" listing instead of showing | |
5496 | a "document contains no data" error (Henrik Nordstrom). | |
5497 | - Fixed refreshCheck() bug. Often it was checking the | |
5498 | refresh patterns against the string "[null_mem_obj]" | |
5499 | because we moved URLs to MemObject. | |
5500 | - Added CARP support by Eric Stern. | |
48382032 | 5501 | - Fixed select-spin bug when an ICP reply actually gets queued |
5502 | and we failed to execute the write callback. | |
354b5fe1 | 5503 | - Fixed a storeCheckSwapOut bug. We were freeing up to |
5504 | the queued offset instead of the done offset. This | |
5505 | resulted in a small chunk of object data not being in | |
5506 | memory and not yet written to disk. A client could | |
5507 | recieve a partial object because file_read() unexpectedly | |
5508 | returns EOF. | |
0aa791f8 | 5509 | - Fixed proxy-authentication hangs (Henrik Nordstrom). |
c2354a6b | 5510 | - Fixed request_t->flags bug causing authenticated, proxied |
5511 | responses to be cached (Arjan de Vet). | |
e0e32f36 | 5512 | - Fixed MIME types for .tgz extension (Henrik Nordstrom). |
5513 | - Added view and download options to FTP listings (Henrik | |
5514 | Nordstrom). | |
5515 | - Modified configure to allow using pre-installed libdlmalloc.a | |
5516 | (Masashi Fujita). | |
e8d8856c | 5517 | - Fixed cachemgr 'objects' implementation. |
fecf98dc | 5518 | - Changed refreshCheck() algorithm. For cached objects, we |
5519 | now check, in the following order: | |
5520 | * request max-age | |
5521 | * response Expires (if present) | |
5522 | * refresh_pattern max-age | |
5523 | * response Last-Modified compared to refresh_pattern | |
5524 | LM-factor (only if Last-Modified is present) | |
5525 | * refresh_pattern min-age | |
5526 | - Changed Copyrights. | |
d192d11f | 5527 | |
ee3a78d4 | 5528 | Changes to squid-1.2.beta22 (June 1, 1998): |
5529 | ||
2246b732 | 5530 | - do not cut off "; parameter" from "digitized" Content-Type |
5531 | http fields | |
5532 | - Added X-Request-URI for persistent connection debugging | |
5533 | (Henrik Nordstrom) | |
f4d83f6d | 5534 | - Added Polish error pages from Maciej Kozinski. |
145f10f1 | 5535 | - Fixed hash_first/hash_next bugs with **Current pointer. |
5536 | Replaced with *next pointer. | |
f4d83f6d | 5537 | - Fixed PUT/POST bugs in client (Henrik Nordstrom). |
5538 | - Deny forwarding loops in httpd accel mode (Henrik Nordstrom). | |
5539 | - Fixed eventRun "spin" bug when event delta time == 0. | |
a9cc1935 | 5540 | - Fixed setting Last Modified time on cached entries when |
5541 | receiving a 304 reply. | |
06e87923 | 5542 | - Added while loop in httpAccept(). |
5543 | - Added while loop in icpHandleUdp(). | |
5544 | - Fixed some small memory leaks. | |
5545 | - Fixed single-bit-int flag checks (Henrik Nordstrom). | |
137ee196 | 5546 | - Replaced "complex" (offset accounting) calls to snprintf with MemBuf |
5547 | - Do not send only-if-cached cc directive with requests | |
6474667e | 5548 | for peer's digests. |
ee3a78d4 | 5549 | - Added "automatic tuning" for incoming request rate, i.e. |
5550 | how often to check HTTP and ICP sockets. See comm.c | |
5551 | comments for details. | |
145f10f1 | 5552 | |
6ee40ea2 | 5553 | Changes to squid-1.2.beta21 (May 22, 1998): |
5554 | ||
434b408f | 5555 | - Added Italian error pages by Alessio Bragadini. |
a3f9588e | 5556 | - Added Estonian error pages by Toomas Soome. |
06066bbc | 5557 | - Added Russian (koi-r) error pages by Andrew L. Davydov. |
7b381d33 | 5558 | - Added Czech error pages by Jakub Nantl. |
8e866bb4 | 5559 | - Fixed asnAclInitialize calling to prevent coredump. |
5560 | - Fixed FTP directory parsing again. | |
5561 | - Made FTP directory listing "Generated" tagline like | |
5562 | the one for error pages. | |
52f977aa | 5563 | - Fixed an assertion coredump in statHistCopy from |
6474667e | 5564 | reconfiguring with different #peers in squid.conf |
10202788 | 5565 | - Ignore leading whitespace on requests (and replies). RFC |
5566 | 2068 section 4.1, robustness (Henrik Nordstrom) | |
5567 | - Fixed keep_alive bug. We did not always honour reply | |
5568 | headers, but rather assumed connections could be persistent. | |
5569 | - Fixed reading whois output for AS numbers, especially when | |
5570 | they are longer than 4 KB. | |
5571 | - Removed 'cache_stoplist_pattern' configuration option. This | |
5572 | feature is now handled by 'no_cache'. | |
5573 | - If a URN resolves to only one URL, just return it immediately | |
5574 | instead of giving the user a "choice" (Andy Powell). | |
5575 | - Fixed year-2000 bug in lib/iso3307.c (Henrik Nordstrom). | |
5576 | - Changed squid-internal object names. | |
5577 | - Added netdb exchange protocol. | |
5578 | - Fixed wordlistDestroy() uninitialized pointer bug in | |
5579 | ftpParseControlReply. | |
06066bbc | 5580 | - Fixed redirector subprocess to show real program name. |
5581 | - Changed URN menu output to be sorted. | |
5582 | - Added fast select(2) timeouts when using ASYNC_IO. | |
5583 | - Added ARP ACL support for Linux (David Luyer). | |
6474667e | 5584 | - Added binary http headers to requests |
5585 | - request_t objects are now created and destroyed in a consistent way | |
5586 | - Fixed cache control printf bug | |
5587 | - Added a lot of new http header ids | |
5588 | - Improved Connection: header handling; now both Connection and | |
5589 | Proxy-Connection headers are checked for connection directives | |
5590 | - Connection request header is now handled correctly regardless | |
5591 | of its position and the number of entries | |
2246b732 | 5592 | - Only replies with valid Content-Length can be sent with keep-alive |
5593 | connection directive (Henrik Nordstrom) | |
6474667e | 5594 | - Better handling of persistent connection "clues" in HTTP headers; |
2246b732 | 5595 | the decision now depends on HTTP version (and User-Agent exceptions) |
6474667e | 5596 | - Removed handling of "length=" directive in IMS headers; |
5597 | the directive is not in the HTTP/1.1 standard; | |
5598 | standing by for objections | |
5599 | - allowed/denied headers are now checked using bit masks instead of | |
5600 | strcmp loops | |
5601 | - removed Uri: from allowed headers; Uri is deprecated in RFC 2068 | |
2246b732 | 5602 | - removed processing of Request-Range header (not in specs?) |
7b381d33 | 5603 | - Fixed byte-order bugs in cacheDigestHashKey. |
5604 | - Changed hash_remove_link() to return void. | |
5605 | - Changed ipcache_gethostbyname() to return NULL if | |
5606 | i->addrs.count == 0. | |
6de5fa88 | 5607 | - Added millisecond-timing to select/poll loops and event |
5608 | queue. | |
5609 | - Changed 'peerPingTimeout' value to be twice the average | |
5610 | of all the peer ICP RTT's. | |
5611 | - Added 'half_closed_clients' option to force closing of | |
5612 | client connections which might only be half-closed. | |
5613 | - Fixed matchDomainName coredump bug. | |
5614 | - Don't cache HTTP replies with Vary: headers until we | |
5615 | get content negotiation working. | |
5616 | - Fixed SSL proxying to forward full HTTP request headers. | |
c09459dd | 5617 | - Changed storeGetMemSpace(). Only purge down to the HIGH |
5618 | water mark; move locked entries to the head of the inmem | |
5619 | list. | |
5620 | - Changed clientReadRequest() to locally handle any | |
5621 | "squid-internal-static" URL for any host. | |
52f977aa | 5622 | - Disable persistent connections for client connections |
5623 | from broken Netscape User-Agent, version 3.* (Stewart Forster) | |
434b408f | 5624 | |
901b8eaf | 5625 | Changes to squid-1.2.beta20 (April 24, 1998): |
5626 | ||
fd1bc012 | 5627 | - Improved support for only-if-cached cache control directive. |
5628 | - Enabled 304 replies for ENTRY_SPECIAL objects (e.g., icons). | |
a1a62b14 | 5629 | - Fixed 'quick_abort' percent calculation bug. |
5630 | - Fixed quick_abort FPE bug. | |
5631 | - Changed more errno-checking functions to use ignoreErrno(). | |
5632 | - Added ERESTART to ignoreErrno() because of report from | |
5633 | a Solaris system. | |
5634 | - Fixed '#elsif' typo. | |
5635 | - Fixed MemPool assertion by moving memInit() to before | |
5636 | configuration parsing functions. | |
5637 | - Fixed default 'announce_period' value (was 1 day, should | |
5638 | be 0) (Joe Ramey). | |
5639 | - Added configure warning for low filedescriptors and pointer | |
5640 | to FAQ. | |
b0497a40 | 5641 | - Fixed httpBodySet() bug causing URN related coredumps. |
5642 | - Changed ipcacheCycleAddr() to always cycle through all all | |
5643 | available addresses, and not just advance when one of | |
5644 | them goes BAD. | |
5645 | - Fixed squid-internal bug for mixed-case hostnames (Henrik | |
5646 | Nordstrom). | |
4e41d49f | 5647 | - Fixed ICP counting probelm. icpUdpSend() arg should be |
5648 | LOG_ICP_QUERY instead of LOG_TAG_NONE. | |
e4b71f74 | 5649 | - Added some additional fault toleranse on FTP data channels |
5650 | (Henrik Nordstrom). | |
5651 | - Corrected error reporting on FTP "hacks" (Henrik Nordstrom). | |
5652 | - Added lock/unlock for StoreEntry during storeAbort(). | |
5653 | - Added filemap bit usage stats to cachemgr 'storedir' and | |
5654 | 'info'. | |
5655 | - Replaced 'cache_stoplist' with 'no_cache' Access list. | |
5656 | - Fixed (hopefully) remaining swapfile-open-at-exit bugs. | |
44745828 | 5657 | - Fixed default hierarchy_stoplist to be ``default if none.'' |
5658 | - Fixed 'fake a recent reply' hack for detecting DEAD | |
5659 | and ALIVE neighbors (Joe Ramey). | |
e376562a | 5660 | - Fixed FTP directory parsing bugs (Joe Ramey). |
5661 | - Fixed ftpTraverseDirectory coredump for NULL ftpState->filepath | |
5662 | (Joe Ramey). | |
dea17509 | 5663 | - Fixed daylight savings time bug (again). |
fd1bc012 | 5664 | - A lot of Cache Digests additions, fixes, and tuning. |
5665 | Cache Digests are still "very experimental". | |
e376562a | 5666 | - Fixed snprintf() bug. When len == 1, snprintf() would treat |
5667 | the buffer as unknown size, emulating sprintf() behaviour. | |
5668 | - Made Error page language configurable with configure script | |
5669 | (Henrik Nordstrom). | |
5670 | - Fixed squid-internal URLs when http_port == 80. | |
5671 | - Remember the client address on redirected requests (Henrik | |
5672 | Nordstrom). | |
5673 | - Don't rebuild the request if the redirector returned the same | |
5674 | URL (Henrik Nordstrom). | |
5675 | - Rewrite Host: header on redirected requests (Henrik | |
5676 | Nordstrom). | |
5677 | - Include port (if non-standard) in generated Host: headers | |
5678 | (Henrik Nordstrom). | |
5679 | - Fixed rfc1123 timezone hacks for Windows NT | |
5680 | (Henrik Nordstrom). | |
5681 | - Added Russian Error pages by Ilia Zadorozhko. | |
5682 | - Added totals for ICP and HTTP hits to cachemgr client_list | |
5683 | output. | |
6cfa8966 | 5684 | - Changed error message to 'Generated TIME by HOST (SQUID/VER)' |
5685 | because any string with an '@' must be an email address. | |
e376562a | 5686 | - Fixed POST for content-length == 0. |
901b8eaf | 5687 | - Fixed "huge 304 reply" loop bug. |
5e9ab945 | 5688 | - Fixed --enable-splaytree compile bugs. |
c93fbf13 | 5689 | - Removed ASN lookup code in peer_select.c. |
b6a2f15e | 5690 | - Added warnings if ACL code detects subdomains in SPLAY |
5691 | trees. | |
5692 | - Rewrote some bits of httpRequestFree() to eliminate | |
5693 | possible bugs that could cause an "e->lock_count" asseertion. | |
5694 | - Added value/bounds checking to _db_init() when setting | |
5695 | the debugLevels[] array. | |
fd1bc012 | 5696 | |
005e5260 | 5697 | Changes to squid-1.2.beta19 (Apr 8, 1998): |
5698 | ||
b0497a40 | 5699 | - Squid-1.2.beta19 compiles and runs on Windows/NT with |
5700 | Cygnus Gnu-WIN32 b19 (Henrik Nordstrom). | |
447203a7 | 5701 | - Added French Error pages by Frank DENIS. |
5702 | - Added Dutch Error pages by Mark Visser | |
901b8eaf | 5703 | - Added German Error pages by Bernd P. Ziller, Jens Frank, |
5704 | and Anke S. | |
f9f2be04 | 5705 | - Added support for only-if-cached cache-control directive. |
005e5260 | 5706 | - Added RELAXED_HTTP_PARSER #define to allow requests which are |
5707 | missing the HTTP identifier on the request line (e.g. buggy | |
5708 | SpyGame queries). RELAXED_HTTP_PARSER is undefined by default. | |
1f4d31f9 | 5709 | - Fixed disk.c FD leak for delayed closes in |
5710 | diskHandleWriteComplete(). | |
5711 | - Fixed cache announcement feature. | |
20fe7191 | 5712 | - Fixed httpReadReply() to retry failed HTTP requests on |
5713 | persistent connections when read() returns -1, not only | |
5714 | when it returns 0. | |
805e5f70 | 5715 | - Fixed cbdata memory counting leak. cbdataUnlock() always |
5716 | called free(), never memFree(). | |
ff396fe6 | 5717 | - Fixed storeDirWriteCleanLogs() malloc bug on Alphas. |
005e5260 | 5718 | - Fixed `++loopdetect < 10' assertion due to |
5719 | clientHandleIMSReply bug for invalid/partial HTTP | |
5720 | replies. | |
5721 | - Added preliminary code for HTCP. | |
5722 | - Renamed 'aux' dir to 'cfgaux' for legacy DOS machines. | |
5723 | - Added "snmp_community" as an ACL type. | |
5724 | - Cleaned up proxy-auth acl implementation and removed | |
5725 | memory leaks. | |
5726 | - Added generic 'hashFreeItems()' function for efficiently | |
5727 | freeing hash table pointers. | |
5728 | - Added whoisTimeout() for ASN code. | |
447203a7 | 5729 | - Removed BINARY TREE code. |
005e5260 | 5730 | - Fixed forgetting to reset Config.Swap.maxSize in |
5731 | configDoConfigure. | |
5732 | - Fixed httpReplyUpdateOnNotModified() arguments-in-wrong-order | |
5733 | bug which caused not modified replies to not get updated. | |
5734 | - Fixed client_side.c bugs which could cause data to be written | |
5735 | to the client in the wrong order for persistent connections. | |
5736 | clientPurgeRequest() and clientHandleIMSComplete() must not | |
5737 | call comm_write(). Instead they must create and write to | |
5738 | StoreEntry's. | |
5739 | - Fixed ICP query service time counting bug(s). | |
5740 | - replaced 'char *mime_headers_end()' with 'size_t headersEnd()' | |
5741 | to fix buffer overruns. This also requires adding 'buf_sz' | |
5742 | args to some functions like clientBuildReplyHeader(). | |
5743 | But we can eliminate the need to NULL-terminate the | |
5744 | buffer beforehand. | |
5745 | - Changed commConnectCallback() to reset the FD timeout to | |
5746 | zero before notifying about the connection. This requires | |
5747 | commSetTimeout() calls in numerous places to reinstall | |
5748 | timeouts. | |
5749 | - Changed comm_poll_incoming() to be called less frequently | |
5750 | (every 15 I/O's instead of every 7 FD's) (Michael O'Reilly). | |
5751 | - Removed HAVE_SYSLOG case for debug() macro. Almost all | |
5752 | systems do have syslog(), but more importatnly the | |
5753 | _db_level value is needed for debugging to stderr. | |
5754 | - Rewrote squid/dnsserver interface to use smaller, single-line | |
5755 | messages. | |
5756 | - Rewrote 'dns' cachemgr output to use a table format. | |
5757 | - Rewrote a lot of dnsserver.c. | |
5758 | - Added eventAddIsh() for semi-random event scheduling. | |
5759 | - Fixed an ftpTimeout bug for sessions which use PORT | |
5760 | commands. | |
5761 | - Fixed ftp.c to recognized invalid PASV replies (e.g. | |
5762 | port == 0). | |
5763 | - Removed hash_insert(). All hasing uses hash_join() now. | |
5764 | - Renamed hash_unlink() to hash_remove_link(). | |
5765 | - Added hashPrime() to find closes prime hash table size | |
5766 | to a given value. | |
5767 | - Fixed Keep-Alive ratio counting bug which prevented | |
5768 | persistent connections from being used between cache | |
5769 | peers. | |
5770 | - Changed icmp.c to NOT queue messages sent from squid to | |
5771 | the pinger program. | |
5772 | - Changed icp_v2.c to NOT queue ICP messages by default. | |
5773 | But they will be queued and resent once if the first | |
5774 | send fails. Counters.icp.queued_replies counts the | |
5775 | number of messaages queued. | |
5776 | - Cleaned up ICP logging. | |
5777 | - Added identTimeout(). | |
5778 | - Fixed ipcache reply counting bug. Overcounted dnsserver | |
5779 | replies for partial replies. | |
5780 | - Added urlInternal() for building internal Squid URLs. | |
5781 | - Changed peerAllowedToUse() to check both 'cache_peer_domain' | |
5782 | AND 'cache_peer_acl' configurations. This should be changed | |
5783 | in the fugure to use ONLY cache_peer_acl. | |
5784 | - Changed DEAD/REVIVED neighbor detection to avoid reporting | |
5785 | so many false deaths. (Joe Ramey). | |
5786 | - Added some preliminary code to support "cache digests." | |
5787 | - Fixed pumpClose() coredumps (?). | |
5788 | - Updated cachemgr 'info' output to show median service | |
5789 | times for various categories. | |
5790 | - Fixed ABW bug in storeDirWriteCleanLogs(). sizeof(off_t) | |
5791 | != sizeof(int) for Alphas. | |
5792 | - Fixed potential alignment problem in storeDirWriteCleanLogs(). | |
5793 | - Fixed store_rebuild.c to NOT replace current, but | |
5794 | not-swapped-out StoreEntry's with on-disk entries. | |
5795 | - Changed storeCleanup() to call storeRelease on invalid | |
5796 | entries which don't have a swapfile (i.e. no unlink() | |
5797 | penalty). | |
5798 | - Fixed storeSwapInStart() to fail for unvalidated | |
5799 | entries. | |
5800 | - SNMP changes: | |
5801 | . renovated mib and added descriptions and comments | |
5802 | . added hit and byte counters to client_db , for | |
5803 | cacheClientTable | |
5804 | . cacheClientTable, netdbTable, cachePeerTable, | |
5805 | cacheConnTable now indexed by ip address. hash_lookup was | |
5806 | enhanced to allow for subsequent hash_next's similar to | |
5807 | hash_first, to speed up getnext's in tables which refer to | |
5808 | hash-table structures. | |
5809 | . added generic (well, sorf of) table indexing functionality | |
5810 | . added makefile dependencies for snmplib and cache_snmp.h | |
5811 | . WaisHost, WaisPort, Timeouts removed | |
5812 | . FdTable split into FdTable and ConnTable. FdTable simplified | |
5813 | . PeerTable and PeerStat merged and put into new cacheMesh | |
5814 | group | |
5815 | . cacheClientTable added for client statistics and accounting | |
5816 | (cacheMesh 2) | |
5817 | . cacheSec and cacheAccounting groups removed | |
5818 | . fixed acl bug when communities not defined | |
5819 | . snmp_acl now survives bad configuration | |
81d0c856 | 5820 | |
9a713ffb | 5821 | Changes to squid-1.2.beta18 (Mar 23, 1998): |
5822 | ||
275d9f2e | 5823 | - Added v1.1 'test_reachability' option. |
5824 | - Fixed hash4() len == 0 bug. | |
2c26197b | 5825 | - Fixed Config.Swap.maxSize reconfigure bug. |
5826 | - Fixed ICP query bug determining request method. | |
5827 | - Moved ICP's storeGet() cache lookup into neighborsUdpAck() | |
5828 | so that we know neighbors are alive even when they send | |
5829 | us replies for unknown entries. | |
5830 | - Changed configure script to add '-std1' for Digital Unix cc. | |
5831 | - Fixed SNMP sizeof(int) / sizeof(long) bugs for 64-bit | |
5832 | systems. | |
5833 | - Added support for 'Cache-Control: Only-If-Cached' request header. | |
34ad1721 | 5834 | - Fixed CheckQuickAbort() bugs for multiple clients on one |
5835 | StoreEntry. Also changed storePendingNClients() to return | |
5836 | mem->nclients instead of counting the number of store_client | |
5837 | entries with pending callback functions. | |
275d9f2e | 5838 | |
041b157e | 5839 | Changes to squid-1.2.beta17 (Mar 17, 1998): |
5840 | ||
df43fc93 | 5841 | - SNMP MIB version check changed to non-rcs. |
02922e76 | 5842 | - Added memory pools for variable size objects (strings). |
5843 | There are three pools; for small, medium, and large objects. | |
5844 | - Extended String object to use memory pools. Most fixed size char | |
5845 | array fields will be replaced using string pools. Same for most | |
5846 | malloc()-ed buffers. | |
5e14bf6d | 5847 | - Changed icon handling to use the hostname and port of the squid |
9ed90c85 | 5848 | server, instead of the special hostname "internal.squid" |
5849 | (Henrik Nordstrom). | |
5e14bf6d | 5850 | - All icons are now configured in mime.conf. No hardcoded icons, |
f8360ee3 | 5851 | including gohper icons (Henrik Nordstrom). |
459f2559 | 5852 | - Fixed ICP bug when we send queries, but expect zero |
5853 | replies. | |
ed9c0b33 | 5854 | - Fixed alignment/casting bugs for ICP messages. |
2b5b6324 | 5855 | - A generic client-to-server "pump" was added to handle HTTP |
5856 | PUT as well as POST methods on the client-cache side. Based on | |
5857 | "pump" PUT requests can be made to either HTTP or FTP url's. | |
5858 | Code is still beta and interoperability with browsers etc has | |
5859 | not been tested. | |
5860 | - Put #ifdefs around 'source_ping' code. | |
5e14bf6d | 5861 | - Added missing typedef for _arp_ip_data (Wesha). |
5862 | - Added regular-expression-based ACLs for client and server | |
5863 | domain names (Henrik Nordstrom). | |
5864 | - Fixed ident-related coredumps from incorrect callback data. | |
5865 | - Fixed parse_rfc1123() "space" bug. | |
5866 | - Fixed xrealloc() XMALLOC_DEBUG bug (not calling check_free()).. | |
5867 | - Fixed some src/asn.c end-of-reply bugs and memory leaks. | |
5868 | - Fixed some peer->options flag-setting bugs. | |
5869 | - Fixed single-parent feature to work again | |
5870 | - Removed 'single_parent_bypass' configuration option; instead | |
5871 | just use 'no-query'. | |
5872 | - Surrounded 'source_ping' code with #ifdefs. | |
5873 | - Changed 'deny_info URL' to use a custom Error page. | |
5874 | - Modified src/client.c for testing POST requests. | |
041b157e | 5875 | - Fixed hash4() for SCO (Vlado Potisk). |
459f2559 | 5876 | |
7ba777f2 | 5877 | Changes to squid-1.2.beta16 (Mar 4, 1998): |
5878 | ||
447203a7 | 5879 | - Added Spanish error messages from Javier Puche. |
02922e76 | 5880 | - Added Portuguese error messages from Pedro Lineu Orso |
0965bd19 | 5881 | - Added a simple but very effective hack to cachemgr.cgi that tries to |
5882 | interpret lines with '\t' as table records and formats them | |
5883 | accordingly. With a few exceptions (see source code), first line | |
5884 | becomes a table heading ("<th>" html tag) and the rest is formated | |
5885 | with "<td>" tags. | |
7021844c | 5886 | - Added "mem_pools_limit" configuration option. Semantics of |
5887 | "mem_pools" option has also changed a bit to reflect new memory | |
5888 | management policy. | |
7ba777f2 | 5889 | - Reorganized memory pools. Squid now supports a global pool |
5890 | limit instead of individual pool limits. Per-pool limits can be | |
3a88d597 | 5891 | implemented on top of the current scheme if needed, but it is |
7ba777f2 | 5892 | probably hard to guess their values. Squid distributes pool |
5893 | memory among "frequently allocated" objects. There is a | |
5894 | configurable limit on the total amount of "idle" memory to be | |
5895 | kept in reserve. All requests that exceed that amount are | |
5896 | satisfied using malloc library. Support for variable size | |
5897 | objects (mostly strings) will be enabled soon. | |
5898 | - memAllocate() has now only one parameter. Objects are always | |
5899 | reset with 0s. (We actually never used that parameter before; | |
5900 | it was always set to "clear"). | |
5901 | - Added Squid "signature" to all ERR_ pages. The signature is | |
5902 | hardcoded and is added on-the-fly. The signature may use | |
5903 | %-escapes. Added interface to add more hard-coded responses if | |
5904 | needed (see errorpage.c::error_hard_text). | |
5905 | - Both default and configured directories are searched for ERR_ | |
5906 | pages now. Configured directory is, of course, searched first. | |
5907 | This allows you to customize a subset of ERR_ pages (in a | |
5908 | separate directory) without danger of getting other copies out | |
5909 | of sync. | |
5910 | - Security controls for the SNMP agent added. Besides | |
5911 | communities (like password) and views (part of tree | |
5912 | accessible), the snmp_acl config option can be used to do acl | |
5913 | based access checks per community. | |
5914 | - SNMP agent was heavily re-written, based on cmu-snmpV1.8. You | |
5915 | can now walk through the whole mib tree. Several new variables | |
5916 | added under cacheProtoAggregateStats | |
12cf1be2 | 5917 | - Added rudimental statistics for HTTP headers. |
7ba777f2 | 5918 | - Adjusted StatLogHist to a more generic/flexible StatHist. |
12cf1be2 | 5919 | Moved StatHist implementation into a separate file. |
178dbda2 | 5920 | - Added FTP support for PORT if PASV fails, also try the |
5921 | default FTP data port (Henrik Nordstrom). | |
5922 | - Fixed NULL pointer bug in clientGetHeadersForIMS when a | |
5923 | request is cancelled for fails on the client side. | |
5924 | - Filled in some squid.conf comments (never_direct, | |
5925 | always_direct). | |
5926 | - Added RES_DNSRCH to dnsserver's _res.options when the | |
5927 | -D command line option is given. | |
5928 | - Fixed repeated Detected DEAD/REVIVED Sibling messages when | |
5929 | peer->tcp_up == 0 (Michael O'Reilly). | |
5930 | - Fixed storeGetNextFile's incorrect "directory does not exist" | |
5931 | errors (Michael O'Reilly). | |
5932 | - Fixed aiops.c race condition (Michael O'Reilly, Stewart | |
5933 | Forster). | |
5934 | - Added 'dns_nameservers' config option to specify non-default | |
5935 | DNS nameserver addresses (Maxim Krasnyansky). | |
5936 | - Added lib/util.c code to show memory map as a tree | |
5937 | (Henrik Nordstrom). | |
5938 | - Added HTTP and ICP median service times to Counters and | |
5939 | cachemgr average stats. | |
5940 | - Changed "-d" command line option to take debugging level | |
5941 | as argument. Debugging equal-to or less-than the argument | |
5942 | will be written to stderr. | |
3ff01c3e | 5943 | - Removed unused urlClean() function from url.c. |
adba4a64 | 5944 | - Fixed a bug that allowed '?' parts of urls to be recorded in |
ef65d6ca | 5945 | store.log. Logged urls are now "clean". |
178dbda2 | 5946 | - Cache Manager got new Web interface (cachemgr.cgi). New .cgi |
5947 | script forwards basic authentication from browser to squid. | |
5948 | Authentication info is encoded within all dynamically generated | |
5949 | pages so you do not have to type your password often. | |
5950 | Authentication records expire after 3 hours (default) since | |
5951 | last use. Cachemgr.cgi now recognizes "action protection" types | |
5952 | described below. | |
5953 | - Added better recognition of available protection for actions | |
5954 | in Cache Manager. Actions are classified as "public" (no | |
5955 | password needed), "protected" (must specify a valid password), | |
5956 | "disabled" (those with a "disable" password in squid.conf), and | |
5957 | "hidden" (actions that require a password, but do not have | |
5958 | corresponding cachemgr_passwd entry). If you manage to request | |
5959 | a hidden, disabled, or unknown action, squid replies with | |
5960 | "Invalid URL" message. If a password is needed, and you failed | |
5961 | to provide one, squid replies with "Access Denied" message and | |
5962 | asks you to authenticate yourself. | |
5963 | - Added "basic" authentication scheme for the Cache Manager. | |
5964 | When a password protected function is accessed, Squid sends an | |
5965 | HTTP_UNAUTHORIZED reply allowing the client to authorize itself | |
5966 | by specifying "name" and "password" for the specified action. | |
5967 | The user name is currently used for logging purposes only. The | |
5968 | password must be an appropriate "cachemgr_passwd" entry from | |
5969 | squid.conf. The old interface (appending @password to the url) | |
5970 | is still supported but discouraged. Note: it is not possible | |
5971 | to pass authentication information between squid and browser | |
5972 | *via a web server*. The server will strip all authentication | |
5973 | headers coming from the browser. A similar problem exists for | |
5974 | Proxy-Authentication scheme. | |
5975 | - Added ERR_CACHE_MGR_ACCESS_DENIED page to notify of | |
5976 | authentication failures when accessing Cache Manager. | |
63259c34 | 5977 | - Added "-v" (Verbose) and "-H" (extra Headers) options to client.c. |
178dbda2 | 5978 | - Added simple context-based debugging to debug.c. Currently, |
5979 | the context is defined as a constant string. Context reporting | |
5980 | is triggered by debug() calls. Context debugging routines | |
5981 | print minimal amount of information sufficient to describe | |
5982 | current context. The interface will be enhanced in the future. | |
5983 | - Replaced _http_reply with HttpReply. HttpReply is a | |
5984 | stand-alone object that is responsible for parsing, swapping, | |
5985 | and comm_writing of HTTP replies. Moved these functions from | |
5986 | various modules into HttpReply module. | |
8bfcd557 | 5987 | - Added HttpStatusLine, HttpHeader, HttpBody. |
178dbda2 | 5988 | - All HTTP headers are now parsed and stored in a "compiled" |
5989 | form in the HttpHeader object. This allows for a great | |
5990 | flexibility in header processing and builds basis for support | |
5991 | of yet unsupported HTTP headers. | |
5992 | - Added Packer, a memory/store redirector with a printf | |
5993 | interface. Packer allows to comm_write() or swap() an object | |
5994 | using a single routine. | |
5995 | - Added MemBuf, a auto-growing memory buffer with printf | |
5996 | capabilities. MemBuf replaces most of old local buffers for | |
5997 | compiling text messages. | |
5998 | - Added MemPool that maintains a pre-allocated pool of opaque | |
5999 | objects. Used to eliminate memory thrashing when allocating | |
6000 | small objects (e.g. field-names and field-value in http | |
6001 | headers). | |
8bfcd557 | 6002 | |
3197e644 | 6003 | Changes to squid-1.2.beta15 (Feb 13, 1998): |
6004 | ||
55647891 | 6005 | NOTE: This version has changes which may cause all or part |
6006 | of your cache to be lost. However, you can problably | |
6007 | save most of it by doing a slow restart. Specifically: | |
6008 | ||
6009 | 1. Kill the running squid-1.2.beta14 process; wait for it to | |
6010 | fully exit. | |
6011 | 2. Remove all 'swap.state*' files, either in each cache_dir, or | |
6012 | as defined in your squid.conf | |
6013 | 3. Start squid-1.2.beta15. The store will be rebuilt from the | |
6014 | existing swap files, reading the directories and opening | |
6015 | the files. | |
6016 | ||
bcfbdc11 | 6017 | - Fixed some problems related to disk (and pipe) write error |
6018 | handling. file_close() doesn't always close the file | |
6019 | immediately; i.e. when there are pending buffers to write. | |
6020 | StoreEntry->lock_count could become zero while a write is | |
6021 | pending, then bad things happen during the callback. | |
6022 | - The file_write() callback data must now be in the callback | |
6023 | database (cbdata). We now use the swapout_ctrl_t structure | |
6024 | for the callback data; it stays around for as long as we are | |
6025 | swapping out. | |
6026 | - Changed the way write errors are handled by diskHandleWrite. | |
6027 | If there is no callback function, now we exit with a fatal | |
6028 | message under the assumption that the file in question is a | |
6029 | log file or IPC pipe. Otherwise, we flush all the pending | |
6030 | write buffers (so we don't see multiple repeated write errors | |
6031 | from the same descriptor) and let the upper layer decide how | |
6032 | to handle the failure. | |
6033 | - Fixed storeDirWriteCleanLogs. A write failure was leaving | |
6034 | some empty swap.state files, even though it tells us that its | |
6035 | "not replacing the file." Don't flush/rename logs which we | |
6036 | have prematurely closed due to write failures, indiciated by | |
6037 | fd[dirn] == -1. Close these files LAST, not before | |
6038 | renaming. | |
6039 | - Fixed storeDirClean to clean directories in a more sensible | |
6040 | order, instead of the new "MONOTONIC" order for swap files. | |
0465e406 | 6041 | - Merged fdstat.c functions into fd.c. |
6042 | - Cleaned up some debugging sections. Some unrelated source | |
6043 | files were using the same section. | |
6044 | - Removed curly brackets from all cachemgr output. | |
6045 | - Removed unused filemap->last_file_number_allocated member. | |
6046 | - Removed unused fde->lifetime_data member. | |
6047 | - Fixed incorrectly applying htonl() on icp_common_t->shostid. | |
6048 | - Call setsid() before exec() in ipc.c so that child processes | |
6049 | don't receive SIGINT (etc) when running squid on a tty. | |
2f2dd5ad | 6050 | - Changed StoreEntry->object_len to ->swap_file_sz so we |
6051 | can verify the disk file size at restart. Moved object_len | |
6052 | to MemObject->object_sz. Note object_sz is initialized | |
6053 | to -1. If object_sz < 0, then we need to open the swap | |
6054 | file and read the swap metadata. | |
6055 | - Changed store_client->mem to ->entry because we need | |
6056 | e->swap_file_sz to set mem->object_sz at swapin. | |
2f2dd5ad | 6057 | - Renamed storeSwapData structure to storeSwapLogData. |
6058 | - Fixed storeGetNextFile to not increment d->dirn. Added | |
6059 | check for opendir() failure. | |
6060 | - Fixed storeRebuildStart to properly link the directory | |
6061 | list for storeRebuildfromDirectory mode. | |
e157f97f | 6062 | - Added -S command line option to double-check store |
6063 | consistency with disk files in storeCleanup(). | |
6064 | - Fixed a problem with transactional logging. In many | |
6065 | cases we were adding the public cache key and then | |
6066 | logging a delete for the private key. This is worthless | |
6067 | because during rebuild we could not locate the previous | |
6068 | public-keyed entry. Now we assert that only public-keyed | |
6069 | entries can be logged to swap.state. storeSetPublicKey() | |
6070 | and storeSetPrivateKey() have been modified to log an | |
6071 | ADD or DEL when the key changes. | |
6072 | - Fixed storeDirClean bug. Needed to call | |
6073 | storeDirProperFileno() so the "dirn bits" get set. | |
6074 | - Fixed a storeRebuildFromDirectory bug. fullpath[] and | |
6075 | fullfilename[] were static to that function and did | |
6076 | not change when the "rebuild_dir" arg did. Moved these | |
6077 | buffers to the rebuild_dir structure. | |
6078 | - In storeRebuildFromSwapLog, we were calling storeRelease() | |
6079 | for cache key collisions. This only set the RELEASE_REQUEST | |
6080 | bit and did not clear the swap_file_number in the filemap or | |
6081 | in the StoreEntry, so the swap file could get unlinked later | |
6082 | when it was really released. | |
4e0f0471 | 6083 | - Fixed FTP so that ';type=X' specifically sets the HTTP reply |
6084 | content-type and content-encoding (Henrik Nordstrom). | |
6085 | - Removed 'icon_content_type' configuration option. Content | |
6086 | types now taken from mime.conf (Henrik Nordstrom). | |
2a9b2b73 | 6087 | - Added additional memory malloc tracing and memory leak |
6088 | detection. Use --enable-xmalloc-debug-trace configure | |
6089 | option and -m command line option (Henrik Nordstrom). | |
bcfbdc11 | 6090 | |
93169941 | 6091 | Changes to squid-1.2.beta14 (Feb 6, 1998): |
6092 | ||
5471db88 | 6093 | - Replaced snmplib free() calls with xfree(). |
6094 | - Changed the 'net_db_name' hash table structure to | |
6095 | make it easier to move names from one network to another | |
6096 | (copied from 1.1 code). | |
93169941 | 6097 | - Filled in some of the config dump routines (dump_acl, |
6098 | dump_acl_access). | |
6099 | - Full memory debugging option (--enable-xmalloc-debug-trace) | |
6100 | (Henrik Nordstrom). | |
6101 | - Filled-in and clarified many squid.conf comments (Oskar | |
6102 | Pearson). | |
6103 | - Fixed up handling of SWAP_LOG_DEL swap.state entries. | |
5471db88 | 6104 | |
f91834bf | 6105 | Changes to squid-1.2.beta13 (Feb 4, 1998): |
f577e074 | 6106 | |
b4512acd | 6107 | - NOTE: With this version the "swap.state" file format has |
6108 | changed. Running this version for the first time will | |
6109 | cause your current cache contents to be lost! | |
f91834bf | 6110 | - NOTE: this version still has the bug where we don't rewind |
6111 | a swapout file and rewrite the swap meta data. Objects | |
6112 | larger than 8KB will be lost when rebuilding from the swap | |
6113 | files. | |
d04dd4bf | 6114 | - Combined various interprocess communication setup functions |
6115 | into ipcCreate(). | |
6116 | - Removed some leftover ICP_HIT_OBJ things. | |
6117 | - Removed cacheinfo and proto_count() and friends; these are to | |
6118 | be replaced in functionality by StatCounters and 5/60 minute | |
6119 | average views via cachemgr. | |
6120 | - Fixed --enable-acltree configure message (Masashi Fujita). | |
6121 | - Fixed no reference to @LIB_MALLOC@ in src/Makefile.in | |
6122 | (Masashi Fujita). | |
6123 | - Fixed building outside of source tree (Masashi Fujita). | |
dbfed404 | 6124 | - FTP: Format NLST listings, and inform the user that the NLST |
6125 | (plain) format is available when we find a LIST listing that we | |
6126 | don't understand (Henrik Nordstrom) | |
6127 | - FTP: Use SIZE on Binary transfers, and not ASCII. The | |
6128 | condition was inversed, making squid use SIZE on ASCII | |
6129 | transfers (Henrik Nordstrom). | |
6130 | - Enable virtual and Host: based acceleration in order to be | |
6131 | able to use Squid as a transparent proxy without breaking | |
6132 | either virtual servers or clients not sending Host: header | |
6133 | the order of the virtual and Host: based acceleration needs | |
6134 | to be swapped, giving Host: a higher precendence than virtual | |
6135 | host (Henrik Nordstrom). | |
6136 | - Use memmove/bcopy as detected by configure Some systems does | |
6137 | not have memmove, but have the older bcopy implementation | |
6138 | (Henrik Nordstrom). | |
6cf028ab | 6139 | - Completely rewritten aiops.c that creates and manages a pool |
6140 | of threads so thread creation overhead is eliminated (SLF). | |
6141 | - Lots of mods to store.c to detect and cancel outstanding | |
6142 | ASYNC ops. Code is not proven exhaustive and there are | |
6143 | definately still cases to be found where outstanding disk ops | |
6144 | aren't cancelled properly (SLF). | |
6145 | - Changes to call interface to a few routines to support disk | |
6146 | op `tagging', so operations can be cleanly cancelled on | |
6147 | store_abort()s (SLF). | |
6148 | - Implementation of swap.state files as transaction logs. | |
6149 | Removed objects are now noted with a negative object size. | |
6150 | This allows reliatively clean rebuilds from non-clean | |
6151 | shutdowns (SLF). | |
6152 | - Now that the swap.state files are transaction logs, there's | |
6153 | now no need to validate by stat()ing. All the validation | |
6154 | procedure does is now just set the valid bit AFTER all the | |
6155 | swap.state files have been read, because by that time, only | |
6156 | valid objects can be left. Object still need to be marked | |
6157 | invalid when reading the swap.state file because there's no | |
6158 | guarantee the file has been retaken or deleted (SLF). | |
6159 | - An fstat() call is now added after every | |
6160 | storeSwapInFileOpened() so object sizes can be checked. Added | |
6161 | code to storeRelease() the object if the sizes don't match (SLF). | |
6474667e | 6162 | - #defining USE_ASYNC_IO now uses the async unlink() rather than |
6163 | unlinkd() (SLF). | |
6cf028ab | 6164 | - #defining MONOTONIC_STORE will support the creation of disk |
6165 | objects clustered into directories. This GREATLY improves disk | |
6166 | performance (factor of 3) over old `write-over-old-object' | |
6167 | method. If using the MONOTONIC_STORE, the | |
6168 | {get/put}_unusedFileno stack stuff is disabled. This is | |
6169 | actually a good thing and greatly reduces the risk of serving | |
6170 | up bad objects (SLF). | |
6171 | - Fixed unlink() in storeWriteCleanLogs to be real unlink() | |
6172 | rather than ASYNC/unlinkd unlinks. swap.state.new files were | |
6173 | being removed just after they were created due to delayed | |
6174 | unlinks (SLF). | |
6175 | - Disabled various assertions and made these into debug warning | |
6176 | messages to make the code more stable until the bugs can be | |
6177 | tracked down (SLF). | |
6178 | - Added most of Michael O'Reilly's patches which included many | |
6179 | bug fixes. Ask him for full details (SLF). | |
6180 | - Moved aio_check_callbacks in comm_{poll|select}(). It was | |
6181 | called after the fdset had been built which was wrong because | |
6182 | the callbacks were changing the state of the read/write | |
6183 | handlers prior to the poll/select() calls (SLF). | |
f09f5b26 | 6184 | - Fixed ARP ACL memory leaks (Dale). |
f577e074 | 6185 | - Eliminated URL and SHA cache keys. Cache keys will always |
6186 | be MD5's now. | |
6187 | - Fixed up store swap meta data. | |
6188 | - Changed swap.state logs to a binary format. | |
f91834bf | 6189 | - The swap.state logs are written transaction-style. |
d04dd4bf | 6190 | |
b5cfbd5b | 6191 | Changes to squid-1.2.beta12 (Jan 30, 1998): |
6192 | ||
b4512acd | 6193 | - Added metadata headers to cache swap files. This is an |
6194 | incompatible change with previous versions. Running this | |
6195 | version for the first time will cause your current cache | |
6196 | contents to be lost. | |
9fc0b4b8 | 6197 | - -D_REENTRANT when linking with -lpthreads (Henrik Nordstrom) |
6198 | - Show symlink destinations as a hyperlink in FTP listings | |
6199 | (Henrik Nordstrom) | |
3a4eaced | 6200 | - Fixed not allocating enough space for rewriting URLs with |
6201 | the Host: header (Eric Stern). | |
6202 | - Year-2000 fixes (Arjan de Vet). | |
6203 | - Fixed looping for cache hits on HEAD requests. | |
fc6dc767 | 6204 | - Fixed parseHttpRequest() coredump for |
6474667e | 6205 | "GET http://foo HTTP/1.0\r\n\r\n\r\n" |
9fc0b4b8 | 6206 | |
9f802cb1 | 6207 | Changes to squid-1.2.beta11 (Jan 6, 1998): |
6208 | ||
fd82d0b0 | 6209 | - Fixed fake 'struct rusage' definition which prevented compling |
6210 | on Solaris 2.4. | |
6211 | - Fixed copy-by-ref bug for request->headers in | |
6212 | clientRedirectDone() (Michael O'Reilly). | |
812db943 | 6213 | - Workaround for Solaris pthreads closing FD 0 upon fork() |
6214 | (Michael O'Reilly). | |
05fd71a7 | 6215 | - Fixed shutdown bug with outgoing UDP sockets; we need to |
6216 | disable their read handlers. | |
6217 | - For comm_poll(), use the fast 50 msec timeout only when | |
6218 | USE_ASYNC_IO is defined. | |
1fbc6de3 | 6219 | - Fixed pointer bug when freeing AS# ACL entries. |
6220 | - Fixed forgetting to reset Config.npeers to zero in free_peer(). | |
0f6bdbfa | 6221 | - Fixed ICP bug causing excessive TIMEOUTs with sibling |
6222 | neighbors. We must call the ICP reply callback even for | |
6223 | sibling misses. | |
6224 | - Fixed some dnsserver-related reconfigure bugs. Need to | |
6225 | use cbdataLock, etc in fqdncache.c. Also don't want to | |
6226 | use ipcacheQueueDrain() and fqdncacheQueueDrain(). | |
6227 | - Fixed persistent connection bug. We were incorrectly | |
6228 | deciding that non-200 replies without content-length | |
6229 | would not have a reply body. | |
6230 | - Fixed intAverage() precedence bug. | |
6231 | - Fixed memmove() 'len' arg bug. | |
6232 | - Changed algorithm for determining alive/dead state of peers. | |
6233 | Instead of using a fixed number of unacknowledged ICP | |
6234 | replies, it is now based on timeouts. If there are no ICP | |
6235 | replies received from a peer within 'dead_peer_timeout' | |
6236 | seconds, then we call it dead. | |
6237 | - Added calls to getCurrentTime() in | |
6238 | comm_{select,poll}_incoming() when ALARM_UPDATES_TIME is not | |
6239 | being used. | |
6240 | - Fixed shutdown bug when the incoming and outgoing ICP socket | |
6241 | is the same file descriptor. | |
e970f357 | 6242 | - Added buffered writes for storeWriteCleanLogs() (Stewart |
6243 | Forster). | |
6244 | - Patches for Qnx4 (Jean-Claude MICHOT). | |
6245 | - Fixed returning void functions which seems to be a GCC-ism. | |
e5f4e1b0 | 6246 | - New configure script options (Henrik Nordstrom): |
6247 | --enable-new-storekey=[sha|md5(|url)] (was --enable-hashkey) | |
6248 | --enable-acltree | |
6249 | --enable-icmp | |
6250 | --enable-delay-hack | |
6251 | --enable-useragent-log | |
6252 | --enable-kill-parent (this should be named -hack) | |
6253 | --enable-snmp | |
6254 | --enable-time-hack | |
6255 | --enable-cachemgr-hostname[=hostname] (new) | |
6256 | --enable-arp-acl (new) | |
6257 | - Added Doug Lea malloc-2.6.4 to the distribution, so that | |
6258 | people easily can try a decent malloc package if they syspect | |
6259 | their malloc is broken. --enable-dlmalloc (Henrik Nordstrom). | |
6260 | - Made XMALLOC_DEBUG_COUNT working again. Requires a small stub | |
6261 | function (Henrik Nordstrom). | |
6262 | - Removed top-level Makefile. People must now run 'configure' | |
6263 | before 'make'. | |
714ace98 | 6264 | - Fixed checkFailureRatio() implementation. |
82b3c7d9 | 6265 | - Made 'squid -z' behave like the 1.1 version. |
e5f4e1b0 | 6266 | |
fd82d0b0 | 6267 | |
ab9a3f7e | 6268 | Changes to squid-1.2.beta10 (Jan 1, 1998): |
6269 | ||
6270 | - Fixed content-length bugs for 204 replies, 304 replies, | |
6271 | and HEAD requests (Henrik Nordstrom). | |
6272 | - Fixed errorAppendEntry() bug in gopherReadReply(). | |
6273 | - Basic support for FTP URL typecodes (;type=X). | |
9c965c1b | 6274 | - Support for access controls based on ethernet MAC addresses |
ab9a3f7e | 6275 | (Dale). |
6276 | - Initial URN support; see | |
6277 | http://squid.nlanr.net/Squid/urn-support.html | |
6278 | - Fixed client-side persistent connections for objects with | |
6279 | bad content lengths (Henrik Nordstrom). | |
6280 | - Fixed bad call to storeDirUpdateSwapSize() for objects which | |
6281 | never reach SWAPOUT_DONE state. | |
68e3a9df | 6282 | - Fixed up poll() #defines in squid.h (Stewart Forster). |
6283 | - Changed poll() timeout from 1000 msec to 50 msec for | |
6284 | better performance under low load (Stewart Forster). | |
e7a1fde6 | 6285 | - Changed storeWriteCleanLogs() to write objects in the LRU |
6286 | list order instead of the random hash table order. | |
109ff6af | 6287 | - Fixed FTP bug when data socket connections fail or timeout. |
6288 | - Reuse FTP data connection when possible (Henrik Nordstrom). | |
6289 | - Added configure options (Henrik Nordstrom) | |
6290 | --enable-store-key=sha|md5 | |
6291 | --enable-xmalloc-statistics | |
6292 | --enable-xmalloc-debug | |
78743365 | 6293 | --enable-xmalloc-debug-count |
6294 | --async-io | |
109203bf | 6295 | - Fixed confusing with the use/meaning of ERR_CANNOT_FORWARD |
6296 | by creating ERR_FORWARDING_DENIED and changing the | |
6297 | content of the ERR_CANNOT_FORWARD text. | |
4e9c07c1 | 6298 | - Fixed pipeline request bug from using strdup() (Henrik |
6299 | Nordstrom). | |
6300 | - Call clientReadRequest() directly instead of commSetSelect() | |
6301 | for pipelined requests (Henrik Nordstrom). | |
1b02b5be | 6302 | - Fixed 4k page leak in icpHandleIMSReply(); |
6303 | - Renamed 'icp*' functions to 'client*' names in client_side.c. | |
e7a1fde6 | 6304 | |
b90a0f8d | 6305 | Changes to squid-1.2.beta8 (Dec 2, 1997): |
6306 | ||
eae03fc8 | 6307 | - Fixed accessLogLog() to log ident from Proxy-Authorization |
6308 | request header (BoB Miorelli). | |
226f9ba2 | 6309 | - Fixed #includes, prototypes, etc. in SNMP source files. |
6310 | - Moved 'POLLRDNORM' and 'POLLWRNORM' macro checks from | |
6311 | include/config.h.in to src/squid.h | |
6312 | - Moved 'num32' typedefs from src/typedefs.h to | |
6313 | include/config.h.in. | |
6314 | - Moved snmplib/md5.c to lib/md5.c. | |
6315 | - Added MD5 cache key support. | |
6316 | - Removed xmalloc() return check in uudeocde.c | |
6317 | - Added 'ifdef' support to cf_gen.c for optional code (e.g. SNMP) | |
6318 | - Changed 'client' program to provide easier cache manager access, | |
3ff01c3e | 6319 | e.g.: 'client mgr:info' |
226f9ba2 | 6320 | - Fixed 'client' to send 'Connection' instead of 'Proxy-Connection' |
6321 | for simulated keep-alive requests. | |
6322 | - Removed 'fd' arg from clientProcess* functions. | |
9e3468d5 | 6323 | - Fixed bugs from using errorSend() on persistent/pipelined |
226f9ba2 | 6324 | client connections. A latter request should not be allowed to |
6325 | write to the client fd until the current request completes. | |
6326 | Now use errorAppendEntry() for such situations. | |
6327 | - Fixed content-length bugs. We were using content-length == 0 | |
6328 | to also indicate a lack of content-length reply header. But | |
6329 | 'content-length: 0' might appear in a reply, so now use -1 to | |
6330 | indicate that no content length given. | |
6331 | - Split up clientProcessRequest() into smaller chunks so it | |
6332 | might be easier to follow. | |
6333 | - renamed various client_side.c functions to start with 'client' | |
6334 | instead of 'icp'. | |
6335 | - Fixed a 'cbdata leak' from the comm.c close handlers. | |
6336 | - Fixed a 'cbdata leak' from the comm.c connect routines. | |
6337 | - Fixed comm_select() and comm_poll() to stop looping on the | |
6338 | incoming HTTP/ICP sockets. If there are fewer than 7 FD's | |
6339 | ready for I/O, the incoming sockets might not get service, so | |
6340 | comm_select() would be called for up to 7 times until the | |
6341 | 'incoming_counter' was incremented enough to trigger a call | |
6342 | to comm_select_incoming(). Now we make sure | |
6343 | comm_select_incoming() gets called if select returns less | |
6344 | than 7 ready FD's. | |
9e3468d5 | 6345 | - Added errorpage '%B' token to generate FTP URLs with a '%2f' |
6346 | inserted at the start of the url-path. calls ftpUrlWith2f(). | |
6347 | (Henrik Nordstrom). | |
226f9ba2 | 6348 | - Changed fqdncache.c to use LRU double-linked list instead of qsort() |
6349 | for replacement and cachemgr output. | |
6350 | - Changed ipcache.c to use LRU double-linked list instead of qsort() | |
6351 | - Changed hash_insert() and hash_join() to return void. | |
6352 | for replacement and cachemgr output. | |
6353 | - Moved StoreEntry->method member to MemObject->method. | |
6354 | - Made StoreEntry->flags 16 bits. | |
6355 | - Made StoreEntry->refcount 16 bits. | |
6356 | - Changed URL-based public cache key to always include the request | |
6357 | method. | |
eae03fc8 | 6358 | |
95bc9f0b | 6359 | Changes to squid-1.2.beta7 (Nov 24, 1997): |
6360 | ||
6a11653c | 6361 | - Fixed poll() for Linux (David Luyer). |
6362 | - SHA optimizations (David Luyer). | |
6363 | - Fixed errno clashes with macro on Linux (David Luyer). | |
6364 | - Fixed storeDirCloseSwapLogs(); logs might not be open. | |
6365 | - Fixed storeClientCopy2() bug. Detect when there is | |
6366 | no more data to send for objects in STORE_OK state. | |
19ee64b1 | 6367 | - Fixed FTP truncation bug when ftpState->size == 0, e.g. |
6368 | especially directory listings. | |
95bc9f0b | 6369 | - Mega FTP fix from Henrik Nordstrom. A better job of |
6370 | implementing the '%2f' hack. | |
6371 | - Fixed some pipelined request bugs. storeClientCopy() was | |
6372 | being given the wrong StoreEntry, and we had a race condition | |
6373 | which is now handled by storeClientCopyPending(). | |
99077fe6 | 6374 | - Added initial SNMP support. |
6a11653c | 6375 | |
2c9b45c9 | 6376 | Changes to squid-1.2.beta6 (Nov 13, 1997): |
6377 | ||
1b5516d3 | 6378 | - Fixed Authorized responses getting swapped out when they |
6379 | don't have Proxy-Revalidate reply header. | |
6380 | - Fixed Proxy Authentication support. We never sent back | |
6381 | a 407 reply, and were incorrectly incrementing the passwd | |
6382 | before comparing it. | |
6383 | - Fixed stat()ing pathnames for default values before parsing | |
6384 | config file (Ron Gomes). | |
6385 | - Fixed logging request and response headers on separate lines | |
6386 | (Ron Gomes). | |
6387 | - Fixed FTP Authentication message (Henrik Nordstrom). | |
6388 | - Changed Proxy Authentication to trigger a reread of the passwd | |
6389 | file if a password check fails (Henrik Nordstrom). | |
6390 | - Changed FTP to retry the first CWD with a leading slash if it | |
6391 | fails without one. | |
6392 | ||
8c17a569 | 6393 | Changes to squid-1.2.beta5 (Nov 6, 1997): |
6394 | ||
90045285 | 6395 | - Track the 'keep-alive ratio' for a peer as the ratio of |
6396 | the number of replies including 'Proxy-Connection: Keep-Alive' | |
6397 | compared to the number of requests sent. If the peer does | |
6398 | not support Persistent connections then this ratio will tend | |
6399 | toward zero. If the ratio is less than 50% after 10 requests | |
6400 | then we'll stop sending Keep-Alive. | |
8c3994aa | 6401 | - Proper support for %nn escapes in FTP, and numerous |
6402 | other fixes (Henrik Nordstrom). | |
6403 | - Support for Secure Hash Algorithm and framework for other | |
6404 | hash functions as cache keys. | |
6405 | - Fixed SSL snprintf() bug which broke SSL proxying. | |
6406 | - Fixed store_dir swap log bug from reconfigure (SIGHUP). | |
8c17a569 | 6407 | - Fixed LRU Reference Age bug. The arg to pow() must be |
8031bd43 | 6408 | minutes, not seconds. |
90045285 | 6409 | |
9ddfb255 | 6410 | Changes to squid-1.2.beta4 (Oct 30, 1997): |
6411 | ||
a493f974 | 6412 | - Fixed DST bug in rfc1123.c |
6413 | - Changed default http_accel_port to 80. | |
6414 | - added errorCon() as a ErrorState constructor function | |
6415 | (Max Okumoto). | |
6416 | - Added ERR_FTP_FAILURE message for ftpFail(). | |
6417 | - For FTP, the timeout callback must be moved to the 'data' | |
6418 | descriptor when data transfer begins. Otherwise we are | |
6419 | likely to get a timeout on the control descriptor. | |
6420 | - Fixed double-free bug in httpRequestFree(). | |
6421 | - Fixed store_swap_size counting bug in storeSwapOutHandle(). | |
6422 | ||
409a6aad | 6423 | Changes to squid-1.2.beta3 (Oct 29, 1997): |
6424 | ||
6425 | - Initialize _res.options to RES_DEFAULT in dnsserver.c. | |
6426 | - Fix assertions which assumed 4-byte pointers. | |
6427 | - Fix missing % in fqdncache.c snprintf(). | |
6428 | ||
5a2d610b | 6429 | Changes to squid-1.2.beta2 (Oct 28, 1997): |
6430 | ||
8c3994aa | 6431 | - Fixed aiops.c and async_io.c so that they actually compile |
f5b8bbc4 | 6432 | with USE_ASYNC_IO (Arjan de Vet). |
6433 | - Fixed errState->errno causing problems with some macros | |
6434 | (Michael O'Reilly). | |
d287f51e | 6435 | - Fixed memory leaks in pconn.c (Max Okumoto). |
0866009b | 6436 | - Enhanced 'client' program with 'ping' behaviour (Ron Gomes). |
272547b5 | 6437 | - Fixed InvokeHandlers() from calling memCopy() for ALL |
6438 | store_client's with callbacks. A store_client might be reading | |
6439 | from disk. | |
5a2d610b | 6440 | - Rewrote storeMaintainSwapSpace(). No longer will we scan one |
272547b5 | 6441 | bucket at a time. Instead we'll maintain a single LRU |
6442 | list. When an object is 'touched' we move it to the | |
6443 | top of this list. When we need disk space, we delete | |
6444 | from the bottom. | |
5a2d610b | 6445 | - Removed storeGetSwapSpace(). |
f5b8bbc4 | 6446 | |
871f0b8a | 6447 | Changes to squid-1.2.beta1 (): |
6448 | ||
6449 | - Reworked storage manager to not keep objects in memory during | |
6450 | transit. In other words, no separate NOVM distribution. | |
6451 | - Lots of cleanup and debugging for beta release. | |
6452 | - Use snprintf() everywhere instead of sprintf(). | |
6453 | - The 'in_memory' hash table has been replaced with a | |
6454 | doubly-linked list. New objects are added to the head of | |
6455 | the list. When memory space is needed, old objects are | |
6456 | purged from the tail of the list. | |
6457 | ||
0edfe7a2 | 6458 | Changes to squid-1.2.alpha7 (): |
6459 | ||
c4958532 | 6460 | - fixes fixes fixes. |
6461 | - Made Arjan's PROXY_AUTH ACL patch standard. | |
0edfe7a2 | 6462 | |
8905b90c | 6463 | Changes to squid-1.2.alpha6 (): |
6464 | ||
6684fec0 | 6465 | - Simpler cacheobj implementation. |
6605655c | 6466 | - persistent connection histogram |
8872e1f8 | 6467 | - SERVER-SIDE PERSISTENT CONNECTIONS: |
6474667e | 6468 | - Added pconn.c |
6469 | - Addec Cofig.Timeout.pconn; default 120 seconds | |
6470 | - Added httpState->flags | |
6471 | - Added flags arg to httpBuildRequestHeader() | |
6472 | - Added HTTP_PROXYING and HTTP_KEEPALIVE flags | |
6473 | - Added 'Connection' to allowed HTTP headers (http-anon.c) | |
8872e1f8 | 6474 | - Added 'Proxy-Connection' to allowed HTTP headers |
6475 | (http-anon.c) | |
a7736231 | 6476 | - Merged proxyhttpStart() with httpStart() and created |
8872e1f8 | 6477 | new httpBuildState(). |
6478 | - New httpPconnTransferDone() detects end-of-data on | |
6479 | persistent connections. | |
6684fec0 | 6480 | |
88738790 | 6481 | Changes to squid-1.2.alpha5 (): |
6482 | ||
6483 | - New configuration system. Everything is generated from | |
6484 | 'cf.data.pre', including the main parser, setting defaults, | |
6485 | outputting current values, and freeing memory. | |
6486 | This also involved moving some of the local data structures | |
6487 | (e.g. struct _acl *AclList in acl.c) to the Config | |
6488 | structure. (Max Okumoto) | |
6489 | - No more '/i' for regular expressions. Now insert a '-i' | |
6490 | to switch to case-insensitive. Use '+i' for case-sensitive. | |
6491 | - When you have a variable named the same as its type, sizeof() | |
6492 | gets the wrong one (fde). | |
6493 | - Need to flush unbuffered logs before fork(). | |
6494 | - Added two fields swap log: refcount and e->flag. | |
6495 | - Removed all the .h files for each .c file. Now #include stuff | |
6496 | is in either: defines.h, enums.h, typedefs.h, structs.h, | |
6497 | or protos.h, globals.h. This greatly reduces dependencies | |
6498 | between the various source files. | |
6499 | - globals.c is generated from globals.h by a Perl script. | |
8ee3ca2c | 6500 | - Started customizable error texts. |
88738790 | 6501 | |
97f674c8 | 6502 | Changes to squid-1.2.alpha4 (): |
6503 | ||
ec973719 | 6504 | - New MIME configuration, regular expression based |
6505 | - Added request_timeout config option | |
6506 | - Multiple HTTP sockets (Lincoln Dale). | |
6507 | - Moved 'fds_are_n_free' check to httpAccept(). | |
6508 | - s/USE_POLL/HAVE_POLL/; make poll() default if available. | |
7e49f700 | 6509 | - Changed storeRegister to use offsets and make immediate |
6510 | callbacks if appropriate. | |
6511 | - Removed icpDetectClientClose(). Some of that functionality | |
6512 | goes into clientReadRequest() and the rest into | |
6513 | httpRequestFree(). | |
b1b387d1 | 6514 | - Moved IP lookups to commConnect stuff. |
6515 | - Added support for retrying connect(). | |
858164fc | 6516 | - New inline debug() macro (David Luyer). |
e174e0fe | 6517 | - Replace frequent gettimeofday() calls with alarm(3) based |
6518 | clock. Need to add more gettimeofday() calls to get back | |
a59968c7 | 6519 | high-resolution timestamp logging (Andres Kroonmaa). |
0153d498 | 6520 | - Added support for Cache-control: proxy-revalidate; |
6521 | based on squid-1.1 patch from Mike Mitchell. | |
ec973719 | 6522 | |
3b08d32d | 6523 | Changes to squid-1.2.alpha3 (): |
6524 | ||
6525 | - Implemented persistent connections between clients and squid. | |
6526 | - Moved various FD tables (comm.c, fdstat.c, disk.c) to a single | |
6527 | table in fd.c. | |
6528 | - Removed use of FD as an identifier in certain callback | |
6529 | operations (ipcache, fqdncache). | |
6530 | - General code cleanup. | |
6531 | - Fixed typedefs for callback functions. | |
6532 | - Removed FD lifetime/timeout dichotomy. Now we only have | |
6533 | timeouts, however the lifetime concept/keyword may still | |
6534 | linger in certain places. | |
6535 | - Change Makefile 'realclean' target to 'distclean' | |
6536 | - Changed config file parsing of time specifications to use | |
6537 | parseTimeLine(). | |
6538 | - Removed storetoString.c | |
6539 | ||
6540 | Changes to squid-1.2.alpha2 (): | |
74cebec0 | 6541 | |
6542 | - Merged squid-1.1.9, squid-1.1.10 changes | |
6543 | ||
7b41ec97 | 6544 | Changes to squid-1.2.alpha1 (): |
6545 | ||
6546 | - Unified peer selection algorithm. | |
75e88d56 | 6547 | - aiops.c and aiops.h are a threaded implementation of |
6548 | asynchronous file operations (Stewart Forster). | |
6549 | - async_io.c and async_io.h are complete rewrites of the old | |
6550 | versions (Stewart Forster). | |
6ad85e8a | 6551 | - Rewrote all disk file operations of squid to support |
75e88d56 | 6552 | the idea of callbacks except where not required (Stewart |
6553 | Forster). | |
75e88d56 | 6554 | - Background validation of 'tainted' swap log entries (Stewart |
6555 | Forster). | |
6556 | - Modified storeWriteCleanLog to create the log file using the | |
6557 | open/write rather than fopen/printf (Stewart Forster). | |
6558 | - Added the EINTR error response to handle badly interrupted | |
6559 | system calls (Stewart Forster). | |
6ad85e8a | 6560 | - UDP_HIT_OBJ not supported, removed. |
6561 | - Different sized 'cache_dirs' supported. | |
75e88d56 | 6562 | |
e924600d | 6563 | ============================================================================== |