]>
Commit | Line | Data |
---|---|---|
76b18386 AJ |
1 | Changes in squid-5.0.4 (23 Aug 2020): |
2 | ||
3 | - Bug 5054: mark dns_v4_first as obsolete in cf.data.pre | |
4 | - Bug 5048: ResolvedPeers.cc:35: "found != paths_.end()" assertion | |
5 | - Reforward CONNECT after TLS handshake failure with peer | |
6 | - Do not send keep-alive in 101 (Switching Protocols) responses | |
7 | - Add http_port sslflags=CONDITIONAL_AUTH | |
8 | - ... and several documentation changes | |
9 | - ... and some compile fixes | |
10 | - ... and all fixes from 4.13 | |
11 | ||
5b0fbc71 AJ |
12 | Changes in squid-5.0.3 (05 Jun 2020): |
13 | ||
14 | - Bug 5046: FreeBSD lacks open(2) O_DSYNC flag | |
15 | - Happy Eyeballs: Do not discard viable reforwarding destinations | |
16 | - Reduced startup time with large rock cache_dirs | |
17 | - Fix the ABA problem with Ipc::Mem::PageStack::pop() in v5.0.1 | |
18 | - Fix sending of unknown validation errors to certificate validator | |
19 | - ... and several debug improvements | |
20 | - ... and all fixes from 4.12 | |
21 | ||
51f07c98 AJ |
22 | Changes in squid-5.0.2 (18 Apr 2020): |
23 | ||
24 | - Bug 5030: Negative responses are never cached | |
25 | - Bug 4796: comm.cc !isOpen(conn->fd) assertion when rotating logs | |
26 | - Support worker-dedicated listening queues (SO_REUSEPORT) | |
27 | - High precision time units | |
28 | - Ban reserved annotations in "note", "adaptation_meta" directives | |
29 | - ESI: convert parse exceptions into 500 status response | |
30 | - Fix PURGE error responses | |
31 | - ... and several documentation changes | |
32 | - ... and some compile fixes | |
5b0fbc71 | 33 | - ... and all fixes from 4.11 |
51f07c98 | 34 | |
755eac94 AJ |
35 | Changes in squid-5.0.1 (14 Jan 2020): |
36 | ||
37 | - Bug 4989: Leaking StoreEntry objects on Cache Digest rebuilds | |
38 | - Bug 4912: same-name notes being appended instead of replaced | |
39 | - Bug 4864: !Comm::MonitorsRead assertion in maybeReadVirginBody() | |
40 | - Bug 4579: cannot hit an entry being written by another worker | |
41 | - ICAP: Initial support for trailers | |
42 | - Add auth_schemes to control schemes presence and order in 401s/407s | |
43 | - Make CONNECT ACL a built-in default | |
44 | - Remove USE_CHUNKEDMEMPOOLS compiler flag | |
45 | - Two new ACLs implemented: annotate_transaction and annotate_client | |
46 | - Add response delay pools feature for Squid-to-client speed limiting | |
47 | - QA: allow test-suite to be run without a full build | |
48 | - Happy Eyeballs: Use each fully resolved forwarding destination ASAP | |
49 | - Support selective CF: collapsed_forwarding_access | |
50 | - Reworked packet/connection marking | |
51 | - Add new deny_info %A macro | |
52 | - Identify collapsed transactions | |
53 | - Add sample Kerberos group authentication external_acl helper | |
54 | - Optimization: Fewer memory (re)allocations for HTTP headers | |
55 | - Add TrivialDB support | |
56 | - Do not send Content-Length in 1xx or 204 responses | |
57 | - negotiate_kerberos_auth: fix memory leaks | |
58 | - ntlm_fake_auth: add ability to test delayed responses | |
59 | - Add %ssl::<cert macro for logging server X.509 certificate | |
60 | - Reuse reserved Negotiate and NTLM helpers after an idle timeout | |
61 | - Log PROXY protocol v2 TLVs | |
62 | - Support logformat %codes in error page templates | |
63 | - Fix incremental parsing of chunked quoted extensions | |
64 | - Peering support for SslBump | |
65 | - RFC 8586: Loop Detection in Content Delivery Networks | |
66 | - Prevent TLS transaction stalls by preserving flags.read_pending | |
67 | - Fix "BUG: Lost previously bumped from-Squid connection" | |
68 | - Add %master_xaction logformat code | |
69 | - Log "-" instead of the made-up method "NONE" | |
70 | - Add GeneratingCONNECT step for the existing at_step ACL | |
71 | - Report context of level-0/1 cache.log messages | |
72 | - Re-enabled updates of stored headers on HTTP 304 responses | |
73 | - Translations: Fix grammatical error in French error pages | |
74 | - Smarter auth_param utf8 handling, including CP1251 support | |
75 | - Fix rock disk entry contamination related to aborted swapouts | |
76 | - Send HTTP/500 (Internal Server Error) when lacking peers | |
77 | - Fix prohibitively slow search for new SMP shm pages | |
78 | - Centralized PagePool/PageStack ID generation | |
79 | - ... and many documentation changes | |
80 | - ... and much code cleanup and polishing | |
5b0fbc71 AJ |
81 | - ... and all fixes from 4.10 |
82 | ||
76b18386 AJ |
83 | Changes to squid-4.13 (23 Aug 2020): |
84 | ||
85 | - Regression Fix: Support parsing GREASEd (and future) TLS handshakes | |
86 | - Bug 5051: Some collapsed revalidation responses never expire | |
87 | - HTTP: Enforce token characters for field-name | |
88 | - HTTP: Forbid obs-fold and bare CR whitespace in framing header fields | |
89 | - HTTP: Improve Transfer-Encoding handling | |
90 | - WCCP: Fix GCC-10 -Wstringop-truncation failures | |
91 | - Honor on_unsupported_protocol for intercepted https_port | |
92 | - Fix livelocking in peerDigestHandleReply | |
93 | - Do not stall while debugging a scan of an empty store_table | |
94 | ||
5b0fbc71 AJ |
95 | Changes to squid-4.12 (05 Jun 2020): |
96 | ||
97 | - Regression Fix: Revert to slow search for new SMP shm pages | |
98 | - Bug 5045: ext_edirectory_userip_acl is missing include files | |
99 | - Bug 5041: Missing Debug::Extra breaks build on hosts with systemd | |
100 | - Bug 5030: Negative responses are never cached | |
101 | - HTTP: validate Content-Length value prefix | |
102 | - HTTP: add flexible RFC 3986 URI encoder | |
103 | - SslBump: disable OpenSSL TLSv1.3 support for older TLS traffic | |
104 | - Tests: Support passing a custom config.cache to test builds | |
105 | - Fix IPFilter IPv6 detection, especially on NetBSD | |
106 | - Fix stall if transaction overwrites a recently active cache entry | |
107 | - ... and some compile fixes | |
755eac94 | 108 | |
51f07c98 AJ |
109 | Changes to squid-4.11 (18 Apr 2020): |
110 | ||
111 | - Bug 5036: capital 'L's in logs when daemon queue overflows | |
112 | - Bug 5022: Reconfigure kills Coordinator in SMP+ufs configurations | |
113 | - Bug 5016: systemd thinks Squid is ready before Squid listens | |
114 | - kerberos_ldap_group: fix encryption type for cross realm check | |
115 | - HTTP: Ignore malformed Host header in intercept and reverse proxy mode | |
116 | - Fix Digest authentication nonce handling | |
117 | - Supply ALE to request_header_add/reply_header_add | |
118 | - ... and some documentation updates | |
119 | - ... and some compile fixes | |
120 | ||
755eac94 AJ |
121 | Changes to squid-4.10 (14 Jan 2020): |
122 | ||
123 | - Bug 5009: Build failure with older clang libc++ | |
124 | - Bug 5008: SIGBUS in PagePool::level() with custom rock slot size | |
125 | - Bug 5007: Docs: Fix max_filedescriptors description | |
126 | - Bug 4735: Truncated chunked responses cached as whole | |
127 | - ext_lm_group_acl: Improved username handling | |
128 | - Fix FTP buffers handling | |
129 | - Fix shared memory size calculation on 64-bit systems | |
130 | - Fix server_cert_fingerprint on cert validator-reported errors | |
131 | - Fix request URL generation in reverse proxy configurations | |
132 | - ... and several documentation updates | |
133 | - ... and several compile fixes | |
134 | ||
47f1e147 AJ |
135 | Changes to squid-4.9 (05 Nov 2019): |
136 | ||
137 | - Bug 4978: eCAP crash after using MyHost().newRequest() | |
138 | - Bug 4970: excessive gnutls_certificate_credentials debug msgs | |
139 | - Bug 4969: GCC-9 build failure: stringop-truncation | |
140 | - Bug 4966: Lower cache_peer hostname | |
141 | - Bug 4918: Crashes when using OpenSSL prior to v1.0.2 | |
142 | - TLS: Fix parsing of certificate validator responses | |
143 | - TLS: Fix parsing of TLS messages that span multiple records | |
144 | - TLS: Fix on_unsupported_protocol tunnel action | |
145 | - TLS: Fix expiration of self-signed generated certs to be 3 years | |
146 | - HTTP: Ignore malformed Host header in intercept and reverse proxy mode | |
147 | - HTTP: RFC 7230: server MUST reject messages with BWS after field-name | |
148 | - HTTP: Fix URN response handling | |
149 | - HTTP: Hash Digest noncedata | |
150 | - Update URI parser to use SBuf parsing APIs | |
151 | - Prevent truncation for large origin-relative domains | |
152 | - Fix several rock cache_dir corruption issues | |
153 | - Debug detail validation errors for loaded-from-file certificate chains | |
154 | - smblib: Improve SMB server name maintenance | |
155 | - cachemgr.cgi: Add validation for hostname parameter | |
156 | - ... and several compile issues | |
157 | - ... and some documentation updates | |
158 | ||
b339d00c AJ |
159 | Changes to squid-4.8 (09 Jul 2019): |
160 | ||
161 | - Bug 4957: Multiple XSS issues in cachemgr.cgi | |
162 | - Bug 4953: to_localhost does not include :: | |
163 | - Bug 4937: cachemgr.cgi: unallocated memory access | |
164 | - Bug 4936: terminating c-strings beyond BASE64_DECODE_LENGTH | |
165 | - Bug 4889: Ignore ECONNABORTED in accept(2) | |
166 | - Bug 4842: Memory leak when http_reply_access uses external_acl | |
167 | - TLS: Fix tls-min-version= being ignored | |
168 | - TLS: Add the NO_TLSv1_3 option to available tls-options values | |
169 | - HTTP: RFC 7230 forbids generation of userinfo subcomponent of https URL | |
170 | - HTTP: Remove userinfo support from old protocols | |
171 | - HTTP: Fix Digest auth parameter parsing | |
172 | - HTTP: Send Connection:close with the known-last request on a connection | |
173 | - HTTP: Fix handling of tiny invalid responses | |
174 | - Replace uudecode with libnettle base64 decoder | |
175 | - Update HttpHeader::getAuth to SBuf | |
176 | - ... and some compile issues | |
177 | ||
b3cc78d3 AJ |
178 | Changes to squid-4.7 (06 May 2019): |
179 | ||
180 | - Bug 4942: --with-filedescriptors does not do anything | |
181 | - Bug 4928: Cannot convert non-IPv4 to IPv4 | |
182 | - Bug 4823: assertion failed: "lowestOffset () <= target_offset" | |
183 | - Bug 4796: comm.cc !isOpen(conn->fd) assertion when rotating logs | |
184 | - Fix squidclient authentication to origin servers | |
185 | - Fix stack-based buffer-overflow when parsing SNMP messages | |
186 | - Add support for buffer-size= to UDP logging | |
187 | - TLS: When using OpenSSL, trust intermediate CAs from trusted store | |
188 | ||
b339d00c | 189 | Changes to squid-4.6 (19 Feb 2019): |
2e11c9c2 AJ |
190 | |
191 | - Bug 4915: Detect IPv6 loopback binding errors | |
192 | - Bug 4914: Do not call setsid() in --foreground mode | |
193 | - Bug 4875 pt2: GCC-8 compile errors with -O3 optimization | |
194 | - Bug 4856: Exit when GoIntoBackground() fork() call fails | |
195 | - basic_ldap_auth: Return BH on internal errors; polished messages | |
196 | - Fix BodyPipe/Sink memory leaks associated with auto-consumption | |
197 | - Fix OpenSSL builds that define OPENSSL_NO_ENGINE | |
198 | - Fix several cases of rock cache corruption | |
199 | - Add Georgian (ka) language translation | |
200 | ||
6f405e99 AJ |
201 | Changes to squid-4.5 (01 Jan 2019): |
202 | ||
203 | - Bug 4253: ssl_bump prevents access to some web contents | |
204 | - TLS: add %>handshake logformat code | |
205 | - Redesign forward_max_tries to count TCP connection attempts | |
206 | - Fix client_connection_mark ACL handling of clientless transactions | |
207 | - Fix netdb exchange with a TLS cache_peer | |
208 | - Update netdb when tunneling requests | |
209 | - Use pkg-config for detecting libxml2 | |
210 | - ... and some documentation updates | |
211 | - ... and some code compile fixes | |
212 | ||
213 | Changes to squid-4.4 (28 Oct 2018): | |
011c7156 AJ |
214 | |
215 | - Bug 4893: Malformed %>ru URIs for CONNECT requests | |
216 | - Fix %USER_CA_CERT_xx and %USER_CERT_xx crashes | |
217 | - SSL: support compilation with minimal OpenSSL | |
218 | - SSL: certificate fields injection via %D in ERR_SECURE_CONNECT_FAIL | |
219 | - Fix netdb not saving to disk | |
220 | - Fix memory leak when parsing SNMP packet | |
221 | - ... and some compile issues | |
222 | ||
bc535d91 AJ |
223 | Changes to squid-4.3 (01 Oct 2018): |
224 | ||
225 | - Bug 4885: Excessive memory usage when running out of descriptors | |
226 | - Bug 4877: Add missing text about external_acl_type %DATA changes | |
227 | - Bug 4875 pt1: GCC-8 compile errors with -O3 optimization | |
228 | - Bug 4716: Blank lines in cachemgr.conf are not skipped | |
229 | - Bug 4691: balance_on_multiple_ip config option docs | |
230 | - basic_pop3_auth: fix startup errors | |
231 | - langpack: Add missing dialect aliases | |
232 | - Fix range_offset_limit debugging | |
233 | - Fix icc build errors | |
234 | - Update systemd dependencies in squid.service | |
235 | ||
2c7246f7 AJ |
236 | Changes to squid-4.2 (04 Aug 2018): |
237 | ||
238 | - Regression fix: support for https_port clientca= option | |
239 | - Regression Bug 4870: milliseconds logformats prepend 0s instead of spaces | |
240 | - Bug 4861: HTTPMSGLOCK missing pointer safety | |
241 | - Bug 4843 pt3: GCC-8 fixes and refactoring | |
242 | - HTTP: Do not update stored headers on 304 responses | |
243 | - Fix segmentation fault on -k parse | |
244 | - Fix %>ru logging of huge URLs | |
245 | - ... and several performance optimizations | |
246 | - ... and some documentation updates | |
247 | - ... and all fixes from 3.5.28 | |
248 | ||
3cd71470 AJ |
249 | Changes to squid-4.1 (02 Jul 2018): |
250 | ||
251 | - Bug 4223: fixed retries of failed re-forwardable transactions | |
252 | - Bug 4791: Build failure on MacOS | |
253 | - Fix --with-netfilter-conntrack error message | |
254 | - ... and many documentation updates | |
255 | ||
b5391492 AJ |
256 | Changes to squid-4.0.25 (11 Jun 2018): |
257 | ||
258 | - Regression Bug 4855: querying private entries for HTCP/ICP | |
259 | - Regression Bug 4852: deny_info %R macro not being expanded | |
260 | - Regression Bug 4847: proxy_auth ACL -i/+i flags not working | |
261 | - Regression Bug 4831: filter chain certificates for validity when loading | |
262 | - Regression fix: Transient reader locking broken in 4.0.24 | |
263 | - Bug 4845: NegotiateSsl crash on aborting transaction | |
264 | - Bug 4843 pt1: ext_edirectory_userip_acl refactoring for GCC-8 | |
265 | - Bug 4843 pt2: squidclient refactoring for GCC-8 | |
266 | - Bug 4829: IPC shared memory leaks when disker queue overflows | |
267 | - Bug 4828: Use feature detection for IPFilter API/ABI checks | |
268 | - Bug 4816: update negotiate_kerberos_auth helper protocol to v3.4 | |
269 | - Bug 4811: supply AccessLogEntry (ALE) for more fast ACL checks | |
270 | - Bug 4707: purge tool does not obey --sysconfdir= build option | |
271 | - Bug 4171: checking for log_file_daemon despite disabling logging | |
272 | - Bug 4042: ext_kerberos_ldap_group: add -P principal option | |
273 | - TLS: avoid "ssl_crtd" assertions on reconfiguration | |
274 | - Add timestamps to (most) FATAL messages | |
275 | - Add "--kid role-ID" command line option | |
276 | - ... and many documentation updates | |
277 | ||
2db9989c AJ |
278 | Changes to squid-4.0.24 (07 Mar 2018): |
279 | ||
280 | - Bug 4822: Build failure (-Wformat) where time_t is not long int | |
281 | - Bug 4505: SMP caches sometimes do not purge entries | |
282 | - TLS: GnuTLS implementation for listening ports and client connections | |
283 | - TPROXY: Fix clientside_mark and client port logging | |
284 | - Native FTP: Fix "Cannot assign requested address" with TPROXY | |
285 | - SSL-Bump: Fix authentication with types other than Basic | |
286 | - ... and many small compile and stability fixes | |
287 | - ... and some documentation fixes | |
288 | ||
f1dfef29 | 289 | Changes to squid-4.0.23 (19 Jan 2018): |
290 | ||
291 | - Bug 4715: security_file_certgen: Remove -g and -n options docs | |
292 | - Bug 4679: User names not sent to url_rewrite_program | |
293 | - Bug 4631: security_file_certgen helper without disk cache | |
294 | - Bug 3911: clang -fsanitize warnings | |
295 | - Bug 2378: Duplicates in selected peer destinations | |
296 | - Nettle v3.4 support | |
297 | - Fix Squid FTP server dying because of an unhandled exception | |
298 | - Automatically revive hopeless kids on reconfigure and after a timeout | |
299 | - Fix %<Hs, %<pt, %<tt, %<bs calculation bugs for error responses | |
300 | - ... and many documentation updates | |
301 | - ... and some stability fixes | |
302 | ||
96e628ec | 303 | Changes to squid-4.0.22 (07 Dec 2017): |
304 | ||
305 | - Regression fix: Relay peer CONNECT error status line and headers to clients | |
306 | - Bug 4767: SMP breaks IPv6 SNMP and cache manager queries | |
307 | - Bug 4718: support filling raw buffer space of shared SBufs | |
308 | - Bug 4648: object revalidation for HTTPS scheme | |
309 | - Bug 4616: store_client.cc:92: "mem" assertion | |
310 | - Bug 2821: ignore Content-Range in non-206 responses | |
311 | - HTCP: Ignore packets with invalid URI | |
312 | - TLS: Validate the shortest certificate chain | |
313 | - TLS: Add checks for OpenSSL 1.1.0f API changes | |
314 | - TLS: Fix reporting of validation errors for downloaded intermediate certs | |
315 | - TLS: Fix SSL certificate cache refresh and collision handling | |
316 | - Fix backwards compatibility for Squid-3.5 external_acl_type formats | |
317 | - Fix invalid mime icon URLs in cache | |
318 | - Do not die silently when dying early | |
319 | - Docs: update translation files | |
320 | ||
b008ed2e AJ |
321 | Changes to squid-4.0.21 (02 Jul 2017): |
322 | ||
323 | - Bug 4730: segfault while processing internal HTTP requests | |
324 | - Bug 4492: Chunk extension parser is too pedantic | |
325 | - Bug 1961: Redesign urlParse() API | |
326 | - TLS: recognise tls:: namespace on logformat tokens | |
327 | - SSL-Bump: tproxy does not spoof spliced connections | |
328 | - security_file_certgen: collapse queued requests | |
329 | - Add a basic apparmour profile | |
330 | - Add transaction_initiator ACL for detecting various unusual transactions | |
331 | - Add ssl::server_name options to control matching logic | |
332 | - Support for --long-acl-options | |
333 | - Do not die silently when dying via std::terminate() | |
334 | - Fix option --foreground to implement expected behavior | |
335 | - Translations: update .po and .pot to latest texts | |
336 | - ... and some documentation updates | |
337 | - ... and many code cleanup and stability fixes | |
338 | - ... and all fixes from 3.5.27 | |
339 | ||
ef396425 AJ |
340 | Changes to squid-4.0.20 (01 Jun 2017): |
341 | ||
96e628ec | 342 | - Bug 4692: SslBump breaks intercepted IPv6 connections |
343 | - Bug 4682: ignoring http_access deny when client-first bumping mode is used | |
344 | - Bug 4662: build errors with LibreSSL 2.4.4 | |
345 | - Bug 4659: sslproxy_foreign_intermediate_certs does not work | |
346 | - Bug 4321: ssl_bump terminate does not terminate at step1 | |
ef396425 AJ |
347 | - Add 'has' ACL |
348 | - Do not forward HTTP requests to dead idle peers | |
349 | - Do not unconditionally revive dead peers after a DNS refresh | |
350 | - Make PID file check/creation atomic to avoid associated race conditions | |
351 | - Count failures and use peer-specific connect timeouts when tunneling | |
352 | - SSL-Bump: Fix crashes when server-first bumping mode is used with openSSL-1.1.0 | |
353 | - eCAP: Fix empty header handling in Ecap::HeaderRep::hasAny() | |
354 | - SSL-Bump: Second adaptation missing for CONNECTs | |
355 | - ext_session_acl: cope with new logformat inputs | |
356 | - ... and some documentation updates | |
357 | - ... and some code stability fixes | |
b008ed2e | 358 | - ... and all fixes from 3.5.26 |
ef396425 | 359 | |
7b84ebcc AJ |
360 | Changes to squid-4.0.19 (02 Apr 2017): |
361 | ||
362 | - Bug 4674: delay_parameters for class 3 and 4 assertion failed | |
363 | - Bug 4671: GCC 7 compile errors | |
364 | - Bug 4663: GCC 5+ compile errors with optimization level -O3 | |
365 | - Bug 4657: delay IDENT until after PROXY protocol handling | |
366 | - Bug 4610: cleanup of BerkleyDB related checks | |
367 | - squidclient: Fix missing error handling on PUT | |
368 | - digest_ldap_auth: Add -r option to clamp the realm to a fixed value | |
369 | - TLS: initial GnuTLS support for encrypted server connections | |
370 | - Fix appending Http::HdrType::VIA code | |
371 | - Fix URI scheme case-sensitivity treatment | |
372 | - Fix two read-ahead problems related to delay pools (or lack thereof) | |
373 | - Detail swapfile header inconsistencies | |
374 | - ... and several build fixes | |
375 | - ... and many code polishing updates | |
376 | - ... and all fixes from 3.5.25 | |
377 | ||
8527bed1 AJ |
378 | Changes to squid-4.0.18 (06 Feb 2017): |
379 | ||
380 | - Bug 4661: compile error 'warning: _XPG4_2 redefined' with GCC on Solaris 10 | |
381 | - Bug 4636: assertion 'byteCount > 0 && byteCount <= inBuf.length()' | |
382 | - Bug 4610 partial: compile errors on Solaris 11.3 with Oracle Studio 12.5 | |
383 | - Bug 4599: support OpenSSL 1.1 | |
384 | - squidclient: link GnuTLS library debugs to -v level display | |
385 | - Fix GCC6: unused local variable 'weInitiatedThisClosure' | |
386 | - ... and some code polishing | |
387 | - ... and some copyright updates | |
388 | - ... and all fixes from 3.5.24 | |
389 | ||
a2eb97b4 | 390 | Changes to squid-4.0.17 (16 Dec 2016): |
6f4a12cf AJ |
391 | |
392 | - Bug 4630: user credentials cache cleanup not re-scheduled | |
393 | - Bug 4610 partial: compile errors on Solaris 11.3 with Oracle Studio 12.5 | |
394 | - Bug 4599 partial: initial support for OpenSSL v1.1 | |
395 | - TLS: Support tunneling of bumped non-HTTP traffic | |
396 | - ... and many code polishing and performance updates | |
397 | - ... and some documentation updates | |
398 | - ... and some fixes from 3.5.23 | |
399 | ||
6276f56c AJ |
400 | Changes to squid-4.0.16 (30 Oct 2016): |
401 | ||
402 | - Avoid segfaults when lacking the server name for certificate validator | |
403 | - HTTP: initial support for Cache-Control:immutable | |
404 | - Fix ssl::server_name ACL | |
405 | - ... and many code polishing updates | |
406 | - ... and some fixes from 3.5.23 | |
407 | ||
d710ff25 AJ |
408 | Changes to squid-4.0.15 (09 Oct 2016): |
409 | ||
410 | - Regression fix crash on reconfigure with TOS/DiffServ/MARK configured | |
411 | - Bug 4610: compile errors on Solaris 11.3 with Oracle Studio 12.5 | |
412 | - Bug 4581: Secure ICAP segfault in checkForMissingCertificates | |
413 | - Bug 4578: changes required to install squid.service | |
414 | - Fix crash on shutdown while cleaning up idle ICAP connections | |
415 | - Fix memory leak of Downloader-related objects | |
416 | - HTTP/1.1: handle syntactically valid requests with unsupported HTTP versions | |
417 | - Log TCP client port for error:transaction-end-before-headers and such | |
418 | - ... and many portability and build fixes | |
419 | - ... and some documentation updates | |
420 | - ... and all fixes from 3.5.22 | |
421 | ||
f6791433 AJ |
422 | Changes to squid-4.0.14 (08 Sep 2016): |
423 | ||
424 | - Regression Bug 4570: crash after rev.14755 | |
425 | - Regression Bug 4561: Replace use of default move operators with explicit implementation | |
426 | - Bug 4503: Do not access-log SslBump-faked CONNECTs with _ABORTED suffixes | |
427 | - Bug 4404: Do not access-log chunked non-persistent responses with _ABORTED suffix | |
428 | - Fix crashes on shutdown while cleaning up idle ICAP connections | |
429 | - Fix logformat unable to configure codes with /-escape | |
430 | - HTTP: MUST respond with 414 (URI Too Long) when request-target exceeds limits | |
431 | - HTTP: validate Content-Length header values | |
432 | - Make Squid death due to overloaded helpers optional | |
433 | - Better support for unknown URL schemes | |
434 | - Do not log error:transaction-end-before-headers after invalid requests | |
435 | - ... and many portability and build fixes | |
436 | - ... and some documentation updates | |
d710ff25 | 437 | - ... and all fixes from 3.5.21 |
f6791433 | 438 | |
7566fb7e AJ |
439 | Changes to squid-4.0.13 (05 Aug 2016): |
440 | ||
441 | - Regression Bug 4540: revert r14720 buffer update | |
442 | - Bug 4555: Minor improvements to error pages CSS | |
443 | - Bug 4551: fix exceptions in new chunked decoder | |
444 | - Bug 4311: support collapse for internal revalidation requests (SMP-unaware caches) | |
445 | - Fix Certificate Validator buffer-overflow crashes Squid | |
446 | - Fix some failed transactions not being logged | |
447 | - Fix segfault via Ftp::Client::readControlReply(). | |
448 | - basic_db_auth: add support for unsalted SHA1 passwords | |
449 | - kerberos_ldap_group: add support for SSL/TLS connection to an LDAP server | |
450 | - TLS: Add missing 'tls' option for cache_peer | |
451 | - TLS: Do not hang when 'connector' fails | |
452 | - TLS: Add support for fetching missing certificates | |
453 | - Remove XSTD_USE_LIBLTDL, which has not been needed in a long while | |
454 | - ... and many code polishing updates | |
455 | - ... and some documentation updates | |
456 | ||
267a742e AJ |
457 | Changes to squid-4.0.12 (01 Jul 2016): |
458 | ||
459 | - Regression Fix: shell issues with require_smblib definition | |
460 | - Regression Bug 4532: pid_filename not working as documented | |
461 | - Regression Bug 4504: Too many WARNING: Ignoring error setting CA certificate locations | |
462 | - Bug 4516: security_file_certgen man page update | |
463 | - Bug 4446: undefined reference to 'libecap::Name::Name' | |
464 | - Bug 4376: clang cannot build Squid eCAP code | |
465 | - HTTP/1.1: Update all stored headers on 304 revalidation | |
466 | - TLS: Authority Key Identifier certificate extension | |
467 | - Add a script to find kid-specific cache.log lines | |
468 | - Cleanup cppunit detection and use | |
469 | - ... and several performance improvements | |
470 | - ... and some unit test updates | |
471 | - ... and all fixes from 3.5.20 | |
472 | ||
c17f835b AJ |
473 | Changes to squid-4.0.11 (09 Jun 2016): |
474 | ||
475 | - Bug 4517: error: comparison between signed and unsigned integer | |
476 | - Bug 4492: chunked parser needs to accept BWS after chunk size | |
477 | - HTTP/1.1: allow chunking the last HTTP response on a connection | |
478 | - HTTP/1.1: unfold mime header blocks | |
479 | - TLS: fast SNI peek | |
480 | - TLS: check for SSL_CIPHER_get_id() support required in adjustSSL() | |
481 | - TLS: never enable OPENSSL_HELLO_OVERWRITE_HACK automatically | |
482 | - squidclient: improve shell-escape support in -H option | |
483 | - Do not allow low-level debugging to hide important/critical messages | |
484 | - Replace new/delete operators using modern C++ rules | |
485 | - Remove ie_refresh configuration option | |
486 | - Deprecating SMB LanMan helpers | |
487 | - Mark refresh-waiting transactions with REFRESH | |
488 | - ... and some code cleanup and polishing | |
489 | ||
25e7b074 AJ |
490 | Changes to squid-4.0.10 (06 May 2016): |
491 | ||
492 | - Accumulate fewer unknown-size responses to avoid overwhelming disks. | |
493 | - Fix shared memory corruption when storing multi-slot (>32KB) shm misses. | |
494 | - ... and some documentation and code cleanup | |
495 | - ... and all fixes from 3.5.18 | |
496 | ||
2dae5986 AJ |
497 | Changes to squid-4.0.9 (20 Apr 2016): |
498 | ||
25e7b074 | 499 | - Bug 4405: assertion failed: comm.cc:554: "Comm::IsConnOpen(conn)" |
2dae5986 AJ |
500 | - Add a new error page token for unquoted external ACL messages. |
501 | - Stop parsing response prefix after discovering an "HTTP/0.9" response. | |
502 | - ... and some documentation updates | |
503 | - ... and some code polishing | |
504 | - ... and all fixes from 3.5.17 | |
505 | ||
b1e01a62 AJ |
506 | Changes to squid-4.0.8 (02 Apr 2016): |
507 | ||
508 | - Bug 4459: FHS compliance: move netdb.state and ssl_db to /var/cache/squid | |
509 | - Bug 4458: Behaviour change with external ACL arguments | |
510 | - Bug 4450: wait() related cleanup | |
511 | - Bug 4438: SIGSEGV in memFreeString() destructing SBuf globals on shutdown/restart | |
512 | - Bug 4312: Support disabling collapsed forwarding SMP cooperation | |
513 | - Bug 3826: SMP compatibility with systemd and --foreground option | |
514 | - Bug 1979: Add ACL-driven server_pconn_for_nonretriable squid.conf directive | |
515 | - Bug 7 (partial): Update cached entries on 304 responses | |
516 | - Add reply_header_add directive | |
517 | - HTTP/1.1: Do not prohibit updating Last-Modified on 304 responses | |
518 | - Fix memory leaks of lastAclData and AccessLogentry::url | |
519 | - Fix clang -Winconsistent-missing-override warning | |
520 | - Tests: update test suite for GnuTLS | |
521 | - ... and some documentation updates | |
522 | - ... and some code cleanup and polishing | |
97f9388a | 523 | - ... and all fixes from squid 3.5.16 |
b1e01a62 | 524 | |
81bf66f8 AJ |
525 | Changes to squid-4.0.7 (23 Feb 2016): |
526 | ||
527 | - Regression Fix: external_acl parameters separated by %20 instead of space | |
528 | - Bug 4432: assertion failed: store.cc:1919: "isEmpty()" | |
529 | - Bug 4111: leave_suid() does not properly handle error codes returned by setuid | |
530 | - Fix propagation of response status line parsing error details | |
531 | - Fix memory leak when the cache of sslcrtvalidator_program is disabled via ttl=0 | |
532 | - ... and some code SourceLayout project cleaning | |
533 | - ... and all fixes from squid 3.5.15 | |
534 | ||
4e071e97 AJ |
535 | Changes to squid-4.0.6 (16 Feb 2016): |
536 | ||
537 | - Regression Bug 4436: Fix DEFAULT_SSL_CRTD | |
538 | - Fix "dial: Ssl::PeerConnector::sslCrtvdHandleReply threw exception: callback != NULL" | |
4e071e97 AJ |
539 | - ... and some documentation updates |
540 | - ... and all fixes from squid 3.5.14 | |
541 | ||
ff87fda5 AJ |
542 | Changes to squid-4.0.5 (09 Feb 2016): |
543 | ||
544 | - Regression Bug 4429: http(s)_port options= error message missing characters | |
545 | - Regression Bug 4410: 4.0.4 compile error in basic_ncsa_auth | |
546 | - Regression Bug 4403: helper compile errors after 4.0.4 rev.14454 | |
547 | - Regression Bug 4401: compile error on Solaris | |
548 | - Regression Fix: TLS/SSL flags parsing | |
549 | - Regression Fix: cert validadator always disabled in 4.x | |
550 | - Regression Fix: Name-only note ACL stopped matching after 4.0.4 rev.14465 (note -m) | |
551 | - Regression Fix: external_acl problems after 4.0.1 rev.14351 | |
552 | - Bug 4409 (partial): compile error when two Heimdal libraries are installed | |
553 | - Bug 4005: Dynamic certificate cache exceeds dynamic_cert_mem_cache_size | |
554 | - SMP: Fix cleanup of a shared memory segment in an unusual configuration | |
555 | - SSL-Bump: Fix step3 splicing. | |
556 | - Add connections_encrypted ACL | |
557 | - Make %<a and %<p details available to [eCAP] RESPMOD services | |
558 | - Rename cert_valid.pl to security_fake_certverify | |
559 | - Rename ssl_crtd helper to security_file_certgen | |
560 | - ... and a lot of code SourceLayout project cleaning | |
561 | - ... and some documentation updates | |
562 | - ... and all fixes from squid 3.5.13 up to rev.13979 | |
563 | ||
0461fde7 AJ |
564 | Changes to squid-4.0.4 (06 Jan 2016): |
565 | ||
78121f9a AJ |
566 | - Regression Bug 4393: compile fails on OS X |
567 | - Bug 4392: assertion CbcPointer.h:159: 'c' via tunnelServerClosed or tunnelClientClosed | |
0461fde7 AJ |
568 | - Support use of Kerberos credentials cache instead of keytab |
569 | - Support logging of TLS Cryptography Parameters | |
570 | - Support substring matching in Note ACL | |
571 | - ... and some code cleanup and polishing | |
572 | - ... and all fixes from squid 3.5.13 | |
573 | ||
bf7891f2 AJ |
574 | Changes to squid-4.0.3 (28 Nov 2015): |
575 | ||
576 | - Bug 4372: missing template files | |
577 | - Bug 4371: compile errors: no such file or directory: DiskIO/*/*DiskIOModule.o | |
578 | - Bug 4368: A simpler and more robust HTTP request line parser | |
579 | - Fix compile erorr on clang undefined reference to '__atomic_load_8' | |
580 | - ext_kerberos_ldap_group_acl: Add missing workarounds for Heimdal Kerberos | |
581 | - ext_ldap_group_acl: Allow unlimited LDAP search filter | |
582 | - ext_unix_group_acl: Support -r parameter to strip @REALM from usernames | |
583 | - ... and much code cleanup and polishing | |
0461fde7 | 584 | - ... and all fixes from squid 3.5.12 |
bf7891f2 | 585 | |
0b475d3f AJ |
586 | Changes to squid-4.0.2 (01 Nov 2015): |
587 | ||
588 | - Regression Bug 4351: compile errors when authentication modules disabled | |
589 | - Regression fix: HTTP/1.1 Transfer-Encoding:chunked parsing | |
590 | - Bug 4359: assertion failure 'Comm::IsConnOpen(conn)' within ConnStateData::requestTimeout | |
591 | - Bug 4356: segmentation fault using proxy_auth ACL | |
592 | - Bug 4352: compile errors in OS X 10.11 | |
593 | - Bug 4021: ext_user_regex does exact match | |
594 | - Bug 3574: avoid crashes, prohibit reconfiguration during shutdown | |
595 | - Support re-assigning delay pools based on HTTP reply details | |
596 | - ... and all fixes from squid 3.5.11 | |
597 | ||
1243ec71 AJ |
598 | Changes to squid-4.0.1 (14 Oct 2015): |
599 | ||
600 | - Bug 4329: GCC 5.2 no known conversion for argument | |
601 | - Bug 4292: negotiate_wrapper: Unreleased Resources | |
602 | - Bug 4269: ignore-must-revalidate broken | |
603 | - Bug 4190: assertion 'hash_remove_link' from Auth::User::cacheCleanup | |
604 | - Bug 3920: Splay::remove() reference counting inconsistent | |
605 | - Bug 3069: CONNECT method bytes sent logging | |
606 | - Bug 2741 partial: libsecurity API for GnuTLS support | |
607 | - Bug 1961 partial: redesign of URL handling | |
608 | - Fix crash when parsing invalid squid.conf | |
609 | - Fix eCAP: Return 'unknown body size' for bodies with unknown body sizes | |
610 | - Remove unused OS detection: Sun, SysV, Ultrix, BSDi | |
611 | - Remove cache_peer_domain directive | |
612 | - RFC 6176 compliance: Remove SSLv2 support | |
613 | - HTTP/1.1: Remove refresh_pattern ignore-auth and ignore-must-revalidate | |
614 | - Remove GCC 2.x and 3.x detection and support | |
615 | - C++11 compiler support is now mandatory | |
616 | - Enable flexible transport protocol | |
617 | - Enable long (--foo) command line parameters on squid binary | |
618 | - Add per-rule refresh_pattern matching statistics | |
619 | - Replace sslversion=N with tls-min-version=1.N | |
620 | - Replace sslproxy_* directives with tls_outgoing_options | |
621 | - Replace GNU atomics and related hacks with C++11 std::atomic | |
622 | - Replace external_acl_type format %macros with logformat codes | |
1243ec71 AJ |
623 | - Support Secure ICAP services |
624 | - Support rotate=N option on access_log | |
625 | - Support bypass for non-HTTP intercepted traffic (on_unsupported_protocol) | |
626 | - Support lifetime timeout for persistent connections (pconn_lifetime) | |
627 | - Support timeout for URL-rewrite helper lookups (url_rewrite_timeout) | |
628 | - Support logging fast things (nanosecond log resolution) | |
629 | - Support ICAP/eCAP adaptation for 100-continue responses | |
630 | - Support configurable helper queue size, with consistent defaults | |
631 | and better overflow handling. | |
632 | - Support named service PID file by default (pid_filename) | |
633 | - url_lfs_rewrite: Add URL-rewriter based on local file existence | |
634 | - negotiate_kerberos_auth: output group= kv-pair | |
635 | - helper-mux: add man(8) page | |
636 | - purge: convert README to man(1) page | |
637 | - basic_msnt_multi_domain_auth: Superceeded by basic_smb_lm_auth | |
638 | - basic_sspi_auth: fix MinGW compile errors | |
639 | - negotiate_sspi_auth: fix various build errors | |
640 | - Crypto-NG: libnettle Base64 algorithm support | |
641 | - Parser-NG: HTTP Parser structural redesign | |
642 | - libltdl: copyright updated to LGPL version 2.1 | |
643 | - ... and several performance optimizations | |
644 | - ... and many documentation changes | |
645 | - ... and much code cleanup and polishing | |
646 | ||
1c8fc2a2 AJ |
647 | Changes to squid-3.5.28 (15 Jul 2018): |
648 | ||
649 | - SQUID-2018:1: crash processing SSL-Bumped traffic containing ESI | |
650 | - SQUID-2018:2: crash handling responses to internally generated requests | |
651 | - SQUID-2018:3 / CVE-2018-1172: crash in ESI Response processing | |
652 | - Bug 4861: HTTPMSGLOCK missing pointer safety | |
653 | - Bug 4829: IPC shared memory leaks when disker queue overflows | |
654 | - Bug 4767: SMP breaks IPv6 SNMP and cache manager queries | |
655 | - Bug 2821: Ignore Content-Range in non-206 responses | |
656 | - HTCP: Ignore HTCP packets with invalid URI | |
657 | - SSL-Bump: fix authentication with schemes other than Basic | |
658 | - TPROXY: Fix clientside_mark and client port logging | |
659 | - Fix "Cannot assign requested address" for to-origin TPROXY FTP data | |
660 | - Fix --with-netfilter-conntrack error message | |
661 | - Validate mime icon URL before allocating store entries | |
662 | - ... and many documentation changes | |
663 | ||
b1268cb4 | 664 | Changes to squid-3.5.27 (20 Aug 2017): |
665 | ||
666 | - Regression Bug #4112: ssl_engine does not accept cryptodev | |
667 | - Bug 4687: Wrong names of components in man page, section SEE ALSO | |
668 | - Bug 4671: various GCC 7 compile errors | |
669 | - Bug 4464: Reduce "!Comm::MonitorsRead(serverConnection->fd)" assertions | |
670 | - Bug 2833: Collapse internal revalidation requests (SMP-unaware caches) | |
671 | - Bug 2833: Do not respond with HTTP/304 to unconditional requests | |
672 | - Fix message packing error handling in mgr and snmp SMP Forwarders | |
673 | - Fix mgr query handoff from the original recipient to Coordinator. | |
674 | - ... and some documentation updates | |
675 | ||
ef396425 AJ |
676 | Changes to squid-3.5.26 (01 Jun 2017): |
677 | ||
678 | - Bug 4711: SubjectAlternativeNames is missing in some generated certificates | |
679 | - Bug 4695: squidpurge: GCC 7 build errors | |
680 | - Bug 4682: ignoring http_access deny when client-first bumping mode is used | |
681 | - Bug 4682: Fix ssl_bump "bump" action documentation | |
682 | - Bug 4653: %st lies about tunneled traffic volumes | |
683 | - Bug 4589: ssl_crtd: returning zero on failure | |
684 | - Bug 3772: message from FTP server gets mangled | |
685 | - Bug 3102: FTP directory listing drops fist character of file names | |
686 | - Add OpenSSL library details to -v output | |
b1268cb4 | 687 | - ... and some documentation updates |
ef396425 | 688 | |
7b84ebcc AJ |
689 | Changes to squid-3.5.25 (02 Apr 2017): |
690 | ||
691 | - Bug 4688: various typo error(s) in man page(s) | |
692 | - Bug 4508: Host forgery stalls intercepted being-spliced connections | |
693 | - Native FTP relay: NAT and TPROXY interception fixes | |
694 | - Fix missing CRLF on FTP timeout ABORT commands | |
695 | - TLS: Bump client on errors encountered before ssl_bump evaluation | |
696 | - ext_kerberos_ldap_group_acl: fix unused value warnings | |
697 | - Fix crash when configuring with invalid delay_parameters restore value. | |
698 | - Check that -k argument is provided before trying to use it. | |
699 | - ... and some build fixes | |
700 | ||
6c12d87e AJ |
701 | Changes to squid-3.5.24 (28 Jan 2017): |
702 | ||
703 | - Regression Bug 3940: Make 'cache deny' do what is documented | |
704 | - TLS: Fix SSLv2 records bumping despite a matching step2 peek rule | |
705 | - TLS: Mitigate DoS attacks that use client-initiated SSL/TLS renegotiation | |
706 | - Fix "Source and destination overlap in memcpy" Valgrind errors | |
707 | - Reduce crashes due to unexpected ClientHttpRequest termination | |
708 | - Update External ACL helpers error handling and caching | |
709 | - Detect HTTP header ACL issues | |
710 | - ... and some documentation fixes | |
711 | ||
a2eb97b4 | 712 | Changes to squid-3.5.23 (16 Dec 2016): |
6f4a12cf AJ |
713 | |
714 | - Bug 4627: fix generate-host-certificates and dynamic_cert_mem_cache_size docs | |
715 | - Bug 4620: NetBSD build error with --enable-ipf-transparent | |
716 | - Bug 4567: Strange IPv6 shown in access.log | |
717 | - Bug 4406: SIGSEV in TunnelStateData::handleConnectResponse() during reconfigure and restart | |
718 | - Bug 4174 partial: fix Write.cc:41 "!ccb->active()" assertion. | |
719 | - Bug 4169: HIT marked as MISS when If-None-Match does not match | |
720 | - Bug 4007: Hang on DNS query with dead-end CNAME | |
721 | - Bug 4004 partial: Fix segfault via Ftp::Client::readControlReply | |
722 | - Bug 3940 partial: hostHeaderVerify failures MISS when they should be HIT | |
723 | - Bug 3533: Cache still valid after HTTP/1.1 303 See Other | |
724 | - Bug 3379: Combination of If-Match and a Cache Hit result in TCP Connection Failure | |
725 | - Bug 3290: authenticate_ttl not working for digest authentication | |
726 | - Bug 2258: bypassing cache but not destroying cache entry | |
727 | - HTTP/1.1: make Vary:* objects cacheable | |
728 | - HTTP/1.1: Add registered codes entry for new 103 (Early Hints) status code | |
729 | - Support IPv6 NAT with PF for NetBSD and FreeBSD | |
730 | - TLS: Make key= before cert= an error instead of quietly hiding the issue | |
731 | - ... and some debug updates | |
732 | - ... and some build fixes | |
733 | - ... and several documentation updates | |
734 | ||
d710ff25 AJ |
735 | Changes to squid-3.5.22 (09 Oct 2016): |
736 | ||
737 | - Bug 4594: build failure with clang 3.9 | |
738 | - Bug 4471: revalidation does not work when expired cached object lacks Last-Modified | |
739 | - Bug 4302 pt2: IPv6 support for IPFilter v5 transparent interception | |
740 | - Bug 4228: ./configure bug/typo in r14394 | |
741 | - Bug 3819: "fd >= 0" assertion in file_write() during reconfiguration | |
742 | - Bug 2833: Collapse internal revalidation requests (SMP-unaware caches) | |
743 | - Fix logged request size (%http::>st) and other size-related %codes | |
744 | - Fix some memory leaks from putenv() | |
745 | - Fix memory leaks from url_rewrite_extras and store_id_extras on reconfigure/shutdown | |
746 | - Fix segfault crash when debugging section 4 at level 9 | |
747 | - HTTP: MUST ignore a [revalidation] response with an older Date header | |
748 | ||
f6791433 AJ |
749 | Changes to squid-3.5.21 (08 Sep 2016): |
750 | ||
751 | - Bug 4563: duplicate code in httpMakeVaryMark | |
752 | - Bug 4542: authentication credentials IP TTL updated incorrectly | |
753 | - Bug 4534: assertion failure in xcalloc when using many cache_dir | |
754 | - Bug 4428: mal-formed Cache-Control:stale-if-error header | |
755 | - Bug 3025: Proxy-Authenticate problem using ICAP server | |
756 | - Fix segfault via Ftp::Client::readControlReply() | |
757 | - Fix SSL-Bump failure results in SEGFAULT | |
758 | - HTTP/1.1: MUST always revalidate Cache-Control:no-cache responses | |
759 | - HTTP/1.1: do not allow Proxy-Connection to override Connection header | |
760 | - SSL: CN wildcard must only match a single domain component [fragment] | |
761 | ||
267a742e AJ |
762 | Changes to squid-3.5.20 (01 Jul 2016): |
763 | ||
764 | - Bug 4523: smblib compile fails on NetBSD | |
765 | - Bug 4485: off-by-one out-of-bounds Parser::Tokenizer::int64() read errors | |
766 | - Bug 3579: assertion failed 'MemPools[type]' from dst_as ACL | |
767 | - Fix icons loading speed | |
768 | - Fix OpenSSL detection on FreeBSD | |
769 | - Fix assertion failed: Write.cc:38: 'fd_table[conn->fd].flags.open' | |
770 | - Fix SEGFAULT parsing malformed adaptation service configuration | |
771 | - Fix ConnStateData::In::maybeMakeSpaceAvailable() logic | |
772 | - Do not override user defined -std option | |
773 | - Do not allow low-level debugging to hide important/critical messages | |
774 | - Do not make bogus recvmsg(2) calls when closing UDS sockets | |
775 | - Support unified EUI format code in external_acl_type | |
776 | ||
777 | Changes to squid-3.5.19 (09 May 2016): | |
778 | ||
779 | - Regression Bug 4515: interception proxy hangs | |
780 | ||
25e7b074 AJ |
781 | Changes to squid-3.5.18 (06 May 2016): |
782 | ||
783 | - Bug 4510: stale comment about 32KB limit on shared memory cache entries | |
784 | - Bug 4509: EUI compile error on NetBSD | |
785 | - Bug 4501: HTTP/1.1: normalize Host header | |
786 | - Bug 4498: URL-unescape the login-info after extraction from URI | |
787 | - Bug 4455: SegFault from ESIInclude::Start | |
788 | - Prevent Squid forcing -b 2048 into the arguments for sslcrtd_program | |
789 | - Fix TLS/SSL server handshake alert handling | |
790 | ||
2dae5986 AJ |
791 | Changes to squid-3.5.17 (20 Apr 2016): |
792 | ||
793 | - Regression Bug 4480: logformat [.width_max] | |
794 | - Regression Bug 4481: varyEvaluateMatch: Oops. Not a Vary match on second attempt | |
795 | - Bug 4495: Unknown SSL option SSL_OP_NO_TICKET | |
796 | - Bug 4493: theObject->sharedMemorySize() == theSegment.size() exception | |
797 | - Bug 4483: ./configure garbles -Og option in CFLAGS | |
798 | - Bug 4482: Solaris GCC 5.2 warning in src/ip/Intercept.cc | |
799 | - Bug 4468: NotNode (!acl) naming: Terminate the name before strncat(name). | |
800 | - Bug 4465: Header forgery detection leads to crash | |
801 | - Bug 2460 partial: workaround deferred reads on shutdown and restart | |
802 | - cachemgr.cgi: use dynamic MemBuf for internal content generation | |
803 | - ESI: Fix several element construction issues | |
804 | - TLS: Fix Handshake Error: ccs received early | |
805 | - TLS: Add chained and signing cert to peek-then-bumped connections | |
806 | - Fix some startup/shutdown crashes | |
807 | ||
b1e01a62 AJ |
808 | Changes to squid-3.5.16 (02 Apr 2016): |
809 | ||
810 | - Bug 4476: Removed duplicated #include lines | |
811 | - Bug 4452: squid -z segfaults with ufs | |
812 | - Bug 4447:FwdState.cc:447 "serverConnection() == conn" assertion | |
813 | - Bug 4423: adding stdio: prefix to cache_log directive produces FATAL error | |
814 | - Bug 4409: compile error when two Heimdal libraries are installed | |
815 | - Bug 2831: Cache-control: max-age not sent on TCP_IMS_HIT/304 | |
816 | - pinger: Fix buffer overflow in Icmp6::Recv | |
817 | - pinger: Fix select(2) to actually use max_fd | |
818 | - pinger: drop capabilities on Linux | |
819 | - Fix memory leak of HttpRequest objects | |
820 | - Fix memory leak when the cache of sslcrtvalidator_program is disabled via ttl=0 | |
821 | - Fix assertion failed: Write.cc:41: "!ccb->active()" | |
822 | - Fix crash on shutdown while cleaning up idle ICAP connections | |
823 | - RFC 7725: Add registry entry for 451 status text | |
824 | - ... and some build issues | |
825 | ||
81bf66f8 AJ |
826 | Changes to squid-3.5.15 (23 Feb 2016): |
827 | ||
828 | - Bug 3870: assertion failed: String.cc: 'len_ + len <65536' in ESI::CustomParser | |
829 | - Fix multiple assertion on String overflows | |
830 | - Fix unit test errors on MacOS | |
831 | - Better handling of huge response headers. Fewer incorrect "Bug #3279" messages. | |
832 | - Log noise reduction for eCAP | |
833 | ||
4e071e97 AJ |
834 | Changes to squid-3.5.14 (16 Feb 2016): |
835 | ||
836 | - Bug 4437: Fix Segfault on Certain SSL Handshake Errors | |
837 | - Bug 4431: C code is not compiled with CFLAGS | |
838 | - Bug 4418: FlexibleArray compile error with GCC 6 | |
839 | - Bug 4378: assertion failed: DestinationIp.cc:60: | |
840 | 'checklist->conn() && checklist->conn()->clientConnection != NULL' | |
841 | - Fix invalid FTP connection handling on blocked content | |
842 | - Fix handling of shared memory left over by Squid crashes or bugs | |
843 | - Fix mgr:config report 'qos_flows mark' output | |
844 | - Fix compile error in CPU affinity | |
404063c5 | 845 | - Fix %un logging external ACL username |
4e071e97 | 846 | - Avoid more certificate validation memory leaks |
404063c5 | 847 | - ... and some documentation updates |
4e071e97 | 848 | |
0461fde7 AJ |
849 | Changes to squid-3.5.13 (06 Jan 2016): |
850 | ||
851 | - Bug 4397: DragonFly BSD, POSIX shared memory is implemented as filepath | |
852 | - Bug 4387: Kerberos build errors on Solaris | |
853 | - TLS: Support Ephemeral Elliptic Curve Diffie-Hellman (EECDH) key exchange | |
854 | - TLS: Complete certificate chains using external intermediate certificates | |
855 | - Avoid memory leaks when an X.509 certificate validator is used with SslBump | |
856 | - Fix connection retry and fallback after failed server TLS connections | |
857 | - Fix GnuTLS detection via pkg-config | |
858 | - Fix startup crash with a misconfigured (too-small) shared memory cache | |
859 | - ... and some documentation updates | |
860 | ||
bf7891f2 AJ |
861 | Changes to squid-3.5.12 (28 Nov 2015): |
862 | ||
863 | - Bug 4374: refresh_pattern config parser (%) | |
864 | - Bug 4373: assertion 'calloutContext->redirect_state == REDIRECT_NONE' | |
865 | - Bug 4228: links with krb5 libs despite --without options | |
866 | - Fix SSL_get_certificate() problem detection | |
867 | - Fix TLS handshake problem during Renegotiation | |
868 | - Fix cache_peer forceddomain= in CONNECT | |
869 | - Fix status code-based HTTP reason phrase for eCAP-generated messages | |
870 | - Fix build errors in cpuafinity.cc | |
871 | - ... and several documentation updates | |
872 | ||
0b475d3f AJ |
873 | Changes to squid-3.5.11 (01 Nov 2015): |
874 | ||
875 | - Bug 3574: crashes on reconfigure and startup | |
876 | - Bug 4347: compile errors with LibreSSL 2.3 | |
877 | - Bug 4281: copy-paste typos in src/tools.cc | |
878 | - Bug 4279: No response from proxy for FTP-download of non-existing file | |
879 | - Bug 4188: Bumping intercepted SSL connections does not work on Solaris | |
880 | - Fix incorrect authentication headers on cache digest requests | |
881 | - Fix connection stats, including %<lp, missing for persistent connections | |
882 | - Fix invalid memory access issues in SBuf | |
883 | - Avoid errors when parsing manager ACL in old squid.conf | |
884 | ||
574e0f53 AJ |
885 | Changes to squid-3.5.10 (01 Oct 2015): |
886 | ||
887 | - Regression Fix cache_peer login=PASS(THRU) after CVE-2015-5400 | |
888 | - Regression Bug 4326: base64 binary encoder rejects data beginning with nil byte | |
889 | - Bug 4323: Netfilter broken cross-includes with Linux 4.2 | |
890 | - Bug 4328: %un format code does not work for external ACLs in credentials-fetching rules | |
891 | - Bug 4208: more than one port in wccp2_service_info line causes error | |
1243ec71 | 892 | - Bug 4303: PeerConnector.cc:743 "!callback" assertion. |
574e0f53 AJ |
893 | - Bug 4330: Do not use SSL_METHOD::put_cipher_by_char to determine size of SSL hello ciphers |
894 | - Relicense ntlm_fake_auth.pl to GPLv2+ | |
895 | - Relicense smb_lm auth helper to GPLv2+ | |
896 | - Relicense SSPI helper to GPLv2+ | |
897 | - ... and several minor performance optimizations | |
898 | ||
3de58ac0 AJ |
899 | Changes to squid-3.5.9 (17 Sep 2015): |
900 | ||
901 | - Regression Bug 3618: ntlm_smb_lm_auth rejects correct passwords | |
902 | - Bug 4309: incorrect extensions detection in SSL Hello messages | |
903 | - Bug 4309: crash during Skype login | |
904 | - Bug 4284: missing sanity checks for malloc | |
905 | - Regression Fix: CONNECT request debugging 11,2 traces | |
906 | - Regression Fix: Quieten UFS cache maintenance skipped warnings | |
907 | - TLS: Support SNI on generated CONNECT after peek | |
908 | - ... and some documentation updates | |
909 | ||
4fff8fc1 AJ |
910 | Changes to squid-3.5.8 (02 Sep 2015): |
911 | ||
912 | - Regression Bug 4306: build portability fix in Kerberos helpers | |
913 | - Bug 4302: IPFilter v5 transparent interception | |
914 | - Bug 4301: compile errors with IPFilter interception | |
915 | - Bug 4285 partial: %us is not supported in access.log | |
916 | - Bug 4278: Docs: typo in the refresh_pattern freshness algorithm | |
917 | - Bug 4242: compile errors with eCAP using clang-3.6 | |
918 | - Bug 3696: crash when client delay pools are activated | |
919 | - Bug 3553: cache_swap_high ignored and maxCapacity used instead | |
920 | - Regression Fix: FtpServer.cc:1024: "reply != NULL" assertion | |
921 | - Fix ignore of impossible SSL bumping actions, as intended and documented | |
922 | - Fix memory leak in Surrogate-Capability header detection | |
923 | - Fix truncated body length when RESPMOD service aborts | |
924 | - Reject non-chunked HTTP messages with conflicting Content-Length values | |
925 | - Support splice for SSLv3 and TLSv1 sessions that start with an SSLv2 Hello | |
926 | - ... and several portability and compile fixes | |
927 | - ... and several documentation updates | |
928 | ||
4df5649e AJ |
929 | Changes to squid-3.5.7 (01 Aug 2015): |
930 | ||
c52a4693 | 931 | - Bug 4293: wrong SNI sent to server after URL-rewrite |
4df5649e AJ |
932 | - Bug 4251: incorrect instance name for memory segments in /dev/shm |
933 | - Bug 4227: invalid key in AuthUserHashPointer causing assertation failure | |
934 | - Bug 3345: support %un (any available user name) format code for external ACLs. | |
ab5bc97e | 935 | - basic_smb_auth: Fix several old issues identified by Debian users |
4df5649e AJ |
936 | - Support ssl-bump splicing to origin cache_peer |
937 | - Fix SSL errors relayed using invalid certificates | |
938 | - Fix crash in TcpAccepter with profiler enabled | |
939 | - Fix some cases of ssl_crtd SSL certificate DB corruption | |
940 | - Fix performance regression in SBuf::chop operations | |
941 | - Improve handling of client connections on shutdown | |
942 | - Handle exceptions during squid.conf parse | |
943 | - Make pod2man an optional dependency | |
944 | - ... and polishing for several cache.log notification messages | |
945 | - ... and all fixes from squid 3.4.14 | |
946 | ||
ab248038 AJ |
947 | Changes to squid-3.5.6 (03 Jul 2015): |
948 | ||
949 | - Bug 4274: ssl_crtd.8 not being installed | |
950 | - Bug 4193: memory leak on FTP listings | |
951 | - Bug 4183: segfault when freeing https_port clientca on reconfigure or exit | |
952 | - Bug 3875: bad mimeLoadIconFile error handling | |
953 | - Bug 3483: assertion failed store.cc:1866: 'isEmpty()' | |
954 | - Bug 3329: pinned server connection is not closed properly | |
955 | - TLS: Disable client-initiated renegotiation | |
956 | - ext_edirectory_userip_acl: fix uninitialized variable | |
957 | - Support custom OIDs in *_cert ACLs | |
958 | - Fix CONNECT failover to IPv4 after trying broken IPv6 servers | |
959 | - Use relative-URL in errorpage.css for SN.png | |
960 | - Do not blindly forward cache peer CONNECT responses | |
961 | - Fix assertion String.cc:221: "str" | |
962 | - Fix assertion comm.cc:759: "Comm::IsConnOpen(conn)" in ConnStateData::getSslContextDone | |
963 | - Translations: add Spanish US dialect alias | |
964 | ||
c75a7d0a AJ |
965 | Changes to squid-3.5.5 (28 May 2015): |
966 | ||
967 | - Regression Bug 4132: short_icon_urls with global_internal_static on | |
968 | - Bug 4238: assertion Read.cc:205: "params.data == data" | |
969 | - Bug 4236: SSL negotiation error of 'success' | |
970 | - Bug 3930: assertion 'connIsUsable(http->getConn())' | |
971 | - Fix assertion MemBuf.cc:380: "new_cap > (size_t) capacity" in SSL I/O buffer | |
972 | - Fix assertion errorpage.cc:600: "entry->isEmpty()" | |
973 | - Fix comm_connect_addr on failures returns Comm:OK | |
974 | - Fix missing external ACL helper notes | |
975 | - Fix "Not enough space to hold server hello message" error message | |
976 | - Fix segmentation fault inside Adaptation::Icap::Xaction::swanSong | |
977 | - Prevent unused ssl_crtd helpers being run | |
978 | - ... and some code cleanup and portability updates | |
979 | - ... and several documentation updates | |
980 | ||
88e192b1 AJ |
981 | Changes to squid-3.5.4 (01 May 2015): |
982 | ||
983 | - Bug 4234: comm_connect_addr uses errno incorrectly | |
984 | - Bug 4231: fd_open() not correctly handling UDS socket descriptions | |
985 | - Bug 4226: digest_edirectory_auth: found but cannot be built | |
986 | - Bug 4198: assertion failed: client_side.h:364: "sslServerBump == srvBump" | |
987 | - Bug 3775: Disable HTTP/1.1 pipeline feature for pinned connections | |
988 | - Fix require-proxy-header preventing HTTPS proxying and ssl-bump | |
989 | - Fix Negotiate/Kerberos authentication request size exceeds output buffer size | |
990 | - Fix SQUID_X509_V_ERR_DOMAIN_MISMATCH errors while accessing sites with valid certificates | |
991 | - Add server_name ACL matching server name(s) obtained from various sources | |
992 | - Add Kerberos support for MAC OS X 10.x | |
993 | - Support for resuming TLS sessions | |
994 | - ... and some portability and compile fixes | |
995 | - ... and several documentation updates | |
996 | - ... and all fixes from squid 3.4.13 | |
997 | ||
548362ff AJ |
998 | Changes to squid-3.5.3 (28 Mar 2015): |
999 | ||
1000 | - Regression Bug 4213: negotiate_kerberos_auth: freeing non-dynamic memory | |
1001 | - Regression Bug 4206: Incorrect connection close on expect:100-continue | |
1002 | - Bug 4204: ./configure does not abort when required helpers cannot be built | |
1003 | - Bug 3805: support shared memory on MacOS X in Mem::IPC::Segment | |
1004 | - Bug 2907: high CPU usage on CONNECT when using delay pools | |
1005 | - basic_getpwnam_auth: fail authentication on crypt() failures | |
1006 | - basic_nis_auth: fail authentication on crypt() failures | |
1007 | - ext_kerberos_ldap_group_acl: Heimdal support improvements | |
1008 | - ext_wbinfo_group_acl: Perl 5.20 support | |
1009 | - ... and several compile issues | |
1010 | ||
4d3be924 AJ |
1011 | Changes to squid-3.5.2 (18 Feb 2015): |
1012 | ||
1013 | - Regression Bug 4176: Digest auth too many helper lookups | |
1014 | - Regression Bug 4180: not-fully-initialized data member in ACLUserData | |
1015 | - Bug 4172: Solaris broken krb5-config | |
1016 | - Bug 4073: Cygwin compile errors | |
1017 | - Bug 3919: remove several never-true / never-false comparisons | |
1018 | - HTTPS: Add missing root CAs when validating chains that passed internal checks | |
1019 | - Fix some cbdataFree related memory leaks | |
1020 | - Quieten CBDATA 'leak' messages | |
1021 | - Set SNI information in transparent bumping mode | |
1022 | - negotiate_kerberos_auth: fix krb5.conf backward compatibility | |
1023 | - Fix memory leaks in cachemgr.cgi URL parser | |
1024 | - Fix sslproxy_options in peek-and-splice mode | |
1025 | - ... and fix several portability and build issues | |
1026 | - ... and some documentation updates | |
1027 | - ... and all fixes from squid 3.4.11 | |
1028 | ||
aac5b91d AJ |
1029 | Changes to squid-3.5.1 (13 Jan 2015): |
1030 | ||
1031 | - Fix handling of invalid SSL server certificates when splicing connections | |
1032 | - basic_smb_lm_auth: Simplified MSNT basic auth helper | |
1033 | - squidclient: Fix -A and -P options | |
1034 | - ... and several portability fixes | |
1035 | - ... and all fixes from squid 3.4.11 | |
1036 | - ... and a lot of documentation updates | |
1037 | ||
cf62b886 AJ |
1038 | Changes to squid-3.5.0.4 (21 Dec 2014): |
1039 | ||
1040 | - Bug 3826: pt 2: Provide a systemd .service file for Squid | |
1041 | - Support http_access denials of SslBump "peeked" connections. | |
1042 | - Fix DONT_VERIFY_DOMAIN ssl flag | |
1043 | - Fix peek-and-splice mode: certificate validation for domain mismatched errors | |
1044 | - negotiate_kerberos_auth: MEMORY keytab and replay cache support | |
1045 | - ... and some documentation updates | |
1046 | - ... and a large amount of code polishing (non-logic changes) | |
1047 | ||
4666bb8d AJ |
1048 | Changes to squid-3.5.0.3 (09 Dec 2014): |
1049 | ||
1050 | - Bug 4146: workaround SSL Bump crash on Linux | |
1051 | - Bug 4135: Support \-escaped characters in regex patterns | |
1052 | - Bug 4131: SIGSEGV at store.cc:962 content_length > store_maxobjsize | |
1053 | - Fix delay_parameters parsing | |
1054 | - HTTP/2: handle 'PRI' method found in HTTP/1.x traffic | |
1055 | - ... and all changes from squid 3.4.10 | |
1056 | - ... and a lot of documentation updates | |
1057 | ||
bf611e3a AJ |
1058 | Changes to squid-3.5.0.2 (31 Oct 2014): |
1059 | ||
1060 | - Fix FTP socket opening during reconfigure | |
1061 | - ... and all changes from 3.4.9 | |
1062 | - ... and some build errors in rarely used code | |
1063 | - ... and several documentation updates | |
1064 | ||
e0dbeeb6 AJ |
1065 | Changes to squid-3.5.0.1 (17 Oct 2014): |
1066 | ||
1067 | - Port from 2.7: redirector and logging urlgroup feature | |
1068 | - Bug 4093: source-maintenance.sh bad perl -i option | |
1069 | - Bug 3608: per-service name for workers UDS sockets | |
1070 | - Bug 2554: 32-bit wrap in AUFS counters | |
1071 | - Bug 1961 pt1: URL handling redesign | |
1072 | - Bug 1202 pt1: documentation for refresh_pattern algorithms | |
1073 | - Update Squid boilerplate copyright/license | |
1074 | - Update the http(s)_port directives protocol= parameter | |
1075 | - Update forward_max_tries to permit 25 server paths | |
1076 | - Update Kerberos library detection and build options | |
1077 | - Support ACLs on ftp_epsv directive | |
1078 | - Support >32KB objects in cache_dir rock storage | |
1079 | - Support client connection annotation by helpers via clt_conn_tag=TAG | |
1080 | - Support native FTP Relay | |
1081 | - Support libgnugss Kerberos library | |
1082 | - Support libecap v1.0 | |
1083 | - Support SSL Peek and Splice feature | |
1084 | - Support receiving PROXY protocol version 1 and 2 | |
1085 | - Replace --enable-ssl build option with --with-openssl | |
1086 | - Enable -n service name command line option for all Squid builds | |
1087 | - Enable ICAP client by default | |
1088 | - Fix configuration file parsing bugs, related to quoted strings | |
1089 | - Fix Windows MinGW build errors | |
1090 | - Fix multiple TCP outgoing TOS/DiffServ bugs | |
1091 | - Fix Cygwin /etc/resolv.conf parsing | |
1092 | - Fix crash when sending %ssl::cert_subject to external ACL w/o certificate | |
1093 | - Fix crash reading malformed config files | |
1094 | - Send selected SSL version and cipher to the certificate validation helper | |
1095 | - Validate server certificates without bumping | |
1096 | - Add zero-copy string buffer support | |
1097 | - Add automated squid.conf parser testing with squid -k parse | |
1098 | - Add adaptation_service ACL | |
1099 | - Add logformat code %tS to log transaction start time | |
1100 | - Add logformat code %>rd to log client URL domain name | |
1101 | - Add key_extras to proxy authentication | |
1102 | - Add url_rewrite_extras and store_id_extras directives | |
1103 | - Add send_hit and store_miss directives | |
1104 | - Add collapsed_forwarding directive | |
1105 | - Add sslproxy_cert_sign_hash directive | |
1106 | - Add SMP SSL session cache | |
1107 | - Add cache_peer standby connections | |
1108 | - Add helper ext_delayer_acl | |
1109 | - Add TCP_TUNNEL log code for CONNECT tunnels which are not SSL-bumped | |
1110 | - Add BUILDCXX and BUILDCXXFLAGS configure options for cross-compile | |
1111 | - Remove COSS storage in favour of Rock storage | |
1112 | - Remove dnsserver and external DNS helper API in favour of mDNS | |
1113 | - Remove broken mallinfo() accounting and memory tracing | |
1114 | - Remove hierarchy_stoplist in favour of always_direct | |
1115 | - Deprecate tag ACL type in favour of note ACL type | |
1116 | - Deprecate urlgroup feature in favour of note ACL type | |
1117 | - HTTP/1.1: method names are case-sensitive | |
1118 | - HTTP/1.1: register new headers from RFC 723x | |
1119 | - squidclient: polish and update help display | |
1120 | - squidclient: support TLS with GnuTLS 3.1.5+ | |
1121 | - squidclient: support verbosity levels | |
1122 | - squidclient: --ping mode module support | |
1123 | - url_fake_rewrite: support concurrency | |
1124 | - storeid_file_rewrite: support concurrency | |
1125 | - digest_file_auth: support concurrency | |
1126 | - digest_edirectory_auth: support concurrency | |
1127 | - digest_ldap_auth: support concurrency | |
1128 | - ... and many error page translation updates | |
1129 | - ... and much code cleanup and polishing | |
1130 | ||
4df5649e AJ |
1131 | Changes to squid-3.4.14 (01 Aug 2015): |
1132 | ||
1133 | - Do not blindly forward cache peer CONNECT responses (CVE-2015-5400) | |
1134 | ||
88e192b1 AJ |
1135 | Changes to squid-3.4.13 (01 May 2015): |
1136 | ||
1137 | - Bug 4212: ssl_crtd crashes with corrupt database | |
1138 | - ... and some documentation updates | |
1139 | - ... and all fixes from squid 3.3.14 | |
1140 | ||
4d3be924 AJ |
1141 | Changes to squid-3.4.12 (18 Feb 2015): |
1142 | ||
1143 | - Bug 4066: Digest auth nonce indefinite rollover | |
1144 | - Bug 3997: Excessive NTLM or Negotiate auth helper annotations | |
1145 | - Fix several crashes when debugging enabled | |
1146 | - Fix silent SSL/TLS failure on split-stack operating systems | |
1147 | - HTTP/1.1: Stop emitting (Proxy-)Authentication-Info for Negotiate | |
1148 | - HTTPS: Add TLS/SSL option NO_TICKET to http[s]_port | |
1149 | - Remove dst ACL dependency on HTTP request message existence | |
1150 | - Set cap_net_admin when Squid sets TOS/Diffserv packet values | |
1151 | - ... and some documentation updates | |
1152 | ||
aac5b91d AJ |
1153 | Changes to squid-3.4.11 (13 Jan 2015): |
1154 | ||
1155 | - Bug 4164: SEGFAULT when %W formating code used in errorpages | |
1156 | - Bug 4057: Avoid on-exit crashes when adaptation is enabled. | |
1157 | - Bug 3760: squidclient ignores --disable-ipv6 | |
1158 | - Bug 3754: configure doesnt detect IPFilter 5.1.2 system headers | |
1159 | - Bug 3664: ssl_crtd fails to build on OpenSolaris/OpenIndiana/Solaris 11 | |
1160 | - cachemgr.cgi: memory leak in request parser | |
1161 | - Deleting first fs left psstate->servers pointing to uninitialized memory | |
1162 | - ... and some build issues | |
1163 | ||
4666bb8d AJ |
1164 | Changes to squid-3.4.10 (09 Dec 2014): |
1165 | ||
1166 | - Bug 4148: external_acl_type header format does not accept the new libformat syntax | |
1167 | - Bug 4145: squid_endian.h compile errors with OpenBSD 5.6 | |
1168 | - Bug 4033: Rebuild corrupted ssl_db/size file | |
1169 | - Bug 3902: Docs: external_acl_type cache hash key | |
1170 | - Fix segmentation fault in ACL urlpath_regex | |
1171 | - Fix bootstrap.sh dependency on SPONSORS.list | |
1172 | - Alternate-Protocol is a hop-by-hop header | |
1173 | - HTTP/2: Support 421 (Misdirected Request) status code | |
1174 | ||
bf611e3a AJ |
1175 | Changes to squid-3.4.9 (31 Oct 2014): |
1176 | ||
1177 | - Regression fix: ext_kerberos_ldap_group_acl typo in 3.4.7 update | |
1178 | - Bug 4102: sslbump cert contains only a dot character in key usage extension | |
1179 | - Bug 4093: source-maintenance.sh errors and warnings due to wrong tools/options | |
1180 | - Bug 4088: memory leak in external_acl_type helper with cache=0 or ttl=0 | |
1181 | - Bug 4024: Bad host/IP ::1 when using IPv4-only environment | |
1182 | - Bug 3803: ident leaks memory on failure | |
1183 | - kerberos_ldap_group/cert_tool: Remove ksh dependency | |
1184 | - ... and some automated code style updates | |
1185 | - ... and some documentation updates | |
1186 | ||
bd6c316a AJ |
1187 | Changes to squid-3.4.8 (15 Sep 2014): |
1188 | ||
1189 | - Fix off by one in SNMP subsystem | |
1190 | - pinger: Fix various ICMP handling issues | |
1191 | ||
abc809ce AJ |
1192 | Changes to squid-3.4.7 (28 Aug 2014): |
1193 | ||
1194 | - Regression Fix: Kerberos LDAP authorizing groups with principle subdomain | |
1195 | - Bug 4080: worker hangs when client identd is not responding | |
1196 | - Bug 3966: Add KeyEncipherment when ssl-bump substitues RSA for EC | |
1197 | - HTTP/1.1: Ignore Range headers with unidentifiable byte-range values | |
1198 | - SSL-bump: Use v3 for fake certificate if we add _any_ certificate extension | |
1199 | - Enable compile-time override for MAXTCPLISTENPORTS | |
1200 | - ntlm_sspi_auth: Fix various build errors | |
1201 | - negotiate_wrapper: Fix build issues with non-portable vfork() | |
1202 | - negotiate_sspi_auth: Portability fixes for MinGW | |
1203 | - ext_lm_group_acl: Portability fixes for MinGW | |
1204 | - ... and several minor memory leaks | |
1205 | ||
7f089ae4 AJ |
1206 | Changes to squid-3.4.6 (25 Jun 2014): |
1207 | ||
1208 | - Regression: segmentation fault logging with %tg format specifier | |
1209 | - Bug 4065: round-robin neighbor selection with unequal weights | |
1210 | - Bug 4056: assertion MemPools[type] from netdbExchangeStart() | |
1211 | - Bug 4050: segmentation fault in CommSelectEngine::checkEvents on helper response | |
1212 | - Fix segmentation fault setting up server SSL connnection | |
1213 | - Fix hanging Non-HTTPS connections on SSL-bump enabled port | |
1214 | - Fix Cache Manager actions listed more than once | |
1215 | - ... and many minor memory leaks | |
1216 | - ... and several portability build issues | |
1217 | - ... and some documentation updates | |
1218 | ||
51a22544 AJ |
1219 | Changes to squid-3.4.5 (02 May 2014): |
1220 | ||
1221 | - Regression Bug 4051: inverted test on CONNECT payload existence | |
1222 | - Regression Fix: order dependency between cache_dir and maximum_object_size | |
1223 | - Fix logformat %note display | |
1224 | - Resolve 'dying from an unhandled exception: c' | |
1225 | ||
445d8733 AJ |
1226 | Changes to squid-3.4.4.2 (23 Apr 2014): |
1227 | ||
51a22544 | 1228 | - version bump for packaging re-build with altered toolchain |
445d8733 | 1229 | |
e6b41a35 AJ |
1230 | Changes to squid-3.4.4.1 (23 Apr 2014): |
1231 | ||
1232 | - Regression Bug 4019: Cache digest exchange segmentation fault | |
1233 | - Regression Bug 3982: EUI logging and helpers show blank MAC address | |
1234 | - Bug 4047: Support Android builds | |
1235 | - Bug 4043: Remove XMALLOC_TRACE and references to sbrk(2) | |
1236 | - Bug 4041: Missing files in compat/Makefile.am | |
1237 | - Bug 4014: Build failure with --disable-optimizations --disable-auth | |
1238 | - Bug 3986: (partial) assertion due to incorrect error page buffer size | |
1239 | - Bug 3955: Solaris EUI-48 lookup leaks FDs | |
1240 | - Bug 3371: CONNECT with data sent at once loses data | |
1241 | - C++11: Upgrade auto-detection to use the formal -std=c++11 | |
1242 | - Crypto-NG: libnettle MD5 algorithm support | |
1243 | - SSL-Bump: Fix Basic auth caching on bumped connections | |
1244 | - Store-ID: Fix request URI when forwarding requests to peers | |
1245 | - ... and fix several other build errors | |
1246 | - ... and some documentation updates | |
1247 | ||
d3b930ff AJ |
1248 | Changes to squid-3.4.4 (09 Mar 2014): |
1249 | ||
1250 | - Bug 4029: intercepted HTTPS requests bypass caching checks | |
1251 | - Bug 4001: remove use of strsep() | |
1252 | - Bug 3186 and 3628: Digest authentication always sending stale=false for nonce | |
1253 | - Fix stalled concurrent rock store reads | |
1254 | - Fix helper ID number assignment | |
1255 | - Fix build failures from CMSG related definitions | |
1256 | - Fix build failures from libcompat unsafe.h protections | |
1257 | - Copyright: Relicense helpers by Treehouse Networks Ltd. | |
1258 | - ... and all bug fixes from 3.3.12 | |
1259 | ||
a01166da AJ |
1260 | Changes to squid-3.4.3 (02 Feb 2014): |
1261 | ||
1262 | - Bug 4008: HttpHeader warnOnError should be an int not a bool | |
1263 | - Bug 4002: clang 3.4 unable to compile | |
1264 | - Bug 3996: Malformed DNS reply leads to crash | |
1265 | - Bug 3995: compile error on CentOS 5 with GCC 4.1.2 | |
1266 | - Bug 3975: atomic detection cross-compilation failure | |
1267 | - Bug 3971: "cannot aggregate mgr:client_list: cmd->profile != NULL" in SMP mode | |
1268 | - Bug 3954: compile failure in CpuAffinity.cc | |
1269 | - Bug 3927: tests/testRock fatal.cc required | |
1270 | - Fix memory leak in peer Cache Digest exchange | |
1271 | - Fix external_acl_type async loop failures | |
1272 | - Fix destination IP address cycling | |
1273 | - ... and a few polishing changes | |
1274 | ||
441842f0 AJ |
1275 | Changes to squid-3.4.2 (30 Dec 2013): |
1276 | ||
1277 | - Regression Bug 3980: FATAL ERROR due to max_user_ip -s option | |
1278 | - Regression Fix: \-unescaping in quoted strings from helpers | |
1279 | - Regression Fix: URL helper API bypassing on URL containing '=' character | |
1280 | - Bug 3985: 60s limit introduced by balance_on_multiple_ip breaks bad IP recovery | |
1281 | - Bug 3806: Caching responses with Vary header | |
1282 | - Bug 3498: FTP PUT assertion | |
1283 | - WCCPv2: Fix assertion 'Cannot convert non-IPv4 to IPv4' on FreeBSD | |
1284 | - Enable concurrency by default for SSL certificate validator | |
1285 | - ... and fix several build errors | |
1286 | ||
12f64d19 AJ |
1287 | Changes to squid-3.4.1 (09 Dec 2013): |
1288 | ||
1289 | - Bug 3935: Invalid pointer dereference when peeking at origin server certificate | |
1290 | - Bug 3589: intercepted and ICAP modified request using a cache_peer | |
1291 | - ... and several portability fixes | |
1292 | - ... and some documentation updates | |
1293 | ||
277afc6e AJ |
1294 | Changes to squid-3.4.0.3 (01 Dec 2013): |
1295 | ||
1296 | - Bug 3941: Release notes error | |
1297 | - Receive annotations from authentication and external ACL helpers | |
1298 | - basic_nis_auth: Improved portability | |
1299 | - ... and several documentation updates | |
1300 | - ... and all bug fixes from 3.3.9, 3.3.10, 3.3.11 | |
1301 | ||
2d011f52 | 1302 | Changes to squid-3.4.0.2 (03 Oct 2013): |
ae2b6fc9 AJ |
1303 | |
1304 | - Regression Bug 3891: squid.conf parser errors in 3.4.0.1 | |
1305 | - Regression Fix: re-disable MinGW C++11 support | |
1306 | - Bug 3914: partial: make squidclient tool build cleanly with -Wconversion | |
1307 | - Fix memory leak in refresh_pattern parsing | |
1308 | - negotiate_kerberos_auth: upgrade to present group= keys | |
1309 | - Handle NTLM helper returning OK without user= value | |
1310 | - Add dns_multicast_local to control mDNS operation | |
1311 | - Add --disable-arch-native build option | |
1312 | - Display Build-Info in cache manager info report | |
1313 | - ... and all changes from squid 3.3.9 | |
1314 | - ... and some code and debug output polishing | |
1315 | ||
14561e1c | 1316 | Changes to squid-3.4.0.1 (29 Jul 2013): |
13db7eef AJ |
1317 | |
1318 | - Port from 2.7: StoreURL (renamed Store-ID) support | |
1319 | - Bug 3795: fix several mistakes in the MIB file | |
1320 | - Bug 3793: configure: improved helper detection | |
1321 | - Bug 3722: Invalid markup in Armenian hy ERR_ONLY_IF_CACHED_MISS | |
1322 | - Bug 3676: Support GCC 4.7 with -Wshadow option | |
1323 | - Bug 3643: NTLM helpers stuck in reserved state by Safari | |
1324 | - Bug 3389: Auto-reconnect for tcp access_log | |
1325 | - Bug 2066: squid does not do chdir() after chroot() | |
1326 | - Fix uninitialized fields in IcapLogEntry | |
1327 | - Fix a number of minor issues detected by Coverity Scan | |
1328 | - Fix some potential memory leaks detected by Coverity Scan | |
1329 | - Fix 64-bit support for Intel compiler suite (ICC) and other similar compilers | |
1330 | - Fix ACL matching algorithm to avoid repeating tests | |
1331 | - basic_pam_auth: Add -r option to strip NTLM/Negotiate domain from username | |
1332 | - squidpurge: fix META TLV parsing issues | |
1333 | - squid.conf: enforce all the directive and option names are lower-case | |
1334 | - Support EUI on HTTPS and FTP data connections | |
1335 | - Support OK/ERR/BH response codes from any helper | |
1336 | - Support No-lookup flag (-n) on DNS ACLs | |
1337 | - Support -march=native compiler optimization by default | |
1338 | - Support forwarding intercepted but not bumped connections to cache_peers | |
0bbaae54 | 1339 | - Support IPv6 NAT interception on Linux and some BSD |
13db7eef AJ |
1340 | - Deprecate log_icap and log_access configuration directives |
1341 | - HTTP/1.1: improved method invalidation and cacheability detection | |
1342 | - HTTP/1.1: support length configuration for pipeline_prefetch queue | |
1343 | - Improved TPROXY support for OpenBSD and FreeBSD | |
0bbaae54 | 1344 | - Add storeid_file_rewrite helper to perform Store-ID rewrites from a rules file |
13db7eef AJ |
1345 | - Add all-of and any-of ACL types for grouping sets of ACL tests |
1346 | - Add note directive for transaction annotations | |
1347 | - Add %note log format for transaction annotation logging | |
1348 | - Add note ACL type for matching annotated transactions with by annotation name or value | |
1349 | - Add kv-pair support to URL-rewrite/redirector interface | |
1350 | - Add SSL server certificate validator interface, helper and result cache | |
1351 | - Add SSL server certificate fingerprint ACL type | |
1352 | - Add spoof_client_ip access control | |
1353 | - Add pt-bz (Belize Portuguese) dialect to translations | |
1354 | - ... and many Windows portability changes (still incomplete) | |
1355 | - ... and many documentation changes | |
1356 | - ... and much code cleanup and polishing | |
988a7fba | 1357 | |
88e192b1 AJ |
1358 | Changes to squid-3.3.14 (01 May 2015): |
1359 | ||
1360 | - Bug 4093: source-maintenance.sh errors and warnings due to wrong tools/options | |
1361 | - ... and some documentation updates | |
1362 | - ... and all fixes from squid 3.2.14 | |
1363 | ||
abc809ce AJ |
1364 | Changes to squid-3.3.13 (28 Aug 2014): |
1365 | ||
1366 | - Fix segmentation fault setting up server SSL connnection | |
1367 | - HTTP/1.1: Ignore Range headers with unidentifiable byte-range values | |
1368 | ||
d3b930ff AJ |
1369 | Changes to squid-3.3.12 (09 Mar 2014): |
1370 | ||
1371 | - Regression Bug 3769: client_netmask not evaluated since Comm redesign | |
1372 | - Bug 4026: Fix SSL and adaptation_access handling of aborted connections | |
1373 | - Bug 3969: Fix credentials caching for Digest authentication | |
1374 | - Bug 3806: Caching responses with Vary header | |
1375 | - Fix umask default on crash report generated email | |
1376 | - Fix pthread library detection on FreeBSD 10 | |
1377 | - Avoid assertions on Range requests that trigger Squid-generated errors. | |
1378 | ||
277afc6e AJ |
1379 | Changes to squid-3.3.11 (01 Dec 2013): |
1380 | ||
1381 | - Regression Bug 3936: error-details.txt parse error with OpenSSL since 3.3.9 | |
1382 | - Bug 3972: Segfault when getting the deny_info page ID after a reconfigure | |
1383 | - Bug 3970: max_filedescriptors disabled due to missing setrlimit | |
1384 | - Bug 3967: ipc/Kid.cc compilation failure: 'time' was not declared in this scope | |
1385 | - Bug 3960: DEAD cache_peer are not revived | |
1386 | - Bug 3956: xstrndup: tried to dup a NULL pointer | |
1387 | - Bug 3906: Filedescriptor leaks in SNMP | |
1388 | - Bug 3782: Digest authentication not obeying nonce_max_count | |
1389 | - HTTP/1.1: Make header parser obey relaxed_header_parser | |
1390 | - HTTP/1.1: Re-compute Range response content offset after an FTP response was adapted | |
1391 | - SMP: Replace blocking sleep(3) and close UDS socket on failures | |
1392 | - Windows: fix several compile errors | |
1393 | ||
c663cc36 AJ |
1394 | Changes to squid-3.3.10 (03 Nov 2013): |
1395 | ||
1396 | - Bug 3929: request_header_add not working for tunnel requests | |
1397 | - Bug 3923: cbdata and undefined behavior due to dynamic runtime enumeration | |
1398 | - Bug 3918: Self Test Failures on Mac OS X 10.8 | |
1399 | - Bug 3887: tcp_outgoing_tos not working for IPv6 | |
1400 | - Bug 3836: Fix issues with automake 1.13+ and make check | |
1401 | - Bug 3480: StoreEntry::kickProducer() segfaults in store_client::copy() | |
1402 | - Fix pinning hierarchy log information | |
1403 | - Fix close idle client connections associated with closed idle pinned connections. | |
1404 | - Fix cbdata 'error: expression result unused' errors | |
1405 | - Avoid "hot idle": A series of rapid select() calls with zero timeout. | |
1406 | - Append Connection:close to OPTIONS requests when icap_persistent_connections is off | |
1407 | - ntlm_fake_auth: pass DOMAIN data to Squid in original case | |
1408 | - kerberos_ldap_group: fix LDAP string duplication | |
1409 | - Use IPv6 localhost nameserver on DNS configuration errors | |
1410 | - Add cache_miss_revalidate | |
1411 | - ... and several portability improvements | |
1412 | ||
db01c30c AJ |
1413 | Changes to squid-3.3.9 (11 Sep 2013): |
1414 | ||
1415 | - Regression Bug 3077: off-by-one error in Digest header decoding | |
1416 | - Bug 3895: fix acl_uses_indirect_client and cache_peer_access | |
1417 | - Bug 3879: assertion failed ConnStateData::validatePinnedConnection | |
1418 | - Bug 3863: myportname acl causes segmentation fault | |
1419 | - Bug 3849: Duplicate certificate sent when using https_port | |
1420 | - Bug 2287: Better fix for unsupported HTTP version handling | |
1421 | - Bug 2112: Reload into If-None-Match | |
1422 | - Fix several assert with side effects in ICAP/eCAP response handling | |
1423 | - Fix myportname ACL on ICAP/eCAP transactions | |
1424 | - Fix external ACL user:pass detail logging after adaptation | |
1425 | - Fix SMP mgr:info report 'Largest file desc currently in use' | |
1426 | - Handle infinite certificate validation loops caused by OpenSSL Bug 3090. | |
1427 | - Improved compatibility with gcc 4.8, clang and icc | |
1428 | - Show number of available filedescriptors when reserved FD changes | |
1429 | - Sync with newest OpenSSL error codes | |
1430 | - Register Http2-Settings header | |
1431 | - ... and many Windows portability fixes | |
1432 | ||
8dbafb10 AJ |
1433 | Changes to squid-3.3.8 (13 Jul 2013): |
1434 | ||
1435 | - Bug 3869: assertion failed: MemBuf.cc:272: size < capacity | |
1436 | - Improved handling of port values in Host: header validation | |
1437 | ||
2fea9d2b AJ |
1438 | Changes to squid-3.3.7 (11 Jul 2013): |
1439 | ||
1440 | - Bug 3297: Fix openSSL related build failures | |
1441 | - Fix build on FreeBSD 9.x platform with clang | |
1442 | - Protect against buffer overrun in DNS query generation | |
1443 | ||
1a39473b AJ |
1444 | Changes to squid-3.3.6 (01 Jul 2013): |
1445 | ||
1446 | - Bug 3854: pt1: compile errors on AIX | |
1447 | - Bug 3802: Fix wrong check inside Format::Format::assemble | |
13db7eef | 1448 | - Bug 3762: remove bogus WARNING in cache.log |
1a39473b AJ |
1449 | - Bug 3717: assertion failed with dstdom_regex with IP based URL |
1450 | - Bug 1991: kqueue causes SSL to hang | |
1451 | - Ask for SSL key password when started with -N but without sslpassword_program | |
1452 | - Make sure %<tt includes all [failed] connection attempts | |
1453 | - Support HTTP reply ACLs in icap_log and log_icap | |
1454 | - Fix incorrect external_acl_type codes | |
1455 | - Fix ICAP logging request headers and segmentation faults | |
1456 | - ... and some documentation polish | |
1457 | ||
9c7aeeb8 AJ |
1458 | Changes to squid-3.3.5 (20 May 2013): |
1459 | ||
1460 | - Bug 3851: Delay Pool class 5 tag:levels displayed incorrectly in cache manager | |
1461 | - Bug 3845: http_port tcpkeepalive= option fails parsing | |
1462 | - Bug 3840: assertion failed 'sde' in UFS cache loading | |
1463 | - Bug 3836: make check failures with automake-1.13 | |
1464 | - Bug 3827: Remove AccessLogEntry::cache.authuser | |
1465 | - Bug 3816 pt2: SSL_get_certificate call inside Ssl::verifySslCertificate crashes | |
1466 | - Bug 3780: cachemgr.cgi: output problem in HTTP Header Statistics | |
1467 | - Bug 3759: OpenSSL compilation error on stock Fedora17, RHEL, CentOS 6 systems | |
1468 | - Bug 3744: squid terminated: FATAL: Bungled (null) line 3: sslproxy_cert_sign signTrusted all | |
1469 | - Port from 2.6: external acl %ACL and %DATA tags | |
1470 | - Update copyright on SN.png | |
1471 | - ... and several minor memory leaks | |
1472 | - ... and some documentation polish | |
1473 | ||
988a7fba AJ |
1474 | Changes to squid-3.3.4 (27 Apr 2013): |
1475 | ||
1476 | - Bug 3831: basic_ncsa_auth Blowfish and SHA support | |
1477 | - Bug 3816: SSL_get_certificate call inside Ssl::verifySslCertificate crashes | |
1478 | - Bug 3794: MacOS: workaround compiler errors and case-insensitivity | |
1479 | - Bug 3781: Proxy Authentication not sent to cache_peer | |
1480 | - Bug 3720 pt1: SourceLayout: shuffle fd_table definition into fde.h | |
1481 | - Bug 3720 pt2: Add missing include in /dev/poll I/O module | |
1482 | - Bug 3674: Improve compiler detection, better support warnings-as-errors on clang | |
1483 | - Add support for TPROXY on BSD | |
1484 | - Fix SSL Bump bypass for intercepted traffic | |
1485 | - Fix memory leaks in ConnStateData pinning | |
1486 | - Fix external_acl.cc "inBackground" assertion on queue overloads | |
1487 | - CacheMgr: fix missing column separator in helper stats | |
1488 | - OpenBSD: libpthreads requires OpenBSD 5.2 or later | |
1489 | - ... and lots of documentation updates | |
1490 | - ... and all changes from squid 3.2.10 | |
1491 | ||
40c973aa AJ |
1492 | Changes to squid-3.3.3 (12 Mar 2013): |
1493 | ||
1494 | - Bug 3720: Add missing include in /dev/poll I/O module (pt2) | |
1495 | - ... and all changes from squid 3.2.9 | |
1496 | ||
d4dc9eea AJ |
1497 | Changes to squid-3.3.2 (02 Mar 2013): |
1498 | ||
1499 | - Bug 3781: Proxy Authentication not sent to cache_peer | |
1500 | - Bug 3794: MacOS: workaround compiler errors | |
1501 | - Bug 3720: Compile error in Solaris /OpenIndiana | |
1502 | - ... and all changes from squid 3.2.8 | |
1503 | ||
21744e8b AJ |
1504 | Changes to squid-3.3.1 (09 Feb 2013): |
1505 | ||
1506 | - Bug 3726: build errors with --disable-ssl | |
1507 | - Propigate pinned connection persistency and closures to the client. | |
1508 | - Mimic SSL certificate Key Usage and Basic Constraints | |
1509 | - Fix segmentation fault on missing squid.conf values | |
1510 | - ext_sql_session_acl: Fix hex decoding on UID | |
1511 | - ... and some code polish | |
1512 | - ... and a lot of documentation polish | |
1513 | - ... and all changes from squid 3.2.7 | |
1514 | ||
56eea3f2 AJ |
1515 | Changes to squid-3.3.0.3 (09 Jan 2013): |
1516 | ||
1517 | - Bug 3729: 32-bit overflow in parsing 64-bit configuration values | |
1518 | - Bug 3728: Improve debug for cache_dir | |
1519 | - Additional fixes for CVE-2012-5643 / SQUID:2012-1 | |
1520 | - kerberos_ldap_group: support multiple groups in squid.conf ACL definition | |
1521 | - kqueue: update status from experimental to fully available net I/O method | |
1522 | - ... and many memory leaks and potential bugs detected by Coverity Scan | |
1523 | ||
bd4920ca AJ |
1524 | Changes to squid-3.3.0.2 (03 Dec 2012): |
1525 | ||
1526 | - Support matching empty header field values using req_header and rep_header | |
1527 | - ... and some minor code polish and input vaidations | |
1528 | - ... and all changes from squid 3.2.4 | |
1529 | ||
362d74b6 AJ |
1530 | Changes to squid-3.3.0.1 (21 Oct 2012): |
1531 | ||
1532 | - Bug 3610: Add peername_regex ACL | |
1533 | - Bug 3239: rename myip/myport as localip/localport | |
1534 | - Bug 3130: helpers are crashing too rapidly | |
1535 | - Add log_db_daemon SQL Database Logging Daemon | |
1536 | - Add ext_time_quota_acl helper managing sessions by bandwidth usage | |
1537 | - Add request_header_add option | |
1538 | - Support C++11 features where possible | |
1539 | - Support bump-ssl-server-first | |
1540 | - Support mimic SSL server certificates | |
1541 | - Remove --enable-ntlm-fail-open | |
1542 | - Fix TLS/SSL Options does not apply to the dynamically generated certificates | |
1543 | - Fix SslBump stuck after error | |
1544 | - Polish: display ACL enumeration text in debugs | |
1545 | - ... and many portability fixes for MacOS X, Windows and others | |
1546 | - ... and many compile error fixes | |
1547 | - ... and a very large amount of code polish for faster compilation | |
1548 | ||
88e192b1 AJ |
1549 | Changes to squid-3.2.14 (01 May 2015): |
1550 | ||
1551 | - Fix 'access_log none' to prevent following logs being used | |
1552 | - Fix X509 server certificate domain matching | |
1553 | - ... some documentation updates | |
1554 | ||
8dbafb10 AJ |
1555 | Changes to squid-3.2.13 (13 Jul 2013): |
1556 | ||
1557 | - Bug 3869: assertion failed: MemBuf.cc:272: size < capacity | |
1558 | - Improved handling of port values in Host: header validation | |
1559 | ||
2fea9d2b AJ |
1560 | Changes to squid-3.2.12 (11 Jul 2013): |
1561 | ||
1562 | - Protect against buffer overrun in DNS query generation | |
1563 | - Avoid !closing assertions when helpers call comm_read during reconfigure. | |
1564 | - Fix several minor memory leaks during reconfigure | |
1565 | - Remove origin_tries limiter on forwarding and permit large max_forward_tries values | |
1566 | ||
80c1bddb AJ |
1567 | Changes to squid-3.2.11 (30 Apr 2013): |
1568 | ||
1569 | - Regression Bug 3839: build error: src/tools.h: No such file or directory | |
1570 | - Update copyright on SN.png | |
1571 | ||
988a7fba AJ |
1572 | Changes to squid-3.2.10 (27 Apr 2013): |
1573 | ||
1574 | - Bug 3833: squidclient: Option '-k' is not present in man(1) page | |
1575 | - Bug 3825: basic_ncsa_auth: segfaulting with glibc-2.17 | |
1576 | - Bug 3822: Locate LDAP and SASL headers for BSD support | |
1577 | - Bug 3817: Memory leak in SSL cert validate for alt_name peer certs | |
1578 | - Bug 3774: 'squid -k reconfigure' drops rock cache | |
1579 | - Bug 3565: Resuming postponed accept kills Squid | |
1580 | - HTTP/1.1: partial support for no-cache and private controls with parameters | |
1581 | - ssl_crtd: fix helpers dying during startup on ARM | |
1582 | - GNU Hurd: define MAP_NORESERVE as no-op when missing | |
1583 | - BSD: fix enter_suid/leave_suid build errors in ip/Intercept.cc | |
1584 | ||
40c973aa AJ |
1585 | Changes to squid-3.2.9 (12 Mar 2013): |
1586 | ||
1587 | - Regression fix: Accept-Language header parse | |
1588 | - Bug 3673: Silence 'Failed to select source' messages | |
1589 | - Fix authentication headers sent on peer digest requests | |
1590 | - Fix build error on Solaris, OpenIndiana, Omnios | |
1591 | ||
d4dc9eea AJ |
1592 | Changes to squid-3.2.8 (02 Mar 2013): |
1593 | ||
1594 | - Bug 3767: tcp_outgoing_tos/mark ACLs do not obey acl_uses_indirect_client | |
1595 | - Bug 3763: diskd Error: no filename in shm buffer | |
1596 | - Bug 3752: objects that cannot be cached in memory are not cached on disk | |
1597 | - Bug 3753: Removes the domain from the cache_peer server pconn key | |
1598 | - Bug 3749: IDENT lookup using wrong ports to identify the user | |
1599 | - Bug 3723: tcp_outgoing_tos/mark broken for CONNECT requests | |
1600 | - Bug 3686: cache_dir max-size default fails | |
1601 | - Bug 3515: crash in FtpStateData::ftpTimeout | |
1602 | - Bug 3329: Quieten orphan Comm::Connection messages | |
1603 | - Make squid -z for cache_dir rock preserve the rock DB | |
1604 | - Fixed several server connect problems | |
02824360 AJ |
1605 | - ... and some build issues on Solaris, OpenIndiana, MacOS X |
1606 | - ... and some documentation and debugs polishing | |
d4dc9eea | 1607 | |
54ccbeea AJ |
1608 | Changes to squid-3.2.7 (01 Feb 2013): |
1609 | ||
1610 | - Bug 3736: Floating point exception due to divide by zero | |
1611 | - Bug 3735: raw-IPv6 domain URLs crash if IPv6-disabled | |
1612 | - Bug 3732: Fix ConnOpener IPv6 awareness | |
1613 | - Bug 3729: 32-bit overflow in parsing 64-bit configuration values | |
1614 | - Bug 3728: Improve debug for cache_dir | |
1615 | - Bug 3687: unhandled exception: c when using interception and peers | |
1616 | - Bug 3678: external acl grace period causes acl lookup failures | |
1617 | - Bug 3567: Memory leak handling malformed requests | |
1618 | - Bug 3111: Mid-term fix for the forward.cc "err" assertion | |
1619 | - Support OpenSSL NO_Compression optio | |
1620 | - Fix IPv6 enabled pinger on split-stack or IPv6-disabled systems | |
1621 | - Fix "address.GetPort() != 0" assertion for helpers | |
1622 | - ... and several minor memory leaks | |
1623 | - ... and some cache.log message polishing | |
1624 | ||
56eea3f2 AJ |
1625 | Changes to squid-3.2.6 (09 Jan 2013): |
1626 | ||
1627 | - Regression Bug 3731: TOS setsockopt() requires int value | |
1628 | - Regression Bug 3712: Rotating logs overwrites the previous log | |
1629 | - Bug 3727: LLVM compile errors in kerberos_ldap_group | |
1630 | - Bug 3650: Negotiate auth missing challenge token | |
1631 | - Additional fixes for CVE-2012-5643 / SQUID:2012-1 | |
1632 | ||
eeb80d48 AJ |
1633 | Changes to squid-3.2.5 (10 Dec 2012): |
1634 | ||
1635 | - Bug 3698: Add missing include of errno.h | |
1636 | ||
bd4920ca AJ |
1637 | Changes to squid-3.2.4 (03 Dec 2012): |
1638 | ||
1639 | - Ported: urllogin ACL from squid 2.7 | |
1640 | - Bug 3688: Lots of Orphan Comm:Connections to ICAP server | |
1641 | - Bug 3677: Port un-pinning logic changes from squid 3.3 | |
1642 | - Bug 3405: ssl_crtd crashes failing to remove certificate | |
1643 | - ... and major bugs fixed in squid 3.1.22 | |
1644 | - Fix accept_filter on Linux | |
1645 | - Remove 'Bungled' warning on missing component directives | |
1646 | - ... and many buffer and memory leak issues in the bundled helpers | |
1647 | - ... and a small amount of code polishing | |
1648 | ||
362d74b6 AJ |
1649 | Changes to squid-3.2.3 (21 Oct 2012): |
1650 | ||
1651 | - Regression: SMP crashes on startup with workers > 1 | |
1652 | - Bug 3655: pinning failure breaks NTLM and Negotiate authentication | |
1653 | - SMP: Allow a UFS cache_dir entry to coexist with a shared memory cache entry | |
1654 | - HTTP/1.1: honour Cache-Control before Pragma:no-cache | |
1655 | - HTTP/1.1: Cache-Control compliance upgrade | |
1656 | - Remove obsoleted refresh_pattern ignore-no-cache option | |
1657 | - Fix IPv6 enabled squidclient | |
1658 | - ... and several compile fixes | |
1659 | ||
1660 | Changes to squid-3.2.2 (06 Oct 2012): | |
a18ad4b5 AJ |
1661 | |
1662 | - Regression: Make login=PASS send no credentials when none available | |
1663 | - Regression: Handle dstdomain duplicates and overlapping names better | |
1664 | - Bug 3661: Segmentation fault when using more than 1 worker | |
1665 | - Bug 3660: ACLFilledChecklist::fd set with wrong fd for sslproxy_cert_error | |
1666 | - Bug 3658: ERR_ZERO_SIZE_OBJECT propagates out even after successful retry | |
1667 | - Bug 3648: polish String class files | |
1668 | - Bug 3647: parsing hier_code acl fails | |
1669 | - Bug 3626: forwarding loops on intercepted traffic | |
1670 | - Bug 3616: retrieve client connection for ACL checks from the related HttpRequest object | |
1671 | - Bug 3609: several RADIUS helper improvements | |
1672 | - Bug 3605: memory leak in Negotiate authentication | |
1673 | - Fix small memory leak in src ACL parse | |
1674 | - Fix maximum_single_addr_tries upgrade | |
1675 | - Fix chunked encoding on responses carrying a Content-Range header. | |
1676 | - Do not reuse persistent connections for PUTs to avoid ERR_ZERO_SIZE_OBJECT | |
1677 | - ... and several compile errors | |
1678 | ||
c72a2049 AJ |
1679 | Changes to squid-3.2.1 (15 Aug 2012): |
1680 | ||
1681 | - Bug 3605: memory leak in peer selection | |
1682 | - Bug 3478: better default handling without -DSTRICT_ORIGINAL_DST | |
1683 | - ... and some documentation updates | |
1684 | ||
a9eec4aa AJ |
1685 | Changes to squid-3.2.0.19 (02 Aug 2012): |
1686 | ||
1687 | - Regression Bug 3580: IDENT request makes squid crash | |
1688 | - Regression Bug 3577: File Descriptors not properly closed | |
1689 | - Regression Bug 3478: Allow peer selection and connection auth on intercepted traffic | |
1690 | - Regression Fix: Restore memory caching ability | |
1691 | - Bug 3556 Workaround: epoll assertion failed: comm.cc:1093: isOpen(fd) | |
1692 | - Bug 3551: store_rebuild.cc:116: "store_errors == 0" assertion | |
1693 | - Bug 3525: Do not resend nibbled PUTs and avoid "mustAutoConsume" assertion. | |
1694 | - Avoid bogus "Disk space over limit" warnings when rebuidling dirty ufs index | |
1695 | - Support custom headers in [request|reply]_header_* manglers | |
1696 | - ... and much code polishing | |
1697 | ||
5cc53d80 | 1698 | Changes to squid-3.2.0.18 (29 Jun 2012): |
f787354b AJ |
1699 | |
1700 | - Bug 3576: ICY streams being Transfer-Encoding:chunked | |
1701 | - Bug 3537: statistics histogram leaks memory | |
1702 | - Bug 3526: digest authentication crash | |
1703 | - Bug 3484: Docs: sslproxy_cert_error example flawed | |
1704 | - Bug 3462: Delay Pools and ICAP | |
1705 | - Bug 3405: ssl_crtd crashes failing to remove certificate | |
1706 | - Bug 3380: Mac OSX compile errors with CMSG_SPACE | |
1707 | - Bug 3258: Requests hang when Host forgery verify fails | |
1708 | - Bug 3186: Digest auth caches failed state without revalidating | |
1709 | - Bug 2976: ERR_INVALID_URL for transparently captured requests when reconfiguring | |
1710 | - Bug 2885: AIX: check and set required compiler flags | |
1711 | - Fix ssl_crtd compile issues with libsslutil | |
1712 | - Fix build with GCC 4.7 (and probably other C++11 compilers). | |
1713 | - Fix double-escape of %R on deny_info redirect responses | |
1714 | - Support status 308 Permanent Redirect | |
1715 | - Support for TLSv1.1 and TLSv1.2 options and methods | |
1716 | - Support passing external_acl_type credentials on ICAP | |
1717 | - Language Updates: fr, hy, pt_BR | |
1718 | - ... and many compile issues on Windows | |
1719 | - ... and some minor code polish | |
1720 | ||
5cc53d80 | 1721 | Changes to squid-3.2.0.17 (12 Apr 2012): |
f949585d AJ |
1722 | |
1723 | - Bug 3527: EUI compile errors on Mac OS X 10.5.8 PPC | |
1724 | - Bug 3509: kQueue compile error | |
1725 | - Bug 3505: crash in CbcPointer<Comm::ConnOpener> constructor | |
1726 | - Bug 3441: Part 3: Replace corrupted v1 swap.state with new v2 format. | |
1727 | - Bug 3397: do not mark connection as opened until after SYN-ACK | |
1728 | - Bug 3193: NTLM decoder truncating strings | |
1729 | - Windows FD handling polish and some fixes | |
1730 | - Solaris 9/10 various build fixes | |
1731 | - ... and some more code polish | |
1732 | ||
5cc53d80 | 1733 | Changes to squid-3.2.0.16 (07 Mar 2012): |
488e6901 AJ |
1734 | |
1735 | - Bug 3508: Correct DNS timeout handling. | |
1736 | - Bug 3503: DNS PTR queries timeout due to wrong QIDs. | |
1737 | - Bug 3497: Bad ssl_crtd db size file causes infinite loop | |
1738 | - Bug 3490: part 1: SegFault opening FTP active data connections | |
1739 | - Bug 3490: Crash writing Apache Common and Referer/Useragent logs | |
c5426f8f | 1740 | - Bug 3458: Icon Serving (squid-internal-static) Broken |
488e6901 AJ |
1741 | - Bug 3457: Display TLS error details in ERR_SECURE_CONNECT_FAIL |
1742 | - Bug 3381: 32-bit overflow assertion in StatHist | |
1743 | - Bug 3324: loadFromFile: parse error while reading template file | |
1744 | - Support sslpassword_program for ssl-bump HTTP ports | |
1745 | - Support CoAP protocol coap:// and coaps:// URL schemes in HTTP requests | |
1746 | - Retry requests that failed due to a persistent connection race | |
1747 | - Log '-' on requests with no Referer or User-Agent headers | |
1748 | - ... and several fixes related to in-transit object performance | |
1749 | - ... and some structural design changes for portability | |
1750 | ||
5cc53d80 | 1751 | Changes to squid-3.2.0.15 (06 Feb 2012): |
f9329b54 AJ |
1752 | |
1753 | - Bug 3472: segfault with the message 'urlParse: URL too large' | |
1754 | - Bug 3471: segfault when %la formating code used | |
1755 | - Bug 3449: part 3: shm_open can fail with a mangled path | |
1756 | - Bug 3449: part 4: shm_open failed (fixing memory_cache_shared defaults) | |
1757 | - Bug 3448: 204 response problem in adaptation chains | |
1758 | - Bug 3447: assertion failed: CommCalls.h:150: "dp" | |
1759 | - Bug 3461: build regression in IPFilter NAT | |
1760 | - Bug 3413: raise cbdata lock limits | |
1761 | - Bug 3391: forwarded_for log functionality broken | |
1762 | - Bug 3268: Squid cannot do anything else during ufs/diskd rebuild | |
1763 | - Bug 3268: remove wrong 'Ready to serve requests.' message | |
1764 | - Bug 2519: ssl_bump + Authentication (LDAP Digest) issues | |
1765 | - Disable OpenSSL SSL/TLS bug workarounds by default | |
1766 | - Send DNS A and AAAA queries in parallel | |
1767 | - Cache Manager migration support | |
1768 | - Allow service of internal requests over reverse-proxy ports | |
1769 | - Fix trimMemory for unswappable objects | |
1770 | - ... and several build and polish fixes | |
1771 | ||
902bc38b AJ |
1772 | Changes to squid-3.2.0.14 (12 Dec 2011): |
1773 | ||
1774 | - Bug 3433: Segfault closing SNMP | |
1775 | - Bug 3420: Request body consumption races and !theConsumer exception. | |
1776 | - Bug 3406: SSL Log Error in debug | |
1777 | - Bug 3383: store.cc:1631: "new_status != IN_MEMORY" assertion | |
1778 | - Bug 3383: unhandled exception: theGroupBSize > 0 | |
1779 | - Bug 3377: assertion failed: store.cc:885: "store_status == STORE_PENDING" | |
1780 | - Bug 3367: fix inverted check on host_strict_verify | |
1781 | - Bug 3366: assertion comm.cc:1276: isOpen(fd) via CompositePoolNode::kickReads | |
1782 | - Bug 3364: SNMP Orphans | |
1783 | - Bug 3301: ERR_DNS_FAIL never shown | |
1784 | - Bug 3150: do not start useless unlinkd | |
1785 | - ext_session_acl: version 1.2 | |
1786 | - Add adaptation_meta option | |
1787 | - Add a mask on the qos_flows miss configuration value | |
1788 | - Support intermediate CA in ssl-bump traffic certificates | |
1789 | - Support SSL certificate failure details on error page | |
1790 | - Fix flags for NAT intercept and TPROXY not set correctly | |
1791 | - Fix fastCheck() default result on multi-line actions | |
1792 | - Fix missing SMP shared memory statistics | |
1793 | - Fix Comm::Write closing() assertion when retrying a failed UDP DNS query | |
1794 | - ... and several other TCP and SMP support behaviour fixes | |
1795 | - ... and many code polishing cleanups and fixed build errors | |
1796 | - ... and several documentation polishings | |
1797 | ||
8fe9e0a2 AJ |
1798 | Changes to squid-3.2.0.13 (14 Oct 2011): |
1799 | ||
1800 | - Regression Bug 3363: never_direct always 'unable to forward this request at this time' | |
1801 | - Regression Bug 3351: FTP timeout causing "store_status == STORE_PENDING" assertion | |
1802 | - Regression Bug 3336: reconfigure assertion 'hlp->childs.n_running > 0' | |
1803 | - Regression fix: always_direct/never_direct failures | |
1804 | - Regression fix: stop an SSL header file being included after --disable-ssl | |
1805 | - Regression fix: parse HTTP list headers with embedded 8-bit characters | |
1806 | - Bug 3355: configure setting --with-swapdir ignored | |
1807 | - Bug 3325: option to selectively enable strict host verify checks | |
1808 | - Bug 3337: HTTP status 200 is not accepted for deny_info | |
1809 | - Bug 3077: '\' in url query strings cause Digest authentication to fail | |
1810 | - Support SMP worker shared memory cache | |
1811 | - Support SMP worker shared disk cache (rock) | |
1812 | - ext_session_acl: version 1.1 | |
1813 | - Fix Host verify: do not pinn destination IP if URL re-write has been done | |
1814 | - Fix IPF interception | |
1815 | - Fix ssl_crtd "Cannot add certificate to db" when updating expired cert | |
1816 | - Fix ssl_crtd CertificateDB locking scheme | |
1817 | - ... and all changes from 3.1.16 | |
1818 | - ... and many compile and polishing fixes | |
1819 | ||
f96fd18d AJ |
1820 | Changes to squid-3.2.0.12 (17 Sep 2011): |
1821 | ||
1822 | - Regression Bug 3335: ICAP service is down | |
1823 | - Regression Bug 3322: adapt:: and icap:: format codes do not parse | |
1824 | - Regression Bug 3303: Support for non-English usernames in log files | |
1825 | - Regression Bug 3259: assertion failed: Connection.cc:29: 'fd<0' after REVIVED PARENT | |
1826 | - Regression: %I shows hostname on SSL error page | |
1827 | - Regression: FTP outgoing port always 'in use' on PASV connections | |
1828 | - Bug 3337: (partial) status 200 is not accepted for deny_info | |
1829 | - Bug 3319: Inconsistencies in error messages | |
1830 | - Bug 3281: pconn in-use while closing assertion | |
1831 | - Bug 3243: Fix cases: raw-IPv6, case variant FQDN, internal request | |
1832 | - Fixed max-stale check. Entities not exceeding max-stale were marked as stale | |
1833 | - Adjust format code %la for intercepted connections | |
1834 | - Log ICAP_ERR_GONE ICAP transaction outcome when ICAP initiator disappears early | |
1835 | - Send RST packet when closing an ICAP connection after a transaction error | |
1836 | - Support maximum field width for string access.log fields | |
1837 | ||
2284b7f7 AJ |
1838 | Changes to squid-3.2.0.11 (28 Aug 2011): |
1839 | ||
1840 | - Bug 3243: CVE-2009-0801 Bypass of browser same-origin access control | |
1841 | - Host: authority validation of intercepted destination IP | |
1842 | - Host: authority validation of request URL | |
1843 | - Host: authority validation of CONNECT tunnel destination | |
1844 | - Preserve client destination IP in intercepted communication | |
1845 | - Regression Bug 3316: Failed to connect to nameserver using TCP | |
1846 | - Regression Bug 3311: segmentation fault in getMyPort() with only intercept port set | |
1847 | - Regression Bug 3310: %<pt translates as %<p | |
1848 | - Regression Bug 3301: ERR_DNS_FAIL never shown (partial) | |
1849 | - Regression Bug 3288: %<la and %<lp not displaying | |
1850 | - Bug 3289: cache manager parameters not parsed without password | |
1851 | - Bug 2279: Log Format options to log server source IP and port | |
1852 | - Bug 3211: ssl_crtd start even if no ssl-bump port is configured | |
1853 | - Bug 3138: squidclient mgr:objects/mgr:vm_objects never ends | |
1854 | - Bug 3118: ecap_enable on forces icap_enable on | |
1855 | - Bug 3107: ncsa_auth DES silently truncates passwords to 8 bytes | |
1856 | - Default to vhost for accelerator mode (reverse proxy) | |
1857 | - Display HTTP protocol syntax at section 11 level 2 | |
1858 | - Support for using custom keys in CARP parents | |
1859 | - Optimize regular expression ACLs | |
1860 | - ... and a lot of code portability fixes | |
1861 | - ... and all bugs and polish changes from 3.1.15 | |
1862 | ||
3ff024ec AJ |
1863 | Changes to squid-3.2.0.10 (24 Jul 2011): |
1864 | ||
1865 | - Port from 2.7: act-as-origin for reverse proxy ports | |
1866 | - Regression fix: broken --disable-ipv6 | |
1867 | - Regression fix: negative cacheing on unknown or -1 expiry timestamp | |
1868 | - Regression fix: vhost and defaultsite causing vport to be ignored | |
1869 | - Regression fix: several errors in persistent connection handling | |
1870 | - Regression Bug 3280: allow max-size unset and min-size=N for large objects | |
1871 | - Regression Bug 3245: reconfigure assertion in MemPools[type] | |
1872 | - Regression Bug 3274: assertion failed: CommCalls.h:144: "dp" | |
1873 | - Regression Bug 3273: assertion comm.cc:775: Comm::IsConnOpen(conn) | |
1874 | - Regression Bug 3269: cache.log applyQueryParams messages | |
1875 | - Regression Bug 3264: Segmentation Fault in src/ipc/Strand.cc(54) receive: 3 | |
1876 | - Regression Bug 3246: assertion client_side.cc:1407 connIsUsable(http->getConn()) | |
1877 | - Bug 3267: workers IPC mount points disobey --localstatedir | |
1878 | - Bug 3248: login=NEGOTIATE sends wrong auth header to origin peers | |
1879 | - Bug 3247: Domain from URL Stripped when going through peers | |
1880 | - Bug 3244: wrong port for peer relayed requests | |
1881 | - Bug 3195: kerberos_ldap_group will not build without kerberos | |
1882 | - Bug 2862: add http(s):// support to cache manager | |
1883 | - kerberos_ldap_group: several fixes to -S option | |
1884 | - ssl_crtd: Add man(8) file | |
1885 | - ... and several pieces of code cleanup and polishing. | |
1886 | - ... and most bug fixes and updates from 3.1.14 and 3.1.15 | |
1887 | ||
6d44d1e9 AJ |
1888 | Changes to squid-3.2.0.9 (18 Jun 2011): |
1889 | ||
1890 | - Bug 3159: delay pools --disable-auth compile problems | |
1891 | - HTTP/1.1: Support multiline quoted-string header fields | |
1892 | - HTTP/1.1: Send 505 Unsupported Version on mangled version codes | |
1893 | - Support configurable and translated SSL error details messages | |
1894 | - Add log format codes for split client/server views of HTTP request line | |
1895 | - Major upgrade of TCP connection handling | |
1896 | - Support split-stack IPv6 to servers | |
1897 | - Support persistent connections with tcp_outgoing_address/tcp_outgoing_tos | |
1898 | - Optimized persistent connection handling | |
1899 | - Optimized FTP data connection handling | |
1900 | - Optimized TCP failure recovery | |
1901 | - ... and all bug fixes and updates from 3.1.12.3 | |
1902 | - ... and many code polish, documentation and translation cleanups | |
1903 | ||
65f2789a AJ |
1904 | Changes to squid-3.2.0.8 (30 May 2011): |
1905 | ||
1906 | - Bug 3214: "helperHandleRead: unexpected read from ssl_crtd" errors. | |
1907 | - Bug 3043: Properly detect Iphlpapi.h on windows | |
1908 | - Bug 2055: Honor ICAP Max-Connections | |
1909 | - Fix NTLM/Negotiate reply auth PASSTHRU to peers | |
1910 | - Support SSL SNI to origin servers | |
1911 | - Add %EXT_LOG and %EXT_TAG external_acl_type format options | |
1912 | - Add %b tag for proxy listening port display in error pages | |
1913 | - Optimize base64 encoding/decoding | |
1914 | - Require libcap before enabling netfilter MARK support | |
1915 | - Require libtool 2.2 | |
1916 | - Bundle pkg.m4 from pkg-config 0.25 for OS without pkg-config | |
1917 | - ... and all bug fixes and updates from 3.1.12.2 | |
1918 | - ... and some documentation and code polishing | |
1919 | ||
065f7779 AJ |
1920 | Changes to squid-3.2.0.7 (19 Apr 2011): |
1921 | ||
1922 | - Regression fix: NTLM and Negotiate auth assertion "RefCountCount() == 2" | |
1923 | - Regression fix: icons/ FHS compliance | |
1924 | - Regression fix: Startup aborts with URL error when --disable-htcp | |
1925 | - Bug 3192: comm.cc:216: "fd_table[fd].halfClosedReader != NULL" | |
1926 | - Add negotiate_wrapper_auth version 1.0.1 | |
1927 | - Fixed %dt logging in the presence of REQMOD | |
1928 | - Fixed chunked request forwarding in ICAP REQMOD presence | |
1929 | - ... all bug fixes and updates from 3.1.12.1 | |
1930 | - ... many code polishings and display cleanups | |
1931 | ||
7d9ce496 AJ |
1932 | Changes to squid-3.2.0.6 (04 Apr 2011): |
1933 | ||
1934 | - Regression fix: upgrade existing icons | |
61beade2 | 1935 | - Regression fix: do not crash when accessing an SSL certificate with errors |
7d9ce496 AJ |
1936 | - Regression fix: prevent stdio log module segfaults on rotate |
1937 | - Regression fix: shutdown properly even if a worker process crashes on exit | |
1938 | - Regression Bug 3159: (partial fix) ICAP and --disable-auth compile problems | |
1939 | - Bug 3170: "Unsupported or unconfigured/inactive proxy-auth scheme" on shutdown | |
1940 | - Bug 3105: malformed Proxy-Authorization leaks memory | |
1941 | - Bug 3007: CONNECT to cache_peer returns 000 status code | |
1942 | - Bug 2885: Compile errors on AIX | |
1943 | - Support parameterized Cache Manager queries | |
1944 | - Support libecap v0.2.0; fixed eCAP body handling and logging | |
1945 | - Support dynamic adaptation plans that cover multiple vectoring points | |
1946 | - Support %D details for documented OpenSSL errors | |
1947 | - Support logging of all transactions including those with uncertain status or no sent response | |
1948 | - Updrate negotiate_kerberos_auth to version 3.0.4sq | |
1949 | - Update ext_kerberos_ldap_group_acl to version 1.3.0sq | |
1950 | - Update ext_edirectory_userip_acl to version 2.1 | |
1951 | - Convert dns_timeout and dns_retransmit_interval directives to use millisecond resolution | |
1952 | - Change the default dns_timeout value from 2 minutes to 30 seconds | |
1953 | - Fix TCP log stream flushing on every line | |
1954 | - ... all bug fixes and updates from 3.1.12 | |
1955 | - ... a great many compiler portability fixes | |
1956 | - ... many code polishings and display cleanups | |
1957 | ||
850ff99f AJ |
1958 | Changes to squid-3.2.0.5 (12 Feb 2011): |
1959 | ||
1960 | - Regression Fix: profiler should not be built by default | |
1961 | - Regression Bug 3081: assertion failed: AsyncCallQueue | |
1962 | - Regression Bug 2948: Requests for FTP active downloads cause failed assertion | |
1963 | - Bug 3089: FTP command output overrides directory listing | |
1964 | - Bug 2870: --disable-auth does not work | |
1965 | - Bug 2586: multiple memory leaks during reconfigure | |
1966 | - Bug 2581: FTP directory listing sometimes fails | |
1967 | - Port from 2.7: maximum staleness limits | |
1968 | - HTTP/1.1: Support RFC 5861 Cache-Control: stale-if-error option | |
1969 | - HTTP/1.1: Support configurable status codes for deny_info | |
1970 | - Support upcoming "fresh message creation" eCAP API | |
1971 | - Aggregate SNMP responses when using SMP with multiple workers | |
1972 | - Several more Solaris, Windows and ICC support fixes | |
1973 | - ... all bug fixes and updates from 3.1.11 | |
1974 | - ... and more code cleanup shufflings | |
1975 | - ... and several documentation updates | |
1976 | ||
834d2128 AJ |
1977 | Changes to squid-3.2.0.4 (22 Dec 2010): |
1978 | ||
1979 | - Port 2.x: cache_dir min-size setting | |
1980 | - Bug 3059: Crash on digest auth headers with unknown nonce | |
1981 | - Fix cachemgr reported HTTP/ICP requests/messages per minute when multiple workers used | |
1982 | - Fix cachemgr mem-pools reporting | |
1983 | - Add Dynamic SSL certificate generation | |
1984 | - Add useragent, referer, combined built-in log formats | |
1985 | - Obsolete log_fqdn directive | |
1986 | - Obsolete useragent/referer/forward_log directives | |
1987 | - HTTP/1.1: Send 1.1 on CONNECT responses | |
1988 | - Updated Kerberos support for newer GSSAPI releases | |
1989 | - Improve handling of adapted body delivery failures in REQMOD request satisfaction mode | |
1990 | - Improve handling of early eCAP transaction failures | |
1991 | - Various ext_edirectory_acl fixes | |
1992 | - ... all bug and feature fixes included in 3.1.10 release | |
1993 | - ... and a lot of code and documentation polishing | |
1994 | ||
1664edf4 | 1995 | Changes to squid-3.2.0.3 (07 Nov 2010): |
b40d9a33 AJ |
1996 | |
1997 | - Regression fix: SMP broke ICP outgoing IP lookup if no udp_outgoing_addr set | |
1998 | - Regression fix: ESI processing of Surrogate filter | |
1664edf4 | 1999 | - Bug 3091: bypassed ICAP errors are not counted as service failures |
b40d9a33 | 2000 | - Bug 3048: "commio_has_callback(fd, IOCB_READ, ccb)" assertion. |
1664edf4 | 2001 | - Bug 3038: Detatch libmisc from libcompat |
b40d9a33 AJ |
2002 | - Bug 3028: Permit wbinfo_group.pl to authenticate Kerberos users with NT domain |
2003 | - Bug 3002: store initialization (-z) does not work with SMP configs | |
2004 | - Bug 2999: v2.0 of ext_edirectory_userip_acl | |
2005 | - Bug 2785: DNS needs to set EDNS options advertising Squid capabilities | |
2006 | - Bug 595: Add %err_code and %err_detail logformat codes for transaction failures | |
2007 | - HTTP/1.1: support If-Match and If-None-Match requests | |
2008 | - HTTP/1.1: forward 1xx control messages to clients that support them | |
2009 | - HTTP/1.1: send Age:0 header even if it may break IE5 | |
2010 | - HTTP/1.1: dechunk incoming requests and chunk outgoing requests | |
2011 | - HTTP/1.1: entry is stale if request has max-age=0 | |
2012 | - HTTP/1.1: harden quoted-string parser | |
2013 | - Add --enable-build-info for extra "squid -v" display | |
2014 | - Add --with-swapdir=PATH to override default /var/cache/squid | |
2015 | - Add cpu_affinity_map directive to bind workers to CPU cores | |
2016 | - Add Netfilter MARK support for QoS | |
2017 | - Add upgrade process for obsolete options | |
2018 | - Add support for RFC 2965 Set-Cookie2 / Cookie2 headers | |
2019 | - Add support for client send bandwidth limits (a.k.a., quota or delay pool) | |
2020 | - Fixes Eui48 support on OpenBSD | |
2021 | - Fixes cache manager support with SMP configs | |
2022 | - ... several documentation updates | |
2023 | - ... all bug and feature fixes included in 3.1.9 release. | |
2024 | - ... many more code polishes and leak removals | |
2025 | ||
dee6a922 AJ |
2026 | Changes to squid-3.2.0.2 (04 Sep 2010): |
2027 | ||
2028 | - Bug 3015: assertion failed: comm.cc:143: "ccb->active()" | |
2029 | - Support rotating logs from cachemgr and squidclient | |
2030 | - Support Kerberos authentication in squidclient | |
2031 | - Add manual page for negotiate_kerberos_auth | |
2032 | - Add helper ext_kerberos_ldap_group_acl to lookup Kerberos/NTLM group via LDAP | |
2033 | - Add tool 'purge' for management of UFS/AUFS/DiskD caches (experimental) | |
2034 | - Added log options %http::<bs and %icap::<bs | |
2035 | - Collapse HTCP cache_peer options into one setting | |
2036 | - Improved request smuggling attack detection. Tolerating valid benign HTTP | |
2037 | - ... and several HTTP/1.1 compliance improvements | |
2038 | - ... and all improvements in 3.1.7 and 3.1.8 | |
2039 | ||
6be4a9a8 AJ |
2040 | Changes to squid-3.2.0.1 (03 Aug 2010): |
2041 | ||
2042 | - Port from 2.7: Logging infrastructure updates | |
2043 | - Port from 2.7: Unique sequence number per log line | |
2044 | - Port from 2.6: STORE_META_OBJSIZE swapout storage type | |
2045 | - Bug 2792: tcp_outgoing_addr does not work with TPROXY | |
2046 | - Bug 2631: refresh_pattern store-stale option | |
2047 | - Bug 2305: Multiple leaks and assertion crashes in authentication | |
2048 | - Bug 1239: Much needed ACL type random | |
2049 | - Bug 7: (partial): Migrate on-disk objects to cache_mem on hit/refresh and update | |
2050 | - Support full Surrogate/1.0 protocol extensions to HTTP for reverse-proxies | |
2051 | - Support SMP for essential non-caching functionality | |
2052 | - Support logging over TCP | |
2053 | - Support Solaris 10 pthreads (experimental) | |
2054 | - Support Kerberos login to peers | |
2055 | - Support EUI / MAC in more environments | |
2056 | - Support format tags in deny_info URLs | |
2057 | - Support running helpers on-demand instead of all at startup | |
2058 | - Support fully transparent login=PASSTHRU of authentication headers to peers | |
2059 | - Support multi-lingual localised FTP directory listings | |
2060 | - Support TPROXYv4 spoofing of X-Forwarded-For client address | |
2061 | - Support ICAP 206 Partial Content extension | |
2062 | - Append the _ABORTED or _TIMEDOUT suffixes to the action access.log field | |
2063 | - Add ACL support to range_offset_limit | |
2064 | - Add helpers for url_rewrite | |
2065 | - Add helper multiplexer for concurrency emulation with legacy helpers | |
2066 | - Add Perl library which facilitates parsing access logfile entries. | |
2067 | - Add a simple script to summarise traffic use per user | |
2068 | - Add templates for captive portal proxy configuration instructions | |
2069 | - Add logging of the local TCP port used by transactions with HTTP servers | |
2070 | - Update mswin_check_ad_group to version 2.0 | |
2071 | - Update squid_kerb_auth helper to version 3.0.2 | |
2072 | - Remove double-language error page hack (replaced by locale auto-negotiation) | |
2073 | - Remove TPROXYv2 support (replaced by TPROXYv4) | |
2074 | - Remove no_check.pl NTLM helper (replaced by ntlm_fake_auth) | |
2075 | - Re-work ./configure script for smarter auto-detect and early error checks | |
2076 | - Auto-enable all features by default | |
2077 | - Workaround com_err.h C++ brokenness triggered by OpenSSL includes | |
2078 | - Helpers naming scheme | |
2079 | - Add support for write timeouts | |
2080 | - Modify icap_service_failure_limit option to forget old ICAP errors | |
2081 | - Updated man(8) manuals including several additions and translations | |
2082 | - ... and a great many code cleanups | |
2083 | - ... and a great many testing improvements | |
2084 | - ... and many documentation updates | |
2085 | ||
56eea3f2 AJ |
2086 | Changes to squid-3.1.23 (09 Jan 2013): |
2087 | ||
2088 | - Additional fixes for CVE-2012-5643 / SQUID:2012-1 | |
2089 | ||
bd4920ca AJ |
2090 | Changes to squid-3.1.22 (03 Dec 2012): |
2091 | ||
2092 | - Bug 3685: Squid hangs in Delay Pools ClassCBucket::update | |
2093 | - Bug 3659: read_timeout problem with HTTPS | |
2094 | - Bug 3654: Fix IPv6 enabled squidclient | |
2095 | - Bug 3189: AIO thread race on pipe() initialization | |
2096 | - cachemgr.cgi: Memory Leaks and DoS Vulnerability | |
2097 | ||
4c73ceb8 AJ |
2098 | Changes to squid-3.1.21 (23 Sep 2012): |
2099 | ||
2100 | - Bug 3622: peerClearRRStart scheduling multiple events | |
2101 | - Bug 3615: configure check for default max number of FDs is broken | |
2102 | - Bug 3607: --enable-auth documented default action incorrect | |
2103 | - Bug 3593: socket failure: Address family not supported by protocol | |
2104 | - Bug 3584: Detection of setresuid() is broken | |
2105 | - Bug 3568: Consolidate external_acl_type config dumping and add missing %% | |
2106 | - Bug 3564: eCAP not supporting CoAP URI schemes | |
2107 | - Bug 3484: Docs: sslproxy_cert_error example flawed | |
2108 | - Bug 3462: Delay Pools and ICAP | |
2109 | - Bug 3133: better fix: Memory leak handling requests for sites that don't exist | |
2110 | - Bug 2976: ERR_INVALID_URL for transparently captured requests when reconfiguring | |
2111 | - Silence IOS 15.1 unknown capabilities messages. | |
2112 | - Account for Store disk client quota when bandwidth-limiting the server. | |
2113 | - ... and several documentation fixes | |
2114 | - ... and several compile fixes | |
2115 | ||
5cc53d80 | 2116 | Changes to squid-3.1.20 (08 Jun 2012): |
dd8d2619 AJ |
2117 | |
2118 | - Regression Bug 3545: FreeBSD dnsserver segfaults | |
2119 | - Regression Bug 3504: clientside_tos fails to mark traffic | |
2120 | - Bug 3539: CONNECT server connection not closed correctly on errors | |
2121 | - Bug 3502: client timeout uses server-side read_timeout, not request_timeout | |
2122 | - Bug 3466: Adaptation stuck on last single-byte body piece | |
2123 | - Bug 3463: dnsserver fails to compile | |
2124 | - Bug 3439: correct external_acl_type documented default for ipv4/ipv6 option | |
2125 | - Bug 3390: Proxy auth data visible to scripts | |
2126 | - Bug 3263: ssl_crtd: undefined references to squid_curtime | |
2127 | - Bug 3233: Invalid URL accepted with url host is white spaces | |
2128 | - Bug 3133: Memory leak handling requests for sites that don't exist | |
2129 | - Bug 3074: Improper URL handling with empty path (RFC 3986) | |
2130 | - Bug 3013: segmentation fault on shutdown commSetCloseOnExec at comm.cc:1889 | |
2131 | - Regression: snmp/udp address directives not resolving hostname | |
2132 | - Better helper-to-Squid buffer size management. | |
2133 | - Support CoAP over HTTP (coap:// and coaps:// URLs) | |
2134 | - Support for 3.2 error template codes | |
2135 | ||
5cc53d80 | 2136 | Changes to squid-3.1.19 (06 Feb 2012): |
f9329b54 AJ |
2137 | |
2138 | - Regression Bug 3441: part 2: Prevent further cache size corruption of swap.state | |
2139 | - Bug 3473: erase last uses of obsolete auth_user_hash_pointer | |
2140 | - Bug 3470: GCC 4.7 | |
2141 | - Bug 3442: assertion failed: external_acl.cc:908: ch->auth_user_request != NULL | |
2142 | - Bug 3441: part 1: Minimize cache size corruption by malformed swap.state | |
2143 | - Bug 3440: compile error in Adaptation | |
2144 | - Bug 3420: Request body consumption races and !theConsumer exception | |
2145 | - Bug 3370: external ACL sometimes skipping | |
2146 | - Bug 3085: Crash when parsing esi:include | |
2147 | - HTTP/1.1: do not add 110 and 111 Warnings to revalidated responses | |
2148 | - Fix SSL library dependency fixes | |
2149 | ||
339383cc AJ |
2150 | Changes to squid-3.1.18 (03 Dec 2011): |
2151 | ||
2152 | - Regression: compile error in FTP | |
2153 | ||
c218b24d AJ |
2154 | Changes to squid-3.1.17 (03 Dec 2011): |
2155 | ||
2156 | - Bug 3432: Crash logging FTP errors | |
2157 | - Bug 3428: Active FTP data channel accepted twice | |
2158 | - Bug 3423: access violation in URL parser | |
2159 | - Bug 3422: Buffer overflow in recv-announce | |
2160 | - Bug 3412: External ACL Uses Invalid Cache Entry | |
2161 | - Bug 3408: Wrong header length leads to EFAULTs when creating UFS swap.log.new | |
2162 | - Bug 3398: persistent server connection closed after PUT/DELETE | |
2163 | - Bug 3299: dnsserver: various undefined references | |
2164 | - Bug 3077: '\' in url query strings cause Digest authentication to fail | |
2165 | - Bug 2910: MemBuf may grow beyond max_capacity | |
2166 | - Bug 2619: Excessive RAM growth due to unlimited adapted body data consumption | |
2167 | - Bug 1243: Build overrides configured AR setting | |
2168 | - Avoid crashes when processing bad X509 common names (CN). | |
2169 | - Support %% in external ACL format | |
2170 | - ... and several other compile error fixes | |
2171 | - ... and several documentation fixes | |
2172 | ||
8fe9e0a2 AJ |
2173 | Changes to squid-3.1.16 (14 Oct 2011): |
2174 | ||
2175 | - Bug 3373: invalid URL in ERR_CACHE_ACCESS_DENIED | |
2176 | - Bug 3368: Unhandled exceptions are not logged (workaround) | |
2177 | - Bug 3326: miss_access incorrect default | |
2178 | - Bug 3320: miss_access description confusing | |
2179 | - Bug 3241: squid_kerb_auth cross compilation fix | |
2180 | - Bug 3237: seq fault in free() from rfc1035RRDestroy | |
2181 | - Bug 3190: Large HTTP POST stuck after early ICAP 400 error response | |
2182 | - db_auth: display available DSN drivers on connect error | |
2183 | - Updated OpenSSL 1.0.0 version checks | |
2184 | - ... and several documentation fixes | |
2185 | ||
2f954743 AJ |
2186 | Changes to squid-3.1.15 (28 Aug 2011): |
2187 | ||
2188 | - Regression fix: vhost and defaultsite causing vport to be ignored | |
2284b7f7 | 2189 | - Regression Bug 3295: broken escaping in rfc1738_do_escape |
2f954743 AJ |
2190 | - Bug #3232: fails to compile with OpenSSL v1.0.0 |
2191 | - Bug #3222: cache_peer name is not logging on CONNECT | |
2192 | - Bug #3131: fd_table[fd].closing() assert from ConnStateData::noteMoreBodySpaceAvailable() | |
2193 | - Bug #3217: "!fd_table[fd].closing()" from ServerStateData::noteMoreBodySpaceAvailable | |
2194 | - Bug #3213: https sites (CONNECT) not open when using NTLM | |
2195 | - Bug #3114: Memory leak in SSL certificate verify code | |
2196 | - Bug #3107: ncsa_auth DES silently truncates passwords to 8 bytes | |
2197 | - Bug #2662: cf_gen failure when cross compiling | |
2198 | - Bug #2655: passing wrong the username to the url_rewrite_program | |
2199 | - Bug #2495: ignore whitespace prefix on config lines | |
2200 | - Bug #2051: 'default' cache_peer option does not match documentation | |
2201 | - Bug #1842: Optimize order of tests in peerWouldBePinged() and peerHTTPOkay() | |
2202 | - Bug #1791: timestampsSet does not validate Date: if server sends very old date | |
2203 | - Correct parsing of large Gopher indexes | |
2204 | - Enable negative cacheing on unknown or -1 expiry timestamp | |
2284b7f7 | 2205 | - Remove hierarchy_stoplist default value |
2f954743 AJ |
2206 | - Migrate cf_gen tool from C-style to C++ |
2207 | - ... and several documentation and compiler warning fixes | |
2208 | ||
04f5e27a AJ |
2209 | Changes to squid-3.1.14 (04 Jul 2011): |
2210 | ||
2211 | - Regression Bug 3261: Could not create a DNS socket and exit | |
2212 | ||
e074e5be AJ |
2213 | Changes to squid-3.1.13 (01 Jul 2011): |
2214 | ||
2215 | - Regression Bug 3239: problems with myip/myport upgrade | |
2216 | - Bug 3153: hung ICAP RESPMOD transactions | |
2217 | - Update ssl_crtd to use 'OK' status inline with other helpers | |
2218 | ||
6d44d1e9 AJ |
2219 | Changes to squid-3.1.12.3 (18 Jun 2011): |
2220 | ||
2221 | - Bug 3236: Port of %oa, %<lp and %<lp and %<la log format options | |
2222 | - Bug 3214: unexpected read from ssl_crtd | |
2223 | - Bug 3153: Prevent ICAP RESPMOD transactions getting stuck with the adapted body | |
2224 | - Fix RADIUS helper resource leak | |
2225 | - Fix segfault parsing digest auth realm | |
2226 | - Fix segfault in parse_eol() | |
2227 | - Fixed bypass of SSL certificate validation errors | |
2228 | - Warn about myip/myport problems on interception proxies | |
2229 | - Polish: display easily grepped config lines on -k parse | |
2230 | - Fix squidclient -V option and allow non-HTTP protocols to be tested | |
2231 | ||
65f2789a AJ |
2232 | Changes to squid-3.1.12.2 (30 May 2011): |
2233 | ||
2234 | - Bug 3226: Tags from external ACLs do not correctly expire | |
2235 | - Bug 3215: Malformed IPv6 DNS reverse lookup | |
2236 | - Bug 3209: ssl-bumped requests forwarded unencrypted to the parent proxies/caches | |
2237 | - Bug 3205: SSL-bump starts then hangs | |
2238 | - Bug 3178: gcc-4.6 complains unused variables | |
2239 | - Bug 3122: Unknown record type in WCCPv2 Packet (6) | |
2240 | - Bug 2965 (partial): Compile errors on MinGW | |
2241 | - Fix to only ssl-bump CONNECT requests if they are about to be tunneled | |
2242 | - Fix cache manager display of -i/+i in regex ACL config display | |
2243 | - Fix cache manager display of cache_peer options userhash and sourcehash | |
2244 | - Fix URL re-writer loosing many transaction details | |
2245 | - Fix always-true comparison in ICAP for some 32-bit platforms | |
2246 | - Support for 'slow' group ACLs in ssl_bump access control | |
2247 | - Support OpenSSL 1.0.0 built without SSLv2 | |
2248 | - Support GCC 4.6 and binutils-gold | |
2249 | - Add CSS id attribute to BODY tag of generated error pages. | |
2250 | - Display WARNING and ERROR when max_filedescriptors has failed | |
2251 | ||
065f7779 AJ |
2252 | Changes to squid-3.1.12.1 (19 Apr 2011): |
2253 | ||
2254 | - Port from 3.2: Dynamic SSL Certificate generation | |
2255 | - Bug 3194: selinux may prevent ntlm_smb_lm_auth from using /tmp | |
2256 | - Bug 3185: 3.1.11 fails to compile on OpenBSD 4.8 and 4.9 | |
2257 | - Bug 3183: Invalid URL accepted with url host part of only '@' | |
2258 | - Display ERROR in cache.log for invalid configured paths | |
2259 | - Cache Manager: send User-Agent header from cachemgr.cgi | |
2260 | - ... and many portability compile fixes for non-GCC systems. | |
2261 | ||
7d9ce496 AJ |
2262 | Changes to squid-3.1.12 (04 Apr 2011): |
2263 | ||
2264 | - Regression fix: Use bigger buffer for server reads. | |
2265 | - Regression fix: Add reply_header_replace directive for ability lost since 2.7 | |
2266 | - Bug 3181: /dev/poll fails to build on Solaris with GCC 4.5.0 | |
2267 | - Bug 3177: assertion failed: comm.cc:1583: "fd >= 0" | |
2268 | - Bug 3175: IPv6 PTR lookup crashes on raw-IP URLs when IPv6 disabled | |
2269 | - Bug 3173: Assertion bodyPipe!=NULL on SslBump CONNECT response writing failure | |
2270 | - Bug 3164: Total memory info display 32-bit overflows | |
2271 | - Bug 3155: Werror is hard-coded in libTrie build | |
2272 | - Bug 3151: squid_kerb_auth: use autoconf LIBS instead of FLAGS for library linkage | |
f787354b | 2273 | - Bug 2976: invalid URL on intercepted requests during reconfigure (workaround) |
7d9ce496 AJ |
2274 | - Bug 2720: comment in same line as cache/mem_replacement_policy causes error |
2275 | - Bug 2621: Provide request headers to RESPMOD when using cache_peer. | |
2276 | - Bug 2330: AuthUser objects are never unlocked | |
2277 | - Prevent CONNECT request relaying to origin servers | |
2278 | - squidclient HTTP/1.1 compliance updates (Pragma and User-Agent headers) | |
2279 | - squidclient: send Cache Manager password using -w | |
2280 | - eCAP: give full Request-URI to adapters | |
2281 | - ... and several debug and error display cleanups | |
2282 | ||
d88ad4db AJ |
2283 | Changes to squid-3.1.11 (08 Feb 2011): |
2284 | ||
2285 | - Bug 3149: not caching eCAP adapted body | |
2286 | - Bug 3144: redirector program blocks while reading STDIN | |
2287 | - Bug 3140: memory leak in error page generation | |
2288 | - Bug 3137: RADIUS auth helper does not send identifier to RADIUS server | |
2289 | - Bug 3115: logging segfaults if access_log is set to a directory | |
2290 | - Bug 2968: Show the Vary: headers information in cachemgr objects report | |
2291 | - Bug 2959: remove SAMBAPREFIX dependency | |
2292 | - Bug 2868: icc doesn't like string literal in assert checks | |
2293 | - HTTP/1.1: Send 307 status on deny_info redirection | |
2294 | - HTTP/1.1: Support POST/PUT with no body | |
2295 | - HTTP/1.1: Allow persistent connections for Mozilla/3.0 User-Agents | |
2296 | - Support RFC 5861 Cache-Control: stale-if-error option | |
2297 | - Add ftp_eprt directive to disable EPRT extensions in FTP | |
2298 | - Fix external_acl_type grace=0 to obey TTL | |
2299 | - Fix IP/FQDN cache accounting to avoid idle caches on busy servers | |
2300 | - Prevent pipeline_prefetch misconfigurations breaking NTLM/Negotiate auth | |
2301 | - ... and some documentation updates and corrections | |
2302 | - ... and some portability and stability fixes | |
2303 | ||
834d2128 AJ |
2304 | Changes to squid-3.1.10 (22 Dec 2010): |
2305 | ||
2306 | - Bug 3121: memory leak in DigestAuth: AuthUser object is locked twice | |
2307 | - Bug 3113: Consuming too much memory when uploading files | |
2308 | - Bug 3110: 'reply_body_max_size none' does not work with x-forwarded-for | |
2309 | - Bug 3096: Consuming too much memory when delaying traffic | |
2310 | - Bug 3091: Bypassed ICAP errors are not counted as service failures | |
2311 | - Bug 3090: Polish FTP login error handing | |
2312 | - Bug 3068: cache_dir capacity and usage overflows | |
2313 | - Bug 3028: Permit wbinfo_group.pl to authenticate Kerberos users with NT domain | |
2314 | - Bug 427: HTTP Compliance: Support If-Match and If-None-Match requests | |
2315 | - Fix memory leak in adaptation_access | |
2316 | - Fix /dev/poll and poll() selection priority | |
2317 | - Fix PREFIX/var/run creation during install | |
2318 | - Fix cachemgr http_port config report display | |
2319 | - Add upgrade help process for obsolete options | |
2320 | - Accept RFC 2965 Set-Cookie2 / Cookie2 headers as 'known' | |
2321 | - HTTP/1.1: entry is stale if request has max-age=0 | |
2322 | - HTTP/1.1: do not forward TRACE with Max-Forwards: 0 after REQMOD | |
2323 | - Toolchain update to support newer auto-tools | |
2324 | - ... and updated error page translations | |
2325 | - ... and updated documentation | |
2326 | - ... and some code optimization/simplification polish | |
2327 | ||
e2f4c66a AJ |
2328 | Changes to squid-3.1.9 (25 Oct 2010): |
2329 | ||
2330 | - Bug 3088: dnsserver is segfaulting | |
2331 | - Bug 3084: IPv6 without Host: header in request causes connection to hang | |
2332 | - Bug 3082: Typo in error message | |
2333 | - Bug 3073: tunnelStateFree memory leak of host member | |
2334 | - Bug 3058: errorSend and ICY leak MemBuf object | |
2335 | - Bug 3057: 64-bit Solaris 9 Squid unable to determine peer IP and port | |
2336 | - Bug 3056: comm.cc "!fd_table[fd].closing()" assertion crash when a helper dies | |
2337 | - Bug 3053: cache version 1 LFS support detection broken | |
2338 | - Bug 3051: integer display overflow | |
2339 | - Bug 3040: Lower-case domain entries from hosts and resolv.conf files | |
2340 | - Bug 3036: adaptation_access acls cannot see myportname | |
2341 | - Bug 3023: url_rewrite_program silently fails to rewrite on broken URLs | |
2342 | - Bug 2964: Prevent memory leaks when ICAP transactions fail | |
2343 | - Bug 2808: getRoundRobinParent not handling weights correctly | |
2344 | - Bug 2793: memory statistics sometimes display wrong | |
2345 | - Bug 2356: Port from 2.7: Solaris /dev/poll event ports support | |
2346 | - Bug 2311: crashes with ICAP RESPMOD for HTTP body size greater than 100kb | |
2347 | - Ensure /var/cache or jail equivalent exists on install | |
2348 | - HTTP/1.1: delete Warnings that have warning-date different from Date | |
2349 | - HTTP/1.1: do not remove ETag header from partial responses | |
2350 | - HTTP/1.1: make date parser stricter to better handle malformed Expires | |
2351 | - HTTP/1.1: improve age calculation | |
2352 | - HTTP/1.1: reply with a 504 error if required validation fails | |
2353 | - HTTP/1.1: add appropriate Warnings if serving a stale hit | |
2354 | - HTTP/1.1: support requests with Cache-Control: min-fresh | |
2355 | - HTTP/1.1: do not cache replies to requests with Cache-Control: no-store | |
2356 | - squidclient: Display IP(s) connected to in verbose (-v) display | |
2357 | - Fixes several issues with ICAP persistent connections | |
2358 | - Fixes small leaks in Netdb, DNS, ICAP, ICY, HTTPS | |
2359 | - ... and some cosmetic polishing | |
2360 | ||
dee6a922 AJ |
2361 | Changes to squid-3.1.8 (04 Sep 2010): |
2362 | ||
2363 | - Bug 3033: incorrect information regarding TOS | |
2364 | - Bug 3020: Segmentation fault: nameservers[vc->ns].vc = NULL | |
2365 | - Bug 3005,2972: Locate LTDL headers correctly (again) | |
2366 | - Bug 2872: leaking file descriptors | |
2367 | - Bug 2583: pure virtual method called | |
2368 | - Hardened DNS client against packet queue attacks | |
2369 | - Hardened HTTP request-line parser | |
2370 | - Several HTTP/1.1 support improvements | |
2371 | - Improved cross-compile support | |
2372 | - .. and several internal pointer safety fixes | |
2373 | ||
c3fe2798 | 2374 | Changes to squid-3.1.7 (23 Aug 2010): |
161ec538 | 2375 | |
c3fe2798 | 2376 | - Regression Bug 3021: Large DNS reply causes crash |
161ec538 | 2377 | - Regression Bug 3011: ICAP, HTTPS, cache_peer probe IPv4-only port fixes |
c3fe2798 | 2378 | - Regression Bug 2997: visible_hostname directive no longer matches docs |
161ec538 AJ |
2379 | - Bug 3012: deprecate sslBump and support ssl-bump spelling in http_port |
2380 | - Bug 3006: handle IPV6_V6ONLY definition missing | |
2381 | - Bug 3004: Solaris 9 SunStudio 12 build failure | |
2382 | - Bug 3003: inconsistent concepts in documentation of cache_dir | |
2383 | - Bug 3001: dnsserver link issues | |
2384 | - HTTP/1.1: default keep-alive for 1.1 clients (bug 3016) | |
2385 | - HTTP/1.1: Improved Range header field validation | |
2386 | - HTTP/1.1: Forward multiple unknown Cache-Control directives | |
2387 | - HTTP/1.1: Stop sending Proxy-Connection header | |
2388 | - Fix 32-bit wrap in refresh_pattern min/max values | |
2389 | - ... and several documentation corrections. | |
2390 | ||
aa844a33 AJ |
2391 | Changes to squid-3.1.6 (02 Aug 2010): |
2392 | ||
2393 | - Bug 2994, 2995: IPv4-only regressions | |
2394 | - Bug 2991: Wrong parameters to fcntl() in commSetCloseOnExec() | |
2395 | - Bug 2975: chunked requests not supported after regular ones | |
2396 | - Fix: 32-bit overflow in reported bytes received from next hop | |
2397 | - Fix Libtool build regressions | |
2398 | - Limited split-stack IPv6 support. | |
2399 | - squid_db_auth support MD5 encrypted passwords | |
2400 | ||
f41d79ba AJ |
2401 | Changes to squid-3.1.5.1 (28 Jul 2010): |
2402 | ||
2403 | - Update Libtool to 2.2. | |
2404 | - Bug 2985: search scope for digest_ldap_auth didn't work | |
2405 | - Bug 2972: LTDL 2.2.6b compile errors | |
2406 | - Bug 2963: Stop ignoring --with-valgrind-debug failures | |
2407 | - Bug 2885: AIX support: several fixes | |
2408 | - Bug 2651: crash handling NULL write callback | |
2409 | - Fixed several memory leaks related to Range requests | |
2410 | - Fixed Joomla DB auth handling | |
2411 | - Fixed SASL helper build checks | |
2412 | - Fixed several IPv6 portability problems | |
2413 | - Updated error page translations | |
2414 | ||
88aa2b05 | 2415 | Changes to squid-3.1.5 (02 Jul 2010): |
0e87db68 | 2416 | |
88aa2b05 AJ |
2417 | - Bug 2967: raw-IPv6 address URL with append_domain broken |
2418 | - Bug 2950: HTTP responses with no Date, L-M or Expires can now be cached | |
2419 | - Bug 2943: ICAP tokens not logged when using multiple access | |
2420 | - Bug 2937: Fails to detect chunked encoding if not given in all lower case | |
2421 | - Bug 2903: does not send indirect X-Client-Ip in ICAP respmod | |
7e6cdc23 | 2422 | - Fix free memory corruption and off-by-one error when comparing SNMP OIDs |
88aa2b05 AJ |
2423 | - Port from 2.7: max_filedescriptor config option |
2424 | - Fix persistent_connection_after_error is meant to be on by default | |
2425 | - ... and several build errors. | |
0e87db68 | 2426 | |
2d94c829 AJ |
2427 | Changes to squid-3.1.4 (30 May 2010): |
2428 | ||
2429 | - Bug 2933: Verification of the max. port number for WCCP2 dynamic service | |
2430 | - Bug 2924: RADIUS helper compile issues | |
2431 | - Bug 2922: Fix assertion failed: HttpHeader.cc: "Headers[id].stat.aliveCount" | |
2432 | - Bug 2919: tcp_outgoing_address ACLs not obeying acl_uses_indirect_client | |
2433 | - Bug 2896: Fix assertion failed: comm.cc:2063: "!fd_table[fd].closing()" | |
2434 | - Bug 2879: pt2: 3.0 regression in headers end finding | |
2435 | - Bug 2877: pt2: only output zero-size warning on reverse-proxy requests | |
2436 | - Bug 2876: FD_SETSIZE override not working on all linux distributions | |
2437 | - Bug 2810: common log format generates 2 lines of syslog | |
2438 | - Bug 2789: Optimize unlimited memory pools, and correctly handle limits over 2GB | |
2439 | - Bug 2753: Fall back on IPv4 if IPv6 is not present | |
2440 | - Bug 2697: Adaptation leaks and extra requests after reconfiguration | |
2441 | - Bug 2633: Fix Ecap::HeaderRep::value(name) fails when there is no named header field | |
2442 | - Change LDAP helpers to default to LDAP version 3 if available | |
2443 | - Add Joomla and Salted Hash support to squid_db_auth helper | |
2444 | - Fixed IpAddress port printing for ports higher than 9999 | |
2445 | - Disable chunked memory pooling by default. | |
2446 | - ... and several build errors. | |
2447 | ||
6808dbda AJ |
2448 | Changes to squid-3.1.3 (02 May 2010): |
2449 | ||
7e6cdc23 | 2450 | - Remove: Advertise 1.1 on replies to clients (broken chunked handling) |
6808dbda AJ |
2451 | - Fix tag ACL type not working |
2452 | ||
ca959baa AJ |
2453 | Changes to squid-3.1.2 (01 May 2010): |
2454 | ||
2455 | - Bug 2913: Fix DB auth warning in new perl version | |
2456 | - Bug 2904: Prevent automake creating incomplete files | |
2457 | - Bug 2899: Regression: Restore lost rfc1738_unescape() data type | |
2458 | - Bug 2895: Regression: TPROXY2 compile errors | |
2459 | - Bug 2879: Regression: headers end-finding | |
2460 | - Bug 2874: Accept literal IPv6 address in icap_service URL | |
2461 | - Bug 2860: Regression: WCCPv1 handshake | |
2462 | - Bug 2848: Pass TCP_RST to client on early disconnect | |
2463 | - Debian Bug 578047: Correct behaviour of --enable-ipv6 | |
7e6cdc23 AJ |
2464 | - HTTP/1.1: Advertise 1.1 on requests to servers |
2465 | - HTTP/1.1: Advertise 1.1 on replies to clients | |
ca959baa AJ |
2466 | - AIX / UNIX build fixes |
2467 | - Cygwin build fixes | |
2468 | - squidclient: -k option to test connection keep-alive or close | |
2469 | - Improved helper build for wider compatibility | |
2470 | - Ensure the PID file directory exists on install | |
2471 | ||
2ec34bd3 AJ |
2472 | Changes to squid-3.1.1 (29 Mar 2010): |
2473 | ||
2474 | - Bug 2873: undefined symbol | |
2475 | - Bug 2827: assertion in authentication | |
2476 | - Remove ufsdump binary from default builds | |
2477 | - Remove pinger from default startups | |
2478 | - ... and several documentation updates. | |
2479 | ||
e09692bd AJ |
2480 | Changes to squid-3.1.0.18 (14 Mar 2010): |
2481 | ||
2482 | - Regression Fix: IPv4-mapped prefix, broken in 3.1.0.16 | |
2483 | - Bug 2869: Remove unused external reference | |
2484 | - Bug 2866: Support OpenSSL 1.0 | |
2485 | - Bug 2813: Random unix_group crash at startup | |
2486 | - Send HTTP1.1 compliant 417 responses | |
2487 | - Associate external acl message with the request | |
2488 | - Various Digest parser fixes | |
2489 | - ... and all bug fixes from 3.0 up to 3.0.STABLE25 | |
2490 | ||
365d894c AJ |
2491 | Changes to squid-3.1.0.17 (24 Feb 2010): |
2492 | ||
2493 | - Regression Fix: Non-English error page UTF encoding | |
2494 | - Bug 2616: reduce IdleConnList::removeFD messages | |
2495 | - Bug 1843: multicast-siblings cache_peer option | |
2496 | - Port from 2.7: X509 certificate alias-domain handling | |
2497 | - Add adapted_http_access option | |
2498 | - NTLMv2 support for fake NTLM helper | |
2499 | ||
011dea45 AJ |
2500 | Changes to squid-3.1.0.16 (01 Feb 2010): |
2501 | ||
2502 | - Regression Fix: Make Squid abort on all config parse failures. | |
2503 | - Regression Bug 2811: SNMP client/peer table OID numbering | |
2504 | - Bug 2851: Connection pinning fails when using a peer | |
2505 | - Bug 2850: Mismatch in hier_code enum / hier_strings array | |
2506 | - Bug 2731: Add follow_x_forwarded_for support to ICAP | |
2507 | - Bug 2730: Regressions in follow_x_forwarded_for since Squid-2 | |
2508 | - Bug 2706: Set timestamps during ICAP request satisfaction. | |
2509 | - Bug 2553: X-Forwarded-For with IPv6 address not handled correctly | |
2510 | - Fix: WCCPv1 not connecting to router correctly | |
2511 | - Remove obsolete RunCache/RunAccel scripts. | |
2512 | - Add client_ip_max_connections | |
2513 | - Add the http::>ha format code and make http::>h log original request headers | |
2514 | - ... and all bug fixes from 3.0 up to 3.0.STABLE22 | |
2515 | - ... and many more minor build and display annoyances. | |
2516 | ||
ba641958 AJ |
2517 | Changes to squid-3.1.0.15 (23 Nov 2009): |
2518 | ||
2519 | - Regression Fix: myip ACL not accepted in config | |
2520 | - Bug 2795: acl arp lookups including port | |
2521 | - Bug 2794: ESI parsing fails on FreeBSD | |
2522 | - Bug 2778: fix linking issues using SunCC | |
2523 | - Bug 2724: eCAP build failure unless ICAP enabled | |
2524 | - Bug 2628: Correct default PID location to PREFIX/var/run/squid.pid | |
2525 | - Bug 2617: Performance degradation during processing list of dstdomain ACL's | |
2526 | - Bug 2374: Support ICY / ICEcast / SHOUTcast streaming protocol. | |
2527 | - Fix: 64-bit filesize issue in squidclient POST of large files | |
2528 | - Fix: send correct Connection: header on intercepted replies | |
2529 | - Support libtool 2.x | |
2530 | - ESI libraries libexpat and libxml2 now optional | |
2531 | - ESI support default enabled | |
2532 | - Bump libcap minimum requirement to libcap 2.09+ | |
2533 | - ARP / MAC support fixes for IPv6-mode | |
2534 | - Add outstanding IPv6 settings to squid.conf (localnet, localhost) | |
2535 | - ... and many additions to the background testing structure | |
2536 | - ... and very many minor build and code cleanups for non-GCC compilers. | |
2537 | ||
8f37469c AJ |
2538 | Changes to squid-3.1.0.14 (27 Sep 2009): |
2539 | ||
2540 | - Bug 2777: Various build issues on OpenSolaris | |
2541 | - Bug 2773: Segfault in RFC2069 Digest authentication | |
2542 | - Bug 2747: Compile errors on Solaris 10 | |
2543 | - Bug 2735: Incomplete -fhuge-objects detection | |
2544 | - Bug 2722: Fix http_port accel combined with CONNECT | |
2545 | - Bug 2718: FTP sends EPSV2 on IPv4 connection | |
2546 | - Bug 2648: stateful helpers stuck in reserved | |
2547 | - Bug 2570: wccp2 "Here I Am" announcements not sent in memory-ony mode | |
2548 | - Bug 2510: digest_ldap_auth uses incorrect logic with TLS | |
2549 | - Bug 2483: bind() called before connect() | |
2550 | - Bug 2215: config file line length limit (extended to 2 KB) | |
2551 | - Support Accept-Language: * wildcard | |
2552 | - Support autoconf 2.64 | |
2553 | - Support TPROXY for IPv6 traffic (requires kernel support) | |
2554 | - Support TPROXY cache cluster behind WCCPv2 | |
2555 | - Correct ESI support to work in multi-mode Squid | |
2556 | - Add 0.0.0.0 as an to_localhost address | |
2557 | - DiskIO detection fixes and use optimal IO in default build. | |
2558 | - Correct peer connect-fail-limit default of 10 | |
2559 | - Prevent squidclient sending two Accept: headers | |
2560 | - ... all bug fixes from 3.0.STABLE19 | |
2561 | - ... and many more documentation fixes | |
2562 | ||
f49a1c9e AJ |
2563 | Changes to squid-3.1.0.13 (04 Aug 2009): |
2564 | ||
2565 | - Bug 2723 regression: enable PURGE requests if PURGE method ACL is present. | |
2566 | - Fix one more internal profiler error | |
2567 | - Language Updates: Italian, Russian | |
2568 | - Language Updates: Add many more aliases | |
2569 | - Add Copyright document for errors/ content | |
2570 | - ... all bug fixes from 3.0.STABLE18 | |
2571 | - ... and several code polishing cleanups | |
2572 | ||
e7b1c518 AJ |
2573 | Changes to squid-3.1.0.12 (27 Jul 2009): |
2574 | ||
2575 | - Bug 2716: Chunked request Signed/Unsigned build error | |
2576 | - Bug 2674: Remove limit on HTTP headers read. | |
2577 | - Bug 2620: Invalid HTTP response codes causes segfault | |
2578 | - Fix FTP EPSV negotiation parser. | |
2579 | - Fix Via string when leak checking is enabled (valgrind etc) | |
2580 | - ... and several documentation and testing additions | |
2581 | ||
0b8d12da AJ |
2582 | Changes to squid-3.1.0.11 (19 Jul 2009): |
2583 | ||
2584 | - Bug 2087: Support adaptation sets and chains | |
2585 | - Bug 2459: dns error message broken when error handling delayed | |
2586 | - Support ICAP Retry | |
2587 | - Support ICAP retries based on the ICAP responses status code | |
2588 | - Support logging ICAP | |
2589 | - Support logging total DNS wait time | |
2590 | - Support logging response times of adaptation transactions | |
2591 | - General logging enhancements | |
2592 | - Dynamically form chains based on ICAP X-Next-Services header | |
2593 | - Support cross-transactional ICAP header exchange | |
2594 | - ... and much adaptation polish and improvements | |
2595 | ||
ce460dc8 AJ |
2596 | Changes to squid-3.1.0.10 (18 Jul 2009): |
2597 | ||
2598 | - Bug 2680: Regression Crash after rotate with no helpers running | |
2599 | - Bug 2695: Regression in WCCPv2 L2 mask assignment | |
2600 | - Bug 2707: Regression in FTP anonymous auth | |
2601 | - Bug 422, 2706: RFC 2616 Date header requirements | |
2602 | - Bug 1087: ESI processor not quoting attributes correctly. | |
2603 | - Bug 1338: File prefetches aborted despite range_offset | |
287dcde6 | 2604 | - Bug 2080: wbinfo_group.pl - false positive under certain conditions |
ce460dc8 | 2605 | - Bug 2092: select loop 32-bit call counter overflows |
287dcde6 | 2606 | - Bug 2127: delay pools class 4 crashes with ntlm auth |
ce460dc8 AJ |
2607 | - Bug 2611: document fast/slow acl types |
2608 | - Bug 2614: Potential loss of adapted body data from eCAP adapters | |
2609 | - Bug 2658: Missing TextException copy constructor | |
2610 | - Bug 2659: String length overflows on append, leading to segfaults | |
2611 | - Bug 2699: Build failure NTLM smb_lm helper | |
2612 | - Bug 2709: TRANSLATIONS not installed | |
2613 | - Bug 2710: squid_kerb_auth non-terminated string | |
2614 | - Delay pools 64-bit buckets and IPv6-polish | |
2615 | - Break forwarding loops for "transparent" or "intercept" http_ports. | |
2616 | - Add --disable-translation option to detatch .po from error negotiation | |
2617 | - Add squidclient man(1) page | |
2618 | - Add localhost to default permitted networks | |
2619 | - http_port allow-direct option to allow direct forwarding in accelerator mode | |
2620 | - ... and many testing infrastructure updates | |
2621 | ||
5df6d596 AJ |
2622 | Changes to squid-3.1.0.9 (26 Jun 2009): |
2623 | ||
2624 | - Bug 2682: Add ftp_epsv control to disable EPSV support. | |
2625 | - Bug 2665: Detach automake system from using -I. | |
2626 | - Bug 2395: FTP auth errors not displayed | |
2627 | - ... also several changes and bugs closed in 3.0.STABLE16 | |
2628 | - Port from 2.7: Show local address on listening sockets | |
2629 | - Add "tag" type acl matching tags set by external acl helpers. | |
2630 | - Adds Language alias linker/installer/upgrade scripts | |
2631 | - Support for GCC 4.4 | |
2632 | - Fix false NAT lookup errors on Linux | |
2633 | - Fix many Windows port issues | |
2634 | - Fix squid_kerb_auth helepr install location | |
2635 | - Better detection of IPv6 stack types | |
2636 | - Updates Licensing information for Squid 3.1 | |
2637 | - ... and many packaging portability build and install issues | |
2638 | ||
a7b15245 AJ |
2639 | Changes to squid-3.1.0.8 (24 May 2009): |
2640 | ||
2641 | - Bug 2656: Pinger dies with general protection fault | |
2642 | - Bug 2650: configure requires epoll_ctl in libepoll when --enable-epoll used | |
2643 | - Bug 2648: Authentificator processes deferring and don't shutdown. | |
2644 | - Bug 2645: allow squid to ignore must-revalidate | |
2645 | - Bug 2644: auth scheme initialization is broken | |
2646 | - Bug 2632: Make number of reforwarding tries configurable | |
2647 | - Bug 2628: --with-pidfile=PATH option to override DEFAULT_PID_FILE | |
2648 | - Bug 2627: HTCP Logging | |
2649 | - Bug 2615: Call libecap::adapter::Service::start() when finalizing config. | |
2650 | - Bug 2589: SNMP returning no data - wrong oid decoded | |
2651 | - Bug 2571: Squid with IPv6 fails to start on kernel without IPv6 | |
2652 | - Bug 2559: Problem parsing /0 and /0.0.0.0 | |
2653 | - Bug 2404: WCCP in mask mode is broken | |
2654 | - ... also all bugs closed by 3.0.STABLE14, 3.0.STABLE15, 3.0.STABLE16-RC1 | |
2655 | - Complete Interception multiple NAT support | |
2656 | - Add Content-Disposition to the known headers list. | |
2657 | - Make PEER_TCP_MAGIC_COUNT configurable | |
2658 | - Fix pinger install location | |
2659 | - Enable TPROXY v4 spoofing of CONNECT requests | |
2660 | - ... and much documentation and code polishing | |
2661 | ||
e1e28561 AJ |
2662 | Changes to squid-3.1.0.7 (08 Apr 2009): |
2663 | ||
2664 | - Fix: several issues with ident | |
2665 | - Add several language translations | |
2666 | - Upgrade code testing infrastructure | |
2667 | - Migrate much code to build as internal libraries | |
2668 | - Support gcc 4.4 | |
2669 | - Support doxygen 1.5.8 | |
2670 | - ... and much code polish to make things read easier | |
2671 | ||
727cb127 AJ |
2672 | Changes to squid-3.1.0.6 (01 Mar 2009): |
2673 | ||
e1e28561 | 2674 | - Regression Fix: Support HTTP/0.9 in accelerator mode |
727cb127 AJ |
2675 | - Bug 2601: Hack. Convert IPv4 netmasks to CIDR in IPv6-enabled mode |
2676 | - Bug 2593: Compile errors on Solaris 10 | |
2677 | - Bug 2591: adaptation_access does not work | |
2678 | - Bug 2588: coredump in rDNS lookup | |
2679 | - Bug 2526: default ALLOW when no list specified. | |
2680 | - Bug 2287: Send a 505 on requests with unsupported HTTP versions | |
2681 | - Bug 419: Hop by Hop headers MUST NOT be forwarded | |
2682 | - Fix external_acl_type handling of SSL certificate details | |
2683 | - Obsolete: dependency on nss_common.h and nss.h | |
2684 | - Support libtool2 | |
2685 | - ... and various documentation and code polish | |
2686 | ||
f636c996 AJ |
2687 | Changes to squid-3.1.0.5 (03 Feb 2009): |
2688 | ||
2689 | - Bug 2583: Fixed issue in content adaptation | |
2690 | - Bug 2576: Make translate target obey --disable-auto-locale | |
2691 | - Bug 2571: Add DNS failover to use IPv4-only listen when IPv6 fails. | |
2692 | - Bug 2563: 99+% CPU Usage on FTP URL | |
2693 | - Bug 2505, 2524, 2558: fixed several issues on connection handling | |
2694 | - Fix several issues in request parsing | |
2695 | - Fix memory leak from logformat parsing | |
2696 | - Fix various ESI build errors | |
2697 | - Make configure tests use C++ instead of C | |
2698 | - Drop special localhost conversion RFC violation. | |
2699 | - Add Language: Arabic | |
2700 | - ... and various documentation and code polish | |
2701 | ||
2702 | Changes to squid-3.1.0.4 (23 Jan 2009): | |
2703 | ||
2704 | - Regression Fix: Bug 2558: rollback bug 2395 fix. | |
2705 | - Bug 2555: Fixes to SNMP-MIB | |
2706 | - Bug 2550: assertion comm.cc:350 !fd_table[fd].closing() | |
2707 | - Bug 2547,2548: OSX compile errors (duplicate symbols and IPv6) | |
2708 | - Bug 2508: comm.cc:2035 assertion fd_table[fd].closing() | |
2709 | - Bug 2330: allow keep-alive+chunked; don't add max-age for no-cache | |
2710 | - Polish ZPH configuration interface | |
2711 | - Several Language Conversions to new auto-negotiate | |
2712 | - Port from 2.7: squidclient -V and -j options for HTTP/1.1 and 0.9 testing | |
2713 | - Fix: Pconn not being used when they should. | |
2714 | - Fix: Fix pinger immediate shutdowns | |
2715 | - Fix: Untangle CacheManager reports from log_fqdn | |
2716 | - ... and all bugs fixed for 3.0.STABLE12 | |
2717 | - ... and many code polish and optimization fixes. | |
2718 | ||
2719 | Changes to squid-3.1.0.3 (5 Dec 2008): | |
2720 | ||
2721 | - Regression Fix: StoreIOBuffer patch removed. | |
2722 | - Regression Fix: build issues with 3.1.0.2 bundle | |
2723 | - Security Bug 2526: default ALLOW when no list specified | |
2724 | - Bug 2525: encoding error on error pages | |
2725 | - Bug 2424: slow file descriptor leak | |
2726 | - Bug 2527: ICAP compile error on g++ 4.3.2 | |
2727 | - Bug 2523: bad assertion left in from debug | |
2728 | - Bug 2395: FTP Auth errors and others not displayed | |
2729 | - Update squid_kerb_auth to 1.0.5 | |
2730 | with better Squid integration. | |
2731 | - Fix cache_peer forcedomainname= option | |
2732 | - ... and many other minor fixes | |
2733 | ||
5e80e4ee AJ |
2734 | Changes to squid-3.1.0.2 (9 Nov 2008): |
2735 | ||
2736 | - Bug 2516: error page templates not properly installed | |
2737 | - Bug 2500: Solaris build issues | |
2738 | - Fixes FreeBSD build issues | |
2739 | - Release Notes completed | |
2740 | - Languages: new Russian, Japanese, Chinese, and general updates | |
2741 | - ... and other minor fixes | |
70c5dfb2 | 2742 | |
af4cd9a0 AJ |
2743 | Changes to squid-3.1.0.1 (27 Oct 2008): |
2744 | ||
2745 | - Bundled ntlm_auth helper renamed (see Release Notes before changing anything) | |
7a6e2ecc AJ |
2746 | - peername ACL added for matching against a named peer destination |
2747 | - configure option --with-logdir= added to select log files location | |
2748 | - squid_kerb_auth helper updated to 1.0.3 release | |
2749 | - Bug #740: allow external acl's to use reply headers in format | |
2750 | - Bug #2379: obsolete dns_testnames option | |
2751 | - Code test infrastructure expanded to configuration testing | |
2752 | - Policy changes to negative_ttl, cache deny QUERY, refresh_pattern | |
af4cd9a0 | 2753 | to bring their defaults up to RFC 2616 requirements. |
7a6e2ecc AJ |
2754 | - Large increase in RFC 2616 standard compliance (ongoing) |
2755 | - squid.conf cleanups for minimal config | |
2756 | - Connection Pinning ported from 2.6 for NTLM passthru authentication | |
2757 | - eCAP internal adaptation module support | |
af4cd9a0 | 2758 | - Localization and CSS display control of error pages |
7a6e2ecc AJ |
2759 | - Added semi-automatic documentation of source code |
2760 | - Added TE chunked encoding decoder to workaround broken HTTP/1.1 servers | |
2761 | - HTCP improvements ported from 2.7 adding HTCP CLR requests | |
70c5dfb2 | 2762 | - IPv6 (Internet Protocol version 6) support |
2763 | - ICMPv6 (Internet Control Message Protocol version 6) support | |
f1233d8c | 2764 | - FTP agent now supports EPSV/EPRT commands |
70c5dfb2 | 2765 | - DNS internal resolver now supports AAAA and CNAME records |
2766 | - SNMP peer and client tables now support IPv6 | |
2767 | - SNMP peer table supports named peers with multiple entries per IP | |
4aa8e49c | 2768 | - SslBump: Squid-in-the-middle decryption and encryption of straight |
2769 | CONNECT and transparently redirected SSL traffic, using configurable | |
2770 | client- and server-side certificates. While decrypted, the traffic | |
7a6e2ecc | 2771 | can be inspected using ICAP. |
af4cd9a0 | 2772 | - TPROXY version 4.1 support |
a13b3732 | 2773 | - IPFW and Netfilter interception methods may now both be built in one binary. |
f1233d8c AJ |
2774 | - ZPH Quality of Service patch now integrated |
2775 | - Null store now fully obsoleted and removed | |
2776 | - Unknown request methods all supported | |
2777 | - Follow_x_forwarder_for ported from 2.6 | |
7a6e2ecc | 2778 | - Bug #2223: Follow XFF extensions added |
af4cd9a0 | 2779 | - ... and many code and documentation cleanups |
7a6e2ecc | 2780 | |
2f954743 AJ |
2781 | Changes to squid-3.0.STABLE26 (28 Aug 2011): |
2782 | ||
2783 | - Regression: header_replace for reply headers | |
2784 | - Bug 3183: Invalid URL accepted with url host part of only '@'. | |
2785 | - Bug 3107: ncsa_auth DES silently truncates passwords to 8 bytes | |
2786 | - Bug 3056: comm.cc "!fd_table[fd].closing()" assertion from helperServerFree | |
2787 | - Bug 2991: Wrong parameters to fcntl() in commSetCloseOnExec() | |
2788 | - Bug 2933: Verification of the max. port number for WCCP2 dynamic service | |
2789 | - Bug 2922: Fix assertion failed: HttpHeader.cc: "Headers[id].stat.aliveCount" | |
2790 | - Regression Bug 2899: Restore lost rfc1738_unescape() data type | |
2791 | - Regression Bug 2879: headers end finding | |
2792 | - Bug 2876: FD_SETSIZE override not working on all linux distributions | |
2793 | - Check for NULL and empty strings before calling str*cmp(). | |
2794 | - Correct parsing of large Gopher indexes | |
2795 | ||
1a10a7e5 AJ |
2796 | Changes to squid-3.0.STABLE25 (14 Mar 2010): |
2797 | ||
2798 | - Bug 2845: Rework the http digest auth parser | |
2799 | - Bug 2787: unknown/unexpected status code messages | |
2800 | - Bug 2507: squid_ldap_group: Strip Domain name separated by + | |
2801 | - Bug 2367: stale=true on digest requests with unknown nonce | |
2802 | - ... and several other minor corrections | |
2803 | ||
6add0585 AJ |
2804 | Changes to squid-3.0.STABLE24 (13 Feb 2010): |
2805 | ||
2806 | - Bug 2858: Segment violation in HTCP | |
2807 | - Updated refresh pattern for dynamic pages | |
2808 | ||
bcd1f03d AJ |
2809 | Changes to squid-3.0.STABLE23 (02 Feb 2010): |
2810 | ||
2811 | - Bug 2856: removing assert() required for 3.0 patch for SQUID-2010:1 | |
2812 | - Regression Fix: Build error in Kerberos helper after library removal. | |
2813 | ||
61544616 AJ |
2814 | Changes to squid-3.0.STABLE22 (01 Feb 2010): |
2815 | ||
2816 | - Regression Fix: Make Squid abort on all config parse failures. | |
2817 | - Bug 2787: Reduce unexpected http status to non-critical warnings. | |
2818 | - Bug 2496: Downloading some variants in full before relaying | |
2819 | - Bug 2452: Add upper limit to external_acl_type entries. | |
2820 | - Removed optional kerberos/spnegohelp/ library due to licensing issues | |
2821 | - Add client_ip_max_connections | |
2822 | - Handle DNS header-only packets as invalid. | |
2823 | ||
06d0f369 AJ |
2824 | Changes to squid-3.0.STABLE21 (22 Dec 2009): |
2825 | ||
2826 | - Bug 2830: Clarify where NULL byte is in headers. | |
2827 | - Bug 2778: Linking issues using SunCC | |
2828 | - Bug 2395: FTP errors not displayed | |
2829 | - Bug 2155: Assertion failures on malformed Content-Range response headers | |
2830 | - Fix parsing and a few bugs in ACL time type | |
2831 | - Fix RFC keep-alive compliance on intercepted replies | |
2832 | - Improved security hardening on %nn parser | |
2833 | - Replace several GCC-specific code snippets. | |
2834 | ||
91228e4e AJ |
2835 | Changes to squid-3.0.STABLE20 (29 Oct 2009): |
2836 | ||
2837 | - Bug 2794: ESI parsing on FreeBSD | |
2838 | - Bug 2791: assertion failed: MemBuf.cc:400: new_cap > (size_t) capacity | |
2839 | - Bug 2779: Support GNU/kFreeBSD | |
2840 | - Bug 2773: Segfault in RFC2069 Digest authantication | |
2841 | - Bug 2768: squid_ldap_group argument parsing error | |
2842 | - Bug 2761: Gopher and double HTTP response header | |
2843 | - Bug 2735: Incomplete -fhuge-objects detection | |
2844 | - Bug 2722: prevent CONNECT via http_port with accel | |
2845 | - Bug 2624: Invalid response for IMS request | |
2846 | - Bug 2510: digest_ldap_auth TLS support | |
2847 | - Correct LINUX_CAPABILITY actions on non-Linux | |
2848 | ||
98df01e3 AJ |
2849 | Changes to squid-3.0.STABLE19 (06 Sep 2009): |
2850 | ||
2851 | - Bug 2745: Invalid Response error on small reads | |
2852 | - Bug 2739: DNS resolver option ndots can't be parsed from resolv.conf | |
2853 | - Bug 2734: some compile errors on Solaris | |
2854 | - Bug 2648: stateful helpers stuck in reserved if client disconnects while helper busy | |
2855 | - Bug 2541: Hang in 100% CPU loop while extacting header details using a delimiter other than comma | |
2856 | - Bug 2362: Remove support for deferred state in stateful helpers | |
2857 | - Add 0.0.0.0 as a to_localhost address | |
2858 | - Docs: Improve chroot directive documentation slightly | |
2859 | - Fixup libxml2 include magics, was failing when a configure cache was used | |
2860 | - ... and some minor testing improvements. | |
2861 | ||
b7a1ea6b AJ |
2862 | Changes to squid-3.0.STABLE18 (04 Aug 2009): |
2863 | ||
2864 | - Bug 2728: regression: assertion failed: !eof | |
2865 | - Bug 2732: reply_body_max_size smaller than error page loops | |
2866 | infinitely until out of memory | |
2867 | - Bug 2725: pconn failure if domain or client_address are unset | |
2868 | - Bug 2648: reserved helpers not shut down after reconfigure/rotate | |
2869 | - Bug 2462: make check should tell when cppunit is missing | |
2870 | - Remove excess messages about headers < minimum size | |
2871 | - Support Libtool 2.2.6 | |
2872 | ||
e7b1c518 | 2873 | Changes to squid-3.0.STABLE17 (27 Jul 2009): |
68c19036 AJ |
2874 | |
2875 | - Bug 2680 regression: Crash after rotate with no helpers running | |
2876 | - Bug 2710: squid_kerb_auth non-terminated string | |
2877 | - Bug 2679: strsep and strtoll detection failure | |
2878 | - Bug 2674: Remove limit on HTTP headers read. | |
2879 | - Bug 2659: String length overflows on append, leading to segfaults | |
2880 | - Bug 2620: Invalid HTTP response codes causes segfault | |
2881 | - Bug 2080: wbinfo_group.pl - false positive under certain conditions | |
2882 | - Bug 1087: ESI processor not quoting attributes correctly. | |
2883 | - Fix: issue with AUFS/UFS/DiskD writing objects to disk cache | |
2884 | - Several small build issues with previous release. | |
2885 | ||
950b7d55 AJ |
2886 | Changes to squid-3.0.STABLE16 (15 Jun 2009): |
2887 | ||
2888 | - Bug 2672: cacheMemMaxSize 32-bit overflow during snmpwalk | |
2889 | - Bug 2481: Don't set expires: now in generated error responses | |
2890 | - Bug 2387: The calculation of the number of hash buckets correctly | |
2891 | - Fix infinite loop in MSNT auth helper | |
2892 | - Fix FD_SETSIZE on FreeBSD | |
2893 | - Fix stripping NT domain in squid_ldap_group | |
2894 | - Fix RADIUS auth helper build | |
2895 | - Add Translate: and Unless-Modified-Since: headers to known list | |
2896 | - Make fakeauth handle NTLMv2 better | |
2897 | - Better Kerberos support detection | |
2898 | - Several Widows port fixes | |
2899 | ||
6e4fa9b4 AJ |
2900 | Changes to squid-3.0.STABLE16-RC1 (16 May 2009): |
2901 | ||
950b7d55 | 2902 | - Bug 1148: Ported from 3.1: Chunked Transfer Encoding |
6e4fa9b4 AJ |
2903 | - Bug 2648: NTLM helpers not shutting down when deferred |
2904 | ||
79200081 AJ |
2905 | Changes to squid-3.0.STABLE15 (06 May 2009): |
2906 | ||
2907 | - Regression Bug 2635: Incorrect Max-Forwards header type | |
2908 | - Bug 2652: 'Success' error on CONNECT requests | |
2909 | - Bug 2625: IDENT receiving errors | |
2910 | - Bug 2610: ipfilter support detection | |
2911 | - Bug 2578: FTP download resume failure | |
2912 | - Bug 2536: %H on HTTPS error pages | |
2913 | - Bug 2491: assertion "age >= 0" | |
2914 | - Bug 2276: too many NTLM helpers running | |
2915 | - Endian system and compiler fixes provided by the NetBSD project | |
2916 | - documentation fixes provided by the Debian project | |
2917 | ||
6c2e5932 AJ |
2918 | Changes to squid-3.0.STABLE14 (11 Apr 2009): |
2919 | ||
2920 | - Regression Fix: HTTP/0.9 in accelerator mode | |
2921 | - Bug 1232: cache_dir parameter limited to only 63 entries | |
2922 | - Bug 1868: support HTTP 207 status | |
2923 | - Bug 2518: assertion failure on restart/reconfigure | |
2924 | - Bug 2588: coredump in rDNS lookup | |
2925 | - Bug 2595: Out of bounds memory write in squid_kerb_auth | |
2926 | - Bug 2599: Idempotent start | |
2927 | - Bug 2605: Prevent setsid() on helpers in daemon mode | |
2928 | - Fix external_acl_type option parsing | |
2929 | - Fix delay pools counters on FTP | |
2930 | - Fix several issues with ident (some remain) | |
2931 | - Fix performance issues with persistent connections | |
2932 | - Fix performance issues with delay pools | |
2933 | - Fix forwarding of OPTIONS requests | |
2934 | - Add support for HTTP 1.1 Content-Disposition header | |
2935 | - Add support for Windows 7, Windows Server 2008 R2 and later | |
2936 | - ... and many small documentation updates | |
2937 | ||
f636c996 AJ |
2938 | Changes to squid-3.0.STABLE13 (03 Feb 2009): |
2939 | ||
2940 | - Fix several issues in request parsing | |
2941 | - Fix memory leak from logformat parsing | |
2942 | - Fix various ESI build errors | |
2943 | - ... and some documentation updates | |
2944 | ||
2945 | Changes to squid-3.0.STABLE12 (21 Jan 2009): | |
2946 | ||
2947 | - Bug 2533: Solaris (sparc) 64-bit build breaks with gcc/g++ | |
2948 | - Bug 2542: ICAP filters break download resume | |
2949 | - Bug 2556: HTCP fails without icp_port | |
2950 | - Bug 2564: logformat '%tl' field not working as advertised | |
2951 | - Port from 3.1: TestBed basic build consistency checks | |
2952 | - Policy: Change half_closed_clients default to off | |
2953 | - Policy: Removed -V command line option, deprecated by 2.6 | |
2954 | - ... and several other minor code cleanups | |
2955 | ||
2956 | Changes to squid-3.0.STABLE11 (24 Dec 2008): | |
2957 | ||
2958 | - Bug 2424: filedescriptors being left unnecessary opened | |
2959 | - Bug 2545: fault passing ICAP filtered traffic to peers | |
2960 | - Bug 2227: Sefgaults in MemBuf::reset during idnsSendQuery | |
2961 | - ... and some minor admin and debug cleanups. | |
2962 | ||
2963 | Changes to squid-3.0.STABLE11-RC1 (3 Dec 2008): | |
2964 | ||
2965 | - Removes patch causing cache of bad objects | |
2966 | - Bug 2526: bad security default in ACLChecklist | |
2967 | - Fixes regression: access.log request size tag | |
2968 | - Fixes cache_peer forceddomainname=X option | |
2969 | - ... and many minor documentation cleanups | |
2970 | ||
7a6e2ecc AJ |
2971 | Changes to squid-3.0.STABLE10 (14 Oct 2008): |
2972 | ||
2973 | - Bug 2391: Regression: bad assert in forwarding | |
2974 | - Bug 2447: Segfault on failed TCP DNS query | |
2975 | - Bug 2393: DNS requests getting stuck in idns queue | |
2976 | - Bug 2433: FTP PUT gives bad gateway | |
2977 | - Bug 2465: Limited DragonflyBSD support | |
2978 | - ... and other minor bugs and documentation | |
2979 | ||
2980 | Changes to squid-3.0.STABLE9 (9 Sep 2008): | |
2981 | ||
2982 | - Policy Enforcement: COSS is unusable in 3.0 | |
2983 | - Port from 3.1: Language Pack compatibility | |
2984 | - Port from 2.6: Windows Support Notes | |
2985 | - Fix several minor regressions: | |
2986 | HTCP stats reporting | |
2987 | cachemgr delay pool config | |
2988 | CARP build error | |
2989 | - Bug 2340: uudecode dependency for icons removed | |
2990 | - Bug 2352: no_check.pl ntlm challenge fix | |
2991 | - Bug 2426: buffer increase for kerberos auth fields | |
2992 | - Bug 2427: squid_ldap_group codes fix | |
2993 | - Bug 2437: peer name now shown in access.log | |
2994 | - Add sane display of unsupported method errors | |
2995 | - ... and various other code cleanups | |
2996 | ||
2997 | Changes to squid-3.0.STABLE8 (18 Jul 2008): | |
2998 | ||
2999 | - Port from 2.6: Support for cachemgr sub-actions | |
3000 | - Port from 2.6: userhash peer selection method | |
3001 | - Port from 2.6: sourcehash peer selection method | |
3002 | - Bug 2376: round-robin balancing fixes | |
3003 | - Bug 2388: acl documentation cleanup | |
3004 | - Bug 2365: cachemgr.cgi HTML output encoding | |
3005 | - Bug 2301: Regression: Log format size options | |
3006 | - Bug 2396: Correct the opening of PF device file. | |
3007 | - Bug 2400: ICAP accept mechanism | |
3008 | - Bug 2411: Regression: fakeauth_auth crashes | |
3009 | - Many fixes to the Windows support (not complete yet). | |
3010 | - Boost error pages HTML standards. | |
3011 | - Fixes several issues on 64-bit systems | |
3012 | - Fixes several issues on older or stricter compilers | |
3013 | - Linux-2.6.24/2.6.25 netfilter_ipv4.h __u32 workaround | |
3014 | - Update Release Notes: 'all' ACL is built-in since 3.0.STABLE1 | |
3015 | ||
3016 | Changes to squid-3.0.STABLE7 (22 Jun 2008): | |
3017 | ||
3018 | - Fix several ASN issues | |
3019 | - Fix SNMP reporting of counters | |
3020 | - Fix round-robin algorithms | |
3021 | - GCC 4.3 support | |
3022 | - Netfilter v1.4.0 bug workaround | |
3023 | - Bugs 2350 and 2323: memory issues | |
3024 | - Bugs 2384, 951, 1566: ESI assertions | |
3025 | - Various minor debug and documentation cleanups | |
f1233d8c AJ |
3026 | |
3027 | Changes to squid-3.0.STABLE6 (20 May 2008): | |
3028 | ||
3029 | - Bug 2254: umask Feature from 2.6 added | |
3030 | - cachemgr.cgi default config file added | |
3031 | - Several authentication bug fixes | |
3032 | - Improved Windows Support | |
3033 | - better DNS lookup methods for unqualified hostames | |
3034 | - better support for 64-bit environments | |
3035 | - Bug 2332: Crash when tunnelling | |
3036 | - Removed the advertisement clause from BSD licenses | |
3037 | according to the GPLv2+ changes in BSD | |
3038 | - ... and other bugs and minor cleanups | |
3039 | ||
3040 | Changes to squid-3.0.STABLE5 (28 Apr 2008): | |
3041 | ||
3042 | - Support for resolv.conf 'domain' option | |
3043 | - Improved URI support, including | |
3044 | longer URI up to 8192 bytes accepted | |
3045 | better handling of intercepted URI | |
3046 | better port for non-FQDN URI lookups | |
3047 | - Improved logging, including | |
3048 | Bug 3210 fixed: incorrect timestamp format in earlier 3.0 releases. | |
3049 | Fixed 'log_ip_on_direct' option behaviour | |
3050 | - Support for profiling on x86 64-bit systems | |
3051 | - .. and other bugs and minor code cleanups. | |
3052 | ||
3053 | Changes to squid-3.0.STABLE4 (2 Apr 2008): | |
3054 | ||
3055 | - Bug 2288: compile error slipped into STABLE3. | |
3056 | ||
3057 | Changes to squid-3.0.STABLE3 (31 Mar 2008): | |
3058 | ||
3059 | - Improved HTTP 1.1 support. | |
3060 | - Improved MacOSX (Leopard) support | |
3061 | - Bug 2206: Proxy-Authentication regression in STABLE2. | |
3062 | - Strip Domain from NTLM usernames for use in class 4 Delay Pools | |
3063 | - ... and other bugs and minor code cleanup | |
3064 | ||
3065 | Changes to squid-3.0.STABLE2 (1 Mar 2008): | |
3066 | ||
3067 | - Add myportname ACL for matching the accepting port name (see release notes) | |
3068 | - Add include directive for squid.conf (see release notes) | |
3069 | - Add ability to strip kerberos realm from usernames during Auth | |
3070 | - License cleanup to comply with GPLv2 or later | |
3071 | - Updated Error Pages and Translations | |
3072 | - Updated configuration examples | |
3073 | - Updated valgrind support for valgrind-3.3.0 | |
3074 | - Improved support for Windows and MacOS X Leopard | |
3075 | - Improved support for files larger than 2GB | |
3076 | - Improved support for CARP arrays and WCCPv2 | |
3077 | - Improved cachmgr, SNMP, and log reporting | |
3078 | - ... and as usual Many bug fixes since STABLE 1 | |
70c5dfb2 | 3079 | |
284237d4 | 3080 | Changes to squid-3.0.STABLE1 (13 Dec 2007): |
3ff01c3e | 3081 | |
3082 | - Major rewrite translating the code to C++, originally based on | |
3083 | Squid-2.5.STABLE1 | |
3084 | - Internal client streams concept for content adaptation | |
3085 | - ICAP (Internet Content Adaptation Protocol) client support | |
3086 | - ESI (Edge Side Includes) support added | |
284237d4 | 3087 | - Improved support for files larger than 2GB. |
3ff01c3e | 3088 | - And a lot more. Most features from Squid-2.6 is supported, but not |
3089 | all. See the release notes for details. | |
3090 | ||
9ae33c59 AJ |
3091 | |
3092 | Squid-2 ChangeLog of versions fully ported to Squid-3 follows. | |
3093 | ||
3094 | Changes to squid-2.6.STABLE22 (19 October 2008) | |
3095 | ||
3096 | - Bug #2396: Correct the opening of the PF device file. | |
3097 | - Make --with-large-files and --with-build-envirnment=default play | |
3098 | nice together | |
3099 | - Workaround for Linux-2.6.24 & 2.6.25 netfiler_ipv4.h include header | |
3100 | __u32 problem | |
3101 | - Make dns_nameserver work when using --disable-internal-dns on glibc | |
3102 | based systems | |
3103 | - Bug #2426: Increase negotiate auth token buffer size | |
3104 | - Bug #2427: squid_ldap_group -h reports the old % codes for -f | |
3105 | - Bug #2477: swap.state permission issues if crashing during "squid -k | |
3106 | reconfigure" | |
3107 | - Windows port: Fix build error using latest MinGW runtime. | |
3108 | ||
3109 | ||
3110 | ||
3ff01c3e | 3111 | Older ChangeLog follows. The sections relating to Squid-2.6 is not entirely |
3112 | authorative for this release and mirrored here for reference only. | |
f1233d8c | 3113 | |
467c94d1 | 3114 | - CARP now plays well with the other peering algorithms, |
3115 | and support for CARP peerings is compiled by default. Can be | |
3116 | disabled by --disable-carp | |
1741cbad | 3117 | - Configuration file can be read from an external program |
3118 | or preprocessor. See squid.8 man page. | |
52f772de | 3119 | - http_port is now optional, allowing for SSL only operation |
4ca261f2 | 3120 | - Satellite and other high latency peering relations enhancements |
3121 | (Robert Cohren) | |
a9245686 | 3122 | - Nuked num32 types, and made type detection more robust by the |
3123 | use of typedefs rather than #defines. | |
b5fb34f1 | 3124 | - the mailto links on Squid's ERR pages now contain data about the |
3125 | occurred error by default, so that the email will contain this data in | |
3126 | its body. This feature can be disabled via the email_err_data directive. | |
9ae33c59 | 3127 | (Clemens L?ser) |
c8f4eac4 | 3128 | - COSS now uses a file called stripe and the path in squid.conf is the |
3129 | directory this is placed in. Additionally squid -z will create the | |
3130 | COSS swapfile. | |
14f5b6c3 | 3131 | - WCCPv2 support, including mask assignment support |
5401aa8d | 3132 | - HTCP support for access control and the CRL operation for |
3133 | purgeing of cache content | |
14f5b6c3 | 3134 | - ICAP related fixes |
3135 | - Windows-related fixes, including Vista and Longhorn identification | |
3136 | - Client-side parsing and some string use optimisations | |
3137 | - Lots of off-by-one and memory leaks in corner cases have been fixed | |
3138 | thanks to valgrind | |
3139 | - Improved high-resolution profiling | |
3140 | - Windows overlapped-IO and thread support added to the Async IO disk code | |
3141 | - Improvements for handling large DNS replies | |
a7c8cce0 | 3142 | |
3ff01c3e | 3143 | Changes to squid-2.6.STABLE15 (31 Aug 2007) |
3144 | ||
3145 | - The select() I/O loop got broken by the /dev/poll addition | |
3146 | (2.6.STABLE14) | |
3147 | - Bug #2017: Fails to work around broken servers sending just the HTTP | |
3148 | headers | |
3149 | - Bug #2023: Compile error with old GCC 2.x or other ANSI-C compilers | |
3150 | before C99 | |
3151 | - squid.conf.default updated and reorganised in more sensible groups | |
3152 | - correct and document the syslog access_log format | |
3153 | - Armenian error pages translation | |
3154 | - digest_ldap_helper usage help updated | |
3155 | - Bug #1560: ftpSendPasv: getsockname(-1,..): (9) Bad file descriptor | |
3156 | - Improve delay pools in low traffic environment by checking timeouts | |
3157 | at a steady 1 second interval even when there is not much activity | |
3158 | - Don't request authentication on transparently intercepted | |
3159 | connections | |
3160 | - Cleanup linux capabilities for tproxy | |
3161 | - Bug #2003: 'via' config directive doesn't affect response headers | |
3162 | - Bug #1902: Adds Numeric Hit and invalid request counters to IP Cache | |
3163 | - Add missing $|=1 to squid_db_auth | |
3164 | - Bug #2050: Persistent connection dropped if cache has no | |
3165 | Content-Length | |
3166 | - Verify the URL on memory cache hits | |
3167 | - Bug #2057: NTLM stop work in messengers after upgrade to 2.6.STABLE14 | |
3168 | - Bug #1972: Squid sets peers to down state when they are in fact | |
3169 | working. | |
3170 | - potential segmentation fault in storeLocateVary() | |
3171 | - Bug #2066: chdir after chroot | |
3172 | - Windows port: Fix compiler warnings when building Squid as | |
3173 | application (not Windows service mode) | |
3174 | - Spelling correction of received | |
3175 | ||
3176 | Changes to squid-2.6.STABLE14 (15 Jul 2007) | |
3177 | ||
3178 | - squid.conf.default cleanup to have options in their proper sections. | |
3179 | - documentation correction in the refresh_pattern ignore-auth option | |
3180 | - URI-escaping not uses the recommended upper-case hex codes | |
3181 | - refresh_pattern min-age 0 correted to really mean 0, and not 1 second | |
3182 | - Always use xisxxxx() Squid defined macros instead of ctype | |
3183 | functions. | |
3184 | - Kerberos SPNEGO/Negotiate helper for the negotiate scheme | |
3185 | - Database basic auth helper using Perl DBI to connect to most SQL DBs | |
3186 | - Solaris /dev/poll network I/O support | |
3187 | - configure fixes to make cross compilation somewhat easier | |
3188 | - Removed incorrect -a reference from http_port documentation | |
3189 | - Bug #1900: Double "squid -k shutdown" makes Squid restart again | |
3190 | - Bug #1968: Squid hangs occasionally when using DNS search paths | |
3191 | - Novell eDirectory digest auth helper (digest_edir_auth) | |
3192 | - Bug #1130: min-size option for cache_dir | |
3193 | - POP3 basic auth helper querying a POP3 server | |
3194 | - Cosmetic squid_ldap_auth fixes from Squid-3 | |
3195 | - Bug #1085: Add no-wrap to cache manager HTML tables | |
3196 | - Automatically restart if number of available filedescriptors becomes | |
3197 | alarmingly low, preventing a situation where Squid would otherwise | |
3198 | permanently stop processing requests. | |
3199 | - Bug #2010: snmp_core.cc:828: warning: array subscript is above | |
3200 | array bounds | |
3201 | - Deal better with forwarding loops | |
3202 | ||
3203 | Changes to squid-2.6.STABLE13 (11 May 2007) | |
3204 | ||
3205 | - Make sure reply headers gets sent even if there is no body available | |
3206 | yet, fixing RealMedia streaming over HTTP issues. | |
3207 | - Undo an accidental name change of storeUnregisterAbort. | |
3208 | - Kill an ancient malplaced storeUnregisterAbort call from ftp.c | |
3209 | - Bug #1814: SSL memory leak on persistent SSL connections | |
3210 | - Don't log ECONNREFUSED/ECONNABORTED accept failures in cache.log | |
3211 | - Cosmetic fix: added missing newline in WCCPv2 configuration dump. | |
3212 | - Ukrainan error messages | |
3213 | - Convert various error pages from DOS to UNIX text format | |
3214 | - Bug #1820: COSS assertion failure t->length == MD5_DIGEST_CHARS | |
3215 | - Clarify the max-conn=n cache_peer option syntax slightly | |
3216 | - Bug #1892: COSS segfault on shutdown | |
3217 | - Windows port: fix undefined ECONNABORTED | |
3218 | - Make refreshIsCachable handle ETag as a cache validator, not | |
3219 | only last-modified | |
3220 | - in_port_t is not portable, use unsigned short instead | |
3221 | - Fix fs / auth / snmp dependencies | |
3222 | - Portability: statfs() may reqire #include <sys/statfs.h> | |
3223 | ||
3224 | Changes to squid-2.6.STABLE12 (20 Mar 2007) | |
3225 | ||
3226 | - Assertion error on TRACE | |
3227 | ||
3228 | Changes to squid-2.6.STABLE11 (17 Mar 2007) | |
3229 | ||
3230 | - Bug #1915: assertion failed: client_side.c:4055: "buf != NULL || | |
3231 | !conn->body.request" | |
3232 | - Handle garbage helper responses better in concurrent protocol format | |
3233 | - Fix kqueue when overflowing the changes queue | |
3234 | - Make sure the child worker process commits suicide if it could | |
3235 | not start up | |
3236 | - Don't log short responses at debug level 1 | |
3237 | - Fix bswap16 & bwsap32 error on NetBSD | |
3238 | - Fix collapsed_forwarding for non-GET requests | |
3239 | ||
3240 | Changes to squid-2.6.STABLE10 (4 Mar 2007) | |
3241 | ||
3242 | - Upgrade HTTP/0.9 responses to our HTTP version (HTTP/1.0) | |
3243 | - various diskd bugfixes | |
3244 | - In the access.log hierarchy field log the unique peer name | |
3245 | instead of the host name | |
3246 | - unlinkdClose() should be called after (not before) storeDirSync() | |
3247 | - CLEAN_BUF_SZ was defined, but never used anywhere | |
3248 | - logging HTTP-request size | |
3249 | - Fix icmp pinger communication on FreeBSD and other not supporing | |
3250 | large dgram AF_UNIX sockets | |
3251 | - Release objects on swapin failure | |
3252 | - Bug #1787: Objects stuck in cache if origin server clock in future | |
3253 | - Bug #1420: 302 responses with an Expires header is always cached | |
3254 | - Primitive support for HTTP/1.1 chunked encoding, working around | |
3255 | broken servers | |
3256 | - Clean up relations between TCP probing and DNS checks of peers with | |
3257 | no known addresses. | |
3258 | - Fix a minor HTML coding error in ftp directory listings with // in | |
3259 | the path | |
3260 | - Bug #1875, #1420. Cleanup of refresh logics when dealing with | |
3261 | non-refreshable content | |
3262 | - Gopher cleanups and bugfixes | |
3263 | - Negotiate authentication fixed again. Broken since STABLE7 by the | |
3264 | patch for Bug #1792. | |
3265 | - Bug #1892: COSS tries to shut down the same directory twice on exit | |
3266 | - Bug #1908: store*DirRebuildFromSwapLog() ignores some SWAP_LOG_DEL | |
3267 | entries | |
3268 | - Added support for Subversion HTTP request methods MKACTIVITY, | |
3269 | CHECKOUT and MERGE. | |
3270 | ||
3271 | Changes to squid-2.6.STABLE9 (24 Jan 2007) | |
3272 | ||
3273 | - Bug #1878: If-Modified-Since broken in 2.6.STABLE8 | |
3274 | - Bug #1877 diskd bug in storeDiskdIOCallback() | |
3275 | ||
3276 | Changes to squid-2.6.STABLE8 (21 Jan 2007) | |
3277 | ||
3278 | - Bug #1873: authenticateNTLMFixErrorHeader: state 4. | |
3279 | - Document the https_port vhost option, useful in combination with | |
3280 | a wildcard certificate | |
3281 | - Document the existence of connection pinning / forwarding of NTLM | |
3282 | auth and a few other features overlooked in the release notes. | |
3283 | - Spelling correction of the ssl cache_peer option | |
3284 | - Add back the optional "accel" http_port option. Makes accelerator | |
3285 | mode configurations easier to read. | |
3286 | - Bug #1872: Date parsing error causing objects to get unexpectedly | |
3287 | cached. | |
3288 | - Cleanup to have the access.log tags autogenerated from enums.h | |
3289 | - Bug #1783: STALE: Entry's timestamp greater than check time. Clock | |
3290 | going backwards? | |
3291 | - Don't update object timestamps on a failed revalidation. | |
3292 | - Fix how ftp://user@host URLs is rendered when Squid is built with | |
3293 | leak checking enabled | |
3294 | ||
3295 | Changes to squid-2.6.STABLE7 (13 Jan 2007) | |
3296 | ||
3297 | - Windows port: Fix intermittent build error using Visual Studio | |
3298 | - Add missing tproxy info from the dump of http port configuration | |
3299 | - Bug #1853: Support for ARP ACL on NetBSD | |
3300 | - clientNatLookup(): fix wrong function name in debug messages | |
3301 | - Convert ncsa_auth man page from DOS to Unix text format. | |
3302 | - Bug #1858: digest_ldap_auth had some remains of old hash format | |
3303 | - Correct the select_loops counter when using select(). Was counted twice | |
3304 | - Clarify the http_port vhost option a bit | |
3305 | - Fix cache-control: max-stale without value or bad value | |
3306 | - Bug #1857: Segmentation fault on certain types of ftp:// requests | |
3307 | - Bug #1848: external_acl crashes with an infinite loop under high load | |
3308 | - Bug #1792: max_user_ip not working with NTLM authentication | |
3309 | - Bug #1865: deny_info redirection with authentication related acls | |
3310 | - Small example on how to use the squid_session helper | |
3311 | - Bug #1863: cache_peer monitorurl, monitorsize and monitorinterval not working properly | |
3312 | - Clarify the transparent http_port option a bit more | |
3313 | - Bug #1828: squid.conf docutemtation error for proxy_auth digest | |
3314 | - Bug #1867: squid.pid isn't removed on shutdown | |
3315 | ||
3316 | Changes to squid-2.6.STABLE6 (12 Dec 2006) | |
3317 | ||
3318 | - Bug #1817: Assertion failure assert(buflen >= copy_sz) in htcp.c htcpBuildAuth() | |
3319 | - Add client source port logformat tag >p | |
3320 | - Cleanup of transparent & accelerator mode request parsing to untangle the firewall dependencies a bit | |
3321 | - Bug #1799: Harmless 1 byte buffer overflow on long host names in /etc/hosts | |
3322 | - automake no longer recommends mkinstalldirs. Removed. | |
3323 | - Only use crypt() if it's available, allowing ncsa_auth to be built | |
3324 | on platofms without crypt() support. | |
3325 | - Windows port documentation updates | |
3326 | - Bug #1818: Assertion failure assert(e->swap_dirn >= 0) in fs/coss/store_dir_coss.c storeCoss_DeleteStoreEntry | |
3327 | - Bug #1117: assertion failed: aufs/store_dir_aufs.c:642: "rb->flags.need_to_validate" | |
3328 | - Remove extra newline in redirect message sent by deny_info http://... aclname | |
3329 | - Bug #1805: assertion failed: StatHist.c:195: "D[i] >= 0" | |
3330 | - Clarify the external_acl_type helper format specification and some defaults | |
3331 | - Add support for the weight= parameter to round-robin peers | |
3332 | - Bug #1832: Error building squid-2.6.STABLE5 using --enable-truncate | |
3333 | - Convert snmpDebugOid to use a temporary String object instead of strcat | |
3334 | - Document that proxy_auth also accepts -i for case-insensitive operation | |
3335 | - Remove malloc/free of temporary buffer in time parsing routines. | |
3336 | - Reduce memory allocator pressure by not continually allocating client-side read buffers | |
3337 | - Accept large dates >2^31 on 64-bit platformst. Seen for example in the Google logo. | |
3338 | - Convert the connStateData->chr single link list to a normal dlink_list for clarity. | |
3339 | - Bug #1584: Unable to register with multiple WCCP2 routers | |
3340 | - Fix the WCCPv2 mask assignment code to not crash as the value assignments are built. | |
3341 | - Bug #439: Multicast ICP peering is unstable and considers most peers dead | |
3342 | - Bug #1801: NTLM authentication ends up in a loop if the server responds with a retriable error | |
3343 | - Bug #1839: Cosmetic debug message cleanup in peerHandleHtcpReply. | |
3344 | - Bug #1840: Disable digest and netdb queries to multicast peers | |
3345 | - Bug #1641: assertion failed: stmem.c:149: "size > 0" while processing certain Vary objects | |
3346 | - Fix build errors when using latest MinGW Windows environment | |
3347 | ||
3348 | Changes to squid-2.6.STABLE5 (3 Now 2006) | |
3349 | ||
3350 | - Bug #1776: 2.6.STABLE4 aufs fails to compile if coss isn't enabled | |
3351 | - COSS improvements and cleanups | |
3352 | - SNMP linking issue resolved, enabling SNMP support to be build in all platforms | |
3353 | - Bug #1784: access_log syslog results in blanks syslog lines between every entry | |
3354 | - Bug #1719: Incorrect error message on invalid cache_peer specifications | |
3355 | - Bug #1785: Memory leak in handling of negatively cached objects | |
3356 | - Bug #1780: Incorrect Vary processing in combination with collapsed_forwarding | |
3357 | - Bug #1782: Memory leak in ncsa_auth on password changes | |
3358 | - Suppress some annoying coss startup messages raising the debug level to 2. | |
3359 | - Clarify the external_acl_helper concurrency= change. | |
3360 | - aioDone() could be called twice from aufs and from coss (when using AIOPS) during shutdown. | |
3361 | - Bug #1794: Accept 00:00-24:00 as a valid time specification even if redundand and the same as 00:00-23:59 | |
3362 | - Bug #1795: Theoretical memory leak in storeSetPublicKey | |
3363 | - Removing port 563 from the default SSL_ports and Safe_ports ACLs | |
3364 | - Bug #1724: Automatically enable Linux Netfilter support with --enable-linux-tproxy. | |
3365 | - Bug #1800: squid -k reconfigure crash when using req/rep_header acls | |
3366 | - Clarify the select/poll/kqueue/epoll configure --enable/disable options | |
3367 | - Bug #1779: Delay pools fairness when multiple connections compete for bandwidth | |
3368 | - Bug #1802: Crash on exit in certain conditions where cache.log is not writeable | |
3369 | - Bug #1796: Assertion error HttpHeader.c:914: "str" | |
3370 | - Bug #1790: Crash on wccp2 + mask assignement + standard wccp service | |
3371 | - Silence harmless gcc compile warning. | |
3372 | - Clean up poll memory on shutdown | |
3373 | - Ported select, poll and win32 to new comm event framework | |
3374 | - Windows port: Correctly identify Windows Vista and Windows Server Longhorn | |
3375 | - Added a basic comm_select_simple comm loop only requiring minimal POSIX compliance. | |
3376 | - Safeguard from kb_t counter overflows on 32-bit platforms | |
3377 | ||
3378 | Changes to squid-2.6.STABLE4 (23 Sep 2006) | |
3379 | ||
3380 | - Bug #1736: Missing Italian translation of ERR_TOO_BIG error page | |
3381 | - Windows port enhancement: added native exception handler with signal emulation | |
3382 | - Fix the %un log_format tag again. Got broken in 2.6.STABLE2 | |
3383 | - Fix Squid crash when using %a in ERR_INVALID_REQ and ERR_INVALID_URL error messages. | |
3384 | - Bug #212: variable %i always 0.0.0.0 in many error pages | |
3385 | - Bug #1708: Ports in ACL accepts characters and out of range | |
3386 | - Bug #1706: Squid time acl accepts invalid time range. | |
3387 | - Fix another harmless fake_auth compiler warning on gcc 4.1.1 x86 | |
3388 | - Fix an harmless snmp_core.c compiler warning on gcc 4.1.1 x86 | |
3389 | - Bug #1744: squid-2.6.STABLE3 - fakeauth_auth crashing on certain requests | |
3390 | - Bug #1746: Harmless off by one overrun in ncsa_auth md5 password validation | |
3391 | - Bug #1598: start_announce cannot be disabled | |
3392 | - Periodically flush cache.log to disk when "buffered_logs on" is set | |
3393 | - Numerous COSS improvements and fixes | |
3394 | - Windows port: merge of MinGW support | |
3395 | - Windows port: Merged Windows threads support into aufs | |
3396 | - Bug #1759: Windows port cachemgr.cgi attempts to write to file system root directory | |
3397 | - Numerous portability fixes | |
3398 | - Various minor statistics cleanup on 64-bit hosts with more than 4GB of memory | |
3399 | - Bug #1758: HEAD on ftp:// URLs always returned 200 OK. | |
3400 | - Bug #1760: FTP related memory leak | |
3401 | - Bug #1770: WCCP2 weighted assignment | |
3402 | - Bug #1768: Redundant DNS PTR lookups | |
3403 | - Bug #1696: Add support for wccpv2 mask assignment | |
3404 | - Bug #1774: ncsa_auth support for cramfs timestamps | |
3405 | - Bug #1769: near-hit and filedescriptor usage missing in SNMP MIB | |
3406 | - Bug #1725: cache_peer login=PASS documentation somewhat confusing | |
3407 | - Bug #1590: Silence those ETag loop warnings | |
3408 | - Bug #1740: Squid crashes on certain malformed HTTP responses | |
3409 | - Bug #1699: assertion failed: authenticate.c:836: "auth_user_request != NULL" | |
3410 | - Improve error reporting on unexpected CONNECT requests in accelerator mode | |
3411 | - Cosmetic change to increase cache.log detail level on invalid requests | |
3412 | - Bug #1229: http_port and other directives accept invalid ports | |
3413 | - Reject http_port specifications using both transparent and accelerator options | |
3414 | - Cosmetic cleanup to not dump stacktraces on configuration errors | |
3415 | ||
3416 | ||
3417 | Changes to squid-2.6.STABLE3 (18 Aug 2006) | |
3418 | ||
3419 | - Bug #1577: assertion failed "fm->max_n_files <= (1 << 24)" on | |
3420 | very large cache_dir. Limit number of objects stored to slightly | |
3421 | less to avoid this. | |
3422 | - Bug #1705: Correct error message on invalid time weekday specification | |
3423 | - Don't attempt to guess netmask in src/dst acl specifications | |
3424 | if none was provided. Assume it's an IP even if it ends in 0 | |
3425 | - Bug #1665: log_format %ue, %us tags for external or ssl user id | |
3426 | - Bug #1707: delay pools often ignored the set limit | |
3427 | - Bug #1716: Support for recent OpenSSL 0.9.7 versions | |
3428 | (0.9.8 always worked) | |
3429 | - COSS fixes and performance improvements | |
3430 | - Memory leak when reading configuration files with overlapping | |
3431 | ACL data where squid -k parse complains. | |
3432 | - Memory leak related to pinned connections | |
3433 | - Show include acls unexpanded in cachemgr configuration dumps | |
3434 | - Fixed WARNING defer handler for HTTP Socket does not call commDeferFD | |
3435 | - Bug #1304: Downloads may hang when using the cache_dir max-size option | |
3436 | - Optimization of network I/O | |
3437 | - Bug #1730: make problem with --enable-follow-x-forwarded-for on Solaris | |
3438 | - Fixed a memory leak on certain invalid requests | |
3439 | - Bug #1733: ERR_CANNOT_FORWARD Portuguese translation update | |
3440 | - Bug #582: ntlm fake_auth not handles non-ascii login names | |
3441 | - New startup message indicating the type of event loop used | |
3442 | - Bug #1602: TCP fallback on truncated DNS responses | |
3443 | - Bug #1667: assertion failed: store.c:1081: "e->store_status == STORE_PENDING" | |
3444 | - Bug #1723: cachemgr now works in accelerator mode | |
3445 | ||
3446 | Changes to squid-2.6.STABLE2 (31 Jul 2006) | |
3447 | ||
3448 | - WCCP2 doesn't update statCounter.syscalls.sock.sendtos counter. | |
3449 | - Releasenotes Table of contents should use relative links without | |
3450 | filename. | |
3451 | - Reject HTTP/0.9 formatted CONNECT requests. | |
3452 | - Cosmetic cleanup to use safe_free instead of xfree + manual | |
3453 | assign to NULL | |
3454 | - Bug #1650: transparent interception "Unable to forward this | |
3455 | request at this time" | |
3456 | - Bug #1658: Memory corruption when using client-side SSL certificates | |
3457 | - Add storeRecycle; a storeIO method to delete a StoreEntry w/out | |
3458 | deleting the underlying object. | |
3459 | - Many COSS fixes and new coss data dumper utility for diagnostics | |
3460 | - Bug #1669: SEGV in storeAddVaryReadOld | |
3461 | - Many fixes in debug sections and spelling of debug messages | |
3462 | - Don't keep client connection persistent if there was a mismatch in | |
3463 | the response size. | |
3464 | - Move eventCleanup debug messages to debug level 2 (was 0) | |
3465 | - Add the missing concurrency parameters to basic and digest auth | |
3466 | schemes | |
3467 | - Bug #1670: assertion failure: i->prefix_size > 0 in client_side.c:2509 | |
3468 | - Log SSL user id in the custom log User name format (%un) | |
3469 | - Bug #1653: Username info not logged into Cachemgr active_requests | |
3470 | statistics | |
3471 | - Added to the redirectors interface the support for SSL client | |
3472 | certificate | |
3473 | - squid.conf.default cleanup to remove references to old options | |
3474 | - Fix many filedescriptors in combination with TPROXY | |
3475 | - Fix connection pinning in transparently intercepted connections | |
3476 | - Bug #1679: LDFLAGS not honored in some programs. | |
3477 | - Minor cleanup of port numbers in transparent interception or | |
3478 | vhost + vport | |
3479 | - Bug #1671: transparent interception fails with FreeBSD ipfw or | |
3480 | Linux-2.2 ipchains | |
3481 | - Bug #1660: Accept-Encoding related memory corruption | |
3482 | - Bug #1651: Odd results if url_rewriter defined multiple times | |
3483 | - Bug #1655: Squid does not produce coredumps under linux when | |
3484 | started as root | |
3485 | - Bug #1673: cache digests not served to other caches | |
3486 | - Cleanup of Linux capability code used by tproxy | |
3487 | - Bug #1684: xstrdup: tried to dup a NULL pointer! | |
3488 | - Bug #1668: unchecked vsnprintf() return code could lead to log | |
3489 | corruption | |
3490 | - Bug #1688: Assertion failure in HttpHeader.c in some header_access | |
3491 | configurations | |
3492 | - Cygwin support fir --disable-internal-dns | |
3493 | - Silence those annoying sslReadServer: Connection reset by peer | |
3494 | errors. | |
3495 | - Bug #1693: persistent connections broken in transparent | |
3496 | interception mode | |
3497 | - Bug #1691: multicast peering issues | |
3498 | - Bug #1696: Correct WCCP2 processing of router capability info | |
3499 | segments | |
3500 | - Bug #1694: Assertion failure in mgr:config if using | |
3501 | access_log_format %<h | |
3502 | - Bug #1677: Duplicate etags in the If-None-Match header | |
3503 | - Bug #1665: access_log_format codes for login names from external | |
3504 | acl or ssl | |
3505 | - Bug #1681: All ntlmauthenticator processes are busy | |
3506 | - Added ARP acl support for OpenBSD and ARP fixes for Windows | |
3507 | - Bug #1700: WCCP fails on FreeBSD (Unable to disconnect WCCP out | |
3508 | socket) | |
3509 | - WCCP2 correct dampening of assign buckets when there it lots of | |
3510 | changes | |
3511 | - minimum_expiry_time to tune the magic 60 seconds limit of what | |
3512 | is considered cachable when the object doesn't have any cache | |
3513 | validators. | |
3514 | - Bug #1703: wrong path to diskd helper corrected, and config | |
3515 | parser extended to trap incorrect paths early | |
3516 | - Bug #1703: COSS failed to initialize async-io threads | |
3517 | - Bug #1703: should abort if diskd helper exits unexpectedly | |
3518 | - Bug #1702: Warn if acl name is too long | |
3519 | - Bug #1685: Crashes or other odd results after storeSwapMetaUnpack: errors | |
3520 | - wccp2_rebuild_wait directive to delay registering with WCCP until the | |
3521 | - Bug #1662: Infinite loop in external acl with grace period if the | |
3522 | same http_access line had multiple external acls | |
3523 | ||
3524 | Changes to squid-2.6.STABLE1 (1 Jul 2006) | |
3525 | ||
3526 | - New --enable-default-hostsfile configure option | |
3527 | - Added username info to active_requests cachemgr stats | |
3528 | - Modified squid MIB to incorporate squid.conf visible_hostname | |
3529 | - Added multi-line capability in squid.conf | |
3530 | - Added new httpd_suppress_version_string configuration directive | |
3531 | - WCCPv2 support | |
3532 | - Negotiate authentication scheme support | |
3533 | - NTLM authentication scheme rewritten | |
3534 | - Customizable access log formats | |
3535 | - Selective access logging | |
3536 | - Access logging via syslog | |
3537 | - Reverse proxy enhancements, with new cache_peer based forwarding | |
3538 | model. | |
3539 | - LDAP based Digest helper (Note: not true LDAP integration, just using | |
3540 | LDAP for storage of the Digest hashes) | |
3541 | - Improved helper communication protocol | |
3542 | - External ACL improvements. %PATH, log=, grace=, and more.. | |
3543 | - Improved SSL support with hardware offload, client certificate | |
3544 | support (primitive), chained certificates and numerous bug fixes | |
3545 | - DNS lookups now use the search path from /etc/resolv.conf or | |
3546 | the Windows registry | |
3547 | - Linux epoll support | |
3548 | - collapsed forwarding to optimize reverse proxies or other | |
3549 | setups having very many clients going to the same URL | |
3550 | - New improved COSS implementation | |
3551 | - Optional support for blank passwords | |
3552 | - The old and obsolete Samba-2.2.X winbind helpers have been removed | |
3553 | - external acls now uses the simplified URL-escaped protol "3.0" by | |
3554 | default. | |
3555 | - Linux TPROXY support | |
3556 | - Support for proxying of Microsoft Integrated Login by adding | |
3557 | support for the deviations from the HTTP protocol required | |
3558 | to support these authentication mechanisms | |
3559 | - Added the capability to run as a Windows service under Cygwin | |
3560 | - CARP now plays well with the other peering algorithms | |
3561 | - read_ahead_gap option to read ahead more than 16KB of the reply | |
3562 | - check_hostnames and allow_underscore squid.conf options | |
3563 | - http_port is now optional, allowing for SSL only operation | |
3564 | - Full ETag/Vary support, caching responses which varies with | |
3565 | request details (browser, language etc). | |
3566 | - umask now defaults to 027 to protect the content of cache and | |
3567 | log files from local users | |
3568 | - HTCP support for access control and the CRL operation for | |
3569 | purgeing of cache content | |
3570 | - Optionally follow X-Forwarded-For headers to determine the original | |
3571 | client IP behind sedond level proxies | |
3572 | - FreeBSD kqueue support | |
3573 | ||
3574 | Changes to squid-2.5.STABLE14 (20 May 2006) | |
3575 | - [Minor] icons not displayed when visible_hostname is a | |
3576 | short hostname (without domain). (Bug #1532) | |
3577 | - [Medium] Memleak in HTCP client code (default disabled) | |
3578 | (Bug #1553) | |
3579 | - [Major] memory leak in ident processing (Bug #1557) | |
3580 | - [Medium] Memory leak in header processing related to external_acl | |
3581 | header detail format tag (Bug #1564) | |
3582 | ||
3583 | Changes to squid-2.5.STABLE13 (12 Mar 2006) | |
3584 | - [Minor] Fails to compile on Solaris and some other platforms | |
3585 | with undefined reference to setenv (Bug #1435) | |
3586 | - [Cosmetic] Added WebDAV REPORT method to know HTTP methods list | |
3587 | - [Minor] Squid ntlm_auth (not the Samba provided one) giving | |
3588 | odd results if --enable-ntlm-fail-open is used (Bug #1022) | |
3589 | - [Minor] wbinfo_group.pl doesn't work with Samba 3.0.21 and later | |
3590 | (Bug #1472) | |
3591 | - [Minor] Squid crash when asyncio function counters url accessed | |
3592 | from Cachemgr CGI (Bug #1464) | |
3593 | - [Cosmetic] Linux compile warning about prctl called with too few | |
3594 | arguments (Bug #1483) | |
3595 | - [Minor] Wrong timezone declaration for 64 bit Irix (Bug #1479) | |
3596 | - [Minor] Some 206 responses logged incorrectly (Bug #1511) | |
3597 | - [Minor] Issues in processing ranges on objects >2GB (Bug #437) | |
3598 | - [Cosmetic] Segmentation fault on empty proxy_auth ACLs (Bug #1414) | |
3599 | - [Minor] Ident access lists don't work in delay_access statements | |
3600 | (Bug #1428) | |
3601 | - [Minor] Some clients support NTLM even if not initially negotiating | |
3602 | persistent connections (Bug #1447) | |
3603 | - [Medium] 504 Gateway Time-out on FTP uploads (Bug #1459) | |
3604 | - [Medium] delay pools given too much bandwidht after "-k reconfigure" | |
3605 | (Bug #1481) | |
3606 | - [Cosmetic] New persistent_connection_after_error configuration | |
3607 | directive (Bug #1482) | |
3608 | - [Cosmetic] Hangs at 100% CPU if /dev/null is not accessible (Bug | |
3609 | #1484) | |
3610 | - [Minor] Fails to compile on Fedora Core 5 test 2 x86_64 (Bug #1492) | |
3611 | - [Cosmetic] Typo in ftp.c (Bug #1507) | |
3612 | - [Cosmetic] Error in FTP listings of files with -> in their name | |
3613 | (Bug #1508) | |
3614 | - [Cosmetic] With Squid-2.5 there is no more the DUPLICATE IP logging | |
3615 | in cache.log (Bug #779) | |
3616 | - [Minor] Fails to process long host names (Bug #1434) | |
3617 | - [Cosmetic] Azerbaijani errors translation (Bug #1454) | |
3618 | - [Cosmetic] misleading error message message for bad/unresolveable | |
3619 | cache_peer name (Bug #1504) | |
3620 | - [Cosmetic] confusing statistics on stateful helpers (NTLM auth) | |
3621 | (Bug #1506) | |
3622 | - [Major] connstate memory leak (Bug #1522) | |
3623 | ||
3624 | Changes to squid-2.5.STABLE12 (22 Oct 2005) | |
3625 | ||
3626 | - [Major] Error introduced in 2.5.STABLE11 causing truncated responses | |
3627 | when using delay pools (Bug #1405) | |
3628 | - [Cosmetic] Document that tcp_outgoing_* works badly in combination | |
3629 | with server_persistent_connections (Bug #454) | |
3630 | - [Cosmetic] Add additinal tracing to squid_ldap_auth making | |
3631 | diagnostics easier on squid_ldap_auth configuration errors | |
3632 | (Bug #1395) | |
3633 | - [Minor] $HOME not set when started as root (Bug #1401) | |
3634 | - [Minor] httpd_accel_single_host breaks in combination with | |
3635 | server_persistent_connections (Bug #1402) | |
3636 | - [Cosmetic] Setting CACHE_HTTP_PORT to configure was only partially | |
3637 | implemented, effectively ignored. (Bug #1403) | |
3638 | - [Minor] CNAME based DNS addresses could get cached for longer | |
3639 | than intended (Bug #1404) | |
3640 | - [Minor] Incorrect handling of squid-internal-dynamic/netdb exchanges | |
3641 | in transparently intercepting proxies (Bug #1410). | |
3642 | - [Minor] Cache revalidations on HEAD requests causing poor cache | |
3643 | hit ratio (Bug #1411). | |
3644 | - [Minor] Not possible to send 302 redirects via a redirector in | |
3645 | response to CONNECT requests (bug #1412) | |
3646 | - [Minor] Incorrect handling of Set-Cookie on cache refreshes (Bug | |
3647 | #1419) | |
3648 | - [Major] Segmentation fault crash in rfc1738_do_escape (Bug #1426) | |
3649 | - [Minor] Delay pools class 3 fails on clients in network 255 | |
3650 | (Bug #1431) | |
3651 | ||
3652 | Changes to squid-2.5.STABLE11 (22 Sep 2005) | |
3653 | ||
3654 | - [Minor] Workaround for servers sending double content-length headers | |
3655 | (Bug #1305) | |
3656 | - [Cosmetic] Updated Spanish error messages by Nicolas Ruiz | |
3657 | - [Cosmetic] Date header corrected on internal objects (icons etc) | |
3658 | (Bug #1275) | |
3659 | - [Minor] squid -k fails in combination with chroot after patch for | |
3660 | bug 1157 (Bug #1307) | |
3661 | - [Cosmetic] Segmentation fault if compiled with | |
3662 | --enable-ipf-transparent but denied access to the NAT device. | |
3663 | (Bug #1313) | |
3664 | - [Minor] httpd_accel_signle_host incompatible with redireection | |
3665 | (Bug #1314) | |
3666 | - [Minor] squid -k reconfigure internal corruption if the type of | |
3667 | a cache_dir is changed (Bug #1308) | |
3668 | - [Minor] SNMP GETNEXT fails if the given OID is outside the Squid MIB | |
3669 | (Bug #1317) | |
3670 | - [Minor] Title in FTP listings somewhat messed up after previous | |
3671 | patch for bug 1220 (Bug #1220) | |
3672 | - [Minor] FTP listings uses "BASE HREF" much more than it needs to, | |
3673 | confusing authentication. (Bug #1204) | |
3674 | - [Minor] winfo_group.pl only looked for the first group if multiple | |
3675 | groups were defined in the same acl. (Bug #1333) | |
3676 | - [Cosmetic] Compiler warnings on some 64-bit platforms (Bug #1316) | |
3677 | - [Cosmetic] Removed some debug output from wb_ntlm_atuh (Bug #518) | |
3678 | - [Cosmetic] The new --with-build-environment=... option doesn't work | |
3679 | - [Cosmetic] New 'mail_program' configuration option in squid.conf | |
3680 | - [Minor] Fails to compile with ip-filter and ARP support on Solaris | |
3681 | x86 (Bug #199) | |
3682 | - [Major] Segmentation fault in sslConnectTimeout (Bug #1355) | |
3683 | - [Medium] assertion failed in StatHist.c:93 (Bug #1325) | |
3684 | - [Minor] More chroot_dir and squid -k reconfigure issues (Bug #1331) | |
3685 | - [Cosmetic] Invalid URLs in error messages when failing to connect | |
3686 | to peer, and a few other inconsistent error messages (Bug #1342) | |
3687 | - [Cosmetic] Fails to compile with glibc -D_FORTIFY_SOURCE=2 | |
3688 | (Bug #1344) | |
3689 | - [Minor] Some odd FTP servers respond with 250 where 226 is expected | |
3690 | (Bug #1348) | |
3691 | - [Cosmetic] Greek translation of error messages (Bug #1351) | |
3692 | - [Major] Assertion failed store_status == STORE_PENDING (Bug #1368) | |
3693 | - [Minor] squid_ldap_auth -U does not work (Bug #1370) | |
3694 | - [Minor] SNMP cacheClientTable fails on "long" IP addresses | |
3695 | (Bug #1375) | |
3696 | - [Minor] Solaris Sparc + IP-Filter compile error (Bug #1374) | |
3697 | - [Minor] E-mail sent when cache dies is blocked from many antispam | |
3698 | rules (Bug #1380) | |
3699 | - [Minor] LDAP helpers does not work with TLS (-Z option) (Bug #1389) | |
3700 | - [Cosmetic] Incorrect store dir selection debug message on objects | |
3701 | larger than 2Gigabyte (Bug #1343) | |
3702 | - [Cosmetic] header_id enum misused as an signed integer (Bug #1343) | |
3703 | - [Cosmetic] Allow leaving core dumps when started as root (Bug #1335) | |
3704 | - [Medium] Clients could bypass delay_pool settings by faking a cache | |
3705 | hit request (Bug #500) | |
3706 | - [Minor] IP-Filter 4.X support (Bug #1378) | |
3707 | - [Medium] Odd results on pipelined CONNECT requests | |
3708 | - [Major] Squid crashing with "FATAL: Incorrect scheme in auth header" | |
3709 | when using NTLM authentication. | |
3710 | - [Cosmetic] Odd results when pipeline_prefetch is combined with NTLM | |
3711 | authentication (bug #1396) | |
3712 | - [Minor] invalid host was processed as IP 255.255.255.255 in dst acl | |
3713 | (Bug #1394) | |
3714 | - [Cosmetic] New --with-maxfd=N configure option to override build | |
3715 | time filedescriptor limit test | |
3716 | - [Minor] Added support for Windows code name "Longhorn" on Cygwin. | |
3717 | ||
3718 | Changes to squid-2.5.STABLE10 (17 May 2005) | |
3719 | ||
3720 | - [Minor Security] Fix race condition in relation to old Netscape | |
3721 | Set-Cookie specifications | |
3722 | - [Minor] Fails to parse D.J. Bernstein's FTP EPLF ftp listing | |
3723 | format and PASV resposes (Bug #1252) | |
3724 | - [Medium] BASE HREF missing on ftp directory URLs without / | |
3725 | (Bug #1253) | |
3726 | - [Minor security] confusing http_access results on configuration | |
3727 | error (Bug #1255) | |
3728 | - [Cosmetic] More robust Date parser (Bug #321) | |
3729 | - [Minor] reload_with_ims fails to refresh negatively cached objects | |
3730 | (Bug #1159) | |
3731 | - [Cosmetic] delay_access description clarification (Bug #1245) | |
3732 | - [Cosmetic] Check for integer overflow in size specifications in | |
3733 | squid.conf (Bug #1247) | |
3734 | - [Cosmetic] bzero is a non-standard function not available on all | |
3735 | platforms (Bug #1256) | |
3736 | - [Cosmetic] Compiler warnings if pid_t is not an int (Bug #1257) | |
3737 | - [Cosmetic] Incorrect use of ctype functions (Bug #1259) | |
3738 | - [Cosmetic] Defer digest fetch if the peer is not allowed to be used | |
3739 | (Bug #1261) | |
3740 | - [Minor] Duplicate content-length headers logged incorrectly or | |
3741 | not cleaned up properly (Bug #1262) | |
3742 | - [Cosmetic] Extend relaxed_header_parser to work around "excess | |
3743 | data from" errors from many major web servers. (Bug #1265) | |
3744 | - [Minor] Add HTTP headers to a netdb error messages | |
3745 | - [Minor] Multiple minor aufs issues (Bug #671) | |
3746 | - [Minor] Basic authentication fails with very long logins or | |
3747 | password (Bug #1171) | |
3748 | - [Minor] CONNECT requests truncated if client side disconnects first | |
3749 | (Bug #1269) | |
3750 | - [Minor] --disable-hostname-checks configure option did not work | |
3751 | - [Cosmetic] LDAP helpers adjusted to compile with SUN LDAP SDK | |
3752 | - [Cosmetic] aufs warning about open event filedescriptors on shutdown | |
3753 | - [Medium] Failed to process requests for files larger than 2GB in size | |
3754 | - [Cosmetic] rename() related cleanup | |
3755 | - [Cosmetic] New cachemgr pending_objects and client_objects actions | |
3756 | - [Cosmetic] external acls requiring authentication did not request | |
3757 | new credentials on access denials like proxy_auth does. | |
3758 | - [Cosmetic] Syslog facility now configurable via command line options. | |
3759 | - [Cosmetic] New %a error page template code expanding into the | |
3760 | authenticated user name. (Bug #798) | |
3761 | - [Minor] IP-Filter 4.0 support in --enable-ipf-transparent | |
3762 | - [Minor] Support interception of multiple ports | |
3763 | - [Cosmetic] Allow "squid -k ..." to run even if the local hostname | |
3764 | can not be determined (Bug #1196) | |
3765 | - [Cosmetic] Configuration file parser now handles DOS/Windows formatted | |
3766 | configuration files with CRLF lineendings proper. | |
3767 | - [Minor] Unrecognized Cache-Control directives now forwarded properly | |
3768 | (Bug #414) | |
3769 | - [Minor] Authentication helpers now returns useable information | |
3770 | in the %m error page macro on failed authentication (Bug #1223) | |
3771 | - [Minor] pid file management corrected in chroot use (Bug #1157) | |
3772 | - [Minor Security] Fix for CVE-1999-0710: cachemgr malicouse use. | |
3773 | cachemgr.cgi now reads a config file telling which proxy servers | |
3774 | it can administer. | |
3775 | - [Minor] aufs statistics improvements | |
3776 | - [Minor] SNMP bugfixes and support for SNMPv2(c) (Bug #1288, #1299) | |
3777 | - [Minor] ARP acl documentation and cachemgr config dump corrections | |
3778 | - [Minor] dstdomain/dstdom_regex acls now allow matching of numeric | |
3779 | hostnames in addition to the reverse lookup of the domain name. | |
3780 | - [Security] Internal DNS client hardened against spoofing | |
3781 | ||
3782 | Changes to squid-2.5.STABLE9 (24 Feb 2005) | |
3783 | ||
3784 | - [Medium] Don't retry requests on 403 errors (Bug #1210) | |
3785 | - [Minor] Ignore invalid FQDN DNS responses (Bug #1222) | |
3786 | - [Minor] cache_peer related memory leaks on reconfigure (Bug #1246) | |
3787 | - [Cosmetic] Adjusted to build cleanly with GCC-4 (Bug #1211) | |
3788 | - [Minor] relaxed_header_parser extended to work around even more | |
3789 | broken web servers (Bug #1242) | |
3790 | - [Minor] FTP gatewaying URLs cleaned up slightly, mainly to work | |
3791 | better with Mozilla but also to improve security slightly on | |
3792 | non-anonymous FTP. | |
3793 | - [Minor] High characters allowed un-encoded in FTP and Gopher | |
3794 | listings to allow the user-agent to display data in non-iso8859-1 | |
3795 | charsets. (Bug #1220) | |
3796 | - [Cosmetic] format fixes to silence compiler warnings on many | |
3797 | platforms. | |
3798 | - [Major] Assertion failures on certain odd DNS responses (Bug #1234) | |
3799 | ||
3800 | Changes to squid-2.5.STABLE8 (11 Feb 2005) | |
3801 | ||
3802 | - [Minor] 100% CPU usage on half-closed PUT/POST requests (Bug #354, | |
3803 | #1096) | |
3804 | - [Cosmetic] Document -v (protocol version) option to LDAP helpers | |
3805 | - [Minor] The new req_header and resp_header acls segfaults | |
3806 | immediately on parse of squid.conf (Bug #961) | |
3807 | - [Minor] Failure to shut down busy helpers on -k rotate/reconfigure | |
3808 | (Bug #1118) | |
3809 | - [Minor] Don't use O_NONBLOCK on disk files. (Bug #1102) | |
3810 | - [Minor] Squid fails to close TCP connection after blank HTTP | |
3811 | response (Bug #1116) | |
3812 | - [Minor security] Random error messages in response to malformed | |
3813 | host name (Bug #1143) | |
3814 | - [Minor] PURGE should not be able to delete internal objects | |
3815 | (Bug #1112) | |
3816 | - [Minor] httpd_accel_port 0 (virtual) not working correctly (Bug | |
3817 | #1121) | |
3818 | - [Minor] cachemgr vm_objects segfault (Bug #1149) | |
3819 | - [Minor security] Confusing results on empty acl declarations (Bug | |
3820 | #1166) | |
3821 | - [Minor] Don't close all "other" filedescriptors on startup (Bug | |
3822 | #1177) | |
3823 | - [Minor] fakeauth_auth memory leak and NULL pointer access (Bug | |
3824 | #1183) | |
3825 | - [Security] buffer overflow bug in gopherToHTML() (Bug #1189) | |
3826 | - [Medium security] Denial of service with forged WCCP messages | |
3827 | (Bug #1190) | |
3828 | - [Minor] DNS related memory leak on certain malformed DNS responses | |
3829 | (Bug #1197) | |
3830 | - [Minor] Internal DNS sometimes truncates host names in reverse | |
3831 | (PTR) lookups (Bug #1136) | |
3832 | - [Minor Security] Add sanity checks on LDAP user names (Bug #1187) | |
3833 | - [Security] Harden Squid against HTTP request smuggling attacks | |
3834 | - [Minor] Icon URLs fails in non-anonymous FTP directory listings is | |
3835 | short_icon_urls is on (Bug #1203) | |
3836 | - [Security] Harden Squid against HTTP response splitting attacks | |
3837 | (Bug #1200) | |
3838 | - [Medium security] Buffer overflow in WCCP recvfrom() call | |
3839 | (Bug #1217) | |
3840 | - [Security] Properly handle oversized reply headers (Bug #1216) | |
3841 | - [Minor] LDAP helpers search fixed to properly ask for no attributes | |
3842 | - [Minor] A sporadic segmentation fault when using ntlm authentication | |
3843 | fixed (Bug #1127) | |
3844 | - [Major] Segmentation fault on failed PUT/POST requests (Bug #1224) | |
3845 | - [Medium] Persistent connection mismatch on failed PUT/POST request | |
3846 | (Bug #1122) | |
3847 | - [Minor] WCCP easily disturbed by forged packets (Bug #1225) | |
3848 | - [Minor] Password management in ftp:// gatewaying improved (Bug #1226) | |
3849 | - [Major] HTTP reply data corruption in certain situations involving | |
3850 | reply headers split over multiple packets (Bug #1233) | |
3851 | ||
3852 | Changes to squid-2.5.STABLE7 (11 Oct 2004) | |
3853 | ||
3854 | - [Medium] No objects cached in ufs cache_dir type in some | |
3855 | configurations. Issue introduced in 2.5.STABLE6 by the patch for | |
3856 | Bug #676. (Bug #1011) | |
3857 | - [Minor] LDAP helpers update to correct LDAP connection management | |
3858 | and add support for literal password compare instead of binding | |
3859 | - [Minor] A large number of queued DNS lookups for the same domain | |
3860 | (Bug #852) | |
3861 | - [Cosmetic] request_header_max_size configuration partly ignored | |
3862 | (Bug #899) | |
3863 | - [Minor] Partial hit results in TCP_HIT, not TCP_MISS. (Bug #1001) | |
3864 | - [Cosmetic] HEAD requests may return stale information | |
3865 | (Bug #1012) | |
3866 | - [Cosmetic] Warn if cache_dir ufs can not create files. (Bug #918) | |
3867 | - [Minor] case insensitive authentication (Bug #431) | |
3868 | - [Cosmetic] Add delay pools information to active_requests. (Bug | |
3869 | #882) | |
3870 | - [Minor] Apparent memory leak in client_db (Bug #833) | |
3871 | - [Minor] NTLM authentication truncated causing failures. (Bug | |
3872 | #1016) | |
3873 | - [Cosmetic] Grammatical corrections in squid.conf.default | |
3874 | - [Cosmetic] Unknown %X errorpage codes incorrectly quoted. (Bug | |
3875 | #1030) | |
3876 | - [Medium] Segfaults and other strange crashes when using heap | |
3877 | policies. (Bug #1009) | |
3878 | - [Minor] Supplementary group memberships not set (Bug #1021) | |
3879 | - [Cosmetic] ERR_TOO_BIG Portuguese translation | |
3880 | - [Minor] external_acl does not handle newlines (Bug #1038) | |
3881 | - [Major] NTLM authentication denial of service when using msnt_auth | |
3882 | or fake_auth (Bug #1045) | |
3883 | - [Medium] Memory leaks when using NTLM authentication without | |
3884 | challenge reuse. (Bug #994) | |
3885 | - [Minor] Temporary NTLM memory leak with challenge reuse enabled | |
3886 | (Bug #910) | |
3887 | - [Minor] assertion failed: "n_ufs_dirs <= | |
3888 | Config.cacheSwap.n_configured". (Bug #1053) | |
3889 | - [Minor] Segfault in authenticateDigestHandleReply. (Bug #1031) | |
3890 | - [Minor] acl time fails to parse multiple time specifications | |
3891 | (Bug #1060) | |
3892 | - [Minor] cachemgr config dumps mixed up Range and Request-Range | |
3893 | headers in http_header_access & replace directives. (Bug #1056) | |
3894 | - [Minor] Content-Disposition added as a well known header (Bug #961) | |
3895 | - [Cosmetic] Don't warn about arp acls not being supported on FreeBSD | |
3896 | (Bug #1074) | |
3897 | - [Cosmetic] Limit internal send/receive buffer sizes (Bug #1075) | |
3898 | - [Medium] New acl types to match arbitrary HTTP headers. In addition | |
3899 | the http_header_access & replace directives now support arbitrary | |
3900 | headers and not only the well known ones. (Bug #961) | |
3901 | - [Cosmetic] ncsa_auth now accepts Window formatted password files | |
3902 | (Bug #1078) | |
3903 | - [Cosmetic] Support the --program-prefix/suffix options or other | |
3904 | configure program name transforms (Bug #1019) | |
3905 | - [Minor] Fix race condition in CONNECT and also handle aborts of | |
3906 | CONNECT requests in a more graceful manner. (Bug #859) | |
3907 | - [Minor] New balance_on_multiple_ip directive to work around certain | |
3908 | broken load balancers and optimized ipcache on reload requests | |
3909 | (Bug #1058) | |
3910 | - [Medium] New reply_header_max_size directive | |
3911 | (Bug #874) | |
3912 | - [Minor] Suspected instability on aborted PUT/POST requests | |
3913 | (Bug #1089) | |
3914 | - [Security] SNMP Denial of Service fix (CAN-2004-0918) | |
3915 | ||
3916 | Changes to squid-2.5.STABLE6 (9 Jul 2004) | |
3917 | ||
3918 | - Bug #937: NTLM assertion error "srv->flags.reserved" | |
3919 | - Bug #935: squid_ldap_auth can be confused by the use of reserved | |
3920 | characters | |
3921 | - Helper queue warnings imprecise on the number of helpers required | |
3922 | - squid_ldap_auth TLS mode works correctly again | |
3923 | - Bug #940, #305: pkg-config support for finding correct OpenSSL | |
3924 | compile flags | |
3925 | - Bug #426: "Vary: *" is ignored | |
3926 | - 100% CPU usage on Linux-2.2 | |
3927 | - Version number should not include -CVS if autoconf is run | |
3928 | - Bug #947: deny_info redirection with requested URL escaped wrongly | |
3929 | - Bug #495: CONNECT timeout should produce a 504 or 503 | |
3930 | - Bug #956: cache_swap_log documentation referred to swap.state by | |
3931 | it's old swap.log name | |
3932 | - ntlm/auth_ntlm.c(683): warning #187: use of "=" where "==" may | |
3933 | have been intended | |
3934 | - Bug #962: rfc1035NameUnpack: Assertion (*off) < sz failed | |
3935 | - Bug #954: Segment violation when using a blank user name in digest | |
3936 | authentication | |
3937 | - Bug #943: assertion failed: errorpage.c:292: "mem->inmem_hi == 0" | |
3938 | - Spelling corrections in configure and squid.conf.default | |
3939 | - The meaning of ERR in digest helper protocol clarified in the | |
3940 | squid.conf documentation | |
3941 | - Bug #950: Spelling error in Turkish ERR_DNS_FAIL | |
3942 | - Bug #616: Negative cached 404 replies with VARY header never matched | |
3943 | - Bug #968: range_offset_limit -1 KB rejected as invalid syntax | |
3944 | due to a shortcoming in the fix to bug #817 | |
3945 | - Bug #570: Very large cache_mem values reported wrongly in cache.log | |
3946 | - Bug #676: store_dir_select_algorithm least-load doesn't work for | |
3947 | ufs cache_dir type | |
3948 | - Bug #946: cacheCurrentUnlinkRequests should be a counter, not gauge | |
3949 | - Bug #948: Show client ip in cache.log debug output | |
3950 | - Bug #960: compilation issue on OpenBSD/m88k | |
3951 | - Bug #969: FTP directory listing HTML DOCTYPE misread by some tools | |
3952 | - Bug #991: dns_servers should default to localhost if no resolv.conf | |
3953 | - Bug #717: msnt_auth documentation update | |
3954 | - Bug #753: Segfault in memBufVPrintf on certain architectures | |
3955 | requiring va_copy | |
3956 | - Bug #941: Negative size in access.log on long running CONNECT | |
3957 | requests | |
3958 | - Bug #972: Segmentation fault after "Likely proxy abuse detected" | |
3959 | - Bug #981: sasl_auth updated to work with SALS2 | |
3960 | - Overflow bug in Squid's ntlm_auth helper used for transparent NTLM | |
3961 | authentication to a NT domain without using Samba. | |
3962 | ||
3963 | Changes to squid-2.5.STABLE5 (1 Mar 2004): | |
3964 | ||
3965 | - cache.log message on "squid -k reconfigure" was slightly confusing, | |
3966 | claiming Squid restarted when it just reread the configuration. | |
3967 | - Bug #787: digest auth never detects password changes | |
3968 | - Bug #789: login with space confuses redirector helpers | |
3969 | - Bug #791: FQDNcache discards negative responses when using | |
3970 | internal DNS | |
3971 | - pam_auth fails on Solaris when using pam_authtok_get. Persistent | |
3972 | PAM connections are unsafe and now disabled by default. | |
3973 | - auth_param documentation clarifications and added default realm | |
3974 | values making only the helper program a required attribute | |
3975 | - Bug #795: German ERR_DNS_FAIL correction | |
3976 | - Bug #803: Lithuanian error messages update | |
3977 | - Bug #806: Segfault if failing to load error page | |
3978 | - Bug #812: Mozilla/Netscape plugins mime type defined (.xpi) | |
3979 | - Bug #817: maximum_object_size too large causes squid not to cache | |
3980 | - Bug #824: 100% CPU loop if external_acl combined with separate | |
3981 | authentication acl in the same http_access line | |
3982 | - squid_ldap_group updated to version 2.12 with support for ldaps:// | |
3983 | (LDAPv2 over SSL) and a numer of other improvements. | |
3984 | - Bug #799: positive_dns_ttl ignored when using internal DNS. | |
3985 | - Bug #690: Incorrect html on empty Gopher responses | |
3986 | - Bug #729: --enable-arp-acl may give warning about net/route.h | |
3987 | - Bug #14: attempts to establish connection may look like syn flood | |
3988 | attack if the contacted server is refusing connections | |
3989 | - errorpage README files included in the distribution again showing | |
3990 | who contributed which translation | |
3991 | - Bug #848: connect_timeout connect_timeout ends up twice the length. | |
3992 | forward_timeout option added to address this. | |
3993 | - Bug #849: DNS log error messages should report the failed query | |
3994 | - Bug #851: DNS retransmits too often | |
3995 | - Bug #862: Very frequently repeated POST requests may cause a | |
3996 | filedescriptor shortage due to persitent connections building up | |
3997 | - Bug #853: Sporatic segmentation faults on aborted FTP PUT requests | |
3998 | - Bug #571: Need to limit use of persistent connections when | |
3999 | filedescriptor usage is high | |
4000 | - Bug #856: FTP/Gopher Icon URLs are unneededly complex and often | |
4001 | does not work properly | |
4002 | - Bug #860: redirector_access does not handle "slow" acls such as | |
4003 | "dst" or "external" requiring a external lookup. | |
4004 | - Bug #865: Persistent connection usage too high after sudden burst | |
4005 | of traffic. | |
4006 | - Bug #867: cache_peer max-conn=.. option does not work | |
4007 | - Bug #868: refuses to start if pid_filename none is specified | |
4008 | - Bug #887: LDAP helper -Z (TLS) option does not work | |
4009 | - Bug #877: Squid doesn't follow telnet protocol on FTP control | |
4010 | connections | |
4011 | - Bug #908: Random auth popups and account lockouts when using ntlm | |
4012 | - Support for NTLM_NEGOTIATE exchanges with ntlm helpers | |
4013 | - Bug #585: cache_peer_access fails with NTLM authentication | |
4014 | - Bug #592: always/never_direct fails with NTLM authentication | |
4015 | - wbinfo_group update for Samba-3 | |
4016 | - Bug #892: helpers/ntlm_auth/SMB/ fails to compile on FreeBSD 5.0 | |
4017 | - Bug #924: miss_access restricts internal and cachemgr requests | |
4018 | even if these are local | |
4019 | - Bug #925: auth headers send by squidclient are mildly malformed | |
4020 | - Bug #922: miss_access and delay_access and several other | |
4021 | authentication related bug fixes. | |
4022 | - Bug #909: Added ARP acl support for FreeBSD | |
4023 | - Bug #926: deny_info with http_reply_access or miss_access | |
4024 | - Bug #872: reply_body_max_size problems when using NTLM auth | |
4025 | - Bug #825: random segmentation faults when using digest auth | |
4026 | - Bug #910: Partial fix for temporary memory leaks when using NTLM | |
4027 | auth. There is still problems if challenge reuse is enabled. | |
4028 | - ftp://anonymous@host/ now accepted without requiring a password | |
4029 | - Bug #594: several mime type updates (ftp:// related) | |
4030 | - url_regex enhanced to allow matching of %00 | |
4031 | ||
4032 | Changes to squid-2.5.STABLE4 (15 Sep 2003): | |
4033 | ||
4034 | - Lithuanian error messages added to the distribution | |
4035 | - Bug #660: segfauld if more than one custom deny_info line | |
4036 | - cache_dir disd documentation cleanup | |
4037 | - check open of /dev/null to avoid 100% CPU loop in badly | |
4038 | configured chroot environments | |
4039 | - documentation update on uri_whitespace to refer to the correct RFC | |
4040 | - Bug #655: icmpRecv: recv: (11) Resource temporarily unavailable | |
4041 | - Bug #683: external_acl does not wait for ident lookups to complete | |
4042 | - aufs: Fix a minor use-after-free problem which could cause the | |
4043 | count of opening filedescriptors to grow larger than it should | |
4044 | - Syntax changes to make GCC-3.3 accept Squid without complaints | |
4045 | - Warning if CARP server defined in incorrect load factor order | |
4046 | - neighbor_type_domain documentation update | |
4047 | - http_header_access now works when using cache peers | |
4048 | - high_memory_warning now uses sbrk as fallback mechanism on | |
4049 | platforms where neither mallinfo or mstats are available. | |
4050 | - hosts_file now handles comments at the end of lines correcly | |
4051 | - storeCheckCachable() Stats corrected for release_request and | |
4052 | wrong_content_length. | |
4053 | - cachePeerPingsSent MIB type corrected | |
4054 | - unused minimum_retry_timeout directive removed | |
4055 | - Bug #702: ERR_TO_BIG spanish translation | |
4056 | - Bug #705: Memory leak on deny_info TCP_RESET | |
4057 | - Code cleanup to fix compile error in httpHeaderDelById | |
4058 | - Bug #699: Host header now forwarded exactly where it was in the | |
4059 | original request to work around certain broken firewalls or | |
4060 | load balancers which fail if this header is too far into the | |
4061 | request headers. | |
4062 | - Bug #704: Memory leak on reply_body_max_size | |
4063 | - Bug #686: requests denied due to http_reply_access are now | |
4064 | logged with TCP_DENIED (instead of TCP_MISS, etc). | |
4065 | - Bug #708: ie_refresh now sends no-cache to have the reload | |
4066 | request propagate properly in cache meshes | |
4067 | - Bug #700: Crashes related to ftpTimeout: timeout in SENT_PASV state | |
4068 | - Bug #709: cbdata.c:186: "c->valid" assertion due to peer | |
4069 | digest not found | |
4070 | - Bug #710: round-robin cache_dir selection incorrectly | |
4071 | compares max-size. | |
4072 | - Statistics corrections in HTTP header statitics | |
4073 | - QUICKSTART cleanups | |
4074 | - Bug #715: statCounter.syscalls.disk counters treated | |
4075 | inconsistently. Now increment the counters in AUFS | |
4076 | functions and for unlinkd. | |
4077 | - Improvements to the (experimental) COSS storage scheme. | |
4078 | - Bug #721: User name field in access.log sometimes blank | |
4079 | - Bug #94: assertion failed: http.c: "-1 == cfd || | |
4080 | FD_SOCKET == fd_table[cfd].type" | |
4081 | - Bug #716: assertion failed: client_side.c:1478: "size > 0" | |
4082 | - Bug #732: aufs calculates number of threads and limits wrongly | |
4083 | - Bug #663: Username not logged into access.log in case of /407 | |
4084 | - Bug #267: Form POSTing troubles with NTLM authentication | |
4085 | and occationally in differen other error conditions. | |
4086 | - Bug #736: ICP dynamic timeout algorithm ignores multicast. | |
4087 | - Bug #733: No explicit error message when ncsa_auth can't access | |
4088 | passwd file | |
4089 | - Bug #267, #757: POST with NTLM stops after persistent connection | |
4090 | timeout | |
4091 | - Bug #742: Wrong status code on access denials if delay_access | |
4092 | is used. Most notably 407 instead of 403 could be returned. | |
4093 | - Bug #763: segfault if using ntlm in http_reply_access | |
4094 | - Bug #638: assertion error if using proxy_auth in delay_access | |
4095 | - Bug #756: segmentation fault if using ntlm proxy_auth in delay_access | |
4096 | - The issue of reply_body_max_size limiting the size of error | |
4097 | messages no longer applies. | |
4098 | - external_acl_type concurrency= option renamed to children= to | |
4099 | prepare for Squid-3 upgrades. Old syntax still accepted for the | |
4100 | duration of the Squid-2.5 release. | |
4101 | - number of filedescriptors rounded down to an even multiple of 64 | |
4102 | to work around issues in certain libc implementations. | |
4103 | - winbind helpers less noisy in cache.log on restarts/shutdown. | |
4104 | - Squid now automatically restarts helpers if too many of them | |
4105 | have crashed. | |
4106 | ||
4107 | Changes to squid-2.5.STABLE3 (25 May 2003): | |
4108 | ||
4109 | - Bug #573: Occational false negatives in external acl lookups | |
4110 | - Bug #577: assertion failed: cbdata.c:224: "c->y == c" when | |
4111 | external_acl helpers crashes | |
4112 | - Bug #590: Squid may hang or behave oddly on shutdown while | |
4113 | requests is being processed. | |
4114 | - Bug #590: external acl lookups does not deal well with queue | |
4115 | overload | |
4116 | - cache_effective_user documentation update | |
4117 | - cache_peer documentation update for htcp and carp | |
4118 | - Bug #600: The example header_access paranoid setting is | |
4119 | missing WWW-Authenticate | |
4120 | - Bug #605: Segmentation fault in idnsGrokReply() on certain | |
4121 | platforms | |
4122 | - Fixes to build properly on AIX 5 | |
4123 | - Bug #574: wb_group updated to version 1.1 to make group names | |
4124 | case insensitive and correct a segfault issue in the helper | |
4125 | - SNMP mib updates to make cacheNumObjCount, | |
4126 | cacheCurrentUnlinkRequests, cacheCurrentSwapSize and cacheClients | |
4127 | correctly report as gauges (was reporting as counters). | |
4128 | - Woraround for --enable-ssl Kerberos issue on RedHat 9 | |
4129 | - Bug #579: Close and repopen log files on "squid -k reconfigure" | |
4130 | - Bug #598: squid_ldap_auth could segfault if LDAP server is | |
4131 | unavailable | |
4132 | - Bug #609,#612: msntauth helper fixes in dealing with large | |
4133 | or non-existing allow/deny user files. | |
4134 | - Bug #620: acl ident REQUIRED matches even if the ident lookup fails | |
4135 | - Bug #432: reply_body_max_size fails with ident or proxy_auth acls | |
4136 | and also fails to block large objects where the content-length | |
4137 | is not known | |
4138 | - Bug #606: Basic auth looping and gets stuck at high CPU usage when | |
4139 | multiple proxy_auth ACLs combined in one line and login fails. | |
4140 | - squid_ldap_auth updated with support for TLS and SSL | |
4141 | - Bug #623: segfault if using negated external acls in certain | |
4142 | configurations involving other acls later on the same http_access | |
4143 | line. | |
4144 | - Bug #622: wb_group helper update to version 1.2 to ass support for | |
4145 | Domain-Qualified groups refering to groups in a specific domain | |
4146 | - Bug #596: logic error in poll() error management | |
4147 | - Bug #597: logic errors in error management | |
4148 | - Bug #591: segmentation fault in authentication on "squid -k debug" | |
4149 | - Bug #587: smb_auth fails on complex logins involving domain names | |
4150 | or other odd characters | |
4151 | - Bug #558, #587: smb_auth.pl fails on complex logins involving | |
4152 | domain names or other odd characters | |
4153 | - Bug #643: external_acl fails with ttl=0 due to a change introduced | |
4154 | by the patch for Bug #553 in 2.5.STABLE2. | |
4155 | - Bug #630: minor issues in digest authantication causing random | |
4156 | authentication failures and incompability with many mainstream | |
4157 | browser digest implementations due to browser qop bugs. To deal | |
4158 | with those broken browser nonce_stricness now defaults to off, | |
4159 | and two new digest options have been added (check_nonce_count | |
4160 | and post_workaround) to allow workarounds to other quite bad | |
4161 | browser bugs if needed. | |
4162 | - Bug #644: digest authentication fails on requests with one | |
4163 | or more comma in the requested URL | |
4164 | - Bug #648: deny_info TCP_RESET not working. The fix for this also | |
4165 | adds the ability to send redirects. | |
4166 | ||
4167 | Changes to squid-2.5.STABLE2 (Mars 17, 2003): | |
4168 | ||
4169 | - Contrib files added back to the distribution | |
4170 | - Several compiler warnings fixed when using --disable-ident or | |
4171 | --disable-http-violations | |
4172 | - authentication can now be used in most access controls, but | |
4173 | must in most cases first be enforced in http_access to force | |
4174 | the user to authenticate. | |
4175 | - cleanups in the developer bootstrap.sh process when preparing | |
4176 | the sources. | |
4177 | - several squid.conf.default documentation updated to correctly | |
4178 | refer to the current names when refering to other directives | |
4179 | - authenticate_ip_ttl documentation updates | |
4180 | - several assertion faults and segmentation violations corrected | |
4181 | - the RunCache/RunAccel and squid.rc scripts updated to refer to | |
4182 | the squid binary in sbin rather than the old bin location. | |
4183 | - squid_ldap_auth command line processing fixes when specifying | |
4184 | the LDAP server last on the line instead of -h option | |
4185 | - aufs data corruption bugfix | |
4186 | - aufs performance improvement for low traffic systems | |
4187 | - aufs stability improvements | |
4188 | - external_acl corrected to properly deal with quoted strings | |
4189 | - WCCPv1 bugfix to make sure the router accepts the hash assignments | |
4190 | - "Total accounted memory" now correctly reported in cachemgr | |
4191 | - several small memory leaks (mostly reconfigure related) | |
4192 | - new squid.conf option to allow GET/HEAD requests with a request | |
4193 | entity | |
4194 | - "make uninstall" no longer removes squid.conf | |
4195 | - cachemgr.cgi now uses POST to avoid having the cachemgr password | |
4196 | logged in the web server logs | |
4197 | - authentication schemes which are known to not be proxyable are now | |
4198 | filtered out from forwarded server replies to avoid that the clients | |
4199 | tries to use such schemes when we know for a fact it won't work | |
4200 | - spelling corrections in various error messages | |
4201 | - now possible to define acl values with spaces in them | |
4202 | by using the "include file" feature | |
4203 | - squid_ldap_group updated to 2.10 to fix compilation issues with | |
4204 | recent (and older) OpenLDAP libraries and to make the helper deal | |
4205 | correctly with true LDAP groups by first looking up the user DN. | |
4206 | - Some internal code cleanups | |
4207 | - now verifies that programs etc exists iside the chroot directory | |
4208 | when using chroot_dir. No longer neccesary to set up a split view | |
4209 | environment where the same paths works both inside the chroot and | |
4210 | outside just to convince Squid that the files is actually there.. | |
4211 | - improved memory usage reporting | |
4212 | - --disable-hostname-checks configure option | |
4213 | - no longer ignores double dots in host names. Any hostname with | |
4214 | double dots is now rejected as invalid. | |
4215 | - log_mime_hdrs no longer logs garbage if very long headers | |
4216 | are seen. | |
4217 | - 'select_fds_hist' object added to cachemgr 'histogram' output | |
4218 | - pid file now unlinked when squid has really shut down, not | |
4219 | immediately when the shutdown request is received. This allows | |
4220 | the pid file to be monitored to determine when Squid has shut down | |
4221 | properly | |
4222 | - correct authentication scheme setups on some platforms or compilers | |
4223 | - several squid.conf.default documentation updates to remove references | |
4224 | to renamed or replaced directives by changing them to their current | |
4225 | names. | |
4226 | - the SSL reverse proxy support updated to allow building with | |
4227 | OpenSSL 0.9.7 and and later. | |
4228 | - Corrected a minor performance problem while processing HEAD replies | |
4229 | from various broken web servers not sending a correct HTTP reply | |
4230 | - time acls can now specify multiple times in the same acl name, like | |
4231 | most other acl types. | |
4232 | - winbind helpers updated to match Samba-2.2.7a and should | |
4233 | work with Samba-2.2.6 or later (required). For compability with | |
4234 | older Samba versions A new configure option --with-samba-sources=... | |
4235 | has been added to allow you to specify which Samba version the | |
4236 | helpers should be built for if different than the above versions. | |
4237 | - Squid MIB definition syntax correction to work better with newer | |
4238 | (and older) SNMP tools. | |
4239 | - Fixed access.log format when logging "error:invalid-HTTP-ident" on | |
4240 | requests where parsing the HTTP identifier (HTTP/1.0) failed. | |
4241 | - "make distclean" no longer removes the icons, this avoids the | |
4242 | dependency on "uudecode" to rebuild Squid after "make distclean" | |
4243 | - User name returned by external acl lookups (external_acl_type) | |
4244 | is now available as "ident" in later acl checks in addition to | |
4245 | the logging in access.log. | |
4246 | - Incorrect behaviour of Digest authentication partly corrected - it | |
4247 | will not handle sessions, but will always enforce password | |
4248 | correctness.. (patch submitted by Sean Burford). | |
4249 | - Issue with persistent connections and PUT/POST request corrected | |
4250 | ||
4251 | Changes to squid-2.5.STABLE1 (September 25, 2002): | |
ddf1c0c4 | 4252 | |
94439e4e | 4253 | - Major rewrite of proxy authentication to support other schemes |
4254 | than basic. First in the line is NTLM support but others can | |
a2794549 | 4255 | easily be added (minimal digest is present). See Programmers Guide. |
6437ac71 | 4256 | (Robert Collins & Francesco Chemolli) |
94439e4e | 4257 | - Reworked how request bodies are passed down to the protocols. |
4258 | Now all client side processing is inside client_side.c, and | |
4259 | the pass and pump modules is no longer used. | |
3ff01c3e | 4260 | used by Squid. |
722a4b40 | 4261 | - Optimized searching in proxy_auth and ident ACL types. Squid should |
4262 | now handle large access lists a lot more efficiently. | |
05fbbc17 | 4263 | (Francesco Chemolli) |
e396d395 | 4264 | - Fixed forwarding/peer loop detection code (Brian Degenhardt) - |
4265 | now a peer is ignored if it turns out to be us, rather than | |
4266 | committing suicide | |
1224d740 | 4267 | - Changed the internal URL code to obey appendDomain for internal |
4268 | objects if it needs appending. This fixes weirdnesses where | |
4269 | a machine can think it is "foo.bar.com", and "foo" is requested. | |
4270 | (Brian Degenhardt) | |
a2794549 | 4271 | - Added the use of Automake to create the Makefile.in's in the squid |
4272 | source tree. This will allow libtool in the future, and immediately | |
4273 | allows better dependency tracking - with or without gcc - as well | |
4274 | as the dist-all and distcheck targets for developers which respectively | |
4275 | build a tar.gz and a tar.bz2 distribution, and check that what will be | |
4276 | distributed builds. | |
d6827718 | 4277 | - Added TOS and source address selection based on ACLs, |
4278 | written by Roger Venning. This allows administrators to set | |
4279 | the TOS precedence bits and/or the source IP from a set of | |
4280 | available IPs based upon some ACLs, generally to map different | |
4281 | users to different outgoing links and traffic profiles. | |
50821507 | 4282 | - Added 'max-conn' option to 'cache_peer' |
4283 | - Added SSL gatewaying support, allowing Squid to act as a SSL server | |
4284 | in accelerator setups. | |
4e2c57a0 | 4285 | - SASL authentication helper by Ian Castle |
6474667e | 4286 | - msntauth updated to v2.0.3 |
3e4057db | 4287 | - no_cache now applies to cache hits as well as cache misses |
810118ab | 4288 | - the Gopher client in Squid has been significantly improved |
05463204 | 4289 | - Squid now sanity checks FTP data connections to ensure the |
6474667e | 4290 | connection is from the requested server. Can be disabled if |
05463204 | 4291 | needed by turning off the ftp_sanitycheck option. |
98858605 | 4292 | - external acl support. A mechanism where flexible ACL checks |
4293 | can be driven by external helpers. See the external_acl_type | |
4294 | and acl external directives. | |
3e4057db | 4295 | - Countless other small things and fixes |
2d8d56b0 | 4296 | - HTML pages generated by Squid or CacheMgr as well as the |
4297 | ERR documents now contain a doctype declaration so that | |
22567bb5 | 4298 | browsers know which HTML specification the document uses. |
2d8d56b0 | 4299 | In addition to that they have a new look (background-color, font) |
4300 | and are valid according to the HTML standards at www.w3.org. | |
3ff01c3e | 4301 | (Clemens L ser) |
9bbd1655 | 4302 | - Login and password send to Basic auth helpers is now URL escaped |
4303 | to allow for spaces and other "odd" characters in logins and | |
4304 | passwords | |
c90fbf46 | 4305 | - Proxy Authentication is no longer blindly forwarded to peer |
4306 | caches if not used locally. If forwarding of proxy authentication | |
4307 | is desired then it must now be configured with the login=PASS | |
4308 | cache_peer option. | |
6474667e | 4309 | - Responses with Vary: in the header are now cached by squid. |
1239cfea | 4310 | (Henrik Nordstrom). |
3ff01c3e | 4311 | - Removed unused 'siteselect_timeout' directive. |
c5bc64d3 | 4312 | |
dde94193 | 4313 | Changes to Squid-2.4.STABLE7 (July 2, 2002): |
4314 | ||
4315 | - Squid now drops any requests using transfer-encoding. | |
4316 | Squid is a HTTP/1.0 proxy and as such do not support | |
4317 | the use of transfer-encoding. | |
4318 | - The MSNT auth helper has been updated to v2.0.3+fixes for | |
4319 | buffer overflow security issues found in this helper. | |
4320 | - A security issue in how Squid forwards proxy authentication | |
4321 | credentials has been fixed | |
4322 | - Minor changes to support Apple MAC OS X and some other platforms | |
4323 | more easily. | |
4324 | - The client -T option has been implemented | |
4325 | - HTCP related bugfixes in "squid -k reconfigure" | |
4326 | - Several bugfixes and cleanup of the Gopher client, both | |
4327 | to correct some security issues and to make Squid properly | |
4328 | render certain Gopher menus. | |
4329 | - FTP data channels are now sanity checked to match the address of | |
4330 | the requested FTP server. This to prevent theft or injection of | |
4331 | data. See the new ftp_sanitycheck directive if this is not desired. | |
4332 | - Security fixes in how Squid parses FTP directory listings into HTML | |
4333 | ||
c5bc64d3 | 4334 | Changes to Squid-2.4.STABLE6 (March 19, 2002): |
4335 | ||
722a4b40 | 4336 | - The patch for 2.4.STABLE5 was insufficiently tested and |
c5bc64d3 | 4337 | introduced a bug that causes frequent assertions when |
4338 | handling DNS PTR answers. | |
4339 | ||
4340 | Changes to Squid-2.4.STABLE5 (March 15, 2002): | |
4341 | ||
4342 | - Fixed an array bounds bug in lib/rfc1035.c. This bug | |
4343 | could allow a malicious DNS server to send bogus replies | |
4344 | and corrupt the heap memory. | |
4345 | ||
572b218d | 4346 | Changes to Squid-2.4.STABLE4 (Feb 19, 2002) |
08e8e4d0 | 4347 | |
722a4b40 | 4348 | - htcp_port 0 now properly disables htcp |
6474667e | 4349 | - Fixed problem with certain non-anonymous ftp:// style URL's |
08e8e4d0 | 4350 | - SNMP bugfixes including several memory leaks |
4351 | ||
4352 | Changes to Squid-2.4.STABLE3 (Nov 28, 2001): | |
4353 | ||
4354 | - Fixed bug #255: core dump on SSL/CONNECT if access denied by | |
4355 | miss_access | |
4356 | - Fixed bug #246: corrupt on-disk meta information preventing | |
4357 | rebuilds of lost swap.state files | |
4358 | - Fixed bug #243: squid_ldap_auth now supports spaces in passwords | |
4359 | - Fixed a coredump when creating FTP directories | |
4360 | - Fixed a compile time problem with statHistDump prototype mistmatch, | |
4361 | reported by some compilers | |
4362 | - Fixed a potential coredump situation on snmpwalk in certain | |
4363 | configurations | |
4364 | - Fixed bug #229: filedescriptor leakage in the "aufs" cache_dir | |
4365 | store implementation | |
4366 | - Serbian error message translations | |
4367 | ||
50821507 | 4368 | Changes to Squid-2.4.STABLE2 (Aug 24, 2001): |
4369 | ||
722a4b40 | 4370 | - Expanded configure's GCC optimization disabling check to |
50821507 | 4371 | include GCC 2.95.3 |
4372 | - avoid negative served_date in storeTimestampsSet(). | |
4373 | - Made 'diskd' pathnames more configurable | |
4374 | - Make sure squid parent dies if child is killed with | |
4375 | KILL signal | |
4376 | - Changed diskd offset args to off_t instead of int | |
4377 | - Fixed bugs #102, #101, #205: various problems with useragent | |
4378 | log files | |
4379 | - Fixed bug #116: Large Age: values still cause problems | |
4380 | - Fixed bug #119: Floating point exception in | |
4381 | storeDirUpdateSwapSize() | |
4382 | - Fixed bug #114: usernames not logged with | |
4383 | authenticate_ip_ttl_is_strict | |
722a4b40 | 4384 | - Fixed bug #115: squid eating up resources (eventAdd args) |
50821507 | 4385 | - Fixed bug #125: garbage HTCP requests cause assertion |
4386 | - Fixed bug #134: 'virtual port' support ignores | |
4387 | httpd_accel_port, causes a loop in httpd_accel mode | |
4388 | - Fixed bug #135: assertion failed: logfile.c:135: "lf->offset | |
4389 | <= lf->bufsz" | |
4390 | - Fixed bug #137: Ranges on misses are over-done | |
4391 | - Fixed bug #160: referer_log doesn't seem to work | |
4392 | - Fixed bug #162: some memory leaks (SNMP, delay_pools, | |
4393 | comm_dns_incoming histogram) | |
4394 | - Fixed bug #165: "Store Mem Buffer" leaks badly | |
4395 | - Fixed bug #172: Ident Based ACLs fail when applied to | |
4396 | cache_peer_access | |
4397 | - Fixed bug #177: LinuxPPC 2000 segfault bug due to varargs abuse | |
4398 | - Fixed bug #182: 'config' cachemgr option dumps core with | |
4399 | null storage | |
4400 | - Fixed bug #185: storeDiskdDirParseQ[12]() use wrong number | |
4401 | of args in debug/printf | |
4402 | - Fixed bug #187: bugs in lib/base64.c | |
4403 | - Fixed bug #184: storeDiskdShmGet() assertion; changed | |
4404 | diskd to use bitmap instead of linked list | |
4405 | - Fixed bug #194: Compilation fails on index() on some | |
722a4b40 | 4406 | non-BSD platforms |
50821507 | 4407 | - Fixed bug #197: refreshIsCachable() incorrectly checks |
4408 | entry->mem_obj->reply | |
4409 | - Fixed bug #215: NULL pointer access for proxy requests | |
4410 | in accel-only mode | |
4411 | ||
4412 | Changes to Squid-2.4.STABLE1 (Mar 20, 2001): | |
4413 | ||
4414 | - Fixed a bug in and cleaned up class 2/3 delay pools | |
4415 | incrementing. | |
4416 | - Fixed a coredump bug when using external dnsservers that | |
4417 | become overloaded. | |
4418 | - Fixed some NULL pointer bugs for NULL storage system | |
4419 | when reconfiguring. | |
4420 | - Fixed a bug with useragent logging that caused Squid to | |
4421 | think the logfile never got opened. | |
4422 | - Fixed a compiling bug with --disable-unlinkd. | |
4423 | - Changed src/squid.h to always use O_NONBLOCK on Solaris | |
4424 | if it is defined. | |
4425 | - Fixed a bug with signed/unsigned bitfield flag variables | |
4426 | that caused problems on Solaris. | |
4427 | - Fixed a bug in clientBuildReplyHeader() that could add | |
4428 | an Age: header with a negative value, causing an assertion | |
4429 | later. | |
4430 | - Fixed an SNMP reporting bug. cacheCurrentResFileDescrCnt | |
4431 | was returning the number of FDs in use, rather than | |
4432 | the number of reserved FDs. | |
4433 | - Added the 'pipeline_prefetch' configuration option. | |
4434 | - cache_dir syntax changed to use options instead of many | |
4435 | arguments. This means that the max_objsize argument now | |
4436 | is an optional option, and that the syntax for how to | |
722a4b40 | 4437 | specify the diskd magics is slightly different. |
50821507 | 4438 | - Various fixes for CYGWIN |
4439 | - Upgraded MSNT auth module to version 2.0. | |
4440 | - Fixed potential problems with HTML by making sure all | |
4441 | HTML output is properly encoded. | |
4442 | - Fixed a memory initialization problem with resource records in | |
4443 | lib/rfc1035.c. | |
4444 | - Rewrote date parsing in lib/rfc1123.c and made it a little | |
4445 | more lenient. | |
4446 | - Added Cache-control: max-stale support. | |
4447 | - Fixed 'range_offset_limit' again. The problem this time | |
4448 | is that client_side.c wouldn't set the we_dont_do_ranges | |
4449 | flag for normal cache misses. It was only being set for | |
4450 | requests that might have been hits, but we decided to | |
4451 | change to a miss. | |
4452 | - Added the Authenticate-Info and Proxy-Authenticate-Info | |
4453 | headers from RFC 2617. | |
4454 | - HTTP header lines longer than 64K could cause an assertion. | |
4455 | Now they get ignored. | |
4456 | - Fixed an IP address scanning bug that caused "123.foo.com" | |
4457 | to be interpreted as an IP address. | |
4458 | - Converted many structure allocations to use mem pools. | |
4459 | - Changed proxy authentication to strip leading whitespace | |
4460 | from usernames after decoding. | |
4461 | - Prevented NULL pointer access in aclMatchAcl(). Some | |
4462 | ACL types require checklist->request_t, but it won't be | |
4463 | available in some cases (like snmp_access). Warn the | |
4464 | admin that the ACL can't be checked and that we're denying | |
4465 | it. | |
4466 | - Allow zero-size disk caches. | |
4467 | - The actual filesystem blocksize is now used to account | |
4468 | for space overheads when calculating on-disk cache size. | |
4469 | - Made the maximum memory cache object size configurable. | |
4470 | - Added 'minimum_direct_rtt' configuration option. | |
4471 | - Added 'ie_refresh' configuration option, which is a hack | |
4472 | to turn IMS requests into no-cache requests. | |
58d1265f | 4473 | - Added support for netfilter in linux-2.4. This allows transparent |
4474 | proxy connections to function correctly in the absence of a Host: | |
4475 | header. This requires --enable-linux-netfilter to be passed through | |
4476 | to configure. (Evan Jones) | |
50821507 | 4477 | - Fixed a bug with clientAccessCheck() that allowed proxy |
4478 | requests in accel mode. | |
4479 | - Fixed a bug with 301/302 replies from redirectors. Now | |
4480 | we force them to be cache misses. | |
4481 | - Accommodated changes to the IP-Filter ioctl() interface | |
4482 | for intercepted connections. | |
4483 | - Fixed handling of client lifetime timeouts. | |
4484 | - Fixed a buffer overflow bug with internal DNS replies | |
4485 | by truncating received packets to 512 bytes, as per | |
4486 | RFC 1035. | |
4487 | - Added "forward.log" support, but its work in progress. | |
4488 | - Rewrote much of the IP and FQDN cache implementation. | |
4489 | This change gets rid of pending hits. | |
4490 | - Changed peerWouldBePinged() to return false if our | |
4491 | ICP/HTCP port is zero (i.e. disabled). | |
4492 | - Changed src/net_db.c to use src/logfile.c routines, | |
4493 | rather than stdio, because of solaris stdio filedescriptor | |
4494 | limits. | |
4495 | - Made netdbReloadState() more robust in case of corrupted | |
4496 | data. | |
4497 | - Rewrote some freshness/staleness functions in src/refresh.c, | |
4498 | partially inspired to support cache-control max-stale. | |
4499 | - Fixed status code logging for SSL/CONNECT requests. | |
4500 | - Added a hack to subtract cache digest network traffic | |
4501 | from statistics so that byte hit ratio stays positive | |
4502 | and more closely reflects what people expect it to be. | |
4503 | - Fixed a bug with storeCheckTooSmall() that caused | |
4504 | internal icons and cache digests to always be released. | |
4505 | - Added statfs(2) support for displaying actual filesystem | |
4506 | usage in the cache manager 'storedir' output. | |
4507 | - Changed status reporting for storage rebuilding. Now it | |
4508 | prints percentage complete instead of number of entries | |
4509 | parsed. | |
4510 | - Use mkstemp() rather than problem-prone tempnam(). | |
4511 | - Changed urlParse() to condense multiple dots in hostnames. | |
4512 | - Major rewrite of async-io (src/fs/aufs) to make it behave | |
4513 | a bit more sane with substantially less overhead. Some | |
4514 | tuning work still remains to make it perform optimal. | |
4515 | See the start of store_asyncufs.h for all the knobs. | |
4516 | - Fixed storage FS modules to use individual swap space | |
4517 | high/low values rather than the global ones. | |
4518 | - Fixed storage FS bugs with calling file_map_bit_reset() | |
4519 | before checking the bit value. Calling with an invalid | |
4520 | value caused memory corruption in random places. | |
4521 | - Prevent NULL pointer access in store_repl_lru.c for | |
4522 | entries that exist in the hash but not the LRU list. | |
4523 | ||
cab24814 | 4524 | Changes to Squid-2.4.DEVEL4 (): |
ad445e36 | 4525 | |
ddf1c0c4 | 4526 | - Added --enable-auth-modules=... configure option |
83b381d5 | 4527 | - Improved ICP dead peer detection to also work when the workload |
4528 | is low | |
a8c926ff | 4529 | - Improved TCP dead peer detection and recovery |
4530 | - Squid is now a bit more persistent in trying to find a alive | |
4531 | parent when never_direct is used. | |
4532 | - nonhierarchical_direct squid.conf directive to make non-ICP | |
4533 | peer selection behave a bit more like ICP selection with respect | |
4534 | to hierarchy. | |
4535 | - Bugfix where netdb selection could override never_direct | |
4536 | - ICP timeout selection now prefers to use parents only when | |
4537 | calculating the dynamic timeout to compensate for common RTT | |
4538 | differences between parents and siblings. | |
c1fc651e | 4539 | - No longer starts to swap out objects which are known to be above |
4540 | the maximum allowed size. | |
987de783 | 4541 | - allow-miss cache_peer option disabling the use of "only-if-cached". |
4542 | Meant to be used in conjunction with icp_hit_stale. | |
c8b40803 | 4543 | - Delay pools tuned to allow large initial pool values |
0343b99c | 4544 | - cachemgr filesystem space information changed to show useable space |
4545 | rather than raw space, and platform support somewhat extended. | |
890b0fa8 | 4546 | - Logs destination IP in the hierarchy log tag when going direct. |
4547 | (can be disabled by turning log_ip_on_direct off) | |
ff21eb3e | 4548 | - Async-IO on linux now makes proper use of mutexes. This fixes some |
4549 | odd pthread segfaults on SMP Linux machines, at a slight performance | |
4550 | penalty. | |
722a4b40 | 4551 | - %s can now be used in cache_swap_log and will be substituted with |
a80e50c7 | 4552 | the last path component of cache_dir. |
4d55827a | 4553 | - no_cache is now a full ACL check without, allowing most ACL types |
4554 | to be used. | |
f1003989 | 4555 | - The CONNECT method now obeys miss_access requirements |
145cf928 | 4556 | - proxy_auth_regex and ident_regex ACL types |
3cdb7cd0 | 4557 | - Fixed a StoreEntry memory leak during "dirty" rebuild |
4558 | - Helper processes no longer hold unrelated filedescriptors open | |
e40aa8da | 4559 | - Helpers are now restarted when the logs are rotated |
afc1e43f | 4560 | - Negatively cached DNS entries are now purged on "reload". |
4561 | - PURGE now also purges the DNS cache | |
722a4b40 | 4562 | - HEAD on FTP objects no longer retrieves the whole object |
aca95add | 4563 | - More cleanups of the dstdomain ACL type |
288c06ce | 4564 | - Squid no longer tries to do Range internally if it is not supported |
4565 | by the origin server. Doing so could cause bandwidth spikes and/or | |
4566 | negative hit ratio. | |
13c7936a | 4567 | - httpd_accel_single_host squid.conf directive |
82056f1e | 4568 | - "round-robin" cache_peer counters are reset every 5 minutes to |
4569 | compensate previously dead peers | |
4fe0e1d0 | 4570 | - DNS retransmit parameters |
858783c9 | 4571 | - Show all FTP server messages |
6b53c392 | 4572 | - squid.conf.default now indicates if a directive isn't enabled in |
4573 | the installed binary, and what configure option to use for enabling it | |
418cbe9f | 4574 | - Fixed a temporary memory leak on persistent POSTs |
304d289e | 4575 | - Fixed a temporary memory leak when the server response headers |
4576 | includes NULL characters | |
ba2b31a8 | 4577 | - authenticate_ip_ttl_is_strict squid.conf option |
4578 | - req_mime_type ACL type | |
afb87666 | 4579 | - A reworked storage system that supports storage directories in |
4580 | a more modular fashion. The object replacement and IO is now | |
4581 | responsibility of the storage directory, and not of the storage | |
4582 | manager. | |
722a4b40 | 4583 | - Fixed a bogus MD5 mismatch warning sometimes seen when using |
e7407eb8 | 4584 | aufs or diskd stores |
ce3d30fb | 4585 | - Added --enable-stacktraces configure option to set PRINT_STACK_TRACE, |
4586 | and extended support for this to Linux/GNU libc. | |
af57a2e3 | 4587 | - Disabled the "request timeout" error message sent if the user agent |
4588 | did not provide a request in a timely manner after opening the | |
4589 | connection. Now the connection is silently closed. The error message | |
4590 | was confusing user agents utilizing persistent connections. | |
cab24814 | 4591 | - Fixed configure --enable descriptions to match the arg names. |
4592 | - Eliminated compile warnings from auth_modules/MSNT code. | |
4593 | - Require first character of hostnames to be alphanumeric. | |
4594 | - Made ARP ACL work for Solaris. | |
4595 | - Removed storeClientListSearch(). | |
4596 | - Added counters to track diskd operation success and | |
4597 | failures. | |
4598 | - Fixed range_offset_limit. | |
4599 | - Added code to retry ServFail replies for internal DNS | |
4600 | lookups. | |
4601 | - Added referer header logging (Jens-S. Voeckler). | |
4602 | - Added "multi-domain-NTLM" authentication module, a Perl | |
4603 | script from Thomas Jarosch. | |
4604 | - Added configurable warning messages for high memory usage, | |
4605 | high response time, and high page faults. | |
4606 | - Made store dir selection algorithm configurable. | |
4607 | - Added support for admin-definable extension methods, | |
4608 | up to 20. | |
16689110 | 4609 | - Added 'maximum_object_size_in_memory' as a configuration option - |
4610 | this defines the watermark where objects transit from being true | |
4611 | hot objects to being in-transit objects in memory. It currently | |
4612 | defaults to 8 KB. | |
5cd41d0d | 4613 | - Change to the fqdn code which changes how pending DNS requests |
4614 | are treated as private and only become public once they are | |
4615 | completed. This can add extra load on DNS servers but prevents | |
4616 | all the pending clients blocking if one of the queries got | |
4617 | stuck. (Duane Wessels) | |
7e543177 | 4618 | - Converted more code to use MemPools, from Andres Kroonmaa. |
4619 | - Added more CYGWIN patches from Robert Collins. | |
e7407eb8 | 4620 | |
4621 | Changes to Squid-2.4.DEVEL3 (): | |
4622 | ||
4623 | - Added Logfile module. | |
4624 | - Added DISKD stats via cachemgr. | |
4625 | - Added squid.conf options for DISKD magic constants. | |
ad445e36 | 4626 | |
e7407eb8 | 4627 | Changes to Squid-2.4.DEVEL2 (Feb 29, 2000): |
ad445e36 | 4628 | |
4629 | Changes to Squid-2.4.DEVEL1 (): | |
4630 | ||
42b51993 | 4631 | Changes to Squid-2.3.STABLE4 (July 18, 2000): |
4632 | ||
4633 | - Fixed --localstatedir configure option (IKEDA Shigeru). | |
4634 | - Fixed IPFilter headers on OpenBSD (Nic Bellamy, Brad | |
4635 | Smith). | |
4636 | - Added pthread_sigmask() check to configure (Daniel | |
4637 | Ehrlich). | |
4638 | - Added CYGWIN patches from Robert Collins. | |
4639 | - Changed internal DNS lookups to retry queries that are | |
4640 | returned with RCODE 2 (ServFail). | |
4641 | - Added 'virtual port' support (Gregg Kellogg). If | |
4642 | 'httpd_accel_uses_host_header' is enabled, then we use | |
4643 | the port number from the Host header. Otherwise, when | |
4644 | 'httpd_accel_port' is set to "0" we use the port number | |
4645 | of the local end of the client socket. | |
4646 | - Fixed a typo in carp.c (Nikolaj Yourgandjiev). | |
4647 | - Made Squid accept GET requests that have a "content-length: | |
4648 | 0" header. | |
4649 | - Added a sanity check on the NHttpSockets[] array index | |
4650 | (Gregg Kellogg). | |
4651 | - Added a friendlier message when Squid can't find any DNS | |
4652 | nameserver addresses to use (Daniel Kiracofe). | |
4653 | - Added nonstandard WEBDAV methods: BMOVE, BDELETE, BPROPFIND | |
4654 | (Craig Whitmore). | |
4655 | - Added missing '%c' token replacement in error page | |
4656 | generation. | |
4657 | - Fixed a bug with 'minimum_object_size' that prevented | |
4658 | internal icons from being loaded. | |
4659 | - Fixed "extra semicolon" bug in storeExpiredReferenceAge() | |
4660 | that could prevent any objects from being replaced. | |
4661 | - Make sure that storeDirDiskFull() doesn't actually | |
4662 | *increase* the cache size. | |
4663 | - Changed a storeSwapMetaUnpack() assertion to a recoverable | |
4664 | error condition. | |
4665 | - Removed "wccpHereIam" event check that could cause Squid | |
4666 | to stop sending HERE_I_AM messages. | |
4667 | ||
d20b1cd0 | 4668 | Changes to Squid-2.3.STABLE3 (May 15, 2000): |
4669 | ||
4670 | - Fixed malloc linking problems on Solaris. The configure | |
4671 | script incorrectly set options for dlmalloc. | |
4672 | - Added a configure check to remove compiler optimization | |
4673 | for GCC 2.95.x. | |
4674 | - Updated MSNT authenticator module. | |
4675 | - Updated Estonian error pages. | |
4676 | - Updated Japanese error pages. | |
4677 | - Fixed expires bug in httpReplyHdrCacheInit. It was | |
4678 | incorrectly setting expires based on max-age. It was using | |
4679 | the current time as a basis, instead of the response date. | |
4680 | - Fixed "USE_DNSSERVER" typos. | |
4681 | - Added a workaround for getpwnam() problems on Solaris. | |
4682 | getpwnam() could fail if there are fewer than 256 FDs | |
4683 | available. This causes root to own some disk files. | |
4684 | - Added an 'offline_toggle' option via the cache manager. | |
4685 | - Added a 'minimum_object_size' option. Files smaller than | |
4686 | this size are not stored. | |
4687 | - Added 'passive_ftp' option to disable passive FTP transfers. | |
4688 | - Added 'wccp_version' option because some Cisco IOS versions | |
4689 | require WCCP version 3. | |
4690 | - The 'client' program in ping mode (-g) now prints transfer | |
4691 | throughput. | |
4692 | - Fixed logging of proxy auth username for redirected | |
4693 | requests. | |
4694 | - Fixed bogus Age values for IMS requests. | |
4695 | - Fixed persistent connection timeout for client-side | |
4696 | connections. It was hard-coded to 15 seconds, now uses | |
4697 | the 'pconn_timeout' value. | |
4698 | - Fixed up httpAcceptDefer. It wasn't being used properly | |
4699 | and caused high CPU usage when Squid gets close to the FD | |
4700 | limit. | |
4701 | - Numerous delay_pools fixes and checks. | |
4702 | - Fixed SNMP coredumps from running snmpwalk. | |
4703 | - Added a check for errno == EPIPE in icmp.c when pinger uses | |
4704 | a Unix socket instead of a UDP socket. | |
4705 | - Fixed ACL checklist memory initialization bugs. | |
4706 | - Cleaned up the MIB file. Replaced contact information and | |
4707 | checked description fields. | |
4708 | - Removed LRU reference_age hard-coded upper limit. | |
4709 | - Fixed async I/O FD leak. | |
4710 | - Made getMyHostname() more robust. | |
4711 | - Fixed domain list matching bug. "x-foo.com" wasn't properly | |
4712 | compared to ".foo.com" and confused splay tree ordering. | |
4713 | - Added a check for whitespace in hostnames and optionally | |
4714 | strip whitespace if 'uri_whitespace' setting allows. | |
4715 | - Added status code and checking to ASN/whois queries. | |
4716 | ||
4717 | Changes to Squid-2.3.STABLE2 (Mar 2, 2000): | |
4718 | ||
4719 | - Changed Copyright text. | |
4720 | - Changed configure so that some IRIX-6.4 hacks apply to | |
4721 | all IRIX-6.* versions. | |
4722 | - Cleaned up HTML bugs in error pages. | |
4723 | - Told configure to check for netinet/if_ether.h, which | |
4724 | is used in ARP ACL code, but might not be required. | |
4725 | - Added "Cookie" to known HTTP headers so it can be | |
4726 | used in anonymizer configuration. | |
4727 | - Added optional TCP_REDIRECT log code for logging | |
4728 | of 301/302 responses returned by Squid. | |
4729 | - Added a check for a currently running Squid process. | |
4730 | If the pid file exists, and the pid is running, | |
4731 | Squid complains and refuses to start another instance. | |
4732 | - Changed async I/O scope to PTHREAD_SCOPE_PROCESS for | |
4733 | IRIX. | |
4734 | - Fixed a bug with the PURGE method. The purge enable | |
4735 | flag was not getting cleared during reconfigure. | |
4736 | Also required PURGE method to be used in http_access | |
4737 | list before enabling. | |
4738 | - Fixed async I/O assertions for file open errors. | |
4739 | - Fixed internal DNS assertion when unpacking truncated | |
4740 | messages. | |
4741 | - Fixed anonymize_headers bug that caused all headers | |
4742 | to be allowed after a reconfigure. | |
4743 | - Fixed an access denied bug for accelerator-only installations. | |
4744 | - Fixed internal DNS initialization so that it uses | |
4745 | 'dns_nameservers' settings in squid.conf if set. | |
4746 | - Fixed 'maxconn' ACL bug that caused it to work backwards | |
4747 | (Pedro Ribeiro). | |
4748 | - Fixed syslog bug for daemon mode on Linux. | |
4749 | - Fixed 'http_port' parsing bugs. | |
4750 | - Fixed internal DNS byte ordering bugs for PTR queries. | |
4751 | - Fixed internal DNS queue getting stuck during periods | |
4752 | of low activity (Henrik). | |
4753 | - Fixed byte ordering bugs for parsing EPLF FTP listings | |
4754 | on 64-bit systems. | |
4755 | - Fixed 'request_body_max_size' bug that caused all | |
4756 | POST, PUT requests to be denied if max size is set | |
4757 | to zero. | |
4758 | - Fixed 'redirector_access' bug when using 'myport' ACLs. | |
4759 | - Fixed CARP neighbor selection bugs for down peers. | |
4760 | - Added 'client_persistent_connections' and | |
4761 | 'server_persistent_connections' flags to disable persistent | |
4762 | connections for clients and servers. | |
4763 | - Fixed access logging bug that caused many requests to be | |
4764 | logged as TCP_MISS. | |
4765 | - Added some bounds checking to delay pools code. | |
4766 | ||
ad445e36 | 4767 | Changes to Squid-2.3.STABLE1 (Jan 9, 2000): |
4768 | ||
4769 | - Updated PAM authentication module from Henrik Nordstrom. | |
4770 | - Updated Bulgarian error messages from Svetlin Simeonov. | |
4771 | - Changed ACL routines so that User-Agent (browser) string | |
4772 | is always taken from compiled HTTP request headers | |
4773 | instead of passed as an argument to aclCreateChecklist. | |
4774 | - Added a 'strip' option to the 'uri_whitesace' configuration | |
4775 | directive and made it the default behavior. Whitespace | |
4776 | found in URI's is now stripped out by default. | |
4777 | - Added chroot feature. The 'chroot_dir' config option enables | |
4778 | it and specifies the directory. | |
4779 | - Changed clientBuildReplyHeader so that the Age header is | |
4780 | added only for cache hits, and only when we can calculate | |
4781 | a valid, positive age value. | |
4782 | - Changed clientWriteComplete and clientGotNotEnough so | |
4783 | that they keep persistent connections open for more types | |
4784 | of replies that don't have bodies. | |
4785 | - Changed filemap.c routines to dynamically grow filemap | |
4786 | space as needed. | |
4787 | - Added a hack to ftp.c to deal with ftp.netscape.com, which | |
4788 | sometimes doesn't acknowledge PASV commands. | |
4789 | - Fixed FTP bug with ftpScheduleReadControlReply; there | |
4790 | was not always a timeout handler on the control socket | |
4791 | after the transfer completed. | |
4792 | - Fixed FTP filedescriptor leak from invalid PASV replies. | |
4793 | - Changed httpBuildRequestHeader so that it doesn't | |
4794 | copy the Host header from the client request. Instead | |
4795 | we should generate our own Host header which is known | |
4796 | to be correct. | |
4797 | - Changed storeTimestampsSet to adjust entry->timestamp | |
4798 | if the response includes an Age header. | |
4799 | - Removed size limit from storeKeyHashBuckets. | |
4800 | - Changed fwdConnectStart from a "heavy" to a "light" event. | |
4801 | - Fixed an 'anonymize_headers' bug that affects unknown | |
4802 | HTTP headers. With the bug, if you list a header that | |
4803 | Squid doesn't know about (such as "Charset"), it would | |
4804 | add HDR_OTHER to the allow/deny mask. This caused all | |
4805 | unknown headers to be allowed or denied (depending on | |
4806 | the scheme you use). Now, with the bug fixed, an unknown | |
4807 | header in the 'anonymize_headers' list is simply ignored. | |
4808 | ||
7e3ce7b9 | 4809 | Changes to Squid-2.3.DEVEL3 (): |
4810 | ||
ad445e36 | 4811 | - Added MSNT auth module from Antonino Iannella. |
7e3ce7b9 | 4812 | - Added --enable-underscores configure option. This allows |
4813 | Squid to accept hostnames with underscores in them. Your | |
4814 | DNS resolver may still complain about them, however. | |
4815 | - Added --heap-replacement configure option. This enables | |
4816 | the alternative cache replacement policies, such as | |
4817 | GDSF, and LFUDA. | |
3ff01c3e | 4818 | - WCCP establishes and registers with the router faster. |
7e3ce7b9 | 4819 | - Added 'maxconn' acl type to limit the number of established |
4820 | connections from a single client IP address. Submitted | |
4821 | by Vadim Kolontsov. | |
4822 | - Close FTP data socket as soon as transfer completes | |
4823 | (Alexander V. Lukyanov). | |
4824 | - Fixed ftpReadPass() to not clobber ctrl.message when | |
4825 | the PASS command fails. | |
4826 | - Added a redirect.c patch so squidGuard is able to do | |
4827 | per-user access control (Antony T Curtis). | |
4828 | - discard the pumpMethod() function, and instead use the | |
4829 | fact that the request has a request entity (content-length | |
4830 | present) (Henrik). | |
4831 | - Reload the MIME icons at reconfigure time (Radu Greab). | |
4832 | - Updated Richard Huveneers' SMB authentication module to | |
4833 | his version 0.05 package. | |
4834 | - Fixed lib/heap.c::heap_delete() bug when deleting the | |
4835 | last node. | |
4836 | - Fixed an integer conversion bug in | |
4837 | lib/rfc1035.c::rfc1035AnswersUnpack(). | |
4838 | - Fixed lib/rfc1738 routines to encode reserved characters, | |
4839 | in addition to encoding the unsafe characters (Henrik). | |
4840 | - Changed the interface for splay compare and "walk" | |
4841 | functions to take a void pointer, instead of a splayNode | |
4842 | pointer (Henrik). | |
4843 | - Changed numerous HTTP parsing routines to use ssize_t | |
4844 | instead of size_t. This was done because size_t may be | |
4845 | signed or unsigned. When it is unsigned, gcc emits | |
4846 | numerous "comparison is always true" warnings. At least | |
4847 | we know ssize_t is always signed. | |
4848 | - Fixed src/HttpHeaderTools::httpHeaderHasConnDir() and | |
4849 | friends so that it properly handles multi-value lists. | |
4850 | - Added an "end" (ssize_t) parameter to | |
4851 | src/HttpReply::httpReplyParse() so that we know exactly | |
4852 | where to terminate the header buffer. | |
4853 | - Changed src/access_log.c::log_quote() so that it only | |
4854 | encodes whitespace characters, and not all URL-special | |
4855 | characters (Henrik). | |
4856 | - Added local port ACL type ("myport") (Henrik). | |
4857 | - Added maximum number of connections per client ("maxconn") | |
4858 | as an ACL type. | |
4859 | - Fixed proxy authentication username/password parsing to | |
4860 | be more robust (Henrik). | |
4861 | - Fixed ACL domain/host and domain/domain comparison | |
4862 | functions yet again. Eliminated duplicate code so that | |
4863 | only src/url.c::matchDomainName() contains this mysterious | |
4864 | code. | |
4865 | - Changed the 'http_port' option to accept an IP address | |
4866 | or hostname as well (Henrik). | |
4867 | - Removed 'tcp_incoming_addr' option. | |
4868 | - Added an access control list for the redirector | |
4869 | ('redirector_access'). Requests which match are sent to | |
4870 | the redirector. All requests. are redirected by default. | |
4871 | - Added the 'authenticate_ip_ttl' option. It specifies | |
4872 | how long a valid proxy authentication credential is | |
4873 | bound to a specific address. | |
4874 | - Added 280, 488, 591, and 777 to "Safe_ports" ACL. | |
4875 | - Removed the unused and highly questionable 'forward_snmpd_port' | |
4876 | option. | |
4877 | - Added an option to accept DNS messages from unknown nameservers. | |
4878 | This may be necessary if replies come from a different address | |
4879 | than queries are sent to. | |
4880 | - Added #includes for IP Filter files in netinet directory. | |
4881 | - Fixed a bug with retrying forwarded IMS requests (Henrik). | |
4882 | - Fixed a bug in src/client_side.c::clientInterpretRequestHeaders() | |
4883 | where we were checking a cache-control bit before getting the | |
4884 | mask from the HTTP headers (pallo@initio.no). | |
4885 | - Fixed a bug with "no_cache" access list. If not defined, | |
4886 | everything was uncachable by default. | |
4887 | - Fixed a bug with timed-out client-side HTTP connections. | |
4888 | We didn't cancel the read handler, which could lead to | |
4889 | "rwstate != NULL" warnings. | |
4890 | - Changed comm_open() to only call fdAdjustReserved() for | |
4891 | specific errors (ENFILE, EMFILE); | |
4892 | - Fixed NULL pointer bug in idnsParseResolvConf(). | |
4893 | - Split CACHE_DIGEST_HIT into CD_PARENT_HIT and CD_SIBLING_HIT. | |
4894 | - Added DELETE request method. | |
4895 | - Added RFC 2518 HTTP status codes. | |
4896 | - Fixed handling of URL passwords when we need to rewrite a | |
4897 | BASE HREF URL (Henrik). | |
4898 | - Fixed a bug with FTP requests where a request gets aborted, | |
4899 | but we try to complete it anyway. It would result in a | |
4900 | "store_status != STORE_PENDING" assertion. The solution | |
4901 | is to check for ENTRY_ABORTED before reading from | |
4902 | the control channel too. | |
4903 | - Changed FTP to retry a request if Squid fails to establish | |
4904 | a PASV data connection (Henrik). | |
4905 | - Fixed numerous HTCP memory leaks and an uninitialized memory | |
4906 | bug. | |
4907 | - Changed httpMaybeRemovePublic() with RFC 2518 and 2616 in | |
4908 | mind (Henrik). | |
4909 | - Minor fixes for Rhapsody systems. | |
4910 | - Define _XOPEN_SOURCE_EXTENDED in squid.h so that AIX systems | |
4911 | don't include varargs.h. | |
4912 | - Changed src/store_client.c::storeClientType() so that | |
4913 | an entry can have more than one STORE_MEM_CLIENT. | |
4914 | - Changed src/store_client.c::storeClientReadHeader() | |
4915 | to check swapfile metadata (Henrik). | |
4916 | - Changed src/url.c::urlCheckRequest() to return FALSE for | |
4917 | any "https://" URL. These should always be CONNECT | |
4918 | instead. If Squid gets an "https://" URL, it is a browser | |
4919 | bug. | |
4920 | - Added numerous squid.conf options for controlling cache | |
4921 | digests. Previously these were hard-coded in | |
4922 | src/store_digest.c. (Martin Hamilton) | |
4923 | - Added 'cache_peer' option called 'digest-url' that | |
4924 | lets you specify the URL for a peer's digest. | |
4925 | (Martin Hamilton) | |
4926 | - Added DELAY_POOLS hacks to scan "slow" connections in | |
4927 | a random order (David Luyer). | |
4928 | - ARP_ACL fixes from Damien Miller. Linux 2.2.x uses a | |
4929 | per-interface arp/neighbour cache, whereas 2.0.x uses a | |
4930 | unified cache. Under 2.2.x you are required to specify | |
4931 | a interface name when looking up ARP table entries with | |
4932 | SIOCGARP. | |
4933 | - If the process umask is not set (i.e. 0), then Squid | |
4934 | changes it to 007. | |
4935 | ||
9bc73deb | 4936 | Changes to Squid-2.3.DEVEL2 (): |
4937 | ||
4938 | - Added --enable-truncate configure option. | |
4939 | - Updated Czech error messages () | |
4940 | - Updated French error messages () | |
4941 | - Updated Spanish error messages () | |
4942 | - Added xrename() function for better debugging. | |
4943 | - Disallow empty ("") password in aclDecodeProxyAuth() | |
4944 | (BoB Miorelli). | |
4945 | - Fixed ACL SPLAY subdomain detection (again). | |
4946 | - Increased default 'request_body_max_size' from 100KB | |
4947 | to 1MB in cf.data.pre. | |
4948 | - Added 'content_length' member to request_t structure | |
4949 | so we don't have to use httpHdrGetInt() so often. | |
4950 | - Fixed repeatedly calling memDataInit() for every reconfigure. | |
4951 | - Cleaned up the case when fwdDispatch() cannot forward a | |
4952 | request. Error messages used to report "[no URL]". | |
4953 | - Added a check to return specific error messages for a | |
4954 | "store_digest" request when the digest entry doesn't exist | |
4955 | and we reach internalStart(). | |
4956 | - Changed the interface of storeSwapInStart() to avoid a bug | |
4957 | where we closed "sc->swapin_sio" but couldn't set the | |
4958 | pointer to NULL. | |
4959 | - Changed storeDirClean() so that the rate it gets called | |
4960 | depends on the number of objects deleted. | |
4961 | - Some WCCP fixes. | |
4962 | - Added 'hostname_aliases' option to detect internal requests | |
4963 | (cache digests) when a cache has more than one hostname | |
4964 | in use. | |
4965 | - Async I/O NUMTHREADS now configurable with --enable-async-io=N | |
4966 | (Henrik Nordstrom). | |
4967 | - Added queue length to async I/O cachemgr stats (Henrik Nordstrom). | |
4968 | - Added OPTIONS request method. | |
9bc73deb | 4969 | |
eb824054 | 4970 | Changes to Squid-2.3.DEVEL1 (): |
4971 | ||
4972 | - Added WCCP support. This adds the 'wccp_router' squid.conf | |
4973 | option. | |
4974 | - Added internal DNS queries; Most installations can run | |
4975 | without the external dnsserver processes. | |
4976 | - Rewrote much of the code that stores cache objects on | |
4977 | disk. Developed a programming interface that should | |
4978 | allow new storage systems to be added easily. This still | |
4979 | is pretty ugly and needs a lot of work, however. | |
4980 | - Replaced async_io.c "tags" with callback data locks. | |
4981 | This probably breaks async IO in a bad way. | |
4982 | - Tried to write an Async IO disk storage module. | |
4983 | - Added code to replace the StoreEntry linked list with a | |
4984 | heap structure. This allows for different replacement | |
4985 | algorithms, instead of being stuck with LRU. This adds | |
4986 | the 'replacement_policy' squid.conf option. (John Dilley | |
4987 | et al). | |
4988 | - Fixed HTCP queries by actually checking for freshness | |
4989 | based on the HTCP header fields. | |
4990 | - Fixed passing of redirector command line arguments. | |
4991 | - Added 'request_header_max_size' squid.conf option. | |
4992 | - Added 'request_body_max_size' squid.conf option. | |
4993 | - Added 'reply_body_max_size' squid.conf option. | |
4994 | - Added 'peer_connect_timeout' squid.conf option. | |
4995 | - Added 'redirector_bypass' squid.conf option. | |
4996 | - Added RFC 2518 (WEBDAV) request methods. | |
d20b1cd0 | 4997 | |
6b8e7481 | 4998 | Changes to Squid-2.2 (April 19, 1999): |
b93549f6 | 4999 | |
98b093e7 | 5000 | - Removed all SNMP specific ACL code |
5001 | SNMP now uses generic squid ACL's | |
5002 | - Removed view-based access crontrol | |
00b7a8b6 | 5003 | - Cleaned up and simplified SNMP section of squid.conf |
98b093e7 | 5004 | - Changed the SNMP code to use a tree stucture. |
3ff01c3e | 5005 | - Added objects to MIB: |
00b7a8b6 | 5006 | Request Hit Ratio's |
5007 | Byte Hit Ratio's | |
5008 | Number of Clients | |
61d53e64 | 5009 | - Changed SNMP Agent to return object instances correctly. |
b93549f6 | 5010 | - Added our own assert() macro so we can use debug() instead of |
5011 | printing to stderr. | |
5012 | - Added eventFreeMemory(). | |
5013 | - Fixed ipcCreate() bug when debug_log has FD <= 2. | |
5014 | - Changed watchChild() and related code in main.c so that | |
5015 | Squid can behave more like a proper daemon process. | |
5016 | - Added 'prefer_direct' option (enabled by default) so that | |
5017 | people can give parents higher preference than direct. | |
6703526b | 5018 | - Fixed ipc.c close() bug for async IO. On FreeBSD, |
5019 | comm_close() doesn't work for child processes when async IO is | |
5020 | used. | |
5021 | - Fixed setting the public key for large ``icons'' (Henrik | |
5022 | Nordstrom). | |
68f87dc5 | 5023 | - Rewrote peer digest module to fix memory leaks on reconfigure |
5024 | and clean the code. Increased "current" digest version to 5 | |
6474667e | 5025 | ("required" version is still 3). Revised "Peer Select" cache |
5026 | manager stats. | |
68f87dc5 | 5027 | - Added "-k parse" command line option: parses the config file |
5028 | but does not send a signal unlike other -k options. | |
1743c283 | 5029 | - Revamped storeAbort() calling. Only store_client.c has all |
5030 | the right information to determine if the request should | |
5031 | be aborted. Now client and server modules just storeUnregister | |
d81e3f33 | 5032 | without ever needing to call storeAbort. |
96aeb95d | 5033 | - Small change of Squid output for FTP (Andrew Filonov, |
5034 | Henrik Nordstrom). | |
5035 | - clientGetsOldEntry() sends old entry if new request status | |
5036 | is in the 500-range (Henrik Nordstrom). | |
5037 | - Changed configure so it works with IRIX6.4 C compiler (broken?) | |
5038 | option -OPT:fast_io=ON. | |
5039 | - Fixed comm_connect_addr() non-blocking connections for | |
5040 | SONY NEWSOS (Makoto MATSUSHITA). | |
5041 | - Changed "#ifdef __STDC__" to "#if STDC_HEADERS" as recommended | |
5042 | by autoconf documentation. | |
5043 | - Fixed client-side cache-control max-age (Henrik Nordstrom). | |
5044 | - Added a new error page: ERR_SHUTTING_DOWN. fwdStart() returns | |
5045 | this error if it is called while squid is in the process of | |
5046 | shutting down. | |
5047 | - Added support for linuxthreads package under FreeBSD (Tony Finch). | |
5048 | - Fixed HP-UX StatHist.c assertions by making the "hbase_f" | |
5049 | functions non-static (Michael Pelletier). | |
5050 | - Fixed logging of authenticated usernames even if the | |
5051 | authorization is not cached (Dancer). | |
5052 | - Fixed pconnPush() bug that prevented holding on to | |
5053 | persistent connections (Manfred Bathelt). | |
2328711e | 5054 | - Pid file now rewritten on SIGHUP. |
b4019ff7 | 5055 | - Numerous Ident changes: |
5056 | - Ident lookups will now be done on demand if you use the | |
5057 | 'ident' ACL type. | |
5058 | - The 'ident_lookup on|off' option has been replaced with | |
5059 | an access list, so you can do lookups only for some | |
5060 | client addresses. | |
5061 | - Added an 'ident_timeout' option to specifiy the amount | |
5062 | of time to wait for an ident lookup. | |
5063 | - Added a (local) hit rate to mempool metering. | |
5064 | - FTP Restarts (REST command) is now supported. | |
5065 | - Check for libintl.a on SCO3.2. | |
5066 | - Disable poll() on SCO3.2. | |
5067 | - Numerous Async IO enhancements from Henrik. | |
5068 | - Removed cache_mem_low and cache_mem_high options (Henrik | |
5069 | Nordstrom). | |
5070 | - Replaced 'persistent_client_posts' with 'broken_posts' access | |
5071 | list. | |
97474590 | 5072 | - Rewrote the anonymizer. |
5073 | - Removed the http_anonymizer option. | |
548b801c | 5074 | - Added the anonymize_headers option to allow individual |
5075 | referencing of headers for addition or removal. See | |
5076 | 'anonymize_headers' in squid.conf for additional | |
5077 | configuration. | |
b3abf16c | 5078 | - Fixed config file parser's handing of optional directives. |
5079 | Some people might get new warnings about unknown config | |
5080 | directives. | |
548b801c | 5081 | - Added 'myip' ACL type. This is the local IP address for |
5082 | connected sockets (Luyer). | |
5083 | - Fixed parsing of FTP DOS directory listings with spaces | |
5084 | (Nordstrom). | |
dd0b0295 | 5085 | - Numerous DELAY_POOL changes/fixes from David Luyer: |
5086 | - Makes no-delay neighbors for DELAY_POOLS work by | |
5087 | using a fd_set with the connections to no-delay | |
5088 | peers marked in it. | |
5089 | - Makes IP addresses ending in 0 and 255, and | |
5090 | network number 255, work with individual and | |
5091 | network delay pools (they were previously not | |
5092 | permitted, and documented as such). | |
5093 | - Massive overhaul of delay pools code - dynamically | |
5094 | allocated delay pools, as many as required. | |
5095 | - delayPoolsUpdate stops running if DELAY_POOLS is | |
5096 | configured but no delay pools are configured. | |
5097 | - Initial delay pool levels are now configurable | |
5098 | as a percentage of the maximum for the pool in | |
5099 | question (used to be all set to 1 second worth | |
5100 | of traffic). Pools are restored to this level | |
5101 | on reconfiguratoin. | |
242188c9 | 5102 | - Changed storeClientCopy to give a swap-in failure if |
5103 | the number of open disk FD's is above the 'max_open_disk_fds' | |
5104 | limit. Otherwise, a very loaded cache will end up with | |
5105 | all disk files open for reading, and none for writing. | |
b6a2f15e | 5106 | - Added lib/inet_ntoa.c from BSD Unix for systems that have |
5107 | broken inet_ntoa(). (Erik Hofman). | |
5108 | - Added more specific FTP error messages for "permission | |
5109 | denied, "file not found," and "service unavailable." | |
5110 | (Tony Finch) | |
5111 | - Added xisspace(), xisdigit(), etc, macros to cast function | |
5112 | args and eliminate compiler warnings. | |
5113 | - Fixed case-sensitive comparisons of domain names (Henrik | |
5114 | Nordstrom). | |
5115 | - Added proxy-authentication to cachemgr.cgi's requests | |
5116 | (Henrik Nordstrom). | |
5117 | - Changed Squid to *truncate* rather than *unlink* purged | |
5118 | swap files. Can be reversed by undefining | |
5119 | USE_TRUNCATE_NOT_UNLINK in src/defines.h. | |
5120 | - Changed internal icon headers to use Cache-control | |
5121 | Max-age instead of Expires. | |
5122 | - Changed storeMaintainSwapSpace behavior to be adjusted | |
5123 | smoothly, instead of discretely, between store_swap_low | |
5124 | and store_swap_high. This includes the number of | |
5125 | objects to scan, number to remove, and time until the | |
5126 | next storeMaintainSwapSpace event. | |
5127 | - Fixed a quick_abort bug that incorrectly calculated | |
5128 | content lengths. | |
5129 | - Added getpwnam() auth module from Erik Hofman. | |
5130 | - Added 'coredump_dir' option. | |
5131 | - Fixed a peerDestroy() assertion that required peer->digest | |
5132 | to be NULL at the end of peerDestroy(). | |
5133 | - configure script now automatically enables dlmalloc for | |
5134 | Solaris/x86. | |
5135 | - configure enables poll() on linux 2.2 and later (Henrik). | |
5136 | - Icon files are now distributed in binary format, install | |
5137 | will not need to run 'sh' and 'uudecode'. | |
5138 | - Fixed some bugs with large responses (>READ_AHEAD_GAP) and | |
5139 | re-forwarding requests and ENTRY_FWD_HDR_WAIT. | |
5140 | fwdCheckDeferRead() will NOT defer reading if the | |
5141 | ENTRY_FWD_HDR_WAIT bit is set. | |
5142 | - Fixed a "F->flags.open" assertion for aborted FTP PUT's. | |
5143 | - Fixed a (double) cast problem that caused statAvgTick() | |
5144 | events to be added as fast as possible. | |
6b8e7481 | 5145 | - Changed httpPacked304Reply() to not include the Content-Length |
5146 | header for 304 replies that Squid generates. We used to | |
5147 | include the length of the cached object, and this broke | |
5148 | persistent connections. | |
5149 | ||
5150 | 2.2.STABLE2: | |
5151 | ||
5152 | - Fixed configure bug for statvfs() checks. Configure reports | |
5153 | "test: =: unary operator expected" or similar because an | |
5154 | unquoted variable is not defined. | |
5155 | - Fixed aclDestroyAcls() assertion because some ACL types | |
5156 | are not listed in the switch statement. Occurs for | |
5157 | srcdom_regex and dstdom_regex ACL types during reconfigure. | |
5158 | - Typo "applicatoin" in src/mime.conf | |
5159 | - The unlinkd daemon never saw the USE_TRUNCATE_NOT_UNLINK | |
5160 | #define because it didn't include squid.h. | |
5161 | - Fixed commRetryFD() when bind() fails. commRetryFD was | |
5162 | closing the filedescriptor, but it is the upper layer's | |
5163 | job to close it. | |
5164 | - Changed configure's "maximum number of filedescriptors" | |
5165 | detection to only use getrlimit() for Linux. On AIX, | |
5166 | getrlimit returns RLIM_INFINITY. | |
5167 | - Fixed snmpInit() nesting bug. | |
5168 | - Fixed a bug with peerGetSomeParent(). It was adding | |
5169 | a parent to the FwdServers list, regardless of the | |
5170 | ps->direct value. This could cause every request to | |
5171 | go to a parent even when always_direct is used. | |
5172 | - Changed fwdServerClosed() to rotate the "forward servers" | |
5173 | list when a connection establishment fails. Otherwise | |
5174 | it always kept trying to connect to the first server | |
5175 | int the list. | |
b93549f6 | 5176 | |
2be4e260 | 5177 | 2.2.STABLE3: |
5178 | ||
5179 | - Fixed preprocessor problems for HP-UX in lib/safe_inet_addr.c. | |
5180 | - Avoid coredump in aclMatchAcl() if someone tries to use | |
5181 | proxy authentication with a non-HTTP request (e.g. icp_access). | |
5182 | - Moved 'ident_lookup_access' in squid.conf so it appears | |
5183 | after the ACL section. | |
5184 | - Fixed typo in squid.conf on "Config.Addrs.snmp_outgoing" | |
5185 | - Fixed a case in clientCacheHit() where we thought it | |
5186 | was a hit, but the reply status was not 200, so we | |
5187 | had to perform a cache miss. We forgot to change the | |
5188 | log_type and these were being recorded as TCP_HIT's. | |
5189 | - Fixed a void pointer subtraction bug in delayIdPtrHashCmp(). | |
5190 | - Fixed delay_pools coredump and memory leak bugs from | |
5191 | NULL delay_id values. | |
5192 | - Fixed a SEGV bug with delay_pools when requesting | |
5193 | 'objects' or 'vm_objects' from the cachemgr. | |
5194 | - Added a workaround for buggy FTP servers that return | |
5195 | a size of zero for non-zero-sized objects. | |
5196 | - Removed umask(0) call from main(). | |
5197 | - Fixed a peer selection bug that caused us to never select | |
5198 | a neighbor based on ICP replies if the ICP timeout occurs. | |
5199 | In conjunction with this, removed the PING_TIMEOUT state. | |
5200 | - Fixed a store_rebuild bug that caused us to get stuck trying | |
5201 | if a cache_dir subdirectory didn't exist. | |
5202 | - Fixed a buffer overrun bug in gb_to_str(). | |
5203 | ||
9bc73deb | 5204 | 2.2.STABLE4: |
5205 | ||
5206 | - Fixed a dread_ctrl leak caused in store_client.c | |
5207 | - Fixed a memory leak in eventRun(). | |
5208 | - Fixed a memory leak of ErrorState structures due to | |
5209 | a bug in forward.c. | |
5210 | - Fixed detection of subdomain collisions for SPLAY trees. | |
5211 | - Fixed logging of hierarchy codes for SSL requests (Henrik | |
5212 | Nordstrom). | |
5213 | - Added some descriptions to mib.txt. | |
5214 | - Fixed a bug with non-hierarchical requests (e.g. POST) | |
5215 | and cache digests. We used to look up non-hierarchical | |
5216 | requests in peer digests. A false hit may cause Squid | |
5217 | to forward a request to a sibling. In combination with | |
5218 | 'Cache-control: only-if-cached, this generates 504 Gateway | |
5219 | Timeout responses and the request may not be re-forwardable. | |
5220 | - Fixed a filedescriptor leak for some aborted requests. | |
5221 | ||
5222 | ||
4d62b0af | 5223 | Changes to Squid-2.1 (November 16, 1998): |
8f897f34 | 5224 | |
5225 | - Changed delayPoolsUpdate() to be called as an event. | |
5226 | - Replaced comm_select FD scanning loops with global fd_set | |
5227 | structures. Inspired by Jeff Mogul's patch for squid 1.1. | |
9e1559ea | 5228 | - Moved functions common to dns.c, redirect.c, authenticate.c, |
5229 | ipcache.c, and fqdncache.c into helper.c. | |
0753aa46 | 5230 | - Changed storeClientCopy2() so that it keeps sending the remainder |
5231 | of a STORE_ABORTED request, instead of cutting off the client as | |
5232 | soon as the object becomes aborted. | |
f0538986 | 5233 | - Fixed combined ipf-transparent proxy and a local http-accelerator |
5234 | operation (Quinton Dolan). | |
5235 | - Rewrote base64_decode.c because of potential buffer overrun | |
5236 | bugs. | |
912432d8 | 5237 | - Configurable handling of whitespace in request URI's. |
5238 | See 'uri_whitespace' in squid.conf. | |
e33ec474 | 5239 | - Added ability to generate HTTP redirect messages from |
5240 | the redirector output by prepending "301:" or "302:" to the | |
5241 | new url. See FAQ 4.16 for more details. | |
829a9357 | 5242 | - Eliminated refreshWhen() which was out-of-sync with refreshCheck() |
5243 | potentially causing under-utilized cache digests | |
5244 | - Maintain refreshCheck statistics on per-protocol basis so we | |
5245 | can tell why ICP or Digests return too many misses, etc. | |
c68e9c6b | 5246 | - Fixed delay_pools.c class2/class3 typo (Simon Woods). |
5247 | - Changed squid.conf's default access controls to deny all | |
5248 | HTTP requests. Admins must write ACL rules to specifically | |
5249 | allow their local clients. | |
5250 | - Patched French error messages (Mathias HERBERTS). | |
5251 | - NextStep porting fixes by Mike Laster: | |
5252 | - use xstrdup() in cf_gen.c | |
5253 | - check for putenv() in configure | |
5254 | - #define S_ISDIR macro | |
5255 | - Added --disable-poll configure option (Henrik Nordstrom). | |
5256 | - Fixed internal URL hostname case bugs (Henrik Nordstrom). | |
5257 | - Patched ftp.c so we never cache autenticated FTP requests | |
5258 | (Henrik Nordstrom). | |
5259 | - Fixed FTP authentication. We tried to unescape authentication | |
5260 | given by basic authentication which is not URL escaped | |
5261 | (Henrik Nordstrom). | |
5262 | - Fixed HTTP version for common logfile format (Henrik Nordstrom). | |
5263 | - Added 'redirect_rewrites_host_header' option to disable rewriting | |
5264 | of Host header for redirector responses (Henrik Nordstrom). | |
5265 | - Allow semi-customized error message signatures (Henrik Nordstrom). | |
5266 | - Fixed bug with errors for unsupported requests (Henrik Nordstrom). | |
5267 | - Fixed handling of blank lines in ACL input files (Henrik | |
5268 | Nordstrom). | |
5269 | - Changed proxy_auth ACL type to consist of a list of valid | |
5270 | users. REQUIRED == any (same as ident ACL). ACL type user | |
5271 | changed to ident since this is what it really is. | |
5272 | (Henrik Nordstrom). | |
5273 | - Fixed long URL bugs; make sure 'log_uri' never exceeds | |
5274 | MAX_URL bytes. | |
5275 | - Allow comments in external ACL files (Gerhard Wiesinger). | |
5276 | - Added 'range_offset_limit' configuration option. Requests | |
5277 | with ranges that start after this value will be passed | |
5278 | on unmodified, and Squid will not cache the response | |
5279 | (Henrik Nordstrom). | |
5280 | - Added Client HTTP Hit byte counters to 'counters' output | |
5281 | (Douglas Swarin). | |
5282 | - Got Squid to compile with --enable-async-io on FreeBSD. | |
5283 | - Fixed infinite loop bug for cachemgr 'config' option. | |
5284 | - Fixed cachability bugs for replies with Pragma: no-cache. | |
5285 | - Made content-type multipart/x-mixed-replace uncachable. | |
5286 | - Y2K fix for parsing dates in "Wed Jun 9 01:29:59 1993 GMT" | |
5287 | format (Richard Kettlewell). | |
5288 | - Fixed passing -s option to dnsserver processes (Alvaro Jose | |
5289 | Fernandez Lago). | |
5290 | - Changed proxy_auth to work on internal objects and when in | |
5291 | accelerator mode. (Henrik Nordstrom) | |
5292 | - Added login=user:password option to cache_peer directive to | |
5293 | be used from a dial-up cache where the parent requires proxy | |
5294 | authentication. (Henrik Nordstrom) | |
5295 | - If you want to "auto-login", then use a URL on the form | |
5296 | http://username:password@server/.... Squid now picks this up | |
5297 | when going direct, and turns it into basic WWW | |
5298 | authentication. It is also possible to do automatic login to | |
5299 | certain servers by using a redirector to add the needed | |
5300 | authentication information. (Henrik Nordstrom) | |
04f0ba5c | 5301 | - Changed refreshCheck() so that objects with negative age |
5302 | are always stale. | |
4d62b0af | 5303 | - Fixed "plain" FTP listings (Henrik Nordstrom). |
5304 | - Fixed showing banner/logon message for top-level FTP | |
5305 | directories (Henrik Nordstrom). | |
5306 | * Changes below have been made to SQUID_2_1_PATCH1 | |
5307 | - Fixed pinger packet size assertion. | |
5308 | - Fixed WAIS forwarding. | |
5309 | - Fixed dnsserver coredump bug caused by using both -D and | |
5310 | -s options. | |
e42d5181 | 5311 | * Changes below have been made to SQUID_2_1_PATCH2 |
5312 | - Fixed EBIT macro bugs when the bitmask is a 64-bit long. | |
5313 | - Fixed proxy auth NULL password bug. | |
5314 | - Fixed queueing of multiple peerRefreshDNS events. | |
5315 | - Added a stack of StoreEntry objects to be released after | |
5316 | store rebuild completes. | |
5317 | - Fixed NULL pointer bugs with too-large requests (found by | |
5318 | Martin Lathoud). | |
5319 | - Fixed reading replies from buggy ident servers. Replies | |
5320 | might not have terminating CR or LF (Henrik Nordstrom). | |
b4019ff7 | 5321 | - Changed internal StoreEntry key so that the request method |
5322 | is encoded as a single octet. Encoding an enumerated type | |
5323 | has size and byte-order incompatibilities, especially for | |
5324 | cache digests. | |
5325 | - Fixed storeEntryLocked so that SPECIAL, but PRIVATE entries | |
5326 | are not always locked. This fixes having multiple | |
5327 | store_digest's stuck in memory. | |
5328 | - Fixed clientProcessOnlyIfCachedMiss so it unlocks and | |
5329 | unregisters from "cache hit" entries. | |
5330 | * Changes below have been made to SQUID_2_1_PATCH3 | |
5331 | - Fixed memory leak in clientHandleIMSReply for | |
5332 | storeClientCopy failures. | |
8f897f34 | 5333 | |
41587298 | 5334 | Changes to Squid-2.0 (October 2, 1998): |
71d6dc56 | 5335 | |
4c154d99 | 5336 | - Added NAT/Transparent hijacking code from Quinton Dolan. |
5337 | - Added actual filesystem usage to cachemgr 'storedir' page. | |
41587298 | 5338 | Only works for operating systems which support statvfs(). |
a79d724b | 5339 | - Fixed HTCP compile-time bugs. |
5340 | - Fixed quick_abort bugs. Configured values are stored as | |
5341 | Kbytes, not bytes. | |
41587298 | 5342 | - Removed fwdAbortFetch(). It breaks quick_abort and seems |
5343 | mostly useless. | |
0da7d807 | 5344 | - Changed storeDirSelectSwapDir() to skip swap directories |
5345 | when their utilization is over the high water mark ratio. | |
9ca005ac | 5346 | - Fixed off-by-one bug for dead neighbor detection (Joe Ramey). |
18cc143b | 5347 | - fixed bugs in Content-Range header generation |
5348 | - changed the way Range requests are handled: | |
71d6dc56 | 5349 | - do not "advertise" our ability to process ranges at |
5350 | all | |
5351 | - on hits, handle simple ranges and forward complex | |
5352 | ones | |
5353 | - on misses, fetch the whole document for simple ranges | |
5354 | and forward range request for complex ranges | |
5355 | The change is supposed to decrease the number of cases when | |
5356 | clients such as Adobe acrobat reader get confused when we | |
5357 | send a "200" response instead of "206" (because we cannot | |
5358 | handle complex ranges, even for hits) Note: Support for | |
5359 | complex ranges requires storage of partial objects. | |
41587298 | 5360 | - Removed SNMP mib-2.system group from squid. |
6474667e | 5361 | - Removed SNMP ability to iterate through ipcache and friends. |
5362 | - Added SNMP ipcache/fqdncache basic statistics. | |
5363 | - Converted SQUID-MIB to SMIv2 (RFC 1902). | |
5364 | - Moved SQUID-MIB to enterprises section of the tree in preparation | |
5365 | of the split into PROXY-MIB & SQUID-MIB. | |
5366 | - Corrected minor errors in SQUID-MIB. | |
5367 | - Moved uptime into cacheSystem from cacheConfig. | |
5368 | - Corrected a number of get-next-request bugs, snmpwalk should now | |
5369 | return all objects and not skip some. | |
41587298 | 5370 | - Fixed netdbClosestParent() so it won't return sibling |
5371 | peers. | |
5372 | - Fixed a bug with secondary clients on entries with | |
5373 | ENTRY_BAD_LENGTH set. We should release the | |
5374 | bad entry to prevent secondary clients jumping on. | |
5375 | - Changed MIB to prevent parse warnings at startup. | |
f0538986 | 5376 | * Changes below have been made to SQUID_2_0_PATCH1 |
9689d97c | 5377 | - Fixed a forwarding loop bug. Even though we were detecting |
5378 | a loop, it was not being broken. | |
5379 | - Try to prevent sibling forwarding loops by NOT forwarding a | |
5380 | request to a sibling if we have a stale copy of the object. | |
5381 | Validation requests should only be sent to parents (or | |
5382 | direct). | |
5383 | - Fixed ncsa_auth hash bugs when re-reading password file. | |
5384 | - Changed clientHierarchical() so that by default SSL/CONNECT | |
5385 | requests do NOT go to neighbor caches. | |
d87ebd78 | 5386 | - Changed clientHandleIMSReply() to not call storeAbort() |
5387 | because there can be more than one client hanging on the | |
5388 | StoreEntry. This hopefully fixes "store_status != | |
5389 | STORE_ABORTED" assertions. | |
f0538986 | 5390 | - Added temporary fix to httpMakePublic() to prevent assertions |
5391 | (!EBIT_TEST(e->flags, RELEASE_REQUEST)) in storeSetPublicKey(). | |
5392 | * Changes below have been made to SQUID_2_0_PATCH2 | |
5393 | - PATCH1 introduced a seriously stupid bug which prevented ICP | |
5394 | queries for all requests. Fixed by checking | |
5395 | request->hierarchical in peerSelectFoo(). | |
18cc143b | 5396 | |
4c154d99 | 5397 | Changes to squid-1.2.beta25 (September 21, 1998): |
5398 | ||
4b66bfd3 | 5399 | - Fixed async IO bugs from adding filedescriptor arg to AIOCB |
5400 | callbacks (Henrik Nordstrom). | |
5401 | - Fixed store_swapout.c assertion. We were freeing object data | |
5402 | past the swapout_done offset. This probably happens (only?) | |
5403 | when an object changes from cachable to uncachable while | |
5404 | it is being swapped out. | |
a260d877 | 5405 | - Added MEM_CLIENT_SOCK_BUF type so we can change the size |
5406 | of the buffers used for writing data to the client sockets. | |
669d90e7 | 5407 | - Added configure check for libbind.a. If found, it will be |
5408 | used instead of libresolv.a. | |
5409 | - Changed fwdStart() to always allow internally generated | |
dddd5b55 | 5410 | requests, such as for peer digests. These requests are |
5411 | known to fwdStart() because the address arg is set to | |
5412 | 'no_addr'. | |
669d90e7 | 5413 | - Completed initial HTCP implementation. It works, but is not |
5414 | tested much. | |
2d5c8e74 | 5415 | - Added counters for I/O syscalls. |
5416 | - Fixed httpMaybeRemovePublic. With broken ICP neighbors | |
5417 | (netapp) Squid doesn't use private keys. This caused us | |
5418 | to remove almost every object from the cache. | |
5419 | - Added 'asndb' cachemgr stats to show AS Number tree. | |
dddd5b55 | 5420 | - Fixed AS Number byte-order bug for netmasks. |
2d5c8e74 | 5421 | - Fixed comm_incoming calling rate for high loads (Stewart |
5422 | Forster). | |
426012d2 | 5423 | - Give always_direct higher precedence than never_direct |
5424 | (Henrik Nordstrom). | |
dddd5b55 | 5425 | - Changed PORT ACL type to accept ranges. Now you can easily |
5426 | deny, for example, all priveleged ports except 80, 70, 21, | |
5427 | etc. | |
5428 | - ARP ACL fixes for Linux (David Luyer). | |
5429 | - Replaced various "EBIT" flags bitfileds with structures of | |
5430 | "int:1" members. | |
5431 | - Changed storeKeyPrivate and storeKeyPublic to be a bit more | |
5432 | efficient by removing snprintf(). This causes an | |
5433 | incompatibility with old cache keys, however. To transition, | |
5434 | we will look up both the new and old style keys for about the | |
5435 | next 30 days. After that, if you haven't run this (or a | |
5436 | future) version, your cache contents will be lost. | |
5437 | - Made the client-side write buffer size configurable with | |
5438 | a #define in defines.h. By default it is still 4096 bytes. | |
5439 | - Removed redirectUnregister(). It should be unnecessary | |
5440 | because of cbdata locks. | |
5441 | - Fixed multiple HEAD request brokennesses (Henrik Nordstrom). | |
5442 | - Changed non-blocking connect(2) code to call getsockopt() | |
5443 | instead of connect() again. This is the approach recommended | |
5444 | by Stevens, and fixes bugs on BSD-ish systems when subsequent | |
5445 | connect() calls loop with EAGAIN status. | |
5446 | - Added MD5 cache keys to memory pool accounting. | |
5447 | - Added code to track number of open DISK descriptors and stop | |
5448 | swapping out objects if the number of disk descriptors becomes | |
5449 | too large. For now the limit must be manually configured with | |
5450 | the 'max_open_disk_fds'. By default, there is no limit. | |
5451 | - Stopped encoding a request method in the high byte of the ICP | |
5452 | reqnum field. Instead queried cache keys are copied to a | |
5453 | static array, indexed by the reqnum, modulo the array size. | |
5454 | Now we just use the request number to lookup a cache key, | |
5455 | instead of rebuilding it from the ICP reply URL and method, | |
5456 | unless we have netapp neighbors--they don't do reqnum | |
5457 | properly. | |
5458 | - Fixed reconfigure memory access bugs in redirect.c. | |
0753aa46 | 5459 | - Ignore unreasonably large ICP RTT values which cause overflow |
5460 | bugs in calculating the average RTT (thanks Niall!) | |
4b66bfd3 | 5461 | |
8e6a43e8 | 5462 | Changes to squid-1.2.beta24 (August 21, 1998): |
5463 | ||
6c4067e5 | 5464 | - Added Bulgarian error pages by Evgeny Gechev. |
ceb79b2b | 5465 | - Changed StoreEntry->lock_count to a u_short. |
c7d6216e | 5466 | - Replaced urlcmp with strcmp |
5467 | - Fixed pragma no-cache ejecting ENTRY_SPECIAL objects | |
5468 | (Henrik Nordstrom). | |
5469 | - Eliminated unneeded BASE HREF on "root" directories (Henrik | |
5470 | Nordstrom). | |
5471 | - Fixed peerDigestFetchFinish() assertion caused by forwarding | |
5472 | failures (e.g. miss_access rules). | |
ada249f8 | 5473 | - Changed signal handlers with ASYNC_IO and Linux so that |
5474 | -k command line options work (Miquel van Smoorenburg). | |
4616f9ea | 5475 | - Rewrote shutdown code to use events instead of setting |
5476 | FD timeouts. | |
903e21a0 | 5477 | - Fixed cachemgr 'objects' (statObjects()) by adding a check |
b6a76fb2 | 5478 | for READ_AHEAD_GAP, and calling storeCheckSwapout() in |
5479 | storeBufferFlush(). Otherwise, the read-past pages would | |
5480 | never be freed. | |
681979a2 | 5481 | - Fixed DNSSERVER shutdown bugs. The re-opened dnsserver processes |
5482 | were being closed by the dnsServerShutdown event. | |
b6a76fb2 | 5483 | - Modified storeHashInsert() to insert PRIVATE objects at |
5484 | the tail of the LRU list, and PUBLIC objects at the head. | |
5485 | Thus, PRIVATE objects get kicked out quicker. | |
95e36d02 | 5486 | - Added David Luyer's DELAY_POOLS code. |
54b5b3e5 | 5487 | - Fixed a bug due to HEAD replies which lack the end-of-headers |
5488 | line. | |
5489 | - Made proxy-auth realm string configurable (Bob Franklin) | |
5490 | - Changed default mime time to a viewable one (Henrik Nordstrom). | |
5491 | - configure fixes for Sony's NEWS-OS 6.x (Makoto MATSUSHITA). | |
5492 | - Fixed 'you are running out of filedescriptors' bug which | |
5493 | could cause the HTTP incoming connection handler to not | |
5494 | be reset. | |
e23fbf04 | 5495 | - Changed syslog logging. Now squid debug levels 0 and 1 go |
d737baa0 | 5496 | to syslog. Level 0 gets LOG_WARNING and level 1 gets LOG_NOTICE |
e23fbf04 | 5497 | (this needs more work!) |
2cb51fe0 | 5498 | - Fixed memory access errors in statAvgTick(). |
abc1237e | 5499 | - Fixed duplicate requestUnlink() bug in forward.c |
6c4067e5 | 5500 | - Fixed possible memory access bugs from not setting e->mem_obj |
5501 | = NULL in destroy_MemObject(). | |
5502 | - Deleted TCP_IMS_MISS tag. Always use TCP_IMS_HIT instead. | |
5503 | - Modified headersEnd and httpMsgIsolateHeaders to account | |
5504 | for funky line terminations such as CRCRNL. | |
5505 | (``but Netscape and IE _tolerate_ this'') | |
5506 | - Fixed carp functions (Eric Stern). | |
5507 | - Replaced internal proxy_auth code with extern authentication | |
5508 | module (Arjan de Vet). | |
5509 | - moved hash.c to libmiscutil.a. | |
e931f99a | 5510 | - Fixed handling of ICP queries with whitespace in URLs. |
5511 | Now we return ICP error and escape the URL before logging. | |
3a15a393 | 5512 | - Added configure check for socklen_t (David Luyer). |
5513 | - Removed USE_SPLAY #defines; it is now standard. | |
3a76c002 | 5514 | - Added FD arg to async IO callbacks (AIOCB) so we can eliminate |
5515 | temporary disk_ctrl_t structures. | |
5516 | - Changed ENOSPC disk write errors to reduce specific cache_dir | |
5517 | sizes, and not just the size of the cache as a whole. | |
f9cece6e | 5518 | - Added httpMaybeRemovePublic() to purge public objects for |
5519 | certain responses even though they are uncachable. This is | |
5520 | needed, for example, when an initially cachable object | |
5521 | later becomes uncachable. | |
8e6a43e8 | 5522 | - Added refresh_pattern options to ignore client reloads |
5523 | (Henrik Nordstrom) | |
5524 | - Relocated disk.c code which combines blocks for writing | |
5525 | (Stewart Forster). | |
c7d6216e | 5526 | |
857703c6 | 5527 | Changes to squid-1.2.beta23 (June 22, 1998): |
5528 | ||
cf7f704c | 5529 | - Added Turkish error pages by Tural KAPTAN. |
66bbb757 | 5530 | - Added basic support for Range requests. For most cachable |
5531 | requests, Squid replies with an "Accept-Ranges" header. Upon | |
5532 | receiving a potentially cachable Range request for a not | |
5533 | cached object, Squid requests the whole object from origin | |
5534 | server and then replies with specified range(s) to the | |
5535 | client. Multi-range requests are supported. Adjacent | |
5536 | overlapping ranges are merged. If-Range requests are | |
5537 | supported. Limitations: Multi-range requests with out of | |
5538 | order ranges are not supported. | |
5539 | - Made md5.c use standard memcpy and memset if they are | |
5540 | avaliable. | |
5541 | - Memory pools will now shrink if Squid is run-time | |
5542 | reconfigured with smaller value of memory_pools_limit tag. | |
5543 | - Added counter for number of clients (Tomi Hakala). | |
5544 | - Changed neighbor UP/DOWN algorithm to require 10 failed TCP | |
5545 | connections for UP->DOWN transition. | |
5546 | - Added 'unique_hostname' configuration option when its | |
5547 | necessary to have multiple machines with the same visible | |
5548 | hostname. | |
222917b2 | 5549 | - Fixed pumpReadFromClient() to not read too many bytes on |
5550 | persistent connections. | |
53856ebd | 5551 | - We can now cache HTTP replies with Set-Cookie. These evil |
5552 | headers are now filtered out for cache hits on the client | |
5553 | side. | |
222917b2 | 5554 | - Fixed SNMP bugs caused by using snmpwalk. |
9089cc70 | 5555 | - Fixed snmp system Group; all objects are now returned. |
5556 | - Fixed snmp system Group sysDescr and sysContact. | |
78dfab2a | 5557 | - Fixed snmp system Group sysObjectID it now returns a OBJECT |
5558 | IDENTIFIER. | |
7fce9c3e | 5559 | - Allocate FwdState from mem pools. |
5560 | - Minor HTCP progress. | |
222917b2 | 5561 | - Moved 'miss_access' ACL check from client_side.c to forward.c |
ed169eab | 5562 | - Fixed logging of usernames for requests which require |
5563 | proxy-authentication. | |
cf7f704c | 5564 | - Fixed HTTP request parser to accept lowercase HTTP identifier |
5565 | (Oskar Pearson). | |
5566 | - Fixed FTP listings to always include links to the parent | |
5567 | directory (Henrik Nordstrom). | |
5568 | - Fixed FTP to show an "empty" listing instead of showing | |
5569 | a "document contains no data" error (Henrik Nordstrom). | |
5570 | - Fixed refreshCheck() bug. Often it was checking the | |
5571 | refresh patterns against the string "[null_mem_obj]" | |
5572 | because we moved URLs to MemObject. | |
5573 | - Added CARP support by Eric Stern. | |
48382032 | 5574 | - Fixed select-spin bug when an ICP reply actually gets queued |
5575 | and we failed to execute the write callback. | |
354b5fe1 | 5576 | - Fixed a storeCheckSwapOut bug. We were freeing up to |
5577 | the queued offset instead of the done offset. This | |
5578 | resulted in a small chunk of object data not being in | |
5579 | memory and not yet written to disk. A client could | |
5580 | recieve a partial object because file_read() unexpectedly | |
5581 | returns EOF. | |
0aa791f8 | 5582 | - Fixed proxy-authentication hangs (Henrik Nordstrom). |
c2354a6b | 5583 | - Fixed request_t->flags bug causing authenticated, proxied |
5584 | responses to be cached (Arjan de Vet). | |
e0e32f36 | 5585 | - Fixed MIME types for .tgz extension (Henrik Nordstrom). |
5586 | - Added view and download options to FTP listings (Henrik | |
5587 | Nordstrom). | |
5588 | - Modified configure to allow using pre-installed libdlmalloc.a | |
5589 | (Masashi Fujita). | |
e8d8856c | 5590 | - Fixed cachemgr 'objects' implementation. |
fecf98dc | 5591 | - Changed refreshCheck() algorithm. For cached objects, we |
5592 | now check, in the following order: | |
5593 | * request max-age | |
5594 | * response Expires (if present) | |
5595 | * refresh_pattern max-age | |
5596 | * response Last-Modified compared to refresh_pattern | |
5597 | LM-factor (only if Last-Modified is present) | |
5598 | * refresh_pattern min-age | |
5599 | - Changed Copyrights. | |
d192d11f | 5600 | |
ee3a78d4 | 5601 | Changes to squid-1.2.beta22 (June 1, 1998): |
5602 | ||
2246b732 | 5603 | - do not cut off "; parameter" from "digitized" Content-Type |
5604 | http fields | |
5605 | - Added X-Request-URI for persistent connection debugging | |
5606 | (Henrik Nordstrom) | |
f4d83f6d | 5607 | - Added Polish error pages from Maciej Kozinski. |
145f10f1 | 5608 | - Fixed hash_first/hash_next bugs with **Current pointer. |
5609 | Replaced with *next pointer. | |
f4d83f6d | 5610 | - Fixed PUT/POST bugs in client (Henrik Nordstrom). |
5611 | - Deny forwarding loops in httpd accel mode (Henrik Nordstrom). | |
5612 | - Fixed eventRun "spin" bug when event delta time == 0. | |
a9cc1935 | 5613 | - Fixed setting Last Modified time on cached entries when |
5614 | receiving a 304 reply. | |
06e87923 | 5615 | - Added while loop in httpAccept(). |
5616 | - Added while loop in icpHandleUdp(). | |
5617 | - Fixed some small memory leaks. | |
5618 | - Fixed single-bit-int flag checks (Henrik Nordstrom). | |
137ee196 | 5619 | - Replaced "complex" (offset accounting) calls to snprintf with MemBuf |
5620 | - Do not send only-if-cached cc directive with requests | |
6474667e | 5621 | for peer's digests. |
ee3a78d4 | 5622 | - Added "automatic tuning" for incoming request rate, i.e. |
5623 | how often to check HTTP and ICP sockets. See comm.c | |
5624 | comments for details. | |
145f10f1 | 5625 | |
6ee40ea2 | 5626 | Changes to squid-1.2.beta21 (May 22, 1998): |
5627 | ||
434b408f | 5628 | - Added Italian error pages by Alessio Bragadini. |
a3f9588e | 5629 | - Added Estonian error pages by Toomas Soome. |
06066bbc | 5630 | - Added Russian (koi-r) error pages by Andrew L. Davydov. |
7b381d33 | 5631 | - Added Czech error pages by Jakub Nantl. |
8e866bb4 | 5632 | - Fixed asnAclInitialize calling to prevent coredump. |
5633 | - Fixed FTP directory parsing again. | |
5634 | - Made FTP directory listing "Generated" tagline like | |
5635 | the one for error pages. | |
52f977aa | 5636 | - Fixed an assertion coredump in statHistCopy from |
6474667e | 5637 | reconfiguring with different #peers in squid.conf |
10202788 | 5638 | - Ignore leading whitespace on requests (and replies). RFC |
5639 | 2068 section 4.1, robustness (Henrik Nordstrom) | |
5640 | - Fixed keep_alive bug. We did not always honour reply | |
5641 | headers, but rather assumed connections could be persistent. | |
5642 | - Fixed reading whois output for AS numbers, especially when | |
5643 | they are longer than 4 KB. | |
5644 | - Removed 'cache_stoplist_pattern' configuration option. This | |
5645 | feature is now handled by 'no_cache'. | |
5646 | - If a URN resolves to only one URL, just return it immediately | |
5647 | instead of giving the user a "choice" (Andy Powell). | |
5648 | - Fixed year-2000 bug in lib/iso3307.c (Henrik Nordstrom). | |
5649 | - Changed squid-internal object names. | |
5650 | - Added netdb exchange protocol. | |
5651 | - Fixed wordlistDestroy() uninitialized pointer bug in | |
5652 | ftpParseControlReply. | |
06066bbc | 5653 | - Fixed redirector subprocess to show real program name. |
5654 | - Changed URN menu output to be sorted. | |
5655 | - Added fast select(2) timeouts when using ASYNC_IO. | |
5656 | - Added ARP ACL support for Linux (David Luyer). | |
6474667e | 5657 | - Added binary http headers to requests |
5658 | - request_t objects are now created and destroyed in a consistent way | |
5659 | - Fixed cache control printf bug | |
5660 | - Added a lot of new http header ids | |
5661 | - Improved Connection: header handling; now both Connection and | |
5662 | Proxy-Connection headers are checked for connection directives | |
5663 | - Connection request header is now handled correctly regardless | |
5664 | of its position and the number of entries | |
2246b732 | 5665 | - Only replies with valid Content-Length can be sent with keep-alive |
5666 | connection directive (Henrik Nordstrom) | |
6474667e | 5667 | - Better handling of persistent connection "clues" in HTTP headers; |
2246b732 | 5668 | the decision now depends on HTTP version (and User-Agent exceptions) |
6474667e | 5669 | - Removed handling of "length=" directive in IMS headers; |
5670 | the directive is not in the HTTP/1.1 standard; | |
5671 | standing by for objections | |
5672 | - allowed/denied headers are now checked using bit masks instead of | |
5673 | strcmp loops | |
5674 | - removed Uri: from allowed headers; Uri is deprecated in RFC 2068 | |
2246b732 | 5675 | - removed processing of Request-Range header (not in specs?) |
7b381d33 | 5676 | - Fixed byte-order bugs in cacheDigestHashKey. |
5677 | - Changed hash_remove_link() to return void. | |
5678 | - Changed ipcache_gethostbyname() to return NULL if | |
5679 | i->addrs.count == 0. | |
6de5fa88 | 5680 | - Added millisecond-timing to select/poll loops and event |
5681 | queue. | |
5682 | - Changed 'peerPingTimeout' value to be twice the average | |
5683 | of all the peer ICP RTT's. | |
5684 | - Added 'half_closed_clients' option to force closing of | |
5685 | client connections which might only be half-closed. | |
5686 | - Fixed matchDomainName coredump bug. | |
5687 | - Don't cache HTTP replies with Vary: headers until we | |
5688 | get content negotiation working. | |
5689 | - Fixed SSL proxying to forward full HTTP request headers. | |
c09459dd | 5690 | - Changed storeGetMemSpace(). Only purge down to the HIGH |
5691 | water mark; move locked entries to the head of the inmem | |
5692 | list. | |
5693 | - Changed clientReadRequest() to locally handle any | |
5694 | "squid-internal-static" URL for any host. | |
52f977aa | 5695 | - Disable persistent connections for client connections |
5696 | from broken Netscape User-Agent, version 3.* (Stewart Forster) | |
434b408f | 5697 | |
901b8eaf | 5698 | Changes to squid-1.2.beta20 (April 24, 1998): |
5699 | ||
fd1bc012 | 5700 | - Improved support for only-if-cached cache control directive. |
5701 | - Enabled 304 replies for ENTRY_SPECIAL objects (e.g., icons). | |
a1a62b14 | 5702 | - Fixed 'quick_abort' percent calculation bug. |
5703 | - Fixed quick_abort FPE bug. | |
5704 | - Changed more errno-checking functions to use ignoreErrno(). | |
5705 | - Added ERESTART to ignoreErrno() because of report from | |
5706 | a Solaris system. | |
5707 | - Fixed '#elsif' typo. | |
5708 | - Fixed MemPool assertion by moving memInit() to before | |
5709 | configuration parsing functions. | |
5710 | - Fixed default 'announce_period' value (was 1 day, should | |
5711 | be 0) (Joe Ramey). | |
5712 | - Added configure warning for low filedescriptors and pointer | |
5713 | to FAQ. | |
b0497a40 | 5714 | - Fixed httpBodySet() bug causing URN related coredumps. |
5715 | - Changed ipcacheCycleAddr() to always cycle through all all | |
5716 | available addresses, and not just advance when one of | |
5717 | them goes BAD. | |
5718 | - Fixed squid-internal bug for mixed-case hostnames (Henrik | |
5719 | Nordstrom). | |
4e41d49f | 5720 | - Fixed ICP counting probelm. icpUdpSend() arg should be |
5721 | LOG_ICP_QUERY instead of LOG_TAG_NONE. | |
e4b71f74 | 5722 | - Added some additional fault toleranse on FTP data channels |
5723 | (Henrik Nordstrom). | |
5724 | - Corrected error reporting on FTP "hacks" (Henrik Nordstrom). | |
5725 | - Added lock/unlock for StoreEntry during storeAbort(). | |
5726 | - Added filemap bit usage stats to cachemgr 'storedir' and | |
5727 | 'info'. | |
5728 | - Replaced 'cache_stoplist' with 'no_cache' Access list. | |
5729 | - Fixed (hopefully) remaining swapfile-open-at-exit bugs. | |
44745828 | 5730 | - Fixed default hierarchy_stoplist to be ``default if none.'' |
5731 | - Fixed 'fake a recent reply' hack for detecting DEAD | |
5732 | and ALIVE neighbors (Joe Ramey). | |
e376562a | 5733 | - Fixed FTP directory parsing bugs (Joe Ramey). |
5734 | - Fixed ftpTraverseDirectory coredump for NULL ftpState->filepath | |
5735 | (Joe Ramey). | |
dea17509 | 5736 | - Fixed daylight savings time bug (again). |
fd1bc012 | 5737 | - A lot of Cache Digests additions, fixes, and tuning. |
5738 | Cache Digests are still "very experimental". | |
e376562a | 5739 | - Fixed snprintf() bug. When len == 1, snprintf() would treat |
5740 | the buffer as unknown size, emulating sprintf() behaviour. | |
5741 | - Made Error page language configurable with configure script | |
5742 | (Henrik Nordstrom). | |
5743 | - Fixed squid-internal URLs when http_port == 80. | |
5744 | - Remember the client address on redirected requests (Henrik | |
5745 | Nordstrom). | |
5746 | - Don't rebuild the request if the redirector returned the same | |
5747 | URL (Henrik Nordstrom). | |
5748 | - Rewrite Host: header on redirected requests (Henrik | |
5749 | Nordstrom). | |
5750 | - Include port (if non-standard) in generated Host: headers | |
5751 | (Henrik Nordstrom). | |
5752 | - Fixed rfc1123 timezone hacks for Windows NT | |
5753 | (Henrik Nordstrom). | |
5754 | - Added Russian Error pages by Ilia Zadorozhko. | |
5755 | - Added totals for ICP and HTTP hits to cachemgr client_list | |
5756 | output. | |
6cfa8966 | 5757 | - Changed error message to 'Generated TIME by HOST (SQUID/VER)' |
5758 | because any string with an '@' must be an email address. | |
e376562a | 5759 | - Fixed POST for content-length == 0. |
901b8eaf | 5760 | - Fixed "huge 304 reply" loop bug. |
5e9ab945 | 5761 | - Fixed --enable-splaytree compile bugs. |
c93fbf13 | 5762 | - Removed ASN lookup code in peer_select.c. |
b6a2f15e | 5763 | - Added warnings if ACL code detects subdomains in SPLAY |
5764 | trees. | |
5765 | - Rewrote some bits of httpRequestFree() to eliminate | |
5766 | possible bugs that could cause an "e->lock_count" asseertion. | |
5767 | - Added value/bounds checking to _db_init() when setting | |
5768 | the debugLevels[] array. | |
fd1bc012 | 5769 | |
005e5260 | 5770 | Changes to squid-1.2.beta19 (Apr 8, 1998): |
5771 | ||
b0497a40 | 5772 | - Squid-1.2.beta19 compiles and runs on Windows/NT with |
5773 | Cygnus Gnu-WIN32 b19 (Henrik Nordstrom). | |
447203a7 | 5774 | - Added French Error pages by Frank DENIS. |
5775 | - Added Dutch Error pages by Mark Visser | |
901b8eaf | 5776 | - Added German Error pages by Bernd P. Ziller, Jens Frank, |
5777 | and Anke S. | |
f9f2be04 | 5778 | - Added support for only-if-cached cache-control directive. |
005e5260 | 5779 | - Added RELAXED_HTTP_PARSER #define to allow requests which are |
5780 | missing the HTTP identifier on the request line (e.g. buggy | |
5781 | SpyGame queries). RELAXED_HTTP_PARSER is undefined by default. | |
1f4d31f9 | 5782 | - Fixed disk.c FD leak for delayed closes in |
5783 | diskHandleWriteComplete(). | |
5784 | - Fixed cache announcement feature. | |
20fe7191 | 5785 | - Fixed httpReadReply() to retry failed HTTP requests on |
5786 | persistent connections when read() returns -1, not only | |
5787 | when it returns 0. | |
805e5f70 | 5788 | - Fixed cbdata memory counting leak. cbdataUnlock() always |
5789 | called free(), never memFree(). | |
ff396fe6 | 5790 | - Fixed storeDirWriteCleanLogs() malloc bug on Alphas. |
005e5260 | 5791 | - Fixed `++loopdetect < 10' assertion due to |
5792 | clientHandleIMSReply bug for invalid/partial HTTP | |
5793 | replies. | |
5794 | - Added preliminary code for HTCP. | |
5795 | - Renamed 'aux' dir to 'cfgaux' for legacy DOS machines. | |
5796 | - Added "snmp_community" as an ACL type. | |
5797 | - Cleaned up proxy-auth acl implementation and removed | |
5798 | memory leaks. | |
5799 | - Added generic 'hashFreeItems()' function for efficiently | |
5800 | freeing hash table pointers. | |
5801 | - Added whoisTimeout() for ASN code. | |
447203a7 | 5802 | - Removed BINARY TREE code. |
005e5260 | 5803 | - Fixed forgetting to reset Config.Swap.maxSize in |
5804 | configDoConfigure. | |
5805 | - Fixed httpReplyUpdateOnNotModified() arguments-in-wrong-order | |
5806 | bug which caused not modified replies to not get updated. | |
5807 | - Fixed client_side.c bugs which could cause data to be written | |
5808 | to the client in the wrong order for persistent connections. | |
5809 | clientPurgeRequest() and clientHandleIMSComplete() must not | |
5810 | call comm_write(). Instead they must create and write to | |
5811 | StoreEntry's. | |
5812 | - Fixed ICP query service time counting bug(s). | |
5813 | - replaced 'char *mime_headers_end()' with 'size_t headersEnd()' | |
5814 | to fix buffer overruns. This also requires adding 'buf_sz' | |
5815 | args to some functions like clientBuildReplyHeader(). | |
5816 | But we can eliminate the need to NULL-terminate the | |
5817 | buffer beforehand. | |
5818 | - Changed commConnectCallback() to reset the FD timeout to | |
5819 | zero before notifying about the connection. This requires | |
5820 | commSetTimeout() calls in numerous places to reinstall | |
5821 | timeouts. | |
5822 | - Changed comm_poll_incoming() to be called less frequently | |
5823 | (every 15 I/O's instead of every 7 FD's) (Michael O'Reilly). | |
5824 | - Removed HAVE_SYSLOG case for debug() macro. Almost all | |
5825 | systems do have syslog(), but more importatnly the | |
5826 | _db_level value is needed for debugging to stderr. | |
5827 | - Rewrote squid/dnsserver interface to use smaller, single-line | |
5828 | messages. | |
5829 | - Rewrote 'dns' cachemgr output to use a table format. | |
5830 | - Rewrote a lot of dnsserver.c. | |
5831 | - Added eventAddIsh() for semi-random event scheduling. | |
5832 | - Fixed an ftpTimeout bug for sessions which use PORT | |
5833 | commands. | |
5834 | - Fixed ftp.c to recognized invalid PASV replies (e.g. | |
5835 | port == 0). | |
5836 | - Removed hash_insert(). All hasing uses hash_join() now. | |
5837 | - Renamed hash_unlink() to hash_remove_link(). | |
5838 | - Added hashPrime() to find closes prime hash table size | |
5839 | to a given value. | |
5840 | - Fixed Keep-Alive ratio counting bug which prevented | |
5841 | persistent connections from being used between cache | |
5842 | peers. | |
5843 | - Changed icmp.c to NOT queue messages sent from squid to | |
5844 | the pinger program. | |
5845 | - Changed icp_v2.c to NOT queue ICP messages by default. | |
5846 | But they will be queued and resent once if the first | |
5847 | send fails. Counters.icp.queued_replies counts the | |
5848 | number of messaages queued. | |
5849 | - Cleaned up ICP logging. | |
5850 | - Added identTimeout(). | |
5851 | - Fixed ipcache reply counting bug. Overcounted dnsserver | |
5852 | replies for partial replies. | |
5853 | - Added urlInternal() for building internal Squid URLs. | |
5854 | - Changed peerAllowedToUse() to check both 'cache_peer_domain' | |
5855 | AND 'cache_peer_acl' configurations. This should be changed | |
5856 | in the fugure to use ONLY cache_peer_acl. | |
5857 | - Changed DEAD/REVIVED neighbor detection to avoid reporting | |
5858 | so many false deaths. (Joe Ramey). | |
5859 | - Added some preliminary code to support "cache digests." | |
5860 | - Fixed pumpClose() coredumps (?). | |
5861 | - Updated cachemgr 'info' output to show median service | |
5862 | times for various categories. | |
5863 | - Fixed ABW bug in storeDirWriteCleanLogs(). sizeof(off_t) | |
5864 | != sizeof(int) for Alphas. | |
5865 | - Fixed potential alignment problem in storeDirWriteCleanLogs(). | |
5866 | - Fixed store_rebuild.c to NOT replace current, but | |
5867 | not-swapped-out StoreEntry's with on-disk entries. | |
5868 | - Changed storeCleanup() to call storeRelease on invalid | |
5869 | entries which don't have a swapfile (i.e. no unlink() | |
5870 | penalty). | |
5871 | - Fixed storeSwapInStart() to fail for unvalidated | |
5872 | entries. | |
5873 | - SNMP changes: | |
5874 | . renovated mib and added descriptions and comments | |
5875 | . added hit and byte counters to client_db , for | |
5876 | cacheClientTable | |
5877 | . cacheClientTable, netdbTable, cachePeerTable, | |
5878 | cacheConnTable now indexed by ip address. hash_lookup was | |
5879 | enhanced to allow for subsequent hash_next's similar to | |
5880 | hash_first, to speed up getnext's in tables which refer to | |
5881 | hash-table structures. | |
5882 | . added generic (well, sorf of) table indexing functionality | |
5883 | . added makefile dependencies for snmplib and cache_snmp.h | |
5884 | . WaisHost, WaisPort, Timeouts removed | |
5885 | . FdTable split into FdTable and ConnTable. FdTable simplified | |
5886 | . PeerTable and PeerStat merged and put into new cacheMesh | |
5887 | group | |
5888 | . cacheClientTable added for client statistics and accounting | |
5889 | (cacheMesh 2) | |
5890 | . cacheSec and cacheAccounting groups removed | |
5891 | . fixed acl bug when communities not defined | |
5892 | . snmp_acl now survives bad configuration | |
81d0c856 | 5893 | |
9a713ffb | 5894 | Changes to squid-1.2.beta18 (Mar 23, 1998): |
5895 | ||
275d9f2e | 5896 | - Added v1.1 'test_reachability' option. |
5897 | - Fixed hash4() len == 0 bug. | |
2c26197b | 5898 | - Fixed Config.Swap.maxSize reconfigure bug. |
5899 | - Fixed ICP query bug determining request method. | |
5900 | - Moved ICP's storeGet() cache lookup into neighborsUdpAck() | |
5901 | so that we know neighbors are alive even when they send | |
5902 | us replies for unknown entries. | |
5903 | - Changed configure script to add '-std1' for Digital Unix cc. | |
5904 | - Fixed SNMP sizeof(int) / sizeof(long) bugs for 64-bit | |
5905 | systems. | |
5906 | - Added support for 'Cache-Control: Only-If-Cached' request header. | |
34ad1721 | 5907 | - Fixed CheckQuickAbort() bugs for multiple clients on one |
5908 | StoreEntry. Also changed storePendingNClients() to return | |
5909 | mem->nclients instead of counting the number of store_client | |
5910 | entries with pending callback functions. | |
275d9f2e | 5911 | |
041b157e | 5912 | Changes to squid-1.2.beta17 (Mar 17, 1998): |
5913 | ||
df43fc93 | 5914 | - SNMP MIB version check changed to non-rcs. |
02922e76 | 5915 | - Added memory pools for variable size objects (strings). |
5916 | There are three pools; for small, medium, and large objects. | |
5917 | - Extended String object to use memory pools. Most fixed size char | |
5918 | array fields will be replaced using string pools. Same for most | |
5919 | malloc()-ed buffers. | |
5e14bf6d | 5920 | - Changed icon handling to use the hostname and port of the squid |
9ed90c85 | 5921 | server, instead of the special hostname "internal.squid" |
5922 | (Henrik Nordstrom). | |
5e14bf6d | 5923 | - All icons are now configured in mime.conf. No hardcoded icons, |
f8360ee3 | 5924 | including gohper icons (Henrik Nordstrom). |
459f2559 | 5925 | - Fixed ICP bug when we send queries, but expect zero |
5926 | replies. | |
ed9c0b33 | 5927 | - Fixed alignment/casting bugs for ICP messages. |
2b5b6324 | 5928 | - A generic client-to-server "pump" was added to handle HTTP |
5929 | PUT as well as POST methods on the client-cache side. Based on | |
5930 | "pump" PUT requests can be made to either HTTP or FTP url's. | |
5931 | Code is still beta and interoperability with browsers etc has | |
5932 | not been tested. | |
5933 | - Put #ifdefs around 'source_ping' code. | |
5e14bf6d | 5934 | - Added missing typedef for _arp_ip_data (Wesha). |
5935 | - Added regular-expression-based ACLs for client and server | |
5936 | domain names (Henrik Nordstrom). | |
5937 | - Fixed ident-related coredumps from incorrect callback data. | |
5938 | - Fixed parse_rfc1123() "space" bug. | |
5939 | - Fixed xrealloc() XMALLOC_DEBUG bug (not calling check_free()).. | |
5940 | - Fixed some src/asn.c end-of-reply bugs and memory leaks. | |
5941 | - Fixed some peer->options flag-setting bugs. | |
5942 | - Fixed single-parent feature to work again | |
5943 | - Removed 'single_parent_bypass' configuration option; instead | |
5944 | just use 'no-query'. | |
5945 | - Surrounded 'source_ping' code with #ifdefs. | |
5946 | - Changed 'deny_info URL' to use a custom Error page. | |
5947 | - Modified src/client.c for testing POST requests. | |
041b157e | 5948 | - Fixed hash4() for SCO (Vlado Potisk). |
459f2559 | 5949 | |
7ba777f2 | 5950 | Changes to squid-1.2.beta16 (Mar 4, 1998): |
5951 | ||
447203a7 | 5952 | - Added Spanish error messages from Javier Puche. |
02922e76 | 5953 | - Added Portuguese error messages from Pedro Lineu Orso |
0965bd19 | 5954 | - Added a simple but very effective hack to cachemgr.cgi that tries to |
5955 | interpret lines with '\t' as table records and formats them | |
5956 | accordingly. With a few exceptions (see source code), first line | |
5957 | becomes a table heading ("<th>" html tag) and the rest is formated | |
5958 | with "<td>" tags. | |
7021844c | 5959 | - Added "mem_pools_limit" configuration option. Semantics of |
5960 | "mem_pools" option has also changed a bit to reflect new memory | |
5961 | management policy. | |
7ba777f2 | 5962 | - Reorganized memory pools. Squid now supports a global pool |
5963 | limit instead of individual pool limits. Per-pool limits can be | |
3a88d597 | 5964 | implemented on top of the current scheme if needed, but it is |
7ba777f2 | 5965 | probably hard to guess their values. Squid distributes pool |
5966 | memory among "frequently allocated" objects. There is a | |
5967 | configurable limit on the total amount of "idle" memory to be | |
5968 | kept in reserve. All requests that exceed that amount are | |
5969 | satisfied using malloc library. Support for variable size | |
5970 | objects (mostly strings) will be enabled soon. | |
5971 | - memAllocate() has now only one parameter. Objects are always | |
5972 | reset with 0s. (We actually never used that parameter before; | |
5973 | it was always set to "clear"). | |
5974 | - Added Squid "signature" to all ERR_ pages. The signature is | |
5975 | hardcoded and is added on-the-fly. The signature may use | |
5976 | %-escapes. Added interface to add more hard-coded responses if | |
5977 | needed (see errorpage.c::error_hard_text). | |
5978 | - Both default and configured directories are searched for ERR_ | |
5979 | pages now. Configured directory is, of course, searched first. | |
5980 | This allows you to customize a subset of ERR_ pages (in a | |
5981 | separate directory) without danger of getting other copies out | |
5982 | of sync. | |
5983 | - Security controls for the SNMP agent added. Besides | |
5984 | communities (like password) and views (part of tree | |
5985 | accessible), the snmp_acl config option can be used to do acl | |
5986 | based access checks per community. | |
5987 | - SNMP agent was heavily re-written, based on cmu-snmpV1.8. You | |
5988 | can now walk through the whole mib tree. Several new variables | |
5989 | added under cacheProtoAggregateStats | |
12cf1be2 | 5990 | - Added rudimental statistics for HTTP headers. |
7ba777f2 | 5991 | - Adjusted StatLogHist to a more generic/flexible StatHist. |
12cf1be2 | 5992 | Moved StatHist implementation into a separate file. |
178dbda2 | 5993 | - Added FTP support for PORT if PASV fails, also try the |
5994 | default FTP data port (Henrik Nordstrom). | |
5995 | - Fixed NULL pointer bug in clientGetHeadersForIMS when a | |
5996 | request is cancelled for fails on the client side. | |
5997 | - Filled in some squid.conf comments (never_direct, | |
5998 | always_direct). | |
5999 | - Added RES_DNSRCH to dnsserver's _res.options when the | |
6000 | -D command line option is given. | |
6001 | - Fixed repeated Detected DEAD/REVIVED Sibling messages when | |
6002 | peer->tcp_up == 0 (Michael O'Reilly). | |
6003 | - Fixed storeGetNextFile's incorrect "directory does not exist" | |
6004 | errors (Michael O'Reilly). | |
6005 | - Fixed aiops.c race condition (Michael O'Reilly, Stewart | |
6006 | Forster). | |
6007 | - Added 'dns_nameservers' config option to specify non-default | |
6008 | DNS nameserver addresses (Maxim Krasnyansky). | |
6009 | - Added lib/util.c code to show memory map as a tree | |
6010 | (Henrik Nordstrom). | |
6011 | - Added HTTP and ICP median service times to Counters and | |
6012 | cachemgr average stats. | |
6013 | - Changed "-d" command line option to take debugging level | |
6014 | as argument. Debugging equal-to or less-than the argument | |
6015 | will be written to stderr. | |
3ff01c3e | 6016 | - Removed unused urlClean() function from url.c. |
adba4a64 | 6017 | - Fixed a bug that allowed '?' parts of urls to be recorded in |
ef65d6ca | 6018 | store.log. Logged urls are now "clean". |
178dbda2 | 6019 | - Cache Manager got new Web interface (cachemgr.cgi). New .cgi |
6020 | script forwards basic authentication from browser to squid. | |
6021 | Authentication info is encoded within all dynamically generated | |
6022 | pages so you do not have to type your password often. | |
6023 | Authentication records expire after 3 hours (default) since | |
6024 | last use. Cachemgr.cgi now recognizes "action protection" types | |
6025 | described below. | |
6026 | - Added better recognition of available protection for actions | |
6027 | in Cache Manager. Actions are classified as "public" (no | |
6028 | password needed), "protected" (must specify a valid password), | |
6029 | "disabled" (those with a "disable" password in squid.conf), and | |
6030 | "hidden" (actions that require a password, but do not have | |
6031 | corresponding cachemgr_passwd entry). If you manage to request | |
6032 | a hidden, disabled, or unknown action, squid replies with | |
6033 | "Invalid URL" message. If a password is needed, and you failed | |
6034 | to provide one, squid replies with "Access Denied" message and | |
6035 | asks you to authenticate yourself. | |
6036 | - Added "basic" authentication scheme for the Cache Manager. | |
6037 | When a password protected function is accessed, Squid sends an | |
6038 | HTTP_UNAUTHORIZED reply allowing the client to authorize itself | |
6039 | by specifying "name" and "password" for the specified action. | |
6040 | The user name is currently used for logging purposes only. The | |
6041 | password must be an appropriate "cachemgr_passwd" entry from | |
6042 | squid.conf. The old interface (appending @password to the url) | |
6043 | is still supported but discouraged. Note: it is not possible | |
6044 | to pass authentication information between squid and browser | |
6045 | *via a web server*. The server will strip all authentication | |
6046 | headers coming from the browser. A similar problem exists for | |
6047 | Proxy-Authentication scheme. | |
6048 | - Added ERR_CACHE_MGR_ACCESS_DENIED page to notify of | |
6049 | authentication failures when accessing Cache Manager. | |
63259c34 | 6050 | - Added "-v" (Verbose) and "-H" (extra Headers) options to client.c. |
178dbda2 | 6051 | - Added simple context-based debugging to debug.c. Currently, |
6052 | the context is defined as a constant string. Context reporting | |
6053 | is triggered by debug() calls. Context debugging routines | |
6054 | print minimal amount of information sufficient to describe | |
6055 | current context. The interface will be enhanced in the future. | |
6056 | - Replaced _http_reply with HttpReply. HttpReply is a | |
6057 | stand-alone object that is responsible for parsing, swapping, | |
6058 | and comm_writing of HTTP replies. Moved these functions from | |
6059 | various modules into HttpReply module. | |
8bfcd557 | 6060 | - Added HttpStatusLine, HttpHeader, HttpBody. |
178dbda2 | 6061 | - All HTTP headers are now parsed and stored in a "compiled" |
6062 | form in the HttpHeader object. This allows for a great | |
6063 | flexibility in header processing and builds basis for support | |
6064 | of yet unsupported HTTP headers. | |
6065 | - Added Packer, a memory/store redirector with a printf | |
6066 | interface. Packer allows to comm_write() or swap() an object | |
6067 | using a single routine. | |
6068 | - Added MemBuf, a auto-growing memory buffer with printf | |
6069 | capabilities. MemBuf replaces most of old local buffers for | |
6070 | compiling text messages. | |
6071 | - Added MemPool that maintains a pre-allocated pool of opaque | |
6072 | objects. Used to eliminate memory thrashing when allocating | |
6073 | small objects (e.g. field-names and field-value in http | |
6074 | headers). | |
8bfcd557 | 6075 | |
3197e644 | 6076 | Changes to squid-1.2.beta15 (Feb 13, 1998): |
6077 | ||
55647891 | 6078 | NOTE: This version has changes which may cause all or part |
6079 | of your cache to be lost. However, you can problably | |
6080 | save most of it by doing a slow restart. Specifically: | |
6081 | ||
6082 | 1. Kill the running squid-1.2.beta14 process; wait for it to | |
6083 | fully exit. | |
6084 | 2. Remove all 'swap.state*' files, either in each cache_dir, or | |
6085 | as defined in your squid.conf | |
6086 | 3. Start squid-1.2.beta15. The store will be rebuilt from the | |
6087 | existing swap files, reading the directories and opening | |
6088 | the files. | |
6089 | ||
bcfbdc11 | 6090 | - Fixed some problems related to disk (and pipe) write error |
6091 | handling. file_close() doesn't always close the file | |
6092 | immediately; i.e. when there are pending buffers to write. | |
6093 | StoreEntry->lock_count could become zero while a write is | |
6094 | pending, then bad things happen during the callback. | |
6095 | - The file_write() callback data must now be in the callback | |
6096 | database (cbdata). We now use the swapout_ctrl_t structure | |
6097 | for the callback data; it stays around for as long as we are | |
6098 | swapping out. | |
6099 | - Changed the way write errors are handled by diskHandleWrite. | |
6100 | If there is no callback function, now we exit with a fatal | |
6101 | message under the assumption that the file in question is a | |
6102 | log file or IPC pipe. Otherwise, we flush all the pending | |
6103 | write buffers (so we don't see multiple repeated write errors | |
6104 | from the same descriptor) and let the upper layer decide how | |
6105 | to handle the failure. | |
6106 | - Fixed storeDirWriteCleanLogs. A write failure was leaving | |
6107 | some empty swap.state files, even though it tells us that its | |
6108 | "not replacing the file." Don't flush/rename logs which we | |
6109 | have prematurely closed due to write failures, indiciated by | |
6110 | fd[dirn] == -1. Close these files LAST, not before | |
6111 | renaming. | |
6112 | - Fixed storeDirClean to clean directories in a more sensible | |
6113 | order, instead of the new "MONOTONIC" order for swap files. | |
0465e406 | 6114 | - Merged fdstat.c functions into fd.c. |
6115 | - Cleaned up some debugging sections. Some unrelated source | |
6116 | files were using the same section. | |
6117 | - Removed curly brackets from all cachemgr output. | |
6118 | - Removed unused filemap->last_file_number_allocated member. | |
6119 | - Removed unused fde->lifetime_data member. | |
6120 | - Fixed incorrectly applying htonl() on icp_common_t->shostid. | |
6121 | - Call setsid() before exec() in ipc.c so that child processes | |
6122 | don't receive SIGINT (etc) when running squid on a tty. | |
2f2dd5ad | 6123 | - Changed StoreEntry->object_len to ->swap_file_sz so we |
6124 | can verify the disk file size at restart. Moved object_len | |
6125 | to MemObject->object_sz. Note object_sz is initialized | |
6126 | to -1. If object_sz < 0, then we need to open the swap | |
6127 | file and read the swap metadata. | |
6128 | - Changed store_client->mem to ->entry because we need | |
6129 | e->swap_file_sz to set mem->object_sz at swapin. | |
2f2dd5ad | 6130 | - Renamed storeSwapData structure to storeSwapLogData. |
6131 | - Fixed storeGetNextFile to not increment d->dirn. Added | |
6132 | check for opendir() failure. | |
6133 | - Fixed storeRebuildStart to properly link the directory | |
6134 | list for storeRebuildfromDirectory mode. | |
e157f97f | 6135 | - Added -S command line option to double-check store |
6136 | consistency with disk files in storeCleanup(). | |
6137 | - Fixed a problem with transactional logging. In many | |
6138 | cases we were adding the public cache key and then | |
6139 | logging a delete for the private key. This is worthless | |
6140 | because during rebuild we could not locate the previous | |
6141 | public-keyed entry. Now we assert that only public-keyed | |
6142 | entries can be logged to swap.state. storeSetPublicKey() | |
6143 | and storeSetPrivateKey() have been modified to log an | |
6144 | ADD or DEL when the key changes. | |
6145 | - Fixed storeDirClean bug. Needed to call | |
6146 | storeDirProperFileno() so the "dirn bits" get set. | |
6147 | - Fixed a storeRebuildFromDirectory bug. fullpath[] and | |
6148 | fullfilename[] were static to that function and did | |
6149 | not change when the "rebuild_dir" arg did. Moved these | |
6150 | buffers to the rebuild_dir structure. | |
6151 | - In storeRebuildFromSwapLog, we were calling storeRelease() | |
6152 | for cache key collisions. This only set the RELEASE_REQUEST | |
6153 | bit and did not clear the swap_file_number in the filemap or | |
6154 | in the StoreEntry, so the swap file could get unlinked later | |
6155 | when it was really released. | |
4e0f0471 | 6156 | - Fixed FTP so that ';type=X' specifically sets the HTTP reply |
6157 | content-type and content-encoding (Henrik Nordstrom). | |
6158 | - Removed 'icon_content_type' configuration option. Content | |
6159 | types now taken from mime.conf (Henrik Nordstrom). | |
2a9b2b73 | 6160 | - Added additional memory malloc tracing and memory leak |
6161 | detection. Use --enable-xmalloc-debug-trace configure | |
6162 | option and -m command line option (Henrik Nordstrom). | |
bcfbdc11 | 6163 | |
93169941 | 6164 | Changes to squid-1.2.beta14 (Feb 6, 1998): |
6165 | ||
5471db88 | 6166 | - Replaced snmplib free() calls with xfree(). |
6167 | - Changed the 'net_db_name' hash table structure to | |
6168 | make it easier to move names from one network to another | |
6169 | (copied from 1.1 code). | |
93169941 | 6170 | - Filled in some of the config dump routines (dump_acl, |
6171 | dump_acl_access). | |
6172 | - Full memory debugging option (--enable-xmalloc-debug-trace) | |
6173 | (Henrik Nordstrom). | |
6174 | - Filled-in and clarified many squid.conf comments (Oskar | |
6175 | Pearson). | |
6176 | - Fixed up handling of SWAP_LOG_DEL swap.state entries. | |
5471db88 | 6177 | |
f91834bf | 6178 | Changes to squid-1.2.beta13 (Feb 4, 1998): |
f577e074 | 6179 | |
b4512acd | 6180 | - NOTE: With this version the "swap.state" file format has |
6181 | changed. Running this version for the first time will | |
6182 | cause your current cache contents to be lost! | |
f91834bf | 6183 | - NOTE: this version still has the bug where we don't rewind |
6184 | a swapout file and rewrite the swap meta data. Objects | |
6185 | larger than 8KB will be lost when rebuilding from the swap | |
6186 | files. | |
d04dd4bf | 6187 | - Combined various interprocess communication setup functions |
6188 | into ipcCreate(). | |
6189 | - Removed some leftover ICP_HIT_OBJ things. | |
6190 | - Removed cacheinfo and proto_count() and friends; these are to | |
6191 | be replaced in functionality by StatCounters and 5/60 minute | |
6192 | average views via cachemgr. | |
6193 | - Fixed --enable-acltree configure message (Masashi Fujita). | |
6194 | - Fixed no reference to @LIB_MALLOC@ in src/Makefile.in | |
6195 | (Masashi Fujita). | |
6196 | - Fixed building outside of source tree (Masashi Fujita). | |
dbfed404 | 6197 | - FTP: Format NLST listings, and inform the user that the NLST |
6198 | (plain) format is available when we find a LIST listing that we | |
6199 | don't understand (Henrik Nordstrom) | |
6200 | - FTP: Use SIZE on Binary transfers, and not ASCII. The | |
6201 | condition was inversed, making squid use SIZE on ASCII | |
6202 | transfers (Henrik Nordstrom). | |
6203 | - Enable virtual and Host: based acceleration in order to be | |
6204 | able to use Squid as a transparent proxy without breaking | |
6205 | either virtual servers or clients not sending Host: header | |
6206 | the order of the virtual and Host: based acceleration needs | |
6207 | to be swapped, giving Host: a higher precendence than virtual | |
6208 | host (Henrik Nordstrom). | |
6209 | - Use memmove/bcopy as detected by configure Some systems does | |
6210 | not have memmove, but have the older bcopy implementation | |
6211 | (Henrik Nordstrom). | |
6cf028ab | 6212 | - Completely rewritten aiops.c that creates and manages a pool |
6213 | of threads so thread creation overhead is eliminated (SLF). | |
6214 | - Lots of mods to store.c to detect and cancel outstanding | |
6215 | ASYNC ops. Code is not proven exhaustive and there are | |
6216 | definately still cases to be found where outstanding disk ops | |
6217 | aren't cancelled properly (SLF). | |
6218 | - Changes to call interface to a few routines to support disk | |
6219 | op `tagging', so operations can be cleanly cancelled on | |
6220 | store_abort()s (SLF). | |
6221 | - Implementation of swap.state files as transaction logs. | |
6222 | Removed objects are now noted with a negative object size. | |
6223 | This allows reliatively clean rebuilds from non-clean | |
6224 | shutdowns (SLF). | |
6225 | - Now that the swap.state files are transaction logs, there's | |
6226 | now no need to validate by stat()ing. All the validation | |
6227 | procedure does is now just set the valid bit AFTER all the | |
6228 | swap.state files have been read, because by that time, only | |
6229 | valid objects can be left. Object still need to be marked | |
6230 | invalid when reading the swap.state file because there's no | |
6231 | guarantee the file has been retaken or deleted (SLF). | |
6232 | - An fstat() call is now added after every | |
6233 | storeSwapInFileOpened() so object sizes can be checked. Added | |
6234 | code to storeRelease() the object if the sizes don't match (SLF). | |
6474667e | 6235 | - #defining USE_ASYNC_IO now uses the async unlink() rather than |
6236 | unlinkd() (SLF). | |
6cf028ab | 6237 | - #defining MONOTONIC_STORE will support the creation of disk |
6238 | objects clustered into directories. This GREATLY improves disk | |
6239 | performance (factor of 3) over old `write-over-old-object' | |
6240 | method. If using the MONOTONIC_STORE, the | |
6241 | {get/put}_unusedFileno stack stuff is disabled. This is | |
6242 | actually a good thing and greatly reduces the risk of serving | |
6243 | up bad objects (SLF). | |
6244 | - Fixed unlink() in storeWriteCleanLogs to be real unlink() | |
6245 | rather than ASYNC/unlinkd unlinks. swap.state.new files were | |
6246 | being removed just after they were created due to delayed | |
6247 | unlinks (SLF). | |
6248 | - Disabled various assertions and made these into debug warning | |
6249 | messages to make the code more stable until the bugs can be | |
6250 | tracked down (SLF). | |
6251 | - Added most of Michael O'Reilly's patches which included many | |
6252 | bug fixes. Ask him for full details (SLF). | |
6253 | - Moved aio_check_callbacks in comm_{poll|select}(). It was | |
6254 | called after the fdset had been built which was wrong because | |
6255 | the callbacks were changing the state of the read/write | |
6256 | handlers prior to the poll/select() calls (SLF). | |
f09f5b26 | 6257 | - Fixed ARP ACL memory leaks (Dale). |
f577e074 | 6258 | - Eliminated URL and SHA cache keys. Cache keys will always |
6259 | be MD5's now. | |
6260 | - Fixed up store swap meta data. | |
6261 | - Changed swap.state logs to a binary format. | |
f91834bf | 6262 | - The swap.state logs are written transaction-style. |
d04dd4bf | 6263 | |
b5cfbd5b | 6264 | Changes to squid-1.2.beta12 (Jan 30, 1998): |
6265 | ||
b4512acd | 6266 | - Added metadata headers to cache swap files. This is an |
6267 | incompatible change with previous versions. Running this | |
6268 | version for the first time will cause your current cache | |
6269 | contents to be lost. | |
9fc0b4b8 | 6270 | - -D_REENTRANT when linking with -lpthreads (Henrik Nordstrom) |
6271 | - Show symlink destinations as a hyperlink in FTP listings | |
6272 | (Henrik Nordstrom) | |
3a4eaced | 6273 | - Fixed not allocating enough space for rewriting URLs with |
6274 | the Host: header (Eric Stern). | |
6275 | - Year-2000 fixes (Arjan de Vet). | |
6276 | - Fixed looping for cache hits on HEAD requests. | |
fc6dc767 | 6277 | - Fixed parseHttpRequest() coredump for |
6474667e | 6278 | "GET http://foo HTTP/1.0\r\n\r\n\r\n" |
9fc0b4b8 | 6279 | |
9f802cb1 | 6280 | Changes to squid-1.2.beta11 (Jan 6, 1998): |
6281 | ||
fd82d0b0 | 6282 | - Fixed fake 'struct rusage' definition which prevented compling |
6283 | on Solaris 2.4. | |
6284 | - Fixed copy-by-ref bug for request->headers in | |
6285 | clientRedirectDone() (Michael O'Reilly). | |
812db943 | 6286 | - Workaround for Solaris pthreads closing FD 0 upon fork() |
6287 | (Michael O'Reilly). | |
05fd71a7 | 6288 | - Fixed shutdown bug with outgoing UDP sockets; we need to |
6289 | disable their read handlers. | |
6290 | - For comm_poll(), use the fast 50 msec timeout only when | |
6291 | USE_ASYNC_IO is defined. | |
1fbc6de3 | 6292 | - Fixed pointer bug when freeing AS# ACL entries. |
6293 | - Fixed forgetting to reset Config.npeers to zero in free_peer(). | |
0f6bdbfa | 6294 | - Fixed ICP bug causing excessive TIMEOUTs with sibling |
6295 | neighbors. We must call the ICP reply callback even for | |
6296 | sibling misses. | |
6297 | - Fixed some dnsserver-related reconfigure bugs. Need to | |
6298 | use cbdataLock, etc in fqdncache.c. Also don't want to | |
6299 | use ipcacheQueueDrain() and fqdncacheQueueDrain(). | |
6300 | - Fixed persistent connection bug. We were incorrectly | |
6301 | deciding that non-200 replies without content-length | |
6302 | would not have a reply body. | |
6303 | - Fixed intAverage() precedence bug. | |
6304 | - Fixed memmove() 'len' arg bug. | |
6305 | - Changed algorithm for determining alive/dead state of peers. | |
6306 | Instead of using a fixed number of unacknowledged ICP | |
6307 | replies, it is now based on timeouts. If there are no ICP | |
6308 | replies received from a peer within 'dead_peer_timeout' | |
6309 | seconds, then we call it dead. | |
6310 | - Added calls to getCurrentTime() in | |
6311 | comm_{select,poll}_incoming() when ALARM_UPDATES_TIME is not | |
6312 | being used. | |
6313 | - Fixed shutdown bug when the incoming and outgoing ICP socket | |
6314 | is the same file descriptor. | |
e970f357 | 6315 | - Added buffered writes for storeWriteCleanLogs() (Stewart |
6316 | Forster). | |
6317 | - Patches for Qnx4 (Jean-Claude MICHOT). | |
6318 | - Fixed returning void functions which seems to be a GCC-ism. | |
e5f4e1b0 | 6319 | - New configure script options (Henrik Nordstrom): |
6320 | --enable-new-storekey=[sha|md5(|url)] (was --enable-hashkey) | |
6321 | --enable-acltree | |
6322 | --enable-icmp | |
6323 | --enable-delay-hack | |
6324 | --enable-useragent-log | |
6325 | --enable-kill-parent (this should be named -hack) | |
6326 | --enable-snmp | |
6327 | --enable-time-hack | |
6328 | --enable-cachemgr-hostname[=hostname] (new) | |
6329 | --enable-arp-acl (new) | |
6330 | - Added Doug Lea malloc-2.6.4 to the distribution, so that | |
6331 | people easily can try a decent malloc package if they syspect | |
6332 | their malloc is broken. --enable-dlmalloc (Henrik Nordstrom). | |
6333 | - Made XMALLOC_DEBUG_COUNT working again. Requires a small stub | |
6334 | function (Henrik Nordstrom). | |
6335 | - Removed top-level Makefile. People must now run 'configure' | |
6336 | before 'make'. | |
714ace98 | 6337 | - Fixed checkFailureRatio() implementation. |
82b3c7d9 | 6338 | - Made 'squid -z' behave like the 1.1 version. |
e5f4e1b0 | 6339 | |
fd82d0b0 | 6340 | |
ab9a3f7e | 6341 | Changes to squid-1.2.beta10 (Jan 1, 1998): |
6342 | ||
6343 | - Fixed content-length bugs for 204 replies, 304 replies, | |
6344 | and HEAD requests (Henrik Nordstrom). | |
6345 | - Fixed errorAppendEntry() bug in gopherReadReply(). | |
6346 | - Basic support for FTP URL typecodes (;type=X). | |
9c965c1b | 6347 | - Support for access controls based on ethernet MAC addresses |
ab9a3f7e | 6348 | (Dale). |
6349 | - Initial URN support; see | |
6350 | http://squid.nlanr.net/Squid/urn-support.html | |
6351 | - Fixed client-side persistent connections for objects with | |
6352 | bad content lengths (Henrik Nordstrom). | |
6353 | - Fixed bad call to storeDirUpdateSwapSize() for objects which | |
6354 | never reach SWAPOUT_DONE state. | |
68e3a9df | 6355 | - Fixed up poll() #defines in squid.h (Stewart Forster). |
6356 | - Changed poll() timeout from 1000 msec to 50 msec for | |
6357 | better performance under low load (Stewart Forster). | |
e7a1fde6 | 6358 | - Changed storeWriteCleanLogs() to write objects in the LRU |
6359 | list order instead of the random hash table order. | |
109ff6af | 6360 | - Fixed FTP bug when data socket connections fail or timeout. |
6361 | - Reuse FTP data connection when possible (Henrik Nordstrom). | |
6362 | - Added configure options (Henrik Nordstrom) | |
6363 | --enable-store-key=sha|md5 | |
6364 | --enable-xmalloc-statistics | |
6365 | --enable-xmalloc-debug | |
78743365 | 6366 | --enable-xmalloc-debug-count |
6367 | --async-io | |
109203bf | 6368 | - Fixed confusing with the use/meaning of ERR_CANNOT_FORWARD |
6369 | by creating ERR_FORWARDING_DENIED and changing the | |
6370 | content of the ERR_CANNOT_FORWARD text. | |
4e9c07c1 | 6371 | - Fixed pipeline request bug from using strdup() (Henrik |
6372 | Nordstrom). | |
6373 | - Call clientReadRequest() directly instead of commSetSelect() | |
6374 | for pipelined requests (Henrik Nordstrom). | |
1b02b5be | 6375 | - Fixed 4k page leak in icpHandleIMSReply(); |
6376 | - Renamed 'icp*' functions to 'client*' names in client_side.c. | |
e7a1fde6 | 6377 | |
b90a0f8d | 6378 | Changes to squid-1.2.beta8 (Dec 2, 1997): |
6379 | ||
eae03fc8 | 6380 | - Fixed accessLogLog() to log ident from Proxy-Authorization |
6381 | request header (BoB Miorelli). | |
226f9ba2 | 6382 | - Fixed #includes, prototypes, etc. in SNMP source files. |
6383 | - Moved 'POLLRDNORM' and 'POLLWRNORM' macro checks from | |
6384 | include/config.h.in to src/squid.h | |
6385 | - Moved 'num32' typedefs from src/typedefs.h to | |
6386 | include/config.h.in. | |
6387 | - Moved snmplib/md5.c to lib/md5.c. | |
6388 | - Added MD5 cache key support. | |
6389 | - Removed xmalloc() return check in uudeocde.c | |
6390 | - Added 'ifdef' support to cf_gen.c for optional code (e.g. SNMP) | |
6391 | - Changed 'client' program to provide easier cache manager access, | |
3ff01c3e | 6392 | e.g.: 'client mgr:info' |
226f9ba2 | 6393 | - Fixed 'client' to send 'Connection' instead of 'Proxy-Connection' |
6394 | for simulated keep-alive requests. | |
6395 | - Removed 'fd' arg from clientProcess* functions. | |
9e3468d5 | 6396 | - Fixed bugs from using errorSend() on persistent/pipelined |
226f9ba2 | 6397 | client connections. A latter request should not be allowed to |
6398 | write to the client fd until the current request completes. | |
6399 | Now use errorAppendEntry() for such situations. | |
6400 | - Fixed content-length bugs. We were using content-length == 0 | |
6401 | to also indicate a lack of content-length reply header. But | |
6402 | 'content-length: 0' might appear in a reply, so now use -1 to | |
6403 | indicate that no content length given. | |
6404 | - Split up clientProcessRequest() into smaller chunks so it | |
6405 | might be easier to follow. | |
6406 | - renamed various client_side.c functions to start with 'client' | |
6407 | instead of 'icp'. | |
6408 | - Fixed a 'cbdata leak' from the comm.c close handlers. | |
6409 | - Fixed a 'cbdata leak' from the comm.c connect routines. | |
6410 | - Fixed comm_select() and comm_poll() to stop looping on the | |
6411 | incoming HTTP/ICP sockets. If there are fewer than 7 FD's | |
6412 | ready for I/O, the incoming sockets might not get service, so | |
6413 | comm_select() would be called for up to 7 times until the | |
6414 | 'incoming_counter' was incremented enough to trigger a call | |
6415 | to comm_select_incoming(). Now we make sure | |
6416 | comm_select_incoming() gets called if select returns less | |
6417 | than 7 ready FD's. | |
9e3468d5 | 6418 | - Added errorpage '%B' token to generate FTP URLs with a '%2f' |
6419 | inserted at the start of the url-path. calls ftpUrlWith2f(). | |
6420 | (Henrik Nordstrom). | |
226f9ba2 | 6421 | - Changed fqdncache.c to use LRU double-linked list instead of qsort() |
6422 | for replacement and cachemgr output. | |
6423 | - Changed ipcache.c to use LRU double-linked list instead of qsort() | |
6424 | - Changed hash_insert() and hash_join() to return void. | |
6425 | for replacement and cachemgr output. | |
6426 | - Moved StoreEntry->method member to MemObject->method. | |
6427 | - Made StoreEntry->flags 16 bits. | |
6428 | - Made StoreEntry->refcount 16 bits. | |
6429 | - Changed URL-based public cache key to always include the request | |
6430 | method. | |
eae03fc8 | 6431 | |
95bc9f0b | 6432 | Changes to squid-1.2.beta7 (Nov 24, 1997): |
6433 | ||
6a11653c | 6434 | - Fixed poll() for Linux (David Luyer). |
6435 | - SHA optimizations (David Luyer). | |
6436 | - Fixed errno clashes with macro on Linux (David Luyer). | |
6437 | - Fixed storeDirCloseSwapLogs(); logs might not be open. | |
6438 | - Fixed storeClientCopy2() bug. Detect when there is | |
6439 | no more data to send for objects in STORE_OK state. | |
19ee64b1 | 6440 | - Fixed FTP truncation bug when ftpState->size == 0, e.g. |
6441 | especially directory listings. | |
95bc9f0b | 6442 | - Mega FTP fix from Henrik Nordstrom. A better job of |
6443 | implementing the '%2f' hack. | |
6444 | - Fixed some pipelined request bugs. storeClientCopy() was | |
6445 | being given the wrong StoreEntry, and we had a race condition | |
6446 | which is now handled by storeClientCopyPending(). | |
99077fe6 | 6447 | - Added initial SNMP support. |
6a11653c | 6448 | |
2c9b45c9 | 6449 | Changes to squid-1.2.beta6 (Nov 13, 1997): |
6450 | ||
1b5516d3 | 6451 | - Fixed Authorized responses getting swapped out when they |
6452 | don't have Proxy-Revalidate reply header. | |
6453 | - Fixed Proxy Authentication support. We never sent back | |
6454 | a 407 reply, and were incorrectly incrementing the passwd | |
6455 | before comparing it. | |
6456 | - Fixed stat()ing pathnames for default values before parsing | |
6457 | config file (Ron Gomes). | |
6458 | - Fixed logging request and response headers on separate lines | |
6459 | (Ron Gomes). | |
6460 | - Fixed FTP Authentication message (Henrik Nordstrom). | |
6461 | - Changed Proxy Authentication to trigger a reread of the passwd | |
6462 | file if a password check fails (Henrik Nordstrom). | |
6463 | - Changed FTP to retry the first CWD with a leading slash if it | |
6464 | fails without one. | |
6465 | ||
8c17a569 | 6466 | Changes to squid-1.2.beta5 (Nov 6, 1997): |
6467 | ||
90045285 | 6468 | - Track the 'keep-alive ratio' for a peer as the ratio of |
6469 | the number of replies including 'Proxy-Connection: Keep-Alive' | |
6470 | compared to the number of requests sent. If the peer does | |
6471 | not support Persistent connections then this ratio will tend | |
6472 | toward zero. If the ratio is less than 50% after 10 requests | |
6473 | then we'll stop sending Keep-Alive. | |
8c3994aa | 6474 | - Proper support for %nn escapes in FTP, and numerous |
6475 | other fixes (Henrik Nordstrom). | |
6476 | - Support for Secure Hash Algorithm and framework for other | |
6477 | hash functions as cache keys. | |
6478 | - Fixed SSL snprintf() bug which broke SSL proxying. | |
6479 | - Fixed store_dir swap log bug from reconfigure (SIGHUP). | |
8c17a569 | 6480 | - Fixed LRU Reference Age bug. The arg to pow() must be |
8031bd43 | 6481 | minutes, not seconds. |
90045285 | 6482 | |
9ddfb255 | 6483 | Changes to squid-1.2.beta4 (Oct 30, 1997): |
6484 | ||
a493f974 | 6485 | - Fixed DST bug in rfc1123.c |
6486 | - Changed default http_accel_port to 80. | |
6487 | - added errorCon() as a ErrorState constructor function | |
6488 | (Max Okumoto). | |
6489 | - Added ERR_FTP_FAILURE message for ftpFail(). | |
6490 | - For FTP, the timeout callback must be moved to the 'data' | |
6491 | descriptor when data transfer begins. Otherwise we are | |
6492 | likely to get a timeout on the control descriptor. | |
6493 | - Fixed double-free bug in httpRequestFree(). | |
6494 | - Fixed store_swap_size counting bug in storeSwapOutHandle(). | |
6495 | ||
409a6aad | 6496 | Changes to squid-1.2.beta3 (Oct 29, 1997): |
6497 | ||
6498 | - Initialize _res.options to RES_DEFAULT in dnsserver.c. | |
6499 | - Fix assertions which assumed 4-byte pointers. | |
6500 | - Fix missing % in fqdncache.c snprintf(). | |
6501 | ||
5a2d610b | 6502 | Changes to squid-1.2.beta2 (Oct 28, 1997): |
6503 | ||
8c3994aa | 6504 | - Fixed aiops.c and async_io.c so that they actually compile |
f5b8bbc4 | 6505 | with USE_ASYNC_IO (Arjan de Vet). |
6506 | - Fixed errState->errno causing problems with some macros | |
6507 | (Michael O'Reilly). | |
d287f51e | 6508 | - Fixed memory leaks in pconn.c (Max Okumoto). |
0866009b | 6509 | - Enhanced 'client' program with 'ping' behaviour (Ron Gomes). |
272547b5 | 6510 | - Fixed InvokeHandlers() from calling memCopy() for ALL |
6511 | store_client's with callbacks. A store_client might be reading | |
6512 | from disk. | |
5a2d610b | 6513 | - Rewrote storeMaintainSwapSpace(). No longer will we scan one |
272547b5 | 6514 | bucket at a time. Instead we'll maintain a single LRU |
6515 | list. When an object is 'touched' we move it to the | |
6516 | top of this list. When we need disk space, we delete | |
6517 | from the bottom. | |
5a2d610b | 6518 | - Removed storeGetSwapSpace(). |
f5b8bbc4 | 6519 | |
871f0b8a | 6520 | Changes to squid-1.2.beta1 (): |
6521 | ||
6522 | - Reworked storage manager to not keep objects in memory during | |
6523 | transit. In other words, no separate NOVM distribution. | |
6524 | - Lots of cleanup and debugging for beta release. | |
6525 | - Use snprintf() everywhere instead of sprintf(). | |
6526 | - The 'in_memory' hash table has been replaced with a | |
6527 | doubly-linked list. New objects are added to the head of | |
6528 | the list. When memory space is needed, old objects are | |
6529 | purged from the tail of the list. | |
6530 | ||
0edfe7a2 | 6531 | Changes to squid-1.2.alpha7 (): |
6532 | ||
c4958532 | 6533 | - fixes fixes fixes. |
6534 | - Made Arjan's PROXY_AUTH ACL patch standard. | |
0edfe7a2 | 6535 | |
8905b90c | 6536 | Changes to squid-1.2.alpha6 (): |
6537 | ||
6684fec0 | 6538 | - Simpler cacheobj implementation. |
6605655c | 6539 | - persistent connection histogram |
8872e1f8 | 6540 | - SERVER-SIDE PERSISTENT CONNECTIONS: |
6474667e | 6541 | - Added pconn.c |
6542 | - Addec Cofig.Timeout.pconn; default 120 seconds | |
6543 | - Added httpState->flags | |
6544 | - Added flags arg to httpBuildRequestHeader() | |
6545 | - Added HTTP_PROXYING and HTTP_KEEPALIVE flags | |
6546 | - Added 'Connection' to allowed HTTP headers (http-anon.c) | |
8872e1f8 | 6547 | - Added 'Proxy-Connection' to allowed HTTP headers |
6548 | (http-anon.c) | |
a7736231 | 6549 | - Merged proxyhttpStart() with httpStart() and created |
8872e1f8 | 6550 | new httpBuildState(). |
6551 | - New httpPconnTransferDone() detects end-of-data on | |
6552 | persistent connections. | |
6684fec0 | 6553 | |
88738790 | 6554 | Changes to squid-1.2.alpha5 (): |
6555 | ||
6556 | - New configuration system. Everything is generated from | |
6557 | 'cf.data.pre', including the main parser, setting defaults, | |
6558 | outputting current values, and freeing memory. | |
6559 | This also involved moving some of the local data structures | |
6560 | (e.g. struct _acl *AclList in acl.c) to the Config | |
6561 | structure. (Max Okumoto) | |
6562 | - No more '/i' for regular expressions. Now insert a '-i' | |
6563 | to switch to case-insensitive. Use '+i' for case-sensitive. | |
6564 | - When you have a variable named the same as its type, sizeof() | |
6565 | gets the wrong one (fde). | |
6566 | - Need to flush unbuffered logs before fork(). | |
6567 | - Added two fields swap log: refcount and e->flag. | |
6568 | - Removed all the .h files for each .c file. Now #include stuff | |
6569 | is in either: defines.h, enums.h, typedefs.h, structs.h, | |
6570 | or protos.h, globals.h. This greatly reduces dependencies | |
6571 | between the various source files. | |
6572 | - globals.c is generated from globals.h by a Perl script. | |
8ee3ca2c | 6573 | - Started customizable error texts. |
88738790 | 6574 | |
97f674c8 | 6575 | Changes to squid-1.2.alpha4 (): |
6576 | ||
ec973719 | 6577 | - New MIME configuration, regular expression based |
6578 | - Added request_timeout config option | |
6579 | - Multiple HTTP sockets (Lincoln Dale). | |
6580 | - Moved 'fds_are_n_free' check to httpAccept(). | |
6581 | - s/USE_POLL/HAVE_POLL/; make poll() default if available. | |
7e49f700 | 6582 | - Changed storeRegister to use offsets and make immediate |
6583 | callbacks if appropriate. | |
6584 | - Removed icpDetectClientClose(). Some of that functionality | |
6585 | goes into clientReadRequest() and the rest into | |
6586 | httpRequestFree(). | |
b1b387d1 | 6587 | - Moved IP lookups to commConnect stuff. |
6588 | - Added support for retrying connect(). | |
858164fc | 6589 | - New inline debug() macro (David Luyer). |
e174e0fe | 6590 | - Replace frequent gettimeofday() calls with alarm(3) based |
6591 | clock. Need to add more gettimeofday() calls to get back | |
a59968c7 | 6592 | high-resolution timestamp logging (Andres Kroonmaa). |
0153d498 | 6593 | - Added support for Cache-control: proxy-revalidate; |
6594 | based on squid-1.1 patch from Mike Mitchell. | |
ec973719 | 6595 | |
3b08d32d | 6596 | Changes to squid-1.2.alpha3 (): |
6597 | ||
6598 | - Implemented persistent connections between clients and squid. | |
6599 | - Moved various FD tables (comm.c, fdstat.c, disk.c) to a single | |
6600 | table in fd.c. | |
6601 | - Removed use of FD as an identifier in certain callback | |
6602 | operations (ipcache, fqdncache). | |
6603 | - General code cleanup. | |
6604 | - Fixed typedefs for callback functions. | |
6605 | - Removed FD lifetime/timeout dichotomy. Now we only have | |
6606 | timeouts, however the lifetime concept/keyword may still | |
6607 | linger in certain places. | |
6608 | - Change Makefile 'realclean' target to 'distclean' | |
6609 | - Changed config file parsing of time specifications to use | |
6610 | parseTimeLine(). | |
6611 | - Removed storetoString.c | |
6612 | ||
6613 | Changes to squid-1.2.alpha2 (): | |
74cebec0 | 6614 | |
6615 | - Merged squid-1.1.9, squid-1.1.10 changes | |
6616 | ||
7b41ec97 | 6617 | Changes to squid-1.2.alpha1 (): |
6618 | ||
6619 | - Unified peer selection algorithm. | |
75e88d56 | 6620 | - aiops.c and aiops.h are a threaded implementation of |
6621 | asynchronous file operations (Stewart Forster). | |
6622 | - async_io.c and async_io.h are complete rewrites of the old | |
6623 | versions (Stewart Forster). | |
6ad85e8a | 6624 | - Rewrote all disk file operations of squid to support |
75e88d56 | 6625 | the idea of callbacks except where not required (Stewart |
6626 | Forster). | |
75e88d56 | 6627 | - Background validation of 'tainted' swap log entries (Stewart |
6628 | Forster). | |
6629 | - Modified storeWriteCleanLog to create the log file using the | |
6630 | open/write rather than fopen/printf (Stewart Forster). | |
6631 | - Added the EINTR error response to handle badly interrupted | |
6632 | system calls (Stewart Forster). | |
6ad85e8a | 6633 | - UDP_HIT_OBJ not supported, removed. |
6634 | - Different sized 'cache_dirs' supported. | |
75e88d56 | 6635 | |
e924600d | 6636 | ============================================================================== |