]> git.ipfire.org Git - thirdparty/squid.git/blame - ChangeLog
projects / thirdparty / squid.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Source Format Enforcement (#317)
[thirdparty/squid.git] / ChangeLog
CommitLineData
011c7156
AJ		 1Changes to squid-4.3 (28 Oct 2018):
2
3 - Bug 4893: Malformed %>ru URIs for CONNECT requests
4 - Fix %USER_CA_CERT_xx and %USER_CERT_xx crashes
5 - SSL: support compilation with minimal OpenSSL
6 - SSL: certificate fields injection via %D in ERR_SECURE_CONNECT_FAIL
7 - Fix netdb not saving to disk
8 - Fix memory leak when parsing SNMP packet
9 - ... and some compile issues
10
bc535d91
AJ		 11Changes to squid-4.3 (01 Oct 2018):
12
13 - Bug 4885: Excessive memory usage when running out of descriptors
14 - Bug 4877: Add missing text about external_acl_type %DATA changes
15 - Bug 4875 pt1: GCC-8 compile errors with -O3 optimization
16 - Bug 4716: Blank lines in cachemgr.conf are not skipped
17 - Bug 4691: balance_on_multiple_ip config option docs
18 - basic_pop3_auth: fix startup errors
19 - langpack: Add missing dialect aliases
20 - Fix range_offset_limit debugging
21 - Fix icc build errors
22 - Update systemd dependencies in squid.service
23
2c7246f7
AJ		 24Changes to squid-4.2 (04 Aug 2018):
25
26 - Regression fix: support for https_port clientca= option
27 - Regression Bug 4870: milliseconds logformats prepend 0s instead of spaces
28 - Bug 4861: HTTPMSGLOCK missing pointer safety
29 - Bug 4843 pt3: GCC-8 fixes and refactoring
30 - HTTP: Do not update stored headers on 304 responses
31 - Fix segmentation fault on -k parse
32 - Fix %>ru logging of huge URLs
33 - ... and several performance optimizations
34 - ... and some documentation updates
35 - ... and all fixes from 3.5.28
36
3cd71470
AJ		 37Changes to squid-4.1 (02 Jul 2018):
38
39 - Bug 4223: fixed retries of failed re-forwardable transactions
40 - Bug 4791: Build failure on MacOS
41 - Fix --with-netfilter-conntrack error message
42 - ... and many documentation updates
43
b5391492
AJ		 44Changes to squid-4.0.25 (11 Jun 2018):
45
46 - Regression Bug 4855: querying private entries for HTCP/ICP
47 - Regression Bug 4852: deny_info %R macro not being expanded
48 - Regression Bug 4847: proxy_auth ACL -i/+i flags not working
49 - Regression Bug 4831: filter chain certificates for validity when loading
50 - Regression fix: Transient reader locking broken in 4.0.24
51 - Bug 4845: NegotiateSsl crash on aborting transaction
52 - Bug 4843 pt1: ext_edirectory_userip_acl refactoring for GCC-8
53 - Bug 4843 pt2: squidclient refactoring for GCC-8
54 - Bug 4829: IPC shared memory leaks when disker queue overflows
55 - Bug 4828: Use feature detection for IPFilter API/ABI checks
56 - Bug 4816: update negotiate_kerberos_auth helper protocol to v3.4
57 - Bug 4811: supply AccessLogEntry (ALE) for more fast ACL checks
58 - Bug 4707: purge tool does not obey --sysconfdir= build option
59 - Bug 4171: checking for log_file_daemon despite disabling logging
60 - Bug 4042: ext_kerberos_ldap_group: add -P principal option
61 - TLS: avoid "ssl_crtd" assertions on reconfiguration
62 - Add timestamps to (most) FATAL messages
63 - Add "--kid role-ID" command line option
64 - ... and many documentation updates
65
2db9989c
AJ		 66Changes to squid-4.0.24 (07 Mar 2018):
67
68 - Bug 4822: Build failure (-Wformat) where time_t is not long int
69 - Bug 4505: SMP caches sometimes do not purge entries
70 - TLS: GnuTLS implementation for listening ports and client connections
71 - TPROXY: Fix clientside_mark and client port logging
72 - Native FTP: Fix "Cannot assign requested address" with TPROXY
73 - SSL-Bump: Fix authentication with types other than Basic
74 - ... and many small compile and stability fixes
75 - ... and some documentation fixes
76
f1dfef29 77Changes to squid-4.0.23 (19 Jan 2018):
78
79 - Bug 4715: security_file_certgen: Remove -g and -n options docs
80 - Bug 4679: User names not sent to url_rewrite_program
81 - Bug 4631: security_file_certgen helper without disk cache
82 - Bug 3911: clang -fsanitize warnings
83 - Bug 2378: Duplicates in selected peer destinations
84 - Nettle v3.4 support
85 - Fix Squid FTP server dying because of an unhandled exception
86 - Automatically revive hopeless kids on reconfigure and after a timeout
87 - Fix %<Hs, %<pt, %<tt, %<bs calculation bugs for error responses
88 - ... and many documentation updates
89 - ... and some stability fixes
90
96e628ec 91Changes to squid-4.0.22 (07 Dec 2017):
92
93 - Regression fix: Relay peer CONNECT error status line and headers to clients
94 - Bug 4767: SMP breaks IPv6 SNMP and cache manager queries
95 - Bug 4718: support filling raw buffer space of shared SBufs
96 - Bug 4648: object revalidation for HTTPS scheme
97 - Bug 4616: store_client.cc:92: "mem" assertion
98 - Bug 2821: ignore Content-Range in non-206 responses
99 - HTCP: Ignore packets with invalid URI
100 - TLS: Validate the shortest certificate chain
101 - TLS: Add checks for OpenSSL 1.1.0f API changes
102 - TLS: Fix reporting of validation errors for downloaded intermediate certs
103 - TLS: Fix SSL certificate cache refresh and collision handling
104 - Fix backwards compatibility for Squid-3.5 external_acl_type formats
105 - Fix invalid mime icon URLs in cache
106 - Do not die silently when dying early
107 - Docs: update translation files
108
b008ed2e
AJ		 109Changes to squid-4.0.21 (02 Jul 2017):
110
111 - Bug 4730: segfault while processing internal HTTP requests
112 - Bug 4492: Chunk extension parser is too pedantic
113 - Bug 1961: Redesign urlParse() API
114 - TLS: recognise tls:: namespace on logformat tokens
115 - SSL-Bump: tproxy does not spoof spliced connections
116 - security_file_certgen: collapse queued requests
117 - Add a basic apparmour profile
118 - Add transaction_initiator ACL for detecting various unusual transactions
119 - Add ssl::server_name options to control matching logic
120 - Support for --long-acl-options
121 - Do not die silently when dying via std::terminate()
122 - Fix option --foreground to implement expected behavior
123 - Translations: update .po and .pot to latest texts
124 - ... and some documentation updates
125 - ... and many code cleanup and stability fixes
126 - ... and all fixes from 3.5.27
127
ef396425
AJ		 128Changes to squid-4.0.20 (01 Jun 2017):
129
96e628ec 130 - Bug 4692: SslBump breaks intercepted IPv6 connections
131 - Bug 4682: ignoring http_access deny when client-first bumping mode is used
132 - Bug 4662: build errors with LibreSSL 2.4.4
133 - Bug 4659: sslproxy_foreign_intermediate_certs does not work
134 - Bug 4321: ssl_bump terminate does not terminate at step1
ef396425
AJ		 135 - Add 'has' ACL
136 - Do not forward HTTP requests to dead idle peers
137 - Do not unconditionally revive dead peers after a DNS refresh
138 - Make PID file check/creation atomic to avoid associated race conditions
139 - Count failures and use peer-specific connect timeouts when tunneling
140 - SSL-Bump: Fix crashes when server-first bumping mode is used with openSSL-1.1.0
141 - eCAP: Fix empty header handling in Ecap::HeaderRep::hasAny()
142 - SSL-Bump: Second adaptation missing for CONNECTs
143 - ext_session_acl: cope with new logformat inputs
144 - ... and some documentation updates
145 - ... and some code stability fixes
b008ed2e 146 - ... and all fixes from 3.5.26
ef396425 147
7b84ebcc
AJ		 148Changes to squid-4.0.19 (02 Apr 2017):
149
150 - Bug 4674: delay_parameters for class 3 and 4 assertion failed
151 - Bug 4671: GCC 7 compile errors
152 - Bug 4663: GCC 5+ compile errors with optimization level -O3
153 - Bug 4657: delay IDENT until after PROXY protocol handling
154 - Bug 4610: cleanup of BerkleyDB related checks
155 - squidclient: Fix missing error handling on PUT
156 - digest_ldap_auth: Add -r option to clamp the realm to a fixed value
157 - TLS: initial GnuTLS support for encrypted server connections
158 - Fix appending Http::HdrType::VIA code
159 - Fix URI scheme case-sensitivity treatment
160 - Fix two read-ahead problems related to delay pools (or lack thereof)
161 - Detail swapfile header inconsistencies
162 - ... and several build fixes
163 - ... and many code polishing updates
164 - ... and all fixes from 3.5.25
165
8527bed1
AJ		 166Changes to squid-4.0.18 (06 Feb 2017):
167
168 - Bug 4661: compile error 'warning: _XPG4_2 redefined' with GCC on Solaris 10
169 - Bug 4636: assertion 'byteCount > 0 && byteCount <= inBuf.length()'
170 - Bug 4610 partial: compile errors on Solaris 11.3 with Oracle Studio 12.5
171 - Bug 4599: support OpenSSL 1.1
172 - squidclient: link GnuTLS library debugs to -v level display
173 - Fix GCC6: unused local variable 'weInitiatedThisClosure'
174 - ... and some code polishing
175 - ... and some copyright updates
176 - ... and all fixes from 3.5.24
177
a2eb97b4 178Changes to squid-4.0.17 (16 Dec 2016):
6f4a12cf
AJ		 179
180 - Bug 4630: user credentials cache cleanup not re-scheduled
181 - Bug 4610 partial: compile errors on Solaris 11.3 with Oracle Studio 12.5
182 - Bug 4599 partial: initial support for OpenSSL v1.1
183 - TLS: Support tunneling of bumped non-HTTP traffic
184 - ... and many code polishing and performance updates
185 - ... and some documentation updates
186 - ... and some fixes from 3.5.23
187
6276f56c
AJ		 188Changes to squid-4.0.16 (30 Oct 2016):
189
190 - Avoid segfaults when lacking the server name for certificate validator
191 - HTTP: initial support for Cache-Control:immutable
192 - Fix ssl::server_name ACL
193 - ... and many code polishing updates
194 - ... and some fixes from 3.5.23
195
d710ff25
AJ		 196Changes to squid-4.0.15 (09 Oct 2016):
197
198 - Regression fix crash on reconfigure with TOS/DiffServ/MARK configured
199 - Bug 4610: compile errors on Solaris 11.3 with Oracle Studio 12.5
200 - Bug 4581: Secure ICAP segfault in checkForMissingCertificates
201 - Bug 4578: changes required to install squid.service
202 - Fix crash on shutdown while cleaning up idle ICAP connections
203 - Fix memory leak of Downloader-related objects
204 - HTTP/1.1: handle syntactically valid requests with unsupported HTTP versions
205 - Log TCP client port for error:transaction-end-before-headers and such
206 - ... and many portability and build fixes
207 - ... and some documentation updates
208 - ... and all fixes from 3.5.22
209
f6791433
AJ		 210Changes to squid-4.0.14 (08 Sep 2016):
211
212 - Regression Bug 4570: crash after rev.14755
213 - Regression Bug 4561: Replace use of default move operators with explicit implementation
214 - Bug 4503: Do not access-log SslBump-faked CONNECTs with _ABORTED suffixes
215 - Bug 4404: Do not access-log chunked non-persistent responses with _ABORTED suffix
216 - Fix crashes on shutdown while cleaning up idle ICAP connections
217 - Fix logformat unable to configure codes with /-escape
218 - HTTP: MUST respond with 414 (URI Too Long) when request-target exceeds limits
219 - HTTP: validate Content-Length header values
220 - Make Squid death due to overloaded helpers optional
221 - Better support for unknown URL schemes
222 - Do not log error:transaction-end-before-headers after invalid requests
223 - ... and many portability and build fixes
224 - ... and some documentation updates
d710ff25 225 - ... and all fixes from 3.5.21
f6791433 226
7566fb7e
AJ		 227Changes to squid-4.0.13 (05 Aug 2016):
228
229 - Regression Bug 4540: revert r14720 buffer update
230 - Bug 4555: Minor improvements to error pages CSS
231 - Bug 4551: fix exceptions in new chunked decoder
232 - Bug 4311: support collapse for internal revalidation requests (SMP-unaware caches)
233 - Fix Certificate Validator buffer-overflow crashes Squid
234 - Fix some failed transactions not being logged
235 - Fix segfault via Ftp::Client::readControlReply().
236 - basic_db_auth: add support for unsalted SHA1 passwords
237 - kerberos_ldap_group: add support for SSL/TLS connection to an LDAP server
238 - TLS: Add missing 'tls' option for cache_peer
239 - TLS: Do not hang when 'connector' fails
240 - TLS: Add support for fetching missing certificates
241 - Remove XSTD_USE_LIBLTDL, which has not been needed in a long while
242 - ... and many code polishing updates
243 - ... and some documentation updates
244
267a742e
AJ		 245Changes to squid-4.0.12 (01 Jul 2016):
246
247 - Regression Fix: shell issues with require_smblib definition
248 - Regression Bug 4532: pid_filename not working as documented
249 - Regression Bug 4504: Too many WARNING: Ignoring error setting CA certificate locations
250 - Bug 4516: security_file_certgen man page update
251 - Bug 4446: undefined reference to 'libecap::Name::Name'
252 - Bug 4376: clang cannot build Squid eCAP code
253 - HTTP/1.1: Update all stored headers on 304 revalidation
254 - TLS: Authority Key Identifier certificate extension
255 - Add a script to find kid-specific cache.log lines
256 - Cleanup cppunit detection and use
257 - ... and several performance improvements
258 - ... and some unit test updates
259 - ... and all fixes from 3.5.20
260
c17f835b
AJ		 261Changes to squid-4.0.11 (09 Jun 2016):
262
263 - Bug 4517: error: comparison between signed and unsigned integer
264 - Bug 4492: chunked parser needs to accept BWS after chunk size
265 - HTTP/1.1: allow chunking the last HTTP response on a connection
266 - HTTP/1.1: unfold mime header blocks
267 - TLS: fast SNI peek
268 - TLS: check for SSL_CIPHER_get_id() support required in adjustSSL()
269 - TLS: never enable OPENSSL_HELLO_OVERWRITE_HACK automatically
270 - squidclient: improve shell-escape support in -H option
271 - Do not allow low-level debugging to hide important/critical messages
272 - Replace new/delete operators using modern C++ rules
273 - Remove ie_refresh configuration option
274 - Deprecating SMB LanMan helpers
275 - Mark refresh-waiting transactions with REFRESH
276 - ... and some code cleanup and polishing
277
25e7b074
AJ		 278Changes to squid-4.0.10 (06 May 2016):
279
280 - Accumulate fewer unknown-size responses to avoid overwhelming disks.
281 - Fix shared memory corruption when storing multi-slot (>32KB) shm misses.
282 - ... and some documentation and code cleanup
283 - ... and all fixes from 3.5.18
284
2dae5986
AJ		 285Changes to squid-4.0.9 (20 Apr 2016):
286
25e7b074 287 - Bug 4405: assertion failed: comm.cc:554: "Comm::IsConnOpen(conn)"
2dae5986
AJ		 288 - Add a new error page token for unquoted external ACL messages.
289 - Stop parsing response prefix after discovering an "HTTP/0.9" response.
290 - ... and some documentation updates
291 - ... and some code polishing
292 - ... and all fixes from 3.5.17
293
b1e01a62
AJ		 294Changes to squid-4.0.8 (02 Apr 2016):
295
296 - Bug 4459: FHS compliance: move netdb.state and ssl_db to /var/cache/squid
297 - Bug 4458: Behaviour change with external ACL arguments
298 - Bug 4450: wait() related cleanup
299 - Bug 4438: SIGSEGV in memFreeString() destructing SBuf globals on shutdown/restart
300 - Bug 4312: Support disabling collapsed forwarding SMP cooperation
301 - Bug 3826: SMP compatibility with systemd and --foreground option
302 - Bug 1979: Add ACL-driven server_pconn_for_nonretriable squid.conf directive
303 - Bug 7 (partial): Update cached entries on 304 responses
304 - Add reply_header_add directive
305 - HTTP/1.1: Do not prohibit updating Last-Modified on 304 responses
306 - Fix memory leaks of lastAclData and AccessLogentry::url
307 - Fix clang -Winconsistent-missing-override warning
308 - Tests: update test suite for GnuTLS
309 - ... and some documentation updates
310 - ... and some code cleanup and polishing
97f9388a 311 - ... and all fixes from squid 3.5.16
b1e01a62 312
81bf66f8
AJ		 313Changes to squid-4.0.7 (23 Feb 2016):
314
315 - Regression Fix: external_acl parameters separated by %20 instead of space
316 - Bug 4432: assertion failed: store.cc:1919: "isEmpty()"
317 - Bug 4111: leave_suid() does not properly handle error codes returned by setuid
318 - Fix propagation of response status line parsing error details
319 - Fix memory leak when the cache of sslcrtvalidator_program is disabled via ttl=0
320 - ... and some code SourceLayout project cleaning
321 - ... and all fixes from squid 3.5.15
322
4e071e97
AJ		 323Changes to squid-4.0.6 (16 Feb 2016):
324
325 - Regression Bug 4436: Fix DEFAULT_SSL_CRTD
326 - Fix "dial: Ssl::PeerConnector::sslCrtvdHandleReply threw exception: callback != NULL"
4e071e97
AJ		 327 - ... and some documentation updates
328 - ... and all fixes from squid 3.5.14
329
ff87fda5
AJ		 330Changes to squid-4.0.5 (09 Feb 2016):
331
332 - Regression Bug 4429: http(s)_port options= error message missing characters
333 - Regression Bug 4410: 4.0.4 compile error in basic_ncsa_auth
334 - Regression Bug 4403: helper compile errors after 4.0.4 rev.14454
335 - Regression Bug 4401: compile error on Solaris
336 - Regression Fix: TLS/SSL flags parsing
337 - Regression Fix: cert validadator always disabled in 4.x
338 - Regression Fix: Name-only note ACL stopped matching after 4.0.4 rev.14465 (note -m)
339 - Regression Fix: external_acl problems after 4.0.1 rev.14351
340 - Bug 4409 (partial): compile error when two Heimdal libraries are installed
341 - Bug 4005: Dynamic certificate cache exceeds dynamic_cert_mem_cache_size
342 - SMP: Fix cleanup of a shared memory segment in an unusual configuration
343 - SSL-Bump: Fix step3 splicing.
344 - Add connections_encrypted ACL
345 - Make %<a and %<p details available to [eCAP] RESPMOD services
346 - Rename cert_valid.pl to security_fake_certverify
347 - Rename ssl_crtd helper to security_file_certgen
348 - ... and a lot of code SourceLayout project cleaning
349 - ... and some documentation updates
350 - ... and all fixes from squid 3.5.13 up to rev.13979
351
0461fde7
AJ		 352Changes to squid-4.0.4 (06 Jan 2016):
353
78121f9a
AJ		 354 - Regression Bug 4393: compile fails on OS X
355 - Bug 4392: assertion CbcPointer.h:159: 'c' via tunnelServerClosed or tunnelClientClosed
0461fde7
AJ		 356 - Support use of Kerberos credentials cache instead of keytab
357 - Support logging of TLS Cryptography Parameters
358 - Support substring matching in Note ACL
359 - ... and some code cleanup and polishing
360 - ... and all fixes from squid 3.5.13
361
bf7891f2
AJ		 362Changes to squid-4.0.3 (28 Nov 2015):
363
364 - Bug 4372: missing template files
365 - Bug 4371: compile errors: no such file or directory: DiskIO/*/*DiskIOModule.o
366 - Bug 4368: A simpler and more robust HTTP request line parser
367 - Fix compile erorr on clang undefined reference to '__atomic_load_8'
368 - ext_kerberos_ldap_group_acl: Add missing workarounds for Heimdal Kerberos
369 - ext_ldap_group_acl: Allow unlimited LDAP search filter
370 - ext_unix_group_acl: Support -r parameter to strip @REALM from usernames
371 - ... and much code cleanup and polishing
0461fde7 372 - ... and all fixes from squid 3.5.12
bf7891f2 373
0b475d3f
AJ		 374Changes to squid-4.0.2 (01 Nov 2015):
375
376 - Regression Bug 4351: compile errors when authentication modules disabled
377 - Regression fix: HTTP/1.1 Transfer-Encoding:chunked parsing
378 - Bug 4359: assertion failure 'Comm::IsConnOpen(conn)' within ConnStateData::requestTimeout
379 - Bug 4356: segmentation fault using proxy_auth ACL
380 - Bug 4352: compile errors in OS X 10.11
381 - Bug 4021: ext_user_regex does exact match
382 - Bug 3574: avoid crashes, prohibit reconfiguration during shutdown
383 - Support re-assigning delay pools based on HTTP reply details
384 - ... and all fixes from squid 3.5.11
385
1243ec71
AJ		 386Changes to squid-4.0.1 (14 Oct 2015):
387
388 - Bug 4329: GCC 5.2 no known conversion for argument
389 - Bug 4292: negotiate_wrapper: Unreleased Resources
390 - Bug 4269: ignore-must-revalidate broken
391 - Bug 4190: assertion 'hash_remove_link' from Auth::User::cacheCleanup
392 - Bug 3920: Splay::remove() reference counting inconsistent
393 - Bug 3069: CONNECT method bytes sent logging
394 - Bug 2741 partial: libsecurity API for GnuTLS support
395 - Bug 1961 partial: redesign of URL handling
396 - Fix crash when parsing invalid squid.conf
397 - Fix eCAP: Return 'unknown body size' for bodies with unknown body sizes
398 - Remove unused OS detection: Sun, SysV, Ultrix, BSDi
399 - Remove cache_peer_domain directive
400 - RFC 6176 compliance: Remove SSLv2 support
401 - HTTP/1.1: Remove refresh_pattern ignore-auth and ignore-must-revalidate
402 - Remove GCC 2.x and 3.x detection and support
403 - C++11 compiler support is now mandatory
404 - Enable flexible transport protocol
405 - Enable long (--foo) command line parameters on squid binary
406 - Add per-rule refresh_pattern matching statistics
407 - Replace sslversion=N with tls-min-version=1.N
408 - Replace sslproxy_* directives with tls_outgoing_options
409 - Replace GNU atomics and related hacks with C++11 std::atomic
410 - Replace external_acl_type format %macros with logformat codes
1243ec71
AJ		 411 - Support Secure ICAP services
412 - Support rotate=N option on access_log
413 - Support bypass for non-HTTP intercepted traffic (on_unsupported_protocol)
414 - Support lifetime timeout for persistent connections (pconn_lifetime)
415 - Support timeout for URL-rewrite helper lookups (url_rewrite_timeout)
416 - Support logging fast things (nanosecond log resolution)
417 - Support ICAP/eCAP adaptation for 100-continue responses
418 - Support configurable helper queue size, with consistent defaults
419 and better overflow handling.
420 - Support named service PID file by default (pid_filename)
421 - url_lfs_rewrite: Add URL-rewriter based on local file existence
422 - negotiate_kerberos_auth: output group= kv-pair
423 - helper-mux: add man(8) page
424 - purge: convert README to man(1) page
425 - basic_msnt_multi_domain_auth: Superceeded by basic_smb_lm_auth
426 - basic_sspi_auth: fix MinGW compile errors
427 - negotiate_sspi_auth: fix various build errors
428 - Crypto-NG: libnettle Base64 algorithm support
429 - Parser-NG: HTTP Parser structural redesign
430 - libltdl: copyright updated to LGPL version 2.1
431 - ... and several performance optimizations
432 - ... and many documentation changes
433 - ... and much code cleanup and polishing
434
1c8fc2a2
AJ		 435Changes to squid-3.5.28 (15 Jul 2018):
436
437 - SQUID-2018:1: crash processing SSL-Bumped traffic containing ESI
438 - SQUID-2018:2: crash handling responses to internally generated requests
439 - SQUID-2018:3 / CVE-2018-1172: crash in ESI Response processing
440 - Bug 4861: HTTPMSGLOCK missing pointer safety
441 - Bug 4829: IPC shared memory leaks when disker queue overflows
442 - Bug 4767: SMP breaks IPv6 SNMP and cache manager queries
443 - Bug 2821: Ignore Content-Range in non-206 responses
444 - HTCP: Ignore HTCP packets with invalid URI
445 - SSL-Bump: fix authentication with schemes other than Basic
446 - TPROXY: Fix clientside_mark and client port logging
447 - Fix "Cannot assign requested address" for to-origin TPROXY FTP data
448 - Fix --with-netfilter-conntrack error message
449 - Validate mime icon URL before allocating store entries
450 - ... and many documentation changes
451
b1268cb4 452Changes to squid-3.5.27 (20 Aug 2017):
453
454 - Regression Bug #4112: ssl_engine does not accept cryptodev
455 - Bug 4687: Wrong names of components in man page, section SEE ALSO
456 - Bug 4671: various GCC 7 compile errors
457 - Bug 4464: Reduce "!Comm::MonitorsRead(serverConnection->fd)" assertions
458 - Bug 2833: Collapse internal revalidation requests (SMP-unaware caches)
459 - Bug 2833: Do not respond with HTTP/304 to unconditional requests
460 - Fix message packing error handling in mgr and snmp SMP Forwarders
461 - Fix mgr query handoff from the original recipient to Coordinator.
462 - ... and some documentation updates
463
ef396425
AJ		 464Changes to squid-3.5.26 (01 Jun 2017):
465
466 - Bug 4711: SubjectAlternativeNames is missing in some generated certificates
467 - Bug 4695: squidpurge: GCC 7 build errors
468 - Bug 4682: ignoring http_access deny when client-first bumping mode is used
469 - Bug 4682: Fix ssl_bump "bump" action documentation
470 - Bug 4653: %st lies about tunneled traffic volumes
471 - Bug 4589: ssl_crtd: returning zero on failure
472 - Bug 3772: message from FTP server gets mangled
473 - Bug 3102: FTP directory listing drops fist character of file names
474 - Add OpenSSL library details to -v output
b1268cb4 475 - ... and some documentation updates
ef396425 476
7b84ebcc
AJ		 477Changes to squid-3.5.25 (02 Apr 2017):
478
479 - Bug 4688: various typo error(s) in man page(s)
480 - Bug 4508: Host forgery stalls intercepted being-spliced connections
481 - Native FTP relay: NAT and TPROXY interception fixes
482 - Fix missing CRLF on FTP timeout ABORT commands
483 - TLS: Bump client on errors encountered before ssl_bump evaluation
484 - ext_kerberos_ldap_group_acl: fix unused value warnings
485 - Fix crash when configuring with invalid delay_parameters restore value.
486 - Check that -k argument is provided before trying to use it.
487 - ... and some build fixes
488
6c12d87e
AJ		 489Changes to squid-3.5.24 (28 Jan 2017):
490
491 - Regression Bug 3940: Make 'cache deny' do what is documented
492 - TLS: Fix SSLv2 records bumping despite a matching step2 peek rule
493 - TLS: Mitigate DoS attacks that use client-initiated SSL/TLS renegotiation
494 - Fix "Source and destination overlap in memcpy" Valgrind errors
495 - Reduce crashes due to unexpected ClientHttpRequest termination
496 - Update External ACL helpers error handling and caching
497 - Detect HTTP header ACL issues
498 - ... and some documentation fixes
499
a2eb97b4 500Changes to squid-3.5.23 (16 Dec 2016):
6f4a12cf
AJ		 501
502 - Bug 4627: fix generate-host-certificates and dynamic_cert_mem_cache_size docs
503 - Bug 4620: NetBSD build error with --enable-ipf-transparent
504 - Bug 4567: Strange IPv6 shown in access.log
505 - Bug 4406: SIGSEV in TunnelStateData::handleConnectResponse() during reconfigure and restart
506 - Bug 4174 partial: fix Write.cc:41 "!ccb->active()" assertion.
507 - Bug 4169: HIT marked as MISS when If-None-Match does not match
508 - Bug 4007: Hang on DNS query with dead-end CNAME
509 - Bug 4004 partial: Fix segfault via Ftp::Client::readControlReply
510 - Bug 3940 partial: hostHeaderVerify failures MISS when they should be HIT
511 - Bug 3533: Cache still valid after HTTP/1.1 303 See Other
512 - Bug 3379: Combination of If-Match and a Cache Hit result in TCP Connection Failure
513 - Bug 3290: authenticate_ttl not working for digest authentication
514 - Bug 2258: bypassing cache but not destroying cache entry
515 - HTTP/1.1: make Vary:* objects cacheable
516 - HTTP/1.1: Add registered codes entry for new 103 (Early Hints) status code
517 - Support IPv6 NAT with PF for NetBSD and FreeBSD
518 - TLS: Make key= before cert= an error instead of quietly hiding the issue
519 - ... and some debug updates
520 - ... and some build fixes
521 - ... and several documentation updates
522
d710ff25
AJ		 523Changes to squid-3.5.22 (09 Oct 2016):
524
525 - Bug 4594: build failure with clang 3.9
526 - Bug 4471: revalidation does not work when expired cached object lacks Last-Modified
527 - Bug 4302 pt2: IPv6 support for IPFilter v5 transparent interception
528 - Bug 4228: ./configure bug/typo in r14394
529 - Bug 3819: "fd >= 0" assertion in file_write() during reconfiguration
530 - Bug 2833: Collapse internal revalidation requests (SMP-unaware caches)
531 - Fix logged request size (%http::>st) and other size-related %codes
532 - Fix some memory leaks from putenv()
533 - Fix memory leaks from url_rewrite_extras and store_id_extras on reconfigure/shutdown
534 - Fix segfault crash when debugging section 4 at level 9
535 - HTTP: MUST ignore a [revalidation] response with an older Date header
536
f6791433
AJ		 537Changes to squid-3.5.21 (08 Sep 2016):
538
539 - Bug 4563: duplicate code in httpMakeVaryMark
540 - Bug 4542: authentication credentials IP TTL updated incorrectly
541 - Bug 4534: assertion failure in xcalloc when using many cache_dir
542 - Bug 4428: mal-formed Cache-Control:stale-if-error header
543 - Bug 3025: Proxy-Authenticate problem using ICAP server
544 - Fix segfault via Ftp::Client::readControlReply()
545 - Fix SSL-Bump failure results in SEGFAULT
546 - HTTP/1.1: MUST always revalidate Cache-Control:no-cache responses
547 - HTTP/1.1: do not allow Proxy-Connection to override Connection header
548 - SSL: CN wildcard must only match a single domain component [fragment]
549
267a742e
AJ		 550Changes to squid-3.5.20 (01 Jul 2016):
551
552 - Bug 4523: smblib compile fails on NetBSD
553 - Bug 4485: off-by-one out-of-bounds Parser::Tokenizer::int64() read errors
554 - Bug 3579: assertion failed 'MemPools[type]' from dst_as ACL
555 - Fix icons loading speed
556 - Fix OpenSSL detection on FreeBSD
557 - Fix assertion failed: Write.cc:38: 'fd_table[conn->fd].flags.open'
558 - Fix SEGFAULT parsing malformed adaptation service configuration
559 - Fix ConnStateData::In::maybeMakeSpaceAvailable() logic
560 - Do not override user defined -std option
561 - Do not allow low-level debugging to hide important/critical messages
562 - Do not make bogus recvmsg(2) calls when closing UDS sockets
563 - Support unified EUI format code in external_acl_type
564
565Changes to squid-3.5.19 (09 May 2016):
566
567 - Regression Bug 4515: interception proxy hangs
568
25e7b074
AJ		 569Changes to squid-3.5.18 (06 May 2016):
570
571 - Bug 4510: stale comment about 32KB limit on shared memory cache entries
572 - Bug 4509: EUI compile error on NetBSD
573 - Bug 4501: HTTP/1.1: normalize Host header
574 - Bug 4498: URL-unescape the login-info after extraction from URI
575 - Bug 4455: SegFault from ESIInclude::Start
576 - Prevent Squid forcing -b 2048 into the arguments for sslcrtd_program
577 - Fix TLS/SSL server handshake alert handling
578
2dae5986
AJ		 579Changes to squid-3.5.17 (20 Apr 2016):
580
581 - Regression Bug 4480: logformat [.width_max]
582 - Regression Bug 4481: varyEvaluateMatch: Oops. Not a Vary match on second attempt
583 - Bug 4495: Unknown SSL option SSL_OP_NO_TICKET
584 - Bug 4493: theObject->sharedMemorySize() == theSegment.size() exception
585 - Bug 4483: ./configure garbles -Og option in CFLAGS
586 - Bug 4482: Solaris GCC 5.2 warning in src/ip/Intercept.cc
587 - Bug 4468: NotNode (!acl) naming: Terminate the name before strncat(name).
588 - Bug 4465: Header forgery detection leads to crash
589 - Bug 2460 partial: workaround deferred reads on shutdown and restart
590 - cachemgr.cgi: use dynamic MemBuf for internal content generation
591 - ESI: Fix several element construction issues
592 - TLS: Fix Handshake Error: ccs received early
593 - TLS: Add chained and signing cert to peek-then-bumped connections
594 - Fix some startup/shutdown crashes
595
b1e01a62
AJ		 596Changes to squid-3.5.16 (02 Apr 2016):
597
598 - Bug 4476: Removed duplicated #include lines
599 - Bug 4452: squid -z segfaults with ufs
600 - Bug 4447:FwdState.cc:447 "serverConnection() == conn" assertion
601 - Bug 4423: adding stdio: prefix to cache_log directive produces FATAL error
602 - Bug 4409: compile error when two Heimdal libraries are installed
603 - Bug 2831: Cache-control: max-age not sent on TCP_IMS_HIT/304
604 - pinger: Fix buffer overflow in Icmp6::Recv
605 - pinger: Fix select(2) to actually use max_fd
606 - pinger: drop capabilities on Linux
607 - Fix memory leak of HttpRequest objects
608 - Fix memory leak when the cache of sslcrtvalidator_program is disabled via ttl=0
609 - Fix assertion failed: Write.cc:41: "!ccb->active()"
610 - Fix crash on shutdown while cleaning up idle ICAP connections
611 - RFC 7725: Add registry entry for 451 status text
612 - ... and some build issues
613
81bf66f8
AJ		 614Changes to squid-3.5.15 (23 Feb 2016):
615
616 - Bug 3870: assertion failed: String.cc: 'len_ + len <65536' in ESI::CustomParser
617 - Fix multiple assertion on String overflows
618 - Fix unit test errors on MacOS
619 - Better handling of huge response headers. Fewer incorrect "Bug #3279" messages.
620 - Log noise reduction for eCAP
621
4e071e97
AJ		 622Changes to squid-3.5.14 (16 Feb 2016):
623
624 - Bug 4437: Fix Segfault on Certain SSL Handshake Errors
625 - Bug 4431: C code is not compiled with CFLAGS
626 - Bug 4418: FlexibleArray compile error with GCC 6
627 - Bug 4378: assertion failed: DestinationIp.cc:60:
628 'checklist->conn() && checklist->conn()->clientConnection != NULL'
629 - Fix invalid FTP connection handling on blocked content
630 - Fix handling of shared memory left over by Squid crashes or bugs
631 - Fix mgr:config report 'qos_flows mark' output
632 - Fix compile error in CPU affinity
404063c5 633 - Fix %un logging external ACL username
4e071e97 634 - Avoid more certificate validation memory leaks
404063c5 635 - ... and some documentation updates
4e071e97 636
0461fde7
AJ		 637Changes to squid-3.5.13 (06 Jan 2016):
638
639 - Bug 4397: DragonFly BSD, POSIX shared memory is implemented as filepath
640 - Bug 4387: Kerberos build errors on Solaris
641 - TLS: Support Ephemeral Elliptic Curve Diffie-Hellman (EECDH) key exchange
642 - TLS: Complete certificate chains using external intermediate certificates
643 - Avoid memory leaks when an X.509 certificate validator is used with SslBump
644 - Fix connection retry and fallback after failed server TLS connections
645 - Fix GnuTLS detection via pkg-config
646 - Fix startup crash with a misconfigured (too-small) shared memory cache
647 - ... and some documentation updates
648
bf7891f2
AJ		 649Changes to squid-3.5.12 (28 Nov 2015):
650
651 - Bug 4374: refresh_pattern config parser (%)
652 - Bug 4373: assertion 'calloutContext->redirect_state == REDIRECT_NONE'
653 - Bug 4228: links with krb5 libs despite --without options
654 - Fix SSL_get_certificate() problem detection
655 - Fix TLS handshake problem during Renegotiation
656 - Fix cache_peer forceddomain= in CONNECT
657 - Fix status code-based HTTP reason phrase for eCAP-generated messages
658 - Fix build errors in cpuafinity.cc
659 - ... and several documentation updates
660
0b475d3f
AJ		 661Changes to squid-3.5.11 (01 Nov 2015):
662
663 - Bug 3574: crashes on reconfigure and startup
664 - Bug 4347: compile errors with LibreSSL 2.3
665 - Bug 4281: copy-paste typos in src/tools.cc
666 - Bug 4279: No response from proxy for FTP-download of non-existing file
667 - Bug 4188: Bumping intercepted SSL connections does not work on Solaris
668 - Fix incorrect authentication headers on cache digest requests
669 - Fix connection stats, including %<lp, missing for persistent connections
670 - Fix invalid memory access issues in SBuf
671 - Avoid errors when parsing manager ACL in old squid.conf
672
574e0f53
AJ		 673Changes to squid-3.5.10 (01 Oct 2015):
674
675 - Regression Fix cache_peer login=PASS(THRU) after CVE-2015-5400
676 - Regression Bug 4326: base64 binary encoder rejects data beginning with nil byte
677 - Bug 4323: Netfilter broken cross-includes with Linux 4.2
678 - Bug 4328: %un format code does not work for external ACLs in credentials-fetching rules
679 - Bug 4208: more than one port in wccp2_service_info line causes error
1243ec71 680 - Bug 4303: PeerConnector.cc:743 "!callback" assertion.
574e0f53
AJ		 681 - Bug 4330: Do not use SSL_METHOD::put_cipher_by_char to determine size of SSL hello ciphers
682 - Relicense ntlm_fake_auth.pl to GPLv2+
683 - Relicense smb_lm auth helper to GPLv2+
684 - Relicense SSPI helper to GPLv2+
685 - ... and several minor performance optimizations
686
3de58ac0
AJ		 687Changes to squid-3.5.9 (17 Sep 2015):
688
689 - Regression Bug 3618: ntlm_smb_lm_auth rejects correct passwords
690 - Bug 4309: incorrect extensions detection in SSL Hello messages
691 - Bug 4309: crash during Skype login
692 - Bug 4284: missing sanity checks for malloc
693 - Regression Fix: CONNECT request debugging 11,2 traces
694 - Regression Fix: Quieten UFS cache maintenance skipped warnings
695 - TLS: Support SNI on generated CONNECT after peek
696 - ... and some documentation updates
697
4fff8fc1
AJ		 698Changes to squid-3.5.8 (02 Sep 2015):
699
700 - Regression Bug 4306: build portability fix in Kerberos helpers
701 - Bug 4302: IPFilter v5 transparent interception
702 - Bug 4301: compile errors with IPFilter interception
703 - Bug 4285 partial: %us is not supported in access.log
704 - Bug 4278: Docs: typo in the refresh_pattern freshness algorithm
705 - Bug 4242: compile errors with eCAP using clang-3.6
706 - Bug 3696: crash when client delay pools are activated
707 - Bug 3553: cache_swap_high ignored and maxCapacity used instead
708 - Regression Fix: FtpServer.cc:1024: "reply != NULL" assertion
709 - Fix ignore of impossible SSL bumping actions, as intended and documented
710 - Fix memory leak in Surrogate-Capability header detection
711 - Fix truncated body length when RESPMOD service aborts
712 - Reject non-chunked HTTP messages with conflicting Content-Length values
713 - Support splice for SSLv3 and TLSv1 sessions that start with an SSLv2 Hello
714 - ... and several portability and compile fixes
715 - ... and several documentation updates
716
4df5649e
AJ		 717Changes to squid-3.5.7 (01 Aug 2015):
718
c52a4693 719 - Bug 4293: wrong SNI sent to server after URL-rewrite
4df5649e
AJ		 720 - Bug 4251: incorrect instance name for memory segments in /dev/shm
721 - Bug 4227: invalid key in AuthUserHashPointer causing assertation failure
722 - Bug 3345: support %un (any available user name) format code for external ACLs.
ab5bc97e 723 - basic_smb_auth: Fix several old issues identified by Debian users
4df5649e
AJ		 724 - Support ssl-bump splicing to origin cache_peer
725 - Fix SSL errors relayed using invalid certificates
726 - Fix crash in TcpAccepter with profiler enabled
727 - Fix some cases of ssl_crtd SSL certificate DB corruption
728 - Fix performance regression in SBuf::chop operations
729 - Improve handling of client connections on shutdown
730 - Handle exceptions during squid.conf parse
731 - Make pod2man an optional dependency
732 - ... and polishing for several cache.log notification messages
733 - ... and all fixes from squid 3.4.14
734
ab248038
AJ		 735Changes to squid-3.5.6 (03 Jul 2015):
736
737 - Bug 4274: ssl_crtd.8 not being installed
738 - Bug 4193: memory leak on FTP listings
739 - Bug 4183: segfault when freeing https_port clientca on reconfigure or exit
740 - Bug 3875: bad mimeLoadIconFile error handling
741 - Bug 3483: assertion failed store.cc:1866: 'isEmpty()'
742 - Bug 3329: pinned server connection is not closed properly
743 - TLS: Disable client-initiated renegotiation
744 - ext_edirectory_userip_acl: fix uninitialized variable
745 - Support custom OIDs in *_cert ACLs
746 - Fix CONNECT failover to IPv4 after trying broken IPv6 servers
747 - Use relative-URL in errorpage.css for SN.png
748 - Do not blindly forward cache peer CONNECT responses
749 - Fix assertion String.cc:221: "str"
750 - Fix assertion comm.cc:759: "Comm::IsConnOpen(conn)" in ConnStateData::getSslContextDone
751 - Translations: add Spanish US dialect alias
752
c75a7d0a
AJ		 753Changes to squid-3.5.5 (28 May 2015):
754
755 - Regression Bug 4132: short_icon_urls with global_internal_static on
756 - Bug 4238: assertion Read.cc:205: "params.data == data"
757 - Bug 4236: SSL negotiation error of 'success'
758 - Bug 3930: assertion 'connIsUsable(http->getConn())'
759 - Fix assertion MemBuf.cc:380: "new_cap > (size_t) capacity" in SSL I/O buffer
760 - Fix assertion errorpage.cc:600: "entry->isEmpty()"
761 - Fix comm_connect_addr on failures returns Comm:OK
762 - Fix missing external ACL helper notes
763 - Fix "Not enough space to hold server hello message" error message
764 - Fix segmentation fault inside Adaptation::Icap::Xaction::swanSong
765 - Prevent unused ssl_crtd helpers being run
766 - ... and some code cleanup and portability updates
767 - ... and several documentation updates
768
88e192b1
AJ		 769Changes to squid-3.5.4 (01 May 2015):
770
771 - Bug 4234: comm_connect_addr uses errno incorrectly
772 - Bug 4231: fd_open() not correctly handling UDS socket descriptions
773 - Bug 4226: digest_edirectory_auth: found but cannot be built
774 - Bug 4198: assertion failed: client_side.h:364: "sslServerBump == srvBump"
775 - Bug 3775: Disable HTTP/1.1 pipeline feature for pinned connections
776 - Fix require-proxy-header preventing HTTPS proxying and ssl-bump
777 - Fix Negotiate/Kerberos authentication request size exceeds output buffer size
778 - Fix SQUID_X509_V_ERR_DOMAIN_MISMATCH errors while accessing sites with valid certificates
779 - Add server_name ACL matching server name(s) obtained from various sources
780 - Add Kerberos support for MAC OS X 10.x
781 - Support for resuming TLS sessions
782 - ... and some portability and compile fixes
783 - ... and several documentation updates
784 - ... and all fixes from squid 3.4.13
785
548362ff
AJ		 786Changes to squid-3.5.3 (28 Mar 2015):
787
788 - Regression Bug 4213: negotiate_kerberos_auth: freeing non-dynamic memory
789 - Regression Bug 4206: Incorrect connection close on expect:100-continue
790 - Bug 4204: ./configure does not abort when required helpers cannot be built
791 - Bug 3805: support shared memory on MacOS X in Mem::IPC::Segment
792 - Bug 2907: high CPU usage on CONNECT when using delay pools
793 - basic_getpwnam_auth: fail authentication on crypt() failures
794 - basic_nis_auth: fail authentication on crypt() failures
795 - ext_kerberos_ldap_group_acl: Heimdal support improvements
796 - ext_wbinfo_group_acl: Perl 5.20 support
797 - ... and several compile issues
798
4d3be924
AJ		 799Changes to squid-3.5.2 (18 Feb 2015):
800
801 - Regression Bug 4176: Digest auth too many helper lookups
802 - Regression Bug 4180: not-fully-initialized data member in ACLUserData
803 - Bug 4172: Solaris broken krb5-config
804 - Bug 4073: Cygwin compile errors
805 - Bug 3919: remove several never-true / never-false comparisons
806 - HTTPS: Add missing root CAs when validating chains that passed internal checks
807 - Fix some cbdataFree related memory leaks
808 - Quieten CBDATA 'leak' messages
809 - Set SNI information in transparent bumping mode
810 - negotiate_kerberos_auth: fix krb5.conf backward compatibility
811 - Fix memory leaks in cachemgr.cgi URL parser
812 - Fix sslproxy_options in peek-and-splice mode
813 - ... and fix several portability and build issues
814 - ... and some documentation updates
815 - ... and all fixes from squid 3.4.11
816
aac5b91d
AJ		 817Changes to squid-3.5.1 (13 Jan 2015):
818
819 - Fix handling of invalid SSL server certificates when splicing connections
820 - basic_smb_lm_auth: Simplified MSNT basic auth helper
821 - squidclient: Fix -A and -P options
822 - ... and several portability fixes
823 - ... and all fixes from squid 3.4.11
824 - ... and a lot of documentation updates
825
cf62b886
AJ		 826Changes to squid-3.5.0.4 (21 Dec 2014):
827
828 - Bug 3826: pt 2: Provide a systemd .service file for Squid
829 - Support http_access denials of SslBump "peeked" connections.
830 - Fix DONT_VERIFY_DOMAIN ssl flag
831 - Fix peek-and-splice mode: certificate validation for domain mismatched errors
832 - negotiate_kerberos_auth: MEMORY keytab and replay cache support
833 - ... and some documentation updates
834 - ... and a large amount of code polishing (non-logic changes)
835
4666bb8d
AJ		 836Changes to squid-3.5.0.3 (09 Dec 2014):
837
838 - Bug 4146: workaround SSL Bump crash on Linux
839 - Bug 4135: Support \-escaped characters in regex patterns
840 - Bug 4131: SIGSEGV at store.cc:962 content_length > store_maxobjsize
841 - Fix delay_parameters parsing
842 - HTTP/2: handle 'PRI' method found in HTTP/1.x traffic
843 - ... and all changes from squid 3.4.10
844 - ... and a lot of documentation updates
845
bf611e3a
AJ		 846Changes to squid-3.5.0.2 (31 Oct 2014):
847
848 - Fix FTP socket opening during reconfigure
849 - ... and all changes from 3.4.9
850 - ... and some build errors in rarely used code
851 - ... and several documentation updates
852
e0dbeeb6
AJ		 853Changes to squid-3.5.0.1 (17 Oct 2014):
854
855 - Port from 2.7: redirector and logging urlgroup feature
856 - Bug 4093: source-maintenance.sh bad perl -i option
857 - Bug 3608: per-service name for workers UDS sockets
858 - Bug 2554: 32-bit wrap in AUFS counters
859 - Bug 1961 pt1: URL handling redesign
860 - Bug 1202 pt1: documentation for refresh_pattern algorithms
861 - Update Squid boilerplate copyright/license
862 - Update the http(s)_port directives protocol= parameter
863 - Update forward_max_tries to permit 25 server paths
864 - Update Kerberos library detection and build options
865 - Support ACLs on ftp_epsv directive
866 - Support >32KB objects in cache_dir rock storage
867 - Support client connection annotation by helpers via clt_conn_tag=TAG
868 - Support native FTP Relay
869 - Support libgnugss Kerberos library
870 - Support libecap v1.0
871 - Support SSL Peek and Splice feature
872 - Support receiving PROXY protocol version 1 and 2
873 - Replace --enable-ssl build option with --with-openssl
874 - Enable -n service name command line option for all Squid builds
875 - Enable ICAP client by default
876 - Fix configuration file parsing bugs, related to quoted strings
877 - Fix Windows MinGW build errors
878 - Fix multiple TCP outgoing TOS/DiffServ bugs
879 - Fix Cygwin /etc/resolv.conf parsing
880 - Fix crash when sending %ssl::cert_subject to external ACL w/o certificate
881 - Fix crash reading malformed config files
882 - Send selected SSL version and cipher to the certificate validation helper
883 - Validate server certificates without bumping
884 - Add zero-copy string buffer support
885 - Add automated squid.conf parser testing with squid -k parse
886 - Add adaptation_service ACL
887 - Add logformat code %tS to log transaction start time
888 - Add logformat code %>rd to log client URL domain name
889 - Add key_extras to proxy authentication
890 - Add url_rewrite_extras and store_id_extras directives
891 - Add send_hit and store_miss directives
892 - Add collapsed_forwarding directive
893 - Add sslproxy_cert_sign_hash directive
894 - Add SMP SSL session cache
895 - Add cache_peer standby connections
896 - Add helper ext_delayer_acl
897 - Add TCP_TUNNEL log code for CONNECT tunnels which are not SSL-bumped
898 - Add BUILDCXX and BUILDCXXFLAGS configure options for cross-compile
899 - Remove COSS storage in favour of Rock storage
900 - Remove dnsserver and external DNS helper API in favour of mDNS
901 - Remove broken mallinfo() accounting and memory tracing
902 - Remove hierarchy_stoplist in favour of always_direct
903 - Deprecate tag ACL type in favour of note ACL type
904 - Deprecate urlgroup feature in favour of note ACL type
905 - HTTP/1.1: method names are case-sensitive
906 - HTTP/1.1: register new headers from RFC 723x
907 - squidclient: polish and update help display
908 - squidclient: support TLS with GnuTLS 3.1.5+
909 - squidclient: support verbosity levels
910 - squidclient: --ping mode module support
911 - url_fake_rewrite: support concurrency
912 - storeid_file_rewrite: support concurrency
913 - digest_file_auth: support concurrency
914 - digest_edirectory_auth: support concurrency
915 - digest_ldap_auth: support concurrency
916 - ... and many error page translation updates
917 - ... and much code cleanup and polishing
918
4df5649e
AJ		 919Changes to squid-3.4.14 (01 Aug 2015):
920
921 - Do not blindly forward cache peer CONNECT responses (CVE-2015-5400)
922
88e192b1
AJ		 923Changes to squid-3.4.13 (01 May 2015):
924
925 - Bug 4212: ssl_crtd crashes with corrupt database
926 - ... and some documentation updates
927 - ... and all fixes from squid 3.3.14
928
4d3be924
AJ		 929Changes to squid-3.4.12 (18 Feb 2015):
930
931 - Bug 4066: Digest auth nonce indefinite rollover
932 - Bug 3997: Excessive NTLM or Negotiate auth helper annotations
933 - Fix several crashes when debugging enabled
934 - Fix silent SSL/TLS failure on split-stack operating systems
935 - HTTP/1.1: Stop emitting (Proxy-)Authentication-Info for Negotiate
936 - HTTPS: Add TLS/SSL option NO_TICKET to http[s]_port
937 - Remove dst ACL dependency on HTTP request message existence
938 - Set cap_net_admin when Squid sets TOS/Diffserv packet values
939 - ... and some documentation updates
940
aac5b91d
AJ		 941Changes to squid-3.4.11 (13 Jan 2015):
942
943 - Bug 4164: SEGFAULT when %W formating code used in errorpages
944 - Bug 4057: Avoid on-exit crashes when adaptation is enabled.
945 - Bug 3760: squidclient ignores --disable-ipv6
946 - Bug 3754: configure doesnt detect IPFilter 5.1.2 system headers
947 - Bug 3664: ssl_crtd fails to build on OpenSolaris/OpenIndiana/Solaris 11
948 - cachemgr.cgi: memory leak in request parser
949 - Deleting first fs left psstate->servers pointing to uninitialized memory
950 - ... and some build issues
951
4666bb8d
AJ		 952Changes to squid-3.4.10 (09 Dec 2014):
953
954 - Bug 4148: external_acl_type header format does not accept the new libformat syntax
955 - Bug 4145: squid_endian.h compile errors with OpenBSD 5.6
956 - Bug 4033: Rebuild corrupted ssl_db/size file
957 - Bug 3902: Docs: external_acl_type cache hash key
958 - Fix segmentation fault in ACL urlpath_regex
959 - Fix bootstrap.sh dependency on SPONSORS.list
960 - Alternate-Protocol is a hop-by-hop header
961 - HTTP/2: Support 421 (Misdirected Request) status code
962
bf611e3a
AJ		 963Changes to squid-3.4.9 (31 Oct 2014):
964
965 - Regression fix: ext_kerberos_ldap_group_acl typo in 3.4.7 update
966 - Bug 4102: sslbump cert contains only a dot character in key usage extension
967 - Bug 4093: source-maintenance.sh errors and warnings due to wrong tools/options
968 - Bug 4088: memory leak in external_acl_type helper with cache=0 or ttl=0
969 - Bug 4024: Bad host/IP ::1 when using IPv4-only environment
970 - Bug 3803: ident leaks memory on failure
971 - kerberos_ldap_group/cert_tool: Remove ksh dependency
972 - ... and some automated code style updates
973 - ... and some documentation updates
974
bd6c316a
AJ		 975Changes to squid-3.4.8 (15 Sep 2014):
976
977 - Fix off by one in SNMP subsystem
978 - pinger: Fix various ICMP handling issues
979
abc809ce
AJ		 980Changes to squid-3.4.7 (28 Aug 2014):
981
982 - Regression Fix: Kerberos LDAP authorizing groups with principle subdomain
983 - Bug 4080: worker hangs when client identd is not responding
984 - Bug 3966: Add KeyEncipherment when ssl-bump substitues RSA for EC
985 - HTTP/1.1: Ignore Range headers with unidentifiable byte-range values
986 - SSL-bump: Use v3 for fake certificate if we add _any_ certificate extension
987 - Enable compile-time override for MAXTCPLISTENPORTS
988 - ntlm_sspi_auth: Fix various build errors
989 - negotiate_wrapper: Fix build issues with non-portable vfork()
990 - negotiate_sspi_auth: Portability fixes for MinGW
991 - ext_lm_group_acl: Portability fixes for MinGW
992 - ... and several minor memory leaks
993
7f089ae4
AJ		 994Changes to squid-3.4.6 (25 Jun 2014):
995
996 - Regression: segmentation fault logging with %tg format specifier
997 - Bug 4065: round-robin neighbor selection with unequal weights
998 - Bug 4056: assertion MemPools[type] from netdbExchangeStart()
999 - Bug 4050: segmentation fault in CommSelectEngine::checkEvents on helper response
1000 - Fix segmentation fault setting up server SSL connnection
1001 - Fix hanging Non-HTTPS connections on SSL-bump enabled port
1002 - Fix Cache Manager actions listed more than once
1003 - ... and many minor memory leaks
1004 - ... and several portability build issues
1005 - ... and some documentation updates
1006
51a22544
AJ		 1007Changes to squid-3.4.5 (02 May 2014):
1008
1009 - Regression Bug 4051: inverted test on CONNECT payload existence
1010 - Regression Fix: order dependency between cache_dir and maximum_object_size
1011 - Fix logformat %note display
1012 - Resolve 'dying from an unhandled exception: c'
1013
445d8733
AJ		 1014Changes to squid-3.4.4.2 (23 Apr 2014):
1015
51a22544 1016 - version bump for packaging re-build with altered toolchain
445d8733 1017
e6b41a35
AJ		 1018Changes to squid-3.4.4.1 (23 Apr 2014):
1019
1020 - Regression Bug 4019: Cache digest exchange segmentation fault
1021 - Regression Bug 3982: EUI logging and helpers show blank MAC address
1022 - Bug 4047: Support Android builds
1023 - Bug 4043: Remove XMALLOC_TRACE and references to sbrk(2)
1024 - Bug 4041: Missing files in compat/Makefile.am
1025 - Bug 4014: Build failure with --disable-optimizations --disable-auth
1026 - Bug 3986: (partial) assertion due to incorrect error page buffer size
1027 - Bug 3955: Solaris EUI-48 lookup leaks FDs
1028 - Bug 3371: CONNECT with data sent at once loses data
1029 - C++11: Upgrade auto-detection to use the formal -std=c++11
1030 - Crypto-NG: libnettle MD5 algorithm support
1031 - SSL-Bump: Fix Basic auth caching on bumped connections
1032 - Store-ID: Fix request URI when forwarding requests to peers
1033 - ... and fix several other build errors
1034 - ... and some documentation updates
1035
d3b930ff
AJ		 1036Changes to squid-3.4.4 (09 Mar 2014):
1037
1038 - Bug 4029: intercepted HTTPS requests bypass caching checks
1039 - Bug 4001: remove use of strsep()
1040 - Bug 3186 and 3628: Digest authentication always sending stale=false for nonce
1041 - Fix stalled concurrent rock store reads
1042 - Fix helper ID number assignment
1043 - Fix build failures from CMSG related definitions
1044 - Fix build failures from libcompat unsafe.h protections
1045 - Copyright: Relicense helpers by Treehouse Networks Ltd.
1046 - ... and all bug fixes from 3.3.12
1047
a01166da
AJ		 1048Changes to squid-3.4.3 (02 Feb 2014):
1049
1050 - Bug 4008: HttpHeader warnOnError should be an int not a bool
1051 - Bug 4002: clang 3.4 unable to compile
1052 - Bug 3996: Malformed DNS reply leads to crash
1053 - Bug 3995: compile error on CentOS 5 with GCC 4.1.2
1054 - Bug 3975: atomic detection cross-compilation failure
1055 - Bug 3971: "cannot aggregate mgr:client_list: cmd->profile != NULL" in SMP mode
1056 - Bug 3954: compile failure in CpuAffinity.cc
1057 - Bug 3927: tests/testRock fatal.cc required
1058 - Fix memory leak in peer Cache Digest exchange
1059 - Fix external_acl_type async loop failures
1060 - Fix destination IP address cycling
1061 - ... and a few polishing changes
1062
441842f0
AJ		 1063Changes to squid-3.4.2 (30 Dec 2013):
1064
1065 - Regression Bug 3980: FATAL ERROR due to max_user_ip -s option
1066 - Regression Fix: \-unescaping in quoted strings from helpers
1067 - Regression Fix: URL helper API bypassing on URL containing '=' character
1068 - Bug 3985: 60s limit introduced by balance_on_multiple_ip breaks bad IP recovery
1069 - Bug 3806: Caching responses with Vary header
1070 - Bug 3498: FTP PUT assertion
1071 - WCCPv2: Fix assertion 'Cannot convert non-IPv4 to IPv4' on FreeBSD
1072 - Enable concurrency by default for SSL certificate validator
1073 - ... and fix several build errors
1074
12f64d19
AJ		 1075Changes to squid-3.4.1 (09 Dec 2013):
1076
1077 - Bug 3935: Invalid pointer dereference when peeking at origin server certificate
1078 - Bug 3589: intercepted and ICAP modified request using a cache_peer
1079 - ... and several portability fixes
1080 - ... and some documentation updates
1081
277afc6e
AJ		 1082Changes to squid-3.4.0.3 (01 Dec 2013):
1083
1084 - Bug 3941: Release notes error
1085 - Receive annotations from authentication and external ACL helpers
1086 - basic_nis_auth: Improved portability
1087 - ... and several documentation updates
1088 - ... and all bug fixes from 3.3.9, 3.3.10, 3.3.11
1089
2d011f52 1090Changes to squid-3.4.0.2 (03 Oct 2013):
ae2b6fc9
AJ		 1091
1092 - Regression Bug 3891: squid.conf parser errors in 3.4.0.1
1093 - Regression Fix: re-disable MinGW C++11 support
1094 - Bug 3914: partial: make squidclient tool build cleanly with -Wconversion
1095 - Fix memory leak in refresh_pattern parsing
1096 - negotiate_kerberos_auth: upgrade to present group= keys
1097 - Handle NTLM helper returning OK without user= value
1098 - Add dns_multicast_local to control mDNS operation
1099 - Add --disable-arch-native build option
1100 - Display Build-Info in cache manager info report
1101 - ... and all changes from squid 3.3.9
1102 - ... and some code and debug output polishing
1103
14561e1c 1104Changes to squid-3.4.0.1 (29 Jul 2013):
13db7eef
AJ		 1105
1106 - Port from 2.7: StoreURL (renamed Store-ID) support
1107 - Bug 3795: fix several mistakes in the MIB file
1108 - Bug 3793: configure: improved helper detection
1109 - Bug 3722: Invalid markup in Armenian hy ERR_ONLY_IF_CACHED_MISS
1110 - Bug 3676: Support GCC 4.7 with -Wshadow option
1111 - Bug 3643: NTLM helpers stuck in reserved state by Safari
1112 - Bug 3389: Auto-reconnect for tcp access_log
1113 - Bug 2066: squid does not do chdir() after chroot()
1114 - Fix uninitialized fields in IcapLogEntry
1115 - Fix a number of minor issues detected by Coverity Scan
1116 - Fix some potential memory leaks detected by Coverity Scan
1117 - Fix 64-bit support for Intel compiler suite (ICC) and other similar compilers
1118 - Fix ACL matching algorithm to avoid repeating tests
1119 - basic_pam_auth: Add -r option to strip NTLM/Negotiate domain from username
1120 - squidpurge: fix META TLV parsing issues
1121 - squid.conf: enforce all the directive and option names are lower-case
1122 - Support EUI on HTTPS and FTP data connections
1123 - Support OK/ERR/BH response codes from any helper
1124 - Support No-lookup flag (-n) on DNS ACLs
1125 - Support -march=native compiler optimization by default
1126 - Support forwarding intercepted but not bumped connections to cache_peers
0bbaae54 1127 - Support IPv6 NAT interception on Linux and some BSD
13db7eef
AJ		 1128 - Deprecate log_icap and log_access configuration directives
1129 - HTTP/1.1: improved method invalidation and cacheability detection
1130 - HTTP/1.1: support length configuration for pipeline_prefetch queue
1131 - Improved TPROXY support for OpenBSD and FreeBSD
0bbaae54 1132 - Add storeid_file_rewrite helper to perform Store-ID rewrites from a rules file
13db7eef
AJ		 1133 - Add all-of and any-of ACL types for grouping sets of ACL tests
1134 - Add note directive for transaction annotations
1135 - Add %note log format for transaction annotation logging
1136 - Add note ACL type for matching annotated transactions with by annotation name or value
1137 - Add kv-pair support to URL-rewrite/redirector interface
1138 - Add SSL server certificate validator interface, helper and result cache
1139 - Add SSL server certificate fingerprint ACL type
1140 - Add spoof_client_ip access control
1141 - Add pt-bz (Belize Portuguese) dialect to translations
1142 - ... and many Windows portability changes (still incomplete)
1143 - ... and many documentation changes
1144 - ... and much code cleanup and polishing
988a7fba 1145
88e192b1
AJ		 1146Changes to squid-3.3.14 (01 May 2015):
1147
1148 - Bug 4093: source-maintenance.sh errors and warnings due to wrong tools/options
1149 - ... and some documentation updates
1150 - ... and all fixes from squid 3.2.14
1151
abc809ce
AJ		 1152Changes to squid-3.3.13 (28 Aug 2014):
1153
1154 - Fix segmentation fault setting up server SSL connnection
1155 - HTTP/1.1: Ignore Range headers with unidentifiable byte-range values
1156
d3b930ff
AJ		 1157Changes to squid-3.3.12 (09 Mar 2014):
1158
1159 - Regression Bug 3769: client_netmask not evaluated since Comm redesign
1160 - Bug 4026: Fix SSL and adaptation_access handling of aborted connections
1161 - Bug 3969: Fix credentials caching for Digest authentication
1162 - Bug 3806: Caching responses with Vary header
1163 - Fix umask default on crash report generated email
1164 - Fix pthread library detection on FreeBSD 10
1165 - Avoid assertions on Range requests that trigger Squid-generated errors.
1166
277afc6e
AJ		 1167Changes to squid-3.3.11 (01 Dec 2013):
1168
1169 - Regression Bug 3936: error-details.txt parse error with OpenSSL since 3.3.9
1170 - Bug 3972: Segfault when getting the deny_info page ID after a reconfigure
1171 - Bug 3970: max_filedescriptors disabled due to missing setrlimit
1172 - Bug 3967: ipc/Kid.cc compilation failure: 'time' was not declared in this scope
1173 - Bug 3960: DEAD cache_peer are not revived
1174 - Bug 3956: xstrndup: tried to dup a NULL pointer
1175 - Bug 3906: Filedescriptor leaks in SNMP
1176 - Bug 3782: Digest authentication not obeying nonce_max_count
1177 - HTTP/1.1: Make header parser obey relaxed_header_parser
1178 - HTTP/1.1: Re-compute Range response content offset after an FTP response was adapted
1179 - SMP: Replace blocking sleep(3) and close UDS socket on failures
1180 - Windows: fix several compile errors
1181
c663cc36
AJ		 1182Changes to squid-3.3.10 (03 Nov 2013):
1183
1184 - Bug 3929: request_header_add not working for tunnel requests
1185 - Bug 3923: cbdata and undefined behavior due to dynamic runtime enumeration
1186 - Bug 3918: Self Test Failures on Mac OS X 10.8
1187 - Bug 3887: tcp_outgoing_tos not working for IPv6
1188 - Bug 3836: Fix issues with automake 1.13+ and make check
1189 - Bug 3480: StoreEntry::kickProducer() segfaults in store_client::copy()
1190 - Fix pinning hierarchy log information
1191 - Fix close idle client connections associated with closed idle pinned connections.
1192 - Fix cbdata 'error: expression result unused' errors
1193 - Avoid "hot idle": A series of rapid select() calls with zero timeout.
1194 - Append Connection:close to OPTIONS requests when icap_persistent_connections is off
1195 - ntlm_fake_auth: pass DOMAIN data to Squid in original case
1196 - kerberos_ldap_group: fix LDAP string duplication
1197 - Use IPv6 localhost nameserver on DNS configuration errors
1198 - Add cache_miss_revalidate
1199 - ... and several portability improvements
1200
db01c30c
AJ		 1201Changes to squid-3.3.9 (11 Sep 2013):
1202
1203 - Regression Bug 3077: off-by-one error in Digest header decoding
1204 - Bug 3895: fix acl_uses_indirect_client and cache_peer_access
1205 - Bug 3879: assertion failed ConnStateData::validatePinnedConnection
1206 - Bug 3863: myportname acl causes segmentation fault
1207 - Bug 3849: Duplicate certificate sent when using https_port
1208 - Bug 2287: Better fix for unsupported HTTP version handling
1209 - Bug 2112: Reload into If-None-Match
1210 - Fix several assert with side effects in ICAP/eCAP response handling
1211 - Fix myportname ACL on ICAP/eCAP transactions
1212 - Fix external ACL user:pass detail logging after adaptation
1213 - Fix SMP mgr:info report 'Largest file desc currently in use'
1214 - Handle infinite certificate validation loops caused by OpenSSL Bug 3090.
1215 - Improved compatibility with gcc 4.8, clang and icc
1216 - Show number of available filedescriptors when reserved FD changes
1217 - Sync with newest OpenSSL error codes
1218 - Register Http2-Settings header
1219 - ... and many Windows portability fixes
1220
8dbafb10
AJ		 1221Changes to squid-3.3.8 (13 Jul 2013):
1222
1223 - Bug 3869: assertion failed: MemBuf.cc:272: size < capacity
1224 - Improved handling of port values in Host: header validation
1225
2fea9d2b
AJ		 1226Changes to squid-3.3.7 (11 Jul 2013):
1227
1228 - Bug 3297: Fix openSSL related build failures
1229 - Fix build on FreeBSD 9.x platform with clang
1230 - Protect against buffer overrun in DNS query generation
1231
1a39473b
AJ		 1232Changes to squid-3.3.6 (01 Jul 2013):
1233
1234 - Bug 3854: pt1: compile errors on AIX
1235 - Bug 3802: Fix wrong check inside Format::Format::assemble
13db7eef 1236 - Bug 3762: remove bogus WARNING in cache.log
1a39473b
AJ		 1237 - Bug 3717: assertion failed with dstdom_regex with IP based URL
1238 - Bug 1991: kqueue causes SSL to hang
1239 - Ask for SSL key password when started with -N but without sslpassword_program
1240 - Make sure %<tt includes all [failed] connection attempts
1241 - Support HTTP reply ACLs in icap_log and log_icap
1242 - Fix incorrect external_acl_type codes
1243 - Fix ICAP logging request headers and segmentation faults
1244 - ... and some documentation polish
1245
9c7aeeb8
AJ		 1246Changes to squid-3.3.5 (20 May 2013):
1247
1248 - Bug 3851: Delay Pool class 5 tag:levels displayed incorrectly in cache manager
1249 - Bug 3845: http_port tcpkeepalive= option fails parsing
1250 - Bug 3840: assertion failed 'sde' in UFS cache loading
1251 - Bug 3836: make check failures with automake-1.13
1252 - Bug 3827: Remove AccessLogEntry::cache.authuser
1253 - Bug 3816 pt2: SSL_get_certificate call inside Ssl::verifySslCertificate crashes
1254 - Bug 3780: cachemgr.cgi: output problem in HTTP Header Statistics
1255 - Bug 3759: OpenSSL compilation error on stock Fedora17, RHEL, CentOS 6 systems
1256 - Bug 3744: squid terminated: FATAL: Bungled (null) line 3: sslproxy_cert_sign signTrusted all
1257 - Port from 2.6: external acl %ACL and %DATA tags
1258 - Update copyright on SN.png
1259 - ... and several minor memory leaks
1260 - ... and some documentation polish
1261
988a7fba
AJ		 1262Changes to squid-3.3.4 (27 Apr 2013):
1263
1264 - Bug 3831: basic_ncsa_auth Blowfish and SHA support
1265 - Bug 3816: SSL_get_certificate call inside Ssl::verifySslCertificate crashes
1266 - Bug 3794: MacOS: workaround compiler errors and case-insensitivity
1267 - Bug 3781: Proxy Authentication not sent to cache_peer
1268 - Bug 3720 pt1: SourceLayout: shuffle fd_table definition into fde.h
1269 - Bug 3720 pt2: Add missing include in /dev/poll I/O module
1270 - Bug 3674: Improve compiler detection, better support warnings-as-errors on clang
1271 - Add support for TPROXY on BSD
1272 - Fix SSL Bump bypass for intercepted traffic
1273 - Fix memory leaks in ConnStateData pinning
1274 - Fix external_acl.cc "inBackground" assertion on queue overloads
1275 - CacheMgr: fix missing column separator in helper stats
1276 - OpenBSD: libpthreads requires OpenBSD 5.2 or later
1277 - ... and lots of documentation updates
1278 - ... and all changes from squid 3.2.10
1279
40c973aa
AJ		 1280Changes to squid-3.3.3 (12 Mar 2013):
1281
1282 - Bug 3720: Add missing include in /dev/poll I/O module (pt2)
1283 - ... and all changes from squid 3.2.9
1284
d4dc9eea
AJ		 1285Changes to squid-3.3.2 (02 Mar 2013):
1286
1287 - Bug 3781: Proxy Authentication not sent to cache_peer
1288 - Bug 3794: MacOS: workaround compiler errors
1289 - Bug 3720: Compile error in Solaris /OpenIndiana
1290 - ... and all changes from squid 3.2.8
1291
21744e8b
AJ		 1292Changes to squid-3.3.1 (09 Feb 2013):
1293
1294 - Bug 3726: build errors with --disable-ssl
1295 - Propigate pinned connection persistency and closures to the client.
1296 - Mimic SSL certificate Key Usage and Basic Constraints
1297 - Fix segmentation fault on missing squid.conf values
1298 - ext_sql_session_acl: Fix hex decoding on UID
1299 - ... and some code polish
1300 - ... and a lot of documentation polish
1301 - ... and all changes from squid 3.2.7
1302
56eea3f2
AJ		 1303Changes to squid-3.3.0.3 (09 Jan 2013):
1304
1305 - Bug 3729: 32-bit overflow in parsing 64-bit configuration values
1306 - Bug 3728: Improve debug for cache_dir
1307 - Additional fixes for CVE-2012-5643 / SQUID:2012-1
1308 - kerberos_ldap_group: support multiple groups in squid.conf ACL definition
1309 - kqueue: update status from experimental to fully available net I/O method
1310 - ... and many memory leaks and potential bugs detected by Coverity Scan
1311
bd4920ca
AJ		 1312Changes to squid-3.3.0.2 (03 Dec 2012):
1313
1314 - Support matching empty header field values using req_header and rep_header
1315 - ... and some minor code polish and input vaidations
1316 - ... and all changes from squid 3.2.4
1317
362d74b6
AJ		 1318Changes to squid-3.3.0.1 (21 Oct 2012):
1319
1320 - Bug 3610: Add peername_regex ACL
1321 - Bug 3239: rename myip/myport as localip/localport
1322 - Bug 3130: helpers are crashing too rapidly
1323 - Add log_db_daemon SQL Database Logging Daemon
1324 - Add ext_time_quota_acl helper managing sessions by bandwidth usage
1325 - Add request_header_add option
1326 - Support C++11 features where possible
1327 - Support bump-ssl-server-first
1328 - Support mimic SSL server certificates
1329 - Remove --enable-ntlm-fail-open
1330 - Fix TLS/SSL Options does not apply to the dynamically generated certificates
1331 - Fix SslBump stuck after error
1332 - Polish: display ACL enumeration text in debugs
1333 - ... and many portability fixes for MacOS X, Windows and others
1334 - ... and many compile error fixes
1335 - ... and a very large amount of code polish for faster compilation
1336
88e192b1
AJ		 1337Changes to squid-3.2.14 (01 May 2015):
1338
1339 - Fix 'access_log none' to prevent following logs being used
1340 - Fix X509 server certificate domain matching
1341 - ... some documentation updates
1342
8dbafb10
AJ		 1343Changes to squid-3.2.13 (13 Jul 2013):
1344
1345 - Bug 3869: assertion failed: MemBuf.cc:272: size < capacity
1346 - Improved handling of port values in Host: header validation
1347
2fea9d2b
AJ		 1348Changes to squid-3.2.12 (11 Jul 2013):
1349
1350 - Protect against buffer overrun in DNS query generation
1351 - Avoid !closing assertions when helpers call comm_read during reconfigure.
1352 - Fix several minor memory leaks during reconfigure
1353 - Remove origin_tries limiter on forwarding and permit large max_forward_tries values
1354
80c1bddb
AJ		 1355Changes to squid-3.2.11 (30 Apr 2013):
1356
1357 - Regression Bug 3839: build error: src/tools.h: No such file or directory
1358 - Update copyright on SN.png
1359
988a7fba
AJ		 1360Changes to squid-3.2.10 (27 Apr 2013):
1361
1362 - Bug 3833: squidclient: Option '-k' is not present in man(1) page
1363 - Bug 3825: basic_ncsa_auth: segfaulting with glibc-2.17
1364 - Bug 3822: Locate LDAP and SASL headers for BSD support
1365 - Bug 3817: Memory leak in SSL cert validate for alt_name peer certs
1366 - Bug 3774: 'squid -k reconfigure' drops rock cache
1367 - Bug 3565: Resuming postponed accept kills Squid
1368 - HTTP/1.1: partial support for no-cache and private controls with parameters
1369 - ssl_crtd: fix helpers dying during startup on ARM
1370 - GNU Hurd: define MAP_NORESERVE as no-op when missing
1371 - BSD: fix enter_suid/leave_suid build errors in ip/Intercept.cc
1372
40c973aa
AJ		 1373Changes to squid-3.2.9 (12 Mar 2013):
1374
1375 - Regression fix: Accept-Language header parse
1376 - Bug 3673: Silence 'Failed to select source' messages
1377 - Fix authentication headers sent on peer digest requests
1378 - Fix build error on Solaris, OpenIndiana, Omnios
1379
d4dc9eea
AJ		 1380Changes to squid-3.2.8 (02 Mar 2013):
1381
1382 - Bug 3767: tcp_outgoing_tos/mark ACLs do not obey acl_uses_indirect_client
1383 - Bug 3763: diskd Error: no filename in shm buffer
1384 - Bug 3752: objects that cannot be cached in memory are not cached on disk
1385 - Bug 3753: Removes the domain from the cache_peer server pconn key
1386 - Bug 3749: IDENT lookup using wrong ports to identify the user
1387 - Bug 3723: tcp_outgoing_tos/mark broken for CONNECT requests
1388 - Bug 3686: cache_dir max-size default fails
1389 - Bug 3515: crash in FtpStateData::ftpTimeout
1390 - Bug 3329: Quieten orphan Comm::Connection messages
1391 - Make squid -z for cache_dir rock preserve the rock DB
1392 - Fixed several server connect problems
02824360
AJ		 1393 - ... and some build issues on Solaris, OpenIndiana, MacOS X
1394 - ... and some documentation and debugs polishing
d4dc9eea 1395
54ccbeea
AJ		 1396Changes to squid-3.2.7 (01 Feb 2013):
1397
1398 - Bug 3736: Floating point exception due to divide by zero
1399 - Bug 3735: raw-IPv6 domain URLs crash if IPv6-disabled
1400 - Bug 3732: Fix ConnOpener IPv6 awareness
1401 - Bug 3729: 32-bit overflow in parsing 64-bit configuration values
1402 - Bug 3728: Improve debug for cache_dir
1403 - Bug 3687: unhandled exception: c when using interception and peers
1404 - Bug 3678: external acl grace period causes acl lookup failures
1405 - Bug 3567: Memory leak handling malformed requests
1406 - Bug 3111: Mid-term fix for the forward.cc "err" assertion
1407 - Support OpenSSL NO_Compression optio
1408 - Fix IPv6 enabled pinger on split-stack or IPv6-disabled systems
1409 - Fix "address.GetPort() != 0" assertion for helpers
1410 - ... and several minor memory leaks
1411 - ... and some cache.log message polishing
1412
56eea3f2
AJ		 1413Changes to squid-3.2.6 (09 Jan 2013):
1414
1415 - Regression Bug 3731: TOS setsockopt() requires int value
1416 - Regression Bug 3712: Rotating logs overwrites the previous log
1417 - Bug 3727: LLVM compile errors in kerberos_ldap_group
1418 - Bug 3650: Negotiate auth missing challenge token
1419 - Additional fixes for CVE-2012-5643 / SQUID:2012-1
1420
eeb80d48
AJ		 1421Changes to squid-3.2.5 (10 Dec 2012):
1422
1423 - Bug 3698: Add missing include of errno.h
1424
bd4920ca
AJ		 1425Changes to squid-3.2.4 (03 Dec 2012):
1426
1427 - Ported: urllogin ACL from squid 2.7
1428 - Bug 3688: Lots of Orphan Comm:Connections to ICAP server
1429 - Bug 3677: Port un-pinning logic changes from squid 3.3
1430 - Bug 3405: ssl_crtd crashes failing to remove certificate
1431 - ... and major bugs fixed in squid 3.1.22
1432 - Fix accept_filter on Linux
1433 - Remove 'Bungled' warning on missing component directives
1434 - ... and many buffer and memory leak issues in the bundled helpers
1435 - ... and a small amount of code polishing
1436
362d74b6
AJ		 1437Changes to squid-3.2.3 (21 Oct 2012):
1438
1439 - Regression: SMP crashes on startup with workers > 1
1440 - Bug 3655: pinning failure breaks NTLM and Negotiate authentication
1441 - SMP: Allow a UFS cache_dir entry to coexist with a shared memory cache entry
1442 - HTTP/1.1: honour Cache-Control before Pragma:no-cache
1443 - HTTP/1.1: Cache-Control compliance upgrade
1444 - Remove obsoleted refresh_pattern ignore-no-cache option
1445 - Fix IPv6 enabled squidclient
1446 - ... and several compile fixes
1447
1448Changes to squid-3.2.2 (06 Oct 2012):
a18ad4b5
AJ		 1449
1450 - Regression: Make login=PASS send no credentials when none available
1451 - Regression: Handle dstdomain duplicates and overlapping names better
1452 - Bug 3661: Segmentation fault when using more than 1 worker
1453 - Bug 3660: ACLFilledChecklist::fd set with wrong fd for sslproxy_cert_error
1454 - Bug 3658: ERR_ZERO_SIZE_OBJECT propagates out even after successful retry
1455 - Bug 3648: polish String class files
1456 - Bug 3647: parsing hier_code acl fails
1457 - Bug 3626: forwarding loops on intercepted traffic
1458 - Bug 3616: retrieve client connection for ACL checks from the related HttpRequest object
1459 - Bug 3609: several RADIUS helper improvements
1460 - Bug 3605: memory leak in Negotiate authentication
1461 - Fix small memory leak in src ACL parse
1462 - Fix maximum_single_addr_tries upgrade
1463 - Fix chunked encoding on responses carrying a Content-Range header.
1464 - Do not reuse persistent connections for PUTs to avoid ERR_ZERO_SIZE_OBJECT
1465 - ... and several compile errors
1466
c72a2049
AJ		 1467Changes to squid-3.2.1 (15 Aug 2012):
1468
1469 - Bug 3605: memory leak in peer selection
1470 - Bug 3478: better default handling without -DSTRICT_ORIGINAL_DST
1471 - ... and some documentation updates
1472
a9eec4aa
AJ		 1473Changes to squid-3.2.0.19 (02 Aug 2012):
1474
1475 - Regression Bug 3580: IDENT request makes squid crash
1476 - Regression Bug 3577: File Descriptors not properly closed
1477 - Regression Bug 3478: Allow peer selection and connection auth on intercepted traffic
1478 - Regression Fix: Restore memory caching ability
1479 - Bug 3556 Workaround: epoll assertion failed: comm.cc:1093: isOpen(fd)
1480 - Bug 3551: store_rebuild.cc:116: "store_errors == 0" assertion
1481 - Bug 3525: Do not resend nibbled PUTs and avoid "mustAutoConsume" assertion.
1482 - Avoid bogus "Disk space over limit" warnings when rebuidling dirty ufs index
1483 - Support custom headers in [request|reply]_header_* manglers
1484 - ... and much code polishing
1485
5cc53d80 1486Changes to squid-3.2.0.18 (29 Jun 2012):
f787354b
AJ		 1487
1488 - Bug 3576: ICY streams being Transfer-Encoding:chunked
1489 - Bug 3537: statistics histogram leaks memory
1490 - Bug 3526: digest authentication crash
1491 - Bug 3484: Docs: sslproxy_cert_error example flawed
1492 - Bug 3462: Delay Pools and ICAP
1493 - Bug 3405: ssl_crtd crashes failing to remove certificate
1494 - Bug 3380: Mac OSX compile errors with CMSG_SPACE
1495 - Bug 3258: Requests hang when Host forgery verify fails
1496 - Bug 3186: Digest auth caches failed state without revalidating
1497 - Bug 2976: ERR_INVALID_URL for transparently captured requests when reconfiguring
1498 - Bug 2885: AIX: check and set required compiler flags
1499 - Fix ssl_crtd compile issues with libsslutil
1500 - Fix build with GCC 4.7 (and probably other C++11 compilers).
1501 - Fix double-escape of %R on deny_info redirect responses
1502 - Support status 308 Permanent Redirect
1503 - Support for TLSv1.1 and TLSv1.2 options and methods
1504 - Support passing external_acl_type credentials on ICAP
1505 - Language Updates: fr, hy, pt_BR
1506 - ... and many compile issues on Windows
1507 - ... and some minor code polish
1508
5cc53d80 1509Changes to squid-3.2.0.17 (12 Apr 2012):
f949585d
AJ		 1510
1511 - Bug 3527: EUI compile errors on Mac OS X 10.5.8 PPC
1512 - Bug 3509: kQueue compile error
1513 - Bug 3505: crash in CbcPointer<Comm::ConnOpener> constructor
1514 - Bug 3441: Part 3: Replace corrupted v1 swap.state with new v2 format.
1515 - Bug 3397: do not mark connection as opened until after SYN-ACK
1516 - Bug 3193: NTLM decoder truncating strings
1517 - Windows FD handling polish and some fixes
1518 - Solaris 9/10 various build fixes
1519 - ... and some more code polish
1520
5cc53d80 1521Changes to squid-3.2.0.16 (07 Mar 2012):
488e6901
AJ		 1522
1523 - Bug 3508: Correct DNS timeout handling.
1524 - Bug 3503: DNS PTR queries timeout due to wrong QIDs.
1525 - Bug 3497: Bad ssl_crtd db size file causes infinite loop
1526 - Bug 3490: part 1: SegFault opening FTP active data connections
1527 - Bug 3490: Crash writing Apache Common and Referer/Useragent logs
c5426f8f 1528 - Bug 3458: Icon Serving (squid-internal-static) Broken
488e6901
AJ		 1529 - Bug 3457: Display TLS error details in ERR_SECURE_CONNECT_FAIL
1530 - Bug 3381: 32-bit overflow assertion in StatHist
1531 - Bug 3324: loadFromFile: parse error while reading template file
1532 - Support sslpassword_program for ssl-bump HTTP ports
1533 - Support CoAP protocol coap:// and coaps:// URL schemes in HTTP requests
1534 - Retry requests that failed due to a persistent connection race
1535 - Log '-' on requests with no Referer or User-Agent headers
1536 - ... and several fixes related to in-transit object performance
1537 - ... and some structural design changes for portability
1538
5cc53d80 1539Changes to squid-3.2.0.15 (06 Feb 2012):
f9329b54
AJ		 1540
1541 - Bug 3472: segfault with the message 'urlParse: URL too large'
1542 - Bug 3471: segfault when %la formating code used
1543 - Bug 3449: part 3: shm_open can fail with a mangled path
1544 - Bug 3449: part 4: shm_open failed (fixing memory_cache_shared defaults)
1545 - Bug 3448: 204 response problem in adaptation chains
1546 - Bug 3447: assertion failed: CommCalls.h:150: "dp"
1547 - Bug 3461: build regression in IPFilter NAT
1548 - Bug 3413: raise cbdata lock limits
1549 - Bug 3391: forwarded_for log functionality broken
1550 - Bug 3268: Squid cannot do anything else during ufs/diskd rebuild
1551 - Bug 3268: remove wrong 'Ready to serve requests.' message
1552 - Bug 2519: ssl_bump + Authentication (LDAP Digest) issues
1553 - Disable OpenSSL SSL/TLS bug workarounds by default
1554 - Send DNS A and AAAA queries in parallel
1555 - Cache Manager migration support
1556 - Allow service of internal requests over reverse-proxy ports
1557 - Fix trimMemory for unswappable objects
1558 - ... and several build and polish fixes
1559
902bc38b
AJ		 1560Changes to squid-3.2.0.14 (12 Dec 2011):
1561
1562 - Bug 3433: Segfault closing SNMP
1563 - Bug 3420: Request body consumption races and !theConsumer exception.
1564 - Bug 3406: SSL Log Error in debug
1565 - Bug 3383: store.cc:1631: "new_status != IN_MEMORY" assertion
1566 - Bug 3383: unhandled exception: theGroupBSize > 0
1567 - Bug 3377: assertion failed: store.cc:885: "store_status == STORE_PENDING"
1568 - Bug 3367: fix inverted check on host_strict_verify
1569 - Bug 3366: assertion comm.cc:1276: isOpen(fd) via CompositePoolNode::kickReads
1570 - Bug 3364: SNMP Orphans
1571 - Bug 3301: ERR_DNS_FAIL never shown
1572 - Bug 3150: do not start useless unlinkd
1573 - ext_session_acl: version 1.2
1574 - Add adaptation_meta option
1575 - Add a mask on the qos_flows miss configuration value
1576 - Support intermediate CA in ssl-bump traffic certificates
1577 - Support SSL certificate failure details on error page
1578 - Fix flags for NAT intercept and TPROXY not set correctly
1579 - Fix fastCheck() default result on multi-line actions
1580 - Fix missing SMP shared memory statistics
1581 - Fix Comm::Write closing() assertion when retrying a failed UDP DNS query
1582 - ... and several other TCP and SMP support behaviour fixes
1583 - ... and many code polishing cleanups and fixed build errors
1584 - ... and several documentation polishings
1585
8fe9e0a2
AJ		 1586Changes to squid-3.2.0.13 (14 Oct 2011):
1587
1588 - Regression Bug 3363: never_direct always 'unable to forward this request at this time'
1589 - Regression Bug 3351: FTP timeout causing "store_status == STORE_PENDING" assertion
1590 - Regression Bug 3336: reconfigure assertion 'hlp->childs.n_running > 0'
1591 - Regression fix: always_direct/never_direct failures
1592 - Regression fix: stop an SSL header file being included after --disable-ssl
1593 - Regression fix: parse HTTP list headers with embedded 8-bit characters
1594 - Bug 3355: configure setting --with-swapdir ignored
1595 - Bug 3325: option to selectively enable strict host verify checks
1596 - Bug 3337: HTTP status 200 is not accepted for deny_info
1597 - Bug 3077: '\' in url query strings cause Digest authentication to fail
1598 - Support SMP worker shared memory cache
1599 - Support SMP worker shared disk cache (rock)
1600 - ext_session_acl: version 1.1
1601 - Fix Host verify: do not pinn destination IP if URL re-write has been done
1602 - Fix IPF interception
1603 - Fix ssl_crtd "Cannot add certificate to db" when updating expired cert
1604 - Fix ssl_crtd CertificateDB locking scheme
1605 - ... and all changes from 3.1.16
1606 - ... and many compile and polishing fixes
1607
f96fd18d
AJ		 1608Changes to squid-3.2.0.12 (17 Sep 2011):
1609
1610 - Regression Bug 3335: ICAP service is down
1611 - Regression Bug 3322: adapt:: and icap:: format codes do not parse
1612 - Regression Bug 3303: Support for non-English usernames in log files
1613 - Regression Bug 3259: assertion failed: Connection.cc:29: 'fd<0' after REVIVED PARENT
1614 - Regression: %I shows hostname on SSL error page
1615 - Regression: FTP outgoing port always 'in use' on PASV connections
1616 - Bug 3337: (partial) status 200 is not accepted for deny_info
1617 - Bug 3319: Inconsistencies in error messages
1618 - Bug 3281: pconn in-use while closing assertion
1619 - Bug 3243: Fix cases: raw-IPv6, case variant FQDN, internal request
1620 - Fixed max-stale check. Entities not exceeding max-stale were marked as stale
1621 - Adjust format code %la for intercepted connections
1622 - Log ICAP_ERR_GONE ICAP transaction outcome when ICAP initiator disappears early
1623 - Send RST packet when closing an ICAP connection after a transaction error
1624 - Support maximum field width for string access.log fields
1625
2284b7f7
AJ		 1626Changes to squid-3.2.0.11 (28 Aug 2011):
1627
1628 - Bug 3243: CVE-2009-0801 Bypass of browser same-origin access control
1629 - Host: authority validation of intercepted destination IP
1630 - Host: authority validation of request URL
1631 - Host: authority validation of CONNECT tunnel destination
1632 - Preserve client destination IP in intercepted communication
1633 - Regression Bug 3316: Failed to connect to nameserver using TCP
1634 - Regression Bug 3311: segmentation fault in getMyPort() with only intercept port set
1635 - Regression Bug 3310: %<pt translates as %<p
1636 - Regression Bug 3301: ERR_DNS_FAIL never shown (partial)
1637 - Regression Bug 3288: %<la and %<lp not displaying
1638 - Bug 3289: cache manager parameters not parsed without password
1639 - Bug 2279: Log Format options to log server source IP and port
1640 - Bug 3211: ssl_crtd start even if no ssl-bump port is configured
1641 - Bug 3138: squidclient mgr:objects/mgr:vm_objects never ends
1642 - Bug 3118: ecap_enable on forces icap_enable on
1643 - Bug 3107: ncsa_auth DES silently truncates passwords to 8 bytes
1644 - Default to vhost for accelerator mode (reverse proxy)
1645 - Display HTTP protocol syntax at section 11 level 2
1646 - Support for using custom keys in CARP parents
1647 - Optimize regular expression ACLs
1648 - ... and a lot of code portability fixes
1649 - ... and all bugs and polish changes from 3.1.15
1650
3ff024ec
AJ		 1651Changes to squid-3.2.0.10 (24 Jul 2011):
1652
1653 - Port from 2.7: act-as-origin for reverse proxy ports
1654 - Regression fix: broken --disable-ipv6
1655 - Regression fix: negative cacheing on unknown or -1 expiry timestamp
1656 - Regression fix: vhost and defaultsite causing vport to be ignored
1657 - Regression fix: several errors in persistent connection handling
1658 - Regression Bug 3280: allow max-size unset and min-size=N for large objects
1659 - Regression Bug 3245: reconfigure assertion in MemPools[type]
1660 - Regression Bug 3274: assertion failed: CommCalls.h:144: "dp"
1661 - Regression Bug 3273: assertion comm.cc:775: Comm::IsConnOpen(conn)
1662 - Regression Bug 3269: cache.log applyQueryParams messages
1663 - Regression Bug 3264: Segmentation Fault in src/ipc/Strand.cc(54) receive: 3
1664 - Regression Bug 3246: assertion client_side.cc:1407 connIsUsable(http->getConn())
1665 - Bug 3267: workers IPC mount points disobey --localstatedir
1666 - Bug 3248: login=NEGOTIATE sends wrong auth header to origin peers
1667 - Bug 3247: Domain from URL Stripped when going through peers
1668 - Bug 3244: wrong port for peer relayed requests
1669 - Bug 3195: kerberos_ldap_group will not build without kerberos
1670 - Bug 2862: add http(s):// support to cache manager
1671 - kerberos_ldap_group: several fixes to -S option
1672 - ssl_crtd: Add man(8) file
1673 - ... and several pieces of code cleanup and polishing.
1674 - ... and most bug fixes and updates from 3.1.14 and 3.1.15
1675
6d44d1e9
AJ		 1676Changes to squid-3.2.0.9 (18 Jun 2011):
1677
1678 - Bug 3159: delay pools --disable-auth compile problems
1679 - HTTP/1.1: Support multiline quoted-string header fields
1680 - HTTP/1.1: Send 505 Unsupported Version on mangled version codes
1681 - Support configurable and translated SSL error details messages
1682 - Add log format codes for split client/server views of HTTP request line
1683 - Major upgrade of TCP connection handling
1684 - Support split-stack IPv6 to servers
1685 - Support persistent connections with tcp_outgoing_address/tcp_outgoing_tos
1686 - Optimized persistent connection handling
1687 - Optimized FTP data connection handling
1688 - Optimized TCP failure recovery
1689 - ... and all bug fixes and updates from 3.1.12.3
1690 - ... and many code polish, documentation and translation cleanups
1691
65f2789a
AJ		 1692Changes to squid-3.2.0.8 (30 May 2011):
1693
1694 - Bug 3214: "helperHandleRead: unexpected read from ssl_crtd" errors.
1695 - Bug 3043: Properly detect Iphlpapi.h on windows
1696 - Bug 2055: Honor ICAP Max-Connections
1697 - Fix NTLM/Negotiate reply auth PASSTHRU to peers
1698 - Support SSL SNI to origin servers
1699 - Add %EXT_LOG and %EXT_TAG external_acl_type format options
1700 - Add %b tag for proxy listening port display in error pages
1701 - Optimize base64 encoding/decoding
1702 - Require libcap before enabling netfilter MARK support
1703 - Require libtool 2.2
1704 - Bundle pkg.m4 from pkg-config 0.25 for OS without pkg-config
1705 - ... and all bug fixes and updates from 3.1.12.2
1706 - ... and some documentation and code polishing
1707
065f7779
AJ		 1708Changes to squid-3.2.0.7 (19 Apr 2011):
1709
1710 - Regression fix: NTLM and Negotiate auth assertion "RefCountCount() == 2"
1711 - Regression fix: icons/ FHS compliance
1712 - Regression fix: Startup aborts with URL error when --disable-htcp
1713 - Bug 3192: comm.cc:216: "fd_table[fd].halfClosedReader != NULL"
1714 - Add negotiate_wrapper_auth version 1.0.1
1715 - Fixed %dt logging in the presence of REQMOD
1716 - Fixed chunked request forwarding in ICAP REQMOD presence
1717 - ... all bug fixes and updates from 3.1.12.1
1718 - ... many code polishings and display cleanups
1719
7d9ce496
AJ		 1720Changes to squid-3.2.0.6 (04 Apr 2011):
1721
1722 - Regression fix: upgrade existing icons
61beade2 1723 - Regression fix: do not crash when accessing an SSL certificate with errors
7d9ce496
AJ		 1724 - Regression fix: prevent stdio log module segfaults on rotate
1725 - Regression fix: shutdown properly even if a worker process crashes on exit
1726 - Regression Bug 3159: (partial fix) ICAP and --disable-auth compile problems
1727 - Bug 3170: "Unsupported or unconfigured/inactive proxy-auth scheme" on shutdown
1728 - Bug 3105: malformed Proxy-Authorization leaks memory
1729 - Bug 3007: CONNECT to cache_peer returns 000 status code
1730 - Bug 2885: Compile errors on AIX
1731 - Support parameterized Cache Manager queries
1732 - Support libecap v0.2.0; fixed eCAP body handling and logging
1733 - Support dynamic adaptation plans that cover multiple vectoring points
1734 - Support %D details for documented OpenSSL errors
1735 - Support logging of all transactions including those with uncertain status or no sent response
1736 - Updrate negotiate_kerberos_auth to version 3.0.4sq
1737 - Update ext_kerberos_ldap_group_acl to version 1.3.0sq
1738 - Update ext_edirectory_userip_acl to version 2.1
1739 - Convert dns_timeout and dns_retransmit_interval directives to use millisecond resolution
1740 - Change the default dns_timeout value from 2 minutes to 30 seconds
1741 - Fix TCP log stream flushing on every line
1742 - ... all bug fixes and updates from 3.1.12
1743 - ... a great many compiler portability fixes
1744 - ... many code polishings and display cleanups
1745
850ff99f
AJ		 1746Changes to squid-3.2.0.5 (12 Feb 2011):
1747
1748 - Regression Fix: profiler should not be built by default
1749 - Regression Bug 3081: assertion failed: AsyncCallQueue
1750 - Regression Bug 2948: Requests for FTP active downloads cause failed assertion
1751 - Bug 3089: FTP command output overrides directory listing
1752 - Bug 2870: --disable-auth does not work
1753 - Bug 2586: multiple memory leaks during reconfigure
1754 - Bug 2581: FTP directory listing sometimes fails
1755 - Port from 2.7: maximum staleness limits
1756 - HTTP/1.1: Support RFC 5861 Cache-Control: stale-if-error option
1757 - HTTP/1.1: Support configurable status codes for deny_info
1758 - Support upcoming "fresh message creation" eCAP API
1759 - Aggregate SNMP responses when using SMP with multiple workers
1760 - Several more Solaris, Windows and ICC support fixes
1761 - ... all bug fixes and updates from 3.1.11
1762 - ... and more code cleanup shufflings
1763 - ... and several documentation updates
1764
834d2128
AJ		 1765Changes to squid-3.2.0.4 (22 Dec 2010):
1766
1767 - Port 2.x: cache_dir min-size setting
1768 - Bug 3059: Crash on digest auth headers with unknown nonce
1769 - Fix cachemgr reported HTTP/ICP requests/messages per minute when multiple workers used
1770 - Fix cachemgr mem-pools reporting
1771 - Add Dynamic SSL certificate generation
1772 - Add useragent, referer, combined built-in log formats
1773 - Obsolete log_fqdn directive
1774 - Obsolete useragent/referer/forward_log directives
1775 - HTTP/1.1: Send 1.1 on CONNECT responses
1776 - Updated Kerberos support for newer GSSAPI releases
1777 - Improve handling of adapted body delivery failures in REQMOD request satisfaction mode
1778 - Improve handling of early eCAP transaction failures
1779 - Various ext_edirectory_acl fixes
1780 - ... all bug and feature fixes included in 3.1.10 release
1781 - ... and a lot of code and documentation polishing
1782
1664edf4 1783Changes to squid-3.2.0.3 (07 Nov 2010):
b40d9a33
AJ		 1784
1785 - Regression fix: SMP broke ICP outgoing IP lookup if no udp_outgoing_addr set
1786 - Regression fix: ESI processing of Surrogate filter
1664edf4 1787 - Bug 3091: bypassed ICAP errors are not counted as service failures
b40d9a33 1788 - Bug 3048: "commio_has_callback(fd, IOCB_READ, ccb)" assertion.
1664edf4 1789 - Bug 3038: Detatch libmisc from libcompat
b40d9a33
AJ		 1790 - Bug 3028: Permit wbinfo_group.pl to authenticate Kerberos users with NT domain
1791 - Bug 3002: store initialization (-z) does not work with SMP configs
1792 - Bug 2999: v2.0 of ext_edirectory_userip_acl
1793 - Bug 2785: DNS needs to set EDNS options advertising Squid capabilities
1794 - Bug 595: Add %err_code and %err_detail logformat codes for transaction failures
1795 - HTTP/1.1: support If-Match and If-None-Match requests
1796 - HTTP/1.1: forward 1xx control messages to clients that support them
1797 - HTTP/1.1: send Age:0 header even if it may break IE5
1798 - HTTP/1.1: dechunk incoming requests and chunk outgoing requests
1799 - HTTP/1.1: entry is stale if request has max-age=0
1800 - HTTP/1.1: harden quoted-string parser
1801 - Add --enable-build-info for extra "squid -v" display
1802 - Add --with-swapdir=PATH to override default /var/cache/squid
1803 - Add cpu_affinity_map directive to bind workers to CPU cores
1804 - Add Netfilter MARK support for QoS
1805 - Add upgrade process for obsolete options
1806 - Add support for RFC 2965 Set-Cookie2 / Cookie2 headers
1807 - Add support for client send bandwidth limits (a.k.a., quota or delay pool)
1808 - Fixes Eui48 support on OpenBSD
1809 - Fixes cache manager support with SMP configs
1810 - ... several documentation updates
1811 - ... all bug and feature fixes included in 3.1.9 release.
1812 - ... many more code polishes and leak removals
1813
dee6a922
AJ		 1814Changes to squid-3.2.0.2 (04 Sep 2010):
1815
1816 - Bug 3015: assertion failed: comm.cc:143: "ccb->active()"
1817 - Support rotating logs from cachemgr and squidclient
1818 - Support Kerberos authentication in squidclient
1819 - Add manual page for negotiate_kerberos_auth
1820 - Add helper ext_kerberos_ldap_group_acl to lookup Kerberos/NTLM group via LDAP
1821 - Add tool 'purge' for management of UFS/AUFS/DiskD caches (experimental)
1822 - Added log options %http::<bs and %icap::<bs
1823 - Collapse HTCP cache_peer options into one setting
1824 - Improved request smuggling attack detection. Tolerating valid benign HTTP
1825 - ... and several HTTP/1.1 compliance improvements
1826 - ... and all improvements in 3.1.7 and 3.1.8
1827
6be4a9a8
AJ		 1828Changes to squid-3.2.0.1 (03 Aug 2010):
1829
1830 - Port from 2.7: Logging infrastructure updates
1831 - Port from 2.7: Unique sequence number per log line
1832 - Port from 2.6: STORE_META_OBJSIZE swapout storage type
1833 - Bug 2792: tcp_outgoing_addr does not work with TPROXY
1834 - Bug 2631: refresh_pattern store-stale option
1835 - Bug 2305: Multiple leaks and assertion crashes in authentication
1836 - Bug 1239: Much needed ACL type random
1837 - Bug 7: (partial): Migrate on-disk objects to cache_mem on hit/refresh and update
1838 - Support full Surrogate/1.0 protocol extensions to HTTP for reverse-proxies
1839 - Support SMP for essential non-caching functionality
1840 - Support logging over TCP
1841 - Support Solaris 10 pthreads (experimental)
1842 - Support Kerberos login to peers
1843 - Support EUI / MAC in more environments
1844 - Support format tags in deny_info URLs
1845 - Support running helpers on-demand instead of all at startup
1846 - Support fully transparent login=PASSTHRU of authentication headers to peers
1847 - Support multi-lingual localised FTP directory listings
1848 - Support TPROXYv4 spoofing of X-Forwarded-For client address
1849 - Support ICAP 206 Partial Content extension
1850 - Append the _ABORTED or _TIMEDOUT suffixes to the action access.log field
1851 - Add ACL support to range_offset_limit
1852 - Add helpers for url_rewrite
1853 - Add helper multiplexer for concurrency emulation with legacy helpers
1854 - Add Perl library which facilitates parsing access logfile entries.
1855 - Add a simple script to summarise traffic use per user
1856 - Add templates for captive portal proxy configuration instructions
1857 - Add logging of the local TCP port used by transactions with HTTP servers
1858 - Update mswin_check_ad_group to version 2.0
1859 - Update squid_kerb_auth helper to version 3.0.2
1860 - Remove double-language error page hack (replaced by locale auto-negotiation)
1861 - Remove TPROXYv2 support (replaced by TPROXYv4)
1862 - Remove no_check.pl NTLM helper (replaced by ntlm_fake_auth)
1863 - Re-work ./configure script for smarter auto-detect and early error checks
1864 - Auto-enable all features by default
1865 - Workaround com_err.h C++ brokenness triggered by OpenSSL includes
1866 - Helpers naming scheme
1867 - Add support for write timeouts
1868 - Modify icap_service_failure_limit option to forget old ICAP errors
1869 - Updated man(8) manuals including several additions and translations
1870 - ... and a great many code cleanups
1871 - ... and a great many testing improvements
1872 - ... and many documentation updates
1873
56eea3f2
AJ		 1874Changes to squid-3.1.23 (09 Jan 2013):
1875
1876 - Additional fixes for CVE-2012-5643 / SQUID:2012-1
1877
bd4920ca
AJ		 1878Changes to squid-3.1.22 (03 Dec 2012):
1879
1880 - Bug 3685: Squid hangs in Delay Pools ClassCBucket::update
1881 - Bug 3659: read_timeout problem with HTTPS
1882 - Bug 3654: Fix IPv6 enabled squidclient
1883 - Bug 3189: AIO thread race on pipe() initialization
1884 - cachemgr.cgi: Memory Leaks and DoS Vulnerability
1885
4c73ceb8
AJ		 1886Changes to squid-3.1.21 (23 Sep 2012):
1887
1888 - Bug 3622: peerClearRRStart scheduling multiple events
1889 - Bug 3615: configure check for default max number of FDs is broken
1890 - Bug 3607: --enable-auth documented default action incorrect
1891 - Bug 3593: socket failure: Address family not supported by protocol
1892 - Bug 3584: Detection of setresuid() is broken
1893 - Bug 3568: Consolidate external_acl_type config dumping and add missing %%
1894 - Bug 3564: eCAP not supporting CoAP URI schemes
1895 - Bug 3484: Docs: sslproxy_cert_error example flawed
1896 - Bug 3462: Delay Pools and ICAP
1897 - Bug 3133: better fix: Memory leak handling requests for sites that don't exist
1898 - Bug 2976: ERR_INVALID_URL for transparently captured requests when reconfiguring
1899 - Silence IOS 15.1 unknown capabilities messages.
1900 - Account for Store disk client quota when bandwidth-limiting the server.
1901 - ... and several documentation fixes
1902 - ... and several compile fixes
1903
5cc53d80 1904Changes to squid-3.1.20 (08 Jun 2012):
dd8d2619
AJ		 1905
1906 - Regression Bug 3545: FreeBSD dnsserver segfaults
1907 - Regression Bug 3504: clientside_tos fails to mark traffic
1908 - Bug 3539: CONNECT server connection not closed correctly on errors
1909 - Bug 3502: client timeout uses server-side read_timeout, not request_timeout
1910 - Bug 3466: Adaptation stuck on last single-byte body piece
1911 - Bug 3463: dnsserver fails to compile
1912 - Bug 3439: correct external_acl_type documented default for ipv4/ipv6 option
1913 - Bug 3390: Proxy auth data visible to scripts
1914 - Bug 3263: ssl_crtd: undefined references to squid_curtime
1915 - Bug 3233: Invalid URL accepted with url host is white spaces
1916 - Bug 3133: Memory leak handling requests for sites that don't exist
1917 - Bug 3074: Improper URL handling with empty path (RFC 3986)
1918 - Bug 3013: segmentation fault on shutdown commSetCloseOnExec at comm.cc:1889
1919 - Regression: snmp/udp address directives not resolving hostname
1920 - Better helper-to-Squid buffer size management.
1921 - Support CoAP over HTTP (coap:// and coaps:// URLs)
1922 - Support for 3.2 error template codes
1923
5cc53d80 1924Changes to squid-3.1.19 (06 Feb 2012):
f9329b54
AJ		 1925
1926 - Regression Bug 3441: part 2: Prevent further cache size corruption of swap.state
1927 - Bug 3473: erase last uses of obsolete auth_user_hash_pointer
1928 - Bug 3470: GCC 4.7
1929 - Bug 3442: assertion failed: external_acl.cc:908: ch->auth_user_request != NULL
1930 - Bug 3441: part 1: Minimize cache size corruption by malformed swap.state
1931 - Bug 3440: compile error in Adaptation
1932 - Bug 3420: Request body consumption races and !theConsumer exception
1933 - Bug 3370: external ACL sometimes skipping
1934 - Bug 3085: Crash when parsing esi:include
1935 - HTTP/1.1: do not add 110 and 111 Warnings to revalidated responses
1936 - Fix SSL library dependency fixes
1937
339383cc
AJ		 1938Changes to squid-3.1.18 (03 Dec 2011):
1939
1940 - Regression: compile error in FTP
1941
c218b24d
AJ		 1942Changes to squid-3.1.17 (03 Dec 2011):
1943
1944 - Bug 3432: Crash logging FTP errors
1945 - Bug 3428: Active FTP data channel accepted twice
1946 - Bug 3423: access violation in URL parser
1947 - Bug 3422: Buffer overflow in recv-announce
1948 - Bug 3412: External ACL Uses Invalid Cache Entry
1949 - Bug 3408: Wrong header length leads to EFAULTs when creating UFS swap.log.new
1950 - Bug 3398: persistent server connection closed after PUT/DELETE
1951 - Bug 3299: dnsserver: various undefined references
1952 - Bug 3077: '\' in url query strings cause Digest authentication to fail
1953 - Bug 2910: MemBuf may grow beyond max_capacity
1954 - Bug 2619: Excessive RAM growth due to unlimited adapted body data consumption
1955 - Bug 1243: Build overrides configured AR setting
1956 - Avoid crashes when processing bad X509 common names (CN).
1957 - Support %% in external ACL format
1958 - ... and several other compile error fixes
1959 - ... and several documentation fixes
1960
8fe9e0a2
AJ		 1961Changes to squid-3.1.16 (14 Oct 2011):
1962
1963 - Bug 3373: invalid URL in ERR_CACHE_ACCESS_DENIED
1964 - Bug 3368: Unhandled exceptions are not logged (workaround)
1965 - Bug 3326: miss_access incorrect default
1966 - Bug 3320: miss_access description confusing
1967 - Bug 3241: squid_kerb_auth cross compilation fix
1968 - Bug 3237: seq fault in free() from rfc1035RRDestroy
1969 - Bug 3190: Large HTTP POST stuck after early ICAP 400 error response
1970 - db_auth: display available DSN drivers on connect error
1971 - Updated OpenSSL 1.0.0 version checks
1972 - ... and several documentation fixes
1973
2f954743
AJ		 1974Changes to squid-3.1.15 (28 Aug 2011):
1975
1976 - Regression fix: vhost and defaultsite causing vport to be ignored
2284b7f7 1977 - Regression Bug 3295: broken escaping in rfc1738_do_escape
2f954743
AJ		 1978 - Bug #3232: fails to compile with OpenSSL v1.0.0
1979 - Bug #3222: cache_peer name is not logging on CONNECT
1980 - Bug #3131: fd_table[fd].closing() assert from ConnStateData::noteMoreBodySpaceAvailable()
1981 - Bug #3217: "!fd_table[fd].closing()" from ServerStateData::noteMoreBodySpaceAvailable
1982 - Bug #3213: https sites (CONNECT) not open when using NTLM
1983 - Bug #3114: Memory leak in SSL certificate verify code
1984 - Bug #3107: ncsa_auth DES silently truncates passwords to 8 bytes
1985 - Bug #2662: cf_gen failure when cross compiling
1986 - Bug #2655: passing wrong the username to the url_rewrite_program
1987 - Bug #2495: ignore whitespace prefix on config lines
1988 - Bug #2051: 'default' cache_peer option does not match documentation
1989 - Bug #1842: Optimize order of tests in peerWouldBePinged() and peerHTTPOkay()
1990 - Bug #1791: timestampsSet does not validate Date: if server sends very old date
1991 - Correct parsing of large Gopher indexes
1992 - Enable negative cacheing on unknown or -1 expiry timestamp
2284b7f7 1993 - Remove hierarchy_stoplist default value
2f954743
AJ		 1994 - Migrate cf_gen tool from C-style to C++
1995 - ... and several documentation and compiler warning fixes
1996
04f5e27a
AJ		 1997Changes to squid-3.1.14 (04 Jul 2011):
1998
1999 - Regression Bug 3261: Could not create a DNS socket and exit
2000
e074e5be
AJ		 2001Changes to squid-3.1.13 (01 Jul 2011):
2002
2003 - Regression Bug 3239: problems with myip/myport upgrade
2004 - Bug 3153: hung ICAP RESPMOD transactions
2005 - Update ssl_crtd to use 'OK' status inline with other helpers
2006
6d44d1e9
AJ		 2007Changes to squid-3.1.12.3 (18 Jun 2011):
2008
2009 - Bug 3236: Port of %oa, %<lp and %<lp and %<la log format options
2010 - Bug 3214: unexpected read from ssl_crtd
2011 - Bug 3153: Prevent ICAP RESPMOD transactions getting stuck with the adapted body
2012 - Fix RADIUS helper resource leak
2013 - Fix segfault parsing digest auth realm
2014 - Fix segfault in parse_eol()
2015 - Fixed bypass of SSL certificate validation errors
2016 - Warn about myip/myport problems on interception proxies
2017 - Polish: display easily grepped config lines on -k parse
2018 - Fix squidclient -V option and allow non-HTTP protocols to be tested
2019
65f2789a
AJ		 2020Changes to squid-3.1.12.2 (30 May 2011):
2021
2022 - Bug 3226: Tags from external ACLs do not correctly expire
2023 - Bug 3215: Malformed IPv6 DNS reverse lookup
2024 - Bug 3209: ssl-bumped requests forwarded unencrypted to the parent proxies/caches
2025 - Bug 3205: SSL-bump starts then hangs
2026 - Bug 3178: gcc-4.6 complains unused variables
2027 - Bug 3122: Unknown record type in WCCPv2 Packet (6)
2028 - Bug 2965 (partial): Compile errors on MinGW
2029 - Fix to only ssl-bump CONNECT requests if they are about to be tunneled
2030 - Fix cache manager display of -i/+i in regex ACL config display
2031 - Fix cache manager display of cache_peer options userhash and sourcehash
2032 - Fix URL re-writer loosing many transaction details
2033 - Fix always-true comparison in ICAP for some 32-bit platforms
2034 - Support for 'slow' group ACLs in ssl_bump access control
2035 - Support OpenSSL 1.0.0 built without SSLv2
2036 - Support GCC 4.6 and binutils-gold
2037 - Add CSS id attribute to BODY tag of generated error pages.
2038 - Display WARNING and ERROR when max_filedescriptors has failed
2039
065f7779
AJ		 2040Changes to squid-3.1.12.1 (19 Apr 2011):
2041
2042 - Port from 3.2: Dynamic SSL Certificate generation
2043 - Bug 3194: selinux may prevent ntlm_smb_lm_auth from using /tmp
2044 - Bug 3185: 3.1.11 fails to compile on OpenBSD 4.8 and 4.9
2045 - Bug 3183: Invalid URL accepted with url host part of only '@'
2046 - Display ERROR in cache.log for invalid configured paths
2047 - Cache Manager: send User-Agent header from cachemgr.cgi
2048 - ... and many portability compile fixes for non-GCC systems.
2049
7d9ce496
AJ		 2050Changes to squid-3.1.12 (04 Apr 2011):
2051
2052 - Regression fix: Use bigger buffer for server reads.
2053 - Regression fix: Add reply_header_replace directive for ability lost since 2.7
2054 - Bug 3181: /dev/poll fails to build on Solaris with GCC 4.5.0
2055 - Bug 3177: assertion failed: comm.cc:1583: "fd >= 0"
2056 - Bug 3175: IPv6 PTR lookup crashes on raw-IP URLs when IPv6 disabled
2057 - Bug 3173: Assertion bodyPipe!=NULL on SslBump CONNECT response writing failure
2058 - Bug 3164: Total memory info display 32-bit overflows
2059 - Bug 3155: Werror is hard-coded in libTrie build
2060 - Bug 3151: squid_kerb_auth: use autoconf LIBS instead of FLAGS for library linkage
f787354b 2061 - Bug 2976: invalid URL on intercepted requests during reconfigure (workaround)
7d9ce496
AJ		 2062 - Bug 2720: comment in same line as cache/mem_replacement_policy causes error
2063 - Bug 2621: Provide request headers to RESPMOD when using cache_peer.
2064 - Bug 2330: AuthUser objects are never unlocked
2065 - Prevent CONNECT request relaying to origin servers
2066 - squidclient HTTP/1.1 compliance updates (Pragma and User-Agent headers)
2067 - squidclient: send Cache Manager password using -w
2068 - eCAP: give full Request-URI to adapters
2069 - ... and several debug and error display cleanups
2070
d88ad4db
AJ		 2071Changes to squid-3.1.11 (08 Feb 2011):
2072
2073 - Bug 3149: not caching eCAP adapted body
2074 - Bug 3144: redirector program blocks while reading STDIN
2075 - Bug 3140: memory leak in error page generation
2076 - Bug 3137: RADIUS auth helper does not send identifier to RADIUS server
2077 - Bug 3115: logging segfaults if access_log is set to a directory
2078 - Bug 2968: Show the Vary: headers information in cachemgr objects report
2079 - Bug 2959: remove SAMBAPREFIX dependency
2080 - Bug 2868: icc doesn't like string literal in assert checks
2081 - HTTP/1.1: Send 307 status on deny_info redirection
2082 - HTTP/1.1: Support POST/PUT with no body
2083 - HTTP/1.1: Allow persistent connections for Mozilla/3.0 User-Agents
2084 - Support RFC 5861 Cache-Control: stale-if-error option
2085 - Add ftp_eprt directive to disable EPRT extensions in FTP
2086 - Fix external_acl_type grace=0 to obey TTL
2087 - Fix IP/FQDN cache accounting to avoid idle caches on busy servers
2088 - Prevent pipeline_prefetch misconfigurations breaking NTLM/Negotiate auth
2089 - ... and some documentation updates and corrections
2090 - ... and some portability and stability fixes
2091
834d2128
AJ		 2092Changes to squid-3.1.10 (22 Dec 2010):
2093
2094 - Bug 3121: memory leak in DigestAuth: AuthUser object is locked twice
2095 - Bug 3113: Consuming too much memory when uploading files
2096 - Bug 3110: 'reply_body_max_size none' does not work with x-forwarded-for
2097 - Bug 3096: Consuming too much memory when delaying traffic
2098 - Bug 3091: Bypassed ICAP errors are not counted as service failures
2099 - Bug 3090: Polish FTP login error handing
2100 - Bug 3068: cache_dir capacity and usage overflows
2101 - Bug 3028: Permit wbinfo_group.pl to authenticate Kerberos users with NT domain
2102 - Bug 427: HTTP Compliance: Support If-Match and If-None-Match requests
2103 - Fix memory leak in adaptation_access
2104 - Fix /dev/poll and poll() selection priority
2105 - Fix PREFIX/var/run creation during install
2106 - Fix cachemgr http_port config report display
2107 - Add upgrade help process for obsolete options
2108 - Accept RFC 2965 Set-Cookie2 / Cookie2 headers as 'known'
2109 - HTTP/1.1: entry is stale if request has max-age=0
2110 - HTTP/1.1: do not forward TRACE with Max-Forwards: 0 after REQMOD
2111 - Toolchain update to support newer auto-tools
2112 - ... and updated error page translations
2113 - ... and updated documentation
2114 - ... and some code optimization/simplification polish
2115
e2f4c66a
AJ		 2116Changes to squid-3.1.9 (25 Oct 2010):
2117
2118 - Bug 3088: dnsserver is segfaulting
2119 - Bug 3084: IPv6 without Host: header in request causes connection to hang
2120 - Bug 3082: Typo in error message
2121 - Bug 3073: tunnelStateFree memory leak of host member
2122 - Bug 3058: errorSend and ICY leak MemBuf object
2123 - Bug 3057: 64-bit Solaris 9 Squid unable to determine peer IP and port
2124 - Bug 3056: comm.cc "!fd_table[fd].closing()" assertion crash when a helper dies
2125 - Bug 3053: cache version 1 LFS support detection broken
2126 - Bug 3051: integer display overflow
2127 - Bug 3040: Lower-case domain entries from hosts and resolv.conf files
2128 - Bug 3036: adaptation_access acls cannot see myportname
2129 - Bug 3023: url_rewrite_program silently fails to rewrite on broken URLs
2130 - Bug 2964: Prevent memory leaks when ICAP transactions fail
2131 - Bug 2808: getRoundRobinParent not handling weights correctly
2132 - Bug 2793: memory statistics sometimes display wrong
2133 - Bug 2356: Port from 2.7: Solaris /dev/poll event ports support
2134 - Bug 2311: crashes with ICAP RESPMOD for HTTP body size greater than 100kb
2135 - Ensure /var/cache or jail equivalent exists on install
2136 - HTTP/1.1: delete Warnings that have warning-date different from Date
2137 - HTTP/1.1: do not remove ETag header from partial responses
2138 - HTTP/1.1: make date parser stricter to better handle malformed Expires
2139 - HTTP/1.1: improve age calculation
2140 - HTTP/1.1: reply with a 504 error if required validation fails
2141 - HTTP/1.1: add appropriate Warnings if serving a stale hit
2142 - HTTP/1.1: support requests with Cache-Control: min-fresh
2143 - HTTP/1.1: do not cache replies to requests with Cache-Control: no-store
2144 - squidclient: Display IP(s) connected to in verbose (-v) display
2145 - Fixes several issues with ICAP persistent connections
2146 - Fixes small leaks in Netdb, DNS, ICAP, ICY, HTTPS
2147 - ... and some cosmetic polishing
2148
dee6a922
AJ		 2149Changes to squid-3.1.8 (04 Sep 2010):
2150
2151 - Bug 3033: incorrect information regarding TOS
2152 - Bug 3020: Segmentation fault: nameservers[vc->ns].vc = NULL
2153 - Bug 3005,2972: Locate LTDL headers correctly (again)
2154 - Bug 2872: leaking file descriptors
2155 - Bug 2583: pure virtual method called
2156 - Hardened DNS client against packet queue attacks
2157 - Hardened HTTP request-line parser
2158 - Several HTTP/1.1 support improvements
2159 - Improved cross-compile support
2160 - .. and several internal pointer safety fixes
2161
c3fe2798 2162Changes to squid-3.1.7 (23 Aug 2010):
161ec538 2163
c3fe2798 2164 - Regression Bug 3021: Large DNS reply causes crash
161ec538 2165 - Regression Bug 3011: ICAP, HTTPS, cache_peer probe IPv4-only port fixes
c3fe2798 2166 - Regression Bug 2997: visible_hostname directive no longer matches docs
161ec538
AJ		 2167 - Bug 3012: deprecate sslBump and support ssl-bump spelling in http_port
2168 - Bug 3006: handle IPV6_V6ONLY definition missing
2169 - Bug 3004: Solaris 9 SunStudio 12 build failure
2170 - Bug 3003: inconsistent concepts in documentation of cache_dir
2171 - Bug 3001: dnsserver link issues
2172 - HTTP/1.1: default keep-alive for 1.1 clients (bug 3016)
2173 - HTTP/1.1: Improved Range header field validation
2174 - HTTP/1.1: Forward multiple unknown Cache-Control directives
2175 - HTTP/1.1: Stop sending Proxy-Connection header
2176 - Fix 32-bit wrap in refresh_pattern min/max values
2177 - ... and several documentation corrections.
2178
aa844a33
AJ		 2179Changes to squid-3.1.6 (02 Aug 2010):
2180
2181 - Bug 2994, 2995: IPv4-only regressions
2182 - Bug 2991: Wrong parameters to fcntl() in commSetCloseOnExec()
2183 - Bug 2975: chunked requests not supported after regular ones
2184 - Fix: 32-bit overflow in reported bytes received from next hop
2185 - Fix Libtool build regressions
2186 - Limited split-stack IPv6 support.
2187 - squid_db_auth support MD5 encrypted passwords
2188
f41d79ba
AJ		 2189Changes to squid-3.1.5.1 (28 Jul 2010):
2190
2191 - Update Libtool to 2.2.
2192 - Bug 2985: search scope for digest_ldap_auth didn't work
2193 - Bug 2972: LTDL 2.2.6b compile errors
2194 - Bug 2963: Stop ignoring --with-valgrind-debug failures
2195 - Bug 2885: AIX support: several fixes
2196 - Bug 2651: crash handling NULL write callback
2197 - Fixed several memory leaks related to Range requests
2198 - Fixed Joomla DB auth handling
2199 - Fixed SASL helper build checks
2200 - Fixed several IPv6 portability problems
2201 - Updated error page translations
2202
88aa2b05 2203Changes to squid-3.1.5 (02 Jul 2010):
0e87db68 2204
88aa2b05
AJ		 2205 - Bug 2967: raw-IPv6 address URL with append_domain broken
2206 - Bug 2950: HTTP responses with no Date, L-M or Expires can now be cached
2207 - Bug 2943: ICAP tokens not logged when using multiple access
2208 - Bug 2937: Fails to detect chunked encoding if not given in all lower case
2209 - Bug 2903: does not send indirect X-Client-Ip in ICAP respmod
7e6cdc23 2210 - Fix free memory corruption and off-by-one error when comparing SNMP OIDs
88aa2b05
AJ		 2211 - Port from 2.7: max_filedescriptor config option
2212 - Fix persistent_connection_after_error is meant to be on by default
2213 - ... and several build errors.
0e87db68 2214
2d94c829
AJ		 2215Changes to squid-3.1.4 (30 May 2010):
2216
2217 - Bug 2933: Verification of the max. port number for WCCP2 dynamic service
2218 - Bug 2924: RADIUS helper compile issues
2219 - Bug 2922: Fix assertion failed: HttpHeader.cc: "Headers[id].stat.aliveCount"
2220 - Bug 2919: tcp_outgoing_address ACLs not obeying acl_uses_indirect_client
2221 - Bug 2896: Fix assertion failed: comm.cc:2063: "!fd_table[fd].closing()"
2222 - Bug 2879: pt2: 3.0 regression in headers end finding
2223 - Bug 2877: pt2: only output zero-size warning on reverse-proxy requests
2224 - Bug 2876: FD_SETSIZE override not working on all linux distributions
2225 - Bug 2810: common log format generates 2 lines of syslog
2226 - Bug 2789: Optimize unlimited memory pools, and correctly handle limits over 2GB
2227 - Bug 2753: Fall back on IPv4 if IPv6 is not present
2228 - Bug 2697: Adaptation leaks and extra requests after reconfiguration
2229 - Bug 2633: Fix Ecap::HeaderRep::value(name) fails when there is no named header field
2230 - Change LDAP helpers to default to LDAP version 3 if available
2231 - Add Joomla and Salted Hash support to squid_db_auth helper
2232 - Fixed IpAddress port printing for ports higher than 9999
2233 - Disable chunked memory pooling by default.
2234 - ... and several build errors.
2235
6808dbda
AJ		 2236Changes to squid-3.1.3 (02 May 2010):
2237
7e6cdc23 2238 - Remove: Advertise 1.1 on replies to clients (broken chunked handling)
6808dbda
AJ		 2239 - Fix tag ACL type not working
2240
ca959baa
AJ		 2241Changes to squid-3.1.2 (01 May 2010):
2242
2243 - Bug 2913: Fix DB auth warning in new perl version
2244 - Bug 2904: Prevent automake creating incomplete files
2245 - Bug 2899: Regression: Restore lost rfc1738_unescape() data type
2246 - Bug 2895: Regression: TPROXY2 compile errors
2247 - Bug 2879: Regression: headers end-finding
2248 - Bug 2874: Accept literal IPv6 address in icap_service URL
2249 - Bug 2860: Regression: WCCPv1 handshake
2250 - Bug 2848: Pass TCP_RST to client on early disconnect
2251 - Debian Bug 578047: Correct behaviour of --enable-ipv6
7e6cdc23
AJ		 2252 - HTTP/1.1: Advertise 1.1 on requests to servers
2253 - HTTP/1.1: Advertise 1.1 on replies to clients
ca959baa
AJ		 2254 - AIX / UNIX build fixes
2255 - Cygwin build fixes
2256 - squidclient: -k option to test connection keep-alive or close
2257 - Improved helper build for wider compatibility
2258 - Ensure the PID file directory exists on install
2259
2ec34bd3
AJ		 2260Changes to squid-3.1.1 (29 Mar 2010):
2261
2262 - Bug 2873: undefined symbol
2263 - Bug 2827: assertion in authentication
2264 - Remove ufsdump binary from default builds
2265 - Remove pinger from default startups
2266 - ... and several documentation updates.
2267
e09692bd
AJ		 2268Changes to squid-3.1.0.18 (14 Mar 2010):
2269
2270 - Regression Fix: IPv4-mapped prefix, broken in 3.1.0.16
2271 - Bug 2869: Remove unused external reference
2272 - Bug 2866: Support OpenSSL 1.0
2273 - Bug 2813: Random unix_group crash at startup
2274 - Send HTTP1.1 compliant 417 responses
2275 - Associate external acl message with the request
2276 - Various Digest parser fixes
2277 - ... and all bug fixes from 3.0 up to 3.0.STABLE25
2278
365d894c
AJ		 2279Changes to squid-3.1.0.17 (24 Feb 2010):
2280
2281 - Regression Fix: Non-English error page UTF encoding
2282 - Bug 2616: reduce IdleConnList::removeFD messages
2283 - Bug 1843: multicast-siblings cache_peer option
2284 - Port from 2.7: X509 certificate alias-domain handling
2285 - Add adapted_http_access option
2286 - NTLMv2 support for fake NTLM helper
2287
011dea45
AJ		 2288Changes to squid-3.1.0.16 (01 Feb 2010):
2289
2290 - Regression Fix: Make Squid abort on all config parse failures.
2291 - Regression Bug 2811: SNMP client/peer table OID numbering
2292 - Bug 2851: Connection pinning fails when using a peer
2293 - Bug 2850: Mismatch in hier_code enum / hier_strings array
2294 - Bug 2731: Add follow_x_forwarded_for support to ICAP
2295 - Bug 2730: Regressions in follow_x_forwarded_for since Squid-2
2296 - Bug 2706: Set timestamps during ICAP request satisfaction.
2297 - Bug 2553: X-Forwarded-For with IPv6 address not handled correctly
2298 - Fix: WCCPv1 not connecting to router correctly
2299 - Remove obsolete RunCache/RunAccel scripts.
2300 - Add client_ip_max_connections
2301 - Add the http::>ha format code and make http::>h log original request headers
2302 - ... and all bug fixes from 3.0 up to 3.0.STABLE22
2303 - ... and many more minor build and display annoyances.
2304
ba641958
AJ		 2305Changes to squid-3.1.0.15 (23 Nov 2009):
2306
2307 - Regression Fix: myip ACL not accepted in config
2308 - Bug 2795: acl arp lookups including port
2309 - Bug 2794: ESI parsing fails on FreeBSD
2310 - Bug 2778: fix linking issues using SunCC
2311 - Bug 2724: eCAP build failure unless ICAP enabled
2312 - Bug 2628: Correct default PID location to PREFIX/var/run/squid.pid
2313 - Bug 2617: Performance degradation during processing list of dstdomain ACL's
2314 - Bug 2374: Support ICY / ICEcast / SHOUTcast streaming protocol.
2315 - Fix: 64-bit filesize issue in squidclient POST of large files
2316 - Fix: send correct Connection: header on intercepted replies
2317 - Support libtool 2.x
2318 - ESI libraries libexpat and libxml2 now optional
2319 - ESI support default enabled
2320 - Bump libcap minimum requirement to libcap 2.09+
2321 - ARP / MAC support fixes for IPv6-mode
2322 - Add outstanding IPv6 settings to squid.conf (localnet, localhost)
2323 - ... and many additions to the background testing structure
2324 - ... and very many minor build and code cleanups for non-GCC compilers.
2325
8f37469c
AJ		 2326Changes to squid-3.1.0.14 (27 Sep 2009):
2327
2328 - Bug 2777: Various build issues on OpenSolaris
2329 - Bug 2773: Segfault in RFC2069 Digest authentication
2330 - Bug 2747: Compile errors on Solaris 10
2331 - Bug 2735: Incomplete -fhuge-objects detection
2332 - Bug 2722: Fix http_port accel combined with CONNECT
2333 - Bug 2718: FTP sends EPSV2 on IPv4 connection
2334 - Bug 2648: stateful helpers stuck in reserved
2335 - Bug 2570: wccp2 "Here I Am" announcements not sent in memory-ony mode
2336 - Bug 2510: digest_ldap_auth uses incorrect logic with TLS
2337 - Bug 2483: bind() called before connect()
2338 - Bug 2215: config file line length limit (extended to 2 KB)
2339 - Support Accept-Language: * wildcard
2340 - Support autoconf 2.64
2341 - Support TPROXY for IPv6 traffic (requires kernel support)
2342 - Support TPROXY cache cluster behind WCCPv2
2343 - Correct ESI support to work in multi-mode Squid
2344 - Add 0.0.0.0 as an to_localhost address
2345 - DiskIO detection fixes and use optimal IO in default build.
2346 - Correct peer connect-fail-limit default of 10
2347 - Prevent squidclient sending two Accept: headers
2348 - ... all bug fixes from 3.0.STABLE19
2349 - ... and many more documentation fixes
2350
f49a1c9e
AJ		 2351Changes to squid-3.1.0.13 (04 Aug 2009):
2352
2353 - Bug 2723 regression: enable PURGE requests if PURGE method ACL is present.
2354 - Fix one more internal profiler error
2355 - Language Updates: Italian, Russian
2356 - Language Updates: Add many more aliases
2357 - Add Copyright document for errors/ content
2358 - ... all bug fixes from 3.0.STABLE18
2359 - ... and several code polishing cleanups
2360
e7b1c518
AJ		 2361Changes to squid-3.1.0.12 (27 Jul 2009):
2362
2363 - Bug 2716: Chunked request Signed/Unsigned build error
2364 - Bug 2674: Remove limit on HTTP headers read.
2365 - Bug 2620: Invalid HTTP response codes causes segfault
2366 - Fix FTP EPSV negotiation parser.
2367 - Fix Via string when leak checking is enabled (valgrind etc)
2368 - ... and several documentation and testing additions
2369
0b8d12da
AJ		 2370Changes to squid-3.1.0.11 (19 Jul 2009):
2371
2372 - Bug 2087: Support adaptation sets and chains
2373 - Bug 2459: dns error message broken when error handling delayed
2374 - Support ICAP Retry
2375 - Support ICAP retries based on the ICAP responses status code
2376 - Support logging ICAP
2377 - Support logging total DNS wait time
2378 - Support logging response times of adaptation transactions
2379 - General logging enhancements
2380 - Dynamically form chains based on ICAP X-Next-Services header
2381 - Support cross-transactional ICAP header exchange
2382 - ... and much adaptation polish and improvements
2383
ce460dc8
AJ		 2384Changes to squid-3.1.0.10 (18 Jul 2009):
2385
2386 - Bug 2680: Regression Crash after rotate with no helpers running
2387 - Bug 2695: Regression in WCCPv2 L2 mask assignment
2388 - Bug 2707: Regression in FTP anonymous auth
2389 - Bug 422, 2706: RFC 2616 Date header requirements
2390 - Bug 1087: ESI processor not quoting attributes correctly.
2391 - Bug 1338: File prefetches aborted despite range_offset
287dcde6 2392 - Bug 2080: wbinfo_group.pl - false positive under certain conditions
ce460dc8 2393 - Bug 2092: select loop 32-bit call counter overflows
287dcde6 2394 - Bug 2127: delay pools class 4 crashes with ntlm auth
ce460dc8
AJ		 2395 - Bug 2611: document fast/slow acl types
2396 - Bug 2614: Potential loss of adapted body data from eCAP adapters
2397 - Bug 2658: Missing TextException copy constructor
2398 - Bug 2659: String length overflows on append, leading to segfaults
2399 - Bug 2699: Build failure NTLM smb_lm helper
2400 - Bug 2709: TRANSLATIONS not installed
2401 - Bug 2710: squid_kerb_auth non-terminated string
2402 - Delay pools 64-bit buckets and IPv6-polish
2403 - Break forwarding loops for "transparent" or "intercept" http_ports.
2404 - Add --disable-translation option to detatch .po from error negotiation
2405 - Add squidclient man(1) page
2406 - Add localhost to default permitted networks
2407 - http_port allow-direct option to allow direct forwarding in accelerator mode
2408 - ... and many testing infrastructure updates
2409
5df6d596
AJ		 2410Changes to squid-3.1.0.9 (26 Jun 2009):
2411
2412 - Bug 2682: Add ftp_epsv control to disable EPSV support.
2413 - Bug 2665: Detach automake system from using -I.
2414 - Bug 2395: FTP auth errors not displayed
2415 - ... also several changes and bugs closed in 3.0.STABLE16
2416 - Port from 2.7: Show local address on listening sockets
2417 - Add "tag" type acl matching tags set by external acl helpers.
2418 - Adds Language alias linker/installer/upgrade scripts
2419 - Support for GCC 4.4
2420 - Fix false NAT lookup errors on Linux
2421 - Fix many Windows port issues
2422 - Fix squid_kerb_auth helepr install location
2423 - Better detection of IPv6 stack types
2424 - Updates Licensing information for Squid 3.1
2425 - ... and many packaging portability build and install issues
2426
a7b15245
AJ		 2427Changes to squid-3.1.0.8 (24 May 2009):
2428
2429 - Bug 2656: Pinger dies with general protection fault
2430 - Bug 2650: configure requires epoll_ctl in libepoll when --enable-epoll used
2431 - Bug 2648: Authentificator processes deferring and don't shutdown.
2432 - Bug 2645: allow squid to ignore must-revalidate
2433 - Bug 2644: auth scheme initialization is broken
2434 - Bug 2632: Make number of reforwarding tries configurable
2435 - Bug 2628: --with-pidfile=PATH option to override DEFAULT_PID_FILE
2436 - Bug 2627: HTCP Logging
2437 - Bug 2615: Call libecap::adapter::Service::start() when finalizing config.
2438 - Bug 2589: SNMP returning no data - wrong oid decoded
2439 - Bug 2571: Squid with IPv6 fails to start on kernel without IPv6
2440 - Bug 2559: Problem parsing /0 and /0.0.0.0
2441 - Bug 2404: WCCP in mask mode is broken
2442 - ... also all bugs closed by 3.0.STABLE14, 3.0.STABLE15, 3.0.STABLE16-RC1
2443 - Complete Interception multiple NAT support
2444 - Add Content-Disposition to the known headers list.
2445 - Make PEER_TCP_MAGIC_COUNT configurable
2446 - Fix pinger install location
2447 - Enable TPROXY v4 spoofing of CONNECT requests
2448 - ... and much documentation and code polishing
2449
e1e28561
AJ		 2450Changes to squid-3.1.0.7 (08 Apr 2009):
2451
2452 - Fix: several issues with ident
2453 - Add several language translations
2454 - Upgrade code testing infrastructure
2455 - Migrate much code to build as internal libraries
2456 - Support gcc 4.4
2457 - Support doxygen 1.5.8
2458 - ... and much code polish to make things read easier
2459
727cb127
AJ		 2460Changes to squid-3.1.0.6 (01 Mar 2009):
2461
e1e28561 2462 - Regression Fix: Support HTTP/0.9 in accelerator mode
727cb127
AJ		 2463 - Bug 2601: Hack. Convert IPv4 netmasks to CIDR in IPv6-enabled mode
2464 - Bug 2593: Compile errors on Solaris 10
2465 - Bug 2591: adaptation_access does not work
2466 - Bug 2588: coredump in rDNS lookup
2467 - Bug 2526: default ALLOW when no list specified.
2468 - Bug 2287: Send a 505 on requests with unsupported HTTP versions
2469 - Bug 419: Hop by Hop headers MUST NOT be forwarded
2470 - Fix external_acl_type handling of SSL certificate details
2471 - Obsolete: dependency on nss_common.h and nss.h
2472 - Support libtool2
2473 - ... and various documentation and code polish
2474
f636c996
AJ		 2475Changes to squid-3.1.0.5 (03 Feb 2009):
2476
2477 - Bug 2583: Fixed issue in content adaptation
2478 - Bug 2576: Make translate target obey --disable-auto-locale
2479 - Bug 2571: Add DNS failover to use IPv4-only listen when IPv6 fails.
2480 - Bug 2563: 99+% CPU Usage on FTP URL
2481 - Bug 2505, 2524, 2558: fixed several issues on connection handling
2482 - Fix several issues in request parsing
2483 - Fix memory leak from logformat parsing
2484 - Fix various ESI build errors
2485 - Make configure tests use C++ instead of C
2486 - Drop special localhost conversion RFC violation.
2487 - Add Language: Arabic
2488 - ... and various documentation and code polish
2489
2490Changes to squid-3.1.0.4 (23 Jan 2009):
2491
2492 - Regression Fix: Bug 2558: rollback bug 2395 fix.
2493 - Bug 2555: Fixes to SNMP-MIB
2494 - Bug 2550: assertion comm.cc:350 !fd_table[fd].closing()
2495 - Bug 2547,2548: OSX compile errors (duplicate symbols and IPv6)
2496 - Bug 2508: comm.cc:2035 assertion fd_table[fd].closing()
2497 - Bug 2330: allow keep-alive+chunked; don't add max-age for no-cache
2498 - Polish ZPH configuration interface
2499 - Several Language Conversions to new auto-negotiate
2500 - Port from 2.7: squidclient -V and -j options for HTTP/1.1 and 0.9 testing
2501 - Fix: Pconn not being used when they should.
2502 - Fix: Fix pinger immediate shutdowns
2503 - Fix: Untangle CacheManager reports from log_fqdn
2504 - ... and all bugs fixed for 3.0.STABLE12
2505 - ... and many code polish and optimization fixes.
2506
2507Changes to squid-3.1.0.3 (5 Dec 2008):
2508
2509 - Regression Fix: StoreIOBuffer patch removed.
2510 - Regression Fix: build issues with 3.1.0.2 bundle
2511 - Security Bug 2526: default ALLOW when no list specified
2512 - Bug 2525: encoding error on error pages
2513 - Bug 2424: slow file descriptor leak
2514 - Bug 2527: ICAP compile error on g++ 4.3.2
2515 - Bug 2523: bad assertion left in from debug
2516 - Bug 2395: FTP Auth errors and others not displayed
2517 - Update squid_kerb_auth to 1.0.5
2518 with better Squid integration.
2519 - Fix cache_peer forcedomainname= option
2520 - ... and many other minor fixes
2521
5e80e4ee
AJ		 2522Changes to squid-3.1.0.2 (9 Nov 2008):
2523
2524 - Bug 2516: error page templates not properly installed
2525 - Bug 2500: Solaris build issues
2526 - Fixes FreeBSD build issues
2527 - Release Notes completed
2528 - Languages: new Russian, Japanese, Chinese, and general updates
2529 - ... and other minor fixes
70c5dfb2 2530
af4cd9a0
AJ		 2531Changes to squid-3.1.0.1 (27 Oct 2008):
2532
2533 - Bundled ntlm_auth helper renamed (see Release Notes before changing anything)
7a6e2ecc
AJ		 2534 - peername ACL added for matching against a named peer destination
2535 - configure option --with-logdir= added to select log files location
2536 - squid_kerb_auth helper updated to 1.0.3 release
2537 - Bug #740: allow external acl's to use reply headers in format
2538 - Bug #2379: obsolete dns_testnames option
2539 - Code test infrastructure expanded to configuration testing
2540 - Policy changes to negative_ttl, cache deny QUERY, refresh_pattern
af4cd9a0 2541 to bring their defaults up to RFC 2616 requirements.
7a6e2ecc
AJ		 2542 - Large increase in RFC 2616 standard compliance (ongoing)
2543 - squid.conf cleanups for minimal config
2544 - Connection Pinning ported from 2.6 for NTLM passthru authentication
2545 - eCAP internal adaptation module support
af4cd9a0 2546 - Localization and CSS display control of error pages
7a6e2ecc
AJ		 2547 - Added semi-automatic documentation of source code
2548 - Added TE chunked encoding decoder to workaround broken HTTP/1.1 servers
2549 - HTCP improvements ported from 2.7 adding HTCP CLR requests
70c5dfb2 2550 - IPv6 (Internet Protocol version 6) support
2551 - ICMPv6 (Internet Control Message Protocol version 6) support
f1233d8c 2552 - FTP agent now supports EPSV/EPRT commands
70c5dfb2 2553 - DNS internal resolver now supports AAAA and CNAME records
2554 - SNMP peer and client tables now support IPv6
2555 - SNMP peer table supports named peers with multiple entries per IP
4aa8e49c 2556 - SslBump: Squid-in-the-middle decryption and encryption of straight
2557 CONNECT and transparently redirected SSL traffic, using configurable
2558 client- and server-side certificates. While decrypted, the traffic
7a6e2ecc 2559 can be inspected using ICAP.
af4cd9a0 2560 - TPROXY version 4.1 support
a13b3732 2561 - IPFW and Netfilter interception methods may now both be built in one binary.
f1233d8c
AJ		 2562 - ZPH Quality of Service patch now integrated
2563 - Null store now fully obsoleted and removed
2564 - Unknown request methods all supported
2565 - Follow_x_forwarder_for ported from 2.6
7a6e2ecc 2566 - Bug #2223: Follow XFF extensions added
af4cd9a0 2567 - ... and many code and documentation cleanups
7a6e2ecc 2568
2f954743
AJ		 2569Changes to squid-3.0.STABLE26 (28 Aug 2011):
2570
2571 - Regression: header_replace for reply headers
2572 - Bug 3183: Invalid URL accepted with url host part of only '@'.
2573 - Bug 3107: ncsa_auth DES silently truncates passwords to 8 bytes
2574 - Bug 3056: comm.cc "!fd_table[fd].closing()" assertion from helperServerFree
2575 - Bug 2991: Wrong parameters to fcntl() in commSetCloseOnExec()
2576 - Bug 2933: Verification of the max. port number for WCCP2 dynamic service
2577 - Bug 2922: Fix assertion failed: HttpHeader.cc: "Headers[id].stat.aliveCount"
2578 - Regression Bug 2899: Restore lost rfc1738_unescape() data type
2579 - Regression Bug 2879: headers end finding
2580 - Bug 2876: FD_SETSIZE override not working on all linux distributions
2581 - Check for NULL and empty strings before calling str*cmp().
2582 - Correct parsing of large Gopher indexes
2583
1a10a7e5
AJ		 2584Changes to squid-3.0.STABLE25 (14 Mar 2010):
2585
2586 - Bug 2845: Rework the http digest auth parser
2587 - Bug 2787: unknown/unexpected status code messages
2588 - Bug 2507: squid_ldap_group: Strip Domain name separated by +
2589 - Bug 2367: stale=true on digest requests with unknown nonce
2590 - ... and several other minor corrections
2591
6add0585
AJ		 2592Changes to squid-3.0.STABLE24 (13 Feb 2010):
2593
2594 - Bug 2858: Segment violation in HTCP
2595 - Updated refresh pattern for dynamic pages
2596
bcd1f03d
AJ		 2597Changes to squid-3.0.STABLE23 (02 Feb 2010):
2598
2599 - Bug 2856: removing assert() required for 3.0 patch for SQUID-2010:1
2600 - Regression Fix: Build error in Kerberos helper after library removal.
2601
61544616
AJ		 2602Changes to squid-3.0.STABLE22 (01 Feb 2010):
2603
2604 - Regression Fix: Make Squid abort on all config parse failures.
2605 - Bug 2787: Reduce unexpected http status to non-critical warnings.
2606 - Bug 2496: Downloading some variants in full before relaying
2607 - Bug 2452: Add upper limit to external_acl_type entries.
2608 - Removed optional kerberos/spnegohelp/ library due to licensing issues
2609 - Add client_ip_max_connections
2610 - Handle DNS header-only packets as invalid.
2611
06d0f369
AJ		 2612Changes to squid-3.0.STABLE21 (22 Dec 2009):
2613
2614 - Bug 2830: Clarify where NULL byte is in headers.
2615 - Bug 2778: Linking issues using SunCC
2616 - Bug 2395: FTP errors not displayed
2617 - Bug 2155: Assertion failures on malformed Content-Range response headers
2618 - Fix parsing and a few bugs in ACL time type
2619 - Fix RFC keep-alive compliance on intercepted replies
2620 - Improved security hardening on %nn parser
2621 - Replace several GCC-specific code snippets.
2622
91228e4e
AJ		 2623Changes to squid-3.0.STABLE20 (29 Oct 2009):
2624
2625 - Bug 2794: ESI parsing on FreeBSD
2626 - Bug 2791: assertion failed: MemBuf.cc:400: new_cap > (size_t) capacity
2627 - Bug 2779: Support GNU/kFreeBSD
2628 - Bug 2773: Segfault in RFC2069 Digest authantication
2629 - Bug 2768: squid_ldap_group argument parsing error
2630 - Bug 2761: Gopher and double HTTP response header
2631 - Bug 2735: Incomplete -fhuge-objects detection
2632 - Bug 2722: prevent CONNECT via http_port with accel
2633 - Bug 2624: Invalid response for IMS request
2634 - Bug 2510: digest_ldap_auth TLS support
2635 - Correct LINUX_CAPABILITY actions on non-Linux
2636
98df01e3
AJ		 2637Changes to squid-3.0.STABLE19 (06 Sep 2009):
2638
2639 - Bug 2745: Invalid Response error on small reads
2640 - Bug 2739: DNS resolver option ndots can't be parsed from resolv.conf
2641 - Bug 2734: some compile errors on Solaris
2642 - Bug 2648: stateful helpers stuck in reserved if client disconnects while helper busy
2643 - Bug 2541: Hang in 100% CPU loop while extacting header details using a delimiter other than comma
2644 - Bug 2362: Remove support for deferred state in stateful helpers
2645 - Add 0.0.0.0 as a to_localhost address
2646 - Docs: Improve chroot directive documentation slightly
2647 - Fixup libxml2 include magics, was failing when a configure cache was used
2648 - ... and some minor testing improvements.
2649
b7a1ea6b
AJ		 2650Changes to squid-3.0.STABLE18 (04 Aug 2009):
2651
2652 - Bug 2728: regression: assertion failed: !eof
2653 - Bug 2732: reply_body_max_size smaller than error page loops
2654 infinitely until out of memory
2655 - Bug 2725: pconn failure if domain or client_address are unset
2656 - Bug 2648: reserved helpers not shut down after reconfigure/rotate
2657 - Bug 2462: make check should tell when cppunit is missing
2658 - Remove excess messages about headers < minimum size
2659 - Support Libtool 2.2.6
2660
e7b1c518 2661Changes to squid-3.0.STABLE17 (27 Jul 2009):
68c19036
AJ		 2662
2663 - Bug 2680 regression: Crash after rotate with no helpers running
2664 - Bug 2710: squid_kerb_auth non-terminated string
2665 - Bug 2679: strsep and strtoll detection failure
2666 - Bug 2674: Remove limit on HTTP headers read.
2667 - Bug 2659: String length overflows on append, leading to segfaults
2668 - Bug 2620: Invalid HTTP response codes causes segfault
2669 - Bug 2080: wbinfo_group.pl - false positive under certain conditions
2670 - Bug 1087: ESI processor not quoting attributes correctly.
2671 - Fix: issue with AUFS/UFS/DiskD writing objects to disk cache
2672 - Several small build issues with previous release.
2673
950b7d55
AJ		 2674Changes to squid-3.0.STABLE16 (15 Jun 2009):
2675
2676 - Bug 2672: cacheMemMaxSize 32-bit overflow during snmpwalk
2677 - Bug 2481: Don't set expires: now in generated error responses
2678 - Bug 2387: The calculation of the number of hash buckets correctly
2679 - Fix infinite loop in MSNT auth helper
2680 - Fix FD_SETSIZE on FreeBSD
2681 - Fix stripping NT domain in squid_ldap_group
2682 - Fix RADIUS auth helper build
2683 - Add Translate: and Unless-Modified-Since: headers to known list
2684 - Make fakeauth handle NTLMv2 better
2685 - Better Kerberos support detection
2686 - Several Widows port fixes
2687
6e4fa9b4
AJ		 2688Changes to squid-3.0.STABLE16-RC1 (16 May 2009):
2689
950b7d55 2690 - Bug 1148: Ported from 3.1: Chunked Transfer Encoding
6e4fa9b4
AJ		 2691 - Bug 2648: NTLM helpers not shutting down when deferred
2692
79200081
AJ		 2693Changes to squid-3.0.STABLE15 (06 May 2009):
2694
2695 - Regression Bug 2635: Incorrect Max-Forwards header type
2696 - Bug 2652: 'Success' error on CONNECT requests
2697 - Bug 2625: IDENT receiving errors
2698 - Bug 2610: ipfilter support detection
2699 - Bug 2578: FTP download resume failure
2700 - Bug 2536: %H on HTTPS error pages
2701 - Bug 2491: assertion "age >= 0"
2702 - Bug 2276: too many NTLM helpers running
2703 - Endian system and compiler fixes provided by the NetBSD project
2704 - documentation fixes provided by the Debian project
2705
6c2e5932
AJ		 2706Changes to squid-3.0.STABLE14 (11 Apr 2009):
2707
2708 - Regression Fix: HTTP/0.9 in accelerator mode
2709 - Bug 1232: cache_dir parameter limited to only 63 entries
2710 - Bug 1868: support HTTP 207 status
2711 - Bug 2518: assertion failure on restart/reconfigure
2712 - Bug 2588: coredump in rDNS lookup
2713 - Bug 2595: Out of bounds memory write in squid_kerb_auth
2714 - Bug 2599: Idempotent start
2715 - Bug 2605: Prevent setsid() on helpers in daemon mode
2716 - Fix external_acl_type option parsing
2717 - Fix delay pools counters on FTP
2718 - Fix several issues with ident (some remain)
2719 - Fix performance issues with persistent connections
2720 - Fix performance issues with delay pools
2721 - Fix forwarding of OPTIONS requests
2722 - Add support for HTTP 1.1 Content-Disposition header
2723 - Add support for Windows 7, Windows Server 2008 R2 and later
2724 - ... and many small documentation updates
2725
f636c996
AJ		 2726Changes to squid-3.0.STABLE13 (03 Feb 2009):
2727
2728 - Fix several issues in request parsing
2729 - Fix memory leak from logformat parsing
2730 - Fix various ESI build errors
2731 - ... and some documentation updates
2732
2733Changes to squid-3.0.STABLE12 (21 Jan 2009):
2734
2735 - Bug 2533: Solaris (sparc) 64-bit build breaks with gcc/g++
2736 - Bug 2542: ICAP filters break download resume
2737 - Bug 2556: HTCP fails without icp_port
2738 - Bug 2564: logformat '%tl' field not working as advertised
2739 - Port from 3.1: TestBed basic build consistency checks
2740 - Policy: Change half_closed_clients default to off
2741 - Policy: Removed -V command line option, deprecated by 2.6
2742 - ... and several other minor code cleanups
2743
2744Changes to squid-3.0.STABLE11 (24 Dec 2008):
2745
2746 - Bug 2424: filedescriptors being left unnecessary opened
2747 - Bug 2545: fault passing ICAP filtered traffic to peers
2748 - Bug 2227: Sefgaults in MemBuf::reset during idnsSendQuery
2749 - ... and some minor admin and debug cleanups.
2750
2751Changes to squid-3.0.STABLE11-RC1 (3 Dec 2008):
2752
2753 - Removes patch causing cache of bad objects
2754 - Bug 2526: bad security default in ACLChecklist
2755 - Fixes regression: access.log request size tag
2756 - Fixes cache_peer forceddomainname=X option
2757 - ... and many minor documentation cleanups
2758
7a6e2ecc
AJ		 2759Changes to squid-3.0.STABLE10 (14 Oct 2008):
2760
2761 - Bug 2391: Regression: bad assert in forwarding
2762 - Bug 2447: Segfault on failed TCP DNS query
2763 - Bug 2393: DNS requests getting stuck in idns queue
2764 - Bug 2433: FTP PUT gives bad gateway
2765 - Bug 2465: Limited DragonflyBSD support
2766 - ... and other minor bugs and documentation
2767
2768Changes to squid-3.0.STABLE9 (9 Sep 2008):
2769
2770 - Policy Enforcement: COSS is unusable in 3.0
2771 - Port from 3.1: Language Pack compatibility
2772 - Port from 2.6: Windows Support Notes
2773 - Fix several minor regressions:
2774 HTCP stats reporting
2775 cachemgr delay pool config
2776 CARP build error
2777 - Bug 2340: uudecode dependency for icons removed
2778 - Bug 2352: no_check.pl ntlm challenge fix
2779 - Bug 2426: buffer increase for kerberos auth fields
2780 - Bug 2427: squid_ldap_group codes fix
2781 - Bug 2437: peer name now shown in access.log
2782 - Add sane display of unsupported method errors
2783 - ... and various other code cleanups
2784
2785Changes to squid-3.0.STABLE8 (18 Jul 2008):
2786
2787 - Port from 2.6: Support for cachemgr sub-actions
2788 - Port from 2.6: userhash peer selection method
2789 - Port from 2.6: sourcehash peer selection method
2790 - Bug 2376: round-robin balancing fixes
2791 - Bug 2388: acl documentation cleanup
2792 - Bug 2365: cachemgr.cgi HTML output encoding
2793 - Bug 2301: Regression: Log format size options
2794 - Bug 2396: Correct the opening of PF device file.
2795 - Bug 2400: ICAP accept mechanism
2796 - Bug 2411: Regression: fakeauth_auth crashes
2797 - Many fixes to the Windows support (not complete yet).
2798 - Boost error pages HTML standards.
2799 - Fixes several issues on 64-bit systems
2800 - Fixes several issues on older or stricter compilers
2801 - Linux-2.6.24/2.6.25 netfilter_ipv4.h __u32 workaround
2802 - Update Release Notes: 'all' ACL is built-in since 3.0.STABLE1
2803
2804Changes to squid-3.0.STABLE7 (22 Jun 2008):
2805
2806 - Fix several ASN issues
2807 - Fix SNMP reporting of counters
2808 - Fix round-robin algorithms
2809 - GCC 4.3 support
2810 - Netfilter v1.4.0 bug workaround
2811 - Bugs 2350 and 2323: memory issues
2812 - Bugs 2384, 951, 1566: ESI assertions
2813 - Various minor debug and documentation cleanups
f1233d8c
AJ		 2814
2815Changes to squid-3.0.STABLE6 (20 May 2008):
2816
2817 - Bug 2254: umask Feature from 2.6 added
2818 - cachemgr.cgi default config file added
2819 - Several authentication bug fixes
2820 - Improved Windows Support
2821 - better DNS lookup methods for unqualified hostames
2822 - better support for 64-bit environments
2823 - Bug 2332: Crash when tunnelling
2824 - Removed the advertisement clause from BSD licenses
2825 according to the GPLv2+ changes in BSD
2826 - ... and other bugs and minor cleanups
2827
2828Changes to squid-3.0.STABLE5 (28 Apr 2008):
2829
2830 - Support for resolv.conf 'domain' option
2831 - Improved URI support, including
2832 longer URI up to 8192 bytes accepted
2833 better handling of intercepted URI
2834 better port for non-FQDN URI lookups
2835 - Improved logging, including
2836 Bug 3210 fixed: incorrect timestamp format in earlier 3.0 releases.
2837 Fixed 'log_ip_on_direct' option behaviour
2838 - Support for profiling on x86 64-bit systems
2839 - .. and other bugs and minor code cleanups.
2840
2841Changes to squid-3.0.STABLE4 (2 Apr 2008):
2842
2843 - Bug 2288: compile error slipped into STABLE3.
2844
2845Changes to squid-3.0.STABLE3 (31 Mar 2008):
2846
2847 - Improved HTTP 1.1 support.
2848 - Improved MacOSX (Leopard) support
2849 - Bug 2206: Proxy-Authentication regression in STABLE2.
2850 - Strip Domain from NTLM usernames for use in class 4 Delay Pools
2851 - ... and other bugs and minor code cleanup
2852
2853Changes to squid-3.0.STABLE2 (1 Mar 2008):
2854
2855 - Add myportname ACL for matching the accepting port name (see release notes)
2856 - Add include directive for squid.conf (see release notes)
2857 - Add ability to strip kerberos realm from usernames during Auth
2858 - License cleanup to comply with GPLv2 or later
2859 - Updated Error Pages and Translations
2860 - Updated configuration examples
2861 - Updated valgrind support for valgrind-3.3.0
2862 - Improved support for Windows and MacOS X Leopard
2863 - Improved support for files larger than 2GB
2864 - Improved support for CARP arrays and WCCPv2
2865 - Improved cachmgr, SNMP, and log reporting
2866 - ... and as usual Many bug fixes since STABLE 1
70c5dfb2 2867
284237d4 2868Changes to squid-3.0.STABLE1 (13 Dec 2007):
3ff01c3e 2869
2870 - Major rewrite translating the code to C++, originally based on
2871 Squid-2.5.STABLE1
2872 - Internal client streams concept for content adaptation
2873 - ICAP (Internet Content Adaptation Protocol) client support
2874 - ESI (Edge Side Includes) support added
284237d4 2875 - Improved support for files larger than 2GB.
3ff01c3e 2876 - And a lot more. Most features from Squid-2.6 is supported, but not
2877 all. See the release notes for details.
2878
9ae33c59
AJ		 2879
2880Squid-2 ChangeLog of versions fully ported to Squid-3 follows.
2881
2882Changes to squid-2.6.STABLE22 (19 October 2008)
2883
2884 - Bug #2396: Correct the opening of the PF device file.
2885 - Make --with-large-files and --with-build-envirnment=default play
2886 nice together
2887 - Workaround for Linux-2.6.24 & 2.6.25 netfiler_ipv4.h include header
2888 __u32 problem
2889 - Make dns_nameserver work when using --disable-internal-dns on glibc
2890 based systems
2891 - Bug #2426: Increase negotiate auth token buffer size
2892 - Bug #2427: squid_ldap_group -h reports the old % codes for -f
2893 - Bug #2477: swap.state permission issues if crashing during "squid -k
2894 reconfigure"
2895 - Windows port: Fix build error using latest MinGW runtime.
2896
2897
2898
3ff01c3e 2899Older ChangeLog follows. The sections relating to Squid-2.6 is not entirely
2900authorative for this release and mirrored here for reference only.
f1233d8c 2901
467c94d1 2902 - CARP now plays well with the other peering algorithms,
2903 and support for CARP peerings is compiled by default. Can be
2904 disabled by --disable-carp
1741cbad 2905 - Configuration file can be read from an external program
2906 or preprocessor. See squid.8 man page.
52f772de 2907 - http_port is now optional, allowing for SSL only operation
4ca261f2 2908 - Satellite and other high latency peering relations enhancements
2909 (Robert Cohren)
a9245686 2910 - Nuked num32 types, and made type detection more robust by the
2911 use of typedefs rather than #defines.
b5fb34f1 2912 - the mailto links on Squid's ERR pages now contain data about the
2913 occurred error by default, so that the email will contain this data in
2914 its body. This feature can be disabled via the email_err_data directive.
9ae33c59 2915 (Clemens L?ser)
c8f4eac4 2916 - COSS now uses a file called stripe and the path in squid.conf is the
2917 directory this is placed in. Additionally squid -z will create the
2918 COSS swapfile.
14f5b6c3 2919 - WCCPv2 support, including mask assignment support
5401aa8d 2920 - HTCP support for access control and the CRL operation for
2921 purgeing of cache content
14f5b6c3 2922 - ICAP related fixes
2923 - Windows-related fixes, including Vista and Longhorn identification
2924 - Client-side parsing and some string use optimisations
2925 - Lots of off-by-one and memory leaks in corner cases have been fixed
2926 thanks to valgrind
2927 - Improved high-resolution profiling
2928 - Windows overlapped-IO and thread support added to the Async IO disk code
2929 - Improvements for handling large DNS replies
a7c8cce0 2930
3ff01c3e 2931Changes to squid-2.6.STABLE15 (31 Aug 2007)
2932
2933 - The select() I/O loop got broken by the /dev/poll addition
2934 (2.6.STABLE14)
2935 - Bug #2017: Fails to work around broken servers sending just the HTTP
2936 headers
2937 - Bug #2023: Compile error with old GCC 2.x or other ANSI-C compilers
2938 before C99
2939 - squid.conf.default updated and reorganised in more sensible groups
2940 - correct and document the syslog access_log format
2941 - Armenian error pages translation
2942 - digest_ldap_helper usage help updated
2943 - Bug #1560: ftpSendPasv: getsockname(-1,..): (9) Bad file descriptor
2944 - Improve delay pools in low traffic environment by checking timeouts
2945 at a steady 1 second interval even when there is not much activity
2946 - Don't request authentication on transparently intercepted
2947 connections
2948 - Cleanup linux capabilities for tproxy
2949 - Bug #2003: 'via' config directive doesn't affect response headers
2950 - Bug #1902: Adds Numeric Hit and invalid request counters to IP Cache
2951 - Add missing $|=1 to squid_db_auth
2952 - Bug #2050: Persistent connection dropped if cache has no
2953 Content-Length
2954 - Verify the URL on memory cache hits
2955 - Bug #2057: NTLM stop work in messengers after upgrade to 2.6.STABLE14
2956 - Bug #1972: Squid sets peers to down state when they are in fact
2957 working.
2958 - potential segmentation fault in storeLocateVary()
2959 - Bug #2066: chdir after chroot
2960 - Windows port: Fix compiler warnings when building Squid as
2961 application (not Windows service mode)
2962 - Spelling correction of received
2963
2964Changes to squid-2.6.STABLE14 (15 Jul 2007)
2965
2966 - squid.conf.default cleanup to have options in their proper sections.
2967 - documentation correction in the refresh_pattern ignore-auth option
2968 - URI-escaping not uses the recommended upper-case hex codes
2969 - refresh_pattern min-age 0 correted to really mean 0, and not 1 second
2970 - Always use xisxxxx() Squid defined macros instead of ctype
2971 functions.
2972 - Kerberos SPNEGO/Negotiate helper for the negotiate scheme
2973 - Database basic auth helper using Perl DBI to connect to most SQL DBs
2974 - Solaris /dev/poll network I/O support
2975 - configure fixes to make cross compilation somewhat easier
2976 - Removed incorrect -a reference from http_port documentation
2977 - Bug #1900: Double "squid -k shutdown" makes Squid restart again
2978 - Bug #1968: Squid hangs occasionally when using DNS search paths
2979 - Novell eDirectory digest auth helper (digest_edir_auth)
2980 - Bug #1130: min-size option for cache_dir
2981 - POP3 basic auth helper querying a POP3 server
2982 - Cosmetic squid_ldap_auth fixes from Squid-3
2983 - Bug #1085: Add no-wrap to cache manager HTML tables
2984 - Automatically restart if number of available filedescriptors becomes
2985 alarmingly low, preventing a situation where Squid would otherwise
2986 permanently stop processing requests.
2987 - Bug #2010: snmp_core.cc:828: warning: array subscript is above
2988 array bounds
2989 - Deal better with forwarding loops
2990
2991Changes to squid-2.6.STABLE13 (11 May 2007)
2992
2993 - Make sure reply headers gets sent even if there is no body available
2994 yet, fixing RealMedia streaming over HTTP issues.
2995 - Undo an accidental name change of storeUnregisterAbort.
2996 - Kill an ancient malplaced storeUnregisterAbort call from ftp.c
2997 - Bug #1814: SSL memory leak on persistent SSL connections
2998 - Don't log ECONNREFUSED/ECONNABORTED accept failures in cache.log
2999 - Cosmetic fix: added missing newline in WCCPv2 configuration dump.
3000 - Ukrainan error messages
3001 - Convert various error pages from DOS to UNIX text format
3002 - Bug #1820: COSS assertion failure t->length == MD5_DIGEST_CHARS
3003 - Clarify the max-conn=n cache_peer option syntax slightly
3004 - Bug #1892: COSS segfault on shutdown
3005 - Windows port: fix undefined ECONNABORTED
3006 - Make refreshIsCachable handle ETag as a cache validator, not
3007 only last-modified
3008 - in_port_t is not portable, use unsigned short instead
3009 - Fix fs / auth / snmp dependencies
3010 - Portability: statfs() may reqire #include <sys/statfs.h>
3011
3012Changes to squid-2.6.STABLE12 (20 Mar 2007)
3013
3014 - Assertion error on TRACE
3015
3016Changes to squid-2.6.STABLE11 (17 Mar 2007)
3017
3018 - Bug #1915: assertion failed: client_side.c:4055: "buf != NULL ||
3019 !conn->body.request"
3020 - Handle garbage helper responses better in concurrent protocol format
3021 - Fix kqueue when overflowing the changes queue
3022 - Make sure the child worker process commits suicide if it could
3023 not start up
3024 - Don't log short responses at debug level 1
3025 - Fix bswap16 & bwsap32 error on NetBSD
3026 - Fix collapsed_forwarding for non-GET requests
3027
3028Changes to squid-2.6.STABLE10 (4 Mar 2007)
3029
3030 - Upgrade HTTP/0.9 responses to our HTTP version (HTTP/1.0)
3031 - various diskd bugfixes
3032 - In the access.log hierarchy field log the unique peer name
3033 instead of the host name
3034 - unlinkdClose() should be called after (not before) storeDirSync()
3035 - CLEAN_BUF_SZ was defined, but never used anywhere
3036 - logging HTTP-request size
3037 - Fix icmp pinger communication on FreeBSD and other not supporing
3038 large dgram AF_UNIX sockets
3039 - Release objects on swapin failure
3040 - Bug #1787: Objects stuck in cache if origin server clock in future
3041 - Bug #1420: 302 responses with an Expires header is always cached
3042 - Primitive support for HTTP/1.1 chunked encoding, working around
3043 broken servers
3044 - Clean up relations between TCP probing and DNS checks of peers with
3045 no known addresses.
3046 - Fix a minor HTML coding error in ftp directory listings with // in
3047 the path
3048 - Bug #1875, #1420. Cleanup of refresh logics when dealing with
3049 non-refreshable content
3050 - Gopher cleanups and bugfixes
3051 - Negotiate authentication fixed again. Broken since STABLE7 by the
3052 patch for Bug #1792.
3053 - Bug #1892: COSS tries to shut down the same directory twice on exit
3054 - Bug #1908: store*DirRebuildFromSwapLog() ignores some SWAP_LOG_DEL
3055 entries
3056 - Added support for Subversion HTTP request methods MKACTIVITY,
3057 CHECKOUT and MERGE.
3058
3059Changes to squid-2.6.STABLE9 (24 Jan 2007)
3060
3061 - Bug #1878: If-Modified-Since broken in 2.6.STABLE8
3062 - Bug #1877 diskd bug in storeDiskdIOCallback()
3063
3064Changes to squid-2.6.STABLE8 (21 Jan 2007)
3065
3066 - Bug #1873: authenticateNTLMFixErrorHeader: state 4.
3067 - Document the https_port vhost option, useful in combination with
3068 a wildcard certificate
3069 - Document the existence of connection pinning / forwarding of NTLM
3070 auth and a few other features overlooked in the release notes.
3071 - Spelling correction of the ssl cache_peer option
3072 - Add back the optional "accel" http_port option. Makes accelerator
3073 mode configurations easier to read.
3074 - Bug #1872: Date parsing error causing objects to get unexpectedly
3075 cached.
3076 - Cleanup to have the access.log tags autogenerated from enums.h
3077 - Bug #1783: STALE: Entry's timestamp greater than check time. Clock
3078 going backwards?
3079 - Don't update object timestamps on a failed revalidation.
3080 - Fix how ftp://user@host URLs is rendered when Squid is built with
3081 leak checking enabled
3082
3083Changes to squid-2.6.STABLE7 (13 Jan 2007)
3084
3085 - Windows port: Fix intermittent build error using Visual Studio
3086 - Add missing tproxy info from the dump of http port configuration
3087 - Bug #1853: Support for ARP ACL on NetBSD
3088 - clientNatLookup(): fix wrong function name in debug messages
3089 - Convert ncsa_auth man page from DOS to Unix text format.
3090 - Bug #1858: digest_ldap_auth had some remains of old hash format
3091 - Correct the select_loops counter when using select(). Was counted twice
3092 - Clarify the http_port vhost option a bit
3093 - Fix cache-control: max-stale without value or bad value
3094 - Bug #1857: Segmentation fault on certain types of ftp:// requests
3095 - Bug #1848: external_acl crashes with an infinite loop under high load
3096 - Bug #1792: max_user_ip not working with NTLM authentication
3097 - Bug #1865: deny_info redirection with authentication related acls
3098 - Small example on how to use the squid_session helper
3099 - Bug #1863: cache_peer monitorurl, monitorsize and monitorinterval not working properly
3100 - Clarify the transparent http_port option a bit more
3101 - Bug #1828: squid.conf docutemtation error for proxy_auth digest
3102 - Bug #1867: squid.pid isn't removed on shutdown
3103
3104Changes to squid-2.6.STABLE6 (12 Dec 2006)
3105
3106 - Bug #1817: Assertion failure assert(buflen >= copy_sz) in htcp.c htcpBuildAuth()
3107 - Add client source port logformat tag >p
3108 - Cleanup of transparent & accelerator mode request parsing to untangle the firewall dependencies a bit
3109 - Bug #1799: Harmless 1 byte buffer overflow on long host names in /etc/hosts
3110 - automake no longer recommends mkinstalldirs. Removed.
3111 - Only use crypt() if it's available, allowing ncsa_auth to be built
3112 on platofms without crypt() support.
3113 - Windows port documentation updates
3114 - Bug #1818: Assertion failure assert(e->swap_dirn >= 0) in fs/coss/store_dir_coss.c storeCoss_DeleteStoreEntry
3115 - Bug #1117: assertion failed: aufs/store_dir_aufs.c:642: "rb->flags.need_to_validate"
3116 - Remove extra newline in redirect message sent by deny_info http://... aclname
3117 - Bug #1805: assertion failed: StatHist.c:195: "D[i] >= 0"
3118 - Clarify the external_acl_type helper format specification and some defaults
3119 - Add support for the weight= parameter to round-robin peers
3120 - Bug #1832: Error building squid-2.6.STABLE5 using --enable-truncate
3121 - Convert snmpDebugOid to use a temporary String object instead of strcat
3122 - Document that proxy_auth also accepts -i for case-insensitive operation
3123 - Remove malloc/free of temporary buffer in time parsing routines.
3124 - Reduce memory allocator pressure by not continually allocating client-side read buffers
3125 - Accept large dates >2^31 on 64-bit platformst. Seen for example in the Google logo.
3126 - Convert the connStateData->chr single link list to a normal dlink_list for clarity.
3127 - Bug #1584: Unable to register with multiple WCCP2 routers
3128 - Fix the WCCPv2 mask assignment code to not crash as the value assignments are built.
3129 - Bug #439: Multicast ICP peering is unstable and considers most peers dead
3130 - Bug #1801: NTLM authentication ends up in a loop if the server responds with a retriable error
3131 - Bug #1839: Cosmetic debug message cleanup in peerHandleHtcpReply.
3132 - Bug #1840: Disable digest and netdb queries to multicast peers
3133 - Bug #1641: assertion failed: stmem.c:149: "size > 0" while processing certain Vary objects
3134 - Fix build errors when using latest MinGW Windows environment
3135
3136Changes to squid-2.6.STABLE5 (3 Now 2006)
3137
3138 - Bug #1776: 2.6.STABLE4 aufs fails to compile if coss isn't enabled
3139 - COSS improvements and cleanups
3140 - SNMP linking issue resolved, enabling SNMP support to be build in all platforms
3141 - Bug #1784: access_log syslog results in blanks syslog lines between every entry
3142 - Bug #1719: Incorrect error message on invalid cache_peer specifications
3143 - Bug #1785: Memory leak in handling of negatively cached objects
3144 - Bug #1780: Incorrect Vary processing in combination with collapsed_forwarding
3145 - Bug #1782: Memory leak in ncsa_auth on password changes
3146 - Suppress some annoying coss startup messages raising the debug level to 2.
3147 - Clarify the external_acl_helper concurrency= change.
3148 - aioDone() could be called twice from aufs and from coss (when using AIOPS) during shutdown.
3149 - Bug #1794: Accept 00:00-24:00 as a valid time specification even if redundand and the same as 00:00-23:59
3150 - Bug #1795: Theoretical memory leak in storeSetPublicKey
3151 - Removing port 563 from the default SSL_ports and Safe_ports ACLs
3152 - Bug #1724: Automatically enable Linux Netfilter support with --enable-linux-tproxy.
3153 - Bug #1800: squid -k reconfigure crash when using req/rep_header acls
3154 - Clarify the select/poll/kqueue/epoll configure --enable/disable options
3155 - Bug #1779: Delay pools fairness when multiple connections compete for bandwidth
3156 - Bug #1802: Crash on exit in certain conditions where cache.log is not writeable
3157 - Bug #1796: Assertion error HttpHeader.c:914: "str"
3158 - Bug #1790: Crash on wccp2 + mask assignement + standard wccp service
3159 - Silence harmless gcc compile warning.
3160 - Clean up poll memory on shutdown
3161 - Ported select, poll and win32 to new comm event framework
3162 - Windows port: Correctly identify Windows Vista and Windows Server Longhorn
3163 - Added a basic comm_select_simple comm loop only requiring minimal POSIX compliance.
3164 - Safeguard from kb_t counter overflows on 32-bit platforms
3165
3166Changes to squid-2.6.STABLE4 (23 Sep 2006)
3167
3168 - Bug #1736: Missing Italian translation of ERR_TOO_BIG error page
3169 - Windows port enhancement: added native exception handler with signal emulation
3170 - Fix the %un log_format tag again. Got broken in 2.6.STABLE2
3171 - Fix Squid crash when using %a in ERR_INVALID_REQ and ERR_INVALID_URL error messages.
3172 - Bug #212: variable %i always 0.0.0.0 in many error pages
3173 - Bug #1708: Ports in ACL accepts characters and out of range
3174 - Bug #1706: Squid time acl accepts invalid time range.
3175 - Fix another harmless fake_auth compiler warning on gcc 4.1.1 x86
3176 - Fix an harmless snmp_core.c compiler warning on gcc 4.1.1 x86
3177 - Bug #1744: squid-2.6.STABLE3 - fakeauth_auth crashing on certain requests
3178 - Bug #1746: Harmless off by one overrun in ncsa_auth md5 password validation
3179 - Bug #1598: start_announce cannot be disabled
3180 - Periodically flush cache.log to disk when "buffered_logs on" is set
3181 - Numerous COSS improvements and fixes
3182 - Windows port: merge of MinGW support
3183 - Windows port: Merged Windows threads support into aufs
3184 - Bug #1759: Windows port cachemgr.cgi attempts to write to file system root directory
3185 - Numerous portability fixes
3186 - Various minor statistics cleanup on 64-bit hosts with more than 4GB of memory
3187 - Bug #1758: HEAD on ftp:// URLs always returned 200 OK.
3188 - Bug #1760: FTP related memory leak
3189 - Bug #1770: WCCP2 weighted assignment
3190 - Bug #1768: Redundant DNS PTR lookups
3191 - Bug #1696: Add support for wccpv2 mask assignment
3192 - Bug #1774: ncsa_auth support for cramfs timestamps
3193 - Bug #1769: near-hit and filedescriptor usage missing in SNMP MIB
3194 - Bug #1725: cache_peer login=PASS documentation somewhat confusing
3195 - Bug #1590: Silence those ETag loop warnings
3196 - Bug #1740: Squid crashes on certain malformed HTTP responses
3197 - Bug #1699: assertion failed: authenticate.c:836: "auth_user_request != NULL"
3198 - Improve error reporting on unexpected CONNECT requests in accelerator mode
3199 - Cosmetic change to increase cache.log detail level on invalid requests
3200 - Bug #1229: http_port and other directives accept invalid ports
3201 - Reject http_port specifications using both transparent and accelerator options
3202 - Cosmetic cleanup to not dump stacktraces on configuration errors
3203
3204
3205Changes to squid-2.6.STABLE3 (18 Aug 2006)
3206
3207 - Bug #1577: assertion failed "fm->max_n_files <= (1 << 24)" on
3208 very large cache_dir. Limit number of objects stored to slightly
3209 less to avoid this.
3210 - Bug #1705: Correct error message on invalid time weekday specification
3211 - Don't attempt to guess netmask in src/dst acl specifications
3212 if none was provided. Assume it's an IP even if it ends in 0
3213 - Bug #1665: log_format %ue, %us tags for external or ssl user id
3214 - Bug #1707: delay pools often ignored the set limit
3215 - Bug #1716: Support for recent OpenSSL 0.9.7 versions
3216 (0.9.8 always worked)
3217 - COSS fixes and performance improvements
3218 - Memory leak when reading configuration files with overlapping
3219 ACL data where squid -k parse complains.
3220 - Memory leak related to pinned connections
3221 - Show include acls unexpanded in cachemgr configuration dumps
3222 - Fixed WARNING defer handler for HTTP Socket does not call commDeferFD
3223 - Bug #1304: Downloads may hang when using the cache_dir max-size option
3224 - Optimization of network I/O
3225 - Bug #1730: make problem with --enable-follow-x-forwarded-for on Solaris
3226 - Fixed a memory leak on certain invalid requests
3227 - Bug #1733: ERR_CANNOT_FORWARD Portuguese translation update
3228 - Bug #582: ntlm fake_auth not handles non-ascii login names
3229 - New startup message indicating the type of event loop used
3230 - Bug #1602: TCP fallback on truncated DNS responses
3231 - Bug #1667: assertion failed: store.c:1081: "e->store_status == STORE_PENDING"
3232 - Bug #1723: cachemgr now works in accelerator mode
3233
3234Changes to squid-2.6.STABLE2 (31 Jul 2006)
3235
3236 - WCCP2 doesn't update statCounter.syscalls.sock.sendtos counter.
3237 - Releasenotes Table of contents should use relative links without
3238 filename.
3239 - Reject HTTP/0.9 formatted CONNECT requests.
3240 - Cosmetic cleanup to use safe_free instead of xfree + manual
3241 assign to NULL
3242 - Bug #1650: transparent interception "Unable to forward this
3243 request at this time"
3244 - Bug #1658: Memory corruption when using client-side SSL certificates
3245 - Add storeRecycle; a storeIO method to delete a StoreEntry w/out
3246 deleting the underlying object.
3247 - Many COSS fixes and new coss data dumper utility for diagnostics
3248 - Bug #1669: SEGV in storeAddVaryReadOld
3249 - Many fixes in debug sections and spelling of debug messages
3250 - Don't keep client connection persistent if there was a mismatch in
3251 the response size.
3252 - Move eventCleanup debug messages to debug level 2 (was 0)
3253 - Add the missing concurrency parameters to basic and digest auth
3254 schemes
3255 - Bug #1670: assertion failure: i->prefix_size > 0 in client_side.c:2509
3256 - Log SSL user id in the custom log User name format (%un)
3257 - Bug #1653: Username info not logged into Cachemgr active_requests
3258 statistics
3259 - Added to the redirectors interface the support for SSL client
3260 certificate
3261 - squid.conf.default cleanup to remove references to old options
3262 - Fix many filedescriptors in combination with TPROXY
3263 - Fix connection pinning in transparently intercepted connections
3264 - Bug #1679: LDFLAGS not honored in some programs.
3265 - Minor cleanup of port numbers in transparent interception or
3266 vhost + vport
3267 - Bug #1671: transparent interception fails with FreeBSD ipfw or
3268 Linux-2.2 ipchains
3269 - Bug #1660: Accept-Encoding related memory corruption
3270 - Bug #1651: Odd results if url_rewriter defined multiple times
3271 - Bug #1655: Squid does not produce coredumps under linux when
3272 started as root
3273 - Bug #1673: cache digests not served to other caches
3274 - Cleanup of Linux capability code used by tproxy
3275 - Bug #1684: xstrdup: tried to dup a NULL pointer!
3276 - Bug #1668: unchecked vsnprintf() return code could lead to log
3277 corruption
3278 - Bug #1688: Assertion failure in HttpHeader.c in some header_access
3279 configurations
3280 - Cygwin support fir --disable-internal-dns
3281 - Silence those annoying sslReadServer: Connection reset by peer
3282 errors.
3283 - Bug #1693: persistent connections broken in transparent
3284 interception mode
3285 - Bug #1691: multicast peering issues
3286 - Bug #1696: Correct WCCP2 processing of router capability info
3287 segments
3288 - Bug #1694: Assertion failure in mgr:config if using
3289 access_log_format %<h
3290 - Bug #1677: Duplicate etags in the If-None-Match header
3291 - Bug #1665: access_log_format codes for login names from external
3292 acl or ssl
3293 - Bug #1681: All ntlmauthenticator processes are busy
3294 - Added ARP acl support for OpenBSD and ARP fixes for Windows
3295 - Bug #1700: WCCP fails on FreeBSD (Unable to disconnect WCCP out
3296 socket)
3297 - WCCP2 correct dampening of assign buckets when there it lots of
3298 changes
3299 - minimum_expiry_time to tune the magic 60 seconds limit of what
3300 is considered cachable when the object doesn't have any cache
3301 validators.
3302 - Bug #1703: wrong path to diskd helper corrected, and config
3303 parser extended to trap incorrect paths early
3304 - Bug #1703: COSS failed to initialize async-io threads
3305 - Bug #1703: should abort if diskd helper exits unexpectedly
3306 - Bug #1702: Warn if acl name is too long
3307 - Bug #1685: Crashes or other odd results after storeSwapMetaUnpack: errors
3308 - wccp2_rebuild_wait directive to delay registering with WCCP until the
3309 - Bug #1662: Infinite loop in external acl with grace period if the
3310 same http_access line had multiple external acls
3311
3312Changes to squid-2.6.STABLE1 (1 Jul 2006)
3313
3314 - New --enable-default-hostsfile configure option
3315 - Added username info to active_requests cachemgr stats
3316 - Modified squid MIB to incorporate squid.conf visible_hostname
3317 - Added multi-line capability in squid.conf
3318 - Added new httpd_suppress_version_string configuration directive
3319 - WCCPv2 support
3320 - Negotiate authentication scheme support
3321 - NTLM authentication scheme rewritten
3322 - Customizable access log formats
3323 - Selective access logging
3324 - Access logging via syslog
3325 - Reverse proxy enhancements, with new cache_peer based forwarding
3326 model.
3327 - LDAP based Digest helper (Note: not true LDAP integration, just using
3328 LDAP for storage of the Digest hashes)
3329 - Improved helper communication protocol
3330 - External ACL improvements. %PATH, log=, grace=, and more..
3331 - Improved SSL support with hardware offload, client certificate
3332 support (primitive), chained certificates and numerous bug fixes
3333 - DNS lookups now use the search path from /etc/resolv.conf or
3334 the Windows registry
3335 - Linux epoll support
3336 - collapsed forwarding to optimize reverse proxies or other
3337 setups having very many clients going to the same URL
3338 - New improved COSS implementation
3339 - Optional support for blank passwords
3340 - The old and obsolete Samba-2.2.X winbind helpers have been removed
3341 - external acls now uses the simplified URL-escaped protol "3.0" by
3342 default.
3343 - Linux TPROXY support
3344 - Support for proxying of Microsoft Integrated Login by adding
3345 support for the deviations from the HTTP protocol required
3346 to support these authentication mechanisms
3347 - Added the capability to run as a Windows service under Cygwin
3348 - CARP now plays well with the other peering algorithms
3349 - read_ahead_gap option to read ahead more than 16KB of the reply
3350 - check_hostnames and allow_underscore squid.conf options
3351 - http_port is now optional, allowing for SSL only operation
3352 - Full ETag/Vary support, caching responses which varies with
3353 request details (browser, language etc).
3354 - umask now defaults to 027 to protect the content of cache and
3355 log files from local users
3356 - HTCP support for access control and the CRL operation for
3357 purgeing of cache content
3358 - Optionally follow X-Forwarded-For headers to determine the original
3359 client IP behind sedond level proxies
3360 - FreeBSD kqueue support
3361
3362Changes to squid-2.5.STABLE14 (20 May 2006)
3363 - [Minor] icons not displayed when visible_hostname is a
3364 short hostname (without domain). (Bug #1532)
3365 - [Medium] Memleak in HTCP client code (default disabled)
3366 (Bug #1553)
3367 - [Major] memory leak in ident processing (Bug #1557)
3368 - [Medium] Memory leak in header processing related to external_acl
3369 header detail format tag (Bug #1564)
3370
3371Changes to squid-2.5.STABLE13 (12 Mar 2006)
3372 - [Minor] Fails to compile on Solaris and some other platforms
3373 with undefined reference to setenv (Bug #1435)
3374 - [Cosmetic] Added WebDAV REPORT method to know HTTP methods list
3375 - [Minor] Squid ntlm_auth (not the Samba provided one) giving
3376 odd results if --enable-ntlm-fail-open is used (Bug #1022)
3377 - [Minor] wbinfo_group.pl doesn't work with Samba 3.0.21 and later
3378 (Bug #1472)
3379 - [Minor] Squid crash when asyncio function counters url accessed
3380 from Cachemgr CGI (Bug #1464)
3381 - [Cosmetic] Linux compile warning about prctl called with too few
3382 arguments (Bug #1483)
3383 - [Minor] Wrong timezone declaration for 64 bit Irix (Bug #1479)
3384 - [Minor] Some 206 responses logged incorrectly (Bug #1511)
3385 - [Minor] Issues in processing ranges on objects >2GB (Bug #437)
3386 - [Cosmetic] Segmentation fault on empty proxy_auth ACLs (Bug #1414)
3387 - [Minor] Ident access lists don't work in delay_access statements
3388 (Bug #1428)
3389 - [Minor] Some clients support NTLM even if not initially negotiating
3390 persistent connections (Bug #1447)
3391 - [Medium] 504 Gateway Time-out on FTP uploads (Bug #1459)
3392 - [Medium] delay pools given too much bandwidht after "-k reconfigure"
3393 (Bug #1481)
3394 - [Cosmetic] New persistent_connection_after_error configuration
3395 directive (Bug #1482)
3396 - [Cosmetic] Hangs at 100% CPU if /dev/null is not accessible (Bug
3397 #1484)
3398 - [Minor] Fails to compile on Fedora Core 5 test 2 x86_64 (Bug #1492)
3399 - [Cosmetic] Typo in ftp.c (Bug #1507)
3400 - [Cosmetic] Error in FTP listings of files with -> in their name
3401 (Bug #1508)
3402 - [Cosmetic] With Squid-2.5 there is no more the DUPLICATE IP logging
3403 in cache.log (Bug #779)
3404 - [Minor] Fails to process long host names (Bug #1434)
3405 - [Cosmetic] Azerbaijani errors translation (Bug #1454)
3406 - [Cosmetic] misleading error message message for bad/unresolveable
3407 cache_peer name (Bug #1504)
3408 - [Cosmetic] confusing statistics on stateful helpers (NTLM auth)
3409 (Bug #1506)
3410 - [Major] connstate memory leak (Bug #1522)
3411
3412Changes to squid-2.5.STABLE12 (22 Oct 2005)
3413
3414 - [Major] Error introduced in 2.5.STABLE11 causing truncated responses
3415 when using delay pools (Bug #1405)
3416 - [Cosmetic] Document that tcp_outgoing_* works badly in combination
3417 with server_persistent_connections (Bug #454)
3418 - [Cosmetic] Add additinal tracing to squid_ldap_auth making
3419 diagnostics easier on squid_ldap_auth configuration errors
3420 (Bug #1395)
3421 - [Minor] $HOME not set when started as root (Bug #1401)
3422 - [Minor] httpd_accel_single_host breaks in combination with
3423 server_persistent_connections (Bug #1402)
3424 - [Cosmetic] Setting CACHE_HTTP_PORT to configure was only partially
3425 implemented, effectively ignored. (Bug #1403)
3426 - [Minor] CNAME based DNS addresses could get cached for longer
3427 than intended (Bug #1404)
3428 - [Minor] Incorrect handling of squid-internal-dynamic/netdb exchanges
3429 in transparently intercepting proxies (Bug #1410).
3430 - [Minor] Cache revalidations on HEAD requests causing poor cache
3431 hit ratio (Bug #1411).
3432 - [Minor] Not possible to send 302 redirects via a redirector in
3433 response to CONNECT requests (bug #1412)
3434 - [Minor] Incorrect handling of Set-Cookie on cache refreshes (Bug
3435 #1419)
3436 - [Major] Segmentation fault crash in rfc1738_do_escape (Bug #1426)
3437 - [Minor] Delay pools class 3 fails on clients in network 255
3438 (Bug #1431)
3439
3440Changes to squid-2.5.STABLE11 (22 Sep 2005)
3441
3442 - [Minor] Workaround for servers sending double content-length headers
3443 (Bug #1305)
3444 - [Cosmetic] Updated Spanish error messages by Nicolas Ruiz
3445 - [Cosmetic] Date header corrected on internal objects (icons etc)
3446 (Bug #1275)
3447 - [Minor] squid -k fails in combination with chroot after patch for
3448 bug 1157 (Bug #1307)
3449 - [Cosmetic] Segmentation fault if compiled with
3450 --enable-ipf-transparent but denied access to the NAT device.
3451 (Bug #1313)
3452 - [Minor] httpd_accel_signle_host incompatible with redireection
3453 (Bug #1314)
3454 - [Minor] squid -k reconfigure internal corruption if the type of
3455 a cache_dir is changed (Bug #1308)
3456 - [Minor] SNMP GETNEXT fails if the given OID is outside the Squid MIB
3457 (Bug #1317)
3458 - [Minor] Title in FTP listings somewhat messed up after previous
3459 patch for bug 1220 (Bug #1220)
3460 - [Minor] FTP listings uses "BASE HREF" much more than it needs to,
3461 confusing authentication. (Bug #1204)
3462 - [Minor] winfo_group.pl only looked for the first group if multiple
3463 groups were defined in the same acl. (Bug #1333)
3464 - [Cosmetic] Compiler warnings on some 64-bit platforms (Bug #1316)
3465 - [Cosmetic] Removed some debug output from wb_ntlm_atuh (Bug #518)
3466 - [Cosmetic] The new --with-build-environment=... option doesn't work
3467 - [Cosmetic] New 'mail_program' configuration option in squid.conf
3468 - [Minor] Fails to compile with ip-filter and ARP support on Solaris
3469 x86 (Bug #199)
3470 - [Major] Segmentation fault in sslConnectTimeout (Bug #1355)
3471 - [Medium] assertion failed in StatHist.c:93 (Bug #1325)
3472 - [Minor] More chroot_dir and squid -k reconfigure issues (Bug #1331)
3473 - [Cosmetic] Invalid URLs in error messages when failing to connect
3474 to peer, and a few other inconsistent error messages (Bug #1342)
3475 - [Cosmetic] Fails to compile with glibc -D_FORTIFY_SOURCE=2
3476 (Bug #1344)
3477 - [Minor] Some odd FTP servers respond with 250 where 226 is expected
3478 (Bug #1348)
3479 - [Cosmetic] Greek translation of error messages (Bug #1351)
3480 - [Major] Assertion failed store_status == STORE_PENDING (Bug #1368)
3481 - [Minor] squid_ldap_auth -U does not work (Bug #1370)
3482 - [Minor] SNMP cacheClientTable fails on "long" IP addresses
3483 (Bug #1375)
3484 - [Minor] Solaris Sparc + IP-Filter compile error (Bug #1374)
3485 - [Minor] E-mail sent when cache dies is blocked from many antispam
3486 rules (Bug #1380)
3487 - [Minor] LDAP helpers does not work with TLS (-Z option) (Bug #1389)
3488 - [Cosmetic] Incorrect store dir selection debug message on objects
3489 larger than 2Gigabyte (Bug #1343)
3490 - [Cosmetic] header_id enum misused as an signed integer (Bug #1343)
3491 - [Cosmetic] Allow leaving core dumps when started as root (Bug #1335)
3492 - [Medium] Clients could bypass delay_pool settings by faking a cache
3493 hit request (Bug #500)
3494 - [Minor] IP-Filter 4.X support (Bug #1378)
3495 - [Medium] Odd results on pipelined CONNECT requests
3496 - [Major] Squid crashing with "FATAL: Incorrect scheme in auth header"
3497 when using NTLM authentication.
3498 - [Cosmetic] Odd results when pipeline_prefetch is combined with NTLM
3499 authentication (bug #1396)
3500 - [Minor] invalid host was processed as IP 255.255.255.255 in dst acl
3501 (Bug #1394)
3502 - [Cosmetic] New --with-maxfd=N configure option to override build
3503 time filedescriptor limit test
3504 - [Minor] Added support for Windows code name "Longhorn" on Cygwin.
3505
3506Changes to squid-2.5.STABLE10 (17 May 2005)
3507
3508 - [Minor Security] Fix race condition in relation to old Netscape
3509 Set-Cookie specifications
3510 - [Minor] Fails to parse D.J. Bernstein's FTP EPLF ftp listing
3511 format and PASV resposes (Bug #1252)
3512 - [Medium] BASE HREF missing on ftp directory URLs without /
3513 (Bug #1253)
3514 - [Minor security] confusing http_access results on configuration
3515 error (Bug #1255)
3516 - [Cosmetic] More robust Date parser (Bug #321)
3517 - [Minor] reload_with_ims fails to refresh negatively cached objects
3518 (Bug #1159)
3519 - [Cosmetic] delay_access description clarification (Bug #1245)
3520 - [Cosmetic] Check for integer overflow in size specifications in
3521 squid.conf (Bug #1247)
3522 - [Cosmetic] bzero is a non-standard function not available on all
3523 platforms (Bug #1256)
3524 - [Cosmetic] Compiler warnings if pid_t is not an int (Bug #1257)
3525 - [Cosmetic] Incorrect use of ctype functions (Bug #1259)
3526 - [Cosmetic] Defer digest fetch if the peer is not allowed to be used
3527 (Bug #1261)
3528 - [Minor] Duplicate content-length headers logged incorrectly or
3529 not cleaned up properly (Bug #1262)
3530 - [Cosmetic] Extend relaxed_header_parser to work around "excess
3531 data from" errors from many major web servers. (Bug #1265)
3532 - [Minor] Add HTTP headers to a netdb error messages
3533 - [Minor] Multiple minor aufs issues (Bug #671)
3534 - [Minor] Basic authentication fails with very long logins or
3535 password (Bug #1171)
3536 - [Minor] CONNECT requests truncated if client side disconnects first
3537 (Bug #1269)
3538 - [Minor] --disable-hostname-checks configure option did not work
3539 - [Cosmetic] LDAP helpers adjusted to compile with SUN LDAP SDK
3540 - [Cosmetic] aufs warning about open event filedescriptors on shutdown
3541 - [Medium] Failed to process requests for files larger than 2GB in size
3542 - [Cosmetic] rename() related cleanup
3543 - [Cosmetic] New cachemgr pending_objects and client_objects actions
3544 - [Cosmetic] external acls requiring authentication did not request
3545 new credentials on access denials like proxy_auth does.
3546 - [Cosmetic] Syslog facility now configurable via command line options.
3547 - [Cosmetic] New %a error page template code expanding into the
3548 authenticated user name. (Bug #798)
3549 - [Minor] IP-Filter 4.0 support in --enable-ipf-transparent
3550 - [Minor] Support interception of multiple ports
3551 - [Cosmetic] Allow "squid -k ..." to run even if the local hostname
3552 can not be determined (Bug #1196)
3553 - [Cosmetic] Configuration file parser now handles DOS/Windows formatted
3554 configuration files with CRLF lineendings proper.
3555 - [Minor] Unrecognized Cache-Control directives now forwarded properly
3556 (Bug #414)
3557 - [Minor] Authentication helpers now returns useable information
3558 in the %m error page macro on failed authentication (Bug #1223)
3559 - [Minor] pid file management corrected in chroot use (Bug #1157)
3560 - [Minor Security] Fix for CVE-1999-0710: cachemgr malicouse use.
3561 cachemgr.cgi now reads a config file telling which proxy servers
3562 it can administer.
3563 - [Minor] aufs statistics improvements
3564 - [Minor] SNMP bugfixes and support for SNMPv2(c) (Bug #1288, #1299)
3565 - [Minor] ARP acl documentation and cachemgr config dump corrections
3566 - [Minor] dstdomain/dstdom_regex acls now allow matching of numeric
3567 hostnames in addition to the reverse lookup of the domain name.
3568 - [Security] Internal DNS client hardened against spoofing
3569
3570Changes to squid-2.5.STABLE9 (24 Feb 2005)
3571
3572 - [Medium] Don't retry requests on 403 errors (Bug #1210)
3573 - [Minor] Ignore invalid FQDN DNS responses (Bug #1222)
3574 - [Minor] cache_peer related memory leaks on reconfigure (Bug #1246)
3575 - [Cosmetic] Adjusted to build cleanly with GCC-4 (Bug #1211)
3576 - [Minor] relaxed_header_parser extended to work around even more
3577 broken web servers (Bug #1242)
3578 - [Minor] FTP gatewaying URLs cleaned up slightly, mainly to work
3579 better with Mozilla but also to improve security slightly on
3580 non-anonymous FTP.
3581 - [Minor] High characters allowed un-encoded in FTP and Gopher
3582 listings to allow the user-agent to display data in non-iso8859-1
3583 charsets. (Bug #1220)
3584 - [Cosmetic] format fixes to silence compiler warnings on many
3585 platforms.
3586 - [Major] Assertion failures on certain odd DNS responses (Bug #1234)
3587
3588Changes to squid-2.5.STABLE8 (11 Feb 2005)
3589
3590 - [Minor] 100% CPU usage on half-closed PUT/POST requests (Bug #354,
3591 #1096)
3592 - [Cosmetic] Document -v (protocol version) option to LDAP helpers
3593 - [Minor] The new req_header and resp_header acls segfaults
3594 immediately on parse of squid.conf (Bug #961)
3595 - [Minor] Failure to shut down busy helpers on -k rotate/reconfigure
3596 (Bug #1118)
3597 - [Minor] Don't use O_NONBLOCK on disk files. (Bug #1102)
3598 - [Minor] Squid fails to close TCP connection after blank HTTP
3599 response (Bug #1116)
3600 - [Minor security] Random error messages in response to malformed
3601 host name (Bug #1143)
3602 - [Minor] PURGE should not be able to delete internal objects
3603 (Bug #1112)
3604 - [Minor] httpd_accel_port 0 (virtual) not working correctly (Bug
3605 #1121)
3606 - [Minor] cachemgr vm_objects segfault (Bug #1149)
3607 - [Minor security] Confusing results on empty acl declarations (Bug
3608 #1166)
3609 - [Minor] Don't close all "other" filedescriptors on startup (Bug
3610 #1177)
3611 - [Minor] fakeauth_auth memory leak and NULL pointer access (Bug
3612 #1183)
3613 - [Security] buffer overflow bug in gopherToHTML() (Bug #1189)
3614 - [Medium security] Denial of service with forged WCCP messages
3615 (Bug #1190)
3616 - [Minor] DNS related memory leak on certain malformed DNS responses
3617 (Bug #1197)
3618 - [Minor] Internal DNS sometimes truncates host names in reverse
3619 (PTR) lookups (Bug #1136)
3620 - [Minor Security] Add sanity checks on LDAP user names (Bug #1187)
3621 - [Security] Harden Squid against HTTP request smuggling attacks
3622 - [Minor] Icon URLs fails in non-anonymous FTP directory listings is
3623 short_icon_urls is on (Bug #1203)
3624 - [Security] Harden Squid against HTTP response splitting attacks
3625 (Bug #1200)
3626 - [Medium security] Buffer overflow in WCCP recvfrom() call
3627 (Bug #1217)
3628 - [Security] Properly handle oversized reply headers (Bug #1216)
3629 - [Minor] LDAP helpers search fixed to properly ask for no attributes
3630 - [Minor] A sporadic segmentation fault when using ntlm authentication
3631 fixed (Bug #1127)
3632 - [Major] Segmentation fault on failed PUT/POST requests (Bug #1224)
3633 - [Medium] Persistent connection mismatch on failed PUT/POST request
3634 (Bug #1122)
3635 - [Minor] WCCP easily disturbed by forged packets (Bug #1225)
3636 - [Minor] Password management in ftp:// gatewaying improved (Bug #1226)
3637 - [Major] HTTP reply data corruption in certain situations involving
3638 reply headers split over multiple packets (Bug #1233)
3639
3640Changes to squid-2.5.STABLE7 (11 Oct 2004)
3641
3642 - [Medium] No objects cached in ufs cache_dir type in some
3643 configurations. Issue introduced in 2.5.STABLE6 by the patch for
3644 Bug #676. (Bug #1011)
3645 - [Minor] LDAP helpers update to correct LDAP connection management
3646 and add support for literal password compare instead of binding
3647 - [Minor] A large number of queued DNS lookups for the same domain
3648 (Bug #852)
3649 - [Cosmetic] request_header_max_size configuration partly ignored
3650 (Bug #899)
3651 - [Minor] Partial hit results in TCP_HIT, not TCP_MISS. (Bug #1001)
3652 - [Cosmetic] HEAD requests may return stale information
3653 (Bug #1012)
3654 - [Cosmetic] Warn if cache_dir ufs can not create files. (Bug #918)
3655 - [Minor] case insensitive authentication (Bug #431)
3656 - [Cosmetic] Add delay pools information to active_requests. (Bug
3657 #882)
3658 - [Minor] Apparent memory leak in client_db (Bug #833)
3659 - [Minor] NTLM authentication truncated causing failures. (Bug
3660 #1016)
3661 - [Cosmetic] Grammatical corrections in squid.conf.default
3662 - [Cosmetic] Unknown %X errorpage codes incorrectly quoted. (Bug
3663 #1030)
3664 - [Medium] Segfaults and other strange crashes when using heap
3665 policies. (Bug #1009)
3666 - [Minor] Supplementary group memberships not set (Bug #1021)
3667 - [Cosmetic] ERR_TOO_BIG Portuguese translation
3668 - [Minor] external_acl does not handle newlines (Bug #1038)
3669 - [Major] NTLM authentication denial of service when using msnt_auth
3670 or fake_auth (Bug #1045)
3671 - [Medium] Memory leaks when using NTLM authentication without
3672 challenge reuse. (Bug #994)
3673 - [Minor] Temporary NTLM memory leak with challenge reuse enabled
3674 (Bug #910)
3675 - [Minor] assertion failed: "n_ufs_dirs <=
3676 Config.cacheSwap.n_configured". (Bug #1053)
3677 - [Minor] Segfault in authenticateDigestHandleReply. (Bug #1031)
3678 - [Minor] acl time fails to parse multiple time specifications
3679 (Bug #1060)
3680 - [Minor] cachemgr config dumps mixed up Range and Request-Range
3681 headers in http_header_access & replace directives. (Bug #1056)
3682 - [Minor] Content-Disposition added as a well known header (Bug #961)
3683 - [Cosmetic] Don't warn about arp acls not being supported on FreeBSD
3684 (Bug #1074)
3685 - [Cosmetic] Limit internal send/receive buffer sizes (Bug #1075)
3686 - [Medium] New acl types to match arbitrary HTTP headers. In addition
3687 the http_header_access & replace directives now support arbitrary
3688 headers and not only the well known ones. (Bug #961)
3689 - [Cosmetic] ncsa_auth now accepts Window formatted password files
3690 (Bug #1078)
3691 - [Cosmetic] Support the --program-prefix/suffix options or other
3692 configure program name transforms (Bug #1019)
3693 - [Minor] Fix race condition in CONNECT and also handle aborts of
3694 CONNECT requests in a more graceful manner. (Bug #859)
3695 - [Minor] New balance_on_multiple_ip directive to work around certain
3696 broken load balancers and optimized ipcache on reload requests
3697 (Bug #1058)
3698 - [Medium] New reply_header_max_size directive
3699 (Bug #874)
3700 - [Minor] Suspected instability on aborted PUT/POST requests
3701 (Bug #1089)
3702 - [Security] SNMP Denial of Service fix (CAN-2004-0918)
3703
3704Changes to squid-2.5.STABLE6 (9 Jul 2004)
3705
3706 - Bug #937: NTLM assertion error "srv->flags.reserved"
3707 - Bug #935: squid_ldap_auth can be confused by the use of reserved
3708 characters
3709 - Helper queue warnings imprecise on the number of helpers required
3710 - squid_ldap_auth TLS mode works correctly again
3711 - Bug #940, #305: pkg-config support for finding correct OpenSSL
3712 compile flags
3713 - Bug #426: "Vary: *" is ignored
3714 - 100% CPU usage on Linux-2.2
3715 - Version number should not include -CVS if autoconf is run
3716 - Bug #947: deny_info redirection with requested URL escaped wrongly
3717 - Bug #495: CONNECT timeout should produce a 504 or 503
3718 - Bug #956: cache_swap_log documentation referred to swap.state by
3719 it's old swap.log name
3720 - ntlm/auth_ntlm.c(683): warning #187: use of "=" where "==" may
3721 have been intended
3722 - Bug #962: rfc1035NameUnpack: Assertion (*off) < sz failed
3723 - Bug #954: Segment violation when using a blank user name in digest
3724 authentication
3725 - Bug #943: assertion failed: errorpage.c:292: "mem->inmem_hi == 0"
3726 - Spelling corrections in configure and squid.conf.default
3727 - The meaning of ERR in digest helper protocol clarified in the
3728 squid.conf documentation
3729 - Bug #950: Spelling error in Turkish ERR_DNS_FAIL
3730 - Bug #616: Negative cached 404 replies with VARY header never matched
3731 - Bug #968: range_offset_limit -1 KB rejected as invalid syntax
3732 due to a shortcoming in the fix to bug #817
3733 - Bug #570: Very large cache_mem values reported wrongly in cache.log
3734 - Bug #676: store_dir_select_algorithm least-load doesn't work for
3735 ufs cache_dir type
3736 - Bug #946: cacheCurrentUnlinkRequests should be a counter, not gauge
3737 - Bug #948: Show client ip in cache.log debug output
3738 - Bug #960: compilation issue on OpenBSD/m88k
3739 - Bug #969: FTP directory listing HTML DOCTYPE misread by some tools
3740 - Bug #991: dns_servers should default to localhost if no resolv.conf
3741 - Bug #717: msnt_auth documentation update
3742 - Bug #753: Segfault in memBufVPrintf on certain architectures
3743 requiring va_copy
3744 - Bug #941: Negative size in access.log on long running CONNECT
3745 requests
3746 - Bug #972: Segmentation fault after "Likely proxy abuse detected"
3747 - Bug #981: sasl_auth updated to work with SALS2
3748 - Overflow bug in Squid's ntlm_auth helper used for transparent NTLM
3749 authentication to a NT domain without using Samba.
3750
3751Changes to squid-2.5.STABLE5 (1 Mar 2004):
3752
3753 - cache.log message on "squid -k reconfigure" was slightly confusing,
3754 claiming Squid restarted when it just reread the configuration.
3755 - Bug #787: digest auth never detects password changes
3756 - Bug #789: login with space confuses redirector helpers
3757 - Bug #791: FQDNcache discards negative responses when using
3758 internal DNS
3759 - pam_auth fails on Solaris when using pam_authtok_get. Persistent
3760 PAM connections are unsafe and now disabled by default.
3761 - auth_param documentation clarifications and added default realm
3762 values making only the helper program a required attribute
3763 - Bug #795: German ERR_DNS_FAIL correction
3764 - Bug #803: Lithuanian error messages update
3765 - Bug #806: Segfault if failing to load error page
3766 - Bug #812: Mozilla/Netscape plugins mime type defined (.xpi)
3767 - Bug #817: maximum_object_size too large causes squid not to cache
3768 - Bug #824: 100% CPU loop if external_acl combined with separate
3769 authentication acl in the same http_access line
3770 - squid_ldap_group updated to version 2.12 with support for ldaps://
3771 (LDAPv2 over SSL) and a numer of other improvements.
3772 - Bug #799: positive_dns_ttl ignored when using internal DNS.
3773 - Bug #690: Incorrect html on empty Gopher responses
3774 - Bug #729: --enable-arp-acl may give warning about net/route.h
3775 - Bug #14: attempts to establish connection may look like syn flood
3776 attack if the contacted server is refusing connections
3777 - errorpage README files included in the distribution again showing
3778 who contributed which translation
3779 - Bug #848: connect_timeout connect_timeout ends up twice the length.
3780 forward_timeout option added to address this.
3781 - Bug #849: DNS log error messages should report the failed query
3782 - Bug #851: DNS retransmits too often
3783 - Bug #862: Very frequently repeated POST requests may cause a
3784 filedescriptor shortage due to persitent connections building up
3785 - Bug #853: Sporatic segmentation faults on aborted FTP PUT requests
3786 - Bug #571: Need to limit use of persistent connections when
3787 filedescriptor usage is high
3788 - Bug #856: FTP/Gopher Icon URLs are unneededly complex and often
3789 does not work properly
3790 - Bug #860: redirector_access does not handle "slow" acls such as
3791 "dst" or "external" requiring a external lookup.
3792 - Bug #865: Persistent connection usage too high after sudden burst
3793 of traffic.
3794 - Bug #867: cache_peer max-conn=.. option does not work
3795 - Bug #868: refuses to start if pid_filename none is specified
3796 - Bug #887: LDAP helper -Z (TLS) option does not work
3797 - Bug #877: Squid doesn't follow telnet protocol on FTP control
3798 connections
3799 - Bug #908: Random auth popups and account lockouts when using ntlm
3800 - Support for NTLM_NEGOTIATE exchanges with ntlm helpers
3801 - Bug #585: cache_peer_access fails with NTLM authentication
3802 - Bug #592: always/never_direct fails with NTLM authentication
3803 - wbinfo_group update for Samba-3
3804 - Bug #892: helpers/ntlm_auth/SMB/ fails to compile on FreeBSD 5.0
3805 - Bug #924: miss_access restricts internal and cachemgr requests
3806 even if these are local
3807 - Bug #925: auth headers send by squidclient are mildly malformed
3808 - Bug #922: miss_access and delay_access and several other
3809 authentication related bug fixes.
3810 - Bug #909: Added ARP acl support for FreeBSD
3811 - Bug #926: deny_info with http_reply_access or miss_access
3812 - Bug #872: reply_body_max_size problems when using NTLM auth
3813 - Bug #825: random segmentation faults when using digest auth
3814 - Bug #910: Partial fix for temporary memory leaks when using NTLM
3815 auth. There is still problems if challenge reuse is enabled.
3816 - ftp://anonymous@host/ now accepted without requiring a password
3817 - Bug #594: several mime type updates (ftp:// related)
3818 - url_regex enhanced to allow matching of %00
3819
3820Changes to squid-2.5.STABLE4 (15 Sep 2003):
3821
3822 - Lithuanian error messages added to the distribution
3823 - Bug #660: segfauld if more than one custom deny_info line
3824 - cache_dir disd documentation cleanup
3825 - check open of /dev/null to avoid 100% CPU loop in badly
3826 configured chroot environments
3827 - documentation update on uri_whitespace to refer to the correct RFC
3828 - Bug #655: icmpRecv: recv: (11) Resource temporarily unavailable
3829 - Bug #683: external_acl does not wait for ident lookups to complete
3830 - aufs: Fix a minor use-after-free problem which could cause the
3831 count of opening filedescriptors to grow larger than it should
3832 - Syntax changes to make GCC-3.3 accept Squid without complaints
3833 - Warning if CARP server defined in incorrect load factor order
3834 - neighbor_type_domain documentation update
3835 - http_header_access now works when using cache peers
3836 - high_memory_warning now uses sbrk as fallback mechanism on
3837 platforms where neither mallinfo or mstats are available.
3838 - hosts_file now handles comments at the end of lines correcly
3839 - storeCheckCachable() Stats corrected for release_request and
3840 wrong_content_length.
3841 - cachePeerPingsSent MIB type corrected
3842 - unused minimum_retry_timeout directive removed
3843 - Bug #702: ERR_TO_BIG spanish translation
3844 - Bug #705: Memory leak on deny_info TCP_RESET
3845 - Code cleanup to fix compile error in httpHeaderDelById
3846 - Bug #699: Host header now forwarded exactly where it was in the
3847 original request to work around certain broken firewalls or
3848 load balancers which fail if this header is too far into the
3849 request headers.
3850 - Bug #704: Memory leak on reply_body_max_size
3851 - Bug #686: requests denied due to http_reply_access are now
3852 logged with TCP_DENIED (instead of TCP_MISS, etc).
3853 - Bug #708: ie_refresh now sends no-cache to have the reload
3854 request propagate properly in cache meshes
3855 - Bug #700: Crashes related to ftpTimeout: timeout in SENT_PASV state
3856 - Bug #709: cbdata.c:186: "c->valid" assertion due to peer
3857 digest not found
3858 - Bug #710: round-robin cache_dir selection incorrectly
3859 compares max-size.
3860 - Statistics corrections in HTTP header statitics
3861 - QUICKSTART cleanups
3862 - Bug #715: statCounter.syscalls.disk counters treated
3863 inconsistently. Now increment the counters in AUFS
3864 functions and for unlinkd.
3865 - Improvements to the (experimental) COSS storage scheme.
3866 - Bug #721: User name field in access.log sometimes blank
3867 - Bug #94: assertion failed: http.c: "-1 == cfd ||
3868 FD_SOCKET == fd_table[cfd].type"
3869 - Bug #716: assertion failed: client_side.c:1478: "size > 0"
3870 - Bug #732: aufs calculates number of threads and limits wrongly
3871 - Bug #663: Username not logged into access.log in case of /407
3872 - Bug #267: Form POSTing troubles with NTLM authentication
3873 and occationally in differen other error conditions.
3874 - Bug #736: ICP dynamic timeout algorithm ignores multicast.
3875 - Bug #733: No explicit error message when ncsa_auth can't access
3876 passwd file
3877 - Bug #267, #757: POST with NTLM stops after persistent connection
3878 timeout
3879 - Bug #742: Wrong status code on access denials if delay_access
3880 is used. Most notably 407 instead of 403 could be returned.
3881 - Bug #763: segfault if using ntlm in http_reply_access
3882 - Bug #638: assertion error if using proxy_auth in delay_access
3883 - Bug #756: segmentation fault if using ntlm proxy_auth in delay_access
3884 - The issue of reply_body_max_size limiting the size of error
3885 messages no longer applies.
3886 - external_acl_type concurrency= option renamed to children= to
3887 prepare for Squid-3 upgrades. Old syntax still accepted for the
3888 duration of the Squid-2.5 release.
3889 - number of filedescriptors rounded down to an even multiple of 64
3890 to work around issues in certain libc implementations.
3891 - winbind helpers less noisy in cache.log on restarts/shutdown.
3892 - Squid now automatically restarts helpers if too many of them
3893 have crashed.
3894
3895Changes to squid-2.5.STABLE3 (25 May 2003):
3896
3897 - Bug #573: Occational false negatives in external acl lookups
3898 - Bug #577: assertion failed: cbdata.c:224: "c->y == c" when
3899 external_acl helpers crashes
3900 - Bug #590: Squid may hang or behave oddly on shutdown while
3901 requests is being processed.
3902 - Bug #590: external acl lookups does not deal well with queue
3903 overload
3904 - cache_effective_user documentation update
3905 - cache_peer documentation update for htcp and carp
3906 - Bug #600: The example header_access paranoid setting is
3907 missing WWW-Authenticate
3908 - Bug #605: Segmentation fault in idnsGrokReply() on certain
3909 platforms
3910 - Fixes to build properly on AIX 5
3911 - Bug #574: wb_group updated to version 1.1 to make group names
3912 case insensitive and correct a segfault issue in the helper
3913 - SNMP mib updates to make cacheNumObjCount,
3914 cacheCurrentUnlinkRequests, cacheCurrentSwapSize and cacheClients
3915 correctly report as gauges (was reporting as counters).
3916 - Woraround for --enable-ssl Kerberos issue on RedHat 9
3917 - Bug #579: Close and repopen log files on "squid -k reconfigure"
3918 - Bug #598: squid_ldap_auth could segfault if LDAP server is
3919 unavailable
3920 - Bug #609,#612: msntauth helper fixes in dealing with large
3921 or non-existing allow/deny user files.
3922 - Bug #620: acl ident REQUIRED matches even if the ident lookup fails
3923 - Bug #432: reply_body_max_size fails with ident or proxy_auth acls
3924 and also fails to block large objects where the content-length
3925 is not known
3926 - Bug #606: Basic auth looping and gets stuck at high CPU usage when
3927 multiple proxy_auth ACLs combined in one line and login fails.
3928 - squid_ldap_auth updated with support for TLS and SSL
3929 - Bug #623: segfault if using negated external acls in certain
3930 configurations involving other acls later on the same http_access
3931 line.
3932 - Bug #622: wb_group helper update to version 1.2 to ass support for
3933 Domain-Qualified groups refering to groups in a specific domain
3934 - Bug #596: logic error in poll() error management
3935 - Bug #597: logic errors in error management
3936 - Bug #591: segmentation fault in authentication on "squid -k debug"
3937 - Bug #587: smb_auth fails on complex logins involving domain names
3938 or other odd characters
3939 - Bug #558, #587: smb_auth.pl fails on complex logins involving
3940 domain names or other odd characters
3941 - Bug #643: external_acl fails with ttl=0 due to a change introduced
3942 by the patch for Bug #553 in 2.5.STABLE2.
3943 - Bug #630: minor issues in digest authantication causing random
3944 authentication failures and incompability with many mainstream
3945 browser digest implementations due to browser qop bugs. To deal
3946 with those broken browser nonce_stricness now defaults to off,
3947 and two new digest options have been added (check_nonce_count
3948 and post_workaround) to allow workarounds to other quite bad
3949 browser bugs if needed.
3950 - Bug #644: digest authentication fails on requests with one
3951 or more comma in the requested URL
3952 - Bug #648: deny_info TCP_RESET not working. The fix for this also
3953 adds the ability to send redirects.
3954
3955Changes to squid-2.5.STABLE2 (Mars 17, 2003):
3956
3957 - Contrib files added back to the distribution
3958 - Several compiler warnings fixed when using --disable-ident or
3959 --disable-http-violations
3960 - authentication can now be used in most access controls, but
3961 must in most cases first be enforced in http_access to force
3962 the user to authenticate.
3963 - cleanups in the developer bootstrap.sh process when preparing
3964 the sources.
3965 - several squid.conf.default documentation updated to correctly
3966 refer to the current names when refering to other directives
3967 - authenticate_ip_ttl documentation updates
3968 - several assertion faults and segmentation violations corrected
3969 - the RunCache/RunAccel and squid.rc scripts updated to refer to
3970 the squid binary in sbin rather than the old bin location.
3971 - squid_ldap_auth command line processing fixes when specifying
3972 the LDAP server last on the line instead of -h option
3973 - aufs data corruption bugfix
3974 - aufs performance improvement for low traffic systems
3975 - aufs stability improvements
3976 - external_acl corrected to properly deal with quoted strings
3977 - WCCPv1 bugfix to make sure the router accepts the hash assignments
3978 - "Total accounted memory" now correctly reported in cachemgr
3979 - several small memory leaks (mostly reconfigure related)
3980 - new squid.conf option to allow GET/HEAD requests with a request
3981 entity
3982 - "make uninstall" no longer removes squid.conf
3983 - cachemgr.cgi now uses POST to avoid having the cachemgr password
3984 logged in the web server logs
3985 - authentication schemes which are known to not be proxyable are now
3986 filtered out from forwarded server replies to avoid that the clients
3987 tries to use such schemes when we know for a fact it won't work
3988 - spelling corrections in various error messages
3989 - now possible to define acl values with spaces in them
3990 by using the "include file" feature
3991 - squid_ldap_group updated to 2.10 to fix compilation issues with
3992 recent (and older) OpenLDAP libraries and to make the helper deal
3993 correctly with true LDAP groups by first looking up the user DN.
3994 - Some internal code cleanups
3995 - now verifies that programs etc exists iside the chroot directory
3996 when using chroot_dir. No longer neccesary to set up a split view
3997 environment where the same paths works both inside the chroot and
3998 outside just to convince Squid that the files is actually there..
3999 - improved memory usage reporting
4000 - --disable-hostname-checks configure option
4001 - no longer ignores double dots in host names. Any hostname with
4002 double dots is now rejected as invalid.
4003 - log_mime_hdrs no longer logs garbage if very long headers
4004 are seen.
4005 - 'select_fds_hist' object added to cachemgr 'histogram' output
4006 - pid file now unlinked when squid has really shut down, not
4007 immediately when the shutdown request is received. This allows
4008 the pid file to be monitored to determine when Squid has shut down
4009 properly
4010 - correct authentication scheme setups on some platforms or compilers
4011 - several squid.conf.default documentation updates to remove references
4012 to renamed or replaced directives by changing them to their current
4013 names.
4014 - the SSL reverse proxy support updated to allow building with
4015 OpenSSL 0.9.7 and and later.
4016 - Corrected a minor performance problem while processing HEAD replies
4017 from various broken web servers not sending a correct HTTP reply
4018 - time acls can now specify multiple times in the same acl name, like
4019 most other acl types.
4020 - winbind helpers updated to match Samba-2.2.7a and should
4021 work with Samba-2.2.6 or later (required). For compability with
4022 older Samba versions A new configure option --with-samba-sources=...
4023 has been added to allow you to specify which Samba version the
4024 helpers should be built for if different than the above versions.
4025 - Squid MIB definition syntax correction to work better with newer
4026 (and older) SNMP tools.
4027 - Fixed access.log format when logging "error:invalid-HTTP-ident" on
4028 requests where parsing the HTTP identifier (HTTP/1.0) failed.
4029 - "make distclean" no longer removes the icons, this avoids the
4030 dependency on "uudecode" to rebuild Squid after "make distclean"
4031 - User name returned by external acl lookups (external_acl_type)
4032 is now available as "ident" in later acl checks in addition to
4033 the logging in access.log.
4034 - Incorrect behaviour of Digest authentication partly corrected - it
4035 will not handle sessions, but will always enforce password
4036 correctness.. (patch submitted by Sean Burford).
4037 - Issue with persistent connections and PUT/POST request corrected
4038
4039Changes to squid-2.5.STABLE1 (September 25, 2002):
ddf1c0c4 4040
94439e4e 4041 - Major rewrite of proxy authentication to support other schemes
4042 than basic. First in the line is NTLM support but others can
a2794549 4043 easily be added (minimal digest is present). See Programmers Guide.
6437ac71 4044 (Robert Collins & Francesco Chemolli)
94439e4e 4045 - Reworked how request bodies are passed down to the protocols.
4046 Now all client side processing is inside client_side.c, and
4047 the pass and pump modules is no longer used.
3ff01c3e 4048 used by Squid.
722a4b40 4049 - Optimized searching in proxy_auth and ident ACL types. Squid should
4050 now handle large access lists a lot more efficiently.
05fbbc17 4051 (Francesco Chemolli)
e396d395 4052 - Fixed forwarding/peer loop detection code (Brian Degenhardt) -
4053 now a peer is ignored if it turns out to be us, rather than
4054 committing suicide
1224d740 4055 - Changed the internal URL code to obey appendDomain for internal
4056 objects if it needs appending. This fixes weirdnesses where
4057 a machine can think it is "foo.bar.com", and "foo" is requested.
4058 (Brian Degenhardt)
a2794549 4059 - Added the use of Automake to create the Makefile.in's in the squid
4060 source tree. This will allow libtool in the future, and immediately
4061 allows better dependency tracking - with or without gcc - as well
4062 as the dist-all and distcheck targets for developers which respectively
4063 build a tar.gz and a tar.bz2 distribution, and check that what will be
4064 distributed builds.
d6827718 4065 - Added TOS and source address selection based on ACLs,
4066 written by Roger Venning. This allows administrators to set
4067 the TOS precedence bits and/or the source IP from a set of
4068 available IPs based upon some ACLs, generally to map different
4069 users to different outgoing links and traffic profiles.
50821507 4070 - Added 'max-conn' option to 'cache_peer'
4071 - Added SSL gatewaying support, allowing Squid to act as a SSL server
4072 in accelerator setups.
4e2c57a0 4073 - SASL authentication helper by Ian Castle
6474667e 4074 - msntauth updated to v2.0.3
3e4057db 4075 - no_cache now applies to cache hits as well as cache misses
810118ab 4076 - the Gopher client in Squid has been significantly improved
05463204 4077 - Squid now sanity checks FTP data connections to ensure the
6474667e 4078 connection is from the requested server. Can be disabled if
05463204 4079 needed by turning off the ftp_sanitycheck option.
98858605 4080 - external acl support. A mechanism where flexible ACL checks
4081 can be driven by external helpers. See the external_acl_type
4082 and acl external directives.
3e4057db 4083 - Countless other small things and fixes
2d8d56b0 4084 - HTML pages generated by Squid or CacheMgr as well as the
4085 ERR documents now contain a doctype declaration so that
22567bb5 4086 browsers know which HTML specification the document uses.
2d8d56b0 4087 In addition to that they have a new look (background-color, font)
4088 and are valid according to the HTML standards at www.w3.org.
3ff01c3e 4089 (Clemens L ser)
9bbd1655 4090 - Login and password send to Basic auth helpers is now URL escaped
4091 to allow for spaces and other "odd" characters in logins and
4092 passwords
c90fbf46 4093 - Proxy Authentication is no longer blindly forwarded to peer
4094 caches if not used locally. If forwarding of proxy authentication
4095 is desired then it must now be configured with the login=PASS
4096 cache_peer option.
6474667e 4097 - Responses with Vary: in the header are now cached by squid.
1239cfea 4098 (Henrik Nordstrom).
3ff01c3e 4099 - Removed unused 'siteselect_timeout' directive.
c5bc64d3 4100
dde94193 4101Changes to Squid-2.4.STABLE7 (July 2, 2002):
4102
4103 - Squid now drops any requests using transfer-encoding.
4104 Squid is a HTTP/1.0 proxy and as such do not support
4105 the use of transfer-encoding.
4106 - The MSNT auth helper has been updated to v2.0.3+fixes for
4107 buffer overflow security issues found in this helper.
4108 - A security issue in how Squid forwards proxy authentication
4109 credentials has been fixed
4110 - Minor changes to support Apple MAC OS X and some other platforms
4111 more easily.
4112 - The client -T option has been implemented
4113 - HTCP related bugfixes in "squid -k reconfigure"
4114 - Several bugfixes and cleanup of the Gopher client, both
4115 to correct some security issues and to make Squid properly
4116 render certain Gopher menus.
4117 - FTP data channels are now sanity checked to match the address of
4118 the requested FTP server. This to prevent theft or injection of
4119 data. See the new ftp_sanitycheck directive if this is not desired.
4120 - Security fixes in how Squid parses FTP directory listings into HTML
4121
c5bc64d3 4122Changes to Squid-2.4.STABLE6 (March 19, 2002):
4123
722a4b40 4124 - The patch for 2.4.STABLE5 was insufficiently tested and
c5bc64d3 4125 introduced a bug that causes frequent assertions when
4126 handling DNS PTR answers.
4127
4128Changes to Squid-2.4.STABLE5 (March 15, 2002):
4129
4130 - Fixed an array bounds bug in lib/rfc1035.c. This bug
4131 could allow a malicious DNS server to send bogus replies
4132 and corrupt the heap memory.
4133
572b218d 4134Changes to Squid-2.4.STABLE4 (Feb 19, 2002)
08e8e4d0 4135
722a4b40 4136 - htcp_port 0 now properly disables htcp
6474667e 4137 - Fixed problem with certain non-anonymous ftp:// style URL's
08e8e4d0 4138 - SNMP bugfixes including several memory leaks
4139
4140Changes to Squid-2.4.STABLE3 (Nov 28, 2001):
4141
4142 - Fixed bug #255: core dump on SSL/CONNECT if access denied by
4143 miss_access
4144 - Fixed bug #246: corrupt on-disk meta information preventing
4145 rebuilds of lost swap.state files
4146 - Fixed bug #243: squid_ldap_auth now supports spaces in passwords
4147 - Fixed a coredump when creating FTP directories
4148 - Fixed a compile time problem with statHistDump prototype mistmatch,
4149 reported by some compilers
4150 - Fixed a potential coredump situation on snmpwalk in certain
4151 configurations
4152 - Fixed bug #229: filedescriptor leakage in the "aufs" cache_dir
4153 store implementation
4154 - Serbian error message translations
4155
50821507 4156Changes to Squid-2.4.STABLE2 (Aug 24, 2001):
4157
722a4b40 4158 - Expanded configure's GCC optimization disabling check to
50821507 4159 include GCC 2.95.3
4160 - avoid negative served_date in storeTimestampsSet().
4161 - Made 'diskd' pathnames more configurable
4162 - Make sure squid parent dies if child is killed with
4163 KILL signal
4164 - Changed diskd offset args to off_t instead of int
4165 - Fixed bugs #102, #101, #205: various problems with useragent
4166 log files
4167 - Fixed bug #116: Large Age: values still cause problems
4168 - Fixed bug #119: Floating point exception in
4169 storeDirUpdateSwapSize()
4170 - Fixed bug #114: usernames not logged with
4171 authenticate_ip_ttl_is_strict
722a4b40 4172 - Fixed bug #115: squid eating up resources (eventAdd args)
50821507 4173 - Fixed bug #125: garbage HTCP requests cause assertion
4174 - Fixed bug #134: 'virtual port' support ignores
4175 httpd_accel_port, causes a loop in httpd_accel mode
4176 - Fixed bug #135: assertion failed: logfile.c:135: "lf->offset
4177 <= lf->bufsz"
4178 - Fixed bug #137: Ranges on misses are over-done
4179 - Fixed bug #160: referer_log doesn't seem to work
4180 - Fixed bug #162: some memory leaks (SNMP, delay_pools,
4181 comm_dns_incoming histogram)
4182 - Fixed bug #165: "Store Mem Buffer" leaks badly
4183 - Fixed bug #172: Ident Based ACLs fail when applied to
4184 cache_peer_access
4185 - Fixed bug #177: LinuxPPC 2000 segfault bug due to varargs abuse
4186 - Fixed bug #182: 'config' cachemgr option dumps core with
4187 null storage
4188 - Fixed bug #185: storeDiskdDirParseQ[12]() use wrong number
4189 of args in debug/printf
4190 - Fixed bug #187: bugs in lib/base64.c
4191 - Fixed bug #184: storeDiskdShmGet() assertion; changed
4192 diskd to use bitmap instead of linked list
4193 - Fixed bug #194: Compilation fails on index() on some
722a4b40 4194 non-BSD platforms
50821507 4195 - Fixed bug #197: refreshIsCachable() incorrectly checks
4196 entry->mem_obj->reply
4197 - Fixed bug #215: NULL pointer access for proxy requests
4198 in accel-only mode
4199
4200Changes to Squid-2.4.STABLE1 (Mar 20, 2001):
4201
4202 - Fixed a bug in and cleaned up class 2/3 delay pools
4203 incrementing.
4204 - Fixed a coredump bug when using external dnsservers that
4205 become overloaded.
4206 - Fixed some NULL pointer bugs for NULL storage system
4207 when reconfiguring.
4208 - Fixed a bug with useragent logging that caused Squid to
4209 think the logfile never got opened.
4210 - Fixed a compiling bug with --disable-unlinkd.
4211 - Changed src/squid.h to always use O_NONBLOCK on Solaris
4212 if it is defined.
4213 - Fixed a bug with signed/unsigned bitfield flag variables
4214 that caused problems on Solaris.
4215 - Fixed a bug in clientBuildReplyHeader() that could add
4216 an Age: header with a negative value, causing an assertion
4217 later.
4218 - Fixed an SNMP reporting bug. cacheCurrentResFileDescrCnt
4219 was returning the number of FDs in use, rather than
4220 the number of reserved FDs.
4221 - Added the 'pipeline_prefetch' configuration option.
4222 - cache_dir syntax changed to use options instead of many
4223 arguments. This means that the max_objsize argument now
4224 is an optional option, and that the syntax for how to
722a4b40 4225 specify the diskd magics is slightly different.
50821507 4226 - Various fixes for CYGWIN
4227 - Upgraded MSNT auth module to version 2.0.
4228 - Fixed potential problems with HTML by making sure all
4229 HTML output is properly encoded.
4230 - Fixed a memory initialization problem with resource records in
4231 lib/rfc1035.c.
4232 - Rewrote date parsing in lib/rfc1123.c and made it a little
4233 more lenient.
4234 - Added Cache-control: max-stale support.
4235 - Fixed 'range_offset_limit' again. The problem this time
4236 is that client_side.c wouldn't set the we_dont_do_ranges
4237 flag for normal cache misses. It was only being set for
4238 requests that might have been hits, but we decided to
4239 change to a miss.
4240 - Added the Authenticate-Info and Proxy-Authenticate-Info
4241 headers from RFC 2617.
4242 - HTTP header lines longer than 64K could cause an assertion.
4243 Now they get ignored.
4244 - Fixed an IP address scanning bug that caused "123.foo.com"
4245 to be interpreted as an IP address.
4246 - Converted many structure allocations to use mem pools.
4247 - Changed proxy authentication to strip leading whitespace
4248 from usernames after decoding.
4249 - Prevented NULL pointer access in aclMatchAcl(). Some
4250 ACL types require checklist->request_t, but it won't be
4251 available in some cases (like snmp_access). Warn the
4252 admin that the ACL can't be checked and that we're denying
4253 it.
4254 - Allow zero-size disk caches.
4255 - The actual filesystem blocksize is now used to account
4256 for space overheads when calculating on-disk cache size.
4257 - Made the maximum memory cache object size configurable.
4258 - Added 'minimum_direct_rtt' configuration option.
4259 - Added 'ie_refresh' configuration option, which is a hack
4260 to turn IMS requests into no-cache requests.
58d1265f 4261 - Added support for netfilter in linux-2.4. This allows transparent
4262 proxy connections to function correctly in the absence of a Host:
4263 header. This requires --enable-linux-netfilter to be passed through
4264 to configure. (Evan Jones)
50821507 4265 - Fixed a bug with clientAccessCheck() that allowed proxy
4266 requests in accel mode.
4267 - Fixed a bug with 301/302 replies from redirectors. Now
4268 we force them to be cache misses.
4269 - Accommodated changes to the IP-Filter ioctl() interface
4270 for intercepted connections.
4271 - Fixed handling of client lifetime timeouts.
4272 - Fixed a buffer overflow bug with internal DNS replies
4273 by truncating received packets to 512 bytes, as per
4274 RFC 1035.
4275 - Added "forward.log" support, but its work in progress.
4276 - Rewrote much of the IP and FQDN cache implementation.
4277 This change gets rid of pending hits.
4278 - Changed peerWouldBePinged() to return false if our
4279 ICP/HTCP port is zero (i.e. disabled).
4280 - Changed src/net_db.c to use src/logfile.c routines,
4281 rather than stdio, because of solaris stdio filedescriptor
4282 limits.
4283 - Made netdbReloadState() more robust in case of corrupted
4284 data.
4285 - Rewrote some freshness/staleness functions in src/refresh.c,
4286 partially inspired to support cache-control max-stale.
4287 - Fixed status code logging for SSL/CONNECT requests.
4288 - Added a hack to subtract cache digest network traffic
4289 from statistics so that byte hit ratio stays positive
4290 and more closely reflects what people expect it to be.
4291 - Fixed a bug with storeCheckTooSmall() that caused
4292 internal icons and cache digests to always be released.
4293 - Added statfs(2) support for displaying actual filesystem
4294 usage in the cache manager 'storedir' output.
4295 - Changed status reporting for storage rebuilding. Now it
4296 prints percentage complete instead of number of entries
4297 parsed.
4298 - Use mkstemp() rather than problem-prone tempnam().
4299 - Changed urlParse() to condense multiple dots in hostnames.
4300 - Major rewrite of async-io (src/fs/aufs) to make it behave
4301 a bit more sane with substantially less overhead. Some
4302 tuning work still remains to make it perform optimal.
4303 See the start of store_asyncufs.h for all the knobs.
4304 - Fixed storage FS modules to use individual swap space
4305 high/low values rather than the global ones.
4306 - Fixed storage FS bugs with calling file_map_bit_reset()
4307 before checking the bit value. Calling with an invalid
4308 value caused memory corruption in random places.
4309 - Prevent NULL pointer access in store_repl_lru.c for
4310 entries that exist in the hash but not the LRU list.
4311
cab24814 4312Changes to Squid-2.4.DEVEL4 ():
ad445e36 4313
ddf1c0c4 4314 - Added --enable-auth-modules=... configure option
83b381d5 4315 - Improved ICP dead peer detection to also work when the workload
4316 is low
a8c926ff 4317 - Improved TCP dead peer detection and recovery
4318 - Squid is now a bit more persistent in trying to find a alive
4319 parent when never_direct is used.
4320 - nonhierarchical_direct squid.conf directive to make non-ICP
4321 peer selection behave a bit more like ICP selection with respect
4322 to hierarchy.
4323 - Bugfix where netdb selection could override never_direct
4324 - ICP timeout selection now prefers to use parents only when
4325 calculating the dynamic timeout to compensate for common RTT
4326 differences between parents and siblings.
c1fc651e 4327 - No longer starts to swap out objects which are known to be above
4328 the maximum allowed size.
987de783 4329 - allow-miss cache_peer option disabling the use of "only-if-cached".
4330 Meant to be used in conjunction with icp_hit_stale.
c8b40803 4331 - Delay pools tuned to allow large initial pool values
0343b99c 4332 - cachemgr filesystem space information changed to show useable space
4333 rather than raw space, and platform support somewhat extended.
890b0fa8 4334 - Logs destination IP in the hierarchy log tag when going direct.
4335 (can be disabled by turning log_ip_on_direct off)
ff21eb3e 4336 - Async-IO on linux now makes proper use of mutexes. This fixes some
4337 odd pthread segfaults on SMP Linux machines, at a slight performance
4338 penalty.
722a4b40 4339 - %s can now be used in cache_swap_log and will be substituted with
a80e50c7 4340 the last path component of cache_dir.
4d55827a 4341 - no_cache is now a full ACL check without, allowing most ACL types
4342 to be used.
f1003989 4343 - The CONNECT method now obeys miss_access requirements
145cf928 4344 - proxy_auth_regex and ident_regex ACL types
3cdb7cd0 4345 - Fixed a StoreEntry memory leak during "dirty" rebuild
4346 - Helper processes no longer hold unrelated filedescriptors open
e40aa8da 4347 - Helpers are now restarted when the logs are rotated
afc1e43f 4348 - Negatively cached DNS entries are now purged on "reload".
4349 - PURGE now also purges the DNS cache
722a4b40 4350 - HEAD on FTP objects no longer retrieves the whole object
aca95add 4351 - More cleanups of the dstdomain ACL type
288c06ce 4352 - Squid no longer tries to do Range internally if it is not supported
4353 by the origin server. Doing so could cause bandwidth spikes and/or
4354 negative hit ratio.
13c7936a 4355 - httpd_accel_single_host squid.conf directive
82056f1e 4356 - "round-robin" cache_peer counters are reset every 5 minutes to
4357 compensate previously dead peers
4fe0e1d0 4358 - DNS retransmit parameters
858783c9 4359 - Show all FTP server messages
6b53c392 4360 - squid.conf.default now indicates if a directive isn't enabled in
4361 the installed binary, and what configure option to use for enabling it
418cbe9f 4362 - Fixed a temporary memory leak on persistent POSTs
304d289e 4363 - Fixed a temporary memory leak when the server response headers
4364 includes NULL characters
ba2b31a8 4365 - authenticate_ip_ttl_is_strict squid.conf option
4366 - req_mime_type ACL type
afb87666 4367 - A reworked storage system that supports storage directories in
4368 a more modular fashion. The object replacement and IO is now
4369 responsibility of the storage directory, and not of the storage
4370 manager.
722a4b40 4371 - Fixed a bogus MD5 mismatch warning sometimes seen when using
e7407eb8 4372 aufs or diskd stores
ce3d30fb 4373 - Added --enable-stacktraces configure option to set PRINT_STACK_TRACE,
4374 and extended support for this to Linux/GNU libc.
af57a2e3 4375 - Disabled the "request timeout" error message sent if the user agent
4376 did not provide a request in a timely manner after opening the
4377 connection. Now the connection is silently closed. The error message
4378 was confusing user agents utilizing persistent connections.
cab24814 4379 - Fixed configure --enable descriptions to match the arg names.
4380 - Eliminated compile warnings from auth_modules/MSNT code.
4381 - Require first character of hostnames to be alphanumeric.
4382 - Made ARP ACL work for Solaris.
4383 - Removed storeClientListSearch().
4384 - Added counters to track diskd operation success and
4385 failures.
4386 - Fixed range_offset_limit.
4387 - Added code to retry ServFail replies for internal DNS
4388 lookups.
4389 - Added referer header logging (Jens-S. Voeckler).
4390 - Added "multi-domain-NTLM" authentication module, a Perl
4391 script from Thomas Jarosch.
4392 - Added configurable warning messages for high memory usage,
4393 high response time, and high page faults.
4394 - Made store dir selection algorithm configurable.
4395 - Added support for admin-definable extension methods,
4396 up to 20.
16689110 4397 - Added 'maximum_object_size_in_memory' as a configuration option -
4398 this defines the watermark where objects transit from being true
4399 hot objects to being in-transit objects in memory. It currently
4400 defaults to 8 KB.
5cd41d0d 4401 - Change to the fqdn code which changes how pending DNS requests
4402 are treated as private and only become public once they are
4403 completed. This can add extra load on DNS servers but prevents
4404 all the pending clients blocking if one of the queries got
4405 stuck. (Duane Wessels)
7e543177 4406 - Converted more code to use MemPools, from Andres Kroonmaa.
4407 - Added more CYGWIN patches from Robert Collins.
e7407eb8 4408
4409Changes to Squid-2.4.DEVEL3 ():
4410
4411 - Added Logfile module.
4412 - Added DISKD stats via cachemgr.
4413 - Added squid.conf options for DISKD magic constants.
ad445e36 4414
e7407eb8 4415Changes to Squid-2.4.DEVEL2 (Feb 29, 2000):
ad445e36 4416
4417Changes to Squid-2.4.DEVEL1 ():
4418
42b51993 4419Changes to Squid-2.3.STABLE4 (July 18, 2000):
4420
4421 - Fixed --localstatedir configure option (IKEDA Shigeru).
4422 - Fixed IPFilter headers on OpenBSD (Nic Bellamy, Brad
4423 Smith).
4424 - Added pthread_sigmask() check to configure (Daniel
4425 Ehrlich).
4426 - Added CYGWIN patches from Robert Collins.
4427 - Changed internal DNS lookups to retry queries that are
4428 returned with RCODE 2 (ServFail).
4429 - Added 'virtual port' support (Gregg Kellogg). If
4430 'httpd_accel_uses_host_header' is enabled, then we use
4431 the port number from the Host header. Otherwise, when
4432 'httpd_accel_port' is set to "0" we use the port number
4433 of the local end of the client socket.
4434 - Fixed a typo in carp.c (Nikolaj Yourgandjiev).
4435 - Made Squid accept GET requests that have a "content-length:
4436 0" header.
4437 - Added a sanity check on the NHttpSockets[] array index
4438 (Gregg Kellogg).
4439 - Added a friendlier message when Squid can't find any DNS
4440 nameserver addresses to use (Daniel Kiracofe).
4441 - Added nonstandard WEBDAV methods: BMOVE, BDELETE, BPROPFIND
4442 (Craig Whitmore).
4443 - Added missing '%c' token replacement in error page
4444 generation.
4445 - Fixed a bug with 'minimum_object_size' that prevented
4446 internal icons from being loaded.
4447 - Fixed "extra semicolon" bug in storeExpiredReferenceAge()
4448 that could prevent any objects from being replaced.
4449 - Make sure that storeDirDiskFull() doesn't actually
4450 *increase* the cache size.
4451 - Changed a storeSwapMetaUnpack() assertion to a recoverable
4452 error condition.
4453 - Removed "wccpHereIam" event check that could cause Squid
4454 to stop sending HERE_I_AM messages.
4455
d20b1cd0 4456Changes to Squid-2.3.STABLE3 (May 15, 2000):
4457
4458 - Fixed malloc linking problems on Solaris. The configure
4459 script incorrectly set options for dlmalloc.
4460 - Added a configure check to remove compiler optimization
4461 for GCC 2.95.x.
4462 - Updated MSNT authenticator module.
4463 - Updated Estonian error pages.
4464 - Updated Japanese error pages.
4465 - Fixed expires bug in httpReplyHdrCacheInit. It was
4466 incorrectly setting expires based on max-age. It was using
4467 the current time as a basis, instead of the response date.
4468 - Fixed "USE_DNSSERVER" typos.
4469 - Added a workaround for getpwnam() problems on Solaris.
4470 getpwnam() could fail if there are fewer than 256 FDs
4471 available. This causes root to own some disk files.
4472 - Added an 'offline_toggle' option via the cache manager.
4473 - Added a 'minimum_object_size' option. Files smaller than
4474 this size are not stored.
4475 - Added 'passive_ftp' option to disable passive FTP transfers.
4476 - Added 'wccp_version' option because some Cisco IOS versions
4477 require WCCP version 3.
4478 - The 'client' program in ping mode (-g) now prints transfer
4479 throughput.
4480 - Fixed logging of proxy auth username for redirected
4481 requests.
4482 - Fixed bogus Age values for IMS requests.
4483 - Fixed persistent connection timeout for client-side
4484 connections. It was hard-coded to 15 seconds, now uses
4485 the 'pconn_timeout' value.
4486 - Fixed up httpAcceptDefer. It wasn't being used properly
4487 and caused high CPU usage when Squid gets close to the FD
4488 limit.
4489 - Numerous delay_pools fixes and checks.
4490 - Fixed SNMP coredumps from running snmpwalk.
4491 - Added a check for errno == EPIPE in icmp.c when pinger uses
4492 a Unix socket instead of a UDP socket.
4493 - Fixed ACL checklist memory initialization bugs.
4494 - Cleaned up the MIB file. Replaced contact information and
4495 checked description fields.
4496 - Removed LRU reference_age hard-coded upper limit.
4497 - Fixed async I/O FD leak.
4498 - Made getMyHostname() more robust.
4499 - Fixed domain list matching bug. "x-foo.com" wasn't properly
4500 compared to ".foo.com" and confused splay tree ordering.
4501 - Added a check for whitespace in hostnames and optionally
4502 strip whitespace if 'uri_whitespace' setting allows.
4503 - Added status code and checking to ASN/whois queries.
4504
4505Changes to Squid-2.3.STABLE2 (Mar 2, 2000):
4506
4507 - Changed Copyright text.
4508 - Changed configure so that some IRIX-6.4 hacks apply to
4509 all IRIX-6.* versions.
4510 - Cleaned up HTML bugs in error pages.
4511 - Told configure to check for netinet/if_ether.h, which
4512 is used in ARP ACL code, but might not be required.
4513 - Added "Cookie" to known HTTP headers so it can be
4514 used in anonymizer configuration.
4515 - Added optional TCP_REDIRECT log code for logging
4516 of 301/302 responses returned by Squid.
4517 - Added a check for a currently running Squid process.
4518 If the pid file exists, and the pid is running,
4519 Squid complains and refuses to start another instance.
4520 - Changed async I/O scope to PTHREAD_SCOPE_PROCESS for
4521 IRIX.
4522 - Fixed a bug with the PURGE method. The purge enable
4523 flag was not getting cleared during reconfigure.
4524 Also required PURGE method to be used in http_access
4525 list before enabling.
4526 - Fixed async I/O assertions for file open errors.
4527 - Fixed internal DNS assertion when unpacking truncated
4528 messages.
4529 - Fixed anonymize_headers bug that caused all headers
4530 to be allowed after a reconfigure.
4531 - Fixed an access denied bug for accelerator-only installations.
4532 - Fixed internal DNS initialization so that it uses
4533 'dns_nameservers' settings in squid.conf if set.
4534 - Fixed 'maxconn' ACL bug that caused it to work backwards
4535 (Pedro Ribeiro).
4536 - Fixed syslog bug for daemon mode on Linux.
4537 - Fixed 'http_port' parsing bugs.
4538 - Fixed internal DNS byte ordering bugs for PTR queries.
4539 - Fixed internal DNS queue getting stuck during periods
4540 of low activity (Henrik).
4541 - Fixed byte ordering bugs for parsing EPLF FTP listings
4542 on 64-bit systems.
4543 - Fixed 'request_body_max_size' bug that caused all
4544 POST, PUT requests to be denied if max size is set
4545 to zero.
4546 - Fixed 'redirector_access' bug when using 'myport' ACLs.
4547 - Fixed CARP neighbor selection bugs for down peers.
4548 - Added 'client_persistent_connections' and
4549 'server_persistent_connections' flags to disable persistent
4550 connections for clients and servers.
4551 - Fixed access logging bug that caused many requests to be
4552 logged as TCP_MISS.
4553 - Added some bounds checking to delay pools code.
4554
ad445e36 4555Changes to Squid-2.3.STABLE1 (Jan 9, 2000):
4556
4557 - Updated PAM authentication module from Henrik Nordstrom.
4558 - Updated Bulgarian error messages from Svetlin Simeonov.
4559 - Changed ACL routines so that User-Agent (browser) string
4560 is always taken from compiled HTTP request headers
4561 instead of passed as an argument to aclCreateChecklist.
4562 - Added a 'strip' option to the 'uri_whitesace' configuration
4563 directive and made it the default behavior. Whitespace
4564 found in URI's is now stripped out by default.
4565 - Added chroot feature. The 'chroot_dir' config option enables
4566 it and specifies the directory.
4567 - Changed clientBuildReplyHeader so that the Age header is
4568 added only for cache hits, and only when we can calculate
4569 a valid, positive age value.
4570 - Changed clientWriteComplete and clientGotNotEnough so
4571 that they keep persistent connections open for more types
4572 of replies that don't have bodies.
4573 - Changed filemap.c routines to dynamically grow filemap
4574 space as needed.
4575 - Added a hack to ftp.c to deal with ftp.netscape.com, which
4576 sometimes doesn't acknowledge PASV commands.
4577 - Fixed FTP bug with ftpScheduleReadControlReply; there
4578 was not always a timeout handler on the control socket
4579 after the transfer completed.
4580 - Fixed FTP filedescriptor leak from invalid PASV replies.
4581 - Changed httpBuildRequestHeader so that it doesn't
4582 copy the Host header from the client request. Instead
4583 we should generate our own Host header which is known
4584 to be correct.
4585 - Changed storeTimestampsSet to adjust entry->timestamp
4586 if the response includes an Age header.
4587 - Removed size limit from storeKeyHashBuckets.
4588 - Changed fwdConnectStart from a "heavy" to a "light" event.
4589 - Fixed an 'anonymize_headers' bug that affects unknown
4590 HTTP headers. With the bug, if you list a header that
4591 Squid doesn't know about (such as "Charset"), it would
4592 add HDR_OTHER to the allow/deny mask. This caused all
4593 unknown headers to be allowed or denied (depending on
4594 the scheme you use). Now, with the bug fixed, an unknown
4595 header in the 'anonymize_headers' list is simply ignored.
4596
7e3ce7b9 4597Changes to Squid-2.3.DEVEL3 ():
4598
ad445e36 4599 - Added MSNT auth module from Antonino Iannella.
7e3ce7b9 4600 - Added --enable-underscores configure option. This allows
4601 Squid to accept hostnames with underscores in them. Your
4602 DNS resolver may still complain about them, however.
4603 - Added --heap-replacement configure option. This enables
4604 the alternative cache replacement policies, such as
4605 GDSF, and LFUDA.
3ff01c3e 4606 - WCCP establishes and registers with the router faster.
7e3ce7b9 4607 - Added 'maxconn' acl type to limit the number of established
4608 connections from a single client IP address. Submitted
4609 by Vadim Kolontsov.
4610 - Close FTP data socket as soon as transfer completes
4611 (Alexander V. Lukyanov).
4612 - Fixed ftpReadPass() to not clobber ctrl.message when
4613 the PASS command fails.
4614 - Added a redirect.c patch so squidGuard is able to do
4615 per-user access control (Antony T Curtis).
4616 - discard the pumpMethod() function, and instead use the
4617 fact that the request has a request entity (content-length
4618 present) (Henrik).
4619 - Reload the MIME icons at reconfigure time (Radu Greab).
4620 - Updated Richard Huveneers' SMB authentication module to
4621 his version 0.05 package.
4622 - Fixed lib/heap.c::heap_delete() bug when deleting the
4623 last node.
4624 - Fixed an integer conversion bug in
4625 lib/rfc1035.c::rfc1035AnswersUnpack().
4626 - Fixed lib/rfc1738 routines to encode reserved characters,
4627 in addition to encoding the unsafe characters (Henrik).
4628 - Changed the interface for splay compare and "walk"
4629 functions to take a void pointer, instead of a splayNode
4630 pointer (Henrik).
4631 - Changed numerous HTTP parsing routines to use ssize_t
4632 instead of size_t. This was done because size_t may be
4633 signed or unsigned. When it is unsigned, gcc emits
4634 numerous "comparison is always true" warnings. At least
4635 we know ssize_t is always signed.
4636 - Fixed src/HttpHeaderTools::httpHeaderHasConnDir() and
4637 friends so that it properly handles multi-value lists.
4638 - Added an "end" (ssize_t) parameter to
4639 src/HttpReply::httpReplyParse() so that we know exactly
4640 where to terminate the header buffer.
4641 - Changed src/access_log.c::log_quote() so that it only
4642 encodes whitespace characters, and not all URL-special
4643 characters (Henrik).
4644 - Added local port ACL type ("myport") (Henrik).
4645 - Added maximum number of connections per client ("maxconn")
4646 as an ACL type.
4647 - Fixed proxy authentication username/password parsing to
4648 be more robust (Henrik).
4649 - Fixed ACL domain/host and domain/domain comparison
4650 functions yet again. Eliminated duplicate code so that
4651 only src/url.c::matchDomainName() contains this mysterious
4652 code.
4653 - Changed the 'http_port' option to accept an IP address
4654 or hostname as well (Henrik).
4655 - Removed 'tcp_incoming_addr' option.
4656 - Added an access control list for the redirector
4657 ('redirector_access'). Requests which match are sent to
4658 the redirector. All requests. are redirected by default.
4659 - Added the 'authenticate_ip_ttl' option. It specifies
4660 how long a valid proxy authentication credential is
4661 bound to a specific address.
4662 - Added 280, 488, 591, and 777 to "Safe_ports" ACL.
4663 - Removed the unused and highly questionable 'forward_snmpd_port'
4664 option.
4665 - Added an option to accept DNS messages from unknown nameservers.
4666 This may be necessary if replies come from a different address
4667 than queries are sent to.
4668 - Added #includes for IP Filter files in netinet directory.
4669 - Fixed a bug with retrying forwarded IMS requests (Henrik).
4670 - Fixed a bug in src/client_side.c::clientInterpretRequestHeaders()
4671 where we were checking a cache-control bit before getting the
4672 mask from the HTTP headers (pallo@initio.no).
4673 - Fixed a bug with "no_cache" access list. If not defined,
4674 everything was uncachable by default.
4675 - Fixed a bug with timed-out client-side HTTP connections.
4676 We didn't cancel the read handler, which could lead to
4677 "rwstate != NULL" warnings.
4678 - Changed comm_open() to only call fdAdjustReserved() for
4679 specific errors (ENFILE, EMFILE);
4680 - Fixed NULL pointer bug in idnsParseResolvConf().
4681 - Split CACHE_DIGEST_HIT into CD_PARENT_HIT and CD_SIBLING_HIT.
4682 - Added DELETE request method.
4683 - Added RFC 2518 HTTP status codes.
4684 - Fixed handling of URL passwords when we need to rewrite a
4685 BASE HREF URL (Henrik).
4686 - Fixed a bug with FTP requests where a request gets aborted,
4687 but we try to complete it anyway. It would result in a
4688 "store_status != STORE_PENDING" assertion. The solution
4689 is to check for ENTRY_ABORTED before reading from
4690 the control channel too.
4691 - Changed FTP to retry a request if Squid fails to establish
4692 a PASV data connection (Henrik).
4693 - Fixed numerous HTCP memory leaks and an uninitialized memory
4694 bug.
4695 - Changed httpMaybeRemovePublic() with RFC 2518 and 2616 in
4696 mind (Henrik).
4697 - Minor fixes for Rhapsody systems.
4698 - Define _XOPEN_SOURCE_EXTENDED in squid.h so that AIX systems
4699 don't include varargs.h.
4700 - Changed src/store_client.c::storeClientType() so that
4701 an entry can have more than one STORE_MEM_CLIENT.
4702 - Changed src/store_client.c::storeClientReadHeader()
4703 to check swapfile metadata (Henrik).
4704 - Changed src/url.c::urlCheckRequest() to return FALSE for
4705 any "https://" URL. These should always be CONNECT
4706 instead. If Squid gets an "https://" URL, it is a browser
4707 bug.
4708 - Added numerous squid.conf options for controlling cache
4709 digests. Previously these were hard-coded in
4710 src/store_digest.c. (Martin Hamilton)
4711 - Added 'cache_peer' option called 'digest-url' that
4712 lets you specify the URL for a peer's digest.
4713 (Martin Hamilton)
4714 - Added DELAY_POOLS hacks to scan "slow" connections in
4715 a random order (David Luyer).
4716 - ARP_ACL fixes from Damien Miller. Linux 2.2.x uses a
4717 per-interface arp/neighbour cache, whereas 2.0.x uses a
4718 unified cache. Under 2.2.x you are required to specify
4719 a interface name when looking up ARP table entries with
4720 SIOCGARP.
4721 - If the process umask is not set (i.e. 0), then Squid
4722 changes it to 007.
4723
9bc73deb 4724Changes to Squid-2.3.DEVEL2 ():
4725
4726 - Added --enable-truncate configure option.
4727 - Updated Czech error messages ()
4728 - Updated French error messages ()
4729 - Updated Spanish error messages ()
4730 - Added xrename() function for better debugging.
4731 - Disallow empty ("") password in aclDecodeProxyAuth()
4732 (BoB Miorelli).
4733 - Fixed ACL SPLAY subdomain detection (again).
4734 - Increased default 'request_body_max_size' from 100KB
4735 to 1MB in cf.data.pre.
4736 - Added 'content_length' member to request_t structure
4737 so we don't have to use httpHdrGetInt() so often.
4738 - Fixed repeatedly calling memDataInit() for every reconfigure.
4739 - Cleaned up the case when fwdDispatch() cannot forward a
4740 request. Error messages used to report "[no URL]".
4741 - Added a check to return specific error messages for a
4742 "store_digest" request when the digest entry doesn't exist
4743 and we reach internalStart().
4744 - Changed the interface of storeSwapInStart() to avoid a bug
4745 where we closed "sc->swapin_sio" but couldn't set the
4746 pointer to NULL.
4747 - Changed storeDirClean() so that the rate it gets called
4748 depends on the number of objects deleted.
4749 - Some WCCP fixes.
4750 - Added 'hostname_aliases' option to detect internal requests
4751 (cache digests) when a cache has more than one hostname
4752 in use.
4753 - Async I/O NUMTHREADS now configurable with --enable-async-io=N
4754 (Henrik Nordstrom).
4755 - Added queue length to async I/O cachemgr stats (Henrik Nordstrom).
4756 - Added OPTIONS request method.
9bc73deb 4757
eb824054 4758Changes to Squid-2.3.DEVEL1 ():
4759
4760 - Added WCCP support. This adds the 'wccp_router' squid.conf
4761 option.
4762 - Added internal DNS queries; Most installations can run
4763 without the external dnsserver processes.
4764 - Rewrote much of the code that stores cache objects on
4765 disk. Developed a programming interface that should
4766 allow new storage systems to be added easily. This still
4767 is pretty ugly and needs a lot of work, however.
4768 - Replaced async_io.c "tags" with callback data locks.
4769 This probably breaks async IO in a bad way.
4770 - Tried to write an Async IO disk storage module.
4771 - Added code to replace the StoreEntry linked list with a
4772 heap structure. This allows for different replacement
4773 algorithms, instead of being stuck with LRU. This adds
4774 the 'replacement_policy' squid.conf option. (John Dilley
4775 et al).
4776 - Fixed HTCP queries by actually checking for freshness
4777 based on the HTCP header fields.
4778 - Fixed passing of redirector command line arguments.
4779 - Added 'request_header_max_size' squid.conf option.
4780 - Added 'request_body_max_size' squid.conf option.
4781 - Added 'reply_body_max_size' squid.conf option.
4782 - Added 'peer_connect_timeout' squid.conf option.
4783 - Added 'redirector_bypass' squid.conf option.
4784 - Added RFC 2518 (WEBDAV) request methods.
d20b1cd0 4785
6b8e7481 4786Changes to Squid-2.2 (April 19, 1999):
b93549f6 4787
98b093e7 4788 - Removed all SNMP specific ACL code
4789 SNMP now uses generic squid ACL's
4790 - Removed view-based access crontrol
00b7a8b6 4791 - Cleaned up and simplified SNMP section of squid.conf
98b093e7 4792 - Changed the SNMP code to use a tree stucture.
3ff01c3e 4793 - Added objects to MIB:
00b7a8b6 4794 Request Hit Ratio's
4795 Byte Hit Ratio's
4796 Number of Clients
61d53e64 4797 - Changed SNMP Agent to return object instances correctly.
b93549f6 4798 - Added our own assert() macro so we can use debug() instead of
4799 printing to stderr.
4800 - Added eventFreeMemory().
4801 - Fixed ipcCreate() bug when debug_log has FD <= 2.
4802 - Changed watchChild() and related code in main.c so that
4803 Squid can behave more like a proper daemon process.
4804 - Added 'prefer_direct' option (enabled by default) so that
4805 people can give parents higher preference than direct.
6703526b 4806 - Fixed ipc.c close() bug for async IO. On FreeBSD,
4807 comm_close() doesn't work for child processes when async IO is
4808 used.
4809 - Fixed setting the public key for large ``icons'' (Henrik
4810 Nordstrom).
68f87dc5 4811 - Rewrote peer digest module to fix memory leaks on reconfigure
4812 and clean the code. Increased "current" digest version to 5
6474667e 4813 ("required" version is still 3). Revised "Peer Select" cache
4814 manager stats.
68f87dc5 4815 - Added "-k parse" command line option: parses the config file
4816 but does not send a signal unlike other -k options.
1743c283 4817 - Revamped storeAbort() calling. Only store_client.c has all
4818 the right information to determine if the request should
4819 be aborted. Now client and server modules just storeUnregister
d81e3f33 4820 without ever needing to call storeAbort.
96aeb95d 4821 - Small change of Squid output for FTP (Andrew Filonov,
4822 Henrik Nordstrom).
4823 - clientGetsOldEntry() sends old entry if new request status
4824 is in the 500-range (Henrik Nordstrom).
4825 - Changed configure so it works with IRIX6.4 C compiler (broken?)
4826 option -OPT:fast_io=ON.
4827 - Fixed comm_connect_addr() non-blocking connections for
4828 SONY NEWSOS (Makoto MATSUSHITA).
4829 - Changed "#ifdef __STDC__" to "#if STDC_HEADERS" as recommended
4830 by autoconf documentation.
4831 - Fixed client-side cache-control max-age (Henrik Nordstrom).
4832 - Added a new error page: ERR_SHUTTING_DOWN. fwdStart() returns
4833 this error if it is called while squid is in the process of
4834 shutting down.
4835 - Added support for linuxthreads package under FreeBSD (Tony Finch).
4836 - Fixed HP-UX StatHist.c assertions by making the "hbase_f"
4837 functions non-static (Michael Pelletier).
4838 - Fixed logging of authenticated usernames even if the
4839 authorization is not cached (Dancer).
4840 - Fixed pconnPush() bug that prevented holding on to
4841 persistent connections (Manfred Bathelt).
2328711e 4842 - Pid file now rewritten on SIGHUP.
b4019ff7 4843 - Numerous Ident changes:
4844 - Ident lookups will now be done on demand if you use the
4845 'ident' ACL type.
4846 - The 'ident_lookup on|off' option has been replaced with
4847 an access list, so you can do lookups only for some
4848 client addresses.
4849 - Added an 'ident_timeout' option to specifiy the amount
4850 of time to wait for an ident lookup.
4851 - Added a (local) hit rate to mempool metering.
4852 - FTP Restarts (REST command) is now supported.
4853 - Check for libintl.a on SCO3.2.
4854 - Disable poll() on SCO3.2.
4855 - Numerous Async IO enhancements from Henrik.
4856 - Removed cache_mem_low and cache_mem_high options (Henrik
4857 Nordstrom).
4858 - Replaced 'persistent_client_posts' with 'broken_posts' access
4859 list.
97474590 4860 - Rewrote the anonymizer.
4861 - Removed the http_anonymizer option.
548b801c 4862 - Added the anonymize_headers option to allow individual
4863 referencing of headers for addition or removal. See
4864 'anonymize_headers' in squid.conf for additional
4865 configuration.
b3abf16c 4866 - Fixed config file parser's handing of optional directives.
4867 Some people might get new warnings about unknown config
4868 directives.
548b801c 4869 - Added 'myip' ACL type. This is the local IP address for
4870 connected sockets (Luyer).
4871 - Fixed parsing of FTP DOS directory listings with spaces
4872 (Nordstrom).
dd0b0295 4873 - Numerous DELAY_POOL changes/fixes from David Luyer:
4874 - Makes no-delay neighbors for DELAY_POOLS work by
4875 using a fd_set with the connections to no-delay
4876 peers marked in it.
4877 - Makes IP addresses ending in 0 and 255, and
4878 network number 255, work with individual and
4879 network delay pools (they were previously not
4880 permitted, and documented as such).
4881 - Massive overhaul of delay pools code - dynamically
4882 allocated delay pools, as many as required.
4883 - delayPoolsUpdate stops running if DELAY_POOLS is
4884 configured but no delay pools are configured.
4885 - Initial delay pool levels are now configurable
4886 as a percentage of the maximum for the pool in
4887 question (used to be all set to 1 second worth
4888 of traffic). Pools are restored to this level
4889 on reconfiguratoin.
242188c9 4890 - Changed storeClientCopy to give a swap-in failure if
4891 the number of open disk FD's is above the 'max_open_disk_fds'
4892 limit. Otherwise, a very loaded cache will end up with
4893 all disk files open for reading, and none for writing.
b6a2f15e 4894 - Added lib/inet_ntoa.c from BSD Unix for systems that have
4895 broken inet_ntoa(). (Erik Hofman).
4896 - Added more specific FTP error messages for "permission
4897 denied, "file not found," and "service unavailable."
4898 (Tony Finch)
4899 - Added xisspace(), xisdigit(), etc, macros to cast function
4900 args and eliminate compiler warnings.
4901 - Fixed case-sensitive comparisons of domain names (Henrik
4902 Nordstrom).
4903 - Added proxy-authentication to cachemgr.cgi's requests
4904 (Henrik Nordstrom).
4905 - Changed Squid to *truncate* rather than *unlink* purged
4906 swap files. Can be reversed by undefining
4907 USE_TRUNCATE_NOT_UNLINK in src/defines.h.
4908 - Changed internal icon headers to use Cache-control
4909 Max-age instead of Expires.
4910 - Changed storeMaintainSwapSpace behavior to be adjusted
4911 smoothly, instead of discretely, between store_swap_low
4912 and store_swap_high. This includes the number of
4913 objects to scan, number to remove, and time until the
4914 next storeMaintainSwapSpace event.
4915 - Fixed a quick_abort bug that incorrectly calculated
4916 content lengths.
4917 - Added getpwnam() auth module from Erik Hofman.
4918 - Added 'coredump_dir' option.
4919 - Fixed a peerDestroy() assertion that required peer->digest
4920 to be NULL at the end of peerDestroy().
4921 - configure script now automatically enables dlmalloc for
4922 Solaris/x86.
4923 - configure enables poll() on linux 2.2 and later (Henrik).
4924 - Icon files are now distributed in binary format, install
4925 will not need to run 'sh' and 'uudecode'.
4926 - Fixed some bugs with large responses (>READ_AHEAD_GAP) and
4927 re-forwarding requests and ENTRY_FWD_HDR_WAIT.
4928 fwdCheckDeferRead() will NOT defer reading if the
4929 ENTRY_FWD_HDR_WAIT bit is set.
4930 - Fixed a "F->flags.open" assertion for aborted FTP PUT's.
4931 - Fixed a (double) cast problem that caused statAvgTick()
4932 events to be added as fast as possible.
6b8e7481 4933 - Changed httpPacked304Reply() to not include the Content-Length
4934 header for 304 replies that Squid generates. We used to
4935 include the length of the cached object, and this broke
4936 persistent connections.
4937
4938 2.2.STABLE2:
4939
4940 - Fixed configure bug for statvfs() checks. Configure reports
4941 "test: =: unary operator expected" or similar because an
4942 unquoted variable is not defined.
4943 - Fixed aclDestroyAcls() assertion because some ACL types
4944 are not listed in the switch statement. Occurs for
4945 srcdom_regex and dstdom_regex ACL types during reconfigure.
4946 - Typo "applicatoin" in src/mime.conf
4947 - The unlinkd daemon never saw the USE_TRUNCATE_NOT_UNLINK
4948 #define because it didn't include squid.h.
4949 - Fixed commRetryFD() when bind() fails. commRetryFD was
4950 closing the filedescriptor, but it is the upper layer's
4951 job to close it.
4952 - Changed configure's "maximum number of filedescriptors"
4953 detection to only use getrlimit() for Linux. On AIX,
4954 getrlimit returns RLIM_INFINITY.
4955 - Fixed snmpInit() nesting bug.
4956 - Fixed a bug with peerGetSomeParent(). It was adding
4957 a parent to the FwdServers list, regardless of the
4958 ps->direct value. This could cause every request to
4959 go to a parent even when always_direct is used.
4960 - Changed fwdServerClosed() to rotate the "forward servers"
4961 list when a connection establishment fails. Otherwise
4962 it always kept trying to connect to the first server
4963 int the list.
b93549f6 4964
2be4e260 4965 2.2.STABLE3:
4966
4967 - Fixed preprocessor problems for HP-UX in lib/safe_inet_addr.c.
4968 - Avoid coredump in aclMatchAcl() if someone tries to use
4969 proxy authentication with a non-HTTP request (e.g. icp_access).
4970 - Moved 'ident_lookup_access' in squid.conf so it appears
4971 after the ACL section.
4972 - Fixed typo in squid.conf on "Config.Addrs.snmp_outgoing"
4973 - Fixed a case in clientCacheHit() where we thought it
4974 was a hit, but the reply status was not 200, so we
4975 had to perform a cache miss. We forgot to change the
4976 log_type and these were being recorded as TCP_HIT's.
4977 - Fixed a void pointer subtraction bug in delayIdPtrHashCmp().
4978 - Fixed delay_pools coredump and memory leak bugs from
4979 NULL delay_id values.
4980 - Fixed a SEGV bug with delay_pools when requesting
4981 'objects' or 'vm_objects' from the cachemgr.
4982 - Added a workaround for buggy FTP servers that return
4983 a size of zero for non-zero-sized objects.
4984 - Removed umask(0) call from main().
4985 - Fixed a peer selection bug that caused us to never select
4986 a neighbor based on ICP replies if the ICP timeout occurs.
4987 In conjunction with this, removed the PING_TIMEOUT state.
4988 - Fixed a store_rebuild bug that caused us to get stuck trying
4989 if a cache_dir subdirectory didn't exist.
4990 - Fixed a buffer overrun bug in gb_to_str().
4991
9bc73deb 4992 2.2.STABLE4:
4993
4994 - Fixed a dread_ctrl leak caused in store_client.c
4995 - Fixed a memory leak in eventRun().
4996 - Fixed a memory leak of ErrorState structures due to
4997 a bug in forward.c.
4998 - Fixed detection of subdomain collisions for SPLAY trees.
4999 - Fixed logging of hierarchy codes for SSL requests (Henrik
5000 Nordstrom).
5001 - Added some descriptions to mib.txt.
5002 - Fixed a bug with non-hierarchical requests (e.g. POST)
5003 and cache digests. We used to look up non-hierarchical
5004 requests in peer digests. A false hit may cause Squid
5005 to forward a request to a sibling. In combination with
5006 'Cache-control: only-if-cached, this generates 504 Gateway
5007 Timeout responses and the request may not be re-forwardable.
5008 - Fixed a filedescriptor leak for some aborted requests.
5009
5010
4d62b0af 5011Changes to Squid-2.1 (November 16, 1998):
8f897f34 5012
5013 - Changed delayPoolsUpdate() to be called as an event.
5014 - Replaced comm_select FD scanning loops with global fd_set
5015 structures. Inspired by Jeff Mogul's patch for squid 1.1.
9e1559ea 5016 - Moved functions common to dns.c, redirect.c, authenticate.c,
5017 ipcache.c, and fqdncache.c into helper.c.
0753aa46 5018 - Changed storeClientCopy2() so that it keeps sending the remainder
5019 of a STORE_ABORTED request, instead of cutting off the client as
5020 soon as the object becomes aborted.
f0538986 5021 - Fixed combined ipf-transparent proxy and a local http-accelerator
5022 operation (Quinton Dolan).
5023 - Rewrote base64_decode.c because of potential buffer overrun
5024 bugs.
912432d8 5025 - Configurable handling of whitespace in request URI's.
5026 See 'uri_whitespace' in squid.conf.
e33ec474 5027 - Added ability to generate HTTP redirect messages from
5028 the redirector output by prepending "301:" or "302:" to the
5029 new url. See FAQ 4.16 for more details.
829a9357 5030 - Eliminated refreshWhen() which was out-of-sync with refreshCheck()
5031 potentially causing under-utilized cache digests
5032 - Maintain refreshCheck statistics on per-protocol basis so we
5033 can tell why ICP or Digests return too many misses, etc.
c68e9c6b 5034 - Fixed delay_pools.c class2/class3 typo (Simon Woods).
5035 - Changed squid.conf's default access controls to deny all
5036 HTTP requests. Admins must write ACL rules to specifically
5037 allow their local clients.
5038 - Patched French error messages (Mathias HERBERTS).
5039 - NextStep porting fixes by Mike Laster:
5040 - use xstrdup() in cf_gen.c
5041 - check for putenv() in configure
5042 - #define S_ISDIR macro
5043 - Added --disable-poll configure option (Henrik Nordstrom).
5044 - Fixed internal URL hostname case bugs (Henrik Nordstrom).
5045 - Patched ftp.c so we never cache autenticated FTP requests
5046 (Henrik Nordstrom).
5047 - Fixed FTP authentication. We tried to unescape authentication
5048 given by basic authentication which is not URL escaped
5049 (Henrik Nordstrom).
5050 - Fixed HTTP version for common logfile format (Henrik Nordstrom).
5051 - Added 'redirect_rewrites_host_header' option to disable rewriting
5052 of Host header for redirector responses (Henrik Nordstrom).
5053 - Allow semi-customized error message signatures (Henrik Nordstrom).
5054 - Fixed bug with errors for unsupported requests (Henrik Nordstrom).
5055 - Fixed handling of blank lines in ACL input files (Henrik
5056 Nordstrom).
5057 - Changed proxy_auth ACL type to consist of a list of valid
5058 users. REQUIRED == any (same as ident ACL). ACL type user
5059 changed to ident since this is what it really is.
5060 (Henrik Nordstrom).
5061 - Fixed long URL bugs; make sure 'log_uri' never exceeds
5062 MAX_URL bytes.
5063 - Allow comments in external ACL files (Gerhard Wiesinger).
5064 - Added 'range_offset_limit' configuration option. Requests
5065 with ranges that start after this value will be passed
5066 on unmodified, and Squid will not cache the response
5067 (Henrik Nordstrom).
5068 - Added Client HTTP Hit byte counters to 'counters' output
5069 (Douglas Swarin).
5070 - Got Squid to compile with --enable-async-io on FreeBSD.
5071 - Fixed infinite loop bug for cachemgr 'config' option.
5072 - Fixed cachability bugs for replies with Pragma: no-cache.
5073 - Made content-type multipart/x-mixed-replace uncachable.
5074 - Y2K fix for parsing dates in "Wed Jun 9 01:29:59 1993 GMT"
5075 format (Richard Kettlewell).
5076 - Fixed passing -s option to dnsserver processes (Alvaro Jose
5077 Fernandez Lago).
5078 - Changed proxy_auth to work on internal objects and when in
5079 accelerator mode. (Henrik Nordstrom)
5080 - Added login=user:password option to cache_peer directive to
5081 be used from a dial-up cache where the parent requires proxy
5082 authentication. (Henrik Nordstrom)
5083 - If you want to "auto-login", then use a URL on the form
5084 http://username:password@server/.... Squid now picks this up
5085 when going direct, and turns it into basic WWW
5086 authentication. It is also possible to do automatic login to
5087 certain servers by using a redirector to add the needed
5088 authentication information. (Henrik Nordstrom)
04f0ba5c 5089 - Changed refreshCheck() so that objects with negative age
5090 are always stale.
4d62b0af 5091 - Fixed "plain" FTP listings (Henrik Nordstrom).
5092 - Fixed showing banner/logon message for top-level FTP
5093 directories (Henrik Nordstrom).
5094 * Changes below have been made to SQUID_2_1_PATCH1
5095 - Fixed pinger packet size assertion.
5096 - Fixed WAIS forwarding.
5097 - Fixed dnsserver coredump bug caused by using both -D and
5098 -s options.
e42d5181 5099 * Changes below have been made to SQUID_2_1_PATCH2
5100 - Fixed EBIT macro bugs when the bitmask is a 64-bit long.
5101 - Fixed proxy auth NULL password bug.
5102 - Fixed queueing of multiple peerRefreshDNS events.
5103 - Added a stack of StoreEntry objects to be released after
5104 store rebuild completes.
5105 - Fixed NULL pointer bugs with too-large requests (found by
5106 Martin Lathoud).
5107 - Fixed reading replies from buggy ident servers. Replies
5108 might not have terminating CR or LF (Henrik Nordstrom).
b4019ff7 5109 - Changed internal StoreEntry key so that the request method
5110 is encoded as a single octet. Encoding an enumerated type
5111 has size and byte-order incompatibilities, especially for
5112 cache digests.
5113 - Fixed storeEntryLocked so that SPECIAL, but PRIVATE entries
5114 are not always locked. This fixes having multiple
5115 store_digest's stuck in memory.
5116 - Fixed clientProcessOnlyIfCachedMiss so it unlocks and
5117 unregisters from "cache hit" entries.
5118 * Changes below have been made to SQUID_2_1_PATCH3
5119 - Fixed memory leak in clientHandleIMSReply for
5120 storeClientCopy failures.
8f897f34 5121
41587298 5122Changes to Squid-2.0 (October 2, 1998):
71d6dc56 5123
4c154d99 5124 - Added NAT/Transparent hijacking code from Quinton Dolan.
5125 - Added actual filesystem usage to cachemgr 'storedir' page.
41587298 5126 Only works for operating systems which support statvfs().
a79d724b 5127 - Fixed HTCP compile-time bugs.
5128 - Fixed quick_abort bugs. Configured values are stored as
5129 Kbytes, not bytes.
41587298 5130 - Removed fwdAbortFetch(). It breaks quick_abort and seems
5131 mostly useless.
0da7d807 5132 - Changed storeDirSelectSwapDir() to skip swap directories
5133 when their utilization is over the high water mark ratio.
9ca005ac 5134 - Fixed off-by-one bug for dead neighbor detection (Joe Ramey).
18cc143b 5135 - fixed bugs in Content-Range header generation
5136 - changed the way Range requests are handled:
71d6dc56 5137 - do not "advertise" our ability to process ranges at
5138 all
5139 - on hits, handle simple ranges and forward complex
5140 ones
5141 - on misses, fetch the whole document for simple ranges
5142 and forward range request for complex ranges
5143 The change is supposed to decrease the number of cases when
5144 clients such as Adobe acrobat reader get confused when we
5145 send a "200" response instead of "206" (because we cannot
5146 handle complex ranges, even for hits) Note: Support for
5147 complex ranges requires storage of partial objects.
41587298 5148 - Removed SNMP mib-2.system group from squid.
6474667e 5149 - Removed SNMP ability to iterate through ipcache and friends.
5150 - Added SNMP ipcache/fqdncache basic statistics.
5151 - Converted SQUID-MIB to SMIv2 (RFC 1902).
5152 - Moved SQUID-MIB to enterprises section of the tree in preparation
5153 of the split into PROXY-MIB & SQUID-MIB.
5154 - Corrected minor errors in SQUID-MIB.
5155 - Moved uptime into cacheSystem from cacheConfig.
5156 - Corrected a number of get-next-request bugs, snmpwalk should now
5157 return all objects and not skip some.
41587298 5158 - Fixed netdbClosestParent() so it won't return sibling
5159 peers.
5160 - Fixed a bug with secondary clients on entries with
5161 ENTRY_BAD_LENGTH set. We should release the
5162 bad entry to prevent secondary clients jumping on.
5163 - Changed MIB to prevent parse warnings at startup.
f0538986 5164 * Changes below have been made to SQUID_2_0_PATCH1
9689d97c 5165 - Fixed a forwarding loop bug. Even though we were detecting
5166 a loop, it was not being broken.
5167 - Try to prevent sibling forwarding loops by NOT forwarding a
5168 request to a sibling if we have a stale copy of the object.
5169 Validation requests should only be sent to parents (or
5170 direct).
5171 - Fixed ncsa_auth hash bugs when re-reading password file.
5172 - Changed clientHierarchical() so that by default SSL/CONNECT
5173 requests do NOT go to neighbor caches.
d87ebd78 5174 - Changed clientHandleIMSReply() to not call storeAbort()
5175 because there can be more than one client hanging on the
5176 StoreEntry. This hopefully fixes "store_status !=
5177 STORE_ABORTED" assertions.
f0538986 5178 - Added temporary fix to httpMakePublic() to prevent assertions
5179 (!EBIT_TEST(e->flags, RELEASE_REQUEST)) in storeSetPublicKey().
5180 * Changes below have been made to SQUID_2_0_PATCH2
5181 - PATCH1 introduced a seriously stupid bug which prevented ICP
5182 queries for all requests. Fixed by checking
5183 request->hierarchical in peerSelectFoo().
18cc143b 5184
4c154d99 5185Changes to squid-1.2.beta25 (September 21, 1998):
5186
4b66bfd3 5187 - Fixed async IO bugs from adding filedescriptor arg to AIOCB
5188 callbacks (Henrik Nordstrom).
5189 - Fixed store_swapout.c assertion. We were freeing object data
5190 past the swapout_done offset. This probably happens (only?)
5191 when an object changes from cachable to uncachable while
5192 it is being swapped out.
a260d877 5193 - Added MEM_CLIENT_SOCK_BUF type so we can change the size
5194 of the buffers used for writing data to the client sockets.
669d90e7 5195 - Added configure check for libbind.a. If found, it will be
5196 used instead of libresolv.a.
5197 - Changed fwdStart() to always allow internally generated
dddd5b55 5198 requests, such as for peer digests. These requests are
5199 known to fwdStart() because the address arg is set to
5200 'no_addr'.
669d90e7 5201 - Completed initial HTCP implementation. It works, but is not
5202 tested much.
2d5c8e74 5203 - Added counters for I/O syscalls.
5204 - Fixed httpMaybeRemovePublic. With broken ICP neighbors
5205 (netapp) Squid doesn't use private keys. This caused us
5206 to remove almost every object from the cache.
5207 - Added 'asndb' cachemgr stats to show AS Number tree.
dddd5b55 5208 - Fixed AS Number byte-order bug for netmasks.
2d5c8e74 5209 - Fixed comm_incoming calling rate for high loads (Stewart
5210 Forster).
426012d2 5211 - Give always_direct higher precedence than never_direct
5212 (Henrik Nordstrom).
dddd5b55 5213 - Changed PORT ACL type to accept ranges. Now you can easily
5214 deny, for example, all priveleged ports except 80, 70, 21,
5215 etc.
5216 - ARP ACL fixes for Linux (David Luyer).
5217 - Replaced various "EBIT" flags bitfileds with structures of
5218 "int:1" members.
5219 - Changed storeKeyPrivate and storeKeyPublic to be a bit more
5220 efficient by removing snprintf(). This causes an
5221 incompatibility with old cache keys, however. To transition,
5222 we will look up both the new and old style keys for about the
5223 next 30 days. After that, if you haven't run this (or a
5224 future) version, your cache contents will be lost.
5225 - Made the client-side write buffer size configurable with
5226 a #define in defines.h. By default it is still 4096 bytes.
5227 - Removed redirectUnregister(). It should be unnecessary
5228 because of cbdata locks.
5229 - Fixed multiple HEAD request brokennesses (Henrik Nordstrom).
5230 - Changed non-blocking connect(2) code to call getsockopt()
5231 instead of connect() again. This is the approach recommended
5232 by Stevens, and fixes bugs on BSD-ish systems when subsequent
5233 connect() calls loop with EAGAIN status.
5234 - Added MD5 cache keys to memory pool accounting.
5235 - Added code to track number of open DISK descriptors and stop
5236 swapping out objects if the number of disk descriptors becomes
5237 too large. For now the limit must be manually configured with
5238 the 'max_open_disk_fds'. By default, there is no limit.
5239 - Stopped encoding a request method in the high byte of the ICP
5240 reqnum field. Instead queried cache keys are copied to a
5241 static array, indexed by the reqnum, modulo the array size.
5242 Now we just use the request number to lookup a cache key,
5243 instead of rebuilding it from the ICP reply URL and method,
5244 unless we have netapp neighbors--they don't do reqnum
5245 properly.
5246 - Fixed reconfigure memory access bugs in redirect.c.
0753aa46 5247 - Ignore unreasonably large ICP RTT values which cause overflow
5248 bugs in calculating the average RTT (thanks Niall!)
4b66bfd3 5249
8e6a43e8 5250Changes to squid-1.2.beta24 (August 21, 1998):
5251
6c4067e5 5252 - Added Bulgarian error pages by Evgeny Gechev.
ceb79b2b 5253 - Changed StoreEntry->lock_count to a u_short.
c7d6216e 5254 - Replaced urlcmp with strcmp
5255 - Fixed pragma no-cache ejecting ENTRY_SPECIAL objects
5256 (Henrik Nordstrom).
5257 - Eliminated unneeded BASE HREF on "root" directories (Henrik
5258 Nordstrom).
5259 - Fixed peerDigestFetchFinish() assertion caused by forwarding
5260 failures (e.g. miss_access rules).
ada249f8 5261 - Changed signal handlers with ASYNC_IO and Linux so that
5262 -k command line options work (Miquel van Smoorenburg).
4616f9ea 5263 - Rewrote shutdown code to use events instead of setting
5264 FD timeouts.
903e21a0 5265 - Fixed cachemgr 'objects' (statObjects()) by adding a check
b6a76fb2 5266 for READ_AHEAD_GAP, and calling storeCheckSwapout() in
5267 storeBufferFlush(). Otherwise, the read-past pages would
5268 never be freed.
681979a2 5269 - Fixed DNSSERVER shutdown bugs. The re-opened dnsserver processes
5270 were being closed by the dnsServerShutdown event.
b6a76fb2 5271 - Modified storeHashInsert() to insert PRIVATE objects at
5272 the tail of the LRU list, and PUBLIC objects at the head.
5273 Thus, PRIVATE objects get kicked out quicker.
95e36d02 5274 - Added David Luyer's DELAY_POOLS code.
54b5b3e5 5275 - Fixed a bug due to HEAD replies which lack the end-of-headers
5276 line.
5277 - Made proxy-auth realm string configurable (Bob Franklin)
5278 - Changed default mime time to a viewable one (Henrik Nordstrom).
5279 - configure fixes for Sony's NEWS-OS 6.x (Makoto MATSUSHITA).
5280 - Fixed 'you are running out of filedescriptors' bug which
5281 could cause the HTTP incoming connection handler to not
5282 be reset.
e23fbf04 5283 - Changed syslog logging. Now squid debug levels 0 and 1 go
d737baa0 5284 to syslog. Level 0 gets LOG_WARNING and level 1 gets LOG_NOTICE
e23fbf04 5285 (this needs more work!)
2cb51fe0 5286 - Fixed memory access errors in statAvgTick().
abc1237e 5287 - Fixed duplicate requestUnlink() bug in forward.c
6c4067e5 5288 - Fixed possible memory access bugs from not setting e->mem_obj
5289 = NULL in destroy_MemObject().
5290 - Deleted TCP_IMS_MISS tag. Always use TCP_IMS_HIT instead.
5291 - Modified headersEnd and httpMsgIsolateHeaders to account
5292 for funky line terminations such as CRCRNL.
5293 (``but Netscape and IE _tolerate_ this'')
5294 - Fixed carp functions (Eric Stern).
5295 - Replaced internal proxy_auth code with extern authentication
5296 module (Arjan de Vet).
5297 - moved hash.c to libmiscutil.a.
e931f99a 5298 - Fixed handling of ICP queries with whitespace in URLs.
5299 Now we return ICP error and escape the URL before logging.
3a15a393 5300 - Added configure check for socklen_t (David Luyer).
5301 - Removed USE_SPLAY #defines; it is now standard.
3a76c002 5302 - Added FD arg to async IO callbacks (AIOCB) so we can eliminate
5303 temporary disk_ctrl_t structures.
5304 - Changed ENOSPC disk write errors to reduce specific cache_dir
5305 sizes, and not just the size of the cache as a whole.
f9cece6e 5306 - Added httpMaybeRemovePublic() to purge public objects for
5307 certain responses even though they are uncachable. This is
5308 needed, for example, when an initially cachable object
5309 later becomes uncachable.
8e6a43e8 5310 - Added refresh_pattern options to ignore client reloads
5311 (Henrik Nordstrom)
5312 - Relocated disk.c code which combines blocks for writing
5313 (Stewart Forster).
c7d6216e 5314
857703c6 5315Changes to squid-1.2.beta23 (June 22, 1998):
5316
cf7f704c 5317 - Added Turkish error pages by Tural KAPTAN.
66bbb757 5318 - Added basic support for Range requests. For most cachable
5319 requests, Squid replies with an "Accept-Ranges" header. Upon
5320 receiving a potentially cachable Range request for a not
5321 cached object, Squid requests the whole object from origin
5322 server and then replies with specified range(s) to the
5323 client. Multi-range requests are supported. Adjacent
5324 overlapping ranges are merged. If-Range requests are
5325 supported. Limitations: Multi-range requests with out of
5326 order ranges are not supported.
5327 - Made md5.c use standard memcpy and memset if they are
5328 avaliable.
5329 - Memory pools will now shrink if Squid is run-time
5330 reconfigured with smaller value of memory_pools_limit tag.
5331 - Added counter for number of clients (Tomi Hakala).
5332 - Changed neighbor UP/DOWN algorithm to require 10 failed TCP
5333 connections for UP->DOWN transition.
5334 - Added 'unique_hostname' configuration option when its
5335 necessary to have multiple machines with the same visible
5336 hostname.
222917b2 5337 - Fixed pumpReadFromClient() to not read too many bytes on
5338 persistent connections.
53856ebd 5339 - We can now cache HTTP replies with Set-Cookie. These evil
5340 headers are now filtered out for cache hits on the client
5341 side.
222917b2 5342 - Fixed SNMP bugs caused by using snmpwalk.
9089cc70 5343 - Fixed snmp system Group; all objects are now returned.
5344 - Fixed snmp system Group sysDescr and sysContact.
78dfab2a 5345 - Fixed snmp system Group sysObjectID it now returns a OBJECT
5346 IDENTIFIER.
7fce9c3e 5347 - Allocate FwdState from mem pools.
5348 - Minor HTCP progress.
222917b2 5349 - Moved 'miss_access' ACL check from client_side.c to forward.c
ed169eab 5350 - Fixed logging of usernames for requests which require
5351 proxy-authentication.
cf7f704c 5352 - Fixed HTTP request parser to accept lowercase HTTP identifier
5353 (Oskar Pearson).
5354 - Fixed FTP listings to always include links to the parent
5355 directory (Henrik Nordstrom).
5356 - Fixed FTP to show an "empty" listing instead of showing
5357 a "document contains no data" error (Henrik Nordstrom).
5358 - Fixed refreshCheck() bug. Often it was checking the
5359 refresh patterns against the string "[null_mem_obj]"
5360 because we moved URLs to MemObject.
5361 - Added CARP support by Eric Stern.
48382032 5362 - Fixed select-spin bug when an ICP reply actually gets queued
5363 and we failed to execute the write callback.
354b5fe1 5364 - Fixed a storeCheckSwapOut bug. We were freeing up to
5365 the queued offset instead of the done offset. This
5366 resulted in a small chunk of object data not being in
5367 memory and not yet written to disk. A client could
5368 recieve a partial object because file_read() unexpectedly
5369 returns EOF.
0aa791f8 5370 - Fixed proxy-authentication hangs (Henrik Nordstrom).
c2354a6b 5371 - Fixed request_t->flags bug causing authenticated, proxied
5372 responses to be cached (Arjan de Vet).
e0e32f36 5373 - Fixed MIME types for .tgz extension (Henrik Nordstrom).
5374 - Added view and download options to FTP listings (Henrik
5375 Nordstrom).
5376 - Modified configure to allow using pre-installed libdlmalloc.a
5377 (Masashi Fujita).
e8d8856c 5378 - Fixed cachemgr 'objects' implementation.
fecf98dc 5379 - Changed refreshCheck() algorithm. For cached objects, we
5380 now check, in the following order:
5381 * request max-age
5382 * response Expires (if present)
5383 * refresh_pattern max-age
5384 * response Last-Modified compared to refresh_pattern
5385 LM-factor (only if Last-Modified is present)
5386 * refresh_pattern min-age
5387 - Changed Copyrights.
d192d11f 5388
ee3a78d4 5389Changes to squid-1.2.beta22 (June 1, 1998):
5390
2246b732 5391 - do not cut off "; parameter" from "digitized" Content-Type
5392 http fields
5393 - Added X-Request-URI for persistent connection debugging
5394 (Henrik Nordstrom)
f4d83f6d 5395 - Added Polish error pages from Maciej Kozinski.
145f10f1 5396 - Fixed hash_first/hash_next bugs with **Current pointer.
5397 Replaced with *next pointer.
f4d83f6d 5398 - Fixed PUT/POST bugs in client (Henrik Nordstrom).
5399 - Deny forwarding loops in httpd accel mode (Henrik Nordstrom).
5400 - Fixed eventRun "spin" bug when event delta time == 0.
a9cc1935 5401 - Fixed setting Last Modified time on cached entries when
5402 receiving a 304 reply.
06e87923 5403 - Added while loop in httpAccept().
5404 - Added while loop in icpHandleUdp().
5405 - Fixed some small memory leaks.
5406 - Fixed single-bit-int flag checks (Henrik Nordstrom).
137ee196 5407 - Replaced "complex" (offset accounting) calls to snprintf with MemBuf
5408 - Do not send only-if-cached cc directive with requests
6474667e 5409 for peer's digests.
ee3a78d4 5410 - Added "automatic tuning" for incoming request rate, i.e.
5411 how often to check HTTP and ICP sockets. See comm.c
5412 comments for details.
145f10f1 5413
6ee40ea2 5414Changes to squid-1.2.beta21 (May 22, 1998):
5415
434b408f 5416 - Added Italian error pages by Alessio Bragadini.
a3f9588e 5417 - Added Estonian error pages by Toomas Soome.
06066bbc 5418 - Added Russian (koi-r) error pages by Andrew L. Davydov.
7b381d33 5419 - Added Czech error pages by Jakub Nantl.
8e866bb4 5420 - Fixed asnAclInitialize calling to prevent coredump.
5421 - Fixed FTP directory parsing again.
5422 - Made FTP directory listing "Generated" tagline like
5423 the one for error pages.
52f977aa 5424 - Fixed an assertion coredump in statHistCopy from
6474667e 5425 reconfiguring with different #peers in squid.conf
10202788 5426 - Ignore leading whitespace on requests (and replies). RFC
5427 2068 section 4.1, robustness (Henrik Nordstrom)
5428 - Fixed keep_alive bug. We did not always honour reply
5429 headers, but rather assumed connections could be persistent.
5430 - Fixed reading whois output for AS numbers, especially when
5431 they are longer than 4 KB.
5432 - Removed 'cache_stoplist_pattern' configuration option. This
5433 feature is now handled by 'no_cache'.
5434 - If a URN resolves to only one URL, just return it immediately
5435 instead of giving the user a "choice" (Andy Powell).
5436 - Fixed year-2000 bug in lib/iso3307.c (Henrik Nordstrom).
5437 - Changed squid-internal object names.
5438 - Added netdb exchange protocol.
5439 - Fixed wordlistDestroy() uninitialized pointer bug in
5440 ftpParseControlReply.
06066bbc 5441 - Fixed redirector subprocess to show real program name.
5442 - Changed URN menu output to be sorted.
5443 - Added fast select(2) timeouts when using ASYNC_IO.
5444 - Added ARP ACL support for Linux (David Luyer).
6474667e 5445 - Added binary http headers to requests
5446 - request_t objects are now created and destroyed in a consistent way
5447 - Fixed cache control printf bug
5448 - Added a lot of new http header ids
5449 - Improved Connection: header handling; now both Connection and
5450 Proxy-Connection headers are checked for connection directives
5451 - Connection request header is now handled correctly regardless
5452 of its position and the number of entries
2246b732 5453 - Only replies with valid Content-Length can be sent with keep-alive
5454 connection directive (Henrik Nordstrom)
6474667e 5455 - Better handling of persistent connection "clues" in HTTP headers;
2246b732 5456 the decision now depends on HTTP version (and User-Agent exceptions)
6474667e 5457 - Removed handling of "length=" directive in IMS headers;
5458 the directive is not in the HTTP/1.1 standard;
5459 standing by for objections
5460 - allowed/denied headers are now checked using bit masks instead of
5461 strcmp loops
5462 - removed Uri: from allowed headers; Uri is deprecated in RFC 2068
2246b732 5463 - removed processing of Request-Range header (not in specs?)
7b381d33 5464 - Fixed byte-order bugs in cacheDigestHashKey.
5465 - Changed hash_remove_link() to return void.
5466 - Changed ipcache_gethostbyname() to return NULL if
5467 i->addrs.count == 0.
6de5fa88 5468 - Added millisecond-timing to select/poll loops and event
5469 queue.
5470 - Changed 'peerPingTimeout' value to be twice the average
5471 of all the peer ICP RTT's.
5472 - Added 'half_closed_clients' option to force closing of
5473 client connections which might only be half-closed.
5474 - Fixed matchDomainName coredump bug.
5475 - Don't cache HTTP replies with Vary: headers until we
5476 get content negotiation working.
5477 - Fixed SSL proxying to forward full HTTP request headers.
c09459dd 5478 - Changed storeGetMemSpace(). Only purge down to the HIGH
5479 water mark; move locked entries to the head of the inmem
5480 list.
5481 - Changed clientReadRequest() to locally handle any
5482 "squid-internal-static" URL for any host.
52f977aa 5483 - Disable persistent connections for client connections
5484 from broken Netscape User-Agent, version 3.* (Stewart Forster)
434b408f 5485
901b8eaf 5486Changes to squid-1.2.beta20 (April 24, 1998):
5487
fd1bc012 5488 - Improved support for only-if-cached cache control directive.
5489 - Enabled 304 replies for ENTRY_SPECIAL objects (e.g., icons).
a1a62b14 5490 - Fixed 'quick_abort' percent calculation bug.
5491 - Fixed quick_abort FPE bug.
5492 - Changed more errno-checking functions to use ignoreErrno().
5493 - Added ERESTART to ignoreErrno() because of report from
5494 a Solaris system.
5495 - Fixed '#elsif' typo.
5496 - Fixed MemPool assertion by moving memInit() to before
5497 configuration parsing functions.
5498 - Fixed default 'announce_period' value (was 1 day, should
5499 be 0) (Joe Ramey).
5500 - Added configure warning for low filedescriptors and pointer
5501 to FAQ.
b0497a40 5502 - Fixed httpBodySet() bug causing URN related coredumps.
5503 - Changed ipcacheCycleAddr() to always cycle through all all
5504 available addresses, and not just advance when one of
5505 them goes BAD.
5506 - Fixed squid-internal bug for mixed-case hostnames (Henrik
5507 Nordstrom).
4e41d49f 5508 - Fixed ICP counting probelm. icpUdpSend() arg should be
5509 LOG_ICP_QUERY instead of LOG_TAG_NONE.
e4b71f74 5510 - Added some additional fault toleranse on FTP data channels
5511 (Henrik Nordstrom).
5512 - Corrected error reporting on FTP "hacks" (Henrik Nordstrom).
5513 - Added lock/unlock for StoreEntry during storeAbort().
5514 - Added filemap bit usage stats to cachemgr 'storedir' and
5515 'info'.
5516 - Replaced 'cache_stoplist' with 'no_cache' Access list.
5517 - Fixed (hopefully) remaining swapfile-open-at-exit bugs.
44745828 5518 - Fixed default hierarchy_stoplist to be ``default if none.''
5519 - Fixed 'fake a recent reply' hack for detecting DEAD
5520 and ALIVE neighbors (Joe Ramey).
e376562a 5521 - Fixed FTP directory parsing bugs (Joe Ramey).
5522 - Fixed ftpTraverseDirectory coredump for NULL ftpState->filepath
5523 (Joe Ramey).
dea17509 5524 - Fixed daylight savings time bug (again).
fd1bc012 5525 - A lot of Cache Digests additions, fixes, and tuning.
5526 Cache Digests are still "very experimental".
e376562a 5527 - Fixed snprintf() bug. When len == 1, snprintf() would treat
5528 the buffer as unknown size, emulating sprintf() behaviour.
5529 - Made Error page language configurable with configure script
5530 (Henrik Nordstrom).
5531 - Fixed squid-internal URLs when http_port == 80.
5532 - Remember the client address on redirected requests (Henrik
5533 Nordstrom).
5534 - Don't rebuild the request if the redirector returned the same
5535 URL (Henrik Nordstrom).
5536 - Rewrite Host: header on redirected requests (Henrik
5537 Nordstrom).
5538 - Include port (if non-standard) in generated Host: headers
5539 (Henrik Nordstrom).
5540 - Fixed rfc1123 timezone hacks for Windows NT
5541 (Henrik Nordstrom).
5542 - Added Russian Error pages by Ilia Zadorozhko.
5543 - Added totals for ICP and HTTP hits to cachemgr client_list
5544 output.
6cfa8966 5545 - Changed error message to 'Generated TIME by HOST (SQUID/VER)'
5546 because any string with an '@' must be an email address.
e376562a 5547 - Fixed POST for content-length == 0.
901b8eaf 5548 - Fixed "huge 304 reply" loop bug.
5e9ab945 5549 - Fixed --enable-splaytree compile bugs.
c93fbf13 5550 - Removed ASN lookup code in peer_select.c.
b6a2f15e 5551 - Added warnings if ACL code detects subdomains in SPLAY
5552 trees.
5553 - Rewrote some bits of httpRequestFree() to eliminate
5554 possible bugs that could cause an "e->lock_count" asseertion.
5555 - Added value/bounds checking to _db_init() when setting
5556 the debugLevels[] array.
fd1bc012 5557
005e5260 5558Changes to squid-1.2.beta19 (Apr 8, 1998):
5559
b0497a40 5560 - Squid-1.2.beta19 compiles and runs on Windows/NT with
5561 Cygnus Gnu-WIN32 b19 (Henrik Nordstrom).
447203a7 5562 - Added French Error pages by Frank DENIS.
5563 - Added Dutch Error pages by Mark Visser
901b8eaf 5564 - Added German Error pages by Bernd P. Ziller, Jens Frank,
5565 and Anke S.
f9f2be04 5566 - Added support for only-if-cached cache-control directive.
005e5260 5567 - Added RELAXED_HTTP_PARSER #define to allow requests which are
5568 missing the HTTP identifier on the request line (e.g. buggy
5569 SpyGame queries). RELAXED_HTTP_PARSER is undefined by default.
1f4d31f9 5570 - Fixed disk.c FD leak for delayed closes in
5571 diskHandleWriteComplete().
5572 - Fixed cache announcement feature.
20fe7191 5573 - Fixed httpReadReply() to retry failed HTTP requests on
5574 persistent connections when read() returns -1, not only
5575 when it returns 0.
805e5f70 5576 - Fixed cbdata memory counting leak. cbdataUnlock() always
5577 called free(), never memFree().
ff396fe6 5578 - Fixed storeDirWriteCleanLogs() malloc bug on Alphas.
005e5260 5579 - Fixed `++loopdetect < 10' assertion due to
5580 clientHandleIMSReply bug for invalid/partial HTTP
5581 replies.
5582 - Added preliminary code for HTCP.
5583 - Renamed 'aux' dir to 'cfgaux' for legacy DOS machines.
5584 - Added "snmp_community" as an ACL type.
5585 - Cleaned up proxy-auth acl implementation and removed
5586 memory leaks.
5587 - Added generic 'hashFreeItems()' function for efficiently
5588 freeing hash table pointers.
5589 - Added whoisTimeout() for ASN code.
447203a7 5590 - Removed BINARY TREE code.
005e5260 5591 - Fixed forgetting to reset Config.Swap.maxSize in
5592 configDoConfigure.
5593 - Fixed httpReplyUpdateOnNotModified() arguments-in-wrong-order
5594 bug which caused not modified replies to not get updated.
5595 - Fixed client_side.c bugs which could cause data to be written
5596 to the client in the wrong order for persistent connections.
5597 clientPurgeRequest() and clientHandleIMSComplete() must not
5598 call comm_write(). Instead they must create and write to
5599 StoreEntry's.
5600 - Fixed ICP query service time counting bug(s).
5601 - replaced 'char *mime_headers_end()' with 'size_t headersEnd()'
5602 to fix buffer overruns. This also requires adding 'buf_sz'
5603 args to some functions like clientBuildReplyHeader().
5604 But we can eliminate the need to NULL-terminate the
5605 buffer beforehand.
5606 - Changed commConnectCallback() to reset the FD timeout to
5607 zero before notifying about the connection. This requires
5608 commSetTimeout() calls in numerous places to reinstall
5609 timeouts.
5610 - Changed comm_poll_incoming() to be called less frequently
5611 (every 15 I/O's instead of every 7 FD's) (Michael O'Reilly).
5612 - Removed HAVE_SYSLOG case for debug() macro. Almost all
5613 systems do have syslog(), but more importatnly the
5614 _db_level value is needed for debugging to stderr.
5615 - Rewrote squid/dnsserver interface to use smaller, single-line
5616 messages.
5617 - Rewrote 'dns' cachemgr output to use a table format.
5618 - Rewrote a lot of dnsserver.c.
5619 - Added eventAddIsh() for semi-random event scheduling.
5620 - Fixed an ftpTimeout bug for sessions which use PORT
5621 commands.
5622 - Fixed ftp.c to recognized invalid PASV replies (e.g.
5623 port == 0).
5624 - Removed hash_insert(). All hasing uses hash_join() now.
5625 - Renamed hash_unlink() to hash_remove_link().
5626 - Added hashPrime() to find closes prime hash table size
5627 to a given value.
5628 - Fixed Keep-Alive ratio counting bug which prevented
5629 persistent connections from being used between cache
5630 peers.
5631 - Changed icmp.c to NOT queue messages sent from squid to
5632 the pinger program.
5633 - Changed icp_v2.c to NOT queue ICP messages by default.
5634 But they will be queued and resent once if the first
5635 send fails. Counters.icp.queued_replies counts the
5636 number of messaages queued.
5637 - Cleaned up ICP logging.
5638 - Added identTimeout().
5639 - Fixed ipcache reply counting bug. Overcounted dnsserver
5640 replies for partial replies.
5641 - Added urlInternal() for building internal Squid URLs.
5642 - Changed peerAllowedToUse() to check both 'cache_peer_domain'
5643 AND 'cache_peer_acl' configurations. This should be changed
5644 in the fugure to use ONLY cache_peer_acl.
5645 - Changed DEAD/REVIVED neighbor detection to avoid reporting
5646 so many false deaths. (Joe Ramey).
5647 - Added some preliminary code to support "cache digests."
5648 - Fixed pumpClose() coredumps (?).
5649 - Updated cachemgr 'info' output to show median service
5650 times for various categories.
5651 - Fixed ABW bug in storeDirWriteCleanLogs(). sizeof(off_t)
5652 != sizeof(int) for Alphas.
5653 - Fixed potential alignment problem in storeDirWriteCleanLogs().
5654 - Fixed store_rebuild.c to NOT replace current, but
5655 not-swapped-out StoreEntry's with on-disk entries.
5656 - Changed storeCleanup() to call storeRelease on invalid
5657 entries which don't have a swapfile (i.e. no unlink()
5658 penalty).
5659 - Fixed storeSwapInStart() to fail for unvalidated
5660 entries.
5661 - SNMP changes:
5662 . renovated mib and added descriptions and comments
5663 . added hit and byte counters to client_db , for
5664 cacheClientTable
5665 . cacheClientTable, netdbTable, cachePeerTable,
5666 cacheConnTable now indexed by ip address. hash_lookup was
5667 enhanced to allow for subsequent hash_next's similar to
5668 hash_first, to speed up getnext's in tables which refer to
5669 hash-table structures.
5670 . added generic (well, sorf of) table indexing functionality
5671 . added makefile dependencies for snmplib and cache_snmp.h
5672 . WaisHost, WaisPort, Timeouts removed
5673 . FdTable split into FdTable and ConnTable. FdTable simplified
5674 . PeerTable and PeerStat merged and put into new cacheMesh
5675 group
5676 . cacheClientTable added for client statistics and accounting
5677 (cacheMesh 2)
5678 . cacheSec and cacheAccounting groups removed
5679 . fixed acl bug when communities not defined
5680 . snmp_acl now survives bad configuration
81d0c856 5681
9a713ffb 5682Changes to squid-1.2.beta18 (Mar 23, 1998):
5683
275d9f2e 5684 - Added v1.1 'test_reachability' option.
5685 - Fixed hash4() len == 0 bug.
2c26197b 5686 - Fixed Config.Swap.maxSize reconfigure bug.
5687 - Fixed ICP query bug determining request method.
5688 - Moved ICP's storeGet() cache lookup into neighborsUdpAck()
5689 so that we know neighbors are alive even when they send
5690 us replies for unknown entries.
5691 - Changed configure script to add '-std1' for Digital Unix cc.
5692 - Fixed SNMP sizeof(int) / sizeof(long) bugs for 64-bit
5693 systems.
5694 - Added support for 'Cache-Control: Only-If-Cached' request header.
34ad1721 5695 - Fixed CheckQuickAbort() bugs for multiple clients on one
5696 StoreEntry. Also changed storePendingNClients() to return
5697 mem->nclients instead of counting the number of store_client
5698 entries with pending callback functions.
275d9f2e 5699
041b157e 5700Changes to squid-1.2.beta17 (Mar 17, 1998):
5701
df43fc93 5702 - SNMP MIB version check changed to non-rcs.
02922e76 5703 - Added memory pools for variable size objects (strings).
5704 There are three pools; for small, medium, and large objects.
5705 - Extended String object to use memory pools. Most fixed size char
5706 array fields will be replaced using string pools. Same for most
5707 malloc()-ed buffers.
5e14bf6d 5708 - Changed icon handling to use the hostname and port of the squid
9ed90c85 5709 server, instead of the special hostname "internal.squid"
5710 (Henrik Nordstrom).
5e14bf6d 5711 - All icons are now configured in mime.conf. No hardcoded icons,
f8360ee3 5712 including gohper icons (Henrik Nordstrom).
459f2559 5713 - Fixed ICP bug when we send queries, but expect zero
5714 replies.
ed9c0b33 5715 - Fixed alignment/casting bugs for ICP messages.
2b5b6324 5716 - A generic client-to-server "pump" was added to handle HTTP
5717 PUT as well as POST methods on the client-cache side. Based on
5718 "pump" PUT requests can be made to either HTTP or FTP url's.
5719 Code is still beta and interoperability with browsers etc has
5720 not been tested.
5721 - Put #ifdefs around 'source_ping' code.
5e14bf6d 5722 - Added missing typedef for _arp_ip_data (Wesha).
5723 - Added regular-expression-based ACLs for client and server
5724 domain names (Henrik Nordstrom).
5725 - Fixed ident-related coredumps from incorrect callback data.
5726 - Fixed parse_rfc1123() "space" bug.
5727 - Fixed xrealloc() XMALLOC_DEBUG bug (not calling check_free())..
5728 - Fixed some src/asn.c end-of-reply bugs and memory leaks.
5729 - Fixed some peer->options flag-setting bugs.
5730 - Fixed single-parent feature to work again
5731 - Removed 'single_parent_bypass' configuration option; instead
5732 just use 'no-query'.
5733 - Surrounded 'source_ping' code with #ifdefs.
5734 - Changed 'deny_info URL' to use a custom Error page.
5735 - Modified src/client.c for testing POST requests.
041b157e 5736 - Fixed hash4() for SCO (Vlado Potisk).
459f2559 5737
7ba777f2 5738Changes to squid-1.2.beta16 (Mar 4, 1998):
5739
447203a7 5740 - Added Spanish error messages from Javier Puche.
02922e76 5741 - Added Portuguese error messages from Pedro Lineu Orso
0965bd19 5742 - Added a simple but very effective hack to cachemgr.cgi that tries to
5743 interpret lines with '\t' as table records and formats them
5744 accordingly. With a few exceptions (see source code), first line
5745 becomes a table heading ("<th>" html tag) and the rest is formated
5746 with "<td>" tags.
7021844c 5747 - Added "mem_pools_limit" configuration option. Semantics of
5748 "mem_pools" option has also changed a bit to reflect new memory
5749 management policy.
7ba777f2 5750 - Reorganized memory pools. Squid now supports a global pool
5751 limit instead of individual pool limits. Per-pool limits can be
3a88d597 5752 implemented on top of the current scheme if needed, but it is
7ba777f2 5753 probably hard to guess their values. Squid distributes pool
5754 memory among "frequently allocated" objects. There is a
5755 configurable limit on the total amount of "idle" memory to be
5756 kept in reserve. All requests that exceed that amount are
5757 satisfied using malloc library. Support for variable size
5758 objects (mostly strings) will be enabled soon.
5759 - memAllocate() has now only one parameter. Objects are always
5760 reset with 0s. (We actually never used that parameter before;
5761 it was always set to "clear").
5762 - Added Squid "signature" to all ERR_ pages. The signature is
5763 hardcoded and is added on-the-fly. The signature may use
5764 %-escapes. Added interface to add more hard-coded responses if
5765 needed (see errorpage.c::error_hard_text).
5766 - Both default and configured directories are searched for ERR_
5767 pages now. Configured directory is, of course, searched first.
5768 This allows you to customize a subset of ERR_ pages (in a
5769 separate directory) without danger of getting other copies out
5770 of sync.
5771 - Security controls for the SNMP agent added. Besides
5772 communities (like password) and views (part of tree
5773 accessible), the snmp_acl config option can be used to do acl
5774 based access checks per community.
5775 - SNMP agent was heavily re-written, based on cmu-snmpV1.8. You
5776 can now walk through the whole mib tree. Several new variables
5777 added under cacheProtoAggregateStats
12cf1be2 5778 - Added rudimental statistics for HTTP headers.
7ba777f2 5779 - Adjusted StatLogHist to a more generic/flexible StatHist.
12cf1be2 5780 Moved StatHist implementation into a separate file.
178dbda2 5781 - Added FTP support for PORT if PASV fails, also try the
5782 default FTP data port (Henrik Nordstrom).
5783 - Fixed NULL pointer bug in clientGetHeadersForIMS when a
5784 request is cancelled for fails on the client side.
5785 - Filled in some squid.conf comments (never_direct,
5786 always_direct).
5787 - Added RES_DNSRCH to dnsserver's _res.options when the
5788 -D command line option is given.
5789 - Fixed repeated Detected DEAD/REVIVED Sibling messages when
5790 peer->tcp_up == 0 (Michael O'Reilly).
5791 - Fixed storeGetNextFile's incorrect "directory does not exist"
5792 errors (Michael O'Reilly).
5793 - Fixed aiops.c race condition (Michael O'Reilly, Stewart
5794 Forster).
5795 - Added 'dns_nameservers' config option to specify non-default
5796 DNS nameserver addresses (Maxim Krasnyansky).
5797 - Added lib/util.c code to show memory map as a tree
5798 (Henrik Nordstrom).
5799 - Added HTTP and ICP median service times to Counters and
5800 cachemgr average stats.
5801 - Changed "-d" command line option to take debugging level
5802 as argument. Debugging equal-to or less-than the argument
5803 will be written to stderr.
3ff01c3e 5804 - Removed unused urlClean() function from url.c.
adba4a64 5805 - Fixed a bug that allowed '?' parts of urls to be recorded in
ef65d6ca 5806 store.log. Logged urls are now "clean".
178dbda2 5807 - Cache Manager got new Web interface (cachemgr.cgi). New .cgi
5808 script forwards basic authentication from browser to squid.
5809 Authentication info is encoded within all dynamically generated
5810 pages so you do not have to type your password often.
5811 Authentication records expire after 3 hours (default) since
5812 last use. Cachemgr.cgi now recognizes "action protection" types
5813 described below.
5814 - Added better recognition of available protection for actions
5815 in Cache Manager. Actions are classified as "public" (no
5816 password needed), "protected" (must specify a valid password),
5817 "disabled" (those with a "disable" password in squid.conf), and
5818 "hidden" (actions that require a password, but do not have
5819 corresponding cachemgr_passwd entry). If you manage to request
5820 a hidden, disabled, or unknown action, squid replies with
5821 "Invalid URL" message. If a password is needed, and you failed
5822 to provide one, squid replies with "Access Denied" message and
5823 asks you to authenticate yourself.
5824 - Added "basic" authentication scheme for the Cache Manager.
5825 When a password protected function is accessed, Squid sends an
5826 HTTP_UNAUTHORIZED reply allowing the client to authorize itself
5827 by specifying "name" and "password" for the specified action.
5828 The user name is currently used for logging purposes only. The
5829 password must be an appropriate "cachemgr_passwd" entry from
5830 squid.conf. The old interface (appending @password to the url)
5831 is still supported but discouraged. Note: it is not possible
5832 to pass authentication information between squid and browser
5833 *via a web server*. The server will strip all authentication
5834 headers coming from the browser. A similar problem exists for
5835 Proxy-Authentication scheme.
5836 - Added ERR_CACHE_MGR_ACCESS_DENIED page to notify of
5837 authentication failures when accessing Cache Manager.
63259c34 5838 - Added "-v" (Verbose) and "-H" (extra Headers) options to client.c.
178dbda2 5839 - Added simple context-based debugging to debug.c. Currently,
5840 the context is defined as a constant string. Context reporting
5841 is triggered by debug() calls. Context debugging routines
5842 print minimal amount of information sufficient to describe
5843 current context. The interface will be enhanced in the future.
5844 - Replaced _http_reply with HttpReply. HttpReply is a
5845 stand-alone object that is responsible for parsing, swapping,
5846 and comm_writing of HTTP replies. Moved these functions from
5847 various modules into HttpReply module.
8bfcd557 5848 - Added HttpStatusLine, HttpHeader, HttpBody.
178dbda2 5849 - All HTTP headers are now parsed and stored in a "compiled"
5850 form in the HttpHeader object. This allows for a great
5851 flexibility in header processing and builds basis for support
5852 of yet unsupported HTTP headers.
5853 - Added Packer, a memory/store redirector with a printf
5854 interface. Packer allows to comm_write() or swap() an object
5855 using a single routine.
5856 - Added MemBuf, a auto-growing memory buffer with printf
5857 capabilities. MemBuf replaces most of old local buffers for
5858 compiling text messages.
5859 - Added MemPool that maintains a pre-allocated pool of opaque
5860 objects. Used to eliminate memory thrashing when allocating
5861 small objects (e.g. field-names and field-value in http
5862 headers).
8bfcd557 5863
3197e644 5864Changes to squid-1.2.beta15 (Feb 13, 1998):
5865
55647891 5866 NOTE: This version has changes which may cause all or part
5867 of your cache to be lost. However, you can problably
5868 save most of it by doing a slow restart. Specifically:
5869
5870 1. Kill the running squid-1.2.beta14 process; wait for it to
5871 fully exit.
5872 2. Remove all 'swap.state*' files, either in each cache_dir, or
5873 as defined in your squid.conf
5874 3. Start squid-1.2.beta15. The store will be rebuilt from the
5875 existing swap files, reading the directories and opening
5876 the files.
5877
bcfbdc11 5878 - Fixed some problems related to disk (and pipe) write error
5879 handling. file_close() doesn't always close the file
5880 immediately; i.e. when there are pending buffers to write.
5881 StoreEntry->lock_count could become zero while a write is
5882 pending, then bad things happen during the callback.
5883 - The file_write() callback data must now be in the callback
5884 database (cbdata). We now use the swapout_ctrl_t structure
5885 for the callback data; it stays around for as long as we are
5886 swapping out.
5887 - Changed the way write errors are handled by diskHandleWrite.
5888 If there is no callback function, now we exit with a fatal
5889 message under the assumption that the file in question is a
5890 log file or IPC pipe. Otherwise, we flush all the pending
5891 write buffers (so we don't see multiple repeated write errors
5892 from the same descriptor) and let the upper layer decide how
5893 to handle the failure.
5894 - Fixed storeDirWriteCleanLogs. A write failure was leaving
5895 some empty swap.state files, even though it tells us that its
5896 "not replacing the file." Don't flush/rename logs which we
5897 have prematurely closed due to write failures, indiciated by
5898 fd[dirn] == -1. Close these files LAST, not before
5899 renaming.
5900 - Fixed storeDirClean to clean directories in a more sensible
5901 order, instead of the new "MONOTONIC" order for swap files.
0465e406 5902 - Merged fdstat.c functions into fd.c.
5903 - Cleaned up some debugging sections. Some unrelated source
5904 files were using the same section.
5905 - Removed curly brackets from all cachemgr output.
5906 - Removed unused filemap->last_file_number_allocated member.
5907 - Removed unused fde->lifetime_data member.
5908 - Fixed incorrectly applying htonl() on icp_common_t->shostid.
5909 - Call setsid() before exec() in ipc.c so that child processes
5910 don't receive SIGINT (etc) when running squid on a tty.
2f2dd5ad 5911 - Changed StoreEntry->object_len to ->swap_file_sz so we
5912 can verify the disk file size at restart. Moved object_len
5913 to MemObject->object_sz. Note object_sz is initialized
5914 to -1. If object_sz < 0, then we need to open the swap
5915 file and read the swap metadata.
5916 - Changed store_client->mem to ->entry because we need
5917 e->swap_file_sz to set mem->object_sz at swapin.
2f2dd5ad 5918 - Renamed storeSwapData structure to storeSwapLogData.
5919 - Fixed storeGetNextFile to not increment d->dirn. Added
5920 check for opendir() failure.
5921 - Fixed storeRebuildStart to properly link the directory
5922 list for storeRebuildfromDirectory mode.
e157f97f 5923 - Added -S command line option to double-check store
5924 consistency with disk files in storeCleanup().
5925 - Fixed a problem with transactional logging. In many
5926 cases we were adding the public cache key and then
5927 logging a delete for the private key. This is worthless
5928 because during rebuild we could not locate the previous
5929 public-keyed entry. Now we assert that only public-keyed
5930 entries can be logged to swap.state. storeSetPublicKey()
5931 and storeSetPrivateKey() have been modified to log an
5932 ADD or DEL when the key changes.
5933 - Fixed storeDirClean bug. Needed to call
5934 storeDirProperFileno() so the "dirn bits" get set.
5935 - Fixed a storeRebuildFromDirectory bug. fullpath[] and
5936 fullfilename[] were static to that function and did
5937 not change when the "rebuild_dir" arg did. Moved these
5938 buffers to the rebuild_dir structure.
5939 - In storeRebuildFromSwapLog, we were calling storeRelease()
5940 for cache key collisions. This only set the RELEASE_REQUEST
5941 bit and did not clear the swap_file_number in the filemap or
5942 in the StoreEntry, so the swap file could get unlinked later
5943 when it was really released.
4e0f0471 5944 - Fixed FTP so that ';type=X' specifically sets the HTTP reply
5945 content-type and content-encoding (Henrik Nordstrom).
5946 - Removed 'icon_content_type' configuration option. Content
5947 types now taken from mime.conf (Henrik Nordstrom).
2a9b2b73 5948 - Added additional memory malloc tracing and memory leak
5949 detection. Use --enable-xmalloc-debug-trace configure
5950 option and -m command line option (Henrik Nordstrom).
bcfbdc11 5951
93169941 5952Changes to squid-1.2.beta14 (Feb 6, 1998):
5953
5471db88 5954 - Replaced snmplib free() calls with xfree().
5955 - Changed the 'net_db_name' hash table structure to
5956 make it easier to move names from one network to another
5957 (copied from 1.1 code).
93169941 5958 - Filled in some of the config dump routines (dump_acl,
5959 dump_acl_access).
5960 - Full memory debugging option (--enable-xmalloc-debug-trace)
5961 (Henrik Nordstrom).
5962 - Filled-in and clarified many squid.conf comments (Oskar
5963 Pearson).
5964 - Fixed up handling of SWAP_LOG_DEL swap.state entries.
5471db88 5965
f91834bf 5966Changes to squid-1.2.beta13 (Feb 4, 1998):
f577e074 5967
b4512acd 5968 - NOTE: With this version the "swap.state" file format has
5969 changed. Running this version for the first time will
5970 cause your current cache contents to be lost!
f91834bf 5971 - NOTE: this version still has the bug where we don't rewind
5972 a swapout file and rewrite the swap meta data. Objects
5973 larger than 8KB will be lost when rebuilding from the swap
5974 files.
d04dd4bf 5975 - Combined various interprocess communication setup functions
5976 into ipcCreate().
5977 - Removed some leftover ICP_HIT_OBJ things.
5978 - Removed cacheinfo and proto_count() and friends; these are to
5979 be replaced in functionality by StatCounters and 5/60 minute
5980 average views via cachemgr.
5981 - Fixed --enable-acltree configure message (Masashi Fujita).
5982 - Fixed no reference to @LIB_MALLOC@ in src/Makefile.in
5983 (Masashi Fujita).
5984 - Fixed building outside of source tree (Masashi Fujita).
dbfed404 5985 - FTP: Format NLST listings, and inform the user that the NLST
5986 (plain) format is available when we find a LIST listing that we
5987 don't understand (Henrik Nordstrom)
5988 - FTP: Use SIZE on Binary transfers, and not ASCII. The
5989 condition was inversed, making squid use SIZE on ASCII
5990 transfers (Henrik Nordstrom).
5991 - Enable virtual and Host: based acceleration in order to be
5992 able to use Squid as a transparent proxy without breaking
5993 either virtual servers or clients not sending Host: header
5994 the order of the virtual and Host: based acceleration needs
5995 to be swapped, giving Host: a higher precendence than virtual
5996 host (Henrik Nordstrom).
5997 - Use memmove/bcopy as detected by configure Some systems does
5998 not have memmove, but have the older bcopy implementation
5999 (Henrik Nordstrom).
6cf028ab 6000 - Completely rewritten aiops.c that creates and manages a pool
6001 of threads so thread creation overhead is eliminated (SLF).
6002 - Lots of mods to store.c to detect and cancel outstanding
6003 ASYNC ops. Code is not proven exhaustive and there are
6004 definately still cases to be found where outstanding disk ops
6005 aren't cancelled properly (SLF).
6006 - Changes to call interface to a few routines to support disk
6007 op `tagging', so operations can be cleanly cancelled on
6008 store_abort()s (SLF).
6009 - Implementation of swap.state files as transaction logs.
6010 Removed objects are now noted with a negative object size.
6011 This allows reliatively clean rebuilds from non-clean
6012 shutdowns (SLF).
6013 - Now that the swap.state files are transaction logs, there's
6014 now no need to validate by stat()ing. All the validation
6015 procedure does is now just set the valid bit AFTER all the
6016 swap.state files have been read, because by that time, only
6017 valid objects can be left. Object still need to be marked
6018 invalid when reading the swap.state file because there's no
6019 guarantee the file has been retaken or deleted (SLF).
6020 - An fstat() call is now added after every
6021 storeSwapInFileOpened() so object sizes can be checked. Added
6022 code to storeRelease() the object if the sizes don't match (SLF).
6474667e 6023 - #defining USE_ASYNC_IO now uses the async unlink() rather than
6024 unlinkd() (SLF).
6cf028ab 6025 - #defining MONOTONIC_STORE will support the creation of disk
6026 objects clustered into directories. This GREATLY improves disk
6027 performance (factor of 3) over old `write-over-old-object'
6028 method. If using the MONOTONIC_STORE, the
6029 {get/put}_unusedFileno stack stuff is disabled. This is
6030 actually a good thing and greatly reduces the risk of serving
6031 up bad objects (SLF).
6032 - Fixed unlink() in storeWriteCleanLogs to be real unlink()
6033 rather than ASYNC/unlinkd unlinks. swap.state.new files were
6034 being removed just after they were created due to delayed
6035 unlinks (SLF).
6036 - Disabled various assertions and made these into debug warning
6037 messages to make the code more stable until the bugs can be
6038 tracked down (SLF).
6039 - Added most of Michael O'Reilly's patches which included many
6040 bug fixes. Ask him for full details (SLF).
6041 - Moved aio_check_callbacks in comm_{poll|select}(). It was
6042 called after the fdset had been built which was wrong because
6043 the callbacks were changing the state of the read/write
6044 handlers prior to the poll/select() calls (SLF).
f09f5b26 6045 - Fixed ARP ACL memory leaks (Dale).
f577e074 6046 - Eliminated URL and SHA cache keys. Cache keys will always
6047 be MD5's now.
6048 - Fixed up store swap meta data.
6049 - Changed swap.state logs to a binary format.
f91834bf 6050 - The swap.state logs are written transaction-style.
d04dd4bf 6051
b5cfbd5b 6052Changes to squid-1.2.beta12 (Jan 30, 1998):
6053
b4512acd 6054 - Added metadata headers to cache swap files. This is an
6055 incompatible change with previous versions. Running this
6056 version for the first time will cause your current cache
6057 contents to be lost.
9fc0b4b8 6058 - -D_REENTRANT when linking with -lpthreads (Henrik Nordstrom)
6059 - Show symlink destinations as a hyperlink in FTP listings
6060 (Henrik Nordstrom)
3a4eaced 6061 - Fixed not allocating enough space for rewriting URLs with
6062 the Host: header (Eric Stern).
6063 - Year-2000 fixes (Arjan de Vet).
6064 - Fixed looping for cache hits on HEAD requests.
fc6dc767 6065 - Fixed parseHttpRequest() coredump for
6474667e 6066 "GET http://foo HTTP/1.0\r\n\r\n\r\n"
9fc0b4b8 6067
9f802cb1 6068Changes to squid-1.2.beta11 (Jan 6, 1998):
6069
fd82d0b0 6070 - Fixed fake 'struct rusage' definition which prevented compling
6071 on Solaris 2.4.
6072 - Fixed copy-by-ref bug for request->headers in
6073 clientRedirectDone() (Michael O'Reilly).
812db943 6074 - Workaround for Solaris pthreads closing FD 0 upon fork()
6075 (Michael O'Reilly).
05fd71a7 6076 - Fixed shutdown bug with outgoing UDP sockets; we need to
6077 disable their read handlers.
6078 - For comm_poll(), use the fast 50 msec timeout only when
6079 USE_ASYNC_IO is defined.
1fbc6de3 6080 - Fixed pointer bug when freeing AS# ACL entries.
6081 - Fixed forgetting to reset Config.npeers to zero in free_peer().
0f6bdbfa 6082 - Fixed ICP bug causing excessive TIMEOUTs with sibling
6083 neighbors. We must call the ICP reply callback even for
6084 sibling misses.
6085 - Fixed some dnsserver-related reconfigure bugs. Need to
6086 use cbdataLock, etc in fqdncache.c. Also don't want to
6087 use ipcacheQueueDrain() and fqdncacheQueueDrain().
6088 - Fixed persistent connection bug. We were incorrectly
6089 deciding that non-200 replies without content-length
6090 would not have a reply body.
6091 - Fixed intAverage() precedence bug.
6092 - Fixed memmove() 'len' arg bug.
6093 - Changed algorithm for determining alive/dead state of peers.
6094 Instead of using a fixed number of unacknowledged ICP
6095 replies, it is now based on timeouts. If there are no ICP
6096 replies received from a peer within 'dead_peer_timeout'
6097 seconds, then we call it dead.
6098 - Added calls to getCurrentTime() in
6099 comm_{select,poll}_incoming() when ALARM_UPDATES_TIME is not
6100 being used.
6101 - Fixed shutdown bug when the incoming and outgoing ICP socket
6102 is the same file descriptor.
e970f357 6103 - Added buffered writes for storeWriteCleanLogs() (Stewart
6104 Forster).
6105 - Patches for Qnx4 (Jean-Claude MICHOT).
6106 - Fixed returning void functions which seems to be a GCC-ism.
e5f4e1b0 6107 - New configure script options (Henrik Nordstrom):
6108 --enable-new-storekey=[sha|md5(|url)] (was --enable-hashkey)
6109 --enable-acltree
6110 --enable-icmp
6111 --enable-delay-hack
6112 --enable-useragent-log
6113 --enable-kill-parent (this should be named -hack)
6114 --enable-snmp
6115 --enable-time-hack
6116 --enable-cachemgr-hostname[=hostname] (new)
6117 --enable-arp-acl (new)
6118 - Added Doug Lea malloc-2.6.4 to the distribution, so that
6119 people easily can try a decent malloc package if they syspect
6120 their malloc is broken. --enable-dlmalloc (Henrik Nordstrom).
6121 - Made XMALLOC_DEBUG_COUNT working again. Requires a small stub
6122 function (Henrik Nordstrom).
6123 - Removed top-level Makefile. People must now run 'configure'
6124 before 'make'.
714ace98 6125 - Fixed checkFailureRatio() implementation.
82b3c7d9 6126 - Made 'squid -z' behave like the 1.1 version.
e5f4e1b0 6127
fd82d0b0 6128
ab9a3f7e 6129Changes to squid-1.2.beta10 (Jan 1, 1998):
6130
6131 - Fixed content-length bugs for 204 replies, 304 replies,
6132 and HEAD requests (Henrik Nordstrom).
6133 - Fixed errorAppendEntry() bug in gopherReadReply().
6134 - Basic support for FTP URL typecodes (;type=X).
9c965c1b 6135 - Support for access controls based on ethernet MAC addresses
ab9a3f7e 6136 (Dale).
6137 - Initial URN support; see
6138 http://squid.nlanr.net/Squid/urn-support.html
6139 - Fixed client-side persistent connections for objects with
6140 bad content lengths (Henrik Nordstrom).
6141 - Fixed bad call to storeDirUpdateSwapSize() for objects which
6142 never reach SWAPOUT_DONE state.
68e3a9df 6143 - Fixed up poll() #defines in squid.h (Stewart Forster).
6144 - Changed poll() timeout from 1000 msec to 50 msec for
6145 better performance under low load (Stewart Forster).
e7a1fde6 6146 - Changed storeWriteCleanLogs() to write objects in the LRU
6147 list order instead of the random hash table order.
109ff6af 6148 - Fixed FTP bug when data socket connections fail or timeout.
6149 - Reuse FTP data connection when possible (Henrik Nordstrom).
6150 - Added configure options (Henrik Nordstrom)
6151 --enable-store-key=sha|md5
6152 --enable-xmalloc-statistics
6153 --enable-xmalloc-debug
78743365 6154 --enable-xmalloc-debug-count
6155 --async-io
109203bf 6156 - Fixed confusing with the use/meaning of ERR_CANNOT_FORWARD
6157 by creating ERR_FORWARDING_DENIED and changing the
6158 content of the ERR_CANNOT_FORWARD text.
4e9c07c1 6159 - Fixed pipeline request bug from using strdup() (Henrik
6160 Nordstrom).
6161 - Call clientReadRequest() directly instead of commSetSelect()
6162 for pipelined requests (Henrik Nordstrom).
1b02b5be 6163 - Fixed 4k page leak in icpHandleIMSReply();
6164 - Renamed 'icp*' functions to 'client*' names in client_side.c.
e7a1fde6 6165
b90a0f8d 6166Changes to squid-1.2.beta8 (Dec 2, 1997):
6167
eae03fc8 6168 - Fixed accessLogLog() to log ident from Proxy-Authorization
6169 request header (BoB Miorelli).
226f9ba2 6170 - Fixed #includes, prototypes, etc. in SNMP source files.
6171 - Moved 'POLLRDNORM' and 'POLLWRNORM' macro checks from
6172 include/config.h.in to src/squid.h
6173 - Moved 'num32' typedefs from src/typedefs.h to
6174 include/config.h.in.
6175 - Moved snmplib/md5.c to lib/md5.c.
6176 - Added MD5 cache key support.
6177 - Removed xmalloc() return check in uudeocde.c
6178 - Added 'ifdef' support to cf_gen.c for optional code (e.g. SNMP)
6179 - Changed 'client' program to provide easier cache manager access,
3ff01c3e 6180 e.g.: 'client mgr:info'
226f9ba2 6181 - Fixed 'client' to send 'Connection' instead of 'Proxy-Connection'
6182 for simulated keep-alive requests.
6183 - Removed 'fd' arg from clientProcess* functions.
9e3468d5 6184 - Fixed bugs from using errorSend() on persistent/pipelined
226f9ba2 6185 client connections. A latter request should not be allowed to
6186 write to the client fd until the current request completes.
6187 Now use errorAppendEntry() for such situations.
6188 - Fixed content-length bugs. We were using content-length == 0
6189 to also indicate a lack of content-length reply header. But
6190 'content-length: 0' might appear in a reply, so now use -1 to
6191 indicate that no content length given.
6192 - Split up clientProcessRequest() into smaller chunks so it
6193 might be easier to follow.
6194 - renamed various client_side.c functions to start with 'client'
6195 instead of 'icp'.
6196 - Fixed a 'cbdata leak' from the comm.c close handlers.
6197 - Fixed a 'cbdata leak' from the comm.c connect routines.
6198 - Fixed comm_select() and comm_poll() to stop looping on the
6199 incoming HTTP/ICP sockets. If there are fewer than 7 FD's
6200 ready for I/O, the incoming sockets might not get service, so
6201 comm_select() would be called for up to 7 times until the
6202 'incoming_counter' was incremented enough to trigger a call
6203 to comm_select_incoming(). Now we make sure
6204 comm_select_incoming() gets called if select returns less
6205 than 7 ready FD's.
9e3468d5 6206 - Added errorpage '%B' token to generate FTP URLs with a '%2f'
6207 inserted at the start of the url-path. calls ftpUrlWith2f().
6208 (Henrik Nordstrom).
226f9ba2 6209 - Changed fqdncache.c to use LRU double-linked list instead of qsort()
6210 for replacement and cachemgr output.
6211 - Changed ipcache.c to use LRU double-linked list instead of qsort()
6212 - Changed hash_insert() and hash_join() to return void.
6213 for replacement and cachemgr output.
6214 - Moved StoreEntry->method member to MemObject->method.
6215 - Made StoreEntry->flags 16 bits.
6216 - Made StoreEntry->refcount 16 bits.
6217 - Changed URL-based public cache key to always include the request
6218 method.
eae03fc8 6219
95bc9f0b 6220Changes to squid-1.2.beta7 (Nov 24, 1997):
6221
6a11653c 6222 - Fixed poll() for Linux (David Luyer).
6223 - SHA optimizations (David Luyer).
6224 - Fixed errno clashes with macro on Linux (David Luyer).
6225 - Fixed storeDirCloseSwapLogs(); logs might not be open.
6226 - Fixed storeClientCopy2() bug. Detect when there is
6227 no more data to send for objects in STORE_OK state.
19ee64b1 6228 - Fixed FTP truncation bug when ftpState->size == 0, e.g.
6229 especially directory listings.
95bc9f0b 6230 - Mega FTP fix from Henrik Nordstrom. A better job of
6231 implementing the '%2f' hack.
6232 - Fixed some pipelined request bugs. storeClientCopy() was
6233 being given the wrong StoreEntry, and we had a race condition
6234 which is now handled by storeClientCopyPending().
99077fe6 6235 - Added initial SNMP support.
6a11653c 6236
2c9b45c9 6237Changes to squid-1.2.beta6 (Nov 13, 1997):
6238
1b5516d3 6239 - Fixed Authorized responses getting swapped out when they
6240 don't have Proxy-Revalidate reply header.
6241 - Fixed Proxy Authentication support. We never sent back
6242 a 407 reply, and were incorrectly incrementing the passwd
6243 before comparing it.
6244 - Fixed stat()ing pathnames for default values before parsing
6245 config file (Ron Gomes).
6246 - Fixed logging request and response headers on separate lines
6247 (Ron Gomes).
6248 - Fixed FTP Authentication message (Henrik Nordstrom).
6249 - Changed Proxy Authentication to trigger a reread of the passwd
6250 file if a password check fails (Henrik Nordstrom).
6251 - Changed FTP to retry the first CWD with a leading slash if it
6252 fails without one.
6253
8c17a569 6254Changes to squid-1.2.beta5 (Nov 6, 1997):
6255
90045285 6256 - Track the 'keep-alive ratio' for a peer as the ratio of
6257 the number of replies including 'Proxy-Connection: Keep-Alive'
6258 compared to the number of requests sent. If the peer does
6259 not support Persistent connections then this ratio will tend
6260 toward zero. If the ratio is less than 50% after 10 requests
6261 then we'll stop sending Keep-Alive.
8c3994aa 6262 - Proper support for %nn escapes in FTP, and numerous
6263 other fixes (Henrik Nordstrom).
6264 - Support for Secure Hash Algorithm and framework for other
6265 hash functions as cache keys.
6266 - Fixed SSL snprintf() bug which broke SSL proxying.
6267 - Fixed store_dir swap log bug from reconfigure (SIGHUP).
8c17a569 6268 - Fixed LRU Reference Age bug. The arg to pow() must be
8031bd43 6269 minutes, not seconds.
90045285 6270
9ddfb255 6271Changes to squid-1.2.beta4 (Oct 30, 1997):
6272
a493f974 6273 - Fixed DST bug in rfc1123.c
6274 - Changed default http_accel_port to 80.
6275 - added errorCon() as a ErrorState constructor function
6276 (Max Okumoto).
6277 - Added ERR_FTP_FAILURE message for ftpFail().
6278 - For FTP, the timeout callback must be moved to the 'data'
6279 descriptor when data transfer begins. Otherwise we are
6280 likely to get a timeout on the control descriptor.
6281 - Fixed double-free bug in httpRequestFree().
6282 - Fixed store_swap_size counting bug in storeSwapOutHandle().
6283
409a6aad 6284Changes to squid-1.2.beta3 (Oct 29, 1997):
6285
6286 - Initialize _res.options to RES_DEFAULT in dnsserver.c.
6287 - Fix assertions which assumed 4-byte pointers.
6288 - Fix missing % in fqdncache.c snprintf().
6289
5a2d610b 6290Changes to squid-1.2.beta2 (Oct 28, 1997):
6291
8c3994aa 6292 - Fixed aiops.c and async_io.c so that they actually compile
f5b8bbc4 6293 with USE_ASYNC_IO (Arjan de Vet).
6294 - Fixed errState->errno causing problems with some macros
6295 (Michael O'Reilly).
d287f51e 6296 - Fixed memory leaks in pconn.c (Max Okumoto).
0866009b 6297 - Enhanced 'client' program with 'ping' behaviour (Ron Gomes).
272547b5 6298 - Fixed InvokeHandlers() from calling memCopy() for ALL
6299 store_client's with callbacks. A store_client might be reading
6300 from disk.
5a2d610b 6301 - Rewrote storeMaintainSwapSpace(). No longer will we scan one
272547b5 6302 bucket at a time. Instead we'll maintain a single LRU
6303 list. When an object is 'touched' we move it to the
6304 top of this list. When we need disk space, we delete
6305 from the bottom.
5a2d610b 6306 - Removed storeGetSwapSpace().
f5b8bbc4 6307
871f0b8a 6308Changes to squid-1.2.beta1 ():
6309
6310 - Reworked storage manager to not keep objects in memory during
6311 transit. In other words, no separate NOVM distribution.
6312 - Lots of cleanup and debugging for beta release.
6313 - Use snprintf() everywhere instead of sprintf().
6314 - The 'in_memory' hash table has been replaced with a
6315 doubly-linked list. New objects are added to the head of
6316 the list. When memory space is needed, old objects are
6317 purged from the tail of the list.
6318
0edfe7a2 6319Changes to squid-1.2.alpha7 ():
6320
c4958532 6321 - fixes fixes fixes.
6322 - Made Arjan's PROXY_AUTH ACL patch standard.
0edfe7a2 6323
8905b90c 6324Changes to squid-1.2.alpha6 ():
6325
6684fec0 6326 - Simpler cacheobj implementation.
6605655c 6327 - persistent connection histogram
8872e1f8 6328 - SERVER-SIDE PERSISTENT CONNECTIONS:
6474667e 6329 - Added pconn.c
6330 - Addec Cofig.Timeout.pconn; default 120 seconds
6331 - Added httpState->flags
6332 - Added flags arg to httpBuildRequestHeader()
6333 - Added HTTP_PROXYING and HTTP_KEEPALIVE flags
6334 - Added 'Connection' to allowed HTTP headers (http-anon.c)
8872e1f8 6335 - Added 'Proxy-Connection' to allowed HTTP headers
6336 (http-anon.c)
a7736231 6337 - Merged proxyhttpStart() with httpStart() and created
8872e1f8 6338 new httpBuildState().
6339 - New httpPconnTransferDone() detects end-of-data on
6340 persistent connections.
6684fec0 6341
88738790 6342Changes to squid-1.2.alpha5 ():
6343
6344 - New configuration system. Everything is generated from
6345 'cf.data.pre', including the main parser, setting defaults,
6346 outputting current values, and freeing memory.
6347 This also involved moving some of the local data structures
6348 (e.g. struct _acl *AclList in acl.c) to the Config
6349 structure. (Max Okumoto)
6350 - No more '/i' for regular expressions. Now insert a '-i'
6351 to switch to case-insensitive. Use '+i' for case-sensitive.
6352 - When you have a variable named the same as its type, sizeof()
6353 gets the wrong one (fde).
6354 - Need to flush unbuffered logs before fork().
6355 - Added two fields swap log: refcount and e->flag.
6356 - Removed all the .h files for each .c file. Now #include stuff
6357 is in either: defines.h, enums.h, typedefs.h, structs.h,
6358 or protos.h, globals.h. This greatly reduces dependencies
6359 between the various source files.
6360 - globals.c is generated from globals.h by a Perl script.
8ee3ca2c 6361 - Started customizable error texts.
88738790 6362
97f674c8 6363Changes to squid-1.2.alpha4 ():
6364
ec973719 6365 - New MIME configuration, regular expression based
6366 - Added request_timeout config option
6367 - Multiple HTTP sockets (Lincoln Dale).
6368 - Moved 'fds_are_n_free' check to httpAccept().
6369 - s/USE_POLL/HAVE_POLL/; make poll() default if available.
7e49f700 6370 - Changed storeRegister to use offsets and make immediate
6371 callbacks if appropriate.
6372 - Removed icpDetectClientClose(). Some of that functionality
6373 goes into clientReadRequest() and the rest into
6374 httpRequestFree().
b1b387d1 6375 - Moved IP lookups to commConnect stuff.
6376 - Added support for retrying connect().
858164fc 6377 - New inline debug() macro (David Luyer).
e174e0fe 6378 - Replace frequent gettimeofday() calls with alarm(3) based
6379 clock. Need to add more gettimeofday() calls to get back
a59968c7 6380 high-resolution timestamp logging (Andres Kroonmaa).
0153d498 6381 - Added support for Cache-control: proxy-revalidate;
6382 based on squid-1.1 patch from Mike Mitchell.
ec973719 6383
3b08d32d 6384Changes to squid-1.2.alpha3 ():
6385
6386 - Implemented persistent connections between clients and squid.
6387 - Moved various FD tables (comm.c, fdstat.c, disk.c) to a single
6388 table in fd.c.
6389 - Removed use of FD as an identifier in certain callback
6390 operations (ipcache, fqdncache).
6391 - General code cleanup.
6392 - Fixed typedefs for callback functions.
6393 - Removed FD lifetime/timeout dichotomy. Now we only have
6394 timeouts, however the lifetime concept/keyword may still
6395 linger in certain places.
6396 - Change Makefile 'realclean' target to 'distclean'
6397 - Changed config file parsing of time specifications to use
6398 parseTimeLine().
6399 - Removed storetoString.c
6400
6401Changes to squid-1.2.alpha2 ():
74cebec0 6402
6403 - Merged squid-1.1.9, squid-1.1.10 changes
6404
7b41ec97 6405Changes to squid-1.2.alpha1 ():
6406
6407 - Unified peer selection algorithm.
75e88d56 6408 - aiops.c and aiops.h are a threaded implementation of
6409 asynchronous file operations (Stewart Forster).
6410 - async_io.c and async_io.h are complete rewrites of the old
6411 versions (Stewart Forster).
6ad85e8a 6412 - Rewrote all disk file operations of squid to support
75e88d56 6413 the idea of callbacks except where not required (Stewart
6414 Forster).
75e88d56 6415 - Background validation of 'tainted' swap log entries (Stewart
6416 Forster).
6417 - Modified storeWriteCleanLog to create the log file using the
6418 open/write rather than fopen/printf (Stewart Forster).
6419 - Added the EINTR error response to handle badly interrupted
6420 system calls (Stewart Forster).
6ad85e8a 6421 - UDP_HIT_OBJ not supported, removed.
6422 - Different sized 'cache_dirs' supported.
75e88d56 6423
e924600d 6424==============================================================================
Mirror of https://github.com/squid-cache/squid.git