]>
Commit | Line | Data |
---|---|---|
bf611e3a AJ |
1 | Changes to squid-3.5.0.2 (31 Oct 2014): |
2 | ||
3 | - Fix FTP socket opening during reconfigure | |
4 | - ... and all changes from 3.4.9 | |
5 | - ... and some build errors in rarely used code | |
6 | - ... and several documentation updates | |
7 | ||
e0dbeeb6 AJ |
8 | Changes to squid-3.5.0.1 (17 Oct 2014): |
9 | ||
10 | - Port from 2.7: redirector and logging urlgroup feature | |
11 | - Bug 4093: source-maintenance.sh bad perl -i option | |
12 | - Bug 3608: per-service name for workers UDS sockets | |
13 | - Bug 2554: 32-bit wrap in AUFS counters | |
14 | - Bug 1961 pt1: URL handling redesign | |
15 | - Bug 1202 pt1: documentation for refresh_pattern algorithms | |
16 | - Update Squid boilerplate copyright/license | |
17 | - Update the http(s)_port directives protocol= parameter | |
18 | - Update forward_max_tries to permit 25 server paths | |
19 | - Update Kerberos library detection and build options | |
20 | - Support ACLs on ftp_epsv directive | |
21 | - Support >32KB objects in cache_dir rock storage | |
22 | - Support client connection annotation by helpers via clt_conn_tag=TAG | |
23 | - Support native FTP Relay | |
24 | - Support libgnugss Kerberos library | |
25 | - Support libecap v1.0 | |
26 | - Support SSL Peek and Splice feature | |
27 | - Support receiving PROXY protocol version 1 and 2 | |
28 | - Replace --enable-ssl build option with --with-openssl | |
29 | - Enable -n service name command line option for all Squid builds | |
30 | - Enable ICAP client by default | |
31 | - Fix configuration file parsing bugs, related to quoted strings | |
32 | - Fix Windows MinGW build errors | |
33 | - Fix multiple TCP outgoing TOS/DiffServ bugs | |
34 | - Fix Cygwin /etc/resolv.conf parsing | |
35 | - Fix crash when sending %ssl::cert_subject to external ACL w/o certificate | |
36 | - Fix crash reading malformed config files | |
37 | - Send selected SSL version and cipher to the certificate validation helper | |
38 | - Validate server certificates without bumping | |
39 | - Add zero-copy string buffer support | |
40 | - Add automated squid.conf parser testing with squid -k parse | |
41 | - Add adaptation_service ACL | |
42 | - Add logformat code %tS to log transaction start time | |
43 | - Add logformat code %>rd to log client URL domain name | |
44 | - Add key_extras to proxy authentication | |
45 | - Add url_rewrite_extras and store_id_extras directives | |
46 | - Add send_hit and store_miss directives | |
47 | - Add collapsed_forwarding directive | |
48 | - Add sslproxy_cert_sign_hash directive | |
49 | - Add SMP SSL session cache | |
50 | - Add cache_peer standby connections | |
51 | - Add helper ext_delayer_acl | |
52 | - Add TCP_TUNNEL log code for CONNECT tunnels which are not SSL-bumped | |
53 | - Add BUILDCXX and BUILDCXXFLAGS configure options for cross-compile | |
54 | - Remove COSS storage in favour of Rock storage | |
55 | - Remove dnsserver and external DNS helper API in favour of mDNS | |
56 | - Remove broken mallinfo() accounting and memory tracing | |
57 | - Remove hierarchy_stoplist in favour of always_direct | |
58 | - Deprecate tag ACL type in favour of note ACL type | |
59 | - Deprecate urlgroup feature in favour of note ACL type | |
60 | - HTTP/1.1: method names are case-sensitive | |
61 | - HTTP/1.1: register new headers from RFC 723x | |
62 | - squidclient: polish and update help display | |
63 | - squidclient: support TLS with GnuTLS 3.1.5+ | |
64 | - squidclient: support verbosity levels | |
65 | - squidclient: --ping mode module support | |
66 | - url_fake_rewrite: support concurrency | |
67 | - storeid_file_rewrite: support concurrency | |
68 | - digest_file_auth: support concurrency | |
69 | - digest_edirectory_auth: support concurrency | |
70 | - digest_ldap_auth: support concurrency | |
71 | - ... and many error page translation updates | |
72 | - ... and much code cleanup and polishing | |
73 | ||
bf611e3a AJ |
74 | Changes to squid-3.4.9 (31 Oct 2014): |
75 | ||
76 | - Regression fix: ext_kerberos_ldap_group_acl typo in 3.4.7 update | |
77 | - Bug 4102: sslbump cert contains only a dot character in key usage extension | |
78 | - Bug 4093: source-maintenance.sh errors and warnings due to wrong tools/options | |
79 | - Bug 4088: memory leak in external_acl_type helper with cache=0 or ttl=0 | |
80 | - Bug 4024: Bad host/IP ::1 when using IPv4-only environment | |
81 | - Bug 3803: ident leaks memory on failure | |
82 | - kerberos_ldap_group/cert_tool: Remove ksh dependency | |
83 | - ... and some automated code style updates | |
84 | - ... and some documentation updates | |
85 | ||
bd6c316a AJ |
86 | Changes to squid-3.4.8 (15 Sep 2014): |
87 | ||
88 | - Fix off by one in SNMP subsystem | |
89 | - pinger: Fix various ICMP handling issues | |
90 | ||
abc809ce AJ |
91 | Changes to squid-3.4.7 (28 Aug 2014): |
92 | ||
93 | - Regression Fix: Kerberos LDAP authorizing groups with principle subdomain | |
94 | - Bug 4080: worker hangs when client identd is not responding | |
95 | - Bug 3966: Add KeyEncipherment when ssl-bump substitues RSA for EC | |
96 | - HTTP/1.1: Ignore Range headers with unidentifiable byte-range values | |
97 | - SSL-bump: Use v3 for fake certificate if we add _any_ certificate extension | |
98 | - Enable compile-time override for MAXTCPLISTENPORTS | |
99 | - ntlm_sspi_auth: Fix various build errors | |
100 | - negotiate_wrapper: Fix build issues with non-portable vfork() | |
101 | - negotiate_sspi_auth: Portability fixes for MinGW | |
102 | - ext_lm_group_acl: Portability fixes for MinGW | |
103 | - ... and several minor memory leaks | |
104 | ||
7f089ae4 AJ |
105 | Changes to squid-3.4.6 (25 Jun 2014): |
106 | ||
107 | - Regression: segmentation fault logging with %tg format specifier | |
108 | - Bug 4065: round-robin neighbor selection with unequal weights | |
109 | - Bug 4056: assertion MemPools[type] from netdbExchangeStart() | |
110 | - Bug 4050: segmentation fault in CommSelectEngine::checkEvents on helper response | |
111 | - Fix segmentation fault setting up server SSL connnection | |
112 | - Fix hanging Non-HTTPS connections on SSL-bump enabled port | |
113 | - Fix Cache Manager actions listed more than once | |
114 | - ... and many minor memory leaks | |
115 | - ... and several portability build issues | |
116 | - ... and some documentation updates | |
117 | ||
51a22544 AJ |
118 | Changes to squid-3.4.5 (02 May 2014): |
119 | ||
120 | - Regression Bug 4051: inverted test on CONNECT payload existence | |
121 | - Regression Fix: order dependency between cache_dir and maximum_object_size | |
122 | - Fix logformat %note display | |
123 | - Resolve 'dying from an unhandled exception: c' | |
124 | ||
445d8733 AJ |
125 | Changes to squid-3.4.4.2 (23 Apr 2014): |
126 | ||
51a22544 | 127 | - version bump for packaging re-build with altered toolchain |
445d8733 | 128 | |
e6b41a35 AJ |
129 | Changes to squid-3.4.4.1 (23 Apr 2014): |
130 | ||
131 | - Regression Bug 4019: Cache digest exchange segmentation fault | |
132 | - Regression Bug 3982: EUI logging and helpers show blank MAC address | |
133 | - Bug 4047: Support Android builds | |
134 | - Bug 4043: Remove XMALLOC_TRACE and references to sbrk(2) | |
135 | - Bug 4041: Missing files in compat/Makefile.am | |
136 | - Bug 4014: Build failure with --disable-optimizations --disable-auth | |
137 | - Bug 3986: (partial) assertion due to incorrect error page buffer size | |
138 | - Bug 3955: Solaris EUI-48 lookup leaks FDs | |
139 | - Bug 3371: CONNECT with data sent at once loses data | |
140 | - C++11: Upgrade auto-detection to use the formal -std=c++11 | |
141 | - Crypto-NG: libnettle MD5 algorithm support | |
142 | - SSL-Bump: Fix Basic auth caching on bumped connections | |
143 | - Store-ID: Fix request URI when forwarding requests to peers | |
144 | - ... and fix several other build errors | |
145 | - ... and some documentation updates | |
146 | ||
d3b930ff AJ |
147 | Changes to squid-3.4.4 (09 Mar 2014): |
148 | ||
149 | - Bug 4029: intercepted HTTPS requests bypass caching checks | |
150 | - Bug 4001: remove use of strsep() | |
151 | - Bug 3186 and 3628: Digest authentication always sending stale=false for nonce | |
152 | - Fix stalled concurrent rock store reads | |
153 | - Fix helper ID number assignment | |
154 | - Fix build failures from CMSG related definitions | |
155 | - Fix build failures from libcompat unsafe.h protections | |
156 | - Copyright: Relicense helpers by Treehouse Networks Ltd. | |
157 | - ... and all bug fixes from 3.3.12 | |
158 | ||
a01166da AJ |
159 | Changes to squid-3.4.3 (02 Feb 2014): |
160 | ||
161 | - Bug 4008: HttpHeader warnOnError should be an int not a bool | |
162 | - Bug 4002: clang 3.4 unable to compile | |
163 | - Bug 3996: Malformed DNS reply leads to crash | |
164 | - Bug 3995: compile error on CentOS 5 with GCC 4.1.2 | |
165 | - Bug 3975: atomic detection cross-compilation failure | |
166 | - Bug 3971: "cannot aggregate mgr:client_list: cmd->profile != NULL" in SMP mode | |
167 | - Bug 3954: compile failure in CpuAffinity.cc | |
168 | - Bug 3927: tests/testRock fatal.cc required | |
169 | - Fix memory leak in peer Cache Digest exchange | |
170 | - Fix external_acl_type async loop failures | |
171 | - Fix destination IP address cycling | |
172 | - ... and a few polishing changes | |
173 | ||
441842f0 AJ |
174 | Changes to squid-3.4.2 (30 Dec 2013): |
175 | ||
176 | - Regression Bug 3980: FATAL ERROR due to max_user_ip -s option | |
177 | - Regression Fix: \-unescaping in quoted strings from helpers | |
178 | - Regression Fix: URL helper API bypassing on URL containing '=' character | |
179 | - Bug 3985: 60s limit introduced by balance_on_multiple_ip breaks bad IP recovery | |
180 | - Bug 3806: Caching responses with Vary header | |
181 | - Bug 3498: FTP PUT assertion | |
182 | - WCCPv2: Fix assertion 'Cannot convert non-IPv4 to IPv4' on FreeBSD | |
183 | - Enable concurrency by default for SSL certificate validator | |
184 | - ... and fix several build errors | |
185 | ||
12f64d19 AJ |
186 | Changes to squid-3.4.1 (09 Dec 2013): |
187 | ||
188 | - Bug 3935: Invalid pointer dereference when peeking at origin server certificate | |
189 | - Bug 3589: intercepted and ICAP modified request using a cache_peer | |
190 | - ... and several portability fixes | |
191 | - ... and some documentation updates | |
192 | ||
277afc6e AJ |
193 | Changes to squid-3.4.0.3 (01 Dec 2013): |
194 | ||
195 | - Bug 3941: Release notes error | |
196 | - Receive annotations from authentication and external ACL helpers | |
197 | - basic_nis_auth: Improved portability | |
198 | - ... and several documentation updates | |
199 | - ... and all bug fixes from 3.3.9, 3.3.10, 3.3.11 | |
200 | ||
2d011f52 | 201 | Changes to squid-3.4.0.2 (03 Oct 2013): |
ae2b6fc9 AJ |
202 | |
203 | - Regression Bug 3891: squid.conf parser errors in 3.4.0.1 | |
204 | - Regression Fix: re-disable MinGW C++11 support | |
205 | - Bug 3914: partial: make squidclient tool build cleanly with -Wconversion | |
206 | - Fix memory leak in refresh_pattern parsing | |
207 | - negotiate_kerberos_auth: upgrade to present group= keys | |
208 | - Handle NTLM helper returning OK without user= value | |
209 | - Add dns_multicast_local to control mDNS operation | |
210 | - Add --disable-arch-native build option | |
211 | - Display Build-Info in cache manager info report | |
212 | - ... and all changes from squid 3.3.9 | |
213 | - ... and some code and debug output polishing | |
214 | ||
14561e1c | 215 | Changes to squid-3.4.0.1 (29 Jul 2013): |
13db7eef AJ |
216 | |
217 | - Port from 2.7: StoreURL (renamed Store-ID) support | |
218 | - Bug 3795: fix several mistakes in the MIB file | |
219 | - Bug 3793: configure: improved helper detection | |
220 | - Bug 3722: Invalid markup in Armenian hy ERR_ONLY_IF_CACHED_MISS | |
221 | - Bug 3676: Support GCC 4.7 with -Wshadow option | |
222 | - Bug 3643: NTLM helpers stuck in reserved state by Safari | |
223 | - Bug 3389: Auto-reconnect for tcp access_log | |
224 | - Bug 2066: squid does not do chdir() after chroot() | |
225 | - Fix uninitialized fields in IcapLogEntry | |
226 | - Fix a number of minor issues detected by Coverity Scan | |
227 | - Fix some potential memory leaks detected by Coverity Scan | |
228 | - Fix 64-bit support for Intel compiler suite (ICC) and other similar compilers | |
229 | - Fix ACL matching algorithm to avoid repeating tests | |
230 | - basic_pam_auth: Add -r option to strip NTLM/Negotiate domain from username | |
231 | - squidpurge: fix META TLV parsing issues | |
232 | - squid.conf: enforce all the directive and option names are lower-case | |
233 | - Support EUI on HTTPS and FTP data connections | |
234 | - Support OK/ERR/BH response codes from any helper | |
235 | - Support No-lookup flag (-n) on DNS ACLs | |
236 | - Support -march=native compiler optimization by default | |
237 | - Support forwarding intercepted but not bumped connections to cache_peers | |
0bbaae54 | 238 | - Support IPv6 NAT interception on Linux and some BSD |
13db7eef AJ |
239 | - Deprecate log_icap and log_access configuration directives |
240 | - HTTP/1.1: improved method invalidation and cacheability detection | |
241 | - HTTP/1.1: support length configuration for pipeline_prefetch queue | |
242 | - Improved TPROXY support for OpenBSD and FreeBSD | |
0bbaae54 | 243 | - Add storeid_file_rewrite helper to perform Store-ID rewrites from a rules file |
13db7eef AJ |
244 | - Add all-of and any-of ACL types for grouping sets of ACL tests |
245 | - Add note directive for transaction annotations | |
246 | - Add %note log format for transaction annotation logging | |
247 | - Add note ACL type for matching annotated transactions with by annotation name or value | |
248 | - Add kv-pair support to URL-rewrite/redirector interface | |
249 | - Add SSL server certificate validator interface, helper and result cache | |
250 | - Add SSL server certificate fingerprint ACL type | |
251 | - Add spoof_client_ip access control | |
252 | - Add pt-bz (Belize Portuguese) dialect to translations | |
253 | - ... and many Windows portability changes (still incomplete) | |
254 | - ... and many documentation changes | |
255 | - ... and much code cleanup and polishing | |
988a7fba | 256 | |
abc809ce AJ |
257 | Changes to squid-3.3.13 (28 Aug 2014): |
258 | ||
259 | - Fix segmentation fault setting up server SSL connnection | |
260 | - HTTP/1.1: Ignore Range headers with unidentifiable byte-range values | |
261 | ||
d3b930ff AJ |
262 | Changes to squid-3.3.12 (09 Mar 2014): |
263 | ||
264 | - Regression Bug 3769: client_netmask not evaluated since Comm redesign | |
265 | - Bug 4026: Fix SSL and adaptation_access handling of aborted connections | |
266 | - Bug 3969: Fix credentials caching for Digest authentication | |
267 | - Bug 3806: Caching responses with Vary header | |
268 | - Fix umask default on crash report generated email | |
269 | - Fix pthread library detection on FreeBSD 10 | |
270 | - Avoid assertions on Range requests that trigger Squid-generated errors. | |
271 | ||
277afc6e AJ |
272 | Changes to squid-3.3.11 (01 Dec 2013): |
273 | ||
274 | - Regression Bug 3936: error-details.txt parse error with OpenSSL since 3.3.9 | |
275 | - Bug 3972: Segfault when getting the deny_info page ID after a reconfigure | |
276 | - Bug 3970: max_filedescriptors disabled due to missing setrlimit | |
277 | - Bug 3967: ipc/Kid.cc compilation failure: 'time' was not declared in this scope | |
278 | - Bug 3960: DEAD cache_peer are not revived | |
279 | - Bug 3956: xstrndup: tried to dup a NULL pointer | |
280 | - Bug 3906: Filedescriptor leaks in SNMP | |
281 | - Bug 3782: Digest authentication not obeying nonce_max_count | |
282 | - HTTP/1.1: Make header parser obey relaxed_header_parser | |
283 | - HTTP/1.1: Re-compute Range response content offset after an FTP response was adapted | |
284 | - SMP: Replace blocking sleep(3) and close UDS socket on failures | |
285 | - Windows: fix several compile errors | |
286 | ||
c663cc36 AJ |
287 | Changes to squid-3.3.10 (03 Nov 2013): |
288 | ||
289 | - Bug 3929: request_header_add not working for tunnel requests | |
290 | - Bug 3923: cbdata and undefined behavior due to dynamic runtime enumeration | |
291 | - Bug 3918: Self Test Failures on Mac OS X 10.8 | |
292 | - Bug 3887: tcp_outgoing_tos not working for IPv6 | |
293 | - Bug 3836: Fix issues with automake 1.13+ and make check | |
294 | - Bug 3480: StoreEntry::kickProducer() segfaults in store_client::copy() | |
295 | - Fix pinning hierarchy log information | |
296 | - Fix close idle client connections associated with closed idle pinned connections. | |
297 | - Fix cbdata 'error: expression result unused' errors | |
298 | - Avoid "hot idle": A series of rapid select() calls with zero timeout. | |
299 | - Append Connection:close to OPTIONS requests when icap_persistent_connections is off | |
300 | - ntlm_fake_auth: pass DOMAIN data to Squid in original case | |
301 | - kerberos_ldap_group: fix LDAP string duplication | |
302 | - Use IPv6 localhost nameserver on DNS configuration errors | |
303 | - Add cache_miss_revalidate | |
304 | - ... and several portability improvements | |
305 | ||
db01c30c AJ |
306 | Changes to squid-3.3.9 (11 Sep 2013): |
307 | ||
308 | - Regression Bug 3077: off-by-one error in Digest header decoding | |
309 | - Bug 3895: fix acl_uses_indirect_client and cache_peer_access | |
310 | - Bug 3879: assertion failed ConnStateData::validatePinnedConnection | |
311 | - Bug 3863: myportname acl causes segmentation fault | |
312 | - Bug 3849: Duplicate certificate sent when using https_port | |
313 | - Bug 2287: Better fix for unsupported HTTP version handling | |
314 | - Bug 2112: Reload into If-None-Match | |
315 | - Fix several assert with side effects in ICAP/eCAP response handling | |
316 | - Fix myportname ACL on ICAP/eCAP transactions | |
317 | - Fix external ACL user:pass detail logging after adaptation | |
318 | - Fix SMP mgr:info report 'Largest file desc currently in use' | |
319 | - Handle infinite certificate validation loops caused by OpenSSL Bug 3090. | |
320 | - Improved compatibility with gcc 4.8, clang and icc | |
321 | - Show number of available filedescriptors when reserved FD changes | |
322 | - Sync with newest OpenSSL error codes | |
323 | - Register Http2-Settings header | |
324 | - ... and many Windows portability fixes | |
325 | ||
8dbafb10 AJ |
326 | Changes to squid-3.3.8 (13 Jul 2013): |
327 | ||
328 | - Bug 3869: assertion failed: MemBuf.cc:272: size < capacity | |
329 | - Improved handling of port values in Host: header validation | |
330 | ||
2fea9d2b AJ |
331 | Changes to squid-3.3.7 (11 Jul 2013): |
332 | ||
333 | - Bug 3297: Fix openSSL related build failures | |
334 | - Fix build on FreeBSD 9.x platform with clang | |
335 | - Protect against buffer overrun in DNS query generation | |
336 | ||
1a39473b AJ |
337 | Changes to squid-3.3.6 (01 Jul 2013): |
338 | ||
339 | - Bug 3854: pt1: compile errors on AIX | |
340 | - Bug 3802: Fix wrong check inside Format::Format::assemble | |
13db7eef | 341 | - Bug 3762: remove bogus WARNING in cache.log |
1a39473b AJ |
342 | - Bug 3717: assertion failed with dstdom_regex with IP based URL |
343 | - Bug 1991: kqueue causes SSL to hang | |
344 | - Ask for SSL key password when started with -N but without sslpassword_program | |
345 | - Make sure %<tt includes all [failed] connection attempts | |
346 | - Support HTTP reply ACLs in icap_log and log_icap | |
347 | - Fix incorrect external_acl_type codes | |
348 | - Fix ICAP logging request headers and segmentation faults | |
349 | - ... and some documentation polish | |
350 | ||
9c7aeeb8 AJ |
351 | Changes to squid-3.3.5 (20 May 2013): |
352 | ||
353 | - Bug 3851: Delay Pool class 5 tag:levels displayed incorrectly in cache manager | |
354 | - Bug 3845: http_port tcpkeepalive= option fails parsing | |
355 | - Bug 3840: assertion failed 'sde' in UFS cache loading | |
356 | - Bug 3836: make check failures with automake-1.13 | |
357 | - Bug 3827: Remove AccessLogEntry::cache.authuser | |
358 | - Bug 3816 pt2: SSL_get_certificate call inside Ssl::verifySslCertificate crashes | |
359 | - Bug 3780: cachemgr.cgi: output problem in HTTP Header Statistics | |
360 | - Bug 3759: OpenSSL compilation error on stock Fedora17, RHEL, CentOS 6 systems | |
361 | - Bug 3744: squid terminated: FATAL: Bungled (null) line 3: sslproxy_cert_sign signTrusted all | |
362 | - Port from 2.6: external acl %ACL and %DATA tags | |
363 | - Update copyright on SN.png | |
364 | - ... and several minor memory leaks | |
365 | - ... and some documentation polish | |
366 | ||
988a7fba AJ |
367 | Changes to squid-3.3.4 (27 Apr 2013): |
368 | ||
369 | - Bug 3831: basic_ncsa_auth Blowfish and SHA support | |
370 | - Bug 3816: SSL_get_certificate call inside Ssl::verifySslCertificate crashes | |
371 | - Bug 3794: MacOS: workaround compiler errors and case-insensitivity | |
372 | - Bug 3781: Proxy Authentication not sent to cache_peer | |
373 | - Bug 3720 pt1: SourceLayout: shuffle fd_table definition into fde.h | |
374 | - Bug 3720 pt2: Add missing include in /dev/poll I/O module | |
375 | - Bug 3674: Improve compiler detection, better support warnings-as-errors on clang | |
376 | - Add support for TPROXY on BSD | |
377 | - Fix SSL Bump bypass for intercepted traffic | |
378 | - Fix memory leaks in ConnStateData pinning | |
379 | - Fix external_acl.cc "inBackground" assertion on queue overloads | |
380 | - CacheMgr: fix missing column separator in helper stats | |
381 | - OpenBSD: libpthreads requires OpenBSD 5.2 or later | |
382 | - ... and lots of documentation updates | |
383 | - ... and all changes from squid 3.2.10 | |
384 | ||
40c973aa AJ |
385 | Changes to squid-3.3.3 (12 Mar 2013): |
386 | ||
387 | - Bug 3720: Add missing include in /dev/poll I/O module (pt2) | |
388 | - ... and all changes from squid 3.2.9 | |
389 | ||
d4dc9eea AJ |
390 | Changes to squid-3.3.2 (02 Mar 2013): |
391 | ||
392 | - Bug 3781: Proxy Authentication not sent to cache_peer | |
393 | - Bug 3794: MacOS: workaround compiler errors | |
394 | - Bug 3720: Compile error in Solaris /OpenIndiana | |
395 | - ... and all changes from squid 3.2.8 | |
396 | ||
21744e8b AJ |
397 | Changes to squid-3.3.1 (09 Feb 2013): |
398 | ||
399 | - Bug 3726: build errors with --disable-ssl | |
400 | - Propigate pinned connection persistency and closures to the client. | |
401 | - Mimic SSL certificate Key Usage and Basic Constraints | |
402 | - Fix segmentation fault on missing squid.conf values | |
403 | - ext_sql_session_acl: Fix hex decoding on UID | |
404 | - ... and some code polish | |
405 | - ... and a lot of documentation polish | |
406 | - ... and all changes from squid 3.2.7 | |
407 | ||
56eea3f2 AJ |
408 | Changes to squid-3.3.0.3 (09 Jan 2013): |
409 | ||
410 | - Bug 3729: 32-bit overflow in parsing 64-bit configuration values | |
411 | - Bug 3728: Improve debug for cache_dir | |
412 | - Additional fixes for CVE-2012-5643 / SQUID:2012-1 | |
413 | - kerberos_ldap_group: support multiple groups in squid.conf ACL definition | |
414 | - kqueue: update status from experimental to fully available net I/O method | |
415 | - ... and many memory leaks and potential bugs detected by Coverity Scan | |
416 | ||
bd4920ca AJ |
417 | Changes to squid-3.3.0.2 (03 Dec 2012): |
418 | ||
419 | - Support matching empty header field values using req_header and rep_header | |
420 | - ... and some minor code polish and input vaidations | |
421 | - ... and all changes from squid 3.2.4 | |
422 | ||
362d74b6 AJ |
423 | Changes to squid-3.3.0.1 (21 Oct 2012): |
424 | ||
425 | - Bug 3610: Add peername_regex ACL | |
426 | - Bug 3239: rename myip/myport as localip/localport | |
427 | - Bug 3130: helpers are crashing too rapidly | |
428 | - Add log_db_daemon SQL Database Logging Daemon | |
429 | - Add ext_time_quota_acl helper managing sessions by bandwidth usage | |
430 | - Add request_header_add option | |
431 | - Support C++11 features where possible | |
432 | - Support bump-ssl-server-first | |
433 | - Support mimic SSL server certificates | |
434 | - Remove --enable-ntlm-fail-open | |
435 | - Fix TLS/SSL Options does not apply to the dynamically generated certificates | |
436 | - Fix SslBump stuck after error | |
437 | - Polish: display ACL enumeration text in debugs | |
438 | - ... and many portability fixes for MacOS X, Windows and others | |
439 | - ... and many compile error fixes | |
440 | - ... and a very large amount of code polish for faster compilation | |
441 | ||
8dbafb10 AJ |
442 | Changes to squid-3.2.13 (13 Jul 2013): |
443 | ||
444 | - Bug 3869: assertion failed: MemBuf.cc:272: size < capacity | |
445 | - Improved handling of port values in Host: header validation | |
446 | ||
2fea9d2b AJ |
447 | Changes to squid-3.2.12 (11 Jul 2013): |
448 | ||
449 | - Protect against buffer overrun in DNS query generation | |
450 | - Avoid !closing assertions when helpers call comm_read during reconfigure. | |
451 | - Fix several minor memory leaks during reconfigure | |
452 | - Remove origin_tries limiter on forwarding and permit large max_forward_tries values | |
453 | ||
80c1bddb AJ |
454 | Changes to squid-3.2.11 (30 Apr 2013): |
455 | ||
456 | - Regression Bug 3839: build error: src/tools.h: No such file or directory | |
457 | - Update copyright on SN.png | |
458 | ||
988a7fba AJ |
459 | Changes to squid-3.2.10 (27 Apr 2013): |
460 | ||
461 | - Bug 3833: squidclient: Option '-k' is not present in man(1) page | |
462 | - Bug 3825: basic_ncsa_auth: segfaulting with glibc-2.17 | |
463 | - Bug 3822: Locate LDAP and SASL headers for BSD support | |
464 | - Bug 3817: Memory leak in SSL cert validate for alt_name peer certs | |
465 | - Bug 3774: 'squid -k reconfigure' drops rock cache | |
466 | - Bug 3565: Resuming postponed accept kills Squid | |
467 | - HTTP/1.1: partial support for no-cache and private controls with parameters | |
468 | - ssl_crtd: fix helpers dying during startup on ARM | |
469 | - GNU Hurd: define MAP_NORESERVE as no-op when missing | |
470 | - BSD: fix enter_suid/leave_suid build errors in ip/Intercept.cc | |
471 | ||
40c973aa AJ |
472 | Changes to squid-3.2.9 (12 Mar 2013): |
473 | ||
474 | - Regression fix: Accept-Language header parse | |
475 | - Bug 3673: Silence 'Failed to select source' messages | |
476 | - Fix authentication headers sent on peer digest requests | |
477 | - Fix build error on Solaris, OpenIndiana, Omnios | |
478 | ||
d4dc9eea AJ |
479 | Changes to squid-3.2.8 (02 Mar 2013): |
480 | ||
481 | - Bug 3767: tcp_outgoing_tos/mark ACLs do not obey acl_uses_indirect_client | |
482 | - Bug 3763: diskd Error: no filename in shm buffer | |
483 | - Bug 3752: objects that cannot be cached in memory are not cached on disk | |
484 | - Bug 3753: Removes the domain from the cache_peer server pconn key | |
485 | - Bug 3749: IDENT lookup using wrong ports to identify the user | |
486 | - Bug 3723: tcp_outgoing_tos/mark broken for CONNECT requests | |
487 | - Bug 3686: cache_dir max-size default fails | |
488 | - Bug 3515: crash in FtpStateData::ftpTimeout | |
489 | - Bug 3329: Quieten orphan Comm::Connection messages | |
490 | - Make squid -z for cache_dir rock preserve the rock DB | |
491 | - Fixed several server connect problems | |
02824360 AJ |
492 | - ... and some build issues on Solaris, OpenIndiana, MacOS X |
493 | - ... and some documentation and debugs polishing | |
d4dc9eea | 494 | |
54ccbeea AJ |
495 | Changes to squid-3.2.7 (01 Feb 2013): |
496 | ||
497 | - Bug 3736: Floating point exception due to divide by zero | |
498 | - Bug 3735: raw-IPv6 domain URLs crash if IPv6-disabled | |
499 | - Bug 3732: Fix ConnOpener IPv6 awareness | |
500 | - Bug 3729: 32-bit overflow in parsing 64-bit configuration values | |
501 | - Bug 3728: Improve debug for cache_dir | |
502 | - Bug 3687: unhandled exception: c when using interception and peers | |
503 | - Bug 3678: external acl grace period causes acl lookup failures | |
504 | - Bug 3567: Memory leak handling malformed requests | |
505 | - Bug 3111: Mid-term fix for the forward.cc "err" assertion | |
506 | - Support OpenSSL NO_Compression optio | |
507 | - Fix IPv6 enabled pinger on split-stack or IPv6-disabled systems | |
508 | - Fix "address.GetPort() != 0" assertion for helpers | |
509 | - ... and several minor memory leaks | |
510 | - ... and some cache.log message polishing | |
511 | ||
56eea3f2 AJ |
512 | Changes to squid-3.2.6 (09 Jan 2013): |
513 | ||
514 | - Regression Bug 3731: TOS setsockopt() requires int value | |
515 | - Regression Bug 3712: Rotating logs overwrites the previous log | |
516 | - Bug 3727: LLVM compile errors in kerberos_ldap_group | |
517 | - Bug 3650: Negotiate auth missing challenge token | |
518 | - Additional fixes for CVE-2012-5643 / SQUID:2012-1 | |
519 | ||
eeb80d48 AJ |
520 | Changes to squid-3.2.5 (10 Dec 2012): |
521 | ||
522 | - Bug 3698: Add missing include of errno.h | |
523 | ||
bd4920ca AJ |
524 | Changes to squid-3.2.4 (03 Dec 2012): |
525 | ||
526 | - Ported: urllogin ACL from squid 2.7 | |
527 | - Bug 3688: Lots of Orphan Comm:Connections to ICAP server | |
528 | - Bug 3677: Port un-pinning logic changes from squid 3.3 | |
529 | - Bug 3405: ssl_crtd crashes failing to remove certificate | |
530 | - ... and major bugs fixed in squid 3.1.22 | |
531 | - Fix accept_filter on Linux | |
532 | - Remove 'Bungled' warning on missing component directives | |
533 | - ... and many buffer and memory leak issues in the bundled helpers | |
534 | - ... and a small amount of code polishing | |
535 | ||
362d74b6 AJ |
536 | Changes to squid-3.2.3 (21 Oct 2012): |
537 | ||
538 | - Regression: SMP crashes on startup with workers > 1 | |
539 | - Bug 3655: pinning failure breaks NTLM and Negotiate authentication | |
540 | - SMP: Allow a UFS cache_dir entry to coexist with a shared memory cache entry | |
541 | - HTTP/1.1: honour Cache-Control before Pragma:no-cache | |
542 | - HTTP/1.1: Cache-Control compliance upgrade | |
543 | - Remove obsoleted refresh_pattern ignore-no-cache option | |
544 | - Fix IPv6 enabled squidclient | |
545 | - ... and several compile fixes | |
546 | ||
547 | Changes to squid-3.2.2 (06 Oct 2012): | |
a18ad4b5 AJ |
548 | |
549 | - Regression: Make login=PASS send no credentials when none available | |
550 | - Regression: Handle dstdomain duplicates and overlapping names better | |
551 | - Bug 3661: Segmentation fault when using more than 1 worker | |
552 | - Bug 3660: ACLFilledChecklist::fd set with wrong fd for sslproxy_cert_error | |
553 | - Bug 3658: ERR_ZERO_SIZE_OBJECT propagates out even after successful retry | |
554 | - Bug 3648: polish String class files | |
555 | - Bug 3647: parsing hier_code acl fails | |
556 | - Bug 3626: forwarding loops on intercepted traffic | |
557 | - Bug 3616: retrieve client connection for ACL checks from the related HttpRequest object | |
558 | - Bug 3609: several RADIUS helper improvements | |
559 | - Bug 3605: memory leak in Negotiate authentication | |
560 | - Fix small memory leak in src ACL parse | |
561 | - Fix maximum_single_addr_tries upgrade | |
562 | - Fix chunked encoding on responses carrying a Content-Range header. | |
563 | - Do not reuse persistent connections for PUTs to avoid ERR_ZERO_SIZE_OBJECT | |
564 | - ... and several compile errors | |
565 | ||
c72a2049 AJ |
566 | Changes to squid-3.2.1 (15 Aug 2012): |
567 | ||
568 | - Bug 3605: memory leak in peer selection | |
569 | - Bug 3478: better default handling without -DSTRICT_ORIGINAL_DST | |
570 | - ... and some documentation updates | |
571 | ||
a9eec4aa AJ |
572 | Changes to squid-3.2.0.19 (02 Aug 2012): |
573 | ||
574 | - Regression Bug 3580: IDENT request makes squid crash | |
575 | - Regression Bug 3577: File Descriptors not properly closed | |
576 | - Regression Bug 3478: Allow peer selection and connection auth on intercepted traffic | |
577 | - Regression Fix: Restore memory caching ability | |
578 | - Bug 3556 Workaround: epoll assertion failed: comm.cc:1093: isOpen(fd) | |
579 | - Bug 3551: store_rebuild.cc:116: "store_errors == 0" assertion | |
580 | - Bug 3525: Do not resend nibbled PUTs and avoid "mustAutoConsume" assertion. | |
581 | - Avoid bogus "Disk space over limit" warnings when rebuidling dirty ufs index | |
582 | - Support custom headers in [request|reply]_header_* manglers | |
583 | - ... and much code polishing | |
584 | ||
5cc53d80 | 585 | Changes to squid-3.2.0.18 (29 Jun 2012): |
f787354b AJ |
586 | |
587 | - Bug 3576: ICY streams being Transfer-Encoding:chunked | |
588 | - Bug 3537: statistics histogram leaks memory | |
589 | - Bug 3526: digest authentication crash | |
590 | - Bug 3484: Docs: sslproxy_cert_error example flawed | |
591 | - Bug 3462: Delay Pools and ICAP | |
592 | - Bug 3405: ssl_crtd crashes failing to remove certificate | |
593 | - Bug 3380: Mac OSX compile errors with CMSG_SPACE | |
594 | - Bug 3258: Requests hang when Host forgery verify fails | |
595 | - Bug 3186: Digest auth caches failed state without revalidating | |
596 | - Bug 2976: ERR_INVALID_URL for transparently captured requests when reconfiguring | |
597 | - Bug 2885: AIX: check and set required compiler flags | |
598 | - Fix ssl_crtd compile issues with libsslutil | |
599 | - Fix build with GCC 4.7 (and probably other C++11 compilers). | |
600 | - Fix double-escape of %R on deny_info redirect responses | |
601 | - Support status 308 Permanent Redirect | |
602 | - Support for TLSv1.1 and TLSv1.2 options and methods | |
603 | - Support passing external_acl_type credentials on ICAP | |
604 | - Language Updates: fr, hy, pt_BR | |
605 | - ... and many compile issues on Windows | |
606 | - ... and some minor code polish | |
607 | ||
5cc53d80 | 608 | Changes to squid-3.2.0.17 (12 Apr 2012): |
f949585d AJ |
609 | |
610 | - Bug 3527: EUI compile errors on Mac OS X 10.5.8 PPC | |
611 | - Bug 3509: kQueue compile error | |
612 | - Bug 3505: crash in CbcPointer<Comm::ConnOpener> constructor | |
613 | - Bug 3441: Part 3: Replace corrupted v1 swap.state with new v2 format. | |
614 | - Bug 3397: do not mark connection as opened until after SYN-ACK | |
615 | - Bug 3193: NTLM decoder truncating strings | |
616 | - Windows FD handling polish and some fixes | |
617 | - Solaris 9/10 various build fixes | |
618 | - ... and some more code polish | |
619 | ||
5cc53d80 | 620 | Changes to squid-3.2.0.16 (07 Mar 2012): |
488e6901 AJ |
621 | |
622 | - Bug 3508: Correct DNS timeout handling. | |
623 | - Bug 3503: DNS PTR queries timeout due to wrong QIDs. | |
624 | - Bug 3497: Bad ssl_crtd db size file causes infinite loop | |
625 | - Bug 3490: part 1: SegFault opening FTP active data connections | |
626 | - Bug 3490: Crash writing Apache Common and Referer/Useragent logs | |
c5426f8f | 627 | - Bug 3458: Icon Serving (squid-internal-static) Broken |
488e6901 AJ |
628 | - Bug 3457: Display TLS error details in ERR_SECURE_CONNECT_FAIL |
629 | - Bug 3381: 32-bit overflow assertion in StatHist | |
630 | - Bug 3324: loadFromFile: parse error while reading template file | |
631 | - Support sslpassword_program for ssl-bump HTTP ports | |
632 | - Support CoAP protocol coap:// and coaps:// URL schemes in HTTP requests | |
633 | - Retry requests that failed due to a persistent connection race | |
634 | - Log '-' on requests with no Referer or User-Agent headers | |
635 | - ... and several fixes related to in-transit object performance | |
636 | - ... and some structural design changes for portability | |
637 | ||
5cc53d80 | 638 | Changes to squid-3.2.0.15 (06 Feb 2012): |
f9329b54 AJ |
639 | |
640 | - Bug 3472: segfault with the message 'urlParse: URL too large' | |
641 | - Bug 3471: segfault when %la formating code used | |
642 | - Bug 3449: part 3: shm_open can fail with a mangled path | |
643 | - Bug 3449: part 4: shm_open failed (fixing memory_cache_shared defaults) | |
644 | - Bug 3448: 204 response problem in adaptation chains | |
645 | - Bug 3447: assertion failed: CommCalls.h:150: "dp" | |
646 | - Bug 3461: build regression in IPFilter NAT | |
647 | - Bug 3413: raise cbdata lock limits | |
648 | - Bug 3391: forwarded_for log functionality broken | |
649 | - Bug 3268: Squid cannot do anything else during ufs/diskd rebuild | |
650 | - Bug 3268: remove wrong 'Ready to serve requests.' message | |
651 | - Bug 2519: ssl_bump + Authentication (LDAP Digest) issues | |
652 | - Disable OpenSSL SSL/TLS bug workarounds by default | |
653 | - Send DNS A and AAAA queries in parallel | |
654 | - Cache Manager migration support | |
655 | - Allow service of internal requests over reverse-proxy ports | |
656 | - Fix trimMemory for unswappable objects | |
657 | - ... and several build and polish fixes | |
658 | ||
902bc38b AJ |
659 | Changes to squid-3.2.0.14 (12 Dec 2011): |
660 | ||
661 | - Bug 3433: Segfault closing SNMP | |
662 | - Bug 3420: Request body consumption races and !theConsumer exception. | |
663 | - Bug 3406: SSL Log Error in debug | |
664 | - Bug 3383: store.cc:1631: "new_status != IN_MEMORY" assertion | |
665 | - Bug 3383: unhandled exception: theGroupBSize > 0 | |
666 | - Bug 3377: assertion failed: store.cc:885: "store_status == STORE_PENDING" | |
667 | - Bug 3367: fix inverted check on host_strict_verify | |
668 | - Bug 3366: assertion comm.cc:1276: isOpen(fd) via CompositePoolNode::kickReads | |
669 | - Bug 3364: SNMP Orphans | |
670 | - Bug 3301: ERR_DNS_FAIL never shown | |
671 | - Bug 3150: do not start useless unlinkd | |
672 | - ext_session_acl: version 1.2 | |
673 | - Add adaptation_meta option | |
674 | - Add a mask on the qos_flows miss configuration value | |
675 | - Support intermediate CA in ssl-bump traffic certificates | |
676 | - Support SSL certificate failure details on error page | |
677 | - Fix flags for NAT intercept and TPROXY not set correctly | |
678 | - Fix fastCheck() default result on multi-line actions | |
679 | - Fix missing SMP shared memory statistics | |
680 | - Fix Comm::Write closing() assertion when retrying a failed UDP DNS query | |
681 | - ... and several other TCP and SMP support behaviour fixes | |
682 | - ... and many code polishing cleanups and fixed build errors | |
683 | - ... and several documentation polishings | |
684 | ||
8fe9e0a2 AJ |
685 | Changes to squid-3.2.0.13 (14 Oct 2011): |
686 | ||
687 | - Regression Bug 3363: never_direct always 'unable to forward this request at this time' | |
688 | - Regression Bug 3351: FTP timeout causing "store_status == STORE_PENDING" assertion | |
689 | - Regression Bug 3336: reconfigure assertion 'hlp->childs.n_running > 0' | |
690 | - Regression fix: always_direct/never_direct failures | |
691 | - Regression fix: stop an SSL header file being included after --disable-ssl | |
692 | - Regression fix: parse HTTP list headers with embedded 8-bit characters | |
693 | - Bug 3355: configure setting --with-swapdir ignored | |
694 | - Bug 3325: option to selectively enable strict host verify checks | |
695 | - Bug 3337: HTTP status 200 is not accepted for deny_info | |
696 | - Bug 3077: '\' in url query strings cause Digest authentication to fail | |
697 | - Support SMP worker shared memory cache | |
698 | - Support SMP worker shared disk cache (rock) | |
699 | - ext_session_acl: version 1.1 | |
700 | - Fix Host verify: do not pinn destination IP if URL re-write has been done | |
701 | - Fix IPF interception | |
702 | - Fix ssl_crtd "Cannot add certificate to db" when updating expired cert | |
703 | - Fix ssl_crtd CertificateDB locking scheme | |
704 | - ... and all changes from 3.1.16 | |
705 | - ... and many compile and polishing fixes | |
706 | ||
f96fd18d AJ |
707 | Changes to squid-3.2.0.12 (17 Sep 2011): |
708 | ||
709 | - Regression Bug 3335: ICAP service is down | |
710 | - Regression Bug 3322: adapt:: and icap:: format codes do not parse | |
711 | - Regression Bug 3303: Support for non-English usernames in log files | |
712 | - Regression Bug 3259: assertion failed: Connection.cc:29: 'fd<0' after REVIVED PARENT | |
713 | - Regression: %I shows hostname on SSL error page | |
714 | - Regression: FTP outgoing port always 'in use' on PASV connections | |
715 | - Bug 3337: (partial) status 200 is not accepted for deny_info | |
716 | - Bug 3319: Inconsistencies in error messages | |
717 | - Bug 3281: pconn in-use while closing assertion | |
718 | - Bug 3243: Fix cases: raw-IPv6, case variant FQDN, internal request | |
719 | - Fixed max-stale check. Entities not exceeding max-stale were marked as stale | |
720 | - Adjust format code %la for intercepted connections | |
721 | - Log ICAP_ERR_GONE ICAP transaction outcome when ICAP initiator disappears early | |
722 | - Send RST packet when closing an ICAP connection after a transaction error | |
723 | - Support maximum field width for string access.log fields | |
724 | ||
2284b7f7 AJ |
725 | Changes to squid-3.2.0.11 (28 Aug 2011): |
726 | ||
727 | - Bug 3243: CVE-2009-0801 Bypass of browser same-origin access control | |
728 | - Host: authority validation of intercepted destination IP | |
729 | - Host: authority validation of request URL | |
730 | - Host: authority validation of CONNECT tunnel destination | |
731 | - Preserve client destination IP in intercepted communication | |
732 | - Regression Bug 3316: Failed to connect to nameserver using TCP | |
733 | - Regression Bug 3311: segmentation fault in getMyPort() with only intercept port set | |
734 | - Regression Bug 3310: %<pt translates as %<p | |
735 | - Regression Bug 3301: ERR_DNS_FAIL never shown (partial) | |
736 | - Regression Bug 3288: %<la and %<lp not displaying | |
737 | - Bug 3289: cache manager parameters not parsed without password | |
738 | - Bug 2279: Log Format options to log server source IP and port | |
739 | - Bug 3211: ssl_crtd start even if no ssl-bump port is configured | |
740 | - Bug 3138: squidclient mgr:objects/mgr:vm_objects never ends | |
741 | - Bug 3118: ecap_enable on forces icap_enable on | |
742 | - Bug 3107: ncsa_auth DES silently truncates passwords to 8 bytes | |
743 | - Default to vhost for accelerator mode (reverse proxy) | |
744 | - Display HTTP protocol syntax at section 11 level 2 | |
745 | - Support for using custom keys in CARP parents | |
746 | - Optimize regular expression ACLs | |
747 | - ... and a lot of code portability fixes | |
748 | - ... and all bugs and polish changes from 3.1.15 | |
749 | ||
3ff024ec AJ |
750 | Changes to squid-3.2.0.10 (24 Jul 2011): |
751 | ||
752 | - Port from 2.7: act-as-origin for reverse proxy ports | |
753 | - Regression fix: broken --disable-ipv6 | |
754 | - Regression fix: negative cacheing on unknown or -1 expiry timestamp | |
755 | - Regression fix: vhost and defaultsite causing vport to be ignored | |
756 | - Regression fix: several errors in persistent connection handling | |
757 | - Regression Bug 3280: allow max-size unset and min-size=N for large objects | |
758 | - Regression Bug 3245: reconfigure assertion in MemPools[type] | |
759 | - Regression Bug 3274: assertion failed: CommCalls.h:144: "dp" | |
760 | - Regression Bug 3273: assertion comm.cc:775: Comm::IsConnOpen(conn) | |
761 | - Regression Bug 3269: cache.log applyQueryParams messages | |
762 | - Regression Bug 3264: Segmentation Fault in src/ipc/Strand.cc(54) receive: 3 | |
763 | - Regression Bug 3246: assertion client_side.cc:1407 connIsUsable(http->getConn()) | |
764 | - Bug 3267: workers IPC mount points disobey --localstatedir | |
765 | - Bug 3248: login=NEGOTIATE sends wrong auth header to origin peers | |
766 | - Bug 3247: Domain from URL Stripped when going through peers | |
767 | - Bug 3244: wrong port for peer relayed requests | |
768 | - Bug 3195: kerberos_ldap_group will not build without kerberos | |
769 | - Bug 2862: add http(s):// support to cache manager | |
770 | - kerberos_ldap_group: several fixes to -S option | |
771 | - ssl_crtd: Add man(8) file | |
772 | - ... and several pieces of code cleanup and polishing. | |
773 | - ... and most bug fixes and updates from 3.1.14 and 3.1.15 | |
774 | ||
6d44d1e9 AJ |
775 | Changes to squid-3.2.0.9 (18 Jun 2011): |
776 | ||
777 | - Bug 3159: delay pools --disable-auth compile problems | |
778 | - HTTP/1.1: Support multiline quoted-string header fields | |
779 | - HTTP/1.1: Send 505 Unsupported Version on mangled version codes | |
780 | - Support configurable and translated SSL error details messages | |
781 | - Add log format codes for split client/server views of HTTP request line | |
782 | - Major upgrade of TCP connection handling | |
783 | - Support split-stack IPv6 to servers | |
784 | - Support persistent connections with tcp_outgoing_address/tcp_outgoing_tos | |
785 | - Optimized persistent connection handling | |
786 | - Optimized FTP data connection handling | |
787 | - Optimized TCP failure recovery | |
788 | - ... and all bug fixes and updates from 3.1.12.3 | |
789 | - ... and many code polish, documentation and translation cleanups | |
790 | ||
65f2789a AJ |
791 | Changes to squid-3.2.0.8 (30 May 2011): |
792 | ||
793 | - Bug 3214: "helperHandleRead: unexpected read from ssl_crtd" errors. | |
794 | - Bug 3043: Properly detect Iphlpapi.h on windows | |
795 | - Bug 2055: Honor ICAP Max-Connections | |
796 | - Fix NTLM/Negotiate reply auth PASSTHRU to peers | |
797 | - Support SSL SNI to origin servers | |
798 | - Add %EXT_LOG and %EXT_TAG external_acl_type format options | |
799 | - Add %b tag for proxy listening port display in error pages | |
800 | - Optimize base64 encoding/decoding | |
801 | - Require libcap before enabling netfilter MARK support | |
802 | - Require libtool 2.2 | |
803 | - Bundle pkg.m4 from pkg-config 0.25 for OS without pkg-config | |
804 | - ... and all bug fixes and updates from 3.1.12.2 | |
805 | - ... and some documentation and code polishing | |
806 | ||
065f7779 AJ |
807 | Changes to squid-3.2.0.7 (19 Apr 2011): |
808 | ||
809 | - Regression fix: NTLM and Negotiate auth assertion "RefCountCount() == 2" | |
810 | - Regression fix: icons/ FHS compliance | |
811 | - Regression fix: Startup aborts with URL error when --disable-htcp | |
812 | - Bug 3192: comm.cc:216: "fd_table[fd].halfClosedReader != NULL" | |
813 | - Add negotiate_wrapper_auth version 1.0.1 | |
814 | - Fixed %dt logging in the presence of REQMOD | |
815 | - Fixed chunked request forwarding in ICAP REQMOD presence | |
816 | - ... all bug fixes and updates from 3.1.12.1 | |
817 | - ... many code polishings and display cleanups | |
818 | ||
7d9ce496 AJ |
819 | Changes to squid-3.2.0.6 (04 Apr 2011): |
820 | ||
821 | - Regression fix: upgrade existing icons | |
822 | - Regression fix: dont crash when accessing an SSL certificate with errors | |
823 | - Regression fix: prevent stdio log module segfaults on rotate | |
824 | - Regression fix: shutdown properly even if a worker process crashes on exit | |
825 | - Regression Bug 3159: (partial fix) ICAP and --disable-auth compile problems | |
826 | - Bug 3170: "Unsupported or unconfigured/inactive proxy-auth scheme" on shutdown | |
827 | - Bug 3105: malformed Proxy-Authorization leaks memory | |
828 | - Bug 3007: CONNECT to cache_peer returns 000 status code | |
829 | - Bug 2885: Compile errors on AIX | |
830 | - Support parameterized Cache Manager queries | |
831 | - Support libecap v0.2.0; fixed eCAP body handling and logging | |
832 | - Support dynamic adaptation plans that cover multiple vectoring points | |
833 | - Support %D details for documented OpenSSL errors | |
834 | - Support logging of all transactions including those with uncertain status or no sent response | |
835 | - Updrate negotiate_kerberos_auth to version 3.0.4sq | |
836 | - Update ext_kerberos_ldap_group_acl to version 1.3.0sq | |
837 | - Update ext_edirectory_userip_acl to version 2.1 | |
838 | - Convert dns_timeout and dns_retransmit_interval directives to use millisecond resolution | |
839 | - Change the default dns_timeout value from 2 minutes to 30 seconds | |
840 | - Fix TCP log stream flushing on every line | |
841 | - ... all bug fixes and updates from 3.1.12 | |
842 | - ... a great many compiler portability fixes | |
843 | - ... many code polishings and display cleanups | |
844 | ||
850ff99f AJ |
845 | Changes to squid-3.2.0.5 (12 Feb 2011): |
846 | ||
847 | - Regression Fix: profiler should not be built by default | |
848 | - Regression Bug 3081: assertion failed: AsyncCallQueue | |
849 | - Regression Bug 2948: Requests for FTP active downloads cause failed assertion | |
850 | - Bug 3089: FTP command output overrides directory listing | |
851 | - Bug 2870: --disable-auth does not work | |
852 | - Bug 2586: multiple memory leaks during reconfigure | |
853 | - Bug 2581: FTP directory listing sometimes fails | |
854 | - Port from 2.7: maximum staleness limits | |
855 | - HTTP/1.1: Support RFC 5861 Cache-Control: stale-if-error option | |
856 | - HTTP/1.1: Support configurable status codes for deny_info | |
857 | - Support upcoming "fresh message creation" eCAP API | |
858 | - Aggregate SNMP responses when using SMP with multiple workers | |
859 | - Several more Solaris, Windows and ICC support fixes | |
860 | - ... all bug fixes and updates from 3.1.11 | |
861 | - ... and more code cleanup shufflings | |
862 | - ... and several documentation updates | |
863 | ||
834d2128 AJ |
864 | Changes to squid-3.2.0.4 (22 Dec 2010): |
865 | ||
866 | - Port 2.x: cache_dir min-size setting | |
867 | - Bug 3059: Crash on digest auth headers with unknown nonce | |
868 | - Fix cachemgr reported HTTP/ICP requests/messages per minute when multiple workers used | |
869 | - Fix cachemgr mem-pools reporting | |
870 | - Add Dynamic SSL certificate generation | |
871 | - Add useragent, referer, combined built-in log formats | |
872 | - Obsolete log_fqdn directive | |
873 | - Obsolete useragent/referer/forward_log directives | |
874 | - HTTP/1.1: Send 1.1 on CONNECT responses | |
875 | - Updated Kerberos support for newer GSSAPI releases | |
876 | - Improve handling of adapted body delivery failures in REQMOD request satisfaction mode | |
877 | - Improve handling of early eCAP transaction failures | |
878 | - Various ext_edirectory_acl fixes | |
879 | - ... all bug and feature fixes included in 3.1.10 release | |
880 | - ... and a lot of code and documentation polishing | |
881 | ||
1664edf4 | 882 | Changes to squid-3.2.0.3 (07 Nov 2010): |
b40d9a33 AJ |
883 | |
884 | - Regression fix: SMP broke ICP outgoing IP lookup if no udp_outgoing_addr set | |
885 | - Regression fix: ESI processing of Surrogate filter | |
1664edf4 | 886 | - Bug 3091: bypassed ICAP errors are not counted as service failures |
b40d9a33 | 887 | - Bug 3048: "commio_has_callback(fd, IOCB_READ, ccb)" assertion. |
1664edf4 | 888 | - Bug 3038: Detatch libmisc from libcompat |
b40d9a33 AJ |
889 | - Bug 3028: Permit wbinfo_group.pl to authenticate Kerberos users with NT domain |
890 | - Bug 3002: store initialization (-z) does not work with SMP configs | |
891 | - Bug 2999: v2.0 of ext_edirectory_userip_acl | |
892 | - Bug 2785: DNS needs to set EDNS options advertising Squid capabilities | |
893 | - Bug 595: Add %err_code and %err_detail logformat codes for transaction failures | |
894 | - HTTP/1.1: support If-Match and If-None-Match requests | |
895 | - HTTP/1.1: forward 1xx control messages to clients that support them | |
896 | - HTTP/1.1: send Age:0 header even if it may break IE5 | |
897 | - HTTP/1.1: dechunk incoming requests and chunk outgoing requests | |
898 | - HTTP/1.1: entry is stale if request has max-age=0 | |
899 | - HTTP/1.1: harden quoted-string parser | |
900 | - Add --enable-build-info for extra "squid -v" display | |
901 | - Add --with-swapdir=PATH to override default /var/cache/squid | |
902 | - Add cpu_affinity_map directive to bind workers to CPU cores | |
903 | - Add Netfilter MARK support for QoS | |
904 | - Add upgrade process for obsolete options | |
905 | - Add support for RFC 2965 Set-Cookie2 / Cookie2 headers | |
906 | - Add support for client send bandwidth limits (a.k.a., quota or delay pool) | |
907 | - Fixes Eui48 support on OpenBSD | |
908 | - Fixes cache manager support with SMP configs | |
909 | - ... several documentation updates | |
910 | - ... all bug and feature fixes included in 3.1.9 release. | |
911 | - ... many more code polishes and leak removals | |
912 | ||
dee6a922 AJ |
913 | Changes to squid-3.2.0.2 (04 Sep 2010): |
914 | ||
915 | - Bug 3015: assertion failed: comm.cc:143: "ccb->active()" | |
916 | - Support rotating logs from cachemgr and squidclient | |
917 | - Support Kerberos authentication in squidclient | |
918 | - Add manual page for negotiate_kerberos_auth | |
919 | - Add helper ext_kerberos_ldap_group_acl to lookup Kerberos/NTLM group via LDAP | |
920 | - Add tool 'purge' for management of UFS/AUFS/DiskD caches (experimental) | |
921 | - Added log options %http::<bs and %icap::<bs | |
922 | - Collapse HTCP cache_peer options into one setting | |
923 | - Improved request smuggling attack detection. Tolerating valid benign HTTP | |
924 | - ... and several HTTP/1.1 compliance improvements | |
925 | - ... and all improvements in 3.1.7 and 3.1.8 | |
926 | ||
6be4a9a8 AJ |
927 | Changes to squid-3.2.0.1 (03 Aug 2010): |
928 | ||
929 | - Port from 2.7: Logging infrastructure updates | |
930 | - Port from 2.7: Unique sequence number per log line | |
931 | - Port from 2.6: STORE_META_OBJSIZE swapout storage type | |
932 | - Bug 2792: tcp_outgoing_addr does not work with TPROXY | |
933 | - Bug 2631: refresh_pattern store-stale option | |
934 | - Bug 2305: Multiple leaks and assertion crashes in authentication | |
935 | - Bug 1239: Much needed ACL type random | |
936 | - Bug 7: (partial): Migrate on-disk objects to cache_mem on hit/refresh and update | |
937 | - Support full Surrogate/1.0 protocol extensions to HTTP for reverse-proxies | |
938 | - Support SMP for essential non-caching functionality | |
939 | - Support logging over TCP | |
940 | - Support Solaris 10 pthreads (experimental) | |
941 | - Support Kerberos login to peers | |
942 | - Support EUI / MAC in more environments | |
943 | - Support format tags in deny_info URLs | |
944 | - Support running helpers on-demand instead of all at startup | |
945 | - Support fully transparent login=PASSTHRU of authentication headers to peers | |
946 | - Support multi-lingual localised FTP directory listings | |
947 | - Support TPROXYv4 spoofing of X-Forwarded-For client address | |
948 | - Support ICAP 206 Partial Content extension | |
949 | - Append the _ABORTED or _TIMEDOUT suffixes to the action access.log field | |
950 | - Add ACL support to range_offset_limit | |
951 | - Add helpers for url_rewrite | |
952 | - Add helper multiplexer for concurrency emulation with legacy helpers | |
953 | - Add Perl library which facilitates parsing access logfile entries. | |
954 | - Add a simple script to summarise traffic use per user | |
955 | - Add templates for captive portal proxy configuration instructions | |
956 | - Add logging of the local TCP port used by transactions with HTTP servers | |
957 | - Update mswin_check_ad_group to version 2.0 | |
958 | - Update squid_kerb_auth helper to version 3.0.2 | |
959 | - Remove double-language error page hack (replaced by locale auto-negotiation) | |
960 | - Remove TPROXYv2 support (replaced by TPROXYv4) | |
961 | - Remove no_check.pl NTLM helper (replaced by ntlm_fake_auth) | |
962 | - Re-work ./configure script for smarter auto-detect and early error checks | |
963 | - Auto-enable all features by default | |
964 | - Workaround com_err.h C++ brokenness triggered by OpenSSL includes | |
965 | - Helpers naming scheme | |
966 | - Add support for write timeouts | |
967 | - Modify icap_service_failure_limit option to forget old ICAP errors | |
968 | - Updated man(8) manuals including several additions and translations | |
969 | - ... and a great many code cleanups | |
970 | - ... and a great many testing improvements | |
971 | - ... and many documentation updates | |
972 | ||
56eea3f2 AJ |
973 | Changes to squid-3.1.23 (09 Jan 2013): |
974 | ||
975 | - Additional fixes for CVE-2012-5643 / SQUID:2012-1 | |
976 | ||
bd4920ca AJ |
977 | Changes to squid-3.1.22 (03 Dec 2012): |
978 | ||
979 | - Bug 3685: Squid hangs in Delay Pools ClassCBucket::update | |
980 | - Bug 3659: read_timeout problem with HTTPS | |
981 | - Bug 3654: Fix IPv6 enabled squidclient | |
982 | - Bug 3189: AIO thread race on pipe() initialization | |
983 | - cachemgr.cgi: Memory Leaks and DoS Vulnerability | |
984 | ||
4c73ceb8 AJ |
985 | Changes to squid-3.1.21 (23 Sep 2012): |
986 | ||
987 | - Bug 3622: peerClearRRStart scheduling multiple events | |
988 | - Bug 3615: configure check for default max number of FDs is broken | |
989 | - Bug 3607: --enable-auth documented default action incorrect | |
990 | - Bug 3593: socket failure: Address family not supported by protocol | |
991 | - Bug 3584: Detection of setresuid() is broken | |
992 | - Bug 3568: Consolidate external_acl_type config dumping and add missing %% | |
993 | - Bug 3564: eCAP not supporting CoAP URI schemes | |
994 | - Bug 3484: Docs: sslproxy_cert_error example flawed | |
995 | - Bug 3462: Delay Pools and ICAP | |
996 | - Bug 3133: better fix: Memory leak handling requests for sites that don't exist | |
997 | - Bug 2976: ERR_INVALID_URL for transparently captured requests when reconfiguring | |
998 | - Silence IOS 15.1 unknown capabilities messages. | |
999 | - Account for Store disk client quota when bandwidth-limiting the server. | |
1000 | - ... and several documentation fixes | |
1001 | - ... and several compile fixes | |
1002 | ||
5cc53d80 | 1003 | Changes to squid-3.1.20 (08 Jun 2012): |
dd8d2619 AJ |
1004 | |
1005 | - Regression Bug 3545: FreeBSD dnsserver segfaults | |
1006 | - Regression Bug 3504: clientside_tos fails to mark traffic | |
1007 | - Bug 3539: CONNECT server connection not closed correctly on errors | |
1008 | - Bug 3502: client timeout uses server-side read_timeout, not request_timeout | |
1009 | - Bug 3466: Adaptation stuck on last single-byte body piece | |
1010 | - Bug 3463: dnsserver fails to compile | |
1011 | - Bug 3439: correct external_acl_type documented default for ipv4/ipv6 option | |
1012 | - Bug 3390: Proxy auth data visible to scripts | |
1013 | - Bug 3263: ssl_crtd: undefined references to squid_curtime | |
1014 | - Bug 3233: Invalid URL accepted with url host is white spaces | |
1015 | - Bug 3133: Memory leak handling requests for sites that don't exist | |
1016 | - Bug 3074: Improper URL handling with empty path (RFC 3986) | |
1017 | - Bug 3013: segmentation fault on shutdown commSetCloseOnExec at comm.cc:1889 | |
1018 | - Regression: snmp/udp address directives not resolving hostname | |
1019 | - Better helper-to-Squid buffer size management. | |
1020 | - Support CoAP over HTTP (coap:// and coaps:// URLs) | |
1021 | - Support for 3.2 error template codes | |
1022 | ||
5cc53d80 | 1023 | Changes to squid-3.1.19 (06 Feb 2012): |
f9329b54 AJ |
1024 | |
1025 | - Regression Bug 3441: part 2: Prevent further cache size corruption of swap.state | |
1026 | - Bug 3473: erase last uses of obsolete auth_user_hash_pointer | |
1027 | - Bug 3470: GCC 4.7 | |
1028 | - Bug 3442: assertion failed: external_acl.cc:908: ch->auth_user_request != NULL | |
1029 | - Bug 3441: part 1: Minimize cache size corruption by malformed swap.state | |
1030 | - Bug 3440: compile error in Adaptation | |
1031 | - Bug 3420: Request body consumption races and !theConsumer exception | |
1032 | - Bug 3370: external ACL sometimes skipping | |
1033 | - Bug 3085: Crash when parsing esi:include | |
1034 | - HTTP/1.1: do not add 110 and 111 Warnings to revalidated responses | |
1035 | - Fix SSL library dependency fixes | |
1036 | ||
339383cc AJ |
1037 | Changes to squid-3.1.18 (03 Dec 2011): |
1038 | ||
1039 | - Regression: compile error in FTP | |
1040 | ||
c218b24d AJ |
1041 | Changes to squid-3.1.17 (03 Dec 2011): |
1042 | ||
1043 | - Bug 3432: Crash logging FTP errors | |
1044 | - Bug 3428: Active FTP data channel accepted twice | |
1045 | - Bug 3423: access violation in URL parser | |
1046 | - Bug 3422: Buffer overflow in recv-announce | |
1047 | - Bug 3412: External ACL Uses Invalid Cache Entry | |
1048 | - Bug 3408: Wrong header length leads to EFAULTs when creating UFS swap.log.new | |
1049 | - Bug 3398: persistent server connection closed after PUT/DELETE | |
1050 | - Bug 3299: dnsserver: various undefined references | |
1051 | - Bug 3077: '\' in url query strings cause Digest authentication to fail | |
1052 | - Bug 2910: MemBuf may grow beyond max_capacity | |
1053 | - Bug 2619: Excessive RAM growth due to unlimited adapted body data consumption | |
1054 | - Bug 1243: Build overrides configured AR setting | |
1055 | - Avoid crashes when processing bad X509 common names (CN). | |
1056 | - Support %% in external ACL format | |
1057 | - ... and several other compile error fixes | |
1058 | - ... and several documentation fixes | |
1059 | ||
8fe9e0a2 AJ |
1060 | Changes to squid-3.1.16 (14 Oct 2011): |
1061 | ||
1062 | - Bug 3373: invalid URL in ERR_CACHE_ACCESS_DENIED | |
1063 | - Bug 3368: Unhandled exceptions are not logged (workaround) | |
1064 | - Bug 3326: miss_access incorrect default | |
1065 | - Bug 3320: miss_access description confusing | |
1066 | - Bug 3241: squid_kerb_auth cross compilation fix | |
1067 | - Bug 3237: seq fault in free() from rfc1035RRDestroy | |
1068 | - Bug 3190: Large HTTP POST stuck after early ICAP 400 error response | |
1069 | - db_auth: display available DSN drivers on connect error | |
1070 | - Updated OpenSSL 1.0.0 version checks | |
1071 | - ... and several documentation fixes | |
1072 | ||
2f954743 AJ |
1073 | Changes to squid-3.1.15 (28 Aug 2011): |
1074 | ||
1075 | - Regression fix: vhost and defaultsite causing vport to be ignored | |
2284b7f7 | 1076 | - Regression Bug 3295: broken escaping in rfc1738_do_escape |
2f954743 AJ |
1077 | - Bug #3232: fails to compile with OpenSSL v1.0.0 |
1078 | - Bug #3222: cache_peer name is not logging on CONNECT | |
1079 | - Bug #3131: fd_table[fd].closing() assert from ConnStateData::noteMoreBodySpaceAvailable() | |
1080 | - Bug #3217: "!fd_table[fd].closing()" from ServerStateData::noteMoreBodySpaceAvailable | |
1081 | - Bug #3213: https sites (CONNECT) not open when using NTLM | |
1082 | - Bug #3114: Memory leak in SSL certificate verify code | |
1083 | - Bug #3107: ncsa_auth DES silently truncates passwords to 8 bytes | |
1084 | - Bug #2662: cf_gen failure when cross compiling | |
1085 | - Bug #2655: passing wrong the username to the url_rewrite_program | |
1086 | - Bug #2495: ignore whitespace prefix on config lines | |
1087 | - Bug #2051: 'default' cache_peer option does not match documentation | |
1088 | - Bug #1842: Optimize order of tests in peerWouldBePinged() and peerHTTPOkay() | |
1089 | - Bug #1791: timestampsSet does not validate Date: if server sends very old date | |
1090 | - Correct parsing of large Gopher indexes | |
1091 | - Enable negative cacheing on unknown or -1 expiry timestamp | |
2284b7f7 | 1092 | - Remove hierarchy_stoplist default value |
2f954743 AJ |
1093 | - Migrate cf_gen tool from C-style to C++ |
1094 | - ... and several documentation and compiler warning fixes | |
1095 | ||
04f5e27a AJ |
1096 | Changes to squid-3.1.14 (04 Jul 2011): |
1097 | ||
1098 | - Regression Bug 3261: Could not create a DNS socket and exit | |
1099 | ||
e074e5be AJ |
1100 | Changes to squid-3.1.13 (01 Jul 2011): |
1101 | ||
1102 | - Regression Bug 3239: problems with myip/myport upgrade | |
1103 | - Bug 3153: hung ICAP RESPMOD transactions | |
1104 | - Update ssl_crtd to use 'OK' status inline with other helpers | |
1105 | ||
6d44d1e9 AJ |
1106 | Changes to squid-3.1.12.3 (18 Jun 2011): |
1107 | ||
1108 | - Bug 3236: Port of %oa, %<lp and %<lp and %<la log format options | |
1109 | - Bug 3214: unexpected read from ssl_crtd | |
1110 | - Bug 3153: Prevent ICAP RESPMOD transactions getting stuck with the adapted body | |
1111 | - Fix RADIUS helper resource leak | |
1112 | - Fix segfault parsing digest auth realm | |
1113 | - Fix segfault in parse_eol() | |
1114 | - Fixed bypass of SSL certificate validation errors | |
1115 | - Warn about myip/myport problems on interception proxies | |
1116 | - Polish: display easily grepped config lines on -k parse | |
1117 | - Fix squidclient -V option and allow non-HTTP protocols to be tested | |
1118 | ||
65f2789a AJ |
1119 | Changes to squid-3.1.12.2 (30 May 2011): |
1120 | ||
1121 | - Bug 3226: Tags from external ACLs do not correctly expire | |
1122 | - Bug 3215: Malformed IPv6 DNS reverse lookup | |
1123 | - Bug 3209: ssl-bumped requests forwarded unencrypted to the parent proxies/caches | |
1124 | - Bug 3205: SSL-bump starts then hangs | |
1125 | - Bug 3178: gcc-4.6 complains unused variables | |
1126 | - Bug 3122: Unknown record type in WCCPv2 Packet (6) | |
1127 | - Bug 2965 (partial): Compile errors on MinGW | |
1128 | - Fix to only ssl-bump CONNECT requests if they are about to be tunneled | |
1129 | - Fix cache manager display of -i/+i in regex ACL config display | |
1130 | - Fix cache manager display of cache_peer options userhash and sourcehash | |
1131 | - Fix URL re-writer loosing many transaction details | |
1132 | - Fix always-true comparison in ICAP for some 32-bit platforms | |
1133 | - Support for 'slow' group ACLs in ssl_bump access control | |
1134 | - Support OpenSSL 1.0.0 built without SSLv2 | |
1135 | - Support GCC 4.6 and binutils-gold | |
1136 | - Add CSS id attribute to BODY tag of generated error pages. | |
1137 | - Display WARNING and ERROR when max_filedescriptors has failed | |
1138 | ||
065f7779 AJ |
1139 | Changes to squid-3.1.12.1 (19 Apr 2011): |
1140 | ||
1141 | - Port from 3.2: Dynamic SSL Certificate generation | |
1142 | - Bug 3194: selinux may prevent ntlm_smb_lm_auth from using /tmp | |
1143 | - Bug 3185: 3.1.11 fails to compile on OpenBSD 4.8 and 4.9 | |
1144 | - Bug 3183: Invalid URL accepted with url host part of only '@' | |
1145 | - Display ERROR in cache.log for invalid configured paths | |
1146 | - Cache Manager: send User-Agent header from cachemgr.cgi | |
1147 | - ... and many portability compile fixes for non-GCC systems. | |
1148 | ||
7d9ce496 AJ |
1149 | Changes to squid-3.1.12 (04 Apr 2011): |
1150 | ||
1151 | - Regression fix: Use bigger buffer for server reads. | |
1152 | - Regression fix: Add reply_header_replace directive for ability lost since 2.7 | |
1153 | - Bug 3181: /dev/poll fails to build on Solaris with GCC 4.5.0 | |
1154 | - Bug 3177: assertion failed: comm.cc:1583: "fd >= 0" | |
1155 | - Bug 3175: IPv6 PTR lookup crashes on raw-IP URLs when IPv6 disabled | |
1156 | - Bug 3173: Assertion bodyPipe!=NULL on SslBump CONNECT response writing failure | |
1157 | - Bug 3164: Total memory info display 32-bit overflows | |
1158 | - Bug 3155: Werror is hard-coded in libTrie build | |
1159 | - Bug 3151: squid_kerb_auth: use autoconf LIBS instead of FLAGS for library linkage | |
f787354b | 1160 | - Bug 2976: invalid URL on intercepted requests during reconfigure (workaround) |
7d9ce496 AJ |
1161 | - Bug 2720: comment in same line as cache/mem_replacement_policy causes error |
1162 | - Bug 2621: Provide request headers to RESPMOD when using cache_peer. | |
1163 | - Bug 2330: AuthUser objects are never unlocked | |
1164 | - Prevent CONNECT request relaying to origin servers | |
1165 | - squidclient HTTP/1.1 compliance updates (Pragma and User-Agent headers) | |
1166 | - squidclient: send Cache Manager password using -w | |
1167 | - eCAP: give full Request-URI to adapters | |
1168 | - ... and several debug and error display cleanups | |
1169 | ||
d88ad4db AJ |
1170 | Changes to squid-3.1.11 (08 Feb 2011): |
1171 | ||
1172 | - Bug 3149: not caching eCAP adapted body | |
1173 | - Bug 3144: redirector program blocks while reading STDIN | |
1174 | - Bug 3140: memory leak in error page generation | |
1175 | - Bug 3137: RADIUS auth helper does not send identifier to RADIUS server | |
1176 | - Bug 3115: logging segfaults if access_log is set to a directory | |
1177 | - Bug 2968: Show the Vary: headers information in cachemgr objects report | |
1178 | - Bug 2959: remove SAMBAPREFIX dependency | |
1179 | - Bug 2868: icc doesn't like string literal in assert checks | |
1180 | - HTTP/1.1: Send 307 status on deny_info redirection | |
1181 | - HTTP/1.1: Support POST/PUT with no body | |
1182 | - HTTP/1.1: Allow persistent connections for Mozilla/3.0 User-Agents | |
1183 | - Support RFC 5861 Cache-Control: stale-if-error option | |
1184 | - Add ftp_eprt directive to disable EPRT extensions in FTP | |
1185 | - Fix external_acl_type grace=0 to obey TTL | |
1186 | - Fix IP/FQDN cache accounting to avoid idle caches on busy servers | |
1187 | - Prevent pipeline_prefetch misconfigurations breaking NTLM/Negotiate auth | |
1188 | - ... and some documentation updates and corrections | |
1189 | - ... and some portability and stability fixes | |
1190 | ||
834d2128 AJ |
1191 | Changes to squid-3.1.10 (22 Dec 2010): |
1192 | ||
1193 | - Bug 3121: memory leak in DigestAuth: AuthUser object is locked twice | |
1194 | - Bug 3113: Consuming too much memory when uploading files | |
1195 | - Bug 3110: 'reply_body_max_size none' does not work with x-forwarded-for | |
1196 | - Bug 3096: Consuming too much memory when delaying traffic | |
1197 | - Bug 3091: Bypassed ICAP errors are not counted as service failures | |
1198 | - Bug 3090: Polish FTP login error handing | |
1199 | - Bug 3068: cache_dir capacity and usage overflows | |
1200 | - Bug 3028: Permit wbinfo_group.pl to authenticate Kerberos users with NT domain | |
1201 | - Bug 427: HTTP Compliance: Support If-Match and If-None-Match requests | |
1202 | - Fix memory leak in adaptation_access | |
1203 | - Fix /dev/poll and poll() selection priority | |
1204 | - Fix PREFIX/var/run creation during install | |
1205 | - Fix cachemgr http_port config report display | |
1206 | - Add upgrade help process for obsolete options | |
1207 | - Accept RFC 2965 Set-Cookie2 / Cookie2 headers as 'known' | |
1208 | - HTTP/1.1: entry is stale if request has max-age=0 | |
1209 | - HTTP/1.1: do not forward TRACE with Max-Forwards: 0 after REQMOD | |
1210 | - Toolchain update to support newer auto-tools | |
1211 | - ... and updated error page translations | |
1212 | - ... and updated documentation | |
1213 | - ... and some code optimization/simplification polish | |
1214 | ||
e2f4c66a AJ |
1215 | Changes to squid-3.1.9 (25 Oct 2010): |
1216 | ||
1217 | - Bug 3088: dnsserver is segfaulting | |
1218 | - Bug 3084: IPv6 without Host: header in request causes connection to hang | |
1219 | - Bug 3082: Typo in error message | |
1220 | - Bug 3073: tunnelStateFree memory leak of host member | |
1221 | - Bug 3058: errorSend and ICY leak MemBuf object | |
1222 | - Bug 3057: 64-bit Solaris 9 Squid unable to determine peer IP and port | |
1223 | - Bug 3056: comm.cc "!fd_table[fd].closing()" assertion crash when a helper dies | |
1224 | - Bug 3053: cache version 1 LFS support detection broken | |
1225 | - Bug 3051: integer display overflow | |
1226 | - Bug 3040: Lower-case domain entries from hosts and resolv.conf files | |
1227 | - Bug 3036: adaptation_access acls cannot see myportname | |
1228 | - Bug 3023: url_rewrite_program silently fails to rewrite on broken URLs | |
1229 | - Bug 2964: Prevent memory leaks when ICAP transactions fail | |
1230 | - Bug 2808: getRoundRobinParent not handling weights correctly | |
1231 | - Bug 2793: memory statistics sometimes display wrong | |
1232 | - Bug 2356: Port from 2.7: Solaris /dev/poll event ports support | |
1233 | - Bug 2311: crashes with ICAP RESPMOD for HTTP body size greater than 100kb | |
1234 | - Ensure /var/cache or jail equivalent exists on install | |
1235 | - HTTP/1.1: delete Warnings that have warning-date different from Date | |
1236 | - HTTP/1.1: do not remove ETag header from partial responses | |
1237 | - HTTP/1.1: make date parser stricter to better handle malformed Expires | |
1238 | - HTTP/1.1: improve age calculation | |
1239 | - HTTP/1.1: reply with a 504 error if required validation fails | |
1240 | - HTTP/1.1: add appropriate Warnings if serving a stale hit | |
1241 | - HTTP/1.1: support requests with Cache-Control: min-fresh | |
1242 | - HTTP/1.1: do not cache replies to requests with Cache-Control: no-store | |
1243 | - squidclient: Display IP(s) connected to in verbose (-v) display | |
1244 | - Fixes several issues with ICAP persistent connections | |
1245 | - Fixes small leaks in Netdb, DNS, ICAP, ICY, HTTPS | |
1246 | - ... and some cosmetic polishing | |
1247 | ||
dee6a922 AJ |
1248 | Changes to squid-3.1.8 (04 Sep 2010): |
1249 | ||
1250 | - Bug 3033: incorrect information regarding TOS | |
1251 | - Bug 3020: Segmentation fault: nameservers[vc->ns].vc = NULL | |
1252 | - Bug 3005,2972: Locate LTDL headers correctly (again) | |
1253 | - Bug 2872: leaking file descriptors | |
1254 | - Bug 2583: pure virtual method called | |
1255 | - Hardened DNS client against packet queue attacks | |
1256 | - Hardened HTTP request-line parser | |
1257 | - Several HTTP/1.1 support improvements | |
1258 | - Improved cross-compile support | |
1259 | - .. and several internal pointer safety fixes | |
1260 | ||
c3fe2798 | 1261 | Changes to squid-3.1.7 (23 Aug 2010): |
161ec538 | 1262 | |
c3fe2798 | 1263 | - Regression Bug 3021: Large DNS reply causes crash |
161ec538 | 1264 | - Regression Bug 3011: ICAP, HTTPS, cache_peer probe IPv4-only port fixes |
c3fe2798 | 1265 | - Regression Bug 2997: visible_hostname directive no longer matches docs |
161ec538 AJ |
1266 | - Bug 3012: deprecate sslBump and support ssl-bump spelling in http_port |
1267 | - Bug 3006: handle IPV6_V6ONLY definition missing | |
1268 | - Bug 3004: Solaris 9 SunStudio 12 build failure | |
1269 | - Bug 3003: inconsistent concepts in documentation of cache_dir | |
1270 | - Bug 3001: dnsserver link issues | |
1271 | - HTTP/1.1: default keep-alive for 1.1 clients (bug 3016) | |
1272 | - HTTP/1.1: Improved Range header field validation | |
1273 | - HTTP/1.1: Forward multiple unknown Cache-Control directives | |
1274 | - HTTP/1.1: Stop sending Proxy-Connection header | |
1275 | - Fix 32-bit wrap in refresh_pattern min/max values | |
1276 | - ... and several documentation corrections. | |
1277 | ||
aa844a33 AJ |
1278 | Changes to squid-3.1.6 (02 Aug 2010): |
1279 | ||
1280 | - Bug 2994, 2995: IPv4-only regressions | |
1281 | - Bug 2991: Wrong parameters to fcntl() in commSetCloseOnExec() | |
1282 | - Bug 2975: chunked requests not supported after regular ones | |
1283 | - Fix: 32-bit overflow in reported bytes received from next hop | |
1284 | - Fix Libtool build regressions | |
1285 | - Limited split-stack IPv6 support. | |
1286 | - squid_db_auth support MD5 encrypted passwords | |
1287 | ||
f41d79ba AJ |
1288 | Changes to squid-3.1.5.1 (28 Jul 2010): |
1289 | ||
1290 | - Update Libtool to 2.2. | |
1291 | - Bug 2985: search scope for digest_ldap_auth didn't work | |
1292 | - Bug 2972: LTDL 2.2.6b compile errors | |
1293 | - Bug 2963: Stop ignoring --with-valgrind-debug failures | |
1294 | - Bug 2885: AIX support: several fixes | |
1295 | - Bug 2651: crash handling NULL write callback | |
1296 | - Fixed several memory leaks related to Range requests | |
1297 | - Fixed Joomla DB auth handling | |
1298 | - Fixed SASL helper build checks | |
1299 | - Fixed several IPv6 portability problems | |
1300 | - Updated error page translations | |
1301 | ||
88aa2b05 | 1302 | Changes to squid-3.1.5 (02 Jul 2010): |
0e87db68 | 1303 | |
88aa2b05 AJ |
1304 | - Bug 2967: raw-IPv6 address URL with append_domain broken |
1305 | - Bug 2950: HTTP responses with no Date, L-M or Expires can now be cached | |
1306 | - Bug 2943: ICAP tokens not logged when using multiple access | |
1307 | - Bug 2937: Fails to detect chunked encoding if not given in all lower case | |
1308 | - Bug 2903: does not send indirect X-Client-Ip in ICAP respmod | |
7e6cdc23 | 1309 | - Fix free memory corruption and off-by-one error when comparing SNMP OIDs |
88aa2b05 AJ |
1310 | - Port from 2.7: max_filedescriptor config option |
1311 | - Fix persistent_connection_after_error is meant to be on by default | |
1312 | - ... and several build errors. | |
0e87db68 | 1313 | |
2d94c829 AJ |
1314 | Changes to squid-3.1.4 (30 May 2010): |
1315 | ||
1316 | - Bug 2933: Verification of the max. port number for WCCP2 dynamic service | |
1317 | - Bug 2924: RADIUS helper compile issues | |
1318 | - Bug 2922: Fix assertion failed: HttpHeader.cc: "Headers[id].stat.aliveCount" | |
1319 | - Bug 2919: tcp_outgoing_address ACLs not obeying acl_uses_indirect_client | |
1320 | - Bug 2896: Fix assertion failed: comm.cc:2063: "!fd_table[fd].closing()" | |
1321 | - Bug 2879: pt2: 3.0 regression in headers end finding | |
1322 | - Bug 2877: pt2: only output zero-size warning on reverse-proxy requests | |
1323 | - Bug 2876: FD_SETSIZE override not working on all linux distributions | |
1324 | - Bug 2810: common log format generates 2 lines of syslog | |
1325 | - Bug 2789: Optimize unlimited memory pools, and correctly handle limits over 2GB | |
1326 | - Bug 2753: Fall back on IPv4 if IPv6 is not present | |
1327 | - Bug 2697: Adaptation leaks and extra requests after reconfiguration | |
1328 | - Bug 2633: Fix Ecap::HeaderRep::value(name) fails when there is no named header field | |
1329 | - Change LDAP helpers to default to LDAP version 3 if available | |
1330 | - Add Joomla and Salted Hash support to squid_db_auth helper | |
1331 | - Fixed IpAddress port printing for ports higher than 9999 | |
1332 | - Disable chunked memory pooling by default. | |
1333 | - ... and several build errors. | |
1334 | ||
6808dbda AJ |
1335 | Changes to squid-3.1.3 (02 May 2010): |
1336 | ||
7e6cdc23 | 1337 | - Remove: Advertise 1.1 on replies to clients (broken chunked handling) |
6808dbda AJ |
1338 | - Fix tag ACL type not working |
1339 | ||
ca959baa AJ |
1340 | Changes to squid-3.1.2 (01 May 2010): |
1341 | ||
1342 | - Bug 2913: Fix DB auth warning in new perl version | |
1343 | - Bug 2904: Prevent automake creating incomplete files | |
1344 | - Bug 2899: Regression: Restore lost rfc1738_unescape() data type | |
1345 | - Bug 2895: Regression: TPROXY2 compile errors | |
1346 | - Bug 2879: Regression: headers end-finding | |
1347 | - Bug 2874: Accept literal IPv6 address in icap_service URL | |
1348 | - Bug 2860: Regression: WCCPv1 handshake | |
1349 | - Bug 2848: Pass TCP_RST to client on early disconnect | |
1350 | - Debian Bug 578047: Correct behaviour of --enable-ipv6 | |
7e6cdc23 AJ |
1351 | - HTTP/1.1: Advertise 1.1 on requests to servers |
1352 | - HTTP/1.1: Advertise 1.1 on replies to clients | |
ca959baa AJ |
1353 | - AIX / UNIX build fixes |
1354 | - Cygwin build fixes | |
1355 | - squidclient: -k option to test connection keep-alive or close | |
1356 | - Improved helper build for wider compatibility | |
1357 | - Ensure the PID file directory exists on install | |
1358 | ||
2ec34bd3 AJ |
1359 | Changes to squid-3.1.1 (29 Mar 2010): |
1360 | ||
1361 | - Bug 2873: undefined symbol | |
1362 | - Bug 2827: assertion in authentication | |
1363 | - Remove ufsdump binary from default builds | |
1364 | - Remove pinger from default startups | |
1365 | - ... and several documentation updates. | |
1366 | ||
e09692bd AJ |
1367 | Changes to squid-3.1.0.18 (14 Mar 2010): |
1368 | ||
1369 | - Regression Fix: IPv4-mapped prefix, broken in 3.1.0.16 | |
1370 | - Bug 2869: Remove unused external reference | |
1371 | - Bug 2866: Support OpenSSL 1.0 | |
1372 | - Bug 2813: Random unix_group crash at startup | |
1373 | - Send HTTP1.1 compliant 417 responses | |
1374 | - Associate external acl message with the request | |
1375 | - Various Digest parser fixes | |
1376 | - ... and all bug fixes from 3.0 up to 3.0.STABLE25 | |
1377 | ||
365d894c AJ |
1378 | Changes to squid-3.1.0.17 (24 Feb 2010): |
1379 | ||
1380 | - Regression Fix: Non-English error page UTF encoding | |
1381 | - Bug 2616: reduce IdleConnList::removeFD messages | |
1382 | - Bug 1843: multicast-siblings cache_peer option | |
1383 | - Port from 2.7: X509 certificate alias-domain handling | |
1384 | - Add adapted_http_access option | |
1385 | - NTLMv2 support for fake NTLM helper | |
1386 | ||
011dea45 AJ |
1387 | Changes to squid-3.1.0.16 (01 Feb 2010): |
1388 | ||
1389 | - Regression Fix: Make Squid abort on all config parse failures. | |
1390 | - Regression Bug 2811: SNMP client/peer table OID numbering | |
1391 | - Bug 2851: Connection pinning fails when using a peer | |
1392 | - Bug 2850: Mismatch in hier_code enum / hier_strings array | |
1393 | - Bug 2731: Add follow_x_forwarded_for support to ICAP | |
1394 | - Bug 2730: Regressions in follow_x_forwarded_for since Squid-2 | |
1395 | - Bug 2706: Set timestamps during ICAP request satisfaction. | |
1396 | - Bug 2553: X-Forwarded-For with IPv6 address not handled correctly | |
1397 | - Fix: WCCPv1 not connecting to router correctly | |
1398 | - Remove obsolete RunCache/RunAccel scripts. | |
1399 | - Add client_ip_max_connections | |
1400 | - Add the http::>ha format code and make http::>h log original request headers | |
1401 | - ... and all bug fixes from 3.0 up to 3.0.STABLE22 | |
1402 | - ... and many more minor build and display annoyances. | |
1403 | ||
ba641958 AJ |
1404 | Changes to squid-3.1.0.15 (23 Nov 2009): |
1405 | ||
1406 | - Regression Fix: myip ACL not accepted in config | |
1407 | - Bug 2795: acl arp lookups including port | |
1408 | - Bug 2794: ESI parsing fails on FreeBSD | |
1409 | - Bug 2778: fix linking issues using SunCC | |
1410 | - Bug 2724: eCAP build failure unless ICAP enabled | |
1411 | - Bug 2628: Correct default PID location to PREFIX/var/run/squid.pid | |
1412 | - Bug 2617: Performance degradation during processing list of dstdomain ACL's | |
1413 | - Bug 2374: Support ICY / ICEcast / SHOUTcast streaming protocol. | |
1414 | - Fix: 64-bit filesize issue in squidclient POST of large files | |
1415 | - Fix: send correct Connection: header on intercepted replies | |
1416 | - Support libtool 2.x | |
1417 | - ESI libraries libexpat and libxml2 now optional | |
1418 | - ESI support default enabled | |
1419 | - Bump libcap minimum requirement to libcap 2.09+ | |
1420 | - ARP / MAC support fixes for IPv6-mode | |
1421 | - Add outstanding IPv6 settings to squid.conf (localnet, localhost) | |
1422 | - ... and many additions to the background testing structure | |
1423 | - ... and very many minor build and code cleanups for non-GCC compilers. | |
1424 | ||
8f37469c AJ |
1425 | Changes to squid-3.1.0.14 (27 Sep 2009): |
1426 | ||
1427 | - Bug 2777: Various build issues on OpenSolaris | |
1428 | - Bug 2773: Segfault in RFC2069 Digest authentication | |
1429 | - Bug 2747: Compile errors on Solaris 10 | |
1430 | - Bug 2735: Incomplete -fhuge-objects detection | |
1431 | - Bug 2722: Fix http_port accel combined with CONNECT | |
1432 | - Bug 2718: FTP sends EPSV2 on IPv4 connection | |
1433 | - Bug 2648: stateful helpers stuck in reserved | |
1434 | - Bug 2570: wccp2 "Here I Am" announcements not sent in memory-ony mode | |
1435 | - Bug 2510: digest_ldap_auth uses incorrect logic with TLS | |
1436 | - Bug 2483: bind() called before connect() | |
1437 | - Bug 2215: config file line length limit (extended to 2 KB) | |
1438 | - Support Accept-Language: * wildcard | |
1439 | - Support autoconf 2.64 | |
1440 | - Support TPROXY for IPv6 traffic (requires kernel support) | |
1441 | - Support TPROXY cache cluster behind WCCPv2 | |
1442 | - Correct ESI support to work in multi-mode Squid | |
1443 | - Add 0.0.0.0 as an to_localhost address | |
1444 | - DiskIO detection fixes and use optimal IO in default build. | |
1445 | - Correct peer connect-fail-limit default of 10 | |
1446 | - Prevent squidclient sending two Accept: headers | |
1447 | - ... all bug fixes from 3.0.STABLE19 | |
1448 | - ... and many more documentation fixes | |
1449 | ||
f49a1c9e AJ |
1450 | Changes to squid-3.1.0.13 (04 Aug 2009): |
1451 | ||
1452 | - Bug 2723 regression: enable PURGE requests if PURGE method ACL is present. | |
1453 | - Fix one more internal profiler error | |
1454 | - Language Updates: Italian, Russian | |
1455 | - Language Updates: Add many more aliases | |
1456 | - Add Copyright document for errors/ content | |
1457 | - ... all bug fixes from 3.0.STABLE18 | |
1458 | - ... and several code polishing cleanups | |
1459 | ||
e7b1c518 AJ |
1460 | Changes to squid-3.1.0.12 (27 Jul 2009): |
1461 | ||
1462 | - Bug 2716: Chunked request Signed/Unsigned build error | |
1463 | - Bug 2674: Remove limit on HTTP headers read. | |
1464 | - Bug 2620: Invalid HTTP response codes causes segfault | |
1465 | - Fix FTP EPSV negotiation parser. | |
1466 | - Fix Via string when leak checking is enabled (valgrind etc) | |
1467 | - ... and several documentation and testing additions | |
1468 | ||
0b8d12da AJ |
1469 | Changes to squid-3.1.0.11 (19 Jul 2009): |
1470 | ||
1471 | - Bug 2087: Support adaptation sets and chains | |
1472 | - Bug 2459: dns error message broken when error handling delayed | |
1473 | - Support ICAP Retry | |
1474 | - Support ICAP retries based on the ICAP responses status code | |
1475 | - Support logging ICAP | |
1476 | - Support logging total DNS wait time | |
1477 | - Support logging response times of adaptation transactions | |
1478 | - General logging enhancements | |
1479 | - Dynamically form chains based on ICAP X-Next-Services header | |
1480 | - Support cross-transactional ICAP header exchange | |
1481 | - ... and much adaptation polish and improvements | |
1482 | ||
ce460dc8 AJ |
1483 | Changes to squid-3.1.0.10 (18 Jul 2009): |
1484 | ||
1485 | - Bug 2680: Regression Crash after rotate with no helpers running | |
1486 | - Bug 2695: Regression in WCCPv2 L2 mask assignment | |
1487 | - Bug 2707: Regression in FTP anonymous auth | |
1488 | - Bug 422, 2706: RFC 2616 Date header requirements | |
1489 | - Bug 1087: ESI processor not quoting attributes correctly. | |
1490 | - Bug 1338: File prefetches aborted despite range_offset | |
287dcde6 | 1491 | - Bug 2080: wbinfo_group.pl - false positive under certain conditions |
ce460dc8 | 1492 | - Bug 2092: select loop 32-bit call counter overflows |
287dcde6 | 1493 | - Bug 2127: delay pools class 4 crashes with ntlm auth |
ce460dc8 AJ |
1494 | - Bug 2611: document fast/slow acl types |
1495 | - Bug 2614: Potential loss of adapted body data from eCAP adapters | |
1496 | - Bug 2658: Missing TextException copy constructor | |
1497 | - Bug 2659: String length overflows on append, leading to segfaults | |
1498 | - Bug 2699: Build failure NTLM smb_lm helper | |
1499 | - Bug 2709: TRANSLATIONS not installed | |
1500 | - Bug 2710: squid_kerb_auth non-terminated string | |
1501 | - Delay pools 64-bit buckets and IPv6-polish | |
1502 | - Break forwarding loops for "transparent" or "intercept" http_ports. | |
1503 | - Add --disable-translation option to detatch .po from error negotiation | |
1504 | - Add squidclient man(1) page | |
1505 | - Add localhost to default permitted networks | |
1506 | - http_port allow-direct option to allow direct forwarding in accelerator mode | |
1507 | - ... and many testing infrastructure updates | |
1508 | ||
5df6d596 AJ |
1509 | Changes to squid-3.1.0.9 (26 Jun 2009): |
1510 | ||
1511 | - Bug 2682: Add ftp_epsv control to disable EPSV support. | |
1512 | - Bug 2665: Detach automake system from using -I. | |
1513 | - Bug 2395: FTP auth errors not displayed | |
1514 | - ... also several changes and bugs closed in 3.0.STABLE16 | |
1515 | - Port from 2.7: Show local address on listening sockets | |
1516 | - Add "tag" type acl matching tags set by external acl helpers. | |
1517 | - Adds Language alias linker/installer/upgrade scripts | |
1518 | - Support for GCC 4.4 | |
1519 | - Fix false NAT lookup errors on Linux | |
1520 | - Fix many Windows port issues | |
1521 | - Fix squid_kerb_auth helepr install location | |
1522 | - Better detection of IPv6 stack types | |
1523 | - Updates Licensing information for Squid 3.1 | |
1524 | - ... and many packaging portability build and install issues | |
1525 | ||
a7b15245 AJ |
1526 | Changes to squid-3.1.0.8 (24 May 2009): |
1527 | ||
1528 | - Bug 2656: Pinger dies with general protection fault | |
1529 | - Bug 2650: configure requires epoll_ctl in libepoll when --enable-epoll used | |
1530 | - Bug 2648: Authentificator processes deferring and don't shutdown. | |
1531 | - Bug 2645: allow squid to ignore must-revalidate | |
1532 | - Bug 2644: auth scheme initialization is broken | |
1533 | - Bug 2632: Make number of reforwarding tries configurable | |
1534 | - Bug 2628: --with-pidfile=PATH option to override DEFAULT_PID_FILE | |
1535 | - Bug 2627: HTCP Logging | |
1536 | - Bug 2615: Call libecap::adapter::Service::start() when finalizing config. | |
1537 | - Bug 2589: SNMP returning no data - wrong oid decoded | |
1538 | - Bug 2571: Squid with IPv6 fails to start on kernel without IPv6 | |
1539 | - Bug 2559: Problem parsing /0 and /0.0.0.0 | |
1540 | - Bug 2404: WCCP in mask mode is broken | |
1541 | - ... also all bugs closed by 3.0.STABLE14, 3.0.STABLE15, 3.0.STABLE16-RC1 | |
1542 | - Complete Interception multiple NAT support | |
1543 | - Add Content-Disposition to the known headers list. | |
1544 | - Make PEER_TCP_MAGIC_COUNT configurable | |
1545 | - Fix pinger install location | |
1546 | - Enable TPROXY v4 spoofing of CONNECT requests | |
1547 | - ... and much documentation and code polishing | |
1548 | ||
e1e28561 AJ |
1549 | Changes to squid-3.1.0.7 (08 Apr 2009): |
1550 | ||
1551 | - Fix: several issues with ident | |
1552 | - Add several language translations | |
1553 | - Upgrade code testing infrastructure | |
1554 | - Migrate much code to build as internal libraries | |
1555 | - Support gcc 4.4 | |
1556 | - Support doxygen 1.5.8 | |
1557 | - ... and much code polish to make things read easier | |
1558 | ||
727cb127 AJ |
1559 | Changes to squid-3.1.0.6 (01 Mar 2009): |
1560 | ||
e1e28561 | 1561 | - Regression Fix: Support HTTP/0.9 in accelerator mode |
727cb127 AJ |
1562 | - Bug 2601: Hack. Convert IPv4 netmasks to CIDR in IPv6-enabled mode |
1563 | - Bug 2593: Compile errors on Solaris 10 | |
1564 | - Bug 2591: adaptation_access does not work | |
1565 | - Bug 2588: coredump in rDNS lookup | |
1566 | - Bug 2526: default ALLOW when no list specified. | |
1567 | - Bug 2287: Send a 505 on requests with unsupported HTTP versions | |
1568 | - Bug 419: Hop by Hop headers MUST NOT be forwarded | |
1569 | - Fix external_acl_type handling of SSL certificate details | |
1570 | - Obsolete: dependency on nss_common.h and nss.h | |
1571 | - Support libtool2 | |
1572 | - ... and various documentation and code polish | |
1573 | ||
f636c996 AJ |
1574 | Changes to squid-3.1.0.5 (03 Feb 2009): |
1575 | ||
1576 | - Bug 2583: Fixed issue in content adaptation | |
1577 | - Bug 2576: Make translate target obey --disable-auto-locale | |
1578 | - Bug 2571: Add DNS failover to use IPv4-only listen when IPv6 fails. | |
1579 | - Bug 2563: 99+% CPU Usage on FTP URL | |
1580 | - Bug 2505, 2524, 2558: fixed several issues on connection handling | |
1581 | - Fix several issues in request parsing | |
1582 | - Fix memory leak from logformat parsing | |
1583 | - Fix various ESI build errors | |
1584 | - Make configure tests use C++ instead of C | |
1585 | - Drop special localhost conversion RFC violation. | |
1586 | - Add Language: Arabic | |
1587 | - ... and various documentation and code polish | |
1588 | ||
1589 | Changes to squid-3.1.0.4 (23 Jan 2009): | |
1590 | ||
1591 | - Regression Fix: Bug 2558: rollback bug 2395 fix. | |
1592 | - Bug 2555: Fixes to SNMP-MIB | |
1593 | - Bug 2550: assertion comm.cc:350 !fd_table[fd].closing() | |
1594 | - Bug 2547,2548: OSX compile errors (duplicate symbols and IPv6) | |
1595 | - Bug 2508: comm.cc:2035 assertion fd_table[fd].closing() | |
1596 | - Bug 2330: allow keep-alive+chunked; don't add max-age for no-cache | |
1597 | - Polish ZPH configuration interface | |
1598 | - Several Language Conversions to new auto-negotiate | |
1599 | - Port from 2.7: squidclient -V and -j options for HTTP/1.1 and 0.9 testing | |
1600 | - Fix: Pconn not being used when they should. | |
1601 | - Fix: Fix pinger immediate shutdowns | |
1602 | - Fix: Untangle CacheManager reports from log_fqdn | |
1603 | - ... and all bugs fixed for 3.0.STABLE12 | |
1604 | - ... and many code polish and optimization fixes. | |
1605 | ||
1606 | Changes to squid-3.1.0.3 (5 Dec 2008): | |
1607 | ||
1608 | - Regression Fix: StoreIOBuffer patch removed. | |
1609 | - Regression Fix: build issues with 3.1.0.2 bundle | |
1610 | - Security Bug 2526: default ALLOW when no list specified | |
1611 | - Bug 2525: encoding error on error pages | |
1612 | - Bug 2424: slow file descriptor leak | |
1613 | - Bug 2527: ICAP compile error on g++ 4.3.2 | |
1614 | - Bug 2523: bad assertion left in from debug | |
1615 | - Bug 2395: FTP Auth errors and others not displayed | |
1616 | - Update squid_kerb_auth to 1.0.5 | |
1617 | with better Squid integration. | |
1618 | - Fix cache_peer forcedomainname= option | |
1619 | - ... and many other minor fixes | |
1620 | ||
5e80e4ee AJ |
1621 | Changes to squid-3.1.0.2 (9 Nov 2008): |
1622 | ||
1623 | - Bug 2516: error page templates not properly installed | |
1624 | - Bug 2500: Solaris build issues | |
1625 | - Fixes FreeBSD build issues | |
1626 | - Release Notes completed | |
1627 | - Languages: new Russian, Japanese, Chinese, and general updates | |
1628 | - ... and other minor fixes | |
70c5dfb2 | 1629 | |
af4cd9a0 AJ |
1630 | Changes to squid-3.1.0.1 (27 Oct 2008): |
1631 | ||
1632 | - Bundled ntlm_auth helper renamed (see Release Notes before changing anything) | |
7a6e2ecc AJ |
1633 | - peername ACL added for matching against a named peer destination |
1634 | - configure option --with-logdir= added to select log files location | |
1635 | - squid_kerb_auth helper updated to 1.0.3 release | |
1636 | - Bug #740: allow external acl's to use reply headers in format | |
1637 | - Bug #2379: obsolete dns_testnames option | |
1638 | - Code test infrastructure expanded to configuration testing | |
1639 | - Policy changes to negative_ttl, cache deny QUERY, refresh_pattern | |
af4cd9a0 | 1640 | to bring their defaults up to RFC 2616 requirements. |
7a6e2ecc AJ |
1641 | - Large increase in RFC 2616 standard compliance (ongoing) |
1642 | - squid.conf cleanups for minimal config | |
1643 | - Connection Pinning ported from 2.6 for NTLM passthru authentication | |
1644 | - eCAP internal adaptation module support | |
af4cd9a0 | 1645 | - Localization and CSS display control of error pages |
7a6e2ecc AJ |
1646 | - Added semi-automatic documentation of source code |
1647 | - Added TE chunked encoding decoder to workaround broken HTTP/1.1 servers | |
1648 | - HTCP improvements ported from 2.7 adding HTCP CLR requests | |
70c5dfb2 | 1649 | - IPv6 (Internet Protocol version 6) support |
1650 | - ICMPv6 (Internet Control Message Protocol version 6) support | |
f1233d8c | 1651 | - FTP agent now supports EPSV/EPRT commands |
70c5dfb2 | 1652 | - DNS internal resolver now supports AAAA and CNAME records |
1653 | - SNMP peer and client tables now support IPv6 | |
1654 | - SNMP peer table supports named peers with multiple entries per IP | |
4aa8e49c | 1655 | - SslBump: Squid-in-the-middle decryption and encryption of straight |
1656 | CONNECT and transparently redirected SSL traffic, using configurable | |
1657 | client- and server-side certificates. While decrypted, the traffic | |
7a6e2ecc | 1658 | can be inspected using ICAP. |
af4cd9a0 | 1659 | - TPROXY version 4.1 support |
a13b3732 | 1660 | - IPFW and Netfilter interception methods may now both be built in one binary. |
f1233d8c AJ |
1661 | - ZPH Quality of Service patch now integrated |
1662 | - Null store now fully obsoleted and removed | |
1663 | - Unknown request methods all supported | |
1664 | - Follow_x_forwarder_for ported from 2.6 | |
7a6e2ecc | 1665 | - Bug #2223: Follow XFF extensions added |
af4cd9a0 | 1666 | - ... and many code and documentation cleanups |
7a6e2ecc | 1667 | |
2f954743 AJ |
1668 | Changes to squid-3.0.STABLE26 (28 Aug 2011): |
1669 | ||
1670 | - Regression: header_replace for reply headers | |
1671 | - Bug 3183: Invalid URL accepted with url host part of only '@'. | |
1672 | - Bug 3107: ncsa_auth DES silently truncates passwords to 8 bytes | |
1673 | - Bug 3056: comm.cc "!fd_table[fd].closing()" assertion from helperServerFree | |
1674 | - Bug 2991: Wrong parameters to fcntl() in commSetCloseOnExec() | |
1675 | - Bug 2933: Verification of the max. port number for WCCP2 dynamic service | |
1676 | - Bug 2922: Fix assertion failed: HttpHeader.cc: "Headers[id].stat.aliveCount" | |
1677 | - Regression Bug 2899: Restore lost rfc1738_unescape() data type | |
1678 | - Regression Bug 2879: headers end finding | |
1679 | - Bug 2876: FD_SETSIZE override not working on all linux distributions | |
1680 | - Check for NULL and empty strings before calling str*cmp(). | |
1681 | - Correct parsing of large Gopher indexes | |
1682 | ||
1a10a7e5 AJ |
1683 | Changes to squid-3.0.STABLE25 (14 Mar 2010): |
1684 | ||
1685 | - Bug 2845: Rework the http digest auth parser | |
1686 | - Bug 2787: unknown/unexpected status code messages | |
1687 | - Bug 2507: squid_ldap_group: Strip Domain name separated by + | |
1688 | - Bug 2367: stale=true on digest requests with unknown nonce | |
1689 | - ... and several other minor corrections | |
1690 | ||
6add0585 AJ |
1691 | Changes to squid-3.0.STABLE24 (13 Feb 2010): |
1692 | ||
1693 | - Bug 2858: Segment violation in HTCP | |
1694 | - Updated refresh pattern for dynamic pages | |
1695 | ||
bcd1f03d AJ |
1696 | Changes to squid-3.0.STABLE23 (02 Feb 2010): |
1697 | ||
1698 | - Bug 2856: removing assert() required for 3.0 patch for SQUID-2010:1 | |
1699 | - Regression Fix: Build error in Kerberos helper after library removal. | |
1700 | ||
61544616 AJ |
1701 | Changes to squid-3.0.STABLE22 (01 Feb 2010): |
1702 | ||
1703 | - Regression Fix: Make Squid abort on all config parse failures. | |
1704 | - Bug 2787: Reduce unexpected http status to non-critical warnings. | |
1705 | - Bug 2496: Downloading some variants in full before relaying | |
1706 | - Bug 2452: Add upper limit to external_acl_type entries. | |
1707 | - Removed optional kerberos/spnegohelp/ library due to licensing issues | |
1708 | - Add client_ip_max_connections | |
1709 | - Handle DNS header-only packets as invalid. | |
1710 | ||
06d0f369 AJ |
1711 | Changes to squid-3.0.STABLE21 (22 Dec 2009): |
1712 | ||
1713 | - Bug 2830: Clarify where NULL byte is in headers. | |
1714 | - Bug 2778: Linking issues using SunCC | |
1715 | - Bug 2395: FTP errors not displayed | |
1716 | - Bug 2155: Assertion failures on malformed Content-Range response headers | |
1717 | - Fix parsing and a few bugs in ACL time type | |
1718 | - Fix RFC keep-alive compliance on intercepted replies | |
1719 | - Improved security hardening on %nn parser | |
1720 | - Replace several GCC-specific code snippets. | |
1721 | ||
91228e4e AJ |
1722 | Changes to squid-3.0.STABLE20 (29 Oct 2009): |
1723 | ||
1724 | - Bug 2794: ESI parsing on FreeBSD | |
1725 | - Bug 2791: assertion failed: MemBuf.cc:400: new_cap > (size_t) capacity | |
1726 | - Bug 2779: Support GNU/kFreeBSD | |
1727 | - Bug 2773: Segfault in RFC2069 Digest authantication | |
1728 | - Bug 2768: squid_ldap_group argument parsing error | |
1729 | - Bug 2761: Gopher and double HTTP response header | |
1730 | - Bug 2735: Incomplete -fhuge-objects detection | |
1731 | - Bug 2722: prevent CONNECT via http_port with accel | |
1732 | - Bug 2624: Invalid response for IMS request | |
1733 | - Bug 2510: digest_ldap_auth TLS support | |
1734 | - Correct LINUX_CAPABILITY actions on non-Linux | |
1735 | ||
98df01e3 AJ |
1736 | Changes to squid-3.0.STABLE19 (06 Sep 2009): |
1737 | ||
1738 | - Bug 2745: Invalid Response error on small reads | |
1739 | - Bug 2739: DNS resolver option ndots can't be parsed from resolv.conf | |
1740 | - Bug 2734: some compile errors on Solaris | |
1741 | - Bug 2648: stateful helpers stuck in reserved if client disconnects while helper busy | |
1742 | - Bug 2541: Hang in 100% CPU loop while extacting header details using a delimiter other than comma | |
1743 | - Bug 2362: Remove support for deferred state in stateful helpers | |
1744 | - Add 0.0.0.0 as a to_localhost address | |
1745 | - Docs: Improve chroot directive documentation slightly | |
1746 | - Fixup libxml2 include magics, was failing when a configure cache was used | |
1747 | - ... and some minor testing improvements. | |
1748 | ||
b7a1ea6b AJ |
1749 | Changes to squid-3.0.STABLE18 (04 Aug 2009): |
1750 | ||
1751 | - Bug 2728: regression: assertion failed: !eof | |
1752 | - Bug 2732: reply_body_max_size smaller than error page loops | |
1753 | infinitely until out of memory | |
1754 | - Bug 2725: pconn failure if domain or client_address are unset | |
1755 | - Bug 2648: reserved helpers not shut down after reconfigure/rotate | |
1756 | - Bug 2462: make check should tell when cppunit is missing | |
1757 | - Remove excess messages about headers < minimum size | |
1758 | - Support Libtool 2.2.6 | |
1759 | ||
e7b1c518 | 1760 | Changes to squid-3.0.STABLE17 (27 Jul 2009): |
68c19036 AJ |
1761 | |
1762 | - Bug 2680 regression: Crash after rotate with no helpers running | |
1763 | - Bug 2710: squid_kerb_auth non-terminated string | |
1764 | - Bug 2679: strsep and strtoll detection failure | |
1765 | - Bug 2674: Remove limit on HTTP headers read. | |
1766 | - Bug 2659: String length overflows on append, leading to segfaults | |
1767 | - Bug 2620: Invalid HTTP response codes causes segfault | |
1768 | - Bug 2080: wbinfo_group.pl - false positive under certain conditions | |
1769 | - Bug 1087: ESI processor not quoting attributes correctly. | |
1770 | - Fix: issue with AUFS/UFS/DiskD writing objects to disk cache | |
1771 | - Several small build issues with previous release. | |
1772 | ||
950b7d55 AJ |
1773 | Changes to squid-3.0.STABLE16 (15 Jun 2009): |
1774 | ||
1775 | - Bug 2672: cacheMemMaxSize 32-bit overflow during snmpwalk | |
1776 | - Bug 2481: Don't set expires: now in generated error responses | |
1777 | - Bug 2387: The calculation of the number of hash buckets correctly | |
1778 | - Fix infinite loop in MSNT auth helper | |
1779 | - Fix FD_SETSIZE on FreeBSD | |
1780 | - Fix stripping NT domain in squid_ldap_group | |
1781 | - Fix RADIUS auth helper build | |
1782 | - Add Translate: and Unless-Modified-Since: headers to known list | |
1783 | - Make fakeauth handle NTLMv2 better | |
1784 | - Better Kerberos support detection | |
1785 | - Several Widows port fixes | |
1786 | ||
6e4fa9b4 AJ |
1787 | Changes to squid-3.0.STABLE16-RC1 (16 May 2009): |
1788 | ||
950b7d55 | 1789 | - Bug 1148: Ported from 3.1: Chunked Transfer Encoding |
6e4fa9b4 AJ |
1790 | - Bug 2648: NTLM helpers not shutting down when deferred |
1791 | ||
79200081 AJ |
1792 | Changes to squid-3.0.STABLE15 (06 May 2009): |
1793 | ||
1794 | - Regression Bug 2635: Incorrect Max-Forwards header type | |
1795 | - Bug 2652: 'Success' error on CONNECT requests | |
1796 | - Bug 2625: IDENT receiving errors | |
1797 | - Bug 2610: ipfilter support detection | |
1798 | - Bug 2578: FTP download resume failure | |
1799 | - Bug 2536: %H on HTTPS error pages | |
1800 | - Bug 2491: assertion "age >= 0" | |
1801 | - Bug 2276: too many NTLM helpers running | |
1802 | - Endian system and compiler fixes provided by the NetBSD project | |
1803 | - documentation fixes provided by the Debian project | |
1804 | ||
6c2e5932 AJ |
1805 | Changes to squid-3.0.STABLE14 (11 Apr 2009): |
1806 | ||
1807 | - Regression Fix: HTTP/0.9 in accelerator mode | |
1808 | - Bug 1232: cache_dir parameter limited to only 63 entries | |
1809 | - Bug 1868: support HTTP 207 status | |
1810 | - Bug 2518: assertion failure on restart/reconfigure | |
1811 | - Bug 2588: coredump in rDNS lookup | |
1812 | - Bug 2595: Out of bounds memory write in squid_kerb_auth | |
1813 | - Bug 2599: Idempotent start | |
1814 | - Bug 2605: Prevent setsid() on helpers in daemon mode | |
1815 | - Fix external_acl_type option parsing | |
1816 | - Fix delay pools counters on FTP | |
1817 | - Fix several issues with ident (some remain) | |
1818 | - Fix performance issues with persistent connections | |
1819 | - Fix performance issues with delay pools | |
1820 | - Fix forwarding of OPTIONS requests | |
1821 | - Add support for HTTP 1.1 Content-Disposition header | |
1822 | - Add support for Windows 7, Windows Server 2008 R2 and later | |
1823 | - ... and many small documentation updates | |
1824 | ||
f636c996 AJ |
1825 | Changes to squid-3.0.STABLE13 (03 Feb 2009): |
1826 | ||
1827 | - Fix several issues in request parsing | |
1828 | - Fix memory leak from logformat parsing | |
1829 | - Fix various ESI build errors | |
1830 | - ... and some documentation updates | |
1831 | ||
1832 | Changes to squid-3.0.STABLE12 (21 Jan 2009): | |
1833 | ||
1834 | - Bug 2533: Solaris (sparc) 64-bit build breaks with gcc/g++ | |
1835 | - Bug 2542: ICAP filters break download resume | |
1836 | - Bug 2556: HTCP fails without icp_port | |
1837 | - Bug 2564: logformat '%tl' field not working as advertised | |
1838 | - Port from 3.1: TestBed basic build consistency checks | |
1839 | - Policy: Change half_closed_clients default to off | |
1840 | - Policy: Removed -V command line option, deprecated by 2.6 | |
1841 | - ... and several other minor code cleanups | |
1842 | ||
1843 | Changes to squid-3.0.STABLE11 (24 Dec 2008): | |
1844 | ||
1845 | - Bug 2424: filedescriptors being left unnecessary opened | |
1846 | - Bug 2545: fault passing ICAP filtered traffic to peers | |
1847 | - Bug 2227: Sefgaults in MemBuf::reset during idnsSendQuery | |
1848 | - ... and some minor admin and debug cleanups. | |
1849 | ||
1850 | Changes to squid-3.0.STABLE11-RC1 (3 Dec 2008): | |
1851 | ||
1852 | - Removes patch causing cache of bad objects | |
1853 | - Bug 2526: bad security default in ACLChecklist | |
1854 | - Fixes regression: access.log request size tag | |
1855 | - Fixes cache_peer forceddomainname=X option | |
1856 | - ... and many minor documentation cleanups | |
1857 | ||
7a6e2ecc AJ |
1858 | Changes to squid-3.0.STABLE10 (14 Oct 2008): |
1859 | ||
1860 | - Bug 2391: Regression: bad assert in forwarding | |
1861 | - Bug 2447: Segfault on failed TCP DNS query | |
1862 | - Bug 2393: DNS requests getting stuck in idns queue | |
1863 | - Bug 2433: FTP PUT gives bad gateway | |
1864 | - Bug 2465: Limited DragonflyBSD support | |
1865 | - ... and other minor bugs and documentation | |
1866 | ||
1867 | Changes to squid-3.0.STABLE9 (9 Sep 2008): | |
1868 | ||
1869 | - Policy Enforcement: COSS is unusable in 3.0 | |
1870 | - Port from 3.1: Language Pack compatibility | |
1871 | - Port from 2.6: Windows Support Notes | |
1872 | - Fix several minor regressions: | |
1873 | HTCP stats reporting | |
1874 | cachemgr delay pool config | |
1875 | CARP build error | |
1876 | - Bug 2340: uudecode dependency for icons removed | |
1877 | - Bug 2352: no_check.pl ntlm challenge fix | |
1878 | - Bug 2426: buffer increase for kerberos auth fields | |
1879 | - Bug 2427: squid_ldap_group codes fix | |
1880 | - Bug 2437: peer name now shown in access.log | |
1881 | - Add sane display of unsupported method errors | |
1882 | - ... and various other code cleanups | |
1883 | ||
1884 | Changes to squid-3.0.STABLE8 (18 Jul 2008): | |
1885 | ||
1886 | - Port from 2.6: Support for cachemgr sub-actions | |
1887 | - Port from 2.6: userhash peer selection method | |
1888 | - Port from 2.6: sourcehash peer selection method | |
1889 | - Bug 2376: round-robin balancing fixes | |
1890 | - Bug 2388: acl documentation cleanup | |
1891 | - Bug 2365: cachemgr.cgi HTML output encoding | |
1892 | - Bug 2301: Regression: Log format size options | |
1893 | - Bug 2396: Correct the opening of PF device file. | |
1894 | - Bug 2400: ICAP accept mechanism | |
1895 | - Bug 2411: Regression: fakeauth_auth crashes | |
1896 | - Many fixes to the Windows support (not complete yet). | |
1897 | - Boost error pages HTML standards. | |
1898 | - Fixes several issues on 64-bit systems | |
1899 | - Fixes several issues on older or stricter compilers | |
1900 | - Linux-2.6.24/2.6.25 netfilter_ipv4.h __u32 workaround | |
1901 | - Update Release Notes: 'all' ACL is built-in since 3.0.STABLE1 | |
1902 | ||
1903 | Changes to squid-3.0.STABLE7 (22 Jun 2008): | |
1904 | ||
1905 | - Fix several ASN issues | |
1906 | - Fix SNMP reporting of counters | |
1907 | - Fix round-robin algorithms | |
1908 | - GCC 4.3 support | |
1909 | - Netfilter v1.4.0 bug workaround | |
1910 | - Bugs 2350 and 2323: memory issues | |
1911 | - Bugs 2384, 951, 1566: ESI assertions | |
1912 | - Various minor debug and documentation cleanups | |
f1233d8c AJ |
1913 | |
1914 | Changes to squid-3.0.STABLE6 (20 May 2008): | |
1915 | ||
1916 | - Bug 2254: umask Feature from 2.6 added | |
1917 | - cachemgr.cgi default config file added | |
1918 | - Several authentication bug fixes | |
1919 | - Improved Windows Support | |
1920 | - better DNS lookup methods for unqualified hostames | |
1921 | - better support for 64-bit environments | |
1922 | - Bug 2332: Crash when tunnelling | |
1923 | - Removed the advertisement clause from BSD licenses | |
1924 | according to the GPLv2+ changes in BSD | |
1925 | - ... and other bugs and minor cleanups | |
1926 | ||
1927 | Changes to squid-3.0.STABLE5 (28 Apr 2008): | |
1928 | ||
1929 | - Support for resolv.conf 'domain' option | |
1930 | - Improved URI support, including | |
1931 | longer URI up to 8192 bytes accepted | |
1932 | better handling of intercepted URI | |
1933 | better port for non-FQDN URI lookups | |
1934 | - Improved logging, including | |
1935 | Bug 3210 fixed: incorrect timestamp format in earlier 3.0 releases. | |
1936 | Fixed 'log_ip_on_direct' option behaviour | |
1937 | - Support for profiling on x86 64-bit systems | |
1938 | - .. and other bugs and minor code cleanups. | |
1939 | ||
1940 | Changes to squid-3.0.STABLE4 (2 Apr 2008): | |
1941 | ||
1942 | - Bug 2288: compile error slipped into STABLE3. | |
1943 | ||
1944 | Changes to squid-3.0.STABLE3 (31 Mar 2008): | |
1945 | ||
1946 | - Improved HTTP 1.1 support. | |
1947 | - Improved MacOSX (Leopard) support | |
1948 | - Bug 2206: Proxy-Authentication regression in STABLE2. | |
1949 | - Strip Domain from NTLM usernames for use in class 4 Delay Pools | |
1950 | - ... and other bugs and minor code cleanup | |
1951 | ||
1952 | Changes to squid-3.0.STABLE2 (1 Mar 2008): | |
1953 | ||
1954 | - Add myportname ACL for matching the accepting port name (see release notes) | |
1955 | - Add include directive for squid.conf (see release notes) | |
1956 | - Add ability to strip kerberos realm from usernames during Auth | |
1957 | - License cleanup to comply with GPLv2 or later | |
1958 | - Updated Error Pages and Translations | |
1959 | - Updated configuration examples | |
1960 | - Updated valgrind support for valgrind-3.3.0 | |
1961 | - Improved support for Windows and MacOS X Leopard | |
1962 | - Improved support for files larger than 2GB | |
1963 | - Improved support for CARP arrays and WCCPv2 | |
1964 | - Improved cachmgr, SNMP, and log reporting | |
1965 | - ... and as usual Many bug fixes since STABLE 1 | |
70c5dfb2 | 1966 | |
284237d4 | 1967 | Changes to squid-3.0.STABLE1 (13 Dec 2007): |
3ff01c3e | 1968 | |
1969 | - Major rewrite translating the code to C++, originally based on | |
1970 | Squid-2.5.STABLE1 | |
1971 | - Internal client streams concept for content adaptation | |
1972 | - ICAP (Internet Content Adaptation Protocol) client support | |
1973 | - ESI (Edge Side Includes) support added | |
284237d4 | 1974 | - Improved support for files larger than 2GB. |
3ff01c3e | 1975 | - And a lot more. Most features from Squid-2.6 is supported, but not |
1976 | all. See the release notes for details. | |
1977 | ||
9ae33c59 AJ |
1978 | |
1979 | Squid-2 ChangeLog of versions fully ported to Squid-3 follows. | |
1980 | ||
1981 | Changes to squid-2.6.STABLE22 (19 October 2008) | |
1982 | ||
1983 | - Bug #2396: Correct the opening of the PF device file. | |
1984 | - Make --with-large-files and --with-build-envirnment=default play | |
1985 | nice together | |
1986 | - Workaround for Linux-2.6.24 & 2.6.25 netfiler_ipv4.h include header | |
1987 | __u32 problem | |
1988 | - Make dns_nameserver work when using --disable-internal-dns on glibc | |
1989 | based systems | |
1990 | - Bug #2426: Increase negotiate auth token buffer size | |
1991 | - Bug #2427: squid_ldap_group -h reports the old % codes for -f | |
1992 | - Bug #2477: swap.state permission issues if crashing during "squid -k | |
1993 | reconfigure" | |
1994 | - Windows port: Fix build error using latest MinGW runtime. | |
1995 | ||
1996 | ||
1997 | ||
3ff01c3e | 1998 | Older ChangeLog follows. The sections relating to Squid-2.6 is not entirely |
1999 | authorative for this release and mirrored here for reference only. | |
f1233d8c | 2000 | |
467c94d1 | 2001 | - CARP now plays well with the other peering algorithms, |
2002 | and support for CARP peerings is compiled by default. Can be | |
2003 | disabled by --disable-carp | |
1741cbad | 2004 | - Configuration file can be read from an external program |
2005 | or preprocessor. See squid.8 man page. | |
52f772de | 2006 | - http_port is now optional, allowing for SSL only operation |
4ca261f2 | 2007 | - Satellite and other high latency peering relations enhancements |
2008 | (Robert Cohren) | |
a9245686 | 2009 | - Nuked num32 types, and made type detection more robust by the |
2010 | use of typedefs rather than #defines. | |
b5fb34f1 | 2011 | - the mailto links on Squid's ERR pages now contain data about the |
2012 | occurred error by default, so that the email will contain this data in | |
2013 | its body. This feature can be disabled via the email_err_data directive. | |
9ae33c59 | 2014 | (Clemens L?ser) |
c8f4eac4 | 2015 | - COSS now uses a file called stripe and the path in squid.conf is the |
2016 | directory this is placed in. Additionally squid -z will create the | |
2017 | COSS swapfile. | |
14f5b6c3 | 2018 | - WCCPv2 support, including mask assignment support |
5401aa8d | 2019 | - HTCP support for access control and the CRL operation for |
2020 | purgeing of cache content | |
14f5b6c3 | 2021 | - ICAP related fixes |
2022 | - Windows-related fixes, including Vista and Longhorn identification | |
2023 | - Client-side parsing and some string use optimisations | |
2024 | - Lots of off-by-one and memory leaks in corner cases have been fixed | |
2025 | thanks to valgrind | |
2026 | - Improved high-resolution profiling | |
2027 | - Windows overlapped-IO and thread support added to the Async IO disk code | |
2028 | - Improvements for handling large DNS replies | |
a7c8cce0 | 2029 | |
3ff01c3e | 2030 | Changes to squid-2.6.STABLE15 (31 Aug 2007) |
2031 | ||
2032 | - The select() I/O loop got broken by the /dev/poll addition | |
2033 | (2.6.STABLE14) | |
2034 | - Bug #2017: Fails to work around broken servers sending just the HTTP | |
2035 | headers | |
2036 | - Bug #2023: Compile error with old GCC 2.x or other ANSI-C compilers | |
2037 | before C99 | |
2038 | - squid.conf.default updated and reorganised in more sensible groups | |
2039 | - correct and document the syslog access_log format | |
2040 | - Armenian error pages translation | |
2041 | - digest_ldap_helper usage help updated | |
2042 | - Bug #1560: ftpSendPasv: getsockname(-1,..): (9) Bad file descriptor | |
2043 | - Improve delay pools in low traffic environment by checking timeouts | |
2044 | at a steady 1 second interval even when there is not much activity | |
2045 | - Don't request authentication on transparently intercepted | |
2046 | connections | |
2047 | - Cleanup linux capabilities for tproxy | |
2048 | - Bug #2003: 'via' config directive doesn't affect response headers | |
2049 | - Bug #1902: Adds Numeric Hit and invalid request counters to IP Cache | |
2050 | - Add missing $|=1 to squid_db_auth | |
2051 | - Bug #2050: Persistent connection dropped if cache has no | |
2052 | Content-Length | |
2053 | - Verify the URL on memory cache hits | |
2054 | - Bug #2057: NTLM stop work in messengers after upgrade to 2.6.STABLE14 | |
2055 | - Bug #1972: Squid sets peers to down state when they are in fact | |
2056 | working. | |
2057 | - potential segmentation fault in storeLocateVary() | |
2058 | - Bug #2066: chdir after chroot | |
2059 | - Windows port: Fix compiler warnings when building Squid as | |
2060 | application (not Windows service mode) | |
2061 | - Spelling correction of received | |
2062 | ||
2063 | Changes to squid-2.6.STABLE14 (15 Jul 2007) | |
2064 | ||
2065 | - squid.conf.default cleanup to have options in their proper sections. | |
2066 | - documentation correction in the refresh_pattern ignore-auth option | |
2067 | - URI-escaping not uses the recommended upper-case hex codes | |
2068 | - refresh_pattern min-age 0 correted to really mean 0, and not 1 second | |
2069 | - Always use xisxxxx() Squid defined macros instead of ctype | |
2070 | functions. | |
2071 | - Kerberos SPNEGO/Negotiate helper for the negotiate scheme | |
2072 | - Database basic auth helper using Perl DBI to connect to most SQL DBs | |
2073 | - Solaris /dev/poll network I/O support | |
2074 | - configure fixes to make cross compilation somewhat easier | |
2075 | - Removed incorrect -a reference from http_port documentation | |
2076 | - Bug #1900: Double "squid -k shutdown" makes Squid restart again | |
2077 | - Bug #1968: Squid hangs occasionally when using DNS search paths | |
2078 | - Novell eDirectory digest auth helper (digest_edir_auth) | |
2079 | - Bug #1130: min-size option for cache_dir | |
2080 | - POP3 basic auth helper querying a POP3 server | |
2081 | - Cosmetic squid_ldap_auth fixes from Squid-3 | |
2082 | - Bug #1085: Add no-wrap to cache manager HTML tables | |
2083 | - Automatically restart if number of available filedescriptors becomes | |
2084 | alarmingly low, preventing a situation where Squid would otherwise | |
2085 | permanently stop processing requests. | |
2086 | - Bug #2010: snmp_core.cc:828: warning: array subscript is above | |
2087 | array bounds | |
2088 | - Deal better with forwarding loops | |
2089 | ||
2090 | Changes to squid-2.6.STABLE13 (11 May 2007) | |
2091 | ||
2092 | - Make sure reply headers gets sent even if there is no body available | |
2093 | yet, fixing RealMedia streaming over HTTP issues. | |
2094 | - Undo an accidental name change of storeUnregisterAbort. | |
2095 | - Kill an ancient malplaced storeUnregisterAbort call from ftp.c | |
2096 | - Bug #1814: SSL memory leak on persistent SSL connections | |
2097 | - Don't log ECONNREFUSED/ECONNABORTED accept failures in cache.log | |
2098 | - Cosmetic fix: added missing newline in WCCPv2 configuration dump. | |
2099 | - Ukrainan error messages | |
2100 | - Convert various error pages from DOS to UNIX text format | |
2101 | - Bug #1820: COSS assertion failure t->length == MD5_DIGEST_CHARS | |
2102 | - Clarify the max-conn=n cache_peer option syntax slightly | |
2103 | - Bug #1892: COSS segfault on shutdown | |
2104 | - Windows port: fix undefined ECONNABORTED | |
2105 | - Make refreshIsCachable handle ETag as a cache validator, not | |
2106 | only last-modified | |
2107 | - in_port_t is not portable, use unsigned short instead | |
2108 | - Fix fs / auth / snmp dependencies | |
2109 | - Portability: statfs() may reqire #include <sys/statfs.h> | |
2110 | ||
2111 | Changes to squid-2.6.STABLE12 (20 Mar 2007) | |
2112 | ||
2113 | - Assertion error on TRACE | |
2114 | ||
2115 | Changes to squid-2.6.STABLE11 (17 Mar 2007) | |
2116 | ||
2117 | - Bug #1915: assertion failed: client_side.c:4055: "buf != NULL || | |
2118 | !conn->body.request" | |
2119 | - Handle garbage helper responses better in concurrent protocol format | |
2120 | - Fix kqueue when overflowing the changes queue | |
2121 | - Make sure the child worker process commits suicide if it could | |
2122 | not start up | |
2123 | - Don't log short responses at debug level 1 | |
2124 | - Fix bswap16 & bwsap32 error on NetBSD | |
2125 | - Fix collapsed_forwarding for non-GET requests | |
2126 | ||
2127 | Changes to squid-2.6.STABLE10 (4 Mar 2007) | |
2128 | ||
2129 | - Upgrade HTTP/0.9 responses to our HTTP version (HTTP/1.0) | |
2130 | - various diskd bugfixes | |
2131 | - In the access.log hierarchy field log the unique peer name | |
2132 | instead of the host name | |
2133 | - unlinkdClose() should be called after (not before) storeDirSync() | |
2134 | - CLEAN_BUF_SZ was defined, but never used anywhere | |
2135 | - logging HTTP-request size | |
2136 | - Fix icmp pinger communication on FreeBSD and other not supporing | |
2137 | large dgram AF_UNIX sockets | |
2138 | - Release objects on swapin failure | |
2139 | - Bug #1787: Objects stuck in cache if origin server clock in future | |
2140 | - Bug #1420: 302 responses with an Expires header is always cached | |
2141 | - Primitive support for HTTP/1.1 chunked encoding, working around | |
2142 | broken servers | |
2143 | - Clean up relations between TCP probing and DNS checks of peers with | |
2144 | no known addresses. | |
2145 | - Fix a minor HTML coding error in ftp directory listings with // in | |
2146 | the path | |
2147 | - Bug #1875, #1420. Cleanup of refresh logics when dealing with | |
2148 | non-refreshable content | |
2149 | - Gopher cleanups and bugfixes | |
2150 | - Negotiate authentication fixed again. Broken since STABLE7 by the | |
2151 | patch for Bug #1792. | |
2152 | - Bug #1892: COSS tries to shut down the same directory twice on exit | |
2153 | - Bug #1908: store*DirRebuildFromSwapLog() ignores some SWAP_LOG_DEL | |
2154 | entries | |
2155 | - Added support for Subversion HTTP request methods MKACTIVITY, | |
2156 | CHECKOUT and MERGE. | |
2157 | ||
2158 | Changes to squid-2.6.STABLE9 (24 Jan 2007) | |
2159 | ||
2160 | - Bug #1878: If-Modified-Since broken in 2.6.STABLE8 | |
2161 | - Bug #1877 diskd bug in storeDiskdIOCallback() | |
2162 | ||
2163 | Changes to squid-2.6.STABLE8 (21 Jan 2007) | |
2164 | ||
2165 | - Bug #1873: authenticateNTLMFixErrorHeader: state 4. | |
2166 | - Document the https_port vhost option, useful in combination with | |
2167 | a wildcard certificate | |
2168 | - Document the existence of connection pinning / forwarding of NTLM | |
2169 | auth and a few other features overlooked in the release notes. | |
2170 | - Spelling correction of the ssl cache_peer option | |
2171 | - Add back the optional "accel" http_port option. Makes accelerator | |
2172 | mode configurations easier to read. | |
2173 | - Bug #1872: Date parsing error causing objects to get unexpectedly | |
2174 | cached. | |
2175 | - Cleanup to have the access.log tags autogenerated from enums.h | |
2176 | - Bug #1783: STALE: Entry's timestamp greater than check time. Clock | |
2177 | going backwards? | |
2178 | - Don't update object timestamps on a failed revalidation. | |
2179 | - Fix how ftp://user@host URLs is rendered when Squid is built with | |
2180 | leak checking enabled | |
2181 | ||
2182 | Changes to squid-2.6.STABLE7 (13 Jan 2007) | |
2183 | ||
2184 | - Windows port: Fix intermittent build error using Visual Studio | |
2185 | - Add missing tproxy info from the dump of http port configuration | |
2186 | - Bug #1853: Support for ARP ACL on NetBSD | |
2187 | - clientNatLookup(): fix wrong function name in debug messages | |
2188 | - Convert ncsa_auth man page from DOS to Unix text format. | |
2189 | - Bug #1858: digest_ldap_auth had some remains of old hash format | |
2190 | - Correct the select_loops counter when using select(). Was counted twice | |
2191 | - Clarify the http_port vhost option a bit | |
2192 | - Fix cache-control: max-stale without value or bad value | |
2193 | - Bug #1857: Segmentation fault on certain types of ftp:// requests | |
2194 | - Bug #1848: external_acl crashes with an infinite loop under high load | |
2195 | - Bug #1792: max_user_ip not working with NTLM authentication | |
2196 | - Bug #1865: deny_info redirection with authentication related acls | |
2197 | - Small example on how to use the squid_session helper | |
2198 | - Bug #1863: cache_peer monitorurl, monitorsize and monitorinterval not working properly | |
2199 | - Clarify the transparent http_port option a bit more | |
2200 | - Bug #1828: squid.conf docutemtation error for proxy_auth digest | |
2201 | - Bug #1867: squid.pid isn't removed on shutdown | |
2202 | ||
2203 | Changes to squid-2.6.STABLE6 (12 Dec 2006) | |
2204 | ||
2205 | - Bug #1817: Assertion failure assert(buflen >= copy_sz) in htcp.c htcpBuildAuth() | |
2206 | - Add client source port logformat tag >p | |
2207 | - Cleanup of transparent & accelerator mode request parsing to untangle the firewall dependencies a bit | |
2208 | - Bug #1799: Harmless 1 byte buffer overflow on long host names in /etc/hosts | |
2209 | - automake no longer recommends mkinstalldirs. Removed. | |
2210 | - Only use crypt() if it's available, allowing ncsa_auth to be built | |
2211 | on platofms without crypt() support. | |
2212 | - Windows port documentation updates | |
2213 | - Bug #1818: Assertion failure assert(e->swap_dirn >= 0) in fs/coss/store_dir_coss.c storeCoss_DeleteStoreEntry | |
2214 | - Bug #1117: assertion failed: aufs/store_dir_aufs.c:642: "rb->flags.need_to_validate" | |
2215 | - Remove extra newline in redirect message sent by deny_info http://... aclname | |
2216 | - Bug #1805: assertion failed: StatHist.c:195: "D[i] >= 0" | |
2217 | - Clarify the external_acl_type helper format specification and some defaults | |
2218 | - Add support for the weight= parameter to round-robin peers | |
2219 | - Bug #1832: Error building squid-2.6.STABLE5 using --enable-truncate | |
2220 | - Convert snmpDebugOid to use a temporary String object instead of strcat | |
2221 | - Document that proxy_auth also accepts -i for case-insensitive operation | |
2222 | - Remove malloc/free of temporary buffer in time parsing routines. | |
2223 | - Reduce memory allocator pressure by not continually allocating client-side read buffers | |
2224 | - Accept large dates >2^31 on 64-bit platformst. Seen for example in the Google logo. | |
2225 | - Convert the connStateData->chr single link list to a normal dlink_list for clarity. | |
2226 | - Bug #1584: Unable to register with multiple WCCP2 routers | |
2227 | - Fix the WCCPv2 mask assignment code to not crash as the value assignments are built. | |
2228 | - Bug #439: Multicast ICP peering is unstable and considers most peers dead | |
2229 | - Bug #1801: NTLM authentication ends up in a loop if the server responds with a retriable error | |
2230 | - Bug #1839: Cosmetic debug message cleanup in peerHandleHtcpReply. | |
2231 | - Bug #1840: Disable digest and netdb queries to multicast peers | |
2232 | - Bug #1641: assertion failed: stmem.c:149: "size > 0" while processing certain Vary objects | |
2233 | - Fix build errors when using latest MinGW Windows environment | |
2234 | ||
2235 | Changes to squid-2.6.STABLE5 (3 Now 2006) | |
2236 | ||
2237 | - Bug #1776: 2.6.STABLE4 aufs fails to compile if coss isn't enabled | |
2238 | - COSS improvements and cleanups | |
2239 | - SNMP linking issue resolved, enabling SNMP support to be build in all platforms | |
2240 | - Bug #1784: access_log syslog results in blanks syslog lines between every entry | |
2241 | - Bug #1719: Incorrect error message on invalid cache_peer specifications | |
2242 | - Bug #1785: Memory leak in handling of negatively cached objects | |
2243 | - Bug #1780: Incorrect Vary processing in combination with collapsed_forwarding | |
2244 | - Bug #1782: Memory leak in ncsa_auth on password changes | |
2245 | - Suppress some annoying coss startup messages raising the debug level to 2. | |
2246 | - Clarify the external_acl_helper concurrency= change. | |
2247 | - aioDone() could be called twice from aufs and from coss (when using AIOPS) during shutdown. | |
2248 | - Bug #1794: Accept 00:00-24:00 as a valid time specification even if redundand and the same as 00:00-23:59 | |
2249 | - Bug #1795: Theoretical memory leak in storeSetPublicKey | |
2250 | - Removing port 563 from the default SSL_ports and Safe_ports ACLs | |
2251 | - Bug #1724: Automatically enable Linux Netfilter support with --enable-linux-tproxy. | |
2252 | - Bug #1800: squid -k reconfigure crash when using req/rep_header acls | |
2253 | - Clarify the select/poll/kqueue/epoll configure --enable/disable options | |
2254 | - Bug #1779: Delay pools fairness when multiple connections compete for bandwidth | |
2255 | - Bug #1802: Crash on exit in certain conditions where cache.log is not writeable | |
2256 | - Bug #1796: Assertion error HttpHeader.c:914: "str" | |
2257 | - Bug #1790: Crash on wccp2 + mask assignement + standard wccp service | |
2258 | - Silence harmless gcc compile warning. | |
2259 | - Clean up poll memory on shutdown | |
2260 | - Ported select, poll and win32 to new comm event framework | |
2261 | - Windows port: Correctly identify Windows Vista and Windows Server Longhorn | |
2262 | - Added a basic comm_select_simple comm loop only requiring minimal POSIX compliance. | |
2263 | - Safeguard from kb_t counter overflows on 32-bit platforms | |
2264 | ||
2265 | Changes to squid-2.6.STABLE4 (23 Sep 2006) | |
2266 | ||
2267 | - Bug #1736: Missing Italian translation of ERR_TOO_BIG error page | |
2268 | - Windows port enhancement: added native exception handler with signal emulation | |
2269 | - Fix the %un log_format tag again. Got broken in 2.6.STABLE2 | |
2270 | - Fix Squid crash when using %a in ERR_INVALID_REQ and ERR_INVALID_URL error messages. | |
2271 | - Bug #212: variable %i always 0.0.0.0 in many error pages | |
2272 | - Bug #1708: Ports in ACL accepts characters and out of range | |
2273 | - Bug #1706: Squid time acl accepts invalid time range. | |
2274 | - Fix another harmless fake_auth compiler warning on gcc 4.1.1 x86 | |
2275 | - Fix an harmless snmp_core.c compiler warning on gcc 4.1.1 x86 | |
2276 | - Bug #1744: squid-2.6.STABLE3 - fakeauth_auth crashing on certain requests | |
2277 | - Bug #1746: Harmless off by one overrun in ncsa_auth md5 password validation | |
2278 | - Bug #1598: start_announce cannot be disabled | |
2279 | - Periodically flush cache.log to disk when "buffered_logs on" is set | |
2280 | - Numerous COSS improvements and fixes | |
2281 | - Windows port: merge of MinGW support | |
2282 | - Windows port: Merged Windows threads support into aufs | |
2283 | - Bug #1759: Windows port cachemgr.cgi attempts to write to file system root directory | |
2284 | - Numerous portability fixes | |
2285 | - Various minor statistics cleanup on 64-bit hosts with more than 4GB of memory | |
2286 | - Bug #1758: HEAD on ftp:// URLs always returned 200 OK. | |
2287 | - Bug #1760: FTP related memory leak | |
2288 | - Bug #1770: WCCP2 weighted assignment | |
2289 | - Bug #1768: Redundant DNS PTR lookups | |
2290 | - Bug #1696: Add support for wccpv2 mask assignment | |
2291 | - Bug #1774: ncsa_auth support for cramfs timestamps | |
2292 | - Bug #1769: near-hit and filedescriptor usage missing in SNMP MIB | |
2293 | - Bug #1725: cache_peer login=PASS documentation somewhat confusing | |
2294 | - Bug #1590: Silence those ETag loop warnings | |
2295 | - Bug #1740: Squid crashes on certain malformed HTTP responses | |
2296 | - Bug #1699: assertion failed: authenticate.c:836: "auth_user_request != NULL" | |
2297 | - Improve error reporting on unexpected CONNECT requests in accelerator mode | |
2298 | - Cosmetic change to increase cache.log detail level on invalid requests | |
2299 | - Bug #1229: http_port and other directives accept invalid ports | |
2300 | - Reject http_port specifications using both transparent and accelerator options | |
2301 | - Cosmetic cleanup to not dump stacktraces on configuration errors | |
2302 | ||
2303 | ||
2304 | Changes to squid-2.6.STABLE3 (18 Aug 2006) | |
2305 | ||
2306 | - Bug #1577: assertion failed "fm->max_n_files <= (1 << 24)" on | |
2307 | very large cache_dir. Limit number of objects stored to slightly | |
2308 | less to avoid this. | |
2309 | - Bug #1705: Correct error message on invalid time weekday specification | |
2310 | - Don't attempt to guess netmask in src/dst acl specifications | |
2311 | if none was provided. Assume it's an IP even if it ends in 0 | |
2312 | - Bug #1665: log_format %ue, %us tags for external or ssl user id | |
2313 | - Bug #1707: delay pools often ignored the set limit | |
2314 | - Bug #1716: Support for recent OpenSSL 0.9.7 versions | |
2315 | (0.9.8 always worked) | |
2316 | - COSS fixes and performance improvements | |
2317 | - Memory leak when reading configuration files with overlapping | |
2318 | ACL data where squid -k parse complains. | |
2319 | - Memory leak related to pinned connections | |
2320 | - Show include acls unexpanded in cachemgr configuration dumps | |
2321 | - Fixed WARNING defer handler for HTTP Socket does not call commDeferFD | |
2322 | - Bug #1304: Downloads may hang when using the cache_dir max-size option | |
2323 | - Optimization of network I/O | |
2324 | - Bug #1730: make problem with --enable-follow-x-forwarded-for on Solaris | |
2325 | - Fixed a memory leak on certain invalid requests | |
2326 | - Bug #1733: ERR_CANNOT_FORWARD Portuguese translation update | |
2327 | - Bug #582: ntlm fake_auth not handles non-ascii login names | |
2328 | - New startup message indicating the type of event loop used | |
2329 | - Bug #1602: TCP fallback on truncated DNS responses | |
2330 | - Bug #1667: assertion failed: store.c:1081: "e->store_status == STORE_PENDING" | |
2331 | - Bug #1723: cachemgr now works in accelerator mode | |
2332 | ||
2333 | Changes to squid-2.6.STABLE2 (31 Jul 2006) | |
2334 | ||
2335 | - WCCP2 doesn't update statCounter.syscalls.sock.sendtos counter. | |
2336 | - Releasenotes Table of contents should use relative links without | |
2337 | filename. | |
2338 | - Reject HTTP/0.9 formatted CONNECT requests. | |
2339 | - Cosmetic cleanup to use safe_free instead of xfree + manual | |
2340 | assign to NULL | |
2341 | - Bug #1650: transparent interception "Unable to forward this | |
2342 | request at this time" | |
2343 | - Bug #1658: Memory corruption when using client-side SSL certificates | |
2344 | - Add storeRecycle; a storeIO method to delete a StoreEntry w/out | |
2345 | deleting the underlying object. | |
2346 | - Many COSS fixes and new coss data dumper utility for diagnostics | |
2347 | - Bug #1669: SEGV in storeAddVaryReadOld | |
2348 | - Many fixes in debug sections and spelling of debug messages | |
2349 | - Don't keep client connection persistent if there was a mismatch in | |
2350 | the response size. | |
2351 | - Move eventCleanup debug messages to debug level 2 (was 0) | |
2352 | - Add the missing concurrency parameters to basic and digest auth | |
2353 | schemes | |
2354 | - Bug #1670: assertion failure: i->prefix_size > 0 in client_side.c:2509 | |
2355 | - Log SSL user id in the custom log User name format (%un) | |
2356 | - Bug #1653: Username info not logged into Cachemgr active_requests | |
2357 | statistics | |
2358 | - Added to the redirectors interface the support for SSL client | |
2359 | certificate | |
2360 | - squid.conf.default cleanup to remove references to old options | |
2361 | - Fix many filedescriptors in combination with TPROXY | |
2362 | - Fix connection pinning in transparently intercepted connections | |
2363 | - Bug #1679: LDFLAGS not honored in some programs. | |
2364 | - Minor cleanup of port numbers in transparent interception or | |
2365 | vhost + vport | |
2366 | - Bug #1671: transparent interception fails with FreeBSD ipfw or | |
2367 | Linux-2.2 ipchains | |
2368 | - Bug #1660: Accept-Encoding related memory corruption | |
2369 | - Bug #1651: Odd results if url_rewriter defined multiple times | |
2370 | - Bug #1655: Squid does not produce coredumps under linux when | |
2371 | started as root | |
2372 | - Bug #1673: cache digests not served to other caches | |
2373 | - Cleanup of Linux capability code used by tproxy | |
2374 | - Bug #1684: xstrdup: tried to dup a NULL pointer! | |
2375 | - Bug #1668: unchecked vsnprintf() return code could lead to log | |
2376 | corruption | |
2377 | - Bug #1688: Assertion failure in HttpHeader.c in some header_access | |
2378 | configurations | |
2379 | - Cygwin support fir --disable-internal-dns | |
2380 | - Silence those annoying sslReadServer: Connection reset by peer | |
2381 | errors. | |
2382 | - Bug #1693: persistent connections broken in transparent | |
2383 | interception mode | |
2384 | - Bug #1691: multicast peering issues | |
2385 | - Bug #1696: Correct WCCP2 processing of router capability info | |
2386 | segments | |
2387 | - Bug #1694: Assertion failure in mgr:config if using | |
2388 | access_log_format %<h | |
2389 | - Bug #1677: Duplicate etags in the If-None-Match header | |
2390 | - Bug #1665: access_log_format codes for login names from external | |
2391 | acl or ssl | |
2392 | - Bug #1681: All ntlmauthenticator processes are busy | |
2393 | - Added ARP acl support for OpenBSD and ARP fixes for Windows | |
2394 | - Bug #1700: WCCP fails on FreeBSD (Unable to disconnect WCCP out | |
2395 | socket) | |
2396 | - WCCP2 correct dampening of assign buckets when there it lots of | |
2397 | changes | |
2398 | - minimum_expiry_time to tune the magic 60 seconds limit of what | |
2399 | is considered cachable when the object doesn't have any cache | |
2400 | validators. | |
2401 | - Bug #1703: wrong path to diskd helper corrected, and config | |
2402 | parser extended to trap incorrect paths early | |
2403 | - Bug #1703: COSS failed to initialize async-io threads | |
2404 | - Bug #1703: should abort if diskd helper exits unexpectedly | |
2405 | - Bug #1702: Warn if acl name is too long | |
2406 | - Bug #1685: Crashes or other odd results after storeSwapMetaUnpack: errors | |
2407 | - wccp2_rebuild_wait directive to delay registering with WCCP until the | |
2408 | - Bug #1662: Infinite loop in external acl with grace period if the | |
2409 | same http_access line had multiple external acls | |
2410 | ||
2411 | Changes to squid-2.6.STABLE1 (1 Jul 2006) | |
2412 | ||
2413 | - New --enable-default-hostsfile configure option | |
2414 | - Added username info to active_requests cachemgr stats | |
2415 | - Modified squid MIB to incorporate squid.conf visible_hostname | |
2416 | - Added multi-line capability in squid.conf | |
2417 | - Added new httpd_suppress_version_string configuration directive | |
2418 | - WCCPv2 support | |
2419 | - Negotiate authentication scheme support | |
2420 | - NTLM authentication scheme rewritten | |
2421 | - Customizable access log formats | |
2422 | - Selective access logging | |
2423 | - Access logging via syslog | |
2424 | - Reverse proxy enhancements, with new cache_peer based forwarding | |
2425 | model. | |
2426 | - LDAP based Digest helper (Note: not true LDAP integration, just using | |
2427 | LDAP for storage of the Digest hashes) | |
2428 | - Improved helper communication protocol | |
2429 | - External ACL improvements. %PATH, log=, grace=, and more.. | |
2430 | - Improved SSL support with hardware offload, client certificate | |
2431 | support (primitive), chained certificates and numerous bug fixes | |
2432 | - DNS lookups now use the search path from /etc/resolv.conf or | |
2433 | the Windows registry | |
2434 | - Linux epoll support | |
2435 | - collapsed forwarding to optimize reverse proxies or other | |
2436 | setups having very many clients going to the same URL | |
2437 | - New improved COSS implementation | |
2438 | - Optional support for blank passwords | |
2439 | - The old and obsolete Samba-2.2.X winbind helpers have been removed | |
2440 | - external acls now uses the simplified URL-escaped protol "3.0" by | |
2441 | default. | |
2442 | - Linux TPROXY support | |
2443 | - Support for proxying of Microsoft Integrated Login by adding | |
2444 | support for the deviations from the HTTP protocol required | |
2445 | to support these authentication mechanisms | |
2446 | - Added the capability to run as a Windows service under Cygwin | |
2447 | - CARP now plays well with the other peering algorithms | |
2448 | - read_ahead_gap option to read ahead more than 16KB of the reply | |
2449 | - check_hostnames and allow_underscore squid.conf options | |
2450 | - http_port is now optional, allowing for SSL only operation | |
2451 | - Full ETag/Vary support, caching responses which varies with | |
2452 | request details (browser, language etc). | |
2453 | - umask now defaults to 027 to protect the content of cache and | |
2454 | log files from local users | |
2455 | - HTCP support for access control and the CRL operation for | |
2456 | purgeing of cache content | |
2457 | - Optionally follow X-Forwarded-For headers to determine the original | |
2458 | client IP behind sedond level proxies | |
2459 | - FreeBSD kqueue support | |
2460 | ||
2461 | Changes to squid-2.5.STABLE14 (20 May 2006) | |
2462 | - [Minor] icons not displayed when visible_hostname is a | |
2463 | short hostname (without domain). (Bug #1532) | |
2464 | - [Medium] Memleak in HTCP client code (default disabled) | |
2465 | (Bug #1553) | |
2466 | - [Major] memory leak in ident processing (Bug #1557) | |
2467 | - [Medium] Memory leak in header processing related to external_acl | |
2468 | header detail format tag (Bug #1564) | |
2469 | ||
2470 | Changes to squid-2.5.STABLE13 (12 Mar 2006) | |
2471 | - [Minor] Fails to compile on Solaris and some other platforms | |
2472 | with undefined reference to setenv (Bug #1435) | |
2473 | - [Cosmetic] Added WebDAV REPORT method to know HTTP methods list | |
2474 | - [Minor] Squid ntlm_auth (not the Samba provided one) giving | |
2475 | odd results if --enable-ntlm-fail-open is used (Bug #1022) | |
2476 | - [Minor] wbinfo_group.pl doesn't work with Samba 3.0.21 and later | |
2477 | (Bug #1472) | |
2478 | - [Minor] Squid crash when asyncio function counters url accessed | |
2479 | from Cachemgr CGI (Bug #1464) | |
2480 | - [Cosmetic] Linux compile warning about prctl called with too few | |
2481 | arguments (Bug #1483) | |
2482 | - [Minor] Wrong timezone declaration for 64 bit Irix (Bug #1479) | |
2483 | - [Minor] Some 206 responses logged incorrectly (Bug #1511) | |
2484 | - [Minor] Issues in processing ranges on objects >2GB (Bug #437) | |
2485 | - [Cosmetic] Segmentation fault on empty proxy_auth ACLs (Bug #1414) | |
2486 | - [Minor] Ident access lists don't work in delay_access statements | |
2487 | (Bug #1428) | |
2488 | - [Minor] Some clients support NTLM even if not initially negotiating | |
2489 | persistent connections (Bug #1447) | |
2490 | - [Medium] 504 Gateway Time-out on FTP uploads (Bug #1459) | |
2491 | - [Medium] delay pools given too much bandwidht after "-k reconfigure" | |
2492 | (Bug #1481) | |
2493 | - [Cosmetic] New persistent_connection_after_error configuration | |
2494 | directive (Bug #1482) | |
2495 | - [Cosmetic] Hangs at 100% CPU if /dev/null is not accessible (Bug | |
2496 | #1484) | |
2497 | - [Minor] Fails to compile on Fedora Core 5 test 2 x86_64 (Bug #1492) | |
2498 | - [Cosmetic] Typo in ftp.c (Bug #1507) | |
2499 | - [Cosmetic] Error in FTP listings of files with -> in their name | |
2500 | (Bug #1508) | |
2501 | - [Cosmetic] With Squid-2.5 there is no more the DUPLICATE IP logging | |
2502 | in cache.log (Bug #779) | |
2503 | - [Minor] Fails to process long host names (Bug #1434) | |
2504 | - [Cosmetic] Azerbaijani errors translation (Bug #1454) | |
2505 | - [Cosmetic] misleading error message message for bad/unresolveable | |
2506 | cache_peer name (Bug #1504) | |
2507 | - [Cosmetic] confusing statistics on stateful helpers (NTLM auth) | |
2508 | (Bug #1506) | |
2509 | - [Major] connstate memory leak (Bug #1522) | |
2510 | ||
2511 | Changes to squid-2.5.STABLE12 (22 Oct 2005) | |
2512 | ||
2513 | - [Major] Error introduced in 2.5.STABLE11 causing truncated responses | |
2514 | when using delay pools (Bug #1405) | |
2515 | - [Cosmetic] Document that tcp_outgoing_* works badly in combination | |
2516 | with server_persistent_connections (Bug #454) | |
2517 | - [Cosmetic] Add additinal tracing to squid_ldap_auth making | |
2518 | diagnostics easier on squid_ldap_auth configuration errors | |
2519 | (Bug #1395) | |
2520 | - [Minor] $HOME not set when started as root (Bug #1401) | |
2521 | - [Minor] httpd_accel_single_host breaks in combination with | |
2522 | server_persistent_connections (Bug #1402) | |
2523 | - [Cosmetic] Setting CACHE_HTTP_PORT to configure was only partially | |
2524 | implemented, effectively ignored. (Bug #1403) | |
2525 | - [Minor] CNAME based DNS addresses could get cached for longer | |
2526 | than intended (Bug #1404) | |
2527 | - [Minor] Incorrect handling of squid-internal-dynamic/netdb exchanges | |
2528 | in transparently intercepting proxies (Bug #1410). | |
2529 | - [Minor] Cache revalidations on HEAD requests causing poor cache | |
2530 | hit ratio (Bug #1411). | |
2531 | - [Minor] Not possible to send 302 redirects via a redirector in | |
2532 | response to CONNECT requests (bug #1412) | |
2533 | - [Minor] Incorrect handling of Set-Cookie on cache refreshes (Bug | |
2534 | #1419) | |
2535 | - [Major] Segmentation fault crash in rfc1738_do_escape (Bug #1426) | |
2536 | - [Minor] Delay pools class 3 fails on clients in network 255 | |
2537 | (Bug #1431) | |
2538 | ||
2539 | Changes to squid-2.5.STABLE11 (22 Sep 2005) | |
2540 | ||
2541 | - [Minor] Workaround for servers sending double content-length headers | |
2542 | (Bug #1305) | |
2543 | - [Cosmetic] Updated Spanish error messages by Nicolas Ruiz | |
2544 | - [Cosmetic] Date header corrected on internal objects (icons etc) | |
2545 | (Bug #1275) | |
2546 | - [Minor] squid -k fails in combination with chroot after patch for | |
2547 | bug 1157 (Bug #1307) | |
2548 | - [Cosmetic] Segmentation fault if compiled with | |
2549 | --enable-ipf-transparent but denied access to the NAT device. | |
2550 | (Bug #1313) | |
2551 | - [Minor] httpd_accel_signle_host incompatible with redireection | |
2552 | (Bug #1314) | |
2553 | - [Minor] squid -k reconfigure internal corruption if the type of | |
2554 | a cache_dir is changed (Bug #1308) | |
2555 | - [Minor] SNMP GETNEXT fails if the given OID is outside the Squid MIB | |
2556 | (Bug #1317) | |
2557 | - [Minor] Title in FTP listings somewhat messed up after previous | |
2558 | patch for bug 1220 (Bug #1220) | |
2559 | - [Minor] FTP listings uses "BASE HREF" much more than it needs to, | |
2560 | confusing authentication. (Bug #1204) | |
2561 | - [Minor] winfo_group.pl only looked for the first group if multiple | |
2562 | groups were defined in the same acl. (Bug #1333) | |
2563 | - [Cosmetic] Compiler warnings on some 64-bit platforms (Bug #1316) | |
2564 | - [Cosmetic] Removed some debug output from wb_ntlm_atuh (Bug #518) | |
2565 | - [Cosmetic] The new --with-build-environment=... option doesn't work | |
2566 | - [Cosmetic] New 'mail_program' configuration option in squid.conf | |
2567 | - [Minor] Fails to compile with ip-filter and ARP support on Solaris | |
2568 | x86 (Bug #199) | |
2569 | - [Major] Segmentation fault in sslConnectTimeout (Bug #1355) | |
2570 | - [Medium] assertion failed in StatHist.c:93 (Bug #1325) | |
2571 | - [Minor] More chroot_dir and squid -k reconfigure issues (Bug #1331) | |
2572 | - [Cosmetic] Invalid URLs in error messages when failing to connect | |
2573 | to peer, and a few other inconsistent error messages (Bug #1342) | |
2574 | - [Cosmetic] Fails to compile with glibc -D_FORTIFY_SOURCE=2 | |
2575 | (Bug #1344) | |
2576 | - [Minor] Some odd FTP servers respond with 250 where 226 is expected | |
2577 | (Bug #1348) | |
2578 | - [Cosmetic] Greek translation of error messages (Bug #1351) | |
2579 | - [Major] Assertion failed store_status == STORE_PENDING (Bug #1368) | |
2580 | - [Minor] squid_ldap_auth -U does not work (Bug #1370) | |
2581 | - [Minor] SNMP cacheClientTable fails on "long" IP addresses | |
2582 | (Bug #1375) | |
2583 | - [Minor] Solaris Sparc + IP-Filter compile error (Bug #1374) | |
2584 | - [Minor] E-mail sent when cache dies is blocked from many antispam | |
2585 | rules (Bug #1380) | |
2586 | - [Minor] LDAP helpers does not work with TLS (-Z option) (Bug #1389) | |
2587 | - [Cosmetic] Incorrect store dir selection debug message on objects | |
2588 | larger than 2Gigabyte (Bug #1343) | |
2589 | - [Cosmetic] header_id enum misused as an signed integer (Bug #1343) | |
2590 | - [Cosmetic] Allow leaving core dumps when started as root (Bug #1335) | |
2591 | - [Medium] Clients could bypass delay_pool settings by faking a cache | |
2592 | hit request (Bug #500) | |
2593 | - [Minor] IP-Filter 4.X support (Bug #1378) | |
2594 | - [Medium] Odd results on pipelined CONNECT requests | |
2595 | - [Major] Squid crashing with "FATAL: Incorrect scheme in auth header" | |
2596 | when using NTLM authentication. | |
2597 | - [Cosmetic] Odd results when pipeline_prefetch is combined with NTLM | |
2598 | authentication (bug #1396) | |
2599 | - [Minor] invalid host was processed as IP 255.255.255.255 in dst acl | |
2600 | (Bug #1394) | |
2601 | - [Cosmetic] New --with-maxfd=N configure option to override build | |
2602 | time filedescriptor limit test | |
2603 | - [Minor] Added support for Windows code name "Longhorn" on Cygwin. | |
2604 | ||
2605 | Changes to squid-2.5.STABLE10 (17 May 2005) | |
2606 | ||
2607 | - [Minor Security] Fix race condition in relation to old Netscape | |
2608 | Set-Cookie specifications | |
2609 | - [Minor] Fails to parse D.J. Bernstein's FTP EPLF ftp listing | |
2610 | format and PASV resposes (Bug #1252) | |
2611 | - [Medium] BASE HREF missing on ftp directory URLs without / | |
2612 | (Bug #1253) | |
2613 | - [Minor security] confusing http_access results on configuration | |
2614 | error (Bug #1255) | |
2615 | - [Cosmetic] More robust Date parser (Bug #321) | |
2616 | - [Minor] reload_with_ims fails to refresh negatively cached objects | |
2617 | (Bug #1159) | |
2618 | - [Cosmetic] delay_access description clarification (Bug #1245) | |
2619 | - [Cosmetic] Check for integer overflow in size specifications in | |
2620 | squid.conf (Bug #1247) | |
2621 | - [Cosmetic] bzero is a non-standard function not available on all | |
2622 | platforms (Bug #1256) | |
2623 | - [Cosmetic] Compiler warnings if pid_t is not an int (Bug #1257) | |
2624 | - [Cosmetic] Incorrect use of ctype functions (Bug #1259) | |
2625 | - [Cosmetic] Defer digest fetch if the peer is not allowed to be used | |
2626 | (Bug #1261) | |
2627 | - [Minor] Duplicate content-length headers logged incorrectly or | |
2628 | not cleaned up properly (Bug #1262) | |
2629 | - [Cosmetic] Extend relaxed_header_parser to work around "excess | |
2630 | data from" errors from many major web servers. (Bug #1265) | |
2631 | - [Minor] Add HTTP headers to a netdb error messages | |
2632 | - [Minor] Multiple minor aufs issues (Bug #671) | |
2633 | - [Minor] Basic authentication fails with very long logins or | |
2634 | password (Bug #1171) | |
2635 | - [Minor] CONNECT requests truncated if client side disconnects first | |
2636 | (Bug #1269) | |
2637 | - [Minor] --disable-hostname-checks configure option did not work | |
2638 | - [Cosmetic] LDAP helpers adjusted to compile with SUN LDAP SDK | |
2639 | - [Cosmetic] aufs warning about open event filedescriptors on shutdown | |
2640 | - [Medium] Failed to process requests for files larger than 2GB in size | |
2641 | - [Cosmetic] rename() related cleanup | |
2642 | - [Cosmetic] New cachemgr pending_objects and client_objects actions | |
2643 | - [Cosmetic] external acls requiring authentication did not request | |
2644 | new credentials on access denials like proxy_auth does. | |
2645 | - [Cosmetic] Syslog facility now configurable via command line options. | |
2646 | - [Cosmetic] New %a error page template code expanding into the | |
2647 | authenticated user name. (Bug #798) | |
2648 | - [Minor] IP-Filter 4.0 support in --enable-ipf-transparent | |
2649 | - [Minor] Support interception of multiple ports | |
2650 | - [Cosmetic] Allow "squid -k ..." to run even if the local hostname | |
2651 | can not be determined (Bug #1196) | |
2652 | - [Cosmetic] Configuration file parser now handles DOS/Windows formatted | |
2653 | configuration files with CRLF lineendings proper. | |
2654 | - [Minor] Unrecognized Cache-Control directives now forwarded properly | |
2655 | (Bug #414) | |
2656 | - [Minor] Authentication helpers now returns useable information | |
2657 | in the %m error page macro on failed authentication (Bug #1223) | |
2658 | - [Minor] pid file management corrected in chroot use (Bug #1157) | |
2659 | - [Minor Security] Fix for CVE-1999-0710: cachemgr malicouse use. | |
2660 | cachemgr.cgi now reads a config file telling which proxy servers | |
2661 | it can administer. | |
2662 | - [Minor] aufs statistics improvements | |
2663 | - [Minor] SNMP bugfixes and support for SNMPv2(c) (Bug #1288, #1299) | |
2664 | - [Minor] ARP acl documentation and cachemgr config dump corrections | |
2665 | - [Minor] dstdomain/dstdom_regex acls now allow matching of numeric | |
2666 | hostnames in addition to the reverse lookup of the domain name. | |
2667 | - [Security] Internal DNS client hardened against spoofing | |
2668 | ||
2669 | Changes to squid-2.5.STABLE9 (24 Feb 2005) | |
2670 | ||
2671 | - [Medium] Don't retry requests on 403 errors (Bug #1210) | |
2672 | - [Minor] Ignore invalid FQDN DNS responses (Bug #1222) | |
2673 | - [Minor] cache_peer related memory leaks on reconfigure (Bug #1246) | |
2674 | - [Cosmetic] Adjusted to build cleanly with GCC-4 (Bug #1211) | |
2675 | - [Minor] relaxed_header_parser extended to work around even more | |
2676 | broken web servers (Bug #1242) | |
2677 | - [Minor] FTP gatewaying URLs cleaned up slightly, mainly to work | |
2678 | better with Mozilla but also to improve security slightly on | |
2679 | non-anonymous FTP. | |
2680 | - [Minor] High characters allowed un-encoded in FTP and Gopher | |
2681 | listings to allow the user-agent to display data in non-iso8859-1 | |
2682 | charsets. (Bug #1220) | |
2683 | - [Cosmetic] format fixes to silence compiler warnings on many | |
2684 | platforms. | |
2685 | - [Major] Assertion failures on certain odd DNS responses (Bug #1234) | |
2686 | ||
2687 | Changes to squid-2.5.STABLE8 (11 Feb 2005) | |
2688 | ||
2689 | - [Minor] 100% CPU usage on half-closed PUT/POST requests (Bug #354, | |
2690 | #1096) | |
2691 | - [Cosmetic] Document -v (protocol version) option to LDAP helpers | |
2692 | - [Minor] The new req_header and resp_header acls segfaults | |
2693 | immediately on parse of squid.conf (Bug #961) | |
2694 | - [Minor] Failure to shut down busy helpers on -k rotate/reconfigure | |
2695 | (Bug #1118) | |
2696 | - [Minor] Don't use O_NONBLOCK on disk files. (Bug #1102) | |
2697 | - [Minor] Squid fails to close TCP connection after blank HTTP | |
2698 | response (Bug #1116) | |
2699 | - [Minor security] Random error messages in response to malformed | |
2700 | host name (Bug #1143) | |
2701 | - [Minor] PURGE should not be able to delete internal objects | |
2702 | (Bug #1112) | |
2703 | - [Minor] httpd_accel_port 0 (virtual) not working correctly (Bug | |
2704 | #1121) | |
2705 | - [Minor] cachemgr vm_objects segfault (Bug #1149) | |
2706 | - [Minor security] Confusing results on empty acl declarations (Bug | |
2707 | #1166) | |
2708 | - [Minor] Don't close all "other" filedescriptors on startup (Bug | |
2709 | #1177) | |
2710 | - [Minor] fakeauth_auth memory leak and NULL pointer access (Bug | |
2711 | #1183) | |
2712 | - [Security] buffer overflow bug in gopherToHTML() (Bug #1189) | |
2713 | - [Medium security] Denial of service with forged WCCP messages | |
2714 | (Bug #1190) | |
2715 | - [Minor] DNS related memory leak on certain malformed DNS responses | |
2716 | (Bug #1197) | |
2717 | - [Minor] Internal DNS sometimes truncates host names in reverse | |
2718 | (PTR) lookups (Bug #1136) | |
2719 | - [Minor Security] Add sanity checks on LDAP user names (Bug #1187) | |
2720 | - [Security] Harden Squid against HTTP request smuggling attacks | |
2721 | - [Minor] Icon URLs fails in non-anonymous FTP directory listings is | |
2722 | short_icon_urls is on (Bug #1203) | |
2723 | - [Security] Harden Squid against HTTP response splitting attacks | |
2724 | (Bug #1200) | |
2725 | - [Medium security] Buffer overflow in WCCP recvfrom() call | |
2726 | (Bug #1217) | |
2727 | - [Security] Properly handle oversized reply headers (Bug #1216) | |
2728 | - [Minor] LDAP helpers search fixed to properly ask for no attributes | |
2729 | - [Minor] A sporadic segmentation fault when using ntlm authentication | |
2730 | fixed (Bug #1127) | |
2731 | - [Major] Segmentation fault on failed PUT/POST requests (Bug #1224) | |
2732 | - [Medium] Persistent connection mismatch on failed PUT/POST request | |
2733 | (Bug #1122) | |
2734 | - [Minor] WCCP easily disturbed by forged packets (Bug #1225) | |
2735 | - [Minor] Password management in ftp:// gatewaying improved (Bug #1226) | |
2736 | - [Major] HTTP reply data corruption in certain situations involving | |
2737 | reply headers split over multiple packets (Bug #1233) | |
2738 | ||
2739 | Changes to squid-2.5.STABLE7 (11 Oct 2004) | |
2740 | ||
2741 | - [Medium] No objects cached in ufs cache_dir type in some | |
2742 | configurations. Issue introduced in 2.5.STABLE6 by the patch for | |
2743 | Bug #676. (Bug #1011) | |
2744 | - [Minor] LDAP helpers update to correct LDAP connection management | |
2745 | and add support for literal password compare instead of binding | |
2746 | - [Minor] A large number of queued DNS lookups for the same domain | |
2747 | (Bug #852) | |
2748 | - [Cosmetic] request_header_max_size configuration partly ignored | |
2749 | (Bug #899) | |
2750 | - [Minor] Partial hit results in TCP_HIT, not TCP_MISS. (Bug #1001) | |
2751 | - [Cosmetic] HEAD requests may return stale information | |
2752 | (Bug #1012) | |
2753 | - [Cosmetic] Warn if cache_dir ufs can not create files. (Bug #918) | |
2754 | - [Minor] case insensitive authentication (Bug #431) | |
2755 | - [Cosmetic] Add delay pools information to active_requests. (Bug | |
2756 | #882) | |
2757 | - [Minor] Apparent memory leak in client_db (Bug #833) | |
2758 | - [Minor] NTLM authentication truncated causing failures. (Bug | |
2759 | #1016) | |
2760 | - [Cosmetic] Grammatical corrections in squid.conf.default | |
2761 | - [Cosmetic] Unknown %X errorpage codes incorrectly quoted. (Bug | |
2762 | #1030) | |
2763 | - [Medium] Segfaults and other strange crashes when using heap | |
2764 | policies. (Bug #1009) | |
2765 | - [Minor] Supplementary group memberships not set (Bug #1021) | |
2766 | - [Cosmetic] ERR_TOO_BIG Portuguese translation | |
2767 | - [Minor] external_acl does not handle newlines (Bug #1038) | |
2768 | - [Major] NTLM authentication denial of service when using msnt_auth | |
2769 | or fake_auth (Bug #1045) | |
2770 | - [Medium] Memory leaks when using NTLM authentication without | |
2771 | challenge reuse. (Bug #994) | |
2772 | - [Minor] Temporary NTLM memory leak with challenge reuse enabled | |
2773 | (Bug #910) | |
2774 | - [Minor] assertion failed: "n_ufs_dirs <= | |
2775 | Config.cacheSwap.n_configured". (Bug #1053) | |
2776 | - [Minor] Segfault in authenticateDigestHandleReply. (Bug #1031) | |
2777 | - [Minor] acl time fails to parse multiple time specifications | |
2778 | (Bug #1060) | |
2779 | - [Minor] cachemgr config dumps mixed up Range and Request-Range | |
2780 | headers in http_header_access & replace directives. (Bug #1056) | |
2781 | - [Minor] Content-Disposition added as a well known header (Bug #961) | |
2782 | - [Cosmetic] Don't warn about arp acls not being supported on FreeBSD | |
2783 | (Bug #1074) | |
2784 | - [Cosmetic] Limit internal send/receive buffer sizes (Bug #1075) | |
2785 | - [Medium] New acl types to match arbitrary HTTP headers. In addition | |
2786 | the http_header_access & replace directives now support arbitrary | |
2787 | headers and not only the well known ones. (Bug #961) | |
2788 | - [Cosmetic] ncsa_auth now accepts Window formatted password files | |
2789 | (Bug #1078) | |
2790 | - [Cosmetic] Support the --program-prefix/suffix options or other | |
2791 | configure program name transforms (Bug #1019) | |
2792 | - [Minor] Fix race condition in CONNECT and also handle aborts of | |
2793 | CONNECT requests in a more graceful manner. (Bug #859) | |
2794 | - [Minor] New balance_on_multiple_ip directive to work around certain | |
2795 | broken load balancers and optimized ipcache on reload requests | |
2796 | (Bug #1058) | |
2797 | - [Medium] New reply_header_max_size directive | |
2798 | (Bug #874) | |
2799 | - [Minor] Suspected instability on aborted PUT/POST requests | |
2800 | (Bug #1089) | |
2801 | - [Security] SNMP Denial of Service fix (CAN-2004-0918) | |
2802 | ||
2803 | Changes to squid-2.5.STABLE6 (9 Jul 2004) | |
2804 | ||
2805 | - Bug #937: NTLM assertion error "srv->flags.reserved" | |
2806 | - Bug #935: squid_ldap_auth can be confused by the use of reserved | |
2807 | characters | |
2808 | - Helper queue warnings imprecise on the number of helpers required | |
2809 | - squid_ldap_auth TLS mode works correctly again | |
2810 | - Bug #940, #305: pkg-config support for finding correct OpenSSL | |
2811 | compile flags | |
2812 | - Bug #426: "Vary: *" is ignored | |
2813 | - 100% CPU usage on Linux-2.2 | |
2814 | - Version number should not include -CVS if autoconf is run | |
2815 | - Bug #947: deny_info redirection with requested URL escaped wrongly | |
2816 | - Bug #495: CONNECT timeout should produce a 504 or 503 | |
2817 | - Bug #956: cache_swap_log documentation referred to swap.state by | |
2818 | it's old swap.log name | |
2819 | - ntlm/auth_ntlm.c(683): warning #187: use of "=" where "==" may | |
2820 | have been intended | |
2821 | - Bug #962: rfc1035NameUnpack: Assertion (*off) < sz failed | |
2822 | - Bug #954: Segment violation when using a blank user name in digest | |
2823 | authentication | |
2824 | - Bug #943: assertion failed: errorpage.c:292: "mem->inmem_hi == 0" | |
2825 | - Spelling corrections in configure and squid.conf.default | |
2826 | - The meaning of ERR in digest helper protocol clarified in the | |
2827 | squid.conf documentation | |
2828 | - Bug #950: Spelling error in Turkish ERR_DNS_FAIL | |
2829 | - Bug #616: Negative cached 404 replies with VARY header never matched | |
2830 | - Bug #968: range_offset_limit -1 KB rejected as invalid syntax | |
2831 | due to a shortcoming in the fix to bug #817 | |
2832 | - Bug #570: Very large cache_mem values reported wrongly in cache.log | |
2833 | - Bug #676: store_dir_select_algorithm least-load doesn't work for | |
2834 | ufs cache_dir type | |
2835 | - Bug #946: cacheCurrentUnlinkRequests should be a counter, not gauge | |
2836 | - Bug #948: Show client ip in cache.log debug output | |
2837 | - Bug #960: compilation issue on OpenBSD/m88k | |
2838 | - Bug #969: FTP directory listing HTML DOCTYPE misread by some tools | |
2839 | - Bug #991: dns_servers should default to localhost if no resolv.conf | |
2840 | - Bug #717: msnt_auth documentation update | |
2841 | - Bug #753: Segfault in memBufVPrintf on certain architectures | |
2842 | requiring va_copy | |
2843 | - Bug #941: Negative size in access.log on long running CONNECT | |
2844 | requests | |
2845 | - Bug #972: Segmentation fault after "Likely proxy abuse detected" | |
2846 | - Bug #981: sasl_auth updated to work with SALS2 | |
2847 | - Overflow bug in Squid's ntlm_auth helper used for transparent NTLM | |
2848 | authentication to a NT domain without using Samba. | |
2849 | ||
2850 | Changes to squid-2.5.STABLE5 (1 Mar 2004): | |
2851 | ||
2852 | - cache.log message on "squid -k reconfigure" was slightly confusing, | |
2853 | claiming Squid restarted when it just reread the configuration. | |
2854 | - Bug #787: digest auth never detects password changes | |
2855 | - Bug #789: login with space confuses redirector helpers | |
2856 | - Bug #791: FQDNcache discards negative responses when using | |
2857 | internal DNS | |
2858 | - pam_auth fails on Solaris when using pam_authtok_get. Persistent | |
2859 | PAM connections are unsafe and now disabled by default. | |
2860 | - auth_param documentation clarifications and added default realm | |
2861 | values making only the helper program a required attribute | |
2862 | - Bug #795: German ERR_DNS_FAIL correction | |
2863 | - Bug #803: Lithuanian error messages update | |
2864 | - Bug #806: Segfault if failing to load error page | |
2865 | - Bug #812: Mozilla/Netscape plugins mime type defined (.xpi) | |
2866 | - Bug #817: maximum_object_size too large causes squid not to cache | |
2867 | - Bug #824: 100% CPU loop if external_acl combined with separate | |
2868 | authentication acl in the same http_access line | |
2869 | - squid_ldap_group updated to version 2.12 with support for ldaps:// | |
2870 | (LDAPv2 over SSL) and a numer of other improvements. | |
2871 | - Bug #799: positive_dns_ttl ignored when using internal DNS. | |
2872 | - Bug #690: Incorrect html on empty Gopher responses | |
2873 | - Bug #729: --enable-arp-acl may give warning about net/route.h | |
2874 | - Bug #14: attempts to establish connection may look like syn flood | |
2875 | attack if the contacted server is refusing connections | |
2876 | - errorpage README files included in the distribution again showing | |
2877 | who contributed which translation | |
2878 | - Bug #848: connect_timeout connect_timeout ends up twice the length. | |
2879 | forward_timeout option added to address this. | |
2880 | - Bug #849: DNS log error messages should report the failed query | |
2881 | - Bug #851: DNS retransmits too often | |
2882 | - Bug #862: Very frequently repeated POST requests may cause a | |
2883 | filedescriptor shortage due to persitent connections building up | |
2884 | - Bug #853: Sporatic segmentation faults on aborted FTP PUT requests | |
2885 | - Bug #571: Need to limit use of persistent connections when | |
2886 | filedescriptor usage is high | |
2887 | - Bug #856: FTP/Gopher Icon URLs are unneededly complex and often | |
2888 | does not work properly | |
2889 | - Bug #860: redirector_access does not handle "slow" acls such as | |
2890 | "dst" or "external" requiring a external lookup. | |
2891 | - Bug #865: Persistent connection usage too high after sudden burst | |
2892 | of traffic. | |
2893 | - Bug #867: cache_peer max-conn=.. option does not work | |
2894 | - Bug #868: refuses to start if pid_filename none is specified | |
2895 | - Bug #887: LDAP helper -Z (TLS) option does not work | |
2896 | - Bug #877: Squid doesn't follow telnet protocol on FTP control | |
2897 | connections | |
2898 | - Bug #908: Random auth popups and account lockouts when using ntlm | |
2899 | - Support for NTLM_NEGOTIATE exchanges with ntlm helpers | |
2900 | - Bug #585: cache_peer_access fails with NTLM authentication | |
2901 | - Bug #592: always/never_direct fails with NTLM authentication | |
2902 | - wbinfo_group update for Samba-3 | |
2903 | - Bug #892: helpers/ntlm_auth/SMB/ fails to compile on FreeBSD 5.0 | |
2904 | - Bug #924: miss_access restricts internal and cachemgr requests | |
2905 | even if these are local | |
2906 | - Bug #925: auth headers send by squidclient are mildly malformed | |
2907 | - Bug #922: miss_access and delay_access and several other | |
2908 | authentication related bug fixes. | |
2909 | - Bug #909: Added ARP acl support for FreeBSD | |
2910 | - Bug #926: deny_info with http_reply_access or miss_access | |
2911 | - Bug #872: reply_body_max_size problems when using NTLM auth | |
2912 | - Bug #825: random segmentation faults when using digest auth | |
2913 | - Bug #910: Partial fix for temporary memory leaks when using NTLM | |
2914 | auth. There is still problems if challenge reuse is enabled. | |
2915 | - ftp://anonymous@host/ now accepted without requiring a password | |
2916 | - Bug #594: several mime type updates (ftp:// related) | |
2917 | - url_regex enhanced to allow matching of %00 | |
2918 | ||
2919 | Changes to squid-2.5.STABLE4 (15 Sep 2003): | |
2920 | ||
2921 | - Lithuanian error messages added to the distribution | |
2922 | - Bug #660: segfauld if more than one custom deny_info line | |
2923 | - cache_dir disd documentation cleanup | |
2924 | - check open of /dev/null to avoid 100% CPU loop in badly | |
2925 | configured chroot environments | |
2926 | - documentation update on uri_whitespace to refer to the correct RFC | |
2927 | - Bug #655: icmpRecv: recv: (11) Resource temporarily unavailable | |
2928 | - Bug #683: external_acl does not wait for ident lookups to complete | |
2929 | - aufs: Fix a minor use-after-free problem which could cause the | |
2930 | count of opening filedescriptors to grow larger than it should | |
2931 | - Syntax changes to make GCC-3.3 accept Squid without complaints | |
2932 | - Warning if CARP server defined in incorrect load factor order | |
2933 | - neighbor_type_domain documentation update | |
2934 | - http_header_access now works when using cache peers | |
2935 | - high_memory_warning now uses sbrk as fallback mechanism on | |
2936 | platforms where neither mallinfo or mstats are available. | |
2937 | - hosts_file now handles comments at the end of lines correcly | |
2938 | - storeCheckCachable() Stats corrected for release_request and | |
2939 | wrong_content_length. | |
2940 | - cachePeerPingsSent MIB type corrected | |
2941 | - unused minimum_retry_timeout directive removed | |
2942 | - Bug #702: ERR_TO_BIG spanish translation | |
2943 | - Bug #705: Memory leak on deny_info TCP_RESET | |
2944 | - Code cleanup to fix compile error in httpHeaderDelById | |
2945 | - Bug #699: Host header now forwarded exactly where it was in the | |
2946 | original request to work around certain broken firewalls or | |
2947 | load balancers which fail if this header is too far into the | |
2948 | request headers. | |
2949 | - Bug #704: Memory leak on reply_body_max_size | |
2950 | - Bug #686: requests denied due to http_reply_access are now | |
2951 | logged with TCP_DENIED (instead of TCP_MISS, etc). | |
2952 | - Bug #708: ie_refresh now sends no-cache to have the reload | |
2953 | request propagate properly in cache meshes | |
2954 | - Bug #700: Crashes related to ftpTimeout: timeout in SENT_PASV state | |
2955 | - Bug #709: cbdata.c:186: "c->valid" assertion due to peer | |
2956 | digest not found | |
2957 | - Bug #710: round-robin cache_dir selection incorrectly | |
2958 | compares max-size. | |
2959 | - Statistics corrections in HTTP header statitics | |
2960 | - QUICKSTART cleanups | |
2961 | - Bug #715: statCounter.syscalls.disk counters treated | |
2962 | inconsistently. Now increment the counters in AUFS | |
2963 | functions and for unlinkd. | |
2964 | - Improvements to the (experimental) COSS storage scheme. | |
2965 | - Bug #721: User name field in access.log sometimes blank | |
2966 | - Bug #94: assertion failed: http.c: "-1 == cfd || | |
2967 | FD_SOCKET == fd_table[cfd].type" | |
2968 | - Bug #716: assertion failed: client_side.c:1478: "size > 0" | |
2969 | - Bug #732: aufs calculates number of threads and limits wrongly | |
2970 | - Bug #663: Username not logged into access.log in case of /407 | |
2971 | - Bug #267: Form POSTing troubles with NTLM authentication | |
2972 | and occationally in differen other error conditions. | |
2973 | - Bug #736: ICP dynamic timeout algorithm ignores multicast. | |
2974 | - Bug #733: No explicit error message when ncsa_auth can't access | |
2975 | passwd file | |
2976 | - Bug #267, #757: POST with NTLM stops after persistent connection | |
2977 | timeout | |
2978 | - Bug #742: Wrong status code on access denials if delay_access | |
2979 | is used. Most notably 407 instead of 403 could be returned. | |
2980 | - Bug #763: segfault if using ntlm in http_reply_access | |
2981 | - Bug #638: assertion error if using proxy_auth in delay_access | |
2982 | - Bug #756: segmentation fault if using ntlm proxy_auth in delay_access | |
2983 | - The issue of reply_body_max_size limiting the size of error | |
2984 | messages no longer applies. | |
2985 | - external_acl_type concurrency= option renamed to children= to | |
2986 | prepare for Squid-3 upgrades. Old syntax still accepted for the | |
2987 | duration of the Squid-2.5 release. | |
2988 | - number of filedescriptors rounded down to an even multiple of 64 | |
2989 | to work around issues in certain libc implementations. | |
2990 | - winbind helpers less noisy in cache.log on restarts/shutdown. | |
2991 | - Squid now automatically restarts helpers if too many of them | |
2992 | have crashed. | |
2993 | ||
2994 | Changes to squid-2.5.STABLE3 (25 May 2003): | |
2995 | ||
2996 | - Bug #573: Occational false negatives in external acl lookups | |
2997 | - Bug #577: assertion failed: cbdata.c:224: "c->y == c" when | |
2998 | external_acl helpers crashes | |
2999 | - Bug #590: Squid may hang or behave oddly on shutdown while | |
3000 | requests is being processed. | |
3001 | - Bug #590: external acl lookups does not deal well with queue | |
3002 | overload | |
3003 | - cache_effective_user documentation update | |
3004 | - cache_peer documentation update for htcp and carp | |
3005 | - Bug #600: The example header_access paranoid setting is | |
3006 | missing WWW-Authenticate | |
3007 | - Bug #605: Segmentation fault in idnsGrokReply() on certain | |
3008 | platforms | |
3009 | - Fixes to build properly on AIX 5 | |
3010 | - Bug #574: wb_group updated to version 1.1 to make group names | |
3011 | case insensitive and correct a segfault issue in the helper | |
3012 | - SNMP mib updates to make cacheNumObjCount, | |
3013 | cacheCurrentUnlinkRequests, cacheCurrentSwapSize and cacheClients | |
3014 | correctly report as gauges (was reporting as counters). | |
3015 | - Woraround for --enable-ssl Kerberos issue on RedHat 9 | |
3016 | - Bug #579: Close and repopen log files on "squid -k reconfigure" | |
3017 | - Bug #598: squid_ldap_auth could segfault if LDAP server is | |
3018 | unavailable | |
3019 | - Bug #609,#612: msntauth helper fixes in dealing with large | |
3020 | or non-existing allow/deny user files. | |
3021 | - Bug #620: acl ident REQUIRED matches even if the ident lookup fails | |
3022 | - Bug #432: reply_body_max_size fails with ident or proxy_auth acls | |
3023 | and also fails to block large objects where the content-length | |
3024 | is not known | |
3025 | - Bug #606: Basic auth looping and gets stuck at high CPU usage when | |
3026 | multiple proxy_auth ACLs combined in one line and login fails. | |
3027 | - squid_ldap_auth updated with support for TLS and SSL | |
3028 | - Bug #623: segfault if using negated external acls in certain | |
3029 | configurations involving other acls later on the same http_access | |
3030 | line. | |
3031 | - Bug #622: wb_group helper update to version 1.2 to ass support for | |
3032 | Domain-Qualified groups refering to groups in a specific domain | |
3033 | - Bug #596: logic error in poll() error management | |
3034 | - Bug #597: logic errors in error management | |
3035 | - Bug #591: segmentation fault in authentication on "squid -k debug" | |
3036 | - Bug #587: smb_auth fails on complex logins involving domain names | |
3037 | or other odd characters | |
3038 | - Bug #558, #587: smb_auth.pl fails on complex logins involving | |
3039 | domain names or other odd characters | |
3040 | - Bug #643: external_acl fails with ttl=0 due to a change introduced | |
3041 | by the patch for Bug #553 in 2.5.STABLE2. | |
3042 | - Bug #630: minor issues in digest authantication causing random | |
3043 | authentication failures and incompability with many mainstream | |
3044 | browser digest implementations due to browser qop bugs. To deal | |
3045 | with those broken browser nonce_stricness now defaults to off, | |
3046 | and two new digest options have been added (check_nonce_count | |
3047 | and post_workaround) to allow workarounds to other quite bad | |
3048 | browser bugs if needed. | |
3049 | - Bug #644: digest authentication fails on requests with one | |
3050 | or more comma in the requested URL | |
3051 | - Bug #648: deny_info TCP_RESET not working. The fix for this also | |
3052 | adds the ability to send redirects. | |
3053 | ||
3054 | Changes to squid-2.5.STABLE2 (Mars 17, 2003): | |
3055 | ||
3056 | - Contrib files added back to the distribution | |
3057 | - Several compiler warnings fixed when using --disable-ident or | |
3058 | --disable-http-violations | |
3059 | - authentication can now be used in most access controls, but | |
3060 | must in most cases first be enforced in http_access to force | |
3061 | the user to authenticate. | |
3062 | - cleanups in the developer bootstrap.sh process when preparing | |
3063 | the sources. | |
3064 | - several squid.conf.default documentation updated to correctly | |
3065 | refer to the current names when refering to other directives | |
3066 | - authenticate_ip_ttl documentation updates | |
3067 | - several assertion faults and segmentation violations corrected | |
3068 | - the RunCache/RunAccel and squid.rc scripts updated to refer to | |
3069 | the squid binary in sbin rather than the old bin location. | |
3070 | - squid_ldap_auth command line processing fixes when specifying | |
3071 | the LDAP server last on the line instead of -h option | |
3072 | - aufs data corruption bugfix | |
3073 | - aufs performance improvement for low traffic systems | |
3074 | - aufs stability improvements | |
3075 | - external_acl corrected to properly deal with quoted strings | |
3076 | - WCCPv1 bugfix to make sure the router accepts the hash assignments | |
3077 | - "Total accounted memory" now correctly reported in cachemgr | |
3078 | - several small memory leaks (mostly reconfigure related) | |
3079 | - new squid.conf option to allow GET/HEAD requests with a request | |
3080 | entity | |
3081 | - "make uninstall" no longer removes squid.conf | |
3082 | - cachemgr.cgi now uses POST to avoid having the cachemgr password | |
3083 | logged in the web server logs | |
3084 | - authentication schemes which are known to not be proxyable are now | |
3085 | filtered out from forwarded server replies to avoid that the clients | |
3086 | tries to use such schemes when we know for a fact it won't work | |
3087 | - spelling corrections in various error messages | |
3088 | - now possible to define acl values with spaces in them | |
3089 | by using the "include file" feature | |
3090 | - squid_ldap_group updated to 2.10 to fix compilation issues with | |
3091 | recent (and older) OpenLDAP libraries and to make the helper deal | |
3092 | correctly with true LDAP groups by first looking up the user DN. | |
3093 | - Some internal code cleanups | |
3094 | - now verifies that programs etc exists iside the chroot directory | |
3095 | when using chroot_dir. No longer neccesary to set up a split view | |
3096 | environment where the same paths works both inside the chroot and | |
3097 | outside just to convince Squid that the files is actually there.. | |
3098 | - improved memory usage reporting | |
3099 | - --disable-hostname-checks configure option | |
3100 | - no longer ignores double dots in host names. Any hostname with | |
3101 | double dots is now rejected as invalid. | |
3102 | - log_mime_hdrs no longer logs garbage if very long headers | |
3103 | are seen. | |
3104 | - 'select_fds_hist' object added to cachemgr 'histogram' output | |
3105 | - pid file now unlinked when squid has really shut down, not | |
3106 | immediately when the shutdown request is received. This allows | |
3107 | the pid file to be monitored to determine when Squid has shut down | |
3108 | properly | |
3109 | - correct authentication scheme setups on some platforms or compilers | |
3110 | - several squid.conf.default documentation updates to remove references | |
3111 | to renamed or replaced directives by changing them to their current | |
3112 | names. | |
3113 | - the SSL reverse proxy support updated to allow building with | |
3114 | OpenSSL 0.9.7 and and later. | |
3115 | - Corrected a minor performance problem while processing HEAD replies | |
3116 | from various broken web servers not sending a correct HTTP reply | |
3117 | - time acls can now specify multiple times in the same acl name, like | |
3118 | most other acl types. | |
3119 | - winbind helpers updated to match Samba-2.2.7a and should | |
3120 | work with Samba-2.2.6 or later (required). For compability with | |
3121 | older Samba versions A new configure option --with-samba-sources=... | |
3122 | has been added to allow you to specify which Samba version the | |
3123 | helpers should be built for if different than the above versions. | |
3124 | - Squid MIB definition syntax correction to work better with newer | |
3125 | (and older) SNMP tools. | |
3126 | - Fixed access.log format when logging "error:invalid-HTTP-ident" on | |
3127 | requests where parsing the HTTP identifier (HTTP/1.0) failed. | |
3128 | - "make distclean" no longer removes the icons, this avoids the | |
3129 | dependency on "uudecode" to rebuild Squid after "make distclean" | |
3130 | - User name returned by external acl lookups (external_acl_type) | |
3131 | is now available as "ident" in later acl checks in addition to | |
3132 | the logging in access.log. | |
3133 | - Incorrect behaviour of Digest authentication partly corrected - it | |
3134 | will not handle sessions, but will always enforce password | |
3135 | correctness.. (patch submitted by Sean Burford). | |
3136 | - Issue with persistent connections and PUT/POST request corrected | |
3137 | ||
3138 | Changes to squid-2.5.STABLE1 (September 25, 2002): | |
ddf1c0c4 | 3139 | |
94439e4e | 3140 | - Major rewrite of proxy authentication to support other schemes |
3141 | than basic. First in the line is NTLM support but others can | |
a2794549 | 3142 | easily be added (minimal digest is present). See Programmers Guide. |
6437ac71 | 3143 | (Robert Collins & Francesco Chemolli) |
94439e4e | 3144 | - Reworked how request bodies are passed down to the protocols. |
3145 | Now all client side processing is inside client_side.c, and | |
3146 | the pass and pump modules is no longer used. | |
3ff01c3e | 3147 | used by Squid. |
722a4b40 | 3148 | - Optimized searching in proxy_auth and ident ACL types. Squid should |
3149 | now handle large access lists a lot more efficiently. | |
05fbbc17 | 3150 | (Francesco Chemolli) |
e396d395 | 3151 | - Fixed forwarding/peer loop detection code (Brian Degenhardt) - |
3152 | now a peer is ignored if it turns out to be us, rather than | |
3153 | committing suicide | |
1224d740 | 3154 | - Changed the internal URL code to obey appendDomain for internal |
3155 | objects if it needs appending. This fixes weirdnesses where | |
3156 | a machine can think it is "foo.bar.com", and "foo" is requested. | |
3157 | (Brian Degenhardt) | |
a2794549 | 3158 | - Added the use of Automake to create the Makefile.in's in the squid |
3159 | source tree. This will allow libtool in the future, and immediately | |
3160 | allows better dependency tracking - with or without gcc - as well | |
3161 | as the dist-all and distcheck targets for developers which respectively | |
3162 | build a tar.gz and a tar.bz2 distribution, and check that what will be | |
3163 | distributed builds. | |
d6827718 | 3164 | - Added TOS and source address selection based on ACLs, |
3165 | written by Roger Venning. This allows administrators to set | |
3166 | the TOS precedence bits and/or the source IP from a set of | |
3167 | available IPs based upon some ACLs, generally to map different | |
3168 | users to different outgoing links and traffic profiles. | |
50821507 | 3169 | - Added 'max-conn' option to 'cache_peer' |
3170 | - Added SSL gatewaying support, allowing Squid to act as a SSL server | |
3171 | in accelerator setups. | |
4e2c57a0 | 3172 | - SASL authentication helper by Ian Castle |
6474667e | 3173 | - msntauth updated to v2.0.3 |
3e4057db | 3174 | - no_cache now applies to cache hits as well as cache misses |
810118ab | 3175 | - the Gopher client in Squid has been significantly improved |
05463204 | 3176 | - Squid now sanity checks FTP data connections to ensure the |
6474667e | 3177 | connection is from the requested server. Can be disabled if |
05463204 | 3178 | needed by turning off the ftp_sanitycheck option. |
98858605 | 3179 | - external acl support. A mechanism where flexible ACL checks |
3180 | can be driven by external helpers. See the external_acl_type | |
3181 | and acl external directives. | |
3e4057db | 3182 | - Countless other small things and fixes |
2d8d56b0 | 3183 | - HTML pages generated by Squid or CacheMgr as well as the |
3184 | ERR documents now contain a doctype declaration so that | |
22567bb5 | 3185 | browsers know which HTML specification the document uses. |
2d8d56b0 | 3186 | In addition to that they have a new look (background-color, font) |
3187 | and are valid according to the HTML standards at www.w3.org. | |
3ff01c3e | 3188 | (Clemens L ser) |
9bbd1655 | 3189 | - Login and password send to Basic auth helpers is now URL escaped |
3190 | to allow for spaces and other "odd" characters in logins and | |
3191 | passwords | |
c90fbf46 | 3192 | - Proxy Authentication is no longer blindly forwarded to peer |
3193 | caches if not used locally. If forwarding of proxy authentication | |
3194 | is desired then it must now be configured with the login=PASS | |
3195 | cache_peer option. | |
6474667e | 3196 | - Responses with Vary: in the header are now cached by squid. |
1239cfea | 3197 | (Henrik Nordstrom). |
3ff01c3e | 3198 | - Removed unused 'siteselect_timeout' directive. |
c5bc64d3 | 3199 | |
dde94193 | 3200 | Changes to Squid-2.4.STABLE7 (July 2, 2002): |
3201 | ||
3202 | - Squid now drops any requests using transfer-encoding. | |
3203 | Squid is a HTTP/1.0 proxy and as such do not support | |
3204 | the use of transfer-encoding. | |
3205 | - The MSNT auth helper has been updated to v2.0.3+fixes for | |
3206 | buffer overflow security issues found in this helper. | |
3207 | - A security issue in how Squid forwards proxy authentication | |
3208 | credentials has been fixed | |
3209 | - Minor changes to support Apple MAC OS X and some other platforms | |
3210 | more easily. | |
3211 | - The client -T option has been implemented | |
3212 | - HTCP related bugfixes in "squid -k reconfigure" | |
3213 | - Several bugfixes and cleanup of the Gopher client, both | |
3214 | to correct some security issues and to make Squid properly | |
3215 | render certain Gopher menus. | |
3216 | - FTP data channels are now sanity checked to match the address of | |
3217 | the requested FTP server. This to prevent theft or injection of | |
3218 | data. See the new ftp_sanitycheck directive if this is not desired. | |
3219 | - Security fixes in how Squid parses FTP directory listings into HTML | |
3220 | ||
c5bc64d3 | 3221 | Changes to Squid-2.4.STABLE6 (March 19, 2002): |
3222 | ||
722a4b40 | 3223 | - The patch for 2.4.STABLE5 was insufficiently tested and |
c5bc64d3 | 3224 | introduced a bug that causes frequent assertions when |
3225 | handling DNS PTR answers. | |
3226 | ||
3227 | Changes to Squid-2.4.STABLE5 (March 15, 2002): | |
3228 | ||
3229 | - Fixed an array bounds bug in lib/rfc1035.c. This bug | |
3230 | could allow a malicious DNS server to send bogus replies | |
3231 | and corrupt the heap memory. | |
3232 | ||
572b218d | 3233 | Changes to Squid-2.4.STABLE4 (Feb 19, 2002) |
08e8e4d0 | 3234 | |
722a4b40 | 3235 | - htcp_port 0 now properly disables htcp |
6474667e | 3236 | - Fixed problem with certain non-anonymous ftp:// style URL's |
08e8e4d0 | 3237 | - SNMP bugfixes including several memory leaks |
3238 | ||
3239 | Changes to Squid-2.4.STABLE3 (Nov 28, 2001): | |
3240 | ||
3241 | - Fixed bug #255: core dump on SSL/CONNECT if access denied by | |
3242 | miss_access | |
3243 | - Fixed bug #246: corrupt on-disk meta information preventing | |
3244 | rebuilds of lost swap.state files | |
3245 | - Fixed bug #243: squid_ldap_auth now supports spaces in passwords | |
3246 | - Fixed a coredump when creating FTP directories | |
3247 | - Fixed a compile time problem with statHistDump prototype mistmatch, | |
3248 | reported by some compilers | |
3249 | - Fixed a potential coredump situation on snmpwalk in certain | |
3250 | configurations | |
3251 | - Fixed bug #229: filedescriptor leakage in the "aufs" cache_dir | |
3252 | store implementation | |
3253 | - Serbian error message translations | |
3254 | ||
50821507 | 3255 | Changes to Squid-2.4.STABLE2 (Aug 24, 2001): |
3256 | ||
722a4b40 | 3257 | - Expanded configure's GCC optimization disabling check to |
50821507 | 3258 | include GCC 2.95.3 |
3259 | - avoid negative served_date in storeTimestampsSet(). | |
3260 | - Made 'diskd' pathnames more configurable | |
3261 | - Make sure squid parent dies if child is killed with | |
3262 | KILL signal | |
3263 | - Changed diskd offset args to off_t instead of int | |
3264 | - Fixed bugs #102, #101, #205: various problems with useragent | |
3265 | log files | |
3266 | - Fixed bug #116: Large Age: values still cause problems | |
3267 | - Fixed bug #119: Floating point exception in | |
3268 | storeDirUpdateSwapSize() | |
3269 | - Fixed bug #114: usernames not logged with | |
3270 | authenticate_ip_ttl_is_strict | |
722a4b40 | 3271 | - Fixed bug #115: squid eating up resources (eventAdd args) |
50821507 | 3272 | - Fixed bug #125: garbage HTCP requests cause assertion |
3273 | - Fixed bug #134: 'virtual port' support ignores | |
3274 | httpd_accel_port, causes a loop in httpd_accel mode | |
3275 | - Fixed bug #135: assertion failed: logfile.c:135: "lf->offset | |
3276 | <= lf->bufsz" | |
3277 | - Fixed bug #137: Ranges on misses are over-done | |
3278 | - Fixed bug #160: referer_log doesn't seem to work | |
3279 | - Fixed bug #162: some memory leaks (SNMP, delay_pools, | |
3280 | comm_dns_incoming histogram) | |
3281 | - Fixed bug #165: "Store Mem Buffer" leaks badly | |
3282 | - Fixed bug #172: Ident Based ACLs fail when applied to | |
3283 | cache_peer_access | |
3284 | - Fixed bug #177: LinuxPPC 2000 segfault bug due to varargs abuse | |
3285 | - Fixed bug #182: 'config' cachemgr option dumps core with | |
3286 | null storage | |
3287 | - Fixed bug #185: storeDiskdDirParseQ[12]() use wrong number | |
3288 | of args in debug/printf | |
3289 | - Fixed bug #187: bugs in lib/base64.c | |
3290 | - Fixed bug #184: storeDiskdShmGet() assertion; changed | |
3291 | diskd to use bitmap instead of linked list | |
3292 | - Fixed bug #194: Compilation fails on index() on some | |
722a4b40 | 3293 | non-BSD platforms |
50821507 | 3294 | - Fixed bug #197: refreshIsCachable() incorrectly checks |
3295 | entry->mem_obj->reply | |
3296 | - Fixed bug #215: NULL pointer access for proxy requests | |
3297 | in accel-only mode | |
3298 | ||
3299 | Changes to Squid-2.4.STABLE1 (Mar 20, 2001): | |
3300 | ||
3301 | - Fixed a bug in and cleaned up class 2/3 delay pools | |
3302 | incrementing. | |
3303 | - Fixed a coredump bug when using external dnsservers that | |
3304 | become overloaded. | |
3305 | - Fixed some NULL pointer bugs for NULL storage system | |
3306 | when reconfiguring. | |
3307 | - Fixed a bug with useragent logging that caused Squid to | |
3308 | think the logfile never got opened. | |
3309 | - Fixed a compiling bug with --disable-unlinkd. | |
3310 | - Changed src/squid.h to always use O_NONBLOCK on Solaris | |
3311 | if it is defined. | |
3312 | - Fixed a bug with signed/unsigned bitfield flag variables | |
3313 | that caused problems on Solaris. | |
3314 | - Fixed a bug in clientBuildReplyHeader() that could add | |
3315 | an Age: header with a negative value, causing an assertion | |
3316 | later. | |
3317 | - Fixed an SNMP reporting bug. cacheCurrentResFileDescrCnt | |
3318 | was returning the number of FDs in use, rather than | |
3319 | the number of reserved FDs. | |
3320 | - Added the 'pipeline_prefetch' configuration option. | |
3321 | - cache_dir syntax changed to use options instead of many | |
3322 | arguments. This means that the max_objsize argument now | |
3323 | is an optional option, and that the syntax for how to | |
722a4b40 | 3324 | specify the diskd magics is slightly different. |
50821507 | 3325 | - Various fixes for CYGWIN |
3326 | - Upgraded MSNT auth module to version 2.0. | |
3327 | - Fixed potential problems with HTML by making sure all | |
3328 | HTML output is properly encoded. | |
3329 | - Fixed a memory initialization problem with resource records in | |
3330 | lib/rfc1035.c. | |
3331 | - Rewrote date parsing in lib/rfc1123.c and made it a little | |
3332 | more lenient. | |
3333 | - Added Cache-control: max-stale support. | |
3334 | - Fixed 'range_offset_limit' again. The problem this time | |
3335 | is that client_side.c wouldn't set the we_dont_do_ranges | |
3336 | flag for normal cache misses. It was only being set for | |
3337 | requests that might have been hits, but we decided to | |
3338 | change to a miss. | |
3339 | - Added the Authenticate-Info and Proxy-Authenticate-Info | |
3340 | headers from RFC 2617. | |
3341 | - HTTP header lines longer than 64K could cause an assertion. | |
3342 | Now they get ignored. | |
3343 | - Fixed an IP address scanning bug that caused "123.foo.com" | |
3344 | to be interpreted as an IP address. | |
3345 | - Converted many structure allocations to use mem pools. | |
3346 | - Changed proxy authentication to strip leading whitespace | |
3347 | from usernames after decoding. | |
3348 | - Prevented NULL pointer access in aclMatchAcl(). Some | |
3349 | ACL types require checklist->request_t, but it won't be | |
3350 | available in some cases (like snmp_access). Warn the | |
3351 | admin that the ACL can't be checked and that we're denying | |
3352 | it. | |
3353 | - Allow zero-size disk caches. | |
3354 | - The actual filesystem blocksize is now used to account | |
3355 | for space overheads when calculating on-disk cache size. | |
3356 | - Made the maximum memory cache object size configurable. | |
3357 | - Added 'minimum_direct_rtt' configuration option. | |
3358 | - Added 'ie_refresh' configuration option, which is a hack | |
3359 | to turn IMS requests into no-cache requests. | |
58d1265f | 3360 | - Added support for netfilter in linux-2.4. This allows transparent |
3361 | proxy connections to function correctly in the absence of a Host: | |
3362 | header. This requires --enable-linux-netfilter to be passed through | |
3363 | to configure. (Evan Jones) | |
50821507 | 3364 | - Fixed a bug with clientAccessCheck() that allowed proxy |
3365 | requests in accel mode. | |
3366 | - Fixed a bug with 301/302 replies from redirectors. Now | |
3367 | we force them to be cache misses. | |
3368 | - Accommodated changes to the IP-Filter ioctl() interface | |
3369 | for intercepted connections. | |
3370 | - Fixed handling of client lifetime timeouts. | |
3371 | - Fixed a buffer overflow bug with internal DNS replies | |
3372 | by truncating received packets to 512 bytes, as per | |
3373 | RFC 1035. | |
3374 | - Added "forward.log" support, but its work in progress. | |
3375 | - Rewrote much of the IP and FQDN cache implementation. | |
3376 | This change gets rid of pending hits. | |
3377 | - Changed peerWouldBePinged() to return false if our | |
3378 | ICP/HTCP port is zero (i.e. disabled). | |
3379 | - Changed src/net_db.c to use src/logfile.c routines, | |
3380 | rather than stdio, because of solaris stdio filedescriptor | |
3381 | limits. | |
3382 | - Made netdbReloadState() more robust in case of corrupted | |
3383 | data. | |
3384 | - Rewrote some freshness/staleness functions in src/refresh.c, | |
3385 | partially inspired to support cache-control max-stale. | |
3386 | - Fixed status code logging for SSL/CONNECT requests. | |
3387 | - Added a hack to subtract cache digest network traffic | |
3388 | from statistics so that byte hit ratio stays positive | |
3389 | and more closely reflects what people expect it to be. | |
3390 | - Fixed a bug with storeCheckTooSmall() that caused | |
3391 | internal icons and cache digests to always be released. | |
3392 | - Added statfs(2) support for displaying actual filesystem | |
3393 | usage in the cache manager 'storedir' output. | |
3394 | - Changed status reporting for storage rebuilding. Now it | |
3395 | prints percentage complete instead of number of entries | |
3396 | parsed. | |
3397 | - Use mkstemp() rather than problem-prone tempnam(). | |
3398 | - Changed urlParse() to condense multiple dots in hostnames. | |
3399 | - Major rewrite of async-io (src/fs/aufs) to make it behave | |
3400 | a bit more sane with substantially less overhead. Some | |
3401 | tuning work still remains to make it perform optimal. | |
3402 | See the start of store_asyncufs.h for all the knobs. | |
3403 | - Fixed storage FS modules to use individual swap space | |
3404 | high/low values rather than the global ones. | |
3405 | - Fixed storage FS bugs with calling file_map_bit_reset() | |
3406 | before checking the bit value. Calling with an invalid | |
3407 | value caused memory corruption in random places. | |
3408 | - Prevent NULL pointer access in store_repl_lru.c for | |
3409 | entries that exist in the hash but not the LRU list. | |
3410 | ||
cab24814 | 3411 | Changes to Squid-2.4.DEVEL4 (): |
ad445e36 | 3412 | |
ddf1c0c4 | 3413 | - Added --enable-auth-modules=... configure option |
83b381d5 | 3414 | - Improved ICP dead peer detection to also work when the workload |
3415 | is low | |
a8c926ff | 3416 | - Improved TCP dead peer detection and recovery |
3417 | - Squid is now a bit more persistent in trying to find a alive | |
3418 | parent when never_direct is used. | |
3419 | - nonhierarchical_direct squid.conf directive to make non-ICP | |
3420 | peer selection behave a bit more like ICP selection with respect | |
3421 | to hierarchy. | |
3422 | - Bugfix where netdb selection could override never_direct | |
3423 | - ICP timeout selection now prefers to use parents only when | |
3424 | calculating the dynamic timeout to compensate for common RTT | |
3425 | differences between parents and siblings. | |
c1fc651e | 3426 | - No longer starts to swap out objects which are known to be above |
3427 | the maximum allowed size. | |
987de783 | 3428 | - allow-miss cache_peer option disabling the use of "only-if-cached". |
3429 | Meant to be used in conjunction with icp_hit_stale. | |
c8b40803 | 3430 | - Delay pools tuned to allow large initial pool values |
0343b99c | 3431 | - cachemgr filesystem space information changed to show useable space |
3432 | rather than raw space, and platform support somewhat extended. | |
890b0fa8 | 3433 | - Logs destination IP in the hierarchy log tag when going direct. |
3434 | (can be disabled by turning log_ip_on_direct off) | |
ff21eb3e | 3435 | - Async-IO on linux now makes proper use of mutexes. This fixes some |
3436 | odd pthread segfaults on SMP Linux machines, at a slight performance | |
3437 | penalty. | |
722a4b40 | 3438 | - %s can now be used in cache_swap_log and will be substituted with |
a80e50c7 | 3439 | the last path component of cache_dir. |
4d55827a | 3440 | - no_cache is now a full ACL check without, allowing most ACL types |
3441 | to be used. | |
f1003989 | 3442 | - The CONNECT method now obeys miss_access requirements |
145cf928 | 3443 | - proxy_auth_regex and ident_regex ACL types |
3cdb7cd0 | 3444 | - Fixed a StoreEntry memory leak during "dirty" rebuild |
3445 | - Helper processes no longer hold unrelated filedescriptors open | |
e40aa8da | 3446 | - Helpers are now restarted when the logs are rotated |
afc1e43f | 3447 | - Negatively cached DNS entries are now purged on "reload". |
3448 | - PURGE now also purges the DNS cache | |
722a4b40 | 3449 | - HEAD on FTP objects no longer retrieves the whole object |
aca95add | 3450 | - More cleanups of the dstdomain ACL type |
288c06ce | 3451 | - Squid no longer tries to do Range internally if it is not supported |
3452 | by the origin server. Doing so could cause bandwidth spikes and/or | |
3453 | negative hit ratio. | |
13c7936a | 3454 | - httpd_accel_single_host squid.conf directive |
82056f1e | 3455 | - "round-robin" cache_peer counters are reset every 5 minutes to |
3456 | compensate previously dead peers | |
4fe0e1d0 | 3457 | - DNS retransmit parameters |
858783c9 | 3458 | - Show all FTP server messages |
6b53c392 | 3459 | - squid.conf.default now indicates if a directive isn't enabled in |
3460 | the installed binary, and what configure option to use for enabling it | |
418cbe9f | 3461 | - Fixed a temporary memory leak on persistent POSTs |
304d289e | 3462 | - Fixed a temporary memory leak when the server response headers |
3463 | includes NULL characters | |
ba2b31a8 | 3464 | - authenticate_ip_ttl_is_strict squid.conf option |
3465 | - req_mime_type ACL type | |
afb87666 | 3466 | - A reworked storage system that supports storage directories in |
3467 | a more modular fashion. The object replacement and IO is now | |
3468 | responsibility of the storage directory, and not of the storage | |
3469 | manager. | |
722a4b40 | 3470 | - Fixed a bogus MD5 mismatch warning sometimes seen when using |
e7407eb8 | 3471 | aufs or diskd stores |
ce3d30fb | 3472 | - Added --enable-stacktraces configure option to set PRINT_STACK_TRACE, |
3473 | and extended support for this to Linux/GNU libc. | |
af57a2e3 | 3474 | - Disabled the "request timeout" error message sent if the user agent |
3475 | did not provide a request in a timely manner after opening the | |
3476 | connection. Now the connection is silently closed. The error message | |
3477 | was confusing user agents utilizing persistent connections. | |
cab24814 | 3478 | - Fixed configure --enable descriptions to match the arg names. |
3479 | - Eliminated compile warnings from auth_modules/MSNT code. | |
3480 | - Require first character of hostnames to be alphanumeric. | |
3481 | - Made ARP ACL work for Solaris. | |
3482 | - Removed storeClientListSearch(). | |
3483 | - Added counters to track diskd operation success and | |
3484 | failures. | |
3485 | - Fixed range_offset_limit. | |
3486 | - Added code to retry ServFail replies for internal DNS | |
3487 | lookups. | |
3488 | - Added referer header logging (Jens-S. Voeckler). | |
3489 | - Added "multi-domain-NTLM" authentication module, a Perl | |
3490 | script from Thomas Jarosch. | |
3491 | - Added configurable warning messages for high memory usage, | |
3492 | high response time, and high page faults. | |
3493 | - Made store dir selection algorithm configurable. | |
3494 | - Added support for admin-definable extension methods, | |
3495 | up to 20. | |
16689110 | 3496 | - Added 'maximum_object_size_in_memory' as a configuration option - |
3497 | this defines the watermark where objects transit from being true | |
3498 | hot objects to being in-transit objects in memory. It currently | |
3499 | defaults to 8 KB. | |
5cd41d0d | 3500 | - Change to the fqdn code which changes how pending DNS requests |
3501 | are treated as private and only become public once they are | |
3502 | completed. This can add extra load on DNS servers but prevents | |
3503 | all the pending clients blocking if one of the queries got | |
3504 | stuck. (Duane Wessels) | |
7e543177 | 3505 | - Converted more code to use MemPools, from Andres Kroonmaa. |
3506 | - Added more CYGWIN patches from Robert Collins. | |
e7407eb8 | 3507 | |
3508 | Changes to Squid-2.4.DEVEL3 (): | |
3509 | ||
3510 | - Added Logfile module. | |
3511 | - Added DISKD stats via cachemgr. | |
3512 | - Added squid.conf options for DISKD magic constants. | |
ad445e36 | 3513 | |
e7407eb8 | 3514 | Changes to Squid-2.4.DEVEL2 (Feb 29, 2000): |
ad445e36 | 3515 | |
3516 | Changes to Squid-2.4.DEVEL1 (): | |
3517 | ||
42b51993 | 3518 | Changes to Squid-2.3.STABLE4 (July 18, 2000): |
3519 | ||
3520 | - Fixed --localstatedir configure option (IKEDA Shigeru). | |
3521 | - Fixed IPFilter headers on OpenBSD (Nic Bellamy, Brad | |
3522 | Smith). | |
3523 | - Added pthread_sigmask() check to configure (Daniel | |
3524 | Ehrlich). | |
3525 | - Added CYGWIN patches from Robert Collins. | |
3526 | - Changed internal DNS lookups to retry queries that are | |
3527 | returned with RCODE 2 (ServFail). | |
3528 | - Added 'virtual port' support (Gregg Kellogg). If | |
3529 | 'httpd_accel_uses_host_header' is enabled, then we use | |
3530 | the port number from the Host header. Otherwise, when | |
3531 | 'httpd_accel_port' is set to "0" we use the port number | |
3532 | of the local end of the client socket. | |
3533 | - Fixed a typo in carp.c (Nikolaj Yourgandjiev). | |
3534 | - Made Squid accept GET requests that have a "content-length: | |
3535 | 0" header. | |
3536 | - Added a sanity check on the NHttpSockets[] array index | |
3537 | (Gregg Kellogg). | |
3538 | - Added a friendlier message when Squid can't find any DNS | |
3539 | nameserver addresses to use (Daniel Kiracofe). | |
3540 | - Added nonstandard WEBDAV methods: BMOVE, BDELETE, BPROPFIND | |
3541 | (Craig Whitmore). | |
3542 | - Added missing '%c' token replacement in error page | |
3543 | generation. | |
3544 | - Fixed a bug with 'minimum_object_size' that prevented | |
3545 | internal icons from being loaded. | |
3546 | - Fixed "extra semicolon" bug in storeExpiredReferenceAge() | |
3547 | that could prevent any objects from being replaced. | |
3548 | - Make sure that storeDirDiskFull() doesn't actually | |
3549 | *increase* the cache size. | |
3550 | - Changed a storeSwapMetaUnpack() assertion to a recoverable | |
3551 | error condition. | |
3552 | - Removed "wccpHereIam" event check that could cause Squid | |
3553 | to stop sending HERE_I_AM messages. | |
3554 | ||
d20b1cd0 | 3555 | Changes to Squid-2.3.STABLE3 (May 15, 2000): |
3556 | ||
3557 | - Fixed malloc linking problems on Solaris. The configure | |
3558 | script incorrectly set options for dlmalloc. | |
3559 | - Added a configure check to remove compiler optimization | |
3560 | for GCC 2.95.x. | |
3561 | - Updated MSNT authenticator module. | |
3562 | - Updated Estonian error pages. | |
3563 | - Updated Japanese error pages. | |
3564 | - Fixed expires bug in httpReplyHdrCacheInit. It was | |
3565 | incorrectly setting expires based on max-age. It was using | |
3566 | the current time as a basis, instead of the response date. | |
3567 | - Fixed "USE_DNSSERVER" typos. | |
3568 | - Added a workaround for getpwnam() problems on Solaris. | |
3569 | getpwnam() could fail if there are fewer than 256 FDs | |
3570 | available. This causes root to own some disk files. | |
3571 | - Added an 'offline_toggle' option via the cache manager. | |
3572 | - Added a 'minimum_object_size' option. Files smaller than | |
3573 | this size are not stored. | |
3574 | - Added 'passive_ftp' option to disable passive FTP transfers. | |
3575 | - Added 'wccp_version' option because some Cisco IOS versions | |
3576 | require WCCP version 3. | |
3577 | - The 'client' program in ping mode (-g) now prints transfer | |
3578 | throughput. | |
3579 | - Fixed logging of proxy auth username for redirected | |
3580 | requests. | |
3581 | - Fixed bogus Age values for IMS requests. | |
3582 | - Fixed persistent connection timeout for client-side | |
3583 | connections. It was hard-coded to 15 seconds, now uses | |
3584 | the 'pconn_timeout' value. | |
3585 | - Fixed up httpAcceptDefer. It wasn't being used properly | |
3586 | and caused high CPU usage when Squid gets close to the FD | |
3587 | limit. | |
3588 | - Numerous delay_pools fixes and checks. | |
3589 | - Fixed SNMP coredumps from running snmpwalk. | |
3590 | - Added a check for errno == EPIPE in icmp.c when pinger uses | |
3591 | a Unix socket instead of a UDP socket. | |
3592 | - Fixed ACL checklist memory initialization bugs. | |
3593 | - Cleaned up the MIB file. Replaced contact information and | |
3594 | checked description fields. | |
3595 | - Removed LRU reference_age hard-coded upper limit. | |
3596 | - Fixed async I/O FD leak. | |
3597 | - Made getMyHostname() more robust. | |
3598 | - Fixed domain list matching bug. "x-foo.com" wasn't properly | |
3599 | compared to ".foo.com" and confused splay tree ordering. | |
3600 | - Added a check for whitespace in hostnames and optionally | |
3601 | strip whitespace if 'uri_whitespace' setting allows. | |
3602 | - Added status code and checking to ASN/whois queries. | |
3603 | ||
3604 | Changes to Squid-2.3.STABLE2 (Mar 2, 2000): | |
3605 | ||
3606 | - Changed Copyright text. | |
3607 | - Changed configure so that some IRIX-6.4 hacks apply to | |
3608 | all IRIX-6.* versions. | |
3609 | - Cleaned up HTML bugs in error pages. | |
3610 | - Told configure to check for netinet/if_ether.h, which | |
3611 | is used in ARP ACL code, but might not be required. | |
3612 | - Added "Cookie" to known HTTP headers so it can be | |
3613 | used in anonymizer configuration. | |
3614 | - Added optional TCP_REDIRECT log code for logging | |
3615 | of 301/302 responses returned by Squid. | |
3616 | - Added a check for a currently running Squid process. | |
3617 | If the pid file exists, and the pid is running, | |
3618 | Squid complains and refuses to start another instance. | |
3619 | - Changed async I/O scope to PTHREAD_SCOPE_PROCESS for | |
3620 | IRIX. | |
3621 | - Fixed a bug with the PURGE method. The purge enable | |
3622 | flag was not getting cleared during reconfigure. | |
3623 | Also required PURGE method to be used in http_access | |
3624 | list before enabling. | |
3625 | - Fixed async I/O assertions for file open errors. | |
3626 | - Fixed internal DNS assertion when unpacking truncated | |
3627 | messages. | |
3628 | - Fixed anonymize_headers bug that caused all headers | |
3629 | to be allowed after a reconfigure. | |
3630 | - Fixed an access denied bug for accelerator-only installations. | |
3631 | - Fixed internal DNS initialization so that it uses | |
3632 | 'dns_nameservers' settings in squid.conf if set. | |
3633 | - Fixed 'maxconn' ACL bug that caused it to work backwards | |
3634 | (Pedro Ribeiro). | |
3635 | - Fixed syslog bug for daemon mode on Linux. | |
3636 | - Fixed 'http_port' parsing bugs. | |
3637 | - Fixed internal DNS byte ordering bugs for PTR queries. | |
3638 | - Fixed internal DNS queue getting stuck during periods | |
3639 | of low activity (Henrik). | |
3640 | - Fixed byte ordering bugs for parsing EPLF FTP listings | |
3641 | on 64-bit systems. | |
3642 | - Fixed 'request_body_max_size' bug that caused all | |
3643 | POST, PUT requests to be denied if max size is set | |
3644 | to zero. | |
3645 | - Fixed 'redirector_access' bug when using 'myport' ACLs. | |
3646 | - Fixed CARP neighbor selection bugs for down peers. | |
3647 | - Added 'client_persistent_connections' and | |
3648 | 'server_persistent_connections' flags to disable persistent | |
3649 | connections for clients and servers. | |
3650 | - Fixed access logging bug that caused many requests to be | |
3651 | logged as TCP_MISS. | |
3652 | - Added some bounds checking to delay pools code. | |
3653 | ||
ad445e36 | 3654 | Changes to Squid-2.3.STABLE1 (Jan 9, 2000): |
3655 | ||
3656 | - Updated PAM authentication module from Henrik Nordstrom. | |
3657 | - Updated Bulgarian error messages from Svetlin Simeonov. | |
3658 | - Changed ACL routines so that User-Agent (browser) string | |
3659 | is always taken from compiled HTTP request headers | |
3660 | instead of passed as an argument to aclCreateChecklist. | |
3661 | - Added a 'strip' option to the 'uri_whitesace' configuration | |
3662 | directive and made it the default behavior. Whitespace | |
3663 | found in URI's is now stripped out by default. | |
3664 | - Added chroot feature. The 'chroot_dir' config option enables | |
3665 | it and specifies the directory. | |
3666 | - Changed clientBuildReplyHeader so that the Age header is | |
3667 | added only for cache hits, and only when we can calculate | |
3668 | a valid, positive age value. | |
3669 | - Changed clientWriteComplete and clientGotNotEnough so | |
3670 | that they keep persistent connections open for more types | |
3671 | of replies that don't have bodies. | |
3672 | - Changed filemap.c routines to dynamically grow filemap | |
3673 | space as needed. | |
3674 | - Added a hack to ftp.c to deal with ftp.netscape.com, which | |
3675 | sometimes doesn't acknowledge PASV commands. | |
3676 | - Fixed FTP bug with ftpScheduleReadControlReply; there | |
3677 | was not always a timeout handler on the control socket | |
3678 | after the transfer completed. | |
3679 | - Fixed FTP filedescriptor leak from invalid PASV replies. | |
3680 | - Changed httpBuildRequestHeader so that it doesn't | |
3681 | copy the Host header from the client request. Instead | |
3682 | we should generate our own Host header which is known | |
3683 | to be correct. | |
3684 | - Changed storeTimestampsSet to adjust entry->timestamp | |
3685 | if the response includes an Age header. | |
3686 | - Removed size limit from storeKeyHashBuckets. | |
3687 | - Changed fwdConnectStart from a "heavy" to a "light" event. | |
3688 | - Fixed an 'anonymize_headers' bug that affects unknown | |
3689 | HTTP headers. With the bug, if you list a header that | |
3690 | Squid doesn't know about (such as "Charset"), it would | |
3691 | add HDR_OTHER to the allow/deny mask. This caused all | |
3692 | unknown headers to be allowed or denied (depending on | |
3693 | the scheme you use). Now, with the bug fixed, an unknown | |
3694 | header in the 'anonymize_headers' list is simply ignored. | |
3695 | ||
7e3ce7b9 | 3696 | Changes to Squid-2.3.DEVEL3 (): |
3697 | ||
ad445e36 | 3698 | - Added MSNT auth module from Antonino Iannella. |
7e3ce7b9 | 3699 | - Added --enable-underscores configure option. This allows |
3700 | Squid to accept hostnames with underscores in them. Your | |
3701 | DNS resolver may still complain about them, however. | |
3702 | - Added --heap-replacement configure option. This enables | |
3703 | the alternative cache replacement policies, such as | |
3704 | GDSF, and LFUDA. | |
3ff01c3e | 3705 | - WCCP establishes and registers with the router faster. |
7e3ce7b9 | 3706 | - Added 'maxconn' acl type to limit the number of established |
3707 | connections from a single client IP address. Submitted | |
3708 | by Vadim Kolontsov. | |
3709 | - Close FTP data socket as soon as transfer completes | |
3710 | (Alexander V. Lukyanov). | |
3711 | - Fixed ftpReadPass() to not clobber ctrl.message when | |
3712 | the PASS command fails. | |
3713 | - Added a redirect.c patch so squidGuard is able to do | |
3714 | per-user access control (Antony T Curtis). | |
3715 | - discard the pumpMethod() function, and instead use the | |
3716 | fact that the request has a request entity (content-length | |
3717 | present) (Henrik). | |
3718 | - Reload the MIME icons at reconfigure time (Radu Greab). | |
3719 | - Updated Richard Huveneers' SMB authentication module to | |
3720 | his version 0.05 package. | |
3721 | - Fixed lib/heap.c::heap_delete() bug when deleting the | |
3722 | last node. | |
3723 | - Fixed an integer conversion bug in | |
3724 | lib/rfc1035.c::rfc1035AnswersUnpack(). | |
3725 | - Fixed lib/rfc1738 routines to encode reserved characters, | |
3726 | in addition to encoding the unsafe characters (Henrik). | |
3727 | - Changed the interface for splay compare and "walk" | |
3728 | functions to take a void pointer, instead of a splayNode | |
3729 | pointer (Henrik). | |
3730 | - Changed numerous HTTP parsing routines to use ssize_t | |
3731 | instead of size_t. This was done because size_t may be | |
3732 | signed or unsigned. When it is unsigned, gcc emits | |
3733 | numerous "comparison is always true" warnings. At least | |
3734 | we know ssize_t is always signed. | |
3735 | - Fixed src/HttpHeaderTools::httpHeaderHasConnDir() and | |
3736 | friends so that it properly handles multi-value lists. | |
3737 | - Added an "end" (ssize_t) parameter to | |
3738 | src/HttpReply::httpReplyParse() so that we know exactly | |
3739 | where to terminate the header buffer. | |
3740 | - Changed src/access_log.c::log_quote() so that it only | |
3741 | encodes whitespace characters, and not all URL-special | |
3742 | characters (Henrik). | |
3743 | - Added local port ACL type ("myport") (Henrik). | |
3744 | - Added maximum number of connections per client ("maxconn") | |
3745 | as an ACL type. | |
3746 | - Fixed proxy authentication username/password parsing to | |
3747 | be more robust (Henrik). | |
3748 | - Fixed ACL domain/host and domain/domain comparison | |
3749 | functions yet again. Eliminated duplicate code so that | |
3750 | only src/url.c::matchDomainName() contains this mysterious | |
3751 | code. | |
3752 | - Changed the 'http_port' option to accept an IP address | |
3753 | or hostname as well (Henrik). | |
3754 | - Removed 'tcp_incoming_addr' option. | |
3755 | - Added an access control list for the redirector | |
3756 | ('redirector_access'). Requests which match are sent to | |
3757 | the redirector. All requests. are redirected by default. | |
3758 | - Added the 'authenticate_ip_ttl' option. It specifies | |
3759 | how long a valid proxy authentication credential is | |
3760 | bound to a specific address. | |
3761 | - Added 280, 488, 591, and 777 to "Safe_ports" ACL. | |
3762 | - Removed the unused and highly questionable 'forward_snmpd_port' | |
3763 | option. | |
3764 | - Added an option to accept DNS messages from unknown nameservers. | |
3765 | This may be necessary if replies come from a different address | |
3766 | than queries are sent to. | |
3767 | - Added #includes for IP Filter files in netinet directory. | |
3768 | - Fixed a bug with retrying forwarded IMS requests (Henrik). | |
3769 | - Fixed a bug in src/client_side.c::clientInterpretRequestHeaders() | |
3770 | where we were checking a cache-control bit before getting the | |
3771 | mask from the HTTP headers (pallo@initio.no). | |
3772 | - Fixed a bug with "no_cache" access list. If not defined, | |
3773 | everything was uncachable by default. | |
3774 | - Fixed a bug with timed-out client-side HTTP connections. | |
3775 | We didn't cancel the read handler, which could lead to | |
3776 | "rwstate != NULL" warnings. | |
3777 | - Changed comm_open() to only call fdAdjustReserved() for | |
3778 | specific errors (ENFILE, EMFILE); | |
3779 | - Fixed NULL pointer bug in idnsParseResolvConf(). | |
3780 | - Split CACHE_DIGEST_HIT into CD_PARENT_HIT and CD_SIBLING_HIT. | |
3781 | - Added DELETE request method. | |
3782 | - Added RFC 2518 HTTP status codes. | |
3783 | - Fixed handling of URL passwords when we need to rewrite a | |
3784 | BASE HREF URL (Henrik). | |
3785 | - Fixed a bug with FTP requests where a request gets aborted, | |
3786 | but we try to complete it anyway. It would result in a | |
3787 | "store_status != STORE_PENDING" assertion. The solution | |
3788 | is to check for ENTRY_ABORTED before reading from | |
3789 | the control channel too. | |
3790 | - Changed FTP to retry a request if Squid fails to establish | |
3791 | a PASV data connection (Henrik). | |
3792 | - Fixed numerous HTCP memory leaks and an uninitialized memory | |
3793 | bug. | |
3794 | - Changed httpMaybeRemovePublic() with RFC 2518 and 2616 in | |
3795 | mind (Henrik). | |
3796 | - Minor fixes for Rhapsody systems. | |
3797 | - Define _XOPEN_SOURCE_EXTENDED in squid.h so that AIX systems | |
3798 | don't include varargs.h. | |
3799 | - Changed src/store_client.c::storeClientType() so that | |
3800 | an entry can have more than one STORE_MEM_CLIENT. | |
3801 | - Changed src/store_client.c::storeClientReadHeader() | |
3802 | to check swapfile metadata (Henrik). | |
3803 | - Changed src/url.c::urlCheckRequest() to return FALSE for | |
3804 | any "https://" URL. These should always be CONNECT | |
3805 | instead. If Squid gets an "https://" URL, it is a browser | |
3806 | bug. | |
3807 | - Added numerous squid.conf options for controlling cache | |
3808 | digests. Previously these were hard-coded in | |
3809 | src/store_digest.c. (Martin Hamilton) | |
3810 | - Added 'cache_peer' option called 'digest-url' that | |
3811 | lets you specify the URL for a peer's digest. | |
3812 | (Martin Hamilton) | |
3813 | - Added DELAY_POOLS hacks to scan "slow" connections in | |
3814 | a random order (David Luyer). | |
3815 | - ARP_ACL fixes from Damien Miller. Linux 2.2.x uses a | |
3816 | per-interface arp/neighbour cache, whereas 2.0.x uses a | |
3817 | unified cache. Under 2.2.x you are required to specify | |
3818 | a interface name when looking up ARP table entries with | |
3819 | SIOCGARP. | |
3820 | - If the process umask is not set (i.e. 0), then Squid | |
3821 | changes it to 007. | |
3822 | ||
9bc73deb | 3823 | Changes to Squid-2.3.DEVEL2 (): |
3824 | ||
3825 | - Added --enable-truncate configure option. | |
3826 | - Updated Czech error messages () | |
3827 | - Updated French error messages () | |
3828 | - Updated Spanish error messages () | |
3829 | - Added xrename() function for better debugging. | |
3830 | - Disallow empty ("") password in aclDecodeProxyAuth() | |
3831 | (BoB Miorelli). | |
3832 | - Fixed ACL SPLAY subdomain detection (again). | |
3833 | - Increased default 'request_body_max_size' from 100KB | |
3834 | to 1MB in cf.data.pre. | |
3835 | - Added 'content_length' member to request_t structure | |
3836 | so we don't have to use httpHdrGetInt() so often. | |
3837 | - Fixed repeatedly calling memDataInit() for every reconfigure. | |
3838 | - Cleaned up the case when fwdDispatch() cannot forward a | |
3839 | request. Error messages used to report "[no URL]". | |
3840 | - Added a check to return specific error messages for a | |
3841 | "store_digest" request when the digest entry doesn't exist | |
3842 | and we reach internalStart(). | |
3843 | - Changed the interface of storeSwapInStart() to avoid a bug | |
3844 | where we closed "sc->swapin_sio" but couldn't set the | |
3845 | pointer to NULL. | |
3846 | - Changed storeDirClean() so that the rate it gets called | |
3847 | depends on the number of objects deleted. | |
3848 | - Some WCCP fixes. | |
3849 | - Added 'hostname_aliases' option to detect internal requests | |
3850 | (cache digests) when a cache has more than one hostname | |
3851 | in use. | |
3852 | - Async I/O NUMTHREADS now configurable with --enable-async-io=N | |
3853 | (Henrik Nordstrom). | |
3854 | - Added queue length to async I/O cachemgr stats (Henrik Nordstrom). | |
3855 | - Added OPTIONS request method. | |
9bc73deb | 3856 | |
eb824054 | 3857 | Changes to Squid-2.3.DEVEL1 (): |
3858 | ||
3859 | - Added WCCP support. This adds the 'wccp_router' squid.conf | |
3860 | option. | |
3861 | - Added internal DNS queries; Most installations can run | |
3862 | without the external dnsserver processes. | |
3863 | - Rewrote much of the code that stores cache objects on | |
3864 | disk. Developed a programming interface that should | |
3865 | allow new storage systems to be added easily. This still | |
3866 | is pretty ugly and needs a lot of work, however. | |
3867 | - Replaced async_io.c "tags" with callback data locks. | |
3868 | This probably breaks async IO in a bad way. | |
3869 | - Tried to write an Async IO disk storage module. | |
3870 | - Added code to replace the StoreEntry linked list with a | |
3871 | heap structure. This allows for different replacement | |
3872 | algorithms, instead of being stuck with LRU. This adds | |
3873 | the 'replacement_policy' squid.conf option. (John Dilley | |
3874 | et al). | |
3875 | - Fixed HTCP queries by actually checking for freshness | |
3876 | based on the HTCP header fields. | |
3877 | - Fixed passing of redirector command line arguments. | |
3878 | - Added 'request_header_max_size' squid.conf option. | |
3879 | - Added 'request_body_max_size' squid.conf option. | |
3880 | - Added 'reply_body_max_size' squid.conf option. | |
3881 | - Added 'peer_connect_timeout' squid.conf option. | |
3882 | - Added 'redirector_bypass' squid.conf option. | |
3883 | - Added RFC 2518 (WEBDAV) request methods. | |
d20b1cd0 | 3884 | |
6b8e7481 | 3885 | Changes to Squid-2.2 (April 19, 1999): |
b93549f6 | 3886 | |
98b093e7 | 3887 | - Removed all SNMP specific ACL code |
3888 | SNMP now uses generic squid ACL's | |
3889 | - Removed view-based access crontrol | |
00b7a8b6 | 3890 | - Cleaned up and simplified SNMP section of squid.conf |
98b093e7 | 3891 | - Changed the SNMP code to use a tree stucture. |
3ff01c3e | 3892 | - Added objects to MIB: |
00b7a8b6 | 3893 | Request Hit Ratio's |
3894 | Byte Hit Ratio's | |
3895 | Number of Clients | |
61d53e64 | 3896 | - Changed SNMP Agent to return object instances correctly. |
b93549f6 | 3897 | - Added our own assert() macro so we can use debug() instead of |
3898 | printing to stderr. | |
3899 | - Added eventFreeMemory(). | |
3900 | - Fixed ipcCreate() bug when debug_log has FD <= 2. | |
3901 | - Changed watchChild() and related code in main.c so that | |
3902 | Squid can behave more like a proper daemon process. | |
3903 | - Added 'prefer_direct' option (enabled by default) so that | |
3904 | people can give parents higher preference than direct. | |
6703526b | 3905 | - Fixed ipc.c close() bug for async IO. On FreeBSD, |
3906 | comm_close() doesn't work for child processes when async IO is | |
3907 | used. | |
3908 | - Fixed setting the public key for large ``icons'' (Henrik | |
3909 | Nordstrom). | |
68f87dc5 | 3910 | - Rewrote peer digest module to fix memory leaks on reconfigure |
3911 | and clean the code. Increased "current" digest version to 5 | |
6474667e | 3912 | ("required" version is still 3). Revised "Peer Select" cache |
3913 | manager stats. | |
68f87dc5 | 3914 | - Added "-k parse" command line option: parses the config file |
3915 | but does not send a signal unlike other -k options. | |
1743c283 | 3916 | - Revamped storeAbort() calling. Only store_client.c has all |
3917 | the right information to determine if the request should | |
3918 | be aborted. Now client and server modules just storeUnregister | |
d81e3f33 | 3919 | without ever needing to call storeAbort. |
96aeb95d | 3920 | - Small change of Squid output for FTP (Andrew Filonov, |
3921 | Henrik Nordstrom). | |
3922 | - clientGetsOldEntry() sends old entry if new request status | |
3923 | is in the 500-range (Henrik Nordstrom). | |
3924 | - Changed configure so it works with IRIX6.4 C compiler (broken?) | |
3925 | option -OPT:fast_io=ON. | |
3926 | - Fixed comm_connect_addr() non-blocking connections for | |
3927 | SONY NEWSOS (Makoto MATSUSHITA). | |
3928 | - Changed "#ifdef __STDC__" to "#if STDC_HEADERS" as recommended | |
3929 | by autoconf documentation. | |
3930 | - Fixed client-side cache-control max-age (Henrik Nordstrom). | |
3931 | - Added a new error page: ERR_SHUTTING_DOWN. fwdStart() returns | |
3932 | this error if it is called while squid is in the process of | |
3933 | shutting down. | |
3934 | - Added support for linuxthreads package under FreeBSD (Tony Finch). | |
3935 | - Fixed HP-UX StatHist.c assertions by making the "hbase_f" | |
3936 | functions non-static (Michael Pelletier). | |
3937 | - Fixed logging of authenticated usernames even if the | |
3938 | authorization is not cached (Dancer). | |
3939 | - Fixed pconnPush() bug that prevented holding on to | |
3940 | persistent connections (Manfred Bathelt). | |
2328711e | 3941 | - Pid file now rewritten on SIGHUP. |
b4019ff7 | 3942 | - Numerous Ident changes: |
3943 | - Ident lookups will now be done on demand if you use the | |
3944 | 'ident' ACL type. | |
3945 | - The 'ident_lookup on|off' option has been replaced with | |
3946 | an access list, so you can do lookups only for some | |
3947 | client addresses. | |
3948 | - Added an 'ident_timeout' option to specifiy the amount | |
3949 | of time to wait for an ident lookup. | |
3950 | - Added a (local) hit rate to mempool metering. | |
3951 | - FTP Restarts (REST command) is now supported. | |
3952 | - Check for libintl.a on SCO3.2. | |
3953 | - Disable poll() on SCO3.2. | |
3954 | - Numerous Async IO enhancements from Henrik. | |
3955 | - Removed cache_mem_low and cache_mem_high options (Henrik | |
3956 | Nordstrom). | |
3957 | - Replaced 'persistent_client_posts' with 'broken_posts' access | |
3958 | list. | |
97474590 | 3959 | - Rewrote the anonymizer. |
3960 | - Removed the http_anonymizer option. | |
548b801c | 3961 | - Added the anonymize_headers option to allow individual |
3962 | referencing of headers for addition or removal. See | |
3963 | 'anonymize_headers' in squid.conf for additional | |
3964 | configuration. | |
b3abf16c | 3965 | - Fixed config file parser's handing of optional directives. |
3966 | Some people might get new warnings about unknown config | |
3967 | directives. | |
548b801c | 3968 | - Added 'myip' ACL type. This is the local IP address for |
3969 | connected sockets (Luyer). | |
3970 | - Fixed parsing of FTP DOS directory listings with spaces | |
3971 | (Nordstrom). | |
dd0b0295 | 3972 | - Numerous DELAY_POOL changes/fixes from David Luyer: |
3973 | - Makes no-delay neighbors for DELAY_POOLS work by | |
3974 | using a fd_set with the connections to no-delay | |
3975 | peers marked in it. | |
3976 | - Makes IP addresses ending in 0 and 255, and | |
3977 | network number 255, work with individual and | |
3978 | network delay pools (they were previously not | |
3979 | permitted, and documented as such). | |
3980 | - Massive overhaul of delay pools code - dynamically | |
3981 | allocated delay pools, as many as required. | |
3982 | - delayPoolsUpdate stops running if DELAY_POOLS is | |
3983 | configured but no delay pools are configured. | |
3984 | - Initial delay pool levels are now configurable | |
3985 | as a percentage of the maximum for the pool in | |
3986 | question (used to be all set to 1 second worth | |
3987 | of traffic). Pools are restored to this level | |
3988 | on reconfiguratoin. | |
242188c9 | 3989 | - Changed storeClientCopy to give a swap-in failure if |
3990 | the number of open disk FD's is above the 'max_open_disk_fds' | |
3991 | limit. Otherwise, a very loaded cache will end up with | |
3992 | all disk files open for reading, and none for writing. | |
b6a2f15e | 3993 | - Added lib/inet_ntoa.c from BSD Unix for systems that have |
3994 | broken inet_ntoa(). (Erik Hofman). | |
3995 | - Added more specific FTP error messages for "permission | |
3996 | denied, "file not found," and "service unavailable." | |
3997 | (Tony Finch) | |
3998 | - Added xisspace(), xisdigit(), etc, macros to cast function | |
3999 | args and eliminate compiler warnings. | |
4000 | - Fixed case-sensitive comparisons of domain names (Henrik | |
4001 | Nordstrom). | |
4002 | - Added proxy-authentication to cachemgr.cgi's requests | |
4003 | (Henrik Nordstrom). | |
4004 | - Changed Squid to *truncate* rather than *unlink* purged | |
4005 | swap files. Can be reversed by undefining | |
4006 | USE_TRUNCATE_NOT_UNLINK in src/defines.h. | |
4007 | - Changed internal icon headers to use Cache-control | |
4008 | Max-age instead of Expires. | |
4009 | - Changed storeMaintainSwapSpace behavior to be adjusted | |
4010 | smoothly, instead of discretely, between store_swap_low | |
4011 | and store_swap_high. This includes the number of | |
4012 | objects to scan, number to remove, and time until the | |
4013 | next storeMaintainSwapSpace event. | |
4014 | - Fixed a quick_abort bug that incorrectly calculated | |
4015 | content lengths. | |
4016 | - Added getpwnam() auth module from Erik Hofman. | |
4017 | - Added 'coredump_dir' option. | |
4018 | - Fixed a peerDestroy() assertion that required peer->digest | |
4019 | to be NULL at the end of peerDestroy(). | |
4020 | - configure script now automatically enables dlmalloc for | |
4021 | Solaris/x86. | |
4022 | - configure enables poll() on linux 2.2 and later (Henrik). | |
4023 | - Icon files are now distributed in binary format, install | |
4024 | will not need to run 'sh' and 'uudecode'. | |
4025 | - Fixed some bugs with large responses (>READ_AHEAD_GAP) and | |
4026 | re-forwarding requests and ENTRY_FWD_HDR_WAIT. | |
4027 | fwdCheckDeferRead() will NOT defer reading if the | |
4028 | ENTRY_FWD_HDR_WAIT bit is set. | |
4029 | - Fixed a "F->flags.open" assertion for aborted FTP PUT's. | |
4030 | - Fixed a (double) cast problem that caused statAvgTick() | |
4031 | events to be added as fast as possible. | |
6b8e7481 | 4032 | - Changed httpPacked304Reply() to not include the Content-Length |
4033 | header for 304 replies that Squid generates. We used to | |
4034 | include the length of the cached object, and this broke | |
4035 | persistent connections. | |
4036 | ||
4037 | 2.2.STABLE2: | |
4038 | ||
4039 | - Fixed configure bug for statvfs() checks. Configure reports | |
4040 | "test: =: unary operator expected" or similar because an | |
4041 | unquoted variable is not defined. | |
4042 | - Fixed aclDestroyAcls() assertion because some ACL types | |
4043 | are not listed in the switch statement. Occurs for | |
4044 | srcdom_regex and dstdom_regex ACL types during reconfigure. | |
4045 | - Typo "applicatoin" in src/mime.conf | |
4046 | - The unlinkd daemon never saw the USE_TRUNCATE_NOT_UNLINK | |
4047 | #define because it didn't include squid.h. | |
4048 | - Fixed commRetryFD() when bind() fails. commRetryFD was | |
4049 | closing the filedescriptor, but it is the upper layer's | |
4050 | job to close it. | |
4051 | - Changed configure's "maximum number of filedescriptors" | |
4052 | detection to only use getrlimit() for Linux. On AIX, | |
4053 | getrlimit returns RLIM_INFINITY. | |
4054 | - Fixed snmpInit() nesting bug. | |
4055 | - Fixed a bug with peerGetSomeParent(). It was adding | |
4056 | a parent to the FwdServers list, regardless of the | |
4057 | ps->direct value. This could cause every request to | |
4058 | go to a parent even when always_direct is used. | |
4059 | - Changed fwdServerClosed() to rotate the "forward servers" | |
4060 | list when a connection establishment fails. Otherwise | |
4061 | it always kept trying to connect to the first server | |
4062 | int the list. | |
b93549f6 | 4063 | |
2be4e260 | 4064 | 2.2.STABLE3: |
4065 | ||
4066 | - Fixed preprocessor problems for HP-UX in lib/safe_inet_addr.c. | |
4067 | - Avoid coredump in aclMatchAcl() if someone tries to use | |
4068 | proxy authentication with a non-HTTP request (e.g. icp_access). | |
4069 | - Moved 'ident_lookup_access' in squid.conf so it appears | |
4070 | after the ACL section. | |
4071 | - Fixed typo in squid.conf on "Config.Addrs.snmp_outgoing" | |
4072 | - Fixed a case in clientCacheHit() where we thought it | |
4073 | was a hit, but the reply status was not 200, so we | |
4074 | had to perform a cache miss. We forgot to change the | |
4075 | log_type and these were being recorded as TCP_HIT's. | |
4076 | - Fixed a void pointer subtraction bug in delayIdPtrHashCmp(). | |
4077 | - Fixed delay_pools coredump and memory leak bugs from | |
4078 | NULL delay_id values. | |
4079 | - Fixed a SEGV bug with delay_pools when requesting | |
4080 | 'objects' or 'vm_objects' from the cachemgr. | |
4081 | - Added a workaround for buggy FTP servers that return | |
4082 | a size of zero for non-zero-sized objects. | |
4083 | - Removed umask(0) call from main(). | |
4084 | - Fixed a peer selection bug that caused us to never select | |
4085 | a neighbor based on ICP replies if the ICP timeout occurs. | |
4086 | In conjunction with this, removed the PING_TIMEOUT state. | |
4087 | - Fixed a store_rebuild bug that caused us to get stuck trying | |
4088 | if a cache_dir subdirectory didn't exist. | |
4089 | - Fixed a buffer overrun bug in gb_to_str(). | |
4090 | ||
9bc73deb | 4091 | 2.2.STABLE4: |
4092 | ||
4093 | - Fixed a dread_ctrl leak caused in store_client.c | |
4094 | - Fixed a memory leak in eventRun(). | |
4095 | - Fixed a memory leak of ErrorState structures due to | |
4096 | a bug in forward.c. | |
4097 | - Fixed detection of subdomain collisions for SPLAY trees. | |
4098 | - Fixed logging of hierarchy codes for SSL requests (Henrik | |
4099 | Nordstrom). | |
4100 | - Added some descriptions to mib.txt. | |
4101 | - Fixed a bug with non-hierarchical requests (e.g. POST) | |
4102 | and cache digests. We used to look up non-hierarchical | |
4103 | requests in peer digests. A false hit may cause Squid | |
4104 | to forward a request to a sibling. In combination with | |
4105 | 'Cache-control: only-if-cached, this generates 504 Gateway | |
4106 | Timeout responses and the request may not be re-forwardable. | |
4107 | - Fixed a filedescriptor leak for some aborted requests. | |
4108 | ||
4109 | ||
4d62b0af | 4110 | Changes to Squid-2.1 (November 16, 1998): |
8f897f34 | 4111 | |
4112 | - Changed delayPoolsUpdate() to be called as an event. | |
4113 | - Replaced comm_select FD scanning loops with global fd_set | |
4114 | structures. Inspired by Jeff Mogul's patch for squid 1.1. | |
9e1559ea | 4115 | - Moved functions common to dns.c, redirect.c, authenticate.c, |
4116 | ipcache.c, and fqdncache.c into helper.c. | |
0753aa46 | 4117 | - Changed storeClientCopy2() so that it keeps sending the remainder |
4118 | of a STORE_ABORTED request, instead of cutting off the client as | |
4119 | soon as the object becomes aborted. | |
f0538986 | 4120 | - Fixed combined ipf-transparent proxy and a local http-accelerator |
4121 | operation (Quinton Dolan). | |
4122 | - Rewrote base64_decode.c because of potential buffer overrun | |
4123 | bugs. | |
912432d8 | 4124 | - Configurable handling of whitespace in request URI's. |
4125 | See 'uri_whitespace' in squid.conf. | |
e33ec474 | 4126 | - Added ability to generate HTTP redirect messages from |
4127 | the redirector output by prepending "301:" or "302:" to the | |
4128 | new url. See FAQ 4.16 for more details. | |
829a9357 | 4129 | - Eliminated refreshWhen() which was out-of-sync with refreshCheck() |
4130 | potentially causing under-utilized cache digests | |
4131 | - Maintain refreshCheck statistics on per-protocol basis so we | |
4132 | can tell why ICP or Digests return too many misses, etc. | |
c68e9c6b | 4133 | - Fixed delay_pools.c class2/class3 typo (Simon Woods). |
4134 | - Changed squid.conf's default access controls to deny all | |
4135 | HTTP requests. Admins must write ACL rules to specifically | |
4136 | allow their local clients. | |
4137 | - Patched French error messages (Mathias HERBERTS). | |
4138 | - NextStep porting fixes by Mike Laster: | |
4139 | - use xstrdup() in cf_gen.c | |
4140 | - check for putenv() in configure | |
4141 | - #define S_ISDIR macro | |
4142 | - Added --disable-poll configure option (Henrik Nordstrom). | |
4143 | - Fixed internal URL hostname case bugs (Henrik Nordstrom). | |
4144 | - Patched ftp.c so we never cache autenticated FTP requests | |
4145 | (Henrik Nordstrom). | |
4146 | - Fixed FTP authentication. We tried to unescape authentication | |
4147 | given by basic authentication which is not URL escaped | |
4148 | (Henrik Nordstrom). | |
4149 | - Fixed HTTP version for common logfile format (Henrik Nordstrom). | |
4150 | - Added 'redirect_rewrites_host_header' option to disable rewriting | |
4151 | of Host header for redirector responses (Henrik Nordstrom). | |
4152 | - Allow semi-customized error message signatures (Henrik Nordstrom). | |
4153 | - Fixed bug with errors for unsupported requests (Henrik Nordstrom). | |
4154 | - Fixed handling of blank lines in ACL input files (Henrik | |
4155 | Nordstrom). | |
4156 | - Changed proxy_auth ACL type to consist of a list of valid | |
4157 | users. REQUIRED == any (same as ident ACL). ACL type user | |
4158 | changed to ident since this is what it really is. | |
4159 | (Henrik Nordstrom). | |
4160 | - Fixed long URL bugs; make sure 'log_uri' never exceeds | |
4161 | MAX_URL bytes. | |
4162 | - Allow comments in external ACL files (Gerhard Wiesinger). | |
4163 | - Added 'range_offset_limit' configuration option. Requests | |
4164 | with ranges that start after this value will be passed | |
4165 | on unmodified, and Squid will not cache the response | |
4166 | (Henrik Nordstrom). | |
4167 | - Added Client HTTP Hit byte counters to 'counters' output | |
4168 | (Douglas Swarin). | |
4169 | - Got Squid to compile with --enable-async-io on FreeBSD. | |
4170 | - Fixed infinite loop bug for cachemgr 'config' option. | |
4171 | - Fixed cachability bugs for replies with Pragma: no-cache. | |
4172 | - Made content-type multipart/x-mixed-replace uncachable. | |
4173 | - Y2K fix for parsing dates in "Wed Jun 9 01:29:59 1993 GMT" | |
4174 | format (Richard Kettlewell). | |
4175 | - Fixed passing -s option to dnsserver processes (Alvaro Jose | |
4176 | Fernandez Lago). | |
4177 | - Changed proxy_auth to work on internal objects and when in | |
4178 | accelerator mode. (Henrik Nordstrom) | |
4179 | - Added login=user:password option to cache_peer directive to | |
4180 | be used from a dial-up cache where the parent requires proxy | |
4181 | authentication. (Henrik Nordstrom) | |
4182 | - If you want to "auto-login", then use a URL on the form | |
4183 | http://username:password@server/.... Squid now picks this up | |
4184 | when going direct, and turns it into basic WWW | |
4185 | authentication. It is also possible to do automatic login to | |
4186 | certain servers by using a redirector to add the needed | |
4187 | authentication information. (Henrik Nordstrom) | |
04f0ba5c | 4188 | - Changed refreshCheck() so that objects with negative age |
4189 | are always stale. | |
4d62b0af | 4190 | - Fixed "plain" FTP listings (Henrik Nordstrom). |
4191 | - Fixed showing banner/logon message for top-level FTP | |
4192 | directories (Henrik Nordstrom). | |
4193 | * Changes below have been made to SQUID_2_1_PATCH1 | |
4194 | - Fixed pinger packet size assertion. | |
4195 | - Fixed WAIS forwarding. | |
4196 | - Fixed dnsserver coredump bug caused by using both -D and | |
4197 | -s options. | |
e42d5181 | 4198 | * Changes below have been made to SQUID_2_1_PATCH2 |
4199 | - Fixed EBIT macro bugs when the bitmask is a 64-bit long. | |
4200 | - Fixed proxy auth NULL password bug. | |
4201 | - Fixed queueing of multiple peerRefreshDNS events. | |
4202 | - Added a stack of StoreEntry objects to be released after | |
4203 | store rebuild completes. | |
4204 | - Fixed NULL pointer bugs with too-large requests (found by | |
4205 | Martin Lathoud). | |
4206 | - Fixed reading replies from buggy ident servers. Replies | |
4207 | might not have terminating CR or LF (Henrik Nordstrom). | |
b4019ff7 | 4208 | - Changed internal StoreEntry key so that the request method |
4209 | is encoded as a single octet. Encoding an enumerated type | |
4210 | has size and byte-order incompatibilities, especially for | |
4211 | cache digests. | |
4212 | - Fixed storeEntryLocked so that SPECIAL, but PRIVATE entries | |
4213 | are not always locked. This fixes having multiple | |
4214 | store_digest's stuck in memory. | |
4215 | - Fixed clientProcessOnlyIfCachedMiss so it unlocks and | |
4216 | unregisters from "cache hit" entries. | |
4217 | * Changes below have been made to SQUID_2_1_PATCH3 | |
4218 | - Fixed memory leak in clientHandleIMSReply for | |
4219 | storeClientCopy failures. | |
8f897f34 | 4220 | |
41587298 | 4221 | Changes to Squid-2.0 (October 2, 1998): |
71d6dc56 | 4222 | |
4c154d99 | 4223 | - Added NAT/Transparent hijacking code from Quinton Dolan. |
4224 | - Added actual filesystem usage to cachemgr 'storedir' page. | |
41587298 | 4225 | Only works for operating systems which support statvfs(). |
a79d724b | 4226 | - Fixed HTCP compile-time bugs. |
4227 | - Fixed quick_abort bugs. Configured values are stored as | |
4228 | Kbytes, not bytes. | |
41587298 | 4229 | - Removed fwdAbortFetch(). It breaks quick_abort and seems |
4230 | mostly useless. | |
0da7d807 | 4231 | - Changed storeDirSelectSwapDir() to skip swap directories |
4232 | when their utilization is over the high water mark ratio. | |
9ca005ac | 4233 | - Fixed off-by-one bug for dead neighbor detection (Joe Ramey). |
18cc143b | 4234 | - fixed bugs in Content-Range header generation |
4235 | - changed the way Range requests are handled: | |
71d6dc56 | 4236 | - do not "advertise" our ability to process ranges at |
4237 | all | |
4238 | - on hits, handle simple ranges and forward complex | |
4239 | ones | |
4240 | - on misses, fetch the whole document for simple ranges | |
4241 | and forward range request for complex ranges | |
4242 | The change is supposed to decrease the number of cases when | |
4243 | clients such as Adobe acrobat reader get confused when we | |
4244 | send a "200" response instead of "206" (because we cannot | |
4245 | handle complex ranges, even for hits) Note: Support for | |
4246 | complex ranges requires storage of partial objects. | |
41587298 | 4247 | - Removed SNMP mib-2.system group from squid. |
6474667e | 4248 | - Removed SNMP ability to iterate through ipcache and friends. |
4249 | - Added SNMP ipcache/fqdncache basic statistics. | |
4250 | - Converted SQUID-MIB to SMIv2 (RFC 1902). | |
4251 | - Moved SQUID-MIB to enterprises section of the tree in preparation | |
4252 | of the split into PROXY-MIB & SQUID-MIB. | |
4253 | - Corrected minor errors in SQUID-MIB. | |
4254 | - Moved uptime into cacheSystem from cacheConfig. | |
4255 | - Corrected a number of get-next-request bugs, snmpwalk should now | |
4256 | return all objects and not skip some. | |
41587298 | 4257 | - Fixed netdbClosestParent() so it won't return sibling |
4258 | peers. | |
4259 | - Fixed a bug with secondary clients on entries with | |
4260 | ENTRY_BAD_LENGTH set. We should release the | |
4261 | bad entry to prevent secondary clients jumping on. | |
4262 | - Changed MIB to prevent parse warnings at startup. | |
f0538986 | 4263 | * Changes below have been made to SQUID_2_0_PATCH1 |
9689d97c | 4264 | - Fixed a forwarding loop bug. Even though we were detecting |
4265 | a loop, it was not being broken. | |
4266 | - Try to prevent sibling forwarding loops by NOT forwarding a | |
4267 | request to a sibling if we have a stale copy of the object. | |
4268 | Validation requests should only be sent to parents (or | |
4269 | direct). | |
4270 | - Fixed ncsa_auth hash bugs when re-reading password file. | |
4271 | - Changed clientHierarchical() so that by default SSL/CONNECT | |
4272 | requests do NOT go to neighbor caches. | |
d87ebd78 | 4273 | - Changed clientHandleIMSReply() to not call storeAbort() |
4274 | because there can be more than one client hanging on the | |
4275 | StoreEntry. This hopefully fixes "store_status != | |
4276 | STORE_ABORTED" assertions. | |
f0538986 | 4277 | - Added temporary fix to httpMakePublic() to prevent assertions |
4278 | (!EBIT_TEST(e->flags, RELEASE_REQUEST)) in storeSetPublicKey(). | |
4279 | * Changes below have been made to SQUID_2_0_PATCH2 | |
4280 | - PATCH1 introduced a seriously stupid bug which prevented ICP | |
4281 | queries for all requests. Fixed by checking | |
4282 | request->hierarchical in peerSelectFoo(). | |
18cc143b | 4283 | |
4c154d99 | 4284 | Changes to squid-1.2.beta25 (September 21, 1998): |
4285 | ||
4b66bfd3 | 4286 | - Fixed async IO bugs from adding filedescriptor arg to AIOCB |
4287 | callbacks (Henrik Nordstrom). | |
4288 | - Fixed store_swapout.c assertion. We were freeing object data | |
4289 | past the swapout_done offset. This probably happens (only?) | |
4290 | when an object changes from cachable to uncachable while | |
4291 | it is being swapped out. | |
a260d877 | 4292 | - Added MEM_CLIENT_SOCK_BUF type so we can change the size |
4293 | of the buffers used for writing data to the client sockets. | |
669d90e7 | 4294 | - Added configure check for libbind.a. If found, it will be |
4295 | used instead of libresolv.a. | |
4296 | - Changed fwdStart() to always allow internally generated | |
dddd5b55 | 4297 | requests, such as for peer digests. These requests are |
4298 | known to fwdStart() because the address arg is set to | |
4299 | 'no_addr'. | |
669d90e7 | 4300 | - Completed initial HTCP implementation. It works, but is not |
4301 | tested much. | |
2d5c8e74 | 4302 | - Added counters for I/O syscalls. |
4303 | - Fixed httpMaybeRemovePublic. With broken ICP neighbors | |
4304 | (netapp) Squid doesn't use private keys. This caused us | |
4305 | to remove almost every object from the cache. | |
4306 | - Added 'asndb' cachemgr stats to show AS Number tree. | |
dddd5b55 | 4307 | - Fixed AS Number byte-order bug for netmasks. |
2d5c8e74 | 4308 | - Fixed comm_incoming calling rate for high loads (Stewart |
4309 | Forster). | |
426012d2 | 4310 | - Give always_direct higher precedence than never_direct |
4311 | (Henrik Nordstrom). | |
dddd5b55 | 4312 | - Changed PORT ACL type to accept ranges. Now you can easily |
4313 | deny, for example, all priveleged ports except 80, 70, 21, | |
4314 | etc. | |
4315 | - ARP ACL fixes for Linux (David Luyer). | |
4316 | - Replaced various "EBIT" flags bitfileds with structures of | |
4317 | "int:1" members. | |
4318 | - Changed storeKeyPrivate and storeKeyPublic to be a bit more | |
4319 | efficient by removing snprintf(). This causes an | |
4320 | incompatibility with old cache keys, however. To transition, | |
4321 | we will look up both the new and old style keys for about the | |
4322 | next 30 days. After that, if you haven't run this (or a | |
4323 | future) version, your cache contents will be lost. | |
4324 | - Made the client-side write buffer size configurable with | |
4325 | a #define in defines.h. By default it is still 4096 bytes. | |
4326 | - Removed redirectUnregister(). It should be unnecessary | |
4327 | because of cbdata locks. | |
4328 | - Fixed multiple HEAD request brokennesses (Henrik Nordstrom). | |
4329 | - Changed non-blocking connect(2) code to call getsockopt() | |
4330 | instead of connect() again. This is the approach recommended | |
4331 | by Stevens, and fixes bugs on BSD-ish systems when subsequent | |
4332 | connect() calls loop with EAGAIN status. | |
4333 | - Added MD5 cache keys to memory pool accounting. | |
4334 | - Added code to track number of open DISK descriptors and stop | |
4335 | swapping out objects if the number of disk descriptors becomes | |
4336 | too large. For now the limit must be manually configured with | |
4337 | the 'max_open_disk_fds'. By default, there is no limit. | |
4338 | - Stopped encoding a request method in the high byte of the ICP | |
4339 | reqnum field. Instead queried cache keys are copied to a | |
4340 | static array, indexed by the reqnum, modulo the array size. | |
4341 | Now we just use the request number to lookup a cache key, | |
4342 | instead of rebuilding it from the ICP reply URL and method, | |
4343 | unless we have netapp neighbors--they don't do reqnum | |
4344 | properly. | |
4345 | - Fixed reconfigure memory access bugs in redirect.c. | |
0753aa46 | 4346 | - Ignore unreasonably large ICP RTT values which cause overflow |
4347 | bugs in calculating the average RTT (thanks Niall!) | |
4b66bfd3 | 4348 | |
8e6a43e8 | 4349 | Changes to squid-1.2.beta24 (August 21, 1998): |
4350 | ||
6c4067e5 | 4351 | - Added Bulgarian error pages by Evgeny Gechev. |
ceb79b2b | 4352 | - Changed StoreEntry->lock_count to a u_short. |
c7d6216e | 4353 | - Replaced urlcmp with strcmp |
4354 | - Fixed pragma no-cache ejecting ENTRY_SPECIAL objects | |
4355 | (Henrik Nordstrom). | |
4356 | - Eliminated unneeded BASE HREF on "root" directories (Henrik | |
4357 | Nordstrom). | |
4358 | - Fixed peerDigestFetchFinish() assertion caused by forwarding | |
4359 | failures (e.g. miss_access rules). | |
ada249f8 | 4360 | - Changed signal handlers with ASYNC_IO and Linux so that |
4361 | -k command line options work (Miquel van Smoorenburg). | |
4616f9ea | 4362 | - Rewrote shutdown code to use events instead of setting |
4363 | FD timeouts. | |
903e21a0 | 4364 | - Fixed cachemgr 'objects' (statObjects()) by adding a check |
b6a76fb2 | 4365 | for READ_AHEAD_GAP, and calling storeCheckSwapout() in |
4366 | storeBufferFlush(). Otherwise, the read-past pages would | |
4367 | never be freed. | |
681979a2 | 4368 | - Fixed DNSSERVER shutdown bugs. The re-opened dnsserver processes |
4369 | were being closed by the dnsServerShutdown event. | |
b6a76fb2 | 4370 | - Modified storeHashInsert() to insert PRIVATE objects at |
4371 | the tail of the LRU list, and PUBLIC objects at the head. | |
4372 | Thus, PRIVATE objects get kicked out quicker. | |
95e36d02 | 4373 | - Added David Luyer's DELAY_POOLS code. |
54b5b3e5 | 4374 | - Fixed a bug due to HEAD replies which lack the end-of-headers |
4375 | line. | |
4376 | - Made proxy-auth realm string configurable (Bob Franklin) | |
4377 | - Changed default mime time to a viewable one (Henrik Nordstrom). | |
4378 | - configure fixes for Sony's NEWS-OS 6.x (Makoto MATSUSHITA). | |
4379 | - Fixed 'you are running out of filedescriptors' bug which | |
4380 | could cause the HTTP incoming connection handler to not | |
4381 | be reset. | |
e23fbf04 | 4382 | - Changed syslog logging. Now squid debug levels 0 and 1 go |
d737baa0 | 4383 | to syslog. Level 0 gets LOG_WARNING and level 1 gets LOG_NOTICE |
e23fbf04 | 4384 | (this needs more work!) |
2cb51fe0 | 4385 | - Fixed memory access errors in statAvgTick(). |
abc1237e | 4386 | - Fixed duplicate requestUnlink() bug in forward.c |
6c4067e5 | 4387 | - Fixed possible memory access bugs from not setting e->mem_obj |
4388 | = NULL in destroy_MemObject(). | |
4389 | - Deleted TCP_IMS_MISS tag. Always use TCP_IMS_HIT instead. | |
4390 | - Modified headersEnd and httpMsgIsolateHeaders to account | |
4391 | for funky line terminations such as CRCRNL. | |
4392 | (``but Netscape and IE _tolerate_ this'') | |
4393 | - Fixed carp functions (Eric Stern). | |
4394 | - Replaced internal proxy_auth code with extern authentication | |
4395 | module (Arjan de Vet). | |
4396 | - moved hash.c to libmiscutil.a. | |
e931f99a | 4397 | - Fixed handling of ICP queries with whitespace in URLs. |
4398 | Now we return ICP error and escape the URL before logging. | |
3a15a393 | 4399 | - Added configure check for socklen_t (David Luyer). |
4400 | - Removed USE_SPLAY #defines; it is now standard. | |
3a76c002 | 4401 | - Added FD arg to async IO callbacks (AIOCB) so we can eliminate |
4402 | temporary disk_ctrl_t structures. | |
4403 | - Changed ENOSPC disk write errors to reduce specific cache_dir | |
4404 | sizes, and not just the size of the cache as a whole. | |
f9cece6e | 4405 | - Added httpMaybeRemovePublic() to purge public objects for |
4406 | certain responses even though they are uncachable. This is | |
4407 | needed, for example, when an initially cachable object | |
4408 | later becomes uncachable. | |
8e6a43e8 | 4409 | - Added refresh_pattern options to ignore client reloads |
4410 | (Henrik Nordstrom) | |
4411 | - Relocated disk.c code which combines blocks for writing | |
4412 | (Stewart Forster). | |
c7d6216e | 4413 | |
857703c6 | 4414 | Changes to squid-1.2.beta23 (June 22, 1998): |
4415 | ||
cf7f704c | 4416 | - Added Turkish error pages by Tural KAPTAN. |
66bbb757 | 4417 | - Added basic support for Range requests. For most cachable |
4418 | requests, Squid replies with an "Accept-Ranges" header. Upon | |
4419 | receiving a potentially cachable Range request for a not | |
4420 | cached object, Squid requests the whole object from origin | |
4421 | server and then replies with specified range(s) to the | |
4422 | client. Multi-range requests are supported. Adjacent | |
4423 | overlapping ranges are merged. If-Range requests are | |
4424 | supported. Limitations: Multi-range requests with out of | |
4425 | order ranges are not supported. | |
4426 | - Made md5.c use standard memcpy and memset if they are | |
4427 | avaliable. | |
4428 | - Memory pools will now shrink if Squid is run-time | |
4429 | reconfigured with smaller value of memory_pools_limit tag. | |
4430 | - Added counter for number of clients (Tomi Hakala). | |
4431 | - Changed neighbor UP/DOWN algorithm to require 10 failed TCP | |
4432 | connections for UP->DOWN transition. | |
4433 | - Added 'unique_hostname' configuration option when its | |
4434 | necessary to have multiple machines with the same visible | |
4435 | hostname. | |
222917b2 | 4436 | - Fixed pumpReadFromClient() to not read too many bytes on |
4437 | persistent connections. | |
53856ebd | 4438 | - We can now cache HTTP replies with Set-Cookie. These evil |
4439 | headers are now filtered out for cache hits on the client | |
4440 | side. | |
222917b2 | 4441 | - Fixed SNMP bugs caused by using snmpwalk. |
9089cc70 | 4442 | - Fixed snmp system Group; all objects are now returned. |
4443 | - Fixed snmp system Group sysDescr and sysContact. | |
78dfab2a | 4444 | - Fixed snmp system Group sysObjectID it now returns a OBJECT |
4445 | IDENTIFIER. | |
7fce9c3e | 4446 | - Allocate FwdState from mem pools. |
4447 | - Minor HTCP progress. | |
222917b2 | 4448 | - Moved 'miss_access' ACL check from client_side.c to forward.c |
ed169eab | 4449 | - Fixed logging of usernames for requests which require |
4450 | proxy-authentication. | |
cf7f704c | 4451 | - Fixed HTTP request parser to accept lowercase HTTP identifier |
4452 | (Oskar Pearson). | |
4453 | - Fixed FTP listings to always include links to the parent | |
4454 | directory (Henrik Nordstrom). | |
4455 | - Fixed FTP to show an "empty" listing instead of showing | |
4456 | a "document contains no data" error (Henrik Nordstrom). | |
4457 | - Fixed refreshCheck() bug. Often it was checking the | |
4458 | refresh patterns against the string "[null_mem_obj]" | |
4459 | because we moved URLs to MemObject. | |
4460 | - Added CARP support by Eric Stern. | |
48382032 | 4461 | - Fixed select-spin bug when an ICP reply actually gets queued |
4462 | and we failed to execute the write callback. | |
354b5fe1 | 4463 | - Fixed a storeCheckSwapOut bug. We were freeing up to |
4464 | the queued offset instead of the done offset. This | |
4465 | resulted in a small chunk of object data not being in | |
4466 | memory and not yet written to disk. A client could | |
4467 | recieve a partial object because file_read() unexpectedly | |
4468 | returns EOF. | |
0aa791f8 | 4469 | - Fixed proxy-authentication hangs (Henrik Nordstrom). |
c2354a6b | 4470 | - Fixed request_t->flags bug causing authenticated, proxied |
4471 | responses to be cached (Arjan de Vet). | |
e0e32f36 | 4472 | - Fixed MIME types for .tgz extension (Henrik Nordstrom). |
4473 | - Added view and download options to FTP listings (Henrik | |
4474 | Nordstrom). | |
4475 | - Modified configure to allow using pre-installed libdlmalloc.a | |
4476 | (Masashi Fujita). | |
e8d8856c | 4477 | - Fixed cachemgr 'objects' implementation. |
fecf98dc | 4478 | - Changed refreshCheck() algorithm. For cached objects, we |
4479 | now check, in the following order: | |
4480 | * request max-age | |
4481 | * response Expires (if present) | |
4482 | * refresh_pattern max-age | |
4483 | * response Last-Modified compared to refresh_pattern | |
4484 | LM-factor (only if Last-Modified is present) | |
4485 | * refresh_pattern min-age | |
4486 | - Changed Copyrights. | |
d192d11f | 4487 | |
ee3a78d4 | 4488 | Changes to squid-1.2.beta22 (June 1, 1998): |
4489 | ||
2246b732 | 4490 | - do not cut off "; parameter" from "digitized" Content-Type |
4491 | http fields | |
4492 | - Added X-Request-URI for persistent connection debugging | |
4493 | (Henrik Nordstrom) | |
f4d83f6d | 4494 | - Added Polish error pages from Maciej Kozinski. |
145f10f1 | 4495 | - Fixed hash_first/hash_next bugs with **Current pointer. |
4496 | Replaced with *next pointer. | |
f4d83f6d | 4497 | - Fixed PUT/POST bugs in client (Henrik Nordstrom). |
4498 | - Deny forwarding loops in httpd accel mode (Henrik Nordstrom). | |
4499 | - Fixed eventRun "spin" bug when event delta time == 0. | |
a9cc1935 | 4500 | - Fixed setting Last Modified time on cached entries when |
4501 | receiving a 304 reply. | |
06e87923 | 4502 | - Added while loop in httpAccept(). |
4503 | - Added while loop in icpHandleUdp(). | |
4504 | - Fixed some small memory leaks. | |
4505 | - Fixed single-bit-int flag checks (Henrik Nordstrom). | |
137ee196 | 4506 | - Replaced "complex" (offset accounting) calls to snprintf with MemBuf |
4507 | - Do not send only-if-cached cc directive with requests | |
6474667e | 4508 | for peer's digests. |
ee3a78d4 | 4509 | - Added "automatic tuning" for incoming request rate, i.e. |
4510 | how often to check HTTP and ICP sockets. See comm.c | |
4511 | comments for details. | |
145f10f1 | 4512 | |
6ee40ea2 | 4513 | Changes to squid-1.2.beta21 (May 22, 1998): |
4514 | ||
434b408f | 4515 | - Added Italian error pages by Alessio Bragadini. |
a3f9588e | 4516 | - Added Estonian error pages by Toomas Soome. |
06066bbc | 4517 | - Added Russian (koi-r) error pages by Andrew L. Davydov. |
7b381d33 | 4518 | - Added Czech error pages by Jakub Nantl. |
8e866bb4 | 4519 | - Fixed asnAclInitialize calling to prevent coredump. |
4520 | - Fixed FTP directory parsing again. | |
4521 | - Made FTP directory listing "Generated" tagline like | |
4522 | the one for error pages. | |
52f977aa | 4523 | - Fixed an assertion coredump in statHistCopy from |
6474667e | 4524 | reconfiguring with different #peers in squid.conf |
10202788 | 4525 | - Ignore leading whitespace on requests (and replies). RFC |
4526 | 2068 section 4.1, robustness (Henrik Nordstrom) | |
4527 | - Fixed keep_alive bug. We did not always honour reply | |
4528 | headers, but rather assumed connections could be persistent. | |
4529 | - Fixed reading whois output for AS numbers, especially when | |
4530 | they are longer than 4 KB. | |
4531 | - Removed 'cache_stoplist_pattern' configuration option. This | |
4532 | feature is now handled by 'no_cache'. | |
4533 | - If a URN resolves to only one URL, just return it immediately | |
4534 | instead of giving the user a "choice" (Andy Powell). | |
4535 | - Fixed year-2000 bug in lib/iso3307.c (Henrik Nordstrom). | |
4536 | - Changed squid-internal object names. | |
4537 | - Added netdb exchange protocol. | |
4538 | - Fixed wordlistDestroy() uninitialized pointer bug in | |
4539 | ftpParseControlReply. | |
06066bbc | 4540 | - Fixed redirector subprocess to show real program name. |
4541 | - Changed URN menu output to be sorted. | |
4542 | - Added fast select(2) timeouts when using ASYNC_IO. | |
4543 | - Added ARP ACL support for Linux (David Luyer). | |
6474667e | 4544 | - Added binary http headers to requests |
4545 | - request_t objects are now created and destroyed in a consistent way | |
4546 | - Fixed cache control printf bug | |
4547 | - Added a lot of new http header ids | |
4548 | - Improved Connection: header handling; now both Connection and | |
4549 | Proxy-Connection headers are checked for connection directives | |
4550 | - Connection request header is now handled correctly regardless | |
4551 | of its position and the number of entries | |
2246b732 | 4552 | - Only replies with valid Content-Length can be sent with keep-alive |
4553 | connection directive (Henrik Nordstrom) | |
6474667e | 4554 | - Better handling of persistent connection "clues" in HTTP headers; |
2246b732 | 4555 | the decision now depends on HTTP version (and User-Agent exceptions) |
6474667e | 4556 | - Removed handling of "length=" directive in IMS headers; |
4557 | the directive is not in the HTTP/1.1 standard; | |
4558 | standing by for objections | |
4559 | - allowed/denied headers are now checked using bit masks instead of | |
4560 | strcmp loops | |
4561 | - removed Uri: from allowed headers; Uri is deprecated in RFC 2068 | |
2246b732 | 4562 | - removed processing of Request-Range header (not in specs?) |
7b381d33 | 4563 | - Fixed byte-order bugs in cacheDigestHashKey. |
4564 | - Changed hash_remove_link() to return void. | |
4565 | - Changed ipcache_gethostbyname() to return NULL if | |
4566 | i->addrs.count == 0. | |
6de5fa88 | 4567 | - Added millisecond-timing to select/poll loops and event |
4568 | queue. | |
4569 | - Changed 'peerPingTimeout' value to be twice the average | |
4570 | of all the peer ICP RTT's. | |
4571 | - Added 'half_closed_clients' option to force closing of | |
4572 | client connections which might only be half-closed. | |
4573 | - Fixed matchDomainName coredump bug. | |
4574 | - Don't cache HTTP replies with Vary: headers until we | |
4575 | get content negotiation working. | |
4576 | - Fixed SSL proxying to forward full HTTP request headers. | |
c09459dd | 4577 | - Changed storeGetMemSpace(). Only purge down to the HIGH |
4578 | water mark; move locked entries to the head of the inmem | |
4579 | list. | |
4580 | - Changed clientReadRequest() to locally handle any | |
4581 | "squid-internal-static" URL for any host. | |
52f977aa | 4582 | - Disable persistent connections for client connections |
4583 | from broken Netscape User-Agent, version 3.* (Stewart Forster) | |
434b408f | 4584 | |
901b8eaf | 4585 | Changes to squid-1.2.beta20 (April 24, 1998): |
4586 | ||
fd1bc012 | 4587 | - Improved support for only-if-cached cache control directive. |
4588 | - Enabled 304 replies for ENTRY_SPECIAL objects (e.g., icons). | |
a1a62b14 | 4589 | - Fixed 'quick_abort' percent calculation bug. |
4590 | - Fixed quick_abort FPE bug. | |
4591 | - Changed more errno-checking functions to use ignoreErrno(). | |
4592 | - Added ERESTART to ignoreErrno() because of report from | |
4593 | a Solaris system. | |
4594 | - Fixed '#elsif' typo. | |
4595 | - Fixed MemPool assertion by moving memInit() to before | |
4596 | configuration parsing functions. | |
4597 | - Fixed default 'announce_period' value (was 1 day, should | |
4598 | be 0) (Joe Ramey). | |
4599 | - Added configure warning for low filedescriptors and pointer | |
4600 | to FAQ. | |
b0497a40 | 4601 | - Fixed httpBodySet() bug causing URN related coredumps. |
4602 | - Changed ipcacheCycleAddr() to always cycle through all all | |
4603 | available addresses, and not just advance when one of | |
4604 | them goes BAD. | |
4605 | - Fixed squid-internal bug for mixed-case hostnames (Henrik | |
4606 | Nordstrom). | |
4e41d49f | 4607 | - Fixed ICP counting probelm. icpUdpSend() arg should be |
4608 | LOG_ICP_QUERY instead of LOG_TAG_NONE. | |
e4b71f74 | 4609 | - Added some additional fault toleranse on FTP data channels |
4610 | (Henrik Nordstrom). | |
4611 | - Corrected error reporting on FTP "hacks" (Henrik Nordstrom). | |
4612 | - Added lock/unlock for StoreEntry during storeAbort(). | |
4613 | - Added filemap bit usage stats to cachemgr 'storedir' and | |
4614 | 'info'. | |
4615 | - Replaced 'cache_stoplist' with 'no_cache' Access list. | |
4616 | - Fixed (hopefully) remaining swapfile-open-at-exit bugs. | |
44745828 | 4617 | - Fixed default hierarchy_stoplist to be ``default if none.'' |
4618 | - Fixed 'fake a recent reply' hack for detecting DEAD | |
4619 | and ALIVE neighbors (Joe Ramey). | |
e376562a | 4620 | - Fixed FTP directory parsing bugs (Joe Ramey). |
4621 | - Fixed ftpTraverseDirectory coredump for NULL ftpState->filepath | |
4622 | (Joe Ramey). | |
dea17509 | 4623 | - Fixed daylight savings time bug (again). |
fd1bc012 | 4624 | - A lot of Cache Digests additions, fixes, and tuning. |
4625 | Cache Digests are still "very experimental". | |
e376562a | 4626 | - Fixed snprintf() bug. When len == 1, snprintf() would treat |
4627 | the buffer as unknown size, emulating sprintf() behaviour. | |
4628 | - Made Error page language configurable with configure script | |
4629 | (Henrik Nordstrom). | |
4630 | - Fixed squid-internal URLs when http_port == 80. | |
4631 | - Remember the client address on redirected requests (Henrik | |
4632 | Nordstrom). | |
4633 | - Don't rebuild the request if the redirector returned the same | |
4634 | URL (Henrik Nordstrom). | |
4635 | - Rewrite Host: header on redirected requests (Henrik | |
4636 | Nordstrom). | |
4637 | - Include port (if non-standard) in generated Host: headers | |
4638 | (Henrik Nordstrom). | |
4639 | - Fixed rfc1123 timezone hacks for Windows NT | |
4640 | (Henrik Nordstrom). | |
4641 | - Added Russian Error pages by Ilia Zadorozhko. | |
4642 | - Added totals for ICP and HTTP hits to cachemgr client_list | |
4643 | output. | |
6cfa8966 | 4644 | - Changed error message to 'Generated TIME by HOST (SQUID/VER)' |
4645 | because any string with an '@' must be an email address. | |
e376562a | 4646 | - Fixed POST for content-length == 0. |
901b8eaf | 4647 | - Fixed "huge 304 reply" loop bug. |
5e9ab945 | 4648 | - Fixed --enable-splaytree compile bugs. |
c93fbf13 | 4649 | - Removed ASN lookup code in peer_select.c. |
b6a2f15e | 4650 | - Added warnings if ACL code detects subdomains in SPLAY |
4651 | trees. | |
4652 | - Rewrote some bits of httpRequestFree() to eliminate | |
4653 | possible bugs that could cause an "e->lock_count" asseertion. | |
4654 | - Added value/bounds checking to _db_init() when setting | |
4655 | the debugLevels[] array. | |
fd1bc012 | 4656 | |
005e5260 | 4657 | Changes to squid-1.2.beta19 (Apr 8, 1998): |
4658 | ||
b0497a40 | 4659 | - Squid-1.2.beta19 compiles and runs on Windows/NT with |
4660 | Cygnus Gnu-WIN32 b19 (Henrik Nordstrom). | |
447203a7 | 4661 | - Added French Error pages by Frank DENIS. |
4662 | - Added Dutch Error pages by Mark Visser | |
901b8eaf | 4663 | - Added German Error pages by Bernd P. Ziller, Jens Frank, |
4664 | and Anke S. | |
f9f2be04 | 4665 | - Added support for only-if-cached cache-control directive. |
005e5260 | 4666 | - Added RELAXED_HTTP_PARSER #define to allow requests which are |
4667 | missing the HTTP identifier on the request line (e.g. buggy | |
4668 | SpyGame queries). RELAXED_HTTP_PARSER is undefined by default. | |
1f4d31f9 | 4669 | - Fixed disk.c FD leak for delayed closes in |
4670 | diskHandleWriteComplete(). | |
4671 | - Fixed cache announcement feature. | |
20fe7191 | 4672 | - Fixed httpReadReply() to retry failed HTTP requests on |
4673 | persistent connections when read() returns -1, not only | |
4674 | when it returns 0. | |
805e5f70 | 4675 | - Fixed cbdata memory counting leak. cbdataUnlock() always |
4676 | called free(), never memFree(). | |
ff396fe6 | 4677 | - Fixed storeDirWriteCleanLogs() malloc bug on Alphas. |
005e5260 | 4678 | - Fixed `++loopdetect < 10' assertion due to |
4679 | clientHandleIMSReply bug for invalid/partial HTTP | |
4680 | replies. | |
4681 | - Added preliminary code for HTCP. | |
4682 | - Renamed 'aux' dir to 'cfgaux' for legacy DOS machines. | |
4683 | - Added "snmp_community" as an ACL type. | |
4684 | - Cleaned up proxy-auth acl implementation and removed | |
4685 | memory leaks. | |
4686 | - Added generic 'hashFreeItems()' function for efficiently | |
4687 | freeing hash table pointers. | |
4688 | - Added whoisTimeout() for ASN code. | |
447203a7 | 4689 | - Removed BINARY TREE code. |
005e5260 | 4690 | - Fixed forgetting to reset Config.Swap.maxSize in |
4691 | configDoConfigure. | |
4692 | - Fixed httpReplyUpdateOnNotModified() arguments-in-wrong-order | |
4693 | bug which caused not modified replies to not get updated. | |
4694 | - Fixed client_side.c bugs which could cause data to be written | |
4695 | to the client in the wrong order for persistent connections. | |
4696 | clientPurgeRequest() and clientHandleIMSComplete() must not | |
4697 | call comm_write(). Instead they must create and write to | |
4698 | StoreEntry's. | |
4699 | - Fixed ICP query service time counting bug(s). | |
4700 | - replaced 'char *mime_headers_end()' with 'size_t headersEnd()' | |
4701 | to fix buffer overruns. This also requires adding 'buf_sz' | |
4702 | args to some functions like clientBuildReplyHeader(). | |
4703 | But we can eliminate the need to NULL-terminate the | |
4704 | buffer beforehand. | |
4705 | - Changed commConnectCallback() to reset the FD timeout to | |
4706 | zero before notifying about the connection. This requires | |
4707 | commSetTimeout() calls in numerous places to reinstall | |
4708 | timeouts. | |
4709 | - Changed comm_poll_incoming() to be called less frequently | |
4710 | (every 15 I/O's instead of every 7 FD's) (Michael O'Reilly). | |
4711 | - Removed HAVE_SYSLOG case for debug() macro. Almost all | |
4712 | systems do have syslog(), but more importatnly the | |
4713 | _db_level value is needed for debugging to stderr. | |
4714 | - Rewrote squid/dnsserver interface to use smaller, single-line | |
4715 | messages. | |
4716 | - Rewrote 'dns' cachemgr output to use a table format. | |
4717 | - Rewrote a lot of dnsserver.c. | |
4718 | - Added eventAddIsh() for semi-random event scheduling. | |
4719 | - Fixed an ftpTimeout bug for sessions which use PORT | |
4720 | commands. | |
4721 | - Fixed ftp.c to recognized invalid PASV replies (e.g. | |
4722 | port == 0). | |
4723 | - Removed hash_insert(). All hasing uses hash_join() now. | |
4724 | - Renamed hash_unlink() to hash_remove_link(). | |
4725 | - Added hashPrime() to find closes prime hash table size | |
4726 | to a given value. | |
4727 | - Fixed Keep-Alive ratio counting bug which prevented | |
4728 | persistent connections from being used between cache | |
4729 | peers. | |
4730 | - Changed icmp.c to NOT queue messages sent from squid to | |
4731 | the pinger program. | |
4732 | - Changed icp_v2.c to NOT queue ICP messages by default. | |
4733 | But they will be queued and resent once if the first | |
4734 | send fails. Counters.icp.queued_replies counts the | |
4735 | number of messaages queued. | |
4736 | - Cleaned up ICP logging. | |
4737 | - Added identTimeout(). | |
4738 | - Fixed ipcache reply counting bug. Overcounted dnsserver | |
4739 | replies for partial replies. | |
4740 | - Added urlInternal() for building internal Squid URLs. | |
4741 | - Changed peerAllowedToUse() to check both 'cache_peer_domain' | |
4742 | AND 'cache_peer_acl' configurations. This should be changed | |
4743 | in the fugure to use ONLY cache_peer_acl. | |
4744 | - Changed DEAD/REVIVED neighbor detection to avoid reporting | |
4745 | so many false deaths. (Joe Ramey). | |
4746 | - Added some preliminary code to support "cache digests." | |
4747 | - Fixed pumpClose() coredumps (?). | |
4748 | - Updated cachemgr 'info' output to show median service | |
4749 | times for various categories. | |
4750 | - Fixed ABW bug in storeDirWriteCleanLogs(). sizeof(off_t) | |
4751 | != sizeof(int) for Alphas. | |
4752 | - Fixed potential alignment problem in storeDirWriteCleanLogs(). | |
4753 | - Fixed store_rebuild.c to NOT replace current, but | |
4754 | not-swapped-out StoreEntry's with on-disk entries. | |
4755 | - Changed storeCleanup() to call storeRelease on invalid | |
4756 | entries which don't have a swapfile (i.e. no unlink() | |
4757 | penalty). | |
4758 | - Fixed storeSwapInStart() to fail for unvalidated | |
4759 | entries. | |
4760 | - SNMP changes: | |
4761 | . renovated mib and added descriptions and comments | |
4762 | . added hit and byte counters to client_db , for | |
4763 | cacheClientTable | |
4764 | . cacheClientTable, netdbTable, cachePeerTable, | |
4765 | cacheConnTable now indexed by ip address. hash_lookup was | |
4766 | enhanced to allow for subsequent hash_next's similar to | |
4767 | hash_first, to speed up getnext's in tables which refer to | |
4768 | hash-table structures. | |
4769 | . added generic (well, sorf of) table indexing functionality | |
4770 | . added makefile dependencies for snmplib and cache_snmp.h | |
4771 | . WaisHost, WaisPort, Timeouts removed | |
4772 | . FdTable split into FdTable and ConnTable. FdTable simplified | |
4773 | . PeerTable and PeerStat merged and put into new cacheMesh | |
4774 | group | |
4775 | . cacheClientTable added for client statistics and accounting | |
4776 | (cacheMesh 2) | |
4777 | . cacheSec and cacheAccounting groups removed | |
4778 | . fixed acl bug when communities not defined | |
4779 | . snmp_acl now survives bad configuration | |
81d0c856 | 4780 | |
9a713ffb | 4781 | Changes to squid-1.2.beta18 (Mar 23, 1998): |
4782 | ||
275d9f2e | 4783 | - Added v1.1 'test_reachability' option. |
4784 | - Fixed hash4() len == 0 bug. | |
2c26197b | 4785 | - Fixed Config.Swap.maxSize reconfigure bug. |
4786 | - Fixed ICP query bug determining request method. | |
4787 | - Moved ICP's storeGet() cache lookup into neighborsUdpAck() | |
4788 | so that we know neighbors are alive even when they send | |
4789 | us replies for unknown entries. | |
4790 | - Changed configure script to add '-std1' for Digital Unix cc. | |
4791 | - Fixed SNMP sizeof(int) / sizeof(long) bugs for 64-bit | |
4792 | systems. | |
4793 | - Added support for 'Cache-Control: Only-If-Cached' request header. | |
34ad1721 | 4794 | - Fixed CheckQuickAbort() bugs for multiple clients on one |
4795 | StoreEntry. Also changed storePendingNClients() to return | |
4796 | mem->nclients instead of counting the number of store_client | |
4797 | entries with pending callback functions. | |
275d9f2e | 4798 | |
041b157e | 4799 | Changes to squid-1.2.beta17 (Mar 17, 1998): |
4800 | ||
df43fc93 | 4801 | - SNMP MIB version check changed to non-rcs. |
02922e76 | 4802 | - Added memory pools for variable size objects (strings). |
4803 | There are three pools; for small, medium, and large objects. | |
4804 | - Extended String object to use memory pools. Most fixed size char | |
4805 | array fields will be replaced using string pools. Same for most | |
4806 | malloc()-ed buffers. | |
5e14bf6d | 4807 | - Changed icon handling to use the hostname and port of the squid |
9ed90c85 | 4808 | server, instead of the special hostname "internal.squid" |
4809 | (Henrik Nordstrom). | |
5e14bf6d | 4810 | - All icons are now configured in mime.conf. No hardcoded icons, |
f8360ee3 | 4811 | including gohper icons (Henrik Nordstrom). |
459f2559 | 4812 | - Fixed ICP bug when we send queries, but expect zero |
4813 | replies. | |
ed9c0b33 | 4814 | - Fixed alignment/casting bugs for ICP messages. |
2b5b6324 | 4815 | - A generic client-to-server "pump" was added to handle HTTP |
4816 | PUT as well as POST methods on the client-cache side. Based on | |
4817 | "pump" PUT requests can be made to either HTTP or FTP url's. | |
4818 | Code is still beta and interoperability with browsers etc has | |
4819 | not been tested. | |
4820 | - Put #ifdefs around 'source_ping' code. | |
5e14bf6d | 4821 | - Added missing typedef for _arp_ip_data (Wesha). |
4822 | - Added regular-expression-based ACLs for client and server | |
4823 | domain names (Henrik Nordstrom). | |
4824 | - Fixed ident-related coredumps from incorrect callback data. | |
4825 | - Fixed parse_rfc1123() "space" bug. | |
4826 | - Fixed xrealloc() XMALLOC_DEBUG bug (not calling check_free()).. | |
4827 | - Fixed some src/asn.c end-of-reply bugs and memory leaks. | |
4828 | - Fixed some peer->options flag-setting bugs. | |
4829 | - Fixed single-parent feature to work again | |
4830 | - Removed 'single_parent_bypass' configuration option; instead | |
4831 | just use 'no-query'. | |
4832 | - Surrounded 'source_ping' code with #ifdefs. | |
4833 | - Changed 'deny_info URL' to use a custom Error page. | |
4834 | - Modified src/client.c for testing POST requests. | |
041b157e | 4835 | - Fixed hash4() for SCO (Vlado Potisk). |
459f2559 | 4836 | |
7ba777f2 | 4837 | Changes to squid-1.2.beta16 (Mar 4, 1998): |
4838 | ||
447203a7 | 4839 | - Added Spanish error messages from Javier Puche. |
02922e76 | 4840 | - Added Portuguese error messages from Pedro Lineu Orso |
0965bd19 | 4841 | - Added a simple but very effective hack to cachemgr.cgi that tries to |
4842 | interpret lines with '\t' as table records and formats them | |
4843 | accordingly. With a few exceptions (see source code), first line | |
4844 | becomes a table heading ("<th>" html tag) and the rest is formated | |
4845 | with "<td>" tags. | |
7021844c | 4846 | - Added "mem_pools_limit" configuration option. Semantics of |
4847 | "mem_pools" option has also changed a bit to reflect new memory | |
4848 | management policy. | |
7ba777f2 | 4849 | - Reorganized memory pools. Squid now supports a global pool |
4850 | limit instead of individual pool limits. Per-pool limits can be | |
3a88d597 | 4851 | implemented on top of the current scheme if needed, but it is |
7ba777f2 | 4852 | probably hard to guess their values. Squid distributes pool |
4853 | memory among "frequently allocated" objects. There is a | |
4854 | configurable limit on the total amount of "idle" memory to be | |
4855 | kept in reserve. All requests that exceed that amount are | |
4856 | satisfied using malloc library. Support for variable size | |
4857 | objects (mostly strings) will be enabled soon. | |
4858 | - memAllocate() has now only one parameter. Objects are always | |
4859 | reset with 0s. (We actually never used that parameter before; | |
4860 | it was always set to "clear"). | |
4861 | - Added Squid "signature" to all ERR_ pages. The signature is | |
4862 | hardcoded and is added on-the-fly. The signature may use | |
4863 | %-escapes. Added interface to add more hard-coded responses if | |
4864 | needed (see errorpage.c::error_hard_text). | |
4865 | - Both default and configured directories are searched for ERR_ | |
4866 | pages now. Configured directory is, of course, searched first. | |
4867 | This allows you to customize a subset of ERR_ pages (in a | |
4868 | separate directory) without danger of getting other copies out | |
4869 | of sync. | |
4870 | - Security controls for the SNMP agent added. Besides | |
4871 | communities (like password) and views (part of tree | |
4872 | accessible), the snmp_acl config option can be used to do acl | |
4873 | based access checks per community. | |
4874 | - SNMP agent was heavily re-written, based on cmu-snmpV1.8. You | |
4875 | can now walk through the whole mib tree. Several new variables | |
4876 | added under cacheProtoAggregateStats | |
12cf1be2 | 4877 | - Added rudimental statistics for HTTP headers. |
7ba777f2 | 4878 | - Adjusted StatLogHist to a more generic/flexible StatHist. |
12cf1be2 | 4879 | Moved StatHist implementation into a separate file. |
178dbda2 | 4880 | - Added FTP support for PORT if PASV fails, also try the |
4881 | default FTP data port (Henrik Nordstrom). | |
4882 | - Fixed NULL pointer bug in clientGetHeadersForIMS when a | |
4883 | request is cancelled for fails on the client side. | |
4884 | - Filled in some squid.conf comments (never_direct, | |
4885 | always_direct). | |
4886 | - Added RES_DNSRCH to dnsserver's _res.options when the | |
4887 | -D command line option is given. | |
4888 | - Fixed repeated Detected DEAD/REVIVED Sibling messages when | |
4889 | peer->tcp_up == 0 (Michael O'Reilly). | |
4890 | - Fixed storeGetNextFile's incorrect "directory does not exist" | |
4891 | errors (Michael O'Reilly). | |
4892 | - Fixed aiops.c race condition (Michael O'Reilly, Stewart | |
4893 | Forster). | |
4894 | - Added 'dns_nameservers' config option to specify non-default | |
4895 | DNS nameserver addresses (Maxim Krasnyansky). | |
4896 | - Added lib/util.c code to show memory map as a tree | |
4897 | (Henrik Nordstrom). | |
4898 | - Added HTTP and ICP median service times to Counters and | |
4899 | cachemgr average stats. | |
4900 | - Changed "-d" command line option to take debugging level | |
4901 | as argument. Debugging equal-to or less-than the argument | |
4902 | will be written to stderr. | |
3ff01c3e | 4903 | - Removed unused urlClean() function from url.c. |
adba4a64 | 4904 | - Fixed a bug that allowed '?' parts of urls to be recorded in |
ef65d6ca | 4905 | store.log. Logged urls are now "clean". |
178dbda2 | 4906 | - Cache Manager got new Web interface (cachemgr.cgi). New .cgi |
4907 | script forwards basic authentication from browser to squid. | |
4908 | Authentication info is encoded within all dynamically generated | |
4909 | pages so you do not have to type your password often. | |
4910 | Authentication records expire after 3 hours (default) since | |
4911 | last use. Cachemgr.cgi now recognizes "action protection" types | |
4912 | described below. | |
4913 | - Added better recognition of available protection for actions | |
4914 | in Cache Manager. Actions are classified as "public" (no | |
4915 | password needed), "protected" (must specify a valid password), | |
4916 | "disabled" (those with a "disable" password in squid.conf), and | |
4917 | "hidden" (actions that require a password, but do not have | |
4918 | corresponding cachemgr_passwd entry). If you manage to request | |
4919 | a hidden, disabled, or unknown action, squid replies with | |
4920 | "Invalid URL" message. If a password is needed, and you failed | |
4921 | to provide one, squid replies with "Access Denied" message and | |
4922 | asks you to authenticate yourself. | |
4923 | - Added "basic" authentication scheme for the Cache Manager. | |
4924 | When a password protected function is accessed, Squid sends an | |
4925 | HTTP_UNAUTHORIZED reply allowing the client to authorize itself | |
4926 | by specifying "name" and "password" for the specified action. | |
4927 | The user name is currently used for logging purposes only. The | |
4928 | password must be an appropriate "cachemgr_passwd" entry from | |
4929 | squid.conf. The old interface (appending @password to the url) | |
4930 | is still supported but discouraged. Note: it is not possible | |
4931 | to pass authentication information between squid and browser | |
4932 | *via a web server*. The server will strip all authentication | |
4933 | headers coming from the browser. A similar problem exists for | |
4934 | Proxy-Authentication scheme. | |
4935 | - Added ERR_CACHE_MGR_ACCESS_DENIED page to notify of | |
4936 | authentication failures when accessing Cache Manager. | |
63259c34 | 4937 | - Added "-v" (Verbose) and "-H" (extra Headers) options to client.c. |
178dbda2 | 4938 | - Added simple context-based debugging to debug.c. Currently, |
4939 | the context is defined as a constant string. Context reporting | |
4940 | is triggered by debug() calls. Context debugging routines | |
4941 | print minimal amount of information sufficient to describe | |
4942 | current context. The interface will be enhanced in the future. | |
4943 | - Replaced _http_reply with HttpReply. HttpReply is a | |
4944 | stand-alone object that is responsible for parsing, swapping, | |
4945 | and comm_writing of HTTP replies. Moved these functions from | |
4946 | various modules into HttpReply module. | |
8bfcd557 | 4947 | - Added HttpStatusLine, HttpHeader, HttpBody. |
178dbda2 | 4948 | - All HTTP headers are now parsed and stored in a "compiled" |
4949 | form in the HttpHeader object. This allows for a great | |
4950 | flexibility in header processing and builds basis for support | |
4951 | of yet unsupported HTTP headers. | |
4952 | - Added Packer, a memory/store redirector with a printf | |
4953 | interface. Packer allows to comm_write() or swap() an object | |
4954 | using a single routine. | |
4955 | - Added MemBuf, a auto-growing memory buffer with printf | |
4956 | capabilities. MemBuf replaces most of old local buffers for | |
4957 | compiling text messages. | |
4958 | - Added MemPool that maintains a pre-allocated pool of opaque | |
4959 | objects. Used to eliminate memory thrashing when allocating | |
4960 | small objects (e.g. field-names and field-value in http | |
4961 | headers). | |
8bfcd557 | 4962 | |
3197e644 | 4963 | Changes to squid-1.2.beta15 (Feb 13, 1998): |
4964 | ||
55647891 | 4965 | NOTE: This version has changes which may cause all or part |
4966 | of your cache to be lost. However, you can problably | |
4967 | save most of it by doing a slow restart. Specifically: | |
4968 | ||
4969 | 1. Kill the running squid-1.2.beta14 process; wait for it to | |
4970 | fully exit. | |
4971 | 2. Remove all 'swap.state*' files, either in each cache_dir, or | |
4972 | as defined in your squid.conf | |
4973 | 3. Start squid-1.2.beta15. The store will be rebuilt from the | |
4974 | existing swap files, reading the directories and opening | |
4975 | the files. | |
4976 | ||
bcfbdc11 | 4977 | - Fixed some problems related to disk (and pipe) write error |
4978 | handling. file_close() doesn't always close the file | |
4979 | immediately; i.e. when there are pending buffers to write. | |
4980 | StoreEntry->lock_count could become zero while a write is | |
4981 | pending, then bad things happen during the callback. | |
4982 | - The file_write() callback data must now be in the callback | |
4983 | database (cbdata). We now use the swapout_ctrl_t structure | |
4984 | for the callback data; it stays around for as long as we are | |
4985 | swapping out. | |
4986 | - Changed the way write errors are handled by diskHandleWrite. | |
4987 | If there is no callback function, now we exit with a fatal | |
4988 | message under the assumption that the file in question is a | |
4989 | log file or IPC pipe. Otherwise, we flush all the pending | |
4990 | write buffers (so we don't see multiple repeated write errors | |
4991 | from the same descriptor) and let the upper layer decide how | |
4992 | to handle the failure. | |
4993 | - Fixed storeDirWriteCleanLogs. A write failure was leaving | |
4994 | some empty swap.state files, even though it tells us that its | |
4995 | "not replacing the file." Don't flush/rename logs which we | |
4996 | have prematurely closed due to write failures, indiciated by | |
4997 | fd[dirn] == -1. Close these files LAST, not before | |
4998 | renaming. | |
4999 | - Fixed storeDirClean to clean directories in a more sensible | |
5000 | order, instead of the new "MONOTONIC" order for swap files. | |
0465e406 | 5001 | - Merged fdstat.c functions into fd.c. |
5002 | - Cleaned up some debugging sections. Some unrelated source | |
5003 | files were using the same section. | |
5004 | - Removed curly brackets from all cachemgr output. | |
5005 | - Removed unused filemap->last_file_number_allocated member. | |
5006 | - Removed unused fde->lifetime_data member. | |
5007 | - Fixed incorrectly applying htonl() on icp_common_t->shostid. | |
5008 | - Call setsid() before exec() in ipc.c so that child processes | |
5009 | don't receive SIGINT (etc) when running squid on a tty. | |
2f2dd5ad | 5010 | - Changed StoreEntry->object_len to ->swap_file_sz so we |
5011 | can verify the disk file size at restart. Moved object_len | |
5012 | to MemObject->object_sz. Note object_sz is initialized | |
5013 | to -1. If object_sz < 0, then we need to open the swap | |
5014 | file and read the swap metadata. | |
5015 | - Changed store_client->mem to ->entry because we need | |
5016 | e->swap_file_sz to set mem->object_sz at swapin. | |
2f2dd5ad | 5017 | - Renamed storeSwapData structure to storeSwapLogData. |
5018 | - Fixed storeGetNextFile to not increment d->dirn. Added | |
5019 | check for opendir() failure. | |
5020 | - Fixed storeRebuildStart to properly link the directory | |
5021 | list for storeRebuildfromDirectory mode. | |
e157f97f | 5022 | - Added -S command line option to double-check store |
5023 | consistency with disk files in storeCleanup(). | |
5024 | - Fixed a problem with transactional logging. In many | |
5025 | cases we were adding the public cache key and then | |
5026 | logging a delete for the private key. This is worthless | |
5027 | because during rebuild we could not locate the previous | |
5028 | public-keyed entry. Now we assert that only public-keyed | |
5029 | entries can be logged to swap.state. storeSetPublicKey() | |
5030 | and storeSetPrivateKey() have been modified to log an | |
5031 | ADD or DEL when the key changes. | |
5032 | - Fixed storeDirClean bug. Needed to call | |
5033 | storeDirProperFileno() so the "dirn bits" get set. | |
5034 | - Fixed a storeRebuildFromDirectory bug. fullpath[] and | |
5035 | fullfilename[] were static to that function and did | |
5036 | not change when the "rebuild_dir" arg did. Moved these | |
5037 | buffers to the rebuild_dir structure. | |
5038 | - In storeRebuildFromSwapLog, we were calling storeRelease() | |
5039 | for cache key collisions. This only set the RELEASE_REQUEST | |
5040 | bit and did not clear the swap_file_number in the filemap or | |
5041 | in the StoreEntry, so the swap file could get unlinked later | |
5042 | when it was really released. | |
4e0f0471 | 5043 | - Fixed FTP so that ';type=X' specifically sets the HTTP reply |
5044 | content-type and content-encoding (Henrik Nordstrom). | |
5045 | - Removed 'icon_content_type' configuration option. Content | |
5046 | types now taken from mime.conf (Henrik Nordstrom). | |
2a9b2b73 | 5047 | - Added additional memory malloc tracing and memory leak |
5048 | detection. Use --enable-xmalloc-debug-trace configure | |
5049 | option and -m command line option (Henrik Nordstrom). | |
bcfbdc11 | 5050 | |
93169941 | 5051 | Changes to squid-1.2.beta14 (Feb 6, 1998): |
5052 | ||
5471db88 | 5053 | - Replaced snmplib free() calls with xfree(). |
5054 | - Changed the 'net_db_name' hash table structure to | |
5055 | make it easier to move names from one network to another | |
5056 | (copied from 1.1 code). | |
93169941 | 5057 | - Filled in some of the config dump routines (dump_acl, |
5058 | dump_acl_access). | |
5059 | - Full memory debugging option (--enable-xmalloc-debug-trace) | |
5060 | (Henrik Nordstrom). | |
5061 | - Filled-in and clarified many squid.conf comments (Oskar | |
5062 | Pearson). | |
5063 | - Fixed up handling of SWAP_LOG_DEL swap.state entries. | |
5471db88 | 5064 | |
f91834bf | 5065 | Changes to squid-1.2.beta13 (Feb 4, 1998): |
f577e074 | 5066 | |
b4512acd | 5067 | - NOTE: With this version the "swap.state" file format has |
5068 | changed. Running this version for the first time will | |
5069 | cause your current cache contents to be lost! | |
f91834bf | 5070 | - NOTE: this version still has the bug where we don't rewind |
5071 | a swapout file and rewrite the swap meta data. Objects | |
5072 | larger than 8KB will be lost when rebuilding from the swap | |
5073 | files. | |
d04dd4bf | 5074 | - Combined various interprocess communication setup functions |
5075 | into ipcCreate(). | |
5076 | - Removed some leftover ICP_HIT_OBJ things. | |
5077 | - Removed cacheinfo and proto_count() and friends; these are to | |
5078 | be replaced in functionality by StatCounters and 5/60 minute | |
5079 | average views via cachemgr. | |
5080 | - Fixed --enable-acltree configure message (Masashi Fujita). | |
5081 | - Fixed no reference to @LIB_MALLOC@ in src/Makefile.in | |
5082 | (Masashi Fujita). | |
5083 | - Fixed building outside of source tree (Masashi Fujita). | |
dbfed404 | 5084 | - FTP: Format NLST listings, and inform the user that the NLST |
5085 | (plain) format is available when we find a LIST listing that we | |
5086 | don't understand (Henrik Nordstrom) | |
5087 | - FTP: Use SIZE on Binary transfers, and not ASCII. The | |
5088 | condition was inversed, making squid use SIZE on ASCII | |
5089 | transfers (Henrik Nordstrom). | |
5090 | - Enable virtual and Host: based acceleration in order to be | |
5091 | able to use Squid as a transparent proxy without breaking | |
5092 | either virtual servers or clients not sending Host: header | |
5093 | the order of the virtual and Host: based acceleration needs | |
5094 | to be swapped, giving Host: a higher precendence than virtual | |
5095 | host (Henrik Nordstrom). | |
5096 | - Use memmove/bcopy as detected by configure Some systems does | |
5097 | not have memmove, but have the older bcopy implementation | |
5098 | (Henrik Nordstrom). | |
6cf028ab | 5099 | - Completely rewritten aiops.c that creates and manages a pool |
5100 | of threads so thread creation overhead is eliminated (SLF). | |
5101 | - Lots of mods to store.c to detect and cancel outstanding | |
5102 | ASYNC ops. Code is not proven exhaustive and there are | |
5103 | definately still cases to be found where outstanding disk ops | |
5104 | aren't cancelled properly (SLF). | |
5105 | - Changes to call interface to a few routines to support disk | |
5106 | op `tagging', so operations can be cleanly cancelled on | |
5107 | store_abort()s (SLF). | |
5108 | - Implementation of swap.state files as transaction logs. | |
5109 | Removed objects are now noted with a negative object size. | |
5110 | This allows reliatively clean rebuilds from non-clean | |
5111 | shutdowns (SLF). | |
5112 | - Now that the swap.state files are transaction logs, there's | |
5113 | now no need to validate by stat()ing. All the validation | |
5114 | procedure does is now just set the valid bit AFTER all the | |
5115 | swap.state files have been read, because by that time, only | |
5116 | valid objects can be left. Object still need to be marked | |
5117 | invalid when reading the swap.state file because there's no | |
5118 | guarantee the file has been retaken or deleted (SLF). | |
5119 | - An fstat() call is now added after every | |
5120 | storeSwapInFileOpened() so object sizes can be checked. Added | |
5121 | code to storeRelease() the object if the sizes don't match (SLF). | |
6474667e | 5122 | - #defining USE_ASYNC_IO now uses the async unlink() rather than |
5123 | unlinkd() (SLF). | |
6cf028ab | 5124 | - #defining MONOTONIC_STORE will support the creation of disk |
5125 | objects clustered into directories. This GREATLY improves disk | |
5126 | performance (factor of 3) over old `write-over-old-object' | |
5127 | method. If using the MONOTONIC_STORE, the | |
5128 | {get/put}_unusedFileno stack stuff is disabled. This is | |
5129 | actually a good thing and greatly reduces the risk of serving | |
5130 | up bad objects (SLF). | |
5131 | - Fixed unlink() in storeWriteCleanLogs to be real unlink() | |
5132 | rather than ASYNC/unlinkd unlinks. swap.state.new files were | |
5133 | being removed just after they were created due to delayed | |
5134 | unlinks (SLF). | |
5135 | - Disabled various assertions and made these into debug warning | |
5136 | messages to make the code more stable until the bugs can be | |
5137 | tracked down (SLF). | |
5138 | - Added most of Michael O'Reilly's patches which included many | |
5139 | bug fixes. Ask him for full details (SLF). | |
5140 | - Moved aio_check_callbacks in comm_{poll|select}(). It was | |
5141 | called after the fdset had been built which was wrong because | |
5142 | the callbacks were changing the state of the read/write | |
5143 | handlers prior to the poll/select() calls (SLF). | |
f09f5b26 | 5144 | - Fixed ARP ACL memory leaks (Dale). |
f577e074 | 5145 | - Eliminated URL and SHA cache keys. Cache keys will always |
5146 | be MD5's now. | |
5147 | - Fixed up store swap meta data. | |
5148 | - Changed swap.state logs to a binary format. | |
f91834bf | 5149 | - The swap.state logs are written transaction-style. |
d04dd4bf | 5150 | |
b5cfbd5b | 5151 | Changes to squid-1.2.beta12 (Jan 30, 1998): |
5152 | ||
b4512acd | 5153 | - Added metadata headers to cache swap files. This is an |
5154 | incompatible change with previous versions. Running this | |
5155 | version for the first time will cause your current cache | |
5156 | contents to be lost. | |
9fc0b4b8 | 5157 | - -D_REENTRANT when linking with -lpthreads (Henrik Nordstrom) |
5158 | - Show symlink destinations as a hyperlink in FTP listings | |
5159 | (Henrik Nordstrom) | |
3a4eaced | 5160 | - Fixed not allocating enough space for rewriting URLs with |
5161 | the Host: header (Eric Stern). | |
5162 | - Year-2000 fixes (Arjan de Vet). | |
5163 | - Fixed looping for cache hits on HEAD requests. | |
fc6dc767 | 5164 | - Fixed parseHttpRequest() coredump for |
6474667e | 5165 | "GET http://foo HTTP/1.0\r\n\r\n\r\n" |
9fc0b4b8 | 5166 | |
9f802cb1 | 5167 | Changes to squid-1.2.beta11 (Jan 6, 1998): |
5168 | ||
fd82d0b0 | 5169 | - Fixed fake 'struct rusage' definition which prevented compling |
5170 | on Solaris 2.4. | |
5171 | - Fixed copy-by-ref bug for request->headers in | |
5172 | clientRedirectDone() (Michael O'Reilly). | |
812db943 | 5173 | - Workaround for Solaris pthreads closing FD 0 upon fork() |
5174 | (Michael O'Reilly). | |
05fd71a7 | 5175 | - Fixed shutdown bug with outgoing UDP sockets; we need to |
5176 | disable their read handlers. | |
5177 | - For comm_poll(), use the fast 50 msec timeout only when | |
5178 | USE_ASYNC_IO is defined. | |
1fbc6de3 | 5179 | - Fixed pointer bug when freeing AS# ACL entries. |
5180 | - Fixed forgetting to reset Config.npeers to zero in free_peer(). | |
0f6bdbfa | 5181 | - Fixed ICP bug causing excessive TIMEOUTs with sibling |
5182 | neighbors. We must call the ICP reply callback even for | |
5183 | sibling misses. | |
5184 | - Fixed some dnsserver-related reconfigure bugs. Need to | |
5185 | use cbdataLock, etc in fqdncache.c. Also don't want to | |
5186 | use ipcacheQueueDrain() and fqdncacheQueueDrain(). | |
5187 | - Fixed persistent connection bug. We were incorrectly | |
5188 | deciding that non-200 replies without content-length | |
5189 | would not have a reply body. | |
5190 | - Fixed intAverage() precedence bug. | |
5191 | - Fixed memmove() 'len' arg bug. | |
5192 | - Changed algorithm for determining alive/dead state of peers. | |
5193 | Instead of using a fixed number of unacknowledged ICP | |
5194 | replies, it is now based on timeouts. If there are no ICP | |
5195 | replies received from a peer within 'dead_peer_timeout' | |
5196 | seconds, then we call it dead. | |
5197 | - Added calls to getCurrentTime() in | |
5198 | comm_{select,poll}_incoming() when ALARM_UPDATES_TIME is not | |
5199 | being used. | |
5200 | - Fixed shutdown bug when the incoming and outgoing ICP socket | |
5201 | is the same file descriptor. | |
e970f357 | 5202 | - Added buffered writes for storeWriteCleanLogs() (Stewart |
5203 | Forster). | |
5204 | - Patches for Qnx4 (Jean-Claude MICHOT). | |
5205 | - Fixed returning void functions which seems to be a GCC-ism. | |
e5f4e1b0 | 5206 | - New configure script options (Henrik Nordstrom): |
5207 | --enable-new-storekey=[sha|md5(|url)] (was --enable-hashkey) | |
5208 | --enable-acltree | |
5209 | --enable-icmp | |
5210 | --enable-delay-hack | |
5211 | --enable-useragent-log | |
5212 | --enable-kill-parent (this should be named -hack) | |
5213 | --enable-snmp | |
5214 | --enable-time-hack | |
5215 | --enable-cachemgr-hostname[=hostname] (new) | |
5216 | --enable-arp-acl (new) | |
5217 | - Added Doug Lea malloc-2.6.4 to the distribution, so that | |
5218 | people easily can try a decent malloc package if they syspect | |
5219 | their malloc is broken. --enable-dlmalloc (Henrik Nordstrom). | |
5220 | - Made XMALLOC_DEBUG_COUNT working again. Requires a small stub | |
5221 | function (Henrik Nordstrom). | |
5222 | - Removed top-level Makefile. People must now run 'configure' | |
5223 | before 'make'. | |
714ace98 | 5224 | - Fixed checkFailureRatio() implementation. |
82b3c7d9 | 5225 | - Made 'squid -z' behave like the 1.1 version. |
e5f4e1b0 | 5226 | |
fd82d0b0 | 5227 | |
ab9a3f7e | 5228 | Changes to squid-1.2.beta10 (Jan 1, 1998): |
5229 | ||
5230 | - Fixed content-length bugs for 204 replies, 304 replies, | |
5231 | and HEAD requests (Henrik Nordstrom). | |
5232 | - Fixed errorAppendEntry() bug in gopherReadReply(). | |
5233 | - Basic support for FTP URL typecodes (;type=X). | |
9c965c1b | 5234 | - Support for access controls based on ethernet MAC addresses |
ab9a3f7e | 5235 | (Dale). |
5236 | - Initial URN support; see | |
5237 | http://squid.nlanr.net/Squid/urn-support.html | |
5238 | - Fixed client-side persistent connections for objects with | |
5239 | bad content lengths (Henrik Nordstrom). | |
5240 | - Fixed bad call to storeDirUpdateSwapSize() for objects which | |
5241 | never reach SWAPOUT_DONE state. | |
68e3a9df | 5242 | - Fixed up poll() #defines in squid.h (Stewart Forster). |
5243 | - Changed poll() timeout from 1000 msec to 50 msec for | |
5244 | better performance under low load (Stewart Forster). | |
e7a1fde6 | 5245 | - Changed storeWriteCleanLogs() to write objects in the LRU |
5246 | list order instead of the random hash table order. | |
109ff6af | 5247 | - Fixed FTP bug when data socket connections fail or timeout. |
5248 | - Reuse FTP data connection when possible (Henrik Nordstrom). | |
5249 | - Added configure options (Henrik Nordstrom) | |
5250 | --enable-store-key=sha|md5 | |
5251 | --enable-xmalloc-statistics | |
5252 | --enable-xmalloc-debug | |
78743365 | 5253 | --enable-xmalloc-debug-count |
5254 | --async-io | |
109203bf | 5255 | - Fixed confusing with the use/meaning of ERR_CANNOT_FORWARD |
5256 | by creating ERR_FORWARDING_DENIED and changing the | |
5257 | content of the ERR_CANNOT_FORWARD text. | |
4e9c07c1 | 5258 | - Fixed pipeline request bug from using strdup() (Henrik |
5259 | Nordstrom). | |
5260 | - Call clientReadRequest() directly instead of commSetSelect() | |
5261 | for pipelined requests (Henrik Nordstrom). | |
1b02b5be | 5262 | - Fixed 4k page leak in icpHandleIMSReply(); |
5263 | - Renamed 'icp*' functions to 'client*' names in client_side.c. | |
e7a1fde6 | 5264 | |
b90a0f8d | 5265 | Changes to squid-1.2.beta8 (Dec 2, 1997): |
5266 | ||
eae03fc8 | 5267 | - Fixed accessLogLog() to log ident from Proxy-Authorization |
5268 | request header (BoB Miorelli). | |
226f9ba2 | 5269 | - Fixed #includes, prototypes, etc. in SNMP source files. |
5270 | - Moved 'POLLRDNORM' and 'POLLWRNORM' macro checks from | |
5271 | include/config.h.in to src/squid.h | |
5272 | - Moved 'num32' typedefs from src/typedefs.h to | |
5273 | include/config.h.in. | |
5274 | - Moved snmplib/md5.c to lib/md5.c. | |
5275 | - Added MD5 cache key support. | |
5276 | - Removed xmalloc() return check in uudeocde.c | |
5277 | - Added 'ifdef' support to cf_gen.c for optional code (e.g. SNMP) | |
5278 | - Changed 'client' program to provide easier cache manager access, | |
3ff01c3e | 5279 | e.g.: 'client mgr:info' |
226f9ba2 | 5280 | - Fixed 'client' to send 'Connection' instead of 'Proxy-Connection' |
5281 | for simulated keep-alive requests. | |
5282 | - Removed 'fd' arg from clientProcess* functions. | |
9e3468d5 | 5283 | - Fixed bugs from using errorSend() on persistent/pipelined |
226f9ba2 | 5284 | client connections. A latter request should not be allowed to |
5285 | write to the client fd until the current request completes. | |
5286 | Now use errorAppendEntry() for such situations. | |
5287 | - Fixed content-length bugs. We were using content-length == 0 | |
5288 | to also indicate a lack of content-length reply header. But | |
5289 | 'content-length: 0' might appear in a reply, so now use -1 to | |
5290 | indicate that no content length given. | |
5291 | - Split up clientProcessRequest() into smaller chunks so it | |
5292 | might be easier to follow. | |
5293 | - renamed various client_side.c functions to start with 'client' | |
5294 | instead of 'icp'. | |
5295 | - Fixed a 'cbdata leak' from the comm.c close handlers. | |
5296 | - Fixed a 'cbdata leak' from the comm.c connect routines. | |
5297 | - Fixed comm_select() and comm_poll() to stop looping on the | |
5298 | incoming HTTP/ICP sockets. If there are fewer than 7 FD's | |
5299 | ready for I/O, the incoming sockets might not get service, so | |
5300 | comm_select() would be called for up to 7 times until the | |
5301 | 'incoming_counter' was incremented enough to trigger a call | |
5302 | to comm_select_incoming(). Now we make sure | |
5303 | comm_select_incoming() gets called if select returns less | |
5304 | than 7 ready FD's. | |
9e3468d5 | 5305 | - Added errorpage '%B' token to generate FTP URLs with a '%2f' |
5306 | inserted at the start of the url-path. calls ftpUrlWith2f(). | |
5307 | (Henrik Nordstrom). | |
226f9ba2 | 5308 | - Changed fqdncache.c to use LRU double-linked list instead of qsort() |
5309 | for replacement and cachemgr output. | |
5310 | - Changed ipcache.c to use LRU double-linked list instead of qsort() | |
5311 | - Changed hash_insert() and hash_join() to return void. | |
5312 | for replacement and cachemgr output. | |
5313 | - Moved StoreEntry->method member to MemObject->method. | |
5314 | - Made StoreEntry->flags 16 bits. | |
5315 | - Made StoreEntry->refcount 16 bits. | |
5316 | - Changed URL-based public cache key to always include the request | |
5317 | method. | |
eae03fc8 | 5318 | |
95bc9f0b | 5319 | Changes to squid-1.2.beta7 (Nov 24, 1997): |
5320 | ||
6a11653c | 5321 | - Fixed poll() for Linux (David Luyer). |
5322 | - SHA optimizations (David Luyer). | |
5323 | - Fixed errno clashes with macro on Linux (David Luyer). | |
5324 | - Fixed storeDirCloseSwapLogs(); logs might not be open. | |
5325 | - Fixed storeClientCopy2() bug. Detect when there is | |
5326 | no more data to send for objects in STORE_OK state. | |
19ee64b1 | 5327 | - Fixed FTP truncation bug when ftpState->size == 0, e.g. |
5328 | especially directory listings. | |
95bc9f0b | 5329 | - Mega FTP fix from Henrik Nordstrom. A better job of |
5330 | implementing the '%2f' hack. | |
5331 | - Fixed some pipelined request bugs. storeClientCopy() was | |
5332 | being given the wrong StoreEntry, and we had a race condition | |
5333 | which is now handled by storeClientCopyPending(). | |
99077fe6 | 5334 | - Added initial SNMP support. |
6a11653c | 5335 | |
2c9b45c9 | 5336 | Changes to squid-1.2.beta6 (Nov 13, 1997): |
5337 | ||
1b5516d3 | 5338 | - Fixed Authorized responses getting swapped out when they |
5339 | don't have Proxy-Revalidate reply header. | |
5340 | - Fixed Proxy Authentication support. We never sent back | |
5341 | a 407 reply, and were incorrectly incrementing the passwd | |
5342 | before comparing it. | |
5343 | - Fixed stat()ing pathnames for default values before parsing | |
5344 | config file (Ron Gomes). | |
5345 | - Fixed logging request and response headers on separate lines | |
5346 | (Ron Gomes). | |
5347 | - Fixed FTP Authentication message (Henrik Nordstrom). | |
5348 | - Changed Proxy Authentication to trigger a reread of the passwd | |
5349 | file if a password check fails (Henrik Nordstrom). | |
5350 | - Changed FTP to retry the first CWD with a leading slash if it | |
5351 | fails without one. | |
5352 | ||
8c17a569 | 5353 | Changes to squid-1.2.beta5 (Nov 6, 1997): |
5354 | ||
90045285 | 5355 | - Track the 'keep-alive ratio' for a peer as the ratio of |
5356 | the number of replies including 'Proxy-Connection: Keep-Alive' | |
5357 | compared to the number of requests sent. If the peer does | |
5358 | not support Persistent connections then this ratio will tend | |
5359 | toward zero. If the ratio is less than 50% after 10 requests | |
5360 | then we'll stop sending Keep-Alive. | |
8c3994aa | 5361 | - Proper support for %nn escapes in FTP, and numerous |
5362 | other fixes (Henrik Nordstrom). | |
5363 | - Support for Secure Hash Algorithm and framework for other | |
5364 | hash functions as cache keys. | |
5365 | - Fixed SSL snprintf() bug which broke SSL proxying. | |
5366 | - Fixed store_dir swap log bug from reconfigure (SIGHUP). | |
8c17a569 | 5367 | - Fixed LRU Reference Age bug. The arg to pow() must be |
8031bd43 | 5368 | minutes, not seconds. |
90045285 | 5369 | |
9ddfb255 | 5370 | Changes to squid-1.2.beta4 (Oct 30, 1997): |
5371 | ||
a493f974 | 5372 | - Fixed DST bug in rfc1123.c |
5373 | - Changed default http_accel_port to 80. | |
5374 | - added errorCon() as a ErrorState constructor function | |
5375 | (Max Okumoto). | |
5376 | - Added ERR_FTP_FAILURE message for ftpFail(). | |
5377 | - For FTP, the timeout callback must be moved to the 'data' | |
5378 | descriptor when data transfer begins. Otherwise we are | |
5379 | likely to get a timeout on the control descriptor. | |
5380 | - Fixed double-free bug in httpRequestFree(). | |
5381 | - Fixed store_swap_size counting bug in storeSwapOutHandle(). | |
5382 | ||
409a6aad | 5383 | Changes to squid-1.2.beta3 (Oct 29, 1997): |
5384 | ||
5385 | - Initialize _res.options to RES_DEFAULT in dnsserver.c. | |
5386 | - Fix assertions which assumed 4-byte pointers. | |
5387 | - Fix missing % in fqdncache.c snprintf(). | |
5388 | ||
5a2d610b | 5389 | Changes to squid-1.2.beta2 (Oct 28, 1997): |
5390 | ||
8c3994aa | 5391 | - Fixed aiops.c and async_io.c so that they actually compile |
f5b8bbc4 | 5392 | with USE_ASYNC_IO (Arjan de Vet). |
5393 | - Fixed errState->errno causing problems with some macros | |
5394 | (Michael O'Reilly). | |
d287f51e | 5395 | - Fixed memory leaks in pconn.c (Max Okumoto). |
0866009b | 5396 | - Enhanced 'client' program with 'ping' behaviour (Ron Gomes). |
272547b5 | 5397 | - Fixed InvokeHandlers() from calling memCopy() for ALL |
5398 | store_client's with callbacks. A store_client might be reading | |
5399 | from disk. | |
5a2d610b | 5400 | - Rewrote storeMaintainSwapSpace(). No longer will we scan one |
272547b5 | 5401 | bucket at a time. Instead we'll maintain a single LRU |
5402 | list. When an object is 'touched' we move it to the | |
5403 | top of this list. When we need disk space, we delete | |
5404 | from the bottom. | |
5a2d610b | 5405 | - Removed storeGetSwapSpace(). |
f5b8bbc4 | 5406 | |
871f0b8a | 5407 | Changes to squid-1.2.beta1 (): |
5408 | ||
5409 | - Reworked storage manager to not keep objects in memory during | |
5410 | transit. In other words, no separate NOVM distribution. | |
5411 | - Lots of cleanup and debugging for beta release. | |
5412 | - Use snprintf() everywhere instead of sprintf(). | |
5413 | - The 'in_memory' hash table has been replaced with a | |
5414 | doubly-linked list. New objects are added to the head of | |
5415 | the list. When memory space is needed, old objects are | |
5416 | purged from the tail of the list. | |
5417 | ||
0edfe7a2 | 5418 | Changes to squid-1.2.alpha7 (): |
5419 | ||
c4958532 | 5420 | - fixes fixes fixes. |
5421 | - Made Arjan's PROXY_AUTH ACL patch standard. | |
0edfe7a2 | 5422 | |
8905b90c | 5423 | Changes to squid-1.2.alpha6 (): |
5424 | ||
6684fec0 | 5425 | - Simpler cacheobj implementation. |
6605655c | 5426 | - persistent connection histogram |
8872e1f8 | 5427 | - SERVER-SIDE PERSISTENT CONNECTIONS: |
6474667e | 5428 | - Added pconn.c |
5429 | - Addec Cofig.Timeout.pconn; default 120 seconds | |
5430 | - Added httpState->flags | |
5431 | - Added flags arg to httpBuildRequestHeader() | |
5432 | - Added HTTP_PROXYING and HTTP_KEEPALIVE flags | |
5433 | - Added 'Connection' to allowed HTTP headers (http-anon.c) | |
8872e1f8 | 5434 | - Added 'Proxy-Connection' to allowed HTTP headers |
5435 | (http-anon.c) | |
a7736231 | 5436 | - Merged proxyhttpStart() with httpStart() and created |
8872e1f8 | 5437 | new httpBuildState(). |
5438 | - New httpPconnTransferDone() detects end-of-data on | |
5439 | persistent connections. | |
6684fec0 | 5440 | |
88738790 | 5441 | Changes to squid-1.2.alpha5 (): |
5442 | ||
5443 | - New configuration system. Everything is generated from | |
5444 | 'cf.data.pre', including the main parser, setting defaults, | |
5445 | outputting current values, and freeing memory. | |
5446 | This also involved moving some of the local data structures | |
5447 | (e.g. struct _acl *AclList in acl.c) to the Config | |
5448 | structure. (Max Okumoto) | |
5449 | - No more '/i' for regular expressions. Now insert a '-i' | |
5450 | to switch to case-insensitive. Use '+i' for case-sensitive. | |
5451 | - When you have a variable named the same as its type, sizeof() | |
5452 | gets the wrong one (fde). | |
5453 | - Need to flush unbuffered logs before fork(). | |
5454 | - Added two fields swap log: refcount and e->flag. | |
5455 | - Removed all the .h files for each .c file. Now #include stuff | |
5456 | is in either: defines.h, enums.h, typedefs.h, structs.h, | |
5457 | or protos.h, globals.h. This greatly reduces dependencies | |
5458 | between the various source files. | |
5459 | - globals.c is generated from globals.h by a Perl script. | |
8ee3ca2c | 5460 | - Started customizable error texts. |
88738790 | 5461 | |
97f674c8 | 5462 | Changes to squid-1.2.alpha4 (): |
5463 | ||
ec973719 | 5464 | - New MIME configuration, regular expression based |
5465 | - Added request_timeout config option | |
5466 | - Multiple HTTP sockets (Lincoln Dale). | |
5467 | - Moved 'fds_are_n_free' check to httpAccept(). | |
5468 | - s/USE_POLL/HAVE_POLL/; make poll() default if available. | |
7e49f700 | 5469 | - Changed storeRegister to use offsets and make immediate |
5470 | callbacks if appropriate. | |
5471 | - Removed icpDetectClientClose(). Some of that functionality | |
5472 | goes into clientReadRequest() and the rest into | |
5473 | httpRequestFree(). | |
b1b387d1 | 5474 | - Moved IP lookups to commConnect stuff. |
5475 | - Added support for retrying connect(). | |
858164fc | 5476 | - New inline debug() macro (David Luyer). |
e174e0fe | 5477 | - Replace frequent gettimeofday() calls with alarm(3) based |
5478 | clock. Need to add more gettimeofday() calls to get back | |
a59968c7 | 5479 | high-resolution timestamp logging (Andres Kroonmaa). |
0153d498 | 5480 | - Added support for Cache-control: proxy-revalidate; |
5481 | based on squid-1.1 patch from Mike Mitchell. | |
ec973719 | 5482 | |
3b08d32d | 5483 | Changes to squid-1.2.alpha3 (): |
5484 | ||
5485 | - Implemented persistent connections between clients and squid. | |
5486 | - Moved various FD tables (comm.c, fdstat.c, disk.c) to a single | |
5487 | table in fd.c. | |
5488 | - Removed use of FD as an identifier in certain callback | |
5489 | operations (ipcache, fqdncache). | |
5490 | - General code cleanup. | |
5491 | - Fixed typedefs for callback functions. | |
5492 | - Removed FD lifetime/timeout dichotomy. Now we only have | |
5493 | timeouts, however the lifetime concept/keyword may still | |
5494 | linger in certain places. | |
5495 | - Change Makefile 'realclean' target to 'distclean' | |
5496 | - Changed config file parsing of time specifications to use | |
5497 | parseTimeLine(). | |
5498 | - Removed storetoString.c | |
5499 | ||
5500 | Changes to squid-1.2.alpha2 (): | |
74cebec0 | 5501 | |
5502 | - Merged squid-1.1.9, squid-1.1.10 changes | |
5503 | ||
7b41ec97 | 5504 | Changes to squid-1.2.alpha1 (): |
5505 | ||
5506 | - Unified peer selection algorithm. | |
75e88d56 | 5507 | - aiops.c and aiops.h are a threaded implementation of |
5508 | asynchronous file operations (Stewart Forster). | |
5509 | - async_io.c and async_io.h are complete rewrites of the old | |
5510 | versions (Stewart Forster). | |
6ad85e8a | 5511 | - Rewrote all disk file operations of squid to support |
75e88d56 | 5512 | the idea of callbacks except where not required (Stewart |
5513 | Forster). | |
75e88d56 | 5514 | - Background validation of 'tainted' swap log entries (Stewart |
5515 | Forster). | |
5516 | - Modified storeWriteCleanLog to create the log file using the | |
5517 | open/write rather than fopen/printf (Stewart Forster). | |
5518 | - Added the EINTR error response to handle badly interrupted | |
5519 | system calls (Stewart Forster). | |
6ad85e8a | 5520 | - UDP_HIT_OBJ not supported, removed. |
5521 | - Different sized 'cache_dirs' supported. | |
75e88d56 | 5522 | |
e924600d | 5523 | ============================================================================== |