]> git.ipfire.org Git - thirdparty/squid.git/blame - ChangeLog
projects / thirdparty / squid.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Make IPC base path absolute in testRock
[thirdparty/squid.git] / ChangeLog
CommitLineData
c72a2049
AJ		 1Changes to squid-3.2.1 (15 Aug 2012):
2
3 - Bug 3605: memory leak in peer selection
4 - Bug 3478: better default handling without -DSTRICT_ORIGINAL_DST
5 - ... and some documentation updates
6
a9eec4aa
AJ		 7Changes to squid-3.2.0.19 (02 Aug 2012):
8
9 - Regression Bug 3580: IDENT request makes squid crash
10 - Regression Bug 3577: File Descriptors not properly closed
11 - Regression Bug 3478: Allow peer selection and connection auth on intercepted traffic
12 - Regression Fix: Restore memory caching ability
13 - Bug 3556 Workaround: epoll assertion failed: comm.cc:1093: isOpen(fd)
14 - Bug 3551: store_rebuild.cc:116: "store_errors == 0" assertion
15 - Bug 3525: Do not resend nibbled PUTs and avoid "mustAutoConsume" assertion.
16 - Avoid bogus "Disk space over limit" warnings when rebuidling dirty ufs index
17 - Support custom headers in [request|reply]_header_* manglers
18 - ... and much code polishing
19
5cc53d80 20Changes to squid-3.2.0.18 (29 Jun 2012):
f787354b
AJ		 21
22 - Bug 3576: ICY streams being Transfer-Encoding:chunked
23 - Bug 3537: statistics histogram leaks memory
24 - Bug 3526: digest authentication crash
25 - Bug 3484: Docs: sslproxy_cert_error example flawed
26 - Bug 3462: Delay Pools and ICAP
27 - Bug 3405: ssl_crtd crashes failing to remove certificate
28 - Bug 3380: Mac OSX compile errors with CMSG_SPACE
29 - Bug 3258: Requests hang when Host forgery verify fails
30 - Bug 3186: Digest auth caches failed state without revalidating
31 - Bug 2976: ERR_INVALID_URL for transparently captured requests when reconfiguring
32 - Bug 2885: AIX: check and set required compiler flags
33 - Fix ssl_crtd compile issues with libsslutil
34 - Fix build with GCC 4.7 (and probably other C++11 compilers).
35 - Fix double-escape of %R on deny_info redirect responses
36 - Support status 308 Permanent Redirect
37 - Support for TLSv1.1 and TLSv1.2 options and methods
38 - Support passing external_acl_type credentials on ICAP
39 - Language Updates: fr, hy, pt_BR
40 - ... and many compile issues on Windows
41 - ... and some minor code polish
42
5cc53d80 43Changes to squid-3.2.0.17 (12 Apr 2012):
f949585d
AJ		 44
45 - Bug 3527: EUI compile errors on Mac OS X 10.5.8 PPC
46 - Bug 3509: kQueue compile error
47 - Bug 3505: crash in CbcPointer<Comm::ConnOpener> constructor
48 - Bug 3441: Part 3: Replace corrupted v1 swap.state with new v2 format.
49 - Bug 3397: do not mark connection as opened until after SYN-ACK
50 - Bug 3193: NTLM decoder truncating strings
51 - Windows FD handling polish and some fixes
52 - Solaris 9/10 various build fixes
53 - ... and some more code polish
54
5cc53d80 55Changes to squid-3.2.0.16 (07 Mar 2012):
488e6901
AJ		 56
57 - Bug 3508: Correct DNS timeout handling.
58 - Bug 3503: DNS PTR queries timeout due to wrong QIDs.
59 - Bug 3497: Bad ssl_crtd db size file causes infinite loop
60 - Bug 3490: part 1: SegFault opening FTP active data connections
61 - Bug 3490: Crash writing Apache Common and Referer/Useragent logs
c5426f8f 62 - Bug 3458: Icon Serving (squid-internal-static) Broken
488e6901
AJ		 63 - Bug 3457: Display TLS error details in ERR_SECURE_CONNECT_FAIL
64 - Bug 3381: 32-bit overflow assertion in StatHist
65 - Bug 3324: loadFromFile: parse error while reading template file
66 - Support sslpassword_program for ssl-bump HTTP ports
67 - Support CoAP protocol coap:// and coaps:// URL schemes in HTTP requests
68 - Retry requests that failed due to a persistent connection race
69 - Log '-' on requests with no Referer or User-Agent headers
70 - ... and several fixes related to in-transit object performance
71 - ... and some structural design changes for portability
72
5cc53d80 73Changes to squid-3.2.0.15 (06 Feb 2012):
f9329b54
AJ		 74
75 - Bug 3472: segfault with the message 'urlParse: URL too large'
76 - Bug 3471: segfault when %la formating code used
77 - Bug 3449: part 3: shm_open can fail with a mangled path
78 - Bug 3449: part 4: shm_open failed (fixing memory_cache_shared defaults)
79 - Bug 3448: 204 response problem in adaptation chains
80 - Bug 3447: assertion failed: CommCalls.h:150: "dp"
81 - Bug 3461: build regression in IPFilter NAT
82 - Bug 3413: raise cbdata lock limits
83 - Bug 3391: forwarded_for log functionality broken
84 - Bug 3268: Squid cannot do anything else during ufs/diskd rebuild
85 - Bug 3268: remove wrong 'Ready to serve requests.' message
86 - Bug 2519: ssl_bump + Authentication (LDAP Digest) issues
87 - Disable OpenSSL SSL/TLS bug workarounds by default
88 - Send DNS A and AAAA queries in parallel
89 - Cache Manager migration support
90 - Allow service of internal requests over reverse-proxy ports
91 - Fix trimMemory for unswappable objects
92 - ... and several build and polish fixes
93
902bc38b
AJ		 94Changes to squid-3.2.0.14 (12 Dec 2011):
95
96 - Bug 3433: Segfault closing SNMP
97 - Bug 3420: Request body consumption races and !theConsumer exception.
98 - Bug 3406: SSL Log Error in debug
99 - Bug 3383: store.cc:1631: "new_status != IN_MEMORY" assertion
100 - Bug 3383: unhandled exception: theGroupBSize > 0
101 - Bug 3377: assertion failed: store.cc:885: "store_status == STORE_PENDING"
102 - Bug 3367: fix inverted check on host_strict_verify
103 - Bug 3366: assertion comm.cc:1276: isOpen(fd) via CompositePoolNode::kickReads
104 - Bug 3364: SNMP Orphans
105 - Bug 3301: ERR_DNS_FAIL never shown
106 - Bug 3150: do not start useless unlinkd
107 - ext_session_acl: version 1.2
108 - Add adaptation_meta option
109 - Add a mask on the qos_flows miss configuration value
110 - Support intermediate CA in ssl-bump traffic certificates
111 - Support SSL certificate failure details on error page
112 - Fix flags for NAT intercept and TPROXY not set correctly
113 - Fix fastCheck() default result on multi-line actions
114 - Fix missing SMP shared memory statistics
115 - Fix Comm::Write closing() assertion when retrying a failed UDP DNS query
116 - ... and several other TCP and SMP support behaviour fixes
117 - ... and many code polishing cleanups and fixed build errors
118 - ... and several documentation polishings
119
8fe9e0a2
AJ		 120Changes to squid-3.2.0.13 (14 Oct 2011):
121
122 - Regression Bug 3363: never_direct always 'unable to forward this request at this time'
123 - Regression Bug 3351: FTP timeout causing "store_status == STORE_PENDING" assertion
124 - Regression Bug 3336: reconfigure assertion 'hlp->childs.n_running > 0'
125 - Regression fix: always_direct/never_direct failures
126 - Regression fix: stop an SSL header file being included after --disable-ssl
127 - Regression fix: parse HTTP list headers with embedded 8-bit characters
128 - Bug 3355: configure setting --with-swapdir ignored
129 - Bug 3325: option to selectively enable strict host verify checks
130 - Bug 3337: HTTP status 200 is not accepted for deny_info
131 - Bug 3077: '\' in url query strings cause Digest authentication to fail
132 - Support SMP worker shared memory cache
133 - Support SMP worker shared disk cache (rock)
134 - ext_session_acl: version 1.1
135 - Fix Host verify: do not pinn destination IP if URL re-write has been done
136 - Fix IPF interception
137 - Fix ssl_crtd "Cannot add certificate to db" when updating expired cert
138 - Fix ssl_crtd CertificateDB locking scheme
139 - ... and all changes from 3.1.16
140 - ... and many compile and polishing fixes
141
f96fd18d
AJ		 142Changes to squid-3.2.0.12 (17 Sep 2011):
143
144 - Regression Bug 3335: ICAP service is down
145 - Regression Bug 3322: adapt:: and icap:: format codes do not parse
146 - Regression Bug 3303: Support for non-English usernames in log files
147 - Regression Bug 3259: assertion failed: Connection.cc:29: 'fd<0' after REVIVED PARENT
148 - Regression: %I shows hostname on SSL error page
149 - Regression: FTP outgoing port always 'in use' on PASV connections
150 - Bug 3337: (partial) status 200 is not accepted for deny_info
151 - Bug 3319: Inconsistencies in error messages
152 - Bug 3281: pconn in-use while closing assertion
153 - Bug 3243: Fix cases: raw-IPv6, case variant FQDN, internal request
154 - Fixed max-stale check. Entities not exceeding max-stale were marked as stale
155 - Adjust format code %la for intercepted connections
156 - Log ICAP_ERR_GONE ICAP transaction outcome when ICAP initiator disappears early
157 - Send RST packet when closing an ICAP connection after a transaction error
158 - Support maximum field width for string access.log fields
159
2284b7f7
AJ		 160Changes to squid-3.2.0.11 (28 Aug 2011):
161
162 - Bug 3243: CVE-2009-0801 Bypass of browser same-origin access control
163 - Host: authority validation of intercepted destination IP
164 - Host: authority validation of request URL
165 - Host: authority validation of CONNECT tunnel destination
166 - Preserve client destination IP in intercepted communication
167 - Regression Bug 3316: Failed to connect to nameserver using TCP
168 - Regression Bug 3311: segmentation fault in getMyPort() with only intercept port set
169 - Regression Bug 3310: %<pt translates as %<p
170 - Regression Bug 3301: ERR_DNS_FAIL never shown (partial)
171 - Regression Bug 3288: %<la and %<lp not displaying
172 - Bug 3289: cache manager parameters not parsed without password
173 - Bug 2279: Log Format options to log server source IP and port
174 - Bug 3211: ssl_crtd start even if no ssl-bump port is configured
175 - Bug 3138: squidclient mgr:objects/mgr:vm_objects never ends
176 - Bug 3118: ecap_enable on forces icap_enable on
177 - Bug 3107: ncsa_auth DES silently truncates passwords to 8 bytes
178 - Default to vhost for accelerator mode (reverse proxy)
179 - Display HTTP protocol syntax at section 11 level 2
180 - Support for using custom keys in CARP parents
181 - Optimize regular expression ACLs
182 - ... and a lot of code portability fixes
183 - ... and all bugs and polish changes from 3.1.15
184
3ff024ec
AJ		 185Changes to squid-3.2.0.10 (24 Jul 2011):
186
187 - Port from 2.7: act-as-origin for reverse proxy ports
188 - Regression fix: broken --disable-ipv6
189 - Regression fix: negative cacheing on unknown or -1 expiry timestamp
190 - Regression fix: vhost and defaultsite causing vport to be ignored
191 - Regression fix: several errors in persistent connection handling
192 - Regression Bug 3280: allow max-size unset and min-size=N for large objects
193 - Regression Bug 3245: reconfigure assertion in MemPools[type]
194 - Regression Bug 3274: assertion failed: CommCalls.h:144: "dp"
195 - Regression Bug 3273: assertion comm.cc:775: Comm::IsConnOpen(conn)
196 - Regression Bug 3269: cache.log applyQueryParams messages
197 - Regression Bug 3264: Segmentation Fault in src/ipc/Strand.cc(54) receive: 3
198 - Regression Bug 3246: assertion client_side.cc:1407 connIsUsable(http->getConn())
199 - Bug 3267: workers IPC mount points disobey --localstatedir
200 - Bug 3248: login=NEGOTIATE sends wrong auth header to origin peers
201 - Bug 3247: Domain from URL Stripped when going through peers
202 - Bug 3244: wrong port for peer relayed requests
203 - Bug 3195: kerberos_ldap_group will not build without kerberos
204 - Bug 2862: add http(s):// support to cache manager
205 - kerberos_ldap_group: several fixes to -S option
206 - ssl_crtd: Add man(8) file
207 - ... and several pieces of code cleanup and polishing.
208 - ... and most bug fixes and updates from 3.1.14 and 3.1.15
209
6d44d1e9
AJ		 210Changes to squid-3.2.0.9 (18 Jun 2011):
211
212 - Bug 3159: delay pools --disable-auth compile problems
213 - HTTP/1.1: Support multiline quoted-string header fields
214 - HTTP/1.1: Send 505 Unsupported Version on mangled version codes
215 - Support configurable and translated SSL error details messages
216 - Add log format codes for split client/server views of HTTP request line
217 - Major upgrade of TCP connection handling
218 - Support split-stack IPv6 to servers
219 - Support persistent connections with tcp_outgoing_address/tcp_outgoing_tos
220 - Optimized persistent connection handling
221 - Optimized FTP data connection handling
222 - Optimized TCP failure recovery
223 - ... and all bug fixes and updates from 3.1.12.3
224 - ... and many code polish, documentation and translation cleanups
225
65f2789a
AJ		 226Changes to squid-3.2.0.8 (30 May 2011):
227
228 - Bug 3214: "helperHandleRead: unexpected read from ssl_crtd" errors.
229 - Bug 3043: Properly detect Iphlpapi.h on windows
230 - Bug 2055: Honor ICAP Max-Connections
231 - Fix NTLM/Negotiate reply auth PASSTHRU to peers
232 - Support SSL SNI to origin servers
233 - Add %EXT_LOG and %EXT_TAG external_acl_type format options
234 - Add %b tag for proxy listening port display in error pages
235 - Optimize base64 encoding/decoding
236 - Require libcap before enabling netfilter MARK support
237 - Require libtool 2.2
238 - Bundle pkg.m4 from pkg-config 0.25 for OS without pkg-config
239 - ... and all bug fixes and updates from 3.1.12.2
240 - ... and some documentation and code polishing
241
065f7779
AJ		 242Changes to squid-3.2.0.7 (19 Apr 2011):
243
244 - Regression fix: NTLM and Negotiate auth assertion "RefCountCount() == 2"
245 - Regression fix: icons/ FHS compliance
246 - Regression fix: Startup aborts with URL error when --disable-htcp
247 - Bug 3192: comm.cc:216: "fd_table[fd].halfClosedReader != NULL"
248 - Add negotiate_wrapper_auth version 1.0.1
249 - Fixed %dt logging in the presence of REQMOD
250 - Fixed chunked request forwarding in ICAP REQMOD presence
251 - ... all bug fixes and updates from 3.1.12.1
252 - ... many code polishings and display cleanups
253
7d9ce496
AJ		 254Changes to squid-3.2.0.6 (04 Apr 2011):
255
256 - Regression fix: upgrade existing icons
257 - Regression fix: dont crash when accessing an SSL certificate with errors
258 - Regression fix: prevent stdio log module segfaults on rotate
259 - Regression fix: shutdown properly even if a worker process crashes on exit
260 - Regression Bug 3159: (partial fix) ICAP and --disable-auth compile problems
261 - Bug 3170: "Unsupported or unconfigured/inactive proxy-auth scheme" on shutdown
262 - Bug 3105: malformed Proxy-Authorization leaks memory
263 - Bug 3007: CONNECT to cache_peer returns 000 status code
264 - Bug 2885: Compile errors on AIX
265 - Support parameterized Cache Manager queries
266 - Support libecap v0.2.0; fixed eCAP body handling and logging
267 - Support dynamic adaptation plans that cover multiple vectoring points
268 - Support %D details for documented OpenSSL errors
269 - Support logging of all transactions including those with uncertain status or no sent response
270 - Updrate negotiate_kerberos_auth to version 3.0.4sq
271 - Update ext_kerberos_ldap_group_acl to version 1.3.0sq
272 - Update ext_edirectory_userip_acl to version 2.1
273 - Convert dns_timeout and dns_retransmit_interval directives to use millisecond resolution
274 - Change the default dns_timeout value from 2 minutes to 30 seconds
275 - Fix TCP log stream flushing on every line
276 - ... all bug fixes and updates from 3.1.12
277 - ... a great many compiler portability fixes
278 - ... many code polishings and display cleanups
279
850ff99f
AJ		 280Changes to squid-3.2.0.5 (12 Feb 2011):
281
282 - Regression Fix: profiler should not be built by default
283 - Regression Bug 3081: assertion failed: AsyncCallQueue
284 - Regression Bug 2948: Requests for FTP active downloads cause failed assertion
285 - Bug 3089: FTP command output overrides directory listing
286 - Bug 2870: --disable-auth does not work
287 - Bug 2586: multiple memory leaks during reconfigure
288 - Bug 2581: FTP directory listing sometimes fails
289 - Port from 2.7: maximum staleness limits
290 - HTTP/1.1: Support RFC 5861 Cache-Control: stale-if-error option
291 - HTTP/1.1: Support configurable status codes for deny_info
292 - Support upcoming "fresh message creation" eCAP API
293 - Aggregate SNMP responses when using SMP with multiple workers
294 - Several more Solaris, Windows and ICC support fixes
295 - ... all bug fixes and updates from 3.1.11
296 - ... and more code cleanup shufflings
297 - ... and several documentation updates
298
834d2128
AJ		 299Changes to squid-3.2.0.4 (22 Dec 2010):
300
301 - Port 2.x: cache_dir min-size setting
302 - Bug 3059: Crash on digest auth headers with unknown nonce
303 - Fix cachemgr reported HTTP/ICP requests/messages per minute when multiple workers used
304 - Fix cachemgr mem-pools reporting
305 - Add Dynamic SSL certificate generation
306 - Add useragent, referer, combined built-in log formats
307 - Obsolete log_fqdn directive
308 - Obsolete useragent/referer/forward_log directives
309 - HTTP/1.1: Send 1.1 on CONNECT responses
310 - Updated Kerberos support for newer GSSAPI releases
311 - Improve handling of adapted body delivery failures in REQMOD request satisfaction mode
312 - Improve handling of early eCAP transaction failures
313 - Various ext_edirectory_acl fixes
314 - ... all bug and feature fixes included in 3.1.10 release
315 - ... and a lot of code and documentation polishing
316
1664edf4 317Changes to squid-3.2.0.3 (07 Nov 2010):
b40d9a33
AJ		 318
319 - Regression fix: SMP broke ICP outgoing IP lookup if no udp_outgoing_addr set
320 - Regression fix: ESI processing of Surrogate filter
1664edf4 321 - Bug 3091: bypassed ICAP errors are not counted as service failures
b40d9a33 322 - Bug 3048: "commio_has_callback(fd, IOCB_READ, ccb)" assertion.
1664edf4 323 - Bug 3038: Detatch libmisc from libcompat
b40d9a33
AJ		 324 - Bug 3028: Permit wbinfo_group.pl to authenticate Kerberos users with NT domain
325 - Bug 3002: store initialization (-z) does not work with SMP configs
326 - Bug 2999: v2.0 of ext_edirectory_userip_acl
327 - Bug 2785: DNS needs to set EDNS options advertising Squid capabilities
328 - Bug 595: Add %err_code and %err_detail logformat codes for transaction failures
329 - HTTP/1.1: support If-Match and If-None-Match requests
330 - HTTP/1.1: forward 1xx control messages to clients that support them
331 - HTTP/1.1: send Age:0 header even if it may break IE5
332 - HTTP/1.1: dechunk incoming requests and chunk outgoing requests
333 - HTTP/1.1: entry is stale if request has max-age=0
334 - HTTP/1.1: harden quoted-string parser
335 - Add --enable-build-info for extra "squid -v" display
336 - Add --with-swapdir=PATH to override default /var/cache/squid
337 - Add cpu_affinity_map directive to bind workers to CPU cores
338 - Add Netfilter MARK support for QoS
339 - Add upgrade process for obsolete options
340 - Add support for RFC 2965 Set-Cookie2 / Cookie2 headers
341 - Add support for client send bandwidth limits (a.k.a., quota or delay pool)
342 - Fixes Eui48 support on OpenBSD
343 - Fixes cache manager support with SMP configs
344 - ... several documentation updates
345 - ... all bug and feature fixes included in 3.1.9 release.
346 - ... many more code polishes and leak removals
347
dee6a922
AJ		 348Changes to squid-3.2.0.2 (04 Sep 2010):
349
350 - Bug 3015: assertion failed: comm.cc:143: "ccb->active()"
351 - Support rotating logs from cachemgr and squidclient
352 - Support Kerberos authentication in squidclient
353 - Add manual page for negotiate_kerberos_auth
354 - Add helper ext_kerberos_ldap_group_acl to lookup Kerberos/NTLM group via LDAP
355 - Add tool 'purge' for management of UFS/AUFS/DiskD caches (experimental)
356 - Added log options %http::<bs and %icap::<bs
357 - Collapse HTCP cache_peer options into one setting
358 - Improved request smuggling attack detection. Tolerating valid benign HTTP
359 - ... and several HTTP/1.1 compliance improvements
360 - ... and all improvements in 3.1.7 and 3.1.8
361
6be4a9a8
AJ		 362Changes to squid-3.2.0.1 (03 Aug 2010):
363
364 - Port from 2.7: Logging infrastructure updates
365 - Port from 2.7: Unique sequence number per log line
366 - Port from 2.6: STORE_META_OBJSIZE swapout storage type
367 - Bug 2792: tcp_outgoing_addr does not work with TPROXY
368 - Bug 2631: refresh_pattern store-stale option
369 - Bug 2305: Multiple leaks and assertion crashes in authentication
370 - Bug 1239: Much needed ACL type random
371 - Bug 7: (partial): Migrate on-disk objects to cache_mem on hit/refresh and update
372 - Support full Surrogate/1.0 protocol extensions to HTTP for reverse-proxies
373 - Support SMP for essential non-caching functionality
374 - Support logging over TCP
375 - Support Solaris 10 pthreads (experimental)
376 - Support Kerberos login to peers
377 - Support EUI / MAC in more environments
378 - Support format tags in deny_info URLs
379 - Support running helpers on-demand instead of all at startup
380 - Support fully transparent login=PASSTHRU of authentication headers to peers
381 - Support multi-lingual localised FTP directory listings
382 - Support TPROXYv4 spoofing of X-Forwarded-For client address
383 - Support ICAP 206 Partial Content extension
384 - Append the _ABORTED or _TIMEDOUT suffixes to the action access.log field
385 - Add ACL support to range_offset_limit
386 - Add helpers for url_rewrite
387 - Add helper multiplexer for concurrency emulation with legacy helpers
388 - Add Perl library which facilitates parsing access logfile entries.
389 - Add a simple script to summarise traffic use per user
390 - Add templates for captive portal proxy configuration instructions
391 - Add logging of the local TCP port used by transactions with HTTP servers
392 - Update mswin_check_ad_group to version 2.0
393 - Update squid_kerb_auth helper to version 3.0.2
394 - Remove double-language error page hack (replaced by locale auto-negotiation)
395 - Remove TPROXYv2 support (replaced by TPROXYv4)
396 - Remove no_check.pl NTLM helper (replaced by ntlm_fake_auth)
397 - Re-work ./configure script for smarter auto-detect and early error checks
398 - Auto-enable all features by default
399 - Workaround com_err.h C++ brokenness triggered by OpenSSL includes
400 - Helpers naming scheme
401 - Add support for write timeouts
402 - Modify icap_service_failure_limit option to forget old ICAP errors
403 - Updated man(8) manuals including several additions and translations
404 - ... and a great many code cleanups
405 - ... and a great many testing improvements
406 - ... and many documentation updates
407
5cc53d80 408Changes to squid-3.1.20 (08 Jun 2012):
dd8d2619
AJ		 409
410 - Regression Bug 3545: FreeBSD dnsserver segfaults
411 - Regression Bug 3504: clientside_tos fails to mark traffic
412 - Bug 3539: CONNECT server connection not closed correctly on errors
413 - Bug 3502: client timeout uses server-side read_timeout, not request_timeout
414 - Bug 3466: Adaptation stuck on last single-byte body piece
415 - Bug 3463: dnsserver fails to compile
416 - Bug 3439: correct external_acl_type documented default for ipv4/ipv6 option
417 - Bug 3390: Proxy auth data visible to scripts
418 - Bug 3263: ssl_crtd: undefined references to squid_curtime
419 - Bug 3233: Invalid URL accepted with url host is white spaces
420 - Bug 3133: Memory leak handling requests for sites that don't exist
421 - Bug 3074: Improper URL handling with empty path (RFC 3986)
422 - Bug 3013: segmentation fault on shutdown commSetCloseOnExec at comm.cc:1889
423 - Regression: snmp/udp address directives not resolving hostname
424 - Better helper-to-Squid buffer size management.
425 - Support CoAP over HTTP (coap:// and coaps:// URLs)
426 - Support for 3.2 error template codes
427
5cc53d80 428Changes to squid-3.1.19 (06 Feb 2012):
f9329b54
AJ		 429
430 - Regression Bug 3441: part 2: Prevent further cache size corruption of swap.state
431 - Bug 3473: erase last uses of obsolete auth_user_hash_pointer
432 - Bug 3470: GCC 4.7
433 - Bug 3442: assertion failed: external_acl.cc:908: ch->auth_user_request != NULL
434 - Bug 3441: part 1: Minimize cache size corruption by malformed swap.state
435 - Bug 3440: compile error in Adaptation
436 - Bug 3420: Request body consumption races and !theConsumer exception
437 - Bug 3370: external ACL sometimes skipping
438 - Bug 3085: Crash when parsing esi:include
439 - HTTP/1.1: do not add 110 and 111 Warnings to revalidated responses
440 - Fix SSL library dependency fixes
441
339383cc
AJ		 442Changes to squid-3.1.18 (03 Dec 2011):
443
444 - Regression: compile error in FTP
445
c218b24d
AJ		 446Changes to squid-3.1.17 (03 Dec 2011):
447
448 - Bug 3432: Crash logging FTP errors
449 - Bug 3428: Active FTP data channel accepted twice
450 - Bug 3423: access violation in URL parser
451 - Bug 3422: Buffer overflow in recv-announce
452 - Bug 3412: External ACL Uses Invalid Cache Entry
453 - Bug 3408: Wrong header length leads to EFAULTs when creating UFS swap.log.new
454 - Bug 3398: persistent server connection closed after PUT/DELETE
455 - Bug 3299: dnsserver: various undefined references
456 - Bug 3077: '\' in url query strings cause Digest authentication to fail
457 - Bug 2910: MemBuf may grow beyond max_capacity
458 - Bug 2619: Excessive RAM growth due to unlimited adapted body data consumption
459 - Bug 1243: Build overrides configured AR setting
460 - Avoid crashes when processing bad X509 common names (CN).
461 - Support %% in external ACL format
462 - ... and several other compile error fixes
463 - ... and several documentation fixes
464
8fe9e0a2
AJ		 465Changes to squid-3.1.16 (14 Oct 2011):
466
467 - Bug 3373: invalid URL in ERR_CACHE_ACCESS_DENIED
468 - Bug 3368: Unhandled exceptions are not logged (workaround)
469 - Bug 3326: miss_access incorrect default
470 - Bug 3320: miss_access description confusing
471 - Bug 3241: squid_kerb_auth cross compilation fix
472 - Bug 3237: seq fault in free() from rfc1035RRDestroy
473 - Bug 3190: Large HTTP POST stuck after early ICAP 400 error response
474 - db_auth: display available DSN drivers on connect error
475 - Updated OpenSSL 1.0.0 version checks
476 - ... and several documentation fixes
477
2f954743
AJ		 478Changes to squid-3.1.15 (28 Aug 2011):
479
480 - Regression fix: vhost and defaultsite causing vport to be ignored
2284b7f7 481 - Regression Bug 3295: broken escaping in rfc1738_do_escape
2f954743
AJ		 482 - Bug #3232: fails to compile with OpenSSL v1.0.0
483 - Bug #3222: cache_peer name is not logging on CONNECT
484 - Bug #3131: fd_table[fd].closing() assert from ConnStateData::noteMoreBodySpaceAvailable()
485 - Bug #3217: "!fd_table[fd].closing()" from ServerStateData::noteMoreBodySpaceAvailable
486 - Bug #3213: https sites (CONNECT) not open when using NTLM
487 - Bug #3114: Memory leak in SSL certificate verify code
488 - Bug #3107: ncsa_auth DES silently truncates passwords to 8 bytes
489 - Bug #2662: cf_gen failure when cross compiling
490 - Bug #2655: passing wrong the username to the url_rewrite_program
491 - Bug #2495: ignore whitespace prefix on config lines
492 - Bug #2051: 'default' cache_peer option does not match documentation
493 - Bug #1842: Optimize order of tests in peerWouldBePinged() and peerHTTPOkay()
494 - Bug #1791: timestampsSet does not validate Date: if server sends very old date
495 - Correct parsing of large Gopher indexes
496 - Enable negative cacheing on unknown or -1 expiry timestamp
2284b7f7 497 - Remove hierarchy_stoplist default value
2f954743
AJ		 498 - Migrate cf_gen tool from C-style to C++
499 - ... and several documentation and compiler warning fixes
500
04f5e27a
AJ		 501Changes to squid-3.1.14 (04 Jul 2011):
502
503 - Regression Bug 3261: Could not create a DNS socket and exit
504
e074e5be
AJ		 505Changes to squid-3.1.13 (01 Jul 2011):
506
507 - Regression Bug 3239: problems with myip/myport upgrade
508 - Bug 3153: hung ICAP RESPMOD transactions
509 - Update ssl_crtd to use 'OK' status inline with other helpers
510
6d44d1e9
AJ		 511Changes to squid-3.1.12.3 (18 Jun 2011):
512
513 - Bug 3236: Port of %oa, %<lp and %<lp and %<la log format options
514 - Bug 3214: unexpected read from ssl_crtd
515 - Bug 3153: Prevent ICAP RESPMOD transactions getting stuck with the adapted body
516 - Fix RADIUS helper resource leak
517 - Fix segfault parsing digest auth realm
518 - Fix segfault in parse_eol()
519 - Fixed bypass of SSL certificate validation errors
520 - Warn about myip/myport problems on interception proxies
521 - Polish: display easily grepped config lines on -k parse
522 - Fix squidclient -V option and allow non-HTTP protocols to be tested
523
65f2789a
AJ		 524Changes to squid-3.1.12.2 (30 May 2011):
525
526 - Bug 3226: Tags from external ACLs do not correctly expire
527 - Bug 3215: Malformed IPv6 DNS reverse lookup
528 - Bug 3209: ssl-bumped requests forwarded unencrypted to the parent proxies/caches
529 - Bug 3205: SSL-bump starts then hangs
530 - Bug 3178: gcc-4.6 complains unused variables
531 - Bug 3122: Unknown record type in WCCPv2 Packet (6)
532 - Bug 2965 (partial): Compile errors on MinGW
533 - Fix to only ssl-bump CONNECT requests if they are about to be tunneled
534 - Fix cache manager display of -i/+i in regex ACL config display
535 - Fix cache manager display of cache_peer options userhash and sourcehash
536 - Fix URL re-writer loosing many transaction details
537 - Fix always-true comparison in ICAP for some 32-bit platforms
538 - Support for 'slow' group ACLs in ssl_bump access control
539 - Support OpenSSL 1.0.0 built without SSLv2
540 - Support GCC 4.6 and binutils-gold
541 - Add CSS id attribute to BODY tag of generated error pages.
542 - Display WARNING and ERROR when max_filedescriptors has failed
543
065f7779
AJ		 544Changes to squid-3.1.12.1 (19 Apr 2011):
545
546 - Port from 3.2: Dynamic SSL Certificate generation
547 - Bug 3194: selinux may prevent ntlm_smb_lm_auth from using /tmp
548 - Bug 3185: 3.1.11 fails to compile on OpenBSD 4.8 and 4.9
549 - Bug 3183: Invalid URL accepted with url host part of only '@'
550 - Display ERROR in cache.log for invalid configured paths
551 - Cache Manager: send User-Agent header from cachemgr.cgi
552 - ... and many portability compile fixes for non-GCC systems.
553
7d9ce496
AJ		 554Changes to squid-3.1.12 (04 Apr 2011):
555
556 - Regression fix: Use bigger buffer for server reads.
557 - Regression fix: Add reply_header_replace directive for ability lost since 2.7
558 - Bug 3181: /dev/poll fails to build on Solaris with GCC 4.5.0
559 - Bug 3177: assertion failed: comm.cc:1583: "fd >= 0"
560 - Bug 3175: IPv6 PTR lookup crashes on raw-IP URLs when IPv6 disabled
561 - Bug 3173: Assertion bodyPipe!=NULL on SslBump CONNECT response writing failure
562 - Bug 3164: Total memory info display 32-bit overflows
563 - Bug 3155: Werror is hard-coded in libTrie build
564 - Bug 3151: squid_kerb_auth: use autoconf LIBS instead of FLAGS for library linkage
f787354b 565 - Bug 2976: invalid URL on intercepted requests during reconfigure (workaround)
7d9ce496
AJ		 566 - Bug 2720: comment in same line as cache/mem_replacement_policy causes error
567 - Bug 2621: Provide request headers to RESPMOD when using cache_peer.
568 - Bug 2330: AuthUser objects are never unlocked
569 - Prevent CONNECT request relaying to origin servers
570 - squidclient HTTP/1.1 compliance updates (Pragma and User-Agent headers)
571 - squidclient: send Cache Manager password using -w
572 - eCAP: give full Request-URI to adapters
573 - ... and several debug and error display cleanups
574
d88ad4db
AJ		 575Changes to squid-3.1.11 (08 Feb 2011):
576
577 - Bug 3149: not caching eCAP adapted body
578 - Bug 3144: redirector program blocks while reading STDIN
579 - Bug 3140: memory leak in error page generation
580 - Bug 3137: RADIUS auth helper does not send identifier to RADIUS server
581 - Bug 3115: logging segfaults if access_log is set to a directory
582 - Bug 2968: Show the Vary: headers information in cachemgr objects report
583 - Bug 2959: remove SAMBAPREFIX dependency
584 - Bug 2868: icc doesn't like string literal in assert checks
585 - HTTP/1.1: Send 307 status on deny_info redirection
586 - HTTP/1.1: Support POST/PUT with no body
587 - HTTP/1.1: Allow persistent connections for Mozilla/3.0 User-Agents
588 - Support RFC 5861 Cache-Control: stale-if-error option
589 - Add ftp_eprt directive to disable EPRT extensions in FTP
590 - Fix external_acl_type grace=0 to obey TTL
591 - Fix IP/FQDN cache accounting to avoid idle caches on busy servers
592 - Prevent pipeline_prefetch misconfigurations breaking NTLM/Negotiate auth
593 - ... and some documentation updates and corrections
594 - ... and some portability and stability fixes
595
834d2128
AJ		 596Changes to squid-3.1.10 (22 Dec 2010):
597
598 - Bug 3121: memory leak in DigestAuth: AuthUser object is locked twice
599 - Bug 3113: Consuming too much memory when uploading files
600 - Bug 3110: 'reply_body_max_size none' does not work with x-forwarded-for
601 - Bug 3096: Consuming too much memory when delaying traffic
602 - Bug 3091: Bypassed ICAP errors are not counted as service failures
603 - Bug 3090: Polish FTP login error handing
604 - Bug 3068: cache_dir capacity and usage overflows
605 - Bug 3028: Permit wbinfo_group.pl to authenticate Kerberos users with NT domain
606 - Bug 427: HTTP Compliance: Support If-Match and If-None-Match requests
607 - Fix memory leak in adaptation_access
608 - Fix /dev/poll and poll() selection priority
609 - Fix PREFIX/var/run creation during install
610 - Fix cachemgr http_port config report display
611 - Add upgrade help process for obsolete options
612 - Accept RFC 2965 Set-Cookie2 / Cookie2 headers as 'known'
613 - HTTP/1.1: entry is stale if request has max-age=0
614 - HTTP/1.1: do not forward TRACE with Max-Forwards: 0 after REQMOD
615 - Toolchain update to support newer auto-tools
616 - ... and updated error page translations
617 - ... and updated documentation
618 - ... and some code optimization/simplification polish
619
e2f4c66a
AJ		 620Changes to squid-3.1.9 (25 Oct 2010):
621
622 - Bug 3088: dnsserver is segfaulting
623 - Bug 3084: IPv6 without Host: header in request causes connection to hang
624 - Bug 3082: Typo in error message
625 - Bug 3073: tunnelStateFree memory leak of host member
626 - Bug 3058: errorSend and ICY leak MemBuf object
627 - Bug 3057: 64-bit Solaris 9 Squid unable to determine peer IP and port
628 - Bug 3056: comm.cc "!fd_table[fd].closing()" assertion crash when a helper dies
629 - Bug 3053: cache version 1 LFS support detection broken
630 - Bug 3051: integer display overflow
631 - Bug 3040: Lower-case domain entries from hosts and resolv.conf files
632 - Bug 3036: adaptation_access acls cannot see myportname
633 - Bug 3023: url_rewrite_program silently fails to rewrite on broken URLs
634 - Bug 2964: Prevent memory leaks when ICAP transactions fail
635 - Bug 2808: getRoundRobinParent not handling weights correctly
636 - Bug 2793: memory statistics sometimes display wrong
637 - Bug 2356: Port from 2.7: Solaris /dev/poll event ports support
638 - Bug 2311: crashes with ICAP RESPMOD for HTTP body size greater than 100kb
639 - Ensure /var/cache or jail equivalent exists on install
640 - HTTP/1.1: delete Warnings that have warning-date different from Date
641 - HTTP/1.1: do not remove ETag header from partial responses
642 - HTTP/1.1: make date parser stricter to better handle malformed Expires
643 - HTTP/1.1: improve age calculation
644 - HTTP/1.1: reply with a 504 error if required validation fails
645 - HTTP/1.1: add appropriate Warnings if serving a stale hit
646 - HTTP/1.1: support requests with Cache-Control: min-fresh
647 - HTTP/1.1: do not cache replies to requests with Cache-Control: no-store
648 - squidclient: Display IP(s) connected to in verbose (-v) display
649 - Fixes several issues with ICAP persistent connections
650 - Fixes small leaks in Netdb, DNS, ICAP, ICY, HTTPS
651 - ... and some cosmetic polishing
652
dee6a922
AJ		 653Changes to squid-3.1.8 (04 Sep 2010):
654
655 - Bug 3033: incorrect information regarding TOS
656 - Bug 3020: Segmentation fault: nameservers[vc->ns].vc = NULL
657 - Bug 3005,2972: Locate LTDL headers correctly (again)
658 - Bug 2872: leaking file descriptors
659 - Bug 2583: pure virtual method called
660 - Hardened DNS client against packet queue attacks
661 - Hardened HTTP request-line parser
662 - Several HTTP/1.1 support improvements
663 - Improved cross-compile support
664 - .. and several internal pointer safety fixes
665
c3fe2798 666Changes to squid-3.1.7 (23 Aug 2010):
161ec538 667
c3fe2798 668 - Regression Bug 3021: Large DNS reply causes crash
161ec538 669 - Regression Bug 3011: ICAP, HTTPS, cache_peer probe IPv4-only port fixes
c3fe2798 670 - Regression Bug 2997: visible_hostname directive no longer matches docs
161ec538
AJ		 671 - Bug 3012: deprecate sslBump and support ssl-bump spelling in http_port
672 - Bug 3006: handle IPV6_V6ONLY definition missing
673 - Bug 3004: Solaris 9 SunStudio 12 build failure
674 - Bug 3003: inconsistent concepts in documentation of cache_dir
675 - Bug 3001: dnsserver link issues
676 - HTTP/1.1: default keep-alive for 1.1 clients (bug 3016)
677 - HTTP/1.1: Improved Range header field validation
678 - HTTP/1.1: Forward multiple unknown Cache-Control directives
679 - HTTP/1.1: Stop sending Proxy-Connection header
680 - Fix 32-bit wrap in refresh_pattern min/max values
681 - ... and several documentation corrections.
682
aa844a33
AJ		 683Changes to squid-3.1.6 (02 Aug 2010):
684
685 - Bug 2994, 2995: IPv4-only regressions
686 - Bug 2991: Wrong parameters to fcntl() in commSetCloseOnExec()
687 - Bug 2975: chunked requests not supported after regular ones
688 - Fix: 32-bit overflow in reported bytes received from next hop
689 - Fix Libtool build regressions
690 - Limited split-stack IPv6 support.
691 - squid_db_auth support MD5 encrypted passwords
692
f41d79ba
AJ		 693Changes to squid-3.1.5.1 (28 Jul 2010):
694
695 - Update Libtool to 2.2.
696 - Bug 2985: search scope for digest_ldap_auth didn't work
697 - Bug 2972: LTDL 2.2.6b compile errors
698 - Bug 2963: Stop ignoring --with-valgrind-debug failures
699 - Bug 2885: AIX support: several fixes
700 - Bug 2651: crash handling NULL write callback
701 - Fixed several memory leaks related to Range requests
702 - Fixed Joomla DB auth handling
703 - Fixed SASL helper build checks
704 - Fixed several IPv6 portability problems
705 - Updated error page translations
706
88aa2b05 707Changes to squid-3.1.5 (02 Jul 2010):
0e87db68 708
88aa2b05
AJ		 709 - Bug 2967: raw-IPv6 address URL with append_domain broken
710 - Bug 2950: HTTP responses with no Date, L-M or Expires can now be cached
711 - Bug 2943: ICAP tokens not logged when using multiple access
712 - Bug 2937: Fails to detect chunked encoding if not given in all lower case
713 - Bug 2903: does not send indirect X-Client-Ip in ICAP respmod
7e6cdc23 714 - Fix free memory corruption and off-by-one error when comparing SNMP OIDs
88aa2b05
AJ		 715 - Port from 2.7: max_filedescriptor config option
716 - Fix persistent_connection_after_error is meant to be on by default
717 - ... and several build errors.
0e87db68 718
2d94c829
AJ		 719Changes to squid-3.1.4 (30 May 2010):
720
721 - Bug 2933: Verification of the max. port number for WCCP2 dynamic service
722 - Bug 2924: RADIUS helper compile issues
723 - Bug 2922: Fix assertion failed: HttpHeader.cc: "Headers[id].stat.aliveCount"
724 - Bug 2919: tcp_outgoing_address ACLs not obeying acl_uses_indirect_client
725 - Bug 2896: Fix assertion failed: comm.cc:2063: "!fd_table[fd].closing()"
726 - Bug 2879: pt2: 3.0 regression in headers end finding
727 - Bug 2877: pt2: only output zero-size warning on reverse-proxy requests
728 - Bug 2876: FD_SETSIZE override not working on all linux distributions
729 - Bug 2810: common log format generates 2 lines of syslog
730 - Bug 2789: Optimize unlimited memory pools, and correctly handle limits over 2GB
731 - Bug 2753: Fall back on IPv4 if IPv6 is not present
732 - Bug 2697: Adaptation leaks and extra requests after reconfiguration
733 - Bug 2633: Fix Ecap::HeaderRep::value(name) fails when there is no named header field
734 - Change LDAP helpers to default to LDAP version 3 if available
735 - Add Joomla and Salted Hash support to squid_db_auth helper
736 - Fixed IpAddress port printing for ports higher than 9999
737 - Disable chunked memory pooling by default.
738 - ... and several build errors.
739
6808dbda
AJ		 740Changes to squid-3.1.3 (02 May 2010):
741
7e6cdc23 742 - Remove: Advertise 1.1 on replies to clients (broken chunked handling)
6808dbda
AJ		 743 - Fix tag ACL type not working
744
ca959baa
AJ		 745Changes to squid-3.1.2 (01 May 2010):
746
747 - Bug 2913: Fix DB auth warning in new perl version
748 - Bug 2904: Prevent automake creating incomplete files
749 - Bug 2899: Regression: Restore lost rfc1738_unescape() data type
750 - Bug 2895: Regression: TPROXY2 compile errors
751 - Bug 2879: Regression: headers end-finding
752 - Bug 2874: Accept literal IPv6 address in icap_service URL
753 - Bug 2860: Regression: WCCPv1 handshake
754 - Bug 2848: Pass TCP_RST to client on early disconnect
755 - Debian Bug 578047: Correct behaviour of --enable-ipv6
7e6cdc23
AJ		 756 - HTTP/1.1: Advertise 1.1 on requests to servers
757 - HTTP/1.1: Advertise 1.1 on replies to clients
ca959baa
AJ		 758 - AIX / UNIX build fixes
759 - Cygwin build fixes
760 - squidclient: -k option to test connection keep-alive or close
761 - Improved helper build for wider compatibility
762 - Ensure the PID file directory exists on install
763
2ec34bd3
AJ		 764Changes to squid-3.1.1 (29 Mar 2010):
765
766 - Bug 2873: undefined symbol
767 - Bug 2827: assertion in authentication
768 - Remove ufsdump binary from default builds
769 - Remove pinger from default startups
770 - ... and several documentation updates.
771
e09692bd
AJ		 772Changes to squid-3.1.0.18 (14 Mar 2010):
773
774 - Regression Fix: IPv4-mapped prefix, broken in 3.1.0.16
775 - Bug 2869: Remove unused external reference
776 - Bug 2866: Support OpenSSL 1.0
777 - Bug 2813: Random unix_group crash at startup
778 - Send HTTP1.1 compliant 417 responses
779 - Associate external acl message with the request
780 - Various Digest parser fixes
781 - ... and all bug fixes from 3.0 up to 3.0.STABLE25
782
365d894c
AJ		 783Changes to squid-3.1.0.17 (24 Feb 2010):
784
785 - Regression Fix: Non-English error page UTF encoding
786 - Bug 2616: reduce IdleConnList::removeFD messages
787 - Bug 1843: multicast-siblings cache_peer option
788 - Port from 2.7: X509 certificate alias-domain handling
789 - Add adapted_http_access option
790 - NTLMv2 support for fake NTLM helper
791
011dea45
AJ		 792Changes to squid-3.1.0.16 (01 Feb 2010):
793
794 - Regression Fix: Make Squid abort on all config parse failures.
795 - Regression Bug 2811: SNMP client/peer table OID numbering
796 - Bug 2851: Connection pinning fails when using a peer
797 - Bug 2850: Mismatch in hier_code enum / hier_strings array
798 - Bug 2731: Add follow_x_forwarded_for support to ICAP
799 - Bug 2730: Regressions in follow_x_forwarded_for since Squid-2
800 - Bug 2706: Set timestamps during ICAP request satisfaction.
801 - Bug 2553: X-Forwarded-For with IPv6 address not handled correctly
802 - Fix: WCCPv1 not connecting to router correctly
803 - Remove obsolete RunCache/RunAccel scripts.
804 - Add client_ip_max_connections
805 - Add the http::>ha format code and make http::>h log original request headers
806 - ... and all bug fixes from 3.0 up to 3.0.STABLE22
807 - ... and many more minor build and display annoyances.
808
ba641958
AJ		 809Changes to squid-3.1.0.15 (23 Nov 2009):
810
811 - Regression Fix: myip ACL not accepted in config
812 - Bug 2795: acl arp lookups including port
813 - Bug 2794: ESI parsing fails on FreeBSD
814 - Bug 2778: fix linking issues using SunCC
815 - Bug 2724: eCAP build failure unless ICAP enabled
816 - Bug 2628: Correct default PID location to PREFIX/var/run/squid.pid
817 - Bug 2617: Performance degradation during processing list of dstdomain ACL's
818 - Bug 2374: Support ICY / ICEcast / SHOUTcast streaming protocol.
819 - Fix: 64-bit filesize issue in squidclient POST of large files
820 - Fix: send correct Connection: header on intercepted replies
821 - Support libtool 2.x
822 - ESI libraries libexpat and libxml2 now optional
823 - ESI support default enabled
824 - Bump libcap minimum requirement to libcap 2.09+
825 - ARP / MAC support fixes for IPv6-mode
826 - Add outstanding IPv6 settings to squid.conf (localnet, localhost)
827 - ... and many additions to the background testing structure
828 - ... and very many minor build and code cleanups for non-GCC compilers.
829
8f37469c
AJ		 830Changes to squid-3.1.0.14 (27 Sep 2009):
831
832 - Bug 2777: Various build issues on OpenSolaris
833 - Bug 2773: Segfault in RFC2069 Digest authentication
834 - Bug 2747: Compile errors on Solaris 10
835 - Bug 2735: Incomplete -fhuge-objects detection
836 - Bug 2722: Fix http_port accel combined with CONNECT
837 - Bug 2718: FTP sends EPSV2 on IPv4 connection
838 - Bug 2648: stateful helpers stuck in reserved
839 - Bug 2570: wccp2 "Here I Am" announcements not sent in memory-ony mode
840 - Bug 2510: digest_ldap_auth uses incorrect logic with TLS
841 - Bug 2483: bind() called before connect()
842 - Bug 2215: config file line length limit (extended to 2 KB)
843 - Support Accept-Language: * wildcard
844 - Support autoconf 2.64
845 - Support TPROXY for IPv6 traffic (requires kernel support)
846 - Support TPROXY cache cluster behind WCCPv2
847 - Correct ESI support to work in multi-mode Squid
848 - Add 0.0.0.0 as an to_localhost address
849 - DiskIO detection fixes and use optimal IO in default build.
850 - Correct peer connect-fail-limit default of 10
851 - Prevent squidclient sending two Accept: headers
852 - ... all bug fixes from 3.0.STABLE19
853 - ... and many more documentation fixes
854
f49a1c9e
AJ		 855Changes to squid-3.1.0.13 (04 Aug 2009):
856
857 - Bug 2723 regression: enable PURGE requests if PURGE method ACL is present.
858 - Fix one more internal profiler error
859 - Language Updates: Italian, Russian
860 - Language Updates: Add many more aliases
861 - Add Copyright document for errors/ content
862 - ... all bug fixes from 3.0.STABLE18
863 - ... and several code polishing cleanups
864
e7b1c518
AJ		 865Changes to squid-3.1.0.12 (27 Jul 2009):
866
867 - Bug 2716: Chunked request Signed/Unsigned build error
868 - Bug 2674: Remove limit on HTTP headers read.
869 - Bug 2620: Invalid HTTP response codes causes segfault
870 - Fix FTP EPSV negotiation parser.
871 - Fix Via string when leak checking is enabled (valgrind etc)
872 - ... and several documentation and testing additions
873
0b8d12da
AJ		 874Changes to squid-3.1.0.11 (19 Jul 2009):
875
876 - Bug 2087: Support adaptation sets and chains
877 - Bug 2459: dns error message broken when error handling delayed
878 - Support ICAP Retry
879 - Support ICAP retries based on the ICAP responses status code
880 - Support logging ICAP
881 - Support logging total DNS wait time
882 - Support logging response times of adaptation transactions
883 - General logging enhancements
884 - Dynamically form chains based on ICAP X-Next-Services header
885 - Support cross-transactional ICAP header exchange
886 - ... and much adaptation polish and improvements
887
ce460dc8
AJ		 888Changes to squid-3.1.0.10 (18 Jul 2009):
889
890 - Bug 2680: Regression Crash after rotate with no helpers running
891 - Bug 2695: Regression in WCCPv2 L2 mask assignment
892 - Bug 2707: Regression in FTP anonymous auth
893 - Bug 422, 2706: RFC 2616 Date header requirements
894 - Bug 1087: ESI processor not quoting attributes correctly.
895 - Bug 1338: File prefetches aborted despite range_offset
287dcde6 896 - Bug 2080: wbinfo_group.pl - false positive under certain conditions
ce460dc8 897 - Bug 2092: select loop 32-bit call counter overflows
287dcde6 898 - Bug 2127: delay pools class 4 crashes with ntlm auth
ce460dc8
AJ		 899 - Bug 2611: document fast/slow acl types
900 - Bug 2614: Potential loss of adapted body data from eCAP adapters
901 - Bug 2658: Missing TextException copy constructor
902 - Bug 2659: String length overflows on append, leading to segfaults
903 - Bug 2699: Build failure NTLM smb_lm helper
904 - Bug 2709: TRANSLATIONS not installed
905 - Bug 2710: squid_kerb_auth non-terminated string
906 - Delay pools 64-bit buckets and IPv6-polish
907 - Break forwarding loops for "transparent" or "intercept" http_ports.
908 - Add --disable-translation option to detatch .po from error negotiation
909 - Add squidclient man(1) page
910 - Add localhost to default permitted networks
911 - http_port allow-direct option to allow direct forwarding in accelerator mode
912 - ... and many testing infrastructure updates
913
5df6d596
AJ		 914Changes to squid-3.1.0.9 (26 Jun 2009):
915
916 - Bug 2682: Add ftp_epsv control to disable EPSV support.
917 - Bug 2665: Detach automake system from using -I.
918 - Bug 2395: FTP auth errors not displayed
919 - ... also several changes and bugs closed in 3.0.STABLE16
920 - Port from 2.7: Show local address on listening sockets
921 - Add "tag" type acl matching tags set by external acl helpers.
922 - Adds Language alias linker/installer/upgrade scripts
923 - Support for GCC 4.4
924 - Fix false NAT lookup errors on Linux
925 - Fix many Windows port issues
926 - Fix squid_kerb_auth helepr install location
927 - Better detection of IPv6 stack types
928 - Updates Licensing information for Squid 3.1
929 - ... and many packaging portability build and install issues
930
a7b15245
AJ		 931Changes to squid-3.1.0.8 (24 May 2009):
932
933 - Bug 2656: Pinger dies with general protection fault
934 - Bug 2650: configure requires epoll_ctl in libepoll when --enable-epoll used
935 - Bug 2648: Authentificator processes deferring and don't shutdown.
936 - Bug 2645: allow squid to ignore must-revalidate
937 - Bug 2644: auth scheme initialization is broken
938 - Bug 2632: Make number of reforwarding tries configurable
939 - Bug 2628: --with-pidfile=PATH option to override DEFAULT_PID_FILE
940 - Bug 2627: HTCP Logging
941 - Bug 2615: Call libecap::adapter::Service::start() when finalizing config.
942 - Bug 2589: SNMP returning no data - wrong oid decoded
943 - Bug 2571: Squid with IPv6 fails to start on kernel without IPv6
944 - Bug 2559: Problem parsing /0 and /0.0.0.0
945 - Bug 2404: WCCP in mask mode is broken
946 - ... also all bugs closed by 3.0.STABLE14, 3.0.STABLE15, 3.0.STABLE16-RC1
947 - Complete Interception multiple NAT support
948 - Add Content-Disposition to the known headers list.
949 - Make PEER_TCP_MAGIC_COUNT configurable
950 - Fix pinger install location
951 - Enable TPROXY v4 spoofing of CONNECT requests
952 - ... and much documentation and code polishing
953
e1e28561
AJ		 954Changes to squid-3.1.0.7 (08 Apr 2009):
955
956 - Fix: several issues with ident
957 - Add several language translations
958 - Upgrade code testing infrastructure
959 - Migrate much code to build as internal libraries
960 - Support gcc 4.4
961 - Support doxygen 1.5.8
962 - ... and much code polish to make things read easier
963
727cb127
AJ		 964Changes to squid-3.1.0.6 (01 Mar 2009):
965
e1e28561 966 - Regression Fix: Support HTTP/0.9 in accelerator mode
727cb127
AJ		 967 - Bug 2601: Hack. Convert IPv4 netmasks to CIDR in IPv6-enabled mode
968 - Bug 2593: Compile errors on Solaris 10
969 - Bug 2591: adaptation_access does not work
970 - Bug 2588: coredump in rDNS lookup
971 - Bug 2526: default ALLOW when no list specified.
972 - Bug 2287: Send a 505 on requests with unsupported HTTP versions
973 - Bug 419: Hop by Hop headers MUST NOT be forwarded
974 - Fix external_acl_type handling of SSL certificate details
975 - Obsolete: dependency on nss_common.h and nss.h
976 - Support libtool2
977 - ... and various documentation and code polish
978
f636c996
AJ		 979Changes to squid-3.1.0.5 (03 Feb 2009):
980
981 - Bug 2583: Fixed issue in content adaptation
982 - Bug 2576: Make translate target obey --disable-auto-locale
983 - Bug 2571: Add DNS failover to use IPv4-only listen when IPv6 fails.
984 - Bug 2563: 99+% CPU Usage on FTP URL
985 - Bug 2505, 2524, 2558: fixed several issues on connection handling
986 - Fix several issues in request parsing
987 - Fix memory leak from logformat parsing
988 - Fix various ESI build errors
989 - Make configure tests use C++ instead of C
990 - Drop special localhost conversion RFC violation.
991 - Add Language: Arabic
992 - ... and various documentation and code polish
993
994Changes to squid-3.1.0.4 (23 Jan 2009):
995
996 - Regression Fix: Bug 2558: rollback bug 2395 fix.
997 - Bug 2555: Fixes to SNMP-MIB
998 - Bug 2550: assertion comm.cc:350 !fd_table[fd].closing()
999 - Bug 2547,2548: OSX compile errors (duplicate symbols and IPv6)
1000 - Bug 2508: comm.cc:2035 assertion fd_table[fd].closing()
1001 - Bug 2330: allow keep-alive+chunked; don't add max-age for no-cache
1002 - Polish ZPH configuration interface
1003 - Several Language Conversions to new auto-negotiate
1004 - Port from 2.7: squidclient -V and -j options for HTTP/1.1 and 0.9 testing
1005 - Fix: Pconn not being used when they should.
1006 - Fix: Fix pinger immediate shutdowns
1007 - Fix: Untangle CacheManager reports from log_fqdn
1008 - ... and all bugs fixed for 3.0.STABLE12
1009 - ... and many code polish and optimization fixes.
1010
1011Changes to squid-3.1.0.3 (5 Dec 2008):
1012
1013 - Regression Fix: StoreIOBuffer patch removed.
1014 - Regression Fix: build issues with 3.1.0.2 bundle
1015 - Security Bug 2526: default ALLOW when no list specified
1016 - Bug 2525: encoding error on error pages
1017 - Bug 2424: slow file descriptor leak
1018 - Bug 2527: ICAP compile error on g++ 4.3.2
1019 - Bug 2523: bad assertion left in from debug
1020 - Bug 2395: FTP Auth errors and others not displayed
1021 - Update squid_kerb_auth to 1.0.5
1022 with better Squid integration.
1023 - Fix cache_peer forcedomainname= option
1024 - ... and many other minor fixes
1025
5e80e4ee
AJ		 1026Changes to squid-3.1.0.2 (9 Nov 2008):
1027
1028 - Bug 2516: error page templates not properly installed
1029 - Bug 2500: Solaris build issues
1030 - Fixes FreeBSD build issues
1031 - Release Notes completed
1032 - Languages: new Russian, Japanese, Chinese, and general updates
1033 - ... and other minor fixes
70c5dfb2 1034
af4cd9a0
AJ		 1035Changes to squid-3.1.0.1 (27 Oct 2008):
1036
1037 - Bundled ntlm_auth helper renamed (see Release Notes before changing anything)
7a6e2ecc
AJ		 1038 - peername ACL added for matching against a named peer destination
1039 - configure option --with-logdir= added to select log files location
1040 - squid_kerb_auth helper updated to 1.0.3 release
1041 - Bug #740: allow external acl's to use reply headers in format
1042 - Bug #2379: obsolete dns_testnames option
1043 - Code test infrastructure expanded to configuration testing
1044 - Policy changes to negative_ttl, cache deny QUERY, refresh_pattern
af4cd9a0 1045 to bring their defaults up to RFC 2616 requirements.
7a6e2ecc
AJ		 1046 - Large increase in RFC 2616 standard compliance (ongoing)
1047 - squid.conf cleanups for minimal config
1048 - Connection Pinning ported from 2.6 for NTLM passthru authentication
1049 - eCAP internal adaptation module support
af4cd9a0 1050 - Localization and CSS display control of error pages
7a6e2ecc
AJ		 1051 - Added semi-automatic documentation of source code
1052 - Added TE chunked encoding decoder to workaround broken HTTP/1.1 servers
1053 - HTCP improvements ported from 2.7 adding HTCP CLR requests
70c5dfb2 1054 - IPv6 (Internet Protocol version 6) support
1055 - ICMPv6 (Internet Control Message Protocol version 6) support
f1233d8c 1056 - FTP agent now supports EPSV/EPRT commands
70c5dfb2 1057 - DNS internal resolver now supports AAAA and CNAME records
1058 - SNMP peer and client tables now support IPv6
1059 - SNMP peer table supports named peers with multiple entries per IP
4aa8e49c 1060 - SslBump: Squid-in-the-middle decryption and encryption of straight
1061 CONNECT and transparently redirected SSL traffic, using configurable
1062 client- and server-side certificates. While decrypted, the traffic
7a6e2ecc 1063 can be inspected using ICAP.
af4cd9a0 1064 - TPROXY version 4.1 support
a13b3732 1065 - IPFW and Netfilter interception methods may now both be built in one binary.
f1233d8c
AJ		 1066 - ZPH Quality of Service patch now integrated
1067 - Null store now fully obsoleted and removed
1068 - Unknown request methods all supported
1069 - Follow_x_forwarder_for ported from 2.6
7a6e2ecc 1070 - Bug #2223: Follow XFF extensions added
af4cd9a0 1071 - ... and many code and documentation cleanups
7a6e2ecc 1072
2f954743
AJ		 1073Changes to squid-3.0.STABLE26 (28 Aug 2011):
1074
1075 - Regression: header_replace for reply headers
1076 - Bug 3183: Invalid URL accepted with url host part of only '@'.
1077 - Bug 3107: ncsa_auth DES silently truncates passwords to 8 bytes
1078 - Bug 3056: comm.cc "!fd_table[fd].closing()" assertion from helperServerFree
1079 - Bug 2991: Wrong parameters to fcntl() in commSetCloseOnExec()
1080 - Bug 2933: Verification of the max. port number for WCCP2 dynamic service
1081 - Bug 2922: Fix assertion failed: HttpHeader.cc: "Headers[id].stat.aliveCount"
1082 - Regression Bug 2899: Restore lost rfc1738_unescape() data type
1083 - Regression Bug 2879: headers end finding
1084 - Bug 2876: FD_SETSIZE override not working on all linux distributions
1085 - Check for NULL and empty strings before calling str*cmp().
1086 - Correct parsing of large Gopher indexes
1087
1a10a7e5
AJ		 1088Changes to squid-3.0.STABLE25 (14 Mar 2010):
1089
1090 - Bug 2845: Rework the http digest auth parser
1091 - Bug 2787: unknown/unexpected status code messages
1092 - Bug 2507: squid_ldap_group: Strip Domain name separated by +
1093 - Bug 2367: stale=true on digest requests with unknown nonce
1094 - ... and several other minor corrections
1095
6add0585
AJ		 1096Changes to squid-3.0.STABLE24 (13 Feb 2010):
1097
1098 - Bug 2858: Segment violation in HTCP
1099 - Updated refresh pattern for dynamic pages
1100
bcd1f03d
AJ		 1101Changes to squid-3.0.STABLE23 (02 Feb 2010):
1102
1103 - Bug 2856: removing assert() required for 3.0 patch for SQUID-2010:1
1104 - Regression Fix: Build error in Kerberos helper after library removal.
1105
61544616
AJ		 1106Changes to squid-3.0.STABLE22 (01 Feb 2010):
1107
1108 - Regression Fix: Make Squid abort on all config parse failures.
1109 - Bug 2787: Reduce unexpected http status to non-critical warnings.
1110 - Bug 2496: Downloading some variants in full before relaying
1111 - Bug 2452: Add upper limit to external_acl_type entries.
1112 - Removed optional kerberos/spnegohelp/ library due to licensing issues
1113 - Add client_ip_max_connections
1114 - Handle DNS header-only packets as invalid.
1115
06d0f369
AJ		 1116Changes to squid-3.0.STABLE21 (22 Dec 2009):
1117
1118 - Bug 2830: Clarify where NULL byte is in headers.
1119 - Bug 2778: Linking issues using SunCC
1120 - Bug 2395: FTP errors not displayed
1121 - Bug 2155: Assertion failures on malformed Content-Range response headers
1122 - Fix parsing and a few bugs in ACL time type
1123 - Fix RFC keep-alive compliance on intercepted replies
1124 - Improved security hardening on %nn parser
1125 - Replace several GCC-specific code snippets.
1126
91228e4e
AJ		 1127Changes to squid-3.0.STABLE20 (29 Oct 2009):
1128
1129 - Bug 2794: ESI parsing on FreeBSD
1130 - Bug 2791: assertion failed: MemBuf.cc:400: new_cap > (size_t) capacity
1131 - Bug 2779: Support GNU/kFreeBSD
1132 - Bug 2773: Segfault in RFC2069 Digest authantication
1133 - Bug 2768: squid_ldap_group argument parsing error
1134 - Bug 2761: Gopher and double HTTP response header
1135 - Bug 2735: Incomplete -fhuge-objects detection
1136 - Bug 2722: prevent CONNECT via http_port with accel
1137 - Bug 2624: Invalid response for IMS request
1138 - Bug 2510: digest_ldap_auth TLS support
1139 - Correct LINUX_CAPABILITY actions on non-Linux
1140
98df01e3
AJ		 1141Changes to squid-3.0.STABLE19 (06 Sep 2009):
1142
1143 - Bug 2745: Invalid Response error on small reads
1144 - Bug 2739: DNS resolver option ndots can't be parsed from resolv.conf
1145 - Bug 2734: some compile errors on Solaris
1146 - Bug 2648: stateful helpers stuck in reserved if client disconnects while helper busy
1147 - Bug 2541: Hang in 100% CPU loop while extacting header details using a delimiter other than comma
1148 - Bug 2362: Remove support for deferred state in stateful helpers
1149 - Add 0.0.0.0 as a to_localhost address
1150 - Docs: Improve chroot directive documentation slightly
1151 - Fixup libxml2 include magics, was failing when a configure cache was used
1152 - ... and some minor testing improvements.
1153
b7a1ea6b
AJ		 1154Changes to squid-3.0.STABLE18 (04 Aug 2009):
1155
1156 - Bug 2728: regression: assertion failed: !eof
1157 - Bug 2732: reply_body_max_size smaller than error page loops
1158 infinitely until out of memory
1159 - Bug 2725: pconn failure if domain or client_address are unset
1160 - Bug 2648: reserved helpers not shut down after reconfigure/rotate
1161 - Bug 2462: make check should tell when cppunit is missing
1162 - Remove excess messages about headers < minimum size
1163 - Support Libtool 2.2.6
1164
e7b1c518 1165Changes to squid-3.0.STABLE17 (27 Jul 2009):
68c19036
AJ		 1166
1167 - Bug 2680 regression: Crash after rotate with no helpers running
1168 - Bug 2710: squid_kerb_auth non-terminated string
1169 - Bug 2679: strsep and strtoll detection failure
1170 - Bug 2674: Remove limit on HTTP headers read.
1171 - Bug 2659: String length overflows on append, leading to segfaults
1172 - Bug 2620: Invalid HTTP response codes causes segfault
1173 - Bug 2080: wbinfo_group.pl - false positive under certain conditions
1174 - Bug 1087: ESI processor not quoting attributes correctly.
1175 - Fix: issue with AUFS/UFS/DiskD writing objects to disk cache
1176 - Several small build issues with previous release.
1177
950b7d55
AJ		 1178Changes to squid-3.0.STABLE16 (15 Jun 2009):
1179
1180 - Bug 2672: cacheMemMaxSize 32-bit overflow during snmpwalk
1181 - Bug 2481: Don't set expires: now in generated error responses
1182 - Bug 2387: The calculation of the number of hash buckets correctly
1183 - Fix infinite loop in MSNT auth helper
1184 - Fix FD_SETSIZE on FreeBSD
1185 - Fix stripping NT domain in squid_ldap_group
1186 - Fix RADIUS auth helper build
1187 - Add Translate: and Unless-Modified-Since: headers to known list
1188 - Make fakeauth handle NTLMv2 better
1189 - Better Kerberos support detection
1190 - Several Widows port fixes
1191
6e4fa9b4
AJ		 1192Changes to squid-3.0.STABLE16-RC1 (16 May 2009):
1193
950b7d55 1194 - Bug 1148: Ported from 3.1: Chunked Transfer Encoding
6e4fa9b4
AJ		 1195 - Bug 2648: NTLM helpers not shutting down when deferred
1196
79200081
AJ		 1197Changes to squid-3.0.STABLE15 (06 May 2009):
1198
1199 - Regression Bug 2635: Incorrect Max-Forwards header type
1200 - Bug 2652: 'Success' error on CONNECT requests
1201 - Bug 2625: IDENT receiving errors
1202 - Bug 2610: ipfilter support detection
1203 - Bug 2578: FTP download resume failure
1204 - Bug 2536: %H on HTTPS error pages
1205 - Bug 2491: assertion "age >= 0"
1206 - Bug 2276: too many NTLM helpers running
1207 - Endian system and compiler fixes provided by the NetBSD project
1208 - documentation fixes provided by the Debian project
1209
6c2e5932
AJ		 1210Changes to squid-3.0.STABLE14 (11 Apr 2009):
1211
1212 - Regression Fix: HTTP/0.9 in accelerator mode
1213 - Bug 1232: cache_dir parameter limited to only 63 entries
1214 - Bug 1868: support HTTP 207 status
1215 - Bug 2518: assertion failure on restart/reconfigure
1216 - Bug 2588: coredump in rDNS lookup
1217 - Bug 2595: Out of bounds memory write in squid_kerb_auth
1218 - Bug 2599: Idempotent start
1219 - Bug 2605: Prevent setsid() on helpers in daemon mode
1220 - Fix external_acl_type option parsing
1221 - Fix delay pools counters on FTP
1222 - Fix several issues with ident (some remain)
1223 - Fix performance issues with persistent connections
1224 - Fix performance issues with delay pools
1225 - Fix forwarding of OPTIONS requests
1226 - Add support for HTTP 1.1 Content-Disposition header
1227 - Add support for Windows 7, Windows Server 2008 R2 and later
1228 - ... and many small documentation updates
1229
f636c996
AJ		 1230Changes to squid-3.0.STABLE13 (03 Feb 2009):
1231
1232 - Fix several issues in request parsing
1233 - Fix memory leak from logformat parsing
1234 - Fix various ESI build errors
1235 - ... and some documentation updates
1236
1237Changes to squid-3.0.STABLE12 (21 Jan 2009):
1238
1239 - Bug 2533: Solaris (sparc) 64-bit build breaks with gcc/g++
1240 - Bug 2542: ICAP filters break download resume
1241 - Bug 2556: HTCP fails without icp_port
1242 - Bug 2564: logformat '%tl' field not working as advertised
1243 - Port from 3.1: TestBed basic build consistency checks
1244 - Policy: Change half_closed_clients default to off
1245 - Policy: Removed -V command line option, deprecated by 2.6
1246 - ... and several other minor code cleanups
1247
1248Changes to squid-3.0.STABLE11 (24 Dec 2008):
1249
1250 - Bug 2424: filedescriptors being left unnecessary opened
1251 - Bug 2545: fault passing ICAP filtered traffic to peers
1252 - Bug 2227: Sefgaults in MemBuf::reset during idnsSendQuery
1253 - ... and some minor admin and debug cleanups.
1254
1255Changes to squid-3.0.STABLE11-RC1 (3 Dec 2008):
1256
1257 - Removes patch causing cache of bad objects
1258 - Bug 2526: bad security default in ACLChecklist
1259 - Fixes regression: access.log request size tag
1260 - Fixes cache_peer forceddomainname=X option
1261 - ... and many minor documentation cleanups
1262
7a6e2ecc
AJ		 1263Changes to squid-3.0.STABLE10 (14 Oct 2008):
1264
1265 - Bug 2391: Regression: bad assert in forwarding
1266 - Bug 2447: Segfault on failed TCP DNS query
1267 - Bug 2393: DNS requests getting stuck in idns queue
1268 - Bug 2433: FTP PUT gives bad gateway
1269 - Bug 2465: Limited DragonflyBSD support
1270 - ... and other minor bugs and documentation
1271
1272Changes to squid-3.0.STABLE9 (9 Sep 2008):
1273
1274 - Policy Enforcement: COSS is unusable in 3.0
1275 - Port from 3.1: Language Pack compatibility
1276 - Port from 2.6: Windows Support Notes
1277 - Fix several minor regressions:
1278 HTCP stats reporting
1279 cachemgr delay pool config
1280 CARP build error
1281 - Bug 2340: uudecode dependency for icons removed
1282 - Bug 2352: no_check.pl ntlm challenge fix
1283 - Bug 2426: buffer increase for kerberos auth fields
1284 - Bug 2427: squid_ldap_group codes fix
1285 - Bug 2437: peer name now shown in access.log
1286 - Add sane display of unsupported method errors
1287 - ... and various other code cleanups
1288
1289Changes to squid-3.0.STABLE8 (18 Jul 2008):
1290
1291 - Port from 2.6: Support for cachemgr sub-actions
1292 - Port from 2.6: userhash peer selection method
1293 - Port from 2.6: sourcehash peer selection method
1294 - Bug 2376: round-robin balancing fixes
1295 - Bug 2388: acl documentation cleanup
1296 - Bug 2365: cachemgr.cgi HTML output encoding
1297 - Bug 2301: Regression: Log format size options
1298 - Bug 2396: Correct the opening of PF device file.
1299 - Bug 2400: ICAP accept mechanism
1300 - Bug 2411: Regression: fakeauth_auth crashes
1301 - Many fixes to the Windows support (not complete yet).
1302 - Boost error pages HTML standards.
1303 - Fixes several issues on 64-bit systems
1304 - Fixes several issues on older or stricter compilers
1305 - Linux-2.6.24/2.6.25 netfilter_ipv4.h __u32 workaround
1306 - Update Release Notes: 'all' ACL is built-in since 3.0.STABLE1
1307
1308Changes to squid-3.0.STABLE7 (22 Jun 2008):
1309
1310 - Fix several ASN issues
1311 - Fix SNMP reporting of counters
1312 - Fix round-robin algorithms
1313 - GCC 4.3 support
1314 - Netfilter v1.4.0 bug workaround
1315 - Bugs 2350 and 2323: memory issues
1316 - Bugs 2384, 951, 1566: ESI assertions
1317 - Various minor debug and documentation cleanups
f1233d8c
AJ		 1318
1319Changes to squid-3.0.STABLE6 (20 May 2008):
1320
1321 - Bug 2254: umask Feature from 2.6 added
1322 - cachemgr.cgi default config file added
1323 - Several authentication bug fixes
1324 - Improved Windows Support
1325 - better DNS lookup methods for unqualified hostames
1326 - better support for 64-bit environments
1327 - Bug 2332: Crash when tunnelling
1328 - Removed the advertisement clause from BSD licenses
1329 according to the GPLv2+ changes in BSD
1330 - ... and other bugs and minor cleanups
1331
1332Changes to squid-3.0.STABLE5 (28 Apr 2008):
1333
1334 - Support for resolv.conf 'domain' option
1335 - Improved URI support, including
1336 longer URI up to 8192 bytes accepted
1337 better handling of intercepted URI
1338 better port for non-FQDN URI lookups
1339 - Improved logging, including
1340 Bug 3210 fixed: incorrect timestamp format in earlier 3.0 releases.
1341 Fixed 'log_ip_on_direct' option behaviour
1342 - Support for profiling on x86 64-bit systems
1343 - .. and other bugs and minor code cleanups.
1344
1345Changes to squid-3.0.STABLE4 (2 Apr 2008):
1346
1347 - Bug 2288: compile error slipped into STABLE3.
1348
1349Changes to squid-3.0.STABLE3 (31 Mar 2008):
1350
1351 - Improved HTTP 1.1 support.
1352 - Improved MacOSX (Leopard) support
1353 - Bug 2206: Proxy-Authentication regression in STABLE2.
1354 - Strip Domain from NTLM usernames for use in class 4 Delay Pools
1355 - ... and other bugs and minor code cleanup
1356
1357Changes to squid-3.0.STABLE2 (1 Mar 2008):
1358
1359 - Add myportname ACL for matching the accepting port name (see release notes)
1360 - Add include directive for squid.conf (see release notes)
1361 - Add ability to strip kerberos realm from usernames during Auth
1362 - License cleanup to comply with GPLv2 or later
1363 - Updated Error Pages and Translations
1364 - Updated configuration examples
1365 - Updated valgrind support for valgrind-3.3.0
1366 - Improved support for Windows and MacOS X Leopard
1367 - Improved support for files larger than 2GB
1368 - Improved support for CARP arrays and WCCPv2
1369 - Improved cachmgr, SNMP, and log reporting
1370 - ... and as usual Many bug fixes since STABLE 1
70c5dfb2 1371
284237d4 1372Changes to squid-3.0.STABLE1 (13 Dec 2007):
3ff01c3e 1373
1374 - Major rewrite translating the code to C++, originally based on
1375 Squid-2.5.STABLE1
1376 - Internal client streams concept for content adaptation
1377 - ICAP (Internet Content Adaptation Protocol) client support
1378 - ESI (Edge Side Includes) support added
284237d4 1379 - Improved support for files larger than 2GB.
3ff01c3e 1380 - And a lot more. Most features from Squid-2.6 is supported, but not
1381 all. See the release notes for details.
1382
9ae33c59
AJ		 1383
1384Squid-2 ChangeLog of versions fully ported to Squid-3 follows.
1385
1386Changes to squid-2.6.STABLE22 (19 October 2008)
1387
1388 - Bug #2396: Correct the opening of the PF device file.
1389 - Make --with-large-files and --with-build-envirnment=default play
1390 nice together
1391 - Workaround for Linux-2.6.24 & 2.6.25 netfiler_ipv4.h include header
1392 __u32 problem
1393 - Make dns_nameserver work when using --disable-internal-dns on glibc
1394 based systems
1395 - Bug #2426: Increase negotiate auth token buffer size
1396 - Bug #2427: squid_ldap_group -h reports the old % codes for -f
1397 - Bug #2477: swap.state permission issues if crashing during "squid -k
1398 reconfigure"
1399 - Windows port: Fix build error using latest MinGW runtime.
1400
1401
1402
3ff01c3e 1403Older ChangeLog follows. The sections relating to Squid-2.6 is not entirely
1404authorative for this release and mirrored here for reference only.
f1233d8c 1405
467c94d1 1406 - CARP now plays well with the other peering algorithms,
1407 and support for CARP peerings is compiled by default. Can be
1408 disabled by --disable-carp
1741cbad 1409 - Configuration file can be read from an external program
1410 or preprocessor. See squid.8 man page.
52f772de 1411 - http_port is now optional, allowing for SSL only operation
4ca261f2 1412 - Satellite and other high latency peering relations enhancements
1413 (Robert Cohren)
a9245686 1414 - Nuked num32 types, and made type detection more robust by the
1415 use of typedefs rather than #defines.
b5fb34f1 1416 - the mailto links on Squid's ERR pages now contain data about the
1417 occurred error by default, so that the email will contain this data in
1418 its body. This feature can be disabled via the email_err_data directive.
9ae33c59 1419 (Clemens L?ser)
c8f4eac4 1420 - COSS now uses a file called stripe and the path in squid.conf is the
1421 directory this is placed in. Additionally squid -z will create the
1422 COSS swapfile.
14f5b6c3 1423 - WCCPv2 support, including mask assignment support
5401aa8d 1424 - HTCP support for access control and the CRL operation for
1425 purgeing of cache content
14f5b6c3 1426 - ICAP related fixes
1427 - Windows-related fixes, including Vista and Longhorn identification
1428 - Client-side parsing and some string use optimisations
1429 - Lots of off-by-one and memory leaks in corner cases have been fixed
1430 thanks to valgrind
1431 - Improved high-resolution profiling
1432 - Windows overlapped-IO and thread support added to the Async IO disk code
1433 - Improvements for handling large DNS replies
a7c8cce0 1434
3ff01c3e 1435Changes to squid-2.6.STABLE15 (31 Aug 2007)
1436
1437 - The select() I/O loop got broken by the /dev/poll addition
1438 (2.6.STABLE14)
1439 - Bug #2017: Fails to work around broken servers sending just the HTTP
1440 headers
1441 - Bug #2023: Compile error with old GCC 2.x or other ANSI-C compilers
1442 before C99
1443 - squid.conf.default updated and reorganised in more sensible groups
1444 - correct and document the syslog access_log format
1445 - Armenian error pages translation
1446 - digest_ldap_helper usage help updated
1447 - Bug #1560: ftpSendPasv: getsockname(-1,..): (9) Bad file descriptor
1448 - Improve delay pools in low traffic environment by checking timeouts
1449 at a steady 1 second interval even when there is not much activity
1450 - Don't request authentication on transparently intercepted
1451 connections
1452 - Cleanup linux capabilities for tproxy
1453 - Bug #2003: 'via' config directive doesn't affect response headers
1454 - Bug #1902: Adds Numeric Hit and invalid request counters to IP Cache
1455 - Add missing $|=1 to squid_db_auth
1456 - Bug #2050: Persistent connection dropped if cache has no
1457 Content-Length
1458 - Verify the URL on memory cache hits
1459 - Bug #2057: NTLM stop work in messengers after upgrade to 2.6.STABLE14
1460 - Bug #1972: Squid sets peers to down state when they are in fact
1461 working.
1462 - potential segmentation fault in storeLocateVary()
1463 - Bug #2066: chdir after chroot
1464 - Windows port: Fix compiler warnings when building Squid as
1465 application (not Windows service mode)
1466 - Spelling correction of received
1467
1468Changes to squid-2.6.STABLE14 (15 Jul 2007)
1469
1470 - squid.conf.default cleanup to have options in their proper sections.
1471 - documentation correction in the refresh_pattern ignore-auth option
1472 - URI-escaping not uses the recommended upper-case hex codes
1473 - refresh_pattern min-age 0 correted to really mean 0, and not 1 second
1474 - Always use xisxxxx() Squid defined macros instead of ctype
1475 functions.
1476 - Kerberos SPNEGO/Negotiate helper for the negotiate scheme
1477 - Database basic auth helper using Perl DBI to connect to most SQL DBs
1478 - Solaris /dev/poll network I/O support
1479 - configure fixes to make cross compilation somewhat easier
1480 - Removed incorrect -a reference from http_port documentation
1481 - Bug #1900: Double "squid -k shutdown" makes Squid restart again
1482 - Bug #1968: Squid hangs occasionally when using DNS search paths
1483 - Novell eDirectory digest auth helper (digest_edir_auth)
1484 - Bug #1130: min-size option for cache_dir
1485 - POP3 basic auth helper querying a POP3 server
1486 - Cosmetic squid_ldap_auth fixes from Squid-3
1487 - Bug #1085: Add no-wrap to cache manager HTML tables
1488 - Automatically restart if number of available filedescriptors becomes
1489 alarmingly low, preventing a situation where Squid would otherwise
1490 permanently stop processing requests.
1491 - Bug #2010: snmp_core.cc:828: warning: array subscript is above
1492 array bounds
1493 - Deal better with forwarding loops
1494
1495Changes to squid-2.6.STABLE13 (11 May 2007)
1496
1497 - Make sure reply headers gets sent even if there is no body available
1498 yet, fixing RealMedia streaming over HTTP issues.
1499 - Undo an accidental name change of storeUnregisterAbort.
1500 - Kill an ancient malplaced storeUnregisterAbort call from ftp.c
1501 - Bug #1814: SSL memory leak on persistent SSL connections
1502 - Don't log ECONNREFUSED/ECONNABORTED accept failures in cache.log
1503 - Cosmetic fix: added missing newline in WCCPv2 configuration dump.
1504 - Ukrainan error messages
1505 - Convert various error pages from DOS to UNIX text format
1506 - Bug #1820: COSS assertion failure t->length == MD5_DIGEST_CHARS
1507 - Clarify the max-conn=n cache_peer option syntax slightly
1508 - Bug #1892: COSS segfault on shutdown
1509 - Windows port: fix undefined ECONNABORTED
1510 - Make refreshIsCachable handle ETag as a cache validator, not
1511 only last-modified
1512 - in_port_t is not portable, use unsigned short instead
1513 - Fix fs / auth / snmp dependencies
1514 - Portability: statfs() may reqire #include <sys/statfs.h>
1515
1516Changes to squid-2.6.STABLE12 (20 Mar 2007)
1517
1518 - Assertion error on TRACE
1519
1520Changes to squid-2.6.STABLE11 (17 Mar 2007)
1521
1522 - Bug #1915: assertion failed: client_side.c:4055: "buf != NULL ||
1523 !conn->body.request"
1524 - Handle garbage helper responses better in concurrent protocol format
1525 - Fix kqueue when overflowing the changes queue
1526 - Make sure the child worker process commits suicide if it could
1527 not start up
1528 - Don't log short responses at debug level 1
1529 - Fix bswap16 & bwsap32 error on NetBSD
1530 - Fix collapsed_forwarding for non-GET requests
1531
1532Changes to squid-2.6.STABLE10 (4 Mar 2007)
1533
1534 - Upgrade HTTP/0.9 responses to our HTTP version (HTTP/1.0)
1535 - various diskd bugfixes
1536 - In the access.log hierarchy field log the unique peer name
1537 instead of the host name
1538 - unlinkdClose() should be called after (not before) storeDirSync()
1539 - CLEAN_BUF_SZ was defined, but never used anywhere
1540 - logging HTTP-request size
1541 - Fix icmp pinger communication on FreeBSD and other not supporing
1542 large dgram AF_UNIX sockets
1543 - Release objects on swapin failure
1544 - Bug #1787: Objects stuck in cache if origin server clock in future
1545 - Bug #1420: 302 responses with an Expires header is always cached
1546 - Primitive support for HTTP/1.1 chunked encoding, working around
1547 broken servers
1548 - Clean up relations between TCP probing and DNS checks of peers with
1549 no known addresses.
1550 - Fix a minor HTML coding error in ftp directory listings with // in
1551 the path
1552 - Bug #1875, #1420. Cleanup of refresh logics when dealing with
1553 non-refreshable content
1554 - Gopher cleanups and bugfixes
1555 - Negotiate authentication fixed again. Broken since STABLE7 by the
1556 patch for Bug #1792.
1557 - Bug #1892: COSS tries to shut down the same directory twice on exit
1558 - Bug #1908: store*DirRebuildFromSwapLog() ignores some SWAP_LOG_DEL
1559 entries
1560 - Added support for Subversion HTTP request methods MKACTIVITY,
1561 CHECKOUT and MERGE.
1562
1563Changes to squid-2.6.STABLE9 (24 Jan 2007)
1564
1565 - Bug #1878: If-Modified-Since broken in 2.6.STABLE8
1566 - Bug #1877 diskd bug in storeDiskdIOCallback()
1567
1568Changes to squid-2.6.STABLE8 (21 Jan 2007)
1569
1570 - Bug #1873: authenticateNTLMFixErrorHeader: state 4.
1571 - Document the https_port vhost option, useful in combination with
1572 a wildcard certificate
1573 - Document the existence of connection pinning / forwarding of NTLM
1574 auth and a few other features overlooked in the release notes.
1575 - Spelling correction of the ssl cache_peer option
1576 - Add back the optional "accel" http_port option. Makes accelerator
1577 mode configurations easier to read.
1578 - Bug #1872: Date parsing error causing objects to get unexpectedly
1579 cached.
1580 - Cleanup to have the access.log tags autogenerated from enums.h
1581 - Bug #1783: STALE: Entry's timestamp greater than check time. Clock
1582 going backwards?
1583 - Don't update object timestamps on a failed revalidation.
1584 - Fix how ftp://user@host URLs is rendered when Squid is built with
1585 leak checking enabled
1586
1587Changes to squid-2.6.STABLE7 (13 Jan 2007)
1588
1589 - Windows port: Fix intermittent build error using Visual Studio
1590 - Add missing tproxy info from the dump of http port configuration
1591 - Bug #1853: Support for ARP ACL on NetBSD
1592 - clientNatLookup(): fix wrong function name in debug messages
1593 - Convert ncsa_auth man page from DOS to Unix text format.
1594 - Bug #1858: digest_ldap_auth had some remains of old hash format
1595 - Correct the select_loops counter when using select(). Was counted twice
1596 - Clarify the http_port vhost option a bit
1597 - Fix cache-control: max-stale without value or bad value
1598 - Bug #1857: Segmentation fault on certain types of ftp:// requests
1599 - Bug #1848: external_acl crashes with an infinite loop under high load
1600 - Bug #1792: max_user_ip not working with NTLM authentication
1601 - Bug #1865: deny_info redirection with authentication related acls
1602 - Small example on how to use the squid_session helper
1603 - Bug #1863: cache_peer monitorurl, monitorsize and monitorinterval not working properly
1604 - Clarify the transparent http_port option a bit more
1605 - Bug #1828: squid.conf docutemtation error for proxy_auth digest
1606 - Bug #1867: squid.pid isn't removed on shutdown
1607
1608Changes to squid-2.6.STABLE6 (12 Dec 2006)
1609
1610 - Bug #1817: Assertion failure assert(buflen >= copy_sz) in htcp.c htcpBuildAuth()
1611 - Add client source port logformat tag >p
1612 - Cleanup of transparent & accelerator mode request parsing to untangle the firewall dependencies a bit
1613 - Bug #1799: Harmless 1 byte buffer overflow on long host names in /etc/hosts
1614 - automake no longer recommends mkinstalldirs. Removed.
1615 - Only use crypt() if it's available, allowing ncsa_auth to be built
1616 on platofms without crypt() support.
1617 - Windows port documentation updates
1618 - Bug #1818: Assertion failure assert(e->swap_dirn >= 0) in fs/coss/store_dir_coss.c storeCoss_DeleteStoreEntry
1619 - Bug #1117: assertion failed: aufs/store_dir_aufs.c:642: "rb->flags.need_to_validate"
1620 - Remove extra newline in redirect message sent by deny_info http://... aclname
1621 - Bug #1805: assertion failed: StatHist.c:195: "D[i] >= 0"
1622 - Clarify the external_acl_type helper format specification and some defaults
1623 - Add support for the weight= parameter to round-robin peers
1624 - Bug #1832: Error building squid-2.6.STABLE5 using --enable-truncate
1625 - Convert snmpDebugOid to use a temporary String object instead of strcat
1626 - Document that proxy_auth also accepts -i for case-insensitive operation
1627 - Remove malloc/free of temporary buffer in time parsing routines.
1628 - Reduce memory allocator pressure by not continually allocating client-side read buffers
1629 - Accept large dates >2^31 on 64-bit platformst. Seen for example in the Google logo.
1630 - Convert the connStateData->chr single link list to a normal dlink_list for clarity.
1631 - Bug #1584: Unable to register with multiple WCCP2 routers
1632 - Fix the WCCPv2 mask assignment code to not crash as the value assignments are built.
1633 - Bug #439: Multicast ICP peering is unstable and considers most peers dead
1634 - Bug #1801: NTLM authentication ends up in a loop if the server responds with a retriable error
1635 - Bug #1839: Cosmetic debug message cleanup in peerHandleHtcpReply.
1636 - Bug #1840: Disable digest and netdb queries to multicast peers
1637 - Bug #1641: assertion failed: stmem.c:149: "size > 0" while processing certain Vary objects
1638 - Fix build errors when using latest MinGW Windows environment
1639
1640Changes to squid-2.6.STABLE5 (3 Now 2006)
1641
1642 - Bug #1776: 2.6.STABLE4 aufs fails to compile if coss isn't enabled
1643 - COSS improvements and cleanups
1644 - SNMP linking issue resolved, enabling SNMP support to be build in all platforms
1645 - Bug #1784: access_log syslog results in blanks syslog lines between every entry
1646 - Bug #1719: Incorrect error message on invalid cache_peer specifications
1647 - Bug #1785: Memory leak in handling of negatively cached objects
1648 - Bug #1780: Incorrect Vary processing in combination with collapsed_forwarding
1649 - Bug #1782: Memory leak in ncsa_auth on password changes
1650 - Suppress some annoying coss startup messages raising the debug level to 2.
1651 - Clarify the external_acl_helper concurrency= change.
1652 - aioDone() could be called twice from aufs and from coss (when using AIOPS) during shutdown.
1653 - Bug #1794: Accept 00:00-24:00 as a valid time specification even if redundand and the same as 00:00-23:59
1654 - Bug #1795: Theoretical memory leak in storeSetPublicKey
1655 - Removing port 563 from the default SSL_ports and Safe_ports ACLs
1656 - Bug #1724: Automatically enable Linux Netfilter support with --enable-linux-tproxy.
1657 - Bug #1800: squid -k reconfigure crash when using req/rep_header acls
1658 - Clarify the select/poll/kqueue/epoll configure --enable/disable options
1659 - Bug #1779: Delay pools fairness when multiple connections compete for bandwidth
1660 - Bug #1802: Crash on exit in certain conditions where cache.log is not writeable
1661 - Bug #1796: Assertion error HttpHeader.c:914: "str"
1662 - Bug #1790: Crash on wccp2 + mask assignement + standard wccp service
1663 - Silence harmless gcc compile warning.
1664 - Clean up poll memory on shutdown
1665 - Ported select, poll and win32 to new comm event framework
1666 - Windows port: Correctly identify Windows Vista and Windows Server Longhorn
1667 - Added a basic comm_select_simple comm loop only requiring minimal POSIX compliance.
1668 - Safeguard from kb_t counter overflows on 32-bit platforms
1669
1670Changes to squid-2.6.STABLE4 (23 Sep 2006)
1671
1672 - Bug #1736: Missing Italian translation of ERR_TOO_BIG error page
1673 - Windows port enhancement: added native exception handler with signal emulation
1674 - Fix the %un log_format tag again. Got broken in 2.6.STABLE2
1675 - Fix Squid crash when using %a in ERR_INVALID_REQ and ERR_INVALID_URL error messages.
1676 - Bug #212: variable %i always 0.0.0.0 in many error pages
1677 - Bug #1708: Ports in ACL accepts characters and out of range
1678 - Bug #1706: Squid time acl accepts invalid time range.
1679 - Fix another harmless fake_auth compiler warning on gcc 4.1.1 x86
1680 - Fix an harmless snmp_core.c compiler warning on gcc 4.1.1 x86
1681 - Bug #1744: squid-2.6.STABLE3 - fakeauth_auth crashing on certain requests
1682 - Bug #1746: Harmless off by one overrun in ncsa_auth md5 password validation
1683 - Bug #1598: start_announce cannot be disabled
1684 - Periodically flush cache.log to disk when "buffered_logs on" is set
1685 - Numerous COSS improvements and fixes
1686 - Windows port: merge of MinGW support
1687 - Windows port: Merged Windows threads support into aufs
1688 - Bug #1759: Windows port cachemgr.cgi attempts to write to file system root directory
1689 - Numerous portability fixes
1690 - Various minor statistics cleanup on 64-bit hosts with more than 4GB of memory
1691 - Bug #1758: HEAD on ftp:// URLs always returned 200 OK.
1692 - Bug #1760: FTP related memory leak
1693 - Bug #1770: WCCP2 weighted assignment
1694 - Bug #1768: Redundant DNS PTR lookups
1695 - Bug #1696: Add support for wccpv2 mask assignment
1696 - Bug #1774: ncsa_auth support for cramfs timestamps
1697 - Bug #1769: near-hit and filedescriptor usage missing in SNMP MIB
1698 - Bug #1725: cache_peer login=PASS documentation somewhat confusing
1699 - Bug #1590: Silence those ETag loop warnings
1700 - Bug #1740: Squid crashes on certain malformed HTTP responses
1701 - Bug #1699: assertion failed: authenticate.c:836: "auth_user_request != NULL"
1702 - Improve error reporting on unexpected CONNECT requests in accelerator mode
1703 - Cosmetic change to increase cache.log detail level on invalid requests
1704 - Bug #1229: http_port and other directives accept invalid ports
1705 - Reject http_port specifications using both transparent and accelerator options
1706 - Cosmetic cleanup to not dump stacktraces on configuration errors
1707
1708
1709Changes to squid-2.6.STABLE3 (18 Aug 2006)
1710
1711 - Bug #1577: assertion failed "fm->max_n_files <= (1 << 24)" on
1712 very large cache_dir. Limit number of objects stored to slightly
1713 less to avoid this.
1714 - Bug #1705: Correct error message on invalid time weekday specification
1715 - Don't attempt to guess netmask in src/dst acl specifications
1716 if none was provided. Assume it's an IP even if it ends in 0
1717 - Bug #1665: log_format %ue, %us tags for external or ssl user id
1718 - Bug #1707: delay pools often ignored the set limit
1719 - Bug #1716: Support for recent OpenSSL 0.9.7 versions
1720 (0.9.8 always worked)
1721 - COSS fixes and performance improvements
1722 - Memory leak when reading configuration files with overlapping
1723 ACL data where squid -k parse complains.
1724 - Memory leak related to pinned connections
1725 - Show include acls unexpanded in cachemgr configuration dumps
1726 - Fixed WARNING defer handler for HTTP Socket does not call commDeferFD
1727 - Bug #1304: Downloads may hang when using the cache_dir max-size option
1728 - Optimization of network I/O
1729 - Bug #1730: make problem with --enable-follow-x-forwarded-for on Solaris
1730 - Fixed a memory leak on certain invalid requests
1731 - Bug #1733: ERR_CANNOT_FORWARD Portuguese translation update
1732 - Bug #582: ntlm fake_auth not handles non-ascii login names
1733 - New startup message indicating the type of event loop used
1734 - Bug #1602: TCP fallback on truncated DNS responses
1735 - Bug #1667: assertion failed: store.c:1081: "e->store_status == STORE_PENDING"
1736 - Bug #1723: cachemgr now works in accelerator mode
1737
1738Changes to squid-2.6.STABLE2 (31 Jul 2006)
1739
1740 - WCCP2 doesn't update statCounter.syscalls.sock.sendtos counter.
1741 - Releasenotes Table of contents should use relative links without
1742 filename.
1743 - Reject HTTP/0.9 formatted CONNECT requests.
1744 - Cosmetic cleanup to use safe_free instead of xfree + manual
1745 assign to NULL
1746 - Bug #1650: transparent interception "Unable to forward this
1747 request at this time"
1748 - Bug #1658: Memory corruption when using client-side SSL certificates
1749 - Add storeRecycle; a storeIO method to delete a StoreEntry w/out
1750 deleting the underlying object.
1751 - Many COSS fixes and new coss data dumper utility for diagnostics
1752 - Bug #1669: SEGV in storeAddVaryReadOld
1753 - Many fixes in debug sections and spelling of debug messages
1754 - Don't keep client connection persistent if there was a mismatch in
1755 the response size.
1756 - Move eventCleanup debug messages to debug level 2 (was 0)
1757 - Add the missing concurrency parameters to basic and digest auth
1758 schemes
1759 - Bug #1670: assertion failure: i->prefix_size > 0 in client_side.c:2509
1760 - Log SSL user id in the custom log User name format (%un)
1761 - Bug #1653: Username info not logged into Cachemgr active_requests
1762 statistics
1763 - Added to the redirectors interface the support for SSL client
1764 certificate
1765 - squid.conf.default cleanup to remove references to old options
1766 - Fix many filedescriptors in combination with TPROXY
1767 - Fix connection pinning in transparently intercepted connections
1768 - Bug #1679: LDFLAGS not honored in some programs.
1769 - Minor cleanup of port numbers in transparent interception or
1770 vhost + vport
1771 - Bug #1671: transparent interception fails with FreeBSD ipfw or
1772 Linux-2.2 ipchains
1773 - Bug #1660: Accept-Encoding related memory corruption
1774 - Bug #1651: Odd results if url_rewriter defined multiple times
1775 - Bug #1655: Squid does not produce coredumps under linux when
1776 started as root
1777 - Bug #1673: cache digests not served to other caches
1778 - Cleanup of Linux capability code used by tproxy
1779 - Bug #1684: xstrdup: tried to dup a NULL pointer!
1780 - Bug #1668: unchecked vsnprintf() return code could lead to log
1781 corruption
1782 - Bug #1688: Assertion failure in HttpHeader.c in some header_access
1783 configurations
1784 - Cygwin support fir --disable-internal-dns
1785 - Silence those annoying sslReadServer: Connection reset by peer
1786 errors.
1787 - Bug #1693: persistent connections broken in transparent
1788 interception mode
1789 - Bug #1691: multicast peering issues
1790 - Bug #1696: Correct WCCP2 processing of router capability info
1791 segments
1792 - Bug #1694: Assertion failure in mgr:config if using
1793 access_log_format %<h
1794 - Bug #1677: Duplicate etags in the If-None-Match header
1795 - Bug #1665: access_log_format codes for login names from external
1796 acl or ssl
1797 - Bug #1681: All ntlmauthenticator processes are busy
1798 - Added ARP acl support for OpenBSD and ARP fixes for Windows
1799 - Bug #1700: WCCP fails on FreeBSD (Unable to disconnect WCCP out
1800 socket)
1801 - WCCP2 correct dampening of assign buckets when there it lots of
1802 changes
1803 - minimum_expiry_time to tune the magic 60 seconds limit of what
1804 is considered cachable when the object doesn't have any cache
1805 validators.
1806 - Bug #1703: wrong path to diskd helper corrected, and config
1807 parser extended to trap incorrect paths early
1808 - Bug #1703: COSS failed to initialize async-io threads
1809 - Bug #1703: should abort if diskd helper exits unexpectedly
1810 - Bug #1702: Warn if acl name is too long
1811 - Bug #1685: Crashes or other odd results after storeSwapMetaUnpack: errors
1812 - wccp2_rebuild_wait directive to delay registering with WCCP until the
1813 - Bug #1662: Infinite loop in external acl with grace period if the
1814 same http_access line had multiple external acls
1815
1816Changes to squid-2.6.STABLE1 (1 Jul 2006)
1817
1818 - New --enable-default-hostsfile configure option
1819 - Added username info to active_requests cachemgr stats
1820 - Modified squid MIB to incorporate squid.conf visible_hostname
1821 - Added multi-line capability in squid.conf
1822 - Added new httpd_suppress_version_string configuration directive
1823 - WCCPv2 support
1824 - Negotiate authentication scheme support
1825 - NTLM authentication scheme rewritten
1826 - Customizable access log formats
1827 - Selective access logging
1828 - Access logging via syslog
1829 - Reverse proxy enhancements, with new cache_peer based forwarding
1830 model.
1831 - LDAP based Digest helper (Note: not true LDAP integration, just using
1832 LDAP for storage of the Digest hashes)
1833 - Improved helper communication protocol
1834 - External ACL improvements. %PATH, log=, grace=, and more..
1835 - Improved SSL support with hardware offload, client certificate
1836 support (primitive), chained certificates and numerous bug fixes
1837 - DNS lookups now use the search path from /etc/resolv.conf or
1838 the Windows registry
1839 - Linux epoll support
1840 - collapsed forwarding to optimize reverse proxies or other
1841 setups having very many clients going to the same URL
1842 - New improved COSS implementation
1843 - Optional support for blank passwords
1844 - The old and obsolete Samba-2.2.X winbind helpers have been removed
1845 - external acls now uses the simplified URL-escaped protol "3.0" by
1846 default.
1847 - Linux TPROXY support
1848 - Support for proxying of Microsoft Integrated Login by adding
1849 support for the deviations from the HTTP protocol required
1850 to support these authentication mechanisms
1851 - Added the capability to run as a Windows service under Cygwin
1852 - CARP now plays well with the other peering algorithms
1853 - read_ahead_gap option to read ahead more than 16KB of the reply
1854 - check_hostnames and allow_underscore squid.conf options
1855 - http_port is now optional, allowing for SSL only operation
1856 - Full ETag/Vary support, caching responses which varies with
1857 request details (browser, language etc).
1858 - umask now defaults to 027 to protect the content of cache and
1859 log files from local users
1860 - HTCP support for access control and the CRL operation for
1861 purgeing of cache content
1862 - Optionally follow X-Forwarded-For headers to determine the original
1863 client IP behind sedond level proxies
1864 - FreeBSD kqueue support
1865
1866Changes to squid-2.5.STABLE14 (20 May 2006)
1867 - [Minor] icons not displayed when visible_hostname is a
1868 short hostname (without domain). (Bug #1532)
1869 - [Medium] Memleak in HTCP client code (default disabled)
1870 (Bug #1553)
1871 - [Major] memory leak in ident processing (Bug #1557)
1872 - [Medium] Memory leak in header processing related to external_acl
1873 header detail format tag (Bug #1564)
1874
1875Changes to squid-2.5.STABLE13 (12 Mar 2006)
1876 - [Minor] Fails to compile on Solaris and some other platforms
1877 with undefined reference to setenv (Bug #1435)
1878 - [Cosmetic] Added WebDAV REPORT method to know HTTP methods list
1879 - [Minor] Squid ntlm_auth (not the Samba provided one) giving
1880 odd results if --enable-ntlm-fail-open is used (Bug #1022)
1881 - [Minor] wbinfo_group.pl doesn't work with Samba 3.0.21 and later
1882 (Bug #1472)
1883 - [Minor] Squid crash when asyncio function counters url accessed
1884 from Cachemgr CGI (Bug #1464)
1885 - [Cosmetic] Linux compile warning about prctl called with too few
1886 arguments (Bug #1483)
1887 - [Minor] Wrong timezone declaration for 64 bit Irix (Bug #1479)
1888 - [Minor] Some 206 responses logged incorrectly (Bug #1511)
1889 - [Minor] Issues in processing ranges on objects >2GB (Bug #437)
1890 - [Cosmetic] Segmentation fault on empty proxy_auth ACLs (Bug #1414)
1891 - [Minor] Ident access lists don't work in delay_access statements
1892 (Bug #1428)
1893 - [Minor] Some clients support NTLM even if not initially negotiating
1894 persistent connections (Bug #1447)
1895 - [Medium] 504 Gateway Time-out on FTP uploads (Bug #1459)
1896 - [Medium] delay pools given too much bandwidht after "-k reconfigure"
1897 (Bug #1481)
1898 - [Cosmetic] New persistent_connection_after_error configuration
1899 directive (Bug #1482)
1900 - [Cosmetic] Hangs at 100% CPU if /dev/null is not accessible (Bug
1901 #1484)
1902 - [Minor] Fails to compile on Fedora Core 5 test 2 x86_64 (Bug #1492)
1903 - [Cosmetic] Typo in ftp.c (Bug #1507)
1904 - [Cosmetic] Error in FTP listings of files with -> in their name
1905 (Bug #1508)
1906 - [Cosmetic] With Squid-2.5 there is no more the DUPLICATE IP logging
1907 in cache.log (Bug #779)
1908 - [Minor] Fails to process long host names (Bug #1434)
1909 - [Cosmetic] Azerbaijani errors translation (Bug #1454)
1910 - [Cosmetic] misleading error message message for bad/unresolveable
1911 cache_peer name (Bug #1504)
1912 - [Cosmetic] confusing statistics on stateful helpers (NTLM auth)
1913 (Bug #1506)
1914 - [Major] connstate memory leak (Bug #1522)
1915
1916Changes to squid-2.5.STABLE12 (22 Oct 2005)
1917
1918 - [Major] Error introduced in 2.5.STABLE11 causing truncated responses
1919 when using delay pools (Bug #1405)
1920 - [Cosmetic] Document that tcp_outgoing_* works badly in combination
1921 with server_persistent_connections (Bug #454)
1922 - [Cosmetic] Add additinal tracing to squid_ldap_auth making
1923 diagnostics easier on squid_ldap_auth configuration errors
1924 (Bug #1395)
1925 - [Minor] $HOME not set when started as root (Bug #1401)
1926 - [Minor] httpd_accel_single_host breaks in combination with
1927 server_persistent_connections (Bug #1402)
1928 - [Cosmetic] Setting CACHE_HTTP_PORT to configure was only partially
1929 implemented, effectively ignored. (Bug #1403)
1930 - [Minor] CNAME based DNS addresses could get cached for longer
1931 than intended (Bug #1404)
1932 - [Minor] Incorrect handling of squid-internal-dynamic/netdb exchanges
1933 in transparently intercepting proxies (Bug #1410).
1934 - [Minor] Cache revalidations on HEAD requests causing poor cache
1935 hit ratio (Bug #1411).
1936 - [Minor] Not possible to send 302 redirects via a redirector in
1937 response to CONNECT requests (bug #1412)
1938 - [Minor] Incorrect handling of Set-Cookie on cache refreshes (Bug
1939 #1419)
1940 - [Major] Segmentation fault crash in rfc1738_do_escape (Bug #1426)
1941 - [Minor] Delay pools class 3 fails on clients in network 255
1942 (Bug #1431)
1943
1944Changes to squid-2.5.STABLE11 (22 Sep 2005)
1945
1946 - [Minor] Workaround for servers sending double content-length headers
1947 (Bug #1305)
1948 - [Cosmetic] Updated Spanish error messages by Nicolas Ruiz
1949 - [Cosmetic] Date header corrected on internal objects (icons etc)
1950 (Bug #1275)
1951 - [Minor] squid -k fails in combination with chroot after patch for
1952 bug 1157 (Bug #1307)
1953 - [Cosmetic] Segmentation fault if compiled with
1954 --enable-ipf-transparent but denied access to the NAT device.
1955 (Bug #1313)
1956 - [Minor] httpd_accel_signle_host incompatible with redireection
1957 (Bug #1314)
1958 - [Minor] squid -k reconfigure internal corruption if the type of
1959 a cache_dir is changed (Bug #1308)
1960 - [Minor] SNMP GETNEXT fails if the given OID is outside the Squid MIB
1961 (Bug #1317)
1962 - [Minor] Title in FTP listings somewhat messed up after previous
1963 patch for bug 1220 (Bug #1220)
1964 - [Minor] FTP listings uses "BASE HREF" much more than it needs to,
1965 confusing authentication. (Bug #1204)
1966 - [Minor] winfo_group.pl only looked for the first group if multiple
1967 groups were defined in the same acl. (Bug #1333)
1968 - [Cosmetic] Compiler warnings on some 64-bit platforms (Bug #1316)
1969 - [Cosmetic] Removed some debug output from wb_ntlm_atuh (Bug #518)
1970 - [Cosmetic] The new --with-build-environment=... option doesn't work
1971 - [Cosmetic] New 'mail_program' configuration option in squid.conf
1972 - [Minor] Fails to compile with ip-filter and ARP support on Solaris
1973 x86 (Bug #199)
1974 - [Major] Segmentation fault in sslConnectTimeout (Bug #1355)
1975 - [Medium] assertion failed in StatHist.c:93 (Bug #1325)
1976 - [Minor] More chroot_dir and squid -k reconfigure issues (Bug #1331)
1977 - [Cosmetic] Invalid URLs in error messages when failing to connect
1978 to peer, and a few other inconsistent error messages (Bug #1342)
1979 - [Cosmetic] Fails to compile with glibc -D_FORTIFY_SOURCE=2
1980 (Bug #1344)
1981 - [Minor] Some odd FTP servers respond with 250 where 226 is expected
1982 (Bug #1348)
1983 - [Cosmetic] Greek translation of error messages (Bug #1351)
1984 - [Major] Assertion failed store_status == STORE_PENDING (Bug #1368)
1985 - [Minor] squid_ldap_auth -U does not work (Bug #1370)
1986 - [Minor] SNMP cacheClientTable fails on "long" IP addresses
1987 (Bug #1375)
1988 - [Minor] Solaris Sparc + IP-Filter compile error (Bug #1374)
1989 - [Minor] E-mail sent when cache dies is blocked from many antispam
1990 rules (Bug #1380)
1991 - [Minor] LDAP helpers does not work with TLS (-Z option) (Bug #1389)
1992 - [Cosmetic] Incorrect store dir selection debug message on objects
1993 larger than 2Gigabyte (Bug #1343)
1994 - [Cosmetic] header_id enum misused as an signed integer (Bug #1343)
1995 - [Cosmetic] Allow leaving core dumps when started as root (Bug #1335)
1996 - [Medium] Clients could bypass delay_pool settings by faking a cache
1997 hit request (Bug #500)
1998 - [Minor] IP-Filter 4.X support (Bug #1378)
1999 - [Medium] Odd results on pipelined CONNECT requests
2000 - [Major] Squid crashing with "FATAL: Incorrect scheme in auth header"
2001 when using NTLM authentication.
2002 - [Cosmetic] Odd results when pipeline_prefetch is combined with NTLM
2003 authentication (bug #1396)
2004 - [Minor] invalid host was processed as IP 255.255.255.255 in dst acl
2005 (Bug #1394)
2006 - [Cosmetic] New --with-maxfd=N configure option to override build
2007 time filedescriptor limit test
2008 - [Minor] Added support for Windows code name "Longhorn" on Cygwin.
2009
2010Changes to squid-2.5.STABLE10 (17 May 2005)
2011
2012 - [Minor Security] Fix race condition in relation to old Netscape
2013 Set-Cookie specifications
2014 - [Minor] Fails to parse D.J. Bernstein's FTP EPLF ftp listing
2015 format and PASV resposes (Bug #1252)
2016 - [Medium] BASE HREF missing on ftp directory URLs without /
2017 (Bug #1253)
2018 - [Minor security] confusing http_access results on configuration
2019 error (Bug #1255)
2020 - [Cosmetic] More robust Date parser (Bug #321)
2021 - [Minor] reload_with_ims fails to refresh negatively cached objects
2022 (Bug #1159)
2023 - [Cosmetic] delay_access description clarification (Bug #1245)
2024 - [Cosmetic] Check for integer overflow in size specifications in
2025 squid.conf (Bug #1247)
2026 - [Cosmetic] bzero is a non-standard function not available on all
2027 platforms (Bug #1256)
2028 - [Cosmetic] Compiler warnings if pid_t is not an int (Bug #1257)
2029 - [Cosmetic] Incorrect use of ctype functions (Bug #1259)
2030 - [Cosmetic] Defer digest fetch if the peer is not allowed to be used
2031 (Bug #1261)
2032 - [Minor] Duplicate content-length headers logged incorrectly or
2033 not cleaned up properly (Bug #1262)
2034 - [Cosmetic] Extend relaxed_header_parser to work around "excess
2035 data from" errors from many major web servers. (Bug #1265)
2036 - [Minor] Add HTTP headers to a netdb error messages
2037 - [Minor] Multiple minor aufs issues (Bug #671)
2038 - [Minor] Basic authentication fails with very long logins or
2039 password (Bug #1171)
2040 - [Minor] CONNECT requests truncated if client side disconnects first
2041 (Bug #1269)
2042 - [Minor] --disable-hostname-checks configure option did not work
2043 - [Cosmetic] LDAP helpers adjusted to compile with SUN LDAP SDK
2044 - [Cosmetic] aufs warning about open event filedescriptors on shutdown
2045 - [Medium] Failed to process requests for files larger than 2GB in size
2046 - [Cosmetic] rename() related cleanup
2047 - [Cosmetic] New cachemgr pending_objects and client_objects actions
2048 - [Cosmetic] external acls requiring authentication did not request
2049 new credentials on access denials like proxy_auth does.
2050 - [Cosmetic] Syslog facility now configurable via command line options.
2051 - [Cosmetic] New %a error page template code expanding into the
2052 authenticated user name. (Bug #798)
2053 - [Minor] IP-Filter 4.0 support in --enable-ipf-transparent
2054 - [Minor] Support interception of multiple ports
2055 - [Cosmetic] Allow "squid -k ..." to run even if the local hostname
2056 can not be determined (Bug #1196)
2057 - [Cosmetic] Configuration file parser now handles DOS/Windows formatted
2058 configuration files with CRLF lineendings proper.
2059 - [Minor] Unrecognized Cache-Control directives now forwarded properly
2060 (Bug #414)
2061 - [Minor] Authentication helpers now returns useable information
2062 in the %m error page macro on failed authentication (Bug #1223)
2063 - [Minor] pid file management corrected in chroot use (Bug #1157)
2064 - [Minor Security] Fix for CVE-1999-0710: cachemgr malicouse use.
2065 cachemgr.cgi now reads a config file telling which proxy servers
2066 it can administer.
2067 - [Minor] aufs statistics improvements
2068 - [Minor] SNMP bugfixes and support for SNMPv2(c) (Bug #1288, #1299)
2069 - [Minor] ARP acl documentation and cachemgr config dump corrections
2070 - [Minor] dstdomain/dstdom_regex acls now allow matching of numeric
2071 hostnames in addition to the reverse lookup of the domain name.
2072 - [Security] Internal DNS client hardened against spoofing
2073
2074Changes to squid-2.5.STABLE9 (24 Feb 2005)
2075
2076 - [Medium] Don't retry requests on 403 errors (Bug #1210)
2077 - [Minor] Ignore invalid FQDN DNS responses (Bug #1222)
2078 - [Minor] cache_peer related memory leaks on reconfigure (Bug #1246)
2079 - [Cosmetic] Adjusted to build cleanly with GCC-4 (Bug #1211)
2080 - [Minor] relaxed_header_parser extended to work around even more
2081 broken web servers (Bug #1242)
2082 - [Minor] FTP gatewaying URLs cleaned up slightly, mainly to work
2083 better with Mozilla but also to improve security slightly on
2084 non-anonymous FTP.
2085 - [Minor] High characters allowed un-encoded in FTP and Gopher
2086 listings to allow the user-agent to display data in non-iso8859-1
2087 charsets. (Bug #1220)
2088 - [Cosmetic] format fixes to silence compiler warnings on many
2089 platforms.
2090 - [Major] Assertion failures on certain odd DNS responses (Bug #1234)
2091
2092Changes to squid-2.5.STABLE8 (11 Feb 2005)
2093
2094 - [Minor] 100% CPU usage on half-closed PUT/POST requests (Bug #354,
2095 #1096)
2096 - [Cosmetic] Document -v (protocol version) option to LDAP helpers
2097 - [Minor] The new req_header and resp_header acls segfaults
2098 immediately on parse of squid.conf (Bug #961)
2099 - [Minor] Failure to shut down busy helpers on -k rotate/reconfigure
2100 (Bug #1118)
2101 - [Minor] Don't use O_NONBLOCK on disk files. (Bug #1102)
2102 - [Minor] Squid fails to close TCP connection after blank HTTP
2103 response (Bug #1116)
2104 - [Minor security] Random error messages in response to malformed
2105 host name (Bug #1143)
2106 - [Minor] PURGE should not be able to delete internal objects
2107 (Bug #1112)
2108 - [Minor] httpd_accel_port 0 (virtual) not working correctly (Bug
2109 #1121)
2110 - [Minor] cachemgr vm_objects segfault (Bug #1149)
2111 - [Minor security] Confusing results on empty acl declarations (Bug
2112 #1166)
2113 - [Minor] Don't close all "other" filedescriptors on startup (Bug
2114 #1177)
2115 - [Minor] fakeauth_auth memory leak and NULL pointer access (Bug
2116 #1183)
2117 - [Security] buffer overflow bug in gopherToHTML() (Bug #1189)
2118 - [Medium security] Denial of service with forged WCCP messages
2119 (Bug #1190)
2120 - [Minor] DNS related memory leak on certain malformed DNS responses
2121 (Bug #1197)
2122 - [Minor] Internal DNS sometimes truncates host names in reverse
2123 (PTR) lookups (Bug #1136)
2124 - [Minor Security] Add sanity checks on LDAP user names (Bug #1187)
2125 - [Security] Harden Squid against HTTP request smuggling attacks
2126 - [Minor] Icon URLs fails in non-anonymous FTP directory listings is
2127 short_icon_urls is on (Bug #1203)
2128 - [Security] Harden Squid against HTTP response splitting attacks
2129 (Bug #1200)
2130 - [Medium security] Buffer overflow in WCCP recvfrom() call
2131 (Bug #1217)
2132 - [Security] Properly handle oversized reply headers (Bug #1216)
2133 - [Minor] LDAP helpers search fixed to properly ask for no attributes
2134 - [Minor] A sporadic segmentation fault when using ntlm authentication
2135 fixed (Bug #1127)
2136 - [Major] Segmentation fault on failed PUT/POST requests (Bug #1224)
2137 - [Medium] Persistent connection mismatch on failed PUT/POST request
2138 (Bug #1122)
2139 - [Minor] WCCP easily disturbed by forged packets (Bug #1225)
2140 - [Minor] Password management in ftp:// gatewaying improved (Bug #1226)
2141 - [Major] HTTP reply data corruption in certain situations involving
2142 reply headers split over multiple packets (Bug #1233)
2143
2144Changes to squid-2.5.STABLE7 (11 Oct 2004)
2145
2146 - [Medium] No objects cached in ufs cache_dir type in some
2147 configurations. Issue introduced in 2.5.STABLE6 by the patch for
2148 Bug #676. (Bug #1011)
2149 - [Minor] LDAP helpers update to correct LDAP connection management
2150 and add support for literal password compare instead of binding
2151 - [Minor] A large number of queued DNS lookups for the same domain
2152 (Bug #852)
2153 - [Cosmetic] request_header_max_size configuration partly ignored
2154 (Bug #899)
2155 - [Minor] Partial hit results in TCP_HIT, not TCP_MISS. (Bug #1001)
2156 - [Cosmetic] HEAD requests may return stale information
2157 (Bug #1012)
2158 - [Cosmetic] Warn if cache_dir ufs can not create files. (Bug #918)
2159 - [Minor] case insensitive authentication (Bug #431)
2160 - [Cosmetic] Add delay pools information to active_requests. (Bug
2161 #882)
2162 - [Minor] Apparent memory leak in client_db (Bug #833)
2163 - [Minor] NTLM authentication truncated causing failures. (Bug
2164 #1016)
2165 - [Cosmetic] Grammatical corrections in squid.conf.default
2166 - [Cosmetic] Unknown %X errorpage codes incorrectly quoted. (Bug
2167 #1030)
2168 - [Medium] Segfaults and other strange crashes when using heap
2169 policies. (Bug #1009)
2170 - [Minor] Supplementary group memberships not set (Bug #1021)
2171 - [Cosmetic] ERR_TOO_BIG Portuguese translation
2172 - [Minor] external_acl does not handle newlines (Bug #1038)
2173 - [Major] NTLM authentication denial of service when using msnt_auth
2174 or fake_auth (Bug #1045)
2175 - [Medium] Memory leaks when using NTLM authentication without
2176 challenge reuse. (Bug #994)
2177 - [Minor] Temporary NTLM memory leak with challenge reuse enabled
2178 (Bug #910)
2179 - [Minor] assertion failed: "n_ufs_dirs <=
2180 Config.cacheSwap.n_configured". (Bug #1053)
2181 - [Minor] Segfault in authenticateDigestHandleReply. (Bug #1031)
2182 - [Minor] acl time fails to parse multiple time specifications
2183 (Bug #1060)
2184 - [Minor] cachemgr config dumps mixed up Range and Request-Range
2185 headers in http_header_access & replace directives. (Bug #1056)
2186 - [Minor] Content-Disposition added as a well known header (Bug #961)
2187 - [Cosmetic] Don't warn about arp acls not being supported on FreeBSD
2188 (Bug #1074)
2189 - [Cosmetic] Limit internal send/receive buffer sizes (Bug #1075)
2190 - [Medium] New acl types to match arbitrary HTTP headers. In addition
2191 the http_header_access & replace directives now support arbitrary
2192 headers and not only the well known ones. (Bug #961)
2193 - [Cosmetic] ncsa_auth now accepts Window formatted password files
2194 (Bug #1078)
2195 - [Cosmetic] Support the --program-prefix/suffix options or other
2196 configure program name transforms (Bug #1019)
2197 - [Minor] Fix race condition in CONNECT and also handle aborts of
2198 CONNECT requests in a more graceful manner. (Bug #859)
2199 - [Minor] New balance_on_multiple_ip directive to work around certain
2200 broken load balancers and optimized ipcache on reload requests
2201 (Bug #1058)
2202 - [Medium] New reply_header_max_size directive
2203 (Bug #874)
2204 - [Minor] Suspected instability on aborted PUT/POST requests
2205 (Bug #1089)
2206 - [Security] SNMP Denial of Service fix (CAN-2004-0918)
2207
2208Changes to squid-2.5.STABLE6 (9 Jul 2004)
2209
2210 - Bug #937: NTLM assertion error "srv->flags.reserved"
2211 - Bug #935: squid_ldap_auth can be confused by the use of reserved
2212 characters
2213 - Helper queue warnings imprecise on the number of helpers required
2214 - squid_ldap_auth TLS mode works correctly again
2215 - Bug #940, #305: pkg-config support for finding correct OpenSSL
2216 compile flags
2217 - Bug #426: "Vary: *" is ignored
2218 - 100% CPU usage on Linux-2.2
2219 - Version number should not include -CVS if autoconf is run
2220 - Bug #947: deny_info redirection with requested URL escaped wrongly
2221 - Bug #495: CONNECT timeout should produce a 504 or 503
2222 - Bug #956: cache_swap_log documentation referred to swap.state by
2223 it's old swap.log name
2224 - ntlm/auth_ntlm.c(683): warning #187: use of "=" where "==" may
2225 have been intended
2226 - Bug #962: rfc1035NameUnpack: Assertion (*off) < sz failed
2227 - Bug #954: Segment violation when using a blank user name in digest
2228 authentication
2229 - Bug #943: assertion failed: errorpage.c:292: "mem->inmem_hi == 0"
2230 - Spelling corrections in configure and squid.conf.default
2231 - The meaning of ERR in digest helper protocol clarified in the
2232 squid.conf documentation
2233 - Bug #950: Spelling error in Turkish ERR_DNS_FAIL
2234 - Bug #616: Negative cached 404 replies with VARY header never matched
2235 - Bug #968: range_offset_limit -1 KB rejected as invalid syntax
2236 due to a shortcoming in the fix to bug #817
2237 - Bug #570: Very large cache_mem values reported wrongly in cache.log
2238 - Bug #676: store_dir_select_algorithm least-load doesn't work for
2239 ufs cache_dir type
2240 - Bug #946: cacheCurrentUnlinkRequests should be a counter, not gauge
2241 - Bug #948: Show client ip in cache.log debug output
2242 - Bug #960: compilation issue on OpenBSD/m88k
2243 - Bug #969: FTP directory listing HTML DOCTYPE misread by some tools
2244 - Bug #991: dns_servers should default to localhost if no resolv.conf
2245 - Bug #717: msnt_auth documentation update
2246 - Bug #753: Segfault in memBufVPrintf on certain architectures
2247 requiring va_copy
2248 - Bug #941: Negative size in access.log on long running CONNECT
2249 requests
2250 - Bug #972: Segmentation fault after "Likely proxy abuse detected"
2251 - Bug #981: sasl_auth updated to work with SALS2
2252 - Overflow bug in Squid's ntlm_auth helper used for transparent NTLM
2253 authentication to a NT domain without using Samba.
2254
2255Changes to squid-2.5.STABLE5 (1 Mar 2004):
2256
2257 - cache.log message on "squid -k reconfigure" was slightly confusing,
2258 claiming Squid restarted when it just reread the configuration.
2259 - Bug #787: digest auth never detects password changes
2260 - Bug #789: login with space confuses redirector helpers
2261 - Bug #791: FQDNcache discards negative responses when using
2262 internal DNS
2263 - pam_auth fails on Solaris when using pam_authtok_get. Persistent
2264 PAM connections are unsafe and now disabled by default.
2265 - auth_param documentation clarifications and added default realm
2266 values making only the helper program a required attribute
2267 - Bug #795: German ERR_DNS_FAIL correction
2268 - Bug #803: Lithuanian error messages update
2269 - Bug #806: Segfault if failing to load error page
2270 - Bug #812: Mozilla/Netscape plugins mime type defined (.xpi)
2271 - Bug #817: maximum_object_size too large causes squid not to cache
2272 - Bug #824: 100% CPU loop if external_acl combined with separate
2273 authentication acl in the same http_access line
2274 - squid_ldap_group updated to version 2.12 with support for ldaps://
2275 (LDAPv2 over SSL) and a numer of other improvements.
2276 - Bug #799: positive_dns_ttl ignored when using internal DNS.
2277 - Bug #690: Incorrect html on empty Gopher responses
2278 - Bug #729: --enable-arp-acl may give warning about net/route.h
2279 - Bug #14: attempts to establish connection may look like syn flood
2280 attack if the contacted server is refusing connections
2281 - errorpage README files included in the distribution again showing
2282 who contributed which translation
2283 - Bug #848: connect_timeout connect_timeout ends up twice the length.
2284 forward_timeout option added to address this.
2285 - Bug #849: DNS log error messages should report the failed query
2286 - Bug #851: DNS retransmits too often
2287 - Bug #862: Very frequently repeated POST requests may cause a
2288 filedescriptor shortage due to persitent connections building up
2289 - Bug #853: Sporatic segmentation faults on aborted FTP PUT requests
2290 - Bug #571: Need to limit use of persistent connections when
2291 filedescriptor usage is high
2292 - Bug #856: FTP/Gopher Icon URLs are unneededly complex and often
2293 does not work properly
2294 - Bug #860: redirector_access does not handle "slow" acls such as
2295 "dst" or "external" requiring a external lookup.
2296 - Bug #865: Persistent connection usage too high after sudden burst
2297 of traffic.
2298 - Bug #867: cache_peer max-conn=.. option does not work
2299 - Bug #868: refuses to start if pid_filename none is specified
2300 - Bug #887: LDAP helper -Z (TLS) option does not work
2301 - Bug #877: Squid doesn't follow telnet protocol on FTP control
2302 connections
2303 - Bug #908: Random auth popups and account lockouts when using ntlm
2304 - Support for NTLM_NEGOTIATE exchanges with ntlm helpers
2305 - Bug #585: cache_peer_access fails with NTLM authentication
2306 - Bug #592: always/never_direct fails with NTLM authentication
2307 - wbinfo_group update for Samba-3
2308 - Bug #892: helpers/ntlm_auth/SMB/ fails to compile on FreeBSD 5.0
2309 - Bug #924: miss_access restricts internal and cachemgr requests
2310 even if these are local
2311 - Bug #925: auth headers send by squidclient are mildly malformed
2312 - Bug #922: miss_access and delay_access and several other
2313 authentication related bug fixes.
2314 - Bug #909: Added ARP acl support for FreeBSD
2315 - Bug #926: deny_info with http_reply_access or miss_access
2316 - Bug #872: reply_body_max_size problems when using NTLM auth
2317 - Bug #825: random segmentation faults when using digest auth
2318 - Bug #910: Partial fix for temporary memory leaks when using NTLM
2319 auth. There is still problems if challenge reuse is enabled.
2320 - ftp://anonymous@host/ now accepted without requiring a password
2321 - Bug #594: several mime type updates (ftp:// related)
2322 - url_regex enhanced to allow matching of %00
2323
2324Changes to squid-2.5.STABLE4 (15 Sep 2003):
2325
2326 - Lithuanian error messages added to the distribution
2327 - Bug #660: segfauld if more than one custom deny_info line
2328 - cache_dir disd documentation cleanup
2329 - check open of /dev/null to avoid 100% CPU loop in badly
2330 configured chroot environments
2331 - documentation update on uri_whitespace to refer to the correct RFC
2332 - Bug #655: icmpRecv: recv: (11) Resource temporarily unavailable
2333 - Bug #683: external_acl does not wait for ident lookups to complete
2334 - aufs: Fix a minor use-after-free problem which could cause the
2335 count of opening filedescriptors to grow larger than it should
2336 - Syntax changes to make GCC-3.3 accept Squid without complaints
2337 - Warning if CARP server defined in incorrect load factor order
2338 - neighbor_type_domain documentation update
2339 - http_header_access now works when using cache peers
2340 - high_memory_warning now uses sbrk as fallback mechanism on
2341 platforms where neither mallinfo or mstats are available.
2342 - hosts_file now handles comments at the end of lines correcly
2343 - storeCheckCachable() Stats corrected for release_request and
2344 wrong_content_length.
2345 - cachePeerPingsSent MIB type corrected
2346 - unused minimum_retry_timeout directive removed
2347 - Bug #702: ERR_TO_BIG spanish translation
2348 - Bug #705: Memory leak on deny_info TCP_RESET
2349 - Code cleanup to fix compile error in httpHeaderDelById
2350 - Bug #699: Host header now forwarded exactly where it was in the
2351 original request to work around certain broken firewalls or
2352 load balancers which fail if this header is too far into the
2353 request headers.
2354 - Bug #704: Memory leak on reply_body_max_size
2355 - Bug #686: requests denied due to http_reply_access are now
2356 logged with TCP_DENIED (instead of TCP_MISS, etc).
2357 - Bug #708: ie_refresh now sends no-cache to have the reload
2358 request propagate properly in cache meshes
2359 - Bug #700: Crashes related to ftpTimeout: timeout in SENT_PASV state
2360 - Bug #709: cbdata.c:186: "c->valid" assertion due to peer
2361 digest not found
2362 - Bug #710: round-robin cache_dir selection incorrectly
2363 compares max-size.
2364 - Statistics corrections in HTTP header statitics
2365 - QUICKSTART cleanups
2366 - Bug #715: statCounter.syscalls.disk counters treated
2367 inconsistently. Now increment the counters in AUFS
2368 functions and for unlinkd.
2369 - Improvements to the (experimental) COSS storage scheme.
2370 - Bug #721: User name field in access.log sometimes blank
2371 - Bug #94: assertion failed: http.c: "-1 == cfd ||
2372 FD_SOCKET == fd_table[cfd].type"
2373 - Bug #716: assertion failed: client_side.c:1478: "size > 0"
2374 - Bug #732: aufs calculates number of threads and limits wrongly
2375 - Bug #663: Username not logged into access.log in case of /407
2376 - Bug #267: Form POSTing troubles with NTLM authentication
2377 and occationally in differen other error conditions.
2378 - Bug #736: ICP dynamic timeout algorithm ignores multicast.
2379 - Bug #733: No explicit error message when ncsa_auth can't access
2380 passwd file
2381 - Bug #267, #757: POST with NTLM stops after persistent connection
2382 timeout
2383 - Bug #742: Wrong status code on access denials if delay_access
2384 is used. Most notably 407 instead of 403 could be returned.
2385 - Bug #763: segfault if using ntlm in http_reply_access
2386 - Bug #638: assertion error if using proxy_auth in delay_access
2387 - Bug #756: segmentation fault if using ntlm proxy_auth in delay_access
2388 - The issue of reply_body_max_size limiting the size of error
2389 messages no longer applies.
2390 - external_acl_type concurrency= option renamed to children= to
2391 prepare for Squid-3 upgrades. Old syntax still accepted for the
2392 duration of the Squid-2.5 release.
2393 - number of filedescriptors rounded down to an even multiple of 64
2394 to work around issues in certain libc implementations.
2395 - winbind helpers less noisy in cache.log on restarts/shutdown.
2396 - Squid now automatically restarts helpers if too many of them
2397 have crashed.
2398
2399Changes to squid-2.5.STABLE3 (25 May 2003):
2400
2401 - Bug #573: Occational false negatives in external acl lookups
2402 - Bug #577: assertion failed: cbdata.c:224: "c->y == c" when
2403 external_acl helpers crashes
2404 - Bug #590: Squid may hang or behave oddly on shutdown while
2405 requests is being processed.
2406 - Bug #590: external acl lookups does not deal well with queue
2407 overload
2408 - cache_effective_user documentation update
2409 - cache_peer documentation update for htcp and carp
2410 - Bug #600: The example header_access paranoid setting is
2411 missing WWW-Authenticate
2412 - Bug #605: Segmentation fault in idnsGrokReply() on certain
2413 platforms
2414 - Fixes to build properly on AIX 5
2415 - Bug #574: wb_group updated to version 1.1 to make group names
2416 case insensitive and correct a segfault issue in the helper
2417 - SNMP mib updates to make cacheNumObjCount,
2418 cacheCurrentUnlinkRequests, cacheCurrentSwapSize and cacheClients
2419 correctly report as gauges (was reporting as counters).
2420 - Woraround for --enable-ssl Kerberos issue on RedHat 9
2421 - Bug #579: Close and repopen log files on "squid -k reconfigure"
2422 - Bug #598: squid_ldap_auth could segfault if LDAP server is
2423 unavailable
2424 - Bug #609,#612: msntauth helper fixes in dealing with large
2425 or non-existing allow/deny user files.
2426 - Bug #620: acl ident REQUIRED matches even if the ident lookup fails
2427 - Bug #432: reply_body_max_size fails with ident or proxy_auth acls
2428 and also fails to block large objects where the content-length
2429 is not known
2430 - Bug #606: Basic auth looping and gets stuck at high CPU usage when
2431 multiple proxy_auth ACLs combined in one line and login fails.
2432 - squid_ldap_auth updated with support for TLS and SSL
2433 - Bug #623: segfault if using negated external acls in certain
2434 configurations involving other acls later on the same http_access
2435 line.
2436 - Bug #622: wb_group helper update to version 1.2 to ass support for
2437 Domain-Qualified groups refering to groups in a specific domain
2438 - Bug #596: logic error in poll() error management
2439 - Bug #597: logic errors in error management
2440 - Bug #591: segmentation fault in authentication on "squid -k debug"
2441 - Bug #587: smb_auth fails on complex logins involving domain names
2442 or other odd characters
2443 - Bug #558, #587: smb_auth.pl fails on complex logins involving
2444 domain names or other odd characters
2445 - Bug #643: external_acl fails with ttl=0 due to a change introduced
2446 by the patch for Bug #553 in 2.5.STABLE2.
2447 - Bug #630: minor issues in digest authantication causing random
2448 authentication failures and incompability with many mainstream
2449 browser digest implementations due to browser qop bugs. To deal
2450 with those broken browser nonce_stricness now defaults to off,
2451 and two new digest options have been added (check_nonce_count
2452 and post_workaround) to allow workarounds to other quite bad
2453 browser bugs if needed.
2454 - Bug #644: digest authentication fails on requests with one
2455 or more comma in the requested URL
2456 - Bug #648: deny_info TCP_RESET not working. The fix for this also
2457 adds the ability to send redirects.
2458
2459Changes to squid-2.5.STABLE2 (Mars 17, 2003):
2460
2461 - Contrib files added back to the distribution
2462 - Several compiler warnings fixed when using --disable-ident or
2463 --disable-http-violations
2464 - authentication can now be used in most access controls, but
2465 must in most cases first be enforced in http_access to force
2466 the user to authenticate.
2467 - cleanups in the developer bootstrap.sh process when preparing
2468 the sources.
2469 - several squid.conf.default documentation updated to correctly
2470 refer to the current names when refering to other directives
2471 - authenticate_ip_ttl documentation updates
2472 - several assertion faults and segmentation violations corrected
2473 - the RunCache/RunAccel and squid.rc scripts updated to refer to
2474 the squid binary in sbin rather than the old bin location.
2475 - squid_ldap_auth command line processing fixes when specifying
2476 the LDAP server last on the line instead of -h option
2477 - aufs data corruption bugfix
2478 - aufs performance improvement for low traffic systems
2479 - aufs stability improvements
2480 - external_acl corrected to properly deal with quoted strings
2481 - WCCPv1 bugfix to make sure the router accepts the hash assignments
2482 - "Total accounted memory" now correctly reported in cachemgr
2483 - several small memory leaks (mostly reconfigure related)
2484 - new squid.conf option to allow GET/HEAD requests with a request
2485 entity
2486 - "make uninstall" no longer removes squid.conf
2487 - cachemgr.cgi now uses POST to avoid having the cachemgr password
2488 logged in the web server logs
2489 - authentication schemes which are known to not be proxyable are now
2490 filtered out from forwarded server replies to avoid that the clients
2491 tries to use such schemes when we know for a fact it won't work
2492 - spelling corrections in various error messages
2493 - now possible to define acl values with spaces in them
2494 by using the "include file" feature
2495 - squid_ldap_group updated to 2.10 to fix compilation issues with
2496 recent (and older) OpenLDAP libraries and to make the helper deal
2497 correctly with true LDAP groups by first looking up the user DN.
2498 - Some internal code cleanups
2499 - now verifies that programs etc exists iside the chroot directory
2500 when using chroot_dir. No longer neccesary to set up a split view
2501 environment where the same paths works both inside the chroot and
2502 outside just to convince Squid that the files is actually there..
2503 - improved memory usage reporting
2504 - --disable-hostname-checks configure option
2505 - no longer ignores double dots in host names. Any hostname with
2506 double dots is now rejected as invalid.
2507 - log_mime_hdrs no longer logs garbage if very long headers
2508 are seen.
2509 - 'select_fds_hist' object added to cachemgr 'histogram' output
2510 - pid file now unlinked when squid has really shut down, not
2511 immediately when the shutdown request is received. This allows
2512 the pid file to be monitored to determine when Squid has shut down
2513 properly
2514 - correct authentication scheme setups on some platforms or compilers
2515 - several squid.conf.default documentation updates to remove references
2516 to renamed or replaced directives by changing them to their current
2517 names.
2518 - the SSL reverse proxy support updated to allow building with
2519 OpenSSL 0.9.7 and and later.
2520 - Corrected a minor performance problem while processing HEAD replies
2521 from various broken web servers not sending a correct HTTP reply
2522 - time acls can now specify multiple times in the same acl name, like
2523 most other acl types.
2524 - winbind helpers updated to match Samba-2.2.7a and should
2525 work with Samba-2.2.6 or later (required). For compability with
2526 older Samba versions A new configure option --with-samba-sources=...
2527 has been added to allow you to specify which Samba version the
2528 helpers should be built for if different than the above versions.
2529 - Squid MIB definition syntax correction to work better with newer
2530 (and older) SNMP tools.
2531 - Fixed access.log format when logging "error:invalid-HTTP-ident" on
2532 requests where parsing the HTTP identifier (HTTP/1.0) failed.
2533 - "make distclean" no longer removes the icons, this avoids the
2534 dependency on "uudecode" to rebuild Squid after "make distclean"
2535 - User name returned by external acl lookups (external_acl_type)
2536 is now available as "ident" in later acl checks in addition to
2537 the logging in access.log.
2538 - Incorrect behaviour of Digest authentication partly corrected - it
2539 will not handle sessions, but will always enforce password
2540 correctness.. (patch submitted by Sean Burford).
2541 - Issue with persistent connections and PUT/POST request corrected
2542
2543Changes to squid-2.5.STABLE1 (September 25, 2002):
ddf1c0c4 2544
94439e4e 2545 - Major rewrite of proxy authentication to support other schemes
2546 than basic. First in the line is NTLM support but others can
a2794549 2547 easily be added (minimal digest is present). See Programmers Guide.
6437ac71 2548 (Robert Collins & Francesco Chemolli)
94439e4e 2549 - Reworked how request bodies are passed down to the protocols.
2550 Now all client side processing is inside client_side.c, and
2551 the pass and pump modules is no longer used.
3ff01c3e 2552 used by Squid.
722a4b40 2553 - Optimized searching in proxy_auth and ident ACL types. Squid should
2554 now handle large access lists a lot more efficiently.
05fbbc17 2555 (Francesco Chemolli)
e396d395 2556 - Fixed forwarding/peer loop detection code (Brian Degenhardt) -
2557 now a peer is ignored if it turns out to be us, rather than
2558 committing suicide
1224d740 2559 - Changed the internal URL code to obey appendDomain for internal
2560 objects if it needs appending. This fixes weirdnesses where
2561 a machine can think it is "foo.bar.com", and "foo" is requested.
2562 (Brian Degenhardt)
a2794549 2563 - Added the use of Automake to create the Makefile.in's in the squid
2564 source tree. This will allow libtool in the future, and immediately
2565 allows better dependency tracking - with or without gcc - as well
2566 as the dist-all and distcheck targets for developers which respectively
2567 build a tar.gz and a tar.bz2 distribution, and check that what will be
2568 distributed builds.
d6827718 2569 - Added TOS and source address selection based on ACLs,
2570 written by Roger Venning. This allows administrators to set
2571 the TOS precedence bits and/or the source IP from a set of
2572 available IPs based upon some ACLs, generally to map different
2573 users to different outgoing links and traffic profiles.
50821507 2574 - Added 'max-conn' option to 'cache_peer'
2575 - Added SSL gatewaying support, allowing Squid to act as a SSL server
2576 in accelerator setups.
4e2c57a0 2577 - SASL authentication helper by Ian Castle
6474667e 2578 - msntauth updated to v2.0.3
3e4057db 2579 - no_cache now applies to cache hits as well as cache misses
810118ab 2580 - the Gopher client in Squid has been significantly improved
05463204 2581 - Squid now sanity checks FTP data connections to ensure the
6474667e 2582 connection is from the requested server. Can be disabled if
05463204 2583 needed by turning off the ftp_sanitycheck option.
98858605 2584 - external acl support. A mechanism where flexible ACL checks
2585 can be driven by external helpers. See the external_acl_type
2586 and acl external directives.
3e4057db 2587 - Countless other small things and fixes
2d8d56b0 2588 - HTML pages generated by Squid or CacheMgr as well as the
2589 ERR documents now contain a doctype declaration so that
22567bb5 2590 browsers know which HTML specification the document uses.
2d8d56b0 2591 In addition to that they have a new look (background-color, font)
2592 and are valid according to the HTML standards at www.w3.org.
3ff01c3e 2593 (Clemens L ser)
9bbd1655 2594 - Login and password send to Basic auth helpers is now URL escaped
2595 to allow for spaces and other "odd" characters in logins and
2596 passwords
c90fbf46 2597 - Proxy Authentication is no longer blindly forwarded to peer
2598 caches if not used locally. If forwarding of proxy authentication
2599 is desired then it must now be configured with the login=PASS
2600 cache_peer option.
6474667e 2601 - Responses with Vary: in the header are now cached by squid.
1239cfea 2602 (Henrik Nordstrom).
3ff01c3e 2603 - Removed unused 'siteselect_timeout' directive.
c5bc64d3 2604
dde94193 2605Changes to Squid-2.4.STABLE7 (July 2, 2002):
2606
2607 - Squid now drops any requests using transfer-encoding.
2608 Squid is a HTTP/1.0 proxy and as such do not support
2609 the use of transfer-encoding.
2610 - The MSNT auth helper has been updated to v2.0.3+fixes for
2611 buffer overflow security issues found in this helper.
2612 - A security issue in how Squid forwards proxy authentication
2613 credentials has been fixed
2614 - Minor changes to support Apple MAC OS X and some other platforms
2615 more easily.
2616 - The client -T option has been implemented
2617 - HTCP related bugfixes in "squid -k reconfigure"
2618 - Several bugfixes and cleanup of the Gopher client, both
2619 to correct some security issues and to make Squid properly
2620 render certain Gopher menus.
2621 - FTP data channels are now sanity checked to match the address of
2622 the requested FTP server. This to prevent theft or injection of
2623 data. See the new ftp_sanitycheck directive if this is not desired.
2624 - Security fixes in how Squid parses FTP directory listings into HTML
2625
c5bc64d3 2626Changes to Squid-2.4.STABLE6 (March 19, 2002):
2627
722a4b40 2628 - The patch for 2.4.STABLE5 was insufficiently tested and
c5bc64d3 2629 introduced a bug that causes frequent assertions when
2630 handling DNS PTR answers.
2631
2632Changes to Squid-2.4.STABLE5 (March 15, 2002):
2633
2634 - Fixed an array bounds bug in lib/rfc1035.c. This bug
2635 could allow a malicious DNS server to send bogus replies
2636 and corrupt the heap memory.
2637
572b218d 2638Changes to Squid-2.4.STABLE4 (Feb 19, 2002)
08e8e4d0 2639
722a4b40 2640 - htcp_port 0 now properly disables htcp
6474667e 2641 - Fixed problem with certain non-anonymous ftp:// style URL's
08e8e4d0 2642 - SNMP bugfixes including several memory leaks
2643
2644Changes to Squid-2.4.STABLE3 (Nov 28, 2001):
2645
2646 - Fixed bug #255: core dump on SSL/CONNECT if access denied by
2647 miss_access
2648 - Fixed bug #246: corrupt on-disk meta information preventing
2649 rebuilds of lost swap.state files
2650 - Fixed bug #243: squid_ldap_auth now supports spaces in passwords
2651 - Fixed a coredump when creating FTP directories
2652 - Fixed a compile time problem with statHistDump prototype mistmatch,
2653 reported by some compilers
2654 - Fixed a potential coredump situation on snmpwalk in certain
2655 configurations
2656 - Fixed bug #229: filedescriptor leakage in the "aufs" cache_dir
2657 store implementation
2658 - Serbian error message translations
2659
50821507 2660Changes to Squid-2.4.STABLE2 (Aug 24, 2001):
2661
722a4b40 2662 - Expanded configure's GCC optimization disabling check to
50821507 2663 include GCC 2.95.3
2664 - avoid negative served_date in storeTimestampsSet().
2665 - Made 'diskd' pathnames more configurable
2666 - Make sure squid parent dies if child is killed with
2667 KILL signal
2668 - Changed diskd offset args to off_t instead of int
2669 - Fixed bugs #102, #101, #205: various problems with useragent
2670 log files
2671 - Fixed bug #116: Large Age: values still cause problems
2672 - Fixed bug #119: Floating point exception in
2673 storeDirUpdateSwapSize()
2674 - Fixed bug #114: usernames not logged with
2675 authenticate_ip_ttl_is_strict
722a4b40 2676 - Fixed bug #115: squid eating up resources (eventAdd args)
50821507 2677 - Fixed bug #125: garbage HTCP requests cause assertion
2678 - Fixed bug #134: 'virtual port' support ignores
2679 httpd_accel_port, causes a loop in httpd_accel mode
2680 - Fixed bug #135: assertion failed: logfile.c:135: "lf->offset
2681 <= lf->bufsz"
2682 - Fixed bug #137: Ranges on misses are over-done
2683 - Fixed bug #160: referer_log doesn't seem to work
2684 - Fixed bug #162: some memory leaks (SNMP, delay_pools,
2685 comm_dns_incoming histogram)
2686 - Fixed bug #165: "Store Mem Buffer" leaks badly
2687 - Fixed bug #172: Ident Based ACLs fail when applied to
2688 cache_peer_access
2689 - Fixed bug #177: LinuxPPC 2000 segfault bug due to varargs abuse
2690 - Fixed bug #182: 'config' cachemgr option dumps core with
2691 null storage
2692 - Fixed bug #185: storeDiskdDirParseQ[12]() use wrong number
2693 of args in debug/printf
2694 - Fixed bug #187: bugs in lib/base64.c
2695 - Fixed bug #184: storeDiskdShmGet() assertion; changed
2696 diskd to use bitmap instead of linked list
2697 - Fixed bug #194: Compilation fails on index() on some
722a4b40 2698 non-BSD platforms
50821507 2699 - Fixed bug #197: refreshIsCachable() incorrectly checks
2700 entry->mem_obj->reply
2701 - Fixed bug #215: NULL pointer access for proxy requests
2702 in accel-only mode
2703
2704Changes to Squid-2.4.STABLE1 (Mar 20, 2001):
2705
2706 - Fixed a bug in and cleaned up class 2/3 delay pools
2707 incrementing.
2708 - Fixed a coredump bug when using external dnsservers that
2709 become overloaded.
2710 - Fixed some NULL pointer bugs for NULL storage system
2711 when reconfiguring.
2712 - Fixed a bug with useragent logging that caused Squid to
2713 think the logfile never got opened.
2714 - Fixed a compiling bug with --disable-unlinkd.
2715 - Changed src/squid.h to always use O_NONBLOCK on Solaris
2716 if it is defined.
2717 - Fixed a bug with signed/unsigned bitfield flag variables
2718 that caused problems on Solaris.
2719 - Fixed a bug in clientBuildReplyHeader() that could add
2720 an Age: header with a negative value, causing an assertion
2721 later.
2722 - Fixed an SNMP reporting bug. cacheCurrentResFileDescrCnt
2723 was returning the number of FDs in use, rather than
2724 the number of reserved FDs.
2725 - Added the 'pipeline_prefetch' configuration option.
2726 - cache_dir syntax changed to use options instead of many
2727 arguments. This means that the max_objsize argument now
2728 is an optional option, and that the syntax for how to
722a4b40 2729 specify the diskd magics is slightly different.
50821507 2730 - Various fixes for CYGWIN
2731 - Upgraded MSNT auth module to version 2.0.
2732 - Fixed potential problems with HTML by making sure all
2733 HTML output is properly encoded.
2734 - Fixed a memory initialization problem with resource records in
2735 lib/rfc1035.c.
2736 - Rewrote date parsing in lib/rfc1123.c and made it a little
2737 more lenient.
2738 - Added Cache-control: max-stale support.
2739 - Fixed 'range_offset_limit' again. The problem this time
2740 is that client_side.c wouldn't set the we_dont_do_ranges
2741 flag for normal cache misses. It was only being set for
2742 requests that might have been hits, but we decided to
2743 change to a miss.
2744 - Added the Authenticate-Info and Proxy-Authenticate-Info
2745 headers from RFC 2617.
2746 - HTTP header lines longer than 64K could cause an assertion.
2747 Now they get ignored.
2748 - Fixed an IP address scanning bug that caused "123.foo.com"
2749 to be interpreted as an IP address.
2750 - Converted many structure allocations to use mem pools.
2751 - Changed proxy authentication to strip leading whitespace
2752 from usernames after decoding.
2753 - Prevented NULL pointer access in aclMatchAcl(). Some
2754 ACL types require checklist->request_t, but it won't be
2755 available in some cases (like snmp_access). Warn the
2756 admin that the ACL can't be checked and that we're denying
2757 it.
2758 - Allow zero-size disk caches.
2759 - The actual filesystem blocksize is now used to account
2760 for space overheads when calculating on-disk cache size.
2761 - Made the maximum memory cache object size configurable.
2762 - Added 'minimum_direct_rtt' configuration option.
2763 - Added 'ie_refresh' configuration option, which is a hack
2764 to turn IMS requests into no-cache requests.
58d1265f 2765 - Added support for netfilter in linux-2.4. This allows transparent
2766 proxy connections to function correctly in the absence of a Host:
2767 header. This requires --enable-linux-netfilter to be passed through
2768 to configure. (Evan Jones)
50821507 2769 - Fixed a bug with clientAccessCheck() that allowed proxy
2770 requests in accel mode.
2771 - Fixed a bug with 301/302 replies from redirectors. Now
2772 we force them to be cache misses.
2773 - Accommodated changes to the IP-Filter ioctl() interface
2774 for intercepted connections.
2775 - Fixed handling of client lifetime timeouts.
2776 - Fixed a buffer overflow bug with internal DNS replies
2777 by truncating received packets to 512 bytes, as per
2778 RFC 1035.
2779 - Added "forward.log" support, but its work in progress.
2780 - Rewrote much of the IP and FQDN cache implementation.
2781 This change gets rid of pending hits.
2782 - Changed peerWouldBePinged() to return false if our
2783 ICP/HTCP port is zero (i.e. disabled).
2784 - Changed src/net_db.c to use src/logfile.c routines,
2785 rather than stdio, because of solaris stdio filedescriptor
2786 limits.
2787 - Made netdbReloadState() more robust in case of corrupted
2788 data.
2789 - Rewrote some freshness/staleness functions in src/refresh.c,
2790 partially inspired to support cache-control max-stale.
2791 - Fixed status code logging for SSL/CONNECT requests.
2792 - Added a hack to subtract cache digest network traffic
2793 from statistics so that byte hit ratio stays positive
2794 and more closely reflects what people expect it to be.
2795 - Fixed a bug with storeCheckTooSmall() that caused
2796 internal icons and cache digests to always be released.
2797 - Added statfs(2) support for displaying actual filesystem
2798 usage in the cache manager 'storedir' output.
2799 - Changed status reporting for storage rebuilding. Now it
2800 prints percentage complete instead of number of entries
2801 parsed.
2802 - Use mkstemp() rather than problem-prone tempnam().
2803 - Changed urlParse() to condense multiple dots in hostnames.
2804 - Major rewrite of async-io (src/fs/aufs) to make it behave
2805 a bit more sane with substantially less overhead. Some
2806 tuning work still remains to make it perform optimal.
2807 See the start of store_asyncufs.h for all the knobs.
2808 - Fixed storage FS modules to use individual swap space
2809 high/low values rather than the global ones.
2810 - Fixed storage FS bugs with calling file_map_bit_reset()
2811 before checking the bit value. Calling with an invalid
2812 value caused memory corruption in random places.
2813 - Prevent NULL pointer access in store_repl_lru.c for
2814 entries that exist in the hash but not the LRU list.
2815
cab24814 2816Changes to Squid-2.4.DEVEL4 ():
ad445e36 2817
ddf1c0c4 2818 - Added --enable-auth-modules=... configure option
83b381d5 2819 - Improved ICP dead peer detection to also work when the workload
2820 is low
a8c926ff 2821 - Improved TCP dead peer detection and recovery
2822 - Squid is now a bit more persistent in trying to find a alive
2823 parent when never_direct is used.
2824 - nonhierarchical_direct squid.conf directive to make non-ICP
2825 peer selection behave a bit more like ICP selection with respect
2826 to hierarchy.
2827 - Bugfix where netdb selection could override never_direct
2828 - ICP timeout selection now prefers to use parents only when
2829 calculating the dynamic timeout to compensate for common RTT
2830 differences between parents and siblings.
c1fc651e 2831 - No longer starts to swap out objects which are known to be above
2832 the maximum allowed size.
987de783 2833 - allow-miss cache_peer option disabling the use of "only-if-cached".
2834 Meant to be used in conjunction with icp_hit_stale.
c8b40803 2835 - Delay pools tuned to allow large initial pool values
0343b99c 2836 - cachemgr filesystem space information changed to show useable space
2837 rather than raw space, and platform support somewhat extended.
890b0fa8 2838 - Logs destination IP in the hierarchy log tag when going direct.
2839 (can be disabled by turning log_ip_on_direct off)
ff21eb3e 2840 - Async-IO on linux now makes proper use of mutexes. This fixes some
2841 odd pthread segfaults on SMP Linux machines, at a slight performance
2842 penalty.
722a4b40 2843 - %s can now be used in cache_swap_log and will be substituted with
a80e50c7 2844 the last path component of cache_dir.
4d55827a 2845 - no_cache is now a full ACL check without, allowing most ACL types
2846 to be used.
f1003989 2847 - The CONNECT method now obeys miss_access requirements
145cf928 2848 - proxy_auth_regex and ident_regex ACL types
3cdb7cd0 2849 - Fixed a StoreEntry memory leak during "dirty" rebuild
2850 - Helper processes no longer hold unrelated filedescriptors open
e40aa8da 2851 - Helpers are now restarted when the logs are rotated
afc1e43f 2852 - Negatively cached DNS entries are now purged on "reload".
2853 - PURGE now also purges the DNS cache
722a4b40 2854 - HEAD on FTP objects no longer retrieves the whole object
aca95add 2855 - More cleanups of the dstdomain ACL type
288c06ce 2856 - Squid no longer tries to do Range internally if it is not supported
2857 by the origin server. Doing so could cause bandwidth spikes and/or
2858 negative hit ratio.
13c7936a 2859 - httpd_accel_single_host squid.conf directive
82056f1e 2860 - "round-robin" cache_peer counters are reset every 5 minutes to
2861 compensate previously dead peers
4fe0e1d0 2862 - DNS retransmit parameters
858783c9 2863 - Show all FTP server messages
6b53c392 2864 - squid.conf.default now indicates if a directive isn't enabled in
2865 the installed binary, and what configure option to use for enabling it
418cbe9f 2866 - Fixed a temporary memory leak on persistent POSTs
304d289e 2867 - Fixed a temporary memory leak when the server response headers
2868 includes NULL characters
ba2b31a8 2869 - authenticate_ip_ttl_is_strict squid.conf option
2870 - req_mime_type ACL type
afb87666 2871 - A reworked storage system that supports storage directories in
2872 a more modular fashion. The object replacement and IO is now
2873 responsibility of the storage directory, and not of the storage
2874 manager.
722a4b40 2875 - Fixed a bogus MD5 mismatch warning sometimes seen when using
e7407eb8 2876 aufs or diskd stores
ce3d30fb 2877 - Added --enable-stacktraces configure option to set PRINT_STACK_TRACE,
2878 and extended support for this to Linux/GNU libc.
af57a2e3 2879 - Disabled the "request timeout" error message sent if the user agent
2880 did not provide a request in a timely manner after opening the
2881 connection. Now the connection is silently closed. The error message
2882 was confusing user agents utilizing persistent connections.
cab24814 2883 - Fixed configure --enable descriptions to match the arg names.
2884 - Eliminated compile warnings from auth_modules/MSNT code.
2885 - Require first character of hostnames to be alphanumeric.
2886 - Made ARP ACL work for Solaris.
2887 - Removed storeClientListSearch().
2888 - Added counters to track diskd operation success and
2889 failures.
2890 - Fixed range_offset_limit.
2891 - Added code to retry ServFail replies for internal DNS
2892 lookups.
2893 - Added referer header logging (Jens-S. Voeckler).
2894 - Added "multi-domain-NTLM" authentication module, a Perl
2895 script from Thomas Jarosch.
2896 - Added configurable warning messages for high memory usage,
2897 high response time, and high page faults.
2898 - Made store dir selection algorithm configurable.
2899 - Added support for admin-definable extension methods,
2900 up to 20.
16689110 2901 - Added 'maximum_object_size_in_memory' as a configuration option -
2902 this defines the watermark where objects transit from being true
2903 hot objects to being in-transit objects in memory. It currently
2904 defaults to 8 KB.
5cd41d0d 2905 - Change to the fqdn code which changes how pending DNS requests
2906 are treated as private and only become public once they are
2907 completed. This can add extra load on DNS servers but prevents
2908 all the pending clients blocking if one of the queries got
2909 stuck. (Duane Wessels)
7e543177 2910 - Converted more code to use MemPools, from Andres Kroonmaa.
2911 - Added more CYGWIN patches from Robert Collins.
e7407eb8 2912
2913Changes to Squid-2.4.DEVEL3 ():
2914
2915 - Added Logfile module.
2916 - Added DISKD stats via cachemgr.
2917 - Added squid.conf options for DISKD magic constants.
ad445e36 2918
e7407eb8 2919Changes to Squid-2.4.DEVEL2 (Feb 29, 2000):
ad445e36 2920
2921Changes to Squid-2.4.DEVEL1 ():
2922
42b51993 2923Changes to Squid-2.3.STABLE4 (July 18, 2000):
2924
2925 - Fixed --localstatedir configure option (IKEDA Shigeru).
2926 - Fixed IPFilter headers on OpenBSD (Nic Bellamy, Brad
2927 Smith).
2928 - Added pthread_sigmask() check to configure (Daniel
2929 Ehrlich).
2930 - Added CYGWIN patches from Robert Collins.
2931 - Changed internal DNS lookups to retry queries that are
2932 returned with RCODE 2 (ServFail).
2933 - Added 'virtual port' support (Gregg Kellogg). If
2934 'httpd_accel_uses_host_header' is enabled, then we use
2935 the port number from the Host header. Otherwise, when
2936 'httpd_accel_port' is set to "0" we use the port number
2937 of the local end of the client socket.
2938 - Fixed a typo in carp.c (Nikolaj Yourgandjiev).
2939 - Made Squid accept GET requests that have a "content-length:
2940 0" header.
2941 - Added a sanity check on the NHttpSockets[] array index
2942 (Gregg Kellogg).
2943 - Added a friendlier message when Squid can't find any DNS
2944 nameserver addresses to use (Daniel Kiracofe).
2945 - Added nonstandard WEBDAV methods: BMOVE, BDELETE, BPROPFIND
2946 (Craig Whitmore).
2947 - Added missing '%c' token replacement in error page
2948 generation.
2949 - Fixed a bug with 'minimum_object_size' that prevented
2950 internal icons from being loaded.
2951 - Fixed "extra semicolon" bug in storeExpiredReferenceAge()
2952 that could prevent any objects from being replaced.
2953 - Make sure that storeDirDiskFull() doesn't actually
2954 *increase* the cache size.
2955 - Changed a storeSwapMetaUnpack() assertion to a recoverable
2956 error condition.
2957 - Removed "wccpHereIam" event check that could cause Squid
2958 to stop sending HERE_I_AM messages.
2959
d20b1cd0 2960Changes to Squid-2.3.STABLE3 (May 15, 2000):
2961
2962 - Fixed malloc linking problems on Solaris. The configure
2963 script incorrectly set options for dlmalloc.
2964 - Added a configure check to remove compiler optimization
2965 for GCC 2.95.x.
2966 - Updated MSNT authenticator module.
2967 - Updated Estonian error pages.
2968 - Updated Japanese error pages.
2969 - Fixed expires bug in httpReplyHdrCacheInit. It was
2970 incorrectly setting expires based on max-age. It was using
2971 the current time as a basis, instead of the response date.
2972 - Fixed "USE_DNSSERVER" typos.
2973 - Added a workaround for getpwnam() problems on Solaris.
2974 getpwnam() could fail if there are fewer than 256 FDs
2975 available. This causes root to own some disk files.
2976 - Added an 'offline_toggle' option via the cache manager.
2977 - Added a 'minimum_object_size' option. Files smaller than
2978 this size are not stored.
2979 - Added 'passive_ftp' option to disable passive FTP transfers.
2980 - Added 'wccp_version' option because some Cisco IOS versions
2981 require WCCP version 3.
2982 - The 'client' program in ping mode (-g) now prints transfer
2983 throughput.
2984 - Fixed logging of proxy auth username for redirected
2985 requests.
2986 - Fixed bogus Age values for IMS requests.
2987 - Fixed persistent connection timeout for client-side
2988 connections. It was hard-coded to 15 seconds, now uses
2989 the 'pconn_timeout' value.
2990 - Fixed up httpAcceptDefer. It wasn't being used properly
2991 and caused high CPU usage when Squid gets close to the FD
2992 limit.
2993 - Numerous delay_pools fixes and checks.
2994 - Fixed SNMP coredumps from running snmpwalk.
2995 - Added a check for errno == EPIPE in icmp.c when pinger uses
2996 a Unix socket instead of a UDP socket.
2997 - Fixed ACL checklist memory initialization bugs.
2998 - Cleaned up the MIB file. Replaced contact information and
2999 checked description fields.
3000 - Removed LRU reference_age hard-coded upper limit.
3001 - Fixed async I/O FD leak.
3002 - Made getMyHostname() more robust.
3003 - Fixed domain list matching bug. "x-foo.com" wasn't properly
3004 compared to ".foo.com" and confused splay tree ordering.
3005 - Added a check for whitespace in hostnames and optionally
3006 strip whitespace if 'uri_whitespace' setting allows.
3007 - Added status code and checking to ASN/whois queries.
3008
3009Changes to Squid-2.3.STABLE2 (Mar 2, 2000):
3010
3011 - Changed Copyright text.
3012 - Changed configure so that some IRIX-6.4 hacks apply to
3013 all IRIX-6.* versions.
3014 - Cleaned up HTML bugs in error pages.
3015 - Told configure to check for netinet/if_ether.h, which
3016 is used in ARP ACL code, but might not be required.
3017 - Added "Cookie" to known HTTP headers so it can be
3018 used in anonymizer configuration.
3019 - Added optional TCP_REDIRECT log code for logging
3020 of 301/302 responses returned by Squid.
3021 - Added a check for a currently running Squid process.
3022 If the pid file exists, and the pid is running,
3023 Squid complains and refuses to start another instance.
3024 - Changed async I/O scope to PTHREAD_SCOPE_PROCESS for
3025 IRIX.
3026 - Fixed a bug with the PURGE method. The purge enable
3027 flag was not getting cleared during reconfigure.
3028 Also required PURGE method to be used in http_access
3029 list before enabling.
3030 - Fixed async I/O assertions for file open errors.
3031 - Fixed internal DNS assertion when unpacking truncated
3032 messages.
3033 - Fixed anonymize_headers bug that caused all headers
3034 to be allowed after a reconfigure.
3035 - Fixed an access denied bug for accelerator-only installations.
3036 - Fixed internal DNS initialization so that it uses
3037 'dns_nameservers' settings in squid.conf if set.
3038 - Fixed 'maxconn' ACL bug that caused it to work backwards
3039 (Pedro Ribeiro).
3040 - Fixed syslog bug for daemon mode on Linux.
3041 - Fixed 'http_port' parsing bugs.
3042 - Fixed internal DNS byte ordering bugs for PTR queries.
3043 - Fixed internal DNS queue getting stuck during periods
3044 of low activity (Henrik).
3045 - Fixed byte ordering bugs for parsing EPLF FTP listings
3046 on 64-bit systems.
3047 - Fixed 'request_body_max_size' bug that caused all
3048 POST, PUT requests to be denied if max size is set
3049 to zero.
3050 - Fixed 'redirector_access' bug when using 'myport' ACLs.
3051 - Fixed CARP neighbor selection bugs for down peers.
3052 - Added 'client_persistent_connections' and
3053 'server_persistent_connections' flags to disable persistent
3054 connections for clients and servers.
3055 - Fixed access logging bug that caused many requests to be
3056 logged as TCP_MISS.
3057 - Added some bounds checking to delay pools code.
3058
ad445e36 3059Changes to Squid-2.3.STABLE1 (Jan 9, 2000):
3060
3061 - Updated PAM authentication module from Henrik Nordstrom.
3062 - Updated Bulgarian error messages from Svetlin Simeonov.
3063 - Changed ACL routines so that User-Agent (browser) string
3064 is always taken from compiled HTTP request headers
3065 instead of passed as an argument to aclCreateChecklist.
3066 - Added a 'strip' option to the 'uri_whitesace' configuration
3067 directive and made it the default behavior. Whitespace
3068 found in URI's is now stripped out by default.
3069 - Added chroot feature. The 'chroot_dir' config option enables
3070 it and specifies the directory.
3071 - Changed clientBuildReplyHeader so that the Age header is
3072 added only for cache hits, and only when we can calculate
3073 a valid, positive age value.
3074 - Changed clientWriteComplete and clientGotNotEnough so
3075 that they keep persistent connections open for more types
3076 of replies that don't have bodies.
3077 - Changed filemap.c routines to dynamically grow filemap
3078 space as needed.
3079 - Added a hack to ftp.c to deal with ftp.netscape.com, which
3080 sometimes doesn't acknowledge PASV commands.
3081 - Fixed FTP bug with ftpScheduleReadControlReply; there
3082 was not always a timeout handler on the control socket
3083 after the transfer completed.
3084 - Fixed FTP filedescriptor leak from invalid PASV replies.
3085 - Changed httpBuildRequestHeader so that it doesn't
3086 copy the Host header from the client request. Instead
3087 we should generate our own Host header which is known
3088 to be correct.
3089 - Changed storeTimestampsSet to adjust entry->timestamp
3090 if the response includes an Age header.
3091 - Removed size limit from storeKeyHashBuckets.
3092 - Changed fwdConnectStart from a "heavy" to a "light" event.
3093 - Fixed an 'anonymize_headers' bug that affects unknown
3094 HTTP headers. With the bug, if you list a header that
3095 Squid doesn't know about (such as "Charset"), it would
3096 add HDR_OTHER to the allow/deny mask. This caused all
3097 unknown headers to be allowed or denied (depending on
3098 the scheme you use). Now, with the bug fixed, an unknown
3099 header in the 'anonymize_headers' list is simply ignored.
3100
7e3ce7b9 3101Changes to Squid-2.3.DEVEL3 ():
3102
ad445e36 3103 - Added MSNT auth module from Antonino Iannella.
7e3ce7b9 3104 - Added --enable-underscores configure option. This allows
3105 Squid to accept hostnames with underscores in them. Your
3106 DNS resolver may still complain about them, however.
3107 - Added --heap-replacement configure option. This enables
3108 the alternative cache replacement policies, such as
3109 GDSF, and LFUDA.
3ff01c3e 3110 - WCCP establishes and registers with the router faster.
7e3ce7b9 3111 - Added 'maxconn' acl type to limit the number of established
3112 connections from a single client IP address. Submitted
3113 by Vadim Kolontsov.
3114 - Close FTP data socket as soon as transfer completes
3115 (Alexander V. Lukyanov).
3116 - Fixed ftpReadPass() to not clobber ctrl.message when
3117 the PASS command fails.
3118 - Added a redirect.c patch so squidGuard is able to do
3119 per-user access control (Antony T Curtis).
3120 - discard the pumpMethod() function, and instead use the
3121 fact that the request has a request entity (content-length
3122 present) (Henrik).
3123 - Reload the MIME icons at reconfigure time (Radu Greab).
3124 - Updated Richard Huveneers' SMB authentication module to
3125 his version 0.05 package.
3126 - Fixed lib/heap.c::heap_delete() bug when deleting the
3127 last node.
3128 - Fixed an integer conversion bug in
3129 lib/rfc1035.c::rfc1035AnswersUnpack().
3130 - Fixed lib/rfc1738 routines to encode reserved characters,
3131 in addition to encoding the unsafe characters (Henrik).
3132 - Changed the interface for splay compare and "walk"
3133 functions to take a void pointer, instead of a splayNode
3134 pointer (Henrik).
3135 - Changed numerous HTTP parsing routines to use ssize_t
3136 instead of size_t. This was done because size_t may be
3137 signed or unsigned. When it is unsigned, gcc emits
3138 numerous "comparison is always true" warnings. At least
3139 we know ssize_t is always signed.
3140 - Fixed src/HttpHeaderTools::httpHeaderHasConnDir() and
3141 friends so that it properly handles multi-value lists.
3142 - Added an "end" (ssize_t) parameter to
3143 src/HttpReply::httpReplyParse() so that we know exactly
3144 where to terminate the header buffer.
3145 - Changed src/access_log.c::log_quote() so that it only
3146 encodes whitespace characters, and not all URL-special
3147 characters (Henrik).
3148 - Added local port ACL type ("myport") (Henrik).
3149 - Added maximum number of connections per client ("maxconn")
3150 as an ACL type.
3151 - Fixed proxy authentication username/password parsing to
3152 be more robust (Henrik).
3153 - Fixed ACL domain/host and domain/domain comparison
3154 functions yet again. Eliminated duplicate code so that
3155 only src/url.c::matchDomainName() contains this mysterious
3156 code.
3157 - Changed the 'http_port' option to accept an IP address
3158 or hostname as well (Henrik).
3159 - Removed 'tcp_incoming_addr' option.
3160 - Added an access control list for the redirector
3161 ('redirector_access'). Requests which match are sent to
3162 the redirector. All requests. are redirected by default.
3163 - Added the 'authenticate_ip_ttl' option. It specifies
3164 how long a valid proxy authentication credential is
3165 bound to a specific address.
3166 - Added 280, 488, 591, and 777 to "Safe_ports" ACL.
3167 - Removed the unused and highly questionable 'forward_snmpd_port'
3168 option.
3169 - Added an option to accept DNS messages from unknown nameservers.
3170 This may be necessary if replies come from a different address
3171 than queries are sent to.
3172 - Added #includes for IP Filter files in netinet directory.
3173 - Fixed a bug with retrying forwarded IMS requests (Henrik).
3174 - Fixed a bug in src/client_side.c::clientInterpretRequestHeaders()
3175 where we were checking a cache-control bit before getting the
3176 mask from the HTTP headers (pallo@initio.no).
3177 - Fixed a bug with "no_cache" access list. If not defined,
3178 everything was uncachable by default.
3179 - Fixed a bug with timed-out client-side HTTP connections.
3180 We didn't cancel the read handler, which could lead to
3181 "rwstate != NULL" warnings.
3182 - Changed comm_open() to only call fdAdjustReserved() for
3183 specific errors (ENFILE, EMFILE);
3184 - Fixed NULL pointer bug in idnsParseResolvConf().
3185 - Split CACHE_DIGEST_HIT into CD_PARENT_HIT and CD_SIBLING_HIT.
3186 - Added DELETE request method.
3187 - Added RFC 2518 HTTP status codes.
3188 - Fixed handling of URL passwords when we need to rewrite a
3189 BASE HREF URL (Henrik).
3190 - Fixed a bug with FTP requests where a request gets aborted,
3191 but we try to complete it anyway. It would result in a
3192 "store_status != STORE_PENDING" assertion. The solution
3193 is to check for ENTRY_ABORTED before reading from
3194 the control channel too.
3195 - Changed FTP to retry a request if Squid fails to establish
3196 a PASV data connection (Henrik).
3197 - Fixed numerous HTCP memory leaks and an uninitialized memory
3198 bug.
3199 - Changed httpMaybeRemovePublic() with RFC 2518 and 2616 in
3200 mind (Henrik).
3201 - Minor fixes for Rhapsody systems.
3202 - Define _XOPEN_SOURCE_EXTENDED in squid.h so that AIX systems
3203 don't include varargs.h.
3204 - Changed src/store_client.c::storeClientType() so that
3205 an entry can have more than one STORE_MEM_CLIENT.
3206 - Changed src/store_client.c::storeClientReadHeader()
3207 to check swapfile metadata (Henrik).
3208 - Changed src/url.c::urlCheckRequest() to return FALSE for
3209 any "https://" URL. These should always be CONNECT
3210 instead. If Squid gets an "https://" URL, it is a browser
3211 bug.
3212 - Added numerous squid.conf options for controlling cache
3213 digests. Previously these were hard-coded in
3214 src/store_digest.c. (Martin Hamilton)
3215 - Added 'cache_peer' option called 'digest-url' that
3216 lets you specify the URL for a peer's digest.
3217 (Martin Hamilton)
3218 - Added DELAY_POOLS hacks to scan "slow" connections in
3219 a random order (David Luyer).
3220 - ARP_ACL fixes from Damien Miller. Linux 2.2.x uses a
3221 per-interface arp/neighbour cache, whereas 2.0.x uses a
3222 unified cache. Under 2.2.x you are required to specify
3223 a interface name when looking up ARP table entries with
3224 SIOCGARP.
3225 - If the process umask is not set (i.e. 0), then Squid
3226 changes it to 007.
3227
9bc73deb 3228Changes to Squid-2.3.DEVEL2 ():
3229
3230 - Added --enable-truncate configure option.
3231 - Updated Czech error messages ()
3232 - Updated French error messages ()
3233 - Updated Spanish error messages ()
3234 - Added xrename() function for better debugging.
3235 - Disallow empty ("") password in aclDecodeProxyAuth()
3236 (BoB Miorelli).
3237 - Fixed ACL SPLAY subdomain detection (again).
3238 - Increased default 'request_body_max_size' from 100KB
3239 to 1MB in cf.data.pre.
3240 - Added 'content_length' member to request_t structure
3241 so we don't have to use httpHdrGetInt() so often.
3242 - Fixed repeatedly calling memDataInit() for every reconfigure.
3243 - Cleaned up the case when fwdDispatch() cannot forward a
3244 request. Error messages used to report "[no URL]".
3245 - Added a check to return specific error messages for a
3246 "store_digest" request when the digest entry doesn't exist
3247 and we reach internalStart().
3248 - Changed the interface of storeSwapInStart() to avoid a bug
3249 where we closed "sc->swapin_sio" but couldn't set the
3250 pointer to NULL.
3251 - Changed storeDirClean() so that the rate it gets called
3252 depends on the number of objects deleted.
3253 - Some WCCP fixes.
3254 - Added 'hostname_aliases' option to detect internal requests
3255 (cache digests) when a cache has more than one hostname
3256 in use.
3257 - Async I/O NUMTHREADS now configurable with --enable-async-io=N
3258 (Henrik Nordstrom).
3259 - Added queue length to async I/O cachemgr stats (Henrik Nordstrom).
3260 - Added OPTIONS request method.
9bc73deb 3261
eb824054 3262Changes to Squid-2.3.DEVEL1 ():
3263
3264 - Added WCCP support. This adds the 'wccp_router' squid.conf
3265 option.
3266 - Added internal DNS queries; Most installations can run
3267 without the external dnsserver processes.
3268 - Rewrote much of the code that stores cache objects on
3269 disk. Developed a programming interface that should
3270 allow new storage systems to be added easily. This still
3271 is pretty ugly and needs a lot of work, however.
3272 - Replaced async_io.c "tags" with callback data locks.
3273 This probably breaks async IO in a bad way.
3274 - Tried to write an Async IO disk storage module.
3275 - Added code to replace the StoreEntry linked list with a
3276 heap structure. This allows for different replacement
3277 algorithms, instead of being stuck with LRU. This adds
3278 the 'replacement_policy' squid.conf option. (John Dilley
3279 et al).
3280 - Fixed HTCP queries by actually checking for freshness
3281 based on the HTCP header fields.
3282 - Fixed passing of redirector command line arguments.
3283 - Added 'request_header_max_size' squid.conf option.
3284 - Added 'request_body_max_size' squid.conf option.
3285 - Added 'reply_body_max_size' squid.conf option.
3286 - Added 'peer_connect_timeout' squid.conf option.
3287 - Added 'redirector_bypass' squid.conf option.
3288 - Added RFC 2518 (WEBDAV) request methods.
d20b1cd0 3289
6b8e7481 3290Changes to Squid-2.2 (April 19, 1999):
b93549f6 3291
98b093e7 3292 - Removed all SNMP specific ACL code
3293 SNMP now uses generic squid ACL's
3294 - Removed view-based access crontrol
00b7a8b6 3295 - Cleaned up and simplified SNMP section of squid.conf
98b093e7 3296 - Changed the SNMP code to use a tree stucture.
3ff01c3e 3297 - Added objects to MIB:
00b7a8b6 3298 Request Hit Ratio's
3299 Byte Hit Ratio's
3300 Number of Clients
61d53e64 3301 - Changed SNMP Agent to return object instances correctly.
b93549f6 3302 - Added our own assert() macro so we can use debug() instead of
3303 printing to stderr.
3304 - Added eventFreeMemory().
3305 - Fixed ipcCreate() bug when debug_log has FD <= 2.
3306 - Changed watchChild() and related code in main.c so that
3307 Squid can behave more like a proper daemon process.
3308 - Added 'prefer_direct' option (enabled by default) so that
3309 people can give parents higher preference than direct.
6703526b 3310 - Fixed ipc.c close() bug for async IO. On FreeBSD,
3311 comm_close() doesn't work for child processes when async IO is
3312 used.
3313 - Fixed setting the public key for large ``icons'' (Henrik
3314 Nordstrom).
68f87dc5 3315 - Rewrote peer digest module to fix memory leaks on reconfigure
3316 and clean the code. Increased "current" digest version to 5
6474667e 3317 ("required" version is still 3). Revised "Peer Select" cache
3318 manager stats.
68f87dc5 3319 - Added "-k parse" command line option: parses the config file
3320 but does not send a signal unlike other -k options.
1743c283 3321 - Revamped storeAbort() calling. Only store_client.c has all
3322 the right information to determine if the request should
3323 be aborted. Now client and server modules just storeUnregister
d81e3f33 3324 without ever needing to call storeAbort.
96aeb95d 3325 - Small change of Squid output for FTP (Andrew Filonov,
3326 Henrik Nordstrom).
3327 - clientGetsOldEntry() sends old entry if new request status
3328 is in the 500-range (Henrik Nordstrom).
3329 - Changed configure so it works with IRIX6.4 C compiler (broken?)
3330 option -OPT:fast_io=ON.
3331 - Fixed comm_connect_addr() non-blocking connections for
3332 SONY NEWSOS (Makoto MATSUSHITA).
3333 - Changed "#ifdef __STDC__" to "#if STDC_HEADERS" as recommended
3334 by autoconf documentation.
3335 - Fixed client-side cache-control max-age (Henrik Nordstrom).
3336 - Added a new error page: ERR_SHUTTING_DOWN. fwdStart() returns
3337 this error if it is called while squid is in the process of
3338 shutting down.
3339 - Added support for linuxthreads package under FreeBSD (Tony Finch).
3340 - Fixed HP-UX StatHist.c assertions by making the "hbase_f"
3341 functions non-static (Michael Pelletier).
3342 - Fixed logging of authenticated usernames even if the
3343 authorization is not cached (Dancer).
3344 - Fixed pconnPush() bug that prevented holding on to
3345 persistent connections (Manfred Bathelt).
2328711e 3346 - Pid file now rewritten on SIGHUP.
b4019ff7 3347 - Numerous Ident changes:
3348 - Ident lookups will now be done on demand if you use the
3349 'ident' ACL type.
3350 - The 'ident_lookup on|off' option has been replaced with
3351 an access list, so you can do lookups only for some
3352 client addresses.
3353 - Added an 'ident_timeout' option to specifiy the amount
3354 of time to wait for an ident lookup.
3355 - Added a (local) hit rate to mempool metering.
3356 - FTP Restarts (REST command) is now supported.
3357 - Check for libintl.a on SCO3.2.
3358 - Disable poll() on SCO3.2.
3359 - Numerous Async IO enhancements from Henrik.
3360 - Removed cache_mem_low and cache_mem_high options (Henrik
3361 Nordstrom).
3362 - Replaced 'persistent_client_posts' with 'broken_posts' access
3363 list.
97474590 3364 - Rewrote the anonymizer.
3365 - Removed the http_anonymizer option.
548b801c 3366 - Added the anonymize_headers option to allow individual
3367 referencing of headers for addition or removal. See
3368 'anonymize_headers' in squid.conf for additional
3369 configuration.
b3abf16c 3370 - Fixed config file parser's handing of optional directives.
3371 Some people might get new warnings about unknown config
3372 directives.
548b801c 3373 - Added 'myip' ACL type. This is the local IP address for
3374 connected sockets (Luyer).
3375 - Fixed parsing of FTP DOS directory listings with spaces
3376 (Nordstrom).
dd0b0295 3377 - Numerous DELAY_POOL changes/fixes from David Luyer:
3378 - Makes no-delay neighbors for DELAY_POOLS work by
3379 using a fd_set with the connections to no-delay
3380 peers marked in it.
3381 - Makes IP addresses ending in 0 and 255, and
3382 network number 255, work with individual and
3383 network delay pools (they were previously not
3384 permitted, and documented as such).
3385 - Massive overhaul of delay pools code - dynamically
3386 allocated delay pools, as many as required.
3387 - delayPoolsUpdate stops running if DELAY_POOLS is
3388 configured but no delay pools are configured.
3389 - Initial delay pool levels are now configurable
3390 as a percentage of the maximum for the pool in
3391 question (used to be all set to 1 second worth
3392 of traffic). Pools are restored to this level
3393 on reconfiguratoin.
242188c9 3394 - Changed storeClientCopy to give a swap-in failure if
3395 the number of open disk FD's is above the 'max_open_disk_fds'
3396 limit. Otherwise, a very loaded cache will end up with
3397 all disk files open for reading, and none for writing.
b6a2f15e 3398 - Added lib/inet_ntoa.c from BSD Unix for systems that have
3399 broken inet_ntoa(). (Erik Hofman).
3400 - Added more specific FTP error messages for "permission
3401 denied, "file not found," and "service unavailable."
3402 (Tony Finch)
3403 - Added xisspace(), xisdigit(), etc, macros to cast function
3404 args and eliminate compiler warnings.
3405 - Fixed case-sensitive comparisons of domain names (Henrik
3406 Nordstrom).
3407 - Added proxy-authentication to cachemgr.cgi's requests
3408 (Henrik Nordstrom).
3409 - Changed Squid to *truncate* rather than *unlink* purged
3410 swap files. Can be reversed by undefining
3411 USE_TRUNCATE_NOT_UNLINK in src/defines.h.
3412 - Changed internal icon headers to use Cache-control
3413 Max-age instead of Expires.
3414 - Changed storeMaintainSwapSpace behavior to be adjusted
3415 smoothly, instead of discretely, between store_swap_low
3416 and store_swap_high. This includes the number of
3417 objects to scan, number to remove, and time until the
3418 next storeMaintainSwapSpace event.
3419 - Fixed a quick_abort bug that incorrectly calculated
3420 content lengths.
3421 - Added getpwnam() auth module from Erik Hofman.
3422 - Added 'coredump_dir' option.
3423 - Fixed a peerDestroy() assertion that required peer->digest
3424 to be NULL at the end of peerDestroy().
3425 - configure script now automatically enables dlmalloc for
3426 Solaris/x86.
3427 - configure enables poll() on linux 2.2 and later (Henrik).
3428 - Icon files are now distributed in binary format, install
3429 will not need to run 'sh' and 'uudecode'.
3430 - Fixed some bugs with large responses (>READ_AHEAD_GAP) and
3431 re-forwarding requests and ENTRY_FWD_HDR_WAIT.
3432 fwdCheckDeferRead() will NOT defer reading if the
3433 ENTRY_FWD_HDR_WAIT bit is set.
3434 - Fixed a "F->flags.open" assertion for aborted FTP PUT's.
3435 - Fixed a (double) cast problem that caused statAvgTick()
3436 events to be added as fast as possible.
6b8e7481 3437 - Changed httpPacked304Reply() to not include the Content-Length
3438 header for 304 replies that Squid generates. We used to
3439 include the length of the cached object, and this broke
3440 persistent connections.
3441
3442 2.2.STABLE2:
3443
3444 - Fixed configure bug for statvfs() checks. Configure reports
3445 "test: =: unary operator expected" or similar because an
3446 unquoted variable is not defined.
3447 - Fixed aclDestroyAcls() assertion because some ACL types
3448 are not listed in the switch statement. Occurs for
3449 srcdom_regex and dstdom_regex ACL types during reconfigure.
3450 - Typo "applicatoin" in src/mime.conf
3451 - The unlinkd daemon never saw the USE_TRUNCATE_NOT_UNLINK
3452 #define because it didn't include squid.h.
3453 - Fixed commRetryFD() when bind() fails. commRetryFD was
3454 closing the filedescriptor, but it is the upper layer's
3455 job to close it.
3456 - Changed configure's "maximum number of filedescriptors"
3457 detection to only use getrlimit() for Linux. On AIX,
3458 getrlimit returns RLIM_INFINITY.
3459 - Fixed snmpInit() nesting bug.
3460 - Fixed a bug with peerGetSomeParent(). It was adding
3461 a parent to the FwdServers list, regardless of the
3462 ps->direct value. This could cause every request to
3463 go to a parent even when always_direct is used.
3464 - Changed fwdServerClosed() to rotate the "forward servers"
3465 list when a connection establishment fails. Otherwise
3466 it always kept trying to connect to the first server
3467 int the list.
b93549f6 3468
2be4e260 3469 2.2.STABLE3:
3470
3471 - Fixed preprocessor problems for HP-UX in lib/safe_inet_addr.c.
3472 - Avoid coredump in aclMatchAcl() if someone tries to use
3473 proxy authentication with a non-HTTP request (e.g. icp_access).
3474 - Moved 'ident_lookup_access' in squid.conf so it appears
3475 after the ACL section.
3476 - Fixed typo in squid.conf on "Config.Addrs.snmp_outgoing"
3477 - Fixed a case in clientCacheHit() where we thought it
3478 was a hit, but the reply status was not 200, so we
3479 had to perform a cache miss. We forgot to change the
3480 log_type and these were being recorded as TCP_HIT's.
3481 - Fixed a void pointer subtraction bug in delayIdPtrHashCmp().
3482 - Fixed delay_pools coredump and memory leak bugs from
3483 NULL delay_id values.
3484 - Fixed a SEGV bug with delay_pools when requesting
3485 'objects' or 'vm_objects' from the cachemgr.
3486 - Added a workaround for buggy FTP servers that return
3487 a size of zero for non-zero-sized objects.
3488 - Removed umask(0) call from main().
3489 - Fixed a peer selection bug that caused us to never select
3490 a neighbor based on ICP replies if the ICP timeout occurs.
3491 In conjunction with this, removed the PING_TIMEOUT state.
3492 - Fixed a store_rebuild bug that caused us to get stuck trying
3493 if a cache_dir subdirectory didn't exist.
3494 - Fixed a buffer overrun bug in gb_to_str().
3495
9bc73deb 3496 2.2.STABLE4:
3497
3498 - Fixed a dread_ctrl leak caused in store_client.c
3499 - Fixed a memory leak in eventRun().
3500 - Fixed a memory leak of ErrorState structures due to
3501 a bug in forward.c.
3502 - Fixed detection of subdomain collisions for SPLAY trees.
3503 - Fixed logging of hierarchy codes for SSL requests (Henrik
3504 Nordstrom).
3505 - Added some descriptions to mib.txt.
3506 - Fixed a bug with non-hierarchical requests (e.g. POST)
3507 and cache digests. We used to look up non-hierarchical
3508 requests in peer digests. A false hit may cause Squid
3509 to forward a request to a sibling. In combination with
3510 'Cache-control: only-if-cached, this generates 504 Gateway
3511 Timeout responses and the request may not be re-forwardable.
3512 - Fixed a filedescriptor leak for some aborted requests.
3513
3514
4d62b0af 3515Changes to Squid-2.1 (November 16, 1998):
8f897f34 3516
3517 - Changed delayPoolsUpdate() to be called as an event.
3518 - Replaced comm_select FD scanning loops with global fd_set
3519 structures. Inspired by Jeff Mogul's patch for squid 1.1.
9e1559ea 3520 - Moved functions common to dns.c, redirect.c, authenticate.c,
3521 ipcache.c, and fqdncache.c into helper.c.
0753aa46 3522 - Changed storeClientCopy2() so that it keeps sending the remainder
3523 of a STORE_ABORTED request, instead of cutting off the client as
3524 soon as the object becomes aborted.
f0538986 3525 - Fixed combined ipf-transparent proxy and a local http-accelerator
3526 operation (Quinton Dolan).
3527 - Rewrote base64_decode.c because of potential buffer overrun
3528 bugs.
912432d8 3529 - Configurable handling of whitespace in request URI's.
3530 See 'uri_whitespace' in squid.conf.
e33ec474 3531 - Added ability to generate HTTP redirect messages from
3532 the redirector output by prepending "301:" or "302:" to the
3533 new url. See FAQ 4.16 for more details.
829a9357 3534 - Eliminated refreshWhen() which was out-of-sync with refreshCheck()
3535 potentially causing under-utilized cache digests
3536 - Maintain refreshCheck statistics on per-protocol basis so we
3537 can tell why ICP or Digests return too many misses, etc.
c68e9c6b 3538 - Fixed delay_pools.c class2/class3 typo (Simon Woods).
3539 - Changed squid.conf's default access controls to deny all
3540 HTTP requests. Admins must write ACL rules to specifically
3541 allow their local clients.
3542 - Patched French error messages (Mathias HERBERTS).
3543 - NextStep porting fixes by Mike Laster:
3544 - use xstrdup() in cf_gen.c
3545 - check for putenv() in configure
3546 - #define S_ISDIR macro
3547 - Added --disable-poll configure option (Henrik Nordstrom).
3548 - Fixed internal URL hostname case bugs (Henrik Nordstrom).
3549 - Patched ftp.c so we never cache autenticated FTP requests
3550 (Henrik Nordstrom).
3551 - Fixed FTP authentication. We tried to unescape authentication
3552 given by basic authentication which is not URL escaped
3553 (Henrik Nordstrom).
3554 - Fixed HTTP version for common logfile format (Henrik Nordstrom).
3555 - Added 'redirect_rewrites_host_header' option to disable rewriting
3556 of Host header for redirector responses (Henrik Nordstrom).
3557 - Allow semi-customized error message signatures (Henrik Nordstrom).
3558 - Fixed bug with errors for unsupported requests (Henrik Nordstrom).
3559 - Fixed handling of blank lines in ACL input files (Henrik
3560 Nordstrom).
3561 - Changed proxy_auth ACL type to consist of a list of valid
3562 users. REQUIRED == any (same as ident ACL). ACL type user
3563 changed to ident since this is what it really is.
3564 (Henrik Nordstrom).
3565 - Fixed long URL bugs; make sure 'log_uri' never exceeds
3566 MAX_URL bytes.
3567 - Allow comments in external ACL files (Gerhard Wiesinger).
3568 - Added 'range_offset_limit' configuration option. Requests
3569 with ranges that start after this value will be passed
3570 on unmodified, and Squid will not cache the response
3571 (Henrik Nordstrom).
3572 - Added Client HTTP Hit byte counters to 'counters' output
3573 (Douglas Swarin).
3574 - Got Squid to compile with --enable-async-io on FreeBSD.
3575 - Fixed infinite loop bug for cachemgr 'config' option.
3576 - Fixed cachability bugs for replies with Pragma: no-cache.
3577 - Made content-type multipart/x-mixed-replace uncachable.
3578 - Y2K fix for parsing dates in "Wed Jun 9 01:29:59 1993 GMT"
3579 format (Richard Kettlewell).
3580 - Fixed passing -s option to dnsserver processes (Alvaro Jose
3581 Fernandez Lago).
3582 - Changed proxy_auth to work on internal objects and when in
3583 accelerator mode. (Henrik Nordstrom)
3584 - Added login=user:password option to cache_peer directive to
3585 be used from a dial-up cache where the parent requires proxy
3586 authentication. (Henrik Nordstrom)
3587 - If you want to "auto-login", then use a URL on the form
3588 http://username:password@server/.... Squid now picks this up
3589 when going direct, and turns it into basic WWW
3590 authentication. It is also possible to do automatic login to
3591 certain servers by using a redirector to add the needed
3592 authentication information. (Henrik Nordstrom)
04f0ba5c 3593 - Changed refreshCheck() so that objects with negative age
3594 are always stale.
4d62b0af 3595 - Fixed "plain" FTP listings (Henrik Nordstrom).
3596 - Fixed showing banner/logon message for top-level FTP
3597 directories (Henrik Nordstrom).
3598 * Changes below have been made to SQUID_2_1_PATCH1
3599 - Fixed pinger packet size assertion.
3600 - Fixed WAIS forwarding.
3601 - Fixed dnsserver coredump bug caused by using both -D and
3602 -s options.
e42d5181 3603 * Changes below have been made to SQUID_2_1_PATCH2
3604 - Fixed EBIT macro bugs when the bitmask is a 64-bit long.
3605 - Fixed proxy auth NULL password bug.
3606 - Fixed queueing of multiple peerRefreshDNS events.
3607 - Added a stack of StoreEntry objects to be released after
3608 store rebuild completes.
3609 - Fixed NULL pointer bugs with too-large requests (found by
3610 Martin Lathoud).
3611 - Fixed reading replies from buggy ident servers. Replies
3612 might not have terminating CR or LF (Henrik Nordstrom).
b4019ff7 3613 - Changed internal StoreEntry key so that the request method
3614 is encoded as a single octet. Encoding an enumerated type
3615 has size and byte-order incompatibilities, especially for
3616 cache digests.
3617 - Fixed storeEntryLocked so that SPECIAL, but PRIVATE entries
3618 are not always locked. This fixes having multiple
3619 store_digest's stuck in memory.
3620 - Fixed clientProcessOnlyIfCachedMiss so it unlocks and
3621 unregisters from "cache hit" entries.
3622 * Changes below have been made to SQUID_2_1_PATCH3
3623 - Fixed memory leak in clientHandleIMSReply for
3624 storeClientCopy failures.
8f897f34 3625
41587298 3626Changes to Squid-2.0 (October 2, 1998):
71d6dc56 3627
4c154d99 3628 - Added NAT/Transparent hijacking code from Quinton Dolan.
3629 - Added actual filesystem usage to cachemgr 'storedir' page.
41587298 3630 Only works for operating systems which support statvfs().
a79d724b 3631 - Fixed HTCP compile-time bugs.
3632 - Fixed quick_abort bugs. Configured values are stored as
3633 Kbytes, not bytes.
41587298 3634 - Removed fwdAbortFetch(). It breaks quick_abort and seems
3635 mostly useless.
0da7d807 3636 - Changed storeDirSelectSwapDir() to skip swap directories
3637 when their utilization is over the high water mark ratio.
9ca005ac 3638 - Fixed off-by-one bug for dead neighbor detection (Joe Ramey).
18cc143b 3639 - fixed bugs in Content-Range header generation
3640 - changed the way Range requests are handled:
71d6dc56 3641 - do not "advertise" our ability to process ranges at
3642 all
3643 - on hits, handle simple ranges and forward complex
3644 ones
3645 - on misses, fetch the whole document for simple ranges
3646 and forward range request for complex ranges
3647 The change is supposed to decrease the number of cases when
3648 clients such as Adobe acrobat reader get confused when we
3649 send a "200" response instead of "206" (because we cannot
3650 handle complex ranges, even for hits) Note: Support for
3651 complex ranges requires storage of partial objects.
41587298 3652 - Removed SNMP mib-2.system group from squid.
6474667e 3653 - Removed SNMP ability to iterate through ipcache and friends.
3654 - Added SNMP ipcache/fqdncache basic statistics.
3655 - Converted SQUID-MIB to SMIv2 (RFC 1902).
3656 - Moved SQUID-MIB to enterprises section of the tree in preparation
3657 of the split into PROXY-MIB & SQUID-MIB.
3658 - Corrected minor errors in SQUID-MIB.
3659 - Moved uptime into cacheSystem from cacheConfig.
3660 - Corrected a number of get-next-request bugs, snmpwalk should now
3661 return all objects and not skip some.
41587298 3662 - Fixed netdbClosestParent() so it won't return sibling
3663 peers.
3664 - Fixed a bug with secondary clients on entries with
3665 ENTRY_BAD_LENGTH set. We should release the
3666 bad entry to prevent secondary clients jumping on.
3667 - Changed MIB to prevent parse warnings at startup.
f0538986 3668 * Changes below have been made to SQUID_2_0_PATCH1
9689d97c 3669 - Fixed a forwarding loop bug. Even though we were detecting
3670 a loop, it was not being broken.
3671 - Try to prevent sibling forwarding loops by NOT forwarding a
3672 request to a sibling if we have a stale copy of the object.
3673 Validation requests should only be sent to parents (or
3674 direct).
3675 - Fixed ncsa_auth hash bugs when re-reading password file.
3676 - Changed clientHierarchical() so that by default SSL/CONNECT
3677 requests do NOT go to neighbor caches.
d87ebd78 3678 - Changed clientHandleIMSReply() to not call storeAbort()
3679 because there can be more than one client hanging on the
3680 StoreEntry. This hopefully fixes "store_status !=
3681 STORE_ABORTED" assertions.
f0538986 3682 - Added temporary fix to httpMakePublic() to prevent assertions
3683 (!EBIT_TEST(e->flags, RELEASE_REQUEST)) in storeSetPublicKey().
3684 * Changes below have been made to SQUID_2_0_PATCH2
3685 - PATCH1 introduced a seriously stupid bug which prevented ICP
3686 queries for all requests. Fixed by checking
3687 request->hierarchical in peerSelectFoo().
18cc143b 3688
4c154d99 3689Changes to squid-1.2.beta25 (September 21, 1998):
3690
4b66bfd3 3691 - Fixed async IO bugs from adding filedescriptor arg to AIOCB
3692 callbacks (Henrik Nordstrom).
3693 - Fixed store_swapout.c assertion. We were freeing object data
3694 past the swapout_done offset. This probably happens (only?)
3695 when an object changes from cachable to uncachable while
3696 it is being swapped out.
a260d877 3697 - Added MEM_CLIENT_SOCK_BUF type so we can change the size
3698 of the buffers used for writing data to the client sockets.
669d90e7 3699 - Added configure check for libbind.a. If found, it will be
3700 used instead of libresolv.a.
3701 - Changed fwdStart() to always allow internally generated
dddd5b55 3702 requests, such as for peer digests. These requests are
3703 known to fwdStart() because the address arg is set to
3704 'no_addr'.
669d90e7 3705 - Completed initial HTCP implementation. It works, but is not
3706 tested much.
2d5c8e74 3707 - Added counters for I/O syscalls.
3708 - Fixed httpMaybeRemovePublic. With broken ICP neighbors
3709 (netapp) Squid doesn't use private keys. This caused us
3710 to remove almost every object from the cache.
3711 - Added 'asndb' cachemgr stats to show AS Number tree.
dddd5b55 3712 - Fixed AS Number byte-order bug for netmasks.
2d5c8e74 3713 - Fixed comm_incoming calling rate for high loads (Stewart
3714 Forster).
426012d2 3715 - Give always_direct higher precedence than never_direct
3716 (Henrik Nordstrom).
dddd5b55 3717 - Changed PORT ACL type to accept ranges. Now you can easily
3718 deny, for example, all priveleged ports except 80, 70, 21,
3719 etc.
3720 - ARP ACL fixes for Linux (David Luyer).
3721 - Replaced various "EBIT" flags bitfileds with structures of
3722 "int:1" members.
3723 - Changed storeKeyPrivate and storeKeyPublic to be a bit more
3724 efficient by removing snprintf(). This causes an
3725 incompatibility with old cache keys, however. To transition,
3726 we will look up both the new and old style keys for about the
3727 next 30 days. After that, if you haven't run this (or a
3728 future) version, your cache contents will be lost.
3729 - Made the client-side write buffer size configurable with
3730 a #define in defines.h. By default it is still 4096 bytes.
3731 - Removed redirectUnregister(). It should be unnecessary
3732 because of cbdata locks.
3733 - Fixed multiple HEAD request brokennesses (Henrik Nordstrom).
3734 - Changed non-blocking connect(2) code to call getsockopt()
3735 instead of connect() again. This is the approach recommended
3736 by Stevens, and fixes bugs on BSD-ish systems when subsequent
3737 connect() calls loop with EAGAIN status.
3738 - Added MD5 cache keys to memory pool accounting.
3739 - Added code to track number of open DISK descriptors and stop
3740 swapping out objects if the number of disk descriptors becomes
3741 too large. For now the limit must be manually configured with
3742 the 'max_open_disk_fds'. By default, there is no limit.
3743 - Stopped encoding a request method in the high byte of the ICP
3744 reqnum field. Instead queried cache keys are copied to a
3745 static array, indexed by the reqnum, modulo the array size.
3746 Now we just use the request number to lookup a cache key,
3747 instead of rebuilding it from the ICP reply URL and method,
3748 unless we have netapp neighbors--they don't do reqnum
3749 properly.
3750 - Fixed reconfigure memory access bugs in redirect.c.
0753aa46 3751 - Ignore unreasonably large ICP RTT values which cause overflow
3752 bugs in calculating the average RTT (thanks Niall!)
4b66bfd3 3753
8e6a43e8 3754Changes to squid-1.2.beta24 (August 21, 1998):
3755
6c4067e5 3756 - Added Bulgarian error pages by Evgeny Gechev.
ceb79b2b 3757 - Changed StoreEntry->lock_count to a u_short.
c7d6216e 3758 - Replaced urlcmp with strcmp
3759 - Fixed pragma no-cache ejecting ENTRY_SPECIAL objects
3760 (Henrik Nordstrom).
3761 - Eliminated unneeded BASE HREF on "root" directories (Henrik
3762 Nordstrom).
3763 - Fixed peerDigestFetchFinish() assertion caused by forwarding
3764 failures (e.g. miss_access rules).
ada249f8 3765 - Changed signal handlers with ASYNC_IO and Linux so that
3766 -k command line options work (Miquel van Smoorenburg).
4616f9ea 3767 - Rewrote shutdown code to use events instead of setting
3768 FD timeouts.
903e21a0 3769 - Fixed cachemgr 'objects' (statObjects()) by adding a check
b6a76fb2 3770 for READ_AHEAD_GAP, and calling storeCheckSwapout() in
3771 storeBufferFlush(). Otherwise, the read-past pages would
3772 never be freed.
681979a2 3773 - Fixed DNSSERVER shutdown bugs. The re-opened dnsserver processes
3774 were being closed by the dnsServerShutdown event.
b6a76fb2 3775 - Modified storeHashInsert() to insert PRIVATE objects at
3776 the tail of the LRU list, and PUBLIC objects at the head.
3777 Thus, PRIVATE objects get kicked out quicker.
95e36d02 3778 - Added David Luyer's DELAY_POOLS code.
54b5b3e5 3779 - Fixed a bug due to HEAD replies which lack the end-of-headers
3780 line.
3781 - Made proxy-auth realm string configurable (Bob Franklin)
3782 - Changed default mime time to a viewable one (Henrik Nordstrom).
3783 - configure fixes for Sony's NEWS-OS 6.x (Makoto MATSUSHITA).
3784 - Fixed 'you are running out of filedescriptors' bug which
3785 could cause the HTTP incoming connection handler to not
3786 be reset.
e23fbf04 3787 - Changed syslog logging. Now squid debug levels 0 and 1 go
d737baa0 3788 to syslog. Level 0 gets LOG_WARNING and level 1 gets LOG_NOTICE
e23fbf04 3789 (this needs more work!)
2cb51fe0 3790 - Fixed memory access errors in statAvgTick().
abc1237e 3791 - Fixed duplicate requestUnlink() bug in forward.c
6c4067e5 3792 - Fixed possible memory access bugs from not setting e->mem_obj
3793 = NULL in destroy_MemObject().
3794 - Deleted TCP_IMS_MISS tag. Always use TCP_IMS_HIT instead.
3795 - Modified headersEnd and httpMsgIsolateHeaders to account
3796 for funky line terminations such as CRCRNL.
3797 (``but Netscape and IE _tolerate_ this'')
3798 - Fixed carp functions (Eric Stern).
3799 - Replaced internal proxy_auth code with extern authentication
3800 module (Arjan de Vet).
3801 - moved hash.c to libmiscutil.a.
e931f99a 3802 - Fixed handling of ICP queries with whitespace in URLs.
3803 Now we return ICP error and escape the URL before logging.
3a15a393 3804 - Added configure check for socklen_t (David Luyer).
3805 - Removed USE_SPLAY #defines; it is now standard.
3a76c002 3806 - Added FD arg to async IO callbacks (AIOCB) so we can eliminate
3807 temporary disk_ctrl_t structures.
3808 - Changed ENOSPC disk write errors to reduce specific cache_dir
3809 sizes, and not just the size of the cache as a whole.
f9cece6e 3810 - Added httpMaybeRemovePublic() to purge public objects for
3811 certain responses even though they are uncachable. This is
3812 needed, for example, when an initially cachable object
3813 later becomes uncachable.
8e6a43e8 3814 - Added refresh_pattern options to ignore client reloads
3815 (Henrik Nordstrom)
3816 - Relocated disk.c code which combines blocks for writing
3817 (Stewart Forster).
c7d6216e 3818
857703c6 3819Changes to squid-1.2.beta23 (June 22, 1998):
3820
cf7f704c 3821 - Added Turkish error pages by Tural KAPTAN.
66bbb757 3822 - Added basic support for Range requests. For most cachable
3823 requests, Squid replies with an "Accept-Ranges" header. Upon
3824 receiving a potentially cachable Range request for a not
3825 cached object, Squid requests the whole object from origin
3826 server and then replies with specified range(s) to the
3827 client. Multi-range requests are supported. Adjacent
3828 overlapping ranges are merged. If-Range requests are
3829 supported. Limitations: Multi-range requests with out of
3830 order ranges are not supported.
3831 - Made md5.c use standard memcpy and memset if they are
3832 avaliable.
3833 - Memory pools will now shrink if Squid is run-time
3834 reconfigured with smaller value of memory_pools_limit tag.
3835 - Added counter for number of clients (Tomi Hakala).
3836 - Changed neighbor UP/DOWN algorithm to require 10 failed TCP
3837 connections for UP->DOWN transition.
3838 - Added 'unique_hostname' configuration option when its
3839 necessary to have multiple machines with the same visible
3840 hostname.
222917b2 3841 - Fixed pumpReadFromClient() to not read too many bytes on
3842 persistent connections.
53856ebd 3843 - We can now cache HTTP replies with Set-Cookie. These evil
3844 headers are now filtered out for cache hits on the client
3845 side.
222917b2 3846 - Fixed SNMP bugs caused by using snmpwalk.
9089cc70 3847 - Fixed snmp system Group; all objects are now returned.
3848 - Fixed snmp system Group sysDescr and sysContact.
78dfab2a 3849 - Fixed snmp system Group sysObjectID it now returns a OBJECT
3850 IDENTIFIER.
7fce9c3e 3851 - Allocate FwdState from mem pools.
3852 - Minor HTCP progress.
222917b2 3853 - Moved 'miss_access' ACL check from client_side.c to forward.c
ed169eab 3854 - Fixed logging of usernames for requests which require
3855 proxy-authentication.
cf7f704c 3856 - Fixed HTTP request parser to accept lowercase HTTP identifier
3857 (Oskar Pearson).
3858 - Fixed FTP listings to always include links to the parent
3859 directory (Henrik Nordstrom).
3860 - Fixed FTP to show an "empty" listing instead of showing
3861 a "document contains no data" error (Henrik Nordstrom).
3862 - Fixed refreshCheck() bug. Often it was checking the
3863 refresh patterns against the string "[null_mem_obj]"
3864 because we moved URLs to MemObject.
3865 - Added CARP support by Eric Stern.
48382032 3866 - Fixed select-spin bug when an ICP reply actually gets queued
3867 and we failed to execute the write callback.
354b5fe1 3868 - Fixed a storeCheckSwapOut bug. We were freeing up to
3869 the queued offset instead of the done offset. This
3870 resulted in a small chunk of object data not being in
3871 memory and not yet written to disk. A client could
3872 recieve a partial object because file_read() unexpectedly
3873 returns EOF.
0aa791f8 3874 - Fixed proxy-authentication hangs (Henrik Nordstrom).
c2354a6b 3875 - Fixed request_t->flags bug causing authenticated, proxied
3876 responses to be cached (Arjan de Vet).
e0e32f36 3877 - Fixed MIME types for .tgz extension (Henrik Nordstrom).
3878 - Added view and download options to FTP listings (Henrik
3879 Nordstrom).
3880 - Modified configure to allow using pre-installed libdlmalloc.a
3881 (Masashi Fujita).
e8d8856c 3882 - Fixed cachemgr 'objects' implementation.
fecf98dc 3883 - Changed refreshCheck() algorithm. For cached objects, we
3884 now check, in the following order:
3885 * request max-age
3886 * response Expires (if present)
3887 * refresh_pattern max-age
3888 * response Last-Modified compared to refresh_pattern
3889 LM-factor (only if Last-Modified is present)
3890 * refresh_pattern min-age
3891 - Changed Copyrights.
d192d11f 3892
ee3a78d4 3893Changes to squid-1.2.beta22 (June 1, 1998):
3894
2246b732 3895 - do not cut off "; parameter" from "digitized" Content-Type
3896 http fields
3897 - Added X-Request-URI for persistent connection debugging
3898 (Henrik Nordstrom)
f4d83f6d 3899 - Added Polish error pages from Maciej Kozinski.
145f10f1 3900 - Fixed hash_first/hash_next bugs with **Current pointer.
3901 Replaced with *next pointer.
f4d83f6d 3902 - Fixed PUT/POST bugs in client (Henrik Nordstrom).
3903 - Deny forwarding loops in httpd accel mode (Henrik Nordstrom).
3904 - Fixed eventRun "spin" bug when event delta time == 0.
a9cc1935 3905 - Fixed setting Last Modified time on cached entries when
3906 receiving a 304 reply.
06e87923 3907 - Added while loop in httpAccept().
3908 - Added while loop in icpHandleUdp().
3909 - Fixed some small memory leaks.
3910 - Fixed single-bit-int flag checks (Henrik Nordstrom).
137ee196 3911 - Replaced "complex" (offset accounting) calls to snprintf with MemBuf
3912 - Do not send only-if-cached cc directive with requests
6474667e 3913 for peer's digests.
ee3a78d4 3914 - Added "automatic tuning" for incoming request rate, i.e.
3915 how often to check HTTP and ICP sockets. See comm.c
3916 comments for details.
145f10f1 3917
6ee40ea2 3918Changes to squid-1.2.beta21 (May 22, 1998):
3919
434b408f 3920 - Added Italian error pages by Alessio Bragadini.
a3f9588e 3921 - Added Estonian error pages by Toomas Soome.
06066bbc 3922 - Added Russian (koi-r) error pages by Andrew L. Davydov.
7b381d33 3923 - Added Czech error pages by Jakub Nantl.
8e866bb4 3924 - Fixed asnAclInitialize calling to prevent coredump.
3925 - Fixed FTP directory parsing again.
3926 - Made FTP directory listing "Generated" tagline like
3927 the one for error pages.
52f977aa 3928 - Fixed an assertion coredump in statHistCopy from
6474667e 3929 reconfiguring with different #peers in squid.conf
10202788 3930 - Ignore leading whitespace on requests (and replies). RFC
3931 2068 section 4.1, robustness (Henrik Nordstrom)
3932 - Fixed keep_alive bug. We did not always honour reply
3933 headers, but rather assumed connections could be persistent.
3934 - Fixed reading whois output for AS numbers, especially when
3935 they are longer than 4 KB.
3936 - Removed 'cache_stoplist_pattern' configuration option. This
3937 feature is now handled by 'no_cache'.
3938 - If a URN resolves to only one URL, just return it immediately
3939 instead of giving the user a "choice" (Andy Powell).
3940 - Fixed year-2000 bug in lib/iso3307.c (Henrik Nordstrom).
3941 - Changed squid-internal object names.
3942 - Added netdb exchange protocol.
3943 - Fixed wordlistDestroy() uninitialized pointer bug in
3944 ftpParseControlReply.
06066bbc 3945 - Fixed redirector subprocess to show real program name.
3946 - Changed URN menu output to be sorted.
3947 - Added fast select(2) timeouts when using ASYNC_IO.
3948 - Added ARP ACL support for Linux (David Luyer).
6474667e 3949 - Added binary http headers to requests
3950 - request_t objects are now created and destroyed in a consistent way
3951 - Fixed cache control printf bug
3952 - Added a lot of new http header ids
3953 - Improved Connection: header handling; now both Connection and
3954 Proxy-Connection headers are checked for connection directives
3955 - Connection request header is now handled correctly regardless
3956 of its position and the number of entries
2246b732 3957 - Only replies with valid Content-Length can be sent with keep-alive
3958 connection directive (Henrik Nordstrom)
6474667e 3959 - Better handling of persistent connection "clues" in HTTP headers;
2246b732 3960 the decision now depends on HTTP version (and User-Agent exceptions)
6474667e 3961 - Removed handling of "length=" directive in IMS headers;
3962 the directive is not in the HTTP/1.1 standard;
3963 standing by for objections
3964 - allowed/denied headers are now checked using bit masks instead of
3965 strcmp loops
3966 - removed Uri: from allowed headers; Uri is deprecated in RFC 2068
2246b732 3967 - removed processing of Request-Range header (not in specs?)
7b381d33 3968 - Fixed byte-order bugs in cacheDigestHashKey.
3969 - Changed hash_remove_link() to return void.
3970 - Changed ipcache_gethostbyname() to return NULL if
3971 i->addrs.count == 0.
6de5fa88 3972 - Added millisecond-timing to select/poll loops and event
3973 queue.
3974 - Changed 'peerPingTimeout' value to be twice the average
3975 of all the peer ICP RTT's.
3976 - Added 'half_closed_clients' option to force closing of
3977 client connections which might only be half-closed.
3978 - Fixed matchDomainName coredump bug.
3979 - Don't cache HTTP replies with Vary: headers until we
3980 get content negotiation working.
3981 - Fixed SSL proxying to forward full HTTP request headers.
c09459dd 3982 - Changed storeGetMemSpace(). Only purge down to the HIGH
3983 water mark; move locked entries to the head of the inmem
3984 list.
3985 - Changed clientReadRequest() to locally handle any
3986 "squid-internal-static" URL for any host.
52f977aa 3987 - Disable persistent connections for client connections
3988 from broken Netscape User-Agent, version 3.* (Stewart Forster)
434b408f 3989
901b8eaf 3990Changes to squid-1.2.beta20 (April 24, 1998):
3991
fd1bc012 3992 - Improved support for only-if-cached cache control directive.
3993 - Enabled 304 replies for ENTRY_SPECIAL objects (e.g., icons).
a1a62b14 3994 - Fixed 'quick_abort' percent calculation bug.
3995 - Fixed quick_abort FPE bug.
3996 - Changed more errno-checking functions to use ignoreErrno().
3997 - Added ERESTART to ignoreErrno() because of report from
3998 a Solaris system.
3999 - Fixed '#elsif' typo.
4000 - Fixed MemPool assertion by moving memInit() to before
4001 configuration parsing functions.
4002 - Fixed default 'announce_period' value (was 1 day, should
4003 be 0) (Joe Ramey).
4004 - Added configure warning for low filedescriptors and pointer
4005 to FAQ.
b0497a40 4006 - Fixed httpBodySet() bug causing URN related coredumps.
4007 - Changed ipcacheCycleAddr() to always cycle through all all
4008 available addresses, and not just advance when one of
4009 them goes BAD.
4010 - Fixed squid-internal bug for mixed-case hostnames (Henrik
4011 Nordstrom).
4e41d49f 4012 - Fixed ICP counting probelm. icpUdpSend() arg should be
4013 LOG_ICP_QUERY instead of LOG_TAG_NONE.
e4b71f74 4014 - Added some additional fault toleranse on FTP data channels
4015 (Henrik Nordstrom).
4016 - Corrected error reporting on FTP "hacks" (Henrik Nordstrom).
4017 - Added lock/unlock for StoreEntry during storeAbort().
4018 - Added filemap bit usage stats to cachemgr 'storedir' and
4019 'info'.
4020 - Replaced 'cache_stoplist' with 'no_cache' Access list.
4021 - Fixed (hopefully) remaining swapfile-open-at-exit bugs.
44745828 4022 - Fixed default hierarchy_stoplist to be ``default if none.''
4023 - Fixed 'fake a recent reply' hack for detecting DEAD
4024 and ALIVE neighbors (Joe Ramey).
e376562a 4025 - Fixed FTP directory parsing bugs (Joe Ramey).
4026 - Fixed ftpTraverseDirectory coredump for NULL ftpState->filepath
4027 (Joe Ramey).
dea17509 4028 - Fixed daylight savings time bug (again).
fd1bc012 4029 - A lot of Cache Digests additions, fixes, and tuning.
4030 Cache Digests are still "very experimental".
e376562a 4031 - Fixed snprintf() bug. When len == 1, snprintf() would treat
4032 the buffer as unknown size, emulating sprintf() behaviour.
4033 - Made Error page language configurable with configure script
4034 (Henrik Nordstrom).
4035 - Fixed squid-internal URLs when http_port == 80.
4036 - Remember the client address on redirected requests (Henrik
4037 Nordstrom).
4038 - Don't rebuild the request if the redirector returned the same
4039 URL (Henrik Nordstrom).
4040 - Rewrite Host: header on redirected requests (Henrik
4041 Nordstrom).
4042 - Include port (if non-standard) in generated Host: headers
4043 (Henrik Nordstrom).
4044 - Fixed rfc1123 timezone hacks for Windows NT
4045 (Henrik Nordstrom).
4046 - Added Russian Error pages by Ilia Zadorozhko.
4047 - Added totals for ICP and HTTP hits to cachemgr client_list
4048 output.
6cfa8966 4049 - Changed error message to 'Generated TIME by HOST (SQUID/VER)'
4050 because any string with an '@' must be an email address.
e376562a 4051 - Fixed POST for content-length == 0.
901b8eaf 4052 - Fixed "huge 304 reply" loop bug.
5e9ab945 4053 - Fixed --enable-splaytree compile bugs.
c93fbf13 4054 - Removed ASN lookup code in peer_select.c.
b6a2f15e 4055 - Added warnings if ACL code detects subdomains in SPLAY
4056 trees.
4057 - Rewrote some bits of httpRequestFree() to eliminate
4058 possible bugs that could cause an "e->lock_count" asseertion.
4059 - Added value/bounds checking to _db_init() when setting
4060 the debugLevels[] array.
fd1bc012 4061
005e5260 4062Changes to squid-1.2.beta19 (Apr 8, 1998):
4063
b0497a40 4064 - Squid-1.2.beta19 compiles and runs on Windows/NT with
4065 Cygnus Gnu-WIN32 b19 (Henrik Nordstrom).
447203a7 4066 - Added French Error pages by Frank DENIS.
4067 - Added Dutch Error pages by Mark Visser
901b8eaf 4068 - Added German Error pages by Bernd P. Ziller, Jens Frank,
4069 and Anke S.
f9f2be04 4070 - Added support for only-if-cached cache-control directive.
005e5260 4071 - Added RELAXED_HTTP_PARSER #define to allow requests which are
4072 missing the HTTP identifier on the request line (e.g. buggy
4073 SpyGame queries). RELAXED_HTTP_PARSER is undefined by default.
1f4d31f9 4074 - Fixed disk.c FD leak for delayed closes in
4075 diskHandleWriteComplete().
4076 - Fixed cache announcement feature.
20fe7191 4077 - Fixed httpReadReply() to retry failed HTTP requests on
4078 persistent connections when read() returns -1, not only
4079 when it returns 0.
805e5f70 4080 - Fixed cbdata memory counting leak. cbdataUnlock() always
4081 called free(), never memFree().
ff396fe6 4082 - Fixed storeDirWriteCleanLogs() malloc bug on Alphas.
005e5260 4083 - Fixed `++loopdetect < 10' assertion due to
4084 clientHandleIMSReply bug for invalid/partial HTTP
4085 replies.
4086 - Added preliminary code for HTCP.
4087 - Renamed 'aux' dir to 'cfgaux' for legacy DOS machines.
4088 - Added "snmp_community" as an ACL type.
4089 - Cleaned up proxy-auth acl implementation and removed
4090 memory leaks.
4091 - Added generic 'hashFreeItems()' function for efficiently
4092 freeing hash table pointers.
4093 - Added whoisTimeout() for ASN code.
447203a7 4094 - Removed BINARY TREE code.
005e5260 4095 - Fixed forgetting to reset Config.Swap.maxSize in
4096 configDoConfigure.
4097 - Fixed httpReplyUpdateOnNotModified() arguments-in-wrong-order
4098 bug which caused not modified replies to not get updated.
4099 - Fixed client_side.c bugs which could cause data to be written
4100 to the client in the wrong order for persistent connections.
4101 clientPurgeRequest() and clientHandleIMSComplete() must not
4102 call comm_write(). Instead they must create and write to
4103 StoreEntry's.
4104 - Fixed ICP query service time counting bug(s).
4105 - replaced 'char *mime_headers_end()' with 'size_t headersEnd()'
4106 to fix buffer overruns. This also requires adding 'buf_sz'
4107 args to some functions like clientBuildReplyHeader().
4108 But we can eliminate the need to NULL-terminate the
4109 buffer beforehand.
4110 - Changed commConnectCallback() to reset the FD timeout to
4111 zero before notifying about the connection. This requires
4112 commSetTimeout() calls in numerous places to reinstall
4113 timeouts.
4114 - Changed comm_poll_incoming() to be called less frequently
4115 (every 15 I/O's instead of every 7 FD's) (Michael O'Reilly).
4116 - Removed HAVE_SYSLOG case for debug() macro. Almost all
4117 systems do have syslog(), but more importatnly the
4118 _db_level value is needed for debugging to stderr.
4119 - Rewrote squid/dnsserver interface to use smaller, single-line
4120 messages.
4121 - Rewrote 'dns' cachemgr output to use a table format.
4122 - Rewrote a lot of dnsserver.c.
4123 - Added eventAddIsh() for semi-random event scheduling.
4124 - Fixed an ftpTimeout bug for sessions which use PORT
4125 commands.
4126 - Fixed ftp.c to recognized invalid PASV replies (e.g.
4127 port == 0).
4128 - Removed hash_insert(). All hasing uses hash_join() now.
4129 - Renamed hash_unlink() to hash_remove_link().
4130 - Added hashPrime() to find closes prime hash table size
4131 to a given value.
4132 - Fixed Keep-Alive ratio counting bug which prevented
4133 persistent connections from being used between cache
4134 peers.
4135 - Changed icmp.c to NOT queue messages sent from squid to
4136 the pinger program.
4137 - Changed icp_v2.c to NOT queue ICP messages by default.
4138 But they will be queued and resent once if the first
4139 send fails. Counters.icp.queued_replies counts the
4140 number of messaages queued.
4141 - Cleaned up ICP logging.
4142 - Added identTimeout().
4143 - Fixed ipcache reply counting bug. Overcounted dnsserver
4144 replies for partial replies.
4145 - Added urlInternal() for building internal Squid URLs.
4146 - Changed peerAllowedToUse() to check both 'cache_peer_domain'
4147 AND 'cache_peer_acl' configurations. This should be changed
4148 in the fugure to use ONLY cache_peer_acl.
4149 - Changed DEAD/REVIVED neighbor detection to avoid reporting
4150 so many false deaths. (Joe Ramey).
4151 - Added some preliminary code to support "cache digests."
4152 - Fixed pumpClose() coredumps (?).
4153 - Updated cachemgr 'info' output to show median service
4154 times for various categories.
4155 - Fixed ABW bug in storeDirWriteCleanLogs(). sizeof(off_t)
4156 != sizeof(int) for Alphas.
4157 - Fixed potential alignment problem in storeDirWriteCleanLogs().
4158 - Fixed store_rebuild.c to NOT replace current, but
4159 not-swapped-out StoreEntry's with on-disk entries.
4160 - Changed storeCleanup() to call storeRelease on invalid
4161 entries which don't have a swapfile (i.e. no unlink()
4162 penalty).
4163 - Fixed storeSwapInStart() to fail for unvalidated
4164 entries.
4165 - SNMP changes:
4166 . renovated mib and added descriptions and comments
4167 . added hit and byte counters to client_db , for
4168 cacheClientTable
4169 . cacheClientTable, netdbTable, cachePeerTable,
4170 cacheConnTable now indexed by ip address. hash_lookup was
4171 enhanced to allow for subsequent hash_next's similar to
4172 hash_first, to speed up getnext's in tables which refer to
4173 hash-table structures.
4174 . added generic (well, sorf of) table indexing functionality
4175 . added makefile dependencies for snmplib and cache_snmp.h
4176 . WaisHost, WaisPort, Timeouts removed
4177 . FdTable split into FdTable and ConnTable. FdTable simplified
4178 . PeerTable and PeerStat merged and put into new cacheMesh
4179 group
4180 . cacheClientTable added for client statistics and accounting
4181 (cacheMesh 2)
4182 . cacheSec and cacheAccounting groups removed
4183 . fixed acl bug when communities not defined
4184 . snmp_acl now survives bad configuration
81d0c856 4185
9a713ffb 4186Changes to squid-1.2.beta18 (Mar 23, 1998):
4187
275d9f2e 4188 - Added v1.1 'test_reachability' option.
4189 - Fixed hash4() len == 0 bug.
2c26197b 4190 - Fixed Config.Swap.maxSize reconfigure bug.
4191 - Fixed ICP query bug determining request method.
4192 - Moved ICP's storeGet() cache lookup into neighborsUdpAck()
4193 so that we know neighbors are alive even when they send
4194 us replies for unknown entries.
4195 - Changed configure script to add '-std1' for Digital Unix cc.
4196 - Fixed SNMP sizeof(int) / sizeof(long) bugs for 64-bit
4197 systems.
4198 - Added support for 'Cache-Control: Only-If-Cached' request header.
34ad1721 4199 - Fixed CheckQuickAbort() bugs for multiple clients on one
4200 StoreEntry. Also changed storePendingNClients() to return
4201 mem->nclients instead of counting the number of store_client
4202 entries with pending callback functions.
275d9f2e 4203
041b157e 4204Changes to squid-1.2.beta17 (Mar 17, 1998):
4205
df43fc93 4206 - SNMP MIB version check changed to non-rcs.
02922e76 4207 - Added memory pools for variable size objects (strings).
4208 There are three pools; for small, medium, and large objects.
4209 - Extended String object to use memory pools. Most fixed size char
4210 array fields will be replaced using string pools. Same for most
4211 malloc()-ed buffers.
5e14bf6d 4212 - Changed icon handling to use the hostname and port of the squid
9ed90c85 4213 server, instead of the special hostname "internal.squid"
4214 (Henrik Nordstrom).
5e14bf6d 4215 - All icons are now configured in mime.conf. No hardcoded icons,
f8360ee3 4216 including gohper icons (Henrik Nordstrom).
459f2559 4217 - Fixed ICP bug when we send queries, but expect zero
4218 replies.
ed9c0b33 4219 - Fixed alignment/casting bugs for ICP messages.
2b5b6324 4220 - A generic client-to-server "pump" was added to handle HTTP
4221 PUT as well as POST methods on the client-cache side. Based on
4222 "pump" PUT requests can be made to either HTTP or FTP url's.
4223 Code is still beta and interoperability with browsers etc has
4224 not been tested.
4225 - Put #ifdefs around 'source_ping' code.
5e14bf6d 4226 - Added missing typedef for _arp_ip_data (Wesha).
4227 - Added regular-expression-based ACLs for client and server
4228 domain names (Henrik Nordstrom).
4229 - Fixed ident-related coredumps from incorrect callback data.
4230 - Fixed parse_rfc1123() "space" bug.
4231 - Fixed xrealloc() XMALLOC_DEBUG bug (not calling check_free())..
4232 - Fixed some src/asn.c end-of-reply bugs and memory leaks.
4233 - Fixed some peer->options flag-setting bugs.
4234 - Fixed single-parent feature to work again
4235 - Removed 'single_parent_bypass' configuration option; instead
4236 just use 'no-query'.
4237 - Surrounded 'source_ping' code with #ifdefs.
4238 - Changed 'deny_info URL' to use a custom Error page.
4239 - Modified src/client.c for testing POST requests.
041b157e 4240 - Fixed hash4() for SCO (Vlado Potisk).
459f2559 4241
7ba777f2 4242Changes to squid-1.2.beta16 (Mar 4, 1998):
4243
447203a7 4244 - Added Spanish error messages from Javier Puche.
02922e76 4245 - Added Portuguese error messages from Pedro Lineu Orso
0965bd19 4246 - Added a simple but very effective hack to cachemgr.cgi that tries to
4247 interpret lines with '\t' as table records and formats them
4248 accordingly. With a few exceptions (see source code), first line
4249 becomes a table heading ("<th>" html tag) and the rest is formated
4250 with "<td>" tags.
7021844c 4251 - Added "mem_pools_limit" configuration option. Semantics of
4252 "mem_pools" option has also changed a bit to reflect new memory
4253 management policy.
7ba777f2 4254 - Reorganized memory pools. Squid now supports a global pool
4255 limit instead of individual pool limits. Per-pool limits can be
3a88d597 4256 implemented on top of the current scheme if needed, but it is
7ba777f2 4257 probably hard to guess their values. Squid distributes pool
4258 memory among "frequently allocated" objects. There is a
4259 configurable limit on the total amount of "idle" memory to be
4260 kept in reserve. All requests that exceed that amount are
4261 satisfied using malloc library. Support for variable size
4262 objects (mostly strings) will be enabled soon.
4263 - memAllocate() has now only one parameter. Objects are always
4264 reset with 0s. (We actually never used that parameter before;
4265 it was always set to "clear").
4266 - Added Squid "signature" to all ERR_ pages. The signature is
4267 hardcoded and is added on-the-fly. The signature may use
4268 %-escapes. Added interface to add more hard-coded responses if
4269 needed (see errorpage.c::error_hard_text).
4270 - Both default and configured directories are searched for ERR_
4271 pages now. Configured directory is, of course, searched first.
4272 This allows you to customize a subset of ERR_ pages (in a
4273 separate directory) without danger of getting other copies out
4274 of sync.
4275 - Security controls for the SNMP agent added. Besides
4276 communities (like password) and views (part of tree
4277 accessible), the snmp_acl config option can be used to do acl
4278 based access checks per community.
4279 - SNMP agent was heavily re-written, based on cmu-snmpV1.8. You
4280 can now walk through the whole mib tree. Several new variables
4281 added under cacheProtoAggregateStats
12cf1be2 4282 - Added rudimental statistics for HTTP headers.
7ba777f2 4283 - Adjusted StatLogHist to a more generic/flexible StatHist.
12cf1be2 4284 Moved StatHist implementation into a separate file.
178dbda2 4285 - Added FTP support for PORT if PASV fails, also try the
4286 default FTP data port (Henrik Nordstrom).
4287 - Fixed NULL pointer bug in clientGetHeadersForIMS when a
4288 request is cancelled for fails on the client side.
4289 - Filled in some squid.conf comments (never_direct,
4290 always_direct).
4291 - Added RES_DNSRCH to dnsserver's _res.options when the
4292 -D command line option is given.
4293 - Fixed repeated Detected DEAD/REVIVED Sibling messages when
4294 peer->tcp_up == 0 (Michael O'Reilly).
4295 - Fixed storeGetNextFile's incorrect "directory does not exist"
4296 errors (Michael O'Reilly).
4297 - Fixed aiops.c race condition (Michael O'Reilly, Stewart
4298 Forster).
4299 - Added 'dns_nameservers' config option to specify non-default
4300 DNS nameserver addresses (Maxim Krasnyansky).
4301 - Added lib/util.c code to show memory map as a tree
4302 (Henrik Nordstrom).
4303 - Added HTTP and ICP median service times to Counters and
4304 cachemgr average stats.
4305 - Changed "-d" command line option to take debugging level
4306 as argument. Debugging equal-to or less-than the argument
4307 will be written to stderr.
3ff01c3e 4308 - Removed unused urlClean() function from url.c.
adba4a64 4309 - Fixed a bug that allowed '?' parts of urls to be recorded in
ef65d6ca 4310 store.log. Logged urls are now "clean".
178dbda2 4311 - Cache Manager got new Web interface (cachemgr.cgi). New .cgi
4312 script forwards basic authentication from browser to squid.
4313 Authentication info is encoded within all dynamically generated
4314 pages so you do not have to type your password often.
4315 Authentication records expire after 3 hours (default) since
4316 last use. Cachemgr.cgi now recognizes "action protection" types
4317 described below.
4318 - Added better recognition of available protection for actions
4319 in Cache Manager. Actions are classified as "public" (no
4320 password needed), "protected" (must specify a valid password),
4321 "disabled" (those with a "disable" password in squid.conf), and
4322 "hidden" (actions that require a password, but do not have
4323 corresponding cachemgr_passwd entry). If you manage to request
4324 a hidden, disabled, or unknown action, squid replies with
4325 "Invalid URL" message. If a password is needed, and you failed
4326 to provide one, squid replies with "Access Denied" message and
4327 asks you to authenticate yourself.
4328 - Added "basic" authentication scheme for the Cache Manager.
4329 When a password protected function is accessed, Squid sends an
4330 HTTP_UNAUTHORIZED reply allowing the client to authorize itself
4331 by specifying "name" and "password" for the specified action.
4332 The user name is currently used for logging purposes only. The
4333 password must be an appropriate "cachemgr_passwd" entry from
4334 squid.conf. The old interface (appending @password to the url)
4335 is still supported but discouraged. Note: it is not possible
4336 to pass authentication information between squid and browser
4337 *via a web server*. The server will strip all authentication
4338 headers coming from the browser. A similar problem exists for
4339 Proxy-Authentication scheme.
4340 - Added ERR_CACHE_MGR_ACCESS_DENIED page to notify of
4341 authentication failures when accessing Cache Manager.
63259c34 4342 - Added "-v" (Verbose) and "-H" (extra Headers) options to client.c.
178dbda2 4343 - Added simple context-based debugging to debug.c. Currently,
4344 the context is defined as a constant string. Context reporting
4345 is triggered by debug() calls. Context debugging routines
4346 print minimal amount of information sufficient to describe
4347 current context. The interface will be enhanced in the future.
4348 - Replaced _http_reply with HttpReply. HttpReply is a
4349 stand-alone object that is responsible for parsing, swapping,
4350 and comm_writing of HTTP replies. Moved these functions from
4351 various modules into HttpReply module.
8bfcd557 4352 - Added HttpStatusLine, HttpHeader, HttpBody.
178dbda2 4353 - All HTTP headers are now parsed and stored in a "compiled"
4354 form in the HttpHeader object. This allows for a great
4355 flexibility in header processing and builds basis for support
4356 of yet unsupported HTTP headers.
4357 - Added Packer, a memory/store redirector with a printf
4358 interface. Packer allows to comm_write() or swap() an object
4359 using a single routine.
4360 - Added MemBuf, a auto-growing memory buffer with printf
4361 capabilities. MemBuf replaces most of old local buffers for
4362 compiling text messages.
4363 - Added MemPool that maintains a pre-allocated pool of opaque
4364 objects. Used to eliminate memory thrashing when allocating
4365 small objects (e.g. field-names and field-value in http
4366 headers).
8bfcd557 4367
3197e644 4368Changes to squid-1.2.beta15 (Feb 13, 1998):
4369
55647891 4370 NOTE: This version has changes which may cause all or part
4371 of your cache to be lost. However, you can problably
4372 save most of it by doing a slow restart. Specifically:
4373
4374 1. Kill the running squid-1.2.beta14 process; wait for it to
4375 fully exit.
4376 2. Remove all 'swap.state*' files, either in each cache_dir, or
4377 as defined in your squid.conf
4378 3. Start squid-1.2.beta15. The store will be rebuilt from the
4379 existing swap files, reading the directories and opening
4380 the files.
4381
bcfbdc11 4382 - Fixed some problems related to disk (and pipe) write error
4383 handling. file_close() doesn't always close the file
4384 immediately; i.e. when there are pending buffers to write.
4385 StoreEntry->lock_count could become zero while a write is
4386 pending, then bad things happen during the callback.
4387 - The file_write() callback data must now be in the callback
4388 database (cbdata). We now use the swapout_ctrl_t structure
4389 for the callback data; it stays around for as long as we are
4390 swapping out.
4391 - Changed the way write errors are handled by diskHandleWrite.
4392 If there is no callback function, now we exit with a fatal
4393 message under the assumption that the file in question is a
4394 log file or IPC pipe. Otherwise, we flush all the pending
4395 write buffers (so we don't see multiple repeated write errors
4396 from the same descriptor) and let the upper layer decide how
4397 to handle the failure.
4398 - Fixed storeDirWriteCleanLogs. A write failure was leaving
4399 some empty swap.state files, even though it tells us that its
4400 "not replacing the file." Don't flush/rename logs which we
4401 have prematurely closed due to write failures, indiciated by
4402 fd[dirn] == -1. Close these files LAST, not before
4403 renaming.
4404 - Fixed storeDirClean to clean directories in a more sensible
4405 order, instead of the new "MONOTONIC" order for swap files.
0465e406 4406 - Merged fdstat.c functions into fd.c.
4407 - Cleaned up some debugging sections. Some unrelated source
4408 files were using the same section.
4409 - Removed curly brackets from all cachemgr output.
4410 - Removed unused filemap->last_file_number_allocated member.
4411 - Removed unused fde->lifetime_data member.
4412 - Fixed incorrectly applying htonl() on icp_common_t->shostid.
4413 - Call setsid() before exec() in ipc.c so that child processes
4414 don't receive SIGINT (etc) when running squid on a tty.
2f2dd5ad 4415 - Changed StoreEntry->object_len to ->swap_file_sz so we
4416 can verify the disk file size at restart. Moved object_len
4417 to MemObject->object_sz. Note object_sz is initialized
4418 to -1. If object_sz < 0, then we need to open the swap
4419 file and read the swap metadata.
4420 - Changed store_client->mem to ->entry because we need
4421 e->swap_file_sz to set mem->object_sz at swapin.
2f2dd5ad 4422 - Renamed storeSwapData structure to storeSwapLogData.
4423 - Fixed storeGetNextFile to not increment d->dirn. Added
4424 check for opendir() failure.
4425 - Fixed storeRebuildStart to properly link the directory
4426 list for storeRebuildfromDirectory mode.
e157f97f 4427 - Added -S command line option to double-check store
4428 consistency with disk files in storeCleanup().
4429 - Fixed a problem with transactional logging. In many
4430 cases we were adding the public cache key and then
4431 logging a delete for the private key. This is worthless
4432 because during rebuild we could not locate the previous
4433 public-keyed entry. Now we assert that only public-keyed
4434 entries can be logged to swap.state. storeSetPublicKey()
4435 and storeSetPrivateKey() have been modified to log an
4436 ADD or DEL when the key changes.
4437 - Fixed storeDirClean bug. Needed to call
4438 storeDirProperFileno() so the "dirn bits" get set.
4439 - Fixed a storeRebuildFromDirectory bug. fullpath[] and
4440 fullfilename[] were static to that function and did
4441 not change when the "rebuild_dir" arg did. Moved these
4442 buffers to the rebuild_dir structure.
4443 - In storeRebuildFromSwapLog, we were calling storeRelease()
4444 for cache key collisions. This only set the RELEASE_REQUEST
4445 bit and did not clear the swap_file_number in the filemap or
4446 in the StoreEntry, so the swap file could get unlinked later
4447 when it was really released.
4e0f0471 4448 - Fixed FTP so that ';type=X' specifically sets the HTTP reply
4449 content-type and content-encoding (Henrik Nordstrom).
4450 - Removed 'icon_content_type' configuration option. Content
4451 types now taken from mime.conf (Henrik Nordstrom).
2a9b2b73 4452 - Added additional memory malloc tracing and memory leak
4453 detection. Use --enable-xmalloc-debug-trace configure
4454 option and -m command line option (Henrik Nordstrom).
bcfbdc11 4455
93169941 4456Changes to squid-1.2.beta14 (Feb 6, 1998):
4457
5471db88 4458 - Replaced snmplib free() calls with xfree().
4459 - Changed the 'net_db_name' hash table structure to
4460 make it easier to move names from one network to another
4461 (copied from 1.1 code).
93169941 4462 - Filled in some of the config dump routines (dump_acl,
4463 dump_acl_access).
4464 - Full memory debugging option (--enable-xmalloc-debug-trace)
4465 (Henrik Nordstrom).
4466 - Filled-in and clarified many squid.conf comments (Oskar
4467 Pearson).
4468 - Fixed up handling of SWAP_LOG_DEL swap.state entries.
5471db88 4469
f91834bf 4470Changes to squid-1.2.beta13 (Feb 4, 1998):
f577e074 4471
b4512acd 4472 - NOTE: With this version the "swap.state" file format has
4473 changed. Running this version for the first time will
4474 cause your current cache contents to be lost!
f91834bf 4475 - NOTE: this version still has the bug where we don't rewind
4476 a swapout file and rewrite the swap meta data. Objects
4477 larger than 8KB will be lost when rebuilding from the swap
4478 files.
d04dd4bf 4479 - Combined various interprocess communication setup functions
4480 into ipcCreate().
4481 - Removed some leftover ICP_HIT_OBJ things.
4482 - Removed cacheinfo and proto_count() and friends; these are to
4483 be replaced in functionality by StatCounters and 5/60 minute
4484 average views via cachemgr.
4485 - Fixed --enable-acltree configure message (Masashi Fujita).
4486 - Fixed no reference to @LIB_MALLOC@ in src/Makefile.in
4487 (Masashi Fujita).
4488 - Fixed building outside of source tree (Masashi Fujita).
dbfed404 4489 - FTP: Format NLST listings, and inform the user that the NLST
4490 (plain) format is available when we find a LIST listing that we
4491 don't understand (Henrik Nordstrom)
4492 - FTP: Use SIZE on Binary transfers, and not ASCII. The
4493 condition was inversed, making squid use SIZE on ASCII
4494 transfers (Henrik Nordstrom).
4495 - Enable virtual and Host: based acceleration in order to be
4496 able to use Squid as a transparent proxy without breaking
4497 either virtual servers or clients not sending Host: header
4498 the order of the virtual and Host: based acceleration needs
4499 to be swapped, giving Host: a higher precendence than virtual
4500 host (Henrik Nordstrom).
4501 - Use memmove/bcopy as detected by configure Some systems does
4502 not have memmove, but have the older bcopy implementation
4503 (Henrik Nordstrom).
6cf028ab 4504 - Completely rewritten aiops.c that creates and manages a pool
4505 of threads so thread creation overhead is eliminated (SLF).
4506 - Lots of mods to store.c to detect and cancel outstanding
4507 ASYNC ops. Code is not proven exhaustive and there are
4508 definately still cases to be found where outstanding disk ops
4509 aren't cancelled properly (SLF).
4510 - Changes to call interface to a few routines to support disk
4511 op `tagging', so operations can be cleanly cancelled on
4512 store_abort()s (SLF).
4513 - Implementation of swap.state files as transaction logs.
4514 Removed objects are now noted with a negative object size.
4515 This allows reliatively clean rebuilds from non-clean
4516 shutdowns (SLF).
4517 - Now that the swap.state files are transaction logs, there's
4518 now no need to validate by stat()ing. All the validation
4519 procedure does is now just set the valid bit AFTER all the
4520 swap.state files have been read, because by that time, only
4521 valid objects can be left. Object still need to be marked
4522 invalid when reading the swap.state file because there's no
4523 guarantee the file has been retaken or deleted (SLF).
4524 - An fstat() call is now added after every
4525 storeSwapInFileOpened() so object sizes can be checked. Added
4526 code to storeRelease() the object if the sizes don't match (SLF).
6474667e 4527 - #defining USE_ASYNC_IO now uses the async unlink() rather than
4528 unlinkd() (SLF).
6cf028ab 4529 - #defining MONOTONIC_STORE will support the creation of disk
4530 objects clustered into directories. This GREATLY improves disk
4531 performance (factor of 3) over old `write-over-old-object'
4532 method. If using the MONOTONIC_STORE, the
4533 {get/put}_unusedFileno stack stuff is disabled. This is
4534 actually a good thing and greatly reduces the risk of serving
4535 up bad objects (SLF).
4536 - Fixed unlink() in storeWriteCleanLogs to be real unlink()
4537 rather than ASYNC/unlinkd unlinks. swap.state.new files were
4538 being removed just after they were created due to delayed
4539 unlinks (SLF).
4540 - Disabled various assertions and made these into debug warning
4541 messages to make the code more stable until the bugs can be
4542 tracked down (SLF).
4543 - Added most of Michael O'Reilly's patches which included many
4544 bug fixes. Ask him for full details (SLF).
4545 - Moved aio_check_callbacks in comm_{poll|select}(). It was
4546 called after the fdset had been built which was wrong because
4547 the callbacks were changing the state of the read/write
4548 handlers prior to the poll/select() calls (SLF).
f09f5b26 4549 - Fixed ARP ACL memory leaks (Dale).
f577e074 4550 - Eliminated URL and SHA cache keys. Cache keys will always
4551 be MD5's now.
4552 - Fixed up store swap meta data.
4553 - Changed swap.state logs to a binary format.
f91834bf 4554 - The swap.state logs are written transaction-style.
d04dd4bf 4555
b5cfbd5b 4556Changes to squid-1.2.beta12 (Jan 30, 1998):
4557
b4512acd 4558 - Added metadata headers to cache swap files. This is an
4559 incompatible change with previous versions. Running this
4560 version for the first time will cause your current cache
4561 contents to be lost.
9fc0b4b8 4562 - -D_REENTRANT when linking with -lpthreads (Henrik Nordstrom)
4563 - Show symlink destinations as a hyperlink in FTP listings
4564 (Henrik Nordstrom)
3a4eaced 4565 - Fixed not allocating enough space for rewriting URLs with
4566 the Host: header (Eric Stern).
4567 - Year-2000 fixes (Arjan de Vet).
4568 - Fixed looping for cache hits on HEAD requests.
fc6dc767 4569 - Fixed parseHttpRequest() coredump for
6474667e 4570 "GET http://foo HTTP/1.0\r\n\r\n\r\n"
9fc0b4b8 4571
9f802cb1 4572Changes to squid-1.2.beta11 (Jan 6, 1998):
4573
fd82d0b0 4574 - Fixed fake 'struct rusage' definition which prevented compling
4575 on Solaris 2.4.
4576 - Fixed copy-by-ref bug for request->headers in
4577 clientRedirectDone() (Michael O'Reilly).
812db943 4578 - Workaround for Solaris pthreads closing FD 0 upon fork()
4579 (Michael O'Reilly).
05fd71a7 4580 - Fixed shutdown bug with outgoing UDP sockets; we need to
4581 disable their read handlers.
4582 - For comm_poll(), use the fast 50 msec timeout only when
4583 USE_ASYNC_IO is defined.
1fbc6de3 4584 - Fixed pointer bug when freeing AS# ACL entries.
4585 - Fixed forgetting to reset Config.npeers to zero in free_peer().
0f6bdbfa 4586 - Fixed ICP bug causing excessive TIMEOUTs with sibling
4587 neighbors. We must call the ICP reply callback even for
4588 sibling misses.
4589 - Fixed some dnsserver-related reconfigure bugs. Need to
4590 use cbdataLock, etc in fqdncache.c. Also don't want to
4591 use ipcacheQueueDrain() and fqdncacheQueueDrain().
4592 - Fixed persistent connection bug. We were incorrectly
4593 deciding that non-200 replies without content-length
4594 would not have a reply body.
4595 - Fixed intAverage() precedence bug.
4596 - Fixed memmove() 'len' arg bug.
4597 - Changed algorithm for determining alive/dead state of peers.
4598 Instead of using a fixed number of unacknowledged ICP
4599 replies, it is now based on timeouts. If there are no ICP
4600 replies received from a peer within 'dead_peer_timeout'
4601 seconds, then we call it dead.
4602 - Added calls to getCurrentTime() in
4603 comm_{select,poll}_incoming() when ALARM_UPDATES_TIME is not
4604 being used.
4605 - Fixed shutdown bug when the incoming and outgoing ICP socket
4606 is the same file descriptor.
e970f357 4607 - Added buffered writes for storeWriteCleanLogs() (Stewart
4608 Forster).
4609 - Patches for Qnx4 (Jean-Claude MICHOT).
4610 - Fixed returning void functions which seems to be a GCC-ism.
e5f4e1b0 4611 - New configure script options (Henrik Nordstrom):
4612 --enable-new-storekey=[sha|md5(|url)] (was --enable-hashkey)
4613 --enable-acltree
4614 --enable-icmp
4615 --enable-delay-hack
4616 --enable-useragent-log
4617 --enable-kill-parent (this should be named -hack)
4618 --enable-snmp
4619 --enable-time-hack
4620 --enable-cachemgr-hostname[=hostname] (new)
4621 --enable-arp-acl (new)
4622 - Added Doug Lea malloc-2.6.4 to the distribution, so that
4623 people easily can try a decent malloc package if they syspect
4624 their malloc is broken. --enable-dlmalloc (Henrik Nordstrom).
4625 - Made XMALLOC_DEBUG_COUNT working again. Requires a small stub
4626 function (Henrik Nordstrom).
4627 - Removed top-level Makefile. People must now run 'configure'
4628 before 'make'.
714ace98 4629 - Fixed checkFailureRatio() implementation.
82b3c7d9 4630 - Made 'squid -z' behave like the 1.1 version.
e5f4e1b0 4631
fd82d0b0 4632
ab9a3f7e 4633Changes to squid-1.2.beta10 (Jan 1, 1998):
4634
4635 - Fixed content-length bugs for 204 replies, 304 replies,
4636 and HEAD requests (Henrik Nordstrom).
4637 - Fixed errorAppendEntry() bug in gopherReadReply().
4638 - Basic support for FTP URL typecodes (;type=X).
9c965c1b 4639 - Support for access controls based on ethernet MAC addresses
ab9a3f7e 4640 (Dale).
4641 - Initial URN support; see
4642 http://squid.nlanr.net/Squid/urn-support.html
4643 - Fixed client-side persistent connections for objects with
4644 bad content lengths (Henrik Nordstrom).
4645 - Fixed bad call to storeDirUpdateSwapSize() for objects which
4646 never reach SWAPOUT_DONE state.
68e3a9df 4647 - Fixed up poll() #defines in squid.h (Stewart Forster).
4648 - Changed poll() timeout from 1000 msec to 50 msec for
4649 better performance under low load (Stewart Forster).
e7a1fde6 4650 - Changed storeWriteCleanLogs() to write objects in the LRU
4651 list order instead of the random hash table order.
109ff6af 4652 - Fixed FTP bug when data socket connections fail or timeout.
4653 - Reuse FTP data connection when possible (Henrik Nordstrom).
4654 - Added configure options (Henrik Nordstrom)
4655 --enable-store-key=sha|md5
4656 --enable-xmalloc-statistics
4657 --enable-xmalloc-debug
78743365 4658 --enable-xmalloc-debug-count
4659 --async-io
109203bf 4660 - Fixed confusing with the use/meaning of ERR_CANNOT_FORWARD
4661 by creating ERR_FORWARDING_DENIED and changing the
4662 content of the ERR_CANNOT_FORWARD text.
4e9c07c1 4663 - Fixed pipeline request bug from using strdup() (Henrik
4664 Nordstrom).
4665 - Call clientReadRequest() directly instead of commSetSelect()
4666 for pipelined requests (Henrik Nordstrom).
1b02b5be 4667 - Fixed 4k page leak in icpHandleIMSReply();
4668 - Renamed 'icp*' functions to 'client*' names in client_side.c.
e7a1fde6 4669
b90a0f8d 4670Changes to squid-1.2.beta8 (Dec 2, 1997):
4671
eae03fc8 4672 - Fixed accessLogLog() to log ident from Proxy-Authorization
4673 request header (BoB Miorelli).
226f9ba2 4674 - Fixed #includes, prototypes, etc. in SNMP source files.
4675 - Moved 'POLLRDNORM' and 'POLLWRNORM' macro checks from
4676 include/config.h.in to src/squid.h
4677 - Moved 'num32' typedefs from src/typedefs.h to
4678 include/config.h.in.
4679 - Moved snmplib/md5.c to lib/md5.c.
4680 - Added MD5 cache key support.
4681 - Removed xmalloc() return check in uudeocde.c
4682 - Added 'ifdef' support to cf_gen.c for optional code (e.g. SNMP)
4683 - Changed 'client' program to provide easier cache manager access,
3ff01c3e 4684 e.g.: 'client mgr:info'
226f9ba2 4685 - Fixed 'client' to send 'Connection' instead of 'Proxy-Connection'
4686 for simulated keep-alive requests.
4687 - Removed 'fd' arg from clientProcess* functions.
9e3468d5 4688 - Fixed bugs from using errorSend() on persistent/pipelined
226f9ba2 4689 client connections. A latter request should not be allowed to
4690 write to the client fd until the current request completes.
4691 Now use errorAppendEntry() for such situations.
4692 - Fixed content-length bugs. We were using content-length == 0
4693 to also indicate a lack of content-length reply header. But
4694 'content-length: 0' might appear in a reply, so now use -1 to
4695 indicate that no content length given.
4696 - Split up clientProcessRequest() into smaller chunks so it
4697 might be easier to follow.
4698 - renamed various client_side.c functions to start with 'client'
4699 instead of 'icp'.
4700 - Fixed a 'cbdata leak' from the comm.c close handlers.
4701 - Fixed a 'cbdata leak' from the comm.c connect routines.
4702 - Fixed comm_select() and comm_poll() to stop looping on the
4703 incoming HTTP/ICP sockets. If there are fewer than 7 FD's
4704 ready for I/O, the incoming sockets might not get service, so
4705 comm_select() would be called for up to 7 times until the
4706 'incoming_counter' was incremented enough to trigger a call
4707 to comm_select_incoming(). Now we make sure
4708 comm_select_incoming() gets called if select returns less
4709 than 7 ready FD's.
9e3468d5 4710 - Added errorpage '%B' token to generate FTP URLs with a '%2f'
4711 inserted at the start of the url-path. calls ftpUrlWith2f().
4712 (Henrik Nordstrom).
226f9ba2 4713 - Changed fqdncache.c to use LRU double-linked list instead of qsort()
4714 for replacement and cachemgr output.
4715 - Changed ipcache.c to use LRU double-linked list instead of qsort()
4716 - Changed hash_insert() and hash_join() to return void.
4717 for replacement and cachemgr output.
4718 - Moved StoreEntry->method member to MemObject->method.
4719 - Made StoreEntry->flags 16 bits.
4720 - Made StoreEntry->refcount 16 bits.
4721 - Changed URL-based public cache key to always include the request
4722 method.
eae03fc8 4723
95bc9f0b 4724Changes to squid-1.2.beta7 (Nov 24, 1997):
4725
6a11653c 4726 - Fixed poll() for Linux (David Luyer).
4727 - SHA optimizations (David Luyer).
4728 - Fixed errno clashes with macro on Linux (David Luyer).
4729 - Fixed storeDirCloseSwapLogs(); logs might not be open.
4730 - Fixed storeClientCopy2() bug. Detect when there is
4731 no more data to send for objects in STORE_OK state.
19ee64b1 4732 - Fixed FTP truncation bug when ftpState->size == 0, e.g.
4733 especially directory listings.
95bc9f0b 4734 - Mega FTP fix from Henrik Nordstrom. A better job of
4735 implementing the '%2f' hack.
4736 - Fixed some pipelined request bugs. storeClientCopy() was
4737 being given the wrong StoreEntry, and we had a race condition
4738 which is now handled by storeClientCopyPending().
99077fe6 4739 - Added initial SNMP support.
6a11653c 4740
2c9b45c9 4741Changes to squid-1.2.beta6 (Nov 13, 1997):
4742
1b5516d3 4743 - Fixed Authorized responses getting swapped out when they
4744 don't have Proxy-Revalidate reply header.
4745 - Fixed Proxy Authentication support. We never sent back
4746 a 407 reply, and were incorrectly incrementing the passwd
4747 before comparing it.
4748 - Fixed stat()ing pathnames for default values before parsing
4749 config file (Ron Gomes).
4750 - Fixed logging request and response headers on separate lines
4751 (Ron Gomes).
4752 - Fixed FTP Authentication message (Henrik Nordstrom).
4753 - Changed Proxy Authentication to trigger a reread of the passwd
4754 file if a password check fails (Henrik Nordstrom).
4755 - Changed FTP to retry the first CWD with a leading slash if it
4756 fails without one.
4757
8c17a569 4758Changes to squid-1.2.beta5 (Nov 6, 1997):
4759
90045285 4760 - Track the 'keep-alive ratio' for a peer as the ratio of
4761 the number of replies including 'Proxy-Connection: Keep-Alive'
4762 compared to the number of requests sent. If the peer does
4763 not support Persistent connections then this ratio will tend
4764 toward zero. If the ratio is less than 50% after 10 requests
4765 then we'll stop sending Keep-Alive.
8c3994aa 4766 - Proper support for %nn escapes in FTP, and numerous
4767 other fixes (Henrik Nordstrom).
4768 - Support for Secure Hash Algorithm and framework for other
4769 hash functions as cache keys.
4770 - Fixed SSL snprintf() bug which broke SSL proxying.
4771 - Fixed store_dir swap log bug from reconfigure (SIGHUP).
8c17a569 4772 - Fixed LRU Reference Age bug. The arg to pow() must be
8031bd43 4773 minutes, not seconds.
90045285 4774
9ddfb255 4775Changes to squid-1.2.beta4 (Oct 30, 1997):
4776
a493f974 4777 - Fixed DST bug in rfc1123.c
4778 - Changed default http_accel_port to 80.
4779 - added errorCon() as a ErrorState constructor function
4780 (Max Okumoto).
4781 - Added ERR_FTP_FAILURE message for ftpFail().
4782 - For FTP, the timeout callback must be moved to the 'data'
4783 descriptor when data transfer begins. Otherwise we are
4784 likely to get a timeout on the control descriptor.
4785 - Fixed double-free bug in httpRequestFree().
4786 - Fixed store_swap_size counting bug in storeSwapOutHandle().
4787
409a6aad 4788Changes to squid-1.2.beta3 (Oct 29, 1997):
4789
4790 - Initialize _res.options to RES_DEFAULT in dnsserver.c.
4791 - Fix assertions which assumed 4-byte pointers.
4792 - Fix missing % in fqdncache.c snprintf().
4793
5a2d610b 4794Changes to squid-1.2.beta2 (Oct 28, 1997):
4795
8c3994aa 4796 - Fixed aiops.c and async_io.c so that they actually compile
f5b8bbc4 4797 with USE_ASYNC_IO (Arjan de Vet).
4798 - Fixed errState->errno causing problems with some macros
4799 (Michael O'Reilly).
d287f51e 4800 - Fixed memory leaks in pconn.c (Max Okumoto).
0866009b 4801 - Enhanced 'client' program with 'ping' behaviour (Ron Gomes).
272547b5 4802 - Fixed InvokeHandlers() from calling memCopy() for ALL
4803 store_client's with callbacks. A store_client might be reading
4804 from disk.
5a2d610b 4805 - Rewrote storeMaintainSwapSpace(). No longer will we scan one
272547b5 4806 bucket at a time. Instead we'll maintain a single LRU
4807 list. When an object is 'touched' we move it to the
4808 top of this list. When we need disk space, we delete
4809 from the bottom.
5a2d610b 4810 - Removed storeGetSwapSpace().
f5b8bbc4 4811
871f0b8a 4812Changes to squid-1.2.beta1 ():
4813
4814 - Reworked storage manager to not keep objects in memory during
4815 transit. In other words, no separate NOVM distribution.
4816 - Lots of cleanup and debugging for beta release.
4817 - Use snprintf() everywhere instead of sprintf().
4818 - The 'in_memory' hash table has been replaced with a
4819 doubly-linked list. New objects are added to the head of
4820 the list. When memory space is needed, old objects are
4821 purged from the tail of the list.
4822
0edfe7a2 4823Changes to squid-1.2.alpha7 ():
4824
c4958532 4825 - fixes fixes fixes.
4826 - Made Arjan's PROXY_AUTH ACL patch standard.
0edfe7a2 4827
8905b90c 4828Changes to squid-1.2.alpha6 ():
4829
6684fec0 4830 - Simpler cacheobj implementation.
6605655c 4831 - persistent connection histogram
8872e1f8 4832 - SERVER-SIDE PERSISTENT CONNECTIONS:
6474667e 4833 - Added pconn.c
4834 - Addec Cofig.Timeout.pconn; default 120 seconds
4835 - Added httpState->flags
4836 - Added flags arg to httpBuildRequestHeader()
4837 - Added HTTP_PROXYING and HTTP_KEEPALIVE flags
4838 - Added 'Connection' to allowed HTTP headers (http-anon.c)
8872e1f8 4839 - Added 'Proxy-Connection' to allowed HTTP headers
4840 (http-anon.c)
a7736231 4841 - Merged proxyhttpStart() with httpStart() and created
8872e1f8 4842 new httpBuildState().
4843 - New httpPconnTransferDone() detects end-of-data on
4844 persistent connections.
6684fec0 4845
88738790 4846Changes to squid-1.2.alpha5 ():
4847
4848 - New configuration system. Everything is generated from
4849 'cf.data.pre', including the main parser, setting defaults,
4850 outputting current values, and freeing memory.
4851 This also involved moving some of the local data structures
4852 (e.g. struct _acl *AclList in acl.c) to the Config
4853 structure. (Max Okumoto)
4854 - No more '/i' for regular expressions. Now insert a '-i'
4855 to switch to case-insensitive. Use '+i' for case-sensitive.
4856 - When you have a variable named the same as its type, sizeof()
4857 gets the wrong one (fde).
4858 - Need to flush unbuffered logs before fork().
4859 - Added two fields swap log: refcount and e->flag.
4860 - Removed all the .h files for each .c file. Now #include stuff
4861 is in either: defines.h, enums.h, typedefs.h, structs.h,
4862 or protos.h, globals.h. This greatly reduces dependencies
4863 between the various source files.
4864 - globals.c is generated from globals.h by a Perl script.
8ee3ca2c 4865 - Started customizable error texts.
88738790 4866
97f674c8 4867Changes to squid-1.2.alpha4 ():
4868
ec973719 4869 - New MIME configuration, regular expression based
4870 - Added request_timeout config option
4871 - Multiple HTTP sockets (Lincoln Dale).
4872 - Moved 'fds_are_n_free' check to httpAccept().
4873 - s/USE_POLL/HAVE_POLL/; make poll() default if available.
7e49f700 4874 - Changed storeRegister to use offsets and make immediate
4875 callbacks if appropriate.
4876 - Removed icpDetectClientClose(). Some of that functionality
4877 goes into clientReadRequest() and the rest into
4878 httpRequestFree().
b1b387d1 4879 - Moved IP lookups to commConnect stuff.
4880 - Added support for retrying connect().
858164fc 4881 - New inline debug() macro (David Luyer).
e174e0fe 4882 - Replace frequent gettimeofday() calls with alarm(3) based
4883 clock. Need to add more gettimeofday() calls to get back
a59968c7 4884 high-resolution timestamp logging (Andres Kroonmaa).
0153d498 4885 - Added support for Cache-control: proxy-revalidate;
4886 based on squid-1.1 patch from Mike Mitchell.
ec973719 4887
3b08d32d 4888Changes to squid-1.2.alpha3 ():
4889
4890 - Implemented persistent connections between clients and squid.
4891 - Moved various FD tables (comm.c, fdstat.c, disk.c) to a single
4892 table in fd.c.
4893 - Removed use of FD as an identifier in certain callback
4894 operations (ipcache, fqdncache).
4895 - General code cleanup.
4896 - Fixed typedefs for callback functions.
4897 - Removed FD lifetime/timeout dichotomy. Now we only have
4898 timeouts, however the lifetime concept/keyword may still
4899 linger in certain places.
4900 - Change Makefile 'realclean' target to 'distclean'
4901 - Changed config file parsing of time specifications to use
4902 parseTimeLine().
4903 - Removed storetoString.c
4904
4905Changes to squid-1.2.alpha2 ():
74cebec0 4906
4907 - Merged squid-1.1.9, squid-1.1.10 changes
4908
7b41ec97 4909Changes to squid-1.2.alpha1 ():
4910
4911 - Unified peer selection algorithm.
75e88d56 4912 - aiops.c and aiops.h are a threaded implementation of
4913 asynchronous file operations (Stewart Forster).
4914 - async_io.c and async_io.h are complete rewrites of the old
4915 versions (Stewart Forster).
6ad85e8a 4916 - Rewrote all disk file operations of squid to support
75e88d56 4917 the idea of callbacks except where not required (Stewart
4918 Forster).
75e88d56 4919 - Background validation of 'tainted' swap log entries (Stewart
4920 Forster).
4921 - Modified storeWriteCleanLog to create the log file using the
4922 open/write rather than fopen/printf (Stewart Forster).
4923 - Added the EINTR error response to handle badly interrupted
4924 system calls (Stewart Forster).
6ad85e8a 4925 - UDP_HIT_OBJ not supported, removed.
4926 - Different sized 'cache_dirs' supported.
75e88d56 4927
e924600d 4928==============================================================================
Mirror of https://github.com/squid-cache/squid.git