From: squidadm <squidadm@users.noreply.github.com>
Date: Thu, 7 Dec 2017 14:31:54 +0000 (+1300)
Subject: Prep for 4.0.22
X-Git-Tag: M-staged-PR71~30
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=96e628ec26e36e69803f762d94954d08b1c079b0;p=thirdparty%2Fsquid.git

Prep for 4.0.22
---

diff --git a/ChangeLog b/ChangeLog
index a939f13f05..4c1e50e822 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,21 @@
+Changes to squid-4.0.22 (07 Dec 2017):
+
+	- Regression fix: Relay peer CONNECT error status line and headers to clients
+	- Bug 4767: SMP breaks IPv6 SNMP and cache manager queries
+	- Bug 4718: support filling raw buffer space of shared SBufs
+	- Bug 4648: object revalidation for HTTPS scheme
+	- Bug 4616: store_client.cc:92: "mem" assertion
+	- Bug 2821: ignore Content-Range in non-206 responses
+	- HTCP: Ignore packets with invalid URI
+	- TLS: Validate the shortest certificate chain
+	- TLS: Add checks for OpenSSL 1.1.0f API changes
+	- TLS: Fix reporting of validation errors for downloaded intermediate certs
+	- TLS: Fix SSL certificate cache refresh and collision handling
+	- Fix backwards compatibility for Squid-3.5 external_acl_type formats
+	- Fix invalid mime icon URLs in cache
+	- Do not die silently when dying early
+	- Docs: update translation files
+
 Changes to squid-4.0.21 (02 Jul 2017):
 
 	- Bug 4730: segfault while processing internal HTTP requests
@@ -19,11 +37,11 @@ Changes to squid-4.0.21 (02 Jul 2017):
 
 Changes to squid-4.0.20 (01 Jun 2017):
 
-	- Bug #4692: SslBump breaks intercepted IPv6 connections
-	- Bug #4682: ignoring http_access deny when client-first bumping mode is used
-	- Bug #4662: build errors with LibreSSL 2.4.4
-	- Bug #4659: sslproxy_foreign_intermediate_certs does not work
-	- Bug #4321: ssl_bump terminate does not terminate at step1
+	- Bug 4692: SslBump breaks intercepted IPv6 connections
+	- Bug 4682: ignoring http_access deny when client-first bumping mode is used
+	- Bug 4662: build errors with LibreSSL 2.4.4
+	- Bug 4659: sslproxy_foreign_intermediate_certs does not work
+	- Bug 4321: ssl_bump terminate does not terminate at step1
 	- Add 'has' ACL
 	- Do not forward HTTP requests to dead idle peers
 	- Do not unconditionally revive dead peers after a DNS refresh
diff --git a/doc/release-notes/release-4.sgml b/doc/release-notes/release-4.sgml
index c53a8a9646..7d0135854e 100644
--- a/doc/release-notes/release-4.sgml
+++ b/doc/release-notes/release-4.sgml
@@ -1,6 +1,6 @@
 <!doctype linuxdoc system>
 <article>
-<title>Squid 4.0.21 release notes</title>
+<title>Squid 4.0.22 release notes</title>
 <author>Squid Developers</author>
 
 <abstract>
@@ -12,7 +12,7 @@ for Applied Network Research and members of the Web Caching community.
 <toc>
 
 <sect>Notice
-<p>The Squid Team are pleased to announce the release of Squid-4.0.21 for testing.
+<p>The Squid Team are pleased to announce the release of Squid-4.0.22 for testing.
 
 This new release is available for download from <url url="http://www.squid-cache.org/Versions/v4/"> or the
  <url url="http://www.squid-cache.org/Download/http-mirrors.html" name="mirrors">.
diff --git a/src/ssl/support.cc b/src/ssl/support.cc
index b23006dca8..78374ce032 100644
--- a/src/ssl/support.cc
+++ b/src/ssl/support.cc
@@ -1086,7 +1086,7 @@ Ssl::uriOfIssuerIfMissing(X509 *cert, Security::CertList const &serverCertificat
         if (const char *issuerUri = hasAuthorityInfoAccessCaIssuers(cert)) {
             // There is a URI where we can download a certificate.
             if (!findCertIssuerFast(SquidUntrustedCerts, cert) &&
-                !issuerExistInCaDb(cert, context)) {
+                    !issuerExistInCaDb(cert, context)) {
                 // and issuer not found in local databases containing
                 // untrusted certificates and trusted CA certificates
                 return issuerUri;