From: Amos Jeffries Date: Sun, 2 Dec 2012 09:22:41 +0000 (-0700) Subject: 3.2.4 X-Git-Tag: SQUID_3_2_4 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d66163d55648b4be88a8b6be0714a96db21d09ca;p=thirdparty%2Fsquid.git 3.2.4 --- diff --git a/ChangeLog b/ChangeLog index 8da0fab4fb..2a59705e99 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,15 @@ +Changes to squid-3.2.4 (03 Dec 2012): + + - Ported: urllogin ACL from squid 2.7 + - Bug 3688: Lots of Orphan Comm:Connections to ICAP server + - Bug 3677: Port un-pinning logic changes from squid 3.3 + - Bug 3405: ssl_crtd crashes failing to remove certificate + - ... and major bugs fixed in squid 3.1.22 + - Fix accept_filter on Linux + - Remove 'Bungled' warning on missing component directives + - ... and many buffer and memory leak issues in the bundled helpers + - ... and a small amount of code polishing + Changes to squid-3.2.3 (21 Oct 2012): - Regression: SMP crashes on startup with workers > 1 @@ -435,6 +447,14 @@ Changes to squid-3.2.0.1 (03 Aug 2010): - ... and a great many testing improvements - ... and many documentation updates +Changes to squid-3.1.22 (03 Dec 2012): + + - Bug 3685: Squid hangs in Delay Pools ClassCBucket::update + - Bug 3659: read_timeout problem with HTTPS + - Bug 3654: Fix IPv6 enabled squidclient + - Bug 3189: AIO thread race on pipe() initialization + - cachemgr.cgi: Memory Leaks and DoS Vulnerability + Changes to squid-3.1.21 (23 Sep 2012): - Bug 3622: peerClearRRStart scheduling multiple events diff --git a/configure.ac b/configure.ac index fd74d8a784..965a8550cc 100644 --- a/configure.ac +++ b/configure.ac @@ -3,7 +3,7 @@ dnl $Id$ dnl dnl dnl -AC_INIT([Squid Web Proxy],[3.2.3-BZR],[http://www.squid-cache.org/bugs/],[squid]) +AC_INIT([Squid Web Proxy],[3.2.4-BZR],[http://www.squid-cache.org/bugs/],[squid]) AC_PREREQ(2.61) AC_CONFIG_HEADERS([include/autoconf.h]) AC_CONFIG_AUX_DIR(cfgaux) diff --git a/doc/release-notes/release-3.1.sgml b/doc/release-notes/release-3.1.sgml index 41ba10edb1..eddf2dbcb5 100644 --- a/doc/release-notes/release-3.1.sgml +++ b/doc/release-notes/release-3.1.sgml @@ -1,6 +1,6 @@
-Squid 3.1.21 release notes +Squid 3.1.22 release notes Squid Developers @@ -13,7 +13,7 @@ for Applied Network Research and members of the Web Caching community. Notice

-The Squid Team are pleased to announce the release of Squid-3.1.21 +The Squid Team are pleased to announce the release of Squid-3.1.22 This new release is available for download from or the . diff --git a/doc/release-notes/release-3.2.html b/doc/release-notes/release-3.2.html index 549c518000..e3ebf66b6e 100644 --- a/doc/release-notes/release-3.2.html +++ b/doc/release-notes/release-3.2.html @@ -2,10 +2,10 @@ - Squid 3.2.2 release notes + Squid 3.2.4 release notes -

Squid 3.2.2 release notes

+

Squid 3.2.4 release notes

Squid Developers

@@ -72,7 +72,7 @@ for Applied Network Research and members of the Web Caching community.

1. Notice

-

The Squid Team are pleased to announce the release of Squid-3.2.2 for testing.

+

The Squid Team are pleased to announce the release of Squid-3.2.4 for testing.

This new release is available for download from http://www.squid-cache.org/Versions/v3/3.2/ or the mirrors.

@@ -535,9 +535,10 @@ the use of HTTPS security were desired.

The cache manager is available under the path prefix /squid-internal-mgr/. For example the URL http://example/com/squid-internal-mgr/menu will bring up the manager menu. This means there are some configuration changes required to lock down manager access. -The manager ACL needs changing to: +The manager ACL needs changing. A built-in definition is now used, equivalent +to the following regex pattern: 

-        acl manager url_regex -i ^cache_object:// ^https?://[^/]+/squid-internal-mgr/
+        ^(cache_object://|https?://[^/]+/squid-internal-mgr/)

@@ -547,6 +548,14 @@ This template is not supplied with Squid but intended to be supplied by separate cache manager applications as their front page embedding all scripts, accessors or redirects required for their initial GUI display.

+

MGR_INDEX file +

    +
  • should contain a complete HTML page, with optional client-side scripting.
    • +
  • must not contain server-side scripting.
    • +
  • will have macro substitution performed on it using the same macros as used by the error page tempates.
    • +
+

+

Version 3.2 of the CGI cache manager tool now presents XHR scripted probes to detect proxies presenting these manager index pagess and provides direct HTTP/HTTPS web links to those managers.

@@ -724,15 +733,18 @@ New installs, or installs with no logs configured explicitly will use this modul

New type random. Pseudo-randomly match requests based on a configured probability.

Renamed myip to localip. It matches the IP which the client connected to.

Renamed myport to localport. It matches the port which the client connected to.

+

Ported urllogin option from Squid 2.7, to match a regex pattern on the URL login field (if any).

The localip/localport differ from earlier releases where they matched a mix of of an invalid IP and port 0, the client destination IP/port or the Squid listening IP/port. This definition is now consistent across all modes of traffic received by Squid.

-

The manager ACL requires adjustment to cover new cache manager access: +

The manager ACL requires adjustment to cover new cache manager access. So it has now been +built-in as a predefined ACL name matching URLs equivalent to the following regular expression: 

-                acl manager url_regex -i ^cache_object:// ^https?://[^/]+/squid-internal-mgr/
+                ^(cache_object://|https?://[^/]+/squid-internal-mgr/)
-

+ +squid.conf containing the old manager definition can expect to see ACL type collisions.

auth_param

New options for Basic, Digest, NTLM, Negotiate children settings. @@ -829,6 +841,8 @@ This will be included by default if available (see the --without-netfilter-connt

refresh_pattern

New option max-stale= to provide a maximum staleness factor. Squid won't serve objects more stale than this even if it failed to validate the object.

+

Removed option ignore-no-cache. Its commonly desired behaviour is obsoleted +by correct HTTP/1.1 Cache-Control:no-cache handling.

reply_header_access

Added support for custom response header names.

@@ -1192,10 +1206,6 @@ An external_acl_type helper may be used to bypass authentication if that is suit

-
acl
-

urllogin option not yet ported from 2.6

-

urlgroup option not yet ported from 2.6

-
broken_vary_encoding

Not yet ported from 2.6

diff --git a/doc/release-notes/release-3.2.sgml b/doc/release-notes/release-3.2.sgml index a12767ca96..ba66f7aad1 100644 --- a/doc/release-notes/release-3.2.sgml +++ b/doc/release-notes/release-3.2.sgml @@ -1,6 +1,6 @@
-Squid 3.2.3 release notes +Squid 3.2.4 release notes Squid Developers @@ -13,7 +13,7 @@ for Applied Network Research and members of the Web Caching community. Notice

-The Squid Team are pleased to announce the release of Squid-3.2.3 for testing. +The Squid Team are pleased to announce the release of Squid-3.2.4 for testing. This new release is available for download from or the . @@ -412,9 +412,10 @@ Most user-facing changes are reflected in squid.conf (see below).

The cache manager is available under the path prefix /squid-internal-mgr/. For example the URL http://example/com/squid-internal-mgr/menu will bring up the manager menu. This means there are some configuration changes required to lock down manager access. - The manager ACL needs changing to: + The manager ACL needs changing. A built-in definition is now used, equivalent + to the following regex pattern: - acl manager url_regex -i ^cache_object:// ^https?://[^/]+/squid-internal-mgr/ + ^(cache_object://|https?://[^/]+/squid-internal-mgr/)

The manager prefix /squid-internal-mgr/ with no action attempts to load an optional @@ -423,6 +424,13 @@ Most user-facing changes are reflected in squid.conf (see below). cache manager applications as their front page embedding all scripts, accessors or redirects required for their initial GUI display. +

MGR_INDEX file + + should contain a complete HTML page, with optional client-side scripting. + must not contain server-side scripting. + will have macro substitution performed on it using the same macros as used by the error page tempates. + +

Version 3.2 of the CGI cache manager tool now presents XHR scripted probes to detect proxies presenting these manager index pagess and provides direct HTTP/HTTPS web links to those managers. @@ -592,10 +600,12 @@ This section gives a thorough account of those changes in three categories:

The localip/localport differ from earlier releases where they matched a mix of of an invalid IP and port 0, the client destination IP/port or the Squid listening IP/port. This definition is now consistent across all modes of traffic received by Squid. -

The manager ACL requires adjustment to cover new cache manager access: +

The manager ACL requires adjustment to cover new cache manager access. So it has now been + built-in as a predefined ACL name matching URLs equivalent to the following regular expression: - acl manager url_regex -i ^cache_object:// ^https?://[^/]+/squid-internal-mgr/ + ^(cache_object://|https?://[^/]+/squid-internal-mgr/) + squid.conf containing the old manager definition can expect to see ACL type collisions. auth_param

New options for Basic, Digest, NTLM, Negotiate children settings.