From 47319f017296369466edd21bccc64d194598da5a Mon Sep 17 00:00:00 2001
From: Francesco Chemolli <5175948+kinkie@users.noreply.github.com>
Date: Thu, 16 Oct 2025 21:15:14 +0100
Subject: [PATCH] v7.2

Changes in squid-7.2 (15 Oct 2025):

	- Bug 3390: Proxy auth data visible to scripts
	- Bug 5504: Document that Squid discards invalid rewrite-url
	- Bug 5407: Support at least 1000 groups per Kerberos user
	- Fix parsing of malformed quoted squid.conf strings
	- Fix off-by-one in helper args count assertion
	- Fix UDP log module opening and closing code
	- Fix BodyPipe debugging in handleChunkedRequestBody()
	- Fix debugging of Eui48::lookup() problems
	- Fix memory leak when parsing deprecated %rG logformat code
	- Fix SQUID_YESNO 'syntax error near unexpected token'
	- DNS: fix RRPack memcpy
	- DNS: Do not leak RR data upon RR data unpacking errors
	- FTP: Avoid null dereferences when handling ftp_port traffic
	- FTP: fix response parsing and error handling memory leaks
	- HTCP: Check for too-small packed and too-large unpacked fields
	- HTTP: fix purging of entries by relative [Content-]Location URLs
	- SNMP: Improve parsing of malformed ASN.1 object identifiers
	- SNMP: Check for objid memory allocation failures
	- SNMP: Fix ASN.1 encoding of long OIDs
	- SNMP: Do not assert when debugging requests with long OIDs
	- SNMP: Match Var allocation/deallocation methods
	- digest_edirectory_auth: null-terminate NMAS values array
	- digest_edirectory_auth: safely return password
	- ext_ad_group_acl: Fix domain lookup error handling
	- ext_edirectory_userip_acl: Redact password from stdout
	- ext_file_userip_acl: harden lookups and memory handling
	- ext_kerberos_ldap_group_acl: avoid freeing getenv() pointer
	- ext_kerberos_ldap_group_acl: Improve LDAPMessage freeing
	- ext_ldap_group_acl: avoid infinite loop on login containing '%s'
	- negotiate_kerberos_auth: Properly align NDR data
	- negotiate_sspi_auth: Do not exit on the first request
	- ntlm_sspi_auth: memcmp not memcpy, send newline, no uninit mem
	- text_backend: avoid memory leaks when reload/clearing
	- Reduce UDS/segment name clashes across same-service instances
	- Reject eui64 ACL addresses with trailing garbage
	- Validate raw-IPv4 when parsing hostnames
	- Avoid memory leaks when logging to MS Windows syslog
	- Flip configure --enable-arch-native default
	- Support no-digest X509 certificate keys like ML-DSA/EdDSA
	- Do not allow client_ip_max_connections+1 connections
	- Remove bundled smblib and librfcnb
	- ... and several code cleanups
	- ... and some documentation improvements
---
 ChangeLog    | 46 ++++++++++++++++++++++++++++++++++++++++++++++
 configure.ac |  2 +-
 2 files changed, 47 insertions(+), 1 deletion(-)

diff --git a/ChangeLog b/ChangeLog
index 212011bc46..f9eaa2ea15 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,49 @@
+Changes in squid-7.2 (15 Oct 2025):
+
+	- Bug 3390: Proxy auth data visible to scripts
+	- Bug 5504: Document that Squid discards invalid rewrite-url
+	- Bug 5407: Support at least 1000 groups per Kerberos user
+	- Fix parsing of malformed quoted squid.conf strings
+	- Fix off-by-one in helper args count assertion
+	- Fix UDP log module opening and closing code
+	- Fix BodyPipe debugging in handleChunkedRequestBody()
+	- Fix debugging of Eui48::lookup() problems
+	- Fix memory leak when parsing deprecated %rG logformat code
+	- Fix SQUID_YESNO 'syntax error near unexpected token'
+	- DNS: fix RRPack memcpy
+	- DNS: Do not leak RR data upon RR data unpacking errors
+	- FTP: Avoid null dereferences when handling ftp_port traffic
+	- FTP: fix response parsing and error handling memory leaks
+	- HTCP: Check for too-small packed and too-large unpacked fields
+	- HTTP: fix purging of entries by relative [Content-]Location URLs
+	- SNMP: Improve parsing of malformed ASN.1 object identifiers
+	- SNMP: Check for objid memory allocation failures
+	- SNMP: Fix ASN.1 encoding of long OIDs
+	- SNMP: Do not assert when debugging requests with long OIDs
+	- SNMP: Match Var allocation/deallocation methods
+	- digest_edirectory_auth: null-terminate NMAS values array
+	- digest_edirectory_auth: safely return password
+	- ext_ad_group_acl: Fix domain lookup error handling
+	- ext_edirectory_userip_acl: Redact password from stdout
+	- ext_file_userip_acl: harden lookups and memory handling
+	- ext_kerberos_ldap_group_acl: avoid freeing getenv() pointer
+	- ext_kerberos_ldap_group_acl: Improve LDAPMessage freeing
+	- ext_ldap_group_acl: avoid infinite loop on login containing '%s'
+	- negotiate_kerberos_auth: Properly align NDR data
+	- negotiate_sspi_auth: Do not exit on the first request
+	- ntlm_sspi_auth: memcmp not memcpy, send newline, no uninit mem
+	- text_backend: avoid memory leaks when reload/clearing
+	- Reduce UDS/segment name clashes across same-service instances
+	- Reject eui64 ACL addresses with trailing garbage
+	- Validate raw-IPv4 when parsing hostnames
+	- Avoid memory leaks when logging to MS Windows syslog
+	- Flip configure --enable-arch-native default
+	- Support no-digest X509 certificate keys like ML-DSA/EdDSA
+	- Do not allow client_ip_max_connections+1 connections
+	- Remove bundled smblib and librfcnb
+	- ... and several code cleanups
+	- ... and some documentation improvements
+
 Changes in squid-7.1 (10 Jul 2025):
 
 	- Bug 5497: Fix detection of duped IPs returned by getaddrinfo()
diff --git a/configure.ac b/configure.ac
index c15e6bb6a4..51ce5d5721 100644
--- a/configure.ac
+++ b/configure.ac
@@ -5,7 +5,7 @@
 ## Please see the COPYING and CONTRIBUTORS files for details.
 ##
 
-AC_INIT([Squid Web Proxy],[7.1-VCS],[https://bugs.squid-cache.org/],[squid])
+AC_INIT([Squid Web Proxy],[7.2-VCS],[https://bugs.squid-cache.org/],[squid])
 AC_PREREQ(2.61)
 AC_CONFIG_HEADERS([include/autoconf.h])
 AC_CONFIG_AUX_DIR(cfgaux)
-- 
2.47.3