From: squidadm <squidadm@users.noreply.github.com>
Date: Tue, 9 Jul 2019 19:05:20 +0000 (+1200)
Subject: 4.8 (#434)
X-Git-Tag: SQUID_4_8
X-Git-Url: http://git.ipfire.org/gitweb/gitweb.cgi?a=commitdiff_plain;h=fede82b3e7aa1f12a91bade17f6ac0d4c7463e0a;p=thirdparty%2Fsquid.git

4.8 (#434)
---

diff --git a/ChangeLog b/ChangeLog
index df91b0b4e2..01a4998b9c 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,22 @@
+Changes to squid-4.8 (09 Jul 2019):
+
+	- Bug 4957: Multiple XSS issues in cachemgr.cgi
+	- Bug 4953: to_localhost does not include ::
+	- Bug 4937: cachemgr.cgi: unallocated memory access
+	- Bug 4936: terminating c-strings beyond BASE64_DECODE_LENGTH
+	- Bug 4889: Ignore ECONNABORTED in accept(2)
+	- Bug 4842: Memory leak when http_reply_access uses external_acl
+	- TLS: Fix tls-min-version= being ignored
+	- TLS: Add the NO_TLSv1_3 option to available tls-options values
+	- HTTP: RFC 7230 forbids generation of userinfo subcomponent of https URL
+	- HTTP: Remove userinfo support from old protocols
+	- HTTP: Fix Digest auth parameter parsing
+	- HTTP: Send Connection:close with the known-last request on a connection
+	- HTTP: Fix handling of tiny invalid responses
+	- Replace uudecode with libnettle base64 decoder
+	- Update HttpHeader::getAuth to SBuf
+	- ... and some compile issues
+
 Changes to squid-4.7 (06 May 2019):
 
 	- Bug 4942: --with-filedescriptors does not do anything
diff --git a/configure.ac b/configure.ac
index d5b08a8094..7b3aae3459 100644
--- a/configure.ac
+++ b/configure.ac
@@ -5,7 +5,7 @@
 ## Please see the COPYING and CONTRIBUTORS files for details.
 ##
 
-AC_INIT([Squid Web Proxy],[4.7-VCS],[http://bugs.squid-cache.org/],[squid])
+AC_INIT([Squid Web Proxy],[4.8-VCS],[http://bugs.squid-cache.org/],[squid])
 AC_PREREQ(2.61)
 AC_CONFIG_HEADERS([include/autoconf.h])
 AC_CONFIG_AUX_DIR(cfgaux)
diff --git a/doc/release-notes/release-4.sgml b/doc/release-notes/release-4.sgml
index ec1a464ab7..8968b5cab1 100644
--- a/doc/release-notes/release-4.sgml
+++ b/doc/release-notes/release-4.sgml
@@ -1,6 +1,6 @@
 <!doctype linuxdoc system>
 <article>
-<title>Squid 4.7 release notes</title>
+<title>Squid 4.8 release notes</title>
 <author>Squid Developers</author>
 
 <abstract>
@@ -12,7 +12,7 @@ for Applied Network Research and members of the Web Caching community.
 <toc>
 
 <sect>Notice
-<p>The Squid Team are pleased to announce the release of Squid-4.7 for testing.
+<p>The Squid Team are pleased to announce the release of Squid-4.8 for testing.
 
 This new release is available for download from <url url="http://www.squid-cache.org/Versions/v4/"> or the
  <url url="http://www.squid-cache.org/Download/http-mirrors.html" name="mirrors">.
@@ -298,6 +298,7 @@ This section gives a thorough account of those changes in three categories:
 	<p>New <em>--consensus</em>, <em>--client-requested</em> and
 	   <em>--server-provided</em> flags for the <em>ssl::server_name</em>
 	   type to control which server name to match against.
+	<p>Added <em>::/128</em> IPv6 range to <em>to_localhost</em> ACL.
 
 	<tag>auth_param</tag>
 	<p>New parameter <em>queue-size=</em> to set the maximum number
@@ -313,6 +314,7 @@ This section gives a thorough account of those changes in three categories:
 	<p>New option <em>tls-min-version=1.N</em> to set minimum TLS version allowed.
 	<p>New option <em>tls-default-ca</em> replaces <em>sslflags=NO_DEFAULT_CA</em>
 	<p>New option <em>tls-no-npn</em> to disable sending TLS NPN extension.
+	<p>New <em>tls-options=</em> option value to disable TLS/1.3.
 	<p>All <em>ssloptions=</em> values for SSLv2 configuration or disabling
 	   have been removed.
 	<p>Removed <em>sslversion=</em> option. Use <em>tls-options=</em> instead.
@@ -346,6 +348,7 @@ This section gives a thorough account of those changes in three categories:
 	<p>New option <em>tls-default-ca</em> replaces <em>sslflags=NO_DEFAULT_CA</em>,
 	   the default is also changed to OFF.
 	<p>New option <em>tls-no-npn</em> to disable sending TLS NPN extension.
+	<p>New <em>tls-options=</em> option value to disable TLS/1.3.
 	<p>All <em>option=</em> values for SSLv2 configuration or disabling
 	   have been removed.
 	<p>Removed <em>version=</em> option. Use <em>tls-options=</em> instead.
@@ -358,6 +361,7 @@ This section gives a thorough account of those changes in three categories:
 	<p>New option <em>tls-default-ca</em> replaces <em>sslflags=NO_DEFAULT_CA</em>,
 	   the default is also changed to OFF.
 	<p>New option <em>tls-no-npn</em> to disable sending TLS NPN extension.
+	<p>New <em>tls-options=</em> option value to disable TLS/1.3.
 	<p>All <em>options=</em> values for SSLv2
 	   configuration or disabling have been removed.
 	<p>Removed <em>version=</em> option. Use <em>tls-options=</em> instead.
@@ -376,6 +380,7 @@ This section gives a thorough account of those changes in three categories:
 	<p>New <em>tls-min-version=1.N</em> option to set minimum TLS version allowed
 	   on server connections.
 	<p>New <em>tls-options=</em> option to set OpenSSL library parameters.
+	<p>New <em>tls-options=</em> option value to disable TLS/1.3.
 	<p>New <em>tls-flags=</em> option to set flags modifying Squid TLS operations.
 	<p>New <em>tls-cipher=</em> option to set a list of ciphers permitted.
 	<p>New <em>tls-cafile=</em> option to set a file with additional CA