1Changes in squid-4.15 (10 May 2021): 2 3 - Bug 5112: Excessively loud chunked reply parsing error reporting 4 - Bug 5106: Broken cache manager URL parsing 5 - Bug 5104: Memory leak in RFC 2169 response parsing 6 - Bug 3556: "FD ... is not an open socket" for accept() problems 7 - Profiling: CPU timing implemented for MAC non-x86 8 - Fix HttpHeaderStats definition to include hoErrorDetail 9 - Fix Squid-to-client write_timeout triggers client_lifetime timeout 10 - Limit HeaderLookupTable_t::lookup() to BadHdr and specific IDs 11 - Handle more Range requests 12 - Handle more partial responses 13 - Stop processing a response if the Store entry is gone 14 - ... and some portability fixes 15 - ... and some documentation updates 16 17Changes in squid-4.14 (02 Feb 2021): 18 19 - Regression Fix: support for non-lowercase Transfer-Encoding value 20 - Regression Fix: cachemgr.cgi wrong 403 response to authenticated menu URIs 21 - Bug 5076: WCCP Security Info incorrect 22 - Bug 5073: Compile error: index was not declared in this scope 23 - Bug 5065: url_rewrite_program documentation update 24 - Bug 3074 pt2: improved handling of URI paths implicit '/' 25 - Fix transactions exceeding client_lifetime logged as _ABORTED 26 27Changes to squid-4.13 (23 Aug 2020): 28 29 - Regression Fix: Support parsing GREASEd (and future) TLS handshakes 30 - Bug 5051: Some collapsed revalidation responses never expire 31 - HTTP: Enforce token characters for field-name 32 - HTTP: Forbid obs-fold and bare CR whitespace in framing header fields 33 - HTTP: Improve Transfer-Encoding handling 34 - WCCP: Fix GCC-10 -Wstringop-truncation failures 35 - Honor on_unsupported_protocol for intercepted https_port 36 - Fix livelocking in peerDigestHandleReply 37 - Do not stall while debugging a scan of an empty store_table 38 39Changes to squid-4.12 (05 Jun 2020): 40 41 - Regression Fix: Revert to slow search for new SMP shm pages 42 - Bug 5045: ext_edirectory_userip_acl is missing include files 43 - Bug 5041: Missing Debug::Extra breaks build on hosts with systemd 44 - Bug 5030: Negative responses are never cached 45 - HTTP: validate Content-Length value prefix 46 - HTTP: add flexible RFC 3986 URI encoder 47 - SslBump: disable OpenSSL TLSv1.3 support for older TLS traffic 48 - Tests: Support passing a custom config.cache to test builds 49 - Fix IPFilter IPv6 detection, especially on NetBSD 50 - Fix stall if transaction overwrites a recently active cache entry 51 - ... and some compile fixes 52 53Changes to squid-4.11 (18 Apr 2020): 54 55 - Bug 5036: capital 'L's in logs when daemon queue overflows 56 - Bug 5022: Reconfigure kills Coordinator in SMP+ufs configurations 57 - Bug 5016: systemd thinks Squid is ready before Squid listens 58 - kerberos_ldap_group: fix encryption type for cross realm check 59 - HTTP: Ignore malformed Host header in intercept and reverse proxy mode 60 - Fix Digest authentication nonce handling 61 - Supply ALE to request_header_add/reply_header_add 62 - ... and some documentation updates 63 - ... and some compile fixes 64 65Changes to squid-4.10 (14 Jan 2020): 66 67 - Bug 5009: Build failure with older clang libc++ 68 - Bug 5008: SIGBUS in PagePool::level() with custom rock slot size 69 - Bug 5007: Docs: Fix max_filedescriptors description 70 - Bug 4735: Truncated chunked responses cached as whole 71 - ext_lm_group_acl: Improved username handling 72 - Fix FTP buffers handling 73 - Fix shared memory size calculation on 64-bit systems 74 - Fix server_cert_fingerprint on cert validator-reported errors 75 - Fix request URL generation in reverse proxy configurations 76 - ... and several documentation updates 77 - ... and several compile fixes 78 79Changes to squid-4.9 (05 Nov 2019): 80 81 - Bug 4978: eCAP crash after using MyHost().newRequest() 82 - Bug 4970: excessive gnutls_certificate_credentials debug msgs 83 - Bug 4969: GCC-9 build failure: stringop-truncation 84 - Bug 4966: Lower cache_peer hostname 85 - Bug 4918: Crashes when using OpenSSL prior to v1.0.2 86 - TLS: Fix parsing of certificate validator responses 87 - TLS: Fix parsing of TLS messages that span multiple records 88 - TLS: Fix on_unsupported_protocol tunnel action 89 - TLS: Fix expiration of self-signed generated certs to be 3 years 90 - HTTP: Ignore malformed Host header in intercept and reverse proxy mode 91 - HTTP: RFC 7230: server MUST reject messages with BWS after field-name 92 - HTTP: Fix URN response handling 93 - HTTP: Hash Digest noncedata 94 - Update URI parser to use SBuf parsing APIs 95 - Prevent truncation for large origin-relative domains 96 - Fix several rock cache_dir corruption issues 97 - Debug detail validation errors for loaded-from-file certificate chains 98 - smblib: Improve SMB server name maintenance 99 - cachemgr.cgi: Add validation for hostname parameter 100 - ... and several compile issues 101 - ... and some documentation updates 102 103Changes to squid-4.8 (09 Jul 2019): 104 105 - Bug 4957: Multiple XSS issues in cachemgr.cgi 106 - Bug 4953: to_localhost does not include :: 107 - Bug 4937: cachemgr.cgi: unallocated memory access 108 - Bug 4936: terminating c-strings beyond BASE64_DECODE_LENGTH 109 - Bug 4889: Ignore ECONNABORTED in accept(2) 110 - Bug 4842: Memory leak when http_reply_access uses external_acl 111 - TLS: Fix tls-min-version= being ignored 112 - TLS: Add the NO_TLSv1_3 option to available tls-options values 113 - HTTP: RFC 7230 forbids generation of userinfo subcomponent of https URL 114 - HTTP: Remove userinfo support from old protocols 115 - HTTP: Fix Digest auth parameter parsing 116 - HTTP: Send Connection:close with the known-last request on a connection 117 - HTTP: Fix handling of tiny invalid responses 118 - Replace uudecode with libnettle base64 decoder 119 - Update HttpHeader::getAuth to SBuf 120 - ... and some compile issues 121 122Changes to squid-4.7 (06 May 2019): 123 124 - Bug 4942: --with-filedescriptors does not do anything 125 - Bug 4928: Cannot convert non-IPv4 to IPv4 126 - Bug 4823: assertion failed: "lowestOffset () <= target_offset" 127 - Bug 4796: comm.cc !isOpen(conn->fd) assertion when rotating logs 128 - Fix squidclient authentication to origin servers 129 - Fix stack-based buffer-overflow when parsing SNMP messages 130 - Add support for buffer-size= to UDP logging 131 - TLS: When using OpenSSL, trust intermediate CAs from trusted store 132 133Changes to squid-4.6 (19 Feb 2019): 134 135 - Bug 4915: Detect IPv6 loopback binding errors 136 - Bug 4914: Do not call setsid() in --foreground mode 137 - Bug 4875 pt2: GCC-8 compile errors with -O3 optimization 138 - Bug 4856: Exit when GoIntoBackground() fork() call fails 139 - basic_ldap_auth: Return BH on internal errors; polished messages 140 - Fix BodyPipe/Sink memory leaks associated with auto-consumption 141 - Fix OpenSSL builds that define OPENSSL_NO_ENGINE 142 - Fix several cases of rock cache corruption 143 - Add Georgian (ka) language translation 144 145Changes to squid-4.5 (01 Jan 2019): 146 147 - Bug 4253: ssl_bump prevents access to some web contents 148 - TLS: add %>handshake logformat code 149 - Redesign forward_max_tries to count TCP connection attempts 150 - Fix client_connection_mark ACL handling of clientless transactions 151 - Fix netdb exchange with a TLS cache_peer 152 - Update netdb when tunneling requests 153 - Use pkg-config for detecting libxml2 154 - ... and some documentation updates 155 - ... and some code compile fixes 156 157Changes to squid-4.4 (28 Oct 2018): 158 159 - Bug 4893: Malformed %>ru URIs for CONNECT requests 160 - Fix %USER_CA_CERT_xx and %USER_CERT_xx crashes 161 - SSL: support compilation with minimal OpenSSL 162 - SSL: certificate fields injection via %D in ERR_SECURE_CONNECT_FAIL 163 - Fix netdb not saving to disk 164 - Fix memory leak when parsing SNMP packet 165 - ... and some compile issues 166 167Changes to squid-4.3 (01 Oct 2018): 168 169 - Bug 4885: Excessive memory usage when running out of descriptors 170 - Bug 4877: Add missing text about external_acl_type %DATA changes 171 - Bug 4875 pt1: GCC-8 compile errors with -O3 optimization 172 - Bug 4716: Blank lines in cachemgr.conf are not skipped 173 - Bug 4691: balance_on_multiple_ip config option docs 174 - basic_pop3_auth: fix startup errors 175 - langpack: Add missing dialect aliases 176 - Fix range_offset_limit debugging 177 - Fix icc build errors 178 - Update systemd dependencies in squid.service 179 180Changes to squid-4.2 (04 Aug 2018): 181 182 - Regression fix: support for https_port clientca= option 183 - Regression Bug 4870: milliseconds logformats prepend 0s instead of spaces 184 - Bug 4861: HTTPMSGLOCK missing pointer safety 185 - Bug 4843 pt3: GCC-8 fixes and refactoring 186 - HTTP: Do not update stored headers on 304 responses 187 - Fix segmentation fault on -k parse 188 - Fix %>ru logging of huge URLs 189 - ... and several performance optimizations 190 - ... and some documentation updates 191 - ... and all fixes from 3.5.28 192 193Changes to squid-4.1 (02 Jul 2018): 194 195 - Bug 4223: fixed retries of failed re-forwardable transactions 196 - Bug 4791: Build failure on MacOS 197 - Fix --with-netfilter-conntrack error message 198 - ... and many documentation updates 199 200Changes to squid-4.0.25 (11 Jun 2018): 201 202 - Regression Bug 4855: querying private entries for HTCP/ICP 203 - Regression Bug 4852: deny_info %R macro not being expanded 204 - Regression Bug 4847: proxy_auth ACL -i/+i flags not working 205 - Regression Bug 4831: filter chain certificates for validity when loading 206 - Regression fix: Transient reader locking broken in 4.0.24 207 - Bug 4845: NegotiateSsl crash on aborting transaction 208 - Bug 4843 pt1: ext_edirectory_userip_acl refactoring for GCC-8 209 - Bug 4843 pt2: squidclient refactoring for GCC-8 210 - Bug 4829: IPC shared memory leaks when disker queue overflows 211 - Bug 4828: Use feature detection for IPFilter API/ABI checks 212 - Bug 4816: update negotiate_kerberos_auth helper protocol to v3.4 213 - Bug 4811: supply AccessLogEntry (ALE) for more fast ACL checks 214 - Bug 4707: purge tool does not obey --sysconfdir= build option 215 - Bug 4171: checking for log_file_daemon despite disabling logging 216 - Bug 4042: ext_kerberos_ldap_group: add -P principal option 217 - TLS: avoid "ssl_crtd" assertions on reconfiguration 218 - Add timestamps to (most) FATAL messages 219 - Add "--kid role-ID" command line option 220 - ... and many documentation updates 221 222Changes to squid-4.0.24 (07 Mar 2018): 223 224 - Bug 4822: Build failure (-Wformat) where time_t is not long int 225 - Bug 4505: SMP caches sometimes do not purge entries 226 - TLS: GnuTLS implementation for listening ports and client connections 227 - TPROXY: Fix clientside_mark and client port logging 228 - Native FTP: Fix "Cannot assign requested address" with TPROXY 229 - SSL-Bump: Fix authentication with types other than Basic 230 - ... and many small compile and stability fixes 231 - ... and some documentation fixes 232 233Changes to squid-4.0.23 (19 Jan 2018): 234 235 - Bug 4715: security_file_certgen: Remove -g and -n options docs 236 - Bug 4679: User names not sent to url_rewrite_program 237 - Bug 4631: security_file_certgen helper without disk cache 238 - Bug 3911: clang -fsanitize warnings 239 - Bug 2378: Duplicates in selected peer destinations 240 - Nettle v3.4 support 241 - Fix Squid FTP server dying because of an unhandled exception 242 - Automatically revive hopeless kids on reconfigure and after a timeout 243 - Fix %<Hs, %<pt, %<tt, %<bs calculation bugs for error responses 244 - ... and many documentation updates 245 - ... and some stability fixes 246 247Changes to squid-4.0.22 (07 Dec 2017): 248 249 - Regression fix: Relay peer CONNECT error status line and headers to clients 250 - Bug 4767: SMP breaks IPv6 SNMP and cache manager queries 251 - Bug 4718: support filling raw buffer space of shared SBufs 252 - Bug 4648: object revalidation for HTTPS scheme 253 - Bug 4616: store_client.cc:92: "mem" assertion 254 - Bug 2821: ignore Content-Range in non-206 responses 255 - HTCP: Ignore packets with invalid URI 256 - TLS: Validate the shortest certificate chain 257 - TLS: Add checks for OpenSSL 1.1.0f API changes 258 - TLS: Fix reporting of validation errors for downloaded intermediate certs 259 - TLS: Fix SSL certificate cache refresh and collision handling 260 - Fix backwards compatibility for Squid-3.5 external_acl_type formats 261 - Fix invalid mime icon URLs in cache 262 - Do not die silently when dying early 263 - Docs: update translation files 264 265Changes to squid-4.0.21 (02 Jul 2017): 266 267 - Bug 4730: segfault while processing internal HTTP requests 268 - Bug 4492: Chunk extension parser is too pedantic 269 - Bug 1961: Redesign urlParse() API 270 - TLS: recognise tls:: namespace on logformat tokens 271 - SSL-Bump: tproxy does not spoof spliced connections 272 - security_file_certgen: collapse queued requests 273 - Add a basic apparmour profile 274 - Add transaction_initiator ACL for detecting various unusual transactions 275 - Add ssl::server_name options to control matching logic 276 - Support for --long-acl-options 277 - Do not die silently when dying via std::terminate() 278 - Fix option --foreground to implement expected behavior 279 - Translations: update .po and .pot to latest texts 280 - ... and some documentation updates 281 - ... and many code cleanup and stability fixes 282 - ... and all fixes from 3.5.27 283 284Changes to squid-4.0.20 (01 Jun 2017): 285 286 - Bug 4692: SslBump breaks intercepted IPv6 connections 287 - Bug 4682: ignoring http_access deny when client-first bumping mode is used 288 - Bug 4662: build errors with LibreSSL 2.4.4 289 - Bug 4659: sslproxy_foreign_intermediate_certs does not work 290 - Bug 4321: ssl_bump terminate does not terminate at step1 291 - Add 'has' ACL 292 - Do not forward HTTP requests to dead idle peers 293 - Do not unconditionally revive dead peers after a DNS refresh 294 - Make PID file check/creation atomic to avoid associated race conditions 295 - Count failures and use peer-specific connect timeouts when tunneling 296 - SSL-Bump: Fix crashes when server-first bumping mode is used with openSSL-1.1.0 297 - eCAP: Fix empty header handling in Ecap::HeaderRep::hasAny() 298 - SSL-Bump: Second adaptation missing for CONNECTs 299 - ext_session_acl: cope with new logformat inputs 300 - ... and some documentation updates 301 - ... and some code stability fixes 302 - ... and all fixes from 3.5.26 303 304Changes to squid-4.0.19 (02 Apr 2017): 305 306 - Bug 4674: delay_parameters for class 3 and 4 assertion failed 307 - Bug 4671: GCC 7 compile errors 308 - Bug 4663: GCC 5+ compile errors with optimization level -O3 309 - Bug 4657: delay IDENT until after PROXY protocol handling 310 - Bug 4610: cleanup of BerkleyDB related checks 311 - squidclient: Fix missing error handling on PUT 312 - digest_ldap_auth: Add -r option to clamp the realm to a fixed value 313 - TLS: initial GnuTLS support for encrypted server connections 314 - Fix appending Http::HdrType::VIA code 315 - Fix URI scheme case-sensitivity treatment 316 - Fix two read-ahead problems related to delay pools (or lack thereof) 317 - Detail swapfile header inconsistencies 318 - ... and several build fixes 319 - ... and many code polishing updates 320 - ... and all fixes from 3.5.25 321 322Changes to squid-4.0.18 (06 Feb 2017): 323 324 - Bug 4661: compile error 'warning: _XPG4_2 redefined' with GCC on Solaris 10 325 - Bug 4636: assertion 'byteCount > 0 && byteCount <= inBuf.length()' 326 - Bug 4610 partial: compile errors on Solaris 11.3 with Oracle Studio 12.5 327 - Bug 4599: support OpenSSL 1.1 328 - squidclient: link GnuTLS library debugs to -v level display 329 - Fix GCC6: unused local variable 'weInitiatedThisClosure' 330 - ... and some code polishing 331 - ... and some copyright updates 332 - ... and all fixes from 3.5.24 333 334Changes to squid-4.0.17 (16 Dec 2016): 335 336 - Bug 4630: user credentials cache cleanup not re-scheduled 337 - Bug 4610 partial: compile errors on Solaris 11.3 with Oracle Studio 12.5 338 - Bug 4599 partial: initial support for OpenSSL v1.1 339 - TLS: Support tunneling of bumped non-HTTP traffic 340 - ... and many code polishing and performance updates 341 - ... and some documentation updates 342 - ... and some fixes from 3.5.23 343 344Changes to squid-4.0.16 (30 Oct 2016): 345 346 - Avoid segfaults when lacking the server name for certificate validator 347 - HTTP: initial support for Cache-Control:immutable 348 - Fix ssl::server_name ACL 349 - ... and many code polishing updates 350 - ... and some fixes from 3.5.23 351 352Changes to squid-4.0.15 (09 Oct 2016): 353 354 - Regression fix crash on reconfigure with TOS/DiffServ/MARK configured 355 - Bug 4610: compile errors on Solaris 11.3 with Oracle Studio 12.5 356 - Bug 4581: Secure ICAP segfault in checkForMissingCertificates 357 - Bug 4578: changes required to install squid.service 358 - Fix crash on shutdown while cleaning up idle ICAP connections 359 - Fix memory leak of Downloader-related objects 360 - HTTP/1.1: handle syntactically valid requests with unsupported HTTP versions 361 - Log TCP client port for error:transaction-end-before-headers and such 362 - ... and many portability and build fixes 363 - ... and some documentation updates 364 - ... and all fixes from 3.5.22 365 366Changes to squid-4.0.14 (08 Sep 2016): 367 368 - Regression Bug 4570: crash after rev.14755 369 - Regression Bug 4561: Replace use of default move operators with explicit implementation 370 - Bug 4503: Do not access-log SslBump-faked CONNECTs with _ABORTED suffixes 371 - Bug 4404: Do not access-log chunked non-persistent responses with _ABORTED suffix 372 - Fix crashes on shutdown while cleaning up idle ICAP connections 373 - Fix logformat unable to configure codes with /-escape 374 - HTTP: MUST respond with 414 (URI Too Long) when request-target exceeds limits 375 - HTTP: validate Content-Length header values 376 - Make Squid death due to overloaded helpers optional 377 - Better support for unknown URL schemes 378 - Do not log error:transaction-end-before-headers after invalid requests 379 - ... and many portability and build fixes 380 - ... and some documentation updates 381 - ... and all fixes from 3.5.21 382 383Changes to squid-4.0.13 (05 Aug 2016): 384 385 - Regression Bug 4540: revert r14720 buffer update 386 - Bug 4555: Minor improvements to error pages CSS 387 - Bug 4551: fix exceptions in new chunked decoder 388 - Bug 4311: support collapse for internal revalidation requests (SMP-unaware caches) 389 - Fix Certificate Validator buffer-overflow crashes Squid 390 - Fix some failed transactions not being logged 391 - Fix segfault via Ftp::Client::readControlReply(). 392 - basic_db_auth: add support for unsalted SHA1 passwords 393 - kerberos_ldap_group: add support for SSL/TLS connection to an LDAP server 394 - TLS: Add missing 'tls' option for cache_peer 395 - TLS: Do not hang when 'connector' fails 396 - TLS: Add support for fetching missing certificates 397 - Remove XSTD_USE_LIBLTDL, which has not been needed in a long while 398 - ... and many code polishing updates 399 - ... and some documentation updates 400 401Changes to squid-4.0.12 (01 Jul 2016): 402 403 - Regression Fix: shell issues with require_smblib definition 404 - Regression Bug 4532: pid_filename not working as documented 405 - Regression Bug 4504: Too many WARNING: Ignoring error setting CA certificate locations 406 - Bug 4516: security_file_certgen man page update 407 - Bug 4446: undefined reference to 'libecap::Name::Name' 408 - Bug 4376: clang cannot build Squid eCAP code 409 - HTTP/1.1: Update all stored headers on 304 revalidation 410 - TLS: Authority Key Identifier certificate extension 411 - Add a script to find kid-specific cache.log lines 412 - Cleanup cppunit detection and use 413 - ... and several performance improvements 414 - ... and some unit test updates 415 - ... and all fixes from 3.5.20 416 417Changes to squid-4.0.11 (09 Jun 2016): 418 419 - Bug 4517: error: comparison between signed and unsigned integer 420 - Bug 4492: chunked parser needs to accept BWS after chunk size 421 - HTTP/1.1: allow chunking the last HTTP response on a connection 422 - HTTP/1.1: unfold mime header blocks 423 - TLS: fast SNI peek 424 - TLS: check for SSL_CIPHER_get_id() support required in adjustSSL() 425 - TLS: never enable OPENSSL_HELLO_OVERWRITE_HACK automatically 426 - squidclient: improve shell-escape support in -H option 427 - Do not allow low-level debugging to hide important/critical messages 428 - Replace new/delete operators using modern C++ rules 429 - Remove ie_refresh configuration option 430 - Deprecating SMB LanMan helpers 431 - Mark refresh-waiting transactions with REFRESH 432 - ... and some code cleanup and polishing 433 434Changes to squid-4.0.10 (06 May 2016): 435 436 - Accumulate fewer unknown-size responses to avoid overwhelming disks. 437 - Fix shared memory corruption when storing multi-slot (>32KB) shm misses. 438 - ... and some documentation and code cleanup 439 - ... and all fixes from 3.5.18 440 441Changes to squid-4.0.9 (20 Apr 2016): 442 443 - Bug 4405: assertion failed: comm.cc:554: "Comm::IsConnOpen(conn)" 444 - Add a new error page token for unquoted external ACL messages. 445 - Stop parsing response prefix after discovering an "HTTP/0.9" response. 446 - ... and some documentation updates 447 - ... and some code polishing 448 - ... and all fixes from 3.5.17 449 450Changes to squid-4.0.8 (02 Apr 2016): 451 452 - Bug 4459: FHS compliance: move netdb.state and ssl_db to /var/cache/squid 453 - Bug 4458: Behaviour change with external ACL arguments 454 - Bug 4450: wait() related cleanup 455 - Bug 4438: SIGSEGV in memFreeString() destructing SBuf globals on shutdown/restart 456 - Bug 4312: Support disabling collapsed forwarding SMP cooperation 457 - Bug 3826: SMP compatibility with systemd and --foreground option 458 - Bug 1979: Add ACL-driven server_pconn_for_nonretriable squid.conf directive 459 - Bug 7 (partial): Update cached entries on 304 responses 460 - Add reply_header_add directive 461 - HTTP/1.1: Do not prohibit updating Last-Modified on 304 responses 462 - Fix memory leaks of lastAclData and AccessLogentry::url 463 - Fix clang -Winconsistent-missing-override warning 464 - Tests: update test suite for GnuTLS 465 - ... and some documentation updates 466 - ... and some code cleanup and polishing 467 - ... and all fixes from squid 3.5.16 468 469Changes to squid-4.0.7 (23 Feb 2016): 470 471 - Regression Fix: external_acl parameters separated by %20 instead of space 472 - Bug 4432: assertion failed: store.cc:1919: "isEmpty()" 473 - Bug 4111: leave_suid() does not properly handle error codes returned by setuid 474 - Fix propagation of response status line parsing error details 475 - Fix memory leak when the cache of sslcrtvalidator_program is disabled via ttl=0 476 - ... and some code SourceLayout project cleaning 477 - ... and all fixes from squid 3.5.15 478 479Changes to squid-4.0.6 (16 Feb 2016): 480 481 - Regression Bug 4436: Fix DEFAULT_SSL_CRTD 482 - Fix "dial: Ssl::PeerConnector::sslCrtvdHandleReply threw exception: callback != NULL" 483 - ... and some documentation updates 484 - ... and all fixes from squid 3.5.14 485 486Changes to squid-4.0.5 (09 Feb 2016): 487 488 - Regression Bug 4429: http(s)_port options= error message missing characters 489 - Regression Bug 4410: 4.0.4 compile error in basic_ncsa_auth 490 - Regression Bug 4403: helper compile errors after 4.0.4 rev.14454 491 - Regression Bug 4401: compile error on Solaris 492 - Regression Fix: TLS/SSL flags parsing 493 - Regression Fix: cert validadator always disabled in 4.x 494 - Regression Fix: Name-only note ACL stopped matching after 4.0.4 rev.14465 (note -m) 495 - Regression Fix: external_acl problems after 4.0.1 rev.14351 496 - Bug 4409 (partial): compile error when two Heimdal libraries are installed 497 - Bug 4005: Dynamic certificate cache exceeds dynamic_cert_mem_cache_size 498 - SMP: Fix cleanup of a shared memory segment in an unusual configuration 499 - SSL-Bump: Fix step3 splicing. 500 - Add connections_encrypted ACL 501 - Make %<a and %<p details available to [eCAP] RESPMOD services 502 - Rename cert_valid.pl to security_fake_certverify 503 - Rename ssl_crtd helper to security_file_certgen 504 - ... and a lot of code SourceLayout project cleaning 505 - ... and some documentation updates 506 - ... and all fixes from squid 3.5.13 up to rev.13979 507 508Changes to squid-4.0.4 (06 Jan 2016): 509 510 - Regression Bug 4393: compile fails on OS X 511 - Bug 4392: assertion CbcPointer.h:159: 'c' via tunnelServerClosed or tunnelClientClosed 512 - Support use of Kerberos credentials cache instead of keytab 513 - Support logging of TLS Cryptography Parameters 514 - Support substring matching in Note ACL 515 - ... and some code cleanup and polishing 516 - ... and all fixes from squid 3.5.13 517 518Changes to squid-4.0.3 (28 Nov 2015): 519 520 - Bug 4372: missing template files 521 - Bug 4371: compile errors: no such file or directory: DiskIO/*/*DiskIOModule.o 522 - Bug 4368: A simpler and more robust HTTP request line parser 523 - Fix compile erorr on clang undefined reference to '__atomic_load_8' 524 - ext_kerberos_ldap_group_acl: Add missing workarounds for Heimdal Kerberos 525 - ext_ldap_group_acl: Allow unlimited LDAP search filter 526 - ext_unix_group_acl: Support -r parameter to strip @REALM from usernames 527 - ... and much code cleanup and polishing 528 - ... and all fixes from squid 3.5.12 529 530Changes to squid-4.0.2 (01 Nov 2015): 531 532 - Regression Bug 4351: compile errors when authentication modules disabled 533 - Regression fix: HTTP/1.1 Transfer-Encoding:chunked parsing 534 - Bug 4359: assertion failure 'Comm::IsConnOpen(conn)' within ConnStateData::requestTimeout 535 - Bug 4356: segmentation fault using proxy_auth ACL 536 - Bug 4352: compile errors in OS X 10.11 537 - Bug 4021: ext_user_regex does exact match 538 - Bug 3574: avoid crashes, prohibit reconfiguration during shutdown 539 - Support re-assigning delay pools based on HTTP reply details 540 - ... and all fixes from squid 3.5.11 541 542Changes to squid-4.0.1 (14 Oct 2015): 543 544 - Bug 4329: GCC 5.2 no known conversion for argument 545 - Bug 4292: negotiate_wrapper: Unreleased Resources 546 - Bug 4269: ignore-must-revalidate broken 547 - Bug 4190: assertion 'hash_remove_link' from Auth::User::cacheCleanup 548 - Bug 3920: Splay::remove() reference counting inconsistent 549 - Bug 3069: CONNECT method bytes sent logging 550 - Bug 2741 partial: libsecurity API for GnuTLS support 551 - Bug 1961 partial: redesign of URL handling 552 - Fix crash when parsing invalid squid.conf 553 - Fix eCAP: Return 'unknown body size' for bodies with unknown body sizes 554 - Remove unused OS detection: Sun, SysV, Ultrix, BSDi 555 - Remove cache_peer_domain directive 556 - RFC 6176 compliance: Remove SSLv2 support 557 - HTTP/1.1: Remove refresh_pattern ignore-auth and ignore-must-revalidate 558 - Remove GCC 2.x and 3.x detection and support 559 - C++11 compiler support is now mandatory 560 - Enable flexible transport protocol 561 - Enable long (--foo) command line parameters on squid binary 562 - Add per-rule refresh_pattern matching statistics 563 - Replace sslversion=N with tls-min-version=1.N 564 - Replace sslproxy_* directives with tls_outgoing_options 565 - Replace GNU atomics and related hacks with C++11 std::atomic 566 - Replace external_acl_type format %macros with logformat codes 567 - Support Secure ICAP services 568 - Support rotate=N option on access_log 569 - Support bypass for non-HTTP intercepted traffic (on_unsupported_protocol) 570 - Support lifetime timeout for persistent connections (pconn_lifetime) 571 - Support timeout for URL-rewrite helper lookups (url_rewrite_timeout) 572 - Support logging fast things (nanosecond log resolution) 573 - Support ICAP/eCAP adaptation for 100-continue responses 574 - Support configurable helper queue size, with consistent defaults 575 and better overflow handling. 576 - Support named service PID file by default (pid_filename) 577 - url_lfs_rewrite: Add URL-rewriter based on local file existence 578 - negotiate_kerberos_auth: output group= kv-pair 579 - helper-mux: add man(8) page 580 - purge: convert README to man(1) page 581 - basic_msnt_multi_domain_auth: Superceeded by basic_smb_lm_auth 582 - basic_sspi_auth: fix MinGW compile errors 583 - negotiate_sspi_auth: fix various build errors 584 - Crypto-NG: libnettle Base64 algorithm support 585 - Parser-NG: HTTP Parser structural redesign 586 - libltdl: copyright updated to LGPL version 2.1 587 - ... and several performance optimizations 588 - ... and many documentation changes 589 - ... and much code cleanup and polishing 590 591Changes to squid-3.5.28 (15 Jul 2018): 592 593 - SQUID-2018:1: crash processing SSL-Bumped traffic containing ESI 594 - SQUID-2018:2: crash handling responses to internally generated requests 595 - SQUID-2018:3 / CVE-2018-1172: crash in ESI Response processing 596 - Bug 4861: HTTPMSGLOCK missing pointer safety 597 - Bug 4829: IPC shared memory leaks when disker queue overflows 598 - Bug 4767: SMP breaks IPv6 SNMP and cache manager queries 599 - Bug 2821: Ignore Content-Range in non-206 responses 600 - HTCP: Ignore HTCP packets with invalid URI 601 - SSL-Bump: fix authentication with schemes other than Basic 602 - TPROXY: Fix clientside_mark and client port logging 603 - Fix "Cannot assign requested address" for to-origin TPROXY FTP data 604 - Fix --with-netfilter-conntrack error message 605 - Validate mime icon URL before allocating store entries 606 - ... and many documentation changes 607 608Changes to squid-3.5.27 (20 Aug 2017): 609 610 - Regression Bug #4112: ssl_engine does not accept cryptodev 611 - Bug 4687: Wrong names of components in man page, section SEE ALSO 612 - Bug 4671: various GCC 7 compile errors 613 - Bug 4464: Reduce "!Comm::MonitorsRead(serverConnection->fd)" assertions 614 - Bug 2833: Collapse internal revalidation requests (SMP-unaware caches) 615 - Bug 2833: Do not respond with HTTP/304 to unconditional requests 616 - Fix message packing error handling in mgr and snmp SMP Forwarders 617 - Fix mgr query handoff from the original recipient to Coordinator. 618 - ... and some documentation updates 619 620Changes to squid-3.5.26 (01 Jun 2017): 621 622 - Bug 4711: SubjectAlternativeNames is missing in some generated certificates 623 - Bug 4695: squidpurge: GCC 7 build errors 624 - Bug 4682: ignoring http_access deny when client-first bumping mode is used 625 - Bug 4682: Fix ssl_bump "bump" action documentation 626 - Bug 4653: %st lies about tunneled traffic volumes 627 - Bug 4589: ssl_crtd: returning zero on failure 628 - Bug 3772: message from FTP server gets mangled 629 - Bug 3102: FTP directory listing drops fist character of file names 630 - Add OpenSSL library details to -v output 631 - ... and some documentation updates 632 633Changes to squid-3.5.25 (02 Apr 2017): 634 635 - Bug 4688: various typo error(s) in man page(s) 636 - Bug 4508: Host forgery stalls intercepted being-spliced connections 637 - Native FTP relay: NAT and TPROXY interception fixes 638 - Fix missing CRLF on FTP timeout ABORT commands 639 - TLS: Bump client on errors encountered before ssl_bump evaluation 640 - ext_kerberos_ldap_group_acl: fix unused value warnings 641 - Fix crash when configuring with invalid delay_parameters restore value. 642 - Check that -k argument is provided before trying to use it. 643 - ... and some build fixes 644 645Changes to squid-3.5.24 (28 Jan 2017): 646 647 - Regression Bug 3940: Make 'cache deny' do what is documented 648 - TLS: Fix SSLv2 records bumping despite a matching step2 peek rule 649 - TLS: Mitigate DoS attacks that use client-initiated SSL/TLS renegotiation 650 - Fix "Source and destination overlap in memcpy" Valgrind errors 651 - Reduce crashes due to unexpected ClientHttpRequest termination 652 - Update External ACL helpers error handling and caching 653 - Detect HTTP header ACL issues 654 - ... and some documentation fixes 655 656Changes to squid-3.5.23 (16 Dec 2016): 657 658 - Bug 4627: fix generate-host-certificates and dynamic_cert_mem_cache_size docs 659 - Bug 4620: NetBSD build error with --enable-ipf-transparent 660 - Bug 4567: Strange IPv6 shown in access.log 661 - Bug 4406: SIGSEV in TunnelStateData::handleConnectResponse() during reconfigure and restart 662 - Bug 4174 partial: fix Write.cc:41 "!ccb->active()" assertion. 663 - Bug 4169: HIT marked as MISS when If-None-Match does not match 664 - Bug 4007: Hang on DNS query with dead-end CNAME 665 - Bug 4004 partial: Fix segfault via Ftp::Client::readControlReply 666 - Bug 3940 partial: hostHeaderVerify failures MISS when they should be HIT 667 - Bug 3533: Cache still valid after HTTP/1.1 303 See Other 668 - Bug 3379: Combination of If-Match and a Cache Hit result in TCP Connection Failure 669 - Bug 3290: authenticate_ttl not working for digest authentication 670 - Bug 2258: bypassing cache but not destroying cache entry 671 - HTTP/1.1: make Vary:* objects cacheable 672 - HTTP/1.1: Add registered codes entry for new 103 (Early Hints) status code 673 - Support IPv6 NAT with PF for NetBSD and FreeBSD 674 - TLS: Make key= before cert= an error instead of quietly hiding the issue 675 - ... and some debug updates 676 - ... and some build fixes 677 - ... and several documentation updates 678 679Changes to squid-3.5.22 (09 Oct 2016): 680 681 - Bug 4594: build failure with clang 3.9 682 - Bug 4471: revalidation does not work when expired cached object lacks Last-Modified 683 - Bug 4302 pt2: IPv6 support for IPFilter v5 transparent interception 684 - Bug 4228: ./configure bug/typo in r14394 685 - Bug 3819: "fd >= 0" assertion in file_write() during reconfiguration 686 - Bug 2833: Collapse internal revalidation requests (SMP-unaware caches) 687 - Fix logged request size (%http::>st) and other size-related %codes 688 - Fix some memory leaks from putenv() 689 - Fix memory leaks from url_rewrite_extras and store_id_extras on reconfigure/shutdown 690 - Fix segfault crash when debugging section 4 at level 9 691 - HTTP: MUST ignore a [revalidation] response with an older Date header 692 693Changes to squid-3.5.21 (08 Sep 2016): 694 695 - Bug 4563: duplicate code in httpMakeVaryMark 696 - Bug 4542: authentication credentials IP TTL updated incorrectly 697 - Bug 4534: assertion failure in xcalloc when using many cache_dir 698 - Bug 4428: mal-formed Cache-Control:stale-if-error header 699 - Bug 3025: Proxy-Authenticate problem using ICAP server 700 - Fix segfault via Ftp::Client::readControlReply() 701 - Fix SSL-Bump failure results in SEGFAULT 702 - HTTP/1.1: MUST always revalidate Cache-Control:no-cache responses 703 - HTTP/1.1: do not allow Proxy-Connection to override Connection header 704 - SSL: CN wildcard must only match a single domain component [fragment] 705 706Changes to squid-3.5.20 (01 Jul 2016): 707 708 - Bug 4523: smblib compile fails on NetBSD 709 - Bug 4485: off-by-one out-of-bounds Parser::Tokenizer::int64() read errors 710 - Bug 3579: assertion failed 'MemPools[type]' from dst_as ACL 711 - Fix icons loading speed 712 - Fix OpenSSL detection on FreeBSD 713 - Fix assertion failed: Write.cc:38: 'fd_table[conn->fd].flags.open' 714 - Fix SEGFAULT parsing malformed adaptation service configuration 715 - Fix ConnStateData::In::maybeMakeSpaceAvailable() logic 716 - Do not override user defined -std option 717 - Do not allow low-level debugging to hide important/critical messages 718 - Do not make bogus recvmsg(2) calls when closing UDS sockets 719 - Support unified EUI format code in external_acl_type 720 721Changes to squid-3.5.19 (09 May 2016): 722 723 - Regression Bug 4515: interception proxy hangs 724 725Changes to squid-3.5.18 (06 May 2016): 726 727 - Bug 4510: stale comment about 32KB limit on shared memory cache entries 728 - Bug 4509: EUI compile error on NetBSD 729 - Bug 4501: HTTP/1.1: normalize Host header 730 - Bug 4498: URL-unescape the login-info after extraction from URI 731 - Bug 4455: SegFault from ESIInclude::Start 732 - Prevent Squid forcing -b 2048 into the arguments for sslcrtd_program 733 - Fix TLS/SSL server handshake alert handling 734 735Changes to squid-3.5.17 (20 Apr 2016): 736 737 - Regression Bug 4480: logformat [.width_max] 738 - Regression Bug 4481: varyEvaluateMatch: Oops. Not a Vary match on second attempt 739 - Bug 4495: Unknown SSL option SSL_OP_NO_TICKET 740 - Bug 4493: theObject->sharedMemorySize() == theSegment.size() exception 741 - Bug 4483: ./configure garbles -Og option in CFLAGS 742 - Bug 4482: Solaris GCC 5.2 warning in src/ip/Intercept.cc 743 - Bug 4468: NotNode (!acl) naming: Terminate the name before strncat(name). 744 - Bug 4465: Header forgery detection leads to crash 745 - Bug 2460 partial: workaround deferred reads on shutdown and restart 746 - cachemgr.cgi: use dynamic MemBuf for internal content generation 747 - ESI: Fix several element construction issues 748 - TLS: Fix Handshake Error: ccs received early 749 - TLS: Add chained and signing cert to peek-then-bumped connections 750 - Fix some startup/shutdown crashes 751 752Changes to squid-3.5.16 (02 Apr 2016): 753 754 - Bug 4476: Removed duplicated #include lines 755 - Bug 4452: squid -z segfaults with ufs 756 - Bug 4447:FwdState.cc:447 "serverConnection() == conn" assertion 757 - Bug 4423: adding stdio: prefix to cache_log directive produces FATAL error 758 - Bug 4409: compile error when two Heimdal libraries are installed 759 - Bug 2831: Cache-control: max-age not sent on TCP_IMS_HIT/304 760 - pinger: Fix buffer overflow in Icmp6::Recv 761 - pinger: Fix select(2) to actually use max_fd 762 - pinger: drop capabilities on Linux 763 - Fix memory leak of HttpRequest objects 764 - Fix memory leak when the cache of sslcrtvalidator_program is disabled via ttl=0 765 - Fix assertion failed: Write.cc:41: "!ccb->active()" 766 - Fix crash on shutdown while cleaning up idle ICAP connections 767 - RFC 7725: Add registry entry for 451 status text 768 - ... and some build issues 769 770Changes to squid-3.5.15 (23 Feb 2016): 771 772 - Bug 3870: assertion failed: String.cc: 'len_ + len <65536' in ESI::CustomParser 773 - Fix multiple assertion on String overflows 774 - Fix unit test errors on MacOS 775 - Better handling of huge response headers. Fewer incorrect "Bug #3279" messages. 776 - Log noise reduction for eCAP 777 778Changes to squid-3.5.14 (16 Feb 2016): 779 780 - Bug 4437: Fix Segfault on Certain SSL Handshake Errors 781 - Bug 4431: C code is not compiled with CFLAGS 782 - Bug 4418: FlexibleArray compile error with GCC 6 783 - Bug 4378: assertion failed: DestinationIp.cc:60: 784 'checklist->conn() && checklist->conn()->clientConnection != NULL' 785 - Fix invalid FTP connection handling on blocked content 786 - Fix handling of shared memory left over by Squid crashes or bugs 787 - Fix mgr:config report 'qos_flows mark' output 788 - Fix compile error in CPU affinity 789 - Fix %un logging external ACL username 790 - Avoid more certificate validation memory leaks 791 - ... and some documentation updates 792 793Changes to squid-3.5.13 (06 Jan 2016): 794 795 - Bug 4397: DragonFly BSD, POSIX shared memory is implemented as filepath 796 - Bug 4387: Kerberos build errors on Solaris 797 - TLS: Support Ephemeral Elliptic Curve Diffie-Hellman (EECDH) key exchange 798 - TLS: Complete certificate chains using external intermediate certificates 799 - Avoid memory leaks when an X.509 certificate validator is used with SslBump 800 - Fix connection retry and fallback after failed server TLS connections 801 - Fix GnuTLS detection via pkg-config 802 - Fix startup crash with a misconfigured (too-small) shared memory cache 803 - ... and some documentation updates 804 805Changes to squid-3.5.12 (28 Nov 2015): 806 807 - Bug 4374: refresh_pattern config parser (%) 808 - Bug 4373: assertion 'calloutContext->redirect_state == REDIRECT_NONE' 809 - Bug 4228: links with krb5 libs despite --without options 810 - Fix SSL_get_certificate() problem detection 811 - Fix TLS handshake problem during Renegotiation 812 - Fix cache_peer forceddomain= in CONNECT 813 - Fix status code-based HTTP reason phrase for eCAP-generated messages 814 - Fix build errors in cpuafinity.cc 815 - ... and several documentation updates 816 817Changes to squid-3.5.11 (01 Nov 2015): 818 819 - Bug 3574: crashes on reconfigure and startup 820 - Bug 4347: compile errors with LibreSSL 2.3 821 - Bug 4281: copy-paste typos in src/tools.cc 822 - Bug 4279: No response from proxy for FTP-download of non-existing file 823 - Bug 4188: Bumping intercepted SSL connections does not work on Solaris 824 - Fix incorrect authentication headers on cache digest requests 825 - Fix connection stats, including %<lp, missing for persistent connections 826 - Fix invalid memory access issues in SBuf 827 - Avoid errors when parsing manager ACL in old squid.conf 828 829Changes to squid-3.5.10 (01 Oct 2015): 830 831 - Regression Fix cache_peer login=PASS(THRU) after CVE-2015-5400 832 - Regression Bug 4326: base64 binary encoder rejects data beginning with nil byte 833 - Bug 4323: Netfilter broken cross-includes with Linux 4.2 834 - Bug 4328: %un format code does not work for external ACLs in credentials-fetching rules 835 - Bug 4208: more than one port in wccp2_service_info line causes error 836 - Bug 4303: PeerConnector.cc:743 "!callback" assertion. 837 - Bug 4330: Do not use SSL_METHOD::put_cipher_by_char to determine size of SSL hello ciphers 838 - Relicense ntlm_fake_auth.pl to GPLv2+ 839 - Relicense smb_lm auth helper to GPLv2+ 840 - Relicense SSPI helper to GPLv2+ 841 - ... and several minor performance optimizations 842 843Changes to squid-3.5.9 (17 Sep 2015): 844 845 - Regression Bug 3618: ntlm_smb_lm_auth rejects correct passwords 846 - Bug 4309: incorrect extensions detection in SSL Hello messages 847 - Bug 4309: crash during Skype login 848 - Bug 4284: missing sanity checks for malloc 849 - Regression Fix: CONNECT request debugging 11,2 traces 850 - Regression Fix: Quieten UFS cache maintenance skipped warnings 851 - TLS: Support SNI on generated CONNECT after peek 852 - ... and some documentation updates 853 854Changes to squid-3.5.8 (02 Sep 2015): 855 856 - Regression Bug 4306: build portability fix in Kerberos helpers 857 - Bug 4302: IPFilter v5 transparent interception 858 - Bug 4301: compile errors with IPFilter interception 859 - Bug 4285 partial: %us is not supported in access.log 860 - Bug 4278: Docs: typo in the refresh_pattern freshness algorithm 861 - Bug 4242: compile errors with eCAP using clang-3.6 862 - Bug 3696: crash when client delay pools are activated 863 - Bug 3553: cache_swap_high ignored and maxCapacity used instead 864 - Regression Fix: FtpServer.cc:1024: "reply != NULL" assertion 865 - Fix ignore of impossible SSL bumping actions, as intended and documented 866 - Fix memory leak in Surrogate-Capability header detection 867 - Fix truncated body length when RESPMOD service aborts 868 - Reject non-chunked HTTP messages with conflicting Content-Length values 869 - Support splice for SSLv3 and TLSv1 sessions that start with an SSLv2 Hello 870 - ... and several portability and compile fixes 871 - ... and several documentation updates 872 873Changes to squid-3.5.7 (01 Aug 2015): 874 875 - Bug 4293: wrong SNI sent to server after URL-rewrite 876 - Bug 4251: incorrect instance name for memory segments in /dev/shm 877 - Bug 4227: invalid key in AuthUserHashPointer causing assertation failure 878 - Bug 3345: support %un (any available user name) format code for external ACLs. 879 - basic_smb_auth: Fix several old issues identified by Debian users 880 - Support ssl-bump splicing to origin cache_peer 881 - Fix SSL errors relayed using invalid certificates 882 - Fix crash in TcpAccepter with profiler enabled 883 - Fix some cases of ssl_crtd SSL certificate DB corruption 884 - Fix performance regression in SBuf::chop operations 885 - Improve handling of client connections on shutdown 886 - Handle exceptions during squid.conf parse 887 - Make pod2man an optional dependency 888 - ... and polishing for several cache.log notification messages 889 - ... and all fixes from squid 3.4.14 890 891Changes to squid-3.5.6 (03 Jul 2015): 892 893 - Bug 4274: ssl_crtd.8 not being installed 894 - Bug 4193: memory leak on FTP listings 895 - Bug 4183: segfault when freeing https_port clientca on reconfigure or exit 896 - Bug 3875: bad mimeLoadIconFile error handling 897 - Bug 3483: assertion failed store.cc:1866: 'isEmpty()' 898 - Bug 3329: pinned server connection is not closed properly 899 - TLS: Disable client-initiated renegotiation 900 - ext_edirectory_userip_acl: fix uninitialized variable 901 - Support custom OIDs in *_cert ACLs 902 - Fix CONNECT failover to IPv4 after trying broken IPv6 servers 903 - Use relative-URL in errorpage.css for SN.png 904 - Do not blindly forward cache peer CONNECT responses 905 - Fix assertion String.cc:221: "str" 906 - Fix assertion comm.cc:759: "Comm::IsConnOpen(conn)" in ConnStateData::getSslContextDone 907 - Translations: add Spanish US dialect alias 908 909Changes to squid-3.5.5 (28 May 2015): 910 911 - Regression Bug 4132: short_icon_urls with global_internal_static on 912 - Bug 4238: assertion Read.cc:205: "params.data == data" 913 - Bug 4236: SSL negotiation error of 'success' 914 - Bug 3930: assertion 'connIsUsable(http->getConn())' 915 - Fix assertion MemBuf.cc:380: "new_cap > (size_t) capacity" in SSL I/O buffer 916 - Fix assertion errorpage.cc:600: "entry->isEmpty()" 917 - Fix comm_connect_addr on failures returns Comm:OK 918 - Fix missing external ACL helper notes 919 - Fix "Not enough space to hold server hello message" error message 920 - Fix segmentation fault inside Adaptation::Icap::Xaction::swanSong 921 - Prevent unused ssl_crtd helpers being run 922 - ... and some code cleanup and portability updates 923 - ... and several documentation updates 924 925Changes to squid-3.5.4 (01 May 2015): 926 927 - Bug 4234: comm_connect_addr uses errno incorrectly 928 - Bug 4231: fd_open() not correctly handling UDS socket descriptions 929 - Bug 4226: digest_edirectory_auth: found but cannot be built 930 - Bug 4198: assertion failed: client_side.h:364: "sslServerBump == srvBump" 931 - Bug 3775: Disable HTTP/1.1 pipeline feature for pinned connections 932 - Fix require-proxy-header preventing HTTPS proxying and ssl-bump 933 - Fix Negotiate/Kerberos authentication request size exceeds output buffer size 934 - Fix SQUID_X509_V_ERR_DOMAIN_MISMATCH errors while accessing sites with valid certificates 935 - Add server_name ACL matching server name(s) obtained from various sources 936 - Add Kerberos support for MAC OS X 10.x 937 - Support for resuming TLS sessions 938 - ... and some portability and compile fixes 939 - ... and several documentation updates 940 - ... and all fixes from squid 3.4.13 941 942Changes to squid-3.5.3 (28 Mar 2015): 943 944 - Regression Bug 4213: negotiate_kerberos_auth: freeing non-dynamic memory 945 - Regression Bug 4206: Incorrect connection close on expect:100-continue 946 - Bug 4204: ./configure does not abort when required helpers cannot be built 947 - Bug 3805: support shared memory on MacOS X in Mem::IPC::Segment 948 - Bug 2907: high CPU usage on CONNECT when using delay pools 949 - basic_getpwnam_auth: fail authentication on crypt() failures 950 - basic_nis_auth: fail authentication on crypt() failures 951 - ext_kerberos_ldap_group_acl: Heimdal support improvements 952 - ext_wbinfo_group_acl: Perl 5.20 support 953 - ... and several compile issues 954 955Changes to squid-3.5.2 (18 Feb 2015): 956 957 - Regression Bug 4176: Digest auth too many helper lookups 958 - Regression Bug 4180: not-fully-initialized data member in ACLUserData 959 - Bug 4172: Solaris broken krb5-config 960 - Bug 4073: Cygwin compile errors 961 - Bug 3919: remove several never-true / never-false comparisons 962 - HTTPS: Add missing root CAs when validating chains that passed internal checks 963 - Fix some cbdataFree related memory leaks 964 - Quieten CBDATA 'leak' messages 965 - Set SNI information in transparent bumping mode 966 - negotiate_kerberos_auth: fix krb5.conf backward compatibility 967 - Fix memory leaks in cachemgr.cgi URL parser 968 - Fix sslproxy_options in peek-and-splice mode 969 - ... and fix several portability and build issues 970 - ... and some documentation updates 971 - ... and all fixes from squid 3.4.11 972 973Changes to squid-3.5.1 (13 Jan 2015): 974 975 - Fix handling of invalid SSL server certificates when splicing connections 976 - basic_smb_lm_auth: Simplified MSNT basic auth helper 977 - squidclient: Fix -A and -P options 978 - ... and several portability fixes 979 - ... and all fixes from squid 3.4.11 980 - ... and a lot of documentation updates 981 982Changes to squid-3.5.0.4 (21 Dec 2014): 983 984 - Bug 3826: pt 2: Provide a systemd .service file for Squid 985 - Support http_access denials of SslBump "peeked" connections. 986 - Fix DONT_VERIFY_DOMAIN ssl flag 987 - Fix peek-and-splice mode: certificate validation for domain mismatched errors 988 - negotiate_kerberos_auth: MEMORY keytab and replay cache support 989 - ... and some documentation updates 990 - ... and a large amount of code polishing (non-logic changes) 991 992Changes to squid-3.5.0.3 (09 Dec 2014): 993 994 - Bug 4146: workaround SSL Bump crash on Linux 995 - Bug 4135: Support \-escaped characters in regex patterns 996 - Bug 4131: SIGSEGV at store.cc:962 content_length > store_maxobjsize 997 - Fix delay_parameters parsing 998 - HTTP/2: handle 'PRI' method found in HTTP/1.x traffic 999 - ... and all changes from squid 3.4.10 1000 - ... and a lot of documentation updates 1001 1002Changes to squid-3.5.0.2 (31 Oct 2014): 1003 1004 - Fix FTP socket opening during reconfigure 1005 - ... and all changes from 3.4.9 1006 - ... and some build errors in rarely used code 1007 - ... and several documentation updates 1008 1009Changes to squid-3.5.0.1 (17 Oct 2014): 1010 1011 - Port from 2.7: redirector and logging urlgroup feature 1012 - Bug 4093: source-maintenance.sh bad perl -i option 1013 - Bug 3608: per-service name for workers UDS sockets 1014 - Bug 2554: 32-bit wrap in AUFS counters 1015 - Bug 1961 pt1: URL handling redesign 1016 - Bug 1202 pt1: documentation for refresh_pattern algorithms 1017 - Update Squid boilerplate copyright/license 1018 - Update the http(s)_port directives protocol= parameter 1019 - Update forward_max_tries to permit 25 server paths 1020 - Update Kerberos library detection and build options 1021 - Support ACLs on ftp_epsv directive 1022 - Support >32KB objects in cache_dir rock storage 1023 - Support client connection annotation by helpers via clt_conn_tag=TAG 1024 - Support native FTP Relay 1025 - Support libgnugss Kerberos library 1026 - Support libecap v1.0 1027 - Support SSL Peek and Splice feature 1028 - Support receiving PROXY protocol version 1 and 2 1029 - Replace --enable-ssl build option with --with-openssl 1030 - Enable -n service name command line option for all Squid builds 1031 - Enable ICAP client by default 1032 - Fix configuration file parsing bugs, related to quoted strings 1033 - Fix Windows MinGW build errors 1034 - Fix multiple TCP outgoing TOS/DiffServ bugs 1035 - Fix Cygwin /etc/resolv.conf parsing 1036 - Fix crash when sending %ssl::cert_subject to external ACL w/o certificate 1037 - Fix crash reading malformed config files 1038 - Send selected SSL version and cipher to the certificate validation helper 1039 - Validate server certificates without bumping 1040 - Add zero-copy string buffer support 1041 - Add automated squid.conf parser testing with squid -k parse 1042 - Add adaptation_service ACL 1043 - Add logformat code %tS to log transaction start time 1044 - Add logformat code %>rd to log client URL domain name 1045 - Add key_extras to proxy authentication 1046 - Add url_rewrite_extras and store_id_extras directives 1047 - Add send_hit and store_miss directives 1048 - Add collapsed_forwarding directive 1049 - Add sslproxy_cert_sign_hash directive 1050 - Add SMP SSL session cache 1051 - Add cache_peer standby connections 1052 - Add helper ext_delayer_acl 1053 - Add TCP_TUNNEL log code for CONNECT tunnels which are not SSL-bumped 1054 - Add BUILDCXX and BUILDCXXFLAGS configure options for cross-compile 1055 - Remove COSS storage in favour of Rock storage 1056 - Remove dnsserver and external DNS helper API in favour of mDNS 1057 - Remove broken mallinfo() accounting and memory tracing 1058 - Remove hierarchy_stoplist in favour of always_direct 1059 - Deprecate tag ACL type in favour of note ACL type 1060 - Deprecate urlgroup feature in favour of note ACL type 1061 - HTTP/1.1: method names are case-sensitive 1062 - HTTP/1.1: register new headers from RFC 723x 1063 - squidclient: polish and update help display 1064 - squidclient: support TLS with GnuTLS 3.1.5+ 1065 - squidclient: support verbosity levels 1066 - squidclient: --ping mode module support 1067 - url_fake_rewrite: support concurrency 1068 - storeid_file_rewrite: support concurrency 1069 - digest_file_auth: support concurrency 1070 - digest_edirectory_auth: support concurrency 1071 - digest_ldap_auth: support concurrency 1072 - ... and many error page translation updates 1073 - ... and much code cleanup and polishing 1074 1075Changes to squid-3.4.14 (01 Aug 2015): 1076 1077 - Do not blindly forward cache peer CONNECT responses (CVE-2015-5400) 1078 1079Changes to squid-3.4.13 (01 May 2015): 1080 1081 - Bug 4212: ssl_crtd crashes with corrupt database 1082 - ... and some documentation updates 1083 - ... and all fixes from squid 3.3.14 1084 1085Changes to squid-3.4.12 (18 Feb 2015): 1086 1087 - Bug 4066: Digest auth nonce indefinite rollover 1088 - Bug 3997: Excessive NTLM or Negotiate auth helper annotations 1089 - Fix several crashes when debugging enabled 1090 - Fix silent SSL/TLS failure on split-stack operating systems 1091 - HTTP/1.1: Stop emitting (Proxy-)Authentication-Info for Negotiate 1092 - HTTPS: Add TLS/SSL option NO_TICKET to http[s]_port 1093 - Remove dst ACL dependency on HTTP request message existence 1094 - Set cap_net_admin when Squid sets TOS/Diffserv packet values 1095 - ... and some documentation updates 1096 1097Changes to squid-3.4.11 (13 Jan 2015): 1098 1099 - Bug 4164: SEGFAULT when %W formating code used in errorpages 1100 - Bug 4057: Avoid on-exit crashes when adaptation is enabled. 1101 - Bug 3760: squidclient ignores --disable-ipv6 1102 - Bug 3754: configure doesnt detect IPFilter 5.1.2 system headers 1103 - Bug 3664: ssl_crtd fails to build on OpenSolaris/OpenIndiana/Solaris 11 1104 - cachemgr.cgi: memory leak in request parser 1105 - Deleting first fs left psstate->servers pointing to uninitialized memory 1106 - ... and some build issues 1107 1108Changes to squid-3.4.10 (09 Dec 2014): 1109 1110 - Bug 4148: external_acl_type header format does not accept the new libformat syntax 1111 - Bug 4145: squid_endian.h compile errors with OpenBSD 5.6 1112 - Bug 4033: Rebuild corrupted ssl_db/size file 1113 - Bug 3902: Docs: external_acl_type cache hash key 1114 - Fix segmentation fault in ACL urlpath_regex 1115 - Fix bootstrap.sh dependency on SPONSORS.list 1116 - Alternate-Protocol is a hop-by-hop header 1117 - HTTP/2: Support 421 (Misdirected Request) status code 1118 1119Changes to squid-3.4.9 (31 Oct 2014): 1120 1121 - Regression fix: ext_kerberos_ldap_group_acl typo in 3.4.7 update 1122 - Bug 4102: sslbump cert contains only a dot character in key usage extension 1123 - Bug 4093: source-maintenance.sh errors and warnings due to wrong tools/options 1124 - Bug 4088: memory leak in external_acl_type helper with cache=0 or ttl=0 1125 - Bug 4024: Bad host/IP ::1 when using IPv4-only environment 1126 - Bug 3803: ident leaks memory on failure 1127 - kerberos_ldap_group/cert_tool: Remove ksh dependency 1128 - ... and some automated code style updates 1129 - ... and some documentation updates 1130 1131Changes to squid-3.4.8 (15 Sep 2014): 1132 1133 - Fix off by one in SNMP subsystem 1134 - pinger: Fix various ICMP handling issues 1135 1136Changes to squid-3.4.7 (28 Aug 2014): 1137 1138 - Regression Fix: Kerberos LDAP authorizing groups with principle subdomain 1139 - Bug 4080: worker hangs when client identd is not responding 1140 - Bug 3966: Add KeyEncipherment when ssl-bump substitues RSA for EC 1141 - HTTP/1.1: Ignore Range headers with unidentifiable byte-range values 1142 - SSL-bump: Use v3 for fake certificate if we add _any_ certificate extension 1143 - Enable compile-time override for MAXTCPLISTENPORTS 1144 - ntlm_sspi_auth: Fix various build errors 1145 - negotiate_wrapper: Fix build issues with non-portable vfork() 1146 - negotiate_sspi_auth: Portability fixes for MinGW 1147 - ext_lm_group_acl: Portability fixes for MinGW 1148 - ... and several minor memory leaks 1149 1150Changes to squid-3.4.6 (25 Jun 2014): 1151 1152 - Regression: segmentation fault logging with %tg format specifier 1153 - Bug 4065: round-robin neighbor selection with unequal weights 1154 - Bug 4056: assertion MemPools[type] from netdbExchangeStart() 1155 - Bug 4050: segmentation fault in CommSelectEngine::checkEvents on helper response 1156 - Fix segmentation fault setting up server SSL connnection 1157 - Fix hanging Non-HTTPS connections on SSL-bump enabled port 1158 - Fix Cache Manager actions listed more than once 1159 - ... and many minor memory leaks 1160 - ... and several portability build issues 1161 - ... and some documentation updates 1162 1163Changes to squid-3.4.5 (02 May 2014): 1164 1165 - Regression Bug 4051: inverted test on CONNECT payload existence 1166 - Regression Fix: order dependency between cache_dir and maximum_object_size 1167 - Fix logformat %note display 1168 - Resolve 'dying from an unhandled exception: c' 1169 1170Changes to squid-3.4.4.2 (23 Apr 2014): 1171 1172 - version bump for packaging re-build with altered toolchain 1173 1174Changes to squid-3.4.4.1 (23 Apr 2014): 1175 1176 - Regression Bug 4019: Cache digest exchange segmentation fault 1177 - Regression Bug 3982: EUI logging and helpers show blank MAC address 1178 - Bug 4047: Support Android builds 1179 - Bug 4043: Remove XMALLOC_TRACE and references to sbrk(2) 1180 - Bug 4041: Missing files in compat/Makefile.am 1181 - Bug 4014: Build failure with --disable-optimizations --disable-auth 1182 - Bug 3986: (partial) assertion due to incorrect error page buffer size 1183 - Bug 3955: Solaris EUI-48 lookup leaks FDs 1184 - Bug 3371: CONNECT with data sent at once loses data 1185 - C++11: Upgrade auto-detection to use the formal -std=c++11 1186 - Crypto-NG: libnettle MD5 algorithm support 1187 - SSL-Bump: Fix Basic auth caching on bumped connections 1188 - Store-ID: Fix request URI when forwarding requests to peers 1189 - ... and fix several other build errors 1190 - ... and some documentation updates 1191 1192Changes to squid-3.4.4 (09 Mar 2014): 1193 1194 - Bug 4029: intercepted HTTPS requests bypass caching checks 1195 - Bug 4001: remove use of strsep() 1196 - Bug 3186 and 3628: Digest authentication always sending stale=false for nonce 1197 - Fix stalled concurrent rock store reads 1198 - Fix helper ID number assignment 1199 - Fix build failures from CMSG related definitions 1200 - Fix build failures from libcompat unsafe.h protections 1201 - Copyright: Relicense helpers by Treehouse Networks Ltd. 1202 - ... and all bug fixes from 3.3.12 1203 1204Changes to squid-3.4.3 (02 Feb 2014): 1205 1206 - Bug 4008: HttpHeader warnOnError should be an int not a bool 1207 - Bug 4002: clang 3.4 unable to compile 1208 - Bug 3996: Malformed DNS reply leads to crash 1209 - Bug 3995: compile error on CentOS 5 with GCC 4.1.2 1210 - Bug 3975: atomic detection cross-compilation failure 1211 - Bug 3971: "cannot aggregate mgr:client_list: cmd->profile != NULL" in SMP mode 1212 - Bug 3954: compile failure in CpuAffinity.cc 1213 - Bug 3927: tests/testRock fatal.cc required 1214 - Fix memory leak in peer Cache Digest exchange 1215 - Fix external_acl_type async loop failures 1216 - Fix destination IP address cycling 1217 - ... and a few polishing changes 1218 1219Changes to squid-3.4.2 (30 Dec 2013): 1220 1221 - Regression Bug 3980: FATAL ERROR due to max_user_ip -s option 1222 - Regression Fix: \-unescaping in quoted strings from helpers 1223 - Regression Fix: URL helper API bypassing on URL containing '=' character 1224 - Bug 3985: 60s limit introduced by balance_on_multiple_ip breaks bad IP recovery 1225 - Bug 3806: Caching responses with Vary header 1226 - Bug 3498: FTP PUT assertion 1227 - WCCPv2: Fix assertion 'Cannot convert non-IPv4 to IPv4' on FreeBSD 1228 - Enable concurrency by default for SSL certificate validator 1229 - ... and fix several build errors 1230 1231Changes to squid-3.4.1 (09 Dec 2013): 1232 1233 - Bug 3935: Invalid pointer dereference when peeking at origin server certificate 1234 - Bug 3589: intercepted and ICAP modified request using a cache_peer 1235 - ... and several portability fixes 1236 - ... and some documentation updates 1237 1238Changes to squid-3.4.0.3 (01 Dec 2013): 1239 1240 - Bug 3941: Release notes error 1241 - Receive annotations from authentication and external ACL helpers 1242 - basic_nis_auth: Improved portability 1243 - ... and several documentation updates 1244 - ... and all bug fixes from 3.3.9, 3.3.10, 3.3.11 1245 1246Changes to squid-3.4.0.2 (03 Oct 2013): 1247 1248 - Regression Bug 3891: squid.conf parser errors in 3.4.0.1 1249 - Regression Fix: re-disable MinGW C++11 support 1250 - Bug 3914: partial: make squidclient tool build cleanly with -Wconversion 1251 - Fix memory leak in refresh_pattern parsing 1252 - negotiate_kerberos_auth: upgrade to present group= keys 1253 - Handle NTLM helper returning OK without user= value 1254 - Add dns_multicast_local to control mDNS operation 1255 - Add --disable-arch-native build option 1256 - Display Build-Info in cache manager info report 1257 - ... and all changes from squid 3.3.9 1258 - ... and some code and debug output polishing 1259 1260Changes to squid-3.4.0.1 (29 Jul 2013): 1261 1262 - Port from 2.7: StoreURL (renamed Store-ID) support 1263 - Bug 3795: fix several mistakes in the MIB file 1264 - Bug 3793: configure: improved helper detection 1265 - Bug 3722: Invalid markup in Armenian hy ERR_ONLY_IF_CACHED_MISS 1266 - Bug 3676: Support GCC 4.7 with -Wshadow option 1267 - Bug 3643: NTLM helpers stuck in reserved state by Safari 1268 - Bug 3389: Auto-reconnect for tcp access_log 1269 - Bug 2066: squid does not do chdir() after chroot() 1270 - Fix uninitialized fields in IcapLogEntry 1271 - Fix a number of minor issues detected by Coverity Scan 1272 - Fix some potential memory leaks detected by Coverity Scan 1273 - Fix 64-bit support for Intel compiler suite (ICC) and other similar compilers 1274 - Fix ACL matching algorithm to avoid repeating tests 1275 - basic_pam_auth: Add -r option to strip NTLM/Negotiate domain from username 1276 - squidpurge: fix META TLV parsing issues 1277 - squid.conf: enforce all the directive and option names are lower-case 1278 - Support EUI on HTTPS and FTP data connections 1279 - Support OK/ERR/BH response codes from any helper 1280 - Support No-lookup flag (-n) on DNS ACLs 1281 - Support -march=native compiler optimization by default 1282 - Support forwarding intercepted but not bumped connections to cache_peers 1283 - Support IPv6 NAT interception on Linux and some BSD 1284 - Deprecate log_icap and log_access configuration directives 1285 - HTTP/1.1: improved method invalidation and cacheability detection 1286 - HTTP/1.1: support length configuration for pipeline_prefetch queue 1287 - Improved TPROXY support for OpenBSD and FreeBSD 1288 - Add storeid_file_rewrite helper to perform Store-ID rewrites from a rules file 1289 - Add all-of and any-of ACL types for grouping sets of ACL tests 1290 - Add note directive for transaction annotations 1291 - Add %note log format for transaction annotation logging 1292 - Add note ACL type for matching annotated transactions with by annotation name or value 1293 - Add kv-pair support to URL-rewrite/redirector interface 1294 - Add SSL server certificate validator interface, helper and result cache 1295 - Add SSL server certificate fingerprint ACL type 1296 - Add spoof_client_ip access control 1297 - Add pt-bz (Belize Portuguese) dialect to translations 1298 - ... and many Windows portability changes (still incomplete) 1299 - ... and many documentation changes 1300 - ... and much code cleanup and polishing 1301 1302Changes to squid-3.3.14 (01 May 2015): 1303 1304 - Bug 4093: source-maintenance.sh errors and warnings due to wrong tools/options 1305 - ... and some documentation updates 1306 - ... and all fixes from squid 3.2.14 1307 1308Changes to squid-3.3.13 (28 Aug 2014): 1309 1310 - Fix segmentation fault setting up server SSL connnection 1311 - HTTP/1.1: Ignore Range headers with unidentifiable byte-range values 1312 1313Changes to squid-3.3.12 (09 Mar 2014): 1314 1315 - Regression Bug 3769: client_netmask not evaluated since Comm redesign 1316 - Bug 4026: Fix SSL and adaptation_access handling of aborted connections 1317 - Bug 3969: Fix credentials caching for Digest authentication 1318 - Bug 3806: Caching responses with Vary header 1319 - Fix umask default on crash report generated email 1320 - Fix pthread library detection on FreeBSD 10 1321 - Avoid assertions on Range requests that trigger Squid-generated errors. 1322 1323Changes to squid-3.3.11 (01 Dec 2013): 1324 1325 - Regression Bug 3936: error-details.txt parse error with OpenSSL since 3.3.9 1326 - Bug 3972: Segfault when getting the deny_info page ID after a reconfigure 1327 - Bug 3970: max_filedescriptors disabled due to missing setrlimit 1328 - Bug 3967: ipc/Kid.cc compilation failure: 'time' was not declared in this scope 1329 - Bug 3960: DEAD cache_peer are not revived 1330 - Bug 3956: xstrndup: tried to dup a NULL pointer 1331 - Bug 3906: Filedescriptor leaks in SNMP 1332 - Bug 3782: Digest authentication not obeying nonce_max_count 1333 - HTTP/1.1: Make header parser obey relaxed_header_parser 1334 - HTTP/1.1: Re-compute Range response content offset after an FTP response was adapted 1335 - SMP: Replace blocking sleep(3) and close UDS socket on failures 1336 - Windows: fix several compile errors 1337 1338Changes to squid-3.3.10 (03 Nov 2013): 1339 1340 - Bug 3929: request_header_add not working for tunnel requests 1341 - Bug 3923: cbdata and undefined behavior due to dynamic runtime enumeration 1342 - Bug 3918: Self Test Failures on Mac OS X 10.8 1343 - Bug 3887: tcp_outgoing_tos not working for IPv6 1344 - Bug 3836: Fix issues with automake 1.13+ and make check 1345 - Bug 3480: StoreEntry::kickProducer() segfaults in store_client::copy() 1346 - Fix pinning hierarchy log information 1347 - Fix close idle client connections associated with closed idle pinned connections. 1348 - Fix cbdata 'error: expression result unused' errors 1349 - Avoid "hot idle": A series of rapid select() calls with zero timeout. 1350 - Append Connection:close to OPTIONS requests when icap_persistent_connections is off 1351 - ntlm_fake_auth: pass DOMAIN data to Squid in original case 1352 - kerberos_ldap_group: fix LDAP string duplication 1353 - Use IPv6 localhost nameserver on DNS configuration errors 1354 - Add cache_miss_revalidate 1355 - ... and several portability improvements 1356 1357Changes to squid-3.3.9 (11 Sep 2013): 1358 1359 - Regression Bug 3077: off-by-one error in Digest header decoding 1360 - Bug 3895: fix acl_uses_indirect_client and cache_peer_access 1361 - Bug 3879: assertion failed ConnStateData::validatePinnedConnection 1362 - Bug 3863: myportname acl causes segmentation fault 1363 - Bug 3849: Duplicate certificate sent when using https_port 1364 - Bug 2287: Better fix for unsupported HTTP version handling 1365 - Bug 2112: Reload into If-None-Match 1366 - Fix several assert with side effects in ICAP/eCAP response handling 1367 - Fix myportname ACL on ICAP/eCAP transactions 1368 - Fix external ACL user:pass detail logging after adaptation 1369 - Fix SMP mgr:info report 'Largest file desc currently in use' 1370 - Handle infinite certificate validation loops caused by OpenSSL Bug 3090. 1371 - Improved compatibility with gcc 4.8, clang and icc 1372 - Show number of available filedescriptors when reserved FD changes 1373 - Sync with newest OpenSSL error codes 1374 - Register Http2-Settings header 1375 - ... and many Windows portability fixes 1376 1377Changes to squid-3.3.8 (13 Jul 2013): 1378 1379 - Bug 3869: assertion failed: MemBuf.cc:272: size < capacity 1380 - Improved handling of port values in Host: header validation 1381 1382Changes to squid-3.3.7 (11 Jul 2013): 1383 1384 - Bug 3297: Fix openSSL related build failures 1385 - Fix build on FreeBSD 9.x platform with clang 1386 - Protect against buffer overrun in DNS query generation 1387 1388Changes to squid-3.3.6 (01 Jul 2013): 1389 1390 - Bug 3854: pt1: compile errors on AIX 1391 - Bug 3802: Fix wrong check inside Format::Format::assemble 1392 - Bug 3762: remove bogus WARNING in cache.log 1393 - Bug 3717: assertion failed with dstdom_regex with IP based URL 1394 - Bug 1991: kqueue causes SSL to hang 1395 - Ask for SSL key password when started with -N but without sslpassword_program 1396 - Make sure %<tt includes all [failed] connection attempts 1397 - Support HTTP reply ACLs in icap_log and log_icap 1398 - Fix incorrect external_acl_type codes 1399 - Fix ICAP logging request headers and segmentation faults 1400 - ... and some documentation polish 1401 1402Changes to squid-3.3.5 (20 May 2013): 1403 1404 - Bug 3851: Delay Pool class 5 tag:levels displayed incorrectly in cache manager 1405 - Bug 3845: http_port tcpkeepalive= option fails parsing 1406 - Bug 3840: assertion failed 'sde' in UFS cache loading 1407 - Bug 3836: make check failures with automake-1.13 1408 - Bug 3827: Remove AccessLogEntry::cache.authuser 1409 - Bug 3816 pt2: SSL_get_certificate call inside Ssl::verifySslCertificate crashes 1410 - Bug 3780: cachemgr.cgi: output problem in HTTP Header Statistics 1411 - Bug 3759: OpenSSL compilation error on stock Fedora17, RHEL, CentOS 6 systems 1412 - Bug 3744: squid terminated: FATAL: Bungled (null) line 3: sslproxy_cert_sign signTrusted all 1413 - Port from 2.6: external acl %ACL and %DATA tags 1414 - Update copyright on SN.png 1415 - ... and several minor memory leaks 1416 - ... and some documentation polish 1417 1418Changes to squid-3.3.4 (27 Apr 2013): 1419 1420 - Bug 3831: basic_ncsa_auth Blowfish and SHA support 1421 - Bug 3816: SSL_get_certificate call inside Ssl::verifySslCertificate crashes 1422 - Bug 3794: MacOS: workaround compiler errors and case-insensitivity 1423 - Bug 3781: Proxy Authentication not sent to cache_peer 1424 - Bug 3720 pt1: SourceLayout: shuffle fd_table definition into fde.h 1425 - Bug 3720 pt2: Add missing include in /dev/poll I/O module 1426 - Bug 3674: Improve compiler detection, better support warnings-as-errors on clang 1427 - Add support for TPROXY on BSD 1428 - Fix SSL Bump bypass for intercepted traffic 1429 - Fix memory leaks in ConnStateData pinning 1430 - Fix external_acl.cc "inBackground" assertion on queue overloads 1431 - CacheMgr: fix missing column separator in helper stats 1432 - OpenBSD: libpthreads requires OpenBSD 5.2 or later 1433 - ... and lots of documentation updates 1434 - ... and all changes from squid 3.2.10 1435 1436Changes to squid-3.3.3 (12 Mar 2013): 1437 1438 - Bug 3720: Add missing include in /dev/poll I/O module (pt2) 1439 - ... and all changes from squid 3.2.9 1440 1441Changes to squid-3.3.2 (02 Mar 2013): 1442 1443 - Bug 3781: Proxy Authentication not sent to cache_peer 1444 - Bug 3794: MacOS: workaround compiler errors 1445 - Bug 3720: Compile error in Solaris /OpenIndiana 1446 - ... and all changes from squid 3.2.8 1447 1448Changes to squid-3.3.1 (09 Feb 2013): 1449 1450 - Bug 3726: build errors with --disable-ssl 1451 - Propigate pinned connection persistency and closures to the client. 1452 - Mimic SSL certificate Key Usage and Basic Constraints 1453 - Fix segmentation fault on missing squid.conf values 1454 - ext_sql_session_acl: Fix hex decoding on UID 1455 - ... and some code polish 1456 - ... and a lot of documentation polish 1457 - ... and all changes from squid 3.2.7 1458 1459Changes to squid-3.3.0.3 (09 Jan 2013): 1460 1461 - Bug 3729: 32-bit overflow in parsing 64-bit configuration values 1462 - Bug 3728: Improve debug for cache_dir 1463 - Additional fixes for CVE-2012-5643 / SQUID:2012-1 1464 - kerberos_ldap_group: support multiple groups in squid.conf ACL definition 1465 - kqueue: update status from experimental to fully available net I/O method 1466 - ... and many memory leaks and potential bugs detected by Coverity Scan 1467 1468Changes to squid-3.3.0.2 (03 Dec 2012): 1469 1470 - Support matching empty header field values using req_header and rep_header 1471 - ... and some minor code polish and input vaidations 1472 - ... and all changes from squid 3.2.4 1473 1474Changes to squid-3.3.0.1 (21 Oct 2012): 1475 1476 - Bug 3610: Add peername_regex ACL 1477 - Bug 3239: rename myip/myport as localip/localport 1478 - Bug 3130: helpers are crashing too rapidly 1479 - Add log_db_daemon SQL Database Logging Daemon 1480 - Add ext_time_quota_acl helper managing sessions by bandwidth usage 1481 - Add request_header_add option 1482 - Support C++11 features where possible 1483 - Support bump-ssl-server-first 1484 - Support mimic SSL server certificates 1485 - Remove --enable-ntlm-fail-open 1486 - Fix TLS/SSL Options does not apply to the dynamically generated certificates 1487 - Fix SslBump stuck after error 1488 - Polish: display ACL enumeration text in debugs 1489 - ... and many portability fixes for MacOS X, Windows and others 1490 - ... and many compile error fixes 1491 - ... and a very large amount of code polish for faster compilation 1492 1493Changes to squid-3.2.14 (01 May 2015): 1494 1495 - Fix 'access_log none' to prevent following logs being used 1496 - Fix X509 server certificate domain matching 1497 - ... some documentation updates 1498 1499Changes to squid-3.2.13 (13 Jul 2013): 1500 1501 - Bug 3869: assertion failed: MemBuf.cc:272: size < capacity 1502 - Improved handling of port values in Host: header validation 1503 1504Changes to squid-3.2.12 (11 Jul 2013): 1505 1506 - Protect against buffer overrun in DNS query generation 1507 - Avoid !closing assertions when helpers call comm_read during reconfigure. 1508 - Fix several minor memory leaks during reconfigure 1509 - Remove origin_tries limiter on forwarding and permit large max_forward_tries values 1510 1511Changes to squid-3.2.11 (30 Apr 2013): 1512 1513 - Regression Bug 3839: build error: src/tools.h: No such file or directory 1514 - Update copyright on SN.png 1515 1516Changes to squid-3.2.10 (27 Apr 2013): 1517 1518 - Bug 3833: squidclient: Option '-k' is not present in man(1) page 1519 - Bug 3825: basic_ncsa_auth: segfaulting with glibc-2.17 1520 - Bug 3822: Locate LDAP and SASL headers for BSD support 1521 - Bug 3817: Memory leak in SSL cert validate for alt_name peer certs 1522 - Bug 3774: 'squid -k reconfigure' drops rock cache 1523 - Bug 3565: Resuming postponed accept kills Squid 1524 - HTTP/1.1: partial support for no-cache and private controls with parameters 1525 - ssl_crtd: fix helpers dying during startup on ARM 1526 - GNU Hurd: define MAP_NORESERVE as no-op when missing 1527 - BSD: fix enter_suid/leave_suid build errors in ip/Intercept.cc 1528 1529Changes to squid-3.2.9 (12 Mar 2013): 1530 1531 - Regression fix: Accept-Language header parse 1532 - Bug 3673: Silence 'Failed to select source' messages 1533 - Fix authentication headers sent on peer digest requests 1534 - Fix build error on Solaris, OpenIndiana, Omnios 1535 1536Changes to squid-3.2.8 (02 Mar 2013): 1537 1538 - Bug 3767: tcp_outgoing_tos/mark ACLs do not obey acl_uses_indirect_client 1539 - Bug 3763: diskd Error: no filename in shm buffer 1540 - Bug 3752: objects that cannot be cached in memory are not cached on disk 1541 - Bug 3753: Removes the domain from the cache_peer server pconn key 1542 - Bug 3749: IDENT lookup using wrong ports to identify the user 1543 - Bug 3723: tcp_outgoing_tos/mark broken for CONNECT requests 1544 - Bug 3686: cache_dir max-size default fails 1545 - Bug 3515: crash in FtpStateData::ftpTimeout 1546 - Bug 3329: Quieten orphan Comm::Connection messages 1547 - Make squid -z for cache_dir rock preserve the rock DB 1548 - Fixed several server connect problems 1549 - ... and some build issues on Solaris, OpenIndiana, MacOS X 1550 - ... and some documentation and debugs polishing 1551 1552Changes to squid-3.2.7 (01 Feb 2013): 1553 1554 - Bug 3736: Floating point exception due to divide by zero 1555 - Bug 3735: raw-IPv6 domain URLs crash if IPv6-disabled 1556 - Bug 3732: Fix ConnOpener IPv6 awareness 1557 - Bug 3729: 32-bit overflow in parsing 64-bit configuration values 1558 - Bug 3728: Improve debug for cache_dir 1559 - Bug 3687: unhandled exception: c when using interception and peers 1560 - Bug 3678: external acl grace period causes acl lookup failures 1561 - Bug 3567: Memory leak handling malformed requests 1562 - Bug 3111: Mid-term fix for the forward.cc "err" assertion 1563 - Support OpenSSL NO_Compression optio 1564 - Fix IPv6 enabled pinger on split-stack or IPv6-disabled systems 1565 - Fix "address.GetPort() != 0" assertion for helpers 1566 - ... and several minor memory leaks 1567 - ... and some cache.log message polishing 1568 1569Changes to squid-3.2.6 (09 Jan 2013): 1570 1571 - Regression Bug 3731: TOS setsockopt() requires int value 1572 - Regression Bug 3712: Rotating logs overwrites the previous log 1573 - Bug 3727: LLVM compile errors in kerberos_ldap_group 1574 - Bug 3650: Negotiate auth missing challenge token 1575 - Additional fixes for CVE-2012-5643 / SQUID:2012-1 1576 1577Changes to squid-3.2.5 (10 Dec 2012): 1578 1579 - Bug 3698: Add missing include of errno.h 1580 1581Changes to squid-3.2.4 (03 Dec 2012): 1582 1583 - Ported: urllogin ACL from squid 2.7 1584 - Bug 3688: Lots of Orphan Comm:Connections to ICAP server 1585 - Bug 3677: Port un-pinning logic changes from squid 3.3 1586 - Bug 3405: ssl_crtd crashes failing to remove certificate 1587 - ... and major bugs fixed in squid 3.1.22 1588 - Fix accept_filter on Linux 1589 - Remove 'Bungled' warning on missing component directives 1590 - ... and many buffer and memory leak issues in the bundled helpers 1591 - ... and a small amount of code polishing 1592 1593Changes to squid-3.2.3 (21 Oct 2012): 1594 1595 - Regression: SMP crashes on startup with workers > 1 1596 - Bug 3655: pinning failure breaks NTLM and Negotiate authentication 1597 - SMP: Allow a UFS cache_dir entry to coexist with a shared memory cache entry 1598 - HTTP/1.1: honour Cache-Control before Pragma:no-cache 1599 - HTTP/1.1: Cache-Control compliance upgrade 1600 - Remove obsoleted refresh_pattern ignore-no-cache option 1601 - Fix IPv6 enabled squidclient 1602 - ... and several compile fixes 1603 1604Changes to squid-3.2.2 (06 Oct 2012): 1605 1606 - Regression: Make login=PASS send no credentials when none available 1607 - Regression: Handle dstdomain duplicates and overlapping names better 1608 - Bug 3661: Segmentation fault when using more than 1 worker 1609 - Bug 3660: ACLFilledChecklist::fd set with wrong fd for sslproxy_cert_error 1610 - Bug 3658: ERR_ZERO_SIZE_OBJECT propagates out even after successful retry 1611 - Bug 3648: polish String class files 1612 - Bug 3647: parsing hier_code acl fails 1613 - Bug 3626: forwarding loops on intercepted traffic 1614 - Bug 3616: retrieve client connection for ACL checks from the related HttpRequest object 1615 - Bug 3609: several RADIUS helper improvements 1616 - Bug 3605: memory leak in Negotiate authentication 1617 - Fix small memory leak in src ACL parse 1618 - Fix maximum_single_addr_tries upgrade 1619 - Fix chunked encoding on responses carrying a Content-Range header. 1620 - Do not reuse persistent connections for PUTs to avoid ERR_ZERO_SIZE_OBJECT 1621 - ... and several compile errors 1622 1623Changes to squid-3.2.1 (15 Aug 2012): 1624 1625 - Bug 3605: memory leak in peer selection 1626 - Bug 3478: better default handling without -DSTRICT_ORIGINAL_DST 1627 - ... and some documentation updates 1628 1629Changes to squid-3.2.0.19 (02 Aug 2012): 1630 1631 - Regression Bug 3580: IDENT request makes squid crash 1632 - Regression Bug 3577: File Descriptors not properly closed 1633 - Regression Bug 3478: Allow peer selection and connection auth on intercepted traffic 1634 - Regression Fix: Restore memory caching ability 1635 - Bug 3556 Workaround: epoll assertion failed: comm.cc:1093: isOpen(fd) 1636 - Bug 3551: store_rebuild.cc:116: "store_errors == 0" assertion 1637 - Bug 3525: Do not resend nibbled PUTs and avoid "mustAutoConsume" assertion. 1638 - Avoid bogus "Disk space over limit" warnings when rebuidling dirty ufs index 1639 - Support custom headers in [request|reply]_header_* manglers 1640 - ... and much code polishing 1641 1642Changes to squid-3.2.0.18 (29 Jun 2012): 1643 1644 - Bug 3576: ICY streams being Transfer-Encoding:chunked 1645 - Bug 3537: statistics histogram leaks memory 1646 - Bug 3526: digest authentication crash 1647 - Bug 3484: Docs: sslproxy_cert_error example flawed 1648 - Bug 3462: Delay Pools and ICAP 1649 - Bug 3405: ssl_crtd crashes failing to remove certificate 1650 - Bug 3380: Mac OSX compile errors with CMSG_SPACE 1651 - Bug 3258: Requests hang when Host forgery verify fails 1652 - Bug 3186: Digest auth caches failed state without revalidating 1653 - Bug 2976: ERR_INVALID_URL for transparently captured requests when reconfiguring 1654 - Bug 2885: AIX: check and set required compiler flags 1655 - Fix ssl_crtd compile issues with libsslutil 1656 - Fix build with GCC 4.7 (and probably other C++11 compilers). 1657 - Fix double-escape of %R on deny_info redirect responses 1658 - Support status 308 Permanent Redirect 1659 - Support for TLSv1.1 and TLSv1.2 options and methods 1660 - Support passing external_acl_type credentials on ICAP 1661 - Language Updates: fr, hy, pt_BR 1662 - ... and many compile issues on Windows 1663 - ... and some minor code polish 1664 1665Changes to squid-3.2.0.17 (12 Apr 2012): 1666 1667 - Bug 3527: EUI compile errors on Mac OS X 10.5.8 PPC 1668 - Bug 3509: kQueue compile error 1669 - Bug 3505: crash in CbcPointer<Comm::ConnOpener> constructor 1670 - Bug 3441: Part 3: Replace corrupted v1 swap.state with new v2 format. 1671 - Bug 3397: do not mark connection as opened until after SYN-ACK 1672 - Bug 3193: NTLM decoder truncating strings 1673 - Windows FD handling polish and some fixes 1674 - Solaris 9/10 various build fixes 1675 - ... and some more code polish 1676 1677Changes to squid-3.2.0.16 (07 Mar 2012): 1678 1679 - Bug 3508: Correct DNS timeout handling. 1680 - Bug 3503: DNS PTR queries timeout due to wrong QIDs. 1681 - Bug 3497: Bad ssl_crtd db size file causes infinite loop 1682 - Bug 3490: part 1: SegFault opening FTP active data connections 1683 - Bug 3490: Crash writing Apache Common and Referer/Useragent logs 1684 - Bug 3458: Icon Serving (squid-internal-static) Broken 1685 - Bug 3457: Display TLS error details in ERR_SECURE_CONNECT_FAIL 1686 - Bug 3381: 32-bit overflow assertion in StatHist 1687 - Bug 3324: loadFromFile: parse error while reading template file 1688 - Support sslpassword_program for ssl-bump HTTP ports 1689 - Support CoAP protocol coap:// and coaps:// URL schemes in HTTP requests 1690 - Retry requests that failed due to a persistent connection race 1691 - Log '-' on requests with no Referer or User-Agent headers 1692 - ... and several fixes related to in-transit object performance 1693 - ... and some structural design changes for portability 1694 1695Changes to squid-3.2.0.15 (06 Feb 2012): 1696 1697 - Bug 3472: segfault with the message 'urlParse: URL too large' 1698 - Bug 3471: segfault when %la formating code used 1699 - Bug 3449: part 3: shm_open can fail with a mangled path 1700 - Bug 3449: part 4: shm_open failed (fixing memory_cache_shared defaults) 1701 - Bug 3448: 204 response problem in adaptation chains 1702 - Bug 3447: assertion failed: CommCalls.h:150: "dp" 1703 - Bug 3461: build regression in IPFilter NAT 1704 - Bug 3413: raise cbdata lock limits 1705 - Bug 3391: forwarded_for log functionality broken 1706 - Bug 3268: Squid cannot do anything else during ufs/diskd rebuild 1707 - Bug 3268: remove wrong 'Ready to serve requests.' message 1708 - Bug 2519: ssl_bump + Authentication (LDAP Digest) issues 1709 - Disable OpenSSL SSL/TLS bug workarounds by default 1710 - Send DNS A and AAAA queries in parallel 1711 - Cache Manager migration support 1712 - Allow service of internal requests over reverse-proxy ports 1713 - Fix trimMemory for unswappable objects 1714 - ... and several build and polish fixes 1715 1716Changes to squid-3.2.0.14 (12 Dec 2011): 1717 1718 - Bug 3433: Segfault closing SNMP 1719 - Bug 3420: Request body consumption races and !theConsumer exception. 1720 - Bug 3406: SSL Log Error in debug 1721 - Bug 3383: store.cc:1631: "new_status != IN_MEMORY" assertion 1722 - Bug 3383: unhandled exception: theGroupBSize > 0 1723 - Bug 3377: assertion failed: store.cc:885: "store_status == STORE_PENDING" 1724 - Bug 3367: fix inverted check on host_strict_verify 1725 - Bug 3366: assertion comm.cc:1276: isOpen(fd) via CompositePoolNode::kickReads 1726 - Bug 3364: SNMP Orphans 1727 - Bug 3301: ERR_DNS_FAIL never shown 1728 - Bug 3150: do not start useless unlinkd 1729 - ext_session_acl: version 1.2 1730 - Add adaptation_meta option 1731 - Add a mask on the qos_flows miss configuration value 1732 - Support intermediate CA in ssl-bump traffic certificates 1733 - Support SSL certificate failure details on error page 1734 - Fix flags for NAT intercept and TPROXY not set correctly 1735 - Fix fastCheck() default result on multi-line actions 1736 - Fix missing SMP shared memory statistics 1737 - Fix Comm::Write closing() assertion when retrying a failed UDP DNS query 1738 - ... and several other TCP and SMP support behaviour fixes 1739 - ... and many code polishing cleanups and fixed build errors 1740 - ... and several documentation polishings 1741 1742Changes to squid-3.2.0.13 (14 Oct 2011): 1743 1744 - Regression Bug 3363: never_direct always 'unable to forward this request at this time' 1745 - Regression Bug 3351: FTP timeout causing "store_status == STORE_PENDING" assertion 1746 - Regression Bug 3336: reconfigure assertion 'hlp->childs.n_running > 0' 1747 - Regression fix: always_direct/never_direct failures 1748 - Regression fix: stop an SSL header file being included after --disable-ssl 1749 - Regression fix: parse HTTP list headers with embedded 8-bit characters 1750 - Bug 3355: configure setting --with-swapdir ignored 1751 - Bug 3325: option to selectively enable strict host verify checks 1752 - Bug 3337: HTTP status 200 is not accepted for deny_info 1753 - Bug 3077: '\' in url query strings cause Digest authentication to fail 1754 - Support SMP worker shared memory cache 1755 - Support SMP worker shared disk cache (rock) 1756 - ext_session_acl: version 1.1 1757 - Fix Host verify: do not pinn destination IP if URL re-write has been done 1758 - Fix IPF interception 1759 - Fix ssl_crtd "Cannot add certificate to db" when updating expired cert 1760 - Fix ssl_crtd CertificateDB locking scheme 1761 - ... and all changes from 3.1.16 1762 - ... and many compile and polishing fixes 1763 1764Changes to squid-3.2.0.12 (17 Sep 2011): 1765 1766 - Regression Bug 3335: ICAP service is down 1767 - Regression Bug 3322: adapt:: and icap:: format codes do not parse 1768 - Regression Bug 3303: Support for non-English usernames in log files 1769 - Regression Bug 3259: assertion failed: Connection.cc:29: 'fd<0' after REVIVED PARENT 1770 - Regression: %I shows hostname on SSL error page 1771 - Regression: FTP outgoing port always 'in use' on PASV connections 1772 - Bug 3337: (partial) status 200 is not accepted for deny_info 1773 - Bug 3319: Inconsistencies in error messages 1774 - Bug 3281: pconn in-use while closing assertion 1775 - Bug 3243: Fix cases: raw-IPv6, case variant FQDN, internal request 1776 - Fixed max-stale check. Entities not exceeding max-stale were marked as stale 1777 - Adjust format code %la for intercepted connections 1778 - Log ICAP_ERR_GONE ICAP transaction outcome when ICAP initiator disappears early 1779 - Send RST packet when closing an ICAP connection after a transaction error 1780 - Support maximum field width for string access.log fields 1781 1782Changes to squid-3.2.0.11 (28 Aug 2011): 1783 1784 - Bug 3243: CVE-2009-0801 Bypass of browser same-origin access control 1785 - Host: authority validation of intercepted destination IP 1786 - Host: authority validation of request URL 1787 - Host: authority validation of CONNECT tunnel destination 1788 - Preserve client destination IP in intercepted communication 1789 - Regression Bug 3316: Failed to connect to nameserver using TCP 1790 - Regression Bug 3311: segmentation fault in getMyPort() with only intercept port set 1791 - Regression Bug 3310: %<pt translates as %<p 1792 - Regression Bug 3301: ERR_DNS_FAIL never shown (partial) 1793 - Regression Bug 3288: %<la and %<lp not displaying 1794 - Bug 3289: cache manager parameters not parsed without password 1795 - Bug 2279: Log Format options to log server source IP and port 1796 - Bug 3211: ssl_crtd start even if no ssl-bump port is configured 1797 - Bug 3138: squidclient mgr:objects/mgr:vm_objects never ends 1798 - Bug 3118: ecap_enable on forces icap_enable on 1799 - Bug 3107: ncsa_auth DES silently truncates passwords to 8 bytes 1800 - Default to vhost for accelerator mode (reverse proxy) 1801 - Display HTTP protocol syntax at section 11 level 2 1802 - Support for using custom keys in CARP parents 1803 - Optimize regular expression ACLs 1804 - ... and a lot of code portability fixes 1805 - ... and all bugs and polish changes from 3.1.15 1806 1807Changes to squid-3.2.0.10 (24 Jul 2011): 1808 1809 - Port from 2.7: act-as-origin for reverse proxy ports 1810 - Regression fix: broken --disable-ipv6 1811 - Regression fix: negative cacheing on unknown or -1 expiry timestamp 1812 - Regression fix: vhost and defaultsite causing vport to be ignored 1813 - Regression fix: several errors in persistent connection handling 1814 - Regression Bug 3280: allow max-size unset and min-size=N for large objects 1815 - Regression Bug 3245: reconfigure assertion in MemPools[type] 1816 - Regression Bug 3274: assertion failed: CommCalls.h:144: "dp" 1817 - Regression Bug 3273: assertion comm.cc:775: Comm::IsConnOpen(conn) 1818 - Regression Bug 3269: cache.log applyQueryParams messages 1819 - Regression Bug 3264: Segmentation Fault in src/ipc/Strand.cc(54) receive: 3 1820 - Regression Bug 3246: assertion client_side.cc:1407 connIsUsable(http->getConn()) 1821 - Bug 3267: workers IPC mount points disobey --localstatedir 1822 - Bug 3248: login=NEGOTIATE sends wrong auth header to origin peers 1823 - Bug 3247: Domain from URL Stripped when going through peers 1824 - Bug 3244: wrong port for peer relayed requests 1825 - Bug 3195: kerberos_ldap_group will not build without kerberos 1826 - Bug 2862: add http(s):// support to cache manager 1827 - kerberos_ldap_group: several fixes to -S option 1828 - ssl_crtd: Add man(8) file 1829 - ... and several pieces of code cleanup and polishing. 1830 - ... and most bug fixes and updates from 3.1.14 and 3.1.15 1831 1832Changes to squid-3.2.0.9 (18 Jun 2011): 1833 1834 - Bug 3159: delay pools --disable-auth compile problems 1835 - HTTP/1.1: Support multiline quoted-string header fields 1836 - HTTP/1.1: Send 505 Unsupported Version on mangled version codes 1837 - Support configurable and translated SSL error details messages 1838 - Add log format codes for split client/server views of HTTP request line 1839 - Major upgrade of TCP connection handling 1840 - Support split-stack IPv6 to servers 1841 - Support persistent connections with tcp_outgoing_address/tcp_outgoing_tos 1842 - Optimized persistent connection handling 1843 - Optimized FTP data connection handling 1844 - Optimized TCP failure recovery 1845 - ... and all bug fixes and updates from 3.1.12.3 1846 - ... and many code polish, documentation and translation cleanups 1847 1848Changes to squid-3.2.0.8 (30 May 2011): 1849 1850 - Bug 3214: "helperHandleRead: unexpected read from ssl_crtd" errors. 1851 - Bug 3043: Properly detect Iphlpapi.h on windows 1852 - Bug 2055: Honor ICAP Max-Connections 1853 - Fix NTLM/Negotiate reply auth PASSTHRU to peers 1854 - Support SSL SNI to origin servers 1855 - Add %EXT_LOG and %EXT_TAG external_acl_type format options 1856 - Add %b tag for proxy listening port display in error pages 1857 - Optimize base64 encoding/decoding 1858 - Require libcap before enabling netfilter MARK support 1859 - Require libtool 2.2 1860 - Bundle pkg.m4 from pkg-config 0.25 for OS without pkg-config 1861 - ... and all bug fixes and updates from 3.1.12.2 1862 - ... and some documentation and code polishing 1863 1864Changes to squid-3.2.0.7 (19 Apr 2011): 1865 1866 - Regression fix: NTLM and Negotiate auth assertion "RefCountCount() == 2" 1867 - Regression fix: icons/ FHS compliance 1868 - Regression fix: Startup aborts with URL error when --disable-htcp 1869 - Bug 3192: comm.cc:216: "fd_table[fd].halfClosedReader != NULL" 1870 - Add negotiate_wrapper_auth version 1.0.1 1871 - Fixed %dt logging in the presence of REQMOD 1872 - Fixed chunked request forwarding in ICAP REQMOD presence 1873 - ... all bug fixes and updates from 3.1.12.1 1874 - ... many code polishings and display cleanups 1875 1876Changes to squid-3.2.0.6 (04 Apr 2011): 1877 1878 - Regression fix: upgrade existing icons 1879 - Regression fix: do not crash when accessing an SSL certificate with errors 1880 - Regression fix: prevent stdio log module segfaults on rotate 1881 - Regression fix: shutdown properly even if a worker process crashes on exit 1882 - Regression Bug 3159: (partial fix) ICAP and --disable-auth compile problems 1883 - Bug 3170: "Unsupported or unconfigured/inactive proxy-auth scheme" on shutdown 1884 - Bug 3105: malformed Proxy-Authorization leaks memory 1885 - Bug 3007: CONNECT to cache_peer returns 000 status code 1886 - Bug 2885: Compile errors on AIX 1887 - Support parameterized Cache Manager queries 1888 - Support libecap v0.2.0; fixed eCAP body handling and logging 1889 - Support dynamic adaptation plans that cover multiple vectoring points 1890 - Support %D details for documented OpenSSL errors 1891 - Support logging of all transactions including those with uncertain status or no sent response 1892 - Updrate negotiate_kerberos_auth to version 3.0.4sq 1893 - Update ext_kerberos_ldap_group_acl to version 1.3.0sq 1894 - Update ext_edirectory_userip_acl to version 2.1 1895 - Convert dns_timeout and dns_retransmit_interval directives to use millisecond resolution 1896 - Change the default dns_timeout value from 2 minutes to 30 seconds 1897 - Fix TCP log stream flushing on every line 1898 - ... all bug fixes and updates from 3.1.12 1899 - ... a great many compiler portability fixes 1900 - ... many code polishings and display cleanups 1901 1902Changes to squid-3.2.0.5 (12 Feb 2011): 1903 1904 - Regression Fix: profiler should not be built by default 1905 - Regression Bug 3081: assertion failed: AsyncCallQueue 1906 - Regression Bug 2948: Requests for FTP active downloads cause failed assertion 1907 - Bug 3089: FTP command output overrides directory listing 1908 - Bug 2870: --disable-auth does not work 1909 - Bug 2586: multiple memory leaks during reconfigure 1910 - Bug 2581: FTP directory listing sometimes fails 1911 - Port from 2.7: maximum staleness limits 1912 - HTTP/1.1: Support RFC 5861 Cache-Control: stale-if-error option 1913 - HTTP/1.1: Support configurable status codes for deny_info 1914 - Support upcoming "fresh message creation" eCAP API 1915 - Aggregate SNMP responses when using SMP with multiple workers 1916 - Several more Solaris, Windows and ICC support fixes 1917 - ... all bug fixes and updates from 3.1.11 1918 - ... and more code cleanup shufflings 1919 - ... and several documentation updates 1920 1921Changes to squid-3.2.0.4 (22 Dec 2010): 1922 1923 - Port 2.x: cache_dir min-size setting 1924 - Bug 3059: Crash on digest auth headers with unknown nonce 1925 - Fix cachemgr reported HTTP/ICP requests/messages per minute when multiple workers used 1926 - Fix cachemgr mem-pools reporting 1927 - Add Dynamic SSL certificate generation 1928 - Add useragent, referer, combined built-in log formats 1929 - Obsolete log_fqdn directive 1930 - Obsolete useragent/referer/forward_log directives 1931 - HTTP/1.1: Send 1.1 on CONNECT responses 1932 - Updated Kerberos support for newer GSSAPI releases 1933 - Improve handling of adapted body delivery failures in REQMOD request satisfaction mode 1934 - Improve handling of early eCAP transaction failures 1935 - Various ext_edirectory_acl fixes 1936 - ... all bug and feature fixes included in 3.1.10 release 1937 - ... and a lot of code and documentation polishing 1938 1939Changes to squid-3.2.0.3 (07 Nov 2010): 1940 1941 - Regression fix: SMP broke ICP outgoing IP lookup if no udp_outgoing_addr set 1942 - Regression fix: ESI processing of Surrogate filter 1943 - Bug 3091: bypassed ICAP errors are not counted as service failures 1944 - Bug 3048: "commio_has_callback(fd, IOCB_READ, ccb)" assertion. 1945 - Bug 3038: Detatch libmisc from libcompat 1946 - Bug 3028: Permit wbinfo_group.pl to authenticate Kerberos users with NT domain 1947 - Bug 3002: store initialization (-z) does not work with SMP configs 1948 - Bug 2999: v2.0 of ext_edirectory_userip_acl 1949 - Bug 2785: DNS needs to set EDNS options advertising Squid capabilities 1950 - Bug 595: Add %err_code and %err_detail logformat codes for transaction failures 1951 - HTTP/1.1: support If-Match and If-None-Match requests 1952 - HTTP/1.1: forward 1xx control messages to clients that support them 1953 - HTTP/1.1: send Age:0 header even if it may break IE5 1954 - HTTP/1.1: dechunk incoming requests and chunk outgoing requests 1955 - HTTP/1.1: entry is stale if request has max-age=0 1956 - HTTP/1.1: harden quoted-string parser 1957 - Add --enable-build-info for extra "squid -v" display 1958 - Add --with-swapdir=PATH to override default /var/cache/squid 1959 - Add cpu_affinity_map directive to bind workers to CPU cores 1960 - Add Netfilter MARK support for QoS 1961 - Add upgrade process for obsolete options 1962 - Add support for RFC 2965 Set-Cookie2 / Cookie2 headers 1963 - Add support for client send bandwidth limits (a.k.a., quota or delay pool) 1964 - Fixes Eui48 support on OpenBSD 1965 - Fixes cache manager support with SMP configs 1966 - ... several documentation updates 1967 - ... all bug and feature fixes included in 3.1.9 release. 1968 - ... many more code polishes and leak removals 1969 1970Changes to squid-3.2.0.2 (04 Sep 2010): 1971 1972 - Bug 3015: assertion failed: comm.cc:143: "ccb->active()" 1973 - Support rotating logs from cachemgr and squidclient 1974 - Support Kerberos authentication in squidclient 1975 - Add manual page for negotiate_kerberos_auth 1976 - Add helper ext_kerberos_ldap_group_acl to lookup Kerberos/NTLM group via LDAP 1977 - Add tool 'purge' for management of UFS/AUFS/DiskD caches (experimental) 1978 - Added log options %http::<bs and %icap::<bs 1979 - Collapse HTCP cache_peer options into one setting 1980 - Improved request smuggling attack detection. Tolerating valid benign HTTP 1981 - ... and several HTTP/1.1 compliance improvements 1982 - ... and all improvements in 3.1.7 and 3.1.8 1983 1984Changes to squid-3.2.0.1 (03 Aug 2010): 1985 1986 - Port from 2.7: Logging infrastructure updates 1987 - Port from 2.7: Unique sequence number per log line 1988 - Port from 2.6: STORE_META_OBJSIZE swapout storage type 1989 - Bug 2792: tcp_outgoing_addr does not work with TPROXY 1990 - Bug 2631: refresh_pattern store-stale option 1991 - Bug 2305: Multiple leaks and assertion crashes in authentication 1992 - Bug 1239: Much needed ACL type random 1993 - Bug 7: (partial): Migrate on-disk objects to cache_mem on hit/refresh and update 1994 - Support full Surrogate/1.0 protocol extensions to HTTP for reverse-proxies 1995 - Support SMP for essential non-caching functionality 1996 - Support logging over TCP 1997 - Support Solaris 10 pthreads (experimental) 1998 - Support Kerberos login to peers 1999 - Support EUI / MAC in more environments 2000 - Support format tags in deny_info URLs 2001 - Support running helpers on-demand instead of all at startup 2002 - Support fully transparent login=PASSTHRU of authentication headers to peers 2003 - Support multi-lingual localised FTP directory listings 2004 - Support TPROXYv4 spoofing of X-Forwarded-For client address 2005 - Support ICAP 206 Partial Content extension 2006 - Append the _ABORTED or _TIMEDOUT suffixes to the action access.log field 2007 - Add ACL support to range_offset_limit 2008 - Add helpers for url_rewrite 2009 - Add helper multiplexer for concurrency emulation with legacy helpers 2010 - Add Perl library which facilitates parsing access logfile entries. 2011 - Add a simple script to summarise traffic use per user 2012 - Add templates for captive portal proxy configuration instructions 2013 - Add logging of the local TCP port used by transactions with HTTP servers 2014 - Update mswin_check_ad_group to version 2.0 2015 - Update squid_kerb_auth helper to version 3.0.2 2016 - Remove double-language error page hack (replaced by locale auto-negotiation) 2017 - Remove TPROXYv2 support (replaced by TPROXYv4) 2018 - Remove no_check.pl NTLM helper (replaced by ntlm_fake_auth) 2019 - Re-work ./configure script for smarter auto-detect and early error checks 2020 - Auto-enable all features by default 2021 - Workaround com_err.h C++ brokenness triggered by OpenSSL includes 2022 - Helpers naming scheme 2023 - Add support for write timeouts 2024 - Modify icap_service_failure_limit option to forget old ICAP errors 2025 - Updated man(8) manuals including several additions and translations 2026 - ... and a great many code cleanups 2027 - ... and a great many testing improvements 2028 - ... and many documentation updates 2029 2030Changes to squid-3.1.23 (09 Jan 2013): 2031 2032 - Additional fixes for CVE-2012-5643 / SQUID:2012-1 2033 2034Changes to squid-3.1.22 (03 Dec 2012): 2035 2036 - Bug 3685: Squid hangs in Delay Pools ClassCBucket::update 2037 - Bug 3659: read_timeout problem with HTTPS 2038 - Bug 3654: Fix IPv6 enabled squidclient 2039 - Bug 3189: AIO thread race on pipe() initialization 2040 - cachemgr.cgi: Memory Leaks and DoS Vulnerability 2041 2042Changes to squid-3.1.21 (23 Sep 2012): 2043 2044 - Bug 3622: peerClearRRStart scheduling multiple events 2045 - Bug 3615: configure check for default max number of FDs is broken 2046 - Bug 3607: --enable-auth documented default action incorrect 2047 - Bug 3593: socket failure: Address family not supported by protocol 2048 - Bug 3584: Detection of setresuid() is broken 2049 - Bug 3568: Consolidate external_acl_type config dumping and add missing %% 2050 - Bug 3564: eCAP not supporting CoAP URI schemes 2051 - Bug 3484: Docs: sslproxy_cert_error example flawed 2052 - Bug 3462: Delay Pools and ICAP 2053 - Bug 3133: better fix: Memory leak handling requests for sites that don't exist 2054 - Bug 2976: ERR_INVALID_URL for transparently captured requests when reconfiguring 2055 - Silence IOS 15.1 unknown capabilities messages. 2056 - Account for Store disk client quota when bandwidth-limiting the server. 2057 - ... and several documentation fixes 2058 - ... and several compile fixes 2059 2060Changes to squid-3.1.20 (08 Jun 2012): 2061 2062 - Regression Bug 3545: FreeBSD dnsserver segfaults 2063 - Regression Bug 3504: clientside_tos fails to mark traffic 2064 - Bug 3539: CONNECT server connection not closed correctly on errors 2065 - Bug 3502: client timeout uses server-side read_timeout, not request_timeout 2066 - Bug 3466: Adaptation stuck on last single-byte body piece 2067 - Bug 3463: dnsserver fails to compile 2068 - Bug 3439: correct external_acl_type documented default for ipv4/ipv6 option 2069 - Bug 3390: Proxy auth data visible to scripts 2070 - Bug 3263: ssl_crtd: undefined references to squid_curtime 2071 - Bug 3233: Invalid URL accepted with url host is white spaces 2072 - Bug 3133: Memory leak handling requests for sites that don't exist 2073 - Bug 3074: Improper URL handling with empty path (RFC 3986) 2074 - Bug 3013: segmentation fault on shutdown commSetCloseOnExec at comm.cc:1889 2075 - Regression: snmp/udp address directives not resolving hostname 2076 - Better helper-to-Squid buffer size management. 2077 - Support CoAP over HTTP (coap:// and coaps:// URLs) 2078 - Support for 3.2 error template codes 2079 2080Changes to squid-3.1.19 (06 Feb 2012): 2081 2082 - Regression Bug 3441: part 2: Prevent further cache size corruption of swap.state 2083 - Bug 3473: erase last uses of obsolete auth_user_hash_pointer 2084 - Bug 3470: GCC 4.7 2085 - Bug 3442: assertion failed: external_acl.cc:908: ch->auth_user_request != NULL 2086 - Bug 3441: part 1: Minimize cache size corruption by malformed swap.state 2087 - Bug 3440: compile error in Adaptation 2088 - Bug 3420: Request body consumption races and !theConsumer exception 2089 - Bug 3370: external ACL sometimes skipping 2090 - Bug 3085: Crash when parsing esi:include 2091 - HTTP/1.1: do not add 110 and 111 Warnings to revalidated responses 2092 - Fix SSL library dependency fixes 2093 2094Changes to squid-3.1.18 (03 Dec 2011): 2095 2096 - Regression: compile error in FTP 2097 2098Changes to squid-3.1.17 (03 Dec 2011): 2099 2100 - Bug 3432: Crash logging FTP errors 2101 - Bug 3428: Active FTP data channel accepted twice 2102 - Bug 3423: access violation in URL parser 2103 - Bug 3422: Buffer overflow in recv-announce 2104 - Bug 3412: External ACL Uses Invalid Cache Entry 2105 - Bug 3408: Wrong header length leads to EFAULTs when creating UFS swap.log.new 2106 - Bug 3398: persistent server connection closed after PUT/DELETE 2107 - Bug 3299: dnsserver: various undefined references 2108 - Bug 3077: '\' in url query strings cause Digest authentication to fail 2109 - Bug 2910: MemBuf may grow beyond max_capacity 2110 - Bug 2619: Excessive RAM growth due to unlimited adapted body data consumption 2111 - Bug 1243: Build overrides configured AR setting 2112 - Avoid crashes when processing bad X509 common names (CN). 2113 - Support %% in external ACL format 2114 - ... and several other compile error fixes 2115 - ... and several documentation fixes 2116 2117Changes to squid-3.1.16 (14 Oct 2011): 2118 2119 - Bug 3373: invalid URL in ERR_CACHE_ACCESS_DENIED 2120 - Bug 3368: Unhandled exceptions are not logged (workaround) 2121 - Bug 3326: miss_access incorrect default 2122 - Bug 3320: miss_access description confusing 2123 - Bug 3241: squid_kerb_auth cross compilation fix 2124 - Bug 3237: seq fault in free() from rfc1035RRDestroy 2125 - Bug 3190: Large HTTP POST stuck after early ICAP 400 error response 2126 - db_auth: display available DSN drivers on connect error 2127 - Updated OpenSSL 1.0.0 version checks 2128 - ... and several documentation fixes 2129 2130Changes to squid-3.1.15 (28 Aug 2011): 2131 2132 - Regression fix: vhost and defaultsite causing vport to be ignored 2133 - Regression Bug 3295: broken escaping in rfc1738_do_escape 2134 - Bug #3232: fails to compile with OpenSSL v1.0.0 2135 - Bug #3222: cache_peer name is not logging on CONNECT 2136 - Bug #3131: fd_table[fd].closing() assert from ConnStateData::noteMoreBodySpaceAvailable() 2137 - Bug #3217: "!fd_table[fd].closing()" from ServerStateData::noteMoreBodySpaceAvailable 2138 - Bug #3213: https sites (CONNECT) not open when using NTLM 2139 - Bug #3114: Memory leak in SSL certificate verify code 2140 - Bug #3107: ncsa_auth DES silently truncates passwords to 8 bytes 2141 - Bug #2662: cf_gen failure when cross compiling 2142 - Bug #2655: passing wrong the username to the url_rewrite_program 2143 - Bug #2495: ignore whitespace prefix on config lines 2144 - Bug #2051: 'default' cache_peer option does not match documentation 2145 - Bug #1842: Optimize order of tests in peerWouldBePinged() and peerHTTPOkay() 2146 - Bug #1791: timestampsSet does not validate Date: if server sends very old date 2147 - Correct parsing of large Gopher indexes 2148 - Enable negative cacheing on unknown or -1 expiry timestamp 2149 - Remove hierarchy_stoplist default value 2150 - Migrate cf_gen tool from C-style to C++ 2151 - ... and several documentation and compiler warning fixes 2152 2153Changes to squid-3.1.14 (04 Jul 2011): 2154 2155 - Regression Bug 3261: Could not create a DNS socket and exit 2156 2157Changes to squid-3.1.13 (01 Jul 2011): 2158 2159 - Regression Bug 3239: problems with myip/myport upgrade 2160 - Bug 3153: hung ICAP RESPMOD transactions 2161 - Update ssl_crtd to use 'OK' status inline with other helpers 2162 2163Changes to squid-3.1.12.3 (18 Jun 2011): 2164 2165 - Bug 3236: Port of %oa, %<lp and %<lp and %<la log format options 2166 - Bug 3214: unexpected read from ssl_crtd 2167 - Bug 3153: Prevent ICAP RESPMOD transactions getting stuck with the adapted body 2168 - Fix RADIUS helper resource leak 2169 - Fix segfault parsing digest auth realm 2170 - Fix segfault in parse_eol() 2171 - Fixed bypass of SSL certificate validation errors 2172 - Warn about myip/myport problems on interception proxies 2173 - Polish: display easily grepped config lines on -k parse 2174 - Fix squidclient -V option and allow non-HTTP protocols to be tested 2175 2176Changes to squid-3.1.12.2 (30 May 2011): 2177 2178 - Bug 3226: Tags from external ACLs do not correctly expire 2179 - Bug 3215: Malformed IPv6 DNS reverse lookup 2180 - Bug 3209: ssl-bumped requests forwarded unencrypted to the parent proxies/caches 2181 - Bug 3205: SSL-bump starts then hangs 2182 - Bug 3178: gcc-4.6 complains unused variables 2183 - Bug 3122: Unknown record type in WCCPv2 Packet (6) 2184 - Bug 2965 (partial): Compile errors on MinGW 2185 - Fix to only ssl-bump CONNECT requests if they are about to be tunneled 2186 - Fix cache manager display of -i/+i in regex ACL config display 2187 - Fix cache manager display of cache_peer options userhash and sourcehash 2188 - Fix URL re-writer loosing many transaction details 2189 - Fix always-true comparison in ICAP for some 32-bit platforms 2190 - Support for 'slow' group ACLs in ssl_bump access control 2191 - Support OpenSSL 1.0.0 built without SSLv2 2192 - Support GCC 4.6 and binutils-gold 2193 - Add CSS id attribute to BODY tag of generated error pages. 2194 - Display WARNING and ERROR when max_filedescriptors has failed 2195 2196Changes to squid-3.1.12.1 (19 Apr 2011): 2197 2198 - Port from 3.2: Dynamic SSL Certificate generation 2199 - Bug 3194: selinux may prevent ntlm_smb_lm_auth from using /tmp 2200 - Bug 3185: 3.1.11 fails to compile on OpenBSD 4.8 and 4.9 2201 - Bug 3183: Invalid URL accepted with url host part of only '@' 2202 - Display ERROR in cache.log for invalid configured paths 2203 - Cache Manager: send User-Agent header from cachemgr.cgi 2204 - ... and many portability compile fixes for non-GCC systems. 2205 2206Changes to squid-3.1.12 (04 Apr 2011): 2207 2208 - Regression fix: Use bigger buffer for server reads. 2209 - Regression fix: Add reply_header_replace directive for ability lost since 2.7 2210 - Bug 3181: /dev/poll fails to build on Solaris with GCC 4.5.0 2211 - Bug 3177: assertion failed: comm.cc:1583: "fd >= 0" 2212 - Bug 3175: IPv6 PTR lookup crashes on raw-IP URLs when IPv6 disabled 2213 - Bug 3173: Assertion bodyPipe!=NULL on SslBump CONNECT response writing failure 2214 - Bug 3164: Total memory info display 32-bit overflows 2215 - Bug 3155: Werror is hard-coded in libTrie build 2216 - Bug 3151: squid_kerb_auth: use autoconf LIBS instead of FLAGS for library linkage 2217 - Bug 2976: invalid URL on intercepted requests during reconfigure (workaround) 2218 - Bug 2720: comment in same line as cache/mem_replacement_policy causes error 2219 - Bug 2621: Provide request headers to RESPMOD when using cache_peer. 2220 - Bug 2330: AuthUser objects are never unlocked 2221 - Prevent CONNECT request relaying to origin servers 2222 - squidclient HTTP/1.1 compliance updates (Pragma and User-Agent headers) 2223 - squidclient: send Cache Manager password using -w 2224 - eCAP: give full Request-URI to adapters 2225 - ... and several debug and error display cleanups 2226 2227Changes to squid-3.1.11 (08 Feb 2011): 2228 2229 - Bug 3149: not caching eCAP adapted body 2230 - Bug 3144: redirector program blocks while reading STDIN 2231 - Bug 3140: memory leak in error page generation 2232 - Bug 3137: RADIUS auth helper does not send identifier to RADIUS server 2233 - Bug 3115: logging segfaults if access_log is set to a directory 2234 - Bug 2968: Show the Vary: headers information in cachemgr objects report 2235 - Bug 2959: remove SAMBAPREFIX dependency 2236 - Bug 2868: icc doesn't like string literal in assert checks 2237 - HTTP/1.1: Send 307 status on deny_info redirection 2238 - HTTP/1.1: Support POST/PUT with no body 2239 - HTTP/1.1: Allow persistent connections for Mozilla/3.0 User-Agents 2240 - Support RFC 5861 Cache-Control: stale-if-error option 2241 - Add ftp_eprt directive to disable EPRT extensions in FTP 2242 - Fix external_acl_type grace=0 to obey TTL 2243 - Fix IP/FQDN cache accounting to avoid idle caches on busy servers 2244 - Prevent pipeline_prefetch misconfigurations breaking NTLM/Negotiate auth 2245 - ... and some documentation updates and corrections 2246 - ... and some portability and stability fixes 2247 2248Changes to squid-3.1.10 (22 Dec 2010): 2249 2250 - Bug 3121: memory leak in DigestAuth: AuthUser object is locked twice 2251 - Bug 3113: Consuming too much memory when uploading files 2252 - Bug 3110: 'reply_body_max_size none' does not work with x-forwarded-for 2253 - Bug 3096: Consuming too much memory when delaying traffic 2254 - Bug 3091: Bypassed ICAP errors are not counted as service failures 2255 - Bug 3090: Polish FTP login error handing 2256 - Bug 3068: cache_dir capacity and usage overflows 2257 - Bug 3028: Permit wbinfo_group.pl to authenticate Kerberos users with NT domain 2258 - Bug 427: HTTP Compliance: Support If-Match and If-None-Match requests 2259 - Fix memory leak in adaptation_access 2260 - Fix /dev/poll and poll() selection priority 2261 - Fix PREFIX/var/run creation during install 2262 - Fix cachemgr http_port config report display 2263 - Add upgrade help process for obsolete options 2264 - Accept RFC 2965 Set-Cookie2 / Cookie2 headers as 'known' 2265 - HTTP/1.1: entry is stale if request has max-age=0 2266 - HTTP/1.1: do not forward TRACE with Max-Forwards: 0 after REQMOD 2267 - Toolchain update to support newer auto-tools 2268 - ... and updated error page translations 2269 - ... and updated documentation 2270 - ... and some code optimization/simplification polish 2271 2272Changes to squid-3.1.9 (25 Oct 2010): 2273 2274 - Bug 3088: dnsserver is segfaulting 2275 - Bug 3084: IPv6 without Host: header in request causes connection to hang 2276 - Bug 3082: Typo in error message 2277 - Bug 3073: tunnelStateFree memory leak of host member 2278 - Bug 3058: errorSend and ICY leak MemBuf object 2279 - Bug 3057: 64-bit Solaris 9 Squid unable to determine peer IP and port 2280 - Bug 3056: comm.cc "!fd_table[fd].closing()" assertion crash when a helper dies 2281 - Bug 3053: cache version 1 LFS support detection broken 2282 - Bug 3051: integer display overflow 2283 - Bug 3040: Lower-case domain entries from hosts and resolv.conf files 2284 - Bug 3036: adaptation_access acls cannot see myportname 2285 - Bug 3023: url_rewrite_program silently fails to rewrite on broken URLs 2286 - Bug 2964: Prevent memory leaks when ICAP transactions fail 2287 - Bug 2808: getRoundRobinParent not handling weights correctly 2288 - Bug 2793: memory statistics sometimes display wrong 2289 - Bug 2356: Port from 2.7: Solaris /dev/poll event ports support 2290 - Bug 2311: crashes with ICAP RESPMOD for HTTP body size greater than 100kb 2291 - Ensure /var/cache or jail equivalent exists on install 2292 - HTTP/1.1: delete Warnings that have warning-date different from Date 2293 - HTTP/1.1: do not remove ETag header from partial responses 2294 - HTTP/1.1: make date parser stricter to better handle malformed Expires 2295 - HTTP/1.1: improve age calculation 2296 - HTTP/1.1: reply with a 504 error if required validation fails 2297 - HTTP/1.1: add appropriate Warnings if serving a stale hit 2298 - HTTP/1.1: support requests with Cache-Control: min-fresh 2299 - HTTP/1.1: do not cache replies to requests with Cache-Control: no-store 2300 - squidclient: Display IP(s) connected to in verbose (-v) display 2301 - Fixes several issues with ICAP persistent connections 2302 - Fixes small leaks in Netdb, DNS, ICAP, ICY, HTTPS 2303 - ... and some cosmetic polishing 2304 2305Changes to squid-3.1.8 (04 Sep 2010): 2306 2307 - Bug 3033: incorrect information regarding TOS 2308 - Bug 3020: Segmentation fault: nameservers[vc->ns].vc = NULL 2309 - Bug 3005,2972: Locate LTDL headers correctly (again) 2310 - Bug 2872: leaking file descriptors 2311 - Bug 2583: pure virtual method called 2312 - Hardened DNS client against packet queue attacks 2313 - Hardened HTTP request-line parser 2314 - Several HTTP/1.1 support improvements 2315 - Improved cross-compile support 2316 - .. and several internal pointer safety fixes 2317 2318Changes to squid-3.1.7 (23 Aug 2010): 2319 2320 - Regression Bug 3021: Large DNS reply causes crash 2321 - Regression Bug 3011: ICAP, HTTPS, cache_peer probe IPv4-only port fixes 2322 - Regression Bug 2997: visible_hostname directive no longer matches docs 2323 - Bug 3012: deprecate sslBump and support ssl-bump spelling in http_port 2324 - Bug 3006: handle IPV6_V6ONLY definition missing 2325 - Bug 3004: Solaris 9 SunStudio 12 build failure 2326 - Bug 3003: inconsistent concepts in documentation of cache_dir 2327 - Bug 3001: dnsserver link issues 2328 - HTTP/1.1: default keep-alive for 1.1 clients (bug 3016) 2329 - HTTP/1.1: Improved Range header field validation 2330 - HTTP/1.1: Forward multiple unknown Cache-Control directives 2331 - HTTP/1.1: Stop sending Proxy-Connection header 2332 - Fix 32-bit wrap in refresh_pattern min/max values 2333 - ... and several documentation corrections. 2334 2335Changes to squid-3.1.6 (02 Aug 2010): 2336 2337 - Bug 2994, 2995: IPv4-only regressions 2338 - Bug 2991: Wrong parameters to fcntl() in commSetCloseOnExec() 2339 - Bug 2975: chunked requests not supported after regular ones 2340 - Fix: 32-bit overflow in reported bytes received from next hop 2341 - Fix Libtool build regressions 2342 - Limited split-stack IPv6 support. 2343 - squid_db_auth support MD5 encrypted passwords 2344 2345Changes to squid-3.1.5.1 (28 Jul 2010): 2346 2347 - Update Libtool to 2.2. 2348 - Bug 2985: search scope for digest_ldap_auth didn't work 2349 - Bug 2972: LTDL 2.2.6b compile errors 2350 - Bug 2963: Stop ignoring --with-valgrind-debug failures 2351 - Bug 2885: AIX support: several fixes 2352 - Bug 2651: crash handling NULL write callback 2353 - Fixed several memory leaks related to Range requests 2354 - Fixed Joomla DB auth handling 2355 - Fixed SASL helper build checks 2356 - Fixed several IPv6 portability problems 2357 - Updated error page translations 2358 2359Changes to squid-3.1.5 (02 Jul 2010): 2360 2361 - Bug 2967: raw-IPv6 address URL with append_domain broken 2362 - Bug 2950: HTTP responses with no Date, L-M or Expires can now be cached 2363 - Bug 2943: ICAP tokens not logged when using multiple access 2364 - Bug 2937: Fails to detect chunked encoding if not given in all lower case 2365 - Bug 2903: does not send indirect X-Client-Ip in ICAP respmod 2366 - Fix free memory corruption and off-by-one error when comparing SNMP OIDs 2367 - Port from 2.7: max_filedescriptor config option 2368 - Fix persistent_connection_after_error is meant to be on by default 2369 - ... and several build errors. 2370 2371Changes to squid-3.1.4 (30 May 2010): 2372 2373 - Bug 2933: Verification of the max. port number for WCCP2 dynamic service 2374 - Bug 2924: RADIUS helper compile issues 2375 - Bug 2922: Fix assertion failed: HttpHeader.cc: "Headers[id].stat.aliveCount" 2376 - Bug 2919: tcp_outgoing_address ACLs not obeying acl_uses_indirect_client 2377 - Bug 2896: Fix assertion failed: comm.cc:2063: "!fd_table[fd].closing()" 2378 - Bug 2879: pt2: 3.0 regression in headers end finding 2379 - Bug 2877: pt2: only output zero-size warning on reverse-proxy requests 2380 - Bug 2876: FD_SETSIZE override not working on all linux distributions 2381 - Bug 2810: common log format generates 2 lines of syslog 2382 - Bug 2789: Optimize unlimited memory pools, and correctly handle limits over 2GB 2383 - Bug 2753: Fall back on IPv4 if IPv6 is not present 2384 - Bug 2697: Adaptation leaks and extra requests after reconfiguration 2385 - Bug 2633: Fix Ecap::HeaderRep::value(name) fails when there is no named header field 2386 - Change LDAP helpers to default to LDAP version 3 if available 2387 - Add Joomla and Salted Hash support to squid_db_auth helper 2388 - Fixed IpAddress port printing for ports higher than 9999 2389 - Disable chunked memory pooling by default. 2390 - ... and several build errors. 2391 2392Changes to squid-3.1.3 (02 May 2010): 2393 2394 - Remove: Advertise 1.1 on replies to clients (broken chunked handling) 2395 - Fix tag ACL type not working 2396 2397Changes to squid-3.1.2 (01 May 2010): 2398 2399 - Bug 2913: Fix DB auth warning in new perl version 2400 - Bug 2904: Prevent automake creating incomplete files 2401 - Bug 2899: Regression: Restore lost rfc1738_unescape() data type 2402 - Bug 2895: Regression: TPROXY2 compile errors 2403 - Bug 2879: Regression: headers end-finding 2404 - Bug 2874: Accept literal IPv6 address in icap_service URL 2405 - Bug 2860: Regression: WCCPv1 handshake 2406 - Bug 2848: Pass TCP_RST to client on early disconnect 2407 - Debian Bug 578047: Correct behaviour of --enable-ipv6 2408 - HTTP/1.1: Advertise 1.1 on requests to servers 2409 - HTTP/1.1: Advertise 1.1 on replies to clients 2410 - AIX / UNIX build fixes 2411 - Cygwin build fixes 2412 - squidclient: -k option to test connection keep-alive or close 2413 - Improved helper build for wider compatibility 2414 - Ensure the PID file directory exists on install 2415 2416Changes to squid-3.1.1 (29 Mar 2010): 2417 2418 - Bug 2873: undefined symbol 2419 - Bug 2827: assertion in authentication 2420 - Remove ufsdump binary from default builds 2421 - Remove pinger from default startups 2422 - ... and several documentation updates. 2423 2424Changes to squid-3.1.0.18 (14 Mar 2010): 2425 2426 - Regression Fix: IPv4-mapped prefix, broken in 3.1.0.16 2427 - Bug 2869: Remove unused external reference 2428 - Bug 2866: Support OpenSSL 1.0 2429 - Bug 2813: Random unix_group crash at startup 2430 - Send HTTP1.1 compliant 417 responses 2431 - Associate external acl message with the request 2432 - Various Digest parser fixes 2433 - ... and all bug fixes from 3.0 up to 3.0.STABLE25 2434 2435Changes to squid-3.1.0.17 (24 Feb 2010): 2436 2437 - Regression Fix: Non-English error page UTF encoding 2438 - Bug 2616: reduce IdleConnList::removeFD messages 2439 - Bug 1843: multicast-siblings cache_peer option 2440 - Port from 2.7: X509 certificate alias-domain handling 2441 - Add adapted_http_access option 2442 - NTLMv2 support for fake NTLM helper 2443 2444Changes to squid-3.1.0.16 (01 Feb 2010): 2445 2446 - Regression Fix: Make Squid abort on all config parse failures. 2447 - Regression Bug 2811: SNMP client/peer table OID numbering 2448 - Bug 2851: Connection pinning fails when using a peer 2449 - Bug 2850: Mismatch in hier_code enum / hier_strings array 2450 - Bug 2731: Add follow_x_forwarded_for support to ICAP 2451 - Bug 2730: Regressions in follow_x_forwarded_for since Squid-2 2452 - Bug 2706: Set timestamps during ICAP request satisfaction. 2453 - Bug 2553: X-Forwarded-For with IPv6 address not handled correctly 2454 - Fix: WCCPv1 not connecting to router correctly 2455 - Remove obsolete RunCache/RunAccel scripts. 2456 - Add client_ip_max_connections 2457 - Add the http::>ha format code and make http::>h log original request headers 2458 - ... and all bug fixes from 3.0 up to 3.0.STABLE22 2459 - ... and many more minor build and display annoyances. 2460 2461Changes to squid-3.1.0.15 (23 Nov 2009): 2462 2463 - Regression Fix: myip ACL not accepted in config 2464 - Bug 2795: acl arp lookups including port 2465 - Bug 2794: ESI parsing fails on FreeBSD 2466 - Bug 2778: fix linking issues using SunCC 2467 - Bug 2724: eCAP build failure unless ICAP enabled 2468 - Bug 2628: Correct default PID location to PREFIX/var/run/squid.pid 2469 - Bug 2617: Performance degradation during processing list of dstdomain ACL's 2470 - Bug 2374: Support ICY / ICEcast / SHOUTcast streaming protocol. 2471 - Fix: 64-bit filesize issue in squidclient POST of large files 2472 - Fix: send correct Connection: header on intercepted replies 2473 - Support libtool 2.x 2474 - ESI libraries libexpat and libxml2 now optional 2475 - ESI support default enabled 2476 - Bump libcap minimum requirement to libcap 2.09+ 2477 - ARP / MAC support fixes for IPv6-mode 2478 - Add outstanding IPv6 settings to squid.conf (localnet, localhost) 2479 - ... and many additions to the background testing structure 2480 - ... and very many minor build and code cleanups for non-GCC compilers. 2481 2482Changes to squid-3.1.0.14 (27 Sep 2009): 2483 2484 - Bug 2777: Various build issues on OpenSolaris 2485 - Bug 2773: Segfault in RFC2069 Digest authentication 2486 - Bug 2747: Compile errors on Solaris 10 2487 - Bug 2735: Incomplete -fhuge-objects detection 2488 - Bug 2722: Fix http_port accel combined with CONNECT 2489 - Bug 2718: FTP sends EPSV2 on IPv4 connection 2490 - Bug 2648: stateful helpers stuck in reserved 2491 - Bug 2570: wccp2 "Here I Am" announcements not sent in memory-ony mode 2492 - Bug 2510: digest_ldap_auth uses incorrect logic with TLS 2493 - Bug 2483: bind() called before connect() 2494 - Bug 2215: config file line length limit (extended to 2 KB) 2495 - Support Accept-Language: * wildcard 2496 - Support autoconf 2.64 2497 - Support TPROXY for IPv6 traffic (requires kernel support) 2498 - Support TPROXY cache cluster behind WCCPv2 2499 - Correct ESI support to work in multi-mode Squid 2500 - Add 0.0.0.0 as an to_localhost address 2501 - DiskIO detection fixes and use optimal IO in default build. 2502 - Correct peer connect-fail-limit default of 10 2503 - Prevent squidclient sending two Accept: headers 2504 - ... all bug fixes from 3.0.STABLE19 2505 - ... and many more documentation fixes 2506 2507Changes to squid-3.1.0.13 (04 Aug 2009): 2508 2509 - Bug 2723 regression: enable PURGE requests if PURGE method ACL is present. 2510 - Fix one more internal profiler error 2511 - Language Updates: Italian, Russian 2512 - Language Updates: Add many more aliases 2513 - Add Copyright document for errors/ content 2514 - ... all bug fixes from 3.0.STABLE18 2515 - ... and several code polishing cleanups 2516 2517Changes to squid-3.1.0.12 (27 Jul 2009): 2518 2519 - Bug 2716: Chunked request Signed/Unsigned build error 2520 - Bug 2674: Remove limit on HTTP headers read. 2521 - Bug 2620: Invalid HTTP response codes causes segfault 2522 - Fix FTP EPSV negotiation parser. 2523 - Fix Via string when leak checking is enabled (valgrind etc) 2524 - ... and several documentation and testing additions 2525 2526Changes to squid-3.1.0.11 (19 Jul 2009): 2527 2528 - Bug 2087: Support adaptation sets and chains 2529 - Bug 2459: dns error message broken when error handling delayed 2530 - Support ICAP Retry 2531 - Support ICAP retries based on the ICAP responses status code 2532 - Support logging ICAP 2533 - Support logging total DNS wait time 2534 - Support logging response times of adaptation transactions 2535 - General logging enhancements 2536 - Dynamically form chains based on ICAP X-Next-Services header 2537 - Support cross-transactional ICAP header exchange 2538 - ... and much adaptation polish and improvements 2539 2540Changes to squid-3.1.0.10 (18 Jul 2009): 2541 2542 - Bug 2680: Regression Crash after rotate with no helpers running 2543 - Bug 2695: Regression in WCCPv2 L2 mask assignment 2544 - Bug 2707: Regression in FTP anonymous auth 2545 - Bug 422, 2706: RFC 2616 Date header requirements 2546 - Bug 1087: ESI processor not quoting attributes correctly. 2547 - Bug 1338: File prefetches aborted despite range_offset 2548 - Bug 2080: wbinfo_group.pl - false positive under certain conditions 2549 - Bug 2092: select loop 32-bit call counter overflows 2550 - Bug 2127: delay pools class 4 crashes with ntlm auth 2551 - Bug 2611: document fast/slow acl types 2552 - Bug 2614: Potential loss of adapted body data from eCAP adapters 2553 - Bug 2658: Missing TextException copy constructor 2554 - Bug 2659: String length overflows on append, leading to segfaults 2555 - Bug 2699: Build failure NTLM smb_lm helper 2556 - Bug 2709: TRANSLATIONS not installed 2557 - Bug 2710: squid_kerb_auth non-terminated string 2558 - Delay pools 64-bit buckets and IPv6-polish 2559 - Break forwarding loops for "transparent" or "intercept" http_ports. 2560 - Add --disable-translation option to detatch .po from error negotiation 2561 - Add squidclient man(1) page 2562 - Add localhost to default permitted networks 2563 - http_port allow-direct option to allow direct forwarding in accelerator mode 2564 - ... and many testing infrastructure updates 2565 2566Changes to squid-3.1.0.9 (26 Jun 2009): 2567 2568 - Bug 2682: Add ftp_epsv control to disable EPSV support. 2569 - Bug 2665: Detach automake system from using -I. 2570 - Bug 2395: FTP auth errors not displayed 2571 - ... also several changes and bugs closed in 3.0.STABLE16 2572 - Port from 2.7: Show local address on listening sockets 2573 - Add "tag" type acl matching tags set by external acl helpers. 2574 - Adds Language alias linker/installer/upgrade scripts 2575 - Support for GCC 4.4 2576 - Fix false NAT lookup errors on Linux 2577 - Fix many Windows port issues 2578 - Fix squid_kerb_auth helepr install location 2579 - Better detection of IPv6 stack types 2580 - Updates Licensing information for Squid 3.1 2581 - ... and many packaging portability build and install issues 2582 2583Changes to squid-3.1.0.8 (24 May 2009): 2584 2585 - Bug 2656: Pinger dies with general protection fault 2586 - Bug 2650: configure requires epoll_ctl in libepoll when --enable-epoll used 2587 - Bug 2648: Authentificator processes deferring and don't shutdown. 2588 - Bug 2645: allow squid to ignore must-revalidate 2589 - Bug 2644: auth scheme initialization is broken 2590 - Bug 2632: Make number of reforwarding tries configurable 2591 - Bug 2628: --with-pidfile=PATH option to override DEFAULT_PID_FILE 2592 - Bug 2627: HTCP Logging 2593 - Bug 2615: Call libecap::adapter::Service::start() when finalizing config. 2594 - Bug 2589: SNMP returning no data - wrong oid decoded 2595 - Bug 2571: Squid with IPv6 fails to start on kernel without IPv6 2596 - Bug 2559: Problem parsing /0 and /0.0.0.0 2597 - Bug 2404: WCCP in mask mode is broken 2598 - ... also all bugs closed by 3.0.STABLE14, 3.0.STABLE15, 3.0.STABLE16-RC1 2599 - Complete Interception multiple NAT support 2600 - Add Content-Disposition to the known headers list. 2601 - Make PEER_TCP_MAGIC_COUNT configurable 2602 - Fix pinger install location 2603 - Enable TPROXY v4 spoofing of CONNECT requests 2604 - ... and much documentation and code polishing 2605 2606Changes to squid-3.1.0.7 (08 Apr 2009): 2607 2608 - Fix: several issues with ident 2609 - Add several language translations 2610 - Upgrade code testing infrastructure 2611 - Migrate much code to build as internal libraries 2612 - Support gcc 4.4 2613 - Support doxygen 1.5.8 2614 - ... and much code polish to make things read easier 2615 2616Changes to squid-3.1.0.6 (01 Mar 2009): 2617 2618 - Regression Fix: Support HTTP/0.9 in accelerator mode 2619 - Bug 2601: Hack. Convert IPv4 netmasks to CIDR in IPv6-enabled mode 2620 - Bug 2593: Compile errors on Solaris 10 2621 - Bug 2591: adaptation_access does not work 2622 - Bug 2588: coredump in rDNS lookup 2623 - Bug 2526: default ALLOW when no list specified. 2624 - Bug 2287: Send a 505 on requests with unsupported HTTP versions 2625 - Bug 419: Hop by Hop headers MUST NOT be forwarded 2626 - Fix external_acl_type handling of SSL certificate details 2627 - Obsolete: dependency on nss_common.h and nss.h 2628 - Support libtool2 2629 - ... and various documentation and code polish 2630 2631Changes to squid-3.1.0.5 (03 Feb 2009): 2632 2633 - Bug 2583: Fixed issue in content adaptation 2634 - Bug 2576: Make translate target obey --disable-auto-locale 2635 - Bug 2571: Add DNS failover to use IPv4-only listen when IPv6 fails. 2636 - Bug 2563: 99+% CPU Usage on FTP URL 2637 - Bug 2505, 2524, 2558: fixed several issues on connection handling 2638 - Fix several issues in request parsing 2639 - Fix memory leak from logformat parsing 2640 - Fix various ESI build errors 2641 - Make configure tests use C++ instead of C 2642 - Drop special localhost conversion RFC violation. 2643 - Add Language: Arabic 2644 - ... and various documentation and code polish 2645 2646Changes to squid-3.1.0.4 (23 Jan 2009): 2647 2648 - Regression Fix: Bug 2558: rollback bug 2395 fix. 2649 - Bug 2555: Fixes to SNMP-MIB 2650 - Bug 2550: assertion comm.cc:350 !fd_table[fd].closing() 2651 - Bug 2547,2548: OSX compile errors (duplicate symbols and IPv6) 2652 - Bug 2508: comm.cc:2035 assertion fd_table[fd].closing() 2653 - Bug 2330: allow keep-alive+chunked; don't add max-age for no-cache 2654 - Polish ZPH configuration interface 2655 - Several Language Conversions to new auto-negotiate 2656 - Port from 2.7: squidclient -V and -j options for HTTP/1.1 and 0.9 testing 2657 - Fix: Pconn not being used when they should. 2658 - Fix: Fix pinger immediate shutdowns 2659 - Fix: Untangle CacheManager reports from log_fqdn 2660 - ... and all bugs fixed for 3.0.STABLE12 2661 - ... and many code polish and optimization fixes. 2662 2663Changes to squid-3.1.0.3 (5 Dec 2008): 2664 2665 - Regression Fix: StoreIOBuffer patch removed. 2666 - Regression Fix: build issues with 3.1.0.2 bundle 2667 - Security Bug 2526: default ALLOW when no list specified 2668 - Bug 2525: encoding error on error pages 2669 - Bug 2424: slow file descriptor leak 2670 - Bug 2527: ICAP compile error on g++ 4.3.2 2671 - Bug 2523: bad assertion left in from debug 2672 - Bug 2395: FTP Auth errors and others not displayed 2673 - Update squid_kerb_auth to 1.0.5 2674 with better Squid integration. 2675 - Fix cache_peer forcedomainname= option 2676 - ... and many other minor fixes 2677 2678Changes to squid-3.1.0.2 (9 Nov 2008): 2679 2680 - Bug 2516: error page templates not properly installed 2681 - Bug 2500: Solaris build issues 2682 - Fixes FreeBSD build issues 2683 - Release Notes completed 2684 - Languages: new Russian, Japanese, Chinese, and general updates 2685 - ... and other minor fixes 2686 2687Changes to squid-3.1.0.1 (27 Oct 2008): 2688 2689 - Bundled ntlm_auth helper renamed (see Release Notes before changing anything) 2690 - peername ACL added for matching against a named peer destination 2691 - configure option --with-logdir= added to select log files location 2692 - squid_kerb_auth helper updated to 1.0.3 release 2693 - Bug #740: allow external acl's to use reply headers in format 2694 - Bug #2379: obsolete dns_testnames option 2695 - Code test infrastructure expanded to configuration testing 2696 - Policy changes to negative_ttl, cache deny QUERY, refresh_pattern 2697 to bring their defaults up to RFC 2616 requirements. 2698 - Large increase in RFC 2616 standard compliance (ongoing) 2699 - squid.conf cleanups for minimal config 2700 - Connection Pinning ported from 2.6 for NTLM passthru authentication 2701 - eCAP internal adaptation module support 2702 - Localization and CSS display control of error pages 2703 - Added semi-automatic documentation of source code 2704 - Added TE chunked encoding decoder to workaround broken HTTP/1.1 servers 2705 - HTCP improvements ported from 2.7 adding HTCP CLR requests 2706 - IPv6 (Internet Protocol version 6) support 2707 - ICMPv6 (Internet Control Message Protocol version 6) support 2708 - FTP agent now supports EPSV/EPRT commands 2709 - DNS internal resolver now supports AAAA and CNAME records 2710 - SNMP peer and client tables now support IPv6 2711 - SNMP peer table supports named peers with multiple entries per IP 2712 - SslBump: Squid-in-the-middle decryption and encryption of straight 2713 CONNECT and transparently redirected SSL traffic, using configurable 2714 client- and server-side certificates. While decrypted, the traffic 2715 can be inspected using ICAP. 2716 - TPROXY version 4.1 support 2717 - IPFW and Netfilter interception methods may now both be built in one binary. 2718 - ZPH Quality of Service patch now integrated 2719 - Null store now fully obsoleted and removed 2720 - Unknown request methods all supported 2721 - Follow_x_forwarder_for ported from 2.6 2722 - Bug #2223: Follow XFF extensions added 2723 - ... and many code and documentation cleanups 2724 2725Changes to squid-3.0.STABLE26 (28 Aug 2011): 2726 2727 - Regression: header_replace for reply headers 2728 - Bug 3183: Invalid URL accepted with url host part of only '@'. 2729 - Bug 3107: ncsa_auth DES silently truncates passwords to 8 bytes 2730 - Bug 3056: comm.cc "!fd_table[fd].closing()" assertion from helperServerFree 2731 - Bug 2991: Wrong parameters to fcntl() in commSetCloseOnExec() 2732 - Bug 2933: Verification of the max. port number for WCCP2 dynamic service 2733 - Bug 2922: Fix assertion failed: HttpHeader.cc: "Headers[id].stat.aliveCount" 2734 - Regression Bug 2899: Restore lost rfc1738_unescape() data type 2735 - Regression Bug 2879: headers end finding 2736 - Bug 2876: FD_SETSIZE override not working on all linux distributions 2737 - Check for NULL and empty strings before calling str*cmp(). 2738 - Correct parsing of large Gopher indexes 2739 2740Changes to squid-3.0.STABLE25 (14 Mar 2010): 2741 2742 - Bug 2845: Rework the http digest auth parser 2743 - Bug 2787: unknown/unexpected status code messages 2744 - Bug 2507: squid_ldap_group: Strip Domain name separated by + 2745 - Bug 2367: stale=true on digest requests with unknown nonce 2746 - ... and several other minor corrections 2747 2748Changes to squid-3.0.STABLE24 (13 Feb 2010): 2749 2750 - Bug 2858: Segment violation in HTCP 2751 - Updated refresh pattern for dynamic pages 2752 2753Changes to squid-3.0.STABLE23 (02 Feb 2010): 2754 2755 - Bug 2856: removing assert() required for 3.0 patch for SQUID-2010:1 2756 - Regression Fix: Build error in Kerberos helper after library removal. 2757 2758Changes to squid-3.0.STABLE22 (01 Feb 2010): 2759 2760 - Regression Fix: Make Squid abort on all config parse failures. 2761 - Bug 2787: Reduce unexpected http status to non-critical warnings. 2762 - Bug 2496: Downloading some variants in full before relaying 2763 - Bug 2452: Add upper limit to external_acl_type entries. 2764 - Removed optional kerberos/spnegohelp/ library due to licensing issues 2765 - Add client_ip_max_connections 2766 - Handle DNS header-only packets as invalid. 2767 2768Changes to squid-3.0.STABLE21 (22 Dec 2009): 2769 2770 - Bug 2830: Clarify where NULL byte is in headers. 2771 - Bug 2778: Linking issues using SunCC 2772 - Bug 2395: FTP errors not displayed 2773 - Bug 2155: Assertion failures on malformed Content-Range response headers 2774 - Fix parsing and a few bugs in ACL time type 2775 - Fix RFC keep-alive compliance on intercepted replies 2776 - Improved security hardening on %nn parser 2777 - Replace several GCC-specific code snippets. 2778 2779Changes to squid-3.0.STABLE20 (29 Oct 2009): 2780 2781 - Bug 2794: ESI parsing on FreeBSD 2782 - Bug 2791: assertion failed: MemBuf.cc:400: new_cap > (size_t) capacity 2783 - Bug 2779: Support GNU/kFreeBSD 2784 - Bug 2773: Segfault in RFC2069 Digest authantication 2785 - Bug 2768: squid_ldap_group argument parsing error 2786 - Bug 2761: Gopher and double HTTP response header 2787 - Bug 2735: Incomplete -fhuge-objects detection 2788 - Bug 2722: prevent CONNECT via http_port with accel 2789 - Bug 2624: Invalid response for IMS request 2790 - Bug 2510: digest_ldap_auth TLS support 2791 - Correct LINUX_CAPABILITY actions on non-Linux 2792 2793Changes to squid-3.0.STABLE19 (06 Sep 2009): 2794 2795 - Bug 2745: Invalid Response error on small reads 2796 - Bug 2739: DNS resolver option ndots can't be parsed from resolv.conf 2797 - Bug 2734: some compile errors on Solaris 2798 - Bug 2648: stateful helpers stuck in reserved if client disconnects while helper busy 2799 - Bug 2541: Hang in 100% CPU loop while extacting header details using a delimiter other than comma 2800 - Bug 2362: Remove support for deferred state in stateful helpers 2801 - Add 0.0.0.0 as a to_localhost address 2802 - Docs: Improve chroot directive documentation slightly 2803 - Fixup libxml2 include magics, was failing when a configure cache was used 2804 - ... and some minor testing improvements. 2805 2806Changes to squid-3.0.STABLE18 (04 Aug 2009): 2807 2808 - Bug 2728: regression: assertion failed: !eof 2809 - Bug 2732: reply_body_max_size smaller than error page loops 2810 infinitely until out of memory 2811 - Bug 2725: pconn failure if domain or client_address are unset 2812 - Bug 2648: reserved helpers not shut down after reconfigure/rotate 2813 - Bug 2462: make check should tell when cppunit is missing 2814 - Remove excess messages about headers < minimum size 2815 - Support Libtool 2.2.6 2816 2817Changes to squid-3.0.STABLE17 (27 Jul 2009): 2818 2819 - Bug 2680 regression: Crash after rotate with no helpers running 2820 - Bug 2710: squid_kerb_auth non-terminated string 2821 - Bug 2679: strsep and strtoll detection failure 2822 - Bug 2674: Remove limit on HTTP headers read. 2823 - Bug 2659: String length overflows on append, leading to segfaults 2824 - Bug 2620: Invalid HTTP response codes causes segfault 2825 - Bug 2080: wbinfo_group.pl - false positive under certain conditions 2826 - Bug 1087: ESI processor not quoting attributes correctly. 2827 - Fix: issue with AUFS/UFS/DiskD writing objects to disk cache 2828 - Several small build issues with previous release. 2829 2830Changes to squid-3.0.STABLE16 (15 Jun 2009): 2831 2832 - Bug 2672: cacheMemMaxSize 32-bit overflow during snmpwalk 2833 - Bug 2481: Don't set expires: now in generated error responses 2834 - Bug 2387: The calculation of the number of hash buckets correctly 2835 - Fix infinite loop in MSNT auth helper 2836 - Fix FD_SETSIZE on FreeBSD 2837 - Fix stripping NT domain in squid_ldap_group 2838 - Fix RADIUS auth helper build 2839 - Add Translate: and Unless-Modified-Since: headers to known list 2840 - Make fakeauth handle NTLMv2 better 2841 - Better Kerberos support detection 2842 - Several Widows port fixes 2843 2844Changes to squid-3.0.STABLE16-RC1 (16 May 2009): 2845 2846 - Bug 1148: Ported from 3.1: Chunked Transfer Encoding 2847 - Bug 2648: NTLM helpers not shutting down when deferred 2848 2849Changes to squid-3.0.STABLE15 (06 May 2009): 2850 2851 - Regression Bug 2635: Incorrect Max-Forwards header type 2852 - Bug 2652: 'Success' error on CONNECT requests 2853 - Bug 2625: IDENT receiving errors 2854 - Bug 2610: ipfilter support detection 2855 - Bug 2578: FTP download resume failure 2856 - Bug 2536: %H on HTTPS error pages 2857 - Bug 2491: assertion "age >= 0" 2858 - Bug 2276: too many NTLM helpers running 2859 - Endian system and compiler fixes provided by the NetBSD project 2860 - documentation fixes provided by the Debian project 2861 2862Changes to squid-3.0.STABLE14 (11 Apr 2009): 2863 2864 - Regression Fix: HTTP/0.9 in accelerator mode 2865 - Bug 1232: cache_dir parameter limited to only 63 entries 2866 - Bug 1868: support HTTP 207 status 2867 - Bug 2518: assertion failure on restart/reconfigure 2868 - Bug 2588: coredump in rDNS lookup 2869 - Bug 2595: Out of bounds memory write in squid_kerb_auth 2870 - Bug 2599: Idempotent start 2871 - Bug 2605: Prevent setsid() on helpers in daemon mode 2872 - Fix external_acl_type option parsing 2873 - Fix delay pools counters on FTP 2874 - Fix several issues with ident (some remain) 2875 - Fix performance issues with persistent connections 2876 - Fix performance issues with delay pools 2877 - Fix forwarding of OPTIONS requests 2878 - Add support for HTTP 1.1 Content-Disposition header 2879 - Add support for Windows 7, Windows Server 2008 R2 and later 2880 - ... and many small documentation updates 2881 2882Changes to squid-3.0.STABLE13 (03 Feb 2009): 2883 2884 - Fix several issues in request parsing 2885 - Fix memory leak from logformat parsing 2886 - Fix various ESI build errors 2887 - ... and some documentation updates 2888 2889Changes to squid-3.0.STABLE12 (21 Jan 2009): 2890 2891 - Bug 2533: Solaris (sparc) 64-bit build breaks with gcc/g++ 2892 - Bug 2542: ICAP filters break download resume 2893 - Bug 2556: HTCP fails without icp_port 2894 - Bug 2564: logformat '%tl' field not working as advertised 2895 - Port from 3.1: TestBed basic build consistency checks 2896 - Policy: Change half_closed_clients default to off 2897 - Policy: Removed -V command line option, deprecated by 2.6 2898 - ... and several other minor code cleanups 2899 2900Changes to squid-3.0.STABLE11 (24 Dec 2008): 2901 2902 - Bug 2424: filedescriptors being left unnecessary opened 2903 - Bug 2545: fault passing ICAP filtered traffic to peers 2904 - Bug 2227: Sefgaults in MemBuf::reset during idnsSendQuery 2905 - ... and some minor admin and debug cleanups. 2906 2907Changes to squid-3.0.STABLE11-RC1 (3 Dec 2008): 2908 2909 - Removes patch causing cache of bad objects 2910 - Bug 2526: bad security default in ACLChecklist 2911 - Fixes regression: access.log request size tag 2912 - Fixes cache_peer forceddomainname=X option 2913 - ... and many minor documentation cleanups 2914 2915Changes to squid-3.0.STABLE10 (14 Oct 2008): 2916 2917 - Bug 2391: Regression: bad assert in forwarding 2918 - Bug 2447: Segfault on failed TCP DNS query 2919 - Bug 2393: DNS requests getting stuck in idns queue 2920 - Bug 2433: FTP PUT gives bad gateway 2921 - Bug 2465: Limited DragonflyBSD support 2922 - ... and other minor bugs and documentation 2923 2924Changes to squid-3.0.STABLE9 (9 Sep 2008): 2925 2926 - Policy Enforcement: COSS is unusable in 3.0 2927 - Port from 3.1: Language Pack compatibility 2928 - Port from 2.6: Windows Support Notes 2929 - Fix several minor regressions: 2930 HTCP stats reporting 2931 cachemgr delay pool config 2932 CARP build error 2933 - Bug 2340: uudecode dependency for icons removed 2934 - Bug 2352: no_check.pl ntlm challenge fix 2935 - Bug 2426: buffer increase for kerberos auth fields 2936 - Bug 2427: squid_ldap_group codes fix 2937 - Bug 2437: peer name now shown in access.log 2938 - Add sane display of unsupported method errors 2939 - ... and various other code cleanups 2940 2941Changes to squid-3.0.STABLE8 (18 Jul 2008): 2942 2943 - Port from 2.6: Support for cachemgr sub-actions 2944 - Port from 2.6: userhash peer selection method 2945 - Port from 2.6: sourcehash peer selection method 2946 - Bug 2376: round-robin balancing fixes 2947 - Bug 2388: acl documentation cleanup 2948 - Bug 2365: cachemgr.cgi HTML output encoding 2949 - Bug 2301: Regression: Log format size options 2950 - Bug 2396: Correct the opening of PF device file. 2951 - Bug 2400: ICAP accept mechanism 2952 - Bug 2411: Regression: fakeauth_auth crashes 2953 - Many fixes to the Windows support (not complete yet). 2954 - Boost error pages HTML standards. 2955 - Fixes several issues on 64-bit systems 2956 - Fixes several issues on older or stricter compilers 2957 - Linux-2.6.24/2.6.25 netfilter_ipv4.h __u32 workaround 2958 - Update Release Notes: 'all' ACL is built-in since 3.0.STABLE1 2959 2960Changes to squid-3.0.STABLE7 (22 Jun 2008): 2961 2962 - Fix several ASN issues 2963 - Fix SNMP reporting of counters 2964 - Fix round-robin algorithms 2965 - GCC 4.3 support 2966 - Netfilter v1.4.0 bug workaround 2967 - Bugs 2350 and 2323: memory issues 2968 - Bugs 2384, 951, 1566: ESI assertions 2969 - Various minor debug and documentation cleanups 2970 2971Changes to squid-3.0.STABLE6 (20 May 2008): 2972 2973 - Bug 2254: umask Feature from 2.6 added 2974 - cachemgr.cgi default config file added 2975 - Several authentication bug fixes 2976 - Improved Windows Support 2977 - better DNS lookup methods for unqualified hostames 2978 - better support for 64-bit environments 2979 - Bug 2332: Crash when tunnelling 2980 - Removed the advertisement clause from BSD licenses 2981 according to the GPLv2+ changes in BSD 2982 - ... and other bugs and minor cleanups 2983 2984Changes to squid-3.0.STABLE5 (28 Apr 2008): 2985 2986 - Support for resolv.conf 'domain' option 2987 - Improved URI support, including 2988 longer URI up to 8192 bytes accepted 2989 better handling of intercepted URI 2990 better port for non-FQDN URI lookups 2991 - Improved logging, including 2992 Bug 3210 fixed: incorrect timestamp format in earlier 3.0 releases. 2993 Fixed 'log_ip_on_direct' option behaviour 2994 - Support for profiling on x86 64-bit systems 2995 - .. and other bugs and minor code cleanups. 2996 2997Changes to squid-3.0.STABLE4 (2 Apr 2008): 2998 2999 - Bug 2288: compile error slipped into STABLE3. 3000 3001Changes to squid-3.0.STABLE3 (31 Mar 2008): 3002 3003 - Improved HTTP 1.1 support. 3004 - Improved MacOSX (Leopard) support 3005 - Bug 2206: Proxy-Authentication regression in STABLE2. 3006 - Strip Domain from NTLM usernames for use in class 4 Delay Pools 3007 - ... and other bugs and minor code cleanup 3008 3009Changes to squid-3.0.STABLE2 (1 Mar 2008): 3010 3011 - Add myportname ACL for matching the accepting port name (see release notes) 3012 - Add include directive for squid.conf (see release notes) 3013 - Add ability to strip kerberos realm from usernames during Auth 3014 - License cleanup to comply with GPLv2 or later 3015 - Updated Error Pages and Translations 3016 - Updated configuration examples 3017 - Updated valgrind support for valgrind-3.3.0 3018 - Improved support for Windows and MacOS X Leopard 3019 - Improved support for files larger than 2GB 3020 - Improved support for CARP arrays and WCCPv2 3021 - Improved cachmgr, SNMP, and log reporting 3022 - ... and as usual Many bug fixes since STABLE 1 3023 3024Changes to squid-3.0.STABLE1 (13 Dec 2007): 3025 3026 - Major rewrite translating the code to C++, originally based on 3027 Squid-2.5.STABLE1 3028 - Internal client streams concept for content adaptation 3029 - ICAP (Internet Content Adaptation Protocol) client support 3030 - ESI (Edge Side Includes) support added 3031 - Improved support for files larger than 2GB. 3032 - And a lot more. Most features from Squid-2.6 is supported, but not 3033 all. See the release notes for details. 3034 3035 3036Squid-2 ChangeLog of versions fully ported to Squid-3 follows. 3037 3038Changes to squid-2.6.STABLE22 (19 October 2008) 3039 3040 - Bug #2396: Correct the opening of the PF device file. 3041 - Make --with-large-files and --with-build-envirnment=default play 3042 nice together 3043 - Workaround for Linux-2.6.24 & 2.6.25 netfiler_ipv4.h include header 3044 __u32 problem 3045 - Make dns_nameserver work when using --disable-internal-dns on glibc 3046 based systems 3047 - Bug #2426: Increase negotiate auth token buffer size 3048 - Bug #2427: squid_ldap_group -h reports the old % codes for -f 3049 - Bug #2477: swap.state permission issues if crashing during "squid -k 3050 reconfigure" 3051 - Windows port: Fix build error using latest MinGW runtime. 3052 3053 3054 3055Older ChangeLog follows. The sections relating to Squid-2.6 is not entirely 3056authorative for this release and mirrored here for reference only. 3057 3058 - CARP now plays well with the other peering algorithms, 3059 and support for CARP peerings is compiled by default. Can be 3060 disabled by --disable-carp 3061 - Configuration file can be read from an external program 3062 or preprocessor. See squid.8 man page. 3063 - http_port is now optional, allowing for SSL only operation 3064 - Satellite and other high latency peering relations enhancements 3065 (Robert Cohren) 3066 - Nuked num32 types, and made type detection more robust by the 3067 use of typedefs rather than #defines. 3068 - the mailto links on Squid's ERR pages now contain data about the 3069 occurred error by default, so that the email will contain this data in 3070 its body. This feature can be disabled via the email_err_data directive. 3071 (Clemens L?ser) 3072 - COSS now uses a file called stripe and the path in squid.conf is the 3073 directory this is placed in. Additionally squid -z will create the 3074 COSS swapfile. 3075 - WCCPv2 support, including mask assignment support 3076 - HTCP support for access control and the CRL operation for 3077 purgeing of cache content 3078 - ICAP related fixes 3079 - Windows-related fixes, including Vista and Longhorn identification 3080 - Client-side parsing and some string use optimisations 3081 - Lots of off-by-one and memory leaks in corner cases have been fixed 3082 thanks to valgrind 3083 - Improved high-resolution profiling 3084 - Windows overlapped-IO and thread support added to the Async IO disk code 3085 - Improvements for handling large DNS replies 3086 3087Changes to squid-2.6.STABLE15 (31 Aug 2007) 3088 3089 - The select() I/O loop got broken by the /dev/poll addition 3090 (2.6.STABLE14) 3091 - Bug #2017: Fails to work around broken servers sending just the HTTP 3092 headers 3093 - Bug #2023: Compile error with old GCC 2.x or other ANSI-C compilers 3094 before C99 3095 - squid.conf.sample updated and reorganised in more sensible groups 3096 - correct and document the syslog access_log format 3097 - Armenian error pages translation 3098 - digest_ldap_helper usage help updated 3099 - Bug #1560: ftpSendPasv: getsockname(-1,..): (9) Bad file descriptor 3100 - Improve delay pools in low traffic environment by checking timeouts 3101 at a steady 1 second interval even when there is not much activity 3102 - Don't request authentication on transparently intercepted 3103 connections 3104 - Cleanup linux capabilities for tproxy 3105 - Bug #2003: 'via' config directive doesn't affect response headers 3106 - Bug #1902: Adds Numeric Hit and invalid request counters to IP Cache 3107 - Add missing $|=1 to squid_db_auth 3108 - Bug #2050: Persistent connection dropped if cache has no 3109 Content-Length 3110 - Verify the URL on memory cache hits 3111 - Bug #2057: NTLM stop work in messengers after upgrade to 2.6.STABLE14 3112 - Bug #1972: Squid sets peers to down state when they are in fact 3113 working. 3114 - potential segmentation fault in storeLocateVary() 3115 - Bug #2066: chdir after chroot 3116 - Windows port: Fix compiler warnings when building Squid as 3117 application (not Windows service mode) 3118 - Spelling correction of received 3119 3120Changes to squid-2.6.STABLE14 (15 Jul 2007) 3121 3122 - squid.conf.sample cleanup to have options in their proper sections. 3123 - documentation correction in the refresh_pattern ignore-auth option 3124 - URI-escaping not uses the recommended upper-case hex codes 3125 - refresh_pattern min-age 0 correted to really mean 0, and not 1 second 3126 - Always use xisxxxx() Squid defined macros instead of ctype 3127 functions. 3128 - Kerberos SPNEGO/Negotiate helper for the negotiate scheme 3129 - Database basic auth helper using Perl DBI to connect to most SQL DBs 3130 - Solaris /dev/poll network I/O support 3131 - configure fixes to make cross compilation somewhat easier 3132 - Removed incorrect -a reference from http_port documentation 3133 - Bug #1900: Double "squid -k shutdown" makes Squid restart again 3134 - Bug #1968: Squid hangs occasionally when using DNS search paths 3135 - Novell eDirectory digest auth helper (digest_edir_auth) 3136 - Bug #1130: min-size option for cache_dir 3137 - POP3 basic auth helper querying a POP3 server 3138 - Cosmetic squid_ldap_auth fixes from Squid-3 3139 - Bug #1085: Add no-wrap to cache manager HTML tables 3140 - Automatically restart if number of available filedescriptors becomes 3141 alarmingly low, preventing a situation where Squid would otherwise 3142 permanently stop processing requests. 3143 - Bug #2010: snmp_core.cc:828: warning: array subscript is above 3144 array bounds 3145 - Deal better with forwarding loops 3146 3147Changes to squid-2.6.STABLE13 (11 May 2007) 3148 3149 - Make sure reply headers gets sent even if there is no body available 3150 yet, fixing RealMedia streaming over HTTP issues. 3151 - Undo an accidental name change of storeUnregisterAbort. 3152 - Kill an ancient malplaced storeUnregisterAbort call from ftp.c 3153 - Bug #1814: SSL memory leak on persistent SSL connections 3154 - Don't log ECONNREFUSED/ECONNABORTED accept failures in cache.log 3155 - Cosmetic fix: added missing newline in WCCPv2 configuration dump. 3156 - Ukrainan error messages 3157 - Convert various error pages from DOS to UNIX text format 3158 - Bug #1820: COSS assertion failure t->length == MD5_DIGEST_CHARS 3159 - Clarify the max-conn=n cache_peer option syntax slightly 3160 - Bug #1892: COSS segfault on shutdown 3161 - Windows port: fix undefined ECONNABORTED 3162 - Make refreshIsCachable handle ETag as a cache validator, not 3163 only last-modified 3164 - in_port_t is not portable, use unsigned short instead 3165 - Fix fs / auth / snmp dependencies 3166 - Portability: statfs() may reqire #include <sys/statfs.h> 3167 3168Changes to squid-2.6.STABLE12 (20 Mar 2007) 3169 3170 - Assertion error on TRACE 3171 3172Changes to squid-2.6.STABLE11 (17 Mar 2007) 3173 3174 - Bug #1915: assertion failed: client_side.c:4055: "buf != NULL || 3175 !conn->body.request" 3176 - Handle garbage helper responses better in concurrent protocol format 3177 - Fix kqueue when overflowing the changes queue 3178 - Make sure the child worker process commits suicide if it could 3179 not start up 3180 - Don't log short responses at debug level 1 3181 - Fix bswap16 & bwsap32 error on NetBSD 3182 - Fix collapsed_forwarding for non-GET requests 3183 3184Changes to squid-2.6.STABLE10 (4 Mar 2007) 3185 3186 - Upgrade HTTP/0.9 responses to our HTTP version (HTTP/1.0) 3187 - various diskd bugfixes 3188 - In the access.log hierarchy field log the unique peer name 3189 instead of the host name 3190 - unlinkdClose() should be called after (not before) storeDirSync() 3191 - CLEAN_BUF_SZ was defined, but never used anywhere 3192 - logging HTTP-request size 3193 - Fix icmp pinger communication on FreeBSD and other not supporing 3194 large dgram AF_UNIX sockets 3195 - Release objects on swapin failure 3196 - Bug #1787: Objects stuck in cache if origin server clock in future 3197 - Bug #1420: 302 responses with an Expires header is always cached 3198 - Primitive support for HTTP/1.1 chunked encoding, working around 3199 broken servers 3200 - Clean up relations between TCP probing and DNS checks of peers with 3201 no known addresses. 3202 - Fix a minor HTML coding error in ftp directory listings with // in 3203 the path 3204 - Bug #1875, #1420. Cleanup of refresh logics when dealing with 3205 non-refreshable content 3206 - Gopher cleanups and bugfixes 3207 - Negotiate authentication fixed again. Broken since STABLE7 by the 3208 patch for Bug #1792. 3209 - Bug #1892: COSS tries to shut down the same directory twice on exit 3210 - Bug #1908: store*DirRebuildFromSwapLog() ignores some SWAP_LOG_DEL 3211 entries 3212 - Added support for Subversion HTTP request methods MKACTIVITY, 3213 CHECKOUT and MERGE. 3214 3215Changes to squid-2.6.STABLE9 (24 Jan 2007) 3216 3217 - Bug #1878: If-Modified-Since broken in 2.6.STABLE8 3218 - Bug #1877 diskd bug in storeDiskdIOCallback() 3219 3220Changes to squid-2.6.STABLE8 (21 Jan 2007) 3221 3222 - Bug #1873: authenticateNTLMFixErrorHeader: state 4. 3223 - Document the https_port vhost option, useful in combination with 3224 a wildcard certificate 3225 - Document the existence of connection pinning / forwarding of NTLM 3226 auth and a few other features overlooked in the release notes. 3227 - Spelling correction of the ssl cache_peer option 3228 - Add back the optional "accel" http_port option. Makes accelerator 3229 mode configurations easier to read. 3230 - Bug #1872: Date parsing error causing objects to get unexpectedly 3231 cached. 3232 - Cleanup to have the access.log tags autogenerated from enums.h 3233 - Bug #1783: STALE: Entry's timestamp greater than check time. Clock 3234 going backwards? 3235 - Don't update object timestamps on a failed revalidation. 3236 - Fix how ftp://user@host URLs is rendered when Squid is built with 3237 leak checking enabled 3238 3239Changes to squid-2.6.STABLE7 (13 Jan 2007) 3240 3241 - Windows port: Fix intermittent build error using Visual Studio 3242 - Add missing tproxy info from the dump of http port configuration 3243 - Bug #1853: Support for ARP ACL on NetBSD 3244 - clientNatLookup(): fix wrong function name in debug messages 3245 - Convert ncsa_auth man page from DOS to Unix text format. 3246 - Bug #1858: digest_ldap_auth had some remains of old hash format 3247 - Correct the select_loops counter when using select(). Was counted twice 3248 - Clarify the http_port vhost option a bit 3249 - Fix cache-control: max-stale without value or bad value 3250 - Bug #1857: Segmentation fault on certain types of ftp:// requests 3251 - Bug #1848: external_acl crashes with an infinite loop under high load 3252 - Bug #1792: max_user_ip not working with NTLM authentication 3253 - Bug #1865: deny_info redirection with authentication related acls 3254 - Small example on how to use the squid_session helper 3255 - Bug #1863: cache_peer monitorurl, monitorsize and monitorinterval not working properly 3256 - Clarify the transparent http_port option a bit more 3257 - Bug #1828: squid.conf docutemtation error for proxy_auth digest 3258 - Bug #1867: squid.pid isn't removed on shutdown 3259 3260Changes to squid-2.6.STABLE6 (12 Dec 2006) 3261 3262 - Bug #1817: Assertion failure assert(buflen >= copy_sz) in htcp.c htcpBuildAuth() 3263 - Add client source port logformat tag >p 3264 - Cleanup of transparent & accelerator mode request parsing to untangle the firewall dependencies a bit 3265 - Bug #1799: Harmless 1 byte buffer overflow on long host names in /etc/hosts 3266 - automake no longer recommends mkinstalldirs. Removed. 3267 - Only use crypt() if it's available, allowing ncsa_auth to be built 3268 on platofms without crypt() support. 3269 - Windows port documentation updates 3270 - Bug #1818: Assertion failure assert(e->swap_dirn >= 0) in fs/coss/store_dir_coss.c storeCoss_DeleteStoreEntry 3271 - Bug #1117: assertion failed: aufs/store_dir_aufs.c:642: "rb->flags.need_to_validate" 3272 - Remove extra newline in redirect message sent by deny_info http://... aclname 3273 - Bug #1805: assertion failed: StatHist.c:195: "D[i] >= 0" 3274 - Clarify the external_acl_type helper format specification and some defaults 3275 - Add support for the weight= parameter to round-robin peers 3276 - Bug #1832: Error building squid-2.6.STABLE5 using --enable-truncate 3277 - Convert snmpDebugOid to use a temporary String object instead of strcat 3278 - Document that proxy_auth also accepts -i for case-insensitive operation 3279 - Remove malloc/free of temporary buffer in time parsing routines. 3280 - Reduce memory allocator pressure by not continually allocating client-side read buffers 3281 - Accept large dates >2^31 on 64-bit platformst. Seen for example in the Google logo. 3282 - Convert the connStateData->chr single link list to a normal dlink_list for clarity. 3283 - Bug #1584: Unable to register with multiple WCCP2 routers 3284 - Fix the WCCPv2 mask assignment code to not crash as the value assignments are built. 3285 - Bug #439: Multicast ICP peering is unstable and considers most peers dead 3286 - Bug #1801: NTLM authentication ends up in a loop if the server responds with a retriable error 3287 - Bug #1839: Cosmetic debug message cleanup in peerHandleHtcpReply. 3288 - Bug #1840: Disable digest and netdb queries to multicast peers 3289 - Bug #1641: assertion failed: stmem.c:149: "size > 0" while processing certain Vary objects 3290 - Fix build errors when using latest MinGW Windows environment 3291 3292Changes to squid-2.6.STABLE5 (3 Now 2006) 3293 3294 - Bug #1776: 2.6.STABLE4 aufs fails to compile if coss isn't enabled 3295 - COSS improvements and cleanups 3296 - SNMP linking issue resolved, enabling SNMP support to be build in all platforms 3297 - Bug #1784: access_log syslog results in blanks syslog lines between every entry 3298 - Bug #1719: Incorrect error message on invalid cache_peer specifications 3299 - Bug #1785: Memory leak in handling of negatively cached objects 3300 - Bug #1780: Incorrect Vary processing in combination with collapsed_forwarding 3301 - Bug #1782: Memory leak in ncsa_auth on password changes 3302 - Suppress some annoying coss startup messages raising the debug level to 2. 3303 - Clarify the external_acl_helper concurrency= change. 3304 - aioDone() could be called twice from aufs and from coss (when using AIOPS) during shutdown. 3305 - Bug #1794: Accept 00:00-24:00 as a valid time specification even if redundand and the same as 00:00-23:59 3306 - Bug #1795: Theoretical memory leak in storeSetPublicKey 3307 - Removing port 563 from the default SSL_ports and Safe_ports ACLs 3308 - Bug #1724: Automatically enable Linux Netfilter support with --enable-linux-tproxy. 3309 - Bug #1800: squid -k reconfigure crash when using req/rep_header acls 3310 - Clarify the select/poll/kqueue/epoll configure --enable/disable options 3311 - Bug #1779: Delay pools fairness when multiple connections compete for bandwidth 3312 - Bug #1802: Crash on exit in certain conditions where cache.log is not writeable 3313 - Bug #1796: Assertion error HttpHeader.c:914: "str" 3314 - Bug #1790: Crash on wccp2 + mask assignement + standard wccp service 3315 - Silence harmless gcc compile warning. 3316 - Clean up poll memory on shutdown 3317 - Ported select, poll and win32 to new comm event framework 3318 - Windows port: Correctly identify Windows Vista and Windows Server Longhorn 3319 - Added a basic comm_select_simple comm loop only requiring minimal POSIX compliance. 3320 - Safeguard from kb_t counter overflows on 32-bit platforms 3321 3322Changes to squid-2.6.STABLE4 (23 Sep 2006) 3323 3324 - Bug #1736: Missing Italian translation of ERR_TOO_BIG error page 3325 - Windows port enhancement: added native exception handler with signal emulation 3326 - Fix the %un log_format tag again. Got broken in 2.6.STABLE2 3327 - Fix Squid crash when using %a in ERR_INVALID_REQ and ERR_INVALID_URL error messages. 3328 - Bug #212: variable %i always 0.0.0.0 in many error pages 3329 - Bug #1708: Ports in ACL accepts characters and out of range 3330 - Bug #1706: Squid time acl accepts invalid time range. 3331 - Fix another harmless fake_auth compiler warning on gcc 4.1.1 x86 3332 - Fix an harmless snmp_core.c compiler warning on gcc 4.1.1 x86 3333 - Bug #1744: squid-2.6.STABLE3 - fakeauth_auth crashing on certain requests 3334 - Bug #1746: Harmless off by one overrun in ncsa_auth md5 password validation 3335 - Bug #1598: start_announce cannot be disabled 3336 - Periodically flush cache.log to disk when "buffered_logs on" is set 3337 - Numerous COSS improvements and fixes 3338 - Windows port: merge of MinGW support 3339 - Windows port: Merged Windows threads support into aufs 3340 - Bug #1759: Windows port cachemgr.cgi attempts to write to file system root directory 3341 - Numerous portability fixes 3342 - Various minor statistics cleanup on 64-bit hosts with more than 4GB of memory 3343 - Bug #1758: HEAD on ftp:// URLs always returned 200 OK. 3344 - Bug #1760: FTP related memory leak 3345 - Bug #1770: WCCP2 weighted assignment 3346 - Bug #1768: Redundant DNS PTR lookups 3347 - Bug #1696: Add support for wccpv2 mask assignment 3348 - Bug #1774: ncsa_auth support for cramfs timestamps 3349 - Bug #1769: near-hit and filedescriptor usage missing in SNMP MIB 3350 - Bug #1725: cache_peer login=PASS documentation somewhat confusing 3351 - Bug #1590: Silence those ETag loop warnings 3352 - Bug #1740: Squid crashes on certain malformed HTTP responses 3353 - Bug #1699: assertion failed: authenticate.c:836: "auth_user_request != NULL" 3354 - Improve error reporting on unexpected CONNECT requests in accelerator mode 3355 - Cosmetic change to increase cache.log detail level on invalid requests 3356 - Bug #1229: http_port and other directives accept invalid ports 3357 - Reject http_port specifications using both transparent and accelerator options 3358 - Cosmetic cleanup to not dump stacktraces on configuration errors 3359 3360 3361Changes to squid-2.6.STABLE3 (18 Aug 2006) 3362 3363 - Bug #1577: assertion failed "fm->max_n_files <= (1 << 24)" on 3364 very large cache_dir. Limit number of objects stored to slightly 3365 less to avoid this. 3366 - Bug #1705: Correct error message on invalid time weekday specification 3367 - Don't attempt to guess netmask in src/dst acl specifications 3368 if none was provided. Assume it's an IP even if it ends in 0 3369 - Bug #1665: log_format %ue, %us tags for external or ssl user id 3370 - Bug #1707: delay pools often ignored the set limit 3371 - Bug #1716: Support for recent OpenSSL 0.9.7 versions 3372 (0.9.8 always worked) 3373 - COSS fixes and performance improvements 3374 - Memory leak when reading configuration files with overlapping 3375 ACL data where squid -k parse complains. 3376 - Memory leak related to pinned connections 3377 - Show include acls unexpanded in cachemgr configuration dumps 3378 - Fixed WARNING defer handler for HTTP Socket does not call commDeferFD 3379 - Bug #1304: Downloads may hang when using the cache_dir max-size option 3380 - Optimization of network I/O 3381 - Bug #1730: make problem with --enable-follow-x-forwarded-for on Solaris 3382 - Fixed a memory leak on certain invalid requests 3383 - Bug #1733: ERR_CANNOT_FORWARD Portuguese translation update 3384 - Bug #582: ntlm fake_auth not handles non-ascii login names 3385 - New startup message indicating the type of event loop used 3386 - Bug #1602: TCP fallback on truncated DNS responses 3387 - Bug #1667: assertion failed: store.c:1081: "e->store_status == STORE_PENDING" 3388 - Bug #1723: cachemgr now works in accelerator mode 3389 3390Changes to squid-2.6.STABLE2 (31 Jul 2006) 3391 3392 - WCCP2 doesn't update statCounter.syscalls.sock.sendtos counter. 3393 - Releasenotes Table of contents should use relative links without 3394 filename. 3395 - Reject HTTP/0.9 formatted CONNECT requests. 3396 - Cosmetic cleanup to use safe_free instead of xfree + manual 3397 assign to NULL 3398 - Bug #1650: transparent interception "Unable to forward this 3399 request at this time" 3400 - Bug #1658: Memory corruption when using client-side SSL certificates 3401 - Add storeRecycle; a storeIO method to delete a StoreEntry w/out 3402 deleting the underlying object. 3403 - Many COSS fixes and new coss data dumper utility for diagnostics 3404 - Bug #1669: SEGV in storeAddVaryReadOld 3405 - Many fixes in debug sections and spelling of debug messages 3406 - Don't keep client connection persistent if there was a mismatch in 3407 the response size. 3408 - Move eventCleanup debug messages to debug level 2 (was 0) 3409 - Add the missing concurrency parameters to basic and digest auth 3410 schemes 3411 - Bug #1670: assertion failure: i->prefix_size > 0 in client_side.c:2509 3412 - Log SSL user id in the custom log User name format (%un) 3413 - Bug #1653: Username info not logged into Cachemgr active_requests 3414 statistics 3415 - Added to the redirectors interface the support for SSL client 3416 certificate 3417 - squid.conf.sample cleanup to remove references to old options 3418 - Fix many filedescriptors in combination with TPROXY 3419 - Fix connection pinning in transparently intercepted connections 3420 - Bug #1679: LDFLAGS not honored in some programs. 3421 - Minor cleanup of port numbers in transparent interception or 3422 vhost + vport 3423 - Bug #1671: transparent interception fails with FreeBSD ipfw or 3424 Linux-2.2 ipchains 3425 - Bug #1660: Accept-Encoding related memory corruption 3426 - Bug #1651: Odd results if url_rewriter defined multiple times 3427 - Bug #1655: Squid does not produce coredumps under linux when 3428 started as root 3429 - Bug #1673: cache digests not served to other caches 3430 - Cleanup of Linux capability code used by tproxy 3431 - Bug #1684: xstrdup: tried to dup a NULL pointer! 3432 - Bug #1668: unchecked vsnprintf() return code could lead to log 3433 corruption 3434 - Bug #1688: Assertion failure in HttpHeader.c in some header_access 3435 configurations 3436 - Cygwin support fir --disable-internal-dns 3437 - Silence those annoying sslReadServer: Connection reset by peer 3438 errors. 3439 - Bug #1693: persistent connections broken in transparent 3440 interception mode 3441 - Bug #1691: multicast peering issues 3442 - Bug #1696: Correct WCCP2 processing of router capability info 3443 segments 3444 - Bug #1694: Assertion failure in mgr:config if using 3445 access_log_format %<h 3446 - Bug #1677: Duplicate etags in the If-None-Match header 3447 - Bug #1665: access_log_format codes for login names from external 3448 acl or ssl 3449 - Bug #1681: All ntlmauthenticator processes are busy 3450 - Added ARP acl support for OpenBSD and ARP fixes for Windows 3451 - Bug #1700: WCCP fails on FreeBSD (Unable to disconnect WCCP out 3452 socket) 3453 - WCCP2 correct dampening of assign buckets when there it lots of 3454 changes 3455 - minimum_expiry_time to tune the magic 60 seconds limit of what 3456 is considered cachable when the object doesn't have any cache 3457 validators. 3458 - Bug #1703: wrong path to diskd helper corrected, and config 3459 parser extended to trap incorrect paths early 3460 - Bug #1703: COSS failed to initialize async-io threads 3461 - Bug #1703: should abort if diskd helper exits unexpectedly 3462 - Bug #1702: Warn if acl name is too long 3463 - Bug #1685: Crashes or other odd results after storeSwapMetaUnpack: errors 3464 - wccp2_rebuild_wait directive to delay registering with WCCP until the 3465 - Bug #1662: Infinite loop in external acl with grace period if the 3466 same http_access line had multiple external acls 3467 3468Changes to squid-2.6.STABLE1 (1 Jul 2006) 3469 3470 - New --enable-default-hostsfile configure option 3471 - Added username info to active_requests cachemgr stats 3472 - Modified squid MIB to incorporate squid.conf visible_hostname 3473 - Added multi-line capability in squid.conf 3474 - Added new httpd_suppress_version_string configuration directive 3475 - WCCPv2 support 3476 - Negotiate authentication scheme support 3477 - NTLM authentication scheme rewritten 3478 - Customizable access log formats 3479 - Selective access logging 3480 - Access logging via syslog 3481 - Reverse proxy enhancements, with new cache_peer based forwarding 3482 model. 3483 - LDAP based Digest helper (Note: not true LDAP integration, just using 3484 LDAP for storage of the Digest hashes) 3485 - Improved helper communication protocol 3486 - External ACL improvements. %PATH, log=, grace=, and more.. 3487 - Improved SSL support with hardware offload, client certificate 3488 support (primitive), chained certificates and numerous bug fixes 3489 - DNS lookups now use the search path from /etc/resolv.conf or 3490 the Windows registry 3491 - Linux epoll support 3492 - collapsed forwarding to optimize reverse proxies or other 3493 setups having very many clients going to the same URL 3494 - New improved COSS implementation 3495 - Optional support for blank passwords 3496 - The old and obsolete Samba-2.2.X winbind helpers have been removed 3497 - external acls now uses the simplified URL-escaped protol "3.0" by 3498 default. 3499 - Linux TPROXY support 3500 - Support for proxying of Microsoft Integrated Login by adding 3501 support for the deviations from the HTTP protocol required 3502 to support these authentication mechanisms 3503 - Added the capability to run as a Windows service under Cygwin 3504 - CARP now plays well with the other peering algorithms 3505 - read_ahead_gap option to read ahead more than 16KB of the reply 3506 - check_hostnames and allow_underscore squid.conf options 3507 - http_port is now optional, allowing for SSL only operation 3508 - Full ETag/Vary support, caching responses which varies with 3509 request details (browser, language etc). 3510 - umask now defaults to 027 to protect the content of cache and 3511 log files from local users 3512 - HTCP support for access control and the CRL operation for 3513 purgeing of cache content 3514 - Optionally follow X-Forwarded-For headers to determine the original 3515 client IP behind sedond level proxies 3516 - FreeBSD kqueue support 3517 3518Changes to squid-2.5.STABLE14 (20 May 2006) 3519 - [Minor] icons not displayed when visible_hostname is a 3520 short hostname (without domain). (Bug #1532) 3521 - [Medium] Memleak in HTCP client code (default disabled) 3522 (Bug #1553) 3523 - [Major] memory leak in ident processing (Bug #1557) 3524 - [Medium] Memory leak in header processing related to external_acl 3525 header detail format tag (Bug #1564) 3526 3527Changes to squid-2.5.STABLE13 (12 Mar 2006) 3528 - [Minor] Fails to compile on Solaris and some other platforms 3529 with undefined reference to setenv (Bug #1435) 3530 - [Cosmetic] Added WebDAV REPORT method to know HTTP methods list 3531 - [Minor] Squid ntlm_auth (not the Samba provided one) giving 3532 odd results if --enable-ntlm-fail-open is used (Bug #1022) 3533 - [Minor] wbinfo_group.pl doesn't work with Samba 3.0.21 and later 3534 (Bug #1472) 3535 - [Minor] Squid crash when asyncio function counters url accessed 3536 from Cachemgr CGI (Bug #1464) 3537 - [Cosmetic] Linux compile warning about prctl called with too few 3538 arguments (Bug #1483) 3539 - [Minor] Wrong timezone declaration for 64 bit Irix (Bug #1479) 3540 - [Minor] Some 206 responses logged incorrectly (Bug #1511) 3541 - [Minor] Issues in processing ranges on objects >2GB (Bug #437) 3542 - [Cosmetic] Segmentation fault on empty proxy_auth ACLs (Bug #1414) 3543 - [Minor] Ident access lists don't work in delay_access statements 3544 (Bug #1428) 3545 - [Minor] Some clients support NTLM even if not initially negotiating 3546 persistent connections (Bug #1447) 3547 - [Medium] 504 Gateway Time-out on FTP uploads (Bug #1459) 3548 - [Medium] delay pools given too much bandwidht after "-k reconfigure" 3549 (Bug #1481) 3550 - [Cosmetic] New persistent_connection_after_error configuration 3551 directive (Bug #1482) 3552 - [Cosmetic] Hangs at 100% CPU if /dev/null is not accessible (Bug 3553 #1484) 3554 - [Minor] Fails to compile on Fedora Core 5 test 2 x86_64 (Bug #1492) 3555 - [Cosmetic] Typo in ftp.c (Bug #1507) 3556 - [Cosmetic] Error in FTP listings of files with -> in their name 3557 (Bug #1508) 3558 - [Cosmetic] With Squid-2.5 there is no more the DUPLICATE IP logging 3559 in cache.log (Bug #779) 3560 - [Minor] Fails to process long host names (Bug #1434) 3561 - [Cosmetic] Azerbaijani errors translation (Bug #1454) 3562 - [Cosmetic] misleading error message message for bad/unresolveable 3563 cache_peer name (Bug #1504) 3564 - [Cosmetic] confusing statistics on stateful helpers (NTLM auth) 3565 (Bug #1506) 3566 - [Major] connstate memory leak (Bug #1522) 3567 3568Changes to squid-2.5.STABLE12 (22 Oct 2005) 3569 3570 - [Major] Error introduced in 2.5.STABLE11 causing truncated responses 3571 when using delay pools (Bug #1405) 3572 - [Cosmetic] Document that tcp_outgoing_* works badly in combination 3573 with server_persistent_connections (Bug #454) 3574 - [Cosmetic] Add additinal tracing to squid_ldap_auth making 3575 diagnostics easier on squid_ldap_auth configuration errors 3576 (Bug #1395) 3577 - [Minor] $HOME not set when started as root (Bug #1401) 3578 - [Minor] httpd_accel_single_host breaks in combination with 3579 server_persistent_connections (Bug #1402) 3580 - [Cosmetic] Setting CACHE_HTTP_PORT to configure was only partially 3581 implemented, effectively ignored. (Bug #1403) 3582 - [Minor] CNAME based DNS addresses could get cached for longer 3583 than intended (Bug #1404) 3584 - [Minor] Incorrect handling of squid-internal-dynamic/netdb exchanges 3585 in transparently intercepting proxies (Bug #1410). 3586 - [Minor] Cache revalidations on HEAD requests causing poor cache 3587 hit ratio (Bug #1411). 3588 - [Minor] Not possible to send 302 redirects via a redirector in 3589 response to CONNECT requests (bug #1412) 3590 - [Minor] Incorrect handling of Set-Cookie on cache refreshes (Bug 3591 #1419) 3592 - [Major] Segmentation fault crash in rfc1738_do_escape (Bug #1426) 3593 - [Minor] Delay pools class 3 fails on clients in network 255 3594 (Bug #1431) 3595 3596Changes to squid-2.5.STABLE11 (22 Sep 2005) 3597 3598 - [Minor] Workaround for servers sending double content-length headers 3599 (Bug #1305) 3600 - [Cosmetic] Updated Spanish error messages by Nicolas Ruiz 3601 - [Cosmetic] Date header corrected on internal objects (icons etc) 3602 (Bug #1275) 3603 - [Minor] squid -k fails in combination with chroot after patch for 3604 bug 1157 (Bug #1307) 3605 - [Cosmetic] Segmentation fault if compiled with 3606 --enable-ipf-transparent but denied access to the NAT device. 3607 (Bug #1313) 3608 - [Minor] httpd_accel_signle_host incompatible with redireection 3609 (Bug #1314) 3610 - [Minor] squid -k reconfigure internal corruption if the type of 3611 a cache_dir is changed (Bug #1308) 3612 - [Minor] SNMP GETNEXT fails if the given OID is outside the Squid MIB 3613 (Bug #1317) 3614 - [Minor] Title in FTP listings somewhat messed up after previous 3615 patch for bug 1220 (Bug #1220) 3616 - [Minor] FTP listings uses "BASE HREF" much more than it needs to, 3617 confusing authentication. (Bug #1204) 3618 - [Minor] winfo_group.pl only looked for the first group if multiple 3619 groups were defined in the same acl. (Bug #1333) 3620 - [Cosmetic] Compiler warnings on some 64-bit platforms (Bug #1316) 3621 - [Cosmetic] Removed some debug output from wb_ntlm_atuh (Bug #518) 3622 - [Cosmetic] The new --with-build-environment=... option doesn't work 3623 - [Cosmetic] New 'mail_program' configuration option in squid.conf 3624 - [Minor] Fails to compile with ip-filter and ARP support on Solaris 3625 x86 (Bug #199) 3626 - [Major] Segmentation fault in sslConnectTimeout (Bug #1355) 3627 - [Medium] assertion failed in StatHist.c:93 (Bug #1325) 3628 - [Minor] More chroot_dir and squid -k reconfigure issues (Bug #1331) 3629 - [Cosmetic] Invalid URLs in error messages when failing to connect 3630 to peer, and a few other inconsistent error messages (Bug #1342) 3631 - [Cosmetic] Fails to compile with glibc -D_FORTIFY_SOURCE=2 3632 (Bug #1344) 3633 - [Minor] Some odd FTP servers respond with 250 where 226 is expected 3634 (Bug #1348) 3635 - [Cosmetic] Greek translation of error messages (Bug #1351) 3636 - [Major] Assertion failed store_status == STORE_PENDING (Bug #1368) 3637 - [Minor] squid_ldap_auth -U does not work (Bug #1370) 3638 - [Minor] SNMP cacheClientTable fails on "long" IP addresses 3639 (Bug #1375) 3640 - [Minor] Solaris Sparc + IP-Filter compile error (Bug #1374) 3641 - [Minor] E-mail sent when cache dies is blocked from many antispam 3642 rules (Bug #1380) 3643 - [Minor] LDAP helpers does not work with TLS (-Z option) (Bug #1389) 3644 - [Cosmetic] Incorrect store dir selection debug message on objects 3645 larger than 2Gigabyte (Bug #1343) 3646 - [Cosmetic] header_id enum misused as an signed integer (Bug #1343) 3647 - [Cosmetic] Allow leaving core dumps when started as root (Bug #1335) 3648 - [Medium] Clients could bypass delay_pool settings by faking a cache 3649 hit request (Bug #500) 3650 - [Minor] IP-Filter 4.X support (Bug #1378) 3651 - [Medium] Odd results on pipelined CONNECT requests 3652 - [Major] Squid crashing with "FATAL: Incorrect scheme in auth header" 3653 when using NTLM authentication. 3654 - [Cosmetic] Odd results when pipeline_prefetch is combined with NTLM 3655 authentication (bug #1396) 3656 - [Minor] invalid host was processed as IP 255.255.255.255 in dst acl 3657 (Bug #1394) 3658 - [Cosmetic] New --with-maxfd=N configure option to override build 3659 time filedescriptor limit test 3660 - [Minor] Added support for Windows code name "Longhorn" on Cygwin. 3661 3662Changes to squid-2.5.STABLE10 (17 May 2005) 3663 3664 - [Minor Security] Fix race condition in relation to old Netscape 3665 Set-Cookie specifications 3666 - [Minor] Fails to parse D.J. Bernstein's FTP EPLF ftp listing 3667 format and PASV resposes (Bug #1252) 3668 - [Medium] BASE HREF missing on ftp directory URLs without / 3669 (Bug #1253) 3670 - [Minor security] confusing http_access results on configuration 3671 error (Bug #1255) 3672 - [Cosmetic] More robust Date parser (Bug #321) 3673 - [Minor] reload_with_ims fails to refresh negatively cached objects 3674 (Bug #1159) 3675 - [Cosmetic] delay_access description clarification (Bug #1245) 3676 - [Cosmetic] Check for integer overflow in size specifications in 3677 squid.conf (Bug #1247) 3678 - [Cosmetic] bzero is a non-standard function not available on all 3679 platforms (Bug #1256) 3680 - [Cosmetic] Compiler warnings if pid_t is not an int (Bug #1257) 3681 - [Cosmetic] Incorrect use of ctype functions (Bug #1259) 3682 - [Cosmetic] Defer digest fetch if the peer is not allowed to be used 3683 (Bug #1261) 3684 - [Minor] Duplicate content-length headers logged incorrectly or 3685 not cleaned up properly (Bug #1262) 3686 - [Cosmetic] Extend relaxed_header_parser to work around "excess 3687 data from" errors from many major web servers. (Bug #1265) 3688 - [Minor] Add HTTP headers to a netdb error messages 3689 - [Minor] Multiple minor aufs issues (Bug #671) 3690 - [Minor] Basic authentication fails with very long logins or 3691 password (Bug #1171) 3692 - [Minor] CONNECT requests truncated if client side disconnects first 3693 (Bug #1269) 3694 - [Minor] --disable-hostname-checks configure option did not work 3695 - [Cosmetic] LDAP helpers adjusted to compile with SUN LDAP SDK 3696 - [Cosmetic] aufs warning about open event filedescriptors on shutdown 3697 - [Medium] Failed to process requests for files larger than 2GB in size 3698 - [Cosmetic] rename() related cleanup 3699 - [Cosmetic] New cachemgr pending_objects and client_objects actions 3700 - [Cosmetic] external acls requiring authentication did not request 3701 new credentials on access denials like proxy_auth does. 3702 - [Cosmetic] Syslog facility now configurable via command line options. 3703 - [Cosmetic] New %a error page template code expanding into the 3704 authenticated user name. (Bug #798) 3705 - [Minor] IP-Filter 4.0 support in --enable-ipf-transparent 3706 - [Minor] Support interception of multiple ports 3707 - [Cosmetic] Allow "squid -k ..." to run even if the local hostname 3708 can not be determined (Bug #1196) 3709 - [Cosmetic] Configuration file parser now handles DOS/Windows formatted 3710 configuration files with CRLF lineendings proper. 3711 - [Minor] Unrecognized Cache-Control directives now forwarded properly 3712 (Bug #414) 3713 - [Minor] Authentication helpers now returns useable information 3714 in the %m error page macro on failed authentication (Bug #1223) 3715 - [Minor] pid file management corrected in chroot use (Bug #1157) 3716 - [Minor Security] Fix for CVE-1999-0710: cachemgr malicouse use. 3717 cachemgr.cgi now reads a config file telling which proxy servers 3718 it can administer. 3719 - [Minor] aufs statistics improvements 3720 - [Minor] SNMP bugfixes and support for SNMPv2(c) (Bug #1288, #1299) 3721 - [Minor] ARP acl documentation and cachemgr config dump corrections 3722 - [Minor] dstdomain/dstdom_regex acls now allow matching of numeric 3723 hostnames in addition to the reverse lookup of the domain name. 3724 - [Security] Internal DNS client hardened against spoofing 3725 3726Changes to squid-2.5.STABLE9 (24 Feb 2005) 3727 3728 - [Medium] Don't retry requests on 403 errors (Bug #1210) 3729 - [Minor] Ignore invalid FQDN DNS responses (Bug #1222) 3730 - [Minor] cache_peer related memory leaks on reconfigure (Bug #1246) 3731 - [Cosmetic] Adjusted to build cleanly with GCC-4 (Bug #1211) 3732 - [Minor] relaxed_header_parser extended to work around even more 3733 broken web servers (Bug #1242) 3734 - [Minor] FTP gatewaying URLs cleaned up slightly, mainly to work 3735 better with Mozilla but also to improve security slightly on 3736 non-anonymous FTP. 3737 - [Minor] High characters allowed un-encoded in FTP and Gopher 3738 listings to allow the user-agent to display data in non-iso8859-1 3739 charsets. (Bug #1220) 3740 - [Cosmetic] format fixes to silence compiler warnings on many 3741 platforms. 3742 - [Major] Assertion failures on certain odd DNS responses (Bug #1234) 3743 3744Changes to squid-2.5.STABLE8 (11 Feb 2005) 3745 3746 - [Minor] 100% CPU usage on half-closed PUT/POST requests (Bug #354, 3747 #1096) 3748 - [Cosmetic] Document -v (protocol version) option to LDAP helpers 3749 - [Minor] The new req_header and resp_header acls segfaults 3750 immediately on parse of squid.conf (Bug #961) 3751 - [Minor] Failure to shut down busy helpers on -k rotate/reconfigure 3752 (Bug #1118) 3753 - [Minor] Don't use O_NONBLOCK on disk files. (Bug #1102) 3754 - [Minor] Squid fails to close TCP connection after blank HTTP 3755 response (Bug #1116) 3756 - [Minor security] Random error messages in response to malformed 3757 host name (Bug #1143) 3758 - [Minor] PURGE should not be able to delete internal objects 3759 (Bug #1112) 3760 - [Minor] httpd_accel_port 0 (virtual) not working correctly (Bug 3761 #1121) 3762 - [Minor] cachemgr vm_objects segfault (Bug #1149) 3763 - [Minor security] Confusing results on empty acl declarations (Bug 3764 #1166) 3765 - [Minor] Don't close all "other" filedescriptors on startup (Bug 3766 #1177) 3767 - [Minor] fakeauth_auth memory leak and NULL pointer access (Bug 3768 #1183) 3769 - [Security] buffer overflow bug in gopherToHTML() (Bug #1189) 3770 - [Medium security] Denial of service with forged WCCP messages 3771 (Bug #1190) 3772 - [Minor] DNS related memory leak on certain malformed DNS responses 3773 (Bug #1197) 3774 - [Minor] Internal DNS sometimes truncates host names in reverse 3775 (PTR) lookups (Bug #1136) 3776 - [Minor Security] Add sanity checks on LDAP user names (Bug #1187) 3777 - [Security] Harden Squid against HTTP request smuggling attacks 3778 - [Minor] Icon URLs fails in non-anonymous FTP directory listings is 3779 short_icon_urls is on (Bug #1203) 3780 - [Security] Harden Squid against HTTP response splitting attacks 3781 (Bug #1200) 3782 - [Medium security] Buffer overflow in WCCP recvfrom() call 3783 (Bug #1217) 3784 - [Security] Properly handle oversized reply headers (Bug #1216) 3785 - [Minor] LDAP helpers search fixed to properly ask for no attributes 3786 - [Minor] A sporadic segmentation fault when using ntlm authentication 3787 fixed (Bug #1127) 3788 - [Major] Segmentation fault on failed PUT/POST requests (Bug #1224) 3789 - [Medium] Persistent connection mismatch on failed PUT/POST request 3790 (Bug #1122) 3791 - [Minor] WCCP easily disturbed by forged packets (Bug #1225) 3792 - [Minor] Password management in ftp:// gatewaying improved (Bug #1226) 3793 - [Major] HTTP reply data corruption in certain situations involving 3794 reply headers split over multiple packets (Bug #1233) 3795 3796Changes to squid-2.5.STABLE7 (11 Oct 2004) 3797 3798 - [Medium] No objects cached in ufs cache_dir type in some 3799 configurations. Issue introduced in 2.5.STABLE6 by the patch for 3800 Bug #676. (Bug #1011) 3801 - [Minor] LDAP helpers update to correct LDAP connection management 3802 and add support for literal password compare instead of binding 3803 - [Minor] A large number of queued DNS lookups for the same domain 3804 (Bug #852) 3805 - [Cosmetic] request_header_max_size configuration partly ignored 3806 (Bug #899) 3807 - [Minor] Partial hit results in TCP_HIT, not TCP_MISS. (Bug #1001) 3808 - [Cosmetic] HEAD requests may return stale information 3809 (Bug #1012) 3810 - [Cosmetic] Warn if cache_dir ufs can not create files. (Bug #918) 3811 - [Minor] case insensitive authentication (Bug #431) 3812 - [Cosmetic] Add delay pools information to active_requests. (Bug 3813 #882) 3814 - [Minor] Apparent memory leak in client_db (Bug #833) 3815 - [Minor] NTLM authentication truncated causing failures. (Bug 3816 #1016) 3817 - [Cosmetic] Grammatical corrections in squid.conf.sample 3818 - [Cosmetic] Unknown %X errorpage codes incorrectly quoted. (Bug 3819 #1030) 3820 - [Medium] Segfaults and other strange crashes when using heap 3821 policies. (Bug #1009) 3822 - [Minor] Supplementary group memberships not set (Bug #1021) 3823 - [Cosmetic] ERR_TOO_BIG Portuguese translation 3824 - [Minor] external_acl does not handle newlines (Bug #1038) 3825 - [Major] NTLM authentication denial of service when using msnt_auth 3826 or fake_auth (Bug #1045) 3827 - [Medium] Memory leaks when using NTLM authentication without 3828 challenge reuse. (Bug #994) 3829 - [Minor] Temporary NTLM memory leak with challenge reuse enabled 3830 (Bug #910) 3831 - [Minor] assertion failed: "n_ufs_dirs <= 3832 Config.cacheSwap.n_configured". (Bug #1053) 3833 - [Minor] Segfault in authenticateDigestHandleReply. (Bug #1031) 3834 - [Minor] acl time fails to parse multiple time specifications 3835 (Bug #1060) 3836 - [Minor] cachemgr config dumps mixed up Range and Request-Range 3837 headers in http_header_access & replace directives. (Bug #1056) 3838 - [Minor] Content-Disposition added as a well known header (Bug #961) 3839 - [Cosmetic] Don't warn about arp acls not being supported on FreeBSD 3840 (Bug #1074) 3841 - [Cosmetic] Limit internal send/receive buffer sizes (Bug #1075) 3842 - [Medium] New acl types to match arbitrary HTTP headers. In addition 3843 the http_header_access & replace directives now support arbitrary 3844 headers and not only the well known ones. (Bug #961) 3845 - [Cosmetic] ncsa_auth now accepts Window formatted password files 3846 (Bug #1078) 3847 - [Cosmetic] Support the --program-prefix/suffix options or other 3848 configure program name transforms (Bug #1019) 3849 - [Minor] Fix race condition in CONNECT and also handle aborts of 3850 CONNECT requests in a more graceful manner. (Bug #859) 3851 - [Minor] New balance_on_multiple_ip directive to work around certain 3852 broken load balancers and optimized ipcache on reload requests 3853 (Bug #1058) 3854 - [Medium] New reply_header_max_size directive 3855 (Bug #874) 3856 - [Minor] Suspected instability on aborted PUT/POST requests 3857 (Bug #1089) 3858 - [Security] SNMP Denial of Service fix (CAN-2004-0918) 3859 3860Changes to squid-2.5.STABLE6 (9 Jul 2004) 3861 3862 - Bug #937: NTLM assertion error "srv->flags.reserved" 3863 - Bug #935: squid_ldap_auth can be confused by the use of reserved 3864 characters 3865 - Helper queue warnings imprecise on the number of helpers required 3866 - squid_ldap_auth TLS mode works correctly again 3867 - Bug #940, #305: pkg-config support for finding correct OpenSSL 3868 compile flags 3869 - Bug #426: "Vary: *" is ignored 3870 - 100% CPU usage on Linux-2.2 3871 - Version number should not include -CVS if autoconf is run 3872 - Bug #947: deny_info redirection with requested URL escaped wrongly 3873 - Bug #495: CONNECT timeout should produce a 504 or 503 3874 - Bug #956: cache_swap_log documentation referred to swap.state by 3875 it's old swap.log name 3876 - ntlm/auth_ntlm.c(683): warning #187: use of "=" where "==" may 3877 have been intended 3878 - Bug #962: rfc1035NameUnpack: Assertion (*off) < sz failed 3879 - Bug #954: Segment violation when using a blank user name in digest 3880 authentication 3881 - Bug #943: assertion failed: errorpage.c:292: "mem->inmem_hi == 0" 3882 - Spelling corrections in configure and squid.conf.sample 3883 - The meaning of ERR in digest helper protocol clarified in the 3884 squid.conf documentation 3885 - Bug #950: Spelling error in Turkish ERR_DNS_FAIL 3886 - Bug #616: Negative cached 404 replies with VARY header never matched 3887 - Bug #968: range_offset_limit -1 KB rejected as invalid syntax 3888 due to a shortcoming in the fix to bug #817 3889 - Bug #570: Very large cache_mem values reported wrongly in cache.log 3890 - Bug #676: store_dir_select_algorithm least-load doesn't work for 3891 ufs cache_dir type 3892 - Bug #946: cacheCurrentUnlinkRequests should be a counter, not gauge 3893 - Bug #948: Show client ip in cache.log debug output 3894 - Bug #960: compilation issue on OpenBSD/m88k 3895 - Bug #969: FTP directory listing HTML DOCTYPE misread by some tools 3896 - Bug #991: dns_servers should default to localhost if no resolv.conf 3897 - Bug #717: msnt_auth documentation update 3898 - Bug #753: Segfault in memBufVPrintf on certain architectures 3899 requiring va_copy 3900 - Bug #941: Negative size in access.log on long running CONNECT 3901 requests 3902 - Bug #972: Segmentation fault after "Likely proxy abuse detected" 3903 - Bug #981: sasl_auth updated to work with SALS2 3904 - Overflow bug in Squid's ntlm_auth helper used for transparent NTLM 3905 authentication to a NT domain without using Samba. 3906 3907Changes to squid-2.5.STABLE5 (1 Mar 2004): 3908 3909 - cache.log message on "squid -k reconfigure" was slightly confusing, 3910 claiming Squid restarted when it just reread the configuration. 3911 - Bug #787: digest auth never detects password changes 3912 - Bug #789: login with space confuses redirector helpers 3913 - Bug #791: FQDNcache discards negative responses when using 3914 internal DNS 3915 - pam_auth fails on Solaris when using pam_authtok_get. Persistent 3916 PAM connections are unsafe and now disabled by default. 3917 - auth_param documentation clarifications and added default realm 3918 values making only the helper program a required attribute 3919 - Bug #795: German ERR_DNS_FAIL correction 3920 - Bug #803: Lithuanian error messages update 3921 - Bug #806: Segfault if failing to load error page 3922 - Bug #812: Mozilla/Netscape plugins mime type defined (.xpi) 3923 - Bug #817: maximum_object_size too large causes squid not to cache 3924 - Bug #824: 100% CPU loop if external_acl combined with separate 3925 authentication acl in the same http_access line 3926 - squid_ldap_group updated to version 2.12 with support for ldaps:// 3927 (LDAPv2 over SSL) and a numer of other improvements. 3928 - Bug #799: positive_dns_ttl ignored when using internal DNS. 3929 - Bug #690: Incorrect html on empty Gopher responses 3930 - Bug #729: --enable-arp-acl may give warning about net/route.h 3931 - Bug #14: attempts to establish connection may look like syn flood 3932 attack if the contacted server is refusing connections 3933 - errorpage README files included in the distribution again showing 3934 who contributed which translation 3935 - Bug #848: connect_timeout connect_timeout ends up twice the length. 3936 forward_timeout option added to address this. 3937 - Bug #849: DNS log error messages should report the failed query 3938 - Bug #851: DNS retransmits too often 3939 - Bug #862: Very frequently repeated POST requests may cause a 3940 filedescriptor shortage due to persitent connections building up 3941 - Bug #853: Sporatic segmentation faults on aborted FTP PUT requests 3942 - Bug #571: Need to limit use of persistent connections when 3943 filedescriptor usage is high 3944 - Bug #856: FTP/Gopher Icon URLs are unneededly complex and often 3945 does not work properly 3946 - Bug #860: redirector_access does not handle "slow" acls such as 3947 "dst" or "external" requiring a external lookup. 3948 - Bug #865: Persistent connection usage too high after sudden burst 3949 of traffic. 3950 - Bug #867: cache_peer max-conn=.. option does not work 3951 - Bug #868: refuses to start if pid_filename none is specified 3952 - Bug #887: LDAP helper -Z (TLS) option does not work 3953 - Bug #877: Squid doesn't follow telnet protocol on FTP control 3954 connections 3955 - Bug #908: Random auth popups and account lockouts when using ntlm 3956 - Support for NTLM_NEGOTIATE exchanges with ntlm helpers 3957 - Bug #585: cache_peer_access fails with NTLM authentication 3958 - Bug #592: always/never_direct fails with NTLM authentication 3959 - wbinfo_group update for Samba-3 3960 - Bug #892: helpers/ntlm_auth/SMB/ fails to compile on FreeBSD 5.0 3961 - Bug #924: miss_access restricts internal and cachemgr requests 3962 even if these are local 3963 - Bug #925: auth headers send by squidclient are mildly malformed 3964 - Bug #922: miss_access and delay_access and several other 3965 authentication related bug fixes. 3966 - Bug #909: Added ARP acl support for FreeBSD 3967 - Bug #926: deny_info with http_reply_access or miss_access 3968 - Bug #872: reply_body_max_size problems when using NTLM auth 3969 - Bug #825: random segmentation faults when using digest auth 3970 - Bug #910: Partial fix for temporary memory leaks when using NTLM 3971 auth. There is still problems if challenge reuse is enabled. 3972 - ftp://anonymous@host/ now accepted without requiring a password 3973 - Bug #594: several mime type updates (ftp:// related) 3974 - url_regex enhanced to allow matching of %00 3975 3976Changes to squid-2.5.STABLE4 (15 Sep 2003): 3977 3978 - Lithuanian error messages added to the distribution 3979 - Bug #660: segfauld if more than one custom deny_info line 3980 - cache_dir disd documentation cleanup 3981 - check open of /dev/null to avoid 100% CPU loop in badly 3982 configured chroot environments 3983 - documentation update on uri_whitespace to refer to the correct RFC 3984 - Bug #655: icmpRecv: recv: (11) Resource temporarily unavailable 3985 - Bug #683: external_acl does not wait for ident lookups to complete 3986 - aufs: Fix a minor use-after-free problem which could cause the 3987 count of opening filedescriptors to grow larger than it should 3988 - Syntax changes to make GCC-3.3 accept Squid without complaints 3989 - Warning if CARP server defined in incorrect load factor order 3990 - neighbor_type_domain documentation update 3991 - http_header_access now works when using cache peers 3992 - high_memory_warning now uses sbrk as fallback mechanism on 3993 platforms where neither mallinfo or mstats are available. 3994 - hosts_file now handles comments at the end of lines correcly 3995 - storeCheckCachable() Stats corrected for release_request and 3996 wrong_content_length. 3997 - cachePeerPingsSent MIB type corrected 3998 - unused minimum_retry_timeout directive removed 3999 - Bug #702: ERR_TO_BIG spanish translation 4000 - Bug #705: Memory leak on deny_info TCP_RESET 4001 - Code cleanup to fix compile error in httpHeaderDelById 4002 - Bug #699: Host header now forwarded exactly where it was in the 4003 original request to work around certain broken firewalls or 4004 load balancers which fail if this header is too far into the 4005 request headers. 4006 - Bug #704: Memory leak on reply_body_max_size 4007 - Bug #686: requests denied due to http_reply_access are now 4008 logged with TCP_DENIED (instead of TCP_MISS, etc). 4009 - Bug #708: ie_refresh now sends no-cache to have the reload 4010 request propagate properly in cache meshes 4011 - Bug #700: Crashes related to ftpTimeout: timeout in SENT_PASV state 4012 - Bug #709: cbdata.c:186: "c->valid" assertion due to peer 4013 digest not found 4014 - Bug #710: round-robin cache_dir selection incorrectly 4015 compares max-size. 4016 - Statistics corrections in HTTP header statitics 4017 - QUICKSTART cleanups 4018 - Bug #715: statCounter.syscalls.disk counters treated 4019 inconsistently. Now increment the counters in AUFS 4020 functions and for unlinkd. 4021 - Improvements to the (experimental) COSS storage scheme. 4022 - Bug #721: User name field in access.log sometimes blank 4023 - Bug #94: assertion failed: http.c: "-1 == cfd || 4024 FD_SOCKET == fd_table[cfd].type" 4025 - Bug #716: assertion failed: client_side.c:1478: "size > 0" 4026 - Bug #732: aufs calculates number of threads and limits wrongly 4027 - Bug #663: Username not logged into access.log in case of /407 4028 - Bug #267: Form POSTing troubles with NTLM authentication 4029 and occationally in differen other error conditions. 4030 - Bug #736: ICP dynamic timeout algorithm ignores multicast. 4031 - Bug #733: No explicit error message when ncsa_auth can't access 4032 passwd file 4033 - Bug #267, #757: POST with NTLM stops after persistent connection 4034 timeout 4035 - Bug #742: Wrong status code on access denials if delay_access 4036 is used. Most notably 407 instead of 403 could be returned. 4037 - Bug #763: segfault if using ntlm in http_reply_access 4038 - Bug #638: assertion error if using proxy_auth in delay_access 4039 - Bug #756: segmentation fault if using ntlm proxy_auth in delay_access 4040 - The issue of reply_body_max_size limiting the size of error 4041 messages no longer applies. 4042 - external_acl_type concurrency= option renamed to children= to 4043 prepare for Squid-3 upgrades. Old syntax still accepted for the 4044 duration of the Squid-2.5 release. 4045 - number of filedescriptors rounded down to an even multiple of 64 4046 to work around issues in certain libc implementations. 4047 - winbind helpers less noisy in cache.log on restarts/shutdown. 4048 - Squid now automatically restarts helpers if too many of them 4049 have crashed. 4050 4051Changes to squid-2.5.STABLE3 (25 May 2003): 4052 4053 - Bug #573: Occational false negatives in external acl lookups 4054 - Bug #577: assertion failed: cbdata.c:224: "c->y == c" when 4055 external_acl helpers crashes 4056 - Bug #590: Squid may hang or behave oddly on shutdown while 4057 requests is being processed. 4058 - Bug #590: external acl lookups does not deal well with queue 4059 overload 4060 - cache_effective_user documentation update 4061 - cache_peer documentation update for htcp and carp 4062 - Bug #600: The example header_access paranoid setting is 4063 missing WWW-Authenticate 4064 - Bug #605: Segmentation fault in idnsGrokReply() on certain 4065 platforms 4066 - Fixes to build properly on AIX 5 4067 - Bug #574: wb_group updated to version 1.1 to make group names 4068 case insensitive and correct a segfault issue in the helper 4069 - SNMP mib updates to make cacheNumObjCount, 4070 cacheCurrentUnlinkRequests, cacheCurrentSwapSize and cacheClients 4071 correctly report as gauges (was reporting as counters). 4072 - Woraround for --enable-ssl Kerberos issue on RedHat 9 4073 - Bug #579: Close and repopen log files on "squid -k reconfigure" 4074 - Bug #598: squid_ldap_auth could segfault if LDAP server is 4075 unavailable 4076 - Bug #609,#612: msntauth helper fixes in dealing with large 4077 or non-existing allow/deny user files. 4078 - Bug #620: acl ident REQUIRED matches even if the ident lookup fails 4079 - Bug #432: reply_body_max_size fails with ident or proxy_auth acls 4080 and also fails to block large objects where the content-length 4081 is not known 4082 - Bug #606: Basic auth looping and gets stuck at high CPU usage when 4083 multiple proxy_auth ACLs combined in one line and login fails. 4084 - squid_ldap_auth updated with support for TLS and SSL 4085 - Bug #623: segfault if using negated external acls in certain 4086 configurations involving other acls later on the same http_access 4087 line. 4088 - Bug #622: wb_group helper update to version 1.2 to ass support for 4089 Domain-Qualified groups refering to groups in a specific domain 4090 - Bug #596: logic error in poll() error management 4091 - Bug #597: logic errors in error management 4092 - Bug #591: segmentation fault in authentication on "squid -k debug" 4093 - Bug #587: smb_auth fails on complex logins involving domain names 4094 or other odd characters 4095 - Bug #558, #587: smb_auth.pl fails on complex logins involving 4096 domain names or other odd characters 4097 - Bug #643: external_acl fails with ttl=0 due to a change introduced 4098 by the patch for Bug #553 in 2.5.STABLE2. 4099 - Bug #630: minor issues in digest authantication causing random 4100 authentication failures and incompability with many mainstream 4101 browser digest implementations due to browser qop bugs. To deal 4102 with those broken browser nonce_stricness now defaults to off, 4103 and two new digest options have been added (check_nonce_count 4104 and post_workaround) to allow workarounds to other quite bad 4105 browser bugs if needed. 4106 - Bug #644: digest authentication fails on requests with one 4107 or more comma in the requested URL 4108 - Bug #648: deny_info TCP_RESET not working. The fix for this also 4109 adds the ability to send redirects. 4110 4111Changes to squid-2.5.STABLE2 (Mars 17, 2003): 4112 4113 - Contrib files added back to the distribution 4114 - Several compiler warnings fixed when using --disable-ident or 4115 --disable-http-violations 4116 - authentication can now be used in most access controls, but 4117 must in most cases first be enforced in http_access to force 4118 the user to authenticate. 4119 - cleanups in the developer bootstrap.sh process when preparing 4120 the sources. 4121 - several squid.conf.sample documentation updated to correctly 4122 refer to the current names when refering to other directives 4123 - authenticate_ip_ttl documentation updates 4124 - several assertion faults and segmentation violations corrected 4125 - the RunCache/RunAccel and squid.rc scripts updated to refer to 4126 the squid binary in sbin rather than the old bin location. 4127 - squid_ldap_auth command line processing fixes when specifying 4128 the LDAP server last on the line instead of -h option 4129 - aufs data corruption bugfix 4130 - aufs performance improvement for low traffic systems 4131 - aufs stability improvements 4132 - external_acl corrected to properly deal with quoted strings 4133 - WCCPv1 bugfix to make sure the router accepts the hash assignments 4134 - "Total accounted memory" now correctly reported in cachemgr 4135 - several small memory leaks (mostly reconfigure related) 4136 - new squid.conf option to allow GET/HEAD requests with a request 4137 entity 4138 - "make uninstall" no longer removes squid.conf 4139 - cachemgr.cgi now uses POST to avoid having the cachemgr password 4140 logged in the web server logs 4141 - authentication schemes which are known to not be proxyable are now 4142 filtered out from forwarded server replies to avoid that the clients 4143 tries to use such schemes when we know for a fact it won't work 4144 - spelling corrections in various error messages 4145 - now possible to define acl values with spaces in them 4146 by using the "include file" feature 4147 - squid_ldap_group updated to 2.10 to fix compilation issues with 4148 recent (and older) OpenLDAP libraries and to make the helper deal 4149 correctly with true LDAP groups by first looking up the user DN. 4150 - Some internal code cleanups 4151 - now verifies that programs etc exists iside the chroot directory 4152 when using chroot_dir. No longer neccesary to set up a split view 4153 environment where the same paths works both inside the chroot and 4154 outside just to convince Squid that the files is actually there.. 4155 - improved memory usage reporting 4156 - --disable-hostname-checks configure option 4157 - no longer ignores double dots in host names. Any hostname with 4158 double dots is now rejected as invalid. 4159 - log_mime_hdrs no longer logs garbage if very long headers 4160 are seen. 4161 - 'select_fds_hist' object added to cachemgr 'histogram' output 4162 - pid file now unlinked when squid has really shut down, not 4163 immediately when the shutdown request is received. This allows 4164 the pid file to be monitored to determine when Squid has shut down 4165 properly 4166 - correct authentication scheme setups on some platforms or compilers 4167 - several squid.conf.sample documentation updates to remove references 4168 to renamed or replaced directives by changing them to their current 4169 names. 4170 - the SSL reverse proxy support updated to allow building with 4171 OpenSSL 0.9.7 and and later. 4172 - Corrected a minor performance problem while processing HEAD replies 4173 from various broken web servers not sending a correct HTTP reply 4174 - time acls can now specify multiple times in the same acl name, like 4175 most other acl types. 4176 - winbind helpers updated to match Samba-2.2.7a and should 4177 work with Samba-2.2.6 or later (required). For compability with 4178 older Samba versions A new configure option --with-samba-sources=... 4179 has been added to allow you to specify which Samba version the 4180 helpers should be built for if different than the above versions. 4181 - Squid MIB definition syntax correction to work better with newer 4182 (and older) SNMP tools. 4183 - Fixed access.log format when logging "error:invalid-HTTP-ident" on 4184 requests where parsing the HTTP identifier (HTTP/1.0) failed. 4185 - "make distclean" no longer removes the icons, this avoids the 4186 dependency on "uudecode" to rebuild Squid after "make distclean" 4187 - User name returned by external acl lookups (external_acl_type) 4188 is now available as "ident" in later acl checks in addition to 4189 the logging in access.log. 4190 - Incorrect behaviour of Digest authentication partly corrected - it 4191 will not handle sessions, but will always enforce password 4192 correctness.. (patch submitted by Sean Burford). 4193 - Issue with persistent connections and PUT/POST request corrected 4194 4195Changes to squid-2.5.STABLE1 (September 25, 2002): 4196 4197 - Major rewrite of proxy authentication to support other schemes 4198 than basic. First in the line is NTLM support but others can 4199 easily be added (minimal digest is present). See Programmers Guide. 4200 (Robert Collins & Francesco Chemolli) 4201 - Reworked how request bodies are passed down to the protocols. 4202 Now all client side processing is inside client_side.c, and 4203 the pass and pump modules is no longer used. 4204 used by Squid. 4205 - Optimized searching in proxy_auth and ident ACL types. Squid should 4206 now handle large access lists a lot more efficiently. 4207 (Francesco Chemolli) 4208 - Fixed forwarding/peer loop detection code (Brian Degenhardt) - 4209 now a peer is ignored if it turns out to be us, rather than 4210 committing suicide 4211 - Changed the internal URL code to obey appendDomain for internal 4212 objects if it needs appending. This fixes weirdnesses where 4213 a machine can think it is "foo.bar.com", and "foo" is requested. 4214 (Brian Degenhardt) 4215 - Added the use of Automake to create the Makefile.in's in the squid 4216 source tree. This will allow libtool in the future, and immediately 4217 allows better dependency tracking - with or without gcc - as well 4218 as the dist-all and distcheck targets for developers which respectively 4219 build a tar.gz and a tar.bz2 distribution, and check that what will be 4220 distributed builds. 4221 - Added TOS and source address selection based on ACLs, 4222 written by Roger Venning. This allows administrators to set 4223 the TOS precedence bits and/or the source IP from a set of 4224 available IPs based upon some ACLs, generally to map different 4225 users to different outgoing links and traffic profiles. 4226 - Added 'max-conn' option to 'cache_peer' 4227 - Added SSL gatewaying support, allowing Squid to act as a SSL server 4228 in accelerator setups. 4229 - SASL authentication helper by Ian Castle 4230 - msntauth updated to v2.0.3 4231 - no_cache now applies to cache hits as well as cache misses 4232 - the Gopher client in Squid has been significantly improved 4233 - Squid now sanity checks FTP data connections to ensure the 4234 connection is from the requested server. Can be disabled if 4235 needed by turning off the ftp_sanitycheck option. 4236 - external acl support. A mechanism where flexible ACL checks 4237 can be driven by external helpers. See the external_acl_type 4238 and acl external directives. 4239 - Countless other small things and fixes 4240 - HTML pages generated by Squid or CacheMgr as well as the 4241 ERR documents now contain a doctype declaration so that 4242 browsers know which HTML specification the document uses. 4243 In addition to that they have a new look (background-color, font) 4244 and are valid according to the HTML standards at www.w3.org. 4245 (Clemens L ser) 4246 - Login and password send to Basic auth helpers is now URL escaped 4247 to allow for spaces and other "odd" characters in logins and 4248 passwords 4249 - Proxy Authentication is no longer blindly forwarded to peer 4250 caches if not used locally. If forwarding of proxy authentication 4251 is desired then it must now be configured with the login=PASS 4252 cache_peer option. 4253 - Responses with Vary: in the header are now cached by squid. 4254 (Henrik Nordstrom). 4255 - Removed unused 'siteselect_timeout' directive. 4256 4257Changes to Squid-2.4.STABLE7 (July 2, 2002): 4258 4259 - Squid now drops any requests using transfer-encoding. 4260 Squid is a HTTP/1.0 proxy and as such do not support 4261 the use of transfer-encoding. 4262 - The MSNT auth helper has been updated to v2.0.3+fixes for 4263 buffer overflow security issues found in this helper. 4264 - A security issue in how Squid forwards proxy authentication 4265 credentials has been fixed 4266 - Minor changes to support Apple MAC OS X and some other platforms 4267 more easily. 4268 - The client -T option has been implemented 4269 - HTCP related bugfixes in "squid -k reconfigure" 4270 - Several bugfixes and cleanup of the Gopher client, both 4271 to correct some security issues and to make Squid properly 4272 render certain Gopher menus. 4273 - FTP data channels are now sanity checked to match the address of 4274 the requested FTP server. This to prevent theft or injection of 4275 data. See the new ftp_sanitycheck directive if this is not desired. 4276 - Security fixes in how Squid parses FTP directory listings into HTML 4277 4278Changes to Squid-2.4.STABLE6 (March 19, 2002): 4279 4280 - The patch for 2.4.STABLE5 was insufficiently tested and 4281 introduced a bug that causes frequent assertions when 4282 handling DNS PTR answers. 4283 4284Changes to Squid-2.4.STABLE5 (March 15, 2002): 4285 4286 - Fixed an array bounds bug in lib/rfc1035.c. This bug 4287 could allow a malicious DNS server to send bogus replies 4288 and corrupt the heap memory. 4289 4290Changes to Squid-2.4.STABLE4 (Feb 19, 2002) 4291 4292 - htcp_port 0 now properly disables htcp 4293 - Fixed problem with certain non-anonymous ftp:// style URL's 4294 - SNMP bugfixes including several memory leaks 4295 4296Changes to Squid-2.4.STABLE3 (Nov 28, 2001): 4297 4298 - Fixed bug #255: core dump on SSL/CONNECT if access denied by 4299 miss_access 4300 - Fixed bug #246: corrupt on-disk meta information preventing 4301 rebuilds of lost swap.state files 4302 - Fixed bug #243: squid_ldap_auth now supports spaces in passwords 4303 - Fixed a coredump when creating FTP directories 4304 - Fixed a compile time problem with statHistDump prototype mistmatch, 4305 reported by some compilers 4306 - Fixed a potential coredump situation on snmpwalk in certain 4307 configurations 4308 - Fixed bug #229: filedescriptor leakage in the "aufs" cache_dir 4309 store implementation 4310 - Serbian error message translations 4311 4312Changes to Squid-2.4.STABLE2 (Aug 24, 2001): 4313 4314 - Expanded configure's GCC optimization disabling check to 4315 include GCC 2.95.3 4316 - avoid negative served_date in storeTimestampsSet(). 4317 - Made 'diskd' pathnames more configurable 4318 - Make sure squid parent dies if child is killed with 4319 KILL signal 4320 - Changed diskd offset args to off_t instead of int 4321 - Fixed bugs #102, #101, #205: various problems with useragent 4322 log files 4323 - Fixed bug #116: Large Age: values still cause problems 4324 - Fixed bug #119: Floating point exception in 4325 storeDirUpdateSwapSize() 4326 - Fixed bug #114: usernames not logged with 4327 authenticate_ip_ttl_is_strict 4328 - Fixed bug #115: squid eating up resources (eventAdd args) 4329 - Fixed bug #125: garbage HTCP requests cause assertion 4330 - Fixed bug #134: 'virtual port' support ignores 4331 httpd_accel_port, causes a loop in httpd_accel mode 4332 - Fixed bug #135: assertion failed: logfile.c:135: "lf->offset 4333 <= lf->bufsz" 4334 - Fixed bug #137: Ranges on misses are over-done 4335 - Fixed bug #160: referer_log doesn't seem to work 4336 - Fixed bug #162: some memory leaks (SNMP, delay_pools, 4337 comm_dns_incoming histogram) 4338 - Fixed bug #165: "Store Mem Buffer" leaks badly 4339 - Fixed bug #172: Ident Based ACLs fail when applied to 4340 cache_peer_access 4341 - Fixed bug #177: LinuxPPC 2000 segfault bug due to varargs abuse 4342 - Fixed bug #182: 'config' cachemgr option dumps core with 4343 null storage 4344 - Fixed bug #185: storeDiskdDirParseQ[12]() use wrong number 4345 of args in debug/printf 4346 - Fixed bug #187: bugs in lib/base64.c 4347 - Fixed bug #184: storeDiskdShmGet() assertion; changed 4348 diskd to use bitmap instead of linked list 4349 - Fixed bug #194: Compilation fails on index() on some 4350 non-BSD platforms 4351 - Fixed bug #197: refreshIsCachable() incorrectly checks 4352 entry->mem_obj->reply 4353 - Fixed bug #215: NULL pointer access for proxy requests 4354 in accel-only mode 4355 4356Changes to Squid-2.4.STABLE1 (Mar 20, 2001): 4357 4358 - Fixed a bug in and cleaned up class 2/3 delay pools 4359 incrementing. 4360 - Fixed a coredump bug when using external dnsservers that 4361 become overloaded. 4362 - Fixed some NULL pointer bugs for NULL storage system 4363 when reconfiguring. 4364 - Fixed a bug with useragent logging that caused Squid to 4365 think the logfile never got opened. 4366 - Fixed a compiling bug with --disable-unlinkd. 4367 - Changed src/squid.h to always use O_NONBLOCK on Solaris 4368 if it is defined. 4369 - Fixed a bug with signed/unsigned bitfield flag variables 4370 that caused problems on Solaris. 4371 - Fixed a bug in clientBuildReplyHeader() that could add 4372 an Age: header with a negative value, causing an assertion 4373 later. 4374 - Fixed an SNMP reporting bug. cacheCurrentResFileDescrCnt 4375 was returning the number of FDs in use, rather than 4376 the number of reserved FDs. 4377 - Added the 'pipeline_prefetch' configuration option. 4378 - cache_dir syntax changed to use options instead of many 4379 arguments. This means that the max_objsize argument now 4380 is an optional option, and that the syntax for how to 4381 specify the diskd magics is slightly different. 4382 - Various fixes for CYGWIN 4383 - Upgraded MSNT auth module to version 2.0. 4384 - Fixed potential problems with HTML by making sure all 4385 HTML output is properly encoded. 4386 - Fixed a memory initialization problem with resource records in 4387 lib/rfc1035.c. 4388 - Rewrote date parsing in lib/rfc1123.c and made it a little 4389 more lenient. 4390 - Added Cache-control: max-stale support. 4391 - Fixed 'range_offset_limit' again. The problem this time 4392 is that client_side.c wouldn't set the we_dont_do_ranges 4393 flag for normal cache misses. It was only being set for 4394 requests that might have been hits, but we decided to 4395 change to a miss. 4396 - Added the Authenticate-Info and Proxy-Authenticate-Info 4397 headers from RFC 2617. 4398 - HTTP header lines longer than 64K could cause an assertion. 4399 Now they get ignored. 4400 - Fixed an IP address scanning bug that caused "123.foo.com" 4401 to be interpreted as an IP address. 4402 - Converted many structure allocations to use mem pools. 4403 - Changed proxy authentication to strip leading whitespace 4404 from usernames after decoding. 4405 - Prevented NULL pointer access in aclMatchAcl(). Some 4406 ACL types require checklist->request_t, but it won't be 4407 available in some cases (like snmp_access). Warn the 4408 admin that the ACL can't be checked and that we're denying 4409 it. 4410 - Allow zero-size disk caches. 4411 - The actual filesystem blocksize is now used to account 4412 for space overheads when calculating on-disk cache size. 4413 - Made the maximum memory cache object size configurable. 4414 - Added 'minimum_direct_rtt' configuration option. 4415 - Added 'ie_refresh' configuration option, which is a hack 4416 to turn IMS requests into no-cache requests. 4417 - Added support for netfilter in linux-2.4. This allows transparent 4418 proxy connections to function correctly in the absence of a Host: 4419 header. This requires --enable-linux-netfilter to be passed through 4420 to configure. (Evan Jones) 4421 - Fixed a bug with clientAccessCheck() that allowed proxy 4422 requests in accel mode. 4423 - Fixed a bug with 301/302 replies from redirectors. Now 4424 we force them to be cache misses. 4425 - Accommodated changes to the IP-Filter ioctl() interface 4426 for intercepted connections. 4427 - Fixed handling of client lifetime timeouts. 4428 - Fixed a buffer overflow bug with internal DNS replies 4429 by truncating received packets to 512 bytes, as per 4430 RFC 1035. 4431 - Added "forward.log" support, but its work in progress. 4432 - Rewrote much of the IP and FQDN cache implementation. 4433 This change gets rid of pending hits. 4434 - Changed peerWouldBePinged() to return false if our 4435 ICP/HTCP port is zero (i.e. disabled). 4436 - Changed src/net_db.c to use src/logfile.c routines, 4437 rather than stdio, because of solaris stdio filedescriptor 4438 limits. 4439 - Made netdbReloadState() more robust in case of corrupted 4440 data. 4441 - Rewrote some freshness/staleness functions in src/refresh.c, 4442 partially inspired to support cache-control max-stale. 4443 - Fixed status code logging for SSL/CONNECT requests. 4444 - Added a hack to subtract cache digest network traffic 4445 from statistics so that byte hit ratio stays positive 4446 and more closely reflects what people expect it to be. 4447 - Fixed a bug with storeCheckTooSmall() that caused 4448 internal icons and cache digests to always be released. 4449 - Added statfs(2) support for displaying actual filesystem 4450 usage in the cache manager 'storedir' output. 4451 - Changed status reporting for storage rebuilding. Now it 4452 prints percentage complete instead of number of entries 4453 parsed. 4454 - Use mkstemp() rather than problem-prone tempnam(). 4455 - Changed urlParse() to condense multiple dots in hostnames. 4456 - Major rewrite of async-io (src/fs/aufs) to make it behave 4457 a bit more sane with substantially less overhead. Some 4458 tuning work still remains to make it perform optimal. 4459 See the start of store_asyncufs.h for all the knobs. 4460 - Fixed storage FS modules to use individual swap space 4461 high/low values rather than the global ones. 4462 - Fixed storage FS bugs with calling file_map_bit_reset() 4463 before checking the bit value. Calling with an invalid 4464 value caused memory corruption in random places. 4465 - Prevent NULL pointer access in store_repl_lru.c for 4466 entries that exist in the hash but not the LRU list. 4467 4468Changes to Squid-2.4.DEVEL4 (): 4469 4470 - Added --enable-auth-modules=... configure option 4471 - Improved ICP dead peer detection to also work when the workload 4472 is low 4473 - Improved TCP dead peer detection and recovery 4474 - Squid is now a bit more persistent in trying to find a alive 4475 parent when never_direct is used. 4476 - nonhierarchical_direct squid.conf directive to make non-ICP 4477 peer selection behave a bit more like ICP selection with respect 4478 to hierarchy. 4479 - Bugfix where netdb selection could override never_direct 4480 - ICP timeout selection now prefers to use parents only when 4481 calculating the dynamic timeout to compensate for common RTT 4482 differences between parents and siblings. 4483 - No longer starts to swap out objects which are known to be above 4484 the maximum allowed size. 4485 - allow-miss cache_peer option disabling the use of "only-if-cached". 4486 Meant to be used in conjunction with icp_hit_stale. 4487 - Delay pools tuned to allow large initial pool values 4488 - cachemgr filesystem space information changed to show useable space 4489 rather than raw space, and platform support somewhat extended. 4490 - Logs destination IP in the hierarchy log tag when going direct. 4491 (can be disabled by turning log_ip_on_direct off) 4492 - Async-IO on linux now makes proper use of mutexes. This fixes some 4493 odd pthread segfaults on SMP Linux machines, at a slight performance 4494 penalty. 4495 - %s can now be used in cache_swap_log and will be substituted with 4496 the last path component of cache_dir. 4497 - no_cache is now a full ACL check without, allowing most ACL types 4498 to be used. 4499 - The CONNECT method now obeys miss_access requirements 4500 - proxy_auth_regex and ident_regex ACL types 4501 - Fixed a StoreEntry memory leak during "dirty" rebuild 4502 - Helper processes no longer hold unrelated filedescriptors open 4503 - Helpers are now restarted when the logs are rotated 4504 - Negatively cached DNS entries are now purged on "reload". 4505 - PURGE now also purges the DNS cache 4506 - HEAD on FTP objects no longer retrieves the whole object 4507 - More cleanups of the dstdomain ACL type 4508 - Squid no longer tries to do Range internally if it is not supported 4509 by the origin server. Doing so could cause bandwidth spikes and/or 4510 negative hit ratio. 4511 - httpd_accel_single_host squid.conf directive 4512 - "round-robin" cache_peer counters are reset every 5 minutes to 4513 compensate previously dead peers 4514 - DNS retransmit parameters 4515 - Show all FTP server messages 4516 - squid.conf.sample now indicates if a directive isn't enabled in 4517 the installed binary, and what configure option to use for enabling it 4518 - Fixed a temporary memory leak on persistent POSTs 4519 - Fixed a temporary memory leak when the server response headers 4520 includes NULL characters 4521 - authenticate_ip_ttl_is_strict squid.conf option 4522 - req_mime_type ACL type 4523 - A reworked storage system that supports storage directories in 4524 a more modular fashion. The object replacement and IO is now 4525 responsibility of the storage directory, and not of the storage 4526 manager. 4527 - Fixed a bogus MD5 mismatch warning sometimes seen when using 4528 aufs or diskd stores 4529 - Added --enable-stacktraces configure option to set PRINT_STACK_TRACE, 4530 and extended support for this to Linux/GNU libc. 4531 - Disabled the "request timeout" error message sent if the user agent 4532 did not provide a request in a timely manner after opening the 4533 connection. Now the connection is silently closed. The error message 4534 was confusing user agents utilizing persistent connections. 4535 - Fixed configure --enable descriptions to match the arg names. 4536 - Eliminated compile warnings from auth_modules/MSNT code. 4537 - Require first character of hostnames to be alphanumeric. 4538 - Made ARP ACL work for Solaris. 4539 - Removed storeClientListSearch(). 4540 - Added counters to track diskd operation success and 4541 failures. 4542 - Fixed range_offset_limit. 4543 - Added code to retry ServFail replies for internal DNS 4544 lookups. 4545 - Added referer header logging (Jens-S. Voeckler). 4546 - Added "multi-domain-NTLM" authentication module, a Perl 4547 script from Thomas Jarosch. 4548 - Added configurable warning messages for high memory usage, 4549 high response time, and high page faults. 4550 - Made store dir selection algorithm configurable. 4551 - Added support for admin-definable extension methods, 4552 up to 20. 4553 - Added 'maximum_object_size_in_memory' as a configuration option - 4554 this defines the watermark where objects transit from being true 4555 hot objects to being in-transit objects in memory. It currently 4556 defaults to 8 KB. 4557 - Change to the fqdn code which changes how pending DNS requests 4558 are treated as private and only become public once they are 4559 completed. This can add extra load on DNS servers but prevents 4560 all the pending clients blocking if one of the queries got 4561 stuck. (Duane Wessels) 4562 - Converted more code to use MemPools, from Andres Kroonmaa. 4563 - Added more CYGWIN patches from Robert Collins. 4564 4565Changes to Squid-2.4.DEVEL3 (): 4566 4567 - Added Logfile module. 4568 - Added DISKD stats via cachemgr. 4569 - Added squid.conf options for DISKD magic constants. 4570 4571Changes to Squid-2.4.DEVEL2 (Feb 29, 2000): 4572 4573Changes to Squid-2.4.DEVEL1 (): 4574 4575Changes to Squid-2.3.STABLE4 (July 18, 2000): 4576 4577 - Fixed --localstatedir configure option (IKEDA Shigeru). 4578 - Fixed IPFilter headers on OpenBSD (Nic Bellamy, Brad 4579 Smith). 4580 - Added pthread_sigmask() check to configure (Daniel 4581 Ehrlich). 4582 - Added CYGWIN patches from Robert Collins. 4583 - Changed internal DNS lookups to retry queries that are 4584 returned with RCODE 2 (ServFail). 4585 - Added 'virtual port' support (Gregg Kellogg). If 4586 'httpd_accel_uses_host_header' is enabled, then we use 4587 the port number from the Host header. Otherwise, when 4588 'httpd_accel_port' is set to "0" we use the port number 4589 of the local end of the client socket. 4590 - Fixed a typo in carp.c (Nikolaj Yourgandjiev). 4591 - Made Squid accept GET requests that have a "content-length: 4592 0" header. 4593 - Added a sanity check on the NHttpSockets[] array index 4594 (Gregg Kellogg). 4595 - Added a friendlier message when Squid can't find any DNS 4596 nameserver addresses to use (Daniel Kiracofe). 4597 - Added nonstandard WEBDAV methods: BMOVE, BDELETE, BPROPFIND 4598 (Craig Whitmore). 4599 - Added missing '%c' token replacement in error page 4600 generation. 4601 - Fixed a bug with 'minimum_object_size' that prevented 4602 internal icons from being loaded. 4603 - Fixed "extra semicolon" bug in storeExpiredReferenceAge() 4604 that could prevent any objects from being replaced. 4605 - Make sure that storeDirDiskFull() doesn't actually 4606 *increase* the cache size. 4607 - Changed a storeSwapMetaUnpack() assertion to a recoverable 4608 error condition. 4609 - Removed "wccpHereIam" event check that could cause Squid 4610 to stop sending HERE_I_AM messages. 4611 4612Changes to Squid-2.3.STABLE3 (May 15, 2000): 4613 4614 - Fixed malloc linking problems on Solaris. The configure 4615 script incorrectly set options for dlmalloc. 4616 - Added a configure check to remove compiler optimization 4617 for GCC 2.95.x. 4618 - Updated MSNT authenticator module. 4619 - Updated Estonian error pages. 4620 - Updated Japanese error pages. 4621 - Fixed expires bug in httpReplyHdrCacheInit. It was 4622 incorrectly setting expires based on max-age. It was using 4623 the current time as a basis, instead of the response date. 4624 - Fixed "USE_DNSSERVER" typos. 4625 - Added a workaround for getpwnam() problems on Solaris. 4626 getpwnam() could fail if there are fewer than 256 FDs 4627 available. This causes root to own some disk files. 4628 - Added an 'offline_toggle' option via the cache manager. 4629 - Added a 'minimum_object_size' option. Files smaller than 4630 this size are not stored. 4631 - Added 'passive_ftp' option to disable passive FTP transfers. 4632 - Added 'wccp_version' option because some Cisco IOS versions 4633 require WCCP version 3. 4634 - The 'client' program in ping mode (-g) now prints transfer 4635 throughput. 4636 - Fixed logging of proxy auth username for redirected 4637 requests. 4638 - Fixed bogus Age values for IMS requests. 4639 - Fixed persistent connection timeout for client-side 4640 connections. It was hard-coded to 15 seconds, now uses 4641 the 'pconn_timeout' value. 4642 - Fixed up httpAcceptDefer. It wasn't being used properly 4643 and caused high CPU usage when Squid gets close to the FD 4644 limit. 4645 - Numerous delay_pools fixes and checks. 4646 - Fixed SNMP coredumps from running snmpwalk. 4647 - Added a check for errno == EPIPE in icmp.c when pinger uses 4648 a Unix socket instead of a UDP socket. 4649 - Fixed ACL checklist memory initialization bugs. 4650 - Cleaned up the MIB file. Replaced contact information and 4651 checked description fields. 4652 - Removed LRU reference_age hard-coded upper limit. 4653 - Fixed async I/O FD leak. 4654 - Made getMyHostname() more robust. 4655 - Fixed domain list matching bug. "x-foo.com" wasn't properly 4656 compared to ".foo.com" and confused splay tree ordering. 4657 - Added a check for whitespace in hostnames and optionally 4658 strip whitespace if 'uri_whitespace' setting allows. 4659 - Added status code and checking to ASN/whois queries. 4660 4661Changes to Squid-2.3.STABLE2 (Mar 2, 2000): 4662 4663 - Changed Copyright text. 4664 - Changed configure so that some IRIX-6.4 hacks apply to 4665 all IRIX-6.* versions. 4666 - Cleaned up HTML bugs in error pages. 4667 - Told configure to check for netinet/if_ether.h, which 4668 is used in ARP ACL code, but might not be required. 4669 - Added "Cookie" to known HTTP headers so it can be 4670 used in anonymizer configuration. 4671 - Added optional TCP_REDIRECT log code for logging 4672 of 301/302 responses returned by Squid. 4673 - Added a check for a currently running Squid process. 4674 If the pid file exists, and the pid is running, 4675 Squid complains and refuses to start another instance. 4676 - Changed async I/O scope to PTHREAD_SCOPE_PROCESS for 4677 IRIX. 4678 - Fixed a bug with the PURGE method. The purge enable 4679 flag was not getting cleared during reconfigure. 4680 Also required PURGE method to be used in http_access 4681 list before enabling. 4682 - Fixed async I/O assertions for file open errors. 4683 - Fixed internal DNS assertion when unpacking truncated 4684 messages. 4685 - Fixed anonymize_headers bug that caused all headers 4686 to be allowed after a reconfigure. 4687 - Fixed an access denied bug for accelerator-only installations. 4688 - Fixed internal DNS initialization so that it uses 4689 'dns_nameservers' settings in squid.conf if set. 4690 - Fixed 'maxconn' ACL bug that caused it to work backwards 4691 (Pedro Ribeiro). 4692 - Fixed syslog bug for daemon mode on Linux. 4693 - Fixed 'http_port' parsing bugs. 4694 - Fixed internal DNS byte ordering bugs for PTR queries. 4695 - Fixed internal DNS queue getting stuck during periods 4696 of low activity (Henrik). 4697 - Fixed byte ordering bugs for parsing EPLF FTP listings 4698 on 64-bit systems. 4699 - Fixed 'request_body_max_size' bug that caused all 4700 POST, PUT requests to be denied if max size is set 4701 to zero. 4702 - Fixed 'redirector_access' bug when using 'myport' ACLs. 4703 - Fixed CARP neighbor selection bugs for down peers. 4704 - Added 'client_persistent_connections' and 4705 'server_persistent_connections' flags to disable persistent 4706 connections for clients and servers. 4707 - Fixed access logging bug that caused many requests to be 4708 logged as TCP_MISS. 4709 - Added some bounds checking to delay pools code. 4710 4711Changes to Squid-2.3.STABLE1 (Jan 9, 2000): 4712 4713 - Updated PAM authentication module from Henrik Nordstrom. 4714 - Updated Bulgarian error messages from Svetlin Simeonov. 4715 - Changed ACL routines so that User-Agent (browser) string 4716 is always taken from compiled HTTP request headers 4717 instead of passed as an argument to aclCreateChecklist. 4718 - Added a 'strip' option to the 'uri_whitesace' configuration 4719 directive and made it the default behavior. Whitespace 4720 found in URI's is now stripped out by default. 4721 - Added chroot feature. The 'chroot_dir' config option enables 4722 it and specifies the directory. 4723 - Changed clientBuildReplyHeader so that the Age header is 4724 added only for cache hits, and only when we can calculate 4725 a valid, positive age value. 4726 - Changed clientWriteComplete and clientGotNotEnough so 4727 that they keep persistent connections open for more types 4728 of replies that don't have bodies. 4729 - Changed filemap.c routines to dynamically grow filemap 4730 space as needed. 4731 - Added a hack to ftp.c to deal with ftp.netscape.com, which 4732 sometimes doesn't acknowledge PASV commands. 4733 - Fixed FTP bug with ftpScheduleReadControlReply; there 4734 was not always a timeout handler on the control socket 4735 after the transfer completed. 4736 - Fixed FTP filedescriptor leak from invalid PASV replies. 4737 - Changed httpBuildRequestHeader so that it doesn't 4738 copy the Host header from the client request. Instead 4739 we should generate our own Host header which is known 4740 to be correct. 4741 - Changed storeTimestampsSet to adjust entry->timestamp 4742 if the response includes an Age header. 4743 - Removed size limit from storeKeyHashBuckets. 4744 - Changed fwdConnectStart from a "heavy" to a "light" event. 4745 - Fixed an 'anonymize_headers' bug that affects unknown 4746 HTTP headers. With the bug, if you list a header that 4747 Squid doesn't know about (such as "Charset"), it would 4748 add HDR_OTHER to the allow/deny mask. This caused all 4749 unknown headers to be allowed or denied (depending on 4750 the scheme you use). Now, with the bug fixed, an unknown 4751 header in the 'anonymize_headers' list is simply ignored. 4752 4753Changes to Squid-2.3.DEVEL3 (): 4754 4755 - Added MSNT auth module from Antonino Iannella. 4756 - Added --enable-underscores configure option. This allows 4757 Squid to accept hostnames with underscores in them. Your 4758 DNS resolver may still complain about them, however. 4759 - Added --heap-replacement configure option. This enables 4760 the alternative cache replacement policies, such as 4761 GDSF, and LFUDA. 4762 - WCCP establishes and registers with the router faster. 4763 - Added 'maxconn' acl type to limit the number of established 4764 connections from a single client IP address. Submitted 4765 by Vadim Kolontsov. 4766 - Close FTP data socket as soon as transfer completes 4767 (Alexander V. Lukyanov). 4768 - Fixed ftpReadPass() to not clobber ctrl.message when 4769 the PASS command fails. 4770 - Added a redirect.c patch so squidGuard is able to do 4771 per-user access control (Antony T Curtis). 4772 - discard the pumpMethod() function, and instead use the 4773 fact that the request has a request entity (content-length 4774 present) (Henrik). 4775 - Reload the MIME icons at reconfigure time (Radu Greab). 4776 - Updated Richard Huveneers' SMB authentication module to 4777 his version 0.05 package. 4778 - Fixed lib/heap.c::heap_delete() bug when deleting the 4779 last node. 4780 - Fixed an integer conversion bug in 4781 lib/rfc1035.c::rfc1035AnswersUnpack(). 4782 - Fixed lib/rfc1738 routines to encode reserved characters, 4783 in addition to encoding the unsafe characters (Henrik). 4784 - Changed the interface for splay compare and "walk" 4785 functions to take a void pointer, instead of a splayNode 4786 pointer (Henrik). 4787 - Changed numerous HTTP parsing routines to use ssize_t 4788 instead of size_t. This was done because size_t may be 4789 signed or unsigned. When it is unsigned, gcc emits 4790 numerous "comparison is always true" warnings. At least 4791 we know ssize_t is always signed. 4792 - Fixed src/HttpHeaderTools::httpHeaderHasConnDir() and 4793 friends so that it properly handles multi-value lists. 4794 - Added an "end" (ssize_t) parameter to 4795 src/HttpReply::httpReplyParse() so that we know exactly 4796 where to terminate the header buffer. 4797 - Changed src/access_log.c::log_quote() so that it only 4798 encodes whitespace characters, and not all URL-special 4799 characters (Henrik). 4800 - Added local port ACL type ("myport") (Henrik). 4801 - Added maximum number of connections per client ("maxconn") 4802 as an ACL type. 4803 - Fixed proxy authentication username/password parsing to 4804 be more robust (Henrik). 4805 - Fixed ACL domain/host and domain/domain comparison 4806 functions yet again. Eliminated duplicate code so that 4807 only src/url.c::matchDomainName() contains this mysterious 4808 code. 4809 - Changed the 'http_port' option to accept an IP address 4810 or hostname as well (Henrik). 4811 - Removed 'tcp_incoming_addr' option. 4812 - Added an access control list for the redirector 4813 ('redirector_access'). Requests which match are sent to 4814 the redirector. All requests. are redirected by default. 4815 - Added the 'authenticate_ip_ttl' option. It specifies 4816 how long a valid proxy authentication credential is 4817 bound to a specific address. 4818 - Added 280, 488, 591, and 777 to "Safe_ports" ACL. 4819 - Removed the unused and highly questionable 'forward_snmpd_port' 4820 option. 4821 - Added an option to accept DNS messages from unknown nameservers. 4822 This may be necessary if replies come from a different address 4823 than queries are sent to. 4824 - Added #includes for IP Filter files in netinet directory. 4825 - Fixed a bug with retrying forwarded IMS requests (Henrik). 4826 - Fixed a bug in src/client_side.c::clientInterpretRequestHeaders() 4827 where we were checking a cache-control bit before getting the 4828 mask from the HTTP headers (pallo@initio.no). 4829 - Fixed a bug with "no_cache" access list. If not defined, 4830 everything was uncachable by default. 4831 - Fixed a bug with timed-out client-side HTTP connections. 4832 We didn't cancel the read handler, which could lead to 4833 "rwstate != NULL" warnings. 4834 - Changed comm_open() to only call fdAdjustReserved() for 4835 specific errors (ENFILE, EMFILE); 4836 - Fixed NULL pointer bug in idnsParseResolvConf(). 4837 - Split CACHE_DIGEST_HIT into CD_PARENT_HIT and CD_SIBLING_HIT. 4838 - Added DELETE request method. 4839 - Added RFC 2518 HTTP status codes. 4840 - Fixed handling of URL passwords when we need to rewrite a 4841 BASE HREF URL (Henrik). 4842 - Fixed a bug with FTP requests where a request gets aborted, 4843 but we try to complete it anyway. It would result in a 4844 "store_status != STORE_PENDING" assertion. The solution 4845 is to check for ENTRY_ABORTED before reading from 4846 the control channel too. 4847 - Changed FTP to retry a request if Squid fails to establish 4848 a PASV data connection (Henrik). 4849 - Fixed numerous HTCP memory leaks and an uninitialized memory 4850 bug. 4851 - Changed httpMaybeRemovePublic() with RFC 2518 and 2616 in 4852 mind (Henrik). 4853 - Minor fixes for Rhapsody systems. 4854 - Define _XOPEN_SOURCE_EXTENDED in squid.h so that AIX systems 4855 don't include varargs.h. 4856 - Changed src/store_client.c::storeClientType() so that 4857 an entry can have more than one STORE_MEM_CLIENT. 4858 - Changed src/store_client.c::storeClientReadHeader() 4859 to check swapfile metadata (Henrik). 4860 - Changed src/url.c::urlCheckRequest() to return FALSE for 4861 any "https://" URL. These should always be CONNECT 4862 instead. If Squid gets an "https://" URL, it is a browser 4863 bug. 4864 - Added numerous squid.conf options for controlling cache 4865 digests. Previously these were hard-coded in 4866 src/store_digest.c. (Martin Hamilton) 4867 - Added 'cache_peer' option called 'digest-url' that 4868 lets you specify the URL for a peer's digest. 4869 (Martin Hamilton) 4870 - Added DELAY_POOLS hacks to scan "slow" connections in 4871 a random order (David Luyer). 4872 - ARP_ACL fixes from Damien Miller. Linux 2.2.x uses a 4873 per-interface arp/neighbour cache, whereas 2.0.x uses a 4874 unified cache. Under 2.2.x you are required to specify 4875 a interface name when looking up ARP table entries with 4876 SIOCGARP. 4877 - If the process umask is not set (i.e. 0), then Squid 4878 changes it to 007. 4879 4880Changes to Squid-2.3.DEVEL2 (): 4881 4882 - Added --enable-truncate configure option. 4883 - Updated Czech error messages () 4884 - Updated French error messages () 4885 - Updated Spanish error messages () 4886 - Added xrename() function for better debugging. 4887 - Disallow empty ("") password in aclDecodeProxyAuth() 4888 (BoB Miorelli). 4889 - Fixed ACL SPLAY subdomain detection (again). 4890 - Increased default 'request_body_max_size' from 100KB 4891 to 1MB in cf.data.pre. 4892 - Added 'content_length' member to request_t structure 4893 so we don't have to use httpHdrGetInt() so often. 4894 - Fixed repeatedly calling memDataInit() for every reconfigure. 4895 - Cleaned up the case when fwdDispatch() cannot forward a 4896 request. Error messages used to report "[no URL]". 4897 - Added a check to return specific error messages for a 4898 "store_digest" request when the digest entry doesn't exist 4899 and we reach internalStart(). 4900 - Changed the interface of storeSwapInStart() to avoid a bug 4901 where we closed "sc->swapin_sio" but couldn't set the 4902 pointer to NULL. 4903 - Changed storeDirClean() so that the rate it gets called 4904 depends on the number of objects deleted. 4905 - Some WCCP fixes. 4906 - Added 'hostname_aliases' option to detect internal requests 4907 (cache digests) when a cache has more than one hostname 4908 in use. 4909 - Async I/O NUMTHREADS now configurable with --enable-async-io=N 4910 (Henrik Nordstrom). 4911 - Added queue length to async I/O cachemgr stats (Henrik Nordstrom). 4912 - Added OPTIONS request method. 4913 4914Changes to Squid-2.3.DEVEL1 (): 4915 4916 - Added WCCP support. This adds the 'wccp_router' squid.conf 4917 option. 4918 - Added internal DNS queries; Most installations can run 4919 without the external dnsserver processes. 4920 - Rewrote much of the code that stores cache objects on 4921 disk. Developed a programming interface that should 4922 allow new storage systems to be added easily. This still 4923 is pretty ugly and needs a lot of work, however. 4924 - Replaced async_io.c "tags" with callback data locks. 4925 This probably breaks async IO in a bad way. 4926 - Tried to write an Async IO disk storage module. 4927 - Added code to replace the StoreEntry linked list with a 4928 heap structure. This allows for different replacement 4929 algorithms, instead of being stuck with LRU. This adds 4930 the 'replacement_policy' squid.conf option. (John Dilley 4931 et al). 4932 - Fixed HTCP queries by actually checking for freshness 4933 based on the HTCP header fields. 4934 - Fixed passing of redirector command line arguments. 4935 - Added 'request_header_max_size' squid.conf option. 4936 - Added 'request_body_max_size' squid.conf option. 4937 - Added 'reply_body_max_size' squid.conf option. 4938 - Added 'peer_connect_timeout' squid.conf option. 4939 - Added 'redirector_bypass' squid.conf option. 4940 - Added RFC 2518 (WEBDAV) request methods. 4941 4942Changes to Squid-2.2 (April 19, 1999): 4943 4944 - Removed all SNMP specific ACL code 4945 SNMP now uses generic squid ACL's 4946 - Removed view-based access crontrol 4947 - Cleaned up and simplified SNMP section of squid.conf 4948 - Changed the SNMP code to use a tree stucture. 4949 - Added objects to MIB: 4950 Request Hit Ratio's 4951 Byte Hit Ratio's 4952 Number of Clients 4953 - Changed SNMP Agent to return object instances correctly. 4954 - Added our own assert() macro so we can use debug() instead of 4955 printing to stderr. 4956 - Added eventFreeMemory(). 4957 - Fixed ipcCreate() bug when debug_log has FD <= 2. 4958 - Changed watchChild() and related code in main.c so that 4959 Squid can behave more like a proper daemon process. 4960 - Added 'prefer_direct' option (enabled by default) so that 4961 people can give parents higher preference than direct. 4962 - Fixed ipc.c close() bug for async IO. On FreeBSD, 4963 comm_close() doesn't work for child processes when async IO is 4964 used. 4965 - Fixed setting the public key for large ``icons'' (Henrik 4966 Nordstrom). 4967 - Rewrote peer digest module to fix memory leaks on reconfigure 4968 and clean the code. Increased "current" digest version to 5 4969 ("required" version is still 3). Revised "Peer Select" cache 4970 manager stats. 4971 - Added "-k parse" command line option: parses the config file 4972 but does not send a signal unlike other -k options. 4973 - Revamped storeAbort() calling. Only store_client.c has all 4974 the right information to determine if the request should 4975 be aborted. Now client and server modules just storeUnregister 4976 without ever needing to call storeAbort. 4977 - Small change of Squid output for FTP (Andrew Filonov, 4978 Henrik Nordstrom). 4979 - clientGetsOldEntry() sends old entry if new request status 4980 is in the 500-range (Henrik Nordstrom). 4981 - Changed configure so it works with IRIX6.4 C compiler (broken?) 4982 option -OPT:fast_io=ON. 4983 - Fixed comm_connect_addr() non-blocking connections for 4984 SONY NEWSOS (Makoto MATSUSHITA). 4985 - Changed "#ifdef __STDC__" to "#if STDC_HEADERS" as recommended 4986 by autoconf documentation. 4987 - Fixed client-side cache-control max-age (Henrik Nordstrom). 4988 - Added a new error page: ERR_SHUTTING_DOWN. fwdStart() returns 4989 this error if it is called while squid is in the process of 4990 shutting down. 4991 - Added support for linuxthreads package under FreeBSD (Tony Finch). 4992 - Fixed HP-UX StatHist.c assertions by making the "hbase_f" 4993 functions non-static (Michael Pelletier). 4994 - Fixed logging of authenticated usernames even if the 4995 authorization is not cached (Dancer). 4996 - Fixed pconnPush() bug that prevented holding on to 4997 persistent connections (Manfred Bathelt). 4998 - Pid file now rewritten on SIGHUP. 4999 - Numerous Ident changes: 5000 - Ident lookups will now be done on demand if you use the 5001 'ident' ACL type. 5002 - The 'ident_lookup on|off' option has been replaced with 5003 an access list, so you can do lookups only for some 5004 client addresses. 5005 - Added an 'ident_timeout' option to specifiy the amount 5006 of time to wait for an ident lookup. 5007 - Added a (local) hit rate to mempool metering. 5008 - FTP Restarts (REST command) is now supported. 5009 - Check for libintl.a on SCO3.2. 5010 - Disable poll() on SCO3.2. 5011 - Numerous Async IO enhancements from Henrik. 5012 - Removed cache_mem_low and cache_mem_high options (Henrik 5013 Nordstrom). 5014 - Replaced 'persistent_client_posts' with 'broken_posts' access 5015 list. 5016 - Rewrote the anonymizer. 5017 - Removed the http_anonymizer option. 5018 - Added the anonymize_headers option to allow individual 5019 referencing of headers for addition or removal. See 5020 'anonymize_headers' in squid.conf for additional 5021 configuration. 5022 - Fixed config file parser's handing of optional directives. 5023 Some people might get new warnings about unknown config 5024 directives. 5025 - Added 'myip' ACL type. This is the local IP address for 5026 connected sockets (Luyer). 5027 - Fixed parsing of FTP DOS directory listings with spaces 5028 (Nordstrom). 5029 - Numerous DELAY_POOL changes/fixes from David Luyer: 5030 - Makes no-delay neighbors for DELAY_POOLS work by 5031 using a fd_set with the connections to no-delay 5032 peers marked in it. 5033 - Makes IP addresses ending in 0 and 255, and 5034 network number 255, work with individual and 5035 network delay pools (they were previously not 5036 permitted, and documented as such). 5037 - Massive overhaul of delay pools code - dynamically 5038 allocated delay pools, as many as required. 5039 - delayPoolsUpdate stops running if DELAY_POOLS is 5040 configured but no delay pools are configured. 5041 - Initial delay pool levels are now configurable 5042 as a percentage of the maximum for the pool in 5043 question (used to be all set to 1 second worth 5044 of traffic). Pools are restored to this level 5045 on reconfiguratoin. 5046 - Changed storeClientCopy to give a swap-in failure if 5047 the number of open disk FD's is above the 'max_open_disk_fds' 5048 limit. Otherwise, a very loaded cache will end up with 5049 all disk files open for reading, and none for writing. 5050 - Added lib/inet_ntoa.c from BSD Unix for systems that have 5051 broken inet_ntoa(). (Erik Hofman). 5052 - Added more specific FTP error messages for "permission 5053 denied, "file not found," and "service unavailable." 5054 (Tony Finch) 5055 - Added xisspace(), xisdigit(), etc, macros to cast function 5056 args and eliminate compiler warnings. 5057 - Fixed case-sensitive comparisons of domain names (Henrik 5058 Nordstrom). 5059 - Added proxy-authentication to cachemgr.cgi's requests 5060 (Henrik Nordstrom). 5061 - Changed Squid to *truncate* rather than *unlink* purged 5062 swap files. Can be reversed by undefining 5063 USE_TRUNCATE_NOT_UNLINK in src/defines.h. 5064 - Changed internal icon headers to use Cache-control 5065 Max-age instead of Expires. 5066 - Changed storeMaintainSwapSpace behavior to be adjusted 5067 smoothly, instead of discretely, between store_swap_low 5068 and store_swap_high. This includes the number of 5069 objects to scan, number to remove, and time until the 5070 next storeMaintainSwapSpace event. 5071 - Fixed a quick_abort bug that incorrectly calculated 5072 content lengths. 5073 - Added getpwnam() auth module from Erik Hofman. 5074 - Added 'coredump_dir' option. 5075 - Fixed a peerDestroy() assertion that required peer->digest 5076 to be NULL at the end of peerDestroy(). 5077 - configure script now automatically enables dlmalloc for 5078 Solaris/x86. 5079 - configure enables poll() on linux 2.2 and later (Henrik). 5080 - Icon files are now distributed in binary format, install 5081 will not need to run 'sh' and 'uudecode'. 5082 - Fixed some bugs with large responses (>READ_AHEAD_GAP) and 5083 re-forwarding requests and ENTRY_FWD_HDR_WAIT. 5084 fwdCheckDeferRead() will NOT defer reading if the 5085 ENTRY_FWD_HDR_WAIT bit is set. 5086 - Fixed a "F->flags.open" assertion for aborted FTP PUT's. 5087 - Fixed a (double) cast problem that caused statAvgTick() 5088 events to be added as fast as possible. 5089 - Changed httpPacked304Reply() to not include the Content-Length 5090 header for 304 replies that Squid generates. We used to 5091 include the length of the cached object, and this broke 5092 persistent connections. 5093 5094 2.2.STABLE2: 5095 5096 - Fixed configure bug for statvfs() checks. Configure reports 5097 "test: =: unary operator expected" or similar because an 5098 unquoted variable is not defined. 5099 - Fixed aclDestroyAcls() assertion because some ACL types 5100 are not listed in the switch statement. Occurs for 5101 srcdom_regex and dstdom_regex ACL types during reconfigure. 5102 - Typo "applicatoin" in src/mime.conf 5103 - The unlinkd daemon never saw the USE_TRUNCATE_NOT_UNLINK 5104 #define because it didn't include squid.h. 5105 - Fixed commRetryFD() when bind() fails. commRetryFD was 5106 closing the filedescriptor, but it is the upper layer's 5107 job to close it. 5108 - Changed configure's "maximum number of filedescriptors" 5109 detection to only use getrlimit() for Linux. On AIX, 5110 getrlimit returns RLIM_INFINITY. 5111 - Fixed snmpInit() nesting bug. 5112 - Fixed a bug with peerGetSomeParent(). It was adding 5113 a parent to the FwdServers list, regardless of the 5114 ps->direct value. This could cause every request to 5115 go to a parent even when always_direct is used. 5116 - Changed fwdServerClosed() to rotate the "forward servers" 5117 list when a connection establishment fails. Otherwise 5118 it always kept trying to connect to the first server 5119 int the list. 5120 5121 2.2.STABLE3: 5122 5123 - Fixed preprocessor problems for HP-UX in lib/safe_inet_addr.c. 5124 - Avoid coredump in aclMatchAcl() if someone tries to use 5125 proxy authentication with a non-HTTP request (e.g. icp_access). 5126 - Moved 'ident_lookup_access' in squid.conf so it appears 5127 after the ACL section. 5128 - Fixed typo in squid.conf on "Config.Addrs.snmp_outgoing" 5129 - Fixed a case in clientCacheHit() where we thought it 5130 was a hit, but the reply status was not 200, so we 5131 had to perform a cache miss. We forgot to change the 5132 log_type and these were being recorded as TCP_HIT's. 5133 - Fixed a void pointer subtraction bug in delayIdPtrHashCmp(). 5134 - Fixed delay_pools coredump and memory leak bugs from 5135 NULL delay_id values. 5136 - Fixed a SEGV bug with delay_pools when requesting 5137 'objects' or 'vm_objects' from the cachemgr. 5138 - Added a workaround for buggy FTP servers that return 5139 a size of zero for non-zero-sized objects. 5140 - Removed umask(0) call from main(). 5141 - Fixed a peer selection bug that caused us to never select 5142 a neighbor based on ICP replies if the ICP timeout occurs. 5143 In conjunction with this, removed the PING_TIMEOUT state. 5144 - Fixed a store_rebuild bug that caused us to get stuck trying 5145 if a cache_dir subdirectory didn't exist. 5146 - Fixed a buffer overrun bug in gb_to_str(). 5147 5148 2.2.STABLE4: 5149 5150 - Fixed a dread_ctrl leak caused in store_client.c 5151 - Fixed a memory leak in eventRun(). 5152 - Fixed a memory leak of ErrorState structures due to 5153 a bug in forward.c. 5154 - Fixed detection of subdomain collisions for SPLAY trees. 5155 - Fixed logging of hierarchy codes for SSL requests (Henrik 5156 Nordstrom). 5157 - Added some descriptions to mib.txt. 5158 - Fixed a bug with non-hierarchical requests (e.g. POST) 5159 and cache digests. We used to look up non-hierarchical 5160 requests in peer digests. A false hit may cause Squid 5161 to forward a request to a sibling. In combination with 5162 'Cache-control: only-if-cached, this generates 504 Gateway 5163 Timeout responses and the request may not be re-forwardable. 5164 - Fixed a filedescriptor leak for some aborted requests. 5165 5166 5167Changes to Squid-2.1 (November 16, 1998): 5168 5169 - Changed delayPoolsUpdate() to be called as an event. 5170 - Replaced comm_select FD scanning loops with global fd_set 5171 structures. Inspired by Jeff Mogul's patch for squid 1.1. 5172 - Moved functions common to dns.c, redirect.c, authenticate.c, 5173 ipcache.c, and fqdncache.c into helper.c. 5174 - Changed storeClientCopy2() so that it keeps sending the remainder 5175 of a STORE_ABORTED request, instead of cutting off the client as 5176 soon as the object becomes aborted. 5177 - Fixed combined ipf-transparent proxy and a local http-accelerator 5178 operation (Quinton Dolan). 5179 - Rewrote base64_decode.c because of potential buffer overrun 5180 bugs. 5181 - Configurable handling of whitespace in request URI's. 5182 See 'uri_whitespace' in squid.conf. 5183 - Added ability to generate HTTP redirect messages from 5184 the redirector output by prepending "301:" or "302:" to the 5185 new url. See FAQ 4.16 for more details. 5186 - Eliminated refreshWhen() which was out-of-sync with refreshCheck() 5187 potentially causing under-utilized cache digests 5188 - Maintain refreshCheck statistics on per-protocol basis so we 5189 can tell why ICP or Digests return too many misses, etc. 5190 - Fixed delay_pools.c class2/class3 typo (Simon Woods). 5191 - Changed squid.conf's default access controls to deny all 5192 HTTP requests. Admins must write ACL rules to specifically 5193 allow their local clients. 5194 - Patched French error messages (Mathias HERBERTS). 5195 - NextStep porting fixes by Mike Laster: 5196 - use xstrdup() in cf_gen.c 5197 - check for putenv() in configure 5198 - #define S_ISDIR macro 5199 - Added --disable-poll configure option (Henrik Nordstrom). 5200 - Fixed internal URL hostname case bugs (Henrik Nordstrom). 5201 - Patched ftp.c so we never cache autenticated FTP requests 5202 (Henrik Nordstrom). 5203 - Fixed FTP authentication. We tried to unescape authentication 5204 given by basic authentication which is not URL escaped 5205 (Henrik Nordstrom). 5206 - Fixed HTTP version for common logfile format (Henrik Nordstrom). 5207 - Added 'redirect_rewrites_host_header' option to disable rewriting 5208 of Host header for redirector responses (Henrik Nordstrom). 5209 - Allow semi-customized error message signatures (Henrik Nordstrom). 5210 - Fixed bug with errors for unsupported requests (Henrik Nordstrom). 5211 - Fixed handling of blank lines in ACL input files (Henrik 5212 Nordstrom). 5213 - Changed proxy_auth ACL type to consist of a list of valid 5214 users. REQUIRED == any (same as ident ACL). ACL type user 5215 changed to ident since this is what it really is. 5216 (Henrik Nordstrom). 5217 - Fixed long URL bugs; make sure 'log_uri' never exceeds 5218 MAX_URL bytes. 5219 - Allow comments in external ACL files (Gerhard Wiesinger). 5220 - Added 'range_offset_limit' configuration option. Requests 5221 with ranges that start after this value will be passed 5222 on unmodified, and Squid will not cache the response 5223 (Henrik Nordstrom). 5224 - Added Client HTTP Hit byte counters to 'counters' output 5225 (Douglas Swarin). 5226 - Got Squid to compile with --enable-async-io on FreeBSD. 5227 - Fixed infinite loop bug for cachemgr 'config' option. 5228 - Fixed cachability bugs for replies with Pragma: no-cache. 5229 - Made content-type multipart/x-mixed-replace uncachable. 5230 - Y2K fix for parsing dates in "Wed Jun 9 01:29:59 1993 GMT" 5231 format (Richard Kettlewell). 5232 - Fixed passing -s option to dnsserver processes (Alvaro Jose 5233 Fernandez Lago). 5234 - Changed proxy_auth to work on internal objects and when in 5235 accelerator mode. (Henrik Nordstrom) 5236 - Added login=user:password option to cache_peer directive to 5237 be used from a dial-up cache where the parent requires proxy 5238 authentication. (Henrik Nordstrom) 5239 - If you want to "auto-login", then use a URL on the form 5240 http://username:password@server/.... Squid now picks this up 5241 when going direct, and turns it into basic WWW 5242 authentication. It is also possible to do automatic login to 5243 certain servers by using a redirector to add the needed 5244 authentication information. (Henrik Nordstrom) 5245 - Changed refreshCheck() so that objects with negative age 5246 are always stale. 5247 - Fixed "plain" FTP listings (Henrik Nordstrom). 5248 - Fixed showing banner/logon message for top-level FTP 5249 directories (Henrik Nordstrom). 5250 * Changes below have been made to SQUID_2_1_PATCH1 5251 - Fixed pinger packet size assertion. 5252 - Fixed WAIS forwarding. 5253 - Fixed dnsserver coredump bug caused by using both -D and 5254 -s options. 5255 * Changes below have been made to SQUID_2_1_PATCH2 5256 - Fixed EBIT macro bugs when the bitmask is a 64-bit long. 5257 - Fixed proxy auth NULL password bug. 5258 - Fixed queueing of multiple peerRefreshDNS events. 5259 - Added a stack of StoreEntry objects to be released after 5260 store rebuild completes. 5261 - Fixed NULL pointer bugs with too-large requests (found by 5262 Martin Lathoud). 5263 - Fixed reading replies from buggy ident servers. Replies 5264 might not have terminating CR or LF (Henrik Nordstrom). 5265 - Changed internal StoreEntry key so that the request method 5266 is encoded as a single octet. Encoding an enumerated type 5267 has size and byte-order incompatibilities, especially for 5268 cache digests. 5269 - Fixed storeEntryLocked so that SPECIAL, but PRIVATE entries 5270 are not always locked. This fixes having multiple 5271 store_digest's stuck in memory. 5272 - Fixed clientProcessOnlyIfCachedMiss so it unlocks and 5273 unregisters from "cache hit" entries. 5274 * Changes below have been made to SQUID_2_1_PATCH3 5275 - Fixed memory leak in clientHandleIMSReply for 5276 storeClientCopy failures. 5277 5278Changes to Squid-2.0 (October 2, 1998): 5279 5280 - Added NAT/Transparent hijacking code from Quinton Dolan. 5281 - Added actual filesystem usage to cachemgr 'storedir' page. 5282 Only works for operating systems which support statvfs(). 5283 - Fixed HTCP compile-time bugs. 5284 - Fixed quick_abort bugs. Configured values are stored as 5285 Kbytes, not bytes. 5286 - Removed fwdAbortFetch(). It breaks quick_abort and seems 5287 mostly useless. 5288 - Changed storeDirSelectSwapDir() to skip swap directories 5289 when their utilization is over the high water mark ratio. 5290 - Fixed off-by-one bug for dead neighbor detection (Joe Ramey). 5291 - fixed bugs in Content-Range header generation 5292 - changed the way Range requests are handled: 5293 - do not "advertise" our ability to process ranges at 5294 all 5295 - on hits, handle simple ranges and forward complex 5296 ones 5297 - on misses, fetch the whole document for simple ranges 5298 and forward range request for complex ranges 5299 The change is supposed to decrease the number of cases when 5300 clients such as Adobe acrobat reader get confused when we 5301 send a "200" response instead of "206" (because we cannot 5302 handle complex ranges, even for hits) Note: Support for 5303 complex ranges requires storage of partial objects. 5304 - Removed SNMP mib-2.system group from squid. 5305 - Removed SNMP ability to iterate through ipcache and friends. 5306 - Added SNMP ipcache/fqdncache basic statistics. 5307 - Converted SQUID-MIB to SMIv2 (RFC 1902). 5308 - Moved SQUID-MIB to enterprises section of the tree in preparation 5309 of the split into PROXY-MIB & SQUID-MIB. 5310 - Corrected minor errors in SQUID-MIB. 5311 - Moved uptime into cacheSystem from cacheConfig. 5312 - Corrected a number of get-next-request bugs, snmpwalk should now 5313 return all objects and not skip some. 5314 - Fixed netdbClosestParent() so it won't return sibling 5315 peers. 5316 - Fixed a bug with secondary clients on entries with 5317 ENTRY_BAD_LENGTH set. We should release the 5318 bad entry to prevent secondary clients jumping on. 5319 - Changed MIB to prevent parse warnings at startup. 5320 * Changes below have been made to SQUID_2_0_PATCH1 5321 - Fixed a forwarding loop bug. Even though we were detecting 5322 a loop, it was not being broken. 5323 - Try to prevent sibling forwarding loops by NOT forwarding a 5324 request to a sibling if we have a stale copy of the object. 5325 Validation requests should only be sent to parents (or 5326 direct). 5327 - Fixed ncsa_auth hash bugs when re-reading password file. 5328 - Changed clientHierarchical() so that by default SSL/CONNECT 5329 requests do NOT go to neighbor caches. 5330 - Changed clientHandleIMSReply() to not call storeAbort() 5331 because there can be more than one client hanging on the 5332 StoreEntry. This hopefully fixes "store_status != 5333 STORE_ABORTED" assertions. 5334 - Added temporary fix to httpMakePublic() to prevent assertions 5335 (!EBIT_TEST(e->flags, RELEASE_REQUEST)) in storeSetPublicKey(). 5336 * Changes below have been made to SQUID_2_0_PATCH2 5337 - PATCH1 introduced a seriously stupid bug which prevented ICP 5338 queries for all requests. Fixed by checking 5339 request->hierarchical in peerSelectFoo(). 5340 5341Changes to squid-1.2.beta25 (September 21, 1998): 5342 5343 - Fixed async IO bugs from adding filedescriptor arg to AIOCB 5344 callbacks (Henrik Nordstrom). 5345 - Fixed store_swapout.c assertion. We were freeing object data 5346 past the swapout_done offset. This probably happens (only?) 5347 when an object changes from cachable to uncachable while 5348 it is being swapped out. 5349 - Added MEM_CLIENT_SOCK_BUF type so we can change the size 5350 of the buffers used for writing data to the client sockets. 5351 - Added configure check for libbind.a. If found, it will be 5352 used instead of libresolv.a. 5353 - Changed fwdStart() to always allow internally generated 5354 requests, such as for peer digests. These requests are 5355 known to fwdStart() because the address arg is set to 5356 'no_addr'. 5357 - Completed initial HTCP implementation. It works, but is not 5358 tested much. 5359 - Added counters for I/O syscalls. 5360 - Fixed httpMaybeRemovePublic. With broken ICP neighbors 5361 (netapp) Squid doesn't use private keys. This caused us 5362 to remove almost every object from the cache. 5363 - Added 'asndb' cachemgr stats to show AS Number tree. 5364 - Fixed AS Number byte-order bug for netmasks. 5365 - Fixed comm_incoming calling rate for high loads (Stewart 5366 Forster). 5367 - Give always_direct higher precedence than never_direct 5368 (Henrik Nordstrom). 5369 - Changed PORT ACL type to accept ranges. Now you can easily 5370 deny, for example, all priveleged ports except 80, 70, 21, 5371 etc. 5372 - ARP ACL fixes for Linux (David Luyer). 5373 - Replaced various "EBIT" flags bitfileds with structures of 5374 "int:1" members. 5375 - Changed storeKeyPrivate and storeKeyPublic to be a bit more 5376 efficient by removing snprintf(). This causes an 5377 incompatibility with old cache keys, however. To transition, 5378 we will look up both the new and old style keys for about the 5379 next 30 days. After that, if you haven't run this (or a 5380 future) version, your cache contents will be lost. 5381 - Made the client-side write buffer size configurable with 5382 a #define in defines.h. By default it is still 4096 bytes. 5383 - Removed redirectUnregister(). It should be unnecessary 5384 because of cbdata locks. 5385 - Fixed multiple HEAD request brokennesses (Henrik Nordstrom). 5386 - Changed non-blocking connect(2) code to call getsockopt() 5387 instead of connect() again. This is the approach recommended 5388 by Stevens, and fixes bugs on BSD-ish systems when subsequent 5389 connect() calls loop with EAGAIN status. 5390 - Added MD5 cache keys to memory pool accounting. 5391 - Added code to track number of open DISK descriptors and stop 5392 swapping out objects if the number of disk descriptors becomes 5393 too large. For now the limit must be manually configured with 5394 the 'max_open_disk_fds'. By default, there is no limit. 5395 - Stopped encoding a request method in the high byte of the ICP 5396 reqnum field. Instead queried cache keys are copied to a 5397 static array, indexed by the reqnum, modulo the array size. 5398 Now we just use the request number to lookup a cache key, 5399 instead of rebuilding it from the ICP reply URL and method, 5400 unless we have netapp neighbors--they don't do reqnum 5401 properly. 5402 - Fixed reconfigure memory access bugs in redirect.c. 5403 - Ignore unreasonably large ICP RTT values which cause overflow 5404 bugs in calculating the average RTT (thanks Niall!) 5405 5406Changes to squid-1.2.beta24 (August 21, 1998): 5407 5408 - Added Bulgarian error pages by Evgeny Gechev. 5409 - Changed StoreEntry->lock_count to a u_short. 5410 - Replaced urlcmp with strcmp 5411 - Fixed pragma no-cache ejecting ENTRY_SPECIAL objects 5412 (Henrik Nordstrom). 5413 - Eliminated unneeded BASE HREF on "root" directories (Henrik 5414 Nordstrom). 5415 - Fixed peerDigestFetchFinish() assertion caused by forwarding 5416 failures (e.g. miss_access rules). 5417 - Changed signal handlers with ASYNC_IO and Linux so that 5418 -k command line options work (Miquel van Smoorenburg). 5419 - Rewrote shutdown code to use events instead of setting 5420 FD timeouts. 5421 - Fixed cachemgr 'objects' (statObjects()) by adding a check 5422 for READ_AHEAD_GAP, and calling storeCheckSwapout() in 5423 storeBufferFlush(). Otherwise, the read-past pages would 5424 never be freed. 5425 - Fixed DNSSERVER shutdown bugs. The re-opened dnsserver processes 5426 were being closed by the dnsServerShutdown event. 5427 - Modified storeHashInsert() to insert PRIVATE objects at 5428 the tail of the LRU list, and PUBLIC objects at the head. 5429 Thus, PRIVATE objects get kicked out quicker. 5430 - Added David Luyer's DELAY_POOLS code. 5431 - Fixed a bug due to HEAD replies which lack the end-of-headers 5432 line. 5433 - Made proxy-auth realm string configurable (Bob Franklin) 5434 - Changed default mime time to a viewable one (Henrik Nordstrom). 5435 - configure fixes for Sony's NEWS-OS 6.x (Makoto MATSUSHITA). 5436 - Fixed 'you are running out of filedescriptors' bug which 5437 could cause the HTTP incoming connection handler to not 5438 be reset. 5439 - Changed syslog logging. Now squid debug levels 0 and 1 go 5440 to syslog. Level 0 gets LOG_WARNING and level 1 gets LOG_NOTICE 5441 (this needs more work!) 5442 - Fixed memory access errors in statAvgTick(). 5443 - Fixed duplicate requestUnlink() bug in forward.c 5444 - Fixed possible memory access bugs from not setting e->mem_obj 5445 = NULL in destroy_MemObject(). 5446 - Deleted TCP_IMS_MISS tag. Always use TCP_IMS_HIT instead. 5447 - Modified headersEnd and httpMsgIsolateHeaders to account 5448 for funky line terminations such as CRCRNL. 5449 (``but Netscape and IE _tolerate_ this'') 5450 - Fixed carp functions (Eric Stern). 5451 - Replaced internal proxy_auth code with extern authentication 5452 module (Arjan de Vet). 5453 - moved hash.c to libmiscutil.a. 5454 - Fixed handling of ICP queries with whitespace in URLs. 5455 Now we return ICP error and escape the URL before logging. 5456 - Added configure check for socklen_t (David Luyer). 5457 - Removed USE_SPLAY #defines; it is now standard. 5458 - Added FD arg to async IO callbacks (AIOCB) so we can eliminate 5459 temporary disk_ctrl_t structures. 5460 - Changed ENOSPC disk write errors to reduce specific cache_dir 5461 sizes, and not just the size of the cache as a whole. 5462 - Added httpMaybeRemovePublic() to purge public objects for 5463 certain responses even though they are uncachable. This is 5464 needed, for example, when an initially cachable object 5465 later becomes uncachable. 5466 - Added refresh_pattern options to ignore client reloads 5467 (Henrik Nordstrom) 5468 - Relocated disk.c code which combines blocks for writing 5469 (Stewart Forster). 5470 5471Changes to squid-1.2.beta23 (June 22, 1998): 5472 5473 - Added Turkish error pages by Tural KAPTAN. 5474 - Added basic support for Range requests. For most cachable 5475 requests, Squid replies with an "Accept-Ranges" header. Upon 5476 receiving a potentially cachable Range request for a not 5477 cached object, Squid requests the whole object from origin 5478 server and then replies with specified range(s) to the 5479 client. Multi-range requests are supported. Adjacent 5480 overlapping ranges are merged. If-Range requests are 5481 supported. Limitations: Multi-range requests with out of 5482 order ranges are not supported. 5483 - Made md5.c use standard memcpy and memset if they are 5484 avaliable. 5485 - Memory pools will now shrink if Squid is run-time 5486 reconfigured with smaller value of memory_pools_limit tag. 5487 - Added counter for number of clients (Tomi Hakala). 5488 - Changed neighbor UP/DOWN algorithm to require 10 failed TCP 5489 connections for UP->DOWN transition. 5490 - Added 'unique_hostname' configuration option when its 5491 necessary to have multiple machines with the same visible 5492 hostname. 5493 - Fixed pumpReadFromClient() to not read too many bytes on 5494 persistent connections. 5495 - We can now cache HTTP replies with Set-Cookie. These evil 5496 headers are now filtered out for cache hits on the client 5497 side. 5498 - Fixed SNMP bugs caused by using snmpwalk. 5499 - Fixed snmp system Group; all objects are now returned. 5500 - Fixed snmp system Group sysDescr and sysContact. 5501 - Fixed snmp system Group sysObjectID it now returns a OBJECT 5502 IDENTIFIER. 5503 - Allocate FwdState from mem pools. 5504 - Minor HTCP progress. 5505 - Moved 'miss_access' ACL check from client_side.c to forward.c 5506 - Fixed logging of usernames for requests which require 5507 proxy-authentication. 5508 - Fixed HTTP request parser to accept lowercase HTTP identifier 5509 (Oskar Pearson). 5510 - Fixed FTP listings to always include links to the parent 5511 directory (Henrik Nordstrom). 5512 - Fixed FTP to show an "empty" listing instead of showing 5513 a "document contains no data" error (Henrik Nordstrom). 5514 - Fixed refreshCheck() bug. Often it was checking the 5515 refresh patterns against the string "[null_mem_obj]" 5516 because we moved URLs to MemObject. 5517 - Added CARP support by Eric Stern. 5518 - Fixed select-spin bug when an ICP reply actually gets queued 5519 and we failed to execute the write callback. 5520 - Fixed a storeCheckSwapOut bug. We were freeing up to 5521 the queued offset instead of the done offset. This 5522 resulted in a small chunk of object data not being in 5523 memory and not yet written to disk. A client could 5524 recieve a partial object because file_read() unexpectedly 5525 returns EOF. 5526 - Fixed proxy-authentication hangs (Henrik Nordstrom). 5527 - Fixed request_t->flags bug causing authenticated, proxied 5528 responses to be cached (Arjan de Vet). 5529 - Fixed MIME types for .tgz extension (Henrik Nordstrom). 5530 - Added view and download options to FTP listings (Henrik 5531 Nordstrom). 5532 - Modified configure to allow using pre-installed libdlmalloc.a 5533 (Masashi Fujita). 5534 - Fixed cachemgr 'objects' implementation. 5535 - Changed refreshCheck() algorithm. For cached objects, we 5536 now check, in the following order: 5537 * request max-age 5538 * response Expires (if present) 5539 * refresh_pattern max-age 5540 * response Last-Modified compared to refresh_pattern 5541 LM-factor (only if Last-Modified is present) 5542 * refresh_pattern min-age 5543 - Changed Copyrights. 5544 5545Changes to squid-1.2.beta22 (June 1, 1998): 5546 5547 - do not cut off "; parameter" from "digitized" Content-Type 5548 http fields 5549 - Added X-Request-URI for persistent connection debugging 5550 (Henrik Nordstrom) 5551 - Added Polish error pages from Maciej Kozinski. 5552 - Fixed hash_first/hash_next bugs with **Current pointer. 5553 Replaced with *next pointer. 5554 - Fixed PUT/POST bugs in client (Henrik Nordstrom). 5555 - Deny forwarding loops in httpd accel mode (Henrik Nordstrom). 5556 - Fixed eventRun "spin" bug when event delta time == 0. 5557 - Fixed setting Last Modified time on cached entries when 5558 receiving a 304 reply. 5559 - Added while loop in httpAccept(). 5560 - Added while loop in icpHandleUdp(). 5561 - Fixed some small memory leaks. 5562 - Fixed single-bit-int flag checks (Henrik Nordstrom). 5563 - Replaced "complex" (offset accounting) calls to snprintf with MemBuf 5564 - Do not send only-if-cached cc directive with requests 5565 for peer's digests. 5566 - Added "automatic tuning" for incoming request rate, i.e. 5567 how often to check HTTP and ICP sockets. See comm.c 5568 comments for details. 5569 5570Changes to squid-1.2.beta21 (May 22, 1998): 5571 5572 - Added Italian error pages by Alessio Bragadini. 5573 - Added Estonian error pages by Toomas Soome. 5574 - Added Russian (koi-r) error pages by Andrew L. Davydov. 5575 - Added Czech error pages by Jakub Nantl. 5576 - Fixed asnAclInitialize calling to prevent coredump. 5577 - Fixed FTP directory parsing again. 5578 - Made FTP directory listing "Generated" tagline like 5579 the one for error pages. 5580 - Fixed an assertion coredump in statHistCopy from 5581 reconfiguring with different #peers in squid.conf 5582 - Ignore leading whitespace on requests (and replies). RFC 5583 2068 section 4.1, robustness (Henrik Nordstrom) 5584 - Fixed keep_alive bug. We did not always honour reply 5585 headers, but rather assumed connections could be persistent. 5586 - Fixed reading whois output for AS numbers, especially when 5587 they are longer than 4 KB. 5588 - Removed 'cache_stoplist_pattern' configuration option. This 5589 feature is now handled by 'no_cache'. 5590 - If a URN resolves to only one URL, just return it immediately 5591 instead of giving the user a "choice" (Andy Powell). 5592 - Fixed year-2000 bug in lib/iso3307.c (Henrik Nordstrom). 5593 - Changed squid-internal object names. 5594 - Added netdb exchange protocol. 5595 - Fixed wordlistDestroy() uninitialized pointer bug in 5596 ftpParseControlReply. 5597 - Fixed redirector subprocess to show real program name. 5598 - Changed URN menu output to be sorted. 5599 - Added fast select(2) timeouts when using ASYNC_IO. 5600 - Added ARP ACL support for Linux (David Luyer). 5601 - Added binary http headers to requests 5602 - request_t objects are now created and destroyed in a consistent way 5603 - Fixed cache control printf bug 5604 - Added a lot of new http header ids 5605 - Improved Connection: header handling; now both Connection and 5606 Proxy-Connection headers are checked for connection directives 5607 - Connection request header is now handled correctly regardless 5608 of its position and the number of entries 5609 - Only replies with valid Content-Length can be sent with keep-alive 5610 connection directive (Henrik Nordstrom) 5611 - Better handling of persistent connection "clues" in HTTP headers; 5612 the decision now depends on HTTP version (and User-Agent exceptions) 5613 - Removed handling of "length=" directive in IMS headers; 5614 the directive is not in the HTTP/1.1 standard; 5615 standing by for objections 5616 - allowed/denied headers are now checked using bit masks instead of 5617 strcmp loops 5618 - removed Uri: from allowed headers; Uri is deprecated in RFC 2068 5619 - removed processing of Request-Range header (not in specs?) 5620 - Fixed byte-order bugs in cacheDigestHashKey. 5621 - Changed hash_remove_link() to return void. 5622 - Changed ipcache_gethostbyname() to return NULL if 5623 i->addrs.count == 0. 5624 - Added millisecond-timing to select/poll loops and event 5625 queue. 5626 - Changed 'peerPingTimeout' value to be twice the average 5627 of all the peer ICP RTT's. 5628 - Added 'half_closed_clients' option to force closing of 5629 client connections which might only be half-closed. 5630 - Fixed matchDomainName coredump bug. 5631 - Don't cache HTTP replies with Vary: headers until we 5632 get content negotiation working. 5633 - Fixed SSL proxying to forward full HTTP request headers. 5634 - Changed storeGetMemSpace(). Only purge down to the HIGH 5635 water mark; move locked entries to the head of the inmem 5636 list. 5637 - Changed clientReadRequest() to locally handle any 5638 "squid-internal-static" URL for any host. 5639 - Disable persistent connections for client connections 5640 from broken Netscape User-Agent, version 3.* (Stewart Forster) 5641 5642Changes to squid-1.2.beta20 (April 24, 1998): 5643 5644 - Improved support for only-if-cached cache control directive. 5645 - Enabled 304 replies for ENTRY_SPECIAL objects (e.g., icons). 5646 - Fixed 'quick_abort' percent calculation bug. 5647 - Fixed quick_abort FPE bug. 5648 - Changed more errno-checking functions to use ignoreErrno(). 5649 - Added ERESTART to ignoreErrno() because of report from 5650 a Solaris system. 5651 - Fixed '#elsif' typo. 5652 - Fixed MemPool assertion by moving memInit() to before 5653 configuration parsing functions. 5654 - Fixed default 'announce_period' value (was 1 day, should 5655 be 0) (Joe Ramey). 5656 - Added configure warning for low filedescriptors and pointer 5657 to FAQ. 5658 - Fixed httpBodySet() bug causing URN related coredumps. 5659 - Changed ipcacheCycleAddr() to always cycle through all all 5660 available addresses, and not just advance when one of 5661 them goes BAD. 5662 - Fixed squid-internal bug for mixed-case hostnames (Henrik 5663 Nordstrom). 5664 - Fixed ICP counting probelm. icpUdpSend() arg should be 5665 LOG_ICP_QUERY instead of LOG_TAG_NONE. 5666 - Added some additional fault toleranse on FTP data channels 5667 (Henrik Nordstrom). 5668 - Corrected error reporting on FTP "hacks" (Henrik Nordstrom). 5669 - Added lock/unlock for StoreEntry during storeAbort(). 5670 - Added filemap bit usage stats to cachemgr 'storedir' and 5671 'info'. 5672 - Replaced 'cache_stoplist' with 'no_cache' Access list. 5673 - Fixed (hopefully) remaining swapfile-open-at-exit bugs. 5674 - Fixed default hierarchy_stoplist to be ``default if none.'' 5675 - Fixed 'fake a recent reply' hack for detecting DEAD 5676 and ALIVE neighbors (Joe Ramey). 5677 - Fixed FTP directory parsing bugs (Joe Ramey). 5678 - Fixed ftpTraverseDirectory coredump for NULL ftpState->filepath 5679 (Joe Ramey). 5680 - Fixed daylight savings time bug (again). 5681 - A lot of Cache Digests additions, fixes, and tuning. 5682 Cache Digests are still "very experimental". 5683 - Fixed snprintf() bug. When len == 1, snprintf() would treat 5684 the buffer as unknown size, emulating sprintf() behaviour. 5685 - Made Error page language configurable with configure script 5686 (Henrik Nordstrom). 5687 - Fixed squid-internal URLs when http_port == 80. 5688 - Remember the client address on redirected requests (Henrik 5689 Nordstrom). 5690 - Don't rebuild the request if the redirector returned the same 5691 URL (Henrik Nordstrom). 5692 - Rewrite Host: header on redirected requests (Henrik 5693 Nordstrom). 5694 - Include port (if non-standard) in generated Host: headers 5695 (Henrik Nordstrom). 5696 - Fixed rfc1123 timezone hacks for Windows NT 5697 (Henrik Nordstrom). 5698 - Added Russian Error pages by Ilia Zadorozhko. 5699 - Added totals for ICP and HTTP hits to cachemgr client_list 5700 output. 5701 - Changed error message to 'Generated TIME by HOST (SQUID/VER)' 5702 because any string with an '@' must be an email address. 5703 - Fixed POST for content-length == 0. 5704 - Fixed "huge 304 reply" loop bug. 5705 - Fixed --enable-splaytree compile bugs. 5706 - Removed ASN lookup code in peer_select.c. 5707 - Added warnings if ACL code detects subdomains in SPLAY 5708 trees. 5709 - Rewrote some bits of httpRequestFree() to eliminate 5710 possible bugs that could cause an "e->lock_count" asseertion. 5711 - Added value/bounds checking to _db_init() when setting 5712 the debugLevels[] array. 5713 5714Changes to squid-1.2.beta19 (Apr 8, 1998): 5715 5716 - Squid-1.2.beta19 compiles and runs on Windows/NT with 5717 Cygnus Gnu-WIN32 b19 (Henrik Nordstrom). 5718 - Added French Error pages by Frank DENIS. 5719 - Added Dutch Error pages by Mark Visser 5720 - Added German Error pages by Bernd P. Ziller, Jens Frank, 5721 and Anke S. 5722 - Added support for only-if-cached cache-control directive. 5723 - Added RELAXED_HTTP_PARSER #define to allow requests which are 5724 missing the HTTP identifier on the request line (e.g. buggy 5725 SpyGame queries). RELAXED_HTTP_PARSER is undefined by default. 5726 - Fixed disk.c FD leak for delayed closes in 5727 diskHandleWriteComplete(). 5728 - Fixed cache announcement feature. 5729 - Fixed httpReadReply() to retry failed HTTP requests on 5730 persistent connections when read() returns -1, not only 5731 when it returns 0. 5732 - Fixed cbdata memory counting leak. cbdataUnlock() always 5733 called free(), never memFree(). 5734 - Fixed storeDirWriteCleanLogs() malloc bug on Alphas. 5735 - Fixed `++loopdetect < 10' assertion due to 5736 clientHandleIMSReply bug for invalid/partial HTTP 5737 replies. 5738 - Added preliminary code for HTCP. 5739 - Renamed 'aux' dir to 'cfgaux' for legacy DOS machines. 5740 - Added "snmp_community" as an ACL type. 5741 - Cleaned up proxy-auth acl implementation and removed 5742 memory leaks. 5743 - Added generic 'hashFreeItems()' function for efficiently 5744 freeing hash table pointers. 5745 - Added whoisTimeout() for ASN code. 5746 - Removed BINARY TREE code. 5747 - Fixed forgetting to reset Config.Swap.maxSize in 5748 configDoConfigure. 5749 - Fixed httpReplyUpdateOnNotModified() arguments-in-wrong-order 5750 bug which caused not modified replies to not get updated. 5751 - Fixed client_side.c bugs which could cause data to be written 5752 to the client in the wrong order for persistent connections. 5753 clientPurgeRequest() and clientHandleIMSComplete() must not 5754 call comm_write(). Instead they must create and write to 5755 StoreEntry's. 5756 - Fixed ICP query service time counting bug(s). 5757 - replaced 'char *mime_headers_end()' with 'size_t headersEnd()' 5758 to fix buffer overruns. This also requires adding 'buf_sz' 5759 args to some functions like clientBuildReplyHeader(). 5760 But we can eliminate the need to NULL-terminate the 5761 buffer beforehand. 5762 - Changed commConnectCallback() to reset the FD timeout to 5763 zero before notifying about the connection. This requires 5764 commSetTimeout() calls in numerous places to reinstall 5765 timeouts. 5766 - Changed comm_poll_incoming() to be called less frequently 5767 (every 15 I/O's instead of every 7 FD's) (Michael O'Reilly). 5768 - Removed HAVE_SYSLOG case for debug() macro. Almost all 5769 systems do have syslog(), but more importatnly the 5770 _db_level value is needed for debugging to stderr. 5771 - Rewrote squid/dnsserver interface to use smaller, single-line 5772 messages. 5773 - Rewrote 'dns' cachemgr output to use a table format. 5774 - Rewrote a lot of dnsserver.c. 5775 - Added eventAddIsh() for semi-random event scheduling. 5776 - Fixed an ftpTimeout bug for sessions which use PORT 5777 commands. 5778 - Fixed ftp.c to recognized invalid PASV replies (e.g. 5779 port == 0). 5780 - Removed hash_insert(). All hasing uses hash_join() now. 5781 - Renamed hash_unlink() to hash_remove_link(). 5782 - Added hashPrime() to find closes prime hash table size 5783 to a given value. 5784 - Fixed Keep-Alive ratio counting bug which prevented 5785 persistent connections from being used between cache 5786 peers. 5787 - Changed icmp.c to NOT queue messages sent from squid to 5788 the pinger program. 5789 - Changed icp_v2.c to NOT queue ICP messages by default. 5790 But they will be queued and resent once if the first 5791 send fails. Counters.icp.queued_replies counts the 5792 number of messaages queued. 5793 - Cleaned up ICP logging. 5794 - Added identTimeout(). 5795 - Fixed ipcache reply counting bug. Overcounted dnsserver 5796 replies for partial replies. 5797 - Added urlInternal() for building internal Squid URLs. 5798 - Changed peerAllowedToUse() to check both 'cache_peer_domain' 5799 AND 'cache_peer_acl' configurations. This should be changed 5800 in the fugure to use ONLY cache_peer_acl. 5801 - Changed DEAD/REVIVED neighbor detection to avoid reporting 5802 so many false deaths. (Joe Ramey). 5803 - Added some preliminary code to support "cache digests." 5804 - Fixed pumpClose() coredumps (?). 5805 - Updated cachemgr 'info' output to show median service 5806 times for various categories. 5807 - Fixed ABW bug in storeDirWriteCleanLogs(). sizeof(off_t) 5808 != sizeof(int) for Alphas. 5809 - Fixed potential alignment problem in storeDirWriteCleanLogs(). 5810 - Fixed store_rebuild.c to NOT replace current, but 5811 not-swapped-out StoreEntry's with on-disk entries. 5812 - Changed storeCleanup() to call storeRelease on invalid 5813 entries which don't have a swapfile (i.e. no unlink() 5814 penalty). 5815 - Fixed storeSwapInStart() to fail for unvalidated 5816 entries. 5817 - SNMP changes: 5818 . renovated mib and added descriptions and comments 5819 . added hit and byte counters to client_db , for 5820 cacheClientTable 5821 . cacheClientTable, netdbTable, cachePeerTable, 5822 cacheConnTable now indexed by ip address. hash_lookup was 5823 enhanced to allow for subsequent hash_next's similar to 5824 hash_first, to speed up getnext's in tables which refer to 5825 hash-table structures. 5826 . added generic (well, sorf of) table indexing functionality 5827 . added makefile dependencies for snmplib and cache_snmp.h 5828 . WaisHost, WaisPort, Timeouts removed 5829 . FdTable split into FdTable and ConnTable. FdTable simplified 5830 . PeerTable and PeerStat merged and put into new cacheMesh 5831 group 5832 . cacheClientTable added for client statistics and accounting 5833 (cacheMesh 2) 5834 . cacheSec and cacheAccounting groups removed 5835 . fixed acl bug when communities not defined 5836 . snmp_acl now survives bad configuration 5837 5838Changes to squid-1.2.beta18 (Mar 23, 1998): 5839 5840 - Added v1.1 'test_reachability' option. 5841 - Fixed hash4() len == 0 bug. 5842 - Fixed Config.Swap.maxSize reconfigure bug. 5843 - Fixed ICP query bug determining request method. 5844 - Moved ICP's storeGet() cache lookup into neighborsUdpAck() 5845 so that we know neighbors are alive even when they send 5846 us replies for unknown entries. 5847 - Changed configure script to add '-std1' for Digital Unix cc. 5848 - Fixed SNMP sizeof(int) / sizeof(long) bugs for 64-bit 5849 systems. 5850 - Added support for 'Cache-Control: Only-If-Cached' request header. 5851 - Fixed CheckQuickAbort() bugs for multiple clients on one 5852 StoreEntry. Also changed storePendingNClients() to return 5853 mem->nclients instead of counting the number of store_client 5854 entries with pending callback functions. 5855 5856Changes to squid-1.2.beta17 (Mar 17, 1998): 5857 5858 - SNMP MIB version check changed to non-rcs. 5859 - Added memory pools for variable size objects (strings). 5860 There are three pools; for small, medium, and large objects. 5861 - Extended String object to use memory pools. Most fixed size char 5862 array fields will be replaced using string pools. Same for most 5863 malloc()-ed buffers. 5864 - Changed icon handling to use the hostname and port of the squid 5865 server, instead of the special hostname "internal.squid" 5866 (Henrik Nordstrom). 5867 - All icons are now configured in mime.conf. No hardcoded icons, 5868 including gohper icons (Henrik Nordstrom). 5869 - Fixed ICP bug when we send queries, but expect zero 5870 replies. 5871 - Fixed alignment/casting bugs for ICP messages. 5872 - A generic client-to-server "pump" was added to handle HTTP 5873 PUT as well as POST methods on the client-cache side. Based on 5874 "pump" PUT requests can be made to either HTTP or FTP url's. 5875 Code is still beta and interoperability with browsers etc has 5876 not been tested. 5877 - Put #ifdefs around 'source_ping' code. 5878 - Added missing typedef for _arp_ip_data (Wesha). 5879 - Added regular-expression-based ACLs for client and server 5880 domain names (Henrik Nordstrom). 5881 - Fixed ident-related coredumps from incorrect callback data. 5882 - Fixed parse_rfc1123() "space" bug. 5883 - Fixed xrealloc() XMALLOC_DEBUG bug (not calling check_free()).. 5884 - Fixed some src/asn.c end-of-reply bugs and memory leaks. 5885 - Fixed some peer->options flag-setting bugs. 5886 - Fixed single-parent feature to work again 5887 - Removed 'single_parent_bypass' configuration option; instead 5888 just use 'no-query'. 5889 - Surrounded 'source_ping' code with #ifdefs. 5890 - Changed 'deny_info URL' to use a custom Error page. 5891 - Modified src/client.c for testing POST requests. 5892 - Fixed hash4() for SCO (Vlado Potisk). 5893 5894Changes to squid-1.2.beta16 (Mar 4, 1998): 5895 5896 - Added Spanish error messages from Javier Puche. 5897 - Added Portuguese error messages from Pedro Lineu Orso 5898 - Added a simple but very effective hack to cachemgr.cgi that tries to 5899 interpret lines with '\t' as table records and formats them 5900 accordingly. With a few exceptions (see source code), first line 5901 becomes a table heading ("<th>" html tag) and the rest is formated 5902 with "<td>" tags. 5903 - Added "mem_pools_limit" configuration option. Semantics of 5904 "mem_pools" option has also changed a bit to reflect new memory 5905 management policy. 5906 - Reorganized memory pools. Squid now supports a global pool 5907 limit instead of individual pool limits. Per-pool limits can be 5908 implemented on top of the current scheme if needed, but it is 5909 probably hard to guess their values. Squid distributes pool 5910 memory among "frequently allocated" objects. There is a 5911 configurable limit on the total amount of "idle" memory to be 5912 kept in reserve. All requests that exceed that amount are 5913 satisfied using malloc library. Support for variable size 5914 objects (mostly strings) will be enabled soon. 5915 - memAllocate() has now only one parameter. Objects are always 5916 reset with 0s. (We actually never used that parameter before; 5917 it was always set to "clear"). 5918 - Added Squid "signature" to all ERR_ pages. The signature is 5919 hardcoded and is added on-the-fly. The signature may use 5920 %-escapes. Added interface to add more hard-coded responses if 5921 needed (see errorpage.c::error_hard_text). 5922 - Both default and configured directories are searched for ERR_ 5923 pages now. Configured directory is, of course, searched first. 5924 This allows you to customize a subset of ERR_ pages (in a 5925 separate directory) without danger of getting other copies out 5926 of sync. 5927 - Security controls for the SNMP agent added. Besides 5928 communities (like password) and views (part of tree 5929 accessible), the snmp_acl config option can be used to do acl 5930 based access checks per community. 5931 - SNMP agent was heavily re-written, based on cmu-snmpV1.8. You 5932 can now walk through the whole mib tree. Several new variables 5933 added under cacheProtoAggregateStats 5934 - Added rudimental statistics for HTTP headers. 5935 - Adjusted StatLogHist to a more generic/flexible StatHist. 5936 Moved StatHist implementation into a separate file. 5937 - Added FTP support for PORT if PASV fails, also try the 5938 default FTP data port (Henrik Nordstrom). 5939 - Fixed NULL pointer bug in clientGetHeadersForIMS when a 5940 request is cancelled for fails on the client side. 5941 - Filled in some squid.conf comments (never_direct, 5942 always_direct). 5943 - Added RES_DNSRCH to dnsserver's _res.options when the 5944 -D command line option is given. 5945 - Fixed repeated Detected DEAD/REVIVED Sibling messages when 5946 peer->tcp_up == 0 (Michael O'Reilly). 5947 - Fixed storeGetNextFile's incorrect "directory does not exist" 5948 errors (Michael O'Reilly). 5949 - Fixed aiops.c race condition (Michael O'Reilly, Stewart 5950 Forster). 5951 - Added 'dns_nameservers' config option to specify non-default 5952 DNS nameserver addresses (Maxim Krasnyansky). 5953 - Added lib/util.c code to show memory map as a tree 5954 (Henrik Nordstrom). 5955 - Added HTTP and ICP median service times to Counters and 5956 cachemgr average stats. 5957 - Changed "-d" command line option to take debugging level 5958 as argument. Debugging equal-to or less-than the argument 5959 will be written to stderr. 5960 - Removed unused urlClean() function from url.c. 5961 - Fixed a bug that allowed '?' parts of urls to be recorded in 5962 store.log. Logged urls are now "clean". 5963 - Cache Manager got new Web interface (cachemgr.cgi). New .cgi 5964 script forwards basic authentication from browser to squid. 5965 Authentication info is encoded within all dynamically generated 5966 pages so you do not have to type your password often. 5967 Authentication records expire after 3 hours (default) since 5968 last use. Cachemgr.cgi now recognizes "action protection" types 5969 described below. 5970 - Added better recognition of available protection for actions 5971 in Cache Manager. Actions are classified as "public" (no 5972 password needed), "protected" (must specify a valid password), 5973 "disabled" (those with a "disable" password in squid.conf), and 5974 "hidden" (actions that require a password, but do not have 5975 corresponding cachemgr_passwd entry). If you manage to request 5976 a hidden, disabled, or unknown action, squid replies with 5977 "Invalid URL" message. If a password is needed, and you failed 5978 to provide one, squid replies with "Access Denied" message and 5979 asks you to authenticate yourself. 5980 - Added "basic" authentication scheme for the Cache Manager. 5981 When a password protected function is accessed, Squid sends an 5982 HTTP_UNAUTHORIZED reply allowing the client to authorize itself 5983 by specifying "name" and "password" for the specified action. 5984 The user name is currently used for logging purposes only. The 5985 password must be an appropriate "cachemgr_passwd" entry from 5986 squid.conf. The old interface (appending @password to the url) 5987 is still supported but discouraged. Note: it is not possible 5988 to pass authentication information between squid and browser 5989 *via a web server*. The server will strip all authentication 5990 headers coming from the browser. A similar problem exists for 5991 Proxy-Authentication scheme. 5992 - Added ERR_CACHE_MGR_ACCESS_DENIED page to notify of 5993 authentication failures when accessing Cache Manager. 5994 - Added "-v" (Verbose) and "-H" (extra Headers) options to client.c. 5995 - Added simple context-based debugging to debug.c. Currently, 5996 the context is defined as a constant string. Context reporting 5997 is triggered by debug() calls. Context debugging routines 5998 print minimal amount of information sufficient to describe 5999 current context. The interface will be enhanced in the future. 6000 - Replaced _http_reply with HttpReply. HttpReply is a 6001 stand-alone object that is responsible for parsing, swapping, 6002 and comm_writing of HTTP replies. Moved these functions from 6003 various modules into HttpReply module. 6004 - Added HttpStatusLine, HttpHeader, HttpBody. 6005 - All HTTP headers are now parsed and stored in a "compiled" 6006 form in the HttpHeader object. This allows for a great 6007 flexibility in header processing and builds basis for support 6008 of yet unsupported HTTP headers. 6009 - Added Packer, a memory/store redirector with a printf 6010 interface. Packer allows to comm_write() or swap() an object 6011 using a single routine. 6012 - Added MemBuf, a auto-growing memory buffer with printf 6013 capabilities. MemBuf replaces most of old local buffers for 6014 compiling text messages. 6015 - Added MemPool that maintains a pre-allocated pool of opaque 6016 objects. Used to eliminate memory thrashing when allocating 6017 small objects (e.g. field-names and field-value in http 6018 headers). 6019 6020Changes to squid-1.2.beta15 (Feb 13, 1998): 6021 6022 NOTE: This version has changes which may cause all or part 6023 of your cache to be lost. However, you can problably 6024 save most of it by doing a slow restart. Specifically: 6025 6026 1. Kill the running squid-1.2.beta14 process; wait for it to 6027 fully exit. 6028 2. Remove all 'swap.state*' files, either in each cache_dir, or 6029 as defined in your squid.conf 6030 3. Start squid-1.2.beta15. The store will be rebuilt from the 6031 existing swap files, reading the directories and opening 6032 the files. 6033 6034 - Fixed some problems related to disk (and pipe) write error 6035 handling. file_close() doesn't always close the file 6036 immediately; i.e. when there are pending buffers to write. 6037 StoreEntry->lock_count could become zero while a write is 6038 pending, then bad things happen during the callback. 6039 - The file_write() callback data must now be in the callback 6040 database (cbdata). We now use the swapout_ctrl_t structure 6041 for the callback data; it stays around for as long as we are 6042 swapping out. 6043 - Changed the way write errors are handled by diskHandleWrite. 6044 If there is no callback function, now we exit with a fatal 6045 message under the assumption that the file in question is a 6046 log file or IPC pipe. Otherwise, we flush all the pending 6047 write buffers (so we don't see multiple repeated write errors 6048 from the same descriptor) and let the upper layer decide how 6049 to handle the failure. 6050 - Fixed storeDirWriteCleanLogs. A write failure was leaving 6051 some empty swap.state files, even though it tells us that its 6052 "not replacing the file." Don't flush/rename logs which we 6053 have prematurely closed due to write failures, indiciated by 6054 fd[dirn] == -1. Close these files LAST, not before 6055 renaming. 6056 - Fixed storeDirClean to clean directories in a more sensible 6057 order, instead of the new "MONOTONIC" order for swap files. 6058 - Merged fdstat.c functions into fd.c. 6059 - Cleaned up some debugging sections. Some unrelated source 6060 files were using the same section. 6061 - Removed curly brackets from all cachemgr output. 6062 - Removed unused filemap->last_file_number_allocated member. 6063 - Removed unused fde->lifetime_data member. 6064 - Fixed incorrectly applying htonl() on icp_common_t->shostid. 6065 - Call setsid() before exec() in ipc.c so that child processes 6066 don't receive SIGINT (etc) when running squid on a tty. 6067 - Changed StoreEntry->object_len to ->swap_file_sz so we 6068 can verify the disk file size at restart. Moved object_len 6069 to MemObject->object_sz. Note object_sz is initialized 6070 to -1. If object_sz < 0, then we need to open the swap 6071 file and read the swap metadata. 6072 - Changed store_client->mem to ->entry because we need 6073 e->swap_file_sz to set mem->object_sz at swapin. 6074 - Renamed storeSwapData structure to storeSwapLogData. 6075 - Fixed storeGetNextFile to not increment d->dirn. Added 6076 check for opendir() failure. 6077 - Fixed storeRebuildStart to properly link the directory 6078 list for storeRebuildfromDirectory mode. 6079 - Added -S command line option to double-check store 6080 consistency with disk files in storeCleanup(). 6081 - Fixed a problem with transactional logging. In many 6082 cases we were adding the public cache key and then 6083 logging a delete for the private key. This is worthless 6084 because during rebuild we could not locate the previous 6085 public-keyed entry. Now we assert that only public-keyed 6086 entries can be logged to swap.state. storeSetPublicKey() 6087 and storeSetPrivateKey() have been modified to log an 6088 ADD or DEL when the key changes. 6089 - Fixed storeDirClean bug. Needed to call 6090 storeDirProperFileno() so the "dirn bits" get set. 6091 - Fixed a storeRebuildFromDirectory bug. fullpath[] and 6092 fullfilename[] were static to that function and did 6093 not change when the "rebuild_dir" arg did. Moved these 6094 buffers to the rebuild_dir structure. 6095 - In storeRebuildFromSwapLog, we were calling storeRelease() 6096 for cache key collisions. This only set the RELEASE_REQUEST 6097 bit and did not clear the swap_file_number in the filemap or 6098 in the StoreEntry, so the swap file could get unlinked later 6099 when it was really released. 6100 - Fixed FTP so that ';type=X' specifically sets the HTTP reply 6101 content-type and content-encoding (Henrik Nordstrom). 6102 - Removed 'icon_content_type' configuration option. Content 6103 types now taken from mime.conf (Henrik Nordstrom). 6104 - Added additional memory malloc tracing and memory leak 6105 detection. Use --enable-xmalloc-debug-trace configure 6106 option and -m command line option (Henrik Nordstrom). 6107 6108Changes to squid-1.2.beta14 (Feb 6, 1998): 6109 6110 - Replaced snmplib free() calls with xfree(). 6111 - Changed the 'net_db_name' hash table structure to 6112 make it easier to move names from one network to another 6113 (copied from 1.1 code). 6114 - Filled in some of the config dump routines (dump_acl, 6115 dump_acl_access). 6116 - Full memory debugging option (--enable-xmalloc-debug-trace) 6117 (Henrik Nordstrom). 6118 - Filled-in and clarified many squid.conf comments (Oskar 6119 Pearson). 6120 - Fixed up handling of SWAP_LOG_DEL swap.state entries. 6121 6122Changes to squid-1.2.beta13 (Feb 4, 1998): 6123 6124 - NOTE: With this version the "swap.state" file format has 6125 changed. Running this version for the first time will 6126 cause your current cache contents to be lost! 6127 - NOTE: this version still has the bug where we don't rewind 6128 a swapout file and rewrite the swap meta data. Objects 6129 larger than 8KB will be lost when rebuilding from the swap 6130 files. 6131 - Combined various interprocess communication setup functions 6132 into ipcCreate(). 6133 - Removed some leftover ICP_HIT_OBJ things. 6134 - Removed cacheinfo and proto_count() and friends; these are to 6135 be replaced in functionality by StatCounters and 5/60 minute 6136 average views via cachemgr. 6137 - Fixed --enable-acltree configure message (Masashi Fujita). 6138 - Fixed no reference to @LIB_MALLOC@ in src/Makefile.in 6139 (Masashi Fujita). 6140 - Fixed building outside of source tree (Masashi Fujita). 6141 - FTP: Format NLST listings, and inform the user that the NLST 6142 (plain) format is available when we find a LIST listing that we 6143 don't understand (Henrik Nordstrom) 6144 - FTP: Use SIZE on Binary transfers, and not ASCII. The 6145 condition was inversed, making squid use SIZE on ASCII 6146 transfers (Henrik Nordstrom). 6147 - Enable virtual and Host: based acceleration in order to be 6148 able to use Squid as a transparent proxy without breaking 6149 either virtual servers or clients not sending Host: header 6150 the order of the virtual and Host: based acceleration needs 6151 to be swapped, giving Host: a higher precendence than virtual 6152 host (Henrik Nordstrom). 6153 - Use memmove/bcopy as detected by configure Some systems does 6154 not have memmove, but have the older bcopy implementation 6155 (Henrik Nordstrom). 6156 - Completely rewritten aiops.c that creates and manages a pool 6157 of threads so thread creation overhead is eliminated (SLF). 6158 - Lots of mods to store.c to detect and cancel outstanding 6159 ASYNC ops. Code is not proven exhaustive and there are 6160 definately still cases to be found where outstanding disk ops 6161 aren't cancelled properly (SLF). 6162 - Changes to call interface to a few routines to support disk 6163 op `tagging', so operations can be cleanly cancelled on 6164 store_abort()s (SLF). 6165 - Implementation of swap.state files as transaction logs. 6166 Removed objects are now noted with a negative object size. 6167 This allows reliatively clean rebuilds from non-clean 6168 shutdowns (SLF). 6169 - Now that the swap.state files are transaction logs, there's 6170 now no need to validate by stat()ing. All the validation 6171 procedure does is now just set the valid bit AFTER all the 6172 swap.state files have been read, because by that time, only 6173 valid objects can be left. Object still need to be marked 6174 invalid when reading the swap.state file because there's no 6175 guarantee the file has been retaken or deleted (SLF). 6176 - An fstat() call is now added after every 6177 storeSwapInFileOpened() so object sizes can be checked. Added 6178 code to storeRelease() the object if the sizes don't match (SLF). 6179 - #defining USE_ASYNC_IO now uses the async unlink() rather than 6180 unlinkd() (SLF). 6181 - #defining MONOTONIC_STORE will support the creation of disk 6182 objects clustered into directories. This GREATLY improves disk 6183 performance (factor of 3) over old `write-over-old-object' 6184 method. If using the MONOTONIC_STORE, the 6185 {get/put}_unusedFileno stack stuff is disabled. This is 6186 actually a good thing and greatly reduces the risk of serving 6187 up bad objects (SLF). 6188 - Fixed unlink() in storeWriteCleanLogs to be real unlink() 6189 rather than ASYNC/unlinkd unlinks. swap.state.new files were 6190 being removed just after they were created due to delayed 6191 unlinks (SLF). 6192 - Disabled various assertions and made these into debug warning 6193 messages to make the code more stable until the bugs can be 6194 tracked down (SLF). 6195 - Added most of Michael O'Reilly's patches which included many 6196 bug fixes. Ask him for full details (SLF). 6197 - Moved aio_check_callbacks in comm_{poll|select}(). It was 6198 called after the fdset had been built which was wrong because 6199 the callbacks were changing the state of the read/write 6200 handlers prior to the poll/select() calls (SLF). 6201 - Fixed ARP ACL memory leaks (Dale). 6202 - Eliminated URL and SHA cache keys. Cache keys will always 6203 be MD5's now. 6204 - Fixed up store swap meta data. 6205 - Changed swap.state logs to a binary format. 6206 - The swap.state logs are written transaction-style. 6207 6208Changes to squid-1.2.beta12 (Jan 30, 1998): 6209 6210 - Added metadata headers to cache swap files. This is an 6211 incompatible change with previous versions. Running this 6212 version for the first time will cause your current cache 6213 contents to be lost. 6214 - -D_REENTRANT when linking with -lpthreads (Henrik Nordstrom) 6215 - Show symlink destinations as a hyperlink in FTP listings 6216 (Henrik Nordstrom) 6217 - Fixed not allocating enough space for rewriting URLs with 6218 the Host: header (Eric Stern). 6219 - Year-2000 fixes (Arjan de Vet). 6220 - Fixed looping for cache hits on HEAD requests. 6221 - Fixed parseHttpRequest() coredump for 6222 "GET http://foo HTTP/1.0\r\n\r\n\r\n" 6223 6224Changes to squid-1.2.beta11 (Jan 6, 1998): 6225 6226 - Fixed fake 'struct rusage' definition which prevented compling 6227 on Solaris 2.4. 6228 - Fixed copy-by-ref bug for request->headers in 6229 clientRedirectDone() (Michael O'Reilly). 6230 - Workaround for Solaris pthreads closing FD 0 upon fork() 6231 (Michael O'Reilly). 6232 - Fixed shutdown bug with outgoing UDP sockets; we need to 6233 disable their read handlers. 6234 - For comm_poll(), use the fast 50 msec timeout only when 6235 USE_ASYNC_IO is defined. 6236 - Fixed pointer bug when freeing AS# ACL entries. 6237 - Fixed forgetting to reset Config.npeers to zero in free_peer(). 6238 - Fixed ICP bug causing excessive TIMEOUTs with sibling 6239 neighbors. We must call the ICP reply callback even for 6240 sibling misses. 6241 - Fixed some dnsserver-related reconfigure bugs. Need to 6242 use cbdataLock, etc in fqdncache.c. Also don't want to 6243 use ipcacheQueueDrain() and fqdncacheQueueDrain(). 6244 - Fixed persistent connection bug. We were incorrectly 6245 deciding that non-200 replies without content-length 6246 would not have a reply body. 6247 - Fixed intAverage() precedence bug. 6248 - Fixed memmove() 'len' arg bug. 6249 - Changed algorithm for determining alive/dead state of peers. 6250 Instead of using a fixed number of unacknowledged ICP 6251 replies, it is now based on timeouts. If there are no ICP 6252 replies received from a peer within 'dead_peer_timeout' 6253 seconds, then we call it dead. 6254 - Added calls to getCurrentTime() in 6255 comm_{select,poll}_incoming() when ALARM_UPDATES_TIME is not 6256 being used. 6257 - Fixed shutdown bug when the incoming and outgoing ICP socket 6258 is the same file descriptor. 6259 - Added buffered writes for storeWriteCleanLogs() (Stewart 6260 Forster). 6261 - Patches for Qnx4 (Jean-Claude MICHOT). 6262 - Fixed returning void functions which seems to be a GCC-ism. 6263 - New configure script options (Henrik Nordstrom): 6264 --enable-new-storekey=[sha|md5(|url)] (was --enable-hashkey) 6265 --enable-acltree 6266 --enable-icmp 6267 --enable-delay-hack 6268 --enable-useragent-log 6269 --enable-kill-parent (this should be named -hack) 6270 --enable-snmp 6271 --enable-time-hack 6272 --enable-cachemgr-hostname[=hostname] (new) 6273 --enable-arp-acl (new) 6274 - Added Doug Lea malloc-2.6.4 to the distribution, so that 6275 people easily can try a decent malloc package if they syspect 6276 their malloc is broken. --enable-dlmalloc (Henrik Nordstrom). 6277 - Made XMALLOC_DEBUG_COUNT working again. Requires a small stub 6278 function (Henrik Nordstrom). 6279 - Removed top-level Makefile. People must now run 'configure' 6280 before 'make'. 6281 - Fixed checkFailureRatio() implementation. 6282 - Made 'squid -z' behave like the 1.1 version. 6283 6284 6285Changes to squid-1.2.beta10 (Jan 1, 1998): 6286 6287 - Fixed content-length bugs for 204 replies, 304 replies, 6288 and HEAD requests (Henrik Nordstrom). 6289 - Fixed errorAppendEntry() bug in gopherReadReply(). 6290 - Basic support for FTP URL typecodes (;type=X). 6291 - Support for access controls based on ethernet MAC addresses 6292 (Dale). 6293 - Initial URN support; see 6294 http://squid.nlanr.net/Squid/urn-support.html 6295 - Fixed client-side persistent connections for objects with 6296 bad content lengths (Henrik Nordstrom). 6297 - Fixed bad call to storeDirUpdateSwapSize() for objects which 6298 never reach SWAPOUT_DONE state. 6299 - Fixed up poll() #defines in squid.h (Stewart Forster). 6300 - Changed poll() timeout from 1000 msec to 50 msec for 6301 better performance under low load (Stewart Forster). 6302 - Changed storeWriteCleanLogs() to write objects in the LRU 6303 list order instead of the random hash table order. 6304 - Fixed FTP bug when data socket connections fail or timeout. 6305 - Reuse FTP data connection when possible (Henrik Nordstrom). 6306 - Added configure options (Henrik Nordstrom) 6307 --enable-store-key=sha|md5 6308 --enable-xmalloc-statistics 6309 --enable-xmalloc-debug 6310 --enable-xmalloc-debug-count 6311 --async-io 6312 - Fixed confusing with the use/meaning of ERR_CANNOT_FORWARD 6313 by creating ERR_FORWARDING_DENIED and changing the 6314 content of the ERR_CANNOT_FORWARD text. 6315 - Fixed pipeline request bug from using strdup() (Henrik 6316 Nordstrom). 6317 - Call clientReadRequest() directly instead of commSetSelect() 6318 for pipelined requests (Henrik Nordstrom). 6319 - Fixed 4k page leak in icpHandleIMSReply(); 6320 - Renamed 'icp*' functions to 'client*' names in client_side.c. 6321 6322Changes to squid-1.2.beta8 (Dec 2, 1997): 6323 6324 - Fixed accessLogLog() to log ident from Proxy-Authorization 6325 request header (BoB Miorelli). 6326 - Fixed #includes, prototypes, etc. in SNMP source files. 6327 - Moved 'POLLRDNORM' and 'POLLWRNORM' macro checks from 6328 include/config.h.in to src/squid.h 6329 - Moved 'num32' typedefs from src/typedefs.h to 6330 include/config.h.in. 6331 - Moved snmplib/md5.c to lib/md5.c. 6332 - Added MD5 cache key support. 6333 - Removed xmalloc() return check in uudeocde.c 6334 - Added 'ifdef' support to cf_gen.c for optional code (e.g. SNMP) 6335 - Changed 'client' program to provide easier cache manager access, 6336 e.g.: 'client mgr:info' 6337 - Fixed 'client' to send 'Connection' instead of 'Proxy-Connection' 6338 for simulated keep-alive requests. 6339 - Removed 'fd' arg from clientProcess* functions. 6340 - Fixed bugs from using errorSend() on persistent/pipelined 6341 client connections. A latter request should not be allowed to 6342 write to the client fd until the current request completes. 6343 Now use errorAppendEntry() for such situations. 6344 - Fixed content-length bugs. We were using content-length == 0 6345 to also indicate a lack of content-length reply header. But 6346 'content-length: 0' might appear in a reply, so now use -1 to 6347 indicate that no content length given. 6348 - Split up clientProcessRequest() into smaller chunks so it 6349 might be easier to follow. 6350 - renamed various client_side.c functions to start with 'client' 6351 instead of 'icp'. 6352 - Fixed a 'cbdata leak' from the comm.c close handlers. 6353 - Fixed a 'cbdata leak' from the comm.c connect routines. 6354 - Fixed comm_select() and comm_poll() to stop looping on the 6355 incoming HTTP/ICP sockets. If there are fewer than 7 FD's 6356 ready for I/O, the incoming sockets might not get service, so 6357 comm_select() would be called for up to 7 times until the 6358 'incoming_counter' was incremented enough to trigger a call 6359 to comm_select_incoming(). Now we make sure 6360 comm_select_incoming() gets called if select returns less 6361 than 7 ready FD's. 6362 - Added errorpage '%B' token to generate FTP URLs with a '%2f' 6363 inserted at the start of the url-path. calls ftpUrlWith2f(). 6364 (Henrik Nordstrom). 6365 - Changed fqdncache.c to use LRU double-linked list instead of qsort() 6366 for replacement and cachemgr output. 6367 - Changed ipcache.c to use LRU double-linked list instead of qsort() 6368 - Changed hash_insert() and hash_join() to return void. 6369 for replacement and cachemgr output. 6370 - Moved StoreEntry->method member to MemObject->method. 6371 - Made StoreEntry->flags 16 bits. 6372 - Made StoreEntry->refcount 16 bits. 6373 - Changed URL-based public cache key to always include the request 6374 method. 6375 6376Changes to squid-1.2.beta7 (Nov 24, 1997): 6377 6378 - Fixed poll() for Linux (David Luyer). 6379 - SHA optimizations (David Luyer). 6380 - Fixed errno clashes with macro on Linux (David Luyer). 6381 - Fixed storeDirCloseSwapLogs(); logs might not be open. 6382 - Fixed storeClientCopy2() bug. Detect when there is 6383 no more data to send for objects in STORE_OK state. 6384 - Fixed FTP truncation bug when ftpState->size == 0, e.g. 6385 especially directory listings. 6386 - Mega FTP fix from Henrik Nordstrom. A better job of 6387 implementing the '%2f' hack. 6388 - Fixed some pipelined request bugs. storeClientCopy() was 6389 being given the wrong StoreEntry, and we had a race condition 6390 which is now handled by storeClientCopyPending(). 6391 - Added initial SNMP support. 6392 6393Changes to squid-1.2.beta6 (Nov 13, 1997): 6394 6395 - Fixed Authorized responses getting swapped out when they 6396 don't have Proxy-Revalidate reply header. 6397 - Fixed Proxy Authentication support. We never sent back 6398 a 407 reply, and were incorrectly incrementing the passwd 6399 before comparing it. 6400 - Fixed stat()ing pathnames for default values before parsing 6401 config file (Ron Gomes). 6402 - Fixed logging request and response headers on separate lines 6403 (Ron Gomes). 6404 - Fixed FTP Authentication message (Henrik Nordstrom). 6405 - Changed Proxy Authentication to trigger a reread of the passwd 6406 file if a password check fails (Henrik Nordstrom). 6407 - Changed FTP to retry the first CWD with a leading slash if it 6408 fails without one. 6409 6410Changes to squid-1.2.beta5 (Nov 6, 1997): 6411 6412 - Track the 'keep-alive ratio' for a peer as the ratio of 6413 the number of replies including 'Proxy-Connection: Keep-Alive' 6414 compared to the number of requests sent. If the peer does 6415 not support Persistent connections then this ratio will tend 6416 toward zero. If the ratio is less than 50% after 10 requests 6417 then we'll stop sending Keep-Alive. 6418 - Proper support for %nn escapes in FTP, and numerous 6419 other fixes (Henrik Nordstrom). 6420 - Support for Secure Hash Algorithm and framework for other 6421 hash functions as cache keys. 6422 - Fixed SSL snprintf() bug which broke SSL proxying. 6423 - Fixed store_dir swap log bug from reconfigure (SIGHUP). 6424 - Fixed LRU Reference Age bug. The arg to pow() must be 6425 minutes, not seconds. 6426 6427Changes to squid-1.2.beta4 (Oct 30, 1997): 6428 6429 - Fixed DST bug in rfc1123.c 6430 - Changed default http_accel_port to 80. 6431 - added errorCon() as a ErrorState constructor function 6432 (Max Okumoto). 6433 - Added ERR_FTP_FAILURE message for ftpFail(). 6434 - For FTP, the timeout callback must be moved to the 'data' 6435 descriptor when data transfer begins. Otherwise we are 6436 likely to get a timeout on the control descriptor. 6437 - Fixed double-free bug in httpRequestFree(). 6438 - Fixed store_swap_size counting bug in storeSwapOutHandle(). 6439 6440Changes to squid-1.2.beta3 (Oct 29, 1997): 6441 6442 - Initialize _res.options to RES_DEFAULT in dnsserver.c. 6443 - Fix assertions which assumed 4-byte pointers. 6444 - Fix missing % in fqdncache.c snprintf(). 6445 6446Changes to squid-1.2.beta2 (Oct 28, 1997): 6447 6448 - Fixed aiops.c and async_io.c so that they actually compile 6449 with USE_ASYNC_IO (Arjan de Vet). 6450 - Fixed errState->errno causing problems with some macros 6451 (Michael O'Reilly). 6452 - Fixed memory leaks in pconn.c (Max Okumoto). 6453 - Enhanced 'client' program with 'ping' behaviour (Ron Gomes). 6454 - Fixed InvokeHandlers() from calling memCopy() for ALL 6455 store_client's with callbacks. A store_client might be reading 6456 from disk. 6457 - Rewrote storeMaintainSwapSpace(). No longer will we scan one 6458 bucket at a time. Instead we'll maintain a single LRU 6459 list. When an object is 'touched' we move it to the 6460 top of this list. When we need disk space, we delete 6461 from the bottom. 6462 - Removed storeGetSwapSpace(). 6463 6464Changes to squid-1.2.beta1 (): 6465 6466 - Reworked storage manager to not keep objects in memory during 6467 transit. In other words, no separate NOVM distribution. 6468 - Lots of cleanup and debugging for beta release. 6469 - Use snprintf() everywhere instead of sprintf(). 6470 - The 'in_memory' hash table has been replaced with a 6471 doubly-linked list. New objects are added to the head of 6472 the list. When memory space is needed, old objects are 6473 purged from the tail of the list. 6474 6475Changes to squid-1.2.alpha7 (): 6476 6477 - fixes fixes fixes. 6478 - Made Arjan's PROXY_AUTH ACL patch standard. 6479 6480Changes to squid-1.2.alpha6 (): 6481 6482 - Simpler cacheobj implementation. 6483 - persistent connection histogram 6484 - SERVER-SIDE PERSISTENT CONNECTIONS: 6485 - Added pconn.c 6486 - Addec Cofig.Timeout.pconn; default 120 seconds 6487 - Added httpState->flags 6488 - Added flags arg to httpBuildRequestHeader() 6489 - Added HTTP_PROXYING and HTTP_KEEPALIVE flags 6490 - Added 'Connection' to allowed HTTP headers (http-anon.c) 6491 - Added 'Proxy-Connection' to allowed HTTP headers 6492 (http-anon.c) 6493 - Merged proxyhttpStart() with httpStart() and created 6494 new httpBuildState(). 6495 - New httpPconnTransferDone() detects end-of-data on 6496 persistent connections. 6497 6498Changes to squid-1.2.alpha5 (): 6499 6500 - New configuration system. Everything is generated from 6501 'cf.data.pre', including the main parser, setting defaults, 6502 outputting current values, and freeing memory. 6503 This also involved moving some of the local data structures 6504 (e.g. struct _acl *AclList in acl.c) to the Config 6505 structure. (Max Okumoto) 6506 - No more '/i' for regular expressions. Now insert a '-i' 6507 to switch to case-insensitive. Use '+i' for case-sensitive. 6508 - When you have a variable named the same as its type, sizeof() 6509 gets the wrong one (fde). 6510 - Need to flush unbuffered logs before fork(). 6511 - Added two fields swap log: refcount and e->flag. 6512 - Removed all the .h files for each .c file. Now #include stuff 6513 is in either: defines.h, enums.h, typedefs.h, structs.h, 6514 or protos.h, globals.h. This greatly reduces dependencies 6515 between the various source files. 6516 - globals.c is generated from globals.h by a Perl script. 6517 - Started customizable error texts. 6518 6519Changes to squid-1.2.alpha4 (): 6520 6521 - New MIME configuration, regular expression based 6522 - Added request_timeout config option 6523 - Multiple HTTP sockets (Lincoln Dale). 6524 - Moved 'fds_are_n_free' check to httpAccept(). 6525 - s/USE_POLL/HAVE_POLL/; make poll() default if available. 6526 - Changed storeRegister to use offsets and make immediate 6527 callbacks if appropriate. 6528 - Removed icpDetectClientClose(). Some of that functionality 6529 goes into clientReadRequest() and the rest into 6530 httpRequestFree(). 6531 - Moved IP lookups to commConnect stuff. 6532 - Added support for retrying connect(). 6533 - New inline debug() macro (David Luyer). 6534 - Replace frequent gettimeofday() calls with alarm(3) based 6535 clock. Need to add more gettimeofday() calls to get back 6536 high-resolution timestamp logging (Andres Kroonmaa). 6537 - Added support for Cache-control: proxy-revalidate; 6538 based on squid-1.1 patch from Mike Mitchell. 6539 6540Changes to squid-1.2.alpha3 (): 6541 6542 - Implemented persistent connections between clients and squid. 6543 - Moved various FD tables (comm.c, fdstat.c, disk.c) to a single 6544 table in fd.c. 6545 - Removed use of FD as an identifier in certain callback 6546 operations (ipcache, fqdncache). 6547 - General code cleanup. 6548 - Fixed typedefs for callback functions. 6549 - Removed FD lifetime/timeout dichotomy. Now we only have 6550 timeouts, however the lifetime concept/keyword may still 6551 linger in certain places. 6552 - Change Makefile 'realclean' target to 'distclean' 6553 - Changed config file parsing of time specifications to use 6554 parseTimeLine(). 6555 - Removed storetoString.c 6556 6557Changes to squid-1.2.alpha2 (): 6558 6559 - Merged squid-1.1.9, squid-1.1.10 changes 6560 6561Changes to squid-1.2.alpha1 (): 6562 6563 - Unified peer selection algorithm. 6564 - aiops.c and aiops.h are a threaded implementation of 6565 asynchronous file operations (Stewart Forster). 6566 - async_io.c and async_io.h are complete rewrites of the old 6567 versions (Stewart Forster). 6568 - Rewrote all disk file operations of squid to support 6569 the idea of callbacks except where not required (Stewart 6570 Forster). 6571 - Background validation of 'tainted' swap log entries (Stewart 6572 Forster). 6573 - Modified storeWriteCleanLog to create the log file using the 6574 open/write rather than fopen/printf (Stewart Forster). 6575 - Added the EINTR error response to handle badly interrupted 6576 system calls (Stewart Forster). 6577 - UDP_HIT_OBJ not supported, removed. 6578 - Different sized 'cache_dirs' supported. 6579 6580============================================================================== 6581