This repository has been archived by the owner on Aug 13, 2019. It is now read-only.
forked from squid-cache/squid
-
Notifications
You must be signed in to change notification settings - Fork 0
/
ChangeLog
5850 lines (5351 loc) · 271 KB
/
ChangeLog
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
Changes to squid-4.0.3 (28 Nov 2015):
- Bug 4372: missing template files
- Bug 4371: compile errors: no such file or directory: DiskIO/*/*DiskIOModule.o
- Bug 4368: A simpler and more robust HTTP request line parser
- Fix compile erorr on clang undefined reference to '__atomic_load_8'
- ext_kerberos_ldap_group_acl: Add missing workarounds for Heimdal Kerberos
- ext_ldap_group_acl: Allow unlimited LDAP search filter
- ext_unix_group_acl: Support -r parameter to strip @REALM from usernames
- ... and much code cleanup and polishing
- ... and all fixes from squid 3.5.11
Changes to squid-4.0.2 (01 Nov 2015):
- Regression Bug 4351: compile errors when authentication modules disabled
- Regression fix: HTTP/1.1 Transfer-Encoding:chunked parsing
- Bug 4359: assertion failure 'Comm::IsConnOpen(conn)' within ConnStateData::requestTimeout
- Bug 4356: segmentation fault using proxy_auth ACL
- Bug 4352: compile errors in OS X 10.11
- Bug 4021: ext_user_regex does exact match
- Bug 3574: avoid crashes, prohibit reconfiguration during shutdown
- Support re-assigning delay pools based on HTTP reply details
- ... and all fixes from squid 3.5.11
Changes to squid-4.0.1 (14 Oct 2015):
- Bug 4329: GCC 5.2 no known conversion for argument
- Bug 4292: negotiate_wrapper: Unreleased Resources
- Bug 4269: ignore-must-revalidate broken
- Bug 4190: assertion 'hash_remove_link' from Auth::User::cacheCleanup
- Bug 3920: Splay::remove() reference counting inconsistent
- Bug 3069: CONNECT method bytes sent logging
- Bug 2741 partial: libsecurity API for GnuTLS support
- Bug 1961 partial: redesign of URL handling
- Fix crash when parsing invalid squid.conf
- Fix eCAP: Return 'unknown body size' for bodies with unknown body sizes
- Remove unused OS detection: Sun, SysV, Ultrix, BSDi
- Remove cache_peer_domain directive
- RFC 6176 compliance: Remove SSLv2 support
- HTTP/1.1: Remove refresh_pattern ignore-auth and ignore-must-revalidate
- Remove GCC 2.x and 3.x detection and support
- C++11 compiler support is now mandatory
- Enable flexible transport protocol
- Enable long (--foo) command line parameters on squid binary
- Add per-rule refresh_pattern matching statistics
- Replace sslversion=N with tls-min-version=1.N
- Replace sslproxy_* directives with tls_outgoing_options
- Replace GNU atomics and related hacks with C++11 std::atomic
- Replace external_acl_type format %macros with logformat codes
- Support Ephemeral Elliptic Curve Diffie-Hellman (EECDH) key exchange
- Support Secure ICAP services
- Support rotate=N option on access_log
- Support bypass for non-HTTP intercepted traffic (on_unsupported_protocol)
- Support lifetime timeout for persistent connections (pconn_lifetime)
- Support timeout for URL-rewrite helper lookups (url_rewrite_timeout)
- Support logging fast things (nanosecond log resolution)
- Support ICAP/eCAP adaptation for 100-continue responses
- Support configurable helper queue size, with consistent defaults
and better overflow handling.
- Support named service PID file by default (pid_filename)
- url_lfs_rewrite: Add URL-rewriter based on local file existence
- negotiate_kerberos_auth: output group= kv-pair
- helper-mux: add man(8) page
- purge: convert README to man(1) page
- basic_msnt_multi_domain_auth: Superceeded by basic_smb_lm_auth
- basic_sspi_auth: fix MinGW compile errors
- negotiate_sspi_auth: fix various build errors
- Crypto-NG: libnettle Base64 algorithm support
- Parser-NG: HTTP Parser structural redesign
- libltdl: copyright updated to LGPL version 2.1
- ... and several performance optimizations
- ... and many documentation changes
- ... and much code cleanup and polishing
Changes to squid-3.5.12 (28 Nov 2015):
- Bug 4374: refresh_pattern config parser (%)
- Bug 4373: assertion 'calloutContext->redirect_state == REDIRECT_NONE'
- Bug 4228: links with krb5 libs despite --without options
- Fix SSL_get_certificate() problem detection
- Fix TLS handshake problem during Renegotiation
- Fix cache_peer forceddomain= in CONNECT
- Fix status code-based HTTP reason phrase for eCAP-generated messages
- Fix build errors in cpuafinity.cc
- ... and several documentation updates
Changes to squid-3.5.11 (01 Nov 2015):
- Bug 3574: crashes on reconfigure and startup
- Bug 4347: compile errors with LibreSSL 2.3
- Bug 4281: copy-paste typos in src/tools.cc
- Bug 4279: No response from proxy for FTP-download of non-existing file
- Bug 4188: Bumping intercepted SSL connections does not work on Solaris
- Fix incorrect authentication headers on cache digest requests
- Fix connection stats, including %<lp, missing for persistent connections
- Fix invalid memory access issues in SBuf
- Avoid errors when parsing manager ACL in old squid.conf
Changes to squid-3.5.10 (01 Oct 2015):
- Regression Fix cache_peer login=PASS(THRU) after CVE-2015-5400
- Regression Bug 4326: base64 binary encoder rejects data beginning with nil byte
- Bug 4323: Netfilter broken cross-includes with Linux 4.2
- Bug 4328: %un format code does not work for external ACLs in credentials-fetching rules
- Bug 4208: more than one port in wccp2_service_info line causes error
- Bug 4303: PeerConnector.cc:743 "!callback" assertion.
- Bug 4330: Do not use SSL_METHOD::put_cipher_by_char to determine size of SSL hello ciphers
- Relicense ntlm_fake_auth.pl to GPLv2+
- Relicense smb_lm auth helper to GPLv2+
- Relicense SSPI helper to GPLv2+
- ... and several minor performance optimizations
Changes to squid-3.5.9 (17 Sep 2015):
- Regression Bug 3618: ntlm_smb_lm_auth rejects correct passwords
- Bug 4309: incorrect extensions detection in SSL Hello messages
- Bug 4309: crash during Skype login
- Bug 4284: missing sanity checks for malloc
- Regression Fix: CONNECT request debugging 11,2 traces
- Regression Fix: Quieten UFS cache maintenance skipped warnings
- TLS: Support SNI on generated CONNECT after peek
- ... and some documentation updates
Changes to squid-3.5.8 (02 Sep 2015):
- Regression Bug 4306: build portability fix in Kerberos helpers
- Bug 4302: IPFilter v5 transparent interception
- Bug 4301: compile errors with IPFilter interception
- Bug 4285 partial: %us is not supported in access.log
- Bug 4278: Docs: typo in the refresh_pattern freshness algorithm
- Bug 4242: compile errors with eCAP using clang-3.6
- Bug 3696: crash when client delay pools are activated
- Bug 3553: cache_swap_high ignored and maxCapacity used instead
- Regression Fix: FtpServer.cc:1024: "reply != NULL" assertion
- Fix ignore of impossible SSL bumping actions, as intended and documented
- Fix memory leak in Surrogate-Capability header detection
- Fix truncated body length when RESPMOD service aborts
- Reject non-chunked HTTP messages with conflicting Content-Length values
- Support splice for SSLv3 and TLSv1 sessions that start with an SSLv2 Hello
- ... and several portability and compile fixes
- ... and several documentation updates
Changes to squid-3.5.7 (01 Aug 2015):
- Bug 4293: wrong SNI sent to server after URL-rewrite
- Bug 4251: incorrect instance name for memory segments in /dev/shm
- Bug 4227: invalid key in AuthUserHashPointer causing assertation failure
- Bug 3345: support %un (any available user name) format code for external ACLs.
- basic_smb_auth: Fix several old issues identified by Debian users
- Support ssl-bump splicing to origin cache_peer
- Fix SSL errors relayed using invalid certificates
- Fix crash in TcpAccepter with profiler enabled
- Fix some cases of ssl_crtd SSL certificate DB corruption
- Fix performance regression in SBuf::chop operations
- Improve handling of client connections on shutdown
- Handle exceptions during squid.conf parse
- Make pod2man an optional dependency
- ... and polishing for several cache.log notification messages
- ... and all fixes from squid 3.4.14
Changes to squid-3.5.6 (03 Jul 2015):
- Bug 4274: ssl_crtd.8 not being installed
- Bug 4193: memory leak on FTP listings
- Bug 4183: segfault when freeing https_port clientca on reconfigure or exit
- Bug 3875: bad mimeLoadIconFile error handling
- Bug 3483: assertion failed store.cc:1866: 'isEmpty()'
- Bug 3329: pinned server connection is not closed properly
- TLS: Disable client-initiated renegotiation
- ext_edirectory_userip_acl: fix uninitialized variable
- Support custom OIDs in *_cert ACLs
- Fix CONNECT failover to IPv4 after trying broken IPv6 servers
- Use relative-URL in errorpage.css for SN.png
- Do not blindly forward cache peer CONNECT responses
- Fix assertion String.cc:221: "str"
- Fix assertion comm.cc:759: "Comm::IsConnOpen(conn)" in ConnStateData::getSslContextDone
- Translations: add Spanish US dialect alias
Changes to squid-3.5.5 (28 May 2015):
- Regression Bug 4132: short_icon_urls with global_internal_static on
- Bug 4238: assertion Read.cc:205: "params.data == data"
- Bug 4236: SSL negotiation error of 'success'
- Bug 3930: assertion 'connIsUsable(http->getConn())'
- Fix assertion MemBuf.cc:380: "new_cap > (size_t) capacity" in SSL I/O buffer
- Fix assertion errorpage.cc:600: "entry->isEmpty()"
- Fix comm_connect_addr on failures returns Comm:OK
- Fix missing external ACL helper notes
- Fix "Not enough space to hold server hello message" error message
- Fix segmentation fault inside Adaptation::Icap::Xaction::swanSong
- Prevent unused ssl_crtd helpers being run
- ... and some code cleanup and portability updates
- ... and several documentation updates
Changes to squid-3.5.4 (01 May 2015):
- Bug 4234: comm_connect_addr uses errno incorrectly
- Bug 4231: fd_open() not correctly handling UDS socket descriptions
- Bug 4226: digest_edirectory_auth: found but cannot be built
- Bug 4198: assertion failed: client_side.h:364: "sslServerBump == srvBump"
- Bug 3775: Disable HTTP/1.1 pipeline feature for pinned connections
- Fix require-proxy-header preventing HTTPS proxying and ssl-bump
- Fix Negotiate/Kerberos authentication request size exceeds output buffer size
- Fix SQUID_X509_V_ERR_DOMAIN_MISMATCH errors while accessing sites with valid certificates
- Add server_name ACL matching server name(s) obtained from various sources
- Add Kerberos support for MAC OS X 10.x
- Support for resuming TLS sessions
- ... and some portability and compile fixes
- ... and several documentation updates
- ... and all fixes from squid 3.4.13
Changes to squid-3.5.3 (28 Mar 2015):
- Regression Bug 4213: negotiate_kerberos_auth: freeing non-dynamic memory
- Regression Bug 4206: Incorrect connection close on expect:100-continue
- Bug 4204: ./configure does not abort when required helpers cannot be built
- Bug 3805: support shared memory on MacOS X in Mem::IPC::Segment
- Bug 2907: high CPU usage on CONNECT when using delay pools
- basic_getpwnam_auth: fail authentication on crypt() failures
- basic_nis_auth: fail authentication on crypt() failures
- ext_kerberos_ldap_group_acl: Heimdal support improvements
- ext_wbinfo_group_acl: Perl 5.20 support
- ... and several compile issues
Changes to squid-3.5.2 (18 Feb 2015):
- Regression Bug 4176: Digest auth too many helper lookups
- Regression Bug 4180: not-fully-initialized data member in ACLUserData
- Bug 4172: Solaris broken krb5-config
- Bug 4073: Cygwin compile errors
- Bug 3919: remove several never-true / never-false comparisons
- HTTPS: Add missing root CAs when validating chains that passed internal checks
- Fix some cbdataFree related memory leaks
- Quieten CBDATA 'leak' messages
- Set SNI information in transparent bumping mode
- negotiate_kerberos_auth: fix krb5.conf backward compatibility
- Fix memory leaks in cachemgr.cgi URL parser
- Fix sslproxy_options in peek-and-splice mode
- ... and fix several portability and build issues
- ... and some documentation updates
- ... and all fixes from squid 3.4.11
Changes to squid-3.5.1 (13 Jan 2015):
- Fix handling of invalid SSL server certificates when splicing connections
- basic_smb_lm_auth: Simplified MSNT basic auth helper
- squidclient: Fix -A and -P options
- ... and several portability fixes
- ... and all fixes from squid 3.4.11
- ... and a lot of documentation updates
Changes to squid-3.5.0.4 (21 Dec 2014):
- Bug 3826: pt 2: Provide a systemd .service file for Squid
- Support http_access denials of SslBump "peeked" connections.
- Fix DONT_VERIFY_DOMAIN ssl flag
- Fix peek-and-splice mode: certificate validation for domain mismatched errors
- negotiate_kerberos_auth: MEMORY keytab and replay cache support
- ... and some documentation updates
- ... and a large amount of code polishing (non-logic changes)
Changes to squid-3.5.0.3 (09 Dec 2014):
- Bug 4146: workaround SSL Bump crash on Linux
- Bug 4135: Support \-escaped characters in regex patterns
- Bug 4131: SIGSEGV at store.cc:962 content_length > store_maxobjsize
- Fix delay_parameters parsing
- HTTP/2: handle 'PRI' method found in HTTP/1.x traffic
- ... and all changes from squid 3.4.10
- ... and a lot of documentation updates
Changes to squid-3.5.0.2 (31 Oct 2014):
- Fix FTP socket opening during reconfigure
- ... and all changes from 3.4.9
- ... and some build errors in rarely used code
- ... and several documentation updates
Changes to squid-3.5.0.1 (17 Oct 2014):
- Port from 2.7: redirector and logging urlgroup feature
- Bug 4093: source-maintenance.sh bad perl -i option
- Bug 3608: per-service name for workers UDS sockets
- Bug 2554: 32-bit wrap in AUFS counters
- Bug 1961 pt1: URL handling redesign
- Bug 1202 pt1: documentation for refresh_pattern algorithms
- Update Squid boilerplate copyright/license
- Update the http(s)_port directives protocol= parameter
- Update forward_max_tries to permit 25 server paths
- Update Kerberos library detection and build options
- Support ACLs on ftp_epsv directive
- Support >32KB objects in cache_dir rock storage
- Support client connection annotation by helpers via clt_conn_tag=TAG
- Support native FTP Relay
- Support libgnugss Kerberos library
- Support libecap v1.0
- Support SSL Peek and Splice feature
- Support receiving PROXY protocol version 1 and 2
- Replace --enable-ssl build option with --with-openssl
- Enable -n service name command line option for all Squid builds
- Enable ICAP client by default
- Fix configuration file parsing bugs, related to quoted strings
- Fix Windows MinGW build errors
- Fix multiple TCP outgoing TOS/DiffServ bugs
- Fix Cygwin /etc/resolv.conf parsing
- Fix crash when sending %ssl::cert_subject to external ACL w/o certificate
- Fix crash reading malformed config files
- Send selected SSL version and cipher to the certificate validation helper
- Validate server certificates without bumping
- Add zero-copy string buffer support
- Add automated squid.conf parser testing with squid -k parse
- Add adaptation_service ACL
- Add logformat code %tS to log transaction start time
- Add logformat code %>rd to log client URL domain name
- Add key_extras to proxy authentication
- Add url_rewrite_extras and store_id_extras directives
- Add send_hit and store_miss directives
- Add collapsed_forwarding directive
- Add sslproxy_cert_sign_hash directive
- Add SMP SSL session cache
- Add cache_peer standby connections
- Add helper ext_delayer_acl
- Add TCP_TUNNEL log code for CONNECT tunnels which are not SSL-bumped
- Add BUILDCXX and BUILDCXXFLAGS configure options for cross-compile
- Remove COSS storage in favour of Rock storage
- Remove dnsserver and external DNS helper API in favour of mDNS
- Remove broken mallinfo() accounting and memory tracing
- Remove hierarchy_stoplist in favour of always_direct
- Deprecate tag ACL type in favour of note ACL type
- Deprecate urlgroup feature in favour of note ACL type
- HTTP/1.1: method names are case-sensitive
- HTTP/1.1: register new headers from RFC 723x
- squidclient: polish and update help display
- squidclient: support TLS with GnuTLS 3.1.5+
- squidclient: support verbosity levels
- squidclient: --ping mode module support
- url_fake_rewrite: support concurrency
- storeid_file_rewrite: support concurrency
- digest_file_auth: support concurrency
- digest_edirectory_auth: support concurrency
- digest_ldap_auth: support concurrency
- ... and many error page translation updates
- ... and much code cleanup and polishing
Changes to squid-3.4.14 (01 Aug 2015):
- Do not blindly forward cache peer CONNECT responses (CVE-2015-5400)
Changes to squid-3.4.13 (01 May 2015):
- Bug 4212: ssl_crtd crashes with corrupt database
- ... and some documentation updates
- ... and all fixes from squid 3.3.14
Changes to squid-3.4.12 (18 Feb 2015):
- Bug 4066: Digest auth nonce indefinite rollover
- Bug 3997: Excessive NTLM or Negotiate auth helper annotations
- Fix several crashes when debugging enabled
- Fix silent SSL/TLS failure on split-stack operating systems
- HTTP/1.1: Stop emitting (Proxy-)Authentication-Info for Negotiate
- HTTPS: Add TLS/SSL option NO_TICKET to http[s]_port
- Remove dst ACL dependency on HTTP request message existence
- Set cap_net_admin when Squid sets TOS/Diffserv packet values
- ... and some documentation updates
Changes to squid-3.4.11 (13 Jan 2015):
- Bug 4164: SEGFAULT when %W formating code used in errorpages
- Bug 4057: Avoid on-exit crashes when adaptation is enabled.
- Bug 3760: squidclient ignores --disable-ipv6
- Bug 3754: configure doesnt detect IPFilter 5.1.2 system headers
- Bug 3664: ssl_crtd fails to build on OpenSolaris/OpenIndiana/Solaris 11
- cachemgr.cgi: memory leak in request parser
- Deleting first fs left psstate->servers pointing to uninitialized memory
- ... and some build issues
Changes to squid-3.4.10 (09 Dec 2014):
- Bug 4148: external_acl_type header format does not accept the new libformat syntax
- Bug 4145: squid_endian.h compile errors with OpenBSD 5.6
- Bug 4033: Rebuild corrupted ssl_db/size file
- Bug 3902: Docs: external_acl_type cache hash key
- Fix segmentation fault in ACL urlpath_regex
- Fix bootstrap.sh dependency on SPONSORS.list
- Alternate-Protocol is a hop-by-hop header
- HTTP/2: Support 421 (Misdirected Request) status code
Changes to squid-3.4.9 (31 Oct 2014):
- Regression fix: ext_kerberos_ldap_group_acl typo in 3.4.7 update
- Bug 4102: sslbump cert contains only a dot character in key usage extension
- Bug 4093: source-maintenance.sh errors and warnings due to wrong tools/options
- Bug 4088: memory leak in external_acl_type helper with cache=0 or ttl=0
- Bug 4024: Bad host/IP ::1 when using IPv4-only environment
- Bug 3803: ident leaks memory on failure
- kerberos_ldap_group/cert_tool: Remove ksh dependency
- ... and some automated code style updates
- ... and some documentation updates
Changes to squid-3.4.8 (15 Sep 2014):
- Fix off by one in SNMP subsystem
- pinger: Fix various ICMP handling issues
Changes to squid-3.4.7 (28 Aug 2014):
- Regression Fix: Kerberos LDAP authorizing groups with principle subdomain
- Bug 4080: worker hangs when client identd is not responding
- Bug 3966: Add KeyEncipherment when ssl-bump substitues RSA for EC
- HTTP/1.1: Ignore Range headers with unidentifiable byte-range values
- SSL-bump: Use v3 for fake certificate if we add _any_ certificate extension
- Enable compile-time override for MAXTCPLISTENPORTS
- ntlm_sspi_auth: Fix various build errors
- negotiate_wrapper: Fix build issues with non-portable vfork()
- negotiate_sspi_auth: Portability fixes for MinGW
- ext_lm_group_acl: Portability fixes for MinGW
- ... and several minor memory leaks
Changes to squid-3.4.6 (25 Jun 2014):
- Regression: segmentation fault logging with %tg format specifier
- Bug 4065: round-robin neighbor selection with unequal weights
- Bug 4056: assertion MemPools[type] from netdbExchangeStart()
- Bug 4050: segmentation fault in CommSelectEngine::checkEvents on helper response
- Fix segmentation fault setting up server SSL connnection
- Fix hanging Non-HTTPS connections on SSL-bump enabled port
- Fix Cache Manager actions listed more than once
- ... and many minor memory leaks
- ... and several portability build issues
- ... and some documentation updates
Changes to squid-3.4.5 (02 May 2014):
- Regression Bug 4051: inverted test on CONNECT payload existence
- Regression Fix: order dependency between cache_dir and maximum_object_size
- Fix logformat %note display
- Resolve 'dying from an unhandled exception: c'
Changes to squid-3.4.4.2 (23 Apr 2014):
- version bump for packaging re-build with altered toolchain
Changes to squid-3.4.4.1 (23 Apr 2014):
- Regression Bug 4019: Cache digest exchange segmentation fault
- Regression Bug 3982: EUI logging and helpers show blank MAC address
- Bug 4047: Support Android builds
- Bug 4043: Remove XMALLOC_TRACE and references to sbrk(2)
- Bug 4041: Missing files in compat/Makefile.am
- Bug 4014: Build failure with --disable-optimizations --disable-auth
- Bug 3986: (partial) assertion due to incorrect error page buffer size
- Bug 3955: Solaris EUI-48 lookup leaks FDs
- Bug 3371: CONNECT with data sent at once loses data
- C++11: Upgrade auto-detection to use the formal -std=c++11
- Crypto-NG: libnettle MD5 algorithm support
- SSL-Bump: Fix Basic auth caching on bumped connections
- Store-ID: Fix request URI when forwarding requests to peers
- ... and fix several other build errors
- ... and some documentation updates
Changes to squid-3.4.4 (09 Mar 2014):
- Bug 4029: intercepted HTTPS requests bypass caching checks
- Bug 4001: remove use of strsep()
- Bug 3186 and 3628: Digest authentication always sending stale=false for nonce
- Fix stalled concurrent rock store reads
- Fix helper ID number assignment
- Fix build failures from CMSG related definitions
- Fix build failures from libcompat unsafe.h protections
- Copyright: Relicense helpers by Treehouse Networks Ltd.
- ... and all bug fixes from 3.3.12
Changes to squid-3.4.3 (02 Feb 2014):
- Bug 4008: HttpHeader warnOnError should be an int not a bool
- Bug 4002: clang 3.4 unable to compile
- Bug 3996: Malformed DNS reply leads to crash
- Bug 3995: compile error on CentOS 5 with GCC 4.1.2
- Bug 3975: atomic detection cross-compilation failure
- Bug 3971: "cannot aggregate mgr:client_list: cmd->profile != NULL" in SMP mode
- Bug 3954: compile failure in CpuAffinity.cc
- Bug 3927: tests/testRock fatal.cc required
- Fix memory leak in peer Cache Digest exchange
- Fix external_acl_type async loop failures
- Fix destination IP address cycling
- ... and a few polishing changes
Changes to squid-3.4.2 (30 Dec 2013):
- Regression Bug 3980: FATAL ERROR due to max_user_ip -s option
- Regression Fix: \-unescaping in quoted strings from helpers
- Regression Fix: URL helper API bypassing on URL containing '=' character
- Bug 3985: 60s limit introduced by balance_on_multiple_ip breaks bad IP recovery
- Bug 3806: Caching responses with Vary header
- Bug 3498: FTP PUT assertion
- WCCPv2: Fix assertion 'Cannot convert non-IPv4 to IPv4' on FreeBSD
- Enable concurrency by default for SSL certificate validator
- ... and fix several build errors
Changes to squid-3.4.1 (09 Dec 2013):
- Bug 3935: Invalid pointer dereference when peeking at origin server certificate
- Bug 3589: intercepted and ICAP modified request using a cache_peer
- ... and several portability fixes
- ... and some documentation updates
Changes to squid-3.4.0.3 (01 Dec 2013):
- Bug 3941: Release notes error
- Receive annotations from authentication and external ACL helpers
- basic_nis_auth: Improved portability
- ... and several documentation updates
- ... and all bug fixes from 3.3.9, 3.3.10, 3.3.11
Changes to squid-3.4.0.2 (03 Oct 2013):
- Regression Bug 3891: squid.conf parser errors in 3.4.0.1
- Regression Fix: re-disable MinGW C++11 support
- Bug 3914: partial: make squidclient tool build cleanly with -Wconversion
- Fix memory leak in refresh_pattern parsing
- negotiate_kerberos_auth: upgrade to present group= keys
- Handle NTLM helper returning OK without user= value
- Add dns_multicast_local to control mDNS operation
- Add --disable-arch-native build option
- Display Build-Info in cache manager info report
- ... and all changes from squid 3.3.9
- ... and some code and debug output polishing
Changes to squid-3.4.0.1 (29 Jul 2013):
- Port from 2.7: StoreURL (renamed Store-ID) support
- Bug 3795: fix several mistakes in the MIB file
- Bug 3793: configure: improved helper detection
- Bug 3722: Invalid markup in Armenian hy ERR_ONLY_IF_CACHED_MISS
- Bug 3676: Support GCC 4.7 with -Wshadow option
- Bug 3643: NTLM helpers stuck in reserved state by Safari
- Bug 3389: Auto-reconnect for tcp access_log
- Bug 2066: squid does not do chdir() after chroot()
- Fix uninitialized fields in IcapLogEntry
- Fix a number of minor issues detected by Coverity Scan
- Fix some potential memory leaks detected by Coverity Scan
- Fix 64-bit support for Intel compiler suite (ICC) and other similar compilers
- Fix ACL matching algorithm to avoid repeating tests
- basic_pam_auth: Add -r option to strip NTLM/Negotiate domain from username
- squidpurge: fix META TLV parsing issues
- squid.conf: enforce all the directive and option names are lower-case
- Support EUI on HTTPS and FTP data connections
- Support OK/ERR/BH response codes from any helper
- Support No-lookup flag (-n) on DNS ACLs
- Support -march=native compiler optimization by default
- Support forwarding intercepted but not bumped connections to cache_peers
- Support IPv6 NAT interception on Linux and some BSD
- Deprecate log_icap and log_access configuration directives
- HTTP/1.1: improved method invalidation and cacheability detection
- HTTP/1.1: support length configuration for pipeline_prefetch queue
- Improved TPROXY support for OpenBSD and FreeBSD
- Add storeid_file_rewrite helper to perform Store-ID rewrites from a rules file
- Add all-of and any-of ACL types for grouping sets of ACL tests
- Add note directive for transaction annotations
- Add %note log format for transaction annotation logging
- Add note ACL type for matching annotated transactions with by annotation name or value
- Add kv-pair support to URL-rewrite/redirector interface
- Add SSL server certificate validator interface, helper and result cache
- Add SSL server certificate fingerprint ACL type
- Add spoof_client_ip access control
- Add pt-bz (Belize Portuguese) dialect to translations
- ... and many Windows portability changes (still incomplete)
- ... and many documentation changes
- ... and much code cleanup and polishing
Changes to squid-3.3.14 (01 May 2015):
- Bug 4093: source-maintenance.sh errors and warnings due to wrong tools/options
- ... and some documentation updates
- ... and all fixes from squid 3.2.14
Changes to squid-3.3.13 (28 Aug 2014):
- Fix segmentation fault setting up server SSL connnection
- HTTP/1.1: Ignore Range headers with unidentifiable byte-range values
Changes to squid-3.3.12 (09 Mar 2014):
- Regression Bug 3769: client_netmask not evaluated since Comm redesign
- Bug 4026: Fix SSL and adaptation_access handling of aborted connections
- Bug 3969: Fix credentials caching for Digest authentication
- Bug 3806: Caching responses with Vary header
- Fix umask default on crash report generated email
- Fix pthread library detection on FreeBSD 10
- Avoid assertions on Range requests that trigger Squid-generated errors.
Changes to squid-3.3.11 (01 Dec 2013):
- Regression Bug 3936: error-details.txt parse error with OpenSSL since 3.3.9
- Bug 3972: Segfault when getting the deny_info page ID after a reconfigure
- Bug 3970: max_filedescriptors disabled due to missing setrlimit
- Bug 3967: ipc/Kid.cc compilation failure: 'time' was not declared in this scope
- Bug 3960: DEAD cache_peer are not revived
- Bug 3956: xstrndup: tried to dup a NULL pointer
- Bug 3906: Filedescriptor leaks in SNMP
- Bug 3782: Digest authentication not obeying nonce_max_count
- HTTP/1.1: Make header parser obey relaxed_header_parser
- HTTP/1.1: Re-compute Range response content offset after an FTP response was adapted
- SMP: Replace blocking sleep(3) and close UDS socket on failures
- Windows: fix several compile errors
Changes to squid-3.3.10 (03 Nov 2013):
- Bug 3929: request_header_add not working for tunnel requests
- Bug 3923: cbdata and undefined behavior due to dynamic runtime enumeration
- Bug 3918: Self Test Failures on Mac OS X 10.8
- Bug 3887: tcp_outgoing_tos not working for IPv6
- Bug 3836: Fix issues with automake 1.13+ and make check
- Bug 3480: StoreEntry::kickProducer() segfaults in store_client::copy()
- Fix pinning hierarchy log information
- Fix close idle client connections associated with closed idle pinned connections.
- Fix cbdata 'error: expression result unused' errors
- Avoid "hot idle": A series of rapid select() calls with zero timeout.
- Append Connection:close to OPTIONS requests when icap_persistent_connections is off
- ntlm_fake_auth: pass DOMAIN data to Squid in original case
- kerberos_ldap_group: fix LDAP string duplication
- Use IPv6 localhost nameserver on DNS configuration errors
- Add cache_miss_revalidate
- ... and several portability improvements
Changes to squid-3.3.9 (11 Sep 2013):
- Regression Bug 3077: off-by-one error in Digest header decoding
- Bug 3895: fix acl_uses_indirect_client and cache_peer_access
- Bug 3879: assertion failed ConnStateData::validatePinnedConnection
- Bug 3863: myportname acl causes segmentation fault
- Bug 3849: Duplicate certificate sent when using https_port
- Bug 2287: Better fix for unsupported HTTP version handling
- Bug 2112: Reload into If-None-Match
- Fix several assert with side effects in ICAP/eCAP response handling
- Fix myportname ACL on ICAP/eCAP transactions
- Fix external ACL user:pass detail logging after adaptation
- Fix SMP mgr:info report 'Largest file desc currently in use'
- Handle infinite certificate validation loops caused by OpenSSL Bug 3090.
- Improved compatibility with gcc 4.8, clang and icc
- Show number of available filedescriptors when reserved FD changes
- Sync with newest OpenSSL error codes
- Register Http2-Settings header
- ... and many Windows portability fixes
Changes to squid-3.3.8 (13 Jul 2013):
- Bug 3869: assertion failed: MemBuf.cc:272: size < capacity
- Improved handling of port values in Host: header validation
Changes to squid-3.3.7 (11 Jul 2013):
- Bug 3297: Fix openSSL related build failures
- Fix build on FreeBSD 9.x platform with clang
- Protect against buffer overrun in DNS query generation
Changes to squid-3.3.6 (01 Jul 2013):
- Bug 3854: pt1: compile errors on AIX
- Bug 3802: Fix wrong check inside Format::Format::assemble
- Bug 3762: remove bogus WARNING in cache.log
- Bug 3717: assertion failed with dstdom_regex with IP based URL
- Bug 1991: kqueue causes SSL to hang
- Ask for SSL key password when started with -N but without sslpassword_program
- Make sure %<tt includes all [failed] connection attempts
- Support HTTP reply ACLs in icap_log and log_icap
- Fix incorrect external_acl_type codes
- Fix ICAP logging request headers and segmentation faults
- ... and some documentation polish
Changes to squid-3.3.5 (20 May 2013):
- Bug 3851: Delay Pool class 5 tag:levels displayed incorrectly in cache manager
- Bug 3845: http_port tcpkeepalive= option fails parsing
- Bug 3840: assertion failed 'sde' in UFS cache loading
- Bug 3836: make check failures with automake-1.13
- Bug 3827: Remove AccessLogEntry::cache.authuser
- Bug 3816 pt2: SSL_get_certificate call inside Ssl::verifySslCertificate crashes
- Bug 3780: cachemgr.cgi: output problem in HTTP Header Statistics
- Bug 3759: OpenSSL compilation error on stock Fedora17, RHEL, CentOS 6 systems
- Bug 3744: squid terminated: FATAL: Bungled (null) line 3: sslproxy_cert_sign signTrusted all
- Port from 2.6: external acl %ACL and %DATA tags
- Update copyright on SN.png
- ... and several minor memory leaks
- ... and some documentation polish
Changes to squid-3.3.4 (27 Apr 2013):
- Bug 3831: basic_ncsa_auth Blowfish and SHA support
- Bug 3816: SSL_get_certificate call inside Ssl::verifySslCertificate crashes
- Bug 3794: MacOS: workaround compiler errors and case-insensitivity
- Bug 3781: Proxy Authentication not sent to cache_peer
- Bug 3720 pt1: SourceLayout: shuffle fd_table definition into fde.h
- Bug 3720 pt2: Add missing include in /dev/poll I/O module
- Bug 3674: Improve compiler detection, better support warnings-as-errors on clang
- Add support for TPROXY on BSD
- Fix SSL Bump bypass for intercepted traffic
- Fix memory leaks in ConnStateData pinning
- Fix external_acl.cc "inBackground" assertion on queue overloads
- CacheMgr: fix missing column separator in helper stats
- OpenBSD: libpthreads requires OpenBSD 5.2 or later
- ... and lots of documentation updates
- ... and all changes from squid 3.2.10
Changes to squid-3.3.3 (12 Mar 2013):
- Bug 3720: Add missing include in /dev/poll I/O module (pt2)
- ... and all changes from squid 3.2.9
Changes to squid-3.3.2 (02 Mar 2013):
- Bug 3781: Proxy Authentication not sent to cache_peer
- Bug 3794: MacOS: workaround compiler errors
- Bug 3720: Compile error in Solaris /OpenIndiana
- ... and all changes from squid 3.2.8
Changes to squid-3.3.1 (09 Feb 2013):
- Bug 3726: build errors with --disable-ssl
- Propigate pinned connection persistency and closures to the client.
- Mimic SSL certificate Key Usage and Basic Constraints
- Fix segmentation fault on missing squid.conf values
- ext_sql_session_acl: Fix hex decoding on UID
- ... and some code polish
- ... and a lot of documentation polish
- ... and all changes from squid 3.2.7
Changes to squid-3.3.0.3 (09 Jan 2013):
- Bug 3729: 32-bit overflow in parsing 64-bit configuration values
- Bug 3728: Improve debug for cache_dir
- Additional fixes for CVE-2012-5643 / SQUID:2012-1
- kerberos_ldap_group: support multiple groups in squid.conf ACL definition
- kqueue: update status from experimental to fully available net I/O method
- ... and many memory leaks and potential bugs detected by Coverity Scan
Changes to squid-3.3.0.2 (03 Dec 2012):
- Support matching empty header field values using req_header and rep_header
- ... and some minor code polish and input vaidations
- ... and all changes from squid 3.2.4
Changes to squid-3.3.0.1 (21 Oct 2012):
- Bug 3610: Add peername_regex ACL
- Bug 3239: rename myip/myport as localip/localport
- Bug 3130: helpers are crashing too rapidly
- Add log_db_daemon SQL Database Logging Daemon
- Add ext_time_quota_acl helper managing sessions by bandwidth usage
- Add request_header_add option
- Support C++11 features where possible
- Support bump-ssl-server-first
- Support mimic SSL server certificates
- Remove --enable-ntlm-fail-open
- Fix TLS/SSL Options does not apply to the dynamically generated certificates
- Fix SslBump stuck after error
- Polish: display ACL enumeration text in debugs
- ... and many portability fixes for MacOS X, Windows and others
- ... and many compile error fixes
- ... and a very large amount of code polish for faster compilation
Changes to squid-3.2.14 (01 May 2015):
- Fix 'access_log none' to prevent following logs being used
- Fix X509 server certificate domain matching
- ... some documentation updates
Changes to squid-3.2.13 (13 Jul 2013):
- Bug 3869: assertion failed: MemBuf.cc:272: size < capacity
- Improved handling of port values in Host: header validation
Changes to squid-3.2.12 (11 Jul 2013):
- Protect against buffer overrun in DNS query generation
- Avoid !closing assertions when helpers call comm_read during reconfigure.
- Fix several minor memory leaks during reconfigure
- Remove origin_tries limiter on forwarding and permit large max_forward_tries values
Changes to squid-3.2.11 (30 Apr 2013):
- Regression Bug 3839: build error: src/tools.h: No such file or directory
- Update copyright on SN.png
Changes to squid-3.2.10 (27 Apr 2013):
- Bug 3833: squidclient: Option '-k' is not present in man(1) page
- Bug 3825: basic_ncsa_auth: segfaulting with glibc-2.17
- Bug 3822: Locate LDAP and SASL headers for BSD support
- Bug 3817: Memory leak in SSL cert validate for alt_name peer certs
- Bug 3774: 'squid -k reconfigure' drops rock cache
- Bug 3565: Resuming postponed accept kills Squid
- HTTP/1.1: partial support for no-cache and private controls with parameters
- ssl_crtd: fix helpers dying during startup on ARM
- GNU Hurd: define MAP_NORESERVE as no-op when missing
- BSD: fix enter_suid/leave_suid build errors in ip/Intercept.cc
Changes to squid-3.2.9 (12 Mar 2013):
- Regression fix: Accept-Language header parse
- Bug 3673: Silence 'Failed to select source' messages
- Fix authentication headers sent on peer digest requests
- Fix build error on Solaris, OpenIndiana, Omnios
Changes to squid-3.2.8 (02 Mar 2013):
- Bug 3767: tcp_outgoing_tos/mark ACLs do not obey acl_uses_indirect_client
- Bug 3763: diskd Error: no filename in shm buffer
- Bug 3752: objects that cannot be cached in memory are not cached on disk
- Bug 3753: Removes the domain from the cache_peer server pconn key
- Bug 3749: IDENT lookup using wrong ports to identify the user
- Bug 3723: tcp_outgoing_tos/mark broken for CONNECT requests
- Bug 3686: cache_dir max-size default fails
- Bug 3515: crash in FtpStateData::ftpTimeout
- Bug 3329: Quieten orphan Comm::Connection messages
- Make squid -z for cache_dir rock preserve the rock DB
- Fixed several server connect problems
- ... and some build issues on Solaris, OpenIndiana, MacOS X
- ... and some documentation and debugs polishing
Changes to squid-3.2.7 (01 Feb 2013):
- Bug 3736: Floating point exception due to divide by zero
- Bug 3735: raw-IPv6 domain URLs crash if IPv6-disabled
- Bug 3732: Fix ConnOpener IPv6 awareness
- Bug 3729: 32-bit overflow in parsing 64-bit configuration values
- Bug 3728: Improve debug for cache_dir
- Bug 3687: unhandled exception: c when using interception and peers
- Bug 3678: external acl grace period causes acl lookup failures
- Bug 3567: Memory leak handling malformed requests
- Bug 3111: Mid-term fix for the forward.cc "err" assertion
- Support OpenSSL NO_Compression optio
- Fix IPv6 enabled pinger on split-stack or IPv6-disabled systems
- Fix "address.GetPort() != 0" assertion for helpers
- ... and several minor memory leaks
- ... and some cache.log message polishing
Changes to squid-3.2.6 (09 Jan 2013):
- Regression Bug 3731: TOS setsockopt() requires int value
- Regression Bug 3712: Rotating logs overwrites the previous log
- Bug 3727: LLVM compile errors in kerberos_ldap_group
- Bug 3650: Negotiate auth missing challenge token
- Additional fixes for CVE-2012-5643 / SQUID:2012-1
Changes to squid-3.2.5 (10 Dec 2012):
- Bug 3698: Add missing include of errno.h
Changes to squid-3.2.4 (03 Dec 2012):
- Ported: urllogin ACL from squid 2.7
- Bug 3688: Lots of Orphan Comm:Connections to ICAP server
- Bug 3677: Port un-pinning logic changes from squid 3.3
- Bug 3405: ssl_crtd crashes failing to remove certificate
- ... and major bugs fixed in squid 3.1.22
- Fix accept_filter on Linux
- Remove 'Bungled' warning on missing component directives
- ... and many buffer and memory leak issues in the bundled helpers
- ... and a small amount of code polishing
Changes to squid-3.2.3 (21 Oct 2012):
- Regression: SMP crashes on startup with workers > 1
- Bug 3655: pinning failure breaks NTLM and Negotiate authentication
- SMP: Allow a UFS cache_dir entry to coexist with a shared memory cache entry
- HTTP/1.1: honour Cache-Control before Pragma:no-cache
- HTTP/1.1: Cache-Control compliance upgrade
- Remove obsoleted refresh_pattern ignore-no-cache option
- Fix IPv6 enabled squidclient
- ... and several compile fixes
Changes to squid-3.2.2 (06 Oct 2012):
- Regression: Make login=PASS send no credentials when none available
- Regression: Handle dstdomain duplicates and overlapping names better
- Bug 3661: Segmentation fault when using more than 1 worker
- Bug 3660: ACLFilledChecklist::fd set with wrong fd for sslproxy_cert_error
- Bug 3658: ERR_ZERO_SIZE_OBJECT propagates out even after successful retry
- Bug 3648: polish String class files
- Bug 3647: parsing hier_code acl fails
- Bug 3626: forwarding loops on intercepted traffic
- Bug 3616: retrieve client connection for ACL checks from the related HttpRequest object
- Bug 3609: several RADIUS helper improvements
- Bug 3605: memory leak in Negotiate authentication
- Fix small memory leak in src ACL parse
- Fix maximum_single_addr_tries upgrade
- Fix chunked encoding on responses carrying a Content-Range header.
- Do not reuse persistent connections for PUTs to avoid ERR_ZERO_SIZE_OBJECT
- ... and several compile errors
Changes to squid-3.2.1 (15 Aug 2012):
- Bug 3605: memory leak in peer selection
- Bug 3478: better default handling without -DSTRICT_ORIGINAL_DST
- ... and some documentation updates
Changes to squid-3.2.0.19 (02 Aug 2012):
- Regression Bug 3580: IDENT request makes squid crash
- Regression Bug 3577: File Descriptors not properly closed
- Regression Bug 3478: Allow peer selection and connection auth on intercepted traffic
- Regression Fix: Restore memory caching ability
- Bug 3556 Workaround: epoll assertion failed: comm.cc:1093: isOpen(fd)
- Bug 3551: store_rebuild.cc:116: "store_errors == 0" assertion
- Bug 3525: Do not resend nibbled PUTs and avoid "mustAutoConsume" assertion.
- Avoid bogus "Disk space over limit" warnings when rebuidling dirty ufs index
- Support custom headers in [request|reply]_header_* manglers
- ... and much code polishing
Changes to squid-3.2.0.18 (29 Jun 2012):
- Bug 3576: ICY streams being Transfer-Encoding:chunked
- Bug 3537: statistics histogram leaks memory
- Bug 3526: digest authentication crash
- Bug 3484: Docs: sslproxy_cert_error example flawed
- Bug 3462: Delay Pools and ICAP
- Bug 3405: ssl_crtd crashes failing to remove certificate
- Bug 3380: Mac OSX compile errors with CMSG_SPACE
- Bug 3258: Requests hang when Host forgery verify fails
- Bug 3186: Digest auth caches failed state without revalidating
- Bug 2976: ERR_INVALID_URL for transparently captured requests when reconfiguring
- Bug 2885: AIX: check and set required compiler flags
- Fix ssl_crtd compile issues with libsslutil
- Fix build with GCC 4.7 (and probably other C++11 compilers).
- Fix double-escape of %R on deny_info redirect responses
- Support status 308 Permanent Redirect
- Support for TLSv1.1 and TLSv1.2 options and methods
- Support passing external_acl_type credentials on ICAP
- Language Updates: fr, hy, pt_BR
- ... and many compile issues on Windows
- ... and some minor code polish
Changes to squid-3.2.0.17 (12 Apr 2012):
- Bug 3527: EUI compile errors on Mac OS X 10.5.8 PPC
- Bug 3509: kQueue compile error
- Bug 3505: crash in CbcPointer<Comm::ConnOpener> constructor
- Bug 3441: Part 3: Replace corrupted v1 swap.state with new v2 format.
- Bug 3397: do not mark connection as opened until after SYN-ACK
- Bug 3193: NTLM decoder truncating strings
- Windows FD handling polish and some fixes
- Solaris 9/10 various build fixes
- ... and some more code polish
Changes to squid-3.2.0.16 (07 Mar 2012):
- Bug 3508: Correct DNS timeout handling.
- Bug 3503: DNS PTR queries timeout due to wrong QIDs.
- Bug 3497: Bad ssl_crtd db size file causes infinite loop
- Bug 3490: part 1: SegFault opening FTP active data connections
- Bug 3490: Crash writing Apache Common and Referer/Useragent logs
- Bug 3458: Icon Serving (squid-internal-static) Broken
- Bug 3457: Display TLS error details in ERR_SECURE_CONNECT_FAIL
- Bug 3381: 32-bit overflow assertion in StatHist
- Bug 3324: loadFromFile: parse error while reading template file
- Support sslpassword_program for ssl-bump HTTP ports
- Support CoAP protocol coap:// and coaps:// URL schemes in HTTP requests
- Retry requests that failed due to a persistent connection race
- Log '-' on requests with no Referer or User-Agent headers
- ... and several fixes related to in-transit object performance
- ... and some structural design changes for portability
Changes to squid-3.2.0.15 (06 Feb 2012):
- Bug 3472: segfault with the message 'urlParse: URL too large'
- Bug 3471: segfault when %la formating code used
- Bug 3449: part 3: shm_open can fail with a mangled path
- Bug 3449: part 4: shm_open failed (fixing memory_cache_shared defaults)
- Bug 3448: 204 response problem in adaptation chains
- Bug 3447: assertion failed: CommCalls.h:150: "dp"
- Bug 3461: build regression in IPFilter NAT
- Bug 3413: raise cbdata lock limits
- Bug 3391: forwarded_for log functionality broken
- Bug 3268: Squid cannot do anything else during ufs/diskd rebuild
- Bug 3268: remove wrong 'Ready to serve requests.' message
- Bug 2519: ssl_bump + Authentication (LDAP Digest) issues
- Disable OpenSSL SSL/TLS bug workarounds by default
- Send DNS A and AAAA queries in parallel
- Cache Manager migration support
- Allow service of internal requests over reverse-proxy ports
- Fix trimMemory for unswappable objects
- ... and several build and polish fixes
Changes to squid-3.2.0.14 (12 Dec 2011):
- Bug 3433: Segfault closing SNMP
- Bug 3420: Request body consumption races and !theConsumer exception.
- Bug 3406: SSL Log Error in debug
- Bug 3383: store.cc:1631: "new_status != IN_MEMORY" assertion
- Bug 3383: unhandled exception: theGroupBSize > 0
- Bug 3377: assertion failed: store.cc:885: "store_status == STORE_PENDING"
- Bug 3367: fix inverted check on host_strict_verify
- Bug 3366: assertion comm.cc:1276: isOpen(fd) via CompositePoolNode::kickReads
- Bug 3364: SNMP Orphans
- Bug 3301: ERR_DNS_FAIL never shown
- Bug 3150: do not start useless unlinkd
- ext_session_acl: version 1.2
- Add adaptation_meta option