* Regression Bug 3261: Could not create a DNS socket and exit
Changes 3.1.13:
* Regression Bug 3239: problems with myip/myport upgrade
* Bug 3153: hung ICAP RESPMOD transactions
* Update ssl_crtd to use 'OK' status inline with other helpers
* Bug 3121: memory leak in DigestAuth: AuthUser object is locked twice
* Bug 3113: Consuming too much memory when uploading files
* Bug 3110: 'reply_body_max_size none' does not work with x-forwarded-for
* Bug 3096: Consuming too much memory when delaying traffic
* Bug 3091: Bypassed ICAP errors are not counted as service failures
* Bug 3090: Polish FTP login error handing
* Bug 3068: cache_dir capacity and usage overflows
* Bug 3028: Permit wbinfo_group.pl to authenticate Kerberos users with NT domain
* Bug 427: HTTP Compliance: Support If-Match and If-None-Match requests
* Fix memory leak in adaptation_access
* Fix /dev/poll and poll() selection priority
* Fix PREFIX/var/run creation during install
* Fix cachemgr http_port config report display
* Add upgrade help process for obsolete options
* Accept RFC 2965 Set-Cookie2 / Cookie2 headers as 'known'
* HTTP/1.1: entry is stale if request has max-age=0
* HTTP/1.1: do not forward TRACE with Max-Forwards: 0 after REQMOD
* Toolchain update to support newer auto-tools
* ... and updated error page translations
* ... and updated documentation
* ... and some code optimization/simplification polish
- Bug 2933: Verification of the max. port number for WCCP2 dynamic service
- Bug 2924: RADIUS helper compile issues
- Bug 2922: Fix assertion failed: HttpHeader.cc: "Headers[id].stat.aliveCount"
- Bug 2919: tcp_outgoing_address ACLs not obeying acl_uses_indirect_client
- Bug 2896: Fix assertion failed: comm.cc:2063: "!fd_table[fd].closing()"
- Bug 2879: pt2: 3.0 regression in headers end finding
- Bug 2877: pt2: only output zero-size warning on reverse-proxy requests
- Bug 2876: FD_SETSIZE override not working on all linux distributions
- Bug 2810: common log format generates 2 lines of syslog
- Bug 2789: Optimize unlimited memory pools, and correctly handle limits over 2GB
- Bug 2753: Fall back on IPv4 if IPv6 is not present
- Bug 2697: Adaptation leaks and extra requests after reconfiguration
- Bug 2633: Fix Ecap::HeaderRep::value(name) fails when there is no named header field
- Change LDAP helpers to default to LDAP version 3 if available
- Add Joomla and Salted Hash support to squid_db_auth helper
- Fixed IpAddress port printing for ports higher than 9999
- Disable chunked memory pooling by default.
- ... and several build errors.
- Regression Fix: Make Squid abort on all config parse failures.
- Regression Bug 2811: SNMP client/peer table OID numbering
- Bug 2851: Connection pinning fails when using a peer
- Bug 2850: Mismatch in hier_code enum / hier_strings array
- Bug 2731: Add follow_x_forwarded_for support to ICAP
- Bug 2730: Regressions in follow_x_forwarded_for since Squid-2
- Bug 2706: Set timestamps during ICAP request satisfaction.
- Bug 2553: X-Forwarded-For with IPv6 address not handled correctly
- Fix: WCCPv1 not connecting to router correctly
- Remove obsolete RunCache/RunAccel scripts.
- Add client_ip_max_connections
- Add the http::>ha format code and make http::>h log original request
headers
- ... and all bug fixes from 3.0 up to 3.0.STABLE22
- ... and many more minor build and display annoyances.
This update also contains the fix for the remote DoS vulnerability
reported in "Squid Proxy Cache Security Update Advisory SQUID-2010:1".
- Bug 2777: Various build issues on OpenSolaris
- Bug 2773: Segfault in RFC2069 Digest authentication
- Bug 2747: Compile errors on Solaris 10
- Bug 2735: Incomplete -fhuge-objects detection
- Bug 2722: Fix http_port accel combined with CONNECT
- Bug 2718: FTP sends EPSV2 on IPv4 connection
- Bug 2648: stateful helpers stuck in reserved
- Bug 2570: wccp2 "Here I Am" announcements not sent in memory-ony mode
- Bug 2510: digest_ldap_auth uses incorrect logic with TLS
- Bug 2483: bind() called before connect()
- Bug 2215: config file line length limit (extended to 2 KB)
- Support Accept-Language: * wildcard
- Support autoconf 2.64
- Support TPROXY for IPv6 traffic (requires kernel support)
- Support TPROXY cache cluster behind WCCPv2
- Correct ESI support to work in multi-mode Squid
- Add 0.0.0.0 as an to_localhost address
- DiskIO detection fixes and use optimal IO in default build.
- Correct peer connect-fail-limit default of 10
- Prevent squidclient sending two Accept: headers
- ... all bug fixes from 3.0.STABLE19
- ... and many more documentation fixes
Approved by Thomas Klausner.
Changes since version 3.1.0.12:
- Bug 2723 regression: enable PURGE requests if PURGE method ACL is present.
- Fix one more internal profiler error
- Language Updates: Italian, Russian
- Language Updates: Add many more aliases
- Add Copyright document for errors/ content
- ... all bug fixes from 3.0.STABLE18
- ... and several code polishing cleanups
Changes since version 3.1.0.11:
- Bug 2716: Chunked request Signed/Unsigned build error
- Bug 2674: Remove limit on HTTP headers read.
- Bug 2620: Invalid HTTP response codes causes segfault
- Fix FTP EPSV negotiation parser.
- Fix Via string when leak checking is enabled (valgrind etc)
- ... and several documentation and testing additions
This update also fixes the security vulnerabilites reported in
the SQUID-2009:2 advisory.
Changes since version 3.1.0.9:
- Bug 2087: Support adaptation sets and chains
- Bug 2459: dns error message broken when error handling delayed
- Support ICAP Retry
- Support ICAP retries based on the ICAP responses status code
- Support logging ICAP
- Support logging total DNS wait time
- Support logging response times of adaptation transactions
- General logging enhancements
- Dynamically form chains based on ICAP X-Next-Services header
- Support cross-transactional ICAP header exchange
- Bug 2680: Regression Crash after rotate with no helpers running
- Bug 2695: Regression in WCCPv2 L2 mask assignment
- Bug 2707: Regression in FTP anonymous auth
- Bug 422, 2706: RFC 2616 Date header requirements
- Bug 1087: ESI processor not quoting attributes correctly.
- Bug 1338: File prefetches aborted despite range_offset
- Bug 2080: wbinfo_group.pl - false positive under certain conditions
- Bug 2092: select loop 32-bit call counter overflows
- Bug 2127: delay pools class 4 crashes with ntlm auth
- Bug 2611: document fast/slow acl types
- Bug 2614: Potential loss of adapted body data from eCAP adapters
- Bug 2658: Missing TextException copy constructor
- Bug 2659: String length overflows on append, leading to segfaults
- Bug 2699: Build failure NTLM smb_lm helper
- Bug 2709: TRANSLATIONS not installed
- Bug 2710: squid_kerb_auth non-terminated string
- Delay pools 64-bit buckets and IPv6-polish
- Break forwarding loops for "transparent" or "intercept" http_ports.
- Add --disable-translation option to detatch .po from error negotiation
- Add squidclient man(1) page
- Add localhost to default permitted networks
- http_port allow-direct option to allow direct forwarding in accelerator mode
- ... and many testing infrastructure updates
- ... and much adaptation polish and improvements
- Bug 2682: Add ftp_epsv control to disable EPSV support.
- Bug 2665: Detach automake system from using -I.
- Bug 2395: FTP auth errors not displayed
- ... also several changes and bugs closed in 3.0.STABLE16
- Port from 2.7: Show local address on listening sockets
- Add "tag" type acl matching tags set by external acl helpers.
- Adds Language alias linker/installer/upgrade scripts
- Support for GCC 4.4
- Fix false NAT lookup errors on Linux
- Fix many Windows port issues
- Fix squid_kerb_auth helepr install location
- Better detection of IPv6 stack types
- Updates Licensing information for Squid 3.1
- ... and many packaging portability build and install issues
- Bug 2656: Pinger dies with general protection fault
- Bug 2650: configure requires epoll_ctl in libepoll when --enable-epoll used
- Bug 2648: Authentificator processes deferring and don't shutdown.
- Bug 2645: allow squid to ignore must-revalidate
- Bug 2644: auth scheme initialization is broken
- Bug 2632: Make number of reforwarding tries configurable
- Bug 2628: --with-pidfile=PATH option to override DEFAULT_PID_FILE
[This problem was reported for pkgsrc in PR pkg/41521.]
- Bug 2627: HTCP Logging
- Bug 2615: Call libecap::adapter::Service::start() when finalizing config.
- Bug 2589: SNMP returning no data - wrong oid decoded
- Bug 2571: Squid with IPv6 fails to start on kernel without IPv6
- Bug 2559: Problem parsing /0 and /0.0.0.0
- Bug 2404: WCCP in mask mode is broken
- ... also all bugs closed by 3.0.STABLE14, 3.0.STABLE15, 3.0.STABLE16-RC1
- Complete Interception multiple NAT support
- Add Content-Disposition to the known headers list.
- Make PEER_TCP_MAGIC_COUNT configurable
- Fix pinger install location
- Enable TPROXY v4 spoofing of CONNECT requests
- ... and much documentation and code polishing
various configuration and example files. Leave the installation of the
example files to "pkgsrc" instead.
Problem reported by Hasso Tepper in private e-mail.
* New Version Numbering System
* Minimal squid.conf improvements
* Native IPv6 Support
* Error Page Localization
* Connection Pinning (for NTLM Auth Passthrough)
* Quality of Service (QoS) Flow support
* SSL Bump (for HTTPS Filtering and Adaptation)
* eCAP Adaptation Module support
This package is heavily based on work by Michael van Elst which includes
fixes for the IPv6 support.
