* SourceFormat Enforcement
* Replace most USE_IPV6 with run-time support probing
* Translations: sync with 3.HEAD language updates
* Split-Stack enable DNS and http(s)_port sockets.
* Bug: --with-valgrind-debug failures ignored
* Fixed comm.cc:377: "fd_table[fd].halfClosedReader != NULL" assertion
* Kludge: try to detect system acinclude path, to fix libtool brokenness.
* Bug: search scope for digest_ldap_auth didn't work
* Update libtool autoconf macros to libtool2 style
* Correction documentation of QoS disable-preserve-miss
* Remove .so from SASL build checks
* Bug: AIX support: c only c++ style comments test case
* Bug: AIX support: check libm for log()
* Do not stop accepting just because we got COMM_NOMESSAGE.
* Bug: AIX support: uchar is already define (more)
* Bug: AIX support: uchar is already define
* Bug: crash handling NULL write callback
* Correct Joomla DB auth handling
* Fixed memory leak related to retried requests.
* Prevent memory leaks when cloning Range requests.
* Fixed memory leaks related to Range requests.
Changes 3.1.5:
* Bug: Fix context leak in HttpStateData::processReplyHeader
* Bug: raw-IPv6 address URL with append_domain broken
* Bug: does not send indirect X-Client-Ip in ICAP respmod
* Fix free memory corruption and off-by-on error when comparing SNMP OIDs
* Restart DNS retransmission count when restarting the query as an A lookup
* Bug: HTTP responses with no Date, L-M or Expires can now be cached
* Maintenance: Formater skip libltdl dirs
* SourceFormat Enforcement
* Bug: Fails to detect chunked encoding if not given in all lower case
* Port from 2.7: max_filedescriptor config option
* persistent_connection_after_error is meant to be on by default
* kFreeBSD does not have linux headers. Wrap properly.
* Maintenance: Use system MD5 instead of hard-coded python paths
* Bug: ICAP tokens not logged when using multiple access
* SourceFormat Enforcement
* OpenBSD: Fix build mem.cc warning: converting of negative value
variable is set to the empty string. We will otherwise end up building
all the helpers which is probably not what the user wanted.
This addresses the second halfof PR pkg/43347 by Bernd Ernesti.
1.) Allow individual "squid*" packages to register an extra target that
is run before the common "post-install" target.
2.) Use a much simpler logic to figure out what files get installed into
"share/squid/errors" and "share/squid/icons".
Tested with the "squid27" and the "squid31" package.
It was accidently deleted by previous commit.
Also stop using PLIST.common_end here.
It should fix some bulk problem of squid27/squid30/squid31 packages.
* Now www/squid directory is common directory for squid packages.
* package options clean up and all options are described.
* LDAP helper support. (PR pkg/39386)
* DESTDIR support.
* Move some MESSAGE to documation directory.
Next, I'll import squid26, squid27 and squid30 packages.
two security fixes:
- Bug #1993: Memory leak in http_reply_access deny processing
- Bug #2122: In some situations collapsed_forwarding could leak
private information
Changes to squid-2.6.STABLE21 (27 June 2008)
- Bug #2350: Bugs in Linux kernel capabilities code
- Bug #2241: weights not applied properly in round-robin peer
selection
- Off by one error in DNS label decompression could cause valid DNS
messages to be rejected
- logformat docs contain extra whitespace
- Reject ridiculously large ASN.1 lengths
- Fix SNMP reporting of counters with a value > 0xFF80000
- Correct spelling of WCCPv2 dst_port_hash to match the source
- Plug some "squid -k reconfigure" memory leaks. Mostly SSL related.
- Bug #1993: Memory leak in http_reply_access deny processing
- Bug #2122: In some situations collapsed_forwarding could leak
private information
- Bug #2376: Round-Robin becomes unbalanced when a peer dies and comes
back
- Bug #2387: The calculation of the number of hash buckets need to
account for the memory size, not only disk size
- Bug #2393: DNS requests retried indefinitely at full speed on failed
TCP connection
- Bug #2393: DNS retransmit queue could get hold up
- Correct socket syscalls statistics in commResetFD()
It would be last 2.6 stable release.
Changes to squid-2.6.STABLE20 (25 Apr 2008)
- Bug #2263: Custom log formats fail to log file sizes >2GB properly
on 32-bit platforms
- Fix stripping NT domain in squid_ldap_group
- Bug #2278: Cache-Control: max-stale=0 forwarded wrongly as max-stale
(without delta)
- Bug #2283: Fails to parse chunked encoding using chunk extensions
- Bug #420: Deal properly with empty list HTTP header members
- Windows Server 2008 support
- Bug #1886: tcp_outgoing_address acl doesn't work with indirect
source address (follow-x-forwarded-for)
- Bug #2296: Stuck in 100% CPU when fetching an corrupt peer digest
- Add support for the resolv.conf domain directive, and also
automatically derived default domain
- minimum_icp_query_timeout directive
- Bug #2329: Range header ignored on HIT
Changes to squid-2.6.STABLE19 (19 Mar 2008)
- Fix tcp_outgoing_address example config to match its description
- Bug #2198: assertion failed sc != NULL when using peer monitor
function
- Fix missing default disk store type into QUICKSTART example.
- Bugzilla #761 : Handle recursive completion operations in diskd.
- documentation bugfix for tcp_outgoing_tos directive
- Sort cache list in wccpv2 to ensure a consistent hash allocation
across all services
- Updated Ukrainan error pages
- Compile error in squid_kerb_auth under Mac OS X 10.5.2
- squid_radius_auth failed ro process more than 256 requests
- Clarified description of 'cache_vary' directive
- Make range_offset_limit 0 disable local range processing as
documented, even if the first range starts at 0
- Revive support for system without NetBSD style rc/rc.d.
- Always pass command_args and squid_flags to squid command.
This should fix the PR pkg/38036 by Wolfgang Stukenbrock.
Bump PKGREVISION.
Changes to squid-2.6.STABLE18 (10 Jan 2008)
- Fix 2 assertion failures related to the fix for SQUID-2007:2
- GPL license cleanup to GPLv2 or later. One file in edir_digest_auth
was GPLv2 only, now replaced with a GPLv2 or later licensed vesion.
- Minor cleanups to make certain 64-bit platforms happier
- Several Digest authentication bugs fixed wich was causing random
authenitcation popups or failures.
- --with-valgrind-debug updated for valgrind-3.3.0.
- Move some common parameter to Makefile.common; squid's user, group and
data directory.
- Add LOGDIR to Makefile.common.
These changes have no functional change but make it possible for
squidGuard package to share parameters.
Changes to squid-2.6.STABLE17 (26 Nov 2007)
- Fix compile error with old GCC 2.x or other ANSI-C compilers before
C99
- Mention the login= cache_peer option in release notes
- Fix bad cache_peer example in squid.conf
- Bug #2086: Fix a compile-time memory corruption error causing cf_gen
to fail
- Bug #2048: Clarify high_memory_warning usage
- Reject DNS responses which result in no data
- Fix version number in configuration manual
- Move cache and request/reply_header_max_size to their proper
sections
- Bug #2088: sbrk statistics broken when process size >2GB
- Move logopen() much earlier to have fatal startup errors sent to the
proper syslog facility
- Fix HTTP/0.9 responses
- Correct bad example config for tos_outgoing_tos
- Fix grammar in description of mail_program squid.conf option
- Ignore Content-Length in chunked responses instead of rejecting the
response as invalid
- Documented that http_port no longer have a default
- Cleanup of cache digest documentation
- Make aufs store rebuilding back off a little if I/O load too high
- Bug #2100: Respect DNS ttl=0
- Update udp_(incoming|outgoing)_address documentation to reflect
current bahaviour.
- Update HTCP documentation
- Document the overlapping helper request format
- Change priority of proxy auth and extacl provided username in
login=*:pass
- pack header entries on cache updates
- Make squid_db_auth reopen the database connection on each query by
default
- Improve helper debug ouput, including the channel number
- Update cachePeerEntry MIB description to mention what is used as
index key
- Import squid_radius_auth for authenticating to RADIUS
Changes to squid-2.6.STABLE16 (5 Sep 2007)
- Test for sys/capability.h linux include file to avoid failing on
linux systems missing libcap
- Release private objects on cache rebuild
- Segfault in clientBuildReplyHeader when http->entry == NULL
- Bug #2072: digest_pw_auth fails when using plaintext passwords
- Bug #2073: assertion failed: client_side.c:4175: "buf != NULL ||
!conn->body.request on POST
- Adjust default pconn timeouts to avoid shutting down connection while
child sends request
- Bug #1980: cache_peer monitortimeout not working
- Bug #1882: Parent responses are not cached if sibling returns 504
- More squid.conf reordering to get the dependencies between options
sorted proper
Changes to squid-2.6.STABLE15 (31 Aug 2007)
- The select() I/O loop got broken by the /dev/poll addition
(2.6.STABLE14)
- Bug #2017: Fails to work around broken servers sending just the HTTP
headers
- Bug #2023: Compile error with old GCC 2.x or other ANSI-C compilers
before C99
- squid.conf.default updated and reorganised in more sensible groups
- correct and document the syslog access_log format
- Armenian error pages translation
- digest_ldap_helper usage help updated
- Bug #1560: ftpSendPasv: getsockname(-1,..): (9) Bad file descriptor
- Improve delay pools in low traffic environment by checking timeouts
at a steady 1 second interval even when there is not much activity
- Don't request authentication on transparently intercepted
connections
- Cleanup linux capabilities for tproxy
- Bug #2003: 'via' config directive doesn't affect response headers
- Bug #1902: Adds Numeric Hit and invalid request counters to IP Cache
- Add missing $|=1 to squid_db_auth
- Bug #2050: Persistent connection dropped if cache has no
Content-Length
- Verify the URL on memory cache hits
- Bug #2057: NTLM stop work in messengers after upgrade to 2.6.STABLE14
- Bug #1972: Squid sets peers to down state when they are in fact
working.
- potential segmentation fault in storeLocateVary()
- Bug #2066: chdir after chroot
- Windows port: Fix compiler warnings when building Squid as
application (not Windows service mode)
- Spelling correction of received
pkgsrc chagnes
o Add "coss" option which enable COSS (Cyclic Object storage system).
Noted by Chris Ross on pkgsrc-users.
Changes to squid-2.6.STABLE14 (15 Jul 2007)
- squid.conf.default cleanup to have options in their proper sections.
- documentation correction in the refresh_pattern ignore-auth option
- URI-escaping not uses the recommended upper-case hex codes
- refresh_pattern min-age 0 correted to really mean 0, and not 1 second
- Always use xisxxxx() Squid defined macros instead of ctype
functions.
- Kerberos SPNEGO/Negotiate helper for the negotiate scheme
- Database basic auth helper using Perl DBI to connect to most SQL DBs
- Solaris /dev/poll network I/O support
- configure fixes to make cross compilation somewhat easier
- Removed incorrect -a reference from http_port documentation
- Bug #1900: Double "squid -k shutdown" makes Squid restart again
- Bug #1968: Squid hangs occasionally when using DNS search paths
- Novell eDirectory digest auth helper (digest_edir_auth)
- Bug #1130: min-size option for cache_dir
- POP3 basic auth helper querying a POP3 server
- Cosmetic squid_ldap_auth fixes from Squid-3
- Bug #1085: Add no-wrap to cache manager HTML tables
- Automatically restart if number of available filedescriptors becomes
alarmingly low, preventing a situation where Squid would otherwise
permanently stop processing requests.
- Bug #2010: snmp_core.cc:828: warning: array subscript is above
array bounds
- Deal better with forwarding loops
the owner of all installed files is a non-root user. This change
affects most packages that require special users or groups by making
them use the specified unprivileged user and group instead.
(1) Add two new variables PKG_GROUPS_VARS and PKG_USERS_VARS to
unprivileged.mk. These two variables are lists of other bmake
variables that define package-specific users and groups. Packages
that have user-settable variables for users and groups, e.g. apache
and APACHE_{USER,GROUP}, courier-mta and COURIER_{USER,GROUP},
etc., should list these variables in PKG_USERS_VARS and PKG_GROUPS_VARS
so that unprivileged.mk can know to set them to ${UNPRIVILEGED_USER}
and ${UNPRIVILEGED_GROUP}.
(2) Modify packages to use PKG_GROUPS_VARS and PKG_USERS_VARS.
Changes to squid-2.6.STABLE13 (11 May 2007)
- Make sure reply headers gets sent even if there is no body available
yet, fixing RealMedia streaming over HTTP issues.
- Undo an accidental name change of storeUnregisterAbort.
- Kill an ancient malplaced storeUnregisterAbort call from ftp.c
- Bug #1814: SSL memory leak on persistent SSL connections
- Don't log ECONNREFUSED/ECONNABORTED accept failures in cache.log
- Cosmetic fix: added missing newline in WCCPv2 configuration dump.
- Ukrainan error messages
- Convert various error pages from DOS to UNIX text format
- Bug #1820: COSS assertion failure t->length == MD5_DIGEST_CHARS
- Clarify the max-conn=n cache_peer option syntax slightly
- Bug #1892: COSS segfault on shutdown
- Windows port: fix undefined ECONNABORTED
- Make refreshIsCachable handle ETag as a cache validator, not
only last-modified
- in_port_t is not portable, use unsigned short instead
- Fix fs / auth / snmp dependencies
- Portability: statfs() may reqire #include <sys/statfs.h>
Changes to squid-2.6.STABLE11 (Mar 17 2007)
- Bug #1915: assertion failed: client_side.c:4055: "buf != NULL ||
!conn->body.request"
- Handle garbage helper responses better in concurrent protocol format
- Fix kqueue when overflowing the changes queue
- Make sure the child worker process commits suicide if it could
not start up
- Don't log short responses at debug level 1
- Fix bswap16 & bwsap32 error on NetBSD
- Fix collapsed_forwarding for non-GET requests
Changes to squid-2.6.STABLE10 (Mar 4 2007)
- Upgrade HTTP/0.9 responses to our HTTP version (HTTP/1.0)
- various diskd bugfixes
- In the access.log hierarchy field log the unique peer name
instead of the host name
- unlinkdClose() should be called after (not before) storeDirSync()
- CLEAN_BUF_SZ was defined, but never used anywhere
- logging HTTP-request size
- Fix icmp pinger communication on FreeBSD and other not supporing
large dgram AF_UNIX sockets
- Release objects on swapin failure
- Bug #1787: Objects stuck in cache if origin server clock in future
- Bug #1420: 302 responses with an Expires header is always cached
- Primitive support for HTTP/1.1 chunked encoding, working around
broken servers
- Clean up relations between TCP probing and DNS checks of peers with
no known addresses.
- Fix a minor HTML coding error in ftp directory listings with // in
the path
- Bug #1875, #1420. Cleanup of refresh logics when dealing with
non-refreshable content
- Negotiate authentication fixed again. Broken since STABLE7 by the
patch for Bug #1792.
- Bug #1892: COSS tries to shut down the same directory twice on exit
- Bug #1908: store*DirRebuildFromSwapLog() ignores some SWAP_LOG_DEL
entries
- Added support for Subversion HTTP request methods MKACTIVITY,
CHECKOUT and MERGE.
Changes to squid-2.6.STABLE9 (Jan 24 2007)
- Bug #1878: If-Modified-Since broken in 2.6.STABLE8
- Bug #1877 diskd bug in storeDiskdIOCallback()
Changes to squid-2.6.STABLE8 (Jan 21 2007)
- Bug #1873: authenticateNTLMFixErrorHeader: state 4.
- Document the https_port vhost option, useful in combination with
a wildcard certificate
- Document the existence of connection pinning / forwarding of NTLM
auth and a few other features overlooked in the release notes.
- Spelling correction of the ssl cache_peer option
- Add back the optional "accel" http_port option. Makes accelerator
mode configurations easier to read.
- Bug #1872: Date parsing error causing objects to get unexpectedly
cached.
- Cleanup to have the access.log tags autogenerated from enums.h
- Bug #1783: STALE: Entry's timestamp greater than check time. Clock
going backwards?
- Don't update object timestamps on a failed revalidation.
- Fix how ftp://user@host URLs is rendered when Squid is built with
leak checking enabled
