Henrik Nordström's Squid work -> Archive of old patches

Old patches

This is patches that is incorporated into the main Squid distribution, or replaced with newer versions (or in some cases rejected).

Old Squid 2.X (and 1.2beta) patches

• Squid-2.3.DEVEL3: Age header calculations & exceptions
  Take into account any existing Age header from upstream caches, and don't emit Age headers unless there is a age to report (works around a browser bug in Mircosoft IE where IE hangs on certain uncachable pages)
• Squid-2.3.DEVEL3: Default reference_age is one year
  Minor correction to the comments in squid.conf. The default reference_age is one year, not one month as incorrecly stated in squid.conf comments.
• Squid-2.3.DEVEL3: Assertion failure on invalid PASV replies (FTP)
  Squid failed with a assertion failure if a invalid reply to PASV was received.
• Squid-2.3.DEVEL3: chroot support
  Adds chroot support to Squid.
• Squid-2.3.DEVEL3: Persistent connections and IMS-HIT / HEAD
  Squid failed to handle persistent connections on bodyless replies.
• Squid-2.2.STABLE5: Ignore Host header
  Recreate Host header from scratch on every request. This is to protect Squid from a malicous user sending requests with inconsistent request URI and Host header, which could teoretically be used to cause cache pollution if the attacker has control of a another web site sharing the same IP address as the site they want to pollute and is allowed to use Squid.
• Squid-1.2.beta23: New way of processing request bodies (PUT/POST)
  I have never liked how we handled requests with request-bodies (PUT/POST requests), and I finally got some time to rework it into a nicer and more inituitive way. This was first done in 1.2beta21 and released public at beta22. It has been fairly well tested both by me and others, but Duane thinks the patch is a bit large for fixing a thing that almost works.. Obviously I don't agree with hime here ;-)
  • Request-bodies are available to the protocols by using clientReadBody(request, buffer, len, callback, data), which is used in a way similar to file_read(). clientReadBody uses a new request-structure variable named body_connection, and this can be used as a boolean to check for presence of a request-body. Should probably add a flag as well to make it clearer.

    The callback is called like:
    callback(buffer, read_len, data)
    read_len == 0 on end of request body
    read_len == -1 on errors/abort.

    There is also a new request structure flag: REQ_SENT_BODY, which indicates that we have used some/all of the request-body. This is used to disable restarts of such requests.

  • All request reading is done in clientReadRequest, which properly understands about aborted, half-closed, persistent and pipelined client connections.
  • No more magic in clientReadRequest to determine if there is a request-body or not.
  • It should be trivial to enchance this with chunked transfer encoding apart from the actual code to decode it, which is a must if we are to support HTTP 1.1.
  • Replaces the pump module in both HTTP and FTP. (pump.c now unused)
• Squid-2.2.STABLE4: Keep stdio filehandles in daemon mode
  This patch causes Squid to keep stdio filehandles open when starting in daemon mode. If you do not want this them make sure to redirect them to /dev/null
  squid </dev/null >/dev/null 2>&1
  I personally redirect stdout and stderr to /dev/console.
• Squid-2.4.DEVEL3-hno: Disable the initial request timeout message
  The error message Squid sends when the client does not send a initial request in a timely manner confuses browsers using persistent connections.
• Squid-2.4.DEVEL3-hno: dnsserver queue overload error message
  Makes dnsserver queue overload a soft error message instead of a fatal error condition.
• Squid-2.4.DEVEL3-hno: Automated stack traces
  Extended support for automated stack traces to Linux/GNU libc, and added a configure option for enabling this.
• Squid-2.4.DEVEL3-hno: Minor adjustment of sslReadClient log levels
  Minor adjustment of sslReadClient read error log levels.
• Squid-2.4.DEVEL3-hno: MD5 key mismatch warnings when using aufs
  There might be some bogous MD5 key mismatch warnings when using the aufs or diskd stores. This is due to their asyncronous nature where objects might get removed from the cache while they are being read from disk.
• Squid-2.4.DEVEL2: req_mime_type ACL
  regex match agains the mime type of the request generated by the client. Can be used to detect file upload or some types HTTP tunelling requests.
  NOTE: This does NOT match the reply. You cannot use this to match the returned file type.
• Squid-2.3.STABLE1: strict authenticate_ip_ttl option
  Changed authenticate_ip_ttl to have an strict option, enforcing thatr the user comes from one IP address only.
• Squid-2.3.STABLE1: Handle NULL characters in the server reply headers
  Squid failed to detect the end of the servers HTTP headers if the server wronly responds with headers containing a NULL character. This could cause abnormal amount of used cache_mem during the request. (the server in question was mp3 streaming, virtuallu unlimited in size)
• Squid-2.2.STABLE5: Persistent POST's blocking memory
  Persistent POST requests could block quite a bit of memory by not releasing request state data until the client connection was closed.
• Squid-2.3.STABLE1: icons and auth_modules/SMB object directory
  Installation of icons and auth_modules/SMB failed if building in a separate object directory outside the sources.
• Squid-2.3.STABLE1: Support building in an object directory
  Update to my squid.conf template patch to allow building in an object directory outside the source directory.
• Squid-2.3.STABLE1-storeio-mod.1: Support building in an object directory
  Added support to the modular store I/O source layout for building Squid outside the source directory. I had not taken care of this in my added constructs.
• Squid-2.3.STABLE1: myport and redirector_access
  Added support for myport ACL to redirector_access
• Squid-2.3.STABLE1-storeio-mod.1: make failed if no auth modules selected
  "make all" failed in auth_modules if no auth modules was selected.
• Squid-2.3.STABLE1-storeio-mod.1: Hint metadata size to the filesystem
  Hint the size of metadata to the filesystem, so the filesystem can plan for the whole file size when creating the disk object.
• Squid-2.3.DEVEL3: Major update of squid.conf template generation
  A major update on how Squid is generated from cf.data.pre and some related changes.
• Squid-2.3.DEVEL3: Show FTP server messages
  Show all FTP server messages in generated error pages or top level directory listing. Main purpose is to make sure all information is available when a login is denied due to to many users or a closed mirror.
• Squid-2.3.DEVEL3: Configurable DNS retransmission interval
  Added squid.conf parameters for DNS retransmissions.
• Squid-2.3.DEVEL3: Reset "round-robin" counters every 5 minutes
  Reset "round-robin" peer selection counters every 5 minutes to speed up recovery when a dead peer has come on line again ("round-robin" is implemented by "least-frequently-used", which without this patch gets strongly biased to the previously dead peer).
• Squid-2.3.DEVEL3: httpd_accel_single_host
  Added simplified support for running Squid as a accelerator in front of a single server with multiple domains/sites.
• Squid-2.3.DEVEL3: FTP log level adjustment for ignored "errors"
  Use log level 3 on ignored read-"errors" like EAGAIN (was 1).
• Squid-2.3.DEVEL3: Range request could cause bandwidth spikes
  Range requests to servers/objects not supporting range requests could cause bandwidth spikes and/or negative hit ratio.
• Squid-2.2.DEVEL3: The last aclDomainCompare bugs squeezed
  This patch fixes some remaining aclDomainCompare issues where Squid gave more "is a subdomain of" warnings than it needed to.
• Squid-2.2.STABLE5: ipc hello test fails on some platforms/compilers
  A missing \0 string terminator could on some platforms/compilers cause squid to fail the hello test used when starting child processes.
• Squid-2.3.DEVEL2: ProgrammersGuide PS output to file, not printer
  Send Programming-Guide postscript format to the intended destination file instead of directly to the printer (or whatever configuered as default output for dvips)
• Squid-2.3.STABLE1: FreeBSD 3.3 statfs
  FreeBSD requires sys/mount.h for statfs().
• Squid-2.3.DEVEL3: HEAD and ftp://...
  Support HEAD ftp://.. requests without fetching the whole object.
• Squid-2.3.DEVEL2: Purge ipcache on reload/PURGE
  Purge negatively cached ipcache entries on reload to allow end users to quickly purge sporious errors, and have the PURGE method also purge ipcache to allow the cache administrator to manually purge important entries on DNS updates.
• Squid-2.2.STABLE4: Include request in helper statistics
  Include the request sent in helper statistics to allow the administrator to find out why the helper processes is busy.
• Squid-2.3.DEVEL3: Restart helpers when rotating logs
  Restart helper processes when rotating logs, to have cache.log properly rotated.
• Squid-2.2.STABLE4: helpers and open filedescriptors
  Make sure all unneeded filedescriptors is properly closed when starting helper processes.
• Squid-2.3.DEVEL2: Release unused store entries during rebuild
  Squid locked all "released" store entries in memory during the rebuild procedure, even such entries not needed in the "LateRelease" procedure. Also, during a dirty rebuild a lot of store entries got locked up which never was queued for "LateRelease", causing a huge memory leak.
• Squid-2.3.DEVEL2: Free cache_mem objects during cache rebuild
  Squid locked objects in cache_mem to no apparent reason other than causing the cache_mem usage to grow huge during cache rebuilds.
• Squid-2.3.DEVEL3: proxy_auth_regex and ident_regex ACL types
  This patch adds proxy_auth_regex and ident_regex ACL types
• Squid-2.3.DEVEL2: CONNECT was not under the control of miss_access
  Adds miss_access control to CONNECT method.
• Squid-2.3.STABLE1: Make no_cache a full-blown aclNBCheck
  no_cache was a fast ACL check, which serverely limits which acl types that can be reliably used. This patch extends it to a full blown aclNBCheck which allows all of the ACL types to be used like in http_access.
• Squid-2.3.DEVEL2: cache_swap_log name based on cache_dir name
  Allow %s to be used in cache_swap_log to build a log file name based on the cache_dir name instead of numbering the files according to their corresponding cache_dir location in squid.conf. This is very useful if you'd like to be able to add or remove cache directories while using cache_swap_log to have the index files stored outside the cache directories.
• Squid-2.2.STABLE4: Async-IO segfaults if AIO_PROPER_MUTEX isn't set
  Async-IO on Linux segfaults in condition variables if given high load and AIO_PROPER_MUTEX isn't set. This was seen on a SMP Alpha Linux 2.2.10-ac12 box. I knew there was a reason why I made the AIO_PROPER_MUTEX code a long time ago..
• Squid-2.2.STABLE5: Log destination IP on DIRECT
  This patch logs the destination IP as part of the hierarchy tag in access.log when going direct. This has been requested by a number of people from accounting reasons, and logging the hostname is mostly redundant as it is part of the URL as well.
• Squid-2.3.DEVEL2: Show usable filesystem space in cachemgr, not raw
  Change cachemgr Store Directory Stats to show space available to Squid rather than raw filesystem space (some space are available to root only) Also extend the support for this on Linux.
• Squid-2.2.STABLE3: Persistent connections request_timeout
  Persistent connections used a hardcoded timeout of 15 seconds instead of request_timeout as documented in squid.conf.
• Squid-2.2.STABLE2: delay pools, large initial level
  It is a bit to easy to get a integer overflow when using delay pools for limiting daily download. This patch changes the initial calculation to use floating point math, allowing a initial pool size of up to 2^31-1.
• Squid-2.3.DEVEL3: allow-miss cache_peer option
  allow-miss cache peer option to disable the use of "only-if-cached" on requests to siblings. This can be useful in some peering arrangements where icp_hit_stale is enabled.
• Squid-2.3.DEVEL2: ICP timeout selection
  This is an attempt to fix the dynamic ICP timeout selection when one is peering with remote parents and have some close-by siblings with a much lower ICP rtt. This is done by preferring to calculate the ICP timeout based on parents only (based on siblings if there is no alive parents)
• Squid-2.2.DEVEL3: Don't allow netdb selection to bypass never_direct
  Netdb selection could bypass never_direct and cause Squid to go direct to an origin site even if never_direct allow was in effect.
• Squid-2.2.STABLE3: nonhierarchical_direct squid.conf directive
  Adds a new squid.conf directive: nonhierachical_direct. This controls if requests Squid classifies as non-hierarchical (matches hierarchy_stoplist or non-cachable request type) should go direct if possible, or if parents should be used on such requests.
  Also improved parent selection for never_direct (selects all available parents incase the primary one should fail).
• Squid-2.3.DEVEL2: Improved TCP dead peer detection & failover
  A major adjustment of how Squid detects a failing TCP peer and how connections is retried when it fails to connect.
• Squid-2.2.DEVEL3: Improved ICP dead peer detection
  Some minor adjustments of ICP dead peer detection to make it behave well on startup and low load servers. Also lessens the amount of queries sent to dead peers.
• Squid-2.2.STABLE3: Fix those last aclDomainCompare errors [replaced by a NLANR patch]
  This patch corrects some remaining aclDomainCompare errors in 2.2.STABLE5.
• Squid-2.2.DEVEL2: Memory leak on reply_body_max_size
  This patch plugs a unfrequent memory leak when reply_body_max_size is used
• Squid-2.2.DEVEL2: The last(+) aclDomainCompare bugs squeezed
  This patch should be the final fix for aclDomainCompare failures / incorrect warnings.
• Squid-2.3.DEVEL2: Fix for additional domain comparision broblems
  The patch from NLANR to fix splay warnings when inserting subdomains in an ACL list introduced a new problem with domains only different in the first character, and there was a related problem with ".domainname".
• Squid-2.3.DEVEL2: ident_lookup_access documentation addendum
  A small addentum to the ident_lookup_access documentation
• Squid-2.3.DEVEL2: Move expedted sslWrite errors to log level 4
  ssl.c was a bit keen on logging even those soft errors that are expected during normal operation at log level 1. This patch moves such log messages to log level 4.
• Squid-2.3.DEVEL2: Use configured login on peer exchanges
  Use the configured login/password (login cache_peer option) when requesting cache digests or netdb exchanges from a peer
• Squid-2.3.DEVEL2: authenticate_ip_ttl squid.conf option
  With this option you can control how long a proxy authentication will be bound to a specific IP address.
• Squid-2.2.STABLE4: Unexpected 304 replies
  There was a odd HTTP condition that could cause Squid to return "304 Not modified" on plain GET requests without If-Modified-Since. This would happen if the first attempt to retreive an object results in a 5XX error with a Last-Modified header. Squid then automatically tries to find another path for fetching the object, but accidently beleived the retry was a refresh of the error page...
• Squid-2.2.STABLE4: Differentiate cache digest hits on peer type
  Split the CACHE_DIGEST_HIT log tag into CD_PARENT_HIT and CD_SIBLING_HIT
• Squid-2.2.STABLE4: snmp_port disabled by using 0
  Cosmetic change in the documentation on snmp_port, to make it more consistent with icp_port (use "0" to disable, said "-1". In fact any value <= 0 disables SNMP)
• Squid-2.3.DEVEL2: --enable-underscores
  Added --enable-underscores to have Squid not reject hostnames with _ as part of their name. Squid by default rejects such names to conform with internet standards. (this only adds the configure option to define ALLOW_HOSTNAME_UNDERSCORES, the code has been there since long back)
• Squid-2.2.STABLE4: Double slashes on top level FTP directory
  Don't generate a double trailing slashes in BASE HREF if a user opens a FTP server without trailing slash (as in "ftp://squid.nlanr.net"). This only affected the top level directory.
• Squid-2.3.DEVEL2: Escape control characters in log files [depends on ftp_password_urls]
  This patch escapes any control characters in the log files, and also fixes a problem with "uri_whitespace encode" where already escaped characters could get doubly escaped.
• Squid-2.3.DEVEL2: async-io is a bit keen on warn on thread usage
  Async-IO is a bit keen on give a warning about thread usage. This patch increases the burst filter threashold a little bit. Hopefylly I will find time to address this at the real root of the problem (bursty store recycling) in the near future.
• Squid-2.2.STABLE3: Assertion failure of FTP timeouts
  There was a bug in one of my earlier FTP patches causing an assertion failure on timeouts. [Found by Apiset Tananchai <aet@demo.ksc.co.th>]
• Squid-2.2.STABLE3: storeAppend assertion failure on aborted FTP
  Possible fix for 'assertion failed: store.c:404: "e->store_status == STORE_PENDING"' errors on aborted FTP requests.
• Squid-2.2.STABLE4: FTP password URLs [depends on ftp_broken_downloads]
  Changes Squid to preserve any password which was entered in the URL when BASE HREF is used to "correct" directory URLs without a trailing /.
  This patch also fixes a minor issue with URL encoding of filenames. Squid only encoded those characters classified as "unsafe", not those classified as "reserved". What this means is for example if a directory contains a file with a name including "/" then Squid would be confused.
• Squid-2.3.DEVEL2: Request entities + WebDAV cache consistency
  This patch adds what was in my WebDAV patches but missing in the NLANR WebDAV patch..
  • Bug-Fix for requests with request entities when a redirector is being used.
  • Remove cached objects when update methods are being seen on the object.
• Squid-2.2.STABLE2: Don't swap out objects > maximum_object_size
  Don't start swapping out objects with a known size larger than maximum_object_size. Previously Squid would swap out these objects and mark it as private once maximum_object_size was hit.
• Squid-2.2.STABLE3: Verify object meta-data on swap-in
  A additional safeguard to protect Squid from cache pollution/corruption. This patch verifies that the swapped in object matches both the URL and the store key, if not then the object is discarded. This also fixes the potential false-object-hit introduced by Squids hashed store keys.
• Squid-2.2.STABLE4: myport ACL type
  A new ACL type for matching the local port number
• Squid-2.2.STABLE2: Change log_mime_hrds output to be human readable
  Don't encode more than what is needed to be able to parse the line without ambiguity, and encode \r and \n as "\n" and "\r".
• Squid-2.3.DEVEL2: Authentication header parsing
  Squid expected that authentication headers was in a strict format and failed to parse the header if it was not strictly according to the syntax.
  This patch changes authentication header parsing to be more forgiving on syntax variations, and give more information when it fails to parse.
• Squid-2.3.DEVEL2: http_port bind address
  Allow one to specify which address each port specified in http_port should be bound to, using address:port syntax.
• Squid-2.2.STABLE3: Fall back on PORT [depends on ftp_broken_downloads]
  Recover if ftp fails to establish PASV data connection.
• Squid-2.2.STABLE4: Isolate Splay-tree structures
  Cosmetic change to isolate splay-tree structures from the rest of the code.
• Squid-2.2.DEVEL3: Don't cache interrupted FTP transfers
  In some circumstances interrupted FTP transfer was cached.
• Squid-2.2.DEVEL3: Assertion failure on FTP PUT to directories
  Squid died with an assertion failure on FTP PUT requests to directories without a filename. This patch changes it to use STOU, or simply MKD if there is no object to store.
• Squid-2.2.DEVEL3: Blank content types logged in store.log
  If the origin server sent a blank content type, then store.log logged a blank field, making it hard to parse. This patch logs "unknown" as is logged when no content type is provided at all.
• Squid-2.2.STABLE4: --enable-underscores
  Added --enable-underscores to have Squid not reject hostnames with _ as part of their name. Squid by default rejects such names to conform with internet standards. (this only adds the configure option to define ALLOW_HOSTNAME_UNDERSCORES, the code has been there since long back)
• Squid-2.2.STABLE4: authenticate_ip_ttl squid.conf option
  With this option you can control how long a proxy authentication will be bound to a specific IP address.
• Squid-2.2.STABLE3: Update to request entities patch
  The patch to support generic request entities failed on hierarchical requests (symptoms: POST hangs). This update is a correction to the previous patch.
• Squid-2.2.STABLE3: Support generic request entities
  Support generic request entities as needed by WebDAV (RFC 2518). Now it is theoretically possible to use WebDAV with Squid, but only if the server does not do strict HTTP/1.1 version checks (Squid still downgrades requests to HTTP/1.0 as required by HTTP standars). You will also need the patch from below adding the new methods to the list of known HTTP methods.
• Squid-2.2.STABLE3: Byteordering fix to my myport ACL patch below
  The myport ACL introduced by a patch below was plauged by byteordering problems on many platforms.
• Squid-2.2.STABLE2: myport ACL type
  A new ACL type for matching the local port number
• Squid-2.2.STABLE3: CONNECT hierarchy tag and memory leak
  CONNECT did not log a correct hierarchy tag (always NONE/-), and leaked some small amount of memory on each request..
• Squid-2.2.DEVEL3: Log destination IP on DIRECT
  This patch logs the destination IP as part of the hierarchy tag in access.log when going direct. This has been requested by a number of people from accounting reasons, and logging the hostname is mostly redundant as it is part of the URL as well.
• Squid-2.2.DEVEL3: Isolate Splay-tree structures
  Cosmetic change to isolate splay-tree structures from the rest of the code.
• Squid-2.2.STABLE3: Update to FTP password URLs patch
  I obiously hadn't tested the FTP passwrd URLs patch using a browser.. it completely broke the support for opening directories without a trailing / in the URL. Now it is tested and verified to work as intended.
• Squid-2.2.STABLE2: FTP password URLs
  Changes Squid to preserve any password which was entered in the URL when BASE HREF is used to "correct" directory URLs without a trailing /.
  This patch also fixes a minor issue with URL encoding of filenames. Squid only encoded those characters classified as "unsafe", not those classified as "reserved". What this means is for example if a directory contains a file with a name including "/" then Squid would be confused.
• Squid-2.2.STABLE3: Don't limit poll() filedescriptors to FD_SETSIZE [revoked]
  Don't limit filedescriptor usage to FD_SETSIZE when poll() is used.
• Squid-2.2.STABLE2: Don't give ICP HIT on non-200 objects [not in my snapshot, replaced by a 2.2.STABLE3 patch]
  There is a common false hit condition with objects with a HTTP status other than 200 (HTTP_OK). These will cause false hits if a client sends a If-Modified-Since request.
  This patch makes a minor change to the on-disk store, and may or may not be fully compatible with future Squid releases. Don't use this patch unless you are prepared to clean your cache on next upgrade.
• Squid-2.2.STABLE2: Verify object meta-data on swap-in [updated by a 2.2.STABLE3 patch]
  A additional safeguard to protect Squid from cache pollution/corruption. This patch verifies that the swapped in object matches both the URL and the store key, if not then the object is discarded. This partially fixes the potential false-object-hit introduced by Squids hashed store keys.
• Squid-2.2.DEVEL3: prefer_direct back again [updated by a 2.2.STABLE3 patch]
  After first changing prefer_direct into nonhierarchical_direct I then added it back to be able to support "backup parents", where Squid goes direct by default, but if that fails it tries to use a parent. Off by default.
• Squid-2.2.DEVEL3: nonhierarchical_direct squid.conf directive [updated by a 2.2.STABLE3 patch]
  After my changes to prefer_direct below it should be named something else. This patch changes the name to nonhierarchical_direct.
• Squid-2.2.DEVEL3: Parent selection and prefer_direct [updated by a 2.2.STABLE3 patch]
  The introduction of prefer_direct made some confusion in the parent selections, especially with respect to always_direct and never_direct. Also selection of parents for never_direct was sub-optimal (failed if the selected parent went down).
• Squid-2.2.DEVEL3: Improved TCP dead peer detection & failover [updated by a 2.2.STABLE3 patch]
  A major adjustment of how Squid detects a failing TCP peer and how connections is retried when it fails to connect. No more error message on first request after a peer has failed.
• Squid-2.2.DEVEL3: Fall back on PORT [depends on squid-2.2.DEVEL3.ftp_broken_downloads.patch, updated by a 2.2.STABLE3 patch]
  Recover if ftp fails to establish PASV data connection.
• Squid-2.2.STABLE2: Workaround for FTP on UnixWare [point patch for UnixWare]
  UnixWare has a bug in it's implementation of BSD sockets which causes Squid to return empty FTP directory listings or file transfers. This patch works around this bug.
• Squid-2.2.STABLE2: Fix for a memory overrun in gb_to_str()
  gb_to_str overwrote "random" data on each call to mgr:mem (cachemgr Memory Utilization).
• Squid-2.2.STABLE2: Ignore 0 replies to SIZE ftp command
  Some broken FTP servers (ftp.pc.ibm.com is one of them) reports files to have a file-size of 0 bytes. This patch makes Squid ignore such replies to SIZE.
• Squid-2.2.STABLE2: ICP timeouts was fatal for peer selection
  If there was a ICP timeout then Squid forget to select any ICP peer, causing a lot of traffic to go DIRECT (or FIRST_UP_PARENT if prefer_direct is off) if there is one peer which drops a lot of ICP traffic.
• Squid-2.2.STABLE2: Coredump on vm_objects if delay-pools is enabled
  This patch fixes a coredump when using cachemgr vm_objects when delay-pools are enabled.
• Squid-2.2.DEVEL3: Configure PAM and SMB authorization modules
  [Also requires my PAM proxy_auth module]
  This tar file and accompanying configure patch adds a PAM compatible proxy_auth module.
• Squid-2.2.DEVEL3: TTL selection of FTP listings
  FTP directory listings unintentionally got a bogous last-modified timestamp (initialized to 0 instead of -1). While this was good for caching it was not intentional. Instead refresh_pattern should be used to tune the TTL.
• Squid-2.2.DEVEL3: Faster HTTP startup time
  Got rid of some old code which delayed HTTP startup time one select loop round trip time. It was leftover from the time when connection setup was done separately in each protocol.
• Squid-2.2.DEVEL3: Unescaped % characters in error pages
  Allow unescaped % characters in error pages to simplify generation of the pages from any HTML tool. [suggested by Pedro Ribeiro <pribeiro@isel.pt>]
• Squid-2.2.DEVEL3: squid-internal objects and local port
  Squid failed to detect squid-internal objects if the local port was different.
• Squid-2.2.DEVEL3: FTP listings and " " names
  Squid failed to parse UNIX file listings with directories or files named " " (a single space).
• Squid-2.2.PRE1: Enable poll on Linux 2.2
  Poll is now supported by Linux 2.2, so we do not need to force it disabled if Linux >= 2.2.
• Squid-2.2.PRE1: Cachemgr option to refresh ACL lists [rejected]
  Cachemgr option to refresh ACL lists. Especially useful if you use the "include file" method for defining ACL lists, and don't want to do a full reconfigure of Squid each time you change the list. It is also useful if you need to refresh IP addresses of src or dst lists after you have updated your DNS server and/or host table.
• Squid-2.2.PRE1: acl *domain should be case-insensitive
  *domain ACL checks for FQDN host names was case sensitive.
• Squid-2.2.PRE1: Correction to the FTP DOS listing patch
  The FTP DOS listing patch below has a small error, causing it to coredump on many requests.
• Squid-2.2.PRE1: Document -i flag for acl regex processing
  -i can be used in regex based ACLs to do case-insensitive matching, but squid.conf did not include any information on this.
• Squid-2.2.PRE1: Account for opening files [merged from 2.1.PATCH2 async-io patch]
  Make async-io account for opening files when determining if there is enought filedescriptors when opening new files or accepting new connections.
• Squid-2.2.PRE1: Make tcpbanger3 accept non-port 80 requests
  tcpbanger3 unneededly rejected requests for non-port 80 destinations
• Squid-2.2.PRE1: Hangs if async-io enabled
  Some important lines got misplaced when one of my patches was commited to the main distribution. This patch moves them to the correct location.
• Squid-2.2.PRE1: Parse DOS FTP listings with spaces
  Correct parsing of DOS FTP listings with spaces in the filenames
• Squid-2.1.PATCH2: Resume FTP download
  Use FTP REST on Range FTP requests, to resume aborted downloads.
• Squid-2.1.PATCH2: Detailed loop logging [point debug patch]
  Provide detailed logging on cache state when a request loop is detected.
• Squid-2.1.PATCH2: Don't cache "expired" objects
  This patch stops Squid from caching objects that needs to be refreshed on the next request, but which is not beleived to be refreshable.
• Squid-2.1.PATCH2: Change ident acl into a dynamic ACL
  This patch changes ident type ACL into a dynamic ACL type that triggers a ident lookup when it is needed.
• Squid-2.1.PATCH2: Add hierarchy status to Via: header
  Add hierarchy status to Via header, to aid in locating why forwarding loops occurs.
• Squid-2.1.PATCH2: Make tcp-banger2 warn on unexpected replies
  Make tcp-banger2 a little bit more picky on which HTTP replies it blindly accepts, mainly to detect cache generated error pages.
• Squid-2.1.PATCH2: MemPool hit rate [scrapped]
  Added MemPool hit rate statistics.
• Squid-2.1.PATCH2: Some more async-io fixes
  This fixes a number of other problems with async-io, including temporary lockups, fluctuating disk usage and running out of file descriptors.
• Squid-2.1.PATCH2: Async-IO lost active files on shutdown
  If squid was shutdown when there was active clients or store maintaince running then any pending async-io operations was silently dropped, corrupting the store.
• Squid-2.1.PATCH2: Client side Cache-Control: no-cache
  Obey any Cache-Control: no-cache sent by the client.
• Squid-2.1.PATCH2: proxy_auth ignored user list
  The proxy_auth acl ignored any user list restrictions specified in squid.conf. This patch does the final transformation of proxy_auth to a real ACL type, allowing allows and denials as any other ACL type.
• Squid-2.1.PATCH2: change peer->pinglist to peer->peer_domain
  change peer->pinglist to peer->cache_domain to make it easier to understand what it is (cache_peer_domain)
• Squid-2.1.PATCH2: cache_mem has no high/low water marks
  Remove the last traces of cache_mem high/low water marks
• Squid-2.1.PATCH2: broken_cgi acl
  This replaces persistent_client_posts with a ACL for controlling if Squid should send CRLF after PUT/POST requests.
• Squid-2.1.PATCH2: Fix for a filedescriptor leak on non-anonymous FTP
  Fix for a file descriptor leak on non-anonymous ftp (ftp://user@host/...)
• Squid-2.1.PATCH1: Fix client-side Cache-control: max-age
  Client-side Cache-Control: max-age has been broken some time (including all Squid 2 releases) due to other code changes.
• Squid-2.1.PATCH1: Support for my TPROXY protocol [experimental, scrapped] [point feature, not of general interest]
  This patch adds support for my TPROXY protocol designed for transparent proxies where Squid is separated from then TCP redirection. The setup most people use today when this is required is Squid 1.X and transproxy-0.4. The problem is that transproxy-0.4 does not support persistent HTTP connections, and that it hides the source IP address from Squid. This new protocol addresses both these issues as tproxy relayes everything to Squid and does not try to be smart. The patch also requires the tproxy-0.9 software. If you run Squid on the same host as where your TCP redirection is, then you do not need to use this patch, or transproxy. Use the transparent proxy support that is available in Squid 2 instead. Stock Squid 2 currently supports any os where getsockname works on transparently redirected TCP connections (Linux), and IP-Filter.
• Squid-2.1.PATCH1: Give old object on validation failures
  Give old object if Squid fails to validate a cached object.
• Squid-2.1.RELEASE: FTP // path
  Translate FTP path // to a empty CWD command
• Squid-2.1.RELEASE: Handle empty dir;type=d directories
  Properly handle empty dir;type=d directories (== show server error). Previously Squid got confused and showed a standard listing of the previous directory.
• Squid-2.1.RELEASE: Break FTP title URL in parts [Originally by: Andrew Filonov <aef@shu.smolensk.su>]
  Make title URL in FTP listings hyperlinked on each directory level.
• Squid-2.1.RELEASE: Assertion failure when loading large icons
  If the icons was replaced by larger ones (presumeably larger than 4KB) then Squid failed with a assertion failure while loading them.
• Squid-2.1.PRE4: Show FTP connection refused
  Show server error message when a FTP server refuses to accept a connection (usually due to to many users).
• Squid-2.0.RELEASE: Make cachemgr send proxy authentication
  Make cachemgr send proxy authentication header, to enable it to be used when proxy_auth is enforced.
• Squid-2.1.PATCH2: Change ident acl to do ident when needed [not fully working, replaced by other patches]
  The main purpose of this patch is to change ident ACL to trigger ident lookups only when needed. This patch also contains a large number of other small changes (mostly code style changes).
• Squid-2.1.PATCH1: Large POST/PUT to broken CGI scripts [replaced by broken_cgi]
  The hack for supporting broken CGI scripts (persistent_client_posts off) only worked for small PUT/POST requests where all the data was available in the first packet sent by the client.
• Squid-2.1.PATCH1: 0 byte POST/PUT hangs [replaced by broken_cgi]
  Squid 2.1 fails to process POST/PUT with a content-length of zero. this was caused by the change to support broken CGI scripts.
• Squid-2.1.PATCH1: Minor correction of IDENT parsing
  Parsing of IDENT replies got confused if the reply was not line terminated using \r\n.
• Squid-1.2.beta24-1: Some cleanup of async-io [scrapped]
  Some minor cleanup of async-io.
• Squid-2.1.PRE4: Fix for specifying name servers
  dnsserver improperly claimed that -s is not supported even when it was. It also failed to initialize the name server addresses if more nameservers was specified in squid.conf than the systems resolv.conf.
• Squid-2.1.PRE4: FTP banner / logon message
  Show FTP banner / logon message at top level directory
• Squid-2.1.PRE4: Fix for plain FTP listings
  Plain (;type=d) FTP listings has been broken in all Squid 2 releases (and a couple of 1.2.beta releases as well) due to a code style change ("String" objects).
• Squid-2.1.PRE4: Allow SSL ports
  The default config should allow SSL ports
• Squid-2.1.PRE2: Various authentication issues
  This patch fixes a numer of authentication issues:
  • FTP icons
  • Authentication when running as a accelerator
  • Auto-logon to peer cached. Useful if you are a leaf cache and you parent requires authentication.
  • Auto-logon to HTTP servers. Useful if your organisation has a account on a server, and you don't want every user to know the password.
• Squid-2.1.PRE2: Fix for assertion failures in request parsing
  This patch fixes two request parsing bugs. One is handling of requests without any headers and line endings of only \n. The other is NULL characters in the request line/headers.
• Squid-2.1.PRE2: Log headers when a loop is detected
  Log full request headers when a request loop is detected. Used for debugging purposes. Logged at debuglevel 33,2.
• Squid-2.0.PATCH2: proxy_auth documentation was confusing
  Clarify the syntax of proxy_auth, and how it relates to authenticate_program.
• Squid-2.1.PRE1: Limit Range "prefetching"
  Limit how far off a Range request is allowed to start before Squid considers the request as to complex and forwards it to the origin server.
• Squid-2.1.PRE1: Fix proxy_auth coredump
  2.1.PRE1 core dumps when validating a users password
• Squid-2.0.RELEASE: Various authentication issues [replaced by a 2.1.PRE2 patch] [requires proxy_auth user ACL patch below]
  This patch fixes a numer of authentication issues:
  • FTP icons
  • Authentication when running as a accelerator
  • Auto-logon to peer cached. Useful if you are a leaf cache and you parent requires authentication.
  • Auto-logon to HTTP servers. Useful if your organisation has a account on a server, and you don't want every user to know the password.
• Squid-2.0.PATCH2: Log headers at when loop detected [replaced by a 2.1.PRE2 patch]
  Log full request headers when a request loop is detected. Used for debugging purposes.
• Squid-2.1.PRE1: Skip blank lines in acl files
  Skip blank lines in included acl files
• Squid-2.1.PRE1: Close server connection on unsupported protocol
  Close the server connection when Squid tries to handle a unsupported protocol.
• Squid-2.1.PRE1: Allow signature customizations
  Allow people to customize the signature by using
  %T == time
  %h == visible host name
  %s == squid version
  The use of %s is required, or the default signature will be added.
• Squid-2.1.PRE1: Failed to find headers
  The whitespace URL changes caused Squid to lose track of the request headers instead..
• Squid-2.1.PRE1: va_list and ... is not the same
  vprintf_f was declared using ... when it should use va_list. (reported by "Pavel A. Perikov" <pavel@tvcell.ru>)
• Squid-2.0.PATCH2: Don't cache authenticated FTP requests [update of older 1.2.beta24 patch]
  Security fix: Authenticated FTP objects should not be cached.
  Minor cleanup of FTP authentication
• Squid-2.0.RELEASE: Fix FTP icons when used in a hierarchy
  FTP icons (and some other things) was broken if visible_hostname contained uppercase characters and Squid was used in a hierarcy.
• Squid-2.0.RELEASE: configure --disable-poll option
  Since poll is reportedly broken on some platforms --disable-poll can be used to force configure to ignore poll, in the same way as --enable-poll can be used to force it to use poll.
• Squid-2.0.RELEASE: proxy_auth user ACL
  Changed proxy_auth ACL type to consist of a list ov valid users. REQUIRED == any (same as ident ACL). ACL type user changed to ident since this is what it really is.
• Squid-1.2.beta25: Option for not rewriting Host: headers
  A option for not rewriting Host: headers on redireced requests. May be useful if you run Squid as a accelerator and do not want to maintain a local table of the accelerated hosts.
• Squid-1.2.beta24-1: Log HTTP version in common format
  Squid did not log HTTP version in common format.
• Squid-2.0.RELEASE: refresh changes & statistics
  Handle last-modified=now as stale, unless overriden by override-lastmod.
  Added statistics on HTTP violations use, and last-mod now/future.
• Squid-1.2.beta24: Don't cache authenticated FTP requests [superceeded by a 2.0.PATCH2 patch]
  Security fix: Authenticated FTP objects should not be cached.
  Minor cleanup of FTP authentication
• Squid-1.2.beta24-1: cache_peer_access is the correct name (not _acl)
  Squid.conf was confusing. Mentioning cache_peer_acl when the tag was named cache_peer_access. This corrects the comments and adds cache_peer_acl as a alias for cache_peer_access.
• Squid-1.2.beta24-1: Squid was confused by HEAD
  HEAD processing was very confused.
• Squid-1.2.beta24-1: always_direct higer precedence
  Give always_direct higher precendence than never_direct
• Squid-1.2.beta24-1: Support ipfilter lookups
  A stab at including IP-Filter support in squid. I can't test this as I have no box where IP-Filter compiles, but it should work...
• Squid-1.2.beta24: Fix async-io
  There was some changes to async-io that did not get reflected in all parts of the code, and a memory management bug (same memory freed twice when async-io used)
• Squid-1.2.beta23-3: Default mime type to binary text
  Now that we have the options to view/download files then the default mime type of binary text/plain is more suitable than application/binary:
  • binary transfer more so that most browsers can save it directly
  • text/plain content type so that most browsers view the file, even compressed ones.
  • A view icon to get the file as a ascii file (correct linebreaks)
  • A download icon to download the file as a binary file, in case the browser transforms text/plain when saving.
• Squid-1.2.beta23-3: refresh_pattern options to override reload [requires: refresh_pattern tweak patch]
  Some more refresh_pattern options to override a client reload.

  reload-into-ims

  Change a reload into a IMS query

  ignore-reload

  Ignore a reload request, and handle it as a HIT

• Squid-1.2.beta23-2: Handle old mime.conf configurations
  My change to add .tgz filetype broke old mime.conf configurations which was not what I intended. This refines the code to properly handle mime.conf entries where the filetype is unknown (the internal-xxx icons)
• Squid-1.2.beta23-2: Minor cleanups related to the Netscape https bug
  beta23 gets slightly confused when receiving unencrypted https requests from a broken Netscape browser (or a broser not supporting SSL, such as Lynx).
• Squid-1.2.beta23: Options to tweak the behaviour of refresh_pattern
  Added options to override expires and/or last-modified, and updated squid.conf to document the current refresh_pattern algorithm.
• Squid-1.2.beta23: Fixed poll() configure check
  Properly record a detected poll() function, and disable it on platforms where select() is known to work better.
• Squid-1.2.beta24-pre: Cache authenticated objects if allowed [REJECTED. The original code is correct. public is required. Section 14.9.4]
  Cache-Control: proxy-revalidate or must-revalidate allows a authenticated object to be cached if it is revalidated with the origin server on subsequent requests. This completes cache conditions spelled out in RFC 2068 section 14.8 Autorization.
• Squid-1.2.beta23: Don't eject FTP icons on reload
  FTP icons was lost if one user did a reload...
• Squid-1.2.beta23: Don't use base href on ftp://.../%2f/
  Don't use BASE HREF on ftp://.../%2f/, to preserve any client-side URL password (BASE HREF never contains a password).
• Squid-1.2.beta23: Fix a few runtime & compile warnings in tcp-banger2.
  Fix a few runtime & compile warnings in tcp-banger2.
• Squid-1.2.beta22: Obey Expires: in refresh_pattern checks [superceeded by a 1.2beta23 patch]
  Obey Expires: in refresh_pattern checks (required by HTTP). The min age is used for objects without a explicit expiry time.
• Squid-1.2.beta22: Fixed poll() configure check [superceeded by a 1.2beta23 patch]
  Properly record a detected poll() function, and disable it on platforms where select() is known to work better.
• Squid-1.2.beta22: A update to my body processing patch [superceeded by a 1.2beta23 patch]
  There was a bug in my body processing patch that showed itself when using hierarchies (PUT/POST connections hang).
• Squid-1.2.beta22: New way of processing request bodies (PUT/POST) [superceeded by a 1.2beta23 patch]
  
  • pump/pass modules is NOT used anymore.
  • Request bodies are available to the protocols by using clientReadBody(request, buffer, len, callback, data), which is used in a way similar to file_read(). clientReadBody uses a new request variable named body_connection, and this variable can be checked as a boolean for presence of a body.
    The callback is called like
    callback(buffer, read_len, data)
read_len == 0 on end of request body
    read_len == -1 on errors/abort.
  • All request reading is done in clientReadRequest, which properly understands about aborted, half-closed & persistent client connections.
• Squid-1.2.beta22: Fix for 100% CPU running select
  If a ICP message got queued then Squid would start running at 100% CPU since it never drained the queue, but knowed that it had to...
• Squid-1.2.beta22: Enchanced FTP listings
  Added support for two new icons. One that opens the file as ascii, and one binary download. The icons are selected from mime.conf by two new options, +download and +view.
• Squid-1.2.beta22: Cosmetic adjustments to mime.conf
  Adjusted mime.conf columns. Only a cosmetic change.
• Squid-1.2.beta22: Handle .tgz encoding correctly
  Minor change to mime type/encoding functions, to be able to specify encoding gzip, application/x-tar for .tgz
• Squid-1.2.beta22: Always show ".." in FTP directory listings
  Always include a ".." link in FTP directory listings regardless if the server lists one or not. This also fixes the "document contains no data" message when listing a empty directory.
• Squid-1.2.beta22: Fix hanging proxy_auth connections
  All unauthorised proxy_auth connections did hang.
  This patch is ugly and needs to be rewritten at the correct places, but it does work
• Squid-1.2.beta22: Fixes & updates to tcp_banger2
  • Do not warn on responces without a Content-Length: header
  • Documented all the options in usage().
  • Added -t to build a tracefile suitable for later input in automated validation. A tracefile has the format
    METHOD URL BODY-FILE SIZE CHECKSUM
    Where:

    METHOD

    Is the HTTP method to use, usually GET

    URL

    The URL

    BODY-FILE

    Is a file to send as request body (- for none)

    SIZE

    The object size of the returned object

    CHECKSUM

    A simple checksum of the object

• Squid-1.2.beta22: AIO FD leak
  Plug a possible FD leak in aiops.c
• Squid-1.2.beta20-1: New icon URL style [REJECTED by me]
  Here is a rewritten version of my patch for icons in a cache hierarchy, this time it looks a lot cleaner. What patch does is to change the icon URL format to
  http://your.squid.server:port/squid-internal/icon_for/filename
  where filename is the name of the file the icon should represent. This is then trapped in clientRedirectDone and translated to the appropriate /squid-internal/icons/iconname
  I have also moved the squid-internal detection to clientRedirectDone to allow the use of a redirector to redirect squid-internal requests to this cache, mainly to support trapping of icons at the first Squid cache if wanted. There is also a short piece of #ifdef:ed code that traps all icons..
• Squid-1.2.beta20-1: X-Request-URI header
  Generate "X-Request-URI: <requested URI> headers. Enabled by -DXREQUEST_URI. Useful when debugging persistent connections, and when validating Squid.
• Squid-1.2.beta21-1: Fix for a compilation warning (potential runtime error)
  Single-bit bitfields should be used as boolean, and not integer. A signed one-bit bitfield can only take the values 0 and -1...
• Squid-1.2.beta21: Fix for a asyncio coredump if debugging is enabled
  A asyncio debug message could cause a coredump if debuglevel was 3 or higher.
• Squid-1.2.beta21: Some left-over code in asyncio.c
  There was some unneeded code left in asyncio.c.
• Squid-1.2.beta21: client POST/PUT ping requests
  The second requests and onward was trashed when doing a client POST/PUT ping.
• Squid-1.2.beta21: tcp-banger error on timesout
  Make tcp-banger show a error when a request timesout.
• Squid-1.2.beta21: Debug log when a FD is closed
  Debug log when a FD is closed
• Squid-1.2.beta21: Detect request loops on accelerated/transproxy requests
  When setting up a transparent proxy it is very easy to get into a request loop where Squid reqursively sends the request to itself. This patch stops this by denying accelerated requests that are detected as looping requests. If you need to run two Squids on one machine (one pure proxy, one pure accelerator) then you may need to set the visible host name differently on each Squid, or the accelerator may deny requests from the proxy.
• Squid-1.2.beta20-1: Enable the recursion detector in storeClientCopy
  The recursion detector i storeClientCopy was only half-implemented...
• Squid-1.2.beta20-1: Give a correct (Proxy-)Connection: header [REJECTED due to code change]
  Give the correct (Proxy-)Connection: header to the client, depending on if the request was proxied or accelerated.
• Squid-1.2.beta20-1: Minor code comments
  Minor code comments
• Squid-1.2.beta20-1: Log when running out of filedescriptors
  Log when the cache is running out of file descriptors
• Squid-1.2.beta20-1: Updated async-I/O code
  Removed a possible race condition. Code cleanup. No 100% CPU spin if the main thread is suspended (by paging), and some more...
• Squid-1.2.beta20-1: Cache objects when using Async-I/O
  Sometimes Squid ejected a bunch of newly cached objects from the cache. It seems that this only occured when using async-io. No idea why, but this fixes the problem at the source.
• Squid-1.2.beta20-1: updated client program
  Removed "unsed" -k (Keep-Alive) option. Detect failing POST/PUT writes.
• Squid-1.2.beta20-1: storeClienCopy2 strange condition
  A fix for a strange condition in storeClientCopy2. I beleive the condition should read this way...
• Squid-1.2.beta20-1: Close swap.state when rewriting
  Yet another rename-open-file situation failing on WIN32..
• Squid-1.2.beta20-1: Detect crypt() when -lcrypt is needed
  Properly detect crypt() on glibc based systems, and other requiring -lcrypt.
• Squid-1.2.beta20-1: A error-message safeguard
  A small safeguard to ensure that the client connection is closed (not persistent) after sending a Squid error message.
• Squid-1.2.beta20-1: Minor code cleanup, Host: header
  Minor code cleanup to improve readability.
• Squid-1.2.beta20-1: (Proxy-)Connection: Keep-Alive
  Emit Connection: instead of Proxy-Connection when running as a accelerator. Some additional checks that the connection can be persistent before sending (Proxy-)Connection: Keep-Alive.
• Squid-1.2.beta20-1: Continously purge mem objects
  Purge memory objects one at a time staying at the high-water mark, instead purging all the way down to the low-water mark.
• Squid-1.2.beta20-1: Updated memory debugging
  A minor update to the memory debugging code
• Squid-1.2.beta20-1: failed to detect working regexp on RH5
  A minor configure update to properly detect that regexp is working on RH5 among others.
• Squid-1.2.beta20-1: More appropriate logging on squid -z
  Report missing and corrupt directories when running squid -z.
• Squid-1.2.beta20-1: Updated & polished test suite
  A updated and polished test suite. pconn-banger reports a throughtput listing like tcp-banger. Both programs support generic HTTP queries including POST/PUT (They can't handle HEAD replies yet). Numerous pconn-banger fixes.
• Squid-1.2.beta20-1: Obey server Connection: header
  Obey (Proxy-)Connection: header received in server replies. Previously we was equally braindamaged as some versions of IE4.. (reused the connection even when the server indicates it should be closed).
• Squid-1.2.beta20-1: Small typo in --enable-err-lang
  Corrects the "configure: ERR_: command not found" message..
• Squid-1.2.beta20pre: Reworked how request bodies are processed [REJECTED, needs update]
  Got tired of the pump module, and reworked request body processing in client_side.c. Much cleaner this way. Apart from this major change there is some additional fixes...
  • Obey any (Proxy-)Connection: header in server replies.
  • FTP PUT datachannel selection corrected
  • Tolerate heading whitespace in requests and replies
  • Probably some other fixes as well...
• Squid-1.2.beta20pre: --enable-language=xxx configure option
  --enable-language=xxx selects the default language to install
• Squid-1.2.beta20pre: Configurable squid signature [REJECTED by Duane]
  Make the Squid signature a "configurable error message" ERR_SQUID_SIGNATURE with a default message built-in, instead of hardcoded.
• Squid-1.2.beta20pre: Some redirector fixes
  • Remember the client address on redirected requests
  • Don't rebuild the request if the redirector returned the same URL
  • Rewrite Host: header on redirected requests
  • Include port (if non-standard) in generated Host: headers
• Squid-1.2.beta20pre: Changed icon URLs again [REJECTED by me]
  Changed icon URLs so that they are handled by the first Squid-1.2 server in the cache chain (including neighbours/siblings).
• Squid-1.2.beta19: Use _timezone if defined (cygwin32)
  Use _timezone instead of timezone if defined. cygwin32 has a macro called _timezone instead of the variable timezone most else has (timezone is a function in cygwin32).
• Squid-1.2.beta19: Configure check for regex_t
  Configure check for regex_t. Run autoconf after applying.
• Squid-1.2.beta19: Fix "miss access" error on icons
  Fixes a miss access error on icons if your host name contains caps.
• Squid-1.2.beta19: FTP Work-around broken firewalls
  Some additional "hacks" to work-around broken firewalls/servers.
  Error reporting cleanup.
• Squid-1.2.beta18: Compile on Win-NT using cygwin b19
  Corrections and platform specific changes for compiling on Windows-NT using Cygnus GNU-WIN32 b19.
  1. Rename aux to auxconf
  2. Rename src/Mem.c to src/MemPool.c
  3. Apply the patch
  4. Build

  If you don't have uudecude, use WinZIP to unpack icons/icons.shar.

  /bin/sh needs to be found. Run "mount 'c:\Cygnus\b19\H-i386-cygwin32\bin' /bin" to tell cygwin where /bin/... is.

• Squid-1.2.beta16: Squid.conf comment for transparent proxies
  httpd_accel_uses_host_header should be turned on when running as a transparent proxy, or Host: based virtual servers break.
• Squid-1.2.beta16: Use official host name for icons
  Use official hostname when refering to icons, and allow squid to handle standard HTTP requests for internal objects (icons) to support no-proxy and/or PAC scripts.
  All icons are configured in mime.conf. No more hardcoded icons.
• Squid-1.2.beta16: regex ACLs for src/dst domain
  Adds srcdom_regex and dstdom_regex ACLs. They match regular expressions on domainnames (src == client, dst == destination server in URL)
  Includes a small comment on reverse lookups and dstdomain ACLs.
• Squid-1.2.beta15: Unescape URLs in ACL processing
  It is possible to bypass squid access control rules based on URL regular expressions. Due to insufficient URL parsing it is possible to rewrite URL with hex escapes so that it is no longer matched against some rule but remains valid for replying server.
• Squid-1.2.beta15: Adjust number of reserved FDs on failures
  Code implementing the comment in comm_open... Adjust the number of reserved filedescriptors on failure, in case the host runs out of file/socket table space.
• Squid-1.2.beta15: Don't send bogous length in 304 replies
  Don't send a bogous Content-length header in 304 replies for objects without a Content-Length header.
• Squid-1.2.beta15: FTP PORT (and default mode) data channel
  FTP: Fall back on using PORT, and if that fails use the default data channel.
• Squid-1.2.beta15: Show memory map as a tree
  Part of my beta14 memory map patch did not make it into beta15. Here are the missing pieces.
• Squid-1.2.beta14: Changes the leak detector memory map to tree format
  Changes the leak detector memory map to tree form, to make it easier to pinpoint the structures not freed.
• Squid-1.2.beta14: Built in memory leak detector
  A built in memory leak detector. Activated when compiled with --enable-xmalloc-debug-trace.
• Squid-1.2.beta14: Option -m to turn on malloc tracing
  The printing of the memory tracing is turned on by using the -m option when starting squid, or by setting the global variable xmalloc_trace to true from a debugger.
  A useful GDB macro:

  define malloc_info
    printf "Allocation %d from %s:%d size %d\n", \
        malloc_number($arg0), malloc_file_name($arg0), \
        malloc_line_number($arg0), mallocblksize($arg0)
  end

• Squid-1.2.beta14: Content-type on type specified FTP transfers
  Use application/octet-stream and text/plain for type specified ftp transfers (;type=i/a).
• Squid-1.2.beta13: Get icon types from mime.conf definitions
  Get icon content types from mime.conf when loading icons
• Squid-1.2.beta13: Detailed tracing of memory allocations
  Extend the memory counting to full a full trace, and change some malloc/calloc/free to x-variants
• Squid-1.2.beta12: Minor fix for a compile error in snmp.c
  The interface to some statistics is changed, and snmp.c needs to be updated...
• Squid-1.2.beta11: Support for NLST listings
  Format NLST listings, and inform the user that the NLST (plain) format is available when we find a LIST listing that we don't understand.
• Squid-1.2.beta11: SIZE on binary FTP transfers
  Use SIZE on Binary transfers, and not ASCII. The condition was inversed, making squid use SIZE on ASCII transfers.
• Squid-1.2.beta11: Enable virtual and Host: based acceleration
  In order to be able to use Squid as a transparent proxy without breaking either virtual servers or clients not sending Host: header the order of the virtual and Host: based acceleration needs to be swapped, giving Host: a higher precendence than virtual host.
  Configuration:
  http_accel virtual 80
http_accel_uses_host_header on
• Squid-1.2.beta11: Use memmove/bcopy as detected by configure
  Some systems does not have memmove, but have the older bcopy implementation.
• Squid-1.2.beta10: Show symlink destinations in FTP listings
  Show symlink destination as hyperlinks in FTP listings
• Squid-1.2.beta10: Fix compilation on Solaris2.4
  I hope this patch will enable compilation on Solaris2.4. index() is replaced with strchr(), and a getpagesize function is added if the system does not define it.
• Squid-1.2.beta8: Added dlmalloc to the distribution
  Added malloc-2.6.4 by Doug Lea (dlmalloc) to the distribution. It is enabled by using --enable-dlmalloc when running configure.
  autoconf is required to update the configure script from configure.in.
• Squid-1.2.beta8: Some more additions to autoconf (configure)
  • Detect libpthread (for ASYNC I/O)
  • Changed --enable-hashkey to --enable-new-storekey, and added the possibility to select url as well (the default, but...)
  • --enable-acltree[=bin|splay]
  • --enable-icmp
  • --enable-delay-hack
  • --enable-useragent-log
  • --enable-kill-parent
  • --enable-snmp
  • --enable-time-hack
  • Only compile the needed modules. (store key and SNMP)
  And a number of fixes to get the code to compile cleanly
  • A number of malloc/free replaced with x-versions
  • Some changes to get XMALLOC_DEBUG_COUNT working
  • Removed some compiler warnings from the aio code
  • Remived a silly compiler warning from net_db.c (2 prototypes declared global instead of static in the source), and added a missing variable (failed compilation)
  There is also some changes to the makefiles, to support autoconf development.
  autoconf is required to update the configure script from configure.in.
• Squid-1.2.beta8: Use xxfree instead of free
  There was a direct call for free in store_key_url.c, free/malloc should NOT be called directly since we have some rudimentary malloc debugging in the x-versions.
• Squid-1.2.beta8: Some more additions to autoconf (configure)
  • --enable-xmalloc-debug-count
  • --async-io
  • And a small spelling correction to the previous patch
  autoconf is required to update the configure script from configure.in.
• Squid-1.2.beta8: Some additions to autoconf (configure)
  • Cache extended tests (where appropriate)
  • --enable-gnuregex
  • --enable-haskey=sha|md5
  • --enable-xmalloc-debug
  • --enable-xmalloc-statistics
  autoconf is required to update the configure script from configure.in.
• Squid-1.2.beta8: Reuse FTP data channel on "hacks"
  Don't try to reopen a new data channel when starting one of the "hacks" (directory without /, or the slashhack). It is not possible to reopen a new channel since the first one is not fully closed yet (unless running on a LAN or simililar).
• Squid-1.2.beta8: Fix for pipelined requests
  1. Restart processing if the client buffer when a request is complete
  2. Never process more that 2 concurrent requests at a time on a single client connection. 2 is chosen to compensate for the added latency caused by Squid not supporting pipelined server connections.
• Squid-1.2.beta8: Turn of extended functions for gnumalloc
  Turn off extended malloc functionality if gnumalloc is detected. If your libc contains a extended malloc, configure did pick up these extensions even if it found gnumalloc, causing SIGSEGV and other strange things when using cachemgr.
• Squid-1.2.beta8: stronger detection of setresuid
  The release of RedHat 5.0 has caused some grief. It declares setresuid, but it is not implemented in the kernel. configure needs to test if the function really is implemented by calling it with -1 as parameters (keep existing IDs).
• Squid-1.2.beta8: Abort on bad content length
  Abort persistent connections on bad content length.
• Squid-1.2.beta8: A updated version of the beta7 body part A updated version of the beta7 body part patch
• Squid-1.2.beta7: Some comments on the code
  Some comments on code that should be changed, and a minor change for persistant connections and HEAD (preparation for future)
• Squid-1.2.beta7: "no-body" responses on persistent connections
  Some server responses can't include a message body, regardless of any headers.
• Squid-1.2.beta7: Added back missing patch to ftp error message
  Squid-1.2.beta7: Some things missing in the first patch...
  In order for the "broken %2f support" fully work, the FTP_FAILURE error message needs to have a %2f link... (this is where the user gets informed that %2f is needed on directories). The hack (already commited to B7) is only transparent for files (to support broken applications).
• Squid-1.2.beta6: Moved support for ftp dir without /
  This patch rewrites how FTP directories without trailing slash is handled. Previous Squid always tried the path as a directory and if that failed as a file. This patch changes this so that it first assumes that it is a file, and if that fails try as a directory. The patch also removes some #ifdef.. from the slash hack patch (required).
• Squid-1.2.beta6: Syncronized squid -h with source
  Squid -h missed some options, and included some old ones...
• Squid-1.2.beta6: Server error pages truncated
  Server error pages (status != 200) pages was often truncated immediately after the headers. This patch removes the code that was the cause (seems like it has no other purpose than breaking status!=200 pages...)
• Squid-1.2.beta6: Rewrote / hack from scratch.
  1. Use the /%2f/.. link in error message patch I made earlier (included)
  2. On errors for non-directories, try to fetch using absolute path
  3. If that fails, use the previous error (not the error from the / hack)
  This patch also does
  • On a failing CWD, do fail instead of fall back to RETR of the remaining parts.
  • Don't bother to get SIZE (Content-Length) on non-binary transfers, since it won't be correct anyway (due to translation).
  • Some cleanup of the FTP state machine, to improve readability (to make it easier to develop this patch)
• Squid-1.2.beta6: Changed ASCII to HTTP in help message
  Changed the help message (squid -h) for -a to HTTP (was ASCII from pre-historic reasons)
• Squid-1.2.beta6: Use configured paths in squid.conf comments
  cache_dir and cache_access_log documentation refered to hardcoded directory names, where they in real life was configured with selected prefix.
• Squid-1.2 beta5: Reload proxy_auth passwds on "wrong password"
  In order to be able to support interactive changes of the proxy_auth password file, this change makes the password file to be reloaded each time after a "invalid password". The check interval is still needed to detect new/removed users.
• Squid-1.2 beta5: Updated my email address
  My email address is changed from henrik.nordstrom@ida.his.se to hno@squid-cache.org
• Squid-1.2 beta4: FTP "Authentication requrired" fix
  The "Authentication required" page was garbled, and could cause a core dump...
• Squid-1.2 beta4: %2f/... link in FTP error messages
  This patch adds a /%2f/... link in the error message shown from FTP errors. This is to inform users that there is many URLs that is not RFC1738 compliant, and to give them a easy way to find the correct (Squid) URL to the information.
• Squid-1.2 beta4: %nn in FTP URL
  This is a second try to get Squid to handle %nn escapes in FTP URLs. Now is it not only possible to fetch a file using %nn escapes, generated directory listings preserves them as well. I have also added some new links on .. to support UNIX style servers using %nn escaped paths (.. from home directory, and / to get to the root directory of the server)
• Squid-1.2 beta4: %nn in FTP URL
  This is a first try to get Squid to handle %nn escapes in FTP URLs.

My patches to 1.1.22 [final 1.1 release]

• Squid-1.1.22: Skip blank lines in acl files
  Skip blank lines in included acl files
• Squid-1.1.21: Obey Expires: in refresh_pattern checks
  Obey Expires: in refresh_pattern checks (required by HTTP). The min age is used for objects without a explicit expiry time.
  Adds a "operride-expire" option to refresh_pattern to selectively override server set expiry time. See squid.conf documentation.
• Squid-1.1.22: Remove URL from cachemgr.cgi
  Adds the action "Remove URL" to cachemgr.cgi. Removal is done using the PURGE method in Squid. To enable this to work you need to have a ACL list mentioning the PURGE method compile cachemgr.c with -DREMOVE_OBJECT (add to DEFINES in src/Makefile)
  Configuration:
  acl cachemgr2 method PURGE
http_access deny cachemgr2 !localhost
• Squid-1.1.22: Prevent a transparent proxy loop
  Prevent a misconfigured transparent proxy from looping.
• Squid-1.1.18: Reload proxy_auth passwds on "wrong password"
  In order to be able to support interactive changes of the proxy_auth password file, this change makes the password file to be reloaded each time after a "invalid password". The check interval is still needed to detect new/removed users.

Pathes to 1.NOVM.22 [final 1.NOVM release]

1.1.22 patches above, plus:

• Squid-1.NOVM.22: Fix for cache corruption during fast rebuild
  1.NOVM lacked some of the rebuild safteyguards from 1.1.X that protects against cache corruption while rebuilding the cache, resulting in a corrupted cache if clients requests objects before they are reloaded from the old swap index.

Old Squid 1.1.X And 1.NOVM.X patches

• Squid-1.1.21: Support for Netscape FTP brokenness
  Netscape has a bad habit of not following RFC 1738 for FTP urls which makes users very confused when seeing a proxy which tries to follow RFC 1738.
• Squid-1.1.21: Obey Expires: in refresh_pattern checks [superceeded by a 1.1.22 patch]
  Obey Expires: in refresh_pattern checks (required by HTTP). The min age is used for objects without a explicit expiry time.
• Squid-1.1.20: Remove URL from cachemgr.cgi [superceeded by a 1.1.22 patch]
  Adds the action "Remove URL" to cachemgr.cgi. Removal is done using the PURGE method in Squid. To enable this to work you need to have a ACL list mentioning the PURGE method.
  Configuration:
  acl cachemgr2 method PURGE
http_access deny cachemgr2 !localhost
• Squid-1.1.21: Prevent a transparent proxy loop [superceeded by a 1.1.22 patch]
  Prevent a misconfigured transparent proxy from looping.
• Squid-1.1.21: A small Y2K fix in ftpget
  A small Y2K fix
• Squid-1.1.20: Unescape URLs in ACL processing
  It is possible to bypass squid access control rules based on URL regular expressions. Due to insufficient URL parsing it is possible to rewrite URL with hex escapes so that it is no longer matched against some rule but remains valid for replying server.
• Squid-1.1.20: Enable virtual and Host: based acceleration
  In order to be able to use Squid as a transparent proxy without breaking either virtual servers or clients not sending Host: header the order of the virtual and Host: based acceleration needs to be swapped, giving Host: a higher precendence than virtual host.
  Configuration:
  http_accel virtual 80
http_accel_uses_host_header on

Historic notes and patches

For those interested in historic notes and patches, see the historic section.