--------------------- PatchSet 11929 Date: 2008/01/23 12:06:15 Author: hno Branch: SQUID_2_7 Tag: (none) Log: Remove 2.6 release notes from 2.7, not relevant. Members: mkrelease.sh:1.13->1.13.6.1 mksnapshot.sh:1.17->1.17.2.1 doc/release-notes/Makefile:1.8->1.8.2.1 doc/release-notes/release-2.6.html:1.54->1.54.2.1(DEAD) doc/release-notes/release-2.6.sgml:1.69->1.69.2.1(DEAD) Index: squid/mkrelease.sh =================================================================== RCS file: /cvsroot/squid/squid/mkrelease.sh,v retrieving revision 1.13 retrieving revision 1.13.6.1 diff -u -r1.13 -r1.13.6.1 --- squid/mkrelease.sh 3 Nov 2006 16:48:04 -0000 1.13 +++ squid/mkrelease.sh 23 Jan 2008 12:06:15 -0000 1.13.6.1 @@ -63,11 +63,11 @@ inst $tmpdir/COPYRIGHT $dst/COPYRIGHT.txt inst $tmpdir/CREDITS $dst/CREDITS.txt inst $tmpdir/ChangeLog $dst/ChangeLog.txt -if [ -f $tmpdir/doc/release-notes/release-$RELEASE.html ]; then - cat $tmpdir/doc/release-notes/release-$RELEASE.html | sed -e ' +if [ -f $tmpdir/doc/release-notes/release.html ]; then + cat $tmpdir/doc/release-notes/release.html | sed -e ' s/"ChangeLog"/"ChangeLog.txt"/g; ' > $tmpdir/RELEASENOTES.html - touch -r $tmpdir/doc/release-notes/release-$RELEASE.html $tmpdir/RELEASENOTES.html + touch -r $tmpdir/doc/release-notes/release.html $tmpdir/RELEASENOTES.html inst $tmpdir/RELEASENOTES.html $dst/${name}-RELEASENOTES.html ln -sf ${name}-RELEASENOTES.html $dst/RELEASENOTES.html fi Index: squid/mksnapshot.sh =================================================================== RCS file: /cvsroot/squid/squid/mksnapshot.sh,v retrieving revision 1.17 retrieving revision 1.17.2.1 diff -u -r1.17 -r1.17.2.1 --- squid/mksnapshot.sh 19 Sep 2007 21:29:57 -0000 1.17 +++ squid/mksnapshot.sh 23 Jan 2008 12:06:15 -0000 1.17.2.1 @@ -63,7 +63,7 @@ echo ${PACKAGE}-${VERSION}-${date}.diff >>${tag}.out fi -relnotes=$tmpdir/doc/release-notes/release-`echo $VERSION | cut -d. -f1,2 | cut -d- -f1`.html +relnotes=$tmpdir/doc/release-notes/release.html if [ -f $relnotes ]; then cp -p $relnotes ${PACKAGE}-${VERSION}-${date}-RELEASENOTES.html echo ${PACKAGE}-${VERSION}-${date}-RELEASENOTES.html >>${tag}.out Index: squid/doc/release-notes/Makefile =================================================================== RCS file: /cvsroot/squid/squid/doc/release-notes/Makefile,v retrieving revision 1.8 retrieving revision 1.8.2.1 diff -u -r1.8 -r1.8.2.1 --- squid/doc/release-notes/Makefile 3 Mar 2007 21:34:24 -0000 1.8 +++ squid/doc/release-notes/Makefile 23 Jan 2008 12:06:16 -0000 1.8.2.1 @@ -1,4 +1,4 @@ -DOC = release-2.6 +DOC = release all: html @@ -16,18 +16,30 @@ # latex $(DOC).tex # + +%.txt: %.sgml + linuxdoc -B txt -T 2 --filter $< + $(DOC).txt: $(DOC).sgml - linuxdoc -B txt -T 2 --filter $(DOC) + linuxdoc -B txt -T 2 --filter $< + +%.html: %.sgml + linuxdoc -B html -T 2 --split=0 $< + perl -i -p -e "s%$@%%" $@ + perl -i -p -e 's%Bug #(\d+)%Bug #$$1%g' $@ $(DOC).html: $(DOC).sgml linuxdoc -B html -T 2 --split=0 $(DOC) perl -i -p -e "s%$(DOC).html%%" $(DOC).html perl -i -p -e 's%Bug #(\d+)%Bug #$$1%g' $(DOC).html +%.man: %.sgml + linuxdoc -B txt -m $< + $(DOC).man: $(DOC).sgml linuxdoc -B txt -m $(DOC) clean: rm -f *.html - rm -f $(DOC).tex $(DOC).ps $(DOC).dvi $(DOC).aux $(DOC).log $(DOC).toc - rm -f $(DOC).txt $(DOC).man + rm -f *.tex *.ps *.dvi *.aux *.log *.toc + rm -f *.txt *.man --- squid/doc/release-notes/release-2.6.html Wed Jan 23 12:53:54 2008 +++ /dev/null Wed Jan 23 12:53:54 2008 @@ -1,766 +0,0 @@ - - - - - Squid 2.6.STABLE17 release notes - - -

Squid 2.6.STABLE17 release notes

- -

Squid Developers

$Id: release-2.6.html,v 1.54 2007/11/26 13:31:53 hno Exp $ -
-This document contains the release notes for version 2.6 of Squid. -Squid is a WWW Cache application developed by the Web Caching community. -
-

-

1. Key changes from squid 2.5

- -

-

2. Changes to squid.conf

- -

-

3. Known issues

- -

-

4. Known limitations

- -

-

5. Other issues

- -

-

6. Windows support

- -

-

7. Key changes squid-2.6.STABLE1 to 2.6.STABLE2

- -

-

8. Key changes squid-2.6.STABLE2 to 2.6.STABLE3

- -

-

9. Key changes squid-2.6.STABLE3 to 2.6.STABLE4

- -

-

10. Key changes squid-2.6.STABLE4 to 2.6.STABLE5

- -

-

11. Key changes squid-2.6.STABLE5 to 2.6.STABLE6

- -

-

12. Key changes squid-2.6.STABLE6 to 2.6.STABLE7

- -

-

13. Key changes squid-2.6.STABLE7 to 2.6.STABLE8

- -

-

14. Key changes squid-2.6.STABLE8 to 2.6.STABLE9

- -

-

15. Key changes squid-2.6.STABLE9 to 2.6.STABLE10

- -

-

16. Key changes squid-2.6.STABLE10 to 2.6.STABLE11

- -

-

17. Key changes squid-2.6.STABLE11 to 2.6.STABLE12

- -

-

18. Key changes squid-2.6.STABLE12 to 2.6.STABLE13

- -

-

19. Key changes squid-2.6.STABLE13 to 2.6.STABLE14

- -

-

20. Key changes squid-2.6.STABLE14 to 2.6.STABLE15

- -

-

21. Key changes squid-2.6.STABLE15 to 2.6.STABLE16

- -

-

22. Key changes squid-2.6.STABLE16 to 2.6.STABLE17

- - -
-

1. Key changes from squid 2.5

- -

-

-

- -

2. Changes to squid.conf

- -

-

-
http_port

Now takes a list of options in addition to the port address, specifying the purpose of this http_port. Default is plain Internet proxy as usual. Also there is no longer a default port and you must include a http_port directive in your squid.conf if you want Squid to listen for http requests.

-
httpd_accel_* for transparent proxy

Now implemented by the "transparent" http_port option

-
httpd_accel_* for accelerator mode

Now implemented by other options and the http_port accel option. See individual directives below.

-
httpd_accel_host

Replaced by defaultsite http_port option and cache_peer originserver option.

-
httpd_accel_port

No longer needed. Server port defined by the cache_peer port.

-
httpd_accel_uses_host_header

Replaced by vhost http_port option

-
https_port

Many new options. Reconstructs URLs as https:// by default.

-
cache_peer

Many new options to support origin servers and SSL encryption

-
ssl_engine

New directive for hardware assisted SSL encryption

-
sslproxy_*

New directives defining how to gateway http->https

-
sslpassword_program

New helper directive to query an external program for SSL key encryption password (if any)

-
no_cache

Renamed to cache to better reflect the functionaliy. no_cache still accepted.

-
cache

New name for the old no_cache directive.

-
cache_vary

New directive to disable caching of Vary:ing responses

-
broken_vary_encoding

New directive to work around known broken compression modules which hasn't understood the meaning of the ETag HTTP header in relation to Accept-Encoding.

-
logformat

New directive for defining custom log formats

-
cache_access_log

Renamed to access_log

-
access_log

Select what requests to log where any by what format. Support for multiple log files and multiple log formats.

-
check_hostnames

New option to disable the hostname validity/sanity checks usually performed by Squid, replacing the similar build time configure option in 2.5.

-
allow_underscore

New option to allow _ in hostnames, replacing the similar build time configure option in 2.5 and earlier.

-
dns_defnames

Allow for domain searches. Now possible even when using the internal DNS client

-
redirect_*

Renamed to url_rewrite_* to better reflect the functionality of this helper (rewriting requested URLs)

-
url_rewrite_concurrency

Activates a new and more efficient helper protocol. Requires changes in the helper.

-
location_rewrite_*

New helper hook for rewriting Location headers

-
auth_param basic blankpassword

New option to allow the use of blank passwords.

-
auth_param basic/digest concurrency

New option enabling a multiplexed helper protocol allowing the same helper to process multiple concurrent requests in an efficient manner. Requires support from the helper. (2.6.STABLE2 and later)

-
auth_param ntlm max_challenge_reuse / max_challenge_lifetime

No longer supported

-
auth_param ntlm use_ntlm_negotiate

Directive no longer supported. Use of NTLM negotiate packet is always on.

-
auth_param ntlm keep_alive

New option to fine-tune the use of HTTP keep-alive in combination with NTLM

-
auth_param negotiate

New Negotiate authentication scheme, the "next generation" scheme in the family of Microsoft authentication.

-
external_acl_type

Many new format options %SRCPORT, %MYADDR, %MYPORT, %PATH, %USER_CERT, %ACL, %DATA and a few variants. Helper protocol defaults to the simpler "3.0" protocol, and there is support for a highly efficient protocol via the concurrency= option if supported by the helper.

-
refresh_pattern

Several new HTTP override/ignore options

-
read_ahead_gap

New directive to set the response buffer size.

-
collapsed_forwarding

New directive to enable an alternative optimized forwarding path when there is very many concurrent requests for the same URL.

-
refresh_stale_hit

New directive similar to collapsed_forwarding and activates an alternative optimized request processing when there is very many concurrent requests for the same recently expired URL.

-
acl urlgroup

New acl class

-
acl user_cert

New acl class matching the user SSL certificate (https_port)

-
acl ca_cert

New acl class matching the CA of the user SSL certificate (https_port)

-
acl ext_user / ext_user_regex

New acl matching usernames returned by external acl

-
follow_x_forwarded_for

New option to enable parsing of X-Forwarded-For headers allowing access controls to be based on the real client IP even if behind secondary proxies

-
http_access2

New http_access type directive but evaluated after url rewrites

-
htcp_access, htcp_clr_access

Access control on HTCP requests

-
log_access

New directive to limit what gets logged.

-
httpd_suppress_version_string

Enable hiding of the Squid version

-
umask

New directive to specify the minimum umask Squid should run under

-
error_map

New directive to allow dynamic rewrites of error pages

-
via

New directive to disable the use of the Via directive

-
wccp2_*

WCCP2 protocol support

-
minimum_expiry_time

tune the magic 60 seconds limit of what is considered cachable when the object doesn't have any cache validators. (2.6.STABLE2)

-
wccp2_rebuild_wait

make Squid delay registering with a WCCP router until store rebuild have finished. Default on. (2.6.STABLE2)

-
wccp2_weight

Cache server load weigth in the cluster. (2.6.STABLE4)

-
check_hostnames

Control if Squid should check the sanity of host names before trying to look them up in DNS

-
allow_underscores

Control if _ is to be considered a valid character in hostnames or not

-
cache_peer carp-load-factor

Option removed. CARP now uses the weight parameter instead.

-
cache_peer login=

Controls how Squid forwards login information to peer caches and servers.

-
-

- -

3. Known issues

- -

There is a few known issues in this version of Squid which we hope to correct in a later release

-

-

-

- -

4. Known limitations

- -

In addition there is a set of limitations in this version of Squid which we hope to correct later

-

-

-

- -

5. Other issues

- -

Ipfilter 4.x compile problem on HP Tru64 -

-

- - -

6. Windows support

- -

This Squid version can run on Windows as a system service using the Cygwin emulation environment, -or can be compiled in Windows native mode using the MinGW + MSYS development environment. Windows NT 4 SP4 and later are supported.
-On Windows 2000 and later the service is configured to use the Windows Service Recovery option -restarting automatically after 60 seconds. -

- -
Usage

Some new command line options was added for the Windows service support:

-

The service installation is made with -i command line switch, it's possible to use -f switch at -the same time for specify a different config-file settings for the Squid Service that will be -stored on the Windows Registry.

-

A new -n switch specify the Windows Service Name, so multiple Squid instance are allowed. -"Squid" is the default when the switch is not used.

-

So, to install the service, the syntax is:

-

-

-squid -i [-f file] [-n name]
-
-

-

Service uninstallation is made with -r command line switch with the appropriate -n switch.

-

The -k switch family must be used with the appropriate -f and -n switches, so the syntax is:

-

-

-squid -k command [-f file] -n service-name
-
- -where service-name is the name specified with -n options at service install time.

-

To use the Squid original command line, the new -O switch must be used ONCE, the syntax is:

-

-

-squid -O cmdline [-n service-name]
-
- -If multiple service command line options must be specified, use quote. The -n switch is -needed only when a non default service name is in use.

-

Don't use the "Start parameters" in the Windows 2000/XP/2003 Service applet: they are -specific to Windows services functionality and Squid is not designed for understand they.

-

In the following example the command line of the "squidsvc" Squid service is set to "-D -u 3130":

-

-

-squid -O "-D -u 3130" -n squidsvc
-
-

-
-

-

-

-
PSAPI.DLL (Process Status Helper) Considerations

The process status helper functions make it easier for you to obtain information about -processes and device drivers running on Microsoft® Windows NT®/Windows® 2000. These -functions are available in PSAPI.DLL, which is distributed in the Microsoft® Platform -Software Development Kit (SDK). The same information is generally available through the -performance data in the registry, but it is more difficult to get to it. PSAPI.DLL is -freely redistributable.

-

PSAPI.DLL is available only on Windows NT, 2000, XP and 2003. The implementation in Squid is -aware of this, and try to use it only on the right platform.

-

On Windows NT PSAPI.DLL can be found as component of many applications, if you need it, -you can find it on Windows NT Resource KIT. If you have problem, it can be -downloaded from here: -http://download.microsoft.com/download/platformsdk/Redist/4.0.1371.1/NT4/EN-US/psinst.EXE

-

On Windows 2000 and later it is available installing the Windows Support Tools, located on the -Support\Tools folder of the installation Windows CD-ROM.

-
-

-

-

-
Registry DNS lookup

On Windows platforms, if no value is specified in the dns_nameservers option on -squid.conf or in the /etc/resolv.conf file, the list of DNS name servers are -taken from the Windows registry, both static and dynamic DHCP configurations -are supported.

-
-

-

-

-
Compatibility Notes

-

-

-
-

-

-

-
Known Limitations:

-

-

-
-

-

-

-
Building Squid on Windows:

A reasonably recent release of -Cygwin or -MinGW is needed.
-The usage of the Cygwin environment is very similar to other Unix/Linux environments, and -devel version of libraries must be installed.
-For the MinGW environment, the packages MSYS, MinGW and msysDTK must be installed. Some additional libraries and tools must be downloaded separately:

-OpenSSL: -Shining Light Productions Win32 OpenSSL
-libcrypt: -MinGW packages repository
-db-1.85: -TinyCOBOL download area
-uudecode: -Native Win32 ports of some GNU utilities

-When running configure, --disable-wccp and --disable-wccpv2 options should always specified to avoid compile errors.
-

-
-Before build Squid with SSL support, some operations are needed (in the following example OpenSSL is installed in C:\OpenSSL and MinGW in C:\MinGW): - -

- -
-

-

-

-
Using cache manager on Windows:

On Windows, cache manager (cachemgr.cgi) can be used with Microsoft IIS or Apache.
-Some specific configuration could be needed:
-

-

-
-

- -

7. Key changes squid-2.6.STABLE1 to 2.6.STABLE2

- -

-

-

- - -

8. Key changes squid-2.6.STABLE2 to 2.6.STABLE3

- -

-

-

- - -

9. Key changes squid-2.6.STABLE3 to 2.6.STABLE4

- -

-

-

- -

10. Key changes squid-2.6.STABLE4 to 2.6.STABLE5

- -

-

-

- -

11. Key changes squid-2.6.STABLE5 to 2.6.STABLE6

- -

-

-

- -

12. Key changes squid-2.6.STABLE6 to 2.6.STABLE7

- -

-

-

- -

13. Key changes squid-2.6.STABLE7 to 2.6.STABLE8

- -

-

-

- -

14. Key changes squid-2.6.STABLE8 to 2.6.STABLE9

- -

-

-

- -

15. Key changes squid-2.6.STABLE9 to 2.6.STABLE10

- -

-

-

- -

16. Key changes squid-2.6.STABLE10 to 2.6.STABLE11

- -

-

-

- -

17. Key changes squid-2.6.STABLE11 to 2.6.STABLE12

- -

-

-

- -

18. Key changes squid-2.6.STABLE12 to 2.6.STABLE13

- -

-

-

- -

19. Key changes squid-2.6.STABLE13 to 2.6.STABLE14

- -

-

-

- - -

20. Key changes squid-2.6.STABLE14 to 2.6.STABLE15

- -

-

-

- -

21. Key changes squid-2.6.STABLE15 to 2.6.STABLE16

- -

-

-

- -

22. Key changes squid-2.6.STABLE16 to 2.6.STABLE17

- -

-

-

- - - --- squid/doc/release-notes/release-2.6.sgml Wed Jan 23 12:53:54 2008 +++ /dev/null Wed Jan 23 12:53:54 2008 @@ -1,657 +0,0 @@ - -
-Squid 2.6.STABLE17 release notes -Squid Developers -$Id: release-2.6.sgml,v 1.69 2007/11/26 13:31:53 hno Exp $ - - -This document contains the release notes for version 2.6 of Squid. -Squid is a WWW Cache application developed by the Web Caching community. - - - - -Key changes from squid 2.5 -

- -Major improvements to the way that Squid handles web proxy, accelerated -and transparent proxy requests to make it easier to configure transparent and -acceleration functionality. The default behaviour is to function as a standard -HTTP proxy on each port that Squid is configured to listen on, but in addition -in this release the keywords "accel" and "transparent" can be specified -after each port to indicate to Squid the functionality that is to be enabled on -that port. This means that the old config directives relating to httpd_accel_* -are now deprecated. See below for more details about these options. -WCCPv2 support multiple cache engines registering with multiple WCCP -routers and switches. WCCPv2 is preferred over WCCPv1 for performance and -flexibility reasons if your router or switch is able to support it (all recent -versions of IOS do so). Initially WCCPv2 under Linux is limited to registration -with only one router due to kernel limitations in more recent versions, although -this will be addressed in a future release of Squid. -TPROXY totally transparent proxy support under Linux, which to allow Squid -to appear totally invisible to both client and server systems when transparently -caching requests. This works by spoofing the source and destination address to -both the client and server. -Support for Etag and Vary HTTP headers. This further moves Squid towards -HTTP/1.1 compliance. The Vary header field is used for improved caching and -delivery of customized content to end clients, and the Etag is used similar to -an MD5 checksum between client and server to determine if a web page has changed -since it was last retrieved. -Collapsed forwarding, which gives Squid the ability to intelligently merge -client requests for objects into one request to the server. Of particular -benefit in accelerator setups but also provides some benefits to non accelerator -setups. -Support for epoll under Linux and kqueue under FreeBSD, which gives Squid -the ability to handle many many more concurrent requests with lower CPU -overhead. This feature is of particular benefit to very busy caches -as the poll() and select() routines do not scale anywhere near as well as epoll -and kqueue does under high loads. -SSL assisted hardware encryption making use of OpenSSL functionality -within Squid. -Logging enhancements to allow even greater customization of the way Squid -logs requests in the access-log or to syslog if required -Authentication enhancements including Negotiate/Kerberos support, extra -workarounds for NTLM clients and others using Microsoft Integrated Login. -Additional external_acl parameters to support SSL and even more client -side parameters. -ACL changes in conjunction with SSL changes which have been merged, to -allow matching based on SSL certificate parameters. -Improvements to Cygwin support for users who wish to run Squid in a -Microsoft Windows/Cygwin environment as a system service. -New authentication helpers: - -Digest LDAP helper -Native Windows basic, NTLM and negotiate helpers -External acl helpers for session monitoring and native Windows group -membership check - -HTCP significantly cleaned up and added support for the CLR operation to purge contents from the cache -Support for parsing X-Forwarded-For headers allowing access controls to be based on the real client IP even if behind secondary proxies -Support for proxying of Microsoft Integrated Login (NTLM & Negotiate) connection oriented authentication schemes, enabling access to servers or proxies using such authentication methods. -Support for the Linux TPROXY patch allowing Squid to masquerade using the clients original IP address -urlgroups, tagging URLs for redirection and access controls, and divides the cache allowing different users to get different results for the same URL. -Optional automatic monotoring of cache peers and configured origin servers -SSL client support, allowing both http->https gatewaying and SSL encrypted peers (both origin servers and proxies). -Full ETag/Vary based caching, allowing efficient caching of server driven content negotiation. -Customizable access log format -Selective access logging, and ability to log to more than access log possibly in different formats -New more efficient helper protocol allowing for multiple concurrent lookups to the same helper -Ability to rewrite Location headers (redirects sent by servers) -Major cleanup or CARP. Now plays well with the other peering algorithms as just another non-ICP peering method. - - -Changes to squid.conf -

-http_portNow takes a list of options in addition to the port address, specifying the purpose of this http_port. Default is plain Internet proxy as usual. Also there is no longer a default port and you must include a http_port directive in your squid.conf if you want Squid to listen for http requests. -httpd_accel_* for transparent proxyNow implemented by the "transparent" http_port option -httpd_accel_* for accelerator modeNow implemented by other options and the http_port accel option. See individual directives below. -httpd_accel_hostReplaced by defaultsite http_port option and cache_peer originserver option. -httpd_accel_portNo longer needed. Server port defined by the cache_peer port. -httpd_accel_uses_host_headerReplaced by vhost http_port option -https_portMany new options. Reconstructs URLs as https:// by default. -cache_peerMany new options to support origin servers and SSL encryption -ssl_engineNew directive for hardware assisted SSL encryption -sslproxy_*New directives defining how to gateway http->https -sslpassword_programNew helper directive to query an external program for SSL key encryption password (if any) -no_cacheRenamed to cache to better reflect the functionaliy. no_cache still accepted. -cacheNew name for the old no_cache directive. -cache_varyNew directive to disable caching of Vary:ing responses -broken_vary_encodingNew directive to work around known broken compression modules which hasn't understood the meaning of the ETag HTTP header in relation to Accept-Encoding. -logformatNew directive for defining custom log formats -cache_access_logRenamed to access_log -access_logSelect what requests to log where any by what format. Support for multiple log files and multiple log formats. -check_hostnamesNew option to disable the hostname validity/sanity checks usually performed by Squid, replacing the similar build time configure option in 2.5. -allow_underscoreNew option to allow _ in hostnames, replacing the similar build time configure option in 2.5 and earlier. -dns_defnamesAllow for domain searches. Now possible even when using the internal DNS client -redirect_*Renamed to url_rewrite_* to better reflect the functionality of this helper (rewriting requested URLs) -url_rewrite_concurrencyActivates a new and more efficient helper protocol. Requires changes in the helper. -location_rewrite_*New helper hook for rewriting Location headers -auth_param basic blankpasswordNew option to allow the use of blank passwords. -auth_param basic/digest concurrencyNew option enabling a multiplexed helper protocol allowing the same helper to process multiple concurrent requests in an efficient manner. Requires support from the helper. (2.6.STABLE2 and later) -auth_param ntlm max_challenge_reuse / max_challenge_lifetimeNo longer supported -auth_param ntlm use_ntlm_negotiateDirective no longer supported. Use of NTLM negotiate packet is always on. -auth_param ntlm keep_aliveNew option to fine-tune the use of HTTP keep-alive in combination with NTLM -auth_param negotiateNew Negotiate authentication scheme, the "next generation" scheme in the family of Microsoft authentication. -external_acl_typeMany new format options %SRCPORT, %MYADDR, %MYPORT, %PATH, %USER_CERT, %ACL, %DATA and a few variants. Helper protocol defaults to the simpler "3.0" protocol, and there is support for a highly efficient protocol via the concurrency= option if supported by the helper. -refresh_patternSeveral new HTTP override/ignore options -read_ahead_gapNew directive to set the response buffer size. -collapsed_forwardingNew directive to enable an alternative optimized forwarding path when there is very many concurrent requests for the same URL. -refresh_stale_hitNew directive similar to collapsed_forwarding and activates an alternative optimized request processing when there is very many concurrent requests for the same recently expired URL. -acl urlgroupNew acl class -acl user_certNew acl class matching the user SSL certificate (https_port) -acl ca_certNew acl class matching the CA of the user SSL certificate (https_port) -acl ext_user / ext_user_regexNew acl matching usernames returned by external acl -follow_x_forwarded_forNew option to enable parsing of X-Forwarded-For headers allowing access controls to be based on the real client IP even if behind secondary proxies -http_access2New http_access type directive but evaluated after url rewrites -htcp_access, htcp_clr_accessAccess control on HTCP requests -log_accessNew directive to limit what gets logged. -httpd_suppress_version_stringEnable hiding of the Squid version -umaskNew directive to specify the minimum umask Squid should run under -error_mapNew directive to allow dynamic rewrites of error pages -viaNew directive to disable the use of the Via directive -wccp2_*WCCP2 protocol support -minimum_expiry_timetune the magic 60 seconds limit of what is considered cachable when the object doesn't have any cache validators. (2.6.STABLE2) -wccp2_rebuild_waitmake Squid delay registering with a WCCP router until store rebuild have finished. Default on. (2.6.STABLE2) -wccp2_weightCache server load weigth in the cluster. (2.6.STABLE4) -check_hostnamesControl if Squid should check the sanity of host names before trying to look them up in DNS -allow_underscoresControl if _ is to be considered a valid character in hostnames or not -cache_peer carp-load-factorOption removed. CARP now uses the weight parameter instead. -cache_peer login=Controls how Squid forwards login information to peer caches and servers. - - -Known issues - -

There is a few known issues in this version of Squid which we hope to correct in a later release - - -Bug #761: Unstable under load when using diskd - - -Known limitations - -

In addition there is a set of limitations in this version of Squid which we hope to correct later - - -Bug #1420: 302 responses with an Expires header is always cached -Bug #1059: mime.conf and referenced icons must be within chroot -Bug #692: tcp_outgoing_address using an ident ACL does not work -Bug #581: acl max_user_ip and multiple authentication schemes -Bug #528: miss_access fails on "slow" acl types such as dst. -Bug #513: squid -F is starting server sockets to early -Bug #457: does not handle swap.state corruption properly -Bug #410: unstable if runs out of disk space -Bug #355: diskd may appear slow on low loads -Bug #219: delay_pools stops working on -k reconfigure - - -Other issues - -

Ipfilter 4.x compile problem on HP Tru64 - - Running configure --enable-ipf-transparent on an HP Tru64 5.1B system with ipfilter 4.x installed, the following error can occur: - - checking if IP-Filter header files are installed... no - WARNING: Cannot find necessary IP-Filter header files - Transparent Proxy support WILL NOT be enabled - To fix the problem first check if the ip_fil.h, ip_compat.h, ip_nat.h and ipl.h files are present in - /usr/include/netinet and copy them from ipfilter source tree if needed. - Don't forget to fix files permission and ownership after the copy. - If the error still persist, run configure making it skip the ip_compat.h test: - - env ac_cv_header_netinet_ip_compat_h=yes ./configure --enable-ipf-transparent - On Sun Solaris 10, ipfilter 4.0.22 is provided with the OS, but related include files (ip_fil.h, ip_compat.h, ip_nat.h, ipl.h) are missing. - Before running configure --enable-ipf-transparent, they must be downloaded from the - - in the /usr/include local directory. Don't forget to fix files permission and ownership after the download. - - - -Windows support -

This Squid version can run on Windows as a system service using the Cygwin emulation environment, -or can be compiled in Windows native mode using the MinGW + MSYS development environment. Windows NT 4 SP4 and later are supported. -On Windows 2000 and later the service is configured to use the Windows Service Recovery option -restarting automatically after 60 seconds. - - -Usage - -Some new command line options was added for the Windows service support: - -The service installation is made with -i command line switch, it's possible to use -f switch at -the same time for specify a different config-file settings for the Squid Service that will be -stored on the Windows Registry. - -A new -n switch specify the Windows Service Name, so multiple Squid instance are allowed. -squid -i [-f file] [-n name] - -Service uninstallation is made with -r command line switch with the appropriate -n switch. - -The -k switch family must be used with the appropriate -f and -n switches, so the syntax is: - -squid -k command [-f file] -n service-name -where squid -O cmdline [-n service-name] -If multiple service command line options must be specified, use quote. The -n switch is -needed only when a non default service name is in use. - -Don't use the "Start parameters" in the Windows 2000/XP/2003 Service applet: they are -specific to Windows services functionality and Squid is not designed for understand they. - -In the following example the command line of the "squidsvc" Squid service is set to "-D -u 3130": - -squid -O "-D -u 3130" -n squidsvc - - - -PSAPI.DLL (Process Status Helper) Considerations - -The process status helper functions make it easier for you to obtain information about -processes and device drivers running on Microsoft® Windows NT®/Windows® 2000. These -functions are available in PSAPI.DLL, which is distributed in the Microsoft® Platform -Software Development Kit (SDK). The same information is generally available through the -performance data in the registry, but it is more difficult to get to it. PSAPI.DLL is -freely redistributable. - -PSAPI.DLL is available only on Windows NT, 2000, XP and 2003. The implementation in Squid is -aware of this, and try to use it only on the right platform. - -On Windows NT PSAPI.DLL can be found as component of many applications, if you need it, -you can find it on Windows NT Resource KIT. If you have problem, it can be -downloaded from here: - - -On Windows 2000 and later it is available installing the Windows Support Tools, located on the -Support\Tools folder of the installation Windows CD-ROM. - - - -Registry DNS lookup -On Windows platforms, if no value is specified in the - - -Compatibility Notes - -It's recommended to use '/' char in Squid paths instead of '\' -Paths with spaces (like 'C:\Programs Files\Squid) are NOT supported by Squid -When using ACL like 'acl aclname acltype "file"' the file must be in DOS text -format (CR+LF) and the full Windows path must be specified, for example: - -acl blocklist url_regex -i "c:/squid/etc/blocked1.txt" - -The Windows equivalent of '/dev/null' is 'NUL' -Squid doesn't know how to run external helpers based on scripts, like .bat, .cmd, -.vbs, .pl, etc. So in squid.conf the interpreter path must be always specified, for example: - -redirect_program c:/perl/bin/perl.exe c:/squid/libexec/redir.pl -redirect_program c:/winnt/system32/cmd.exe /C c:/squid/libexec/redir.cmd -When Squid runs in command line mode, the launching user account must have administrative privilege on the system -"Start parameters" in the Windows 2000/XP/2003 Service applet cannot be used -Building with MinGW, when the configure option --enable-truncate is used, Squid cannot run on Windows NT, only Windows 2000 and later are supported - - - - -Known Limitations: - -Squid features not operational: - -DISKD: still needs to be ported -WCCP: cannot work because user space GRE support on Windows is missing -Transparent Proxy: missing Windows non commercial interception driver - -Some code sections can make blocking calls. -Some external helpers may not work. -File Descriptors number hard-limited to 2048 when building with MinGW. - - - - -Building Squid on Windows: -A reasonably recent release of or is needed. -The usage of the Cygwin environment is very similar to other Unix/Linux environments, and -devel version of libraries must be installed. -For the MinGW environment, the packages MSYS, MinGW and msysDTK must be installed. Some additional libraries and tools must be downloaded separately: -OpenSSL: -libcrypt: -db-1.85: -uudecode: -When running configure, --disable-wccp and --disable-wccpv2 options should always specified to avoid compile errors. - -New configure options: - ---enable-win32-service - -Updated configure options: - ---enable-arp-acl ---enable-default-hostsfile - -Unsupported configure options: - ---enable-coss-aio-ops: On Windows Posix AIO is not available ---with-large-files: No suitable build environment is available on both Cygwin and MinGW, but --enable-large-cache-files works fine - -Recommended configure minimal options for Windows: - ---prefix=c:/squid --disable-wccp --disable-wccpv2 --enable-win32-service --enable-default-hostsfile=none - - - -Before build Squid with SSL support, some operations are needed (in the following example OpenSSL is installed in C:\OpenSSL and MinGW in C:\MinGW): - -Copy C:\OpenSSL\lib\MinGW content to C:\MinGW\lib -Copy C:\OpenSSL\include\openssl content to C:\MinGW\include\openssl -Rename C:\MinGW\lib\ssleay32.a to C:\MinGW\lib\libssleay32.a - - - - - -Using cache manager on Windows: -On Windows, cache manager (cachemgr.cgi) can be used with Microsoft IIS or Apache. -Some specific configuration could be needed: - -IIS 6 (Windows 2003): - -On IIS 6.0 all CGI extensions are denied by default for security reason, so the following configuration is needed: - -Create a cgi-bin Directory -Define the cgi-bin IIS Virtual Directory with read and CGI execute IIS -permissions, ASP scripts are not needed. This automatically defines a -cgi-bin IIS web application -Copy cachemgr.cgi into cgi-bin directory and look to file permissions: -the IIS system account and SYSTEM must be able to read and execute the file -In IIS manager go to Web Service extensions and add a new Web Service -Extension called - -Apache: - -On Windows, cachemgr.cgi needs to create a temporary file, so Apache must be instructed - to pass the TMP and TEMP Windows environment variables to CGI applications: - -ScriptAlias /squid/cgi-bin/ "c:/squid/libexec/" -<Location /squid/cgi-bin/cachemgr.cgi> - PassEnv TMP TEMP - Order allow,deny - Allow from workstation.example.com -</Location> - - - - - -Key changes squid-2.6.STABLE1 to 2.6.STABLE2 - -

- - Bug #1650: transparent interception "Unable to forward this request at this time" - Bug #1658: Memory corruption when using client-side SSL certificates - Multiple fixes to the experimental COSS cache_dir type - Added the missing concurrency parameter to basic/digest auth schemes - Bug #1669: SEGV in storeAddVaryReadOld - Bug #1670: assertion failure: i->prefix_size > 0 in client_side.c:2509 - Bug #1671: transparent interception fails with FreeBSD ipfw or Linux-2.2 ipchains - Bug #1660: Accept-Encoding related memory corruption - Bug #1673: cache digests not served to other caches - Bug #1684: xstrdup: tried to dup a NULL pointer! - Bug #1688: Assertion failure in HttpHeader.c in some header_access configurations - Bug #1696, Bug #1700 and more: WCCP2 fixes - Bug #1677: Duplicate etags in the If-None-Match in cache validations causing lighttpd to fail with error 400 - Added ARP acl support for OpenBSD and ARP fixes for Windows - Bug #1681: All ntlmauthenticator processes are busy - new minimum_expiry_time squid.conf directive backported from Squid-3 - Bug #1703: Wrong default path to the diskd helper causing hangs at 100% CPU - Bug #1685: Crashes or other odd results after storeSwapMetaUnpack: errors - a number of other minor and cosmetic bugfixes. See the list of and the file for details. - - - -Key changes squid-2.6.STABLE2 to 2.6.STABLE3 - -

- - src/dst acl parsing changed to not attempt to guess a netmask - if none was specified. Instead assume it's an IP address and not - a network even if it ends in 0 - Several memory leaks plugged - Delay pools now work again (broken in 2.6.STABLE1 & 2) - New log_format %ue and %us tags for external acl or ssl user id - COSS fixes and performance improvements - Include acl's is now shown in their original form in cachemgr configuration dumps. - ntlm fake_auth finally handles non-ascii user names - TCP fallback on truncated DNS responses, making the internal - DNS client complete. - Downloads could hang when using the cache_dir max-size option - Fixed some assertion failures and segmentation faults - Some small optimizations to reduce CPU usage - a number of other minor and cosmetic bugfixes. See the list of and the file for details. - - - -Key changes squid-2.6.STABLE3 to 2.6.STABLE4 - -

- - New wccp2_weight directive - Numeros COSS fixes and improvements - Support for WCCP2 hash based assignment and weighted assignments - Windows port update - Many small fixes to better detect invalid configurations - Bug #1760: FTP related memory leak - SNMP mib updates for some minor missing details - Bug #1590: Silence those harmless ETag loop warnings - Bug #1740: Squid crashes on certain malformed HTTP responses - Bug #1699: assertion failed: authenticate.c:836: "auth_user_request != NULL" - a number of other minor and cosmetic bugfixes. See the list of and the file for details. - - -Key changes squid-2.6.STABLE4 to 2.6.STABLE5 - -

- - Bug #1776: 2.6.STABLE4 aufs fails to compile if coss isn't enabled - COSS improvements and cleanups - Bug #1785: Memory leak in handling of negatively cached objects - Bug #1780: Incorrect Vary processing in combination with collapsed_forwarding - Bug #1779: Delay pools fairness when multiple connections compete for bandwidth - Bug #1796: Assertion error HttpHeader.c:914: "str" - All comm loops now use the generic event framework - a number of other minor and cosmetic bugfixes. See the list of and the file for details. - - -Key changes squid-2.6.STABLE5 to 2.6.STABLE6 - -

- - Bug #1805: assertion failed: StatHist.c:195: "D[i] >= 0" - Add support for the weight= parameter to round-robin peers - Bug #1584: Unable to register with multiple WCCP2 routers - Bug #439: Multicast ICP peering is unstable and considers most peers dead - Bug #1801: NTLM authentication ends up in a loop if the server responds with a retriable error - Bug #1641: assertion failed: stmem.c:149: "size > 0" while processing certain Vary objects - a number of other minor and cosmetic bugfixes. See the list of and the file for details. - - -Key changes squid-2.6.STABLE6 to 2.6.STABLE7 - -

- - Bug #1857: Segmentation fault on certain types of ftp:// requests - Bug #1848: external_acl crashes with an infinite loop under high load - Bug #1867: squid.pid isn't removed on shutdown - Bug #1792: max_user_ip not working with ntlm_auth - a number of other minor and cosmetic bugfixes. See the list of and the file for details. - - -Key changes squid-2.6.STABLE7 to 2.6.STABLE8 - -

- - Bug #1872: Date parsing error causing objects to get unexpectedly cached. Problem introduced in 2.6.STABLE6. - Bug #1873: authenticateNTLMFixErrorHeader: state 4. NTLM & - Negotiate instability introduced in 2.6.STABLE6. - Primitive support for HTTP/1.1 chunked encoding, working around broken servers sending chunked encoding in response to HTTP/1.0 requests. - Bug #1783: STALE: Entry's timestamp greater than check time. Clock going backwards? - Don't update object timestamps on a failed revalidation. - a number of other minor and cosmetic bugfixes. See the list of and the file for details. - - -Key changes squid-2.6.STABLE8 to 2.6.STABLE9 - -

- - Bug #1878: If-Modified-Since broken in 2.6.STABLE8 - Bug #1877 diskd bug in storeDiskdIOCallback() - See the list of and the file for details. - - -Key changes squid-2.6.STABLE9 to 2.6.STABLE10 - -

- - Upgrade HTTP/0.9 responses to our HTTP version (HTTP/1.0) - various diskd bugfixes - In the access.log hierarchy field log the unique peer name - instead of the host name - logging format for HTTP-request size - Primitive support for HTTP/1.1 chunked encoding, working around - broken servers - a number of other minor and cosmetic bugfixes. See the list of and the file for details. - - -Key changes squid-2.6.STABLE10 to 2.6.STABLE11 - -

- - Bug #1915: assertion failed: client_side.c:4055: "buf != NULL || - !conn->body.request" - Handle garbage helper responses better in concurrent protocol format - Fix kqueue when overflowing the changes queue - Make sure the child worker process commits suicide if it could not start up - Don't log short responses at debug level 1 - Fix collapsed_forwarding for non-GET requests - See also the list of and the file for details. - - -Key changes squid-2.6.STABLE11 to 2.6.STABLE12 - -

- - Assertion error on TRACE - See also the list of and the file for details. - - -Key changes squid-2.6.STABLE12 to 2.6.STABLE13 - -

- - Make sure reply headers gets sent even if there is no body available - yet, fixing RealMedia streaming over HTTP issues. - Bug #1814: SSL memory leak on persistent SSL connections - Ukrainan error messages - See also the list of and the file for details. - - -Key changes squid-2.6.STABLE13 to 2.6.STABLE14 - -

- - Make sure reply headers gets sent even if there is no body available - yet, fixing RealMedia streaming over HTTP issues. - Bug #1814: SSL memory leak on persistent SSL connections - Ukrainan error messages - New Kerberos Negotiate / SPNEGO helper - New SQL Database basic auth helper - New Solaris /dev/poll support - New Novell eDirectory Digest auth helper - New cache_dir min-size option - New pop3 basic auth helper - squid.conf.default cleanups - NTLM workaround for some applications not negotiating HTTP/1.0 persistent connetions - See also the list of and the file for details. - - - -Key changes squid-2.6.STABLE14 to 2.6.STABLE15 - -

- - Portability fix for systems requiring select(). Got broken when - adding /dev/poll support in 2.6.STABLE14 - Bug #2017: Work around broken servers sending just the HTTP headers - squid.conf.default documentation update and reorganisation - access_log syslog syntax cleaned up and documented - Armenian error pages translation - Bug #2057: NTLM stop work in messengers after upgrade to 2.6.STABLE14 - Bug #1972: Squid sets peers to down state when they are in fact working. - Bug #2066: chdir after chroot - See also the list of and the file for details. - - -Key changes squid-2.6.STABLE15 to 2.6.STABLE16 - -

- - Bug #2073: assertion failed: client_side.c:4175: "buf != NULL || - !conn->body.request on POST - Test for sys/capability.h linux include file to avoid failing on - linux systems missing libcap - More squid.conf reordering to get the dependencies between options - sorted proper - See also the list of and the file for details. - - -Key changes squid-2.6.STABLE16 to 2.6.STABLE17 - -

- - A temporary memory leak fixed on cache updates - New squid_radius_auth RADIUS authentication helper - Documentation cleanups - Code cleanups and portability fixes - Several minor bugfixes - See also the list of and the file for details. - - -

-