diff -u -r -N squid-3.1.0.18/ChangeLog squid-3.1.1/ChangeLog --- squid-3.1.0.18/ChangeLog 2010-03-14 20:06:08.000000000 +1300 +++ squid-3.1.1/ChangeLog 2010-03-29 22:02:56.000000000 +1200 @@ -1,3 +1,11 @@ +Changes to squid-3.1.1 (29 Mar 2010): + + - Bug 2873: undefined symbol + - Bug 2827: assertion in authentication + - Remove ufsdump binary from default builds + - Remove pinger from default startups + - ... and several documentation updates. + Changes to squid-3.1.0.18 (14 Mar 2010): - Regression Fix: IPv4-mapped prefix, broken in 3.1.0.16 diff -u -r -N squid-3.1.0.18/configure squid-3.1.1/configure --- squid-3.1.0.18/configure 2010-03-14 20:06:46.000000000 +1300 +++ squid-3.1.1/configure 2010-03-29 22:03:35.000000000 +1200 @@ -1,7 +1,7 @@ #! /bin/sh # From configure.in Revision. # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.62 for Squid Web Proxy 3.1.0.18. +# Generated by GNU Autoconf 2.62 for Squid Web Proxy 3.1.1. # # Report bugs to . # @@ -751,8 +751,8 @@ # Identity of this package. PACKAGE_NAME='Squid Web Proxy' PACKAGE_TARNAME='squid' -PACKAGE_VERSION='3.1.0.18' -PACKAGE_STRING='Squid Web Proxy 3.1.0.18' +PACKAGE_VERSION='3.1.1' +PACKAGE_STRING='Squid Web Proxy 3.1.1' PACKAGE_BUGREPORT='http://www.squid-cache.org/bugs/' ac_unique_file="src/main.cc" @@ -1692,7 +1692,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures Squid Web Proxy 3.1.0.18 to adapt to many kinds of systems. +\`configure' configures Squid Web Proxy 3.1.1 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1762,7 +1762,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of Squid Web Proxy 3.1.0.18:";; + short | recursive ) echo "Configuration of Squid Web Proxy 3.1.1:";; esac cat <<\_ACEOF @@ -2094,7 +2094,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -Squid Web Proxy configure 3.1.0.18 +Squid Web Proxy configure 3.1.1 generated by GNU Autoconf 2.62 Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001, @@ -2108,7 +2108,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by Squid Web Proxy $as_me 3.1.0.18, which was +It was created by Squid Web Proxy $as_me 3.1.1, which was generated by GNU Autoconf 2.62. Invocation command line was $ $0 $@ @@ -2826,7 +2826,7 @@ # Define the identity of the package. PACKAGE='squid' - VERSION='3.1.0.18' + VERSION='3.1.1' cat >>confdefs.h <<_ACEOF @@ -46789,14 +46789,18 @@ $as_echo "$as_me: Use MSVCRT for math functions." >&6;} ;; *) + ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu -{ $as_echo "$as_me:$LINENO: checking for main in -lm" >&5 -$as_echo_n "checking for main in -lm... " >&6; } -if test "${ac_cv_lib_m_main+set}" = set; then + { $as_echo "$as_me:$LINENO: checking for library containing rint" >&5 +$as_echo_n "checking for library containing rint... " >&6; } +if test "${ac_cv_search_rint+set}" = set; then $as_echo_n "(cached) " >&6 else - ac_check_lib_save_LIBS=$LIBS -LIBS="-lm $LIBS" + ac_func_search_save_LIBS=$LIBS cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF @@ -46804,16 +46808,29 @@ cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ - +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char rint (); int main () { -return main (); +return rint (); ; return 0; } _ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext +for ac_lib in '' m; do + if test -z "$ac_lib"; then + ac_res="none required" + else + ac_res=-l$ac_lib + LIBS="-l$ac_lib $ac_func_search_save_LIBS" + fi + rm -f conftest.$ac_objext conftest$ac_exeext if { (ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; @@ -46828,36 +46845,49 @@ cat conftest.err >&5 $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 (exit $ac_status); } && { - test -z "$ac_cxx_werror_flag" || + test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest$ac_exeext && { test "$cross_compiling" = yes || $as_test_x conftest$ac_exeext }; then - ac_cv_lib_m_main=yes + ac_cv_search_rint=$ac_res else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 - ac_cv_lib_m_main=no + fi rm -rf conftest.dSYM rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS + conftest$ac_exeext + if test "${ac_cv_search_rint+set}" = set; then + break fi -{ $as_echo "$as_me:$LINENO: result: $ac_cv_lib_m_main" >&5 -$as_echo "$ac_cv_lib_m_main" >&6; } -if test $ac_cv_lib_m_main = yes; then - cat >>confdefs.h <<_ACEOF -#define HAVE_LIBM 1 -_ACEOF - - LIBS="-lm $LIBS" +done +if test "${ac_cv_search_rint+set}" = set; then + : +else + ac_cv_search_rint=no +fi +rm conftest.$ac_ext +LIBS=$ac_func_search_save_LIBS +fi +{ $as_echo "$as_me:$LINENO: result: $ac_cv_search_rint" >&5 +$as_echo "$ac_cv_search_rint" >&6; } +ac_res=$ac_cv_search_rint +if test "$ac_res" != no; then + test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" fi + ac_ext=cpp +ac_cpp='$CXXCPP $CPPFLAGS' +ac_compile='$CXX -c $CXXFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CXX -o conftest$ac_exeext $CXXFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_cxx_compiler_gnu + ;; esac @@ -51116,7 +51146,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by Squid Web Proxy $as_me 3.1.0.18, which was +This file was extended by Squid Web Proxy $as_me 3.1.1, which was generated by GNU Autoconf 2.62. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -51169,7 +51199,7 @@ _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_version="\\ -Squid Web Proxy config.status 3.1.0.18 +Squid Web Proxy config.status 3.1.1 configured by $0, generated by GNU Autoconf 2.62, with options \\"`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`\\" diff -u -r -N squid-3.1.0.18/configure.in squid-3.1.1/configure.in --- squid-3.1.0.18/configure.in 2010-03-14 20:06:46.000000000 +1300 +++ squid-3.1.1/configure.in 2010-03-29 22:03:35.000000000 +1200 @@ -2,7 +2,7 @@ dnl dnl $Id$ dnl -AC_INIT([Squid Web Proxy],[3.1.0.18],[http://www.squid-cache.org/bugs/],[squid]) +AC_INIT([Squid Web Proxy],[3.1.1],[http://www.squid-cache.org/bugs/],[squid]) AC_PREREQ(2.61) AC_CONFIG_HEADERS([include/autoconf.h]) AC_CONFIG_AUX_DIR(cfgaux) @@ -2641,7 +2641,10 @@ AC_MSG_NOTICE([Use MSVCRT for math functions.]) ;; *) - AC_CHECK_LIB(m, main) + dnl rint() is only used in old C code for now. + AC_LANG_PUSH([C]) + AC_SEARCH_LIBS([rint],[m]) + AC_LANG_POP([C]) ;; esac diff -u -r -N squid-3.1.0.18/CONTRIBUTORS squid-3.1.1/CONTRIBUTORS --- squid-3.1.0.18/CONTRIBUTORS 2010-03-14 20:06:09.000000000 +1300 +++ squid-3.1.1/CONTRIBUTORS 2010-03-29 22:02:56.000000000 +1200 @@ -1,40 +1,51 @@ Special thanks go to people who have volunteered their time, effort, and ideas to make this software available. - Adrian Chadd + Adam Ciarcinski + Adrian Chadd + Alex Rousskov Alexander B. Demenshin Alexander Lukyanov Alexey Veselovsky - Alex Rousskov + Alin Nastac Alter Amos Jeffries Andreas Lamprecht Andres Kroonmaa + Andrew Hoying Andrey Shorin Ansgar Hockmann Anthony Baxter Arjan de Vet + Arkin Arthur Tumanyan Assar Westerlund + Automatic source maintenance Axel Westerhold Benno Rice + Bertrand Jacquin Bojan Smojver Brad Smith + Brian Brian Degenhardt Brian Denehy - Brian Bruce Murphy Carson Gaspar (carson@lehman.com, carson@cs.columbia.edu) + Chris Hills Christos Tsantilas + Cloyce Constantin Rack Cord Beermann Daniel O'Callaghan David Luyer + Diego Woitasen Dmitry Kurochkin + Don Hopkins Doug Dixon Doug Urner Dragutin Cirkovic Duane Wessels + Dustin J. Mitchell Ed Knowles Edward Moy Emilio Casbas @@ -46,10 +57,11 @@ Finn Thain Flavio Pescuma Francesco Chemolli - Francesco Salvestrini and Dustin J. Mitchell + Francesco Salvestrini Francis Daly Francois Cami Frank Balluffi + Frank Schmirler Geoff Keating George Michaelson Georgy Salnikov @@ -59,29 +71,39 @@ Glenn Chisholm Golub Mikhail Gonzalo Arana - Guido Serassio + Graham Keeling + Guido Serassio Hasso Tepper Henrik Nordstrom Hide Nagaoka Ian Castle Ian Turner Igor Vinokurov + Isnard + JPP + Jakub Wilk + James Brotchie James R Grinter Jan Niehusmann Jean-Francois Micouleau + Jean-Gabriel Dick Jerry Murdock Joachim Bauch + Joao Alves Neto + Jochen Voss Joe Ramey John Dilley John Saunders - Jonathan Larmour + Johnathan Conley Jon Thackray + Jonathan Larmour Joshua Root - JPP + Kieran Whitbread Klaubert Herr Klaus Singvogel Kolics Bertold Kostas Anagnostakis + Lab10 Laszlo Attilla Toth Leeann Bent Luigi Gangitano @@ -92,20 +114,22 @@ Mark Bergsma Mark Nottingham Mark Treacy + Marko Markus Gyger - Markus Markus Moeller - Markus Moeller Markus Stumpf Martin Hamilton + Martin Huter Masashi Fujita Massimo Zito Matthew Morgan + Matthias Pitzl Max Okumoto Michael Lupp Michael Mansour Michael O'Reilly Michael Pelletier + Michael van Elst Miguel A.L. Paraz Mike Groeneweg Mike Mitchell @@ -121,15 +145,23 @@ Pedro Ribeiro Pete Bentley Peter Hidas + Peter Pramberger + Philip Allison + Philippe Lantin Pierangelo Masarati Pierre-Louis BRENAC Przemek Czerkas Rafael Martinez Torres + Rafal Ramocki + Ralf Wildenhues Ralph Loader + Regardt van de Vyver + Reinhard Sojka + Rene Geile Reuben Farrelly Richard Huveneers Robert Collins - Robert Dessa + Robert Forster Rodrigo Campos (rodrigo@geekbunker.org) Ron Gomes Russell Street @@ -140,15 +172,21 @@ Shigechika Aikawa Stephen R. van den Berg Steve Bennett + Steve Snyder Steven Wilton Stewart Forster Svenx Taavi Talvik Taketo Kabe - Thomas-Martin Seck Thomas Ristic + Thomas-Martin Seck Tim Starling Tony Lorimer + Unknown - NetBSD Project + Vincent Regnard Vitaliy Matytsyn (main) Wesha Wojtek Sylwestrzak + Wolfgang Nothdurft + fancyrabbit + vollkommen diff -u -r -N squid-3.1.0.18/include/autoconf.h.in squid-3.1.1/include/autoconf.h.in --- squid-3.1.0.18/include/autoconf.h.in 2010-03-14 20:06:21.000000000 +1300 +++ squid-3.1.1/include/autoconf.h.in 2010-03-29 22:03:09.000000000 +1200 @@ -308,9 +308,6 @@ /* Define to 1 if you have the `intl' library (-lintl). */ #undef HAVE_LIBINTL -/* Define to 1 if you have the `m' library (-lm). */ -#undef HAVE_LIBM - /* Define to 1 if you have the `malloc' library (-lmalloc). */ #undef HAVE_LIBMALLOC diff -u -r -N squid-3.1.0.18/include/version.h squid-3.1.1/include/version.h --- squid-3.1.0.18/include/version.h 2010-03-14 20:06:46.000000000 +1300 +++ squid-3.1.1/include/version.h 2010-03-29 22:03:35.000000000 +1200 @@ -9,7 +9,7 @@ */ #ifndef SQUID_RELEASE_TIME -#define SQUID_RELEASE_TIME 1268550359 +#define SQUID_RELEASE_TIME 1269856967 #endif #ifndef APP_SHORTNAME diff -u -r -N squid-3.1.0.18/RELEASENOTES.html squid-3.1.1/RELEASENOTES.html --- squid-3.1.0.18/RELEASENOTES.html 2010-03-14 20:18:02.000000000 +1300 +++ squid-3.1.1/RELEASENOTES.html 2010-03-29 22:14:35.000000000 +1200 @@ -2,10 +2,10 @@ - Squid 3.1.0.18 release notes + Squid 3.1.1 release notes -

Squid 3.1.0.18 release notes

+

Squid 3.1.1 release notes

Squid Developers


@@ -70,20 +70,39 @@

1. Notice

-

The Squid Team are pleased to announce the release of Squid-3.1.0.18 for testing.

+

The Squid Team are pleased to announce the release of Squid-3.1.1.

This new release is available for download from http://www.squid-cache.org/Versions/v3/3.1/ or the mirrors.

A large number of the show-stopper bugs have been fixed along with general improvements to the ICAP support. -While this release is not deemed ready for production use, we believe it is ready for wider testing by the community.

-

We welcome feedback and bug reports. If you find a bug, please see -http://wiki.squid-cache.org/SquidFaq/TroubleShooting#head-7067fc0034ce967e67911becaabb8c95a34d576d for how to submit a report with a stack trace.

+While this release is not fully bug-free we believe it is ready for use in production on many systems.

+

We welcome feedback and bug reports. If you find a new bug, please see +http://wiki.squid-cache.org/SquidFaq/BugReporting for how to submit a report with a stack trace and other required details. Additional information is also very welcome on other open bugs.

1.1 Known issues

Although this release is deemed good enough for use in many setups, please note the existence of -open bugs against Squid-3.1.

+open bugs against Squid-3.1.

+ +

Some issues to note as currently known in this release which are not able to be fixed in this 3.1 series are:

+

+

    +
  • The lack of some features available in Squid-2.x series. See the regression sections below for full details.
  • +
  • The lack of IPv6 split-stack support for MacOSX, OpenBSD and maybe others.
  • +
+

+ +

Currently known issues which only depends on available developer time and may still be resolved in a future 3.1 release are:

+

+

    +
  • IPv4 fall-back occasionally failing on dual IPv4/IPv6 websites.
  • +
  • An ongoing slow FD leak introduced somewhere during the Squid-3.0 cycle.
  • +
  • Windows support is still largely missing.
  • +
  • Build status for the 3.x series is still largely unknown for Unix based OS and other less popular systems.
  • +
+

+

1.2 Changes since earlier releases of Squid-3.1

@@ -114,7 +133,7 @@

2.1 New Version Numbering System

-

Begining with 3.1 the Squid Developers are trialling a new release numbering system.

+

Begining with 3.1 the Squid Developers are using a new release numbering system.

We have decided, based on input from interested users to drop the Squid-2 terminology of (DEVEL, PRE, RC, and STABLE) from the release package names. @@ -162,19 +181,24 @@

squid.conf has undergone a facelift.

Don't worry, few operational changes have been made. -Older configs from are still expected to run in 3.1 with only the usual minor +Older configs from Squdi 2.x and 3.0 are still expected to run in 3.1 with only the usual minor changes seen between major release. Details on those are listed below.

-

New users will be relieved to see a short 32-line or less squid.conf on clean installs. +

New users will be relieved to see a very short squid.conf on clean installs. Many of the options have reasonable defaults but had previously needed them explicitly configured! These are now proper built-in defaults and no longer need to be in squid.conf unless changed.

All of the option documentation has been offloaded to another file squid.conf.documented which -contains a fully documented set of options previously cluttering up squid.conf itself.

+contains a fully documented set of available options previously cluttering up squid.conf itself.

Package maintainers are provided with a second file squid.conf.default which as always contains the default config options provided on a clean install.

+

We are also providing online copies of configuration documentation. +Updated live to match the latest release of each Squid series, and a combined global version. +This is available on +the Squid website

+

2.3 Internet Protocol version 6 (IPv6)

@@ -191,19 +215,24 @@

Pinger has been upgraded to perform both ICMP and ICMPv6 as required. As a result of this and due to a change in the binary protocol format between them, -new builds of squid are no longer backwards-compatible with old pinger binaries. -You will need to perform "make install-pinger" again after installing squid.

+new builds of Squid are no longer backwards-compatible with old pinger binaries. +You will need to perform "make install-pinger" again after installing Squid.

Peer and Client SNMP tables have been altered to handle IPv6 addresses. As a side effect of this the long-missing fix to show seperate named peers on one IP has been integrated. Making the SNMP peer table now produce correct output. The table structure change is identical for both IPv4-only and Dual modes but with IPv4-only simply not including any IPv6 entries. This means any third-party SNMP -software which hard coded the MIB paths needs to be upgraded for this Squid release.

- +software which hard coded the MIB paths needs to be upgraded for this Squid release. +Details can be found in the wiki +SNMP feature page.

Limitations of IPv6 Support

+

In this release there is no split-stack support. This means that OS which do not provide +IP stacks based on the KAME stack with Hybrid extensions to do IPv4-mapping cannot use IPv6 +with Squid.

+

Specify a specific tcp_outgoing_address and the clients who match its ACL are limited to the IPv4 or IPv6 network that address belongs to. They are not permitted over the IPv4-IPv6 boundary. Some ACL voodoo can however be applied to explicitly route the @@ -213,8 +242,8 @@

WCCP is not available (neither version 1 or 2). It remains built into squid for use with IPv4 traffic but IPv6 cannot use it.

-

Transparent Interception is done via NAT at the OS level and is not available in IPv6. -Squid will ensure that any port set with transparent, intercept, or tproxy options be an IPv4-only +

Pseudo-Transparent Interception is done via NAT at the OS level and is not available in IPv6. +Squid will ensure that any port set with transparent or intercept options be an IPv4-only listening address. Wildcard can still be used but will not open as an IPv6. To ensure that squid can accept IPv6 traffic on its default port, an alternative should be chosen to handle transparently intercepted traffic. @@ -224,6 +253,11 @@

+

Real transparent Interception (TPROXY) may be able to perform IPv6 interception. +However this currently still needs kernel patching with experimental patches to enable IPv6. +Squid will attempt to discover support on startup and may permit or deny IPv6 wildcard for +tproxy flagged ports depending on your system.

+

The bundled NTLM Auth helper is IPv4-native between itself and the NTLM server. A new one will be needed for IPv6 traffic between the helper and server.

@@ -245,7 +279,7 @@

For best coverage of languages, using the latest language pack of error files is recommended. Updates can be downloaded from -www.squid-cache.org/Versions/langpack/

+www.squid-cache.org/Versions/langpack/

The squid developers are interested in making squid available in a wide variety of languages. Contribution of new languages is encouraged.

@@ -296,9 +330,9 @@

Squid Configuration

-

Squid 3.1 needs to be configured with --enable-zph-qos for the ZPH QoS controls to be available.

+

Squid 3.1 needs to be configured with --enable-zph-qos for the ZPH QoS controls to be available.

-

The configuration options for 2.7 and 3.1 are based on different ZPH patches. +

The configuration options for Squid 2.7 and 3.1 are based on different ZPH patches. The two releases configuration differs and only the TOS mode settings are directly translatable.

    @@ -308,7 +342,7 @@

-

The lines above are spearated for documentation. qos_flows may be configured with all options on one line, or separated as shown. +

The lines above are separated for documentation. qos_flows may be configured with all options on one line, or separated as shown. Also options may be repeated as many times as desired. Only the final configured value for any option will be used.

The legacy Option and Priority modes available in Squid-2.7 are no longer supported.

@@ -320,10 +354,15 @@

Details in The Squid wiki

-

Squid-in-the-middle decryption and encryption of straight CONNECT and transparently redirected SSL traffic, +

Squid-in-the-middle decryption and encryption of CONNECT tunneled SSL traffic, using configurable client- and server-side certificates. While decrypted, the traffic can be inspected using ICAP.

+

Squid 3.1 releases limit SSL Bump to CONNECT requests and requires that clients are +configured to explicitly use the proxy in their browser settings or via WPAD/PAC +configuration. Use of interception for port 443 is not officially supported, despite +being known to work under certain limited networking circumstances.

+

2.8 eCAP Adaptation Module support

@@ -331,6 +370,12 @@

Details in The Squid wiki

+

eCAP provides a way to integrate CAP modules directly into Squid without the need for +a c-icap server wrapper. This enables faster processing.

+ +

Currently known and available eCAP modules are listed in the wiki feature page on eCAP.

+ +

2.9 ICAP Bypass and Retry enhancements

@@ -392,10 +437,12 @@ should be large enough to not require an explicit configuration in most environments yet may be small enough to limit side-effects of loops.

+

2.10 ICY streaming protocol support

-

Squid-3.1 adds native support for streaming protocol ICY.

+

Squid-3.1 adds native support for streaming protocol ICY. +Also commonly known as SHOUTcast multimedia streams.

This protocol uses port 80 and violates RFC 2616 by using an HTTP/1.1 compliant request and non-HTTP reply to start the stream transaction. If the reply is handled according to HTTP/1.1 RFC-compliance requirements @@ -409,7 +456,7 @@

Squid-2 contained a hack using the update_http0.9 squid.conf option to work around the unusual replies. This option is now obsolete.

-

The proto ACL type matches ICY once the reply has been received, before that the processing +

The proto ACL type matches ICY once the reply has been received, before that the processing is only aware on an HTTP request. So the ACL will match HTTP.

@@ -965,7 +1012,7 @@
         Control whether the pinger is active at run-time.
         Enables turning ICMP pinger on and off with a simple squid -k reconfigure.
-        default is on when --enable-icmp is compiled in.
+        default is off when --enable-icmp is compiled in.
         
 

@@ -1423,6 +1470,8 @@ is never forced or permitted out the IPv4 interface. acl to_ipv6 dst ipv6 + http_access allow to_ipv6 !all + tcp_outgoing_address 2002::c001 good_service_net to_ipv6 tcp_outgoing_address 10.0.0.2 good_service_net !to_ipv6 @@ -1524,7 +1573,7 @@

Build without support for loadable modules.

--disable-strict-error-checking
-

Build Squid without advanced compiler error checking. +

Build Squid without advanced compiler error checking (without the -Werror option). This only affects the building process, enabling it to complete despite some possibly serious issues. Please do not use lightly, and please report the build issues which make it needed @@ -1533,8 +1582,10 @@

--disable-translation

Prevent Squid generating localized error page templates and manuals. Which is usually tried, but may not be needed.

-

This is a development optimization for building from VCS when localization is -not needed. Has no effect on pre-translated source bundles.

+

This is an optimization for building fast when localization is not needed +or localization tools are not available.

+

A copy of the latest translated files can instead be downloaded from +http://www.squid-cache.org/Versions/langpack/

--with-dns-cname

Enable CNAME recursion within the Internal DNS resolver stub squid uses. @@ -1589,7 +1640,8 @@

Older REDIRECT and DNAT targets work as before on HTTP ports marked 'intercept'.

--enable-linux-tproxy
-

Deprecated. Remains only to support old TPROXY version 2.2 installations.

+

Deprecated. Remains only to support old TPROXY version 2.2 installations. +Scheduled for complete removal in Squid 3.2

--enable-ntlm-auth-helpers

Helper previously built by SMB is now built by smb_lm. @@ -1597,7 +1649,8 @@

--disable-internl-dns

Better support for Linux using the external DNS helper. -The helper will now compile and work with dns_nameservers on more variants of Linux than previously.

+The helper will now compile and work with dns_nameservers on more variants of Linux than previously. +It is still deprecated however and use of this option should be avoided as much as possible.

--with-aio

Deprecated. POSIX AIO is now auto-detected and enabled. @@ -1638,6 +1691,9 @@

auth_param

blankpassword option for basic scheme removed.

+
cache_peer
+

http11 Obsolete.

+
external_acl_type

Format tag %{Header} replaced by %>{Header}

Format tag %{Header:member} replaced by %>{Header:member}

@@ -1661,6 +1717,9 @@
redirector_bypass

Replaced by url_rewrite_bypass

+
server_http11
+

Obsolete.

+
upgrade_http0.9

Obsolete. ICY protocol streaming support added natively.

@@ -1787,7 +1846,6 @@
cache_peer

idle= not yet ported from 2.7

-

http11 not yet ported from 2.7

monitorinterval= not yet ported from 2.6

monitorsize= not yet ported from 2.6

monitortimeout= not yet ported from 2.6

@@ -1830,7 +1888,7 @@

Not yet ported from 2.6

logfile_daemon
-

Not yet ported from 2.7

+

Not yet ported from 2.7.

logformat

%oa tag not yet ported from 2.7

@@ -1851,9 +1909,6 @@
refresh_stale_hit

Not yet ported from 2.7

-
server_http11
-

Not yet ported from 2.7

-
storeurl_access

Not yet ported from 2.7

diff -u -r -N squid-3.1.0.18/src/acl/FilledChecklist.cc squid-3.1.1/src/acl/FilledChecklist.cc --- squid-3.1.0.18/src/acl/FilledChecklist.cc 2010-03-14 20:06:08.000000000 +1300 +++ squid-3.1.1/src/acl/FilledChecklist.cc 2010-03-29 22:02:56.000000000 +1200 @@ -86,15 +86,18 @@ if (auth_user_request) { /* the filled_checklist lock */ AUTHUSERREQUESTUNLOCK(auth_user_request, "ACLFilledChecklist"); + /* it might have been connection based */ - assert(conn() != NULL); /* * DPW 2007-05-08 * yuck, this make me uncomfortable. why do this here? * ConnStateData will do its own unlocking. */ - AUTHUSERREQUESTUNLOCK(conn()->auth_user_request, "conn via ACLFilledChecklist"); - conn()->auth_type = AUTH_BROKEN; + /* BUG 2827: the connection may also not exist. ie fast ACL tests vs client disconnection. */ + if (conn()) { + AUTHUSERREQUESTUNLOCK(conn()->auth_user_request, "conn via ACLFilledChecklist"); + conn()->auth_type = AUTH_BROKEN; + } } ACLChecklist::checkCallback(answer); // may delete us diff -u -r -N squid-3.1.0.18/src/cf.data.pre squid-3.1.1/src/cf.data.pre --- squid-3.1.0.18/src/cf.data.pre 2010-03-14 20:06:08.000000000 +1300 +++ squid-3.1.1/src/cf.data.pre 2010-03-29 22:02:56.000000000 +1200 @@ -1521,6 +1521,19 @@ TYPE: string DOC_START SSL engine options to use when proxying https:// URLs + + The most important being: + + NO_SSLv2 Disallow the use of SSLv2 + NO_SSLv3 Disallow the use of SSLv3 + NO_TLSv1 Disallow the use of TLSv1 + SINGLE_DH_USE + Always create a new key when using + temporary/ephemeral DH key exchanges + + These options vary depending on your SSL engine. + See the OpenSSL SSL_CTX_set_options documentation for a + complete list of possible options. DOC_END NAME: sslproxy_cipher @@ -1530,6 +1543,8 @@ TYPE: string DOC_START SSL cipher list to use when proxying https:// URLs + + Colon separated list of supported ciphers. DOC_END NAME: sslproxy_cafile @@ -3074,7 +3089,7 @@ NAME: pinger_enable TYPE: onoff -DEFAULT: on +DEFAULT: off LOC: Config.pinger.enable IFDEF: USE_ICMP DOC_START diff -u -r -N squid-3.1.0.18/src/Makefile.am squid-3.1.1/src/Makefile.am --- squid-3.1.0.18/src/Makefile.am 2010-03-14 20:06:08.000000000 +1300 +++ squid-3.1.1/src/Makefile.am 2010-03-29 22:02:56.000000000 +1200 @@ -172,14 +172,14 @@ recv-announce \ tests/testUfs \ tests/testCoss \ - tests/testNull + tests/testNull \ + ufsdump ## cfgen is used when building squid ## ufsdump is a debug utility, it is possibly useful for end users with cache ## corruption, but at this point we do not install it. noinst_PROGRAMS = \ - cf_gen \ - ufsdump + cf_gen sbin_PROGRAMS = \ squid diff -u -r -N squid-3.1.0.18/src/Makefile.in squid-3.1.1/src/Makefile.in --- squid-3.1.0.18/src/Makefile.in 2010-03-14 20:06:29.000000000 +1300 +++ squid-3.1.1/src/Makefile.in 2010-03-29 22:03:18.000000000 +1200 @@ -57,8 +57,8 @@ EXTRA_PROGRAMS = DiskIO/DiskDaemon/diskd$(EXEEXT) unlinkd$(EXEEXT) \ dnsserver$(EXEEXT) recv-announce$(EXEEXT) \ tests/testUfs$(EXEEXT) tests/testCoss$(EXEEXT) \ - tests/testNull$(EXEEXT) -noinst_PROGRAMS = cf_gen$(EXEEXT) ufsdump$(EXEEXT) + tests/testNull$(EXEEXT) ufsdump$(EXEEXT) +noinst_PROGRAMS = cf_gen$(EXEEXT) sbin_PROGRAMS = squid$(EXEEXT) bin_PROGRAMS = libexec_PROGRAMS = $(am__EXEEXT_1) $(DISK_PROGRAMS) $(am__EXEEXT_2)