From 991154a509a4770af60b4c8890a5bd3789dfad9f Mon Sep 17 00:00:00 2001 From: Amos Jeffries Date: Thu, 9 Oct 2025 18:35:58 +1300 Subject: [PATCH 1/3] Re-sync with v7 branch changes --- doc/release-notes/release-7.sgml.in | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/doc/release-notes/release-7.sgml.in b/doc/release-notes/release-7.sgml.in index ef5c2f68753..763c53de6e9 100644 --- a/doc/release-notes/release-7.sgml.in +++ b/doc/release-notes/release-7.sgml.in @@ -34,6 +34,7 @@ The Squid-@SQUID_RELEASE@ change history can be for details. + + client_ip_max_connections +

Fixed off-by-one enforcement. Squid now allows at most N + concurrent connections per client IP (not N+1), where N + is the configured directive value. Deployments that relied on the extra + connection should increase the configured limit by one to preserve + previous behavior. + dns_packet_max

Honor positive dns_packet_max values when sending DNS A queries and PTR queries containing IPv4 addresses. Prior to this change, Squid did @@ -287,6 +303,14 @@ This section gives an account of those changes in three categories:

+ --enable-auth-basic= +

Removed SMB_LM helper, in favour of the ntlm_auth + alternative offered by the Samba project. + + --enable-auth-ntlm= +

Removed SMB_LM helper, in favour of the ntlm_auth + alternative offered by the Samba project. + --disable-arch-native

The -march=native compiler option is no longer used by default. It is possible to enable it by using the From 0fccf857e137342444b603c1be521290d266f287 Mon Sep 17 00:00:00 2001 From: Amos Jeffries Date: Thu, 9 Oct 2025 18:57:42 +1300 Subject: [PATCH 2/3] Polish indentation, order, and some texts --- doc/release-notes/release-6.sgml.in | 11 +- doc/release-notes/release-7.sgml.in | 154 +++++++++++++--------------- doc/release-notes/release-8.sgml.in | 71 +++++-------- 3 files changed, 103 insertions(+), 133 deletions(-) diff --git a/doc/release-notes/release-6.sgml.in b/doc/release-notes/release-6.sgml.in index 364fdba59ea..faf7cda328b 100644 --- a/doc/release-notes/release-6.sgml.in +++ b/doc/release-notes/release-6.sgml.in @@ -16,18 +16,17 @@ This new release is available for download from . + .

Support for compiling on HPUX with the native HP xcc compiler has been removed. - To build on that OS/compiler combination, it is possible to pass these environment variables - to ./configure: CC="cxx -Ae" RANLIB=":" + To build on that OS/compiler combination, it is possible to pass these environment variables + to ./configure: CC="cxx -Ae" RANLIB=":"

This release adds a dependency on C++17 support in any compiler used to build Squid. - GCC 8+ and Clang 8+ support C++17. + GCC 8+ and Clang 8+ support C++17. Changes since earlier releases of Squid-@SQUID_RELEASE@ -

-The Squid-@SQUID_RELEASE@ change history can be . +

The Squid-@SQUID_RELEASE@ change history can be . Major new features since Squid-@SQUID_RELEASE_OLD@ diff --git a/doc/release-notes/release-7.sgml.in b/doc/release-notes/release-7.sgml.in index 763c53de6e9..95ccc76766a 100644 --- a/doc/release-notes/release-7.sgml.in +++ b/doc/release-notes/release-7.sgml.in @@ -18,11 +18,10 @@ This new release is available for download from . + . Changes since earlier releases of Squid-@SQUID_RELEASE@ -

-The Squid-@SQUID_RELEASE@ change history can be . +

The Squid-@SQUID_RELEASE@ change history can be . Major new features since Squid-@SQUID_RELEASE_OLD@ @@ -110,23 +109,22 @@ The Squid-@SQUID_RELEASE@ change history can be If necessary, an external ACL helper can be written to perform Ident transactions -and deliver the user identity to Squid through the **user=** annotation. + and deliver the user identity to Squid through the **user=** annotation. Helper changes

Removed basic_smb_lm_auth NTLM authentication helper. @@ -135,10 +133,15 @@ and deliver the user identity to Squid through the **user=** annotation.

Removed ntlm_smb_lm_auth NTLM authentication helper. Use the ntlm_auth helper from the Samba project instead. -Changes to squid.conf since Squid-@SQUID_RELEASE_OLD@ -

-This section gives an account of those changes in three categories: +

Removed -l option that enables ext_time_quota_acl + to log debug messages to a custom logfile, and their format has been + changed to be in line with Squid's cache.log format. + + + +Changes to squid.conf since Squid-@SQUID_RELEASE_OLD@ +

This section gives an account of those changes in three categories: @@ -156,6 +159,11 @@ This section gives an account of those changes in three categories: Changes to existing directives

+ access_log +

Built-in common and combined logformats now always + receive a dash character ("-") in the position of what used to be a + %ui record field. + acl

Changed src to detect and handle overlapping IP and IP-range values. Merging where necessary. @@ -184,57 +192,51 @@ This section gives an account of those changes in three categories:

Removed the non_peers action. See the Cache Manager for details. - client_ip_max_connections

Fixed off-by-one enforcement. Squid now allows at most N - concurrent connections per client IP (not N+1), where N - is the configured directive value. Deployments that relied on the extra - connection should increase the configured limit by one to preserve - previous behavior. + concurrent connections per client IP (not N+1), where N + is the configured directive value. Deployments that relied on the extra + connection should increase the configured limit by one to preserve + previous behavior. + + collapsed_forwarding +

Squid no longer revalidates responses to collapsed requests, treating + all such responses as fresh. This change follows IETF HTTP Working Group + advice (in an HTTP gray area) and prevents arguably excessive freshness + checks for responses to collapsed requests. This change does not prevent + freshness checks for responses that were, at the time of a hit request, + either fully cached or still receiving response body bytes. dns_packet_max

Honor positive dns_packet_max values when sending DNS A queries - and PTR queries containing IPv4 addresses. Prior to this change, Squid did - not add EDNS extension (RFC 6891) to those DNS queries because 2010 tests - revealed compatibility problems with some DNS resolvers. We hope that those - problems are now sufficiently rare to enable this useful optimization for - all DNS queries, as originally intended. Squid still sends EDNS extension - with DNS AAAA queries and PTR queries containing IPv6 addresses (when - dns_packet_max is set to a positive value). Rare deployments that must use - buggy DNS resolvers should not set dns_packet_max. - - access_log -

Built-in common and combined logformats now always - receive a dash character ("-") in the position of what used to be a - %ui record field. - - logformat -

Removed %ui format code with Ident protocol support. + and PTR queries containing IPv4 addresses. Prior to this change, Squid did + not add EDNS extension (RFC 6891) to those DNS queries because 2010 tests + revealed compatibility problems with some DNS resolvers. We hope that those + problems are now sufficiently rare to enable this useful optimization for + all DNS queries, as originally intended. Squid still sends EDNS extension + with DNS AAAA queries and PTR queries containing IPv6 addresses (when + dns_packet_max is set to a positive value). Rare deployments that must use + buggy DNS resolvers should not set dns_packet_max. external_acl_type

Removed %IDENT format code with Ident protocol support. - collapsed_forwarding -

Squid no longer revalidates responses to collapsed requests, treating - all such responses as fresh. This change follows IETF HTTP Working Group - advice (in an HTTP gray area) and prevents arguably excessive freshness - checks for responses to collapsed requests. This change does not prevent - freshness checks for responses that were, at the time of a hit request, - either fully cached or still receiving response body bytes. + logformat +

Removed %ui format code with Ident protocol support. quick_abort_pct

Instead of ignoring quick_abort_pct settings that would, - together with other conditions, abort a pending download of a 99-byte or - smaller response, Squid now honors quick_abort_pct for all - response sizes. Most Squids are not going to be affected by this change - because default quick_abort_min settings (16KB) prevent aborts of 99-byte - responses even before quick_abort_pct is checked. + together with other conditions, abort a pending download of a 99-byte or + smaller response, Squid now honors quick_abort_pct for all + response sizes. Most Squids are not going to be affected by this change + because default quick_abort_min settings (16KB) prevent aborts of 99-byte + responses even before quick_abort_pct is checked.

Due to conversion from integer to floating point math, this change may - affect responses larger than 99 bytes as well, but these effects ought to - be limited to cases where the decision is based on a tiny difference (e.g., - receiving 1% more bytes would have triggered full download). In most such - cases, the decision could probably go either way due to response header - size fluctuations anyway. + affect responses larger than 99 bytes as well, but these effects ought to + be limited to cases where the decision is based on a tiny difference (e.g., + receiving 1% more bytes would have triggered full download). In most such + cases, the decision could probably go either way due to response header + size fluctuations anyway. @@ -244,6 +246,12 @@ This section gives an account of those changes in three categories: esi_parser

Edge Side Includes (ESI) protocol is no longer supported natively. + ident_lookup_access +

Ident protocol is no longer supported natively. + + ident_timeout +

Ident protocol is no longer supported natively. + mcast_miss_addr

The corresponding code has not built for many years, indicating that the feature is unused. @@ -260,12 +268,6 @@ This section gives an account of those changes in three categories:

The corresponding code has not built for many years, indicating that the feature is unused. - ident_lookup_access -

Ident protocol is no longer supported natively. - - ident_timeout -

Ident protocol is no longer supported natively. - @@ -302,15 +304,6 @@ This section gives an account of those changes in three categories: Changes to existing options

- - --enable-auth-basic= -

Removed SMB_LM helper, in favour of the ntlm_auth - alternative offered by the Samba project. - - --enable-auth-ntlm= -

Removed SMB_LM helper, in favour of the ntlm_auth - alternative offered by the Samba project. - --disable-arch-native

The -march=native compiler option is no longer used by default. It is possible to enable it by using the @@ -321,12 +314,23 @@ This section gives an account of those changes in three categories: The symptom is crashes with "illegal instruction" errors. We do not recommend enabling this optimization in virtualized environments. + --enable-auth-basic= +

Removed SMB_LM helper, in favour of the ntlm_auth + alternative offered by the Samba project. + + --enable-auth-ntlm= +

Removed SMB_LM helper, in favour of the ntlm_auth + alternative offered by the Samba project. +

Removed options