Hello community,
here is the log from the commit of package squid3 for openSUSE:Factory checked in at 2011-12-25 17:41:42
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/squid3 (Old)
and /work/SRC/openSUSE:Factory/.squid3.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "squid3", Maintainer is "draht@suse.com"
Changes:
--------
--- /work/SRC/openSUSE:Factory/squid3/squid3.changes 2011-12-01 12:26:45.000000000 +0100
+++ /work/SRC/openSUSE:Factory/.squid3.new/squid3.changes 2011-12-25 17:42:04.000000000 +0100
@@ -1,0 +2,45 @@
+Wed Dec 21 12:12:09 UTC 2011 - chris@computersalat.de
+
+- fix for bnc#737905
+ * fix test EXPRESSION in post section
+
+-------------------------------------------------------------------
+Mon Dec 12 12:47:50 UTC 2011 - chris@computersalat.de
+
+- add upstream patches
+ * 3.1-10417: Polish: debug messages on swap.state rename failure
+ * 3.1-10418: Bug #3442: assertion failed: external_acl.cc:908:
+ ch->auth_user_request != NULL
+
+-------------------------------------------------------------------
+Wed Dec 7 22:33:43 UTC 2011 - chris@computersalat.de
+
+- fix build
+ * add upstream patches
+ - 3.1-10415: Portability: SSL library dependency fixes
+ - 3.1-10416: Bug #3440: compile error in Adaptation
+
+-------------------------------------------------------------------
+Mon Dec 5 09:21:26 UTC 2011 - chris@computersalat.de
+
+- update to 3.1.18
+ - Regression: compile error in FTP
+- Changes to squid-3.1.17 (03 Dec 2011):
+ - Bug 3432: Crash logging FTP errors
+ - Bug 3428: Active FTP data channel accepted twice
+ - Bug 3423: access violation in URL parser
+ - Bug 3422: Buffer overflow in recv-announce
+ - Bug 3412: External ACL Uses Invalid Cache Entry
+ - Bug 3408: Wrong header length leads to EFAULTs when creating UFS swap.log.new
+ - Bug 3398: persistent server connection closed after PUT/DELETE
+ - Bug 3299: dnsserver: various undefined references
+ - Bug 3077: '\' in url query strings cause Digest authentication to fail
+ - Bug 2910: MemBuf may grow beyond max_capacity
+ - Bug 2619: Excessive RAM growth due to unlimited adapted body data consumption
+ - Bug 1243: Build overrides configured AR setting
+ - Avoid crashes when processing bad X509 common names (CN).
+ - Support %% in external ACL format
+ - ... and several other compile error fixes
+ - ... and several documentation fixes
+
+-------------------------------------------------------------------
Old:
----
squid-3.1.16.tar.bz2
New:
----
squid-3.1-10415.patch
squid-3.1-10416.patch
squid-3.1-10417.patch
squid-3.1-10418.patch
squid-3.1.18.tar.bz2
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ squid3.spec ++++++
--- /var/tmp/diff_new_pack.8zD9qN/_old 2011-12-25 17:42:08.000000000 +0100
+++ /var/tmp/diff_new_pack.8zD9qN/_new 2011-12-25 17:42:08.000000000 +0100
@@ -21,10 +21,10 @@
Name: squid3
Summary: Squid Version 3 WWW Proxy Server
-Version: 3.1.16
-Release: 1
License: GPL-2.0+
Group: Productivity/Networking/Web/Proxy
+Version: 3.1.18
+Release: 0
Url: http://www.squid-cache.org/Versions/v3
Source0: http://www.squid-cache.org/Versions/v3/3.1/squid-%{version}.tar.bz2
#%define squid_ldapauth_version 1.3
@@ -46,7 +46,14 @@
# please read every file if there is interest about what the patch changes
# or just visit: http://www.squid-cache.org/Versions/v3/3.0/changesets/
#
-#Patch0: http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10319.patch
+# Bug #3440: compile error in Adaptation
+Patch0: http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10415.patch
+# Portability: SSL library dependency fixes
+Patch1: http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10416.patch
+# Polish: debug messages on swap.state rename failure
+Patch2: http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10417.patch
+# Bug #3442: assertion failed: external_acl.cc:908: ch->auth_user_request != NULL
+Patch3: http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10418.patch
#
# some useful defaults for squid
Patch100: squid-3.1.12-config.patch
@@ -126,7 +133,10 @@
%setup -q -n squid-%{version}
cp %{SOURCE10} .
# upstream patches after RELEASE
-#patch0 -p0
+%patch0 -p0
+%patch1 -p0
+%patch2 -p0
+%patch3 -p0
##### other patches
%patch100 -p1
%if 0%{?suse_version} > 1010
@@ -302,7 +312,7 @@
%endif
%run_permissions
# update mode?
-if [ "$1" > "1" ]; then
+if [ "$1" -gt "1" ]; then
if [ -e etc/squid.conf -a ! -L etc/squid.conf -a ! -e etc/squid/squid.conf ]; then
echo "moving /etc/squid.conf to /etc/squid/squid.conf"
mv etc/squid.conf etc/squid/squid.conf
++++++ RELEASENOTES.html ++++++
--- /var/tmp/diff_new_pack.8zD9qN/_old 2011-12-25 17:42:08.000000000 +0100
+++ /var/tmp/diff_new_pack.8zD9qN/_new 2011-12-25 17:42:08.000000000 +0100
@@ -2,10 +2,10 @@
<HTML>
<HEAD>
<META NAME="GENERATOR" CONTENT="LinuxDoc-Tools 0.9.66">
- <TITLE>Squid 3.1.16 release notes</TITLE>
+ <TITLE>Squid 3.1.18 release notes</TITLE>
</HEAD>
<BODY>
-<H1>Squid 3.1.16 release notes</H1>
+<H1>Squid 3.1.18 release notes</H1>
<H2>Squid Developers</H2>
<HR>
@@ -71,7 +71,7 @@
<HR>
<H2><A NAME="s1">1.</A> <A HREF="#toc1">Notice</A></H2>
-<P>The Squid Team are pleased to announce the release of Squid-3.1.16</P>
+<P>The Squid Team are pleased to announce the release of Squid-3.1.18</P>
<P>This new release is available for download from
<A HREF="http://www.squid-cache.org/Versions/v3/3.1/">http://www.squid-cache.org/Versions/v3/3.1/</A> or the
<A HREF="http://www.squid-cache.org/Mirrors/http-mirrors.html">mirrors</A>.</P>
@@ -693,6 +693,10 @@
</PRE>
</P>
+<DT><B>client_request_buffer_max_size</B><DD>
+<P>New directive added with squid-3.1.10 to set limits on the amount of buffer space allocated
+for receiving upload and request data from clients.</P>
+
<DT><B>delay_pool_uses_indirect_client</B><DD>
<P>Whether to use any result found by follow_x_forwarded_for in delay_pool assignment.
Default: ON
@@ -704,10 +708,6 @@
</PRE>
</P>
-<DT><B>client_request_buffer_max_size</B><DD>
-<P>New directive added with squid-3.1.10 to set limits on the amount of buffer space allocated
-for receiving upload and request data from clients.</P>
-
<DT><B>dns_v4_fallback</B><DD>
<P>New option to prevent Squid from always looking up IPv4 regardless of whether IPv6 addresses are found.
Squid will follow a policy of prefering IPv6 links, keeping the IPv4 only as a safety net behind IPv6.
@@ -856,28 +856,6 @@
<P>Controls how many different forward paths Squid will try
before giving up. Default: 10</P>
-<DT><B>reply_header_replace</B><DD>
-<P>This option allows you to change the contents of reply headers.
-<PRE>
- In Squid 2 header_replace (now deprecated) worked for both requests
- and replies, while in Squid 3 it only did respect request headers.
- This option brings back the functionality to replace the contents of
- reply headers. Consult the documentation for usage details.
-
-</PRE>
-</P>
-
-<DT><B>request_header_replace</B><DD>
-<P>This option allows you to change the contents of request headers.
-<PRE>
- To be consistent with the naming changes of header_access in Squid 3
- (header_access has been split into two options request_header_access
- and reply_header_access), header_replace (now deprecated) is being
- replaced by request_header_replace.
-
-</PRE>
-</P>
-
<DT><B>icap_log</B><DD>
<P>New option to write ICAP log files record ICAP transaction summaries, one line per
transaction. Similar to access.log.
@@ -1056,6 +1034,71 @@
</PRE>
</P>
+<DT><B>qos_flows local-hit= sibling-hit= parent-hit=</B><DD>
+<P>
+<PRE>
+ Allows you to select a TOS/DSCP value to mark outgoing
+ connections with, based on where the reply was sourced.
+
+ TOS values really only have local significance - so you should
+ know what you're specifying. For more information, see RFC2474,
+ RFC2475, and RFC3260.
+
+ The TOS/DSCP byte must be exactly that - octet value 0x00-0xFF.
+ Note that in practice often only values up to 0x3F are usable
+ as the two highest bits have been redefined for use by ECN
+ (RFC3168).
+
+ This setting is configured by setting the source TOS values:
+
+ local-hit=0xFF Value to mark local cache hits.
+
+ sibling-hit=0xFF Value to mark hits from sibling peers.
+
+ parent-hit=0xFF Value to mark hits from parent peers.
+
+
+ NOTE: 'miss' preserve feature is only possible on Linux at this time.
+
+ For the following to work correctly, you will need to patch your
+ linux kernel with the TOS preserving ZPH patch.
+ The kernel patch can be downloaded from http://zph.bratcheda.org
+
+ disable-preserve-miss
+ If set, any HTTP response towards clients will
+ have the TOS value of the response comming from the
+ remote server masked with the value of miss-mask.
+ miss-mask=0xFF
+ Allows you to mask certain bits in the TOS received from the
+ remote server, before copying the value to the TOS sent
+ towards clients.
+ Default: 0xFF (TOS from server is not changed).
+
+</PRE>
+</P>
+
+<DT><B>reply_header_replace</B><DD>
+<P>This option allows you to change the contents of reply headers.
+<PRE>
+ In Squid 2 header_replace (now deprecated) worked for both requests
+ and replies, while in Squid 3 it only did respect request headers.
+ This option brings back the functionality to replace the contents of
+ reply headers. Consult the documentation for usage details.
+
+</PRE>
+</P>
+
+<DT><B>request_header_replace</B><DD>
+<P>This option allows you to change the contents of request headers.
+<PRE>
+ To be consistent with the naming changes of header_access in Squid 3
+ (header_access has been split into two options request_header_access
+ and reply_header_access), header_replace (now deprecated) is being
+ replaced by request_header_replace.
+
+</PRE>
+</P>
+
<DT><B>ssl_bump</B><DD>
<P>New Access control for which CONNECT requests to an http_port
marked with an ssl-bump flag are actually "bumped". Please
@@ -1106,49 +1149,6 @@
</PRE>
</P>
-<DT><B>qos_flows local-hit= sibling-hit= parent-hit=</B><DD>
-<P>
-<PRE>
- Allows you to select a TOS/DSCP value to mark outgoing
- connections with, based on where the reply was sourced.
-
- TOS values really only have local significance - so you should
- know what you're specifying. For more information, see RFC2474,
- RFC2475, and RFC3260.
-
- The TOS/DSCP byte must be exactly that - octet value 0x00-0xFF.
- Note that in practice often only values up to 0x3F are usable
- as the two highest bits have been redefined for use by ECN
- (RFC3168).
-
- This setting is configured by setting the source TOS values:
-
- local-hit=0xFF Value to mark local cache hits.
-
- sibling-hit=0xFF Value to mark hits from sibling peers.
-
- parent-hit=0xFF Value to mark hits from parent peers.
-
-
- NOTE: 'miss' preserve feature is only possible on Linux at this time.
-
- For the following to work correctly, you will need to patch your
- linux kernel with the TOS preserving ZPH patch.
- The kernel patch can be downloaded from http://zph.bratcheda.org
-
- disable-preserve-miss
- If set, any HTTP response towards clients will
- have the TOS value of the response comming from the
- remote server masked with the value of miss-mask.
- miss-mask=0xFF
- Allows you to mask certain bits in the TOS received from the
- remote server, before copying the value to the TOS sent
- towards clients.
- Default: 0xFF (TOS from server is not changed).
-
-</PRE>
-</P>
-
</DL>
</P>
@@ -1257,6 +1257,12 @@
<DT><B>cache_store_log</B><DD>
<P>Default changed to OFF. Matching long-standing developer recommendations.</P>
+<DT><B>debug_options rotate=</B><DD>
+<P>New parameter rotate=N to control number of cache.log rotations independent of other logs.</P>
+
+<DT><B>deny_info</B><DD>
+<P>Support 307 status for redirecting CONNECT tunnels with HTTPS traffic.</P>
+
<DT><B>error_directory</B><DD>
<P>Now an optional entry in squid.conf. If present it will force all visitors to receive the error pages
contained in the directory it points at. If absent, error page localization will be given a chance.
@@ -1272,21 +1278,14 @@
</PRE>
</P>
-<DT><B>debug_options rotate=</B><DD>
-<P>New parameter rotate=N to control number of cache.log rotations independent of other logs.</P>
-
-<DT><B>deny_info</B><DD>
-<P>Support 307 status for redirecting CONNECT tunnels with HTTPS traffic.</P>
-
<DT><B>external_acl_type</B><DD>
<P>New options 'ipv4' and 'ipv6' are added to set the IPv4/v6 protocol between Squid and its helpers.
-Please be aware of some limits to these options. These options only affet the transport protocol used
-to send data to and from the helpers. Squid in IPv6-mode may still send %SRC addresses in IPv4 or IPv6
+Please be aware of some limits to these options. These options only affect the transport protocol used
+to send data to and from the helpers. IPv6 enabled Squid will still send %SRC addresses in IPv4 or IPv6
format, so all helpers will need to be checked and converted to cope with such information cleanly.
<PRE>
- ipv4 / ipv6 IP-mode used to communicate to this helper.
- For compatability with older configurations and helpers
- the default is 'ipv4'.
+ ipv4 / ipv6 IP transport used to communicate to this helper over localhost.
+ For compatability with systems lacking IPv6 support in the system kernel the default is 'ipv4'.
</PRE>
</P>
@@ -1303,6 +1302,7 @@
%<{Hdr:;member} HTTP reply header list member using ; as
list separator. ; can be any non-alphanumeric
character.
+ %% The percent symbol (available from 3.1.17)
</PRE>
</P>
++++++ squid-3.1-10415.patch ++++++
------------------------------------------------------------
revno: 10415
revision-id: squid3@treenet.co.nz-20111206123135-sm3zauds1twjh9ls
parent: squid3@treenet.co.nz-20111203061825-aslncq2igkzd88hy
fixes bug(s): http://bugs.squid-cache.org/show_bug.cgi?id=3440
author: Joshua Root
committer: Amos Jeffries
branch nick: SQUID_3_1
timestamp: Tue 2011-12-06 05:31:35 -0700
message:
Bug 3440: compile error in Adaptation
------------------------------------------------------------
# Bazaar merge directive format 2 (Bazaar 0.90)
# revision_id: squid3@treenet.co.nz-20111206123135-sm3zauds1twjh9ls
# target_branch: http://bzr.squid-cache.org/bzr/squid3/branches\
# /SQUID_3_1/
# testament_sha1: 42421665894427e4edfaa3f8bfcee9a9a3ce9dab
# timestamp: 2011-12-06 12:33:05 +0000
# source_branch: http://bzr.squid-cache.org/bzr/squid3/branches\
# /SQUID_3_1
# base_revision_id: squid3@treenet.co.nz-20111203061825-\
# aslncq2igkzd88hy
#
# Begin patch
=== modified file 'src/Store.h'
--- src/Store.h 2011-12-02 12:17:07 +0000
+++ src/Store.h 2011-12-06 12:31:35 +0000
@@ -191,7 +191,7 @@
#if USE_ADAPTATION
/// call back producer when more buffer space is available
- void deferProducer(const AsyncCall::Pointer &producer);
+ void deferProducer(AsyncCall::Pointer &producer);
/// calls back producer registered with deferProducer
void kickProducer();
#endif
=== modified file 'src/store.cc'
--- src/store.cc 2011-12-02 12:17:07 +0000
+++ src/store.cc 2011-12-06 12:31:35 +0000
@@ -368,7 +368,7 @@
#if USE_ADAPTATION
void
-StoreEntry::deferProducer(const AsyncCall::Pointer &producer)
+StoreEntry::deferProducer(AsyncCall::Pointer &producer)
{
if (!deferredProducer)
deferredProducer = producer;
++++++ squid-3.1-10416.patch ++++++
------------------------------------------------------------
revno: 10416
revision-id: squid3@treenet.co.nz-20111207120420-s5fxwu1qjdq8r83g
parent: squid3@treenet.co.nz-20111206123135-sm3zauds1twjh9ls
author: Victor Jose Hernandez Gomez
committer: Amos Jeffries
branch nick: SQUID_3_1
timestamp: Wed 2011-12-07 05:04:20 -0700
message:
Portability: SSL library dependency fixes
This displays as many 'undefined reference to' on various X509_* objects.
Correct the library linkage order such that our local library links first
and gets visibility of the OpenSSL library definitions.
------------------------------------------------------------
# Bazaar merge directive format 2 (Bazaar 0.90)
# revision_id: squid3@treenet.co.nz-20111207120420-s5fxwu1qjdq8r83g
# target_branch: http://bzr.squid-cache.org/bzr/squid3/branches\
# /SQUID_3_1/
# testament_sha1: 9b595e2d8dda4cb83ac4898e8da2627ecdc5b442
# timestamp: 2011-12-07 12:53:52 +0000
# source_branch: http://bzr.squid-cache.org/bzr/squid3/branches\
# /SQUID_3_1
# base_revision_id: squid3@treenet.co.nz-20111206123135-\
# sm3zauds1twjh9ls
#
# Begin patch
=== modified file 'src/Makefile.am'
--- src/Makefile.am 2011-12-02 12:37:09 +0000
+++ src/Makefile.am 2011-12-07 12:04:20 +0000
@@ -531,8 +531,8 @@
$(SNMPLIB) \
${ADAPTATION_LIBS} \
$(ESI_LIBS) \
+ $(SSL_LIBS) \
$(SSLLIB) \
- $(SSL_LIBS) \
-lmiscutil \
$(EPOLL_LIBS) \
$(MINGW_LIBS) \
@@ -1203,8 +1203,8 @@
-L../lib -lmiscutil \
$(SQUID_CPPUNIT_LIBS) \
$(SQUID_CPPUNIT_LA) \
+ $(SSL_LIBS) \
$(SSLLIB) \
- $(SSL_LIBS) \
$(XTRA_LIBS)
tests_testCacheManager_LDFLAGS = $(LIBADD_DL)
tests_testCacheManager_DEPENDENCIES = $(top_builddir)/lib/libmiscutil.a \
@@ -1379,8 +1379,8 @@
-L../lib -lmiscutil \
$(SQUID_CPPUNIT_LIBS) \
$(SQUID_CPPUNIT_LA) \
+ $(SSL_LIBS) \
$(SSLLIB) \
- $(SSL_LIBS) \
$(XTRA_LIBS)
tests_testEvent_LDFLAGS = $(LIBADD_DL)
tests_testEvent_DEPENDENCIES = $(top_builddir)/lib/libmiscutil.a \
@@ -1530,8 +1530,8 @@
-L../lib -lmiscutil \
$(SQUID_CPPUNIT_LIBS) \
$(SQUID_CPPUNIT_LA) \
+ $(SSL_LIBS) \
$(SSLLIB) \
- $(SSL_LIBS) \
$(XTRA_LIBS)
tests_testEventLoop_LDFLAGS = $(LIBADD_DL)
tests_testEventLoop_DEPENDENCIES = $(top_builddir)/lib/libmiscutil.a \
@@ -1676,8 +1676,8 @@
-L../lib -lmiscutil \
$(SQUID_CPPUNIT_LIBS) \
$(SQUID_CPPUNIT_LA) \
+ $(SSL_LIBS) \
$(SSLLIB) \
- $(SSL_LIBS) \
$(XTRA_LIBS)
tests_test_http_range_LDFLAGS = $(LIBADD_DL)
tests_test_http_range_DEPENDENCIES = \
@@ -1827,8 +1827,8 @@
-L../lib -lmiscutil \
$(SQUID_CPPUNIT_LIBS) \
$(SQUID_CPPUNIT_LA) \
+ $(SSL_LIBS) \
$(SSLLIB) \
- $(SSL_LIBS) \
$(XTRA_LIBS)
tests_testHttpRequest_LDFLAGS = $(LIBADD_DL)
tests_testHttpRequest_DEPENDENCIES = $(top_builddir)/lib/libmiscutil.a \
@@ -2262,8 +2262,8 @@
-L../lib -lmiscutil \
$(SQUID_CPPUNIT_LIBS) \
$(SQUID_CPPUNIT_LA) \
+ $(SSL_LIBS) \
$(SSLLIB) \
- $(SSL_LIBS) \
$(XTRA_LIBS)
tests_testURL_LDFLAGS = $(LIBADD_DL)
tests_testURL_DEPENDENCIES = $(top_builddir)/lib/libmiscutil.a \
++++++ squid-3.1-10417.patch ++++++
------------------------------------------------------------
revno: 10417
revision-id: squid3@treenet.co.nz-20111208111132-1gotx3bqkyq20w0h
parent: squid3@treenet.co.nz-20111207120420-s5fxwu1qjdq8r83g
committer: Amos Jeffries
branch nick: SQUID_3_1
timestamp: Thu 2011-12-08 04:11:32 -0700
message:
Polish: debug messages on swap.state rename failure
------------------------------------------------------------
# Bazaar merge directive format 2 (Bazaar 0.90)
# revision_id: squid3@treenet.co.nz-20111208111132-1gotx3bqkyq20w0h
# target_branch: http://bzr.squid-cache.org/bzr/squid3/branches\
# /SQUID_3_1/
# testament_sha1: e34bc4b682d0144465bb17da61ecd4a679a7420c
# timestamp: 2011-12-08 11:20:56 +0000
# source_branch: http://bzr.squid-cache.org/bzr/squid3/branches\
# /SQUID_3_1
# base_revision_id: squid3@treenet.co.nz-20111207120420-\
# s5fxwu1qjdq8r83g
#
# Begin patch
=== modified file 'src/fs/ufs/store_dir_ufs.cc'
--- src/fs/ufs/store_dir_ufs.cc 2011-11-17 09:40:29 +0000
+++ src/fs/ufs/store_dir_ufs.cc 2011-12-08 11:11:32 +0000
@@ -733,14 +733,15 @@
file_close(swaplog_fd);
if (xrename(new_path, swaplog_path) < 0) {
- fatal("commonUfsDirCloseTmpSwapLog: rename failed");
+ debugs(50, DBG_IMPORTANT, "ERROR: " << swaplog_path << ": " << xstrerror());
+ fatalf("Failed to rename log file %s to %s.new", swaplog_path, swaplog_path);
}
fd = file_open(swaplog_path, O_WRONLY | O_CREAT | O_BINARY);
if (fd < 0) {
- debugs(50, 1, "" << swaplog_path << ": " << xstrerror());
- fatal("commonUfsDirCloseTmpSwapLog: Failed to open swap log.");
+ debugs(50, DBG_IMPORTANT, "ERROR: " << swaplog_path << ": " << xstrerror());
+ fatalf("Failed to open swap log %s", swaplog_path);
}
safe_free(swaplog_path);
++++++ squid-3.1-10418.patch ++++++
------------------------------------------------------------
revno: 10418
revision-id: squid3@treenet.co.nz-20111208111329-4p5ugr1bj8lxdd8i
parent: squid3@treenet.co.nz-20111208111132-1gotx3bqkyq20w0h
fixes bug(s): http://bugs.squid-cache.org/show_bug.cgi?id=3442
committer: Amos Jeffries
branch nick: SQUID_3_1
timestamp: Thu 2011-12-08 04:13:29 -0700
message:
Bug 3442: assertion failed: external_acl.cc:908: ch->auth_user_request != NULL
External ACL sometimes cannot find the credentials in ACL Checklist even
if they are attached to the HTTPRequest object.
This seems to happen when the checklist is created and the line match
started before the credentials are known. The credentials validation
updates the HTTP request state but is not aware of ACL checklists needing
to be updated so it never happens.
This patch:
* locate the %LOGIN value from either place where credentials can be found,
* updates the checklist if it was unset,
* passes '-' to the helper if no credentials at all were given.
Although the earlier logics forcing a lookup means this '-' case should
not happen it might if the external ACL were processed in 'fast' check.
------------------------------------------------------------
# Bazaar merge directive format 2 (Bazaar 0.90)
# revision_id: squid3@treenet.co.nz-20111208111329-4p5ugr1bj8lxdd8i
# target_branch: http://bzr.squid-cache.org/bzr/squid3/branches\
# /SQUID_3_1/
# testament_sha1: c22dec8f9d72f3dbbde84accbd66f86e455c448f
# timestamp: 2011-12-08 11:21:07 +0000
# source_branch: http://bzr.squid-cache.org/bzr/squid3/branches\
# /SQUID_3_1
# base_revision_id: squid3@treenet.co.nz-20111208111132-\
# 1gotx3bqkyq20w0h
#
# Begin patch
=== modified file 'src/external_acl.cc'
--- src/external_acl.cc 2011-12-02 08:28:17 +0000
+++ src/external_acl.cc 2011-12-08 11:13:29 +0000
@@ -838,8 +838,13 @@
switch (format->type) {
case _external_acl_format::EXT_ACL_LOGIN:
- assert (ch->auth_user_request);
- str = ch->auth_user_request->username();
+ // if this ACL line was the cause of credentials fetch
+ // they may not already be in the checklist
+ if (ch->auth_user_request == NULL && ch->request)
+ ch->auth_user_request = ch->request->auth_user_request;
+
+ if (ch->auth_user_request != NULL)
+ str = ch->auth_user_request->username();
break;
#if USE_IDENT
++++++ squid-3.1.16.tar.bz2 -> squid-3.1.18.tar.bz2 ++++++
++++ 1654 lines of diff (skipped)
++++ retrying with extended exclude list
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/squid-3.1.16/ChangeLog new/squid-3.1.18/ChangeLog
--- old/squid-3.1.16/ChangeLog 2011-10-13 10:30:05.000000000 +0200
+++ new/squid-3.1.18/ChangeLog 2011-12-03 07:18:46.000000000 +0100
@@ -1,3 +1,26 @@
+Changes to squid-3.1.18 (03 Dec 2011):
+
+ - Regression: compile error in FTP
+
+Changes to squid-3.1.17 (03 Dec 2011):
+
+ - Bug 3432: Crash logging FTP errors
+ - Bug 3428: Active FTP data channel accepted twice
+ - Bug 3423: access violation in URL parser
+ - Bug 3422: Buffer overflow in recv-announce
+ - Bug 3412: External ACL Uses Invalid Cache Entry
+ - Bug 3408: Wrong header length leads to EFAULTs when creating UFS swap.log.new
+ - Bug 3398: persistent server connection closed after PUT/DELETE
+ - Bug 3299: dnsserver: various undefined references
+ - Bug 3077: '\' in url query strings cause Digest authentication to fail
+ - Bug 2910: MemBuf may grow beyond max_capacity
+ - Bug 2619: Excessive RAM growth due to unlimited adapted body data consumption
+ - Bug 1243: Build overrides configured AR setting
+ - Avoid crashes when processing bad X509 common names (CN).
+ - Support %% in external ACL format
+ - ... and several other compile error fixes
+ - ... and several documentation fixes
+
Changes to squid-3.1.16 (14 Oct 2011):
- Bug 3373: invalid URL in ERR_CACHE_ACCESS_DENIED
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/squid-3.1.16/RELEASENOTES.html new/squid-3.1.18/RELEASENOTES.html
--- old/squid-3.1.16/RELEASENOTES.html 2011-10-13 12:22:28.000000000 +0200
+++ new/squid-3.1.18/RELEASENOTES.html 2011-12-03 08:05:31.000000000 +0100
@@ -2,10 +2,10 @@
<HTML>
<HEAD>
<META NAME="GENERATOR" CONTENT="LinuxDoc-Tools 0.9.66">
- <TITLE>Squid 3.1.16 release notes</TITLE>
+ <TITLE>Squid 3.1.18 release notes</TITLE>
</HEAD>
<BODY>
-<H1>Squid 3.1.16 release notes</H1>
+<H1>Squid 3.1.18 release notes</H1>
<H2>Squid Developers</H2>
<HR>
@@ -71,7 +71,7 @@
<HR>
<H2><A NAME="s1">1.</A> <A HREF="#toc1">Notice</A></H2>
-<P>The Squid Team are pleased to announce the release of Squid-3.1.16</P>
+<P>The Squid Team are pleased to announce the release of Squid-3.1.18</P>
<P>This new release is available for download from
<A HREF="http://www.squid-cache.org/Versions/v3/3.1/">http://www.squid-cache.org/Versions/v3/3.1/</A> or the
<A HREF="http://www.squid-cache.org/Mirrors/http-mirrors.html">mirrors</A>.</P>
@@ -693,6 +693,10 @@
</PRE>
</P>
+<DT><B>client_request_buffer_max_size</B><DD>
+<P>New directive added with squid-3.1.10 to set limits on the amount of buffer space allocated
+for receiving upload and request data from clients.</P>
+
<DT><B>delay_pool_uses_indirect_client</B><DD>
<P>Whether to use any result found by follow_x_forwarded_for in delay_pool assignment.
Default: ON
@@ -704,10 +708,6 @@
</PRE>
</P>
-<DT><B>client_request_buffer_max_size</B><DD>
-<P>New directive added with squid-3.1.10 to set limits on the amount of buffer space allocated
-for receiving upload and request data from clients.</P>
-
<DT><B>dns_v4_fallback</B><DD>
<P>New option to prevent Squid from always looking up IPv4 regardless of whether IPv6 addresses are found.
Squid will follow a policy of prefering IPv6 links, keeping the IPv4 only as a safety net behind IPv6.
@@ -856,28 +856,6 @@
<P>Controls how many different forward paths Squid will try
before giving up. Default: 10</P>
-<DT><B>reply_header_replace</B><DD>
-<P>This option allows you to change the contents of reply headers.
-<PRE>
- In Squid 2 header_replace (now deprecated) worked for both requests
- and replies, while in Squid 3 it only did respect request headers.
- This option brings back the functionality to replace the contents of
- reply headers. Consult the documentation for usage details.
-
-</PRE>
-</P>
-
-<DT><B>request_header_replace</B><DD>
-<P>This option allows you to change the contents of request headers.
-<PRE>
- To be consistent with the naming changes of header_access in Squid 3
- (header_access has been split into two options request_header_access
- and reply_header_access), header_replace (now deprecated) is being
- replaced by request_header_replace.
-
-</PRE>
-</P>
-
<DT><B>icap_log</B><DD>
<P>New option to write ICAP log files record ICAP transaction summaries, one line per
transaction. Similar to access.log.
@@ -1056,6 +1034,71 @@
</PRE>
</P>
+<DT><B>qos_flows local-hit= sibling-hit= parent-hit=</B><DD>
+<P>
+<PRE>
+ Allows you to select a TOS/DSCP value to mark outgoing
+ connections with, based on where the reply was sourced.
+
+ TOS values really only have local significance - so you should
+ know what you're specifying. For more information, see RFC2474,
+ RFC2475, and RFC3260.
+
+ The TOS/DSCP byte must be exactly that - octet value 0x00-0xFF.
+ Note that in practice often only values up to 0x3F are usable
+ as the two highest bits have been redefined for use by ECN
+ (RFC3168).
+
+ This setting is configured by setting the source TOS values:
+
+ local-hit=0xFF Value to mark local cache hits.
+
+ sibling-hit=0xFF Value to mark hits from sibling peers.
+
+ parent-hit=0xFF Value to mark hits from parent peers.
+
+
+ NOTE: 'miss' preserve feature is only possible on Linux at this time.
+
+ For the following to work correctly, you will need to patch your
+ linux kernel with the TOS preserving ZPH patch.
+ The kernel patch can be downloaded from http://zph.bratcheda.org
+
+ disable-preserve-miss
+ If set, any HTTP response towards clients will
+ have the TOS value of the response comming from the
+ remote server masked with the value of miss-mask.
+ miss-mask=0xFF
+ Allows you to mask certain bits in the TOS received from the
+ remote server, before copying the value to the TOS sent
+ towards clients.
+ Default: 0xFF (TOS from server is not changed).
+
+</PRE>
+</P>
+
+<DT><B>reply_header_replace</B><DD>
+<P>This option allows you to change the contents of reply headers.
+<PRE>
+ In Squid 2 header_replace (now deprecated) worked for both requests
+ and replies, while in Squid 3 it only did respect request headers.
+ This option brings back the functionality to replace the contents of
+ reply headers. Consult the documentation for usage details.
+
+</PRE>
+</P>
+
+<DT><B>request_header_replace</B><DD>
+<P>This option allows you to change the contents of request headers.
+<PRE>
+ To be consistent with the naming changes of header_access in Squid 3
+ (header_access has been split into two options request_header_access
+ and reply_header_access), header_replace (now deprecated) is being
+ replaced by request_header_replace.
+
+</PRE>
+</P>
+
<DT><B>ssl_bump</B><DD>
<P>New Access control for which CONNECT requests to an http_port
marked with an ssl-bump flag are actually "bumped". Please
@@ -1106,49 +1149,6 @@
</PRE>
</P>
-<DT><B>qos_flows local-hit= sibling-hit= parent-hit=</B><DD>
-<P>
-<PRE>
- Allows you to select a TOS/DSCP value to mark outgoing
- connections with, based on where the reply was sourced.
-
- TOS values really only have local significance - so you should
- know what you're specifying. For more information, see RFC2474,
- RFC2475, and RFC3260.
-
- The TOS/DSCP byte must be exactly that - octet value 0x00-0xFF.
- Note that in practice often only values up to 0x3F are usable
- as the two highest bits have been redefined for use by ECN
- (RFC3168).
-
- This setting is configured by setting the source TOS values:
-
- local-hit=0xFF Value to mark local cache hits.
-
- sibling-hit=0xFF Value to mark hits from sibling peers.
-
- parent-hit=0xFF Value to mark hits from parent peers.
-
-
- NOTE: 'miss' preserve feature is only possible on Linux at this time.
-
- For the following to work correctly, you will need to patch your
- linux kernel with the TOS preserving ZPH patch.
- The kernel patch can be downloaded from http://zph.bratcheda.org
-
- disable-preserve-miss
- If set, any HTTP response towards clients will
- have the TOS value of the response comming from the
- remote server masked with the value of miss-mask.
- miss-mask=0xFF
- Allows you to mask certain bits in the TOS received from the
- remote server, before copying the value to the TOS sent
- towards clients.
- Default: 0xFF (TOS from server is not changed).
-
-</PRE>
-</P>
-
</DL>
</P>
@@ -1257,6 +1257,12 @@
<DT><B>cache_store_log</B><DD>
<P>Default changed to OFF. Matching long-standing developer recommendations.</P>
+<DT><B>debug_options rotate=</B><DD>
+<P>New parameter rotate=N to control number of cache.log rotations independent of other logs.</P>
+
+<DT><B>deny_info</B><DD>
+<P>Support 307 status for redirecting CONNECT tunnels with HTTPS traffic.</P>
+
<DT><B>error_directory</B><DD>
<P>Now an optional entry in squid.conf. If present it will force all visitors to receive the error pages
contained in the directory it points at. If absent, error page localization will be given a chance.
@@ -1272,21 +1278,14 @@
</PRE>
</P>
-<DT><B>debug_options rotate=</B><DD>
-<P>New parameter rotate=N to control number of cache.log rotations independent of other logs.</P>
-
-<DT><B>deny_info</B><DD>
-<P>Support 307 status for redirecting CONNECT tunnels with HTTPS traffic.</P>
-
<DT><B>external_acl_type</B><DD>
<P>New options 'ipv4' and 'ipv6' are added to set the IPv4/v6 protocol between Squid and its helpers.
-Please be aware of some limits to these options. These options only affet the transport protocol used
-to send data to and from the helpers. Squid in IPv6-mode may still send %SRC addresses in IPv4 or IPv6
+Please be aware of some limits to these options. These options only affect the transport protocol used
+to send data to and from the helpers. IPv6 enabled Squid will still send %SRC addresses in IPv4 or IPv6
format, so all helpers will need to be checked and converted to cope with such information cleanly.
<PRE>
- ipv4 / ipv6 IP-mode used to communicate to this helper.
- For compatability with older configurations and helpers
- the default is 'ipv4'.
+ ipv4 / ipv6 IP transport used to communicate to this helper over localhost.
+ For compatability with systems lacking IPv6 support in the system kernel the default is 'ipv4'.
</PRE>
</P>
@@ -1303,6 +1302,7 @@
%<{Hdr:;member} HTTP reply header list member using ; as
list separator. ; can be any non-alphanumeric
character.
+ %% The percent symbol (available from 3.1.17)
</PRE>
</P>
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/squid-3.1.16/compat/stdvarargs.h new/squid-3.1.18/compat/stdvarargs.h
--- old/squid-3.1.16/compat/stdvarargs.h 2011-10-13 10:30:05.000000000 +0200
+++ new/squid-3.1.18/compat/stdvarargs.h 2011-12-03 07:18:46.000000000 +0100
@@ -7,28 +7,35 @@
/*
* va_* variables come from various places on different platforms.
- * We provide a clean set of wrappers for the variosu operations
+ * We provide a clean set of wrappers for the various operations
* Depending on what is available and needed.
*/
-#if defined(HAVE_STDARG_H)
+#if HAVE_CSTDARG && defined(__cplusplus)
+#include <cstdarg>
+
+#else
+#if HAVE_STDARG_H
#include
#define HAVE_STDARGS /* let's hope that works everywhere (mj) */
#define VA_LOCAL_DECL va_list ap;
#define VA_START(f) va_start(ap, f)
#define VA_SHIFT(v,t) ; /* no-op for ANSI */
#define VA_END va_end(ap)
+
#else
-#if defined(HAVE_VARARGS_H)
+#if HAVE_VARARGS_H
#include
#undef HAVE_STDARGS
#define VA_LOCAL_DECL va_list ap;
#define VA_START(f) va_start(ap) /* f is ignored! */
#define VA_SHIFT(v,t) v = va_arg(ap,t)
#define VA_END va_end(ap)
+
#else
#error XX **NO VARARGS ** XX
-#endif
-#endif
+#endif /* HAVE_VARARGS_H */
+#endif /* HAVE_STDARG_H */
+#endif /* HAVE_CSTDARG */
/* Make sure syslog goes after stdarg/varargs */
#ifdef HAVE_SYSLOG_H
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/squid-3.1.16/configure.ac new/squid-3.1.18/configure.ac
--- old/squid-3.1.16/configure.ac 2011-10-13 10:38:19.000000000 +0200
+++ new/squid-3.1.18/configure.ac 2011-12-03 07:21:24.000000000 +0100
@@ -2,7 +2,7 @@
dnl
dnl $Id$
dnl
-AC_INIT([Squid Web Proxy],[3.1.16],[http://www.squid-cache.org/bugs/],[squid])
+AC_INIT([Squid Web Proxy],[3.1.18],[http://www.squid-cache.org/bugs/],[squid])
AC_PREREQ(2.61)
AC_CONFIG_HEADERS([include/autoconf.h])
AC_CONFIG_AUX_DIR(cfgaux)
@@ -2057,22 +2057,25 @@
fi
])
-
dnl Check for Cyrus SASL
if test "$require_sasl" = "yes"; then
- AC_CHECK_HEADERS(sasl/sasl.h sasl.h)
- if test "$ac_cv_header_sasl_sasl_h" = "yes"; then
- AC_MSG_NOTICE([using SASL2])
- LIBSASL="-lsasl2"
- else
- if test "$ac_cv_header_sasl_h" = "yes"; then
- AC_MSG_NOTICE([using SASL])
- LIBSASL="-lsasl"
- else
- AC_MSG_ERROR(Neither SASL nor SASL2 found)
- fi
- fi
- AC_SUBST(LIBSASL)
+ AC_CHECK_HEADERS(sasl/sasl.h sasl.h)
+ AC_CHECK_LIB(sasl2,sasl_errstring,[LIBSASL="-lsasl2"],[
+ AC_CHECK_LIB(sasl,sasl_errstring,[LIBSASL="-lsasl"], [
+ AC_MSG_ERROR(Neither SASL nor SASL2 found)
+ ])
+ ])
+ case "$squid_host_os" in
+ Darwin)
+ if test "$ac_cv_lib_sasl2_sasl_errstring" = "yes" ; then
+ AC_DEFINE(HAVE_SASL_DARWIN,1,[Define to 1 if Mac Darwin without sasl.h])
+ echo "checking for MAC Darwin without sasl.h ... yes"
+ else
+ echo "checking for MAC Darwin without sasl.h ... no"
+ fi
+ ;;
+ esac
+ AC_SUBST(LIBSASL)
fi
dnl Disable "unlinkd" code
@@ -2256,8 +2259,10 @@
;;
esac
-dnl set $(AR)
-AC_PATH_PROG(AR, ar, $FALSE)
+dnl set $(AR) if not provided by the build environment
+if test "x$AR" = "x"; then
+ AC_PATH_PROG(AR, ar, $FALSE)
+fi
AR_R="$AR r"
case "$host" in
*-next-nextstep3)
@@ -2277,6 +2282,7 @@
bstring.h \
cassert \
crypt.h \
+ cstdarg \
cstring \
ctype.h \
errno.h \
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/squid-3.1.16/include/autoconf.h.in new/squid-3.1.18/include/autoconf.h.in
--- old/squid-3.1.16/include/autoconf.h.in 2011-10-13 10:34:27.000000000 +0200
+++ new/squid-3.1.18/include/autoconf.h.in 2011-12-03 07:20:05.000000000 +0100
@@ -142,6 +142,9 @@
/* Define to 1 if you have the header file. */
#undef HAVE_CRYPT_H
+/* Define to 1 if you have the <cstdarg> header file. */
+#undef HAVE_CSTDARG
+
/* Define to 1 if you have the <cstring> header file. */
#undef HAVE_CSTRING
@@ -613,6 +616,9 @@
/* Define to 1 if you have the `rint' function. */
#undef HAVE_RINT
+/* Define to 1 if Mac Darwin without sasl.h */
+#undef HAVE_SASL_DARWIN
+
/* Define to 1 if you have the header file. */
#undef HAVE_SASL_H
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/squid-3.1.16/include/version.h new/squid-3.1.18/include/version.h
--- old/squid-3.1.16/include/version.h 2011-10-13 10:38:19.000000000 +0200
+++ new/squid-3.1.18/include/version.h 2011-12-03 07:21:25.000000000 +0100
@@ -9,7 +9,7 @@
*/
#ifndef SQUID_RELEASE_TIME
-#define SQUID_RELEASE_TIME 1318494596
+#define SQUID_RELEASE_TIME 1322893123
#endif
#ifndef APP_SHORTNAME
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/squid-3.1.16/lib/radix.c new/squid-3.1.18/lib/radix.c
--- old/squid-3.1.16/lib/radix.c 2011-10-13 10:30:05.000000000 +0200
+++ new/squid-3.1.18/lib/radix.c 2011-12-03 07:18:46.000000000 +0100
@@ -65,6 +65,8 @@
*/
#include "config.h"
+#include "radix.h"
+#include "util.h"
#if HAVE_UNISTD_H
#include
@@ -105,10 +107,6 @@
#include
#endif
-#include "util.h"
-
-#include "radix.h"
-
int squid_max_keylen;
struct squid_radix_mask *squid_rn_mkfreelist;
struct squid_radix_node_head *squid_mask_rnhead;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/squid-3.1.16/src/BodyPipe.h new/squid-3.1.18/src/BodyPipe.h
--- old/squid-3.1.16/src/BodyPipe.h 2011-10-13 10:30:05.000000000 +0200
+++ new/squid-3.1.18/src/BodyPipe.h 2011-12-03 07:18:46.000000000 +0100
@@ -84,7 +84,7 @@
typedef BodyConsumer Consumer;
typedef BodyPipeCheckout Checkout;
- enum { MaxCapacity = SQUID_TCP_SO_RCVBUF };
+ enum { MaxCapacity = 64*1024 };
friend class BodyPipeCheckout;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/squid-3.1.16/src/Makefile.am new/squid-3.1.18/src/Makefile.am
--- old/squid-3.1.16/src/Makefile.am 2011-10-13 10:30:05.000000000 +0200
+++ new/squid-3.1.18/src/Makefile.am 2011-12-03 07:18:46.000000000 +0100
@@ -561,9 +561,13 @@
unlinkd_SOURCES = unlinkd_daemon.cc SquidNew.cc
-dnsserver_SOURCES = dnsserver.cc SquidNew.cc
recv_announce_SOURCES = recv-announce.cc SquidNew.cc
+## dnsserver is a standalone helper. Do not link to any internal libraries
+dnsserver_SOURCES = dnsserver.cc
+## SquidNew.cc tests/stub_debug.cc test_tools.cc time.cc
+dnsserver_LDADD = $(COMPAT_LIB)
+
## What requires what..
## many things want ACLChecklist.cc
## ACLChecklist.cc wants AuthUserRequest.cc
@@ -763,7 +767,7 @@
true
cf_parser.cci: cf.data cf_gen$(EXEEXT)
- ./cf_gen cf.data $(srcdir)/cf.data.depend
+ ./cf_gen$(EXEEXT) cf.data $(srcdir)/cf.data.depend
cf_gen_defines.cci: $(srcdir)/cf_gen_defines $(srcdir)/cf.data.pre
$(AWK) -f $(srcdir)/cf_gen_defines <$(srcdir)/cf.data.pre >$@ || ($(RM) -f $@ && exit 1)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/squid-3.1.16/src/Server.cc new/squid-3.1.18/src/Server.cc
--- old/squid-3.1.16/src/Server.cc 2011-10-13 10:30:05.000000000 +0200
+++ new/squid-3.1.18/src/Server.cc 2011-12-03 07:18:46.000000000 +0100
@@ -45,6 +45,7 @@
#if USE_ADAPTATION
#include "adaptation/AccessCheck.h"
#include "adaptation/Iterator.h"
+#include "base/AsyncCall.h"
#endif
// implemented in client_side_reply.cc until sides have a common parent
@@ -57,6 +58,8 @@
, adaptationAccessCheckPending(false)
, startedAdaptation(false)
#endif
+ ,theVirginReply(NULL),
+ theFinalReply(NULL)
{
fwd = theFwdState;
entry = fwd->entry;
@@ -276,7 +279,8 @@
return;
}
#endif
- handleMoreRequestBodyAvailable();
+ if (requestBodySource == bp)
+ handleMoreRequestBodyAvailable();
}
// the entire request or adapted response body was provided, successfully
@@ -289,7 +293,8 @@
return;
}
#endif
- handleRequestBodyProductionEnded();
+ if (requestBodySource == bp)
+ handleRequestBodyProductionEnded();
}
// premature end of the request or adapted response body production
@@ -302,7 +307,8 @@
return;
}
#endif
- handleRequestBodyProducerAborted();
+ if (requestBodySource == bp)
+ handleRequestBodyProducerAborted();
}
@@ -686,22 +692,67 @@
handleAdaptationAborted(!final);
}
-// more adapted response body is available
void
-ServerStateData::handleMoreAdaptedBodyAvailable()
+ServerStateData::resumeBodyStorage()
{
- const size_t contentSize = adaptedBodySource->buf().contentSize();
+ if (abortOnBadEntry("store entry aborted while kick producer callback"))
+ return;
- debugs(11,5, HERE << "consuming " << contentSize << " bytes of adapted " <<
- "response body at offset " << adaptedBodySource->consumedSize());
+ if (!adaptedBodySource)
+ return;
+
+ handleMoreAdaptedBodyAvailable();
+
+ if (adaptedBodySource != NULL && adaptedBodySource->exhausted())
+ endAdaptedBodyConsumption();
+}
+// more adapted response body is available
+void
+ServerStateData::handleMoreAdaptedBodyAvailable()
+{
if (abortOnBadEntry("entry refuses adapted body"))
return;
assert(entry);
+
+ size_t contentSize = adaptedBodySource->buf().contentSize();
+
+ if (!contentSize)
+ return; // XXX: bytesWanted asserts on zero-size ranges
+
+ // XXX: entry->bytesWanted returns contentSize-1 if entry can accept data.
+ // We have to add 1 to avoid suspending forever.
+ const size_t bytesWanted = entry->bytesWanted(Range(0, contentSize));
+ const size_t spaceAvailable = bytesWanted > 0 ? (bytesWanted + 1) : 0;
+
+ if (spaceAvailable < contentSize ) {
+ // No or partial body data consuming
+ typedef NullaryMemFunT<ServerStateData> Dialer;
+ AsyncCall::Pointer call = asyncCall(93, 5, "ServerStateData::resumeBodyStorage",
+ Dialer(this, &ServerStateData::resumeBodyStorage));
+ entry->deferProducer(call);
+ }
+
+ // XXX: bytesWanted API does not allow us to write just one byte!
+ if (!spaceAvailable && contentSize > 1) {
+ debugs(11, 5, HERE << "NOT storing " << contentSize << " bytes of adapted " <<
+ "response body at offset " << adaptedBodySource->consumedSize());
+ return;
+ }
+
+ if (spaceAvailable < contentSize ) {
+ debugs(11, 5, HERE << "postponing storage of " <<
+ (contentSize - spaceAvailable) << " body bytes");
+ contentSize = spaceAvailable;
+ }
+
+ debugs(11,5, HERE << "storing " << contentSize << " bytes of adapted " <<
+ "response body at offset " << adaptedBodySource->consumedSize());
+
BodyPipeCheckout bpc(*adaptedBodySource);
- const StoreIOBuffer ioBuf(&bpc.buf, currentOffset);
- currentOffset += bpc.buf.size;
+ const StoreIOBuffer ioBuf(&bpc.buf, currentOffset, contentSize);
+ currentOffset += ioBuf.length;
entry->write(ioBuf);
bpc.buf.consume(contentSize);
bpc.checkIn();
@@ -711,11 +762,19 @@
void
ServerStateData::handleAdaptedBodyProductionEnded()
{
- stopConsumingFrom(adaptedBodySource);
-
if (abortOnBadEntry("entry went bad while waiting for adapted body eof"))
return;
+ // end consumption if we consumed everything
+ if (adaptedBodySource != NULL && adaptedBodySource->exhausted())
+ endAdaptedBodyConsumption();
+ // else resumeBodyStorage() will eventually consume the rest
+}
+
+void
+ServerStateData::endAdaptedBodyConsumption()
+{
+ stopConsumingFrom(adaptedBodySource);
handleAdaptationCompleted();
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/squid-3.1.16/src/Server.h new/squid-3.1.18/src/Server.h
--- old/squid-3.1.16/src/Server.h 2011-10-13 10:30:05.000000000 +0200
+++ new/squid-3.1.18/src/Server.h 2011-12-03 07:18:46.000000000 +0100
@@ -155,6 +155,11 @@
void handleAdaptationCompleted();
void handleAdaptationAborted(bool bypassable = false);
+
+ /// called by StoreEntry when it has more buffer space available
+ void resumeBodyStorage();
+ /// called when the entire adapted response body is consumed
+ void endAdaptedBodyConsumption();
#endif
protected:
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/squid-3.1.16/src/Store.h new/squid-3.1.18/src/Store.h
--- old/squid-3.1.16/src/Store.h 2011-10-13 10:30:05.000000000 +0200
+++ new/squid-3.1.18/src/Store.h 2011-12-03 07:18:46.000000000 +0100
@@ -189,9 +189,21 @@
virtual void lock();
virtual void release();
+#if USE_ADAPTATION
+ /// call back producer when more buffer space is available
+ void deferProducer(const AsyncCall::Pointer &producer);
+ /// calls back producer registered with deferProducer
+ void kickProducer();
+#endif
+
private:
static MemAllocator *pool;
+#if USE_ADAPTATION
+ /// producer callback registered with deferProducer
+ AsyncCall::Pointer deferredProducer;
+#endif
+
bool validLength() const;
bool hasOneOfEtags(const String &reqETags, const bool allowWeakMatch) const;
};
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/squid-3.1.16/src/StoreIOBuffer.h new/squid-3.1.18/src/StoreIOBuffer.h
--- old/squid-3.1.16/src/StoreIOBuffer.h 2011-10-13 10:30:05.000000000 +0200
+++ new/squid-3.1.18/src/StoreIOBuffer.h 2011-12-03 07:18:46.000000000 +0100
@@ -59,6 +59,13 @@
flags.error = 0;
}
+ StoreIOBuffer(MemBuf *aMemBuf, int64_t anOffset, size_t anLength) :
+ length(anLength),
+ offset (anOffset),
+ data(aMemBuf->content()) {
+ flags.error = 0;
+ }
+
Range range() const {
return Range(offset, offset + length);
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/squid-3.1.16/src/acl/DestinationDomain.h new/squid-3.1.18/src/acl/DestinationDomain.h
--- old/squid-3.1.16/src/acl/DestinationDomain.h 2011-10-13 10:30:05.000000000 +0200
+++ new/squid-3.1.18/src/acl/DestinationDomain.h 2011-12-03 07:18:46.000000000 +0100
@@ -47,6 +47,7 @@
public:
virtual int match (ACLData<MatchType> * &, ACLFilledChecklist *);
static ACLDestinationDomainStrategy *Instance();
+ virtual bool requiresRequest() const {return true;}
/**
* Not implemented to prevent copies of the instance.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/squid-3.1.16/src/auth/digest/auth_digest.cc new/squid-3.1.18/src/auth/digest/auth_digest.cc
--- old/squid-3.1.16/src/auth/digest/auth_digest.cc 2011-10-13 10:30:05.000000000 +0200
+++ new/squid-3.1.18/src/auth/digest/auth_digest.cc 2011-12-03 07:18:46.000000000 +0100
@@ -1134,10 +1134,29 @@
vlen = 0;
}
- /* parse value. auth-param = token "=" ( token | quoted-string ) */
String value;
+
if (vlen > 0) {
- if (*p == '"') {
+ // see RFC 2617 section 3.2.1 and 3.2.2 for details on the BNF
+
+ if ( (nlen == 6 && memcmp(item,"domain",6) == 0) || (nlen == 3 && memcmp(item,"uri",3) == 0) ) {
+ // domain is Special. Not a quoted-string, must not be de-quoted. But is wrapped in '"'
+ // BUG 3077: uri= can also be sent to us in a mangled (invalid!) form like domain
+ if (*p == '"' && *(p + vlen-1) == '"') {
+ value.limitInit(p+1, vlen-2);
+ } else {
+ value.limitInit(p, vlen);
+ }
+ } else if (nlen == 3 && memcmp(item,"qop",3) == 0) {
+ // qop is more special.
+ // On request this must not be quoted-string de-quoted. But is several values wrapped in '"'
+ // On response this is a single un-quoted token.
+ if (*p == '"' && *(p + vlen-1) == '"') {
+ value.limitInit(p+1, vlen-2);
+ } else {
+ value.limitInit(p, vlen);
+ }
+ } else if (*p == '"') {
if (!httpHeaderParseQuotedString(p, &value)) {
debugs(29, 9, "authDigestDecodeAuth: Failed to parse attribute '" << item << "' in '" << temp << "'");
continue;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/squid-3.1.16/src/cf.data.pre new/squid-3.1.18/src/cf.data.pre
--- old/squid-3.1.16/src/cf.data.pre 2011-10-13 10:30:05.000000000 +0200
+++ new/squid-3.1.18/src/cf.data.pre 2011-12-03 07:18:46.000000000 +0100
@@ -29,24 +29,30 @@
COMMENT_START
WELCOME TO @SQUID@
----------------------------
-
- This is the default Squid configuration file. You may wish
- to look at the Squid home page (http://www.squid-cache.org/)
- for the FAQ and other documentation.
-
- The default Squid config file shows what the defaults for
- various options happen to be. If you don't need to change the
- default, you shouldn't uncomment the line. Doing so may cause
- run-time problems. In some cases "none" refers to no default
- setting at all, while in other cases it refers to a valid
- option - the comments for that keyword indicate if this is the
- case.
+
+ This is the documentation for the Squid configuration file.
+ This documentation can also be found online at:
+ http://www.squid-cache.org/Doc/config/
+
+ You may wish to look at the Squid home page and wiki for the
+ FAQ and other documentation:
+ http://www.squid-cache.org/
+ http://wiki.squid-cache.org/SquidFaq
+ http://wiki.squid-cache.org/ConfigExamples
+
+ This documentation shows what the defaults for various directives
+ happen to be. If you don't need to change the default, you should
+ leave the line out of your squid.conf in most cases.
+
+ In some cases "none" refers to no default setting at all,
+ while in other cases it refers to the value of the option
+ - the comments for that keyword indicate if this is the case.
COMMENT_END
COMMENT_START
Configuration options can be included using the "include" directive.
- Include takes a list of files to include. Quoting and wildcards is
+ Include takes a list of files to include. Quoting and wildcards are
supported.
For example,
@@ -490,6 +496,9 @@
list separator. ; can be any non-alphanumeric
character.
+ %% The percent sign. Useful for helpers which need
+ an unchanging input format.
+
In addition to the above, any string specified in the referencing
acl will also be included in the helper request line, after the
specified formats (see the "acl external" directive)
@@ -1299,6 +1308,10 @@
4 TLSv1 only
cipher= Colon separated list of supported ciphers.
+ NOTE: some ciphers such as EDH ciphers depend on
+ additional settings. If those settings are
+ omitted the ciphers may be silently ignored
+ by the OpenSSL library.
options= Various SSL engine options. The most important
being:
@@ -1307,8 +1320,8 @@
NO_TLSv1 Disallow the use of TLSv1
SINGLE_DH_USE Always create a new key when using
temporary/ephemeral DH key exchanges
- See src/ssl_support.c or OpenSSL SSL_CTX_set_options
- documentation for a complete list of options.
+ See OpenSSL SSL_CTX_set_options documentation for a
+ complete list of options.
clientca= File containing the list of CAs to use when
requesting a client certificate.
@@ -1325,7 +1338,10 @@
the capath. Implies VERIFY_CRL flag below.
dhparams= File containing DH parameters for temporary/ephemeral
- DH key exchanges.
+ DH key exchanges. See OpenSSL documentation for details
+ on how to create this file.
+ WARNING: EDH ciphers will be silently disabled if this
+ option is not set.
sslflags= Various flags modifying the use of SSL:
DELAYED_AUTH
@@ -1784,7 +1800,7 @@
cache_peer parent.foo.net parent 3128 3130 default
cache_peer sib1.foo.net sibling 3128 3130 proxy-only
cache_peer sib2.foo.net sibling 3128 3130 proxy-only
- cache_peer example.com parent 80 0 no-query default
+ cache_peer example.com parent 80 0 default
cache_peer cdn.example.com sibling 3128 0
type: either 'parent', 'sibling', or 'multicast'.
@@ -1879,7 +1895,7 @@
multicast-siblings
To be used only for cache peers of type "multicast".
ALL members of this multicast group have "sibling"
- relationship with it, not "parent". This is to a mulicast
+ relationship with it, not "parent". This is to a multicast
group when the requested object would be fetched only from
a "parent" cache, anyway. It's useful, e.g., when
configuring a pool of redundant Squid proxies, being
@@ -2653,6 +2669,7 @@
Will log to the specified file using the specified format (which
must be defined in a logformat directive) those entries which match
ALL the acl's specified (which must be defined in acl clauses).
+
If no acl is specified, all requests will be logged to this file.
To disable logging of a request use the filepath "none", in which case
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/squid-3.1.16/src/client_side_request.cc new/squid-3.1.18/src/client_side_request.cc
--- old/squid-3.1.16/src/client_side_request.cc 2011-10-13 10:30:05.000000000 +0200
+++ new/squid-3.1.18/src/client_side_request.cc 2011-12-03 07:18:46.000000000 +0100
@@ -1473,17 +1473,46 @@
}
void
+ClientHttpRequest::resumeBodyStorage()
+{
+ if (!adaptedBodySource)
+ return;
+
+ noteMoreBodyDataAvailable(adaptedBodySource);
+}
+
+void
ClientHttpRequest::noteMoreBodyDataAvailable(BodyPipe::Pointer)
{
assert(request_satisfaction_mode);
assert(adaptedBodySource != NULL);
- if (const size_t contentSize = adaptedBodySource->buf().contentSize()) {
+ if (size_t contentSize = adaptedBodySource->buf().contentSize()) {
+ // XXX: entry->bytesWanted returns contentSize-1 if entry can accept data.
+ // We have to add 1 to avoid suspending forever.
+ const size_t bytesWanted = storeEntry()->bytesWanted(Range(0,contentSize));
+ const size_t spaceAvailable = bytesWanted > 0 ? (bytesWanted + 1) : 0;
+
+ if (spaceAvailable < contentSize ) {
+ // No or partial body data consuming
+ typedef NullaryMemFunT<ClientHttpRequest> Dialer;
+ AsyncCall::Pointer call = asyncCall(93, 5, "ClientHttpRequest::resumeBodyStorage",
+ Dialer(this, &ClientHttpRequest::resumeBodyStorage));
+ storeEntry()->deferProducer(call);
+ }
+
+ // XXX: bytesWanted API does not allow us to write just one byte!
+ if (!spaceAvailable && contentSize > 1)
+ return;
+
+ if (spaceAvailable < contentSize )
+ contentSize = spaceAvailable;
+
BodyPipeCheckout bpc(*adaptedBodySource);
- const StoreIOBuffer ioBuf(&bpc.buf, request_satisfaction_offset);
+ const StoreIOBuffer ioBuf(&bpc.buf, request_satisfaction_offset, contentSize);
storeEntry()->write(ioBuf);
- // assume can write everything
- request_satisfaction_offset += contentSize;
+ // assume StoreEntry::write() writes the entire ioBuf
+ request_satisfaction_offset += ioBuf.length;
bpc.buf.consume(contentSize);
bpc.checkIn();
}
@@ -1497,13 +1526,9 @@
ClientHttpRequest::noteBodyProductionEnded(BodyPipe::Pointer)
{
assert(!virginHeadSource);
- if (adaptedBodySource != NULL) { // did not end request satisfaction yet
- // We do not expect more because noteMoreBodyDataAvailable always
- // consumes everything. We do not even have a mechanism to consume
- // leftovers after noteMoreBodyDataAvailable notifications seize.
- assert(adaptedBodySource->exhausted());
+ // should we end request satisfaction now?
+ if (adaptedBodySource != NULL && adaptedBodySource->exhausted())
endRequestSatisfaction();
- }
}
void
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/squid-3.1.16/src/client_side_request.h new/squid-3.1.18/src/client_side_request.h
--- old/squid-3.1.16/src/client_side_request.h 2011-10-13 10:30:05.000000000 +0200
+++ new/squid-3.1.18/src/client_side_request.h 2011-12-03 07:18:46.000000000 +0100
@@ -180,6 +180,8 @@
virtual void noteBodyProducerAborted(BodyPipe::Pointer);
void endRequestSatisfaction();
+ /// called by StoreEntry when it has more buffer space available
+ void resumeBodyStorage();
private:
CbcPointerAdaptation::Initiate virginHeadSource;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/squid-3.1.16/src/dnsserver.cc new/squid-3.1.18/src/dnsserver.cc
--- old/squid-3.1.16/src/dnsserver.cc 2011-10-13 10:30:05.000000000 +0200
+++ new/squid-3.1.18/src/dnsserver.cc 2011-12-03 07:18:46.000000000 +0100
@@ -192,8 +192,7 @@
int ttl = 0;
int retry = 0;
unsigned int i = 0;
- IpAddress ipa;
- char ntoabuf[MAX_IPSTRLEN];
+ char ntoabuf[256];
struct addrinfo hints;
struct addrinfo *AI = NULL;
struct addrinfo *aiptr = NULL;
@@ -208,11 +207,20 @@
return;
}
- /* setup 'hints' for the system lookup */
+ /* check if it's already an IP address in text form. */
memset(&hints, '\0', sizeof(struct addrinfo));
hints.ai_family = AF_UNSPEC;
- hints.ai_flags = AI_CANONNAME;
+ hints.ai_flags = AI_NUMERICHOST; // only succeed if its numeric.
+ const bool isDomain = (getaddrinfo(buf,NULL,&hints,&AI) != 0);
+ // reset for real lookup
+ freeaddrinfo(AI);
+ AI = NULL;
+
+ // resolve the address/name
+ memset(&hints, '\0', sizeof(struct addrinfo));
+ hints.ai_family = AF_UNSPEC;
+ hints.ai_flags = AI_CANONNAME;
for (;;) {
if (AI != NULL) {
xfreeaddrinfo(AI);
@@ -231,9 +239,7 @@
sleep(1);
}
- /* check if it's already an IP address in text form. */
- ipa = buf;
- if ( ipa.IsAnyAddr() ) {
+ if (isDomain) {
/* its a domain name. Use the forward-DNS lookup already done */
if (res == 0) {
@@ -249,7 +255,7 @@
i = 0;
aiptr = AI;
while (NULL != aiptr && 32 >= i) {
- memset(ntoabuf, 0, MAX_IPSTRLEN);
+ memset(ntoabuf, 0, sizeof(ntoabuf));
/* getaddrinfo given a host has a nasty tendency to return duplicate addr's */
/* BUT sorted fortunately, so we can drop most of them easily */
@@ -267,10 +273,10 @@
/* annoying inet_ntop breaks the nice code by requiring the in*_addr */
switch (aiptr->ai_family) {
case AF_INET:
- xinet_ntop(aiptr->ai_family, &((struct sockaddr_in*)aiptr->ai_addr)->sin_addr, ntoabuf, MAX_IPSTRLEN);
+ xinet_ntop(aiptr->ai_family, &((struct sockaddr_in*)aiptr->ai_addr)->sin_addr, ntoabuf, sizeof(ntoabuf));
break;
case AF_INET6:
- xinet_ntop(aiptr->ai_family, &((struct sockaddr_in6*)aiptr->ai_addr)->sin6_addr, ntoabuf, MAX_IPSTRLEN);
+ xinet_ntop(aiptr->ai_family, &((struct sockaddr_in6*)aiptr->ai_addr)->sin6_addr, ntoabuf, sizeof(ntoabuf));
break;
default:
aiptr = aiptr->ai_next;
@@ -291,7 +297,7 @@
*/
if (NULL != AI && NULL != AI->ai_addr) {
for (;;) {
- if ( 0 == (res = xgetnameinfo(AI->ai_addr, AI->ai_addrlen, ntoabuf, MAX_IPSTRLEN, NULL,0,0)) )
+ if ( 0 == (res = xgetnameinfo(AI->ai_addr, AI->ai_addrlen, ntoabuf, sizeof(ntoabuf), NULL,0,0)) )
break;
if (res != EAI_AGAIN)
@@ -386,12 +392,9 @@
/* Gone again on FreeBSD 6.2 along with _res_ext itself in any form. */
int ns6count = 0;
#endif
-#if HAVE_RES_INIT
- IpAddress ipa;
-#ifdef _SQUID_RES_NSADDR_LIST
+#if HAVE_RES_INIT && defined(_SQUID_RES_NSADDR_LIST)
extern char *optarg;
#endif
-#endif
#if HAVE_RES_INIT && (defined(_SQUID_RES_NSADDR_LIST) || defined(_SQUID_RES_NSADDR6_LIST))
@@ -416,35 +419,40 @@
*
* BUT, even if _res.nsaddrs is memset to NULL, it resolves IFF IPv6 set in _ext.
*
- * SO, am splittig the IPv4/v6 into the seperate _res fields
+ * SO, am splitting the IPv4/v6 into the seperate _res fields
* and making nscount a total of IPv4+IPv6 /w nscount6 the IPv6 sub-counter
* ie. nscount = count(NSv4)+count(NSv6) & nscount6 = count(NSv6)
*
* If ANYONE knows better please let us know.
*/
- if ( !(ipa = optarg) ) {
+ struct addrinfo hints;
+ memset(&hints, '\0', sizeof(struct addrinfo));
+ hints.ai_family = AF_UNSPEC;
+ hints.ai_flags = AI_NUMERICHOST; // prevent repeated DNS lookups!
+ struct addrinfo *AI = NULL;
+ if ( getaddrinfo(optarg, NULL, &hints, &AI) != 0) {
fprintf(stderr, "%s appears to be a bad nameserver FQDN/IP.\n",optarg);
- } else if ( ipa.IsIPv4() ) {
+ } else if ( AI->ai_family == AF_INET ) {
if (_SQUID_RES_NSADDR_COUNT == MAXNS) {
fprintf(stderr, "Too many -s options, only %d are allowed\n", MAXNS);
- return;
+ } else {
+ _SQUID_RES_NSADDR_LIST[_SQUID_RES_NSADDR_COUNT] = _SQUID_RES_NSADDR_LIST[0];
+ memcpy(&_SQUID_RES_NSADDR_LIST[_SQUID_RES_NSADDR_COUNT++].sin_addr, &((struct sockaddr_in*)AI->ai_addr)->sin_addr, sizeof(struct in_addr));
}
- _SQUID_RES_NSADDR_LIST[_SQUID_RES_NSADDR_COUNT] = _SQUID_RES_NSADDR_LIST[0];
- ipa.GetInAddr(_SQUID_RES_NSADDR_LIST[_SQUID_RES_NSADDR_COUNT++].sin_addr);
- } else if ( ipa.IsIPv6() ) {
+ } else if ( AI->ai_family == AF_INET6 ) {
#if USE_IPV6 && defined(_SQUID_RES_NSADDR6_LIST)
/* because things NEVER seem to resolve in tests without _res.nscount being a total. */
if (_SQUID_RES_NSADDR_COUNT == MAXNS) {
fprintf(stderr, "Too many -s options, only %d are allowed\n", MAXNS);
- return;
+ } else {
+ _SQUID_RES_NSADDR_COUNT++;
+ memcpy(&_SQUID_RES_NSADDR6_LIST(_SQUID_RES_NSADDR6_COUNT++), &((struct sockaddr_in6*)AI->ai_addr)->sin6_addr, sizeof(struct in6_addr));
}
- _SQUID_RES_NSADDR_COUNT++;
-
- ipa.GetInAddr(_SQUID_RES_NSADDR6_LIST(_SQUID_RES_NSADDR6_COUNT++));
#else
fprintf(stderr, "IPv6 nameservers not supported on this resolver\n");
#endif
}
+ freeaddrinfo(AI);
#else /* !HAVE_RES_INIT || !defined(_SQUID_RES_NSADDR_LIST) */
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/squid-3.1.16/src/errorpage.cc new/squid-3.1.18/src/errorpage.cc
--- old/squid-3.1.16/src/errorpage.cc 2011-10-13 10:30:05.000000000 +0200
+++ new/squid-3.1.18/src/errorpage.cc 2011-12-03 07:18:46.000000000 +0100
@@ -579,7 +579,7 @@
if (ftp.request) {
str.Printf("FTP Request: %s\r\n", ftp.request);
- str.Printf("FTP Reply: %s\r\n", ftp.reply);
+ str.Printf("FTP Reply: %s\r\n", (ftp.reply? ftp.reply:"[none]"));
str.Printf("FTP Msg: ");
wordlistCat(ftp.server_msg, &str);
str.Printf("\r\n");
@@ -670,7 +670,7 @@
case 'F':
/* FTP REPLY LINE */
- if (ftp.request)
+ if (ftp.reply)
p = ftp.reply;
else
p = "nothing";
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/squid-3.1.16/src/external_acl.cc new/squid-3.1.18/src/external_acl.cc
--- old/squid-3.1.16/src/external_acl.cc 2011-10-13 10:30:05.000000000 +0200
+++ new/squid-3.1.18/src/external_acl.cc 2011-12-03 07:18:46.000000000 +0100
@@ -169,6 +169,7 @@
EXT_ACL_USER_CERTCHAIN_RAW,
#endif
EXT_ACL_EXT_USER,
+ EXT_ACL_PERCENT,
EXT_ACL_END
} type;
external_acl_format *next;
@@ -420,6 +421,8 @@
#endif
else if (strcmp(token, "%EXT_USER") == 0)
format->type = _external_acl_format::EXT_ACL_EXT_USER;
+ else if (strcmp(token, "%%") == 0)
+ format->type = _external_acl_format::EXT_ACL_PERCENT;
else {
self_destruct();
}
@@ -688,9 +691,15 @@
entry = ch->extacl_entry;
if (entry) {
- if (cbdataReferenceValid(entry) && entry->def == acl->def &&
- strcmp((char *)entry->key, key) == 0) {
- /* Ours, use it.. */
+ if (cbdataReferenceValid(entry) && entry->def == acl->def) {
+ /* Ours, use it.. if the key matches */
+ key = makeExternalAclKey(ch, acl);
+ if (strcmp(key, (char*)entry->key) != 0) {
+ debugs(82, 9, HERE << "entry key='" << (char *)entry->key << "', our key='" << key << "' dont match. Discarded.");
+ // too bad. need a new lookup.
+ cbdataReferenceDone(ch->extacl_entry);
+ entry = NULL;
+ }
} else {
/* Not valid, or not ours.. get rid of it */
cbdataReferenceDone(ch->extacl_entry);
@@ -986,6 +995,10 @@
str = request->extacl_user.termedBuf();
break;
+ case _external_acl_format::EXT_ACL_PERCENT:
+ str = "%";
+ break;
+
case _external_acl_format::EXT_ACL_UNKNOWN:
case _external_acl_format::EXT_ACL_END:
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/squid-3.1.16/src/forward.cc new/squid-3.1.18/src/forward.cc
--- old/squid-3.1.16/src/forward.cc 2011-10-13 10:30:05.000000000 +0200
+++ new/squid-3.1.18/src/forward.cc 2011-12-03 07:18:46.000000000 +0100
@@ -464,13 +464,6 @@
bool
FwdState::checkRetriable()
{
- /* If there is a request body then Squid can only try once
- * even if the method is indempotent
- */
-
- if (request->body_pipe != NULL)
- return false;
-
/* RFC2616 9.1 Safe and Idempotent Methods */
switch (request->method.id()) {
/* 9.1.1 Safe Methods */
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/squid-3.1.16/src/fs/ufs/store_dir_ufs.cc new/squid-3.1.18/src/fs/ufs/store_dir_ufs.cc
--- old/squid-3.1.16/src/fs/ufs/store_dir_ufs.cc 2011-10-13 10:30:05.000000000 +0200
+++ new/squid-3.1.18/src/fs/ufs/store_dir_ufs.cc 2011-12-03 07:18:46.000000000 +0100
@@ -768,7 +768,6 @@
struct stat clean_sb;
FILE *fp;
int fd;
- StoreSwapLogHeader *head;
if (::stat(swaplog_path, &log_sb) < 0) {
debugs(47, 1, "Cache Dir #" << index << ": No log file");
@@ -794,10 +793,11 @@
swaplog_fd = fd;
- head = new StoreSwapLogHeader;
-
- file_write(swaplog_fd, -1, head, head->record_size,
- NULL, NULL, FreeHeader);
+ {
+ StoreSwapLogHeader *header = new StoreSwapLogHeader;
+ file_write(swaplog_fd, -1, header, sizeof(*header),
+ NULL, NULL, FreeHeader);
+ }
/* open a read-only stream of the old log */
fp = fopen(swaplog_path, "rb");
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/squid-3.1.16/src/ftp.cc new/squid-3.1.18/src/ftp.cc
--- old/squid-3.1.16/src/ftp.cc 2011-10-13 10:30:05.000000000 +0200
+++ new/squid-3.1.18/src/ftp.cc 2011-12-03 07:18:46.000000000 +0100
@@ -2552,6 +2552,7 @@
ftpState->data.port = port;
+ safe_free(ftpState->data.host);
ftpState->data.host = xstrdup(fd_table[ftpState->ctrl.fd].ipaddr);
safe_free(ftpState->ctrl.last_command);
@@ -2823,6 +2824,7 @@
ftpState->data.port = port;
+ safe_free(ftpState->data.host);
if (Config.Ftp.sanitycheck)
ftpState->data.host = xstrdup(fd_table[ftpState->ctrl.fd].ipaddr);
else
@@ -2871,6 +2873,7 @@
/// Close old data channel, if any. We may open a new one below.
ftpState->data.close();
+ safe_free(ftpState->data.host);
/*
* Set up a listen socket on the same local address as the
@@ -3117,7 +3120,9 @@
data.close();
data.opened(io.nfd, dataCloser());
data.port = io.details.peer.GetPort();
- io.details.peer.NtoA(data.host,SQUIDHOSTNAMELEN);
+
+ io.details.peer.NtoA(ntoapeer,sizeof(ntoapeer));
+ data.host = xstrdup(ntoapeer);
debugs(9, 3, "ftpAcceptDataConnection: Connected data socket on " <<
"FD " << io.nfd << " to " << io.details.peer << " FD table says: " <<
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/squid-3.1.16/src/recv-announce.cc new/squid-3.1.18/src/recv-announce.cc
--- old/squid-3.1.16/src/recv-announce.cc 2011-10-13 10:30:05.000000000 +0200
+++ new/squid-3.1.18/src/recv-announce.cc 2011-12-03 07:18:46.000000000 +0100
@@ -90,7 +90,7 @@
socklen_t len;
struct hostent *hp = NULL;
- char logfile[BUFSIZ];
+ const char *logfile;
char ip[4];
for (len = 0; len < 32; len++) {
@@ -99,9 +99,9 @@
if (argc > 1)
- strcpy(logfile, argv[1]);
+ logfile = argv[1];
else
- strcpy(logfile, "/tmp/recv-announce.log");
+ logfile = "/tmp/recv-announce.log";
close(1);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/squid-3.1.16/src/ssl/gadgets.cc new/squid-3.1.18/src/ssl/gadgets.cc
--- old/squid-3.1.16/src/ssl/gadgets.cc 2011-10-13 10:30:05.000000000 +0200
+++ new/squid-3.1.18/src/ssl/gadgets.cc 2011-12-03 07:18:46.000000000 +0100
@@ -11,16 +11,18 @@
*/
static bool addCnToRequest(Ssl::X509_REQ_Pointer & request, char const * cn)
{
- Ssl::X509_NAME_Pointer name(X509_REQ_get_subject_name(request.get()));
+ // not an Ssl::X509_NAME_Pointer because X509_REQ_get_subject_name()
+ // returns a pointer to the existing subject name. Nothing to clean here.
+ X509_NAME *name = X509_REQ_get_subject_name(request.get());
if (!name)
return false;
// The second argument of the X509_NAME_add_entry_by_txt declared as
// "char *" on some OS. Use cn_name to avoid compile warnings.
static char cn_name[3] = "CN";
- if (!X509_NAME_add_entry_by_txt(name.get(), cn_name, MBSTRING_ASC, (unsigned char *)cn, -1, -1, 0))
+ if (!X509_NAME_add_entry_by_txt(name, cn_name, MBSTRING_ASC, (unsigned char *)cn, -1, -1, 0))
return false;
- name.release();
+
return true;
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/squid-3.1.16/src/store.cc new/squid-3.1.18/src/store.cc
--- old/squid-3.1.16/src/store.cc 2011-10-13 10:30:05.000000000 +0200
+++ new/squid-3.1.18/src/store.cc 2011-12-03 07:18:46.000000000 +0100
@@ -366,6 +366,27 @@
swap_dirn = -1;
}
+#if USE_ADAPTATION
+void
+StoreEntry::deferProducer(const AsyncCall::Pointer &producer)
+{
+ if (!deferredProducer)
+ deferredProducer = producer;
+ else
+ debugs(20, 5, HERE << "Deferred producer call is allready set to: " <<
+ *deferredProducer << ", requested call: " << *producer);
+}
+
+void
+StoreEntry::kickProducer()
+{
+ if (deferredProducer != NULL) {
+ ScheduleCallHere(deferredProducer);
+ deferredProducer = NULL;
+ }
+}
+#endif
+
void
StoreEntry::destroyMemObject()
{
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/squid-3.1.16/src/store_client.cc new/squid-3.1.18/src/store_client.cc
--- old/squid-3.1.16/src/store_client.cc 2011-10-13 10:30:05.000000000 +0200
+++ new/squid-3.1.18/src/store_client.cc 2011-12-03 07:18:46.000000000 +0100
@@ -262,6 +262,11 @@
copying = false;
storeClientCopy2(entry, this);
+
+#if USE_ADAPTATION
+ if (entry)
+ entry->kickProducer();
+#endif
}
/*
@@ -694,6 +699,10 @@
else
mem->kickReads();
+#if USE_ADAPTATION
+ e->kickProducer();
+#endif
+
return 1;
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/squid-3.1.16/src/url.cc new/squid-3.1.18/src/url.cc
--- old/squid-3.1.16/src/url.cc 2011-10-13 10:30:05.000000000 +0200
+++ new/squid-3.1.18/src/url.cc 2011-12-03 07:18:46.000000000 +0100
@@ -249,8 +249,7 @@
*dst = '\0';
/* Then its :// */
- /* (XXX yah, I'm not checking we've got enough data left before checking the array..) */
- if (*src != ':' || *(src + 1) != '/' || *(src + 2) != '/')
+ if ((i+3) > l || *src != ':' || *(src + 1) != '/' || *(src + 2) != '/')
return NULL;
i += 3;
src += 3;
@@ -327,7 +326,7 @@
// Bug 3183 sanity check: If scheme is present, host must be too.
if (protocol != PROTO_NONE && (host == NULL || *host == '\0')) {
- debugs(23, DBG_IMPORTANT, "SECURITY WARNING: Missing hostname in URL '" << url << "'. see access.log for details.");
+ debugs(23, DBG_IMPORTANT, "SECURITY ALERT: Missing hostname in URL '" << url << "'. see access.log for details.");
return NULL;
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/squid-3.1.16/test-suite/mem_hdr_test.cc new/squid-3.1.18/test-suite/mem_hdr_test.cc
--- old/squid-3.1.16/test-suite/mem_hdr_test.cc 2011-10-13 10:30:05.000000000 +0200
+++ new/squid-3.1.18/test-suite/mem_hdr_test.cc 2011-12-03 07:18:46.000000000 +0100
@@ -50,7 +50,7 @@
assert (aHeader.lowestOffset() == 0);
assert (aHeader.write (StoreIOBuffer()));
assert (aHeader.lowestOffset() == 0);
- assert (aHeader.write (StoreIOBuffer(0, 1, NULL)));
+ assert (aHeader.write (StoreIOBuffer(0, 1, (char *)NULL)));
assert (aHeader.lowestOffset() == 0);
char * sampleData = xstrdup ("A");
assert (aHeader.write (StoreIOBuffer(1, 100, sampleData)));
--
To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-commit+help@opensuse.org