Hello community,
here is the log from the commit of package squid3 for openSUSE:Factory
checked in at Mon Nov 16 16:39:19 CET 2009.
--------
--- squid3/squid3.changes 2009-10-08 00:29:20.000000000 +0200
+++ /mounts/work_src_done/STABLE/squid3/squid3.changes 2009-11-09 21:52:23.000000000 +0100
@@ -2 +2 @@
-Thu Oct 8 00:26:45 CEST 2009 - chris@computersalat.de
+Mon Nov 9 20:40:30 UTC 2009 - chris@computersalat.de
@@ -4,2 +4,14 @@
-- bnc#545162 - squid-3.0.STABLE19
- o several BUG fixes
+- new version 3.0.STABLE20
+ * Bug 2794: ESI parsing on FreeBSD
+ * Bug 2791: assertion failed: MemBuf.cc:400: new_cap > (size_t) capacity
+ * Bug 2779: Support GNU/kFreeBSD
+ * Bug 2773: Segfault in RFC2069 Digest authantication
+ * Bug 2768: squid_ldap_group argument parsing error
+ * Bug 2761: Gopher and double HTTP response header
+ * Bug 2735: Incomplete -fhuge-objects detection
+ * Bug 2722: prevent CONNECT via http_port with accel
+ * Bug 2624: Invalid response for IMS request
+ * Bug 2510: digest_ldap_auth TLS support
+ * Correct LINUX_CAPABILITY actions on non-Linux
+- removed old upstream patches
+ o squid-3.0-9107.patch - squid-3.0-9124.patch
calling whatdependson for head-i586
Old:
----
squid-3.0-9107.patch
squid-3.0-9108.patch
squid-3.0-9109.patch
squid-3.0-9110.patch
squid-3.0-9111.patch
squid-3.0-9112.patch
squid-3.0-9113.patch
squid-3.0-9114.patch
squid-3.0-9115.patch
squid-3.0-9116.patch
squid-3.0-9117.patch
squid-3.0-9118.patch
squid-3.0-9119.patch
squid-3.0-9120.patch
squid-3.0-9121.patch
squid-3.0-9122.patch
squid-3.0-9123.patch
squid-3.0-9124.patch
squid-3.0.STABLE19-RELEASENOTES.html
squid-3.0.STABLE19.tar.bz2
New:
----
squid-3.0.STABLE20-RELEASENOTES.html
squid-3.0.STABLE20.tar.bz2
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ squid3.spec ++++++
--- /var/tmp/diff_new_pack.7ISzaN/_old 2009-11-16 16:35:58.000000000 +0100
+++ /var/tmp/diff_new_pack.7ISzaN/_new 2009-11-16 16:35:58.000000000 +0100
@@ -1,5 +1,5 @@
#
-# spec file for package squid3 (Version 3.0.STABLE19)
+# spec file for package squid3 (Version 3.0.STABLE20)
#
# Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
@@ -25,7 +25,7 @@
Name: squid3
Summary: Squid Version 3 WWW Proxy Server
-Version: 3.0.STABLE19
+Version: 3.0.STABLE20
Release: 1
License: GPL v2 or later
Url: http://www.squid-cache.org/Versions/v3
@@ -55,24 +55,24 @@
# please read every file if there is interest about what the patch changes
# or just visit: http://www.squid-cache.org/Versions/v3/3.0/changesets/
#
-Patch1: http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9107.patch
-Patch2: http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9108.patch
-Patch3: http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9109.patch
-Patch4: http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9110.patch
-Patch5: http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9111.patch
-Patch6: http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9112.patch
-Patch7: http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9113.patch
-Patch8: http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9114.patch
-Patch9: http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9115.patch
-Patch10: http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9116.patch
-Patch11: http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9117.patch
-Patch12: http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9118.patch
-Patch13: http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9119.patch
-Patch14: http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9120.patch
-Patch15: http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9121.patch
-Patch16: http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9122.patch
-Patch17: http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9123.patch
-Patch18: http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9124.patch
+#Patch1: http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9107.patch
+#Patch2: http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9108.patch
+#Patch3: http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9109.patch
+#Patch4: http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9110.patch
+#Patch5: http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9111.patch
+#Patch6: http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9112.patch
+#Patch7: http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9113.patch
+#Patch8: http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9114.patch
+#Patch9: http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9115.patch
+#Patch10: http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9116.patch
+#Patch11: http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9117.patch
+#Patch12: http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9118.patch
+#Patch13: http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9119.patch
+#Patch14: http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9120.patch
+#Patch15: http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9121.patch
+#Patch16: http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9122.patch
+#Patch17: http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9123.patch
+#Patch18: http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9124.patch
#
Patch101: squid-beta-3.0-libmxl2.patch
Patch102: squid-beta-3.0-ia64.patch
@@ -123,24 +123,24 @@
%{__cp} %{S:11} .
%patch0 -p1
# upstream patches after RELEASE
-%patch1 -p0
-%patch2 -p0
-%patch3 -p0
-%patch4 -p0
-%patch5 -p0
-%patch6 -p0
-%patch7 -p0
-%patch8 -p0
-%patch9 -p0
-%patch10 -p0
-%patch11 -p0
-%patch12 -p0
-%patch13 -p0
-%patch14 -p0
-%patch15 -p0
-%patch16 -p0
-%patch17 -p0
-%patch18 -p0
+#%patch1 -p0
+#%patch2 -p0
+#%patch3 -p0
+#%patch4 -p0
+#%patch5 -p0
+#%patch6 -p0
+#%patch7 -p0
+#%patch8 -p0
+#%patch9 -p0
+#%patch10 -p0
+#%patch11 -p0
+#%patch12 -p0
+#%patch13 -p0
+#%patch14 -p0
+#%patch15 -p0
+#%patch16 -p0
+#%patch17 -p0
+#%patch18 -p0
# other patches
%patch101 -p1
perl -p -i -e 's|SAMBAPREFIX=/usr/local/samba|SAMBAPREFIX=/usr|' helpers/basic_auth/SMB/Makefile.in
@@ -151,7 +151,7 @@
%endif
%patch103 -p1
%patch104 -p1
-#%patch105 -p1
+#
chmod a-x CREDITS
%build
++++++ squid-3.0.STABLE19-RELEASENOTES.html -> squid-3.0.STABLE20-RELEASENOTES.html ++++++
--- squid3/squid-3.0.STABLE19-RELEASENOTES.html 2009-09-14 16:28:56.000000000 +0200
+++ /mounts/work_src_done/STABLE/squid3/squid-3.0.STABLE20-RELEASENOTES.html 2009-11-09 21:51:53.000000000 +0100
@@ -1,11 +1,11 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<HTML>
<HEAD>
- <META NAME="GENERATOR" CONTENT="LinuxDoc-Tools 0.9.50">
- <TITLE>Squid 3.0.STABLE19 release notes</TITLE>
+ <META NAME="GENERATOR" CONTENT="LinuxDoc-Tools 0.9.65">
+ <TITLE>Squid 3.0.STABLE20 release notes</TITLE>
</HEAD>
<BODY>
-<H1>Squid 3.0.STABLE19 release notes</H1>
+<H1>Squid 3.0.STABLE20 release notes</H1>
<H2>Squid Developers</H2>
<HR>
@@ -60,7 +60,7 @@
<HR>
<H2><A NAME="s1">1.</A> <A HREF="#toc1">Notice</A></H2>
-<P>The Squid Team are pleased to announce the release of Squid-3.0.STABLE19.</P>
+<P>The Squid Team are pleased to announce the release of Squid-3.0.STABLE20.</P>
<P>This new release is available for download from
<A HREF="http://www.squid-cache.org/Versions/v3/3.0/">http://www.squid-cache.org/Versions/v3/3.0/</A> or the
<A HREF="http://www.squid-cache.org/Mirrors/http-mirrors.html">mirrors</A>.</P>
++++++ squid-3.0.STABLE19.tar.bz2 -> squid-3.0.STABLE20.tar.bz2 ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-3.0.STABLE19/acinclude.m4 new/squid-3.0.STABLE20/acinclude.m4
--- old/squid-3.0.STABLE19/acinclude.m4 2009-09-06 13:29:24.000000000 +0200
+++ new/squid-3.0.STABLE20/acinclude.m4 2009-10-29 11:05:32.000000000 +0100
@@ -72,8 +72,8 @@
AC_DEFUN([AC_TEST_CHECKFORHUGEOBJECTS],[
AC_MSG_CHECKING([whether compiler accepts -fhuge-objects])
AC_CACHE_VAL([ac_cv_test_checkforhugeobjects],[
- ac_cv_test_checkforhugeobjects=`echo "int foo;" > conftest.cc
-${CXX} -Werror -fhuge-objects -c conftest.cc 2>/dev/null
+ ac_cv_test_checkforhugeobjects=`echo "int main(int argc, char **argv) { int foo; }" > conftest.cc
+${CXX} -Werror -fhuge-objects -o conftest.bin conftest.cc 2>/dev/null
res=$?
rm -f conftest.*
echo yes
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-3.0.STABLE19/ChangeLog new/squid-3.0.STABLE20/ChangeLog
--- old/squid-3.0.STABLE19/ChangeLog 2009-09-06 13:29:24.000000000 +0200
+++ new/squid-3.0.STABLE20/ChangeLog 2009-10-29 11:05:32.000000000 +0100
@@ -1,3 +1,17 @@
+Changes to squid-3.0.STABLE20 (29 Oct 2009):
+
+ - Bug 2794: ESI parsing on FreeBSD
+ - Bug 2791: assertion failed: MemBuf.cc:400: new_cap > (size_t) capacity
+ - Bug 2779: Support GNU/kFreeBSD
+ - Bug 2773: Segfault in RFC2069 Digest authantication
+ - Bug 2768: squid_ldap_group argument parsing error
+ - Bug 2761: Gopher and double HTTP response header
+ - Bug 2735: Incomplete -fhuge-objects detection
+ - Bug 2722: prevent CONNECT via http_port with accel
+ - Bug 2624: Invalid response for IMS request
+ - Bug 2510: digest_ldap_auth TLS support
+ - Correct LINUX_CAPABILITY actions on non-Linux
+
Changes to squid-3.0.STABLE19 (06 Sep 2009):
- Bug 2745: Invalid Response error on small reads
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-3.0.STABLE19/configure new/squid-3.0.STABLE20/configure
--- old/squid-3.0.STABLE19/configure 2009-09-06 13:29:39.000000000 +0200
+++ new/squid-3.0.STABLE20/configure 2009-10-29 11:05:49.000000000 +0100
@@ -1,7 +1,7 @@
#! /bin/sh
# From configure.in Revision.
# Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.62 for Squid Web Proxy 3.0.STABLE19.
+# Generated by GNU Autoconf 2.62 for Squid Web Proxy 3.0.STABLE20.
#
# Report bugs to http://www.squid-cache.org/bugs/.
#
@@ -751,8 +751,8 @@
# Identity of this package.
PACKAGE_NAME='Squid Web Proxy'
PACKAGE_TARNAME='squid'
-PACKAGE_VERSION='3.0.STABLE19'
-PACKAGE_STRING='Squid Web Proxy 3.0.STABLE19'
+PACKAGE_VERSION='3.0.STABLE20'
+PACKAGE_STRING='Squid Web Proxy 3.0.STABLE20'
PACKAGE_BUGREPORT='http://www.squid-cache.org/bugs/'
ac_unique_file="src/main.cc"
@@ -1096,6 +1096,7 @@
enable_x_accelerator_vary
with_filedescriptors
with_cppunit_basedir
+enable_caps
'
ac_precious_vars='build_alias
host_alias
@@ -1664,7 +1665,7 @@
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
-\`configure' configures Squid Web Proxy 3.0.STABLE19 to adapt to many kinds of systems.
+\`configure' configures Squid Web Proxy 3.0.STABLE20 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@@ -1734,7 +1735,7 @@
if test -n "$ac_init_help"; then
case $ac_init_help in
- short | recursive ) echo "Configuration of Squid Web Proxy 3.0.STABLE19:";;
+ short | recursive ) echo "Configuration of Squid Web Proxy 3.0.STABLE20:";;
esac
cat <<\_ACEOF
@@ -1923,6 +1924,8 @@
variance within an accelerator setup.
Typically used together with other code
that adds custom HTTP headers to the requests.
+ --disable-caps disable usage of Linux capabilities library to
+ control privileges
Optional Packages:
--with-PACKAGE[=ARG] use PACKAGE [ARG=yes]
@@ -2046,7 +2049,7 @@
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
-Squid Web Proxy configure 3.0.STABLE19
+Squid Web Proxy configure 3.0.STABLE20
generated by GNU Autoconf 2.62
Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001,
@@ -2060,7 +2063,7 @@
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
-It was created by Squid Web Proxy $as_me 3.0.STABLE19, which was
+It was created by Squid Web Proxy $as_me 3.0.STABLE20, which was
generated by GNU Autoconf 2.62. Invocation command line was
$ $0 $@
@@ -2778,7 +2781,7 @@
# Define the identity of the package.
PACKAGE='squid'
- VERSION='3.0.STABLE19'
+ VERSION='3.0.STABLE20'
cat >>confdefs.h <<_ACEOF
@@ -5539,7 +5542,7 @@
;;
*-*-irix6*)
# Find out which ABI we are using.
- echo '#line 5542 "configure"' > conftest.$ac_ext
+ echo '#line 5545 "configure"' > conftest.$ac_ext
if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
(eval $ac_compile) 2>&5
ac_status=$?
@@ -8162,11 +8165,11 @@
-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:8165: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:8168: $lt_compile\"" >&5)
(eval "$lt_compile" 2>conftest.err)
ac_status=$?
cat conftest.err >&5
- echo "$as_me:8169: \$? = $ac_status" >&5
+ echo "$as_me:8172: \$? = $ac_status" >&5
if (exit $ac_status) && test -s "$ac_outfile"; then
# The compiler can only warn and ignore the option if not recognized
# So say no if there are warnings other than the usual output.
@@ -8452,11 +8455,11 @@
-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:8455: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:8458: $lt_compile\"" >&5)
(eval "$lt_compile" 2>conftest.err)
ac_status=$?
cat conftest.err >&5
- echo "$as_me:8459: \$? = $ac_status" >&5
+ echo "$as_me:8462: \$? = $ac_status" >&5
if (exit $ac_status) && test -s "$ac_outfile"; then
# The compiler can only warn and ignore the option if not recognized
# So say no if there are warnings other than the usual output.
@@ -8556,11 +8559,11 @@
-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:8559: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:8562: $lt_compile\"" >&5)
(eval "$lt_compile" 2>out/conftest.err)
ac_status=$?
cat out/conftest.err >&5
- echo "$as_me:8563: \$? = $ac_status" >&5
+ echo "$as_me:8566: \$? = $ac_status" >&5
if (exit $ac_status) && test -s out/conftest2.$ac_objext
then
# The compiler can only warn and ignore the option if not recognized
@@ -10956,7 +10959,7 @@
lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
lt_status=$lt_dlunknown
cat > conftest.$ac_ext < conftest.$ac_ext <&5)
+ (eval echo "\"\$as_me:13471: $lt_compile\"" >&5)
(eval "$lt_compile" 2>conftest.err)
ac_status=$?
cat conftest.err >&5
- echo "$as_me:13472: \$? = $ac_status" >&5
+ echo "$as_me:13475: \$? = $ac_status" >&5
if (exit $ac_status) && test -s "$ac_outfile"; then
# The compiler can only warn and ignore the option if not recognized
# So say no if there are warnings other than the usual output.
@@ -13569,11 +13572,11 @@
-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:13572: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:13575: $lt_compile\"" >&5)
(eval "$lt_compile" 2>out/conftest.err)
ac_status=$?
cat out/conftest.err >&5
- echo "$as_me:13576: \$? = $ac_status" >&5
+ echo "$as_me:13579: \$? = $ac_status" >&5
if (exit $ac_status) && test -s out/conftest2.$ac_objext
then
# The compiler can only warn and ignore the option if not recognized
@@ -15152,11 +15155,11 @@
-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:15155: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:15158: $lt_compile\"" >&5)
(eval "$lt_compile" 2>conftest.err)
ac_status=$?
cat conftest.err >&5
- echo "$as_me:15159: \$? = $ac_status" >&5
+ echo "$as_me:15162: \$? = $ac_status" >&5
if (exit $ac_status) && test -s "$ac_outfile"; then
# The compiler can only warn and ignore the option if not recognized
# So say no if there are warnings other than the usual output.
@@ -15256,11 +15259,11 @@
-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:15259: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:15262: $lt_compile\"" >&5)
(eval "$lt_compile" 2>out/conftest.err)
ac_status=$?
cat out/conftest.err >&5
- echo "$as_me:15263: \$? = $ac_status" >&5
+ echo "$as_me:15266: \$? = $ac_status" >&5
if (exit $ac_status) && test -s out/conftest2.$ac_objext
then
# The compiler can only warn and ignore the option if not recognized
@@ -17471,11 +17474,11 @@
-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:17474: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:17477: $lt_compile\"" >&5)
(eval "$lt_compile" 2>conftest.err)
ac_status=$?
cat conftest.err >&5
- echo "$as_me:17478: \$? = $ac_status" >&5
+ echo "$as_me:17481: \$? = $ac_status" >&5
if (exit $ac_status) && test -s "$ac_outfile"; then
# The compiler can only warn and ignore the option if not recognized
# So say no if there are warnings other than the usual output.
@@ -17761,11 +17764,11 @@
-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:17764: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:17767: $lt_compile\"" >&5)
(eval "$lt_compile" 2>conftest.err)
ac_status=$?
cat conftest.err >&5
- echo "$as_me:17768: \$? = $ac_status" >&5
+ echo "$as_me:17771: \$? = $ac_status" >&5
if (exit $ac_status) && test -s "$ac_outfile"; then
# The compiler can only warn and ignore the option if not recognized
# So say no if there are warnings other than the usual output.
@@ -17865,11 +17868,11 @@
-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:17868: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:17871: $lt_compile\"" >&5)
(eval "$lt_compile" 2>out/conftest.err)
ac_status=$?
cat out/conftest.err >&5
- echo "$as_me:17872: \$? = $ac_status" >&5
+ echo "$as_me:17875: \$? = $ac_status" >&5
if (exit $ac_status) && test -s out/conftest2.$ac_objext
then
# The compiler can only warn and ignore the option if not recognized
@@ -21561,8 +21564,8 @@
$as_echo_n "(cached) " >&6
else
- ac_cv_test_checkforhugeobjects=`echo "int foo;" > conftest.cc
-${CXX} -Werror -fhuge-objects -c conftest.cc 2>/dev/null
+ ac_cv_test_checkforhugeobjects=`echo "int main(int argc, char **argv) { int foo; }" > conftest.cc
+${CXX} -Werror -fhuge-objects -o conftest.bin conftest.cc 2>/dev/null
res=$?
rm -f conftest.*
echo yes
@@ -25343,6 +25346,7 @@
ipl.h \
libc.h \
limits.h \
+ linux/types.h \
machine/byte_swap.h \
malloc.h \
math.h \
@@ -25401,8 +25405,7 @@
inttypes.h \
grp.h \
db.h \
- db_185.h \
- sys/capability.h
+ db_185.h
do
as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
@@ -42781,6 +42784,243 @@
fi
+use_caps=yes
+# Check whether --enable-caps was given.
+if test "${enable_caps+set}" = set; then
+ enableval=$enable_caps; if test "x$enableval" = "xyes" ; then
+ { $as_echo "$as_me:$LINENO: result: forced yes" >&5
+$as_echo "forced yes" >&6; }
+ else
+ { $as_echo "$as_me:$LINENO: result: no" >&5
+$as_echo "no" >&6; }
+ use_caps=no
+ fi
+
+else
+ { $as_echo "$as_me:$LINENO: result: yes" >&5
+$as_echo "yes" >&6; }
+fi
+
+if test "x$use_caps" = "xyes"; then
+ libcap_broken=1
+
+for ac_header in sys/capability.h
+do
+as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
+ { $as_echo "$as_me:$LINENO: checking for $ac_header" >&5
+$as_echo_n "checking for $ac_header... " >&6; }
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
+ $as_echo_n "(cached) " >&6
+fi
+ac_res=`eval 'as_val=${'$as_ac_Header'}
+ $as_echo "$as_val"'`
+ { $as_echo "$as_me:$LINENO: result: $ac_res" >&5
+$as_echo "$ac_res" >&6; }
+else
+ # Is the header compilable?
+{ $as_echo "$as_me:$LINENO: checking $ac_header usability" >&5
+$as_echo_n "checking $ac_header usability... " >&6; }
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+$ac_includes_default
+#include <$ac_header>
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
+$as_echo "$ac_try_echo") >&5
+ (eval "$ac_compile") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then
+ ac_header_compiler=yes
+else
+ $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_header_compiler=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+{ $as_echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
+$as_echo "$ac_header_compiler" >&6; }
+
+# Is the header present?
+{ $as_echo "$as_me:$LINENO: checking $ac_header presence" >&5
+$as_echo_n "checking $ac_header presence... " >&6; }
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include <$ac_header>
+_ACEOF
+if { (ac_try="$ac_cpp conftest.$ac_ext"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
+$as_echo "$ac_try_echo") >&5
+ (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } >/dev/null && {
+ test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ }; then
+ ac_header_preproc=yes
+else
+ $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_header_preproc=no
+fi
+
+rm -f conftest.err conftest.$ac_ext
+{ $as_echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
+$as_echo "$ac_header_preproc" >&6; }
+
+# So? What about this header?
+case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
+ yes:no: )
+ { $as_echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5
+$as_echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;}
+ { $as_echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5
+$as_echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;}
+ ac_header_preproc=yes
+ ;;
+ no:yes:* )
+ { $as_echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5
+$as_echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;}
+ { $as_echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5
+$as_echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;}
+ { $as_echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5
+$as_echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;}
+ { $as_echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5
+$as_echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;}
+ { $as_echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
+$as_echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;}
+ { $as_echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5
+$as_echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
+ ( cat <<\_ASBOX
+## ----------------------------------------------- ##
+## Report this to http://www.squid-cache.org/bugs/ ##
+## ----------------------------------------------- ##
+_ASBOX
+ ) | sed "s/^/$as_me: WARNING: /" >&2
+ ;;
+esac
+{ $as_echo "$as_me:$LINENO: checking for $ac_header" >&5
+$as_echo_n "checking for $ac_header... " >&6; }
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
+ $as_echo_n "(cached) " >&6
+else
+ eval "$as_ac_Header=\$ac_header_preproc"
+fi
+ac_res=`eval 'as_val=${'$as_ac_Header'}
+ $as_echo "$as_val"'`
+ { $as_echo "$as_me:$LINENO: result: $ac_res" >&5
+$as_echo "$ac_res" >&6; }
+
+fi
+if test `eval 'as_val=${'$as_ac_Header'}
+ $as_echo "$as_val"'` = yes; then
+ cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+
+done
+
+ { $as_echo "$as_me:$LINENO: checking for operational libcap2" >&5
+$as_echo_n "checking for operational libcap2... " >&6; }
+if { as_var=$libcap_broken; eval "test \"\${$as_var+set}\" = set"; }; then
+ $as_echo_n "(cached) " >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+#include
+int
+main ()
+{
+
+ capget(NULL, NULL);
+ capset(NULL, NULL);
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
+$as_echo "$ac_try_echo") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext && {
+ test "$cross_compiling" = yes ||
+ $as_test_x conftest$ac_exeext
+ }; then
+ libcap_broken=0
+else
+ $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+
+fi
+
+rm -rf conftest.dSYM
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+
+fi
+ac_res=`eval 'as_val=${'$libcap_broken'}
+ $as_echo "$as_val"'`
+ { $as_echo "$as_me:$LINENO: result: $ac_res" >&5
+$as_echo "$ac_res" >&6; }
+
+cat >>confdefs.h <<_ACEOF
+#define LIBCAP_BROKEN $libcap_broken
+_ACEOF
+
+fi
+
{ $as_echo "$as_me:$LINENO: checking for mtyp_t" >&5
$as_echo_n "checking for mtyp_t... " >&6; }
if test "${ac_cv_type_mtyp_t+set}" = set; then
@@ -46204,6 +46444,7 @@
fi
if test "$LINUX_TPROXY" ; then
+ if test "$use_caps" = "yes"; then
{ $as_echo "$as_me:$LINENO: checking if TPROXY header files are installed" >&5
$as_echo_n "checking if TPROXY header files are installed... " >&6; }
# hold on to your hats...
@@ -46224,11 +46465,19 @@
fi
{ $as_echo "$as_me:$LINENO: result: $LINUX_TPROXY" >&5
$as_echo "$LINUX_TPROXY" >&6; }
+ else
+ { $as_echo "$as_me:$LINENO: WARNING: Missing needed capabilities (libcap or libcap2) for TPROXY v2" >&5
+$as_echo "$as_me: WARNING: Missing needed capabilities (libcap or libcap2) for TPROXY v2" >&2;}
+ { $as_echo "$as_me:$LINENO: WARNING: Linux Transparent Proxy support WILL NOT be enabled" >&5
+$as_echo "$as_me: WARNING: Linux Transparent Proxy support WILL NOT be enabled" >&2;}
+ LINUX_TPROXY="no"
+ fi
fi
if test "$LINUX_TPROXY" = "no" && test "$LINUX_NETFILTER" = "yes"; then
echo "WARNING: Cannot find TPROXY headers, you need to install the"
echo "tproxy package from:"
echo " - lynx http://www.balabit.com/downloads/tproxy/"
+ echo "And libcap-dev or libcap2-dev"
sleep 10
fi
@@ -48084,7 +48333,7 @@
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
-This file was extended by Squid Web Proxy $as_me 3.0.STABLE19, which was
+This file was extended by Squid Web Proxy $as_me 3.0.STABLE20, which was
generated by GNU Autoconf 2.62. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@@ -48137,7 +48386,7 @@
_ACEOF
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_version="\\
-Squid Web Proxy config.status 3.0.STABLE19
+Squid Web Proxy config.status 3.0.STABLE20
configured by $0, generated by GNU Autoconf 2.62,
with options \\"`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`\\"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-3.0.STABLE19/configure.in new/squid-3.0.STABLE20/configure.in
--- old/squid-3.0.STABLE19/configure.in 2009-09-06 13:29:39.000000000 +0200
+++ new/squid-3.0.STABLE20/configure.in 2009-10-29 11:05:49.000000000 +0100
@@ -1,7 +1,7 @@
dnl Configuration input file for Squid
dnl
dnl
-AC_INIT(Squid Web Proxy, 3.0.STABLE19, http://www.squid-cache.org/bugs/, squid)
+AC_INIT(Squid Web Proxy, 3.0.STABLE20, http://www.squid-cache.org/bugs/, squid)
AC_PREREQ(2.52)
AM_CONFIG_HEADER(include/autoconf.h)
AC_CONFIG_AUX_DIR(cfgaux)
@@ -1961,6 +1961,7 @@
ipl.h \
libc.h \
limits.h \
+ linux/types.h \
machine/byte_swap.h \
malloc.h \
math.h \
@@ -2019,8 +2020,7 @@
inttypes.h \
grp.h \
db.h \
- db_185.h \
- sys/capability.h
+ db_185.h
)
AC_CHECK_HEADERS(
@@ -2285,6 +2285,29 @@
#include
#endif])
+dnl Check for libcap header (assume its not broken unless
+use_caps=yes
+AC_ARG_ENABLE(caps, AS_HELP_STRING([--disable-caps],[disable usage of Linux capabilities library to control privileges]),
+[ if test "x$enableval" = "xyes" ; then
+ AC_MSG_RESULT(forced yes)
+ else
+ AC_MSG_RESULT(no)
+ use_caps=no
+ fi
+],[AC_MSG_RESULT(yes)])
+if test "x$use_caps" = "xyes"; then
+ dnl Check for libcap1 breakage or libcap2 fixed (assume broken unless found working)
+ libcap_broken=1
+ AC_CHECK_HEADERS(sys/capability.h)
+ AC_CACHE_CHECK([for operational libcap2], $libcap_broken,
+ AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include ]], [[
+ capget(NULL, NULL);
+ capset(NULL, NULL);
+ ]])],[libcap_broken=0],[])
+ )
+ AC_DEFINE_UNQUOTED([LIBCAP_BROKEN],$libcap_broken,[if libcap2 is available and not clashing with libc])
+fi
+
AC_CHECK_TYPE(mtyp_t,AC_DEFINE(HAVE_MTYP_T,1,[mtyp_t is defined by the system headers]),,[#include
#include
#include ])
@@ -2939,7 +2962,7 @@
AC_DEFINE(LINUX_NETFILTER, 0)
fi
AC_MSG_RESULT($LINUX_NETFILTER)
-fi
+fi
if test "$LINUX_NETFILTER" = "no" ; then
echo "WARNING: Cannot find necessary Linux kernel (Netfilter) header files"
echo " Linux Transparent Proxy support WILL NOT be enabled"
@@ -2949,6 +2972,7 @@
dnl Linux Netfilter/TPROXY support requires some specific header files
dnl Shamelessly copied from shamelessly copied from above
if test "$LINUX_TPROXY" ; then
+ if test "$use_caps" = "yes"; then
AC_MSG_CHECKING(if TPROXY header files are installed)
# hold on to your hats...
if test "$ac_cv_header_linux_netfilter_ipv4_ip_tproxy_h" = "yes" && test "$LINUX_NETFILTER" = "yes"; then
@@ -2959,11 +2983,17 @@
AC_DEFINE(LINUX_TPROXY, 0, [Enable real Transparent Proxy support for Netfilter TPROXY.])
fi
AC_MSG_RESULT($LINUX_TPROXY)
+ else
+ AC_MSG_WARN([Missing needed capabilities (libcap or libcap2) for TPROXY v2])
+ AC_MSG_WARN([Linux Transparent Proxy support WILL NOT be enabled])
+ LINUX_TPROXY="no"
+ fi
fi
if test "$LINUX_TPROXY" = "no" && test "$LINUX_NETFILTER" = "yes"; then
echo "WARNING: Cannot find TPROXY headers, you need to install the"
echo "tproxy package from:"
echo " - lynx http://www.balabit.com/downloads/tproxy/"
+ echo "And libcap-dev or libcap2-dev"
sleep 10
fi
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-3.0.STABLE19/helpers/digest_auth/ldap/ldap_backend.c new/squid-3.0.STABLE20/helpers/digest_auth/ldap/ldap_backend.c
--- old/squid-3.0.STABLE19/helpers/digest_auth/ldap/ldap_backend.c 2009-09-06 13:29:30.000000000 +0200
+++ new/squid-3.0.STABLE20/helpers/digest_auth/ldap/ldap_backend.c 2009-10-29 11:05:39.000000000 +0100
@@ -361,11 +361,12 @@
}
if (use_tls) {
#ifdef LDAP_OPT_X_TLS
- if ((version == LDAP_VERSION3) && (ldap_start_tls_s(ld, NULL, NULL) == LDAP_SUCCESS)) {
- fprintf(stderr, "Could not Activate TLS connection\n");
- ldap_unbind(ld);
- ld = NULL;
- }
+ if (version != LDAP_VERSION3) {
+ fprintf(stderr, "TLS requires LDAP version 3\n");
+ exit(1);
+ } else if (ldap_start_tls_s(ld, NULL, NULL) != LDAP_SUCCESS) {
+ exit(1);
+ }
#else
fprintf(stderr, "TLS not supported with your LDAP library\n");
ldap_unbind(ld);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-3.0.STABLE19/helpers/external_acl/ldap_group/squid_ldap_group.c new/squid-3.0.STABLE20/helpers/external_acl/ldap_group/squid_ldap_group.c
--- old/squid-3.0.STABLE19/helpers/external_acl/ldap_group/squid_ldap_group.c 2009-09-06 13:29:30.000000000 +0200
+++ new/squid-3.0.STABLE20/helpers/external_acl/ldap_group/squid_ldap_group.c 2009-10-29 11:05:39.000000000 +0100
@@ -233,6 +233,7 @@
case 'd':
case 'g':
case 'S':
+ case 'K':
break;
default:
if (strlen(argv[1]) > 2) {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-3.0.STABLE19/include/autoconf.h.in new/squid-3.0.STABLE20/include/autoconf.h.in
--- old/squid-3.0.STABLE19/include/autoconf.h.in 2009-09-06 13:29:34.000000000 +0200
+++ new/squid-3.0.STABLE20/include/autoconf.h.in 2009-10-29 11:05:43.000000000 +0100
@@ -312,6 +312,9 @@
*/
#undef HAVE_LINUX_NETFILTER_IPV4_IP_TPROXY_H
+/* Define to 1 if you have the header file. */
+#undef HAVE_LINUX_TYPES_H
+
/* long is defined in system headers */
#undef HAVE_LONG
@@ -805,6 +808,9 @@
with caution. */
#undef KILL_PARENT_OPT
+/* if libcap2 is available and not clashing with libc */
+#undef LIBCAP_BROKEN
+
/* If libresolv.a has been hacked to export _dns_ttl_ */
#undef LIBRESOLV_DNS_TTL_HACK
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-3.0.STABLE19/include/config.h new/squid-3.0.STABLE20/include/config.h
--- old/squid-3.0.STABLE19/include/config.h 2009-09-06 13:29:34.000000000 +0200
+++ new/squid-3.0.STABLE20/include/config.h 2009-10-29 11:05:43.000000000 +0100
@@ -89,6 +89,9 @@
#if USE_ASYNC_IO && defined(LINUXTHREADS)
#define _SQUID_LINUX_THREADS_
#endif
+
+#elif defined(__FreeBSD_kernel__) /* GNU/kFreeBSD */
+#define _SQUID_KFREEBSD_
#elif defined(__sgi__) || defined(sgi) || defined(__sgi) /* SGI */
#define _SQUID_SGI_
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-3.0.STABLE19/include/squid_types.h new/squid-3.0.STABLE20/include/squid_types.h
--- old/squid-3.0.STABLE19/include/squid_types.h 2009-09-06 13:29:34.000000000 +0200
+++ new/squid-3.0.STABLE20/include/squid_types.h 2009-10-29 11:05:43.000000000 +0100
@@ -60,6 +60,9 @@
#if HAVE_SYS_TYPES_H
#include
#endif
+#if HAVE_LINUX_TYPES_H
+#include
+#endif
#if STDC_HEADERS
#include
#include
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-3.0.STABLE19/include/version.h new/squid-3.0.STABLE20/include/version.h
--- old/squid-3.0.STABLE19/include/version.h 2009-09-06 13:29:39.000000000 +0200
+++ new/squid-3.0.STABLE20/include/version.h 2009-10-29 11:05:49.000000000 +0100
@@ -9,5 +9,5 @@
*/
#ifndef SQUID_RELEASE_TIME
-#define SQUID_RELEASE_TIME 1252236563
+#define SQUID_RELEASE_TIME 1256810731
#endif
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-3.0.STABLE19/lib/rfc2617.c new/squid-3.0.STABLE20/lib/rfc2617.c
--- old/squid-3.0.STABLE19/lib/rfc2617.c 2009-09-06 13:29:35.000000000 +0200
+++ new/squid-3.0.STABLE20/lib/rfc2617.c 2009-10-29 11:05:44.000000000 +0100
@@ -168,7 +168,7 @@
SquidMD5Update(&Md5Ctx, pszMethod, strlen(pszMethod));
SquidMD5Update(&Md5Ctx, ":", 1);
SquidMD5Update(&Md5Ctx, pszDigestUri, strlen(pszDigestUri));
- if (strcasecmp(pszQop, "auth-int") == 0) {
+ if (pszQop && strcasecmp(pszQop, "auth-int") == 0) {
SquidMD5Update(&Md5Ctx, ":", 1);
SquidMD5Update(&Md5Ctx, HEntity, HASHHEXLEN);
}
@@ -182,7 +182,7 @@
SquidMD5Update(&Md5Ctx, ":", 1);
SquidMD5Update(&Md5Ctx, pszNonce, strlen(pszNonce));
SquidMD5Update(&Md5Ctx, ":", 1);
- if (*pszQop) {
+ if (pszQop) {
SquidMD5Update(&Md5Ctx, pszNonceCount, strlen(pszNonceCount));
SquidMD5Update(&Md5Ctx, ":", 1);
SquidMD5Update(&Md5Ctx, pszCNonce, strlen(pszCNonce));
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-3.0.STABLE19/RELEASENOTES.html new/squid-3.0.STABLE20/RELEASENOTES.html
--- old/squid-3.0.STABLE19/RELEASENOTES.html 2009-09-06 13:30:21.000000000 +0200
+++ new/squid-3.0.STABLE20/RELEASENOTES.html 2009-10-29 11:06:44.000000000 +0100
@@ -1,11 +1,11 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<HTML>
<HEAD>
- <META NAME="GENERATOR" CONTENT="LinuxDoc-Tools 0.9.50">
- <TITLE>Squid 3.0.STABLE19 release notes</TITLE>
+ <META NAME="GENERATOR" CONTENT="LinuxDoc-Tools 0.9.65">
+ <TITLE>Squid 3.0.STABLE20 release notes</TITLE>
</HEAD>
<BODY>
-<H1>Squid 3.0.STABLE19 release notes</H1>
+<H1>Squid 3.0.STABLE20 release notes</H1>
<H2>Squid Developers</H2>
<HR>
@@ -60,7 +60,7 @@
<HR>
<H2><A NAME="s1">1.</A> <A HREF="#toc1">Notice</A></H2>
-<P>The Squid Team are pleased to announce the release of Squid-3.0.STABLE19.</P>
+<P>The Squid Team are pleased to announce the release of Squid-3.0.STABLE20.</P>
<P>This new release is available for download from
<A HREF="http://www.squid-cache.org/Versions/v3/3.0/">http://www.squid-cache.org/Versions/v3/3.0/</A> or the
<A HREF="http://www.squid-cache.org/Mirrors/http-mirrors.html">mirrors</A>.</P>
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-3.0.STABLE19/src/ACLARP.cc new/squid-3.0.STABLE20/src/ACLARP.cc
--- old/squid-3.0.STABLE19/src/ACLARP.cc 2009-09-06 13:29:35.000000000 +0200
+++ new/squid-3.0.STABLE20/src/ACLARP.cc 2009-10-29 11:05:44.000000000 +0100
@@ -438,7 +438,7 @@
return (0 == splayLastResult);
}
-#elif defined(_SQUID_FREEBSD_) || defined(_SQUID_NETBSD_) || defined(_SQUID_OPENBSD_) || defined(_SQUID_DRAGONFLY_)
+#elif defined(_SQUID_FREEBSD_) || defined(_SQUID_NETBSD_) || defined(_SQUID_OPENBSD_) || defined(_SQUID_DRAGONFLY_) || defined(_SQUID_KFREEBSD_)
struct arpreq arpReq;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-3.0.STABLE19/src/ACLProxyAuth.cc new/squid-3.0.STABLE20/src/ACLProxyAuth.cc
--- old/squid-3.0.STABLE19/src/ACLProxyAuth.cc 2009-09-06 13:29:35.000000000 +0200
+++ new/squid-3.0.STABLE20/src/ACLProxyAuth.cc 2009-10-29 11:05:45.000000000 +0100
@@ -143,7 +143,8 @@
assert(checklist->auth_user_request != NULL);
auth_user_request = checklist->auth_user_request;
- assert(authenticateValidateUser(auth_user_request));
+ int validated = authenticateValidateUser(auth_user_request);
+ assert(validated);
auth_user_request->start(LookupDone, checklist);
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-3.0.STABLE19/src/auth/digest/auth_digest.cc new/squid-3.0.STABLE20/src/auth/digest/auth_digest.cc
--- old/squid-3.0.STABLE19/src/auth/digest/auth_digest.cc 2009-09-06 13:29:36.000000000 +0200
+++ new/squid-3.0.STABLE20/src/auth/digest/auth_digest.cc 2009-10-29 11:05:46.000000000 +0100
@@ -1035,7 +1035,7 @@
authDigestNonceLink(nonce);
/* ping this nonce to this auth user */
- assert((nonce->user == NULL) || (nonce->user = user));
+ assert((nonce->user == NULL) || (nonce->user == user));
/* we don't lock this reference because removing the user removes the
* hash too. Of course if that changes we're stuffed so read the code huh?
@@ -1105,6 +1105,7 @@
/* quote mark */
p++;
+ safe_free(username);
username = xstrndup(p, strchr(p, '"') + 1 - p);
debugs(29, 9, "authDigestDecodeAuth: Found Username '" << username << "'");
@@ -1117,6 +1118,7 @@
/* quote mark */
p++;
+ safe_free(digest_request->realm);
digest_request->realm = xstrndup(p, strchr(p, '"') + 1 - p);
debugs(29, 9, "authDigestDecodeAuth: Found realm '" << digest_request->realm << "'");
@@ -1130,6 +1132,7 @@
/* quote mark */
p++;
+ safe_free(digest_request->qop);
digest_request->qop = xstrndup(p, strcspn(p, "\" \t\r\n()<>@,;:\\/[]?={}") + 1);
debugs(29, 9, "authDigestDecodeAuth: Found qop '" << digest_request->qop << "'");
@@ -1143,6 +1146,7 @@
/* quote mark */
p++;
+ safe_free(digest_request->algorithm);
digest_request->algorithm = xstrndup(p, strcspn(p, "\" \t\r\n()<>@,;:\\/[]?={}") + 1);
debugs(29, 9, "authDigestDecodeAuth: Found algorithm '" << digest_request->algorithm << "'");
@@ -1155,6 +1159,7 @@
/* quote mark */
p++;
+ safe_free(digest_request->uri);
digest_request->uri = xstrndup(p, strchr(p, '"') + 1 - p);
debugs(29, 9, "authDigestDecodeAuth: Found uri '" << digest_request->uri << "'");
@@ -1167,6 +1172,7 @@
/* quote mark */
p++;
+ safe_free(digest_request->nonceb64);
digest_request->nonceb64 = xstrndup(p, strchr(p, '"') + 1 - p);
debugs(29, 9, "authDigestDecodeAuth: Found nonce '" << digest_request->nonceb64 << "'");
@@ -1188,6 +1194,7 @@
/* quote mark */
p++;
+ safe_free(digest_request->cnonce);
digest_request->cnonce = xstrndup(p, strchr(p, '"') + 1 - p);
debugs(29, 9, "authDigestDecodeAuth: Found cnonce '" << digest_request->cnonce << "'");
@@ -1200,6 +1207,7 @@
/* quote mark */
p++;
+ safe_free(digest_request->response);
digest_request->response = xstrndup(p, strchr(p, '"') + 1 - p);
debugs(29, 9, "authDigestDecodeAuth: Found response '" << digest_request->response << "'");
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-3.0.STABLE19/src/cf.data.pre new/squid-3.0.STABLE20/src/cf.data.pre
--- old/squid-3.0.STABLE19/src/cf.data.pre 2009-09-06 13:29:37.000000000 +0200
+++ new/squid-3.0.STABLE20/src/cf.data.pre 2009-10-29 11:05:47.000000000 +0100
@@ -676,8 +676,8 @@
opposite of the last line in the list. If the last line was
deny, the default is allow. Conversely, if the last line
is allow, the default will be deny. For these reasons, it is a
- good idea to have an "deny all" or "allow all" entry at the end
- of your access lists to avoid potential confusion.
+ good idea to have an "deny all" entry at the end of your access
+ lists to avoid potential confusion.
NOCOMMENT_START
#Recommended minimum configuration:
@@ -5452,7 +5452,7 @@
LOC: Config.chroot_dir
DEFAULT: none
DOC_START
- Specifies a directiry where Squid should do a chroot() while
+ Specifies a directory where Squid should do a chroot() while
initializing. This also causes Squid to fully drop root
privileges after initializing. This means, for example, if you
use a HTTP port less than 1024 and try to reconfigure, you may
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-3.0.STABLE19/src/client_side.cc new/squid-3.0.STABLE20/src/client_side.cc
--- old/squid-3.0.STABLE19/src/client_side.cc 2009-09-06 13:29:37.000000000 +0200
+++ new/squid-3.0.STABLE20/src/client_side.cc 2009-10-29 11:05:47.000000000 +0100
@@ -942,14 +942,14 @@
return;
}
- int64_t next = getNextRangeOffset();
+ int64_t nextOffset = getNextRangeOffset();
- assert (next >= http->out.offset);
+ assert (nextOffset >= http->out.offset);
- int64_t skip = next - http->out.offset;
+ int64_t skip = nextOffset - http->out.offset;
/* adjust for not to be transmitted bytes */
- http->out.offset = next;
+ http->out.offset = nextOffset;
if (available.size() <= skip)
return;
@@ -1913,6 +1913,15 @@
/* Set method_p */
*method_p = HttpRequestMethod(&hp->buf[hp->m_start], &hp->buf[hp->m_end]);
+ /* deny CONNECT via accelerated ports */
+ if (*method_p == METHOD_CONNECT && conn != NULL && conn->port && conn->port->accel) {
+ debugs(33, DBG_IMPORTANT, "WARNING: CONNECT method received on " << conn->port->protocol << " Accelerator port " << ntohs(conn->port->s.sin_port) );
+ /* XXX need a way to say "this many character length string" */
+ debugs(33, DBG_IMPORTANT, "WARNING: for request: " << hp->buf);
+ /* XXX need some way to set 405 status on the error reply */
+ return parseHttpRequestAbort(conn, "error:method-not-allowed");
+ }
+
if (*method_p == METHOD_NONE) {
/* AYJ: hp->buf is occasionally full of binary crap. Replace any non-printables with underscores.
Also crop the output at 100 chars, we should not need a whole binary streaming video to identify the issue
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-3.0.STABLE19/src/client_side_reply.cc new/squid-3.0.STABLE20/src/client_side_reply.cc
--- old/squid-3.0.STABLE19/src/client_side_reply.cc 2009-09-06 13:29:37.000000000 +0200
+++ new/squid-3.0.STABLE20/src/client_side_reply.cc 2009-10-29 11:05:47.000000000 +0100
@@ -366,7 +366,7 @@
// if client sent IMS
- if (http->request->flags.ims) {
+ if (http->request->flags.ims && !old_entry->modifiedSince(http->request)) {
// forward the 304 from origin
debugs(88, 3, "handleIMSReply: origin replied 304, revalidating existing entry and forwarding 304 to client");
sendClientUpstreamResponse();
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-3.0.STABLE19/src/client_side_request.cc new/squid-3.0.STABLE20/src/client_side_request.cc
--- old/squid-3.0.STABLE19/src/client_side_request.cc 2009-09-06 13:29:37.000000000 +0200
+++ new/squid-3.0.STABLE20/src/client_side_request.cc 2009-10-29 11:05:47.000000000 +0100
@@ -1125,7 +1125,8 @@
// subscribe to receive reply body
if (new_rep->body_pipe != NULL) {
icapBodySource = new_rep->body_pipe;
- assert(icapBodySource->setConsumerIfNotLate(this));
+ int consumer_ok = icapBodySource->setConsumerIfNotLate(this);
+ assert(consumer_ok);
}
clientStreamNode *node = (clientStreamNode *)client_stream.tail->prev->data;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-3.0.STABLE19/src/comm.h new/squid-3.0.STABLE20/src/comm.h
--- old/squid-3.0.STABLE19/src/comm.h 2009-09-06 13:29:37.000000000 +0200
+++ new/squid-3.0.STABLE20/src/comm.h 2009-10-29 11:05:47.000000000 +0100
@@ -20,7 +20,7 @@
COMM_INPROGRESS = -7,
COMM_ERR_CONNECT = -8,
COMM_ERR_DNS = -9,
- COMM_ERR_CLOSING = -10,
+ COMM_ERR_CLOSING = -10
} comm_err_t;
typedef void IOFCB(int fd, StoreIOBuffer receivedData, comm_err_t flag, int xerrno, void *data);
typedef void IOWCB(int fd, char *buffer, size_t len, comm_err_t flag, int xerrno, void *data);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-3.0.STABLE19/src/ESIExpression.cc new/squid-3.0.STABLE20/src/ESIExpression.cc
--- old/squid-3.0.STABLE19/src/ESIExpression.cc 2009-09-06 13:29:36.000000000 +0200
+++ new/squid-3.0.STABLE20/src/ESIExpression.cc 2009-10-29 11:05:45.000000000 +0100
@@ -721,6 +721,7 @@
if ((point = strchr (s, '.')) && point - s < (ssize_t)length) {
/* floating point */
+ errno=0; /* reset errno */
rv.value.floating = strtod (s, &end);
if (s == end || errno) {
@@ -737,6 +738,7 @@
}
} else {
/* INT */
+ errno=0; /* reset errno */
rv.value.integral = strtol (s, &end, 0);
if (s == end || errno) {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-3.0.STABLE19/src/fs/ufs/store_dir_ufs.cc new/squid-3.0.STABLE20/src/fs/ufs/store_dir_ufs.cc
--- old/squid-3.0.STABLE19/src/fs/ufs/store_dir_ufs.cc 2009-09-06 13:29:38.000000000 +0200
+++ new/squid-3.0.STABLE20/src/fs/ufs/store_dir_ufs.cc 2009-10-29 11:05:47.000000000 +0100
@@ -143,7 +143,7 @@
IO->io = anIO;
/* Change the IO Options */
- if (currentIOOptions->options.size() > 2)
+ if (currentIOOptions && currentIOOptions->options.size() > 2)
delete currentIOOptions->options.pop_back();
/* TODO: factor out these 4 lines */
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-3.0.STABLE19/src/ftp.cc new/squid-3.0.STABLE20/src/ftp.cc
--- old/squid-3.0.STABLE19/src/ftp.cc 2009-09-06 13:29:38.000000000 +0200
+++ new/squid-3.0.STABLE20/src/ftp.cc 2009-10-29 11:05:47.000000000 +0100
@@ -1204,7 +1204,7 @@
if (data.read_pending)
return;
- int read_sz = replyBodySpace(data.readBuf->spaceSize());
+ const int read_sz = replyBodySpace(*data.readBuf, 0);
debugs(11,9, HERE << "FTP may read up to " << read_sz << " bytes");
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-3.0.STABLE19/src/gopher.cc new/squid-3.0.STABLE20/src/gopher.cc
--- old/squid-3.0.STABLE19/src/gopher.cc 2009-09-06 13:29:38.000000000 +0200
+++ new/squid-3.0.STABLE20/src/gopher.cc 2009-10-29 11:05:48.000000000 +0100
@@ -37,6 +37,7 @@
#include "errorpage.h"
#include "Store.h"
#include "HttpRequest.h"
+#include "HttpReply.h"
#include "comm.h"
#if DELAY_POOLS
#include "DelayPools.h"
@@ -104,7 +105,6 @@
GopherStateData;
static PF gopherStateFree;
-static void gopher_mime_content(MemBuf * mb, const char *name, const char *def);
static void gopherMimeCreate(GopherStateData *);
static void gopher_request_parse(const HttpRequest * req,
char *type_id,
@@ -140,35 +140,13 @@
cbdataFree(gopherState);
}
-
-/* figure out content type from file extension */
-static void
-gopher_mime_content(MemBuf * mb, const char *name, const char *def_ctype)
-{
- char *ctype = mimeGetContentType(name);
- char *cenc = mimeGetContentEncoding(name);
-
- if (cenc)
- mb->Printf("Content-Encoding: %s\r\n", cenc);
-
- mb->Printf("Content-Type: %s\r\n",
- ctype ? ctype : def_ctype);
-}
-
-
-
-/* create MIME Header for Gopher Data */
+/* Create MIME Header for Gopher Data */
static void
gopherMimeCreate(GopherStateData * gopherState)
{
- MemBuf mb;
-
- mb.init();
-
- mb.Printf("HTTP/1.0 200 OK Gatewaying\r\n"
- "Server: Squid/%s\r\n"
- "Date: %s\r\n",
- version_string, mkrfc1123(squid_curtime));
+ StoreEntry *entry = gopherState->entry;
+ const char *mime_type = NULL;
+ const char *mime_enc = NULL;
switch (gopherState->type_id) {
@@ -181,7 +159,7 @@
case GOPHER_WWW:
case GOPHER_CSO:
- mb.Printf("Content-Type: text/html\r\n");
+ mime_type = "text/html";
break;
case GOPHER_GIF:
@@ -189,17 +167,17 @@
case GOPHER_IMAGE:
case GOPHER_PLUS_IMAGE:
- mb.Printf("Content-Type: image/gif\r\n");
+ mime_type = "image/gif";
break;
case GOPHER_SOUND:
case GOPHER_PLUS_SOUND:
- mb.Printf("Content-Type: audio/basic\r\n");
+ mime_type = "audio/basic";
break;
case GOPHER_PLUS_MOVIE:
- mb.Printf("Content-Type: video/mpeg\r\n");
+ mime_type = "video/mpeg";
break;
case GOPHER_MACBINHEX:
@@ -210,20 +188,33 @@
case GOPHER_BIN:
/* Rightnow We have no idea what it is. */
- gopher_mime_content(&mb, gopherState->request, def_gopher_bin);
+ mime_enc = mimeGetContentEncoding(gopherState->request);
+ mime_type = mimeGetContentType(gopherState->request);
+ if (!mime_type)
+ mime_type = def_gopher_bin;
break;
case GOPHER_FILE:
default:
- gopher_mime_content(&mb, gopherState->request, def_gopher_text);
+ mime_enc = mimeGetContentEncoding(gopherState->request);
+ mime_type = mimeGetContentType(gopherState->request);
+ if (!mime_type)
+ mime_type = def_gopher_text;
break;
}
- mb.Printf("\r\n");
- EBIT_CLR(gopherState->entry->flags, ENTRY_FWD_HDR_WAIT);
- gopherState->entry->append(mb.buf, mb.size);
- mb.clean();
+ assert(entry->isEmpty());
+ EBIT_CLR(entry->flags, ENTRY_FWD_HDR_WAIT);
+
+ HttpReply *reply = new HttpReply;
+ entry->buffer();
+ HttpVersion version(1, 0);
+ reply->setHeaders(version, HTTP_OK, "Gatewaying", mime_type, -1, -1, -2);
+ if (mime_enc)
+ reply->header.putStr(HDR_CONTENT_ENCODING, mime_enc);
+
+ entry->replaceHttpReply(reply);
}
/* Parse a gopher request into components. By Anawat. */
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-3.0.STABLE19/src/http.cc new/squid-3.0.STABLE20/src/http.cc
--- old/squid-3.0.STABLE19/src/http.cc 2009-09-06 13:29:38.000000000 +0200
+++ new/squid-3.0.STABLE20/src/http.cc 2009-10-29 11:05:48.000000000 +0100
@@ -1248,7 +1248,9 @@
void
HttpStateData::maybeReadVirginBody()
{
- int read_sz = replyBodySpace(readBuf->spaceSize());
+ // we may need to grow the buffer if headers do not fit
+ const int minRead = flags.headers_parsed ? 0 :1024;
+ const int read_sz = replyBodySpace(*readBuf, minRead);
debugs(11,9, HERE << (flags.do_next_read ? "may" : "wont") <<
" read up to " << read_sz << " bytes from FD " << fd);
@@ -1261,12 +1263,8 @@
* handler until we get a notification from someone that
* its okay to read again.
*/
- if (read_sz < 2) {
- if (flags.headers_parsed)
- return;
- else
- read_sz = 1024;
- }
+ if (read_sz < 2)
+ return;
if (flags.do_next_read) {
flags.do_next_read = 0;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-3.0.STABLE19/src/Server.cc new/squid-3.0.STABLE20/src/Server.cc
--- old/squid-3.0.STABLE19/src/Server.cc 2009-09-06 13:29:36.000000000 +0200
+++ new/squid-3.0.STABLE20/src/Server.cc 2009-10-29 11:05:46.000000000 +0100
@@ -717,8 +717,15 @@
currentOffset += len;
}
-size_t ServerStateData::replyBodySpace(size_t space)
+size_t ServerStateData::replyBodySpace(const MemBuf &readBuf,
+ const size_t minSpace) const
{
+ size_t space = readBuf.spaceSize(); // available space w/o heroic measures
+ if (space < minSpace) {
+ const size_t maxSpace = readBuf.potentialSpaceSize(); // absolute best
+ space = min(minSpace, maxSpace); // do not promise more than asked
+ }
+
#if ICAP_CLIENT
if (responseBodyBuffer) {
return 0; // Stop reading if already overflowed waiting for ICAP to catch up
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-3.0.STABLE19/src/Server.h new/squid-3.0.STABLE20/src/Server.h
--- old/squid-3.0.STABLE19/src/Server.h 2009-09-06 13:29:36.000000000 +0200
+++ new/squid-3.0.STABLE20/src/Server.h 2009-10-29 11:05:46.000000000 +0100
@@ -160,7 +160,7 @@
void adaptOrFinalizeReply();
void addVirginReplyBody(const char *buf, ssize_t len);
void storeReplyBody(const char *buf, ssize_t len);
- size_t replyBodySpace(size_t space = 4096 * 10);
+ size_t replyBodySpace(const MemBuf &readBuf, const size_t minSpace) const;
// These should be private
int64_t currentOffset; // Our current offset in the StoreEntry
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-3.0.STABLE19/src/tools.cc new/squid-3.0.STABLE20/src/tools.cc
--- old/squid-3.0.STABLE19/src/tools.cc 2009-09-06 13:29:39.000000000 +0200
+++ new/squid-3.0.STABLE20/src/tools.cc 2009-10-29 11:05:48.000000000 +0100
@@ -40,16 +40,16 @@
#include "wordlist.h"
#include "SquidTime.h"
-#ifdef _SQUID_LINUX_
-#if HAVE_SYS_CAPABILITY_H
+#if defined(_SQUID_LINUX_) && HAVE_SYS_CAPABILITY_H
+// HACK: LIBCAP_BROKEN Ugly glue to get around linux header madness colliding with glibc
+#if LIBCAP_BROKEN
#undef _POSIX_SOURCE
-/* Ugly glue to get around linux header madness colliding with glibc */
#define _LINUX_TYPES_H
#define _LINUX_FS_H
typedef uint32_t __u32;
-#include
-#endif
#endif
+#include
+#endif /* HAVE_SYS_CAPABILITY_H */
#if HAVE_SYS_PRCTL_H
#include
@@ -1356,7 +1356,10 @@
static void
restoreCapabilities(int keep)
{
-#if defined(_SQUID_LINUX_) && HAVE_SYS_CAPABILITY_H
+/* NP: keep these two if-endif separate. Non-Linux work perfectly well without Linux syscap support. */
+#if defined(_SQUID_LINUX_)
+
+#if HAVE_SYS_CAPABILITY_H
#ifndef _LINUX_CAPABILITY_VERSION_1
#define _LINUX_CAPABILITY_VERSION_1 _LINUX_CAPABILITY_VERSION
#endif
@@ -1366,54 +1369,48 @@
head->version = _LINUX_CAPABILITY_VERSION_1;
if (capget(head, cap) != 0) {
- debugs(50, 1, "Can't get current capabilities");
- goto nocap;
+ debugs(50, DBG_IMPORTANT, "Can't get current capabilities");
}
-
- if (head->version != _LINUX_CAPABILITY_VERSION_1) {
- debugs(50, 1, "Invalid capability version " << head->version << " (expected " << _LINUX_CAPABILITY_VERSION_1 << ")");
- goto nocap;
+ else if (head->version != _LINUX_CAPABILITY_VERSION_1) {
+ debugs(50, DBG_IMPORTANT, "Invalid capability version " << head->version << " (expected " << _LINUX_CAPABILITY_VERSION_1 << ")");
}
+ else {
- head->pid = 0;
-
- cap->inheritable = 0;
- cap->effective = (1 << CAP_NET_BIND_SERVICE);
-#if LINUX_TPROXY
-
- if (need_linux_tproxy)
- cap->effective |= (1 << CAP_NET_ADMIN) | (1 << CAP_NET_BROADCAST);
+ head->pid = 0;
-#endif
+ cap->inheritable = 0;
+ cap->effective = (1 << CAP_NET_BIND_SERVICE);
- if (!keep)
- cap->permitted &= cap->effective;
-
- if (capset(head, cap) != 0) {
- /* Silent failure unless TPROXY is required */
#if LINUX_TPROXY
-
if (need_linux_tproxy)
- debugs(50, 1, "Error enabling needed capabilities. Will continue without tproxy support");
+ cap->effective |= (1 << CAP_NET_ADMIN) | (1 << CAP_NET_BROADCAST);
+#endif
- need_linux_tproxy = 0;
+ if (!keep)
+ cap->permitted &= cap->effective;
+ if (capset(head, cap) != 0) {
+ /* Silent failure unless TPROXY is required */
+#if LINUX_TPROXY
+ if (need_linux_tproxy)
+ debugs(50, 1, "Error enabling needed capabilities. Will continue without tproxy support");
+ need_linux_tproxy = 0;
#endif
-
+ }
}
-nocap:
xfree(head);
xfree(cap);
-#else
-#if LINUX_TPROXY
+#else /* not HAVE_SYS_CAPABILITY_H */
+
+#if LINUX_TPROXY
if (need_linux_tproxy)
debugs(50, 1, "Missing needed capability support. Will continue without tproxy support");
-
need_linux_tproxy = 0;
-
#endif
-#endif
+#endif /* HAVE_SYS_CAPABILITY_H */
+
+#endif /* !defined(_SQUID_LINUX_) */
}
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Remember to have fun...
--
To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-commit+help@opensuse.org