commit squid for openSUSE:Factory

8 May 2019

Hello community,

here is the log from the commit of package squid for openSUSE:Factory checked in at 2019-05-08 15:17:46
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/squid (Old)
 and      /work/SRC/openSUSE:Factory/.squid.new.5148 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "squid"

Wed May  8 15:17:46 2019 rev:70 rq:701549 version:4.7

Changes:
--------

--- /work/SRC/openSUSE:Factory/squid/squid.changes	2019-02-25 17:57:04.642304406 +0100
+++ /work/SRC/openSUSE:Factory/.squid.new.5148/squid.changes	2019-05-08 15:17:48.449167800 +0200
@@ -1,0 +2,31 @@
+Wed May  8 10:41:22 UTC 2019 - Adam Majer <adam.majer@suse.de>
+
+- Update to squid 4.7: (jsc#SLE-5648)
+  + Fix stack-based buffer-overflow when parsing SNMP messages
+  + Fixed squidclient authentication
+  + Add support for buffer-size= to UDP logging
+  + Trust intermediate CAs from trusted stores
+  + Bug #4928: Cannot convert non-IPv4 to IPv4
+  + Bug #4796: comm.cc !isOpen(conn->fd) assertion when rotating logs
+  + Bug #4823: assertion failed: "lowestOffset () <= target_offset"
+    (bsc#1133089)
+  + Bug #4942: --with-filedescriptors does not do anything
+
+-------------------------------------------------------------------
+Tue Feb 26 15:53:50 UTC 2019 - adam.majer@suse.de
+
+- Syncronize bug and CVE references between 3.x and 4.x squid changelog
+  versions. These bugs were fixed here either without properly referencing
+  them during the fix or 4.x branch was never affected by them.
+  (bsc#1090089, CVE-2018-1172, bsc#979008, CVE-2016-4556,
+   bsc#938715, CVE-2015-5400, bsc#949942, CVE-2014-9749,
+   bsc#1016169, CVE-2016-10003, bsc#1016168, CVE-2016-10002,
+   bsc#979011, CVE-2016-4555, bsc#979010, CVE-2016-4554,
+   bsc#979009, CVE-2016-4553, bsc#976556, CVE-2016-4054,
+   bsc#976553, CVE-2016-4051, bsc#973783, CVE-2016-3948,
+   bsc#973782, CVE-2016-3947, bsc#968395, CVE-2016-2572,
+   bsc#968394, CVE-2016-2571, bsc#968393, CVE-2016-2570,
+   bsc#968392, CVE-2016-2569, bsc#967011, CVE-2016-2390,
+   bsc#959290, CVE-2016-4052, CVE-2016-4053)
+
+-------------------------------------------------------------------
@@ -54 +85,2 @@
-  + Fix memory leak when parsing SNMP packet (bsc#1113669)
+  + Fix memory leak when parsing SNMP packet
+    (bsc#1113669, CVE-2018-19132)
@@ -56 +88 @@
-    before displaying them (bsc#1113668)
+    before displaying them (bsc#1113668, CVE-2018-19131)

Old:
----
  squid-4.6.tar.xz
  squid-4.6.tar.xz.asc

New:
----
  squid-4.7.tar.xz
  squid-4.7.tar.xz.asc

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ squid.spec ++++++
--- /var/tmp/diff_new_pack.AQweX1/_old	2019-05-08 15:17:50.645172640 +0200
+++ /var/tmp/diff_new_pack.AQweX1/_new	2019-05-08 15:17:50.669172692 +0200
@@ -19,7 +19,7 @@
 %define         squidlibdir %{_libdir}/squid
 %define         squidconfdir %{_sysconfdir}/squid
 Name:           squid
-Version:        4.6
+Version:        4.7
 Release:        0
 Summary:        Caching and forwarding HTTP web proxy
 License:        GPL-2.0-or-later

++++++ squid-4.6.tar.xz -> squid-4.7.tar.xz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-4.6/ChangeLog new/squid-4.7/ChangeLog
--- old/squid-4.6/ChangeLog	2019-02-19 03:46:22.000000000 +0100
+++ new/squid-4.7/ChangeLog	2019-05-06 15:53:49.000000000 +0200
@@ -1,3 +1,14 @@
+Changes to squid-4.7 (06 May 2019):
+
+	- Bug 4942: --with-filedescriptors does not do anything
+	- Bug 4928: Cannot convert non-IPv4 to IPv4
+	- Bug 4823: assertion failed: "lowestOffset () <= target_offset"
+	- Bug 4796: comm.cc !isOpen(conn->fd) assertion when rotating logs
+	- Fix squidclient authentication to origin servers
+	- Fix stack-based buffer-overflow when parsing SNMP messages
+	- Add support for buffer-size= to UDP logging
+	- TLS: When using OpenSSL, trust intermediate CAs from trusted store
+
 Changes to squid-4.6 (19 Feb 2019):
 
 	- Bug 4915: Detect IPv6 loopback binding errors
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-4.6/RELEASENOTES.html new/squid-4.7/RELEASENOTES.html
--- old/squid-4.6/RELEASENOTES.html	2019-02-19 04:13:57.000000000 +0100
+++ new/squid-4.7/RELEASENOTES.html	2019-05-06 16:07:31.000000000 +0200
@@ -2,10 +2,10 @@
 <HTML>
 <HEAD>
  <META NAME="GENERATOR" CONTENT="LinuxDoc-Tools 0.9.73">
- <TITLE>Squid 4.6 release notes</TITLE>
+ <TITLE>Squid 4.7 release notes</TITLE>
 </HEAD>
 <BODY>
-<H1>Squid 4.6 release notes</H1>
+<H1>Squid 4.7 release notes</H1>
 
 <H2>Squid Developers</H2>
 <HR>
@@ -63,7 +63,7 @@
 <HR>
 <H2><A NAME="s1">1.</A> <A HREF="#toc1">Notice</A></H2>
 
-<P>The Squid Team are pleased to announce the release of Squid-4.6 for testing.</P>
+<P>The Squid Team are pleased to announce the release of Squid-4.7 for testing.</P>
 <P>This new release is available for download from 
 <A HREF="http://www.squid-cache.org/Versions/v4/">http://www.squid-cache.org/Versions/v4/</A> or the
 <A HREF="http://www.squid-cache.org/Download/http-mirrors.html">mirrors</A>.</P>
@@ -366,6 +366,9 @@
 <P>New option <EM>rotate=</EM> to control the number of log file rotations
 to make when <EM>-k rotate</EM> command is received. Default is to
 obey the <EM>logfile_rotate</EM> directive.</P>
+<P>Extend <EM>buffer-size=</EM> support to UDP logging. Prior to Squid-4.7
+log entries would be buffered up to 1400 bytes before sending to UDP logger.
+This option may now set smaller buffers, but not larger than 1400 bytes.</P>
 
 <DT><B>acl</B><DD>
 <P>New <EM>-m</EM> flag for <EM>note</EM> ACL to match substrings.</P>
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-4.6/acinclude/os-deps.m4 new/squid-4.7/acinclude/os-deps.m4
--- old/squid-4.6/acinclude/os-deps.m4	2019-02-19 03:46:22.000000000 +0100
+++ new/squid-4.7/acinclude/os-deps.m4	2019-05-06 15:53:49.000000000 +0200
@@ -164,16 +164,11 @@
 dnl sets shell var squid_filedescriptors_num
 
 AC_DEFUN([SQUID_CHECK_MAXFD],[
-AC_CHECK_FUNCS(setrlimit)
+AC_CHECK_FUNCS(getrlimit setrlimit)
 AC_MSG_CHECKING(Maximum number of filedescriptors we can open)
-dnl damn! FreeBSD pthreads break dup2().
 SQUID_STATE_SAVE(maxfd)
-  case $host in
-  i386-unknown-freebsd*)
-      if echo "$LDFLAGS" | grep -q pthread; then
-  	LDFLAGS=`echo $LDFLAGS | sed -e "s/-pthread//"`
-      fi
-  esac
+dnl FreeBSD pthreads break dup2().
+  AS_CASE([$host_os],[freebsd],[ LDFLAGS=`echo $LDFLAGS | sed -e "s/-pthread//"` ])
   AC_RUN_IFELSE([AC_LANG_SOURCE([[
 #include <stdio.h>
 #include <unistd.h>
@@ -191,7 +186,7 @@
      */
     i = NOFILE;
 #else
-#if HAVE_SETRLIMIT
+#if HAVE_GETRLIMIT && HAVE_SETRLIMIT
     struct rlimit rl;
 #if defined(RLIMIT_NOFILE)
     if (getrlimit(RLIMIT_NOFILE, &rl) < 0) {
@@ -236,19 +231,33 @@
 	fprintf (fp, "%d\n", i & ~0x3F);
 	return 0;
 }
-  ]])],[squid_filedescriptors_num=`cat conftestval`],[squid_filedescriptors_num=256],[squid_filedescriptors_num=256])
+  ]])],[squid_filedescriptors_limit=`cat conftestval`],[],[])
   dnl Microsoft MSVCRT.DLL supports 2048 maximum FDs
-  case "$host_os" in
-  mingw|mingw32)
-    squid_filedescriptors_num="2048"
-    ;;
-  esac
-  AC_MSG_RESULT($squid_filedescriptors_num)
+  AS_CASE(["$host_os"],[mingw|mingw32],[squid_filedescriptors_limit="2048"])
+  AC_MSG_RESULT($squid_filedescriptors_limit)
+  AS_IF([ test "x$squid_filedescriptors_num" = "x" ],[
+    AS_IF([ test "x$squid_filedescriptors_limit" != "x" ],[
+      squid_filedescriptors_num=$squid_filedescriptors_limit
+    ],[
+      AC_MSG_NOTICE([Unable to detect filedescriptor limits. Assuming 256 is okay.])
+      squid_filedescriptors_num=256
+    ])
+  ])
 SQUID_STATE_ROLLBACK(maxfd)
 
-if test `expr $squid_filedescriptors_num % 64` != 0; then
-    AC_MSG_WARN([$squid_filedescriptors_num is not an multiple of 64. This may cause issues on certain platforms.])
-fi
+AC_MSG_NOTICE([Default number of filedescriptors: $squid_filedescriptors_num])
+
+AS_IF([ test `expr $squid_filedescriptors_num % 64` != 0 ],[
+  AC_MSG_WARN([$squid_filedescriptors_num is not an multiple of 64. This may cause issues on certain platforms.])
+])
+
+AS_IF([ test "$squid_filedescriptors_num" -lt 512 ],[
+  AC_MSG_WARN([$squid_filedescriptors_num may not be enough filedescriptors if your])
+  AC_MSG_WARN([cache will be very busy.  Please see the FAQ page])
+  AC_MSG_WARN([http://wiki.squid-cache.org/SquidFaq/TroubleShooting])
+  AC_MSG_WARN([on how to increase your filedescriptor limit])
+])
+AC_DEFINE_UNQUOTED(SQUID_MAXFD,$squid_filedescriptors_num,[Maximum number of open filedescriptors])
 ])
 
 
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-4.6/aclocal.m4 new/squid-4.7/aclocal.m4
--- old/squid-4.6/aclocal.m4	2019-02-19 04:04:34.000000000 +0100
+++ new/squid-4.7/aclocal.m4	2019-05-06 15:56:50.000000000 +0200
@@ -4718,6 +4718,12 @@
 	_LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
 	_LT_TAGVAR(lt_prog_compiler_static, $1)='-static'
         ;;
+      # flang / f18. f95 an alias for gfortran or flang on Debian
+      flang* | f18* | f95*)
+	_LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+	_LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
+	_LT_TAGVAR(lt_prog_compiler_static, $1)='-static'
+        ;;
       # icc used to be incompatible with GCC.
       # ICC 10 doesn't accept -KPIC any more.
       icc* | ifort*)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-4.6/cfgaux/ltmain.sh new/squid-4.7/cfgaux/ltmain.sh
--- old/squid-4.6/cfgaux/ltmain.sh	2019-02-19 04:04:35.000000000 +0100
+++ new/squid-4.7/cfgaux/ltmain.sh	2019-05-06 15:56:51.000000000 +0200
@@ -31,7 +31,7 @@
 
 PROGRAM=libtool
 PACKAGE=libtool
-VERSION="2.4.6 Debian-2.4.6-9"
+VERSION="2.4.6 Debian-2.4.6-10"
 package_revision=2.4.6
 
 
@@ -2141,7 +2141,7 @@
        compiler:       $LTCC
        compiler flags: $LTCFLAGS
        linker:         $LD (gnu? $with_gnu_ld)
-       version:        $progname $scriptversion Debian-2.4.6-9
+       version:        $progname $scriptversion Debian-2.4.6-10
        automake:       `($AUTOMAKE --version) 2>/dev/null |$SED 1q`
        autoconf:       `($AUTOCONF --version) 2>/dev/null |$SED 1q`
 
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-4.6/configure new/squid-4.7/configure
--- old/squid-4.6/configure	2019-02-19 04:04:42.000000000 +0100
+++ new/squid-4.7/configure	2019-05-06 15:56:57.000000000 +0200
@@ -1,7 +1,7 @@
 #! /bin/sh
 # From configure.ac Revision.
 # Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for Squid Web Proxy 4.6.
+# Generated by GNU Autoconf 2.69 for Squid Web Proxy 4.7.
 #
 # Report bugs to <http://bugs.squid-cache.org/>.
 #
@@ -595,8 +595,8 @@
 # Identity of this package.
 PACKAGE_NAME='Squid Web Proxy'
 PACKAGE_TARNAME='squid'
-PACKAGE_VERSION='4.6'
-PACKAGE_STRING='Squid Web Proxy 4.6'
+PACKAGE_VERSION='4.7'
+PACKAGE_STRING='Squid Web Proxy 4.7'
 PACKAGE_BUGREPORT='http://bugs.squid-cache.org/'
 PACKAGE_URL=''
 
@@ -1651,7 +1651,7 @@
   # Omit some internal or obsolete options to make the list less imposing.
   # This message is too long to be a string in the A/UX 3.1 sh.
   cat <<_ACEOF
-\`configure' configures Squid Web Proxy 4.6 to adapt to many kinds of systems.
+\`configure' configures Squid Web Proxy 4.7 to adapt to many kinds of systems.
 
 Usage: $0 [OPTION]... [VAR=VALUE]...
 
@@ -1722,7 +1722,7 @@
 
 if test -n "$ac_init_help"; then
   case $ac_init_help in
-     short | recursive ) echo "Configuration of Squid Web Proxy 4.6:";;
+     short | recursive ) echo "Configuration of Squid Web Proxy 4.7:";;
    esac
   cat <<\_ACEOF
 
@@ -2155,7 +2155,7 @@
 test -n "$ac_init_help" && exit $ac_status
 if $ac_init_version; then
   cat <<\_ACEOF
-Squid Web Proxy configure 4.6
+Squid Web Proxy configure 4.7
 generated by GNU Autoconf 2.69
 
 Copyright (C) 2012 Free Software Foundation, Inc.
@@ -3259,7 +3259,7 @@
 This file contains any messages produced by compilers while
 running configure, to aid debugging if configure makes a mistake.
 
-It was created by Squid Web Proxy $as_me 4.6, which was
+It was created by Squid Web Proxy $as_me 4.7, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
 
   $ $0 $@
@@ -4126,7 +4126,7 @@
 
 # Define the identity of the package.
  PACKAGE='squid'
- VERSION='4.6'
+ VERSION='4.7'
 
 
 cat >>confdefs.h <<_ACEOF
@@ -12105,6 +12105,12 @@
 	lt_prog_compiler_pic='-KPIC'
 	lt_prog_compiler_static='-static'
         ;;
+      # flang / f18. f95 an alias for gfortran or flang on Debian
+      flang* | f18* | f95*)
+	lt_prog_compiler_wl='-Wl,'
+	lt_prog_compiler_pic='-fPIC'
+	lt_prog_compiler_static='-static'
+        ;;
       # icc used to be incompatible with GCC.
       # ICC 10 doesn't accept -KPIC any more.
       icc* | ifort*)
@@ -26173,7 +26179,7 @@
   ;;
   *)
   as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
+for as_dir in $krb5confpath
 do
   IFS=$as_save_IFS
   test -z "$as_dir" && as_dir=.
@@ -29662,7 +29668,7 @@
   ;;
   *)
   as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
+for as_dir in $krb5confpath
 do
   IFS=$as_save_IFS
   test -z "$as_dir" && as_dir=.
@@ -40430,12 +40436,13 @@
 
 
 
-for ac_func in setrlimit
+for ac_func in getrlimit setrlimit
 do :
-  ac_fn_cxx_check_func "$LINENO" "setrlimit" "ac_cv_func_setrlimit"
-if test "x$ac_cv_func_setrlimit" = xyes; then :
+  as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
+ac_fn_cxx_check_func "$LINENO" "$ac_func" "$as_ac_var"
+if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
   cat >>confdefs.h <<_ACEOF
-#define HAVE_SETRLIMIT 1
+#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
 _ACEOF
 
 fi
@@ -40459,14 +40466,17 @@
     eval "${squid_util_var_tosave2}=\"${squid_util_var_tosave}\""
 done
 
-  case $host in
-  i386-unknown-freebsd*)
-      if echo "$LDFLAGS" | grep -q pthread; then
-  	LDFLAGS=`echo $LDFLAGS | sed -e "s/-pthread//"`
-      fi
-  esac
+  case $host_os in #(
+  freebsd) :
+     LDFLAGS=`echo $LDFLAGS | sed -e "s/-pthread//"`  ;; #(
+  *) :
+     ;;
+esac
   if test "$cross_compiling" = yes; then :
-  squid_filedescriptors_num=256
+  { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error $? "cannot run test program while cross compiling
+See \`config.log' for more details" "$LINENO" 5; }
 else
   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
@@ -40487,7 +40497,7 @@
      */
     i = NOFILE;
 #else
-#if HAVE_SETRLIMIT
+#if HAVE_GETRLIMIT && HAVE_SETRLIMIT
     struct rlimit rl;
 #if defined(RLIMIT_NOFILE)
     if (getrlimit(RLIMIT_NOFILE, &rl) < 0) {
@@ -40535,21 +40545,35 @@
 
 _ACEOF
 if ac_fn_cxx_try_run "$LINENO"; then :
-  squid_filedescriptors_num=`cat conftestval`
-else
-  squid_filedescriptors_num=256
+  squid_filedescriptors_limit=`cat conftestval`
 fi
 rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
   conftest.$ac_objext conftest.beam conftest.$ac_ext
 fi
 
-    case "$host_os" in
-  mingw|mingw32)
-    squid_filedescriptors_num="2048"
-    ;;
-  esac
-  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $squid_filedescriptors_num" >&5
-$as_echo "$squid_filedescriptors_num" >&6; }
+    case "$host_os" in #(
+  mingw|mingw32) :
+    squid_filedescriptors_limit="2048" ;; #(
+  *) :
+     ;;
+esac
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $squid_filedescriptors_limit" >&5
+$as_echo "$squid_filedescriptors_limit" >&6; }
+  if  test "x$squid_filedescriptors_num" = "x" ; then :
+
+    if  test "x$squid_filedescriptors_limit" != "x" ; then :
+
+      squid_filedescriptors_num=$squid_filedescriptors_limit
+
+else
+
+      { $as_echo "$as_me:${as_lineno-$LINENO}: Unable to detect filedescriptor limits. Assuming 256 is okay." >&5
+$as_echo "$as_me: Unable to detect filedescriptor limits. Assuming 256 is okay." >&6;}
+      squid_filedescriptors_num=256
+
+fi
+
+fi
 
 # rollback state, key is maxfd
 CFLAGS="${maxfd_CFLAGS}"
@@ -40580,24 +40604,27 @@
 
 
 
-if test `expr $squid_filedescriptors_num % 64` != 0; then
-    { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $squid_filedescriptors_num is not an multiple of 64. This may cause issues on certain platforms." >&5
+{ $as_echo "$as_me:${as_lineno-$LINENO}: Default number of filedescriptors: $squid_filedescriptors_num" >&5
+$as_echo "$as_me: Default number of filedescriptors: $squid_filedescriptors_num" >&6;}
+
+if  test `expr $squid_filedescriptors_num % 64` != 0 ; then :
+
+  { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $squid_filedescriptors_num is not an multiple of 64. This may cause issues on certain platforms." >&5
 $as_echo "$as_me: WARNING: $squid_filedescriptors_num is not an multiple of 64. This may cause issues on certain platforms." >&2;}
-fi
 
-if test "x$squid_filedescriptors_num" != "x"; then
-  { $as_echo "$as_me:${as_lineno-$LINENO}: Default number of fieldescriptors: $squid_filedescriptors_num" >&5
-$as_echo "$as_me: Default number of fieldescriptors: $squid_filedescriptors_num" >&6;}
 fi
-if test "$squid_filedescriptors_num" -lt 512 ; then
-    { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $squid_filedescriptors_num may not be enough filedescriptors if your" >&5
+
+if  test "$squid_filedescriptors_num" -lt 512 ; then :
+
+  { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $squid_filedescriptors_num may not be enough filedescriptors if your" >&5
 $as_echo "$as_me: WARNING: $squid_filedescriptors_num may not be enough filedescriptors if your" >&2;}
-    { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cache will be very busy.  Please see the FAQ page" >&5
+  { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cache will be very busy.  Please see the FAQ page" >&5
 $as_echo "$as_me: WARNING: cache will be very busy.  Please see the FAQ page" >&2;}
-    { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: http://wiki.squid-cache.org/SquidFaq/TroubleShooting" >&5
+  { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: http://wiki.squid-cache.org/SquidFaq/TroubleShooting" >&5
 $as_echo "$as_me: WARNING: http://wiki.squid-cache.org/SquidFaq/TroubleShooting" >&2;}
-    { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: on how to increase your filedescriptor limit" >&5
+  { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: on how to increase your filedescriptor limit" >&5
 $as_echo "$as_me: WARNING: on how to increase your filedescriptor limit" >&2;}
+
 fi
 
 cat >>confdefs.h <<_ACEOF
@@ -40606,6 +40633,7 @@
 
 
 
+
 { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable IPv6" >&5
 $as_echo_n "checking whether to enable IPv6... " >&6; }
 # Check whether --enable-ipv6 was given.
@@ -41128,7 +41156,6 @@
 	getdtablesize \
 	getpagesize \
 	getpass \
-	getrlimit \
 	getrusage \
 	getspnam \
 	gettimeofday \
@@ -44188,7 +44215,7 @@
 # report actual input values of CONFIG_FILES etc. instead of their
 # values after options handling.
 ac_log="
-This file was extended by Squid Web Proxy $as_me 4.6, which was
+This file was extended by Squid Web Proxy $as_me 4.7, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
 
   CONFIG_FILES    = $CONFIG_FILES
@@ -44254,7 +44281,7 @@
 cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
 ac_cs_version="\\
-Squid Web Proxy config.status 4.6
+Squid Web Proxy config.status 4.7
 configured by $0, generated by GNU Autoconf 2.69,
   with options \\"\$ac_cs_config\\"
 
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-4.6/configure.ac new/squid-4.7/configure.ac
--- old/squid-4.6/configure.ac	2019-02-19 04:04:42.000000000 +0100
+++ new/squid-4.7/configure.ac	2019-05-06 15:56:57.000000000 +0200
@@ -5,7 +5,7 @@
 ## Please see the COPYING and CONTRIBUTORS files for details.
 ##
 
-AC_INIT([Squid Web Proxy],[4.6],[http://bugs.squid-cache.org/],[squid])
+AC_INIT([Squid Web Proxy],[4.7],[http://bugs.squid-cache.org/],[squid])
 AC_PREREQ(2.61)
 AC_CONFIG_HEADERS([include/autoconf.h])
 AC_CONFIG_AUX_DIR(cfgaux)
@@ -1442,7 +1442,7 @@
   ])
   if test "x$squid_pc_krb5_name" = "x" -a "$cross_compiling" = "no"; then
     # Look for krb5-config (unless cross-compiling)
-    AC_PATH_PROG(krb5_config,krb5-config,no)
+    AC_PATH_PROG(krb5_config,krb5-config,no,$krb5confpath)
     if test "x$ac_cv_path_krb5_config" != "xno" ; then
       krb5confpath="`dirname $ac_cv_path_krb5_config`"
       ac_heimdal="`$ac_cv_path_krb5_config --version 2>/dev/null | grep -c -i heimdal`"
@@ -1675,7 +1675,7 @@
   fi
   if test "x$squid_pc_krb5_name" = "x" -a "$cross_compiling" = "no"; then
     # Look for krb5-config (unless cross-compiling)
-    AC_PATH_PROG(krb5_config,krb5-config,no)
+    AC_PATH_PROG(krb5_config,krb5-config,no,$krb5confpath)
     if test "x$ac_cv_path_krb5_config" != "xno" ; then
       krb5confpath="`dirname $ac_cv_path_krb5_config`"
       ac_heimdal="`$ac_cv_path_krb5_config --version 2>/dev/null | grep -c -i heimdal`"
@@ -3192,16 +3192,6 @@
 
 SQUID_CHECK_DEFAULT_FD_SETSIZE
 SQUID_CHECK_MAXFD
-if test "x$squid_filedescriptors_num" != "x"; then
-  AC_MSG_NOTICE([Default number of fieldescriptors: $squid_filedescriptors_num])
-fi
-if test "$squid_filedescriptors_num" -lt 512 ; then
-    AC_MSG_WARN([$squid_filedescriptors_num may not be enough filedescriptors if your])
-    AC_MSG_WARN([cache will be very busy.  Please see the FAQ page])
-    AC_MSG_WARN([http://wiki.squid-cache.org/SquidFaq/TroubleShooting])
-    AC_MSG_WARN([on how to increase your filedescriptor limit])
-fi
-AC_DEFINE_UNQUOTED(SQUID_MAXFD, $squid_filedescriptors_num,[Maximum number of open filedescriptors])
 
 
 dnl Enable IPv6 support
@@ -3346,7 +3336,6 @@
 	getdtablesize \
 	getpagesize \
 	getpass \
-	getrlimit \
 	getrusage \
 	getspnam \
 	gettimeofday \
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-4.6/doc/release-notes/release-4.html new/squid-4.7/doc/release-notes/release-4.html
--- old/squid-4.6/doc/release-notes/release-4.html	2019-02-19 04:13:57.000000000 +0100
+++ new/squid-4.7/doc/release-notes/release-4.html	2019-05-06 16:07:31.000000000 +0200
@@ -2,10 +2,10 @@
 <HTML>
 <HEAD>
  <META NAME="GENERATOR" CONTENT="LinuxDoc-Tools 0.9.73">
- <TITLE>Squid 4.6 release notes</TITLE>
+ <TITLE>Squid 4.7 release notes</TITLE>
 </HEAD>
 <BODY>
-<H1>Squid 4.6 release notes</H1>
+<H1>Squid 4.7 release notes</H1>
 
 <H2>Squid Developers</H2>
 <HR>
@@ -63,7 +63,7 @@
 <HR>
 <H2><A NAME="s1">1.</A> <A HREF="#toc1">Notice</A></H2>
 
-<P>The Squid Team are pleased to announce the release of Squid-4.6 for testing.</P>
+<P>The Squid Team are pleased to announce the release of Squid-4.7 for testing.</P>
 <P>This new release is available for download from 
 <A HREF="http://www.squid-cache.org/Versions/v4/">http://www.squid-cache.org/Versions/v4/</A> or the
 <A HREF="http://www.squid-cache.org/Download/http-mirrors.html">mirrors</A>.</P>
@@ -366,6 +366,9 @@
 <P>New option <EM>rotate=</EM> to control the number of log file rotations
 to make when <EM>-k rotate</EM> command is received. Default is to
 obey the <EM>logfile_rotate</EM> directive.</P>
+<P>Extend <EM>buffer-size=</EM> support to UDP logging. Prior to Squid-4.7
+log entries would be buffered up to 1400 bytes before sending to UDP logger.
+This option may now set smaller buffers, but not larger than 1400 bytes.</P>
 
 <DT><B>acl</B><DD>
 <P>New <EM>-m</EM> flag for <EM>note</EM> ACL to match substrings.</P>
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-4.6/include/version.h new/squid-4.7/include/version.h
--- old/squid-4.6/include/version.h	2019-02-19 04:04:42.000000000 +0100
+++ new/squid-4.7/include/version.h	2019-05-06 15:56:57.000000000 +0200
@@ -7,7 +7,7 @@
  */
 
 #ifndef SQUID_RELEASE_TIME
-#define SQUID_RELEASE_TIME 1550545471
+#define SQUID_RELEASE_TIME 1557151008
 #endif
 
 /*
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-4.6/lib/snmplib/snmp_msg.c new/squid-4.7/lib/snmplib/snmp_msg.c
--- old/squid-4.6/lib/snmplib/snmp_msg.c	2019-02-19 03:46:22.000000000 +0100
+++ new/squid-4.7/lib/snmplib/snmp_msg.c	2019-05-06 15:53:49.000000000 +0200
@@ -272,12 +272,16 @@
         snmplib_debug(4, "snmp_msg_Decode:Error decoding SNMP Message Header (Version)!\n");
         ASN_PARSE_ERROR(NULL);
     }
+    int terminatorPos = *CommLenP - 1;
     bufp = asn_parse_string(bufp, PacketLenP, &type, Community, CommLenP);
     if (bufp == NULL) {
         snmplib_debug(4, "snmp_msg_Decode:Error decoding SNMP Message Header (Community)!\n");
         ASN_PARSE_ERROR(NULL);
     }
-    Community[*CommLenP] = '\0';
+    if (*CommLenP < terminatorPos) {
+        terminatorPos = *CommLenP;
+    }
+    Community[terminatorPos] = '\0';
 
     if ((*Version != SNMP_VERSION_1) &&
             (*Version != SNMP_VERSION_2)) {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-4.6/lib/snmplib/snmp_vars.c new/squid-4.7/lib/snmplib/snmp_vars.c
--- old/squid-4.6/lib/snmplib/snmp_vars.c	2019-02-19 03:46:22.000000000 +0100
+++ new/squid-4.7/lib/snmplib/snmp_vars.c	2019-05-06 15:53:49.000000000 +0200
@@ -511,9 +511,14 @@
                 snmp_set_api_error(SNMPERR_OS_ERR);
                 PARSE_ERROR;
             }
+            int terminatorPos = Var->val_len - 1;
             bufp = asn_parse_string(DataPtr, &ThisVarLen,
                                     &Var->type, Var->val.string,
                                     &Var->val_len);
+            if (Var->val_len < terminatorPos) {
+                terminatorPos = Var->val_len;
+            }
+            Var->val.string[terminatorPos] = '\0';
 #if DEBUG_VARS_DECODE
             printf("VARS: Decoded string '%s' (length %d) (%d bytes left)\n",
                    (Var->val.string), Var->val_len, ThisVarLen);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-4.6/libltdl/configure new/squid-4.7/libltdl/configure
--- old/squid-4.6/libltdl/configure	2019-02-19 04:05:24.000000000 +0100
+++ new/squid-4.7/libltdl/configure	2019-05-06 15:57:50.000000000 +0200
@@ -8774,6 +8774,12 @@
 	lt_prog_compiler_pic='-KPIC'
 	lt_prog_compiler_static='-static'
         ;;
+      # flang / f18. f95 an alias for gfortran or flang on Debian
+      flang* | f18* | f95*)
+	lt_prog_compiler_wl='-Wl,'
+	lt_prog_compiler_pic='-fPIC'
+	lt_prog_compiler_static='-static'
+        ;;
       # icc used to be incompatible with GCC.
       # ICC 10 doesn't accept -KPIC any more.
       icc* | ifort*)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-4.6/libltdl/m4/libtool.m4 new/squid-4.7/libltdl/m4/libtool.m4
--- old/squid-4.6/libltdl/m4/libtool.m4	2019-02-19 04:04:35.000000000 +0100
+++ new/squid-4.7/libltdl/m4/libtool.m4	2019-05-06 15:56:51.000000000 +0200
@@ -4704,6 +4704,12 @@
 	_LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
 	_LT_TAGVAR(lt_prog_compiler_static, $1)='-static'
         ;;
+      # flang / f18. f95 an alias for gfortran or flang on Debian
+      flang* | f18* | f95*)
+	_LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+	_LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
+	_LT_TAGVAR(lt_prog_compiler_static, $1)='-static'
+        ;;
       # icc used to be incompatible with GCC.
       # ICC 10 doesn't accept -KPIC any more.
       icc* | ifort*)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-4.6/src/Store.h new/squid-4.7/src/Store.h
--- old/squid-4.6/src/Store.h	2019-02-19 03:46:22.000000000 +0100
+++ new/squid-4.7/src/Store.h	2019-05-06 15:53:49.000000000 +0200
@@ -119,6 +119,8 @@
     bool swappingOut() const { return swap_status == SWAPOUT_WRITING; }
     /// whether the entire entry is now on disk (possibly marked for deletion)
     bool swappedOut() const { return swap_status == SWAPOUT_DONE; }
+    /// whether we failed to write this entry to disk
+    bool swapoutFailed() const { return swap_status == SWAPOUT_FAILED; }
     void swapOutFileClose(int how);
     const char *url() const;
     /// Satisfies cachability requirements shared among disk and RAM caches.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-4.6/src/acl/external/SQL_session/ext_sql_session_acl.8 new/squid-4.7/src/acl/external/SQL_session/ext_sql_session_acl.8
--- old/squid-4.6/src/acl/external/SQL_session/ext_sql_session_acl.8	2019-02-19 04:14:01.000000000 +0100
+++ new/squid-4.7/src/acl/external/SQL_session/ext_sql_session_acl.8	2019-05-06 16:07:34.000000000 +0200
@@ -133,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "EXT_SQL_SESSION_ACL 8"
-.TH EXT_SQL_SESSION_ACL 8 "2019-02-19" "perl v5.28.1" "User Contributed Perl Documentation"
+.TH EXT_SQL_SESSION_ACL 8 "2019-05-06" "perl v5.28.1" "User Contributed Perl Documentation"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-4.6/src/acl/external/delayer/ext_delayer_acl.8 new/squid-4.7/src/acl/external/delayer/ext_delayer_acl.8
--- old/squid-4.6/src/acl/external/delayer/ext_delayer_acl.8	2019-02-19 04:14:01.000000000 +0100
+++ new/squid-4.7/src/acl/external/delayer/ext_delayer_acl.8	2019-05-06 16:07:33.000000000 +0200
@@ -133,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "EXT_DELAYER_ACL 8"
-.TH EXT_DELAYER_ACL 8 "2019-02-19" "perl v5.28.1" "User Contributed Perl Documentation"
+.TH EXT_DELAYER_ACL 8 "2019-05-06" "perl v5.28.1" "User Contributed Perl Documentation"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-4.6/src/acl/external/wbinfo_group/ext_wbinfo_group_acl.8 new/squid-4.7/src/acl/external/wbinfo_group/ext_wbinfo_group_acl.8
--- old/squid-4.6/src/acl/external/wbinfo_group/ext_wbinfo_group_acl.8	2019-02-19 04:14:01.000000000 +0100
+++ new/squid-4.7/src/acl/external/wbinfo_group/ext_wbinfo_group_acl.8	2019-05-06 16:07:34.000000000 +0200
@@ -133,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "EXT_WBINFO_GROUP_ACL 8"
-.TH EXT_WBINFO_GROUP_ACL 8 "2019-02-19" "perl v5.28.1" "User Contributed Perl Documentation"
+.TH EXT_WBINFO_GROUP_ACL 8 "2019-05-06" "perl v5.28.1" "User Contributed Perl Documentation"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-4.6/src/auth/basic/DB/basic_db_auth.8 new/squid-4.7/src/auth/basic/DB/basic_db_auth.8
--- old/squid-4.6/src/auth/basic/DB/basic_db_auth.8	2019-02-19 04:14:03.000000000 +0100
+++ new/squid-4.7/src/auth/basic/DB/basic_db_auth.8	2019-05-06 16:07:34.000000000 +0200
@@ -133,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "BASIC_DB_AUTH 8"
-.TH BASIC_DB_AUTH 8 "2019-02-19" "perl v5.28.1" "User Contributed Perl Documentation"
+.TH BASIC_DB_AUTH 8 "2019-05-06" "perl v5.28.1" "User Contributed Perl Documentation"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-4.6/src/auth/basic/POP3/basic_pop3_auth.8 new/squid-4.7/src/auth/basic/POP3/basic_pop3_auth.8
--- old/squid-4.6/src/auth/basic/POP3/basic_pop3_auth.8	2019-02-19 04:14:03.000000000 +0100
+++ new/squid-4.7/src/auth/basic/POP3/basic_pop3_auth.8	2019-05-06 16:07:34.000000000 +0200
@@ -133,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "BASIC_POP3_AUTH 8"
-.TH BASIC_POP3_AUTH 8 "2019-02-19" "perl v5.28.1" "User Contributed Perl Documentation"
+.TH BASIC_POP3_AUTH 8 "2019-05-06" "perl v5.28.1" "User Contributed Perl Documentation"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-4.6/src/comm/TcpAcceptor.cc new/squid-4.7/src/comm/TcpAcceptor.cc
--- old/squid-4.6/src/comm/TcpAcceptor.cc	2019-02-19 03:46:22.000000000 +0100
+++ new/squid-4.7/src/comm/TcpAcceptor.cc	2019-05-06 15:53:49.000000000 +0200
@@ -282,16 +282,7 @@
     ConnectionPointer newConnDetails = new Connection();
     const Comm::Flag flag = oldAccept(newConnDetails);
 
-    /* Check for errors */
-    if (!newConnDetails->isOpen()) {
-
-        if (flag == Comm::NOMESSAGE) {
-            /* register interest again */
-            debugs(5, 5, HERE << "try later: " << conn << " handler Subscription: " << theCallSub);
-            SetSelect(conn->fd, COMM_SELECT_READ, doAccept, this, 0);
-            return;
-        }
-
+    if (flag == Comm::COMM_ERROR) {
         // A non-recoverable error; notify the caller */
         debugs(5, 5, HERE << "non-recoverable error:" << status() << " handler Subscription: " << theCallSub);
         if (intendedForUserConnections())
@@ -301,12 +292,16 @@
         return;
     }
 
-    newConnDetails->nfmark = Ip::Qos::getNfmarkFromConnection(newConnDetails, Ip::Qos::dirAccepted);
+    if (flag == Comm::NOMESSAGE) {
+        /* register interest again */
+        debugs(5, 5, "try later: " << conn << " handler Subscription: " << theCallSub);
+    } else {
+        debugs(5, 5, "Listener: " << conn <<
+               " accepted new connection " << newConnDetails <<
+               " handler Subscription: " << theCallSub);
+        notify(flag, newConnDetails);
+    }
 
-    debugs(5, 5, HERE << "Listener: " << conn <<
-           " accepted new connection " << newConnDetails <<
-           " handler Subscription: " << theCallSub);
-    notify(flag, newConnDetails);
     SetSelect(conn->fd, COMM_SELECT_READ, doAccept, this, 0);
 }
 
@@ -346,8 +341,8 @@
  *
  * \retval Comm::OK          success. details parameter filled.
  * \retval Comm::NOMESSAGE   attempted accept() but nothing useful came in.
- * \retval Comm::COMM_ERROR  an outright failure occurred.
  *                           Or this client has too many connections already.
+ * \retval Comm::COMM_ERROR  an outright failure occurred.
  */
 Comm::Flag
 Comm::TcpAcceptor::oldAccept(Comm::ConnectionPointer &details)
@@ -382,15 +377,6 @@
     details->fd = sock;
     details->remote = *gai;
 
-    if ( Config.client_ip_max_connections >= 0) {
-        if (clientdbEstablished(details->remote, 0) > Config.client_ip_max_connections) {
-            debugs(50, DBG_IMPORTANT, "WARNING: " << details->remote << " attempting more than " << Config.client_ip_max_connections << " connections.");
-            Ip::Address::FreeAddr(gai);
-            PROF_stop(comm_accept);
-            return Comm::COMM_ERROR;
-        }
-    }
-
     // lookup the local-end details of this new connection
     Ip::Address::InitAddr(gai);
     details->local.setEmpty();
@@ -404,6 +390,34 @@
     details->local = *gai;
     Ip::Address::FreeAddr(gai);
 
+    // Perform NAT or TPROXY operations to retrieve the real client/dest IP addresses
+    if (conn->flags&(COMM_TRANSPARENT|COMM_INTERCEPTION) && !Ip::Interceptor.Lookup(details, conn)) {
+        debugs(50, DBG_IMPORTANT, "ERROR: NAT/TPROXY lookup failed to locate original IPs on " << details);
+        // Failed.
+        PROF_stop(comm_accept);
+        return Comm::COMM_ERROR;
+    }
+
+#if USE_SQUID_EUI
+    if (Eui::TheConfig.euiLookup) {
+        if (details->remote.isIPv4()) {
+            details->remoteEui48.lookup(details->remote);
+        } else if (details->remote.isIPv6()) {
+            details->remoteEui64.lookup(details->remote);
+        }
+    }
+#endif
+
+    details->nfmark = Ip::Qos::getNfmarkFromConnection(details, Ip::Qos::dirAccepted);
+
+    if (Config.client_ip_max_connections >= 0) {
+        if (clientdbEstablished(details->remote, 0) > Config.client_ip_max_connections) {
+            debugs(50, DBG_IMPORTANT, "WARNING: " << details->remote << " attempting more than " << Config.client_ip_max_connections << " connections.");
+            PROF_stop(comm_accept);
+            return Comm::NOMESSAGE;
+        }
+    }
+
     /* fdstat update */
     // XXX : these are not all HTTP requests. use a note about type and ip:port details->
     // so we end up with a uniform "(HTTP|FTP-data|HTTPS|...) remote-ip:remote-port"
@@ -425,24 +439,6 @@
     /* IFF the socket is (tproxy) transparent, pass the flag down to allow spoofing */
     F->flags.transparent = fd_table[conn->fd].flags.transparent; // XXX: can we remove this line yet?
 
-    // Perform NAT or TPROXY operations to retrieve the real client/dest IP addresses
-    if (conn->flags&(COMM_TRANSPARENT|COMM_INTERCEPTION) && !Ip::Interceptor.Lookup(details, conn)) {
-        debugs(50, DBG_IMPORTANT, "ERROR: NAT/TPROXY lookup failed to locate original IPs on " << details);
-        // Failed.
-        PROF_stop(comm_accept);
-        return Comm::COMM_ERROR;
-    }
-
-#if USE_SQUID_EUI
-    if (Eui::TheConfig.euiLookup) {
-        if (details->remote.isIPv4()) {
-            details->remoteEui48.lookup(details->remote);
-        } else if (details->remote.isIPv6()) {
-            details->remoteEui64.lookup(details->remote);
-        }
-    }
-#endif
-
     PROF_stop(comm_accept);
     return Comm::OK;
 }
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-4.6/src/enums.h new/squid-4.7/src/enums.h
--- old/squid-4.6/src/enums.h	2019-02-19 03:46:22.000000000 +0100
+++ new/squid-4.7/src/enums.h	2019-05-06 15:53:49.000000000 +0200
@@ -57,7 +57,11 @@
     SWAPOUT_WRITING,
     /// StoreEntry is associated with a complete (i.e., fully swapped out) disk store entry.
     /// Guarantees the disk store entry existence.
-    SWAPOUT_DONE
+    SWAPOUT_DONE,
+    /// StoreEntry is associated with an unusable disk store entry.
+    /// Swapout attempt has failed. The entry should be marked for eventual deletion.
+    /// Guarantees the disk store entry existence.
+    SWAPOUT_FAILED
 } swap_status_t;
 
 typedef enum {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-4.6/src/fs/ufs/UFSSwapDir.cc new/squid-4.7/src/fs/ufs/UFSSwapDir.cc
--- old/squid-4.6/src/fs/ufs/UFSSwapDir.cc	2019-02-19 03:46:22.000000000 +0100
+++ new/squid-4.7/src/fs/ufs/UFSSwapDir.cc	2019-05-06 15:53:49.000000000 +0200
@@ -1181,6 +1181,8 @@
     if (!e.hasDisk())
         return; // see evictIfFound()
 
+    // Since these fields grow only after swap out ends successfully,
+    // do not decrement them for e.swappingOut() and e.swapoutFailed().
     if (e.swappedOut()) {
         cur_size -= fs.blksize * sizeInBlocks(e.swap_file_sz);
         --n_disk_objects;
@@ -1270,7 +1272,7 @@
 Fs::Ufs::UFSSwapDir::finalizeSwapoutFailure(StoreEntry &entry)
 {
     debugs(47, 5, entry);
-    // rely on the expected subsequent StoreEntry::release(), evictCached(), or
+    // rely on the expected eventual StoreEntry::release(), evictCached(), or
     // a similar call to call unlink(), detachFromDisk(), etc. for the entry.
 }
 
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-4.6/src/http/url_rewriters/LFS/url_lfs_rewrite.8 new/squid-4.7/src/http/url_rewriters/LFS/url_lfs_rewrite.8
--- old/squid-4.6/src/http/url_rewriters/LFS/url_lfs_rewrite.8	2019-02-19 04:14:05.000000000 +0100
+++ new/squid-4.7/src/http/url_rewriters/LFS/url_lfs_rewrite.8	2019-05-06 16:07:35.000000000 +0200
@@ -133,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "URL_LFS_REWRITE 8"
-.TH URL_LFS_REWRITE 8 "2019-02-19" "perl v5.28.1" "User Contributed Perl Documentation"
+.TH URL_LFS_REWRITE 8 "2019-05-06" "perl v5.28.1" "User Contributed Perl Documentation"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-4.6/src/log/DB/log_db_daemon.8 new/squid-4.7/src/log/DB/log_db_daemon.8
--- old/squid-4.6/src/log/DB/log_db_daemon.8	2019-02-19 04:14:05.000000000 +0100
+++ new/squid-4.7/src/log/DB/log_db_daemon.8	2019-05-06 16:07:35.000000000 +0200
@@ -133,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "LOG_DB_DAEMON 8"
-.TH LOG_DB_DAEMON 8 "2019-02-19" "perl v5.28.1" "User Contributed Perl Documentation"
+.TH LOG_DB_DAEMON 8 "2019-05-06" "perl v5.28.1" "User Contributed Perl Documentation"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-4.6/src/log/ModUdp.cc new/squid-4.7/src/log/ModUdp.cc
--- old/squid-4.6/src/log/ModUdp.cc	2019-02-19 03:46:22.000000000 +0100
+++ new/squid-4.7/src/log/ModUdp.cc	2019-05-06 15:53:49.000000000 +0200
@@ -205,7 +205,8 @@
      * applications like netcat have a small default receive buffer and will
      * truncate!
      */
-    bufsz = 1400;
+    if (bufsz > 1400)
+        bufsz = 1400;
     if (bufsz > 0) {
         ll->buf = static_cast<char*>(xmalloc(bufsz));
         ll->bufsz = bufsz;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-4.6/src/main.cc new/squid-4.7/src/main.cc
--- old/squid-4.6/src/main.cc	2019-02-19 03:46:22.000000000 +0100
+++ new/squid-4.7/src/main.cc	2019-05-06 15:53:49.000000000 +0200
@@ -1152,7 +1152,9 @@
 
     _db_init(Debug::cache_log, Debug::debugOptions);
 
-    fd_open(fileno(debug_log), FD_LOG, Debug::cache_log);
+    // Do not register cache.log descriptor with Comm (for now).
+    // See https://bugs.squid-cache.org/show_bug.cgi?id=4796
+    // fd_open(fileno(debug_log), FD_LOG, Debug::cache_log);
 
     debugs(1, DBG_CRITICAL, "Starting Squid Cache version " << version_string << " for " << CONFIG_HOST_TYPE << "...");
     debugs(1, DBG_CRITICAL, "Service Name: " << service_name);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-4.6/src/security/PeerOptions.cc new/squid-4.7/src/security/PeerOptions.cc
--- old/squid-4.6/src/security/PeerOptions.cc	2019-02-19 03:46:22.000000000 +0100
+++ new/squid-4.7/src/security/PeerOptions.cc	2019-05-06 15:53:49.000000000 +0200
@@ -287,6 +287,7 @@
         updateContextNpn(t);
         updateContextCa(t);
         updateContextCrl(t);
+        updateContextTrust(t);
     }
 
     return t;
@@ -703,6 +704,23 @@
 }
 
 void
+Security::PeerOptions::updateContextTrust(Security::ContextPointer &ctx)
+{
+#if USE_OPENSSL
+#if defined(X509_V_FLAG_PARTIAL_CHAIN)
+    const auto st = SSL_CTX_get_cert_store(ctx.get());
+    assert(st);
+    if (X509_STORE_set_flags(st, X509_V_FLAG_PARTIAL_CHAIN) != 1) {
+        debugs(83, DBG_IMPORTANT, "ERROR: Failed to enable trust in intermediate CA certificates: " <<
+               Security::ErrorString(ERR_get_error()));
+    }
+#endif
+#elif USE_GNUTLS
+    // Modern GnuTLS versions trust intermediate CA certificates by default.
+#endif /* TLS library */
+}
+
+void
 Security::PeerOptions::updateSessionOptions(Security::SessionPointer &s)
 {
 #if USE_OPENSSL
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-4.6/src/security/PeerOptions.h new/squid-4.7/src/security/PeerOptions.h
--- old/squid-4.6/src/security/PeerOptions.h	2019-02-19 03:46:22.000000000 +0100
+++ new/squid-4.7/src/security/PeerOptions.h	2019-05-06 15:53:49.000000000 +0200
@@ -56,6 +56,9 @@
     /// setup the CRL details for the given context
     void updateContextCrl(Security::ContextPointer &);
 
+    /// decide which CAs to trust
+    void updateContextTrust(Security::ContextPointer &);
+
     /// setup any library-specific options that can be set for the given session
     void updateSessionOptions(Security::SessionPointer &);
 
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-4.6/src/security/ServerOptions.cc new/squid-4.7/src/security/ServerOptions.cc
--- old/squid-4.6/src/security/ServerOptions.cc	2019-02-19 03:46:22.000000000 +0100
+++ new/squid-4.7/src/security/ServerOptions.cc	2019-05-06 15:53:49.000000000 +0200
@@ -439,6 +439,7 @@
         }
 
         updateContextCrl(ctx);
+        updateContextTrust(ctx);
 
     } else {
         debugs(83, 9, "Not requiring any client certificates");
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-4.6/src/security/cert_validators/fake/security_fake_certverify.8 new/squid-4.7/src/security/cert_validators/fake/security_fake_certverify.8
--- old/squid-4.6/src/security/cert_validators/fake/security_fake_certverify.8	2019-02-19 04:14:06.000000000 +0100
+++ new/squid-4.7/src/security/cert_validators/fake/security_fake_certverify.8	2019-05-06 16:07:36.000000000 +0200
@@ -133,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SECURITY_FAKE_CERTVERIFY 8"
-.TH SECURITY_FAKE_CERTVERIFY 8 "2019-02-19" "perl v5.28.1" "User Contributed Perl Documentation"
+.TH SECURITY_FAKE_CERTVERIFY 8 "2019-05-06" "perl v5.28.1" "User Contributed Perl Documentation"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-4.6/src/store/id_rewriters/file/storeid_file_rewrite.8 new/squid-4.7/src/store/id_rewriters/file/storeid_file_rewrite.8
--- old/squid-4.6/src/store/id_rewriters/file/storeid_file_rewrite.8	2019-02-19 04:14:02.000000000 +0100
+++ new/squid-4.7/src/store/id_rewriters/file/storeid_file_rewrite.8	2019-05-06 16:07:34.000000000 +0200
@@ -133,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "STOREID_FILE_REWRITE 8"
-.TH STOREID_FILE_REWRITE 8 "2019-02-19" "perl v5.28.1" "User Contributed Perl Documentation"
+.TH STOREID_FILE_REWRITE 8 "2019-05-06" "perl v5.28.1" "User Contributed Perl Documentation"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-4.6/src/store.cc new/squid-4.7/src/store.cc
--- old/squid-4.6/src/store.cc	2019-02-19 03:46:22.000000000 +0100
+++ new/squid-4.7/src/store.cc	2019-05-06 15:53:49.000000000 +0200
@@ -83,7 +83,8 @@
 const char *swapStatusStr[] = {
     "SWAPOUT_NONE",
     "SWAPOUT_WRITING",
-    "SWAPOUT_DONE"
+    "SWAPOUT_DONE",
+    "SWAPOUT_FAILED"
 };
 
 /*
@@ -257,6 +258,8 @@
 // XXX: Type names mislead. STORE_DISK_CLIENT actually means that we should
 //      open swapin file, aggressively trim memory, and ignore read-ahead gap.
 //      It does not mean we will read from disk exclusively (or at all!).
+//      STORE_MEM_CLIENT covers all other cases, including in-memory entries,
+//      newly created entries, and entries not backed by disk or memory cache.
 // XXX: May create STORE_DISK_CLIENT with no disk caching configured.
 // XXX: Collapsed clients cannot predict their type.
 store_client_t
@@ -279,6 +282,9 @@
         return STORE_MEM_CLIENT;
     }
 
+    if (swapoutFailed())
+        return STORE_MEM_CLIENT;
+
     if (store_status == STORE_OK) {
         /* the object has completed. */
 
@@ -2044,13 +2050,23 @@
 void
 StoreEntry::checkDisk() const
 {
-    const bool ok = (swap_dirn < 0) == (swap_filen < 0) &&
-                    (swap_dirn < 0) == (swap_status == SWAPOUT_NONE) &&
-                    (swap_dirn < 0 || swap_dirn < Config.cacheSwap.n_configured);
-
-    if (!ok) {
-        debugs(88, DBG_IMPORTANT, "ERROR: inconsistent disk entry state " << *this);
-        throw std::runtime_error("inconsistent disk entry state ");
+    try {
+        if (swap_dirn < 0) {
+            Must(swap_filen < 0);
+            Must(swap_status == SWAPOUT_NONE);
+        } else {
+            Must(swap_filen >= 0);
+            Must(swap_dirn < Config.cacheSwap.n_configured);
+            if (swapoutFailed()) {
+                Must(EBIT_TEST(flags, RELEASE_REQUEST));
+            } else {
+                Must(swappingOut() || swappedOut());
+            }
+        }
+    } catch (...) {
+        debugs(88, DBG_IMPORTANT, "ERROR: inconsistent disk entry state " <<
+               *this << "; problem: " << CurrentException);
+        throw;
     }
 }
 
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-4.6/src/store_client.cc new/squid-4.7/src/store_client.cc
--- old/squid-4.6/src/store_client.cc	2019-02-19 03:46:22.000000000 +0100
+++ new/squid-4.7/src/store_client.cc	2019-05-06 15:53:49.000000000 +0200
@@ -162,7 +162,7 @@
     if (getType() == STORE_DISK_CLIENT) {
         /* assert we'll be able to get the data we want */
         /* maybe we should open swapin_sio here */
-        assert(entry->hasDisk() || entry->swappingOut());
+        assert(entry->hasDisk() && !entry->swapoutFailed());
     }
 }
 
@@ -662,7 +662,8 @@
     dlinkDelete(&sc->node, &mem->clients);
     -- mem->nclients;
 
-    if (e->store_status == STORE_OK && !e->swappedOut())
+    const auto swapoutFinished = e->swappedOut() || e->swapoutFailed();
+    if (e->store_status == STORE_OK && !swapoutFinished)
         e->swapOut();
 
     if (sc->swapin_sio != NULL) {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-4.6/src/store_swapin.cc new/squid-4.7/src/store_swapin.cc
--- old/squid-4.6/src/store_swapin.cc	2019-02-19 03:46:22.000000000 +0100
+++ new/squid-4.7/src/store_swapin.cc	2019-05-06 15:53:49.000000000 +0200
@@ -38,6 +38,11 @@
         return;
     }
 
+    if (e->swapoutFailed()) {
+        debugs(20, DBG_IMPORTANT, "BUG: Attempt to swap in a failed-to-store entry " << *e << ". Salvaged.");
+        return;
+    }
+
     assert(e->mem_obj != NULL);
     sc->swapin_sio = storeOpen(e, storeSwapInFileNotify, storeSwapInFileClosed, sc);
 }
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-4.6/src/store_swapout.cc new/squid-4.7/src/store_swapout.cc
--- old/squid-4.6/src/store_swapout.cc	2019-02-19 03:46:22.000000000 +0100
+++ new/squid-4.7/src/store_swapout.cc	2019-05-06 15:53:49.000000000 +0200
@@ -88,19 +88,9 @@
 
 /// XXX: unused, see a related StoreIOState::file_callback
 static void
-storeSwapOutFileNotify(void *data, int errflag, StoreIOState::Pointer self)
+storeSwapOutFileNotify(void *, int, StoreIOState::Pointer)
 {
-    StoreEntry *e;
-    static_cast<generic_cbdata *>(data)->unwrap(&e);
-
-    MemObject *mem = e->mem_obj;
-    assert(e->swappingOut());
-    assert(mem);
-    assert(mem->swapout.sio == self);
-    assert(errflag == 0);
-    assert(!e->hasDisk()); // if this fails, call SwapDir::disconnect(e)
-    e->swap_filen = mem->swapout.sio->swap_filen;
-    e->swap_dirn = mem->swapout.sio->swap_dirn;
+    assert(false);
 }
 
 static bool
@@ -304,8 +294,11 @@
             storeConfigure();
         }
 
+        // mark the locked entry for deletion
+        // TODO: Keep the memory entry (if any)
+        e->releaseRequest();
+        e->swap_status = SWAPOUT_FAILED;
         e->disk().finalizeSwapoutFailure(*e);
-        e->releaseRequest(); // TODO: Keep the memory entry (if any)
     } else {
         /* swapping complete */
         debugs(20, 3, "storeSwapOutFileClosed: SwapOut complete: '" << e->url() << "' to " <<
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-4.6/src/tests/stub_debug.cc new/squid-4.7/src/tests/stub_debug.cc
--- old/squid-4.6/src/tests/stub_debug.cc	2019-02-19 03:46:22.000000000 +0100
+++ new/squid-4.7/src/tests/stub_debug.cc	2019-05-06 15:53:49.000000000 +0200
@@ -103,7 +103,8 @@
 Debug::Context::Context(const int aSection, const int aLevel):
     level(aLevel),
     sectionLevel(Levels[aSection]),
-    upper(Current)
+    upper(Current),
+    forceAlert(false)
 {
     buf.setf(std::ios::fixed);
     buf.precision(2);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-4.6/src/tests/stub_libsecurity.cc new/squid-4.7/src/tests/stub_libsecurity.cc
--- old/squid-4.6/src/tests/stub_libsecurity.cc	2019-02-19 03:46:22.000000000 +0100
+++ new/squid-4.7/src/tests/stub_libsecurity.cc	2019-05-06 15:53:49.000000000 +0200
@@ -86,6 +86,7 @@
 Security::ContextPointer Security::PeerOptions::createBlankContext() const STUB_RETVAL(Security::ContextPointer())
 void Security::PeerOptions::updateContextCa(Security::ContextPointer &) STUB
 void Security::PeerOptions::updateContextCrl(Security::ContextPointer &) STUB
+void Security::PeerOptions::updateContextTrust(Security::ContextPointer &) STUB
 void Security::PeerOptions::updateSessionOptions(Security::SessionPointer &) STUB
 void Security::PeerOptions::dumpCfg(Packable*, char const*) const STUB
 void Security::PeerOptions::parseOptions() STUB
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-4.6/test-suite/stub_debug.cc new/squid-4.7/test-suite/stub_debug.cc
--- old/squid-4.6/test-suite/stub_debug.cc	2019-02-19 04:14:06.000000000 +0100
+++ new/squid-4.7/test-suite/stub_debug.cc	2019-05-06 16:07:36.000000000 +0200
@@ -103,7 +103,8 @@
 Debug::Context::Context(const int aSection, const int aLevel):
     level(aLevel),
     sectionLevel(Levels[aSection]),
-    upper(Current)
+    upper(Current),
+    forceAlert(false)
 {
     buf.setf(std::ios::fixed);
     buf.precision(2);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-4.6/tools/helper-mux/helper-mux.8 new/squid-4.7/tools/helper-mux/helper-mux.8
--- old/squid-4.6/tools/helper-mux/helper-mux.8	2019-02-19 04:14:06.000000000 +0100
+++ new/squid-4.7/tools/helper-mux/helper-mux.8	2019-05-06 16:07:36.000000000 +0200
@@ -133,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "HELPER-MUX 8"
-.TH HELPER-MUX 8 "2019-02-19" "perl v5.28.1" "User Contributed Perl Documentation"
+.TH HELPER-MUX 8 "2019-05-06" "perl v5.28.1" "User Contributed Perl Documentation"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-4.6/tools/squidclient/squidclient.cc new/squid-4.7/tools/squidclient/squidclient.cc
--- old/squid-4.6/tools/squidclient/squidclient.cc	2019-02-19 03:46:22.000000000 +0100
+++ new/squid-4.7/tools/squidclient/squidclient.cc	2019-05-06 15:53:49.000000000 +0200
@@ -22,6 +22,7 @@
 /** \endcond */
 #endif
 
+#include <cassert>
 #include <cerrno>
 #include <csignal>
 #include <cstring>
@@ -177,6 +178,56 @@
     *d = '\0';
 }
 
+/// [Proxy-]Authorization header producer
+class Authorization
+{
+public:
+    Authorization(const char *aHeader, const char *aDestination):
+        header(aHeader), destination(aDestination) {}
+
+    /// finalizes and writes the right HTTP header to the given stream
+    void commit(std::ostream &os);
+
+    std::string header; ///< HTTP header name to send
+    std::string destination; ///< used when describing password
+    const char *user = nullptr; ///< user name to encode and send
+    const char *password = nullptr; ///< user password to encode and send
+};
+
+void
+Authorization::commit(std::ostream &os)
+{
+#if HAVE_GETPASS
+    if (!password)
+        password = getpass((destination + " password: ").c_str());
+#endif
+    if (!password) {
+        std::cerr << "ERROR: " << destination << " password missing\n";
+        exit(EXIT_FAILURE);
+    }
+
+    struct base64_encode_ctx ctx;
+    base64_encode_init(&ctx);
+    const auto bcapacity = base64_encode_len(strlen(user) + 1 + strlen(password));
+    const auto buf = new char[bcapacity];
+
+    size_t bsize = 0;
+    bsize += base64_encode_update(&ctx, buf, strlen(user), reinterpret_cast<const uint8_t*>(user));
+    bsize += base64_encode_update(&ctx, buf+bsize, 1, reinterpret_cast<const uint8_t*>(":"));
+    bsize += base64_encode_update(&ctx, buf+bsize, strlen(password), reinterpret_cast<const uint8_t*>(password));
+    bsize += base64_encode_final(&ctx, buf+bsize);
+    assert(bsize <= bcapacity); // paranoid and late but better than nothing
+
+    os << header << ": Basic ";
+    os.write(buf, bsize);
+    os << "\r\n";
+
+    delete[] buf;
+}
+
+static Authorization ProxyAuthorization("Proxy-Authorization", "proxy");
+static Authorization OriginAuthorization("Authorization", "origin server");
+
 int
 main(int argc, char *argv[])
 {
@@ -195,10 +246,6 @@
     time_t ims = 0;
     int max_forwards = -1;
 
-    const char *proxy_user = NULL;
-    const char *proxy_password = NULL;
-    const char *www_user = NULL;
-    const char *www_password = NULL;
     const char *host = NULL;
     const char *version = "1.0";
     const char *useragent = NULL;
@@ -321,19 +368,19 @@
                 break;
 
             case 'u':
-                proxy_user = optarg;
+                ProxyAuthorization.user = optarg;
                 break;
 
             case 'w':
-                proxy_password = optarg;
+                ProxyAuthorization.password = optarg;
                 break;
 
             case 'U':
-                www_user = optarg;
+                OriginAuthorization.user = optarg;
                 break;
 
             case 'W':
-                www_password = optarg;
+                OriginAuthorization.password = optarg;
                 break;
 
             case 'n':
@@ -380,7 +427,7 @@
         char *t = xstrdup(url + 4);
         const char *at = NULL;
         if (!strrchr(t, '@')) { // ignore any -w password if @ is explicit already.
-            at = proxy_password;
+            at = ProxyAuthorization.password;
         }
         // embed the -w proxy password into old-style cachemgr URLs
         if (at)
@@ -461,47 +508,10 @@
         if (max_forwards > -1) {
             msg << "Max-Forwards: " << max_forwards << "\r\n";
         }
-        struct base64_encode_ctx ctx;
-        base64_encode_init(&ctx);
-        size_t blen;
-        if (proxy_user) {
-            const char *user = proxy_user;
-            const char *password = proxy_password;
-#if HAVE_GETPASS
-            if (!password)
-                password = getpass("Proxy password: ");
-#endif
-            if (!password) {
-                std::cerr << "ERROR: Proxy password missing" << std::endl;
-                exit(1);
-            }
-            char *pwdBuf = new char[base64_encode_len(strlen(user)+1+strlen(password))];
-            blen = base64_encode_update(&ctx, pwdBuf, strlen(user), reinterpret_cast<const uint8_t*>(user));
-            blen += base64_encode_update(&ctx, pwdBuf+blen, 1, reinterpret_cast<const uint8_t*>(":"));
-            blen += base64_encode_update(&ctx, pwdBuf+blen, strlen(password), reinterpret_cast<const uint8_t*>(password));
-            blen += base64_encode_final(&ctx, pwdBuf+blen);
-            msg << "Proxy-Authorization: Basic " << pwdBuf << "\r\n";
-            delete[] pwdBuf;
-        }
-        if (www_user) {
-            const char *user = www_user;
-            const char *password = www_password;
-#if HAVE_GETPASS
-            if (!password)
-                password = getpass("WWW password: ");
-#endif
-            if (!password) {
-                std::cerr << "ERROR: WWW password missing" << std::endl;
-                exit(1);
-            }
-            char *pwdBuf = new char[base64_encode_len(strlen(user)+1+strlen(password))];
-            blen = base64_encode_update(&ctx, pwdBuf, strlen(user), reinterpret_cast<const uint8_t*>(user));
-            blen += base64_encode_update(&ctx, pwdBuf+blen, 1, reinterpret_cast<const uint8_t*>(":"));
-            blen += base64_encode_update(&ctx, pwdBuf+blen, strlen(password), reinterpret_cast<const uint8_t*>(password));
-            blen += base64_encode_final(&ctx, pwdBuf+blen);
-            msg << "Proxy-Authorization: Basic " << pwdBuf << "\r\n";
-            delete[] pwdBuf;
-        }
+        if (ProxyAuthorization.user)
+            ProxyAuthorization.commit(msg);
+        if (OriginAuthorization.user)
+            OriginAuthorization.commit(msg);
 #if HAVE_GSSAPI
         if (www_neg) {
             if (host) {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-4.6/tools/squidclient/stub_debug.cc new/squid-4.7/tools/squidclient/stub_debug.cc
--- old/squid-4.6/tools/squidclient/stub_debug.cc	2019-02-19 04:14:07.000000000 +0100
+++ new/squid-4.7/tools/squidclient/stub_debug.cc	2019-05-06 16:07:36.000000000 +0200
@@ -103,7 +103,8 @@
 Debug::Context::Context(const int aSection, const int aLevel):
     level(aLevel),
     sectionLevel(Levels[aSection]),
-    upper(Current)
+    upper(Current),
+    forceAlert(false)
 {
     buf.setf(std::ios::fixed);
     buf.precision(2);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-4.6/tools/stub_debug.cc new/squid-4.7/tools/stub_debug.cc
--- old/squid-4.6/tools/stub_debug.cc	2019-02-19 04:14:06.000000000 +0100
+++ new/squid-4.7/tools/stub_debug.cc	2019-05-06 16:07:36.000000000 +0200
@@ -103,7 +103,8 @@
 Debug::Context::Context(const int aSection, const int aLevel):
     level(aLevel),
     sectionLevel(Levels[aSection]),
-    upper(Current)
+    upper(Current),
+    forceAlert(false)
 {
     buf.setf(std::ios::fixed);
     buf.precision(2);

++++++ squid-4.6.tar.xz.asc -> squid-4.7.tar.xz.asc ++++++
--- /work/SRC/openSUSE:Factory/squid/squid-4.6.tar.xz.asc	2019-02-25 17:57:04.510304518 +0100
+++ /work/SRC/openSUSE:Factory/.squid.new.5148/squid-4.7.tar.xz.asc	2019-05-08 15:17:48.425167748 +0200
@@ -1,25 +1,25 @@
-File: squid-4.6.tar.xz
-Date: Tue Feb 19 03:25:07 UTC 2019
-Size: 2439792
-MD5 : e25e7cc37754ad14d8aa368c0c210e54
-SHA1: 0396fe8077049000407d13aca8efdd9228e69d98
+File: squid-4.7.tar.xz
+Date: Tue May  7 07:29:53 UTC 2019
+Size: 2440884
+MD5 : ec7be696032b962eac9ba5726940a3aa
+SHA1: 018ec694e5d11124ceae86d391ea157994ac6624
 Key : CD6DBF8EF3B17D3E <squid3@treenet.co.nz>
             B068 84ED B779 C89B 044E  64E3 CD6D BF8E F3B1 7D3E
       keyring = http://www.squid-cache.org/pgp.asc
       keyserver = pool.sks-keyservers.net
 -----BEGIN PGP SIGNATURE-----
 
-iQIzBAABCgAdFiEEsGiE7bd5yJsETmTjzW2/jvOxfT4FAlxrdx0ACgkQzW2/jvOx
-fT741Q//dEG1uEEGuU7qKAmimpw6JtMauSMkGCD5wrwBEQo4z0Y4DYsY7mlT4F0I
-0VOHjuB0HVx7xE3x8vV5j38KqpokhywFtd2JJHjmTCSNt4KIMBVf9U9PbUlHbg5y
-iBw0aQlXknB9cYkI9vbK9MwDVBhv1U25dUqJ/+f8XwTR1rpLmC4ShvtaEK++uMOB
-Df8EszHxGZseyKay/JGNUT2SwWdl7j2zjhRK9WueJGyJ85m76ptkpwJ1BuOz2dJ6
-XJVFuoJl8cb4Pm0xQEVobZ3MdMzqZUEgAmT6rWm9znmNuVQUw0pr7sMowOQyC5bm
-x7ltSr10ZmT+0Fhu0OnXTN2wzz09L8CHTHacFBzNDzxqfh7s+Rlv+KIgEoJKR68O
-4BjSNYPf4U34D7fVsk6pE7pJFwbE3gkwU6oU6tdpG9d8pSzR5yX7JVXdI+FZM6mb
-NyQ0p1wcNN87Zk7R/Yve0CneZVNUzXvuXMM7IfmN81v30iakDL0GOEDqENLIxvxX
-dPRqd2wy00sdvX+ZIWfqKFGvgA0PFYs/GQN0tl8S66XgmIHnbFObGZ3iPiNAknhm
-a2cSero+GEOH/R3wp03ogDnX6uGRS83tIMWNZwaE9vGS8GA256dpZ9JY7s3LIdws
-VyRWqTiN2ZFrl7XRU/wpkr9T4YwRG8swQxe46w46RjGZc046w4w=
-=F/If
+iQIzBAABCgAdFiEEsGiE7bd5yJsETmTjzW2/jvOxfT4FAlzRM/oACgkQzW2/jvOx
+fT5q0hAAvmwR3eKNjp5XG2s1DTYixIo1fO2YUnWsq7vlTGoBuYqXA0UGZAW5F9Up
+i2BxbnJkbR0Qm4I7F3XqdUuQH12DKRJvrbAuN57ch5yNNu3PgKlGUsk6gSfhrJcp
+U0S9/n9rj6cezwsypaZbN1SMET2q0kv7S6NMKyB5dqOsa88QhyyJIdAlB2GMCpGt
+0chyK61I6ksJjtLXm2OaZxrxuLGgXz4eoi3vs2aftUT8dGhS4OAaO9l6nkQ2M+PG
+/eoh9l3btGPfKgobnr9gyrNexUXDzvNZmdl2wbp+lw3xyIrynFlrtS6u7Cv3UC6o
+G3RxjoJd1+VJS3Rgt4HVUl7oEuvVVsizCV0YpWcLBfQb6hI6GNfzDaT9AQs5ck3a
+2RvedpYTrsEizu/kHZqH04uDcXgxsxhIPVZSFY2rZ63hXX4RX2oVm+PxfX6nBmUt
+euxusYLIk0wh7BKq81WvwjcvQW0nXKCDV/qvb6Xpk31wGoERrCtTalHFAizI8aiS
+QEf+K+PRL4uxo4FD5MUbVZuhMITPdru7Mp4cqrcxCxmgHGBbYSaWVL/Rg3kIca7Y
+UBtqbDD5CcfbpEcq8hJKUQAVH8sihNIV6PN9tqGV60tQFmUdKY/bOdkH/NliKxcz
+V/NX3CUMeXs4MtLW87ebv4OYG2yMYuaju6RL/8cOSIlTd7Qu+wU=
+=btfi
 -----END PGP SIGNATURE-----

    

root

tags

participants (1)