Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package squid for openSUSE:Factory checked in at 2024-01-03 12:26:37 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/squid (Old) and /work/SRC/openSUSE:Factory/.squid.new.28375 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "squid" Wed Jan 3 12:26:37 2024 rev:117 rq:1135832 version:6.6 Changes: -------- --- /work/SRC/openSUSE:Factory/squid/squid.changes 2023-11-02 20:22:34.634280387 +0100 +++ /work/SRC/openSUSE:Factory/.squid.new.28375/squid.changes 2024-01-03 12:26:39.535139599 +0100 @@ -1,0 +2,15 @@ +Thu Dec 28 22:12:14 UTC 2023 - Sean Lewis <seanlew@opensuse.org> + +- update to 6.6: + - bug 5328: Fix ESI build with libxml2 v2.12.0 + - Bug 5319: QOS Netfilter MARK preservation is always disabled + - Bug 5318: peer_digest.cc:399: "fetch->pd && receivedData.data" + - Bug 5317: FATAL attempt to read data from memory + - Bug 5154: Do not open IPv6 sockets when IPv6 is disabled + - FTP: Ignore credenials with a NUL-prefixed username + - log_db_daemon: Fix DSN construction + - Limit the number of allowed X-Forwarded-For hops + - Do not update StoreEntry expiration after errorAppendEntry() + - improve handling of response sending errors + +------------------------------------------------------------------- Old: ---- squid-6.4.tar.xz squid-6.4.tar.xz.asc New: ---- squid-6.6.tar.xz squid-6.6.tar.xz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ squid.spec ++++++ --- /var/tmp/diff_new_pack.ni8bMr/_old 2024-01-03 12:26:40.243165454 +0100 +++ /var/tmp/diff_new_pack.ni8bMr/_new 2024-01-03 12:26:40.243165454 +0100 @@ -24,7 +24,7 @@ %define squidhelperdir %{_sbindir} %endif Name: squid -Version: 6.4 +Version: 6.6 Release: 0 Summary: Caching and forwarding HTTP web proxy License: GPL-2.0-or-later ++++++ squid-6.4.tar.xz -> squid-6.6.tar.xz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-6.4/ChangeLog new/squid-6.6/ChangeLog --- old/squid-6.4/ChangeLog 2023-10-21 00:40:41.000000000 +0200 +++ new/squid-6.6/ChangeLog 2023-12-07 02:36:15.000000000 +0100 @@ -1,3 +1,24 @@ +Changes in squid-6.6 (5 Dec 2023): + + - Bug 5328: Fix ESI build with libxml2 v2.12.0 + - Bug 5319: QOS Netfilter MARK preservation is always disabled + - Bug 5318: peer_digest.cc:399: "fetch->pd && receivedData.data" + - Bug 5317: FATAL attempt to read data from memory + - Bug 5154: Do not open IPv6 sockets when IPv6 is disabled + - FTP: Ignore credentials with a NUL-prefixed username + - log_db_daemon: Fix DSN construction + - Limit the number of allowed X-Forwarded-For hops + - Do not update StoreEntry expiration after errorAppendEntry() + - improve handling of response sending errors + +Changes in squid-6.5 (5 Nov 2023): + + - Bug 5309: frequent "lowestOffset () <= target_offset" assertion + - Bug 4977: Remove mem_hdr::freeDataUpto() assertion + - Fix handling of expanding HTTP header values + - Fix RFC 1123 date parsing + - Gracefully shutdown when helper process startup fails + Changes in squid-6.4 (22 Oct 2023): - Regression: Restore support for legacy cache_object cache manager requests diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-6.4/RELEASENOTES.html new/squid-6.6/RELEASENOTES.html --- old/squid-6.4/RELEASENOTES.html 2023-10-21 14:47:10.000000000 +0200 +++ new/squid-6.6/RELEASENOTES.html 2023-12-07 04:33:16.000000000 +0100 @@ -3,10 +3,10 @@ <HEAD> <META NAME="GENERATOR" CONTENT="LinuxDoc-Tools 0.9.83"> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> - <TITLE>Squid 6.4 release notes</TITLE> + <TITLE>Squid 6.6 release notes</TITLE> </HEAD> <BODY> -<H1>Squid 6.4 release notes</H1> +<H1>Squid 6.6 release notes</H1> <H2>Squid Developers</H2> <P> @@ -59,7 +59,7 @@ <HR> <H2><A NAME="s1">1.</A> <A HREF="#toc1">Notice</A></H2> -<P>The Squid Team are pleased to announce the release of Squid-6.4 for testing.</P> +<P>The Squid Team are pleased to announce the release of Squid-6.6 for testing.</P> <P>This new release is available for download from <A HREF="http://www.squid-cache.org/Versions/v6/">http://www.squid-cache.org/Versions/v6/</A> or the <A HREF="http://www.squid-cache.org/Download/http-mirrors.html">mirrors</A>.</P> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-6.4/configure new/squid-6.6/configure --- old/squid-6.4/configure 2023-10-21 14:43:00.000000000 +0200 +++ new/squid-6.6/configure 2023-12-07 04:28:45.000000000 +0100 @@ -1,7 +1,7 @@ #! /bin/sh # From configure.ac Revision. # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.71 for Squid Web Proxy 6.4. +# Generated by GNU Autoconf 2.71 for Squid Web Proxy 6.6. # # Report bugs to <https://bugs.squid-cache.org/>. # @@ -626,8 +626,8 @@ # Identity of this package. PACKAGE_NAME='Squid Web Proxy' PACKAGE_TARNAME='squid' -PACKAGE_VERSION='6.4' -PACKAGE_STRING='Squid Web Proxy 6.4' +PACKAGE_VERSION='6.6' +PACKAGE_STRING='Squid Web Proxy 6.6' PACKAGE_BUGREPORT='https://bugs.squid-cache.org/' PACKAGE_URL='' @@ -1696,7 +1696,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures Squid Web Proxy 6.4 to adapt to many kinds of systems. +\`configure' configures Squid Web Proxy 6.6 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1767,7 +1767,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of Squid Web Proxy 6.4:";; + short | recursive ) echo "Configuration of Squid Web Proxy 6.6:";; esac cat <<\_ACEOF @@ -2187,7 +2187,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -Squid Web Proxy configure 6.4 +Squid Web Proxy configure 6.6 generated by GNU Autoconf 2.71 Copyright (C) 2021 Free Software Foundation, Inc. @@ -3200,7 +3200,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by Squid Web Proxy $as_me 6.4, which was +It was created by Squid Web Proxy $as_me 6.6, which was generated by GNU Autoconf 2.71. Invocation command line was $ $0$ac_configure_args_raw @@ -4692,7 +4692,7 @@ # Define the identity of the package. PACKAGE='squid' - VERSION='6.4' + VERSION='6.6' printf "%s\n" "#define PACKAGE \"$PACKAGE\"" >>confdefs.h @@ -54911,7 +54911,7 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: ZPH QOS enabled: $enable_zph_qos" >&5 printf "%s\n" "$as_me: ZPH QOS enabled: $enable_zph_qos" >&6;} -if test "x$enable_zph_qos" = "xyes"] +if test "x$enable_zph_qos" = "xyes" then : { printf "%s\n" "$as_me:${as_lineno-$LINENO}: QOS netfilter mark preservation enabled: $with_netfilter_conntrack" >&5 @@ -56854,7 +56854,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by Squid Web Proxy $as_me 6.4, which was +This file was extended by Squid Web Proxy $as_me 6.6, which was generated by GNU Autoconf 2.71. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -56922,7 +56922,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config='$ac_cs_config_escaped' ac_cs_version="\\ -Squid Web Proxy config.status 6.4 +Squid Web Proxy config.status 6.6 configured by $0, generated by GNU Autoconf 2.71, with options \\"\$ac_cs_config\\" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-6.4/configure.ac new/squid-6.6/configure.ac --- old/squid-6.4/configure.ac 2023-10-21 14:43:00.000000000 +0200 +++ new/squid-6.6/configure.ac 2023-12-07 04:28:45.000000000 +0100 @@ -5,7 +5,7 @@ ## Please see the COPYING and CONTRIBUTORS files for details. ## -AC_INIT([Squid Web Proxy],[6.4],[https://bugs.squid-cache.org/],[squid]) +AC_INIT([Squid Web Proxy],[6.6],[https://bugs.squid-cache.org/],[squid]) AC_PREREQ(2.61) AC_CONFIG_HEADERS([include/autoconf.h]) AC_CONFIG_AUX_DIR(cfgaux) @@ -2965,7 +2965,7 @@ [Enable Zero Penalty Hit QOS. When set, Squid will alter the TOS field of HIT responses to help policing network traffic]) AC_MSG_NOTICE([ZPH QOS enabled: $enable_zph_qos]) -AS_IF(test "x$enable_zph_qos" = "xyes"],[ +AS_IF([test "x$enable_zph_qos" = "xyes"],[ AC_MSG_NOTICE([QOS netfilter mark preservation enabled: $with_netfilter_conntrack]) SQUID_DEFINE_BOOL(USE_LIBNETFILTERCONNTRACK,${with_netfilter_conntrack:=no}, [Enable support for QOS netfilter mark preservation]) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-6.4/doc/release-notes/release-6.html new/squid-6.6/doc/release-notes/release-6.html --- old/squid-6.4/doc/release-notes/release-6.html 2023-10-21 14:47:10.000000000 +0200 +++ new/squid-6.6/doc/release-notes/release-6.html 2023-12-07 04:33:16.000000000 +0100 @@ -3,10 +3,10 @@ <HEAD> <META NAME="GENERATOR" CONTENT="LinuxDoc-Tools 0.9.83"> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> - <TITLE>Squid 6.4 release notes</TITLE> + <TITLE>Squid 6.6 release notes</TITLE> </HEAD> <BODY> -<H1>Squid 6.4 release notes</H1> +<H1>Squid 6.6 release notes</H1> <H2>Squid Developers</H2> <P> @@ -59,7 +59,7 @@ <HR> <H2><A NAME="s1">1.</A> <A HREF="#toc1">Notice</A></H2> -<P>The Squid Team are pleased to announce the release of Squid-6.4 for testing.</P> +<P>The Squid Team are pleased to announce the release of Squid-6.6 for testing.</P> <P>This new release is available for download from <A HREF="http://www.squid-cache.org/Versions/v6/">http://www.squid-cache.org/Versions/v6/</A> or the <A HREF="http://www.squid-cache.org/Download/http-mirrors.html">mirrors</A>.</P> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-6.4/include/version.h new/squid-6.6/include/version.h --- old/squid-6.4/include/version.h 2023-10-21 14:43:00.000000000 +0200 +++ new/squid-6.6/include/version.h 2023-12-07 04:28:45.000000000 +0100 @@ -10,7 +10,7 @@ #define SQUID_VERSION_H #ifndef SQUID_RELEASE_TIME -#define SQUID_RELEASE_TIME 1697892169 +#define SQUID_RELEASE_TIME 1701919714 #endif /* diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-6.4/scripts/update-contributors.pl new/squid-6.6/scripts/update-contributors.pl --- old/squid-6.4/scripts/update-contributors.pl 2023-10-21 00:40:41.000000000 +0200 +++ new/squid-6.6/scripts/update-contributors.pl 2023-12-07 02:36:15.000000000 +0100 @@ -9,6 +9,7 @@ use strict; use warnings; +use Getopt::Long; # Reads (presumed to be previously vetted) CONTRIBUTORS file. # Reads untrusted CONTIBUTORS-like new input (without the preamble). @@ -26,6 +27,16 @@ my $SkippedEmptyLines = 0; my $SkippedBadLines = 0; +# Brief display by default. +# Use --quiet for no output +# Use -v or --verbose for more details, repeating them for even more details. +my $VerboseOutput = 1; + +GetOptions( + 'quiet' => sub { $VerboseOutput = 0 }, + 'verbose+' => \$VerboseOutput, 'v+' => \$VerboseOutput, + ) or die("$0: Bad command line arguments\n"); + my @VettedContributors = (); my @NewContributors = (); my %Problems = (); @@ -269,14 +280,16 @@ die(ref($c)) unless ref($c) eq 'HASH'; if (&isManuallyExcluded($c)) { - ¬eProblem("Skipping banned entry: %s\n", $c->{raw}); + ¬eProblem("Skipping banned entry: %s\n", $c->{raw}) if ($VerboseOutput > 0); ++$SkippedBanned; next; } if (my ($vettedC) = grep { &similarToVetted($c, $_) } @VettedContributors) { - ¬eProblem("Skipping already vetted:\n %s\n %s\n", $vettedC->{raw}, $c->{raw}) - unless &contributorToString($vettedC) eq &contributorToString($c); + if ($VerboseOutput > 1) { + ¬eProblem("Skipping already vetted:\n %s\n %s\n", $vettedC->{raw}, $c->{raw}) + unless &contributorToString($vettedC) eq &contributorToString($c); + } ++$SkippedAlreadyVetted; next; } @@ -292,8 +305,10 @@ while (@NewContributors) { my $c = pop @NewContributors; if (my ($otherC) = grep { &worseThan($c, $_) } (@VettedContributors, @NewContributors, @ngContributors)) { - ¬eProblem("Skipping very similar:\n %s\n %s\n", $otherC->{raw}, $c->{raw}) - unless &contributorToString($otherC) eq &contributorToString($c); + if ($VerboseOutput > 0) { + ¬eProblem("Skipping very similar:\n %s\n %s\n", $otherC->{raw}, $c->{raw}) + unless &contributorToString($otherC) eq &contributorToString($c); + } ++$SkippedNewDuplicates; next; } @@ -341,20 +356,27 @@ &printContributors(); - # TODO: Disable this debugging-like dump (by default). Or just remove? - printf(STDERR "Vetted lines in: %4d\n", $VettedLinesIn); - printf(STDERR "Updated lines out: %4d\n", $LinesOut); - printf(STDERR "\n"); - printf(STDERR "New lines in: %4d\n", $NewLinesIn); - printf(STDERR "Skipped empty lines: %4d\n", $SkippedEmptyLines); - printf(STDERR "Skipped banned: %4d\n", $SkippedBanned); - printf(STDERR "Skipped similar: %4d\n", $SkippedAlreadyVetted); - printf(STDERR "Skipped duplicates: %4d\n", $SkippedNewDuplicates); - printf(STDERR "Skipped bad lines: %4d\n", $SkippedBadLines); - printf(STDERR "\n"); - printf(STDERR "Vetted contributors: %3d\n", scalar @VettedContributors); - printf(STDERR "New contributors: %3d\n", scalar @NewContributors); - printf(STDERR "Contributors out: %3d\n", @VettedContributors + @NewContributors); + if ($VerboseOutput > 1) { + printf(STDERR "Vetted lines in: %4d\n", $VettedLinesIn); + printf(STDERR "Updated lines out: %4d\n", $LinesOut); + printf(STDERR "\n"); + } + if ($VerboseOutput > 2) { + printf(STDERR "New lines in: %4d\n", $NewLinesIn); + printf(STDERR "Skipped empty lines: %4d\n", $SkippedEmptyLines) unless ($SkippedEmptyLines == 0); + printf(STDERR "Skipped duplicates: %4d\n", $SkippedNewDuplicates) unless ($SkippedNewDuplicates == 0); + } + if ($VerboseOutput > 1) { + printf(STDERR "Skipped banned: %4d\n", $SkippedBanned) unless ($SkippedBanned == 0); + printf(STDERR "Skipped similar: %4d\n", $SkippedAlreadyVetted) unless ($SkippedAlreadyVetted == 0); + } + if ($VerboseOutput > 0) { + printf(STDERR "Skipped bad lines: %4d\n", $SkippedBadLines) unless ($SkippedBadLines == 0); + printf(STDERR "\n"); + printf(STDERR "Vetted contributors: %3d\n", scalar @VettedContributors) if ($VerboseOutput > 1); + printf(STDERR "New contributors: %3d\n", scalar @NewContributors) unless (scalar @NewContributors == 0); + printf(STDERR "Contributors out: %3d\n", @VettedContributors + @NewContributors) if ($VerboseOutput > 1); + } return 0; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-6.4/src/ClientRequestContext.h new/squid-6.6/src/ClientRequestContext.h --- old/squid-6.4/src/ClientRequestContext.h 2023-10-21 00:40:41.000000000 +0200 +++ new/squid-6.6/src/ClientRequestContext.h 2023-12-07 02:36:15.000000000 +0100 @@ -78,8 +78,13 @@ #if USE_OPENSSL bool sslBumpCheckDone = false; #endif - ErrorState *error = nullptr; ///< saved error page for centralized/delayed processing + bool readNextRequest = false; ///< whether Squid should read after error handling + ErrorState *error = nullptr; ///< saved error page for centralized/delayed processing + +#if FOLLOW_X_FORWARDED_FOR + size_t currentXffHopNumber = 0; ///< number of X-Forwarded-For header values processed so far +#endif }; #endif /* SQUID_CLIENTREQUESTCONTEXT_H */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-6.4/src/MemObject.cc new/squid-6.6/src/MemObject.cc --- old/squid-6.4/src/MemObject.cc 2023-10-21 00:40:41.000000000 +0200 +++ new/squid-6.6/src/MemObject.cc 2023-12-07 02:36:15.000000000 +0100 @@ -167,7 +167,7 @@ void operator() (store_client const &x) { if (x.getType() == STORE_MEM_CLIENT) - current = std::min(current, x.readOffset()); + current = std::min(current, x.discardableHttpEnd()); } int64_t current; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-6.4/src/SquidString.h new/squid-6.6/src/SquidString.h --- old/squid-6.4/src/SquidString.h 2023-10-21 00:40:41.000000000 +0200 +++ new/squid-6.6/src/SquidString.h 2023-12-07 02:36:15.000000000 +0100 @@ -140,7 +140,16 @@ size_type len_ = 0; /* current length */ - static const size_type SizeMax_ = 65535; ///< 64K limit protects some fixed-size buffers + /// An earlier 64KB limit was meant to protect some fixed-size buffers, but + /// (a) we do not know where those buffers are (or whether they still exist) + /// (b) too many String users unknowingly exceeded that limit and asserted. + /// We are now using a larger limit to reduce the number of (b) cases, + /// especially cases where "compact" lists of items grow 50% in size when we + /// convert them to canonical form. The new limit is selected to withstand + /// concatenation and ~50% expansion of two HTTP headers limited by default + /// request_header_max_size and reply_header_max_size settings. + static const size_type SizeMax_ = 3*64*1024 - 1; + /// returns true after increasing the first argument by extra if the sum does not exceed SizeMax_ static bool SafeAdd(size_type &base, size_type extra) { if (extra <= SizeMax_ && base <= SizeMax_ - extra) { base += extra; return true; } return false; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-6.4/src/StoreClient.h new/squid-6.6/src/StoreClient.h --- old/squid-6.4/src/StoreClient.h 2023-10-21 00:40:41.000000000 +0200 +++ new/squid-6.6/src/StoreClient.h 2023-12-07 02:36:15.000000000 +0100 @@ -74,15 +74,8 @@ explicit store_client(StoreEntry *); ~store_client(); - /// An offset into the stored response bytes, including the HTTP response - /// headers (if any). Note that this offset does not include Store entry - /// metadata, because it is not a part of the stored response. - /// \retval 0 means the client wants to read HTTP response headers. - /// \retval +N the response byte that the client wants to read next. - /// \retval -N should not occur. - // TODO: Callers do not expect negative offset. Verify that the return - // value cannot be negative and convert to unsigned in this case. - int64_t readOffset() const { return copyInto.offset; } + /// the client will not use HTTP response bytes with lower offsets (if any) + auto discardableHttpEnd() const { return discardableHttpEnd_; } int getType() const; @@ -175,8 +168,16 @@ /// Storage and metadata associated with the current copy() request. Ought /// to be ignored when not answering a copy() request. + /// * copyInto.offset is the requested HTTP response body offset; + /// * copyInto.data is the client-owned, client-provided result buffer; + /// * copyInto.length is the size of the .data result buffer; + /// * copyInto.flags are unused by this class. StoreIOBuffer copyInto; + // TODO: Convert to uint64_t after fixing mem_hdr::endOffset() and friends. + /// \copydoc discardableHttpEnd() + int64_t discardableHttpEnd_ = 0; + /// the total number of finishCallback() calls uint64_t answers; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-6.4/src/acl/external/SQL_session/ext_sql_session_acl.8 new/squid-6.6/src/acl/external/SQL_session/ext_sql_session_acl.8 --- old/squid-6.4/src/acl/external/SQL_session/ext_sql_session_acl.8 2023-10-21 14:47:14.000000000 +0200 +++ new/squid-6.6/src/acl/external/SQL_session/ext_sql_session_acl.8 2023-12-07 04:33:19.000000000 +0100 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EXT_SQL_SESSION_ACL 8" -.TH EXT_SQL_SESSION_ACL 8 "2023-10-21" "perl v5.36.0" "User Contributed Perl Documentation" +.TH EXT_SQL_SESSION_ACL 8 "2023-12-07" "perl v5.36.0" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-6.4/src/acl/external/delayer/ext_delayer_acl.8 new/squid-6.6/src/acl/external/delayer/ext_delayer_acl.8 --- old/squid-6.4/src/acl/external/delayer/ext_delayer_acl.8 2023-10-21 14:47:13.000000000 +0200 +++ new/squid-6.6/src/acl/external/delayer/ext_delayer_acl.8 2023-12-07 04:33:19.000000000 +0100 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EXT_DELAYER_ACL 8" -.TH EXT_DELAYER_ACL 8 "2023-10-21" "perl v5.36.0" "User Contributed Perl Documentation" +.TH EXT_DELAYER_ACL 8 "2023-12-07" "perl v5.36.0" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-6.4/src/acl/external/kerberos_sid_group/ext_kerberos_sid_group_acl.8 new/squid-6.6/src/acl/external/kerberos_sid_group/ext_kerberos_sid_group_acl.8 --- old/squid-6.4/src/acl/external/kerberos_sid_group/ext_kerberos_sid_group_acl.8 2023-10-21 14:47:13.000000000 +0200 +++ new/squid-6.6/src/acl/external/kerberos_sid_group/ext_kerberos_sid_group_acl.8 2023-12-07 04:33:19.000000000 +0100 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EXT_KERBEROS_SID_GROUP_ACL 8" -.TH EXT_KERBEROS_SID_GROUP_ACL 8 "2023-10-21" "perl v5.36.0" "User Contributed Perl Documentation" +.TH EXT_KERBEROS_SID_GROUP_ACL 8 "2023-12-07" "perl v5.36.0" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-6.4/src/acl/external/wbinfo_group/ext_wbinfo_group_acl.8 new/squid-6.6/src/acl/external/wbinfo_group/ext_wbinfo_group_acl.8 --- old/squid-6.4/src/acl/external/wbinfo_group/ext_wbinfo_group_acl.8 2023-10-21 14:47:14.000000000 +0200 +++ new/squid-6.6/src/acl/external/wbinfo_group/ext_wbinfo_group_acl.8 2023-12-07 04:33:20.000000000 +0100 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EXT_WBINFO_GROUP_ACL 8" -.TH EXT_WBINFO_GROUP_ACL 8 "2023-10-21" "perl v5.36.0" "User Contributed Perl Documentation" +.TH EXT_WBINFO_GROUP_ACL 8 "2023-12-07" "perl v5.36.0" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-6.4/src/auth/basic/DB/basic_db_auth.8 new/squid-6.6/src/auth/basic/DB/basic_db_auth.8 --- old/squid-6.4/src/auth/basic/DB/basic_db_auth.8 2023-10-21 14:47:15.000000000 +0200 +++ new/squid-6.6/src/auth/basic/DB/basic_db_auth.8 2023-12-07 04:33:21.000000000 +0100 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BASIC_DB_AUTH 8" -.TH BASIC_DB_AUTH 8 "2023-10-21" "perl v5.36.0" "User Contributed Perl Documentation" +.TH BASIC_DB_AUTH 8 "2023-12-07" "perl v5.36.0" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-6.4/src/auth/basic/POP3/basic_pop3_auth.8 new/squid-6.6/src/auth/basic/POP3/basic_pop3_auth.8 --- old/squid-6.4/src/auth/basic/POP3/basic_pop3_auth.8 2023-10-21 14:47:15.000000000 +0200 +++ new/squid-6.6/src/auth/basic/POP3/basic_pop3_auth.8 2023-12-07 04:33:21.000000000 +0100 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BASIC_POP3_AUTH 8" -.TH BASIC_POP3_AUTH 8 "2023-10-21" "perl v5.36.0" "User Contributed Perl Documentation" +.TH BASIC_POP3_AUTH 8 "2023-12-07" "perl v5.36.0" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-6.4/src/cache_cf.cc new/squid-6.6/src/cache_cf.cc --- old/squid-6.4/src/cache_cf.cc 2023-10-21 00:40:41.000000000 +0200 +++ new/squid-6.6/src/cache_cf.cc 2023-12-07 02:36:15.000000000 +0100 @@ -1007,6 +1007,18 @@ (uint32_t)Config.maxRequestBufferSize, (uint32_t)Config.maxRequestHeaderSize); } + // Warn about the dangers of exceeding String limits when manipulating HTTP + // headers. Technically, we do not concatenate _requests_, so we could relax + // their check, but we keep the two checks the same for simplicity sake. + const auto safeRawHeaderValueSizeMax = (String::SizeMaxXXX()+1)/3; + // TODO: static_assert(safeRawHeaderValueSizeMax >= 64*1024); // no WARNINGs for default settings + if (Config.maxRequestHeaderSize > safeRawHeaderValueSizeMax) + debugs(3, DBG_CRITICAL, "WARNING: Increasing request_header_max_size beyond " << safeRawHeaderValueSizeMax << + " bytes makes Squid more vulnerable to denial-of-service attacks; configured value: " << Config.maxRequestHeaderSize << " bytes"); + if (Config.maxReplyHeaderSize > safeRawHeaderValueSizeMax) + debugs(3, DBG_CRITICAL, "WARNING: Increasing reply_header_max_size beyond " << safeRawHeaderValueSizeMax << + " bytes makes Squid more vulnerable to denial-of-service attacks; configured value: " << Config.maxReplyHeaderSize << " bytes"); + /* * Disable client side request pipelining if client_persistent_connections OFF. * Waste of resources queueing any pipelined requests when the first will close the connection. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-6.4/src/cache_manager.cc new/squid-6.6/src/cache_manager.cc --- old/squid-6.4/src/cache_manager.cc 2023-10-21 00:40:41.000000000 +0200 +++ new/squid-6.6/src/cache_manager.cc 2023-12-07 02:36:15.000000000 +0100 @@ -332,7 +332,6 @@ err->url = xstrdup(entry->url()); err->detailError(new ExceptionErrorDetail(Here().id())); errorAppendEntry(entry, err); - entry->expires = squid_curtime; return; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-6.4/src/cf.data.pre new/squid-6.6/src/cf.data.pre --- old/squid-6.4/src/cf.data.pre 2023-10-21 00:40:41.000000000 +0200 +++ new/squid-6.6/src/cf.data.pre 2023-12-07 02:36:15.000000000 +0100 @@ -6753,11 +6753,14 @@ DEFAULT: 64 KB LOC: Config.maxRequestHeaderSize DOC_START - This specifies the maximum size for HTTP headers in a request. - Request headers are usually relatively small (about 512 bytes). - Placing a limit on the request header size will catch certain - bugs (for example with persistent connections) and possibly - buffer-overflow or denial-of-service attacks. + This directives limits the header size of a received HTTP request + (including request-line). Increasing this limit beyond its 64 KB default + exposes certain old Squid code to various denial-of-service attacks. This + limit also applies to received FTP commands. + + This limit has no direct affect on Squid memory consumption. + + Squid does not check this limit when sending requests. DOC_END NAME: reply_header_max_size @@ -6766,11 +6769,14 @@ DEFAULT: 64 KB LOC: Config.maxReplyHeaderSize DOC_START - This specifies the maximum size for HTTP headers in a reply. - Reply headers are usually relatively small (about 512 bytes). - Placing a limit on the reply header size will catch certain - bugs (for example with persistent connections) and possibly - buffer-overflow or denial-of-service attacks. + This directives limits the header size of a received HTTP response + (including status-line). Increasing this limit beyond its 64 KB default + exposes certain old Squid code to various denial-of-service attacks. This + limit also applies to FTP command responses. + + Squid also checks this limit when loading hit responses from disk cache. + + Squid does not check this limit when sending responses. DOC_END NAME: request_body_max_size diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-6.4/src/client_side_request.cc new/squid-6.6/src/client_side_request.cc --- old/squid-6.4/src/client_side_request.cc 2023-10-21 00:40:41.000000000 +0200 +++ new/squid-6.6/src/client_side_request.cc 2023-12-07 02:36:15.000000000 +0100 @@ -74,6 +74,11 @@ #endif #if FOLLOW_X_FORWARDED_FOR + +#if !defined(SQUID_X_FORWARDED_FOR_HOP_MAX) +#define SQUID_X_FORWARDED_FOR_HOP_MAX 64 +#endif + static void clientFollowXForwardedForCheck(Acl::Answer answer, void *data); #endif /* FOLLOW_X_FORWARDED_FOR */ @@ -438,8 +443,16 @@ /* override the default src_addr tested if we have to go deeper than one level into XFF */ Filled(calloutContext->acl_checklist)->src_addr = request->indirect_client_addr; } - calloutContext->acl_checklist->nonBlockingCheck(clientFollowXForwardedForCheck, data); - return; + if (++calloutContext->currentXffHopNumber < SQUID_X_FORWARDED_FOR_HOP_MAX) { + calloutContext->acl_checklist->nonBlockingCheck(clientFollowXForwardedForCheck, data); + return; + } + const auto headerName = Http::HeaderLookupTable.lookup(Http::HdrType::X_FORWARDED_FOR).name; + debugs(28, DBG_CRITICAL, "ERROR: Ignoring trailing " << headerName << " addresses" << + Debug::Extra << "addresses allowed by follow_x_forwarded_for: " << calloutContext->currentXffHopNumber << + Debug::Extra << "last/accepted address: " << request->indirect_client_addr << + Debug::Extra << "ignored trailing addresses: " << request->x_forwarded_for_iterator); + // fall through to resume clientAccessCheck() processing } } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-6.4/src/clients/FtpGateway.cc new/squid-6.6/src/clients/FtpGateway.cc --- old/squid-6.4/src/clients/FtpGateway.cc 2023-10-21 00:40:41.000000000 +0200 +++ new/squid-6.6/src/clients/FtpGateway.cc 2023-12-07 02:36:15.000000000 +0100 @@ -402,6 +402,12 @@ if (login.isEmpty()) return; + if (!login[0]) { + debugs(9, 2, "WARNING: Ignoring FTP credentials that start with a NUL character"); + // TODO: Either support credentials with NUL characters (in any position) or ban all of them. + return; + } + const SBuf::size_type colonPos = login.find(':'); /* If there was a username part with at least one character use it. @@ -1042,9 +1048,8 @@ /* Test URL login syntax. Overrides any headers received. */ loginParser(request->url.userInfo(), true); - /* name is missing. that's fatal. */ - if (!user[0]) - fatal("FTP login parsing destroyed username info"); + // XXX: We we keep default "anonymous" instead of properly supporting empty usernames. + Assure(user[0]); /* name + password == success */ if (password[0]) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-6.4/src/comm.cc new/squid-6.6/src/comm.cc --- old/squid-6.4/src/comm.cc 2023-10-21 00:40:41.000000000 +0200 +++ new/squid-6.6/src/comm.cc 2023-12-07 02:36:15.000000000 +0100 @@ -364,6 +364,12 @@ /* Create socket for accepting new connections. */ ++ statCounter.syscalls.sock.sockets; + if (!Ip::EnableIpv6 && addr.isIPv6()) { + debugs(50, 2, "refusing to open an IPv6 socket when IPv6 support is disabled: " << addr); + errno = ENOTSUP; + return -1; + } + /* Setup the socket addrinfo details for use */ addr.getAddrInfo(AI); AI->ai_socktype = sock_type; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-6.4/src/esi/Libxml2Parser.cc new/squid-6.6/src/esi/Libxml2Parser.cc --- old/squid-6.4/src/esi/Libxml2Parser.cc 2023-10-21 00:40:41.000000000 +0200 +++ new/squid-6.6/src/esi/Libxml2Parser.cc 2023-12-07 02:36:15.000000000 +0100 @@ -144,7 +144,7 @@ char const * ESILibxml2Parser::errorString() const { - xmlErrorPtr error = xmlGetLastError(); + const auto error = xmlGetLastError(); if (error == nullptr) return nullptr; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-6.4/src/http/url_rewriters/LFS/url_lfs_rewrite.8 new/squid-6.6/src/http/url_rewriters/LFS/url_lfs_rewrite.8 --- old/squid-6.4/src/http/url_rewriters/LFS/url_lfs_rewrite.8 2023-10-21 14:47:16.000000000 +0200 +++ new/squid-6.6/src/http/url_rewriters/LFS/url_lfs_rewrite.8 2023-12-07 04:33:22.000000000 +0100 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "URL_LFS_REWRITE 8" -.TH URL_LFS_REWRITE 8 "2023-10-21" "perl v5.36.0" "User Contributed Perl Documentation" +.TH URL_LFS_REWRITE 8 "2023-12-07" "perl v5.36.0" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-6.4/src/http.cc new/squid-6.6/src/http.cc --- old/squid-6.4/src/http.cc 2023-10-21 00:40:41.000000000 +0200 +++ new/squid-6.6/src/http.cc 2023-12-07 02:36:15.000000000 +0100 @@ -1900,8 +1900,9 @@ String strFwd = hdr_in->getList(Http::HdrType::X_FORWARDED_FOR); - // if we cannot double strFwd size, then it grew past 50% of the limit - if (!strFwd.canGrowBy(strFwd.size())) { + // Detect unreasonably long header values. And paranoidly check String + // limits: a String ought to accommodate two reasonable-length values. + if (strFwd.size() > 32*1024 || !strFwd.canGrowBy(strFwd.size())) { // There is probably a forwarding loop with Via detection disabled. // If we do nothing, String will assert on overflow soon. // TODO: Terminate all transactions with huge XFF? diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-6.4/src/ip/Address.cc new/squid-6.6/src/ip/Address.cc --- old/squid-6.4/src/ip/Address.cc 2023-10-21 00:40:41.000000000 +0200 +++ new/squid-6.6/src/ip/Address.cc 2023-12-07 02:36:15.000000000 +0100 @@ -623,7 +623,7 @@ && dst->ai_protocol == 0) dst->ai_protocol = IPPROTO_UDP; - if (force == AF_INET6 || (force == AF_UNSPEC && Ip::EnableIpv6 && isIPv6()) ) { + if (force == AF_INET6 || (force == AF_UNSPEC && isIPv6()) ) { dst->ai_addr = (struct sockaddr*)new sockaddr_in6; memset(dst->ai_addr,0,sizeof(struct sockaddr_in6)); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-6.4/src/ip/Intercept.cc new/squid-6.6/src/ip/Intercept.cc --- old/squid-6.4/src/ip/Intercept.cc 2023-10-21 00:40:41.000000000 +0200 +++ new/squid-6.6/src/ip/Intercept.cc 2023-12-07 02:36:15.000000000 +0100 @@ -15,6 +15,7 @@ #include "comm/Connection.h" #include "fde.h" #include "ip/Intercept.h" +#include "ip/tools.h" #include "src/tools.h" #include <cerrno> @@ -416,6 +417,13 @@ debugs(3, 3, "Detect TPROXY support on port " << test); + if (!Ip::EnableIpv6 && test.isIPv6() && !test.setIPv4()) { + debugs(3, DBG_CRITICAL, "Cannot use TPROXY for " << test << " because IPv6 support is disabled"); + if (doneSuid) + leave_suid(); + return false; + } + int tos = 1; int tmp_sock = -1; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-6.4/src/ipc.cc new/squid-6.6/src/ipc.cc --- old/squid-6.4/src/ipc.cc 2023-10-21 00:40:41.000000000 +0200 +++ new/squid-6.6/src/ipc.cc 2023-12-07 02:36:15.000000000 +0100 @@ -22,6 +22,11 @@ #include <chrono> #include <thread> +#include <cstdlib> + +#if HAVE_UNISTD_H +#include <unistd.h> +#endif static const char *hello_string = "hi there\n"; #ifndef HELLO_BUF_SZ @@ -362,6 +367,22 @@ } PutEnvironment(); + + // A dup(2) wrapper that reports and exits the process on errors. The + // exiting logic is only suitable for this child process context. + const auto dupOrExit = [prog,name](const int oldFd) { + const auto newFd = dup(oldFd); + if (newFd < 0) { + const auto savedErrno = errno; + debugs(54, DBG_CRITICAL, "ERROR: Helper process initialization failure: " << name << + Debug::Extra << "helper (CHILD) PID: " << getpid() << + Debug::Extra << "helper program name: " << prog << + Debug::Extra << "dup(2) system call error for FD " << oldFd << ": " << xstrerr(savedErrno)); + _exit(EXIT_FAILURE); + } + return newFd; + }; + /* * This double-dup stuff avoids problems when one of * crfd, cwfd, or debug_log are in the rage 0-2. @@ -369,17 +390,16 @@ do { /* First make sure 0-2 is occupied by something. Gets cleaned up later */ - x = dup(crfd); - assert(x > -1); - } while (x < 3 && x > -1); + x = dupOrExit(crfd); + } while (x < 3); close(x); - t1 = dup(crfd); + t1 = dupOrExit(crfd); - t2 = dup(cwfd); + t2 = dupOrExit(cwfd); - t3 = dup(fileno(debug_log)); + t3 = dupOrExit(fileno(debug_log)); assert(t1 > 2 && t2 > 2 && t3 > 2); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-6.4/src/log/DB/log_db_daemon.8 new/squid-6.6/src/log/DB/log_db_daemon.8 --- old/squid-6.4/src/log/DB/log_db_daemon.8 2023-10-21 14:47:16.000000000 +0200 +++ new/squid-6.6/src/log/DB/log_db_daemon.8 2023-12-07 04:33:22.000000000 +0100 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "LOG_DB_DAEMON 8" -.TH LOG_DB_DAEMON 8 "2023-10-21" "perl v5.36.0" "User Contributed Perl Documentation" +.TH LOG_DB_DAEMON 8 "2023-12-07" "perl v5.36.0" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-6.4/src/log/DB/log_db_daemon.pl.in new/squid-6.6/src/log/DB/log_db_daemon.pl.in --- old/squid-6.4/src/log/DB/log_db_daemon.pl.in 2023-10-21 00:40:41.000000000 +0200 +++ new/squid-6.6/src/log/DB/log_db_daemon.pl.in 2023-12-07 02:36:15.000000000 +0100 @@ -392,7 +392,7 @@ ); # perform db connection -my $dsn = "DBI:mysql:database=$database" . ($host ne "localhost" ? ":$host" : ""); +my $dsn = "DBI:mysql:database=$database" . ($host ne "localhost" ? ";host=$host" : ""); my $dbh; my $sth; eval { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-6.4/src/mem/old_api.cc new/squid-6.6/src/mem/old_api.cc --- old/squid-6.4/src/mem/old_api.cc 2023-10-21 00:40:41.000000000 +0200 +++ new/squid-6.6/src/mem/old_api.cc 2023-12-07 02:36:15.000000000 +0100 @@ -414,7 +414,7 @@ new_pool_limit = Config.MemPools.limit; else { if (Config.MemPools.limit == 0) - debugs(13, DBG_IMPORTANT, "memory_pools_limit 0 has been chagned to memory_pools_limit none. Please update your config"); + debugs(13, DBG_IMPORTANT, "memory_pools_limit 0 has been changed to memory_pools_limit none. Please update your config"); new_pool_limit = -1; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-6.4/src/peer_digest.cc new/squid-6.6/src/peer_digest.cc --- old/squid-6.4/src/peer_digest.cc 2023-10-21 00:40:41.000000000 +0200 +++ new/squid-6.6/src/peer_digest.cc 2023-12-07 02:36:15.000000000 +0100 @@ -396,11 +396,11 @@ return; } - assert(fetch->pd && receivedData.data); + assert(fetch->pd); /* The existing code assumes that the received pointer is * where we asked the data to be put */ - assert(fetch->buf + fetch->bufofs == receivedData.data); + assert(!receivedData.data || fetch->buf + fetch->bufofs == receivedData.data); /* Update the buffer size */ fetch->bufofs += receivedData.length; @@ -682,7 +682,7 @@ } /* continue checking (maybe-successful eof case) */ - if (!reason && !size) { + if (!reason && !size && fetch->state != DIGEST_READ_REPLY) { if (!pd->cd) reason = "null digest?!"; else if (fetch->mask_offset != pd->cd->mask_size) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-6.4/src/security/cert_validators/fake/security_fake_certverify.8 new/squid-6.6/src/security/cert_validators/fake/security_fake_certverify.8 --- old/squid-6.4/src/security/cert_validators/fake/security_fake_certverify.8 2023-10-21 14:47:16.000000000 +0200 +++ new/squid-6.6/src/security/cert_validators/fake/security_fake_certverify.8 2023-12-07 04:33:22.000000000 +0100 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SECURITY_FAKE_CERTVERIFY 8" -.TH SECURITY_FAKE_CERTVERIFY 8 "2023-10-21" "perl v5.36.0" "User Contributed Perl Documentation" +.TH SECURITY_FAKE_CERTVERIFY 8 "2023-12-07" "perl v5.36.0" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-6.4/src/servers/Server.cc new/squid-6.6/src/servers/Server.cc --- old/squid-6.4/src/servers/Server.cc 2023-10-21 00:40:41.000000000 +0200 +++ new/squid-6.6/src/servers/Server.cc 2023-12-07 02:36:15.000000000 +0100 @@ -204,8 +204,14 @@ Must(io.conn->fd == clientConnection->fd); - if (io.flag && pipeline.front()) - pipeline.front()->initiateClose("write failure"); + if (io.flag) { + debugs(33, 2, "bailing after a write failure: " << xstrerr(io.xerrno)); + LogTagsErrors lte; + lte.timedout = io.xerrno == ETIMEDOUT; + lte.aborted = !lte.timedout; // intentionally true for zero io.xerrno + terminateAll(Error(ERR_WRITE_ERROR, SysErrorDetail::NewIfAny(io.xerrno)), lte); + return; + } afterClientWrite(io.size); // update state writeSomeData(); // maybe schedules another write diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-6.4/src/stmem.cc new/squid-6.6/src/stmem.cc --- old/squid-6.4/src/stmem.cc 2023-10-21 00:40:41.000000000 +0200 +++ new/squid-6.6/src/stmem.cc 2023-12-07 02:36:15.000000000 +0100 @@ -95,8 +95,6 @@ break; } - assert (lowestOffset () <= target_offset); - return lowestOffset (); } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-6.4/src/store/id_rewriters/file/storeid_file_rewrite.8 new/squid-6.6/src/store/id_rewriters/file/storeid_file_rewrite.8 --- old/squid-6.4/src/store/id_rewriters/file/storeid_file_rewrite.8 2023-10-21 14:47:14.000000000 +0200 +++ new/squid-6.6/src/store/id_rewriters/file/storeid_file_rewrite.8 2023-12-07 04:33:20.000000000 +0100 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "STOREID_FILE_REWRITE 8" -.TH STOREID_FILE_REWRITE 8 "2023-10-21" "perl v5.36.0" "User Contributed Perl Documentation" +.TH STOREID_FILE_REWRITE 8 "2023-12-07" "perl v5.36.0" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-6.4/src/store_client.cc new/squid-6.6/src/store_client.cc --- old/squid-6.4/src/store_client.cc 2023-10-21 00:40:41.000000000 +0200 +++ new/squid-6.6/src/store_client.cc 2023-12-07 02:36:15.000000000 +0100 @@ -163,6 +163,16 @@ result = parsingBuffer->packBack(); result.flags.error = object_ok ? 0 : 1; + // TODO: Move object_ok handling above into this `if` statement. + if (object_ok) { + // works for zero hdr_sz cases as well; see also: nextHttpReadOffset() + discardableHttpEnd_ = NaturalSum<int64_t>(entry->mem().baseReply().hdr_sz, result.offset, result.length).value(); + } else { + // object_ok is sticky, so we will not be able to use any response bytes + discardableHttpEnd_ = entry->mem().endOffset(); + } + debugs(90, 7, "with " << result << "; discardableHttpEnd_=" << discardableHttpEnd_); + // no HTTP headers and no body bytes (but not because there was no space) atEof_ = !sendingHttpHeaders() && !result.length && copyInto.length; @@ -265,6 +275,9 @@ parsingBuffer.emplace(copyInto); + discardableHttpEnd_ = nextHttpReadOffset(); + debugs(90, 7, "discardableHttpEnd_=" << discardableHttpEnd_); + static bool copying (false); assert (!copying); copying = true; @@ -396,8 +409,9 @@ return; // failure } - // send any immediately available body bytes even if we also sendHttpHeaders - if (canReadFromMemory()) { + // Send any immediately available body bytes unless we sendHttpHeaders. + // TODO: Send those body bytes when we sendHttpHeaders as well. + if (!sendHttpHeaders && canReadFromMemory()) { readFromMemory(); noteNews(); // will sendHttpHeaders (if needed) as well flags.store_copying = false; @@ -483,6 +497,7 @@ { const auto &mem = entry->mem(); const auto memReadOffset = nextHttpReadOffset(); + // XXX: This (lo <= offset < end) logic does not support Content-Range gaps. return mem.inmem_lo <= memReadOffset && memReadOffset < mem.endOffset() && parsingBuffer->spaceSize(); } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-6.4/src/time/rfc1123.cc new/squid-6.6/src/time/rfc1123.cc --- old/squid-6.4/src/time/rfc1123.cc 2023-10-21 00:40:41.000000000 +0200 +++ new/squid-6.6/src/time/rfc1123.cc 2023-12-07 02:36:15.000000000 +0100 @@ -50,7 +50,13 @@ char month[3]; month[0] = xtoupper(*s); + if (!month[0]) + return -1; // protects *(s + 1) below + month[1] = xtolower(*(s + 1)); + if (!month[1]) + return -1; // protects *(s + 2) below + month[2] = xtolower(*(s + 2)); for (i = 0; i < 12; i++) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/squid-6.4/tools/helper-mux/helper-mux.8 new/squid-6.6/tools/helper-mux/helper-mux.8 --- old/squid-6.4/tools/helper-mux/helper-mux.8 2023-10-21 14:47:17.000000000 +0200 +++ new/squid-6.6/tools/helper-mux/helper-mux.8 2023-12-07 04:33:23.000000000 +0100 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "HELPER-MUX 8" -.TH HELPER-MUX 8 "2023-10-21" "perl v5.36.0" "User Contributed Perl Documentation" +.TH HELPER-MUX 8 "2023-12-07" "perl v5.36.0" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l ++++++ squid-6.4.tar.xz.asc -> squid-6.6.tar.xz.asc ++++++ --- /work/SRC/openSUSE:Factory/squid/squid-6.4.tar.xz.asc 2023-11-02 20:22:34.478274646 +0100 +++ /work/SRC/openSUSE:Factory/.squid.new.28375/squid-6.6.tar.xz.asc 2024-01-03 12:26:39.339132441 +0100 @@ -1,25 +1,25 @@ -File: squid-6.4.tar.xz -Date: Sat 21 Oct 2023 12:51:05 UTC -Size: 2553476 -MD5 : 8031857fd54fad4a7b4f4db4d44aa761 -SHA1: 23733fc08ed7a76d7e19877a4e04c105222b6cec +File: squid-6.6.tar.xz +Date: Thu 07 Dec 2023 04:03:46 UTC +Size: 2554824 +MD5 : 5a41134ee1b7e75f62088acdec92d2ca +SHA1: f05e06a9dd3bf7501d2844e43d9ae1bd00e9edcc Key : CD6DBF8EF3B17D3E <squid3@treenet.co.nz> B068 84ED B779 C89B 044E 64E3 CD6D BF8E F3B1 7D3E keyring = http://www.squid-cache.org/pgp.asc keyserver = pool.sks-keyservers.net -----BEGIN PGP SIGNATURE----- -iQIzBAABCgAdFiEEsGiE7bd5yJsETmTjzW2/jvOxfT4FAmUzyUEACgkQzW2/jvOx -fT4IBw/9GrNFjQTgyNSlcDGhRwI1DQzANOId9Aj51TNbwBTs/CPnfISwOBq2Y6IH -wOfQaRxl0T4f5Mkj4xAimPKYz4qDe+JjQNN/IzX0O9ngMX4f4gHpuWqelHKU+732 -QZjqMunf2nLnWtpENsEPL0REYISy/nu0w8cZm3vUfiqwvc32/cDdPIYFCWbIdg/H -7dpOhNgvgNYGrUSfBBkUeH1B2XCf8hkBhidMRAh/vyg4RQSKAs5F0Mx8gW6lLS06 -3dfHXuTP4AsF4MZh1YFe385oFl0uO1liaaXB41+TT8k0s0CrEnJKNabT9FQ/EUhG -K2cV/9oEBU2Z72RujwVapwdbDPbAwlhbnM/34sYAAVo1/Zil1Ucu1irb9WMuaffB -H2GZiu0naiAbILJkAjz5/n2jXxvgiOM3So3vQQm8BaH13KLlPiVkonoICxBZD2rN -Z134qMo/VHT05GOFZR/eZ8UBAVkdRWx16kGe/BaflDwQdGToYNnJSisc2rKH+jxY -KMNpe7vtE8VkyBqh/qmZA0XLH4uY1ve/tduDdwRRZeYRfrd+wi7ejwzUhDvjQSie -3W6rBsW1gfVXYOKvz+lss3AvHjlyTQ1TW3dkm4VHnIRWfNi55vCmQaJ8ye4UUpcg -G0JS4nepLyyH/4rXBbxylFMPMSa1XhMOtPmpnvL4XDp3wXxSYbE= -=aGhF +iQIzBAABCgAdFiEEsGiE7bd5yJsETmTjzW2/jvOxfT4FAmVxRCsACgkQzW2/jvOx +fT5VtQ/+M+mhaGYCp9YBi1GG9vyQwkkIyngL3vPpz7UxZHAR+mzk29zwlgdDgwWA +Zasaomg8S1Clq2dhNr7oo6RuZ7mKlhEeHba2WvL+1/VcBsPnazUwzYQiW7k9KxYe +n1At62duit+YnswTNnj6HJRKKK0nKlPmJycL1AThh9Tj6oHTsWBCItnSZ5eUjGX0 +aKiMrkrHtq3qheWkVZPCJEFDs88ECDrJD7s9cpAhun+/0v+4ECE65uJ2bZHK4f/E +TH5OIf8vltEB8sA/SSanMM/C+gZObET3TssrgHz92j0svMOlALLtitb0aHly21JV +fEKB200Ngac2y6rq3xDNiznmMn+SeCNUsiDcdauCrsUHNW9S9FhOxeWXy/Z7JK4A +mqVnnqvN9GFvv2EEC8J9lj+cwGOdaSW6L2aPVkub8Ij5O+e2Tg+uBm4ZC8vcACYz ++1oo8YyvcfO9EmNRE0vpFTWH9Ux5ptgdvsIxv41QN40RUYN7FBbOgey59mP3uq2Q +0g/b8lr1PnrwB74OrVGcXLwREFLXtkRC9vcdNjvdchCg60KlBNWEPSGJA2adS8HJ +4AGyVpU8GCpV3q74rJxIG6FUffL85CfT+1HRmQhzYiGJDzy1AaUJmcelyS4e6cjn +urAWH3mlAaPzj87OuaeZYGAZMWh/5iAarU+VHkZn6vI2Mvl9yMA= +=oyMI -----END PGP SIGNATURE-----