Hello community,
here is the log from the commit of package squid3 for openSUSE:Factory
checked in at Tue Sep 1 23:09:10 CEST 2009.
--------
--- squid3/squid3.changes 2009-06-10 16:55:43.000000000 +0200
+++ squid3/squid3.changes 2009-09-01 10:04:29.000000000 +0200
@@ -1,0 +2,131 @@
+Tue Sep 1 10:04:02 CEST 2009 - coolo@novell.com
+
+- remove outdated patches
+
+-------------------------------------------------------------------
+Mon Aug 31 10:30:54 CEST 2009 - coolo@novell.com
+
+- merge factory changes with buildservice
+
+-------------------------------------------------------------------
+Sun Aug 30 20:03:46 UTC 2009 - aj@suse.de
+
+- Fix patch numbering for rpm 4.7.
+
+-------------------------------------------------------------------
+Wed Aug 26 12:53:54 CEST 2009 - mls@suse.de
+
+- make patch0 usage consistent
+
+-------------------------------------------------------------------
+Fri Aug 21 13:27:52 UTC 2009 - chris@computersalat.de
+
+- added upstream patches
+ o b9095, b9096
+
+-------------------------------------------------------------------
+Sat Aug 15 16:26:30 CEST 2009 - chris@computersalat.de
+
+- added upstream patches
+ o b9089 - b9094
+ o disabled b9089,b9090,b9092 cause can not patch inexistent file
+
+-------------------------------------------------------------------
+Tue Aug 11 11:10:13 UTC 2009 - chris@computersalat.de
+
+- new version 3.0.STABLE18:
+ * Bug 2728: regression: assertion failed: !eof
+ * Bug 2732: reply_body_max_size smaller than error page loops
+ infinitely until out of memory
+ * Bug 2725: pconn failure if domain or client_address are unset
+ * Bug 2648: reserved helpers not shut down after reconfigure/rotate
+ * Bug 2462: make check should tell when cppunit is missing
+ * Remove excess messages about headers < minimum size
+ * Support Libtool 2.2.6
+- Changes to squid-3.0.STABLE17 (27 Jul 2009):
+ * Bug 2680 regression: Crash after rotate with no helpers running
+ * Bug 2710: squid_kerb_auth non-terminated string
+ * Bug 2679: strsep and strtoll detection failure
+ * Bug 2674: Remove limit on HTTP headers read.
+ * Bug 2659: String length overflows on append, leading to segfaults
+ * Bug 2620: Invalid HTTP response codes causes segfault
+ * Bug 2080: wbinfo_group.pl - false positive under certain conditions
+ * Bug 1087: ESI processor not quoting attributes correctly.
+ * Fix: issue with AUFS/UFS/DiskD writing objects to disk cache
+ * Several small build issues with previous release.
+ for full changes list, see:
+ http://www.squid-cache.org/Versions/v3/3.0/squid-3.0.STABLE18-RELEASENOTES.h...
+- removed squid-3.0.STABLE16-gcc_warn_kerb_auth.patch
+- removed changed, deprectated configure options
+ o deprecated:
+ --enable-poll
+ o changed to default:
+ --enable-htcp
+ --enable-snmp
+
+-------------------------------------------------------------------
+Sat Jul 25 19:27:34 CEST 2009 - chris@computersalat.de
+
+- spec mods
+ * removed ^----------
+ * removed ^#---------
+
+-------------------------------------------------------------------
+Thu Jul 23 18:22:09 CEST 2009 - chris@computersalat.de
+
+- new version 3.0.STABLE16:
+ * Bug 2672: cacheMemMaxSize 32-bit overflow during snmpwalk
+ * Bug 2481: Don't set expires: now in generated error responses
+ * Bug 2387: The calculation of the number of hash buckets correctly
+ * Fix infinite loop in MSNT auth helper
+ * Fix FD_SETSIZE on FreeBSD
+ * Fix stripping NT domain in squid_ldap_group
+ * Fix RADIUS auth helper build
+ * Add Translate: and Unless-Modified-Since: headers to known list
+ * Make fakeauth handle NTLMv2 better
+ * Better Kerberos support detection
+ * Several Widows port fixes
+- Changes to squid-3.0.STABLE16-RC1 (16 May 2009):
+ * Bug 1148: Ported from 3.1: Chunked Transfer Encoding
+ * Bug 2648: NTLM helpers not shutting down when deferred
+- Changes to squid-3.0.STABLE15 (06 May 2009):
+ * Regression Bug 2635: Incorrect Max-Forwards header type
+ * Bug 2652: 'Success' error on CONNECT requests
+ * Bug 2625: IDENT receiving errors
+ * Bug 2610: ipfilter support detection
+ * Bug 2578: FTP download resume failure
+ * Bug 2536: %H on HTTPS error pages
+ * Bug 2491: assertion "age >= 0"
+ * Bug 2276: too many NTLM helpers running
+ * Endian system and compiler fixes provided by the NetBSD project
+ * documentation fixes provided by the Debian project
+- Changes to squid-3.0.STABLE14 (11 Apr 2009):
+ * Regression Fix: HTTP/0.9 in accelerator mode
+ * Bug 1232: cache_dir parameter limited to only 63 entries
+ * Bug 1868: support HTTP 207 status
+ * Bug 2518: assertion failure on restart/reconfigure
+ * Bug 2588: coredump in rDNS lookup
+ * Bug 2595: Out of bounds memory write in squid_kerb_auth
+ * Bug 2599: Idempotent start
+ * Bug 2605: Prevent setsid() on helpers in daemon mode
+ * Fix external_acl_type option parsing
+ * Fix delay pools counters on FTP
+ * Fix several issues with ident (some remain)
+ * Fix performance issues with persistent connections
+ * Fix performance issues with delay pools
+ * Fix forwarding of OPTIONS requests
+ * Add support for HTTP 1.1 Content-Disposition header
+ * Add support for Windows 7, Windows Server 2008 R2 and later
+ * ... and many small documentation updates
+ for full changes list, see:
+ http://www.squid-cache.org/Versions/v3/3.0/squid-3.0.STABLE16-RELEASENOTES.h...
+- reworked gcc_warn_kerb_auth
+ * was partially added
+- added after RELEASE patches
+ * b9052 - b9067
+ for full changes list, see:
+ http://www.squid-cache.org/Versions/v3/3.0/changesets/SQUID_3_0_STABLE16.htm...
+- some spec mods
+ * removed {rel}
+
+-------------------------------------------------------------------
@@ -6,0 +138,28 @@
+Sun May 3 15:34:27 CEST 2009 - chris@computersalat.de
+
+- some spec fixes
+
+-------------------------------------------------------------------
+Thu Feb 19 19:53:26 UTC 2009 - chris@computersalat.de
+
+- new version 3.0.STABLE13:
+ * following patches removed from build
+ * b8898.patch
+ * b8900.patch
+ * b8902.patch
+ * b8904.patch
+ * b8905.patch
+ * b8906.patch
+ * b8907.patch
+- some rpmlint fixes
+
+-------------------------------------------------------------------
+Wed Feb 18 12:37:05 UTC 2009 - chris@computersalat.de
+
+- fixed failing fillup
+- fixed expansion error for SLES_9
+- added KRB5_KTNAME to sysconfig file
+ mods to init script
+- added README.kerberos
+
+-------------------------------------------------------------------
@@ -9 +168 @@
-- update to squid-3.0.STABLE23 with these fixes:
+- update to squid-3.0.STABLE13 with these fixes:
calling whatdependson for head-i586
Old:
----
squid-3.0-strchr.patch
squid-3.0.STABLE12-RELEASENOTES.html
squid-3.0.STABLE12.tar.bz2
squid-3.0.STABLE8-gcc_warn_kerb_auth.patch
New:
----
README.kerberos
b9091.patch
b9093.patch
b9094.patch
b9095.patch
b9096.patch
squid-3.0.STABLE18-RELEASENOTES.html
squid-3.0.STABLE18.tar.bz2
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ squid3.spec ++++++
--- /var/tmp/diff_new_pack.fEDeUT/_old 2009-09-01 23:05:05.000000000 +0200
+++ /var/tmp/diff_new_pack.fEDeUT/_new 2009-09-01 23:05:05.000000000 +0200
@@ -1,5 +1,5 @@
#
-# spec file for package squid3 (Version 3.0.STABLE12)
+# spec file for package squid3 (Version 3.0.STABLE18)
#
# Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
@@ -15,19 +15,21 @@
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
+# norootforbuild
+%define squidlibdir %{_libdir}/squid
+%define squidconfdir /etc/squid
+#Distribution: %dist
+#Packager: %packager
+#Vendor: %vendor
Name: squid3
-BuildRequires: db-devel expat gcc-c++ krb5-devel libexpat-devel libxml2-devel
-BuildRequires: openldap2-devel opensp-devel pam-devel sharutils
Summary: Squid Version 3 WWW Proxy Server
-Version: 3.0.STABLE12
-Release: 2
+Version: 3.0.STABLE18
+Release: 1
License: GPL v2 or later
Url: http://www.squid-cache.org/Versions/v3
Group: Productivity/Networking/Web/Proxy
-Requires: logrotate
-Provides: http_proxy
PreReq: permissions
Conflicts: squid squid2 squid23 squid-beta
Obsoletes: squid-beta squid2
@@ -43,6 +45,7 @@
Source7: squid.logrotate
Source9: squid.permissions
Source10: squid.sysconfig
+Source11: README.kerberos
Patch0: squid3-3.0.STABLE1-config.patch
#
# the following patches are downloaded directly from the webserver
@@ -51,87 +54,28 @@
# please read every file if there is interest about what the patch changes
# or just visit: http://www.squid-cache.org/Versions/v3/3.0/changesets/
#
-# Patch01: http://www.squid-cache.org/Versions/v3/3.0/changesets/
-# Patch02: http://www.squid-cache.org/Versions/v3/3.0/changesets/
-# Patch03: http://www.squid-cache.org/Versions/v3/3.0/changesets/
-# Patch04: http://www.squid-cache.org/Versions/v3/3.0/changesets/
-# Patch05: http://www.squid-cache.org/Versions/v3/3.0/changesets/
-# Patch06: http://www.squid-cache.org/Versions/v3/3.0/changesets/
-# Patch07: http://www.squid-cache.org/Versions/v3/3.0/changesets/
-# Patch08: http://www.squid-cache.org/Versions/v3/3.0/changesets/
-# Patch09: http://www.squid-cache.org/Versions/v3/3.0/changesets/
-# Patch10: http://www.squid-cache.org/Versions/v3/3.0/changesets/
-# Patch11: http://www.squid-cache.org/Versions/v3/3.0/changesets/
-# Patch12: http://www.squid-cache.org/Versions/v3/3.0/changesets/
-# Patch13: http://www.squid-cache.org/Versions/v3/3.0/changesets/
-# Patch14: http://www.squid-cache.org/Versions/v3/3.0/changesets/
-# Patch15: http://www.squid-cache.org/Versions/v3/3.0/changesets/
-# Patch16: http://www.squid-cache.org/Versions/v3/3.0/changesets/
-# Patch17: http://www.squid-cache.org/Versions/v3/3.0/changesets/
-# Patch18: http://www.squid-cache.org/Versions/v3/3.0/changesets/
-# Patch19: http://www.squid-cache.org/Versions/v3/3.0/changesets/
-# Patch20: http://www.squid-cache.org/Versions/v3/3.0/changesets/
-# Patch21: http://www.squid-cache.org/Versions/v3/3.0/changesets/
-# Patch22: http://www.squid-cache.org/Versions/v3/3.0/changesets/
-# Patch23: http://www.squid-cache.org/Versions/v3/3.0/changesets/
-# Patch24: http://www.squid-cache.org/Versions/v3/3.0/changesets/
-# Patch25: http://www.squid-cache.org/Versions/v3/3.0/changesets/
-# Patch26: http://www.squid-cache.org/Versions/v3/3.0/changesets/
-# Patch27: http://www.squid-cache.org/Versions/v3/3.0/changesets/
-# Patch28: http://www.squid-cache.org/Versions/v3/3.0/changesets/
-# Patch29: http://www.squid-cache.org/Versions/v3/3.0/changesets/
-# Patch30: http://www.squid-cache.org/Versions/v3/3.0/changesets/
-# Patch31: http://www.squid-cache.org/Versions/v3/3.0/changesets/
-# Patch32: http://www.squid-cache.org/Versions/v3/3.0/changesets/
-# Patch33: http://www.squid-cache.org/Versions/v3/3.0/changesets/
-# Patch34: http://www.squid-cache.org/Versions/v3/3.0/changesets/
-# Patch35: http://www.squid-cache.org/Versions/v3/3.0/changesets/
-# Patch36: http://www.squid-cache.org/Versions/v3/3.0/changesets/
-# Patch37: http://www.squid-cache.org/Versions/v3/3.0/changesets/
-# Patch38: http://www.squid-cache.org/Versions/v3/3.0/changesets/
-# Patch39: http://www.squid-cache.org/Versions/v3/3.0/changesets/
-# Patch40: http://www.squid-cache.org/Versions/v3/3.0/changesets/
-# Patch41: http://www.squid-cache.org/Versions/v3/3.0/changesets/
-# Patch42: http://www.squid-cache.org/Versions/v3/3.0/changesets/
-# Patch43: http://www.squid-cache.org/Versions/v3/3.0/changesets/
-# Patch44: http://www.squid-cache.org/Versions/v3/3.0/changesets/
-# Patch45: http://www.squid-cache.org/Versions/v3/3.0/changesets/
-# Patch46: http://www.squid-cache.org/Versions/v3/3.0/changesets/
-# Patch47: http://www.squid-cache.org/Versions/v3/3.0/changesets/
-# Patch48: http://www.squid-cache.org/Versions/v3/3.0/changesets/
-# Patch49: http://www.squid-cache.org/Versions/v3/3.0/changesets/
-# Patch50: http://www.squid-cache.org/Versions/v3/3.0/changesets/
-# Patch51: http://www.squid-cache.org/Versions/v3/3.0/changesets/
-# Patch52: http://www.squid-cache.org/Versions/v3/3.0/changesets/
-# Patch53: http://www.squid-cache.org/Versions/v3/3.0/changesets/
-# Patch54: http://www.squid-cache.org/Versions/v3/3.0/changesets/
-# Patch55: http://www.squid-cache.org/Versions/v3/3.0/changesets/
-# Patch56: http://www.squid-cache.org/Versions/v3/3.0/changesets/
-# Patch57: http://www.squid-cache.org/Versions/v3/3.0/changesets/
-# Patch58: http://www.squid-cache.org/Versions/v3/3.0/changesets/
-# Patch59: http://www.squid-cache.org/Versions/v3/3.0/changesets/
-# Patch60: http://www.squid-cache.org/Versions/v3/3.0/changesets/
-# Patch61: http://www.squid-cache.org/Versions/v3/3.0/changesets/
-# Patch62: http://www.squid-cache.org/Versions/v3/3.0/changesets/
-# Patch63: http://www.squid-cache.org/Versions/v3/3.0/changesets/
-# Patch64: http://www.squid-cache.org/Versions/v3/3.0/changesets/
-# Patch65: http://www.squid-cache.org/Versions/v3/3.0/changesets/
-# Patch66: http://www.squid-cache.org/Versions/v3/3.0/changesets/
-# Patch67: http://www.squid-cache.org/Versions/v3/3.0/changesets/
-# Patch68: http://www.squid-cache.org/Versions/v3/3.0/changesets/
-# Patch69: http://www.squid-cache.org/Versions/v3/3.0/changesets/
-# Patch70: http://www.squid-cache.org/Versions/v3/3.0/changesets/
+Patch3: http://www.squid-cache.org/Versions/v3/3.0/changesets/b9091.patch
+Patch5: http://www.squid-cache.org/Versions/v3/3.0/changesets/b9093.patch
+Patch6: http://www.squid-cache.org/Versions/v3/3.0/changesets/b9094.patch
+Patch7: http://www.squid-cache.org/Versions/v3/3.0/changesets/b9095.patch
+Patch8: http://www.squid-cache.org/Versions/v3/3.0/changesets/b9096.patch
#
-# Patch100: squid-3.0-gcc.patch
Patch101: squid-beta-3.0-libmxl2.patch
Patch102: squid-beta-3.0-ia64.patch
Patch103: squid-beta-3.0-openldap.patch
Patch104: squid-beta-3.0-mem_node_64bit.patch
-Patch105: squid-3.0.STABLE8-gcc_warn_kerb_auth.patch
-Patch106: squid-3.0-strchr.patch
+#Patch105: squid-3.0.STABLE16-gcc_warn_kerb_auth.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
-%define squidlibdir %{_libdir}/squid
-%define squidconfdir /etc/squid
+BuildRequires: db-devel expat gcc-c++
+%if 0%{?sles_version} == 9
+BuildRequires: heimdal-devel
+%else
+BuildRequires: krb5-devel
+%endif
+BuildRequires: libexpat-devel libxml2-devel
+BuildRequires: openldap2-devel opensp-devel pam-devel sharutils
+Requires: logrotate
+Provides: http_proxy
%description
Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and
@@ -160,104 +104,17 @@
%prep
%setup -q -n squid-%{version}
-%patch -p1
-# %patch1 -p0
-# %patch2 -p0
-# %patch3 -p0
-# %patch4 -p0
-# %patch5 -p0
-# %patch6 -p0
-# %patch7 -p0
-# %patch8 -p0
-# %patch9 -p0
-# %patch10 -p1
-# %patch11 -p1
-# %patch12 -p1
-# %patch13 -p1
-# %patch14 -p1
-# %patch15 -p1
-# %patch16 -p1
-# %patch17 -p1
-# %patch18 -p1
-# %patch19 -p1
-# %patch20 -p1
-# %patch21 -p1
-# %patch22 -p1
-# %patch23 -p1
-# %patch24 -p1
-# %patch25 -p1
-# %patch26 -p1
-# %patch27 -p1
-# %patch28 -p1
-# %patch29 -p1
-# %patch30 -p1
-# %patch31 -p1
-# %patch32 -p1
-# %patch33 -p1
-# %patch34 -p1
-# %patch35 -p1
-# %patch36 -p1
-# %patch37 -p1
-# %patch38 -p1
-# %patch39 -p1
-# %patch40 -p1
-# %patch41 -p1
-# %patch42 -p1
-# %patch43 -p1
-# %patch44 -p1
-# %patch45 -p1
-# %patch46 -p1
-# %patch47 -p1
-# %patch48 -p1
-# %patch49 -p1
-# %patch50 -p1
-# %patch51 -p1
-# %patch52 -p1
-# %patch53 -p1
-# %patch54 -p1
-# %patch55 -p1
-# %patch56 -p1
-# %patch57 -p1
-# %patch58 -p1
-# %patch59 -p1
-# %patch60 -p1
-# %patch61 -p1
-# %patch62 -p1
-# %patch63 -p1
-# %patch64 -p1
-# %patch65 -p1
-# %patch66 -p1
-# %patch67 -p1
-# %patch68 -p1
-# %patch69 -p1
-# %patch70 -p1
-# %patch71 -p1
-# %patch72 -p1
-# %patch73 -p1
-# %patch74 -p1
-# %patch75 -p1
-# %patch76 -p1
-# %patch77 -p1
-# %patch78 -p1
-# %patch79 -p1
-# %patch80 -p1
-# %patch81 -p1
-# %patch82 -p1
-# %patch83 -p1
-# %patch84 -p1
-# %patch85 -p1
-# %patch86 -p1
-# %patch87 -p1
-# %patch88 -p1
-# %patch89 -p1
-# %patch90 -p1
-# %patch91 -p1
-# %patch92 -p1
-# %patch93 -p1
-# %patch94 -p1
-# %patch95 -p1
-# %patch96 -p1
-# %patch100 -p1
+%{__cp} %{S:11} .
+%patch0 -p1
+# can not patch inexistent file
+#%patch1 -p0
+#%patch2 -p0
+%patch3 -p0
+#%patch4 -p0
+%patch5 -p0
+%patch6 -p0
+%patch7 -p0
+%patch8 -p0
%patch101 -p1
perl -p -i -e 's|SAMBAPREFIX=/usr/local/samba|SAMBAPREFIX=/usr|' helpers/basic_auth/SMB/Makefile.in
perl -p -i -e 's|SAMBAPREFIX=/usr/local/samba|SAMBAPREFIX=/usr|' helpers/ntlm_auth/SMB/Makefile.in
@@ -267,8 +124,7 @@
%endif
%patch103 -p1
%patch104 -p1
-%patch105 -p1
-%patch106
+#%patch105 -p1
chmod a-x CREDITS
%build
@@ -296,13 +152,10 @@
--enable-useragent-log \
--enable-referer-log \
--enable-kill-parent-hack \
- --enable-snmp \
--enable-arp-acl \
- --enable-htcp \
--enable-ssl \
--enable-forw-via-db \
--enable-cache-digests \
- --enable-poll \
--enable-linux-netfilter \
--with-large-files \
--enable-underscores \
@@ -316,6 +169,14 @@
--enable-stacktraces \
--enable-x-accelerator-vary \
--with-default-user=squid
+## Deprecated
+# --enable-poll \
+# Deprecated. Automatic checks will enable best I/O loop method available.
+#
+## changed to default, use --deisable-* to build without
+# --enable-htcp \
+# --enable-snmp \
+#####
# problematic options
# --enable-truncate \
# overwrite the number of open filedescriptors of configure to 4096
@@ -381,9 +242,6 @@
# remove unpackaged files
rm -f $RPM_BUILD_ROOT/usr/man/man8/*.8
-%clean
-rm -rf $RPM_BUILD_ROOT
-
%pre
/usr/sbin/useradd -r -o -g nogroup -u 31 -s /bin/false -c "WWW-proxy squid" \
-d /var/cache/squid squid 2> /dev/null || :
@@ -391,13 +249,13 @@
%post
%run_permissions
# update mode?
-if [ $1 -gt 1 ]; then
+if [ "$1" > "1" ]; then
if [ -e etc/squid.conf -a ! -L etc/squid.conf -a ! -e etc/squid/squid.conf ]; then
echo "moving /etc/squid.conf to /etc/squid/squid.conf"
mv etc/squid.conf etc/squid/squid.conf
fi
fi
-%{fillup_and_insserv -n squid squid}
+%{fillup_and_insserv -n "squid"}
%preun
%stop_on_removal squid
@@ -407,11 +265,16 @@
%insserv_cleanup
%verifyscript
%verify_permissions -e /usr/sbin/pam_auth
+#----------------------------------------------------------------------------------
+
+%clean
+#----------------------------------------------------------------------------------
+%{__rm} -rf $RPM_BUILD_ROOT
%files
%defattr(-,root,root)
-%attr(750,squid,root) %dir /var/cache/squid
-%attr(750,squid,root) %dir /var/log/squid
+%attr(750,squid,root) %dir /var/cache/squid/
+%attr(750,squid,root) %dir /var/log/squid/
%dir %{squidconfdir}
%config(noreplace) %{squidconfdir}/squid.conf
%config(noreplace) %{squidconfdir}/cachemgr.conf
@@ -419,12 +282,12 @@
%config(noreplace) /etc/logrotate.d/squid
%config(noreplace) %{squidconfdir}/mime.conf
%config(noreplace) %{squidconfdir}/msntauth.conf
-%{squidconfdir}/cachemgr.conf.default
-%{squidconfdir}/msntauth.conf.default
-%{squidconfdir}/squid.conf.default
+%config %{squidconfdir}/cachemgr.conf.default
+%config %{squidconfdir}/msntauth.conf.default
+%config %{squidconfdir}/squid.conf.default
%config /etc/pam.d/squid
%config /etc/init.d/squid
-/etc/permissions.d/squid
+%config /etc/permissions.d/squid
%dir /usr/share/squid
/usr/share/squid/errors
/usr/share/squid/icons
@@ -468,6 +331,7 @@
%doc %{_mandir}/man*/*
%doc CONTRIBUTORS COPYING COPYRIGHT CREDITS ChangeLog
%doc QUICKSTART README RELEASENOTES.html SPONSORS
+%doc README.kerberos
%doc doc/contrib doc/scripts
%doc doc/debug-sections.txt src/squid.conf.default
#%doc README.squid_ldapauth CREDITS.squid_ldapauth
++++++ README.kerberos ++++++
This is the README.kerberos file
to have squid negotiate/authenticate via kerberos
any addons are very welcome
comments could be posted to
1) you need to add a "USER" inside your "Domain-Computers" Container
called "squid". Yes a "USER" and not a Computer.
You may use another name, but why ?
2) After having successfully created the user, you need to create a
keytab file on your WIN box.
Example: !! This is all in one line !!
ktpass -princ HTTP/squid@DOMAIN.REALM -pType KRB5_NT_PRINCIPAL \
-mapuser squid -pass * -out HTTP.keytab
3) copy over HTTP.keytab to /etc/squid/ on your linux box
4) you have to tell your browsers to negotiate via kerberos
Have a look at:
a) Internet Explorer does not support Kerberos authentication with proxy servers
http://support.microsoft.com/?scid=kb%3Ben-us%3B321728&x=19&y=14
This limitation was removed in Windows Internet Explorer 7.
If Integrated Windows Authentication is turned on in Internet Explorer
for Windows 2000 and Windows XP, you can complete Kerberos authentication
with Web servers either directly or through a proxy server. However,
Internet Explorer cannot use Kerberos to authenticate with the proxy
server itself.
b) Unable to negotiate Kerberos authentication after upgrading to Internet Explorer 6
http://support.microsoft.com/kb/299838/EN-US/
To resolve this issue, enable Internet Explorer 6 to respond to
a negotiate challenge and perform Kerberos authentication:
1. In Internet Explorer, click Internet Options on the Tools menu.
2. Click the Advanced tab, click to select the Enable
Integrated Windows Authentication (requires restart) check box
in the Security section, and then click OK.
3. Restart Internet Explorer.
Administrators can enable Integrated Windows Authentication by
setting the EnableNegotiate DWORD value to 1 in the following registry key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Note Internet Explorer 6, when used with Microsoft Windows 98,
Microsoft Windows 98 Second Edition, Microsoft Windows Millennium Edition,
and Microsoft Windows NT 4.0 does not respond to a negotiate challenge and
default to NTLM (or Windows NT Challenge/Response) authentication even if
the Enable Integrated Windows Authentication (requires restart) check
box is selected because Kerberos authentication is not available on
these operating systems.
++++++ b9091.patch ++++++
------------------------------------------------------------
revno: 9091
revision-id: squid3@treenet.co.nz-20090814045047-yn6wxok277sj2xaw
parent: squid3@treenet.co.nz-20090813004204-2xq4wrolzfpt0zmc
committer: Amos Jeffries
branch nick: SQUID_3_0
timestamp: Fri 2009-08-14 16:50:47 +1200
message:
Author: Henrik Nordstrom
Remove support for deferred state in stateful helpers
the deferred state were previously used for the challenge reuse mode
in NTLM, but is since long unused as it was both incompatible with
NTLMv2 and also not very stable for authentication.
------------------------------------------------------------
# Bazaar merge directive format 2 (Bazaar 0.90)
# revision_id: squid3@treenet.co.nz-20090814045047-yn6wxok277sj2xaw
# target_branch: http://www.squid-cache.org/bzr/squid3/branches\
# /SQUID_3_0/
# testament_sha1: e50f84b5a989b4af2b679d4599cd0363d0191e91
# timestamp: 2009-08-14 05:19:56 +0000
# source_branch: http://www.squid-cache.org/bzr/squid3/branches\
# /SQUID_3_0
# base_revision_id: squid3@treenet.co.nz-20090813004204-\
# 2xq4wrolzfpt0zmc
#
# Begin patch
=== modified file 'src/enums.h'
--- src/enums.h 2009-04-10 09:10:33 +0000
+++ src/enums.h 2009-08-14 04:50:47 +0000
@@ -374,18 +374,9 @@
typedef enum {
S_HELPER_UNKNOWN,
S_HELPER_RESERVE,
- S_HELPER_RELEASE,
- S_HELPER_DEFER
+ S_HELPER_RELEASE
} stateful_helper_callback_t;
-/* stateful helper reservation info */
-typedef enum {
- S_HELPER_FREE, /* available for requests */
- S_HELPER_RESERVED, /* in a reserved state - no active request, but state data in the helper shouldn't be disturbed */
- S_HELPER_DEFERRED /* available for requests, and at least one more will come from a previous caller with the server pointer */
-} stateful_helper_reserve_t;
-
-
#if SQUID_SNMP
enum {
SNMP_C_VIEW,
=== modified file 'src/helper.cc'
--- src/helper.cc 2009-08-02 10:29:54 +0000
+++ src/helper.cc 2009-08-14 04:50:47 +0000
@@ -56,12 +56,10 @@
static void helperStatefulDispatch(helper_stateful_server * srv, helper_stateful_request * r);
static void helperKickQueue(helper * hlp);
static void helperStatefulKickQueue(statefulhelper * hlp);
+static void helperStatefulServerDone(helper_stateful_server * srv);
static void helperRequestFree(helper_request * r);
static void helperStatefulRequestFree(helper_stateful_request * r);
static void StatefulEnqueue(statefulhelper * hlp, helper_stateful_request * r);
-static helper_stateful_request *StatefulServerDequeue(helper_stateful_server * srv);
-static void StatefulServerEnqueue(helper_stateful_server * srv, helper_stateful_request * r);
-static void helperStatefulServerKickQueue(helper_stateful_server * srv);
static bool helperStartStats(StoreEntry *sentry, void *hlp, const char *label);
@@ -249,10 +247,7 @@
helper_stateful_server *srv = cbdataAlloc(helper_stateful_server);
srv->hIpc = hIpc;
srv->pid = pid;
- srv->flags.reserved = S_HELPER_FREE;
- srv->deferred_requests = 0;
- srv->stats.deferbyfunc = 0;
- srv->stats.deferbycb = 0;
+ srv->flags.reserved = 0;
srv->stats.submits = 0;
srv->stats.releases = 0;
srv->index = k;
@@ -319,8 +314,7 @@
debugs(84, 9, "helperSubmit: " << buf);
}
-/* lastserver = "server last used as part of a deferred or reserved
- * request sequence"
+/* lastserver = "server last used as part of a reserved request sequence"
*/
void
helperStatefulSubmit(statefulhelper * hlp, const char *buf, HLPSCB * callback, void *data, helper_stateful_server * lastserver)
@@ -346,28 +340,12 @@
if ((buf != NULL) && lastserver) {
debugs(84, 5, "StatefulSubmit with lastserver " << lastserver);
- /* the queue doesn't count for this assert because queued requests
- * have already gone through here and been tested.
- * It's legal to have deferred_requests == 0 and queue entries
- * and status of S_HELPEER_DEFERRED.
- * BUT: It's not legal to submit a new request w/lastserver in
- * that state.
- */
- assert(!(lastserver->deferred_requests == 0 &&
- lastserver->flags.reserved == S_HELPER_DEFERRED));
-
- if (lastserver->flags.reserved != S_HELPER_RESERVED) {
- lastserver->stats.submits++;
- lastserver->deferred_requests--;
- }
-
- if (!(lastserver->request)) {
- debugs(84, 5, "StatefulSubmit dispatching");
- helperStatefulDispatch(lastserver, r);
- } else {
- debugs(84, 5, "StatefulSubmit queuing");
- StatefulServerEnqueue(lastserver, r);
- }
+
+ assert(lastserver->flags.reserved);
+ assert(!(lastserver->request));
+
+ debugs(84, 5, "StatefulSubmit dispatching");
+ helperStatefulDispatch(lastserver, r);
} else {
helper_stateful_server *srv;
if ((srv = StatefulGetFirstAvailable(hlp))) {
@@ -380,149 +358,25 @@
}
/*
- * helperStatefulDefer
- *
- * find and add a deferred request to a helper
- */
-helper_stateful_server *
-helperStatefulDefer(statefulhelper * hlp)
-{
- if (hlp == NULL) {
- debugs(84, 3, "helperStatefulDefer: hlp == NULL");
- return NULL;
- }
-
- debugs(84, 5, "helperStatefulDefer: Running servers " << hlp->n_running);
-
- if (hlp->n_running == 0) {
- debugs(84, 1, "helperStatefulDefer: No running servers!. ");
- return NULL;
- }
-
- helper_stateful_server *rv = StatefulGetFirstAvailable(hlp);
-
- if (rv == NULL) {
- /*
- * all currently busy; loop through servers and find server
- * with the shortest queue
- */
-
- for (dlink_node *n = hlp->servers.head; n != NULL; n = n->next) {
- helper_stateful_server *srv = (helper_stateful_server *)n->data;
-
- if (srv->flags.reserved == S_HELPER_RESERVED)
- continue;
-
- if (!srv->flags.shutdown)
- continue;
-
- if ((hlp->IsAvailable != NULL) && (srv->data != NULL) &&
- !(hlp->IsAvailable(srv->data)))
- continue;
-
- if ((rv != NULL) && (rv->deferred_requests < srv->deferred_requests))
- continue;
-
- rv = srv;
- }
- }
-
- if (rv == NULL) {
- debugs(84, 1, "helperStatefulDefer: None available.");
- return NULL;
- }
-
- /* consistency check:
- * when the deferred count is 0,
- * submits + releases == deferbyfunc + deferbycb
- * Or in english, when there are no deferred requests, the amount
- * we have submitted to the queue or cancelled must equal the amount
- * we have said we wanted to be able to submit or cancel
- */
- if (rv->deferred_requests == 0)
- assert(rv->stats.submits + rv->stats.releases ==
- rv->stats.deferbyfunc + rv->stats.deferbycb);
-
- rv->flags.reserved = S_HELPER_DEFERRED;
-
- rv->deferred_requests++;
-
- rv->stats.deferbyfunc++;
-
- return rv;
-}
-
-void
-helperStatefulReset(helper_stateful_server * srv)
-/* puts this helper back in the queue. the calling app is required to
- * manage the state in the helper.
- */
-{
- statefulhelper *hlp = srv->parent;
- helper_stateful_request *r = srv->request;
-
- if (r != NULL) {
- /* reset attempt DURING an outstaning request */
- debugs(84, 1, "helperStatefulReset: RESET During request " << hlp->id_name << " ");
- srv->flags.busy = 0;
- srv->roffset = 0;
- helperStatefulRequestFree(r);
- srv->request = NULL;
- }
-
- srv->flags.busy = 0;
-
- if (srv->queue.head) {
- srv->flags.reserved = S_HELPER_DEFERRED;
- } else {
- srv->flags.reserved = S_HELPER_FREE;
-
- if ((srv->parent->OnEmptyQueue != NULL) && (srv->data))
- srv->parent->OnEmptyQueue(srv->data);
- }
-
- helperStatefulServerKickQueue(srv);
-}
-
-/*
* DPW 2007-05-08
*
* helperStatefulReleaseServer tells the helper that whoever was
* using it no longer needs its services.
- *
- * If the state is S_HELPER_DEFERRED, decrease the deferred count.
- * If the count goes to zero, then it can become S_HELPER_FREE.
- *
- * If the state is S_HELPER_RESERVED, then it should always
- * become S_HELPER_FREE.
*/
void
helperStatefulReleaseServer(helper_stateful_server * srv)
{
debugs(84, 3, HERE << "srv-" << srv->index << " flags.reserved = " << srv->flags.reserved);
- if (srv->flags.reserved == S_HELPER_FREE)
+ if (!srv->flags.reserved)
return;
srv->stats.releases++;
-
- if (srv->flags.reserved == S_HELPER_DEFERRED) {
- assert(srv->deferred_requests);
- srv->deferred_requests--;
- if (srv->deferred_requests) {
- debugs(0,0,HERE << "helperStatefulReleaseServer srv->deferred_requests=" << srv->deferred_requests);
- return;
- }
- if (srv->queue.head) {
- debugs(0,0,HERE << "helperStatefulReleaseServer srv->queue.head not NULL");
- return;
- }
- }
-
- srv->flags.reserved = S_HELPER_FREE;
+ srv->flags.reserved = 0;
+
if (srv->parent->OnEmptyQueue != NULL && srv->data)
srv->parent->OnEmptyQueue(srv->data);
- helperStatefulServerKickQueue(srv);
+ helperStatefulServerDone(srv);
}
void *
@@ -604,12 +458,11 @@
storeAppendPrintf(sentry, "avg service time: %d msec\n",
hlp->stats.avg_svc_time);
storeAppendPrintf(sentry, "\n");
- storeAppendPrintf(sentry, "%7s\t%7s\t%7s\t%11s\t%20s\t%s\t%7s\t%7s\t%7s\n",
+ storeAppendPrintf(sentry, "%7s\t%7s\t%7s\t%11s\t%6s\t%7s\t%7s\t%7s\n",
"#",
"FD",
"PID",
"# Requests",
- "# Deferred Requests",
"Flags",
"Time",
"Offset",
@@ -617,17 +470,15 @@
for (dlink_node *link = hlp->servers.head; link; link = link->next) {
helper_stateful_server *srv = (helper_stateful_server *)link->data;
- double tt = 0.001 * tvSubMsec(srv->dispatch_time,
- srv->flags.busy ? current_time : srv->answer_time);
- storeAppendPrintf(sentry, "%7d\t%7d\t%7d\t%11d\t%20d\t%c%c%c%c%c\t%7.3f\t%7d\t%s\n",
+ double tt = 0.001 * tvSubMsec(srv->dispatch_time, srv->flags.busy ? current_time : srv->answer_time);
+ storeAppendPrintf(sentry, "%7d\t%7d\t%7d\t%11d\t%c%c%c%c%c\t%7.3f\t%7d\t%s\n",
srv->index + 1,
srv->rfd,
srv->pid,
srv->stats.uses,
- (int) srv->deferred_requests,
srv->flags.busy ? 'B' : ' ',
srv->flags.closing ? 'C' : ' ',
- srv->flags.reserved == S_HELPER_RESERVED ? 'R' : (srv->flags.reserved == S_HELPER_DEFERRED ? 'D' : ' '),
+ srv->flags.reserved ? 'R' : ' ',
srv->flags.shutdown ? 'S' : ' ',
srv->request ? (srv->request->placeholder ? 'P' : ' ') : ' ',
tt < 0.0 ? 0.0 : tt,
@@ -638,7 +489,7 @@
storeAppendPrintf(sentry, "\nFlags key:\n\n");
storeAppendPrintf(sentry, " B = BUSY\n");
storeAppendPrintf(sentry, " C = CLOSING\n");
- storeAppendPrintf(sentry, " R = RESERVED or DEFERRED\n");
+ storeAppendPrintf(sentry, " R = RESERVED\n");
storeAppendPrintf(sentry, " S = SHUTDOWN PENDING\n");
storeAppendPrintf(sentry, " P = PLACEHOLDER\n");
}
@@ -746,14 +597,14 @@
continue;
}
- if (srv->flags.reserved != S_HELPER_FREE) {
- debugs(84, 3, "helperStatefulShutdown: " << hlp->id_name << " #" << srv->index + 1 << " is RESERVED.");
- continue;
- }
-
- if (srv->deferred_requests) {
- debugs(84, 3, "helperStatefulShutdown: " << hlp->id_name << " #" << srv->index + 1 << " has DEFERRED requests.");
- continue;
+ if (srv->flags.reserved) {
+ if (shutting_down) {
+ debugs(84, 3, "helperStatefulShutdown: " << hlp->id_name << " #" << srv->index + 1 << " is RESERVED. Closing anyway.");
+ }
+ else {
+ debugs(84, 3, "helperStatefulShutdown: " << hlp->id_name << " #" << srv->index + 1 << " is RESERVED. Not Shutting Down Yet.");
+ continue;
+ }
}
srv->flags.closing = 1;
@@ -1156,42 +1007,20 @@
case S_HELPER_RELEASE: /* helper finished with */
- if (!srv->deferred_requests && !srv->queue.head) {
- srv->flags.reserved = S_HELPER_FREE;
-
- if ((srv->parent->OnEmptyQueue != NULL) && (srv->data))
- srv->parent->OnEmptyQueue(srv->data);
-
- debugs(84, 5, "StatefulHandleRead: releasing " << hlp->id_name << " #" << srv->index + 1);
- } else {
- srv->flags.reserved = S_HELPER_DEFERRED;
- debugs(84, 5, "StatefulHandleRead: outstanding deferred requests on " <<
- hlp->id_name << " #" << srv->index + 1 <<
- ". reserving for deferred requests.");
- }
+ srv->flags.reserved = 0;
+
+ if ((srv->parent->OnEmptyQueue != NULL) && (srv->data))
+ srv->parent->OnEmptyQueue(srv->data);
+
+ debugs(84, 5, "StatefulHandleRead: releasing " << hlp->id_name << " #" << srv->index + 1);
break;
case S_HELPER_RESERVE: /* 'pin' this helper for the caller */
- if (!srv->queue.head) {
- assert(srv->deferred_requests == 0);
- srv->flags.reserved = S_HELPER_RESERVED;
- debugs(84, 5, "StatefulHandleRead: reserving " << hlp->id_name << " #" << srv->index + 1);
- } else {
- fatal("StatefulHandleRead: Callback routine attempted to reserve a stateful helper with deferred requests. This can lead to deadlock.\n");
- }
-
- break;
-
- case S_HELPER_DEFER:
- /* the helper is still needed, but can
- * be used for other requests in the meantime.
- */
- srv->flags.reserved = S_HELPER_DEFERRED;
- srv->deferred_requests++;
- srv->stats.deferbycb++;
- debugs(84, 5, "StatefulHandleRead: reserving " << hlp->id_name << " #" << srv->index + 1 << " for deferred requests.");
+ srv->flags.reserved = 1;
+ debugs(84, 5, "StatefulHandleRead: reserving " << hlp->id_name << " #" << srv->index + 1);
+
break;
default:
@@ -1213,7 +1042,7 @@
tvSubMsec(srv->dispatch_time, current_time),
hlp->stats.replies, REDIRECT_AV_FACTOR);
- helperStatefulServerKickQueue(srv);
+ helperStatefulServerDone(srv);
}
if (srv->rfd != -1)
@@ -1278,31 +1107,6 @@
}
-static void
-StatefulServerEnqueue(helper_stateful_server * srv, helper_stateful_request * r)
-{
- dlink_node *link = (dlink_node *)memAllocate(MEM_DLINK_NODE);
- dlinkAddTail(r, link, &srv->queue);
- /* TODO: warning if the queue on this server is more than X
- * We don't check the queue size at the moment, because
- * requests hitting here are deferrable
- */
- /* hlp->stats.queue_size++;
- * if (hlp->stats.queue_size < hlp->n_running)
- * return;
- * if (squid_curtime - hlp->last_queue_warn < 600)
- * return;
- * if (shutting_down || reconfiguring)
- * return;
- * hlp->last_queue_warn = squid_curtime;
- * debugs(84, 0, "WARNING: All " << hlp->id_name << " processes are busy.");
- * debugs(84, 0, "WARNING: " << hlp->stats.queue_size << " pending requests queued");
- * if (hlp->stats.queue_size > hlp->n_running * 2)
- * fatalf("Too many queued %s requests", hlp->id_name);
- * debugs(84, 1, "Consider increasing the number of " << hlp->id_name << " processes in your config file." ); */
-}
-
-
static helper_request *
Dequeue(helper * hlp)
{
@@ -1320,21 +1124,6 @@
}
static helper_stateful_request *
-StatefulServerDequeue(helper_stateful_server * srv)
-{
- dlink_node *link;
- helper_stateful_request *r = NULL;
-
- if ((link = srv->queue.head)) {
- r = (helper_stateful_request *)link->data;
- dlinkDelete(link, &srv->queue);
- memFree(link, MEM_DLINK_NODE);
- }
-
- return r;
-}
-
-static helper_stateful_request *
StatefulDequeue(statefulhelper * hlp)
{
dlink_node *link;
@@ -1407,7 +1196,7 @@
if (srv->flags.busy)
continue;
- if (srv->flags.reserved == S_HELPER_RESERVED)
+ if (srv->flags.reserved)
continue;
if (srv->flags.shutdown)
@@ -1527,7 +1316,7 @@
if (r->placeholder == 1) {
/* a callback is needed before this request can _use_ a helper. */
- /* we don't care about releasing/deferring this helper. The request NEVER
+ /* we don't care about releasing this helper. The request NEVER
* gets to the helper. So we throw away the return code */
r->callback(r->data, srv, NULL);
/* throw away the placeholder */
@@ -1536,7 +1325,7 @@
* request to the helper which is why we test for the request*/
if (srv->request == NULL)
- helperStatefulServerKickQueue(srv);
+ helperStatefulServerDone(srv);
return;
}
@@ -1579,18 +1368,11 @@
}
static void
-helperStatefulServerKickQueue(helper_stateful_server * srv)
+helperStatefulServerDone(helper_stateful_server * srv)
{
- helper_stateful_request *r;
-
- if ((r = StatefulServerDequeue(srv))) {
- helperStatefulDispatch(srv, r);
- return;
- }
-
if (!srv->flags.shutdown) {
helperStatefulKickQueue(srv->parent);
- } else if (!srv->flags.closing && srv->flags.reserved == S_HELPER_FREE && !srv->flags.busy) {
+ } else if (!srv->flags.closing && !srv->flags.reserved && !srv->flags.busy) {
int wfd = srv->wfd;
srv->wfd = -1;
if (srv->rfd == wfd)
=== modified file 'src/helper.h'
--- src/helper.h 2009-07-17 13:25:24 +0000
+++ src/helper.h 2009-08-14 04:50:47 +0000
@@ -171,37 +171,24 @@
struct timeval answer_time;
dlink_node link;
- dlink_list queue;
statefulhelper *parent;
helper_stateful_request *request;
struct _helper_stateful_flags
{
-
-unsigned int busy:
- 1;
-
-unsigned int closing:
- 1;
-
-unsigned int shutdown:
- 1;
- stateful_helper_reserve_t reserved;
- }
-
- flags;
+ unsigned int busy:1;
+ unsigned int closing:1;
+ unsigned int shutdown:1;
+ unsigned int reserved:1;
+ } flags;
struct
{
int uses;
int submits;
int releases;
- int deferbyfunc;
- int deferbycb;
- }
+ } stats;
- stats;
- int deferred_requests; /* current number of deferred requests */
void *data; /* State data used by the calling routines */
void *hIpc;
};
@@ -227,7 +214,7 @@
MEMPROXY_CLASS(helper_stateful_request);
char *buf;
HLPSCB *callback;
- int placeholder; /* if 1, this is a dummy request waiting for a stateful helper to become available for deferred requests.*/
+ int placeholder; /* if 1, this is a dummy request waiting for a stateful helper to become available */
void *data;
};
@@ -246,10 +233,8 @@
SQUIDCEXTERN statefulhelper *helperStatefulCreate(const char *);
SQUIDCEXTERN void helperFree(helper *);
SQUIDCEXTERN void helperStatefulFree(statefulhelper *);
-SQUIDCEXTERN void helperStatefulReset(helper_stateful_server * srv);
SQUIDCEXTERN void helperStatefulReleaseServer(helper_stateful_server * srv);
SQUIDCEXTERN void *helperStatefulServerGetData(helper_stateful_server * srv);
-SQUIDCEXTERN helper_stateful_server *helperStatefulDefer(statefulhelper *);
++++++ b9093.patch ++++++
------------------------------------------------------------
revno: 9093
revision-id: squid3@treenet.co.nz-20090814051516-wdn0qbazfeulpuf4
parent: squid3@treenet.co.nz-20090814045530-hx0cpfgmaa3m8lnp
committer: Amos Jeffries
branch nick: SQUID_3_0
timestamp: Fri 2009-08-14 17:15:16 +1200
message:
Author: Henrik Nordstrom
Bug 2648: stateful helpers stuck in reserved if client disconnects while helper busy
Note: May depend on the other stateful helper cleanups.
------------------------------------------------------------
# Bazaar merge directive format 2 (Bazaar 0.90)
# revision_id: squid3@treenet.co.nz-20090814051516-wdn0qbazfeulpuf4
# target_branch: http://www.squid-cache.org/bzr/squid3/branches\
# /SQUID_3_0/
# testament_sha1: 28ecee874a55800f95076534b20691034fb701fc
# timestamp: 2009-08-14 05:20:00 +0000
# source_branch: http://www.squid-cache.org/bzr/squid3/branches\
# /SQUID_3_0
# base_revision_id: squid3@treenet.co.nz-20090814045530-\
# hx0cpfgmaa3m8lnp
#
# Begin patch
=== modified file 'src/auth/negotiate/auth_negotiate.cc'
--- src/auth/negotiate/auth_negotiate.cc 2009-02-19 02:19:34 +0000
+++ src/auth/negotiate/auth_negotiate.cc 2009-08-14 05:15:16 +0000
@@ -367,13 +367,12 @@
debugs(29, 5, "NegotiateUser::~NegotiateUser: doing nothing to clearNegotiate scheme data for '" << this << "'");
}
-static stateful_helper_callback_t
+static void
authenticateNegotiateHandleReply(void *data, void *lastserver, char *reply)
{
authenticateStateData *r = static_cast(data);
int valid;
- stateful_helper_callback_t result = S_HELPER_UNKNOWN;
char *blob, *arg = NULL;
AuthUserRequest *auth_user_request;
@@ -385,11 +384,10 @@
valid = cbdataReferenceValid(r->data);
if (!valid) {
- debugs(29, 1, "authenticateNegotiateHandleReply: invalid callback data. Releasing helper '" << lastserver << "'.");
+ debugs(29, 1, "authenticateNegotiateHandleReply: invalid callback data. helper '" << lastserver << "'.");
cbdataReferenceDone(r->data);
authenticateStateFree(r);
- debugs(29, 9, "authenticateNegotiateHandleReply: telling stateful helper : " << S_HELPER_RELEASE);
- return S_HELPER_RELEASE;
+ return;
}
if (!reply) {
@@ -433,18 +431,16 @@
if (arg)
*arg++ = '\0';
safe_free(negotiate_request->server_blob);
- negotiate_request->request->flags.must_keepalive = 1;
- if (negotiate_request->request->flags.proxy_keepalive) {
- negotiate_request->server_blob = xstrdup(blob);
- negotiate_request->auth_state = AUTHENTICATE_STATE_IN_PROGRESS;
- auth_user_request->denyMessage("Authentication in progress");
- debugs(29, 4, "authenticateNegotiateHandleReply: Need to challenge the client with a server blob '" << blob << "'");
- result = S_HELPER_RESERVE;
- } else {
- negotiate_request->auth_state = AUTHENTICATE_STATE_FAILED;
- auth_user_request->denyMessage("NTLM authentication requires a persistent connection");
- result = S_HELPER_RELEASE;
- }
+ negotiate_request->request->flags.must_keepalive = 1;
+ if (negotiate_request->request->flags.proxy_keepalive) {
+ negotiate_request->server_blob = xstrdup(blob);
+ negotiate_request->auth_state = AUTHENTICATE_STATE_IN_PROGRESS;
+ auth_user_request->denyMessage("Authentication in progress");
+ debugs(29, 4, "authenticateNegotiateHandleReply: Need to challenge the client with a server blob '" << blob << "'");
+ } else {
+ negotiate_request->auth_state = AUTHENTICATE_STATE_FAILED;
+ auth_user_request->denyMessage("NTLM authentication requires a persistent connection");
+ }
} else if (strncasecmp(reply, "AF ", 3) == 0 && arg != NULL) {
/* we're finished, release the helper */
@@ -463,8 +459,6 @@
negotiate_request->auth_state = AUTHENTICATE_STATE_DONE;
- result = S_HELPER_RELEASE;
-
debugs(29, 4, "authenticateNegotiateHandleReply: Successfully validated user via Negotiate. Username '" << blob << "'");
/* connection is authenticated */
@@ -510,8 +504,6 @@
authenticateNegotiateReleaseServer(negotiate_request);
- result = S_HELPER_RELEASE;
-
debugs(29, 4, "authenticateNegotiateHandleReply: Failed validating user via Negotiate. Error returned '" << blob << "'");
} else if (strncasecmp(reply, "BH ", 3) == 0) {
/* TODO kick off a refresh process. This can occur after a YR or after
@@ -523,7 +515,6 @@
negotiate_request->auth_state = AUTHENTICATE_STATE_FAILED;
safe_free(negotiate_request->server_blob);
authenticateNegotiateReleaseServer(negotiate_request);
- result = S_HELPER_RELEASE;
debugs(29, 1, "authenticateNegotiateHandleReply: Error validating user via Negotiate. Error returned '" << reply << "'");
} else {
/* protocol error */
@@ -537,8 +528,6 @@
r->handler(r->data, NULL);
cbdataReferenceDone(r->data);
authenticateStateFree(r);
- debugs(29, 9, "authenticateNegotiateHandleReply: telling stateful helper : " << result);
- return result;
}
static void
=== modified file 'src/auth/ntlm/auth_ntlm.cc'
--- src/auth/ntlm/auth_ntlm.cc 2009-02-19 02:19:34 +0000
+++ src/auth/ntlm/auth_ntlm.cc 2009-08-14 05:15:16 +0000
@@ -329,13 +329,12 @@
debugs(29, 5, "NTLMUser::~NTLMUser: doing nothing to clearNTLM scheme data for '" << this << "'");
}
-static stateful_helper_callback_t
+static void
authenticateNTLMHandleReply(void *data, void *lastserver, char *reply)
{
authenticateStateData *r = static_cast(data);
int valid;
- stateful_helper_callback_t result = S_HELPER_UNKNOWN;
char *blob;
AuthUserRequest *auth_user_request;
@@ -347,11 +346,10 @@
valid = cbdataReferenceValid(r->data);
if (!valid) {
- debugs(29, 1, "authenticateNTLMHandleReply: invalid callback data. Releasing helper '" << lastserver << "'.");
+ debugs(29, 1, "authenticateNTLMHandleReply: invalid callback data. helper '" << lastserver << "'.");
cbdataReferenceDone(r->data);
authenticateStateFree(r);
- debugs(29, 9, "authenticateNTLMHandleReply: telling stateful helper : " << S_HELPER_RELEASE);
- return S_HELPER_RELEASE;
+ return;
}
if (!reply) {
@@ -389,25 +387,22 @@
if (strncasecmp(reply, "TT ", 3) == 0) {
/* we have been given a blob to send to the client */
safe_free(ntlm_request->server_blob);
- ntlm_request->request->flags.must_keepalive = 1;
- if (ntlm_request->request->flags.proxy_keepalive) {
- ntlm_request->server_blob = xstrdup(blob);
- ntlm_request->auth_state = AUTHENTICATE_STATE_IN_PROGRESS;
- auth_user_request->denyMessage("Authentication in progress");
- debugs(29, 4, "authenticateNTLMHandleReply: Need to challenge the client with a server blob '" << blob << "'");
- result = S_HELPER_RESERVE;
- } else {
- ntlm_request->auth_state = AUTHENTICATE_STATE_FAILED;
- auth_user_request->denyMessage("NTLM authentication requires a persistent connection");
- result = S_HELPER_RELEASE;
- }
+ ntlm_request->request->flags.must_keepalive = 1;
+ if (ntlm_request->request->flags.proxy_keepalive) {
+ ntlm_request->server_blob = xstrdup(blob);
+ ntlm_request->auth_state = AUTHENTICATE_STATE_IN_PROGRESS;
+ auth_user_request->denyMessage("Authentication in progress");
+ debugs(29, 4, "authenticateNTLMHandleReply: Need to challenge the client with a server blob '" << blob << "'");
+ } else {
+ ntlm_request->auth_state = AUTHENTICATE_STATE_FAILED;
+ auth_user_request->denyMessage("NTLM authentication requires a persistent connection");
+ }
} else if (strncasecmp(reply, "AF ", 3) == 0) {
/* we're finished, release the helper */
ntlm_user->username(blob);
auth_user_request->denyMessage("Login successful");
safe_free(ntlm_request->server_blob);
- result = S_HELPER_RELEASE;
debugs(29, 4, "authenticateNTLMHandleReply: Successfully validated user via NTLM. Username '" << blob << "'");
/* connection is authenticated */
debugs(29, 4, "AuthNTLMUserRequest::authenticate: authenticated user " << ntlm_user->username());
@@ -441,7 +436,6 @@
ntlm_request->auth_state = AUTHENTICATE_STATE_FAILED;
safe_free(ntlm_request->server_blob);
authenticateNTLMReleaseServer(ntlm_request);
- result = S_HELPER_RELEASE;
debugs(29, 4, "authenticateNTLMHandleReply: Failed validating user via NTLM. Error returned '" << blob << "'");
} else if (strncasecmp(reply, "BH ", 3) == 0) {
/* TODO kick off a refresh process. This can occur after a YR or after
@@ -453,7 +447,6 @@
ntlm_request->auth_state = AUTHENTICATE_STATE_FAILED;
safe_free(ntlm_request->server_blob);
authenticateNTLMReleaseServer(ntlm_request);
- result = S_HELPER_RELEASE;
debugs(29, 1, "authenticateNTLMHandleReply: Error validating user via NTLM. Error returned '" << reply << "'");
} else {
/* protocol error */
@@ -467,8 +460,6 @@
r->handler(r->data, NULL);
cbdataReferenceDone(r->data);
authenticateStateFree(r);
- debugs(29, 9, "authenticateNTLMHandleReply: telling stateful helper : " << result);
- return result;
}
static void
=== modified file 'src/helper.cc'
--- src/helper.cc 2009-08-14 04:50:47 +0000
+++ src/helper.cc 2009-08-14 05:15:16 +0000
@@ -991,6 +991,7 @@
if ((t = strchr(srv->rbuf, '\n'))) {
/* end of reply found */
+ int called = 1;
debugs(84, 3, "helperStatefulHandleRead: end of reply found");
if (t > srv->rbuf && t[-1] == '\r')
@@ -999,36 +1000,10 @@
*t = '\0';
if (r && cbdataReferenceValid(r->data)) {
- switch ((r->callback(r->data, srv, srv->rbuf))) { /*if non-zero reserve helper */
-
- case S_HELPER_UNKNOWN:
- fatal("helperStatefulHandleRead: either a non-state aware callback was give to the stateful helper routines, or an uninitialised callback response was received.\n");
- break;
-
- case S_HELPER_RELEASE: /* helper finished with */
-
- srv->flags.reserved = 0;
-
- if ((srv->parent->OnEmptyQueue != NULL) && (srv->data))
- srv->parent->OnEmptyQueue(srv->data);
-
- debugs(84, 5, "StatefulHandleRead: releasing " << hlp->id_name << " #" << srv->index + 1);
-
- break;
-
- case S_HELPER_RESERVE: /* 'pin' this helper for the caller */
-
- srv->flags.reserved = 1;
- debugs(84, 5, "StatefulHandleRead: reserving " << hlp->id_name << " #" << srv->index + 1);
-
- break;
-
- default:
- fatal("helperStatefulHandleRead: unknown stateful helper callback result.\n");
- }
-
+ r->callback(r->data, srv, srv->rbuf);
} else {
debugs(84, 1, "StatefulHandleRead: no callback data registered");
+ called = 0;
}
srv->flags.busy = 0;
@@ -1042,7 +1017,10 @@
tvSubMsec(srv->dispatch_time, current_time),
hlp->stats.replies, REDIRECT_AV_FACTOR);
- helperStatefulServerDone(srv);
+ if (called)
+ helperStatefulServerDone(srv);
+ else
+ helperStatefulReleaseServer(srv);
}
if (srv->rfd != -1)
@@ -1309,6 +1287,7 @@
if (!cbdataReferenceValid(r->data)) {
debugs(84, 1, "helperStatefulDispatch: invalid callback data");
helperStatefulRequestFree(r);
+ helperStatefulReleaseServer(srv);
return;
}
@@ -1331,6 +1310,7 @@
}
srv->flags.busy = 1;
+ srv->flags.reserved = 1;
srv->request = r;
srv->dispatch_time = current_time;
comm_write(srv->wfd,
=== modified file 'src/helper.h'
--- src/helper.h 2009-08-14 04:50:47 +0000
+++ src/helper.h 2009-08-14 05:15:16 +0000
@@ -53,7 +53,7 @@
typedef struct _helper_stateful_flags helper_stateful_flags;
-typedef stateful_helper_callback_t HLPSCB(void *, void *lastserver, char *buf);
+typedef void HLPSCB(void *, void *lastserver, char *buf);
struct _helper
{
++++++ b9094.patch ++++++
------------------------------------------------------------
revno: 9094
revision-id: squid3@treenet.co.nz-20090814051752-5sv2i2xsj4bm7hbh
parent: squid3@treenet.co.nz-20090814051516-wdn0qbazfeulpuf4
committer: Amos Jeffries
branch nick: SQUID_3_0
timestamp: Fri 2009-08-14 17:17:52 +1200
message:
Author: Cloyce
Bug 2739: DNS resolver option ndots can't be parsed from resolv.conf
A small logic error (probably a typo) in dns_internal.cc prevents squid from
properly reading the ndots option from resolv.conf.
The attached trivial patch fixes the problem.
------------------------------------------------------------
# Bazaar merge directive format 2 (Bazaar 0.90)
# revision_id: squid3@treenet.co.nz-20090814051752-5sv2i2xsj4bm7hbh
# target_branch: http://www.squid-cache.org/bzr/squid3/branches\
# /SQUID_3_0/
# testament_sha1: 111bb2ab791f78bd332a877c98a3fc7e248706aa
# timestamp: 2009-08-14 05:20:03 +0000
# source_branch: http://www.squid-cache.org/bzr/squid3/branches\
# /SQUID_3_0
# base_revision_id: squid3@treenet.co.nz-20090814051516-\
# wdn0qbazfeulpuf4
#
# Begin patch
=== modified file 'src/dns_internal.cc'
--- src/dns_internal.cc 2009-06-07 12:00:21 +0000
+++ src/dns_internal.cc 2009-08-14 05:17:52 +0000
@@ -347,7 +347,7 @@
if (NULL == t)
continue;
- if (strncmp(t, "ndots:", 6) != 0) {
+ if (strncmp(t, "ndots:", 6) == 0) {
ndots = atoi(t + 6);
if (ndots < 1)
++++++ b9095.patch ++++++
------------------------------------------------------------
revno: 9095
revision-id: squid3@treenet.co.nz-20090819064722-8k6p864g17sflunc
parent: squid3@treenet.co.nz-20090814051752-5sv2i2xsj4bm7hbh
committer: Amos Jeffries
branch nick: SQUID_3_0
timestamp: Wed 2009-08-19 18:47:22 +1200
message:
Author: Henrik Nordstrom
Docs: Improve chroot directive documentation slightly
the directive takes a directory argument, but this wasn't mentioned anywhere..
------------------------------------------------------------
# Bazaar merge directive format 2 (Bazaar 0.90)
# revision_id: squid3@treenet.co.nz-20090819064722-8k6p864g17sflunc
# target_branch: http://www.squid-cache.org/bzr/squid3/branches\
# /SQUID_3_0/
# testament_sha1: f37b87d17ac71983c2d0f17d9d842ceeb65bb353
# timestamp: 2009-08-19 06:51:27 +0000
# source_branch: http://www.squid-cache.org/bzr/squid3/branches\
# /SQUID_3_0
# base_revision_id: squid3@treenet.co.nz-20090814051752-\
# 5sv2i2xsj4bm7hbh
#
# Begin patch
=== modified file 'src/cf.data.pre'
--- src/cf.data.pre 2009-06-06 10:09:21 +0000
+++ src/cf.data.pre 2009-08-19 06:47:22 +0000
@@ -5452,11 +5452,11 @@
LOC: Config.chroot_dir
DEFAULT: none
DOC_START
- Use this to have Squid do a chroot() while initializing. This
- also causes Squid to fully drop root privileges after
- initializing. This means, for example, if you use a HTTP
- port less than 1024 and try to reconfigure, you will may get an
- error saying that Squid can not open the port.
+ Specifies a directiry where Squid should do a chroot() while
+ initializing. This also causes Squid to fully drop root
+ privileges after initializing. This means, for example, if you
+ use a HTTP port less than 1024 and try to reconfigure, you may
+ get an error saying that Squid can not open the port.
DOC_END
NAME: balance_on_multiple_ip
++++++ b9096.patch ++++++
------------------------------------------------------------
revno: 9096
revision-id: squid3@treenet.co.nz-20090819064843-73wla64c2ade4l4r
parent: squid3@treenet.co.nz-20090819064722-8k6p864g17sflunc
committer: Amos Jeffries
branch nick: SQUID_3_0
timestamp: Wed 2009-08-19 18:48:43 +1200
message:
Author: Henrik Nordstrom
Add 0.0.0.0 as an to_localhost address
Many TCP/IP(v4) stacks aliases 0.0.0.0 as 127.0.0.1.
------------------------------------------------------------
# Bazaar merge directive format 2 (Bazaar 0.90)
# revision_id: squid3@treenet.co.nz-20090819064843-73wla64c2ade4l4r
# target_branch: http://www.squid-cache.org/bzr/squid3/branches\
# /SQUID_3_0/
# testament_sha1: 5d398d8e4dc558c2354a132dc7bead0f62fdcf2b
# timestamp: 2009-08-19 06:51:31 +0000
# source_branch: http://www.squid-cache.org/bzr/squid3/branches\
# /SQUID_3_0
# base_revision_id: squid3@treenet.co.nz-20090819064722-\
# 8k6p864g17sflunc
#
# Begin patch
=== modified file 'src/cf.data.pre'
--- src/cf.data.pre 2009-08-19 06:47:22 +0000
+++ src/cf.data.pre 2009-08-19 06:48:43 +0000
@@ -632,7 +632,7 @@
#Recommended minimum configuration:
acl manager proto cache_object
acl localhost src 127.0.0.1/32
-acl to_localhost dst 127.0.0.0/8
+acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
#
# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
++++++ squid-3.0.STABLE12-RELEASENOTES.html -> squid-3.0.STABLE18-RELEASENOTES.html ++++++
--- squid3/squid-3.0.STABLE12-RELEASENOTES.html 2009-01-29 01:03:02.000000000 +0100
+++ squid3/squid-3.0.STABLE18-RELEASENOTES.html 2009-08-11 13:48:00.000000000 +0200
@@ -1,11 +1,11 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<HTML>
<HEAD>
- <META NAME="GENERATOR" CONTENT="LinuxDoc-Tools 0.9.21">
- <TITLE>Squid 3.0.STABLE12 release notes</TITLE>
+ <META NAME="GENERATOR" CONTENT="LinuxDoc-Tools 0.9.50">
+ <TITLE>Squid 3.0.STABLE18 release notes</TITLE>
</HEAD>
<BODY>
-<H1>Squid 3.0.STABLE12 release notes</H1>
+<H1>Squid 3.0.STABLE18 release notes</H1>
<H2>Squid Developers</H2>
<HR>
@@ -13,9 +13,54 @@
Squid is a WWW Cache application developed by the National Laboratory
for Applied Network Research and members of the Web Caching community.</EM>
<HR>
-<H2><A NAME="s1">1. Notice</A></H2>
+<P>
+<H2><A NAME="toc1">1.</A> <A HREF="#s1">Notice</A></H2>
+
+<P>
+<H2><A NAME="toc2">2.</A> <A HREF="#s2">Known issues</A></H2>
+
+<P>
+<H2><A NAME="toc3">3.</A> <A HREF="#s3">Changes since earlier STABLE releases of Squid-3.0</A></H2>
+
+<P>
+<H2><A NAME="toc4">4.</A> <A HREF="#s4">Changes since Squid-2.6</A></H2>
+
+<UL>
+<LI><A NAME="toc4.1">4.1</A> <A HREF="#ss4.1">Major new features</A>
+<LI><A NAME="toc4.2">4.2</A> <A HREF="#ss4.2">2.6 features not found in Squid-3.0</A>
+<LI><A NAME="toc4.3">4.3</A> <A HREF="#ss4.3">Logging changes</A>
+</UL>
+<P>
+<H2><A NAME="toc5">5.</A> <A HREF="#s5">Windows support</A></H2>
+
+<P>
+<H2><A NAME="toc6">6.</A> <A HREF="#s6">Changes to squid.conf since Squid-2.6</A></H2>
-<P>The Squid Team are pleased to announce the release of Squid-3.0.STABLE12.</P>
+<UL>
+<LI><A NAME="toc6.1">6.1</A> <A HREF="#ss6.1">New tags</A>
+<LI><A NAME="toc6.2">6.2</A> <A HREF="#ss6.2">Changes to existing tags</A>
+<LI><A NAME="toc6.3">6.3</A> <A HREF="#ss6.3">Removed tags</A>
+</UL>
+<P>
+<H2><A NAME="toc7">7.</A> <A HREF="#s7">Changes to ./configure Options since Squid-2.6</A></H2>
+
+<UL>
+<LI><A NAME="toc7.1">7.1</A> <A HREF="#ss7.1">New options</A>
+<LI><A NAME="toc7.2">7.2</A> <A HREF="#ss7.2">Changes to existing options</A>
+<LI><A NAME="toc7.3">7.3</A> <A HREF="#ss7.3">Removed options</A>
+</UL>
+<P>
+<H2><A NAME="toc8">8.</A> <A HREF="#s8">Regressions since Squid-2.7</A></H2>
+
+<UL>
+<LI><A NAME="toc8.1">8.1</A> <A HREF="#ss8.1">Missing squid.conf options available in Squid-2.7</A>
+<LI><A NAME="toc8.2">8.2</A> <A HREF="#ss8.2">Missing ./configure options available in Squid-2.7</A>
+</UL>
+
+<HR>
+<H2><A NAME="s1">1.</A> <A HREF="#toc1">Notice</A></H2>
+
+<P>The Squid Team are pleased to announce the release of Squid-3.0.STABLE18.</P>
<P>This new release is available for download from
<A HREF="http://www.squid-cache.org/Versions/v3/3.0/">http://www.squid-cache.org/Versions/v3/3.0/</A> or the
<A HREF="http://www.squid-cache.org/Mirrors/http-mirrors.html">mirrors</A>.</P>
@@ -23,19 +68,19 @@
<P>We welcome feedback and bug reports. If you find a bug, please see
<A HREF="http://wiki.squid-cache.org/SquidFaq/TroubleShooting#head-7067fc0034ce967e67911becaabb8c95a34d576d">http://wiki.squid-cache.org/SquidFaq/TroubleShooting#head-7067fc0034ce967e67911becaabb8c95a34d576d</A> for how to submit a report with a stack trace.</P>
-<H2><A NAME="s2">2. Known issues</A></H2>
+<H2><A NAME="s2">2.</A> <A HREF="#toc2">Known issues</A></H2>
<P>Although this release is deemed good enough for use in many setups, please note the existence of
<A HREF="http://www.squid-cache.org/bugs/buglist.cgi?query_format=advanced&short_desc_type=allwordssubstr&short_desc=&target_milestone=3.0&long_desc_type=allwordssubstr&long_desc=&bug_file_loc_type=allwordssubstr&bug_file_loc=&status_whiteboard_type=allwordssubstr&status_whiteboard=&bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&emailtype1=substring&email1=&emailtype2=substring&email2=&bugidtype=include&bug_id=&votes=&chfieldfrom=&chfieldto=Now&chfieldvalue=&cmdtype=doit&order=bugs.bug_severity&field0-0-0=noop&type0-0-0=noop&value0-0-0=">open bugs against Squid-3.0</A>.</P>
-<H2><A NAME="s3">3. Changes since earlier STABLE releases of Squid-3.0</A></H2>
+<H2><A NAME="s3">3.</A> <A HREF="#toc3">Changes since earlier STABLE releases of Squid-3.0</A></H2>
<P>The 3.0 change history can be
<A HREF="http://www.squid-cache.org/Versions/v3/3.0/changesets/">viewed here</A>.</P>
-<H2><A NAME="s4">4. Changes since Squid-2.6</A></H2>
+<H2><A NAME="s4">4.</A> <A HREF="#toc4">Changes since Squid-2.6</A></H2>
-<H2><A NAME="ss4.1">4.1 Major new features</A>
+<H2><A NAME="ss4.1">4.1</A> <A HREF="#toc4.1">Major new features</A>
</H2>
<P>Squid 3.0 represents a major rewrite of Squid and has a number of new features.</P>
@@ -87,7 +132,7 @@
<P>More information about ESI can be found from the ESI website
<A HREF="http://www.esi.org">http://www.esi.org</A></P>
-<H2><A NAME="ss4.2">4.2 2.6 features not found in Squid-3.0</A>
+<H2><A NAME="ss4.2">4.2</A> <A HREF="#toc4.2">2.6 features not found in Squid-3.0</A>
</H2>
<P>Some of the features found in Squid-2.6 is not available in Squid-3.
@@ -107,7 +152,7 @@
</UL>
</P>
-<H2><A NAME="ss4.3">4.3 Logging changes</A>
+<H2><A NAME="ss4.3">4.3</A> <A HREF="#toc4.3">Logging changes</A>
</H2>
<H3>access.log</H3>
@@ -125,7 +170,7 @@
<A HREF="http://www.squid-cache.org/Doc/FAQ/FAQ-6.html#ss6.7">http://www.squid-cache.org/Doc/FAQ/FAQ-6.html#ss6.7</A> for a definition of all log types.</P>
-<H2><A NAME="s5">5. Windows support</A></H2>
+<H2><A NAME="s5">5.</A> <A HREF="#toc5">Windows support</A></H2>
<P>This Squid version can run on Windows as a system service using the Cygwin emulation environment,
or can be compiled in Windows native mode using the MinGW + MSYS development environment. Windows NT 4 SP4 and later are supported.<BR>
@@ -227,6 +272,7 @@
<LI>When Squid runs in command line mode, the launching user account must have administrative privilege on the system</LI>
<LI>"Start parameters" in the Windows 2000/XP/2003 Service applet cannot be used</LI>
<LI>Building with MinGW, when the configure option --enable-truncate is used, Squid cannot run on Windows NT, only Windows 2000 and later are supported</LI>
+<LI>On Windows Vista and later, User Account Control (UAC) must be disabled before running service installation</LI>
</UL>
</P>
</DL>
@@ -347,7 +393,7 @@
-<H2><A NAME="s6">6. Changes to squid.conf since Squid-2.6</A></H2>
+<H2><A NAME="s6">6.</A> <A HREF="#toc6">Changes to squid.conf since Squid-2.6</A></H2>
<P>There have been many changes to Squid's configuration file since Squid-2.6.</P>
@@ -364,7 +410,7 @@
</P>
-<H2><A NAME="newtags"></A> <A NAME="ss6.1">6.1 New tags</A>
+<H2><A NAME="newtags"></A> <A NAME="ss6.1">6.1</A> <A HREF="#toc6.1">New tags</A>
</H2>
<P>
@@ -651,11 +697,37 @@
</PRE>
</P>
+<DT><B>chunked_request_body_max_size</B><DD>
+<P>New tag to fix handling of chunked requests.
+<PRE>
+ A broken or confused HTTP/1.1 client may send a chunked HTTP
+ request to Squid. Squid does not have full support for that
+ feature yet. To cope with such requests, Squid buffers the
+ entire request and then dechunks request body to create a
+ plain HTTP/1.0 request with a known content length. The plain
+ request is then used by the rest of Squid code as usual.
+
+ The option value specifies the maximum size of the buffer used
+ to hold the request before the conversion. If the chunked
+ request size exceeds the specified limit, the conversion
+ fails, and the client receives an "unsupported request" error,
+ as if dechunking was disabled.
+
+ Dechunking is enabled by default. To disable conversion of
+ chunked requests, set the maximum to zero.
+
+ Request dechunking feature and this option in particular are a
+ temporary hack. When chunking requests and responses are fully
+ supported, there will be no need to buffer a chunked request.
+
+</PRE>
+</P>
+
</DL>
</P>
-<H2><A NAME="modifiedtags"></A> <A NAME="ss6.2">6.2 Changes to existing tags</A>
+<H2><A NAME="modifiedtags"></A> <A NAME="ss6.2">6.2</A> <A HREF="#toc6.2">Changes to existing tags</A>
</H2>
<P>
@@ -713,10 +785,9 @@
<P>Common options <EM>no-store</EM>, replaces the older <EM>read-only</EM> option</P>
<DT><B>auth_param</B><DD>
-<P>Removed Basic auth option
+<P>Removed Basic auth options:
<PRE>
blankpasswor, not yet ported to squid-3.
- auth_param basic concurrency 0
</PRE>
</P>
@@ -847,12 +918,12 @@
This is useful for class 4 Delay Pools in Squid 3.x</P>
<DT><B>half_closed_clients</B><DD>
-<P>New defaut vaue of OFF</P>
+<P>New default value of OFF</P>
</DL>
</P>
-<H2><A NAME="removedtags"></A> <A NAME="ss6.3">6.3 Removed tags</A>
+<H2><A NAME="removedtags"></A> <A NAME="ss6.3">6.3</A> <A HREF="#toc6.3">Removed tags</A>
</H2>
<P>
@@ -870,7 +941,7 @@
</P>
-<H2><A NAME="s7">7. Changes to ./configure Options since Squid-2.6</A></H2>
+<H2><A NAME="s7">7.</A> <A HREF="#toc7">Changes to ./configure Options since Squid-2.6</A></H2>
<P>There have been some changes to Squid's build configuration since Squid-2.6.</P>
@@ -888,7 +959,7 @@
-<H2><A NAME="newoptions"></A> <A NAME="ss7.1">7.1 New options</A>
+<H2><A NAME="newoptions"></A> <A NAME="ss7.1">7.1</A> <A HREF="#toc7.1">New options</A>
</H2>
<P>
@@ -1003,7 +1074,7 @@
</DL>
</P>
-<H2><A NAME="modifiedoptions"></A> <A NAME="ss7.2">7.2 Changes to existing options</A>
+<H2><A NAME="modifiedoptions"></A> <A NAME="ss7.2">7.2</A> <A HREF="#toc7.2">Changes to existing options</A>
</H2>
<P>
@@ -1047,7 +1118,7 @@
</DL>
</P>
-<H2><A NAME="removedoptions"></A> <A NAME="ss7.3">7.3 Removed options</A>
+<H2><A NAME="removedoptions"></A> <A NAME="ss7.3">7.3</A> <A HREF="#toc7.3">Removed options</A>
</H2>
<P>The following configure options have been removed.</P>
@@ -1072,13 +1143,13 @@
</P>
-<H2><A NAME="s8">8. Regressions since Squid-2.7</A></H2>
+<H2><A NAME="s8">8.</A> <A HREF="#toc8">Regressions since Squid-2.7</A></H2>
<P>Some squid.conf and ./configure options which were available in Squid-2.7 are not yet available in Squid-3.0</P>
<P>If you need something to do then porting one of these from Squid-2 to Squid-3 is most welcome.</P>
-<H2><A NAME="ss8.1">8.1 Missing squid.conf options available in Squid-2.7</A>
+<H2><A NAME="ss8.1">8.1</A> <A HREF="#toc8.1">Missing squid.conf options available in Squid-2.7</A>
</H2>
<P>
@@ -1222,7 +1293,7 @@
</DL>
</P>
-<H2><A NAME="ss8.2">8.2 Missing ./configure options available in Squid-2.7</A>
+<H2><A NAME="ss8.2">8.2</A> <A HREF="#toc8.2">Missing ./configure options available in Squid-2.7</A>
</H2>
<P>
++++++ squid-3.0.STABLE12.tar.bz2 -> squid-3.0.STABLE18.tar.bz2 ++++++
++++ 32812 lines of diff (skipped)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Remember to have fun...
--
To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-commit+help@opensuse.org